fix hbb_common

translate
fix(linux): clean up leftover session procs and X locks on headless teardown (#15337 )
2026-06-20 15:24:56 +03:00 · 2026-06-20 18:31:42 +08:00 · 2026-06-20 18:27:42 +08:00 · 2026-06-20 14:21:42 +08:00 · 2026-06-20 09:50:04 +08:00 · 2026-06-20 01:22:20 +08:00
169 changed files with 16257 additions and 5887 deletions
--- a/.cargo/config.toml
+++ b/.cargo/config.toml
@@ -2,6 +2,8 @@
 rustflags = ["-Ctarget-feature=+crt-static"]
 [target.i686-pc-windows-msvc]
 rustflags = ["-C", "target-feature=+crt-static", "-C", "link-args=/NODEFAULTLIB:MSVCRT"]
+[target.aarch64-pc-windows-msvc]
+rustflags = ["-Ctarget-feature=+crt-static"]
 [target.'cfg(target_os="macos")']
 rustflags = [
    "-C", "link-args=-sectcreate __CGPreLoginApp __cgpreloginapp /dev/null",
--- a/.github/patches/apply_flutter_3.44_source_patches.sh
+++ b/.github/patches/apply_flutter_3.44_source_patches.sh
@@ -0,0 +1,39 @@
+#!/usr/bin/env bash
+# Applies the Flutter 3.44-only source/pubspec changes on the fly, in CI only.
+#
+# Windows arm64 needs Flutter >= 3.44 (the first stable release shipping an arm64 Dart SDK +
+# engine), which renamed DialogTheme/TabBarTheme -> *Data and needs newer extended_text/
+# google_fonts. Every other platform is still on Flutter 3.24.5, where the old names/versions
+# are required, so these changes are kept OUT of the committed sources and applied here instead.
+#
+# Used by BOTH the Windows arm64 build (flutter-build.yml) and its dedicated bridge artifact
+# (bridge.yml) so they share an identical 3.44 source state -- the generated *.freezed.dart must
+# compile against the same Flutter/freezed version the arm64 build resolves.
+#
+# Remove this script (and commit the changes) once upstream bumps Flutter across the board.
+#
+# Run from the repository root. sed is used (not a git-apply patch) because the checked-out
+# sources are CRLF on the windows-11-arm runner; the substitutions below are anchor-free and
+# therefore CRLF-safe.
+set -euo pipefail
+
+# ThemeData API renames (Flutter 3.27+):
+sed -i 's/dialogTheme: DialogTheme(/dialogTheme: DialogThemeData(/g' flutter/lib/common.dart
+sed -i 's/tabBarTheme: const TabBarTheme(/tabBarTheme: const TabBarThemeData(/g' flutter/lib/common.dart
+sed -i '/static ThemeData lightTheme = ThemeData(/,/static ThemeData darkTheme = ThemeData(/s/dialogTheme: DialogThemeData(/dialogTheme: DialogThemeData(\
+      backgroundColor: Colors.white,/' flutter/lib/common.dart
+sed -i '/static ThemeData darkTheme = ThemeData(/,/scrollbarTheme: scrollbarThemeDark,/s/dialogTheme: DialogThemeData(/dialogTheme: DialogThemeData(\
+      backgroundColor: Color(0xFF18191E),/' flutter/lib/common.dart
+# Dependency bumps required by the newer Dart/Flutter:
+sed -i 's/extended_text: 14.0.0/extended_text: 15.0.2/' flutter/pubspec.yaml
+sed -i 's/google_fonts: \^6.2.1/google_fonts: ^8.1.0/' flutter/pubspec.yaml
+
+# Fail loudly if any expected string drifted, so we never silently build unpatched:
+grep -qF 'dialogTheme: DialogThemeData(' flutter/lib/common.dart
+grep -qF 'tabBarTheme: const TabBarThemeData(' flutter/lib/common.dart
+grep -qF 'backgroundColor: Colors.white,' flutter/lib/common.dart
+grep -qF 'backgroundColor: Color(0xFF18191E),' flutter/lib/common.dart
+grep -qF 'extended_text: 15.0.2' flutter/pubspec.yaml
+grep -qF 'google_fonts: ^8.1.0' flutter/pubspec.yaml
+
+git --no-pager diff -- flutter/lib/common.dart flutter/pubspec.yaml
--- a/.github/workflows/bridge.yml
+++ b/.github/workflows/bridge.yml
@@ -7,7 +7,6 @@ on:

 env:
  CARGO_EXPAND_VERSION: "1.0.95"
-  FLUTTER_VERSION: "3.22.3"
  FLUTTER_RUST_BRIDGE_VERSION: "1.80.1"
  RUST_VERSION: "1.75" # https://github.com/rustdesk/rustdesk/discussions/7503

@@ -18,14 +17,25 @@ jobs:
      fail-fast: false
      matrix:
        job:
+          # Default bridge for every platform still on Flutter 3.24.5 (generated with 3.22.3).
          - {
              target: x86_64-unknown-linux-gnu,
              os: ubuntu-22.04,
              extra-build-args: "",
+              flutter-version: "3.22.3",
+              artifact-name: "bridge-artifact",
+            }
+          # Dedicated bridge for the Windows arm64 build (Flutter 3.44); runs in parallel.
+          - {
+              target: x86_64-unknown-linux-gnu,
+              os: ubuntu-22.04,
+              extra-build-args: "",
+              flutter-version: "3.44.0",
+              artifact-name: "bridge-artifact-flutter-3.44",
            }
    steps:
      - name: Checkout source code
-        uses: actions/checkout@v4
+        uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4
        with:
          submodules: recursive

@@ -49,28 +59,28 @@ jobs:
            wget

      - name: Install Rust toolchain
-        uses: dtolnay/rust-toolchain@v1
+        uses: dtolnay/rust-toolchain@e97e2d8cc328f1b50210efc529dca0028893a2d9 # v1
        with:
          toolchain: ${{ env.RUST_VERSION }}
          targets: ${{ matrix.job.target }}
          components: "rustfmt"

-      - uses: Swatinem/rust-cache@v2
+      - uses: Swatinem/rust-cache@e18b497796c12c097a38f9edb9d0641fb99eee32 # v2
        with:
          prefix-key: bridge-${{ matrix.job.os }}

      - name: Cache Bridge
        id: cache-bridge
-        uses: actions/cache@v3
+        uses: actions/cache@6f8efc29b200d32929f49075959781ed54ec270c # v3
        with:
          path: /tmp/flutter_rust_bridge
-          key: vcpkg-${{ matrix.job.arch }}
+          key: bridge-${{ matrix.job.flutter-version }}

      - name: Install flutter
-        uses: subosito/flutter-action@v2
+        uses: subosito/flutter-action@1a449444c387b1966244ae4d4f8c696479add0b2 # v2
        with:
          channel: "stable"
-          flutter-version: ${{ env.FLUTTER_VERSION }}
+          flutter-version: ${{ matrix.job.flutter-version }}
          cache: true

      - name: Install flutter rust bridge deps
@@ -78,7 +88,15 @@ jobs:
        run: |
          cargo install cargo-expand --version ${{ env.CARGO_EXPAND_VERSION }} --locked
          cargo install flutter_rust_bridge_codegen --version ${{ env.FLUTTER_RUST_BRIDGE_VERSION }} --features "uuid" --locked
-          pushd flutter && sed -i -e 's/extended_text: 14.0.0/extended_text: 13.0.0/g' pubspec.yaml && flutter pub get && popd
+          if [[ "${{ matrix.job.flutter-version }}" == "3.22.3" ]]; then
+            # Default Flutter 3.22.3: extended_text 14 needs a newer Dart, so downgrade for resolution.
+            sed -i -e 's/extended_text: 14.0.0/extended_text: 13.0.0/g' flutter/pubspec.yaml
+          else
+            # Flutter 3.44 bridge for Windows arm64: match that build's source/pubspec state so the
+            # generated *.freezed.dart compiles against the same Flutter/freezed it resolves.
+            bash .github/patches/apply_flutter_3.44_source_patches.sh
+          fi
+          pushd flutter && flutter pub get && popd

      - name: Run flutter rust bridge
        run: |
@@ -86,9 +104,9 @@ jobs:
          cp ./flutter/macos/Runner/bridge_generated.h ./flutter/ios/Runner/bridge_generated.h

      - name: Upload Artifact
-        uses: actions/upload-artifact@master
+        uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1
        with:
-          name: bridge-artifact
+          name: ${{ matrix.job.artifact-name }}
          path: |
            ./src/bridge_generated.rs
            ./src/bridge_generated.io.rs
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -29,13 +29,13 @@ jobs:
  #   name: Ensure 'cargo fmt' has been run
  #   runs-on: ubuntu-20.04
  #   steps:
-  #   - uses: actions-rs/toolchain@v1
+  #   - uses: actions-rs/toolchain@16499b5e05bf2e26879000db0c1d13f7e13fa3af # v1
  #     with:
  #       toolchain: stable
  #       default: true
  #       profile: minimal
  #       components: rustfmt
-  #   - uses: actions/checkout@v3
+  #   - uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3
  #   - run: cargo fmt -- --check

  # min_version:
@@ -43,24 +43,24 @@ jobs:
  #   runs-on: ubuntu-20.04
  #   steps:
  #   - name: Checkout source code
-  #     uses: actions/checkout@v3
+  #     uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3
  #     with:
  #       submodules: recursive

  #   - name: Install rust toolchain (v${{ env.MIN_SUPPORTED_RUST_VERSION }})
-  #     uses: actions-rs/toolchain@v1
+  #     uses: actions-rs/toolchain@16499b5e05bf2e26879000db0c1d13f7e13fa3af # v1
  #     with:
  #       toolchain: ${{ env.MIN_SUPPORTED_RUST_VERSION }}
  #       default: true
  #       profile: minimal # minimal component installation (ie, no documentation)
  #       components: clippy
  #   - name: Run clippy (on minimum supported rust version to prevent warnings we can't fix)
-  #     uses: actions-rs/cargo@v1
+  #     uses: actions-rs/cargo@844f36862e911db73fe0815f00a4a2602c279505 # v1
  #     with:
  #       command: clippy
  #       args: --locked --all-targets --all-features -- --allow clippy::unknown_clippy_lints
  #   - name: Run tests
-  #     uses: actions-rs/cargo@v1
+  #     uses: actions-rs/cargo@844f36862e911db73fe0815f00a4a2602c279505 # v1
  #     with:
  #       command: test
  #       args: --locked
@@ -81,14 +81,15 @@ jobs:
          # - { target: x86_64-apple-darwin         , os: macos-10.15                   }
          # - { target: x86_64-pc-windows-gnu       , os: windows-2022                  }
          # - { target: x86_64-pc-windows-msvc      , os: windows-2022                  }
+          # - { target: aarch64-pc-windows-msvc     , os: windows-11-arm                }
          - { target: x86_64-unknown-linux-gnu    , os: ubuntu-24.04                  }
          # - { target: x86_64-unknown-linux-musl   , os: ubuntu-20.04, use-cross: true }
    steps:
    - name: Free Disk Space (Ubuntu)
      if: runner.os == 'Linux'
-      # jlumbroso/free-disk-space@main is used in .github\workflows\flutter-build.yml
+      # jlumbroso/free-disk-space@v1.3.1 is used in .github\workflows\flutter-build.yml
      # But pinning to a specific version to avoid unexpected issues is preferred.
-      uses: jlumbroso/free-disk-space@v1.3.1
+      uses: jlumbroso/free-disk-space@54081f138730dfa15788a46383842cd2f914a1be # v1.3.1
      with:
        tool-cache: false
        android: true
@@ -99,14 +100,14 @@ jobs:
        swap-storage: false

    - name: Export GitHub Actions cache environment variables
-      uses: actions/github-script@v6
+      uses: actions/github-script@d7906e4ad0b1822421a7e6a35d5ca353c962f410 # v6
      with:
        script: |
          core.exportVariable('ACTIONS_CACHE_URL', process.env.ACTIONS_CACHE_URL || '');
          core.exportVariable('ACTIONS_RUNTIME_TOKEN', process.env.ACTIONS_RUNTIME_TOKEN || '');

    - name: Checkout source code
-      uses: actions/checkout@v4
+      uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4
      with:
        submodules: recursive

@@ -145,7 +146,7 @@ jobs:
        esac

    - name: Setup vcpkg with Github Actions binary cache
-      uses: lukka/run-vcpkg@v11
+      uses: lukka/run-vcpkg@b1a0dd252f06b9e25b3c022a9a03bd7a427fb6a2 # v11
      with:
        vcpkgDirectory: /opt/artifacts/vcpkg
        vcpkgGitCommitId: ${{ env.VCPKG_COMMIT_ID }}
@@ -156,7 +157,7 @@ jobs:
      shell: bash

    - name: Install Rust toolchain
-      uses: dtolnay/rust-toolchain@v1
+      uses: dtolnay/rust-toolchain@e97e2d8cc328f1b50210efc529dca0028893a2d9 # v1
      with:
        toolchain: stable
        targets: ${{ matrix.job.target }}
@@ -172,10 +173,10 @@ jobs:
        cargo -V
        rustc -V

-    - uses: Swatinem/rust-cache@v2
+    - uses: Swatinem/rust-cache@e18b497796c12c097a38f9edb9d0641fb99eee32 # v2

    - name: Build
-      uses: actions-rs/cargo@v1
+      uses: actions-rs/cargo@844f36862e911db73fe0815f00a4a2602c279505 # v1
      with:
        use-cross: ${{ matrix.job.use-cross }}
        command: build
@@ -243,7 +244,7 @@ jobs:
        echo "CARGO_TEST_OPTIONS=${CARGO_TEST_OPTIONS}" >> $GITHUB_OUTPUT

    - name: Run tests
-      uses: actions-rs/cargo@v1
+      uses: actions-rs/cargo@844f36862e911db73fe0815f00a4a2602c279505 # v1
      with:
        use-cross: ${{ matrix.job.use-cross }}
        command: test
--- a/.github/workflows/clear-cache.yml
+++ b/.github/workflows/clear-cache.yml
@@ -11,7 +11,7 @@ jobs:
    runs-on: ubuntu-latest
    steps:
      - name: Clear cache
-        uses: actions/github-script@v7
+        uses: actions/github-script@f28e40c7f34bde8b3046d885e986cb6290c5673b # v7
        with:
          script: |
            console.log("About to clear")
@@ -30,7 +30,7 @@ jobs:
            console.log("Clear completed")
            
      - name: Purge cache # Above seems not clear thouroughly, so add this to double clear
-        uses: MyAlbum/purge-cache@v2
+        uses: MyAlbum/purge-cache@881eb5957687193fa612bf74c0042adc78ea5e54 # v2
        with:
          accessed: true # Purge caches by their last accessed time (default)
          created: false # Purge caches by their created time (default)
--- a/.github/workflows/fdroid.yml
+++ b/.github/workflows/fdroid.yml
@@ -31,7 +31,7 @@ jobs:
        shell: bash

      - name: Publish RustDesk version file
-        uses: softprops/action-gh-release@v1
+        uses: softprops/action-gh-release@de2c0eb89ae2a093876385947365aca7b0e5f844 # v1
        with:
          prerelease: true
          tag_name: "fdroid-version"
--- a/.github/workflows/flutter-build.yml
+++ b/.github/workflows/flutter-build.yml
@@ -27,6 +27,11 @@ env:
  LLVM_VERSION: "15.0.6"
  FLUTTER_VERSION: "3.24.5"
  ANDROID_FLUTTER_VERSION: "3.24.5"
+  # Windows arm64 only: the first stable Flutter to ship a native arm64 Windows Dart SDK +
+  # engine is 3.44. Every other platform stays on FLUTTER_VERSION (3.24.5) until Windows 7
+  # support is restored after the upstream-wide Flutter bump. The arm64 job patches the few
+  # 3.44-only source/pubspec changes on the fly (see "Patch RustDesk sources for Flutter 3.44").
+  FLUTTER_WINDOWS_ARM_VERSION: "3.44.0"
  # for arm64 linux because official Dart SDK does not work
  FLUTTER_ELINUX_VERSION: "3.16.9"
  TAG_NAME: "${{ inputs.upload-tag }}"
@@ -39,7 +44,7 @@ env:
  # 2. Update the `VCPKG_COMMIT_ID` in `ci.yml` and `playground.yml`.
  VCPKG_COMMIT_ID: "120deac3062162151622ca4860575a33844ba10b"
  ARMV7_VCPKG_COMMIT_ID: "6f29f12e82a8293156836ad81cc9bf5af41fe836" # 2025.01.13, got "/opt/artifacts/vcpkg/vcpkg: No such file or directory" with latest version
-  VERSION: "1.4.6"
+  VERSION: "1.4.8"
  NDK_VERSION: "r28c"
  #signing keys env variable checks
  ANDROID_SIGNING_KEY: "${{ secrets.ANDROID_SIGNING_KEY }}"
@@ -53,14 +58,24 @@ jobs:

  build-RustDeskTempTopMostWindow:
    uses: ./.github/workflows/third-party-RustDeskTempTopMostWindow.yml
-    with:
-      upload-artifact: ${{ inputs.upload-artifact }}
-      target: windows-2022
-      configuration: Release
-      platform: x64
-      target_version: Windows10
    strategy:
      fail-fast: false
+      matrix:
+        job:
+          - {
+              target: windows-2022,
+              platform: x64,
+            }
+          - {
+              target: windows-11-arm,
+              platform: ARM64,
+            }
+    with:
+      upload-artifact: ${{ inputs.upload-artifact }}
+      target: ${{ matrix.job.target }}
+      configuration: Release
+      platform: ${{ matrix.job.platform }}
+      target_version: Windows10

  build-for-windows-flutter:
    name: ${{ matrix.job.target }}
@@ -76,68 +91,134 @@ jobs:
              target: x86_64-pc-windows-msvc,
              os: windows-2022,
              arch: x86_64,
+              flutter-arch: x64,
              vcpkg-triplet: x64-windows-static,
+              build-args: "--vram",
+            }
+          - {
+              target: aarch64-pc-windows-msvc,
+              os: windows-11-arm,
+              arch: aarch64,
+              flutter-arch: arm64,
+              vcpkg-triplet: arm64-windows-static,
+              # vram is x86/x64-only (NVENC needs CUDA, Intel MediaSDK needs __rdtsc);
+              # no NV/Intel/AMD hardware exists on Windows-on-ARM, so vram stays disabled here.
+              build-args: "",
            }
-          # - { target: aarch64-pc-windows-msvc, os: windows-2022, arch: aarch64 }
    steps:
      - name: Export GitHub Actions cache environment variables
-        uses: actions/github-script@v6
+        uses: actions/github-script@d7906e4ad0b1822421a7e6a35d5ca353c962f410 # v6
        with:
          script: |
            core.exportVariable('ACTIONS_CACHE_URL', process.env.ACTIONS_CACHE_URL || '');
            core.exportVariable('ACTIONS_RUNTIME_TOKEN', process.env.ACTIONS_RUNTIME_TOKEN || '');

      - name: Checkout source code
-        uses: actions/checkout@v4
+        uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4
        with:
          submodules: recursive

      - name: Restore bridge files
-        uses: actions/download-artifact@master
+        uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1
        with:
-          name: bridge-artifact
+          # arm64 is on Flutter 3.44, so it needs the bridge generated with the same Flutter
+          # (its *.freezed.dart must match the freezed the arm64 build resolves). x64 and every
+          # other platform keep the default 3.22.3-generated bridge.
+          name: ${{ matrix.job.arch == 'aarch64' && 'bridge-artifact-flutter-3.44' || 'bridge-artifact' }}
          path: ./

      - name: Install LLVM and Clang
-        uses: KyleMayes/install-llvm-action@v1
+        uses: KyleMayes/install-llvm-action@ebc0426251bc40c7cd31162802432c68818ab8f0 # v2.0.9
        with:
          version: ${{ env.LLVM_VERSION }}

      - name: Install flutter
-        uses: subosito/flutter-action@v2.12.0 #https://github.com/subosito/flutter-action/issues/277
+        id: flutter
+        # arm64 builds with FLUTTER_WINDOWS_ARM_VERSION (>=3.44); x64 stays on FLUTTER_VERSION.
+        # subosito only ships an x64 Windows SDK (Flutter's release manifest lists x64 only),
+        # so it installs x64 on both arches. The arm64 runner re-bootstraps Dart to arm64 in
+        # the next step.
+        uses: subosito/flutter-action@2783a3f08e1baf891508463f8c6653c258246225  # v2.12.0; https://github.com/subosito/flutter-action/issues/277
        with:
          channel: "stable"
-          flutter-version: ${{ env.FLUTTER_VERSION }}
+          flutter-version: ${{ matrix.job.arch == 'aarch64' && env.FLUTTER_WINDOWS_ARM_VERSION || env.FLUTTER_VERSION }}
+          architecture: x64
+
+      - name: Force arm64 Dart SDK + engine
+        # The x64 SDK subosito installs bundles an x64 Dart with a matching engine-dart-sdk.stamp,
+        # so update_dart_sdk.ps1 short-circuits (stamp matches -> return) and keeps x64 Dart;
+        # `flutter build windows` then targets the Dart VM's arch = x64, even on this arm64 host.
+        # On this native-arm64 runner (PROCESSOR_ARCHITECTURE=ARM64), deleting the stamp and
+        # re-running update_dart_sdk.ps1 pulls the arm64 Dart (available since Flutter 3.44.0).
+        # https://github.com/flutter/flutter/issues/186730#issuecomment-4573214964
+        if: ${{ matrix.job.arch == 'aarch64' }}
+        run: |
+          $flutterRoot = "${{ steps.flutter.outputs['CACHE-PATH'] }}"
+          Write-Host "PROCESSOR_ARCHITECTURE=$env:PROCESSOR_ARCHITECTURE"
+          Write-Host "Flutter root: $flutterRoot"
+          Remove-Item -Force "$flutterRoot\bin\cache\engine-dart-sdk.stamp" -ErrorAction SilentlyContinue
+          & "$flutterRoot\bin\internal\update_dart_sdk.ps1"
+          # Confirm the Dart we ended up with is arm64 ("on windows_arm64"); fail loudly if not.
+          $dartVer = & "$flutterRoot\bin\dart.bat" --version 2>&1 | Out-String
+          Write-Host $dartVer
+          if ($dartVer -notmatch "windows_arm64") {
+            Write-Error "Expected an arm64 Dart SDK but got: $dartVer"
+            exit 1
+          }
+          & "$flutterRoot\bin\flutter.bat" precache --windows
+          # Fail fast if precache pulled the wrong-arch Windows engine: an arm64 Dart should
+          # fetch windows-arm64 engine artifacts. Bailing here saves the ~25min Rust build.
+          $engineDir = "$flutterRoot\bin\cache\artifacts\engine"
+          Write-Host "Engine artifacts present:"
+          Get-ChildItem $engineDir -Directory | Select-Object -ExpandProperty Name | Write-Host
+          if (-not (Test-Path "$engineDir\windows-arm64-release")) {
+            Write-Error "Expected windows-arm64-release engine artifacts but they are missing (wrong-arch SDK)."
+            exit 1
+          }

      # https://github.com/flutter/flutter/issues/155685
+      # x64 only: arm64 uses the stock native arm64 Windows engine, and the rustdesk/engine
+      # windows-x64-release.zip is built for the 3.24-era x64 engine (matches FLUTTER_VERSION).
      - name: Replace engine with rustdesk custom flutter engine
+        if: ${{ matrix.job.arch == 'x86_64' }}
        run: |
          flutter doctor -v
          flutter precache --windows
          Invoke-WebRequest -Uri https://github.com/rustdesk/engine/releases/download/main/windows-x64-release.zip -OutFile windows-x64-release.zip
          Expand-Archive -Path windows-x64-release.zip -DestinationPath windows-x64-release
-          mv -Force windows-x64-release/*  C:/hostedtoolcache/windows/flutter/stable-${{ env.FLUTTER_VERSION }}-x64/bin/cache/artifacts/engine/windows-x64-release/
+          mv -Force windows-x64-release/*  C:/hostedtoolcache/windows/flutter/stable-${{ env.FLUTTER_VERSION }}-x64/bin/cache/artifacts/engine/windows-x64-release/

      - name: Patch flutter
+        # x64 stays on Flutter 3.24.5, which needs the dropdown filter patch.
+        # arm64 is on Flutter 3.44 (patched separately below) and does not use this patch.
+        if: ${{ matrix.job.arch == 'x86_64' }}
        shell: bash
        run: |
          cp .github/patches/flutter_3.24.4_dropdown_menu_enableFilter.diff $(dirname $(dirname $(which flutter)))
          cd $(dirname $(dirname $(which flutter)))
          [[ "3.24.5" == ${{env.FLUTTER_VERSION}} ]] && git apply flutter_3.24.4_dropdown_menu_enableFilter.diff

+      - name: Patch RustDesk sources for Flutter 3.44 (arm64)
+        # arm64 is the only target on Flutter 3.44; apply its source/pubspec deltas on the fly
+        # (shared with the 3.44 bridge job) so the committed sources stay on Flutter 3.24.5.
+        # `flutter build` then runs `pub get`, regenerating pubspec.lock for the bumped deps.
+        if: ${{ matrix.job.arch == 'aarch64' }}
+        shell: bash
+        run: bash .github/patches/apply_flutter_3.44_source_patches.sh
+
      - name: Install Rust toolchain
-        uses: dtolnay/rust-toolchain@v1
+        uses: dtolnay/rust-toolchain@e97e2d8cc328f1b50210efc529dca0028893a2d9 # v1
        with:
          toolchain: ${{ env.SCITER_RUST_VERSION }}
          targets: ${{ matrix.job.target }}
          components: "rustfmt"

-      - uses: Swatinem/rust-cache@v2
+      - uses: Swatinem/rust-cache@e18b497796c12c097a38f9edb9d0641fb99eee32 # v2
        with:
          prefix-key: ${{ matrix.job.os }}

      - name: Setup vcpkg with Github Actions binary cache
-        uses: lukka/run-vcpkg@v11
+        uses: lukka/run-vcpkg@b1a0dd252f06b9e25b3c022a9a03bd7a427fb6a2 # v11
        with:
          vcpkgDirectory: C:\vcpkg
          vcpkgGitCommitId: ${{ env.VCPKG_COMMIT_ID }}
@@ -163,11 +244,19 @@ jobs:
          head -n 100 "${VCPKG_ROOT}/buildtrees/ffmpeg/build-${{ matrix.job.vcpkg-triplet }}-rel-out.log" || true
        shell: bash

+      - name: Set SODIUM_LIB_DIR (arm64)
+        # libsodium-sys ships no arm64 Windows prebuilt lib; point it at the vcpkg-built one
+        # (only for arm64 — leaving it unset lets x64 use the crate's bundled lib).
+        if: ${{ matrix.job.arch == 'aarch64' }}
+        shell: bash
+        run: echo "SODIUM_LIB_DIR=$VCPKG_ROOT/installed/${{ matrix.job.vcpkg-triplet }}/lib" >> "$GITHUB_ENV"
+
      - name: Build rustdesk
        run: |
          # Windows: build RustDesk
-          python3 .\build.py --portable --hwcodec --flutter --vram --skip-portable-pack
-          mv ./flutter/build/windows/x64/runner/Release ./rustdesk
+          # --hwcodec is shared by all Windows targets; per-target extras (e.g. --vram) come from the matrix
+          python3 .\build.py --portable --flutter --skip-portable-pack --hwcodec ${{ matrix.job.build-args }}
+          mv ./flutter/build/windows/${{ matrix.job.flutter-arch }}/runner/Release ./rustdesk

          # Download usbmmidd_v2.zip and extract it to ./rustdesk
          Invoke-WebRequest -Uri https://github.com/rustdesk-org/rdev/releases/download/usbmmidd_v2/usbmmidd_v2.zip -OutFile usbmmidd_v2.zip
@@ -220,15 +309,15 @@ jobs:
          fi

      - name: Download RustDeskTempTopMostWindow artifacts
-        uses: actions/download-artifact@master
+        uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1
        if: ${{ inputs.upload-artifact }}
        with:
-          name: topmostwindow-artifacts
+          name: ${{ matrix.job.arch == 'aarch64' && 'topmostwindow-artifacts-ARM64' || 'topmostwindow-artifacts-x64' }}
          path: "./rustdesk"

      - name: Upload unsigned
        if: env.UPLOAD_ARTIFACT == 'true'
-        uses: actions/upload-artifact@master
+        uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1
        with:
          name: rustdesk-unsigned-windows-${{ matrix.job.arch }}
          path: rustdesk
@@ -253,16 +342,21 @@ jobs:
          mv ./target/release/rustdesk-portable-packer.exe ./SignOutput/rustdesk-${{ env.VERSION }}-${{ matrix.job.arch }}.exe

      - name: Add MSBuild to PATH
-        uses: microsoft/setup-msbuild@v2
+        uses: microsoft/setup-msbuild@6fb02220983dee41ce7ae257b6f4d8f9bf5ed4ce # v2

      - name: Build msi
+        # Builds the MSI for the matrix arch. res/msi (WiX v4 + native CustomActions) carries
+        # both x64 and ARM64 platform configs; WcaUtil/DUtil ship arm64 libs. msbuild platform
+        # is x64 / ARM64; the produced Package.msi is globbed since its bin/<platform>/ dir varies.
        if: env.UPLOAD_ARTIFACT == 'true'
        run: |
          pushd ./res/msi
          python preprocess.py --arp -d ../../rustdesk
          nuget restore msi.sln
-          msbuild msi.sln -p:Configuration=Release -p:Platform=x64 /p:TargetVersion=Windows10
-          mv ./Package/bin/x64/Release/en-us/Package.msi ../../SignOutput/rustdesk-${{ env.VERSION }}-${{ matrix.job.arch }}.msi
+          $msiPlatform = if ('${{ matrix.job.arch }}' -eq 'aarch64') { 'ARM64' } else { 'x64' }
+          msbuild msi.sln -p:Configuration=Release -p:Platform=$msiPlatform /p:TargetVersion=Windows10
+          $msi = Get-ChildItem ./Package/bin/*/Release/en-us/Package.msi | Select-Object -First 1
+          mv $msi.FullName ../../SignOutput/rustdesk-${{ env.VERSION }}-${{ matrix.job.arch }}.msi
          sha256sum ../../SignOutput/rustdesk-*.msi

      - name: Sign rustdesk self-extracted file
@@ -272,7 +366,7 @@ jobs:
          BASE_URL=${{ env.SIGN_BASE_URL }} SECRET_KEY=${{ secrets.SIGN_SECRET_KEY }} python3 res/job.py sign_files ./SignOutput

      - name: Publish Release
-        uses: softprops/action-gh-release@v1
+        uses: softprops/action-gh-release@de2c0eb89ae2a093876385947365aca7b0e5f844 # v1
        if: env.UPLOAD_ARTIFACT == 'true'
        with:
          prerelease: true
@@ -302,35 +396,35 @@ jobs:
          # - { target: aarch64-pc-windows-msvc, os: windows-2022 }
    steps:
      - name: Export GitHub Actions cache environment variables
-        uses: actions/github-script@v6
+        uses: actions/github-script@d7906e4ad0b1822421a7e6a35d5ca353c962f410 # v6
        with:
          script: |
            core.exportVariable('ACTIONS_CACHE_URL', process.env.ACTIONS_CACHE_URL || '');
            core.exportVariable('ACTIONS_RUNTIME_TOKEN', process.env.ACTIONS_RUNTIME_TOKEN || '');

      - name: Checkout source code
-        uses: actions/checkout@v4
+        uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4
        with:
          submodules: recursive

      - name: Install LLVM and Clang
-        uses: rustdesk-org/install-llvm-action-32bit@master
+        uses: rustdesk-org/install-llvm-action-32bit@6aa7d9ad3df84dff01cd4596dd0fc880a7f47fce # no release tag; commit 2026-05-26
        with:
          version: ${{ env.LLVM_VERSION }}

      - name: Install Rust toolchain
-        uses: dtolnay/rust-toolchain@v1
+        uses: dtolnay/rust-toolchain@e97e2d8cc328f1b50210efc529dca0028893a2d9 # v1
        with:
          toolchain: nightly-2023-10-13-${{ matrix.job.target }} # must use nightly here, because of abi_thiscall feature required
          targets: ${{ matrix.job.target }}
          components: "rustfmt"

-      - uses: Swatinem/rust-cache@v2
+      - uses: Swatinem/rust-cache@e18b497796c12c097a38f9edb9d0641fb99eee32 # v2
        with:
          prefix-key: ${{ matrix.job.os }}-sciter

      - name: Setup vcpkg with Github Actions binary cache
-        uses: lukka/run-vcpkg@v11
+        uses: lukka/run-vcpkg@b1a0dd252f06b9e25b3c022a9a03bd7a427fb6a2 # v11
        with:
          vcpkgDirectory: C:\vcpkg
          vcpkgGitCommitId: ${{ env.VCPKG_COMMIT_ID }}
@@ -363,7 +457,8 @@ jobs:
          python3 res/inline-sciter.py
          # Patch sciter x86
          sed -i 's/branch = "dyn"/branch = "dyn_x86"/g' ./Cargo.toml
-          cargo build --features inline,vram,hwcodec --release --bins
+          cargo update -p sciter-rs --precise 674e07d3066ca9a92ced3816203ab6b652629d1e
+          cargo build --locked --features inline,vram,hwcodec --release --bins
          mkdir -p ./Release
          mv ./target/release/rustdesk.exe ./Release/rustdesk.exe
          curl -LJ -o ./Release/sciter.dll https://github.com/c-smile/sciter-sdk/raw/master/bin.win/x32/sciter.dll
@@ -394,7 +489,7 @@ jobs:

      - name: Upload unsigned
        if: env.UPLOAD_ARTIFACT == 'true'
-        uses: actions/upload-artifact@master
+        uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1
        with:
          name: rustdesk-unsigned-windows-${{ matrix.job.arch }}
          path: Release
@@ -424,7 +519,7 @@ jobs:
          BASE_URL=${{ env.SIGN_BASE_URL }} SECRET_KEY=${{ secrets.SIGN_SECRET_KEY }} python3 res/job.py sign_files ./SignOutput/

      - name: Publish Release
-        uses: softprops/action-gh-release@v1
+        uses: softprops/action-gh-release@de2c0eb89ae2a093876385947365aca7b0e5f844 # v1
        if: env.UPLOAD_ARTIFACT == 'true'
        with:
          prerelease: true
@@ -449,7 +544,7 @@ jobs:
            }
    steps:
      - name: Export GitHub Actions cache environment variables
-        uses: actions/github-script@v6
+        uses: actions/github-script@d7906e4ad0b1822421a7e6a35d5ca353c962f410 # v6
        with:
          script: |
            core.exportVariable('ACTIONS_CACHE_URL', process.env.ACTIONS_CACHE_URL || '');
@@ -459,12 +554,12 @@ jobs:
        run: |
          brew install nasm yasm
      - name: Checkout source code
-        uses: actions/checkout@v4
+        uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4
        with:
          submodules: recursive

      - name: Install flutter
-        uses: subosito/flutter-action@v2
+        uses: subosito/flutter-action@1a449444c387b1966244ae4d4f8c696479add0b2 # v2
        with:
          channel: "stable"
          flutter-version: ${{ env.FLUTTER_VERSION }}
@@ -475,7 +570,7 @@ jobs:
          [[ "3.24.5" == ${{env.FLUTTER_VERSION}} ]] && git apply ${{ github.workspace }}/.github/patches/flutter_3.24.4_dropdown_menu_enableFilter.diff

      - name: Setup vcpkg with Github Actions binary cache
-        uses: lukka/run-vcpkg@v11
+        uses: lukka/run-vcpkg@b1a0dd252f06b9e25b3c022a9a03bd7a427fb6a2 # v11
        with:
          vcpkgGitCommitId: ${{ env.VCPKG_COMMIT_ID }}
          doNotCache: false
@@ -499,19 +594,19 @@ jobs:
        shell: bash

      - name: Install Rust toolchain
-        uses: dtolnay/rust-toolchain@v1
+        uses: dtolnay/rust-toolchain@e97e2d8cc328f1b50210efc529dca0028893a2d9 # v1
        with:
          toolchain: ${{ env.RUST_VERSION }}
          targets: ${{ matrix.job.target }}
          components: "rustfmt"

-      - uses: Swatinem/rust-cache@v2
+      - uses: Swatinem/rust-cache@e18b497796c12c097a38f9edb9d0641fb99eee32 # v2
        with:
          prefix-key: rustdesk-lib-cache-ios
          key: ${{ matrix.job.target }}

      - name: Restore bridge files
-        uses: actions/download-artifact@master
+        uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1
        with:
          name: bridge-artifact
          path: ./
@@ -519,10 +614,10 @@ jobs:
      - name: Build rustdesk lib
        run: |
          rustup target add ${{ matrix.job.target }}
-          cargo build --features flutter,hwcodec --release --target aarch64-apple-ios --lib
+          cargo build --locked --features flutter,hwcodec --release --target aarch64-apple-ios --lib
          
      - name: Upload liblibrustdesk.a Artifacts
-        uses: actions/upload-artifact@master
+        uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1
        with:
          name: liblibrustdesk.a
          path: target/aarch64-apple-ios/release/liblibrustdesk.a
@@ -537,14 +632,14 @@ jobs:

      # - name: Upload Artifacts
      #   # if: env.ANDROID_SIGNING_KEY != null && env.UPLOAD_ARTIFACT == 'true'
-      #   uses: actions/upload-artifact@master
+      #   uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1
      #   with:
      #     name: rustdesk-${{ env.VERSION }}-${{ matrix.job.arch }}.apk
      #     path: flutter/build/ios/ipa/*.ipa

      # - name: Publish ipa package
      #   # if: env.ANDROID_SIGNING_KEY != null && env.UPLOAD_ARTIFACT == 'true'
-      #   uses: softprops/action-gh-release@v1
+      #   uses: softprops/action-gh-release@de2c0eb89ae2a093876385947365aca7b0e5f844 # v1
      #   with:
      #     prerelease: true
      #     tag_name: ${{ env.TAG_NAME }}
@@ -577,20 +672,20 @@ jobs:
            }
    steps:
      - name: Export GitHub Actions cache environment variables
-        uses: actions/github-script@v6
+        uses: actions/github-script@d7906e4ad0b1822421a7e6a35d5ca353c962f410 # v6
        with:
          script: |
            core.exportVariable('ACTIONS_CACHE_URL', process.env.ACTIONS_CACHE_URL || '');
            core.exportVariable('ACTIONS_RUNTIME_TOKEN', process.env.ACTIONS_RUNTIME_TOKEN || '');

      - name: Checkout source code
-        uses: actions/checkout@v4
+        uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4
        with:
          submodules: recursive

      - name: Import the codesign cert
        if: env.MACOS_P12_BASE64 != null
-        uses: apple-actions/import-codesign-certs@v1
+        uses: apple-actions/import-codesign-certs@253ddeeac23f2bdad1646faac5c8c2832e800071 # v1
        with:
          p12-file-base64: ${{ secrets.MACOS_P12_BASE64 }}
          p12-password: ${{ secrets.MACOS_P12_PASSWORD }}
@@ -604,7 +699,7 @@ jobs:

      - name: Import notarize key
        if: env.MACOS_P12_BASE64 != null
-        uses: timheuer/base64-to-file@v1.2
+        uses: timheuer/base64-to-file@adaa40c0c581f276132199d4cf60afa07ce60eac # v1.2
        with:
          # https://gregoryszorc.com/docs/apple-codesign/stable/apple_codesign_rcodesign.html#notarizing-and-stapling
          fileName: rustdesk.json
@@ -643,7 +738,7 @@ jobs:
          nasm --version

      - name: Install flutter
-        uses: subosito/flutter-action@v2
+        uses: subosito/flutter-action@1a449444c387b1966244ae4d4f8c696479add0b2 # v2
        with:
          channel: "stable"
          flutter-version: ${{ env.FLUTTER_VERSION }}
@@ -662,24 +757,24 @@ jobs:
          grep -n '_setFramesEnabledState(false);' ../packages/flutter/lib/src/scheduler/binding.dart

      - name: Install Rust toolchain
-        uses: dtolnay/rust-toolchain@v1
+        uses: dtolnay/rust-toolchain@e97e2d8cc328f1b50210efc529dca0028893a2d9 # v1
        with:
          toolchain: ${{ env.MAC_RUST_VERSION }}
          targets: ${{ matrix.job.target }}
          components: "rustfmt"

-      - uses: Swatinem/rust-cache@v2
+      - uses: Swatinem/rust-cache@e18b497796c12c097a38f9edb9d0641fb99eee32 # v2
        with:
          prefix-key: ${{ matrix.job.os }}

      - name: Restore bridge files
-        uses: actions/download-artifact@master
+        uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1
        with:
          name: bridge-artifact
          path: ./

      - name: Setup vcpkg with Github Actions binary cache
-        uses: lukka/run-vcpkg@v11
+        uses: lukka/run-vcpkg@b1a0dd252f06b9e25b3c022a9a03bd7a427fb6a2 # v11
        with:
          vcpkgGitCommitId: ${{ env.VCPKG_COMMIT_ID }}
          doNotCache: false
@@ -731,7 +826,7 @@ jobs:

      - name: Upload unsigned macOS app
        if: env.UPLOAD_ARTIFACT == 'true'
-        uses: actions/upload-artifact@master
+        uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1
        with:
          name: rustdesk-unsigned-macos-${{ matrix.job.arch }}
          path: rustdesk-${{ env.VERSION }}-${{ matrix.job.arch }}.dmg # can not upload the directory directly or tar.gz, which destroy the link structure, causing the codesign failed
@@ -763,7 +858,7 @@ jobs:

      - name: Publish DMG package
        if: env.UPLOAD_ARTIFACT == 'true'
-        uses: softprops/action-gh-release@v1
+        uses: softprops/action-gh-release@de2c0eb89ae2a093876385947365aca7b0e5f844 # v1
        with:
          prerelease: true
          tag_name: ${{ env.TAG_NAME }}
@@ -779,25 +874,25 @@ jobs:
    if: ${{ inputs.upload-artifact }}
    steps:
      - name: Download artifacts
-        uses: actions/download-artifact@master
+        uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1
        with:
          name: rustdesk-unsigned-macos-x86_64
          path: ./

      - name: Download Artifacts
-        uses: actions/download-artifact@master
+        uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1
        with:
          name: rustdesk-unsigned-macos-aarch64
          path: ./

      - name: Download Artifacts
-        uses: actions/download-artifact@master
+        uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1
        with:
          name: rustdesk-unsigned-windows-x86_64
          path: ./windows-x86_64/

      - name: Download Artifacts
-        uses: actions/download-artifact@master
+        uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1
        with:
          name: rustdesk-unsigned-windows-x86
          path: ./windows-x86/
@@ -807,7 +902,7 @@ jobs:
          tar czf rustdesk-${{ env.VERSION }}-unsigned.tar.gz *.dmg windows-x86_64 windows-x86

      - name: Publish unsigned app
-        uses: softprops/action-gh-release@v1
+        uses: softprops/action-gh-release@de2c0eb89ae2a093876385947365aca7b0e5f844 # v1
        with:
          prerelease: true
          tag_name: ${{ env.TAG_NAME }}
@@ -844,7 +939,7 @@ jobs:
            }
    steps:
      - name: Free Disk Space (Ubuntu)
-        uses: jlumbroso/free-disk-space@main
+        uses: jlumbroso/free-disk-space@54081f138730dfa15788a46383842cd2f914a1be # v1.3.1
        with:
          tool-cache: false
          android: false
@@ -855,7 +950,7 @@ jobs:
          swap-storage: false

      - name: Export GitHub Actions cache environment variables
-        uses: actions/github-script@v6
+        uses: actions/github-script@d7906e4ad0b1822421a7e6a35d5ca353c962f410 # v6
        with:
          script: |
            core.exportVariable('ACTIONS_CACHE_URL', process.env.ACTIONS_CACHE_URL || '');
@@ -897,12 +992,12 @@ jobs:
               wget

      - name: Checkout source code
-        uses: actions/checkout@v4
+        uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4
        with:
          submodules: recursive

      - name: Install flutter
-        uses: subosito/flutter-action@v2
+        uses: subosito/flutter-action@1a449444c387b1966244ae4d4f8c696479add0b2 # v2
        with:
          channel: "stable"
          flutter-version: ${{ env.ANDROID_FLUTTER_VERSION }}
@@ -912,14 +1007,14 @@ jobs:
          cd $(dirname $(dirname $(which flutter)))
          [[ "3.24.5" == ${{env.ANDROID_FLUTTER_VERSION}} ]] && git apply ${{ github.workspace }}/.github/patches/flutter_3.24.4_dropdown_menu_enableFilter.diff

-      - uses: nttld/setup-ndk@v1
+      - uses: nttld/setup-ndk@ed92fe6cadad69be94a966a7ee3271275e62f779 # v1
        id: setup-ndk
        with:
          ndk-version: ${{ env.NDK_VERSION }}
          add-to-path: true

      - name: Setup vcpkg with Github Actions binary cache
-        uses: lukka/run-vcpkg@v11
+        uses: lukka/run-vcpkg@b1a0dd252f06b9e25b3c022a9a03bd7a427fb6a2 # v11
        with:
          vcpkgDirectory: /opt/artifacts/vcpkg
          vcpkgGitCommitId: ${{ env.VCPKG_COMMIT_ID }}
@@ -954,18 +1049,18 @@ jobs:
        shell: bash

      - name: Restore bridge files
-        uses: actions/download-artifact@master
+        uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1
        with:
          name: bridge-artifact
          path: ./

      - name: Install Rust toolchain
-        uses: dtolnay/rust-toolchain@v1
+        uses: dtolnay/rust-toolchain@e97e2d8cc328f1b50210efc529dca0028893a2d9 # v1
        with:
          toolchain: ${{ env.RUST_VERSION }}
          components: "rustfmt"

-      - uses: Swatinem/rust-cache@v2
+      - uses: Swatinem/rust-cache@e18b497796c12c097a38f9edb9d0641fb99eee32 # v2
        with:
          prefix-key: rustdesk-lib-cache-android # TODO: drop '-android' part after caches are invalidated
          key: ${{ matrix.job.target }}
@@ -1001,7 +1096,7 @@ jobs:
          esac

      - name: Upload Rustdesk library to Artifacts
-        uses: actions/upload-artifact@master
+        uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1
        with:
          name: librustdesk.so.${{ matrix.job.target }}
          path: ./target/${{ matrix.job.target }}/release/liblibrustdesk.so
@@ -1066,7 +1161,7 @@ jobs:
          echo "ANDROID_SIGN_TOOL_VERSION=$BUILD_TOOL_VERSION" >> $GITHUB_ENV
          echo Last build tool version is: $BUILD_TOOL_VERSION

-      - uses: r0adkll/sign-android-release@v1
+      - uses: r0adkll/sign-android-release@349ebdef58775b1e0d8099458af0816dc79b6407 # v1
        name: Sign app APK
        if: env.ANDROID_SIGNING_KEY != null
        id: sign-rustdesk
@@ -1082,14 +1177,14 @@ jobs:

      - name: Upload Artifacts
        if: env.ANDROID_SIGNING_KEY != null && env.UPLOAD_ARTIFACT == 'true'
-        uses: actions/upload-artifact@master
+        uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1
        with:
          name: rustdesk-${{ env.VERSION }}-${{ matrix.job.arch }}.apk
          path: ${{steps.sign-rustdesk.outputs.signedReleaseFile}}

      - name: Publish signed apk package
        if: env.ANDROID_SIGNING_KEY != null && env.UPLOAD_ARTIFACT == 'true'
-        uses: softprops/action-gh-release@v1
+        uses: softprops/action-gh-release@de2c0eb89ae2a093876385947365aca7b0e5f844 # v1
        with:
          prerelease: true
          tag_name: ${{ env.TAG_NAME }}
@@ -1098,7 +1193,7 @@ jobs:

      - name: Publish unsigned apk package
        if: env.ANDROID_SIGNING_KEY == null && env.UPLOAD_ARTIFACT == 'true'
-        uses: softprops/action-gh-release@v1
+        uses: softprops/action-gh-release@de2c0eb89ae2a093876385947365aca7b0e5f844 # v1
        with:
          prerelease: true
          tag_name: ${{ env.TAG_NAME }}
@@ -1116,7 +1211,7 @@ jobs:
      suffix: ""
    steps:
      - name: Free Disk Space (Ubuntu)
-        uses: jlumbroso/free-disk-space@main
+        uses: jlumbroso/free-disk-space@54081f138730dfa15788a46383842cd2f914a1be # v1.3.1
        with:
          tool-cache: false
          android: false
@@ -1127,7 +1222,7 @@ jobs:
          swap-storage: false

      - name: Export GitHub Actions cache environment variables
-        uses: actions/github-script@v6
+        uses: actions/github-script@d7906e4ad0b1822421a7e6a35d5ca353c962f410 # v6
        with:
          script: |
            core.exportVariable('ACTIONS_CACHE_URL', process.env.ACTIONS_CACHE_URL || '');
@@ -1169,12 +1264,12 @@ jobs:
               wget

      - name: Checkout source code
-        uses: actions/checkout@v4
+        uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4
        with:
          submodules: recursive

      - name: Install flutter
-        uses: subosito/flutter-action@v2
+        uses: subosito/flutter-action@1a449444c387b1966244ae4d4f8c696479add0b2 # v2
        with:
          channel: "stable"
          flutter-version: ${{ env.ANDROID_FLUTTER_VERSION }}
@@ -1185,32 +1280,32 @@ jobs:
          [[ "3.24.5" == ${{env.ANDROID_FLUTTER_VERSION}} ]] && git apply ${{ github.workspace }}/.github/patches/flutter_3.24.4_dropdown_menu_enableFilter.diff

      - name: Restore bridge files
-        uses: actions/download-artifact@master
+        uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1
        with:
          name: bridge-artifact
          path: ./

      - name: Download Rustdesk library from Artifacts
-        uses: actions/download-artifact@master
+        uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1
        with:
          name: librustdesk.so.aarch64-linux-android
          path: ./flutter/android/app/src/main/jniLibs/arm64-v8a

      - name: Download Rustdesk library from Artifacts
-        uses: actions/download-artifact@master
+        uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1
        with:
          name: librustdesk.so.armv7-linux-androideabi
          path: ./flutter/android/app/src/main/jniLibs/armeabi-v7a

      - name: Download Rustdesk library from Artifacts
-        uses: actions/download-artifact@master
+        uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1
        with:
          name: librustdesk.so.x86_64-linux-android
          path: ./flutter/android/app/src/main/jniLibs/x86_64

      - name: Download Rustdesk library from Artifacts
        if: ${{ env.reltype == 'debug' }}
-        uses: actions/download-artifact@master
+        uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1
        with:
          name: librustdesk.so.i686-linux-android
          path: ./flutter/android/app/src/main/jniLibs/x86
@@ -1250,7 +1345,7 @@ jobs:
          echo "ANDROID_SIGN_TOOL_VERSION=$BUILD_TOOL_VERSION" >> $GITHUB_ENV
          echo Last build tool version is: $BUILD_TOOL_VERSION

-      - uses: r0adkll/sign-android-release@v1
+      - uses: r0adkll/sign-android-release@349ebdef58775b1e0d8099458af0816dc79b6407 # v1
        name: Sign app APK
        if: env.ANDROID_SIGNING_KEY != null
        id: sign-rustdesk
@@ -1266,14 +1361,14 @@ jobs:

      - name: Upload Artifacts
        if: env.ANDROID_SIGNING_KEY != null && env.UPLOAD_ARTIFACT == 'true'
-        uses: actions/upload-artifact@master
+        uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1
        with:
          name: rustdesk-${{ env.VERSION }}-${{ matrix.job.arch }}.apk
          path: ${{steps.sign-rustdesk.outputs.signedReleaseFile}}

      - name: Publish signed apk package
        if: env.ANDROID_SIGNING_KEY != null && env.UPLOAD_ARTIFACT == 'true'
-        uses: softprops/action-gh-release@v1
+        uses: softprops/action-gh-release@de2c0eb89ae2a093876385947365aca7b0e5f844 # v1
        with:
          prerelease: true
          tag_name: ${{ env.TAG_NAME }}
@@ -1282,7 +1377,7 @@ jobs:

      - name: Publish unsigned apk package
        if: env.ANDROID_SIGNING_KEY == null && env.UPLOAD_ARTIFACT == 'true'
-        uses: softprops/action-gh-release@v1
+        uses: softprops/action-gh-release@de2c0eb89ae2a093876385947365aca7b0e5f844 # v1
        with:
          prerelease: true
          tag_name: ${{ env.TAG_NAME }}
@@ -1316,7 +1411,7 @@ jobs:
            }
    steps:
      - name: Export GitHub Actions cache environment variables
-        uses: actions/github-script@v6
+        uses: actions/github-script@d7906e4ad0b1822421a7e6a35d5ca353c962f410 # v6
        with:
          script: |
            core.exportVariable('ACTIONS_CACHE_URL', process.env.ACTIONS_CACHE_URL || '');
@@ -1334,13 +1429,13 @@ jobs:
          fi

      - name: Checkout source code
-        uses: actions/checkout@v4
+        uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4
        with:
          submodules: recursive

      - name: Set Swap Space
        if: ${{ matrix.job.arch == 'x86_64' }}
-        uses: pierotofy/set-swap-space@master
+        uses: pierotofy/set-swap-space@49819abfb41bd9b44fb781159c033dba90353a7c # v1.0
        with:
          swap-size-gb: 12

@@ -1350,7 +1445,7 @@ jobs:
          free -m

      - name: Install Rust toolchain
-        uses: dtolnay/rust-toolchain@v1
+        uses: dtolnay/rust-toolchain@e97e2d8cc328f1b50210efc529dca0028893a2d9 # v1
        if: matrix.job.arch == 'x86_64' || env.UPLOAD_ARTIFACT == 'true'
        with:
          toolchain: ${{ env.RUST_VERSION }}
@@ -1369,14 +1464,14 @@ jobs:

      - name: Restore bridge files
        if: matrix.job.arch == 'x86_64' || env.UPLOAD_ARTIFACT == 'true'
-        uses: actions/download-artifact@master
+        uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1
        with:
          name: bridge-artifact
          path: ./

      - name: Setup vcpkg with Github Actions binary cache
        if: matrix.job.arch == 'x86_64' || env.UPLOAD_ARTIFACT == 'true'
-        uses: lukka/run-vcpkg@v11
+        uses: lukka/run-vcpkg@b1a0dd252f06b9e25b3c022a9a03bd7a427fb6a2 # v11
        with:
          vcpkgDirectory: /opt/artifacts/vcpkg
          vcpkgGitCommitId: ${{ env.VCPKG_COMMIT_ID }}
@@ -1404,12 +1499,12 @@ jobs:

      - name: Restore bridge files
        if: matrix.job.arch == 'x86_64' || env.UPLOAD_ARTIFACT == 'true'
-        uses: actions/download-artifact@master
+        uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1
        with:
          name: bridge-artifact
          path: ./

-      - uses: rustdesk-org/run-on-arch-action@amd64-support
+      - uses: rustdesk-org/run-on-arch-action@d3fcfbb632b84cf7f6bc772bfaaa2c2f4f8789a8 # no release tag; commit 2026-05-26
        name: Build rustdesk
        id: vcpkg
        if: matrix.job.arch == 'x86_64' || env.UPLOAD_ARTIFACT == 'true'
@@ -1491,7 +1586,7 @@ jobs:
              export JOBS=""
            fi
            echo $JOBS
-            cargo build --lib $JOBS --features hwcodec,flutter,unix-file-copy-paste --release
+            cargo build --locked --lib $JOBS --features hwcodec,flutter,unix-file-copy-paste --release
            rm -rf target/release/deps target/release/build
            rm -rf ~/.cargo

@@ -1583,7 +1678,7 @@ jobs:

      - name: Publish debian/rpm package
        if: env.UPLOAD_ARTIFACT == 'true'
-        uses: softprops/action-gh-release@v1
+        uses: softprops/action-gh-release@de2c0eb89ae2a093876385947365aca7b0e5f844 # v1
        with:
          prerelease: true
          tag_name: ${{ env.TAG_NAME }}
@@ -1592,7 +1687,7 @@ jobs:
            rustdesk-*.rpm

      - name: Upload deb
-        uses: actions/upload-artifact@master
+        uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1
        if: env.UPLOAD_ARTIFACT == 'true'
        with:
          name: rustdesk-${{ env.VERSION }}-${{ matrix.job.arch }}.deb
@@ -1611,7 +1706,7 @@ jobs:

      - name: Build archlinux package
        if: matrix.job.arch == 'x86_64' && env.UPLOAD_ARTIFACT == 'true'
-        uses: rustdesk-org/arch-makepkg-action@master
+        uses: rustdesk-org/arch-makepkg-action@04200739ed1d0bf6f2188b6736b26a767c57a7f9 # no release tag; commit 2026-05-26
        with:
          packages:
          scripts: |
@@ -1619,7 +1714,7 @@ jobs:

      - name: Publish archlinux package
        if: matrix.job.arch == 'x86_64' && env.UPLOAD_ARTIFACT == 'true'
-        uses: softprops/action-gh-release@v1
+        uses: softprops/action-gh-release@de2c0eb89ae2a093876385947365aca7b0e5f844 # v1
        with:
          prerelease: true
          tag_name: ${{ env.TAG_NAME }}
@@ -1657,14 +1752,14 @@ jobs:
            }
    steps:
      - name: Export GitHub Actions cache environment variables
-        uses: actions/github-script@v6
+        uses: actions/github-script@d7906e4ad0b1822421a7e6a35d5ca353c962f410 # v6
        with:
          script: |
            core.exportVariable('ACTIONS_CACHE_URL', process.env.ACTIONS_CACHE_URL || '');
            core.exportVariable('ACTIONS_RUNTIME_TOKEN', process.env.ACTIONS_RUNTIME_TOKEN || '');

      - name: Checkout source code
-        uses: actions/checkout@v4
+        uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4
        with:
          submodules: recursive

@@ -1682,7 +1777,7 @@ jobs:
          free -m

      - name: Install Rust toolchain
-        uses: dtolnay/rust-toolchain@v1
+        uses: dtolnay/rust-toolchain@e97e2d8cc328f1b50210efc529dca0028893a2d9 # v1
        with:
          toolchain: ${{ env.SCITER_RUST_VERSION }}
          targets: ${{ matrix.job.target }}
@@ -1693,7 +1788,7 @@ jobs:
          RUST_TOOLCHAIN_VERSION=$(cargo --version | awk '{print $2}')
          echo "RUST_TOOLCHAIN_VERSION=$RUST_TOOLCHAIN_VERSION" >> $GITHUB_ENV

-      - uses: rustdesk-org/run-on-arch-action@amd64-support
+      - uses: rustdesk-org/run-on-arch-action@d3fcfbb632b84cf7f6bc772bfaaa2c2f4f8789a8 # no release tag; commit 2026-05-26
        name: Build rustdesk sciter binary for ${{ matrix.job.arch }}
        id: vcpkg
        with:
@@ -1821,7 +1916,7 @@ jobs:
            # build rustdesk
            python3 ./res/inline-sciter.py
            export CARGO_INCREMENTAL=0
-            cargo build --features inline${{ matrix.job.extra_features }} --release --bins --jobs 1
+            cargo build --locked --features inline${{ matrix.job.extra_features }} --release --bins --jobs 1
            # make debian package
            mkdir -p ./Release
            mv ./target/release/rustdesk ./Release/rustdesk
@@ -1839,7 +1934,7 @@ jobs:

      - name: Publish debian package
        if: env.UPLOAD_ARTIFACT == 'true'
-        uses: softprops/action-gh-release@v1
+        uses: softprops/action-gh-release@de2c0eb89ae2a093876385947365aca7b0e5f844 # v1
        with:
          prerelease: true
          tag_name: ${{ env.TAG_NAME }}
@@ -1847,7 +1942,7 @@ jobs:
            rustdesk-${{ env.VERSION }}-${{ matrix.job.arch }}-sciter.deb

      - name: Upload deb
-        uses: actions/upload-artifact@master
+        uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1
        if: env.UPLOAD_ARTIFACT == 'true'
        with:
          name: rustdesk-${{ env.VERSION }}-${{ matrix.job.arch }}-sciter.deb
@@ -1866,12 +1961,12 @@ jobs:
          - { target: aarch64-unknown-linux-gnu, arch: aarch64 }
    steps:
      - name: Checkout source code
-        uses: actions/checkout@v4
+        uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4
        with:
          submodules: recursive

      - name: Download Binary
-        uses: actions/download-artifact@master
+        uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1
        with:
          name: rustdesk-${{ env.VERSION }}-${{ matrix.job.arch }}.deb
          path: .
@@ -1896,7 +1991,7 @@ jobs:

      - name: Publish appimage package
        if: env.UPLOAD_ARTIFACT == 'true'
-        uses: softprops/action-gh-release@v1
+        uses: softprops/action-gh-release@de2c0eb89ae2a093876385947365aca7b0e5f844 # v1
        with:
          prerelease: true
          tag_name: ${{ env.TAG_NAME }}
@@ -1939,12 +2034,12 @@ jobs:
            }
    steps:
      - name: Checkout source code
-        uses: actions/checkout@v4
+        uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4
        with:
          submodules: recursive

      - name: Download Binary
-        uses: actions/download-artifact@master
+        uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1
        with:
          name: rustdesk-${{ env.VERSION }}-${{ matrix.job.arch }}${{ matrix.job.suffix }}.deb
          path: .
@@ -1953,7 +2048,7 @@ jobs:
        run: |
          mv rustdesk-${{ env.VERSION }}-${{ matrix.job.arch }}${{ matrix.job.suffix }}.deb flatpak/rustdesk.deb

-      - uses: rustdesk-org/run-on-arch-action@amd64-support
+      - uses: rustdesk-org/run-on-arch-action@d3fcfbb632b84cf7f6bc772bfaaa2c2f4f8789a8 # no release tag; commit 2026-05-26
        name: Build rustdesk flatpak package for ${{ matrix.job.arch }}
        id: flatpak
        with:
@@ -1981,7 +2076,7 @@ jobs:
            flatpak build-bundle ./repo rustdesk-${{ env.VERSION }}-${{ matrix.job.arch }}${{ matrix.job.suffix }}.flatpak com.rustdesk.RustDesk

      - name: Publish flatpak package
-        uses: softprops/action-gh-release@v1
+        uses: softprops/action-gh-release@de2c0eb89ae2a093876385947365aca7b0e5f844 # v1
        with:
          prerelease: true
          tag_name: ${{ env.TAG_NAME }}
@@ -2000,7 +2095,7 @@ jobs:
      RELEASE_NAME: web-basic
    steps:
      - name: Checkout source code
-        uses: actions/checkout@v4
+        uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4
        with:
          submodules: recursive

@@ -2010,7 +2105,7 @@ jobs:
          sudo apt-get install -y wget npm

      - name: Install flutter
-        uses: subosito/flutter-action@v2.12.0 #https://github.com/subosito/flutter-action/issues/277
+        uses: subosito/flutter-action@2783a3f08e1baf891508463f8c6653c258246225  # v2.12.0; https://github.com/subosito/flutter-action/issues/277
        with:
          channel: "stable"
          flutter-version: ${{ env.FLUTTER_VERSION }}
@@ -2054,7 +2149,7 @@ jobs:

      - name: Publish web
        if: env.UPLOAD_ARTIFACT == 'true'
-        uses: softprops/action-gh-release@v1
+        uses: softprops/action-gh-release@de2c0eb89ae2a093876385947365aca7b0e5f844 # v1
        with:
          prerelease: true
          tag_name: ${{ env.TAG_NAME }}
--- a/.github/workflows/playground.yml
+++ b/.github/workflows/playground.yml
@@ -17,7 +17,7 @@ env:
  TAG_NAME: "nightly"
  VCPKG_BINARY_SOURCES: "clear;x-gha,readwrite"
  VCPKG_COMMIT_ID: "120deac3062162151622ca4860575a33844ba10b"
-  VERSION: "1.4.6"
+  VERSION: "1.4.8"
  NDK_VERSION: "r26d"
  #signing keys env variable checks
  ANDROID_SIGNING_KEY: "${{ secrets.ANDROID_SIGNING_KEY }}"
@@ -79,21 +79,21 @@ jobs:
            }
    steps:
      - name: Export GitHub Actions cache environment variables
-        uses: actions/github-script@v6
+        uses: actions/github-script@d7906e4ad0b1822421a7e6a35d5ca353c962f410 # v6
        with:
          script: |
            core.exportVariable('ACTIONS_CACHE_URL', process.env.ACTIONS_CACHE_URL || '');
            core.exportVariable('ACTIONS_RUNTIME_TOKEN', process.env.ACTIONS_RUNTIME_TOKEN || '');

      - name: Checkout source code
-        uses: actions/checkout@v3
+        uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3
        with:
          ref: ${{ matrix.job.ref }}
          submodules: recursive

      - name: Import the codesign cert
        if: env.MACOS_P12_BASE64 != null
-        uses: apple-actions/import-codesign-certs@v1
+        uses: apple-actions/import-codesign-certs@253ddeeac23f2bdad1646faac5c8c2832e800071 # v1
        with:
          p12-file-base64: ${{ secrets.MACOS_P12_BASE64 }}
          p12-password: ${{ secrets.MACOS_P12_PASSWORD }}
@@ -107,7 +107,7 @@ jobs:

      - name: Import notarize key
        if: env.MACOS_P12_BASE64 != null
-        uses: timheuer/base64-to-file@v1.2
+        uses: timheuer/base64-to-file@adaa40c0c581f276132199d4cf60afa07ce60eac # v1.2
        with:
          # https://gregoryszorc.com/docs/apple-codesign/stable/apple_codesign_rcodesign.html#notarizing-and-stapling
          fileName: rustdesk.json
@@ -129,19 +129,19 @@ jobs:
          brew install llvm create-dmg nasm pkg-config

      - name: Install flutter
-        uses: subosito/flutter-action@v2
+        uses: subosito/flutter-action@1a449444c387b1966244ae4d4f8c696479add0b2 # v2
        with:
          channel: "stable"
          flutter-version: ${{ matrix.job.flutter }}

      - name: Install Rust toolchain
-        uses: dtolnay/rust-toolchain@v1
+        uses: dtolnay/rust-toolchain@e97e2d8cc328f1b50210efc529dca0028893a2d9 # v1
        with:
          toolchain: ${{ env.RUST_VERSION }}
          targets: ${{ matrix.job.target }}
          components: "rustfmt"

-      - uses: Swatinem/rust-cache@v2
+      - uses: Swatinem/rust-cache@e18b497796c12c097a38f9edb9d0641fb99eee32 # v2
        with:
          prefix-key: ${{ matrix.job.os }}

@@ -156,7 +156,7 @@ jobs:
          ~/.cargo/bin/flutter_rust_bridge_codegen --rust-input ./src/flutter_ffi.rs --dart-output ./flutter/lib/generated_bridge.dart --c-output ./flutter/macos/Runner/bridge_generated.h

      - name: Setup vcpkg with Github Actions binary cache
-        uses: lukka/run-vcpkg@v11
+        uses: lukka/run-vcpkg@b1a0dd252f06b9e25b3c022a9a03bd7a427fb6a2 # v11
        with:
          vcpkgGitCommitId: ${{ env.VCPKG_COMMIT_ID }}

@@ -165,7 +165,7 @@ jobs:
          $VCPKG_ROOT/vcpkg install --x-install-root="$VCPKG_ROOT/installed"
          
      - name: Restore from cache and install vcpkg
-        uses: lukka/run-vcpkg@v7
+        uses: lukka/run-vcpkg@8a5116de2b552d6fc8894e9774aacaf2e5db4823 # v7 2026-05-26
        if: false
        with:
          setupOnly: true
@@ -222,7 +222,7 @@ jobs:
          done

      - name: Publish DMG package
-        uses: softprops/action-gh-release@v1
+        uses: softprops/action-gh-release@de2c0eb89ae2a093876385947365aca7b0e5f844 # v1
        with:
          prerelease: true
          tag_name: ${{ env.TAG_NAME }}
@@ -247,7 +247,7 @@ jobs:
            }
    steps:
      - name: Checkout source code
-        uses: actions/checkout@v3
+        uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3
        with:
          ref: ${{ matrix.job.ref }}
          submodules: recursive
@@ -290,13 +290,13 @@ jobs:
               wget

      - name: Install flutter
-        uses: subosito/flutter-action@v2
+        uses: subosito/flutter-action@1a449444c387b1966244ae4d4f8c696479add0b2 # v2
        with:
          channel: "stable"
          flutter-version: ${{ env.FLUTTER_VERSION }}

      - name: Install Rust toolchain
-        uses: dtolnay/rust-toolchain@v1
+        uses: dtolnay/rust-toolchain@e97e2d8cc328f1b50210efc529dca0028893a2d9 # v1
        with:
          toolchain: ${{ env.RUST_VERSION }}
          components: "rustfmt"
@@ -310,14 +310,14 @@ jobs:
          pushd flutter ; flutter pub get ; popd
          ~/.cargo/bin/flutter_rust_bridge_codegen --rust-input ./src/flutter_ffi.rs --dart-output ./flutter/lib/generated_bridge.dart

-      - uses: nttld/setup-ndk@v1
+      - uses: nttld/setup-ndk@ed92fe6cadad69be94a966a7ee3271275e62f779 # v1
        id: setup-ndk
        with:
          ndk-version: ${{ env.NDK_VERSION }}
          add-to-path: true

      - name: Setup vcpkg with Github Actions binary cache
-        uses: lukka/run-vcpkg@v11
+        uses: lukka/run-vcpkg@b1a0dd252f06b9e25b3c022a9a03bd7a427fb6a2 # v11
        with:
          vcpkgDirectory: /opt/artifacts/vcpkg
          vcpkgGitCommitId: ${{ env.VCPKG_COMMIT_ID }}
@@ -395,7 +395,7 @@ jobs:
          mkdir -p signed-apk; pushd signed-apk
          mv ../rustdesk-${{ env.VERSION }}-${{ matrix.job.arch }}.apk ./rustdesk-test-${{ matrix.job.ref }}-${{ matrix.job.ndk }}.apk

-      - uses: r0adkll/sign-android-release@v1
+      - uses: r0adkll/sign-android-release@349ebdef58775b1e0d8099458af0816dc79b6407 # v1
        name: Sign app APK
        if: env.ANDROID_SIGNING_KEY != null
        id: sign-rustdesk
@@ -410,7 +410,7 @@ jobs:
          BUILD_TOOLS_VERSION: "30.0.2"

      - name: Publish signed apk package
-        uses: softprops/action-gh-release@v1
+        uses: softprops/action-gh-release@de2c0eb89ae2a093876385947365aca7b0e5f844 # v1
        with:
          prerelease: true
          tag_name: ${{ env.TAG_NAME }}
--- a/.github/workflows/third-party-RustDeskTempTopMostWindow.yml
+++ b/.github/workflows/third-party-RustDeskTempTopMostWindow.yml
@@ -39,22 +39,21 @@ jobs:
      build_output_dir: RustDeskTempTopMostWindow/WindowInjection/${{ inputs.platform }}/${{ inputs.configuration }}
    steps:
      - name: Add MSBuild to PATH
-        uses: microsoft/setup-msbuild@v2
+        uses: microsoft/setup-msbuild@6fb02220983dee41ce7ae257b6f4d8f9bf5ed4ce # v2

      - name: Download the source code
        run: |
          git clone https://github.com/rustdesk-org/RustDeskTempTopMostWindow RustDeskTempTopMostWindow

-        # Build. commit 53b548a5398624f7149a382000397993542ad796 is tag v0.3
      - name: Build the project
        run: |
-          cd RustDeskTempTopMostWindow && git checkout 53b548a5398624f7149a382000397993542ad796
+          cd RustDeskTempTopMostWindow && git checkout ecd8d6a139eee76845ea66423fb739af450fda90
          msbuild ${{ env.project_path }} -p:Configuration=${{ inputs.configuration }} -p:Platform=${{ inputs.platform }} /p:TargetVersion=${{ inputs.target_version }}

      - name: Archive build artifacts
-        uses: actions/upload-artifact@master
+        uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1
        if: ${{ inputs.upload-artifact }}
        with:
-            name: topmostwindow-artifacts
+            name: topmostwindow-artifacts-${{ inputs.platform }}
            path: |
              ./${{ env.build_output_dir }}/WindowInjection.dll
--- a/.github/workflows/wf-cliprdr-ci.yml
+++ b/.github/workflows/wf-cliprdr-ci.yml
@@ -0,0 +1,85 @@
+name: wf-cliprdr CI
+
+on:
+  workflow_dispatch:
+  pull_request:
+    paths:
+      - "libs/clipboard/src/windows/**"
+      - "tests/test_invariant_wf_cliprdr.c"
+      - ".github/workflows/wf-cliprdr-ci.yml"
+  push:
+    branches:
+      - master
+    paths:
+      - "libs/clipboard/src/windows/**"
+      - "tests/test_invariant_wf_cliprdr.c"
+      - ".github/workflows/wf-cliprdr-ci.yml"
+
+permissions:
+  contents: read
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+
+jobs:
+  test:
+    name: wf_cliprdr invariant test
+    runs-on: windows-2022
+
+    steps:
+      - name: Checkout source code
+        uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4
+        with:
+          persist-credentials: false
+
+      - name: Set up MSVC
+        uses: ilammy/msvc-dev-cmd@0b201ec74fa43914dc39ae48a89fd1d8cb592756
+        with:
+          arch: x64
+
+      - name: Setup vcpkg with GitHub Actions binary cache
+        uses: lukka/run-vcpkg@b1a0dd252f06b9e25b3c022a9a03bd7a427fb6a2 # v11
+        with:
+          vcpkgDirectory: C:\vcpkg
+          doNotCache: false
+
+      - name: Install vcpkg dependency
+        shell: pwsh
+        run: |
+          & "$env:VCPKG_ROOT\vcpkg.exe" install check:x64-windows --classic --x-install-root="$env:VCPKG_ROOT\installed"
+
+      - name: Build test
+        shell: pwsh
+        run: |
+          $testRoot = Join-Path $env:GITHUB_WORKSPACE 'build\wf-cliprdr'
+          New-Item -ItemType Directory -Force $testRoot | Out-Null
+
+          $testSource = (($env:GITHUB_WORKSPACE -replace '\\', '/') + '/tests/test_invariant_wf_cliprdr.c')
+          $cmakeLists = @(
+            'cmake_minimum_required(VERSION 3.20)'
+            'project(test_invariant_wf_cliprdr C)'
+            ''
+            'set(CMAKE_C_STANDARD 11)'
+            'set(CMAKE_C_STANDARD_REQUIRED ON)'
+            'set(CMAKE_C_EXTENSIONS OFF)'
+            ''
+            'find_package(check CONFIG REQUIRED)'
+            ''
+            'add_executable(test_invariant_wf_cliprdr'
+            '  "TEST_SOURCE"'
+            ')'
+            ''
+            'target_link_libraries(test_invariant_wf_cliprdr PRIVATE'
+            '  $<$<TARGET_EXISTS:Check::check>:Check::check>'
+            '  $<$<NOT:$<TARGET_EXISTS:Check::check>>:Check::checkShared>'
+            ')'
+          ) -join [Environment]::NewLine
+          $cmakeLists.Replace('TEST_SOURCE', $testSource) | Set-Content -NoNewline (Join-Path $testRoot 'CMakeLists.txt')
+
+          cmake -S $testRoot -B (Join-Path $testRoot 'out') -G "Visual Studio 17 2022" -A x64 -DCMAKE_TOOLCHAIN_FILE="$env:VCPKG_ROOT\scripts\buildsystems\vcpkg.cmake" -DVCPKG_TARGET_TRIPLET=x64-windows
+          cmake --build (Join-Path $testRoot 'out') --config Release
+
+      - name: Run test
+        shell: pwsh
+        run: .\build\wf-cliprdr\out\Release\test_invariant_wf_cliprdr.exe
--- a/AGENTS.md
+++ b/AGENTS.md
@@ -60,3 +60,27 @@
 * Do not refactor unrelated code.
 * Do not make formatting-only changes.
 * Keep naming/style consistent with nearby code.
+
+## Localization (`src/lang/*.rs`)
+
+Each file is a `HashMap<key, translation>`. Layout:
+
+* `template.rs` is the master list of every key. **Never edit it** as part of translation work.
+* `en.rs` holds only the keys whose English display text differs from the key itself.
+* Every other file (`de.rs`, `fr.rs`, …) carries the full key set; an untranslated entry has an empty value: `("key", "")`.
+
+### Finding the English source for a key
+
+When filling an empty entry, determine the source English text with this rule:
+
+* If `key` exists in `en.rs` **with a non-empty value**, that value is the source text (look it up in `en.rs`).
+* Otherwise the **key string itself is the source text** (the key is already plain English).
+
+Then translate that source into the file's target language (infer the language from the file's existing non-empty entries / filename).
+
+### Translation hygiene
+
+* Only fill empty values. Never change keys, and never touch existing non-empty translations.
+* Preserve placeholders (`{}`) and escape sequences (`\n`, `\"`) exactly as in the source.
+* Do not translate brand or technical tokens: `RustDesk`, `Socks5`, `TLS`, `UAC`, `Wayland`, `X11`, `TCP`, `UDP`, `2FA`, `RDP`, `D3D`, etc.
+* Copy URL values (e.g. `doc_*` keys) verbatim from `en.rs`.
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -292,7 +292,7 @@ checksum = "e16d2d3311acee920a9eb8d33b8cbc1787ce4a264e85f964c2404b969bdcd487"
 [[package]]
 name = "arboard"
 version = "3.4.0"
-source = "git+https://github.com/rustdesk-org/arboard#85be1218668ff218a7b170c9d424fde73e069914"
+source = "git+https://github.com/rustdesk-org/arboard#c7d5781f563176df9efd8df6287e823fb1b9bed5"
 dependencies = [
 "clipboard-win",
 "core-graphics 0.23.2",
@@ -2329,7 +2329,7 @@ version = "0.5.2"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "330c60081dcc4c72131f8eb70510f1ac07223e5d4163db481a04a0befcffa412"
 dependencies = [
- "libloading 0.8.4",
+ "libloading 0.7.4",
 ]

 [[package]]
@@ -2694,7 +2694,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "39cab71617ae0d63f51a36d69f866391735b51691dbda63cf6f96d042b63efeb"
 dependencies = [
 "libc",
- "windows-sys 0.52.0",
+ "windows-sys 0.60.2",
 ]

 [[package]]
@@ -3952,7 +3952,7 @@ checksum = "9a3a5bfb195931eeb336b2a7b4d761daec841b97f947d34394601737a7bba5e4"
 [[package]]
 name = "hwcodec"
 version = "0.7.1"
-source = "git+https://github.com/rustdesk-org/hwcodec#398e5a8938dd8768ade0fcdc27ea80e8b4b38738"
+source = "git+https://github.com/rustdesk-org/hwcodec#778df1f99597722473b29443bac22ae6c23946fe"
 dependencies = [
 "bindgen 0.59.2",
 "cc",
@@ -4494,7 +4494,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "e310b3a6b5907f99202fcdb4960ff45b93735d7c7d96b760fcff8db2dc0e103d"
 dependencies = [
 "cfg-if 1.0.0",
- "windows-targets 0.52.6",
+ "windows-targets 0.48.5",
 ]

 [[package]]
@@ -4695,7 +4695,7 @@ dependencies = [
 [[package]]
 name = "magnum-opus"
 version = "0.4.0"
-source = "git+https://github.com/rustdesk-org/magnum-opus#5cd2bf989c148662fa3a2d9d539a71d71fd1d256"
+source = "git+https://github.com/rustdesk-org/magnum-opus#588c6e1f9ed50c3a01fa64f3bd3e7cdb0378a114"
 dependencies = [
 "bindgen 0.59.2",
 "pkg-config",
@@ -5996,8 +5996,8 @@ dependencies = [

 [[package]]
 name = "parity-tokio-ipc"
-version = "0.7.3-5"
-source = "git+https://github.com/rustdesk-org/parity-tokio-ipc#c8c8bbcbabf9be1201c53afb0269b92b9b02d291"
+version = "0.7.3-6"
+source = "git+https://github.com/rustdesk-org/parity-tokio-ipc#d0ae39bffe5d5a3e8d82a1b6bcb1ca5a9b2f1c01"
 dependencies = [
 "futures",
 "libc",
@@ -6673,7 +6673,7 @@ dependencies = [
 "once_cell",
 "socket2 0.5.10",
 "tracing",
- "windows-sys 0.52.0",
+ "windows-sys 0.60.2",
 ]

 [[package]]
@@ -7270,7 +7270,7 @@ dependencies = [

 [[package]]
 name = "rustdesk"
-version = "1.4.6"
+version = "1.4.8"
 dependencies = [
 "android-wakelock",
 "android_logger",
@@ -7385,7 +7385,7 @@ dependencies = [

 [[package]]
 name = "rustdesk-portable-packer"
-version = "1.4.6"
+version = "1.4.8"
 dependencies = [
 "brotli",
 "dirs 5.0.1",
@@ -7457,7 +7457,7 @@ dependencies = [
 "errno",
 "libc",
 "linux-raw-sys 0.11.0",
- "windows-sys 0.52.0",
+ "windows-sys 0.60.2",
 ]

 [[package]]
@@ -7514,7 +7514,7 @@ dependencies = [
 "security-framework 3.5.1",
 "security-framework-sys",
 "webpki-root-certs",
- "windows-sys 0.52.0",
+ "windows-sys 0.60.2",
 ]

 [[package]]
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -1,6 +1,6 @@
 [package]
 name = "rustdesk"
-version = "1.4.6"
+version = "1.4.8"
 authors = ["rustdesk <info@rustdesk.com>"]
 edition = "2021"
 build= "build.rs"
--- a/appimage/AppImageBuilder-aarch64.yml
+++ b/appimage/AppImageBuilder-aarch64.yml
@@ -18,7 +18,7 @@ AppDir:
    id: rustdesk
    name: rustdesk
    icon: rustdesk
-    version: 1.4.6
+    version: 1.4.8
    exec: usr/share/rustdesk/rustdesk
    exec_args: $@
  apt:
--- a/appimage/AppImageBuilder-x86_64.yml
+++ b/appimage/AppImageBuilder-x86_64.yml
@@ -18,7 +18,7 @@ AppDir:
    id: rustdesk
    name: rustdesk
    icon: rustdesk
-    version: 1.4.6
+    version: 1.4.8
    exec: usr/share/rustdesk/rustdesk
    exec_args: $@
  apt:
--- a/build.py
+++ b/build.py
@@ -17,7 +17,8 @@ osx = platform.platform().startswith(
 hbb_name = 'rustdesk' + ('.exe' if windows else '')
 exe_path = 'target/release/' + hbb_name
 if windows:
-    flutter_build_dir = 'build/windows/x64/runner/Release/'
+    win_arch = 'arm64' if platform.machine().lower() in ('arm64', 'aarch64') else 'x64'
+    flutter_build_dir = f'build/windows/{win_arch}/runner/Release/'
 elif osx:
    flutter_build_dir = 'build/macos/Build/Products/Release/'
 else:
@@ -172,7 +173,7 @@ def generate_build_script_for_docker():
            # flutter_rust_bridge
            dart pub global activate ffigen --version 5.0.1
            pushd /tmp && git clone https://github.com/SoLongAndThanksForAllThePizza/flutter_rust_bridge --depth=1 && popd
-            pushd /tmp/flutter_rust_bridge/frb_codegen && cargo install --path . && popd
+            pushd /tmp/flutter_rust_bridge/frb_codegen && cargo install --path . --locked && popd
            pushd flutter && flutter pub get && popd
            ~/.cargo/bin/flutter_rust_bridge_codegen --rust-input ./src/flutter_ffi.rs --dart-output ./flutter/lib/generated_bridge.dart
            # install vcpkg
@@ -299,7 +300,7 @@ Version: %s
 Architecture: %s
 Maintainer: rustdesk <info@rustdesk.com>
 Homepage: https://rustdesk.com
-Depends: libgtk-3-0, libxcb-randr0, libxdo3 | libxdo4, libxfixes3, libxcb-shape0, libxcb-xfixes0, libasound2, libsystemd0, curl, libva2, libva-drm2, libva-x11-2, libgstreamer-plugins-base1.0-0, libpam0g, gstreamer1.0-pipewire%s
+Depends: libgtk-3-0t64 | libgtk-3-0, libxcb-randr0, libxdo3 | libxdo4, libxfixes3, libxcb-shape0, libxcb-xfixes0, libasound2t64 | libasound2, libsystemd0, curl, libva2, libva-drm2, libva-x11-2, libgstreamer-plugins-base1.0-0, libpam0g, gstreamer1.0-pipewire%s
 Recommends: libayatana-appindicator3-1
 Description: A remote control software.

@@ -317,7 +318,7 @@ def ffi_bindgen_function_refactor():

 def build_flutter_deb(version, features):
    if not skip_cargo:
-        system2(f'cargo build --features {features} --lib --release')
+        system2(f'cargo build --locked --features {features} --lib --release')
        ffi_bindgen_function_refactor()
    os.chdir('flutter')
    system2('flutter build linux --release')
@@ -405,12 +406,17 @@ def build_flutter_dmg(version, features):
    if not skip_cargo:
        # set minimum osx build target, now is 10.14, which is the same as the flutter xcode project
        system2(
-            f'MACOSX_DEPLOYMENT_TARGET=10.14 cargo build --features {features} --release')
+            f'MACOSX_DEPLOYMENT_TARGET=10.14 cargo build --locked --features {features} --release')
    # copy dylib
    system2(
        "cp target/release/liblibrustdesk.dylib target/release/librustdesk.dylib")
    os.chdir('flutter')
-    system2('flutter build macos --release')
+    # cargo builds a single-arch dylib for the host; restrict Xcode to the same arch
+    # so the universal-by-default ARCHS_STANDARD doesn't try to link a missing slice.
+    # FLUTTER_XCODE_* env vars are forwarded to xcodebuild as build settings.
+    mac_arch = 'arm64' if platform.machine().lower() in ('arm64', 'aarch64') else 'x86_64'
+    system2(
+        f'FLUTTER_XCODE_ARCHS={mac_arch} FLUTTER_XCODE_ONLY_ACTIVE_ARCH=YES flutter build macos --release')
    system2('cp -rf ../target/release/service ./build/macos/Build/Products/Release/RustDesk.app/Contents/MacOS/')
    '''
    system2(
@@ -422,7 +428,7 @@ def build_flutter_dmg(version, features):

 def build_flutter_arch_manjaro(version, features):
    if not skip_cargo:
-        system2(f'cargo build --features {features} --lib --release')
+        system2(f'cargo build --locked --features {features} --lib --release')
    ffi_bindgen_function_refactor()
    os.chdir('flutter')
    system2('flutter build linux --release')
@@ -433,7 +439,7 @@ def build_flutter_arch_manjaro(version, features):

 def build_flutter_windows(version, features, skip_portable_pack):
    if not skip_cargo:
-        system2(f'cargo build --features {features} --lib --release')
+        system2(f'cargo build --locked --features {features} --lib --release')
        if not os.path.exists("target/release/librustdesk.dll"):
            print("cargo build failed, please check rust source code.")
            exit(-1)
@@ -489,13 +495,13 @@ def main():
    if windows:
        # build virtual display dynamic library
        os.chdir('libs/virtual_display/dylib')
-        system2('cargo build --release')
+        system2('cargo build --locked --release')
        os.chdir('../../..')

        if flutter:
            build_flutter_windows(version, features, args.skip_portable_pack)
            return
-        system2('cargo build --release --features ' + features)
+        system2('cargo build --locked --release --features ' + features)
        # system2('upx.exe target/release/rustdesk.exe')
        system2('mv target/release/rustdesk.exe target/release/RustDesk.exe')
        pa = os.environ.get('P')
@@ -506,6 +512,7 @@ def main():
                'target\\release\\rustdesk.exe')
        else:
            print('Not signed')
+        os.makedirs(res_dir, exist_ok=True)
        system2(
            f'cp -rf target/release/RustDesk.exe {res_dir}')
        os.chdir('libs/portable')
@@ -519,7 +526,7 @@ def main():
        if flutter:
            build_flutter_arch_manjaro(version, features)
        else:
-            system2('cargo build --release --features ' + features)
+            system2('cargo build --locked --release --features ' + features)
            system2('git checkout src/ui/common.tis')
            system2('strip target/release/rustdesk')
            system2('ln -s res/pacman_install && ln -s res/PKGBUILD')
@@ -528,7 +535,7 @@ def main():
            version, version))
        # pacman -U ./rustdesk.pkg.tar.zst
    elif os.path.isfile('/usr/bin/yum'):
-        system2('cargo build --release --features ' + features)
+        system2('cargo build --locked --release --features ' + features)
        system2('strip target/release/rustdesk')
        system2(
            "sed -i 's/Version:    .*/Version:    %s/g' res/rpm.spec" % version)
@@ -538,7 +545,7 @@ def main():
                version, version))
        # yum localinstall rustdesk.rpm
    elif os.path.isfile('/usr/bin/zypper'):
-        system2('cargo build --release --features ' + features)
+        system2('cargo build --locked --release --features ' + features)
        system2('strip target/release/rustdesk')
        system2(
            "sed -i 's/Version:    .*/Version:    %s/g' res/rpm-suse.spec" % version)
@@ -557,7 +564,7 @@ def main():
                #     'mv target/release/bundle/deb/rustdesk*.deb ./flutter/rustdesk.deb')
                build_flutter_deb(version, features)
        else:
-            system2('cargo bundle --release --features ' + features)
+            system2('cargo --locked bundle --release --features ' + features)
            if osx:
                system2(
                    'strip target/release/bundle/osx/RustDesk.app/Contents/MacOS/rustdesk')
--- a/docs/README-KR.md
+++ b/docs/README-KR.md
@@ -1,10 +1,10 @@
 <p align="center">
  <img src="../res/logo-header.svg" alt="RustDesk - Your remote desktop"><br>
-  <a href="#빌드를 위한 원시 단계">빌드</a> •
-  <a href="#Docker로 빌드하는 방법">Docker</a> •
-  <a href="#파일 구조">구조</a> •
-  <a href="#스크린샷">스냇샷</a><br>
-  [<a href="../README.md">English</a>] | [<a href="README-UA.md">Українська</a>] | [<a href="README-CS.md">česky</a>] | [<a href="README-ZH.md">中文</a>] | [<a href="README-HU.md">Magyar</a>] | [<a href="README-ES.md">Español</a>] | [<a href="README-FA.md">فارسی</a>] | [<a href="README-FR.md">Français</a>] | [<a href="README-DE.md">Deutsch</a>] | [<a href="README-PL.md">Polski</a>] | [<a href="README-ID.md">Indonesian</a>] | [<a href="README-FI.md">Suomi</a>] | [<a href="README-ML.md">മലയാളം</a>] | [<a href="README-JP.md">日本語</a>] | [<a href="README-NL.md">Nederlands</a>] | [<a href="README-IT.md">Italiano</a>] | [<a href="README-RU.md">Русский</a>] | [<a href="README-PTBR.md">Português (Brasil)</a>] | [<a href="README-EO.md">Esperanto</a>] | [<a href="README-KR.md">한국어</a>] | [<a href="README-AR.md">العربي</a>] | [<a href="README-VN.md">Tiếng Việt</a>] | [<a href="README-DA.md">Dansk</a>] | [<a href="README-GR.md">Ελληνικά</a>] | [<a href="README-TR.md">Türkçe</a>] | [<a href="README-NO.md">Norsk</a>]<br>
+  <a href="#빌드를_위한_원시_단계">빌드</a> •
+  <a href="#Docker로_빌드하는_방법">Docker</a> •
+  <a href="#파일_구조">구조</a> •
+  <a href="#스크린샷">스냅샷</a><br>
+  [<a href="../README.md">English</a>] | [<a href="README-UA.md">Українська</a>] | [<a href="README-CS.md">česky</a>] | [<a href="README-ZH.md">中文</a>] | [<a href="README-HU.md">Magyar</a>] | [<a href="README-ES.md">Español</a>] | [<a href="README-FA.md">فارسی</a>] | [<a href="README-FR.md">Français</a>] | [<a href="README-DE.md">Deutsch</a>] | [<a href="README-PL.md">Polski</a>] | [<a href="README-ID.md">Indonesian</a>] | [<a href="README-FI.md">Suomi</a>] | [<a href="README-ML.md">മലയാളം</a>] | [<a href="README-JP.md">日本語</a>] | [<a href="README-NL.md">Nederlands</a>] | [<a href="README-IT.md">Italiano</a>] | [<a href="README-RU.md">Русский</a>] | [<a href="README-PTBR.md">Português (Brasil)</a>] | [<a href="README-EO.md">Esperanto</a>] | [<a href="README-KR.md">한국어</a>] | [<a href="README-AR.md">العربي</a>] | [<a href="README-VN.md">Tiếng Việt</a>] | [<a href="README-DA.md">Dansk</a>] | [<a href="README-GR.md">Ελληνικά</a>] | [<a href="README-TR.md">Türkçe</a>] | [<a href="README-NO.md">Norsk</a>] | [<a href="README-RO.md">Română</a>]<br>
  <b>이 README, <a href="https://github.com/rustdesk/rustdesk/tree/master/src/lang">RustDesk UI</a> 및 <a href="https://github.com/rustdesk/doc.rustdesk.com">RustDesk 문서</a>를 귀하의 모국어로 번역하는 데 도움이 필요합니다</b>
 </p>

@@ -46,9 +46,9 @@ Sciter 동적 라이브러리를 직접 다운로드하세요.
 [Linux](https://raw.githubusercontent.com/c-smile/sciter-sdk/master/bin.lnx/x64/libsciter-gtk.so) |
 [macOS](https://raw.githubusercontent.com/c-smile/sciter-sdk/master/bin.osx/libsciter.dylib)

-## 빌드를 위한 원시 단계
+## 빌드를_위한_원시_단계

- Rust 개발 환경과 C++ 빌드 환경을 준비합니다
+- Rust 개발 환경과 C++ 빌드 환경 준비

 - [vcpkg](https://github.com/microsoft/vcpkg)를 설치하고 `VCPKG_ROOT` 환경 변수를 올바르게 설정합니다

@@ -125,7 +125,7 @@ mv libsciter-gtk.so target/debug
 VCPKG_ROOT=$HOME/vcpkg cargo run
 ```

-## Docker로 빌드하는 방법
+## Docker로_빌드하는_방법

 먼저 리포지토리를 복제하고 Docker 컨테이너를 빌드합니다:

@@ -156,7 +156,7 @@ target/release/rustdesk

 RustDesk 리포지토리의 루트에서 이러한 명령을 실행하고 있는지 확인하세요. 그렇지 않으면 응용 프로그램이 필요한 리소스를 찾지 못할 수 있습니다. 또한 `install` 또는 `run` 과 같은 다른 cargo 하위 명령은 호스트가 아닌 컨테이너 내부에 프로그램을 설치하거나 실행하므로 현재 이 방법을 통해 지원되지 않는다는 점에 유의하세요.

-## 파일 구조
+## 파일_구조

 - **[libs/hbb_common](https://github.com/rustdesk/rustdesk/tree/master/libs/hbb_common)**: 비디오 코덱, 구성, tcp/udp wrapper, protobuf, 파일 전송을 위한 fs 함수 및 기타 유틸리티 함수
 - **[libs/scrap](https://github.com/rustdesk/rustdesk/tree/master/libs/scrap)**: 화면 캡쳐
--- a/docs/README-PTBR.md
+++ b/docs/README-PTBR.md
@@ -1,55 +1,82 @@
 <p align="center">
  <img src="../res/logo-header.svg" alt="RustDesk - Seu desktop remoto"><br>
-  <a href="#servidores-públicos-grátis">Servidores</a> •
-  <a href="#compilação-crua">Compilar</a> •
-  <a href="#como-compilar-com-docker">Docker</a> •
+  <a href="#compilar">Compilar</a> •
+  <a href="#como-compilar-com-o-docker">Docker</a> •
  <a href="#estrutura-de-arquivos">Estrutura</a> •
-  <a href="#screenshots">Screenshots</a><br>
-  [<a href="../README.md">English</a>] | [<a href="README-UA.md">Українська</a>] | [<a href="README-CS.md">česky</a>] | [<a href="README-ZH.md">中文</a>] | [<a href="README-HU.md">Magyar</a>] | [<a href="README-ES.md">Español</a>] | [<a href="README-FA.md">فارسی</a>] | [<a href="README-FR.md">Français</a>] | [<a href="README-DE.md">Deutsch</a>] | [<a href="README-PL.md">Polski</a>] | [<a href="README-ID.md">Indonesian</a>] | [<a href="README-FI.md">Suomi</a>] | [<a href="README-ML.md">മലയാളം</a>] | [<a href="README-JP.md">日本語</a>] | [<a href="README-NL.md">Nederlands</a>] | [<a href="README-IT.md">Italiano</a>] | [<a href="README-RU.md">Русский</a>] | [<a href="README-EO.md">Esperanto</a>] | [<a href="README-KR.md">한국어</a>] | [<a href="README-AR.md">العربي</a>] | [<a href="README-VN.md">Tiếng Việt</a>] | [<a href="README-GR.md">Ελληνικά</a>]<br>
-  <b>Precisamos de sua ajuda para traduzir este README e a <a href="https://github.com/rustdesk/rustdesk/tree/master/src/lang">UI do RustDesk</a> para sua língua nativa</b>
+  <a href="#capturas-de-tela">Capturas de Tela</a><br>
+  [<a href="../README.md">Inglês</a>] | [<a href="docs/README-UA.md">Ucraniano</a>] | [<a href="docs/README-CS.md">Tcheco</a>] | [<a href="docs/README-ZH.md">Chinês</a>] | [<a href="docs/README-HU.md">Húngaro</a>] | [<a href="docs/README-ES.md">Espanhol</a>] | [<a href="docs/README-FA.md">Persa</a>] | [<a href="docs/README-FR.md">Francês</a>] | [<a href="docs/README-DE.md">Alemão</a>] | [<a href="docs/README-PL.md">Polonês</a>] | [<a href="docs/README-ID.md">Indonésio</a>] | [<a href="docs/README-FI.md">Finlandês</a>] | [<a href="docs/README-ML.md">Malaiala</a>] | [<a href="docs/README-JP.md">Japonês</a>] | [<a href="docs/README-NL.md">Holandês</a>] | [<a href="docs/README-IT.md">Italiano</a>] | [<a href="docs/README-RU.md">Russo</a>] | [<a href="docs/README-EO.md">Esperanto</a>] | [<a href="docs/README-KR.md">Coreano</a>] | [<a href="docs/README-AR.md">Árabe</a>] | [<a href="docs/README-VN.md">Vietnamita</a>] | [<a href="docs/README-DA.md">Dinamarquês</a>] | [<a href="docs/README-GR.md">Grego</a>] | [<a href="docs/README-TR.md">Turco</a>] | [<a href="docs/README-NO.md">Norueguês</a>] | [<a href="docs/README-RO.md">Romeno</a>]<br>
+  <b>Precisamos da sua ajuda para traduzir este README, a <a href="https://github.com/rustdesk/rustdesk/tree/master/src/lang">Interface do RustDesk</a> e a <a href="https://github.com/rustdesk/doc.rustdesk.com">Documentação do RustDesk</a> para o seu idioma nativo</b>
 </p>

+> [!Caution]
+> **Aviso de Isenção de Responsabilidade por Uso Indevido:** <br>
+> Os desenvolvedores do RustDesk não toleram ou apoiam qualquer uso antiético ou ilegal deste software. O uso indevido, como acesso não autorizado, controle ou invasão de privacidade, viola estritamente nossas diretrizes. Os autores não são responsáveis por qualquer uso indevido do aplicativo.
+
+
 Converse conosco: [Discord](https://discord.gg/nDceKgxnkV) | [Twitter](https://twitter.com/rustdesk) | [Reddit](https://www.reddit.com/r/rustdesk) | [YouTube](https://www.youtube.com/@rustdesk)

-[![RustDesk Server Pro](https://img.shields.io/badge/RustDesk%20Server%20Pro-Recursos%20Avan%C3%A7ados-blue)](https://rustdesk.com/pricing.html)
+[![RustDesk Server Pro](https://img.shields.io/badge/RustDesk%20Server%20Pro-Advanced%20Features-blue)](https://rustdesk.com/pricing.html)

-Mais um software de desktop remoto, escrito em Rust. Funciona por padrão, sem necessidade de configuração. Você tem completo controle de seus dados, sem se preocupar com segurança. Você pode usar nossos servidores de rendezvous/relay, [configurar seu próprio](https://rustdesk.com/server), ou [escrever seu próprio servidor de rendezvous/relay](https://github.com/rustdesk/rustdesk-server-demo).
+Mais uma solução de desktop remoto, escrita em Rust. Funciona imediatamente, sem necessidade de configuração. Você tem controle total dos seus dados, sem preocupações com segurança. Você pode usar nosso servidor de conexão/retransmissão (rendezvous/relay), [configurar o seu próprio](https://rustdesk.com/server) ou [escrever seu próprio servidor de conexão/retransmissão](https://github.com/rustdesk/rustdesk-server-demo).

-RustDesk acolhe contribuições de todos. Leia [`docs/CONTRIBUTING.md`](CONTRIBUTING.md) para ver como começar.
+![image](https://user-images.githubusercontent.com/71636191/171661982-430285f0-2e12-4b1d-9957-4a58e375304d.png)

-[**DOWNLOAD DE BINÁRIOS**](https://github.com/rustdesk/rustdesk/releases)
+O RustDesk acolhe a contribuição de todos. Veja [CONTRIBUTING.md](docs/CONTRIBUTING.md) para ajuda em como começar.
+
+[**Perguntas Frequentes (FAQ)**](https://github.com/rustdesk/rustdesk/wiki/FAQ)
+
+[**DOWNLOAD DOS BINÁRIOS**](https://github.com/rustdesk/rustdesk/releases)
+
+[**VERSÕES NIGHTLY (EM DESENVOLVIMENTO)**](https://github.com/rustdesk/rustdesk/releases/tag/nightly)
+
+[<img src="https://f-droid.org/badge/get-it-on.png"
+    alt="Baixe no F-Droid"
+    height="80">](https://f-droid.org/en/packages/com.carriez.flutter_hbb)
+[<img src="https://flathub.org/api/badge?svg&locale=en"
+    alt="Baixe no Flathub"
+    height="80">](https://flathub.org/apps/com.rustdesk.RustDesk)

 ## Dependências

-Versões de desktop utilizam [sciter](https://sciter.com/) para a GUI, por favor baixe a biblioteca dinâmica sciter por conta própria.
+As versões de desktop usam Flutter ou Sciter (descontinuado) para a interface gráfica (GUI). Este tutorial é apenas para o Sciter, por ser mais fácil e amigável para começar. Verifique nosso [CI](https://github.com/rustdesk/rustdesk/blob/master/.github/workflows/flutter-build.yml) para instruções de compilação da versão em Flutter.
+
+Por favor, faça o download da biblioteca dinâmica do Sciter por conta própria.

 [Windows](https://raw.githubusercontent.com/c-smile/sciter-sdk/master/bin.win/x64/sciter.dll) |
 [Linux](https://raw.githubusercontent.com/c-smile/sciter-sdk/master/bin.lnx/x64/libsciter-gtk.so) |
-[MacOS](https://raw.githubusercontent.com/c-smile/sciter-sdk/master/bin.osx/libsciter.dylib)
+[macOS](https://raw.githubusercontent.com/c-smile/sciter-sdk/master/bin.osx/libsciter.dylib)

-## Compilação crua
+## Passos básicos para compilar

- Prepare seu ambiente de desenvolvimento Rust e ambiente de compilação C++
+- Prepare seu ambiente de desenvolvimento Rust e o ambiente de compilação C++

- Instale [vcpkg](https://github.com/microsoft/vcpkg), e configure a variável de ambiente `VCPKG_ROOT` corretamente
+- Instale o [vcpkg](https://github.com/microsoft/vcpkg) e configure a variável de ambiente `VCPKG_ROOT` corretamente

-  - Windows: vcpkg install libvpx:x64-windows-static libyuv:x64-windows-static opus:x64-windows-static aom:x64-windows-static
-  - Linux/MacOS: vcpkg install libvpx libyuv opus aom
+  - Windows: `vcpkg install libvpx:x64-windows-static libyuv:x64-windows-static opus:x64-windows-static aom:x64-windows-static`
+  - Linux/macOS: `vcpkg install libvpx libyuv opus aom`

 - Execute `cargo run`

-## Como compilar no Linux
+## [Compilar](https://rustdesk.com/docs/en/dev/build/)
+
+## Como Compilar no Linux

 ### Ubuntu 18 (Debian 10)

 ```sh
-sudo apt install -y g++ gcc git curl wget nasm yasm libgtk-3-dev clang libxcb-randr0-dev libxdo-dev libxfixes-dev libxcb-shape0-dev libxcb-xfixes0-dev libasound2-dev libpulse-dev cmake
+sudo apt install -y zip g++ gcc git curl wget nasm yasm libgtk-3-dev clang libxcb-randr0-dev libxdo-dev         libxfixes-dev libxcb-shape0-dev libxcb-xfixes0-dev libasound2-dev libpulse-dev cmake make         libclang-dev ninja-build libgstreamer1.0-dev libgstreamer-plugins-base1.0-dev libpam0g-dev
+```
+
+### openSUSE Tumbleweed
+
+```sh
+sudo zypper install gcc-c++ git curl wget nasm yasm gcc gtk3-devel clang libxcb-devel libXfixes-devel cmake alsa-lib-devel gstreamer-devel gstreamer-plugins-base-devel xdotool-devel pam-devel
 ```

 ### Fedora 28 (CentOS 8)

 ```sh
-sudo yum -y install gcc-c++ git curl wget nasm yasm gcc gtk3-devel clang libxcb-devel libxdo-devel libXfixes-devel pulseaudio-libs-devel cmake alsa-lib-devel
+sudo yum -y install gcc-c++ git curl wget nasm yasm gcc gtk3-devel clang libxcb-devel libxdo-devel libXfixes-devel pulseaudio-libs-devel cmake alsa-lib-devel gstreamer1-devel gstreamer1-plugins-base-devel pam-devel
 ```

 ### Arch (Manjaro)
@@ -58,7 +85,7 @@ sudo yum -y install gcc-c++ git curl wget nasm yasm gcc gtk3-devel clang libxcb-
 sudo pacman -Syu --needed unzip git cmake gcc curl wget yasm nasm zip make pkg-config clang gtk3 xdotool libxcb libxfixes alsa-lib pipewire
 ```

-### Instale vcpkg
+### Instalar o vcpkg

 ```sh
 git clone https://github.com/microsoft/vcpkg
@@ -70,7 +97,7 @@ export VCPKG_ROOT=$HOME/vcpkg
 vcpkg/vcpkg install libvpx libyuv opus aom
 ```

-### Conserte libvpx (Para o Fedora)
+### Corrigir o libvpx (Para Fedora)

 ```sh
 cd vcpkg/buildtrees/libvpx/src
@@ -83,12 +110,12 @@ cp libvpx.a $HOME/vcpkg/installed/x64-linux/lib/
 cd
 ```

-### Compile
+### Compilar

 ```sh
 curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh
 source $HOME/.cargo/env
-git clone https://github.com/rustdesk/rustdesk
+git clone --recurse-submodules https://github.com/rustdesk/rustdesk
 cd rustdesk
 mkdir -p target/debug
 wget https://raw.githubusercontent.com/c-smile/sciter-sdk/master/bin.lnx/x64/libsciter-gtk.so
@@ -96,57 +123,57 @@ mv libsciter-gtk.so target/debug
 VCPKG_ROOT=$HOME/vcpkg cargo run
 ```

-## Como compilar com Docker
+## Como compilar com o Docker

-Comece clonando o repositório e montando o container docker:
+Comece clonando o repositório e construindo o contêiner Docker:

 ```sh
 git clone https://github.com/rustdesk/rustdesk
 cd rustdesk
+git submodule update --init --recursive
 docker build -t "rustdesk-builder" .
 ```

-Então, sempre que precisar compilar a aplicação, execute este comando:
+Depois, cada vez que precisar compilar o aplicativo, execute o seguinte comando:

 ```sh
 docker run --rm -it -v $PWD:/home/user/rustdesk -v rustdesk-git-cache:/home/user/.cargo/git -v rustdesk-registry-cache:/home/user/.cargo/registry -e PUID="$(id -u)" -e PGID="$(id -g)" rustdesk-builder
 ```

-Note que a primeira compilação pode demorar mais antes que as dependências sejam armazenadas em cache, as compilações subsequentes serão mais rápidas. Adicionalmente, se você precisar especificar argumentos diferentes para o comando de compilação, você pode fazê-lo ao final do comando na posição do `<OPTIONAL-ARGS>`. Por exemplo, se você gostaria de compilar uma versão de release otimizada, você executaria o comando acima seguido de `--release`. O executável gerado estará disponível no diretório alvo no seu sistema, e pode ser executado com:
+Note que a primeira compilação pode demorar mais até que as dependências sejam armazenadas em cache; as compilações subsequentes serão mais rápidas. Além disso, se você precisar especificar argumentos diferentes para o comando de compilação, poderá fazê-lo ao final do comando na posição `<ARGUMENTOS-OPCIONAIS>`. Por exemplo, se você quiser compilar uma versão de lançamento (release) otimizada, executaria o comando acima seguido de `--release`. O executável resultante estará disponível na pasta `target` do seu sistema e pode ser executado com:

 ```sh
 target/debug/rustdesk
 ```

-Ou, se estiver rodando um executável de release:
+Ou, se estiver executando o executável de lançamento:

 ```sh
 target/release/rustdesk
 ```

-Por favor verifique que está executando estes comandos da raiz do repositório do RustDesk, senão a aplicação pode não encontrar os recursos necessários. Note também que outros subcomandos do cargo como `install` ou `run` não são suportados atualmente via este método, já que eles iriam instalar ou rodar o programa dentro do container ao invés do host.
+Certifique-se de executar esses comandos a partir da raiz do repositório do RustDesk, do contrário o aplicativo pode não encontrar os recursos necessários. Note também que outros subcomandos do cargo, como `install` ou `run`, não são suportados atualmente por este método, pois instalariam ou executariam o programa dentro do contêiner em vez de no sistema hospedeiro.

-## Estrutura de arquivos
+## Estrutura de Arquivos

- **[libs/hbb_common](https://github.com/rustdesk/rustdesk/tree/master/libs/hbb_common)**: codec de vídeo, configurações, wrapper de tcp/udp, protobuf, funções de sistema de arquivos para transferência de arquivos, e outras funções utilitárias
- **[libs/scrap](https://github.com/rustdesk/rustdesk/tree/master/libs/scrap)**: captura de tela
- **[libs/enigo](https://github.com/rustdesk/rustdesk/tree/master/libs/enigo)**: controle de teclado/mouse específico a cada plataforma
- **[src/ui](https://github.com/rustdesk/rustdesk/tree/master/src/ui)**: GUI
- **[src/server](https://github.com/rustdesk/rustdesk/tree/master/src/server)**: serviços de áudio/área de transferência/entrada/vídeo, e conexões de rede
- **[src/client.rs](https://github.com/rustdesk/rustdesk/tree/master/src/client.rs)**: iniciar uma conexão "peer to peer"
- **[src/rendezvous_mediator.rs](https://github.com/rustdesk/rustdesk/tree/master/src/rendezvous_mediator.rs)**: Comunicação com [rustdesk-server](https://github.com/rustdesk/rustdesk-server), aguardar pela conexão remota direta (TCP hole punching) ou conexão indireta (relayed)
- **[src/platform](https://github.com/rustdesk/rustdesk/tree/master/src/platform)**: código específico a cada plataforma
+- **[libs/hbb_common](https://github.com/rustdesk/rustdesk/tree/master/libs/hbb_common)**: codec de vídeo, configuração, encapsulador (wrapper) tcp/udp, protobuf, funções de sistema de arquivos para transferência de arquivos e algumas outras funções utilitárias.
+- **[libs/scrap](https://github.com/rustdesk/rustdesk/tree/master/libs/scrap)**: captura de tela.
+- **[libs/enigo](https://github.com/rustdesk/rustdesk/tree/master/libs/enigo)**: controle de teclado/mouse específico de cada plataforma.
+- **[libs/clipboard](https://github.com/rustdesk/rustdesk/tree/master/libs/clipboard)**: implementação de copiar e colar arquivos para Windows, Linux e macOS.
+- **[src/ui](https://github.com/rustdesk/rustdesk/tree/master/src/ui)**: interface Sciter antiga (descontinuada).
+- **[src/server](https://github.com/rustdesk/rustdesk/tree/master/src/server)**: serviços de áudio/área de transferência/entrada/vídeo e conexões de rede.
+- **[src/client.rs](https://github.com/rustdesk/rustdesk/tree/master/src/client.rs)**: inicia uma conexão direta (peer connection).
+- **[src/rendezvous_mediator.rs](https://github.com/rustdesk/rustdesk/tree/master/src/rendezvous_mediator.rs)**: Comunica-se com o [rustdesk-server](https://github.com/rustdesk/rustdesk-server), aguarda por conexão remota direta (perfuração de túnel TCP / hole punching) ou retransmitida.
+- **[src/platform](https://github.com/rustdesk/rustdesk/tree/master/src/platform)**: código específico de cada plataforma.
+- **[flutter](https://github.com/rustdesk/rustdesk/tree/master/flutter)**: código Flutter para desktop e dispositivos móveis.
+- **[flutter/web/js](https://github.com/rustdesk/rustdesk/tree/master/flutter/web/v1/js)**: JavaScript para o cliente web do Flutter.

-> [!Cuidadob]
-> **Aviso de uso indevido:** <br>
-> Os desenvolvedores do RustDesk não aprovam nem apoiam qualquer uso antiético ou ilegal deste software. O uso indevido, como acesso não autorizado, controle ou invasão de privacidade, é estritamente contra nossas diretrizes. Os autores não são responsáveis por qualquer uso indevido da aplicação.
+## Capturas de Tela

-## Screenshots
+![Gerenciador de Conexões](https://github.com/rustdesk/rustdesk/assets/28412477/db82d4e7-c4bc-4823-8e6f-6af7eadf7651)

-![image](https://user-images.githubusercontent.com/71636191/113112362-ae4deb80-923b-11eb-957d-ff88daad4f06.png)
+![Conectado a um PC Windows](https://github.com/rustdesk/rustdesk/assets/28412477/9baa91e9-3362-4d06-aa1a-7518edcbd7ea)

-![image](https://user-images.githubusercontent.com/71636191/113112619-f705a480-923b-11eb-911d-97e984ef52b6.png)
+![Transferência de Arquivos](https://github.com/rustdesk/rustdesk/assets/28412477/39511ad3-aa9a-4f8c-8947-1cce286a46ad)

-![image](https://user-images.githubusercontent.com/71636191/113112857-3fbd5d80-923c-11eb-9836-768325faf906.png)
-
-![image](https://user-images.githubusercontent.com/71636191/135385039-38fdbd72-379a-422d-b97f-33df71fb1cec.png)
+![Tunelamento TCP](https://github.com/rustdesk/rustdesk/assets/28412477/78e8708f-e87e-4570-8373-1360033ea6c5)
--- a/entrypoint.sh
+++ b/entrypoint.sh
@@ -33,4 +33,4 @@ if [ -z $release ]; then
 fi
 set -f
 #shellcheck disable=2086
-VCPKG_ROOT=/vcpkg cargo build $argv
+VCPKG_ROOT=/vcpkg cargo build --locked $argv
--- a/flutter/assets/auth-azure.svg
+++ b/flutter/assets/auth-azure.svg
@@ -1 +0,0 @@
-<svg xmlns="http://www.w3.org/2000/svg" width="256" height="199"><path fill="#0089d6" d="M118.432 187.698c32.89-5.81 60.055-10.618 60.367-10.684l.568-.12-31.052-36.935c-17.078-20.314-31.051-37.014-31.051-37.11 0-.182 32.063-88.477 32.243-88.792.06-.105 21.88 37.567 52.893 91.32 29.035 50.323 52.973 91.815 53.195 92.203l.405.707-98.684-.012-98.684-.013 59.8-10.564zM0 176.435c0-.052 14.631-25.451 32.514-56.442l32.514-56.347 37.891-31.799C123.76 14.358 140.867.027 140.935.001c.069-.026-.205.664-.609 1.534s-18.919 40.582-41.145 88.25l-40.41 86.67-29.386.037c-16.162.02-29.385-.005-29.385-.057z"/></svg>
--- a/flutter/assets/display_switcher.svg
+++ b/flutter/assets/display_switcher.svg
@@ -0,0 +1,7 @@
+<svg xmlns="http://www.w3.org/2000/svg" width="32" height="32" viewBox="0 0 32 32">
+  <g fill="#000000" fill-rule="evenodd">
+    <rect x="4" y="6" width="24" height="16" rx="3"/>
+    <rect x="14.5" y="22" width="3" height="2"/>
+    <rect x="9.5" y="24" width="13" height="2.5" rx="1.25"/>
+  </g>
+</svg>
--- a/flutter/build_fdroid.sh
+++ b/flutter/build_fdroid.sh
@@ -460,6 +460,7 @@ build)
 		--target "${RUST_TARGET}" \
 		--bindgen \
 		build \
+		--locked \
 		--release \
 		--features "${RUSTDESK_FEATURES}"

--- a/flutter/ios_arm64.sh
+++ b/flutter/ios_arm64.sh
@@ -1,2 +1,2 @@
 #!/usr/bin/env bash
-cargo build --features flutter,hwcodec --release --target aarch64-apple-ios --lib
+cargo build --locked --features flutter,hwcodec --release --target aarch64-apple-ios --lib
--- a/flutter/ios_x64.sh
+++ b/flutter/ios_x64.sh
@@ -1,2 +1,2 @@
 #!/usr/bin/env bash
-cargo build --features flutter --release --target x86_64-apple-ios --lib
+cargo build --locked --features flutter --release --target x86_64-apple-ios --lib
--- a/flutter/lib/common.dart
+++ b/flutter/lib/common.dart
@@ -598,6 +598,22 @@ class MyTheme {
    }
  }

+  /// Applies [fallbacks] as fontFamilyFallback to every text style in both
+  /// themes. Called once at startup on ARM64 Linux after a CJK font has been
+  /// loaded via FontLoader (see flutter/flutter#139293).
+  static void applyFontFallback(List<String> fallbacks) {
+    lightTheme = lightTheme.copyWith(
+      textTheme: lightTheme.textTheme.apply(fontFamilyFallback: fallbacks),
+      primaryTextTheme:
+          lightTheme.primaryTextTheme.apply(fontFamilyFallback: fallbacks),
+    );
+    darkTheme = darkTheme.copyWith(
+      textTheme: darkTheme.textTheme.apply(fontFamilyFallback: fallbacks),
+      primaryTextTheme:
+          darkTheme.primaryTextTheme.apply(fontFamilyFallback: fallbacks),
+    );
+  }
+
  static ThemeMode currentThemeMode() {
    final preference = getThemeModePreference();
    if (preference == ThemeMode.system) {
@@ -716,6 +732,17 @@ closeConnection({String? id}) {
      stateGlobal.isInMainPage = true;
    } else {
      final controller = Get.find<DesktopTabController>();
+      if (controller.tabType == DesktopTabType.terminal &&
+          controller.onCloseWindow != null) {
+        // Terminal windows are scoped to one peer. The optional id passed to
+        // closeConnection() is that peer id, not a terminal tab key
+        // (${peerId}_${terminalId}). Closing from terminal dialogs should close
+        // the peer's whole terminal window, including all terminal tabs.
+        unawaited(controller.onCloseWindow!().catchError((e, _) {
+          debugPrint('[closeConnection] Failed to close terminal window: $e');
+        }));
+        return;
+      }
      controller.closeBy(id);
    }
  }
@@ -3702,14 +3729,54 @@ Widget loadPowered(BuildContext context) {
  ).marginOnly(top: 6);
 }

-// max 300 x 60
-Widget loadLogo() {
-  return FutureBuilder<ByteData>(
-      future: rootBundle.load('assets/logo.png'),
-      builder: (BuildContext context, AsyncSnapshot<ByteData> snapshot) {
-        if (snapshot.hasData) {
+const _kDefaultLogoAsset = 'assets/logo.png';
+const _kLightLogoAsset = 'assets/logo_light.png';
+const _kDarkLogoAsset = 'assets/logo_dark.png';
+
+List<String> _logoAssetCandidatesForBrightness(Brightness brightness) {
+  return brightness == Brightness.dark
+      ? [_kDarkLogoAsset, _kDefaultLogoAsset]
+      : [_kLightLogoAsset, _kDefaultLogoAsset];
+}
+
+Future<String?> _resolveLogoAsset(Brightness brightness) async {
+  for (final asset in _logoAssetCandidatesForBrightness(brightness)) {
+    try {
+      await rootBundle.load(asset);
+      return asset;
+    } on FlutterError {
+      continue;
+    }
+  }
+  return null;
+}
+
+class _Logo extends StatefulWidget {
+  const _Logo();
+
+  @override
+  State<_Logo> createState() => _LogoState();
+}
+
+class _LogoState extends State<_Logo> {
+  final Map<Brightness, Future<String?>> _logoFutures = {};
+
+  Future<String?> _logoFutureFor(Brightness brightness) {
+    return _logoFutures.putIfAbsent(
+      brightness,
+      () => _resolveLogoAsset(brightness),
+    );
+  }
+
+  @override
+  Widget build(BuildContext context) {
+    return FutureBuilder<String?>(
+      future: _logoFutureFor(Theme.of(context).brightness),
+      builder: (BuildContext context, AsyncSnapshot<String?> snapshot) {
+        final asset = snapshot.data;
+        if (asset != null) {
          final image = Image.asset(
-            'assets/logo.png',
+            asset,
            fit: BoxFit.contain,
            errorBuilder: (ctx, error, stackTrace) {
              return Container();
@@ -3721,9 +3788,14 @@ Widget loadLogo() {
          ).marginOnly(left: 12, right: 12, top: 12);
        }
        return const Offstage();
-      });
+      },
+    );
+  }
 }

+// max 300 x 60
+Widget loadLogo() => const _Logo();
+
 Widget loadIcon(double size) {
  return Image.asset('assets/icon.png',
      width: size,
@@ -4179,8 +4251,7 @@ Widget? buildAvatarWidget({
      width: size,
      height: size,
      fit: BoxFit.cover,
-      errorBuilder: (_, __, ___) =>
-          fallback ?? SizedBox.shrink(),
+      errorBuilder: (_, __, ___) => fallback ?? SizedBox.shrink(),
    ),
  );
 }
--- a/flutter/lib/common/widgets/autocomplete.dart
+++ b/flutter/lib/common/widgets/autocomplete.dart
@@ -1,3 +1,6 @@
+import 'dart:async';
+
+import 'package:flutter/foundation.dart';
 import 'package:flutter/material.dart';
 import 'package:flutter_hbb/common/formatter/id_formatter.dart';
 import '../../../models/platform_model.dart';
@@ -5,27 +8,136 @@ import 'package:flutter_hbb/models/peer_model.dart';
 import 'package:flutter_hbb/common.dart';
 import 'package:flutter_hbb/common/widgets/peer_card.dart';

+@visibleForTesting
+List<Peer> mergeAutocompletePeers({
+  Iterable<Peer> addressBookPeers = const [],
+  Iterable<Peer> groupPeers = const [],
+  Iterable<Peer> lanPeers = const [],
+  Iterable<Peer> recentPeers = const [],
+  Iterable<String> restRecentPeerIds = const [],
+}) {
+  final combinedPeers = <String, Peer>{};
+
+  void addPeer(Peer peer) {
+    if (peer.id.isEmpty) {
+      return;
+    }
+    final existingPeer = combinedPeers[peer.id];
+    if (existingPeer == null) {
+      combinedPeers[peer.id] = Peer.copy(peer);
+    } else if (peer.online) {
+      existingPeer.online = true;
+    }
+  }
+
+  for (final peer in addressBookPeers) {
+    addPeer(peer);
+  }
+  for (final peer in groupPeers) {
+    addPeer(peer);
+  }
+  for (final peer in lanPeers) {
+    addPeer(peer);
+  }
+  for (final peer in recentPeers) {
+    addPeer(peer);
+  }
+  for (final id in restRecentPeerIds) {
+    if (id.isNotEmpty && !combinedPeers.containsKey(id)) {
+      combinedPeers[id] = Peer.fromJson({'id': id});
+    }
+  }
+
+  return combinedPeers.values.toList(growable: false);
+}
+
+@visibleForTesting
+bool updateAutocompletePeerOnlineStates(
+  List<Peer> peers, {
+  required Set<String> onlines,
+  required Set<String> offlines,
+}) {
+  var changed = false;
+  for (final peer in peers) {
+    if (onlines.contains(peer.id)) {
+      if (!peer.online) {
+        peer.online = true;
+        changed = true;
+      }
+    } else if (offlines.contains(peer.id)) {
+      if (peer.online) {
+        peer.online = false;
+        changed = true;
+      }
+    }
+  }
+  return changed;
+}
+
+@visibleForTesting
+List<String> autocompleteOnlineQueryIds(
+  Iterable<Peer> options, {
+  required int limit,
+}) {
+  final ids = <String>[];
+  final seenIds = <String>{};
+  for (final peer in options) {
+    if (peer.id.isEmpty || seenIds.contains(peer.id)) {
+      continue;
+    }
+    seenIds.add(peer.id);
+    ids.add(peer.id);
+    if (ids.length >= limit) {
+      break;
+    }
+  }
+  return ids;
+}
+
 class AllPeersLoader {
  List<Peer> peers = [];

  bool _isPeersLoading = false;
  bool _isPeersLoaded = false;
+  Set<String> _lastQueryOnlineIds = {};
+  DateTime _lastQueryOnlineTime = DateTime.fromMillisecondsSinceEpoch(0);
+  Timer? _queryOnlineTimer;
+  List<Peer> _lastQueryOnlineOptions = const [];
+  Set<String> _lastOnlineIds = {};
+  Set<String> _lastOfflineIds = {};
+  final Future<void> Function(List<String> ids) _queryOnlines;
+  final Duration _queryOnlineDebounce;
+  void Function(VoidCallback)? _setState;
+  bool _isCleared = false;

  final String _listenerKey = 'AllPeersLoader';
-
-  late void Function(VoidCallback) setState;
+  static const String _cbQueryOnlines = 'callback_query_onlines';
+  static const Duration _queryOnlineInterval = Duration(seconds: 5);
+  static const Duration _defaultQueryOnlineDebounce =
+      Duration(milliseconds: 300);
+  static const int _maxQueryOnlineOptions = 20;

  bool get needLoad => !_isPeersLoaded && !_isPeersLoading;
  bool get isPeersLoaded => _isPeersLoaded;

-  AllPeersLoader();
+  AllPeersLoader({
+    @visibleForTesting Future<void> Function(List<String> ids)? queryOnlines,
+    @visibleForTesting Duration? queryOnlineDebounce,
+  })  : _queryOnlines = queryOnlines ?? ((ids) => bind.queryOnlines(ids: ids)),
+        _queryOnlineDebounce =
+            queryOnlineDebounce ?? _defaultQueryOnlineDebounce;

  void init(void Function(VoidCallback) setState) {
-    this.setState = setState;
+    _setState = setState;
+    _isCleared = false;
    gFFI.recentPeersModel.addListener(_mergeAllPeers);
    gFFI.lanPeersModel.addListener(_mergeAllPeers);
    gFFI.abModel.addPeerUpdateListener(_listenerKey, _mergeAllPeers);
    gFFI.groupModel.addPeerUpdateListener(_listenerKey, _mergeAllPeers);
+    platformFFI.registerEventHandler(_cbQueryOnlines, _listenerKey,
+        (evt) async {
+      _updateOnlineState(evt);
+    });
  }

  void clear() {
@@ -33,6 +145,11 @@ class AllPeersLoader {
    gFFI.lanPeersModel.removeListener(_mergeAllPeers);
    gFFI.abModel.removePeerUpdateListener(_listenerKey);
    gFFI.groupModel.removePeerUpdateListener(_listenerKey);
+    platformFFI.unregisterEventHandler(_cbQueryOnlines, _listenerKey);
+    _queryOnlineTimer?.cancel();
+    _lastQueryOnlineOptions = const [];
+    _setState = null;
+    _isCleared = true;
  }

  Future<void> getAllPeers() async {
@@ -59,50 +176,106 @@ class AllPeersLoader {
  }

  void _mergeAllPeers() {
-    Map<String, dynamic> combinedPeers = {};
-    for (var p in gFFI.abModel.allPeers()) {
-      if (!combinedPeers.containsKey(p.id)) {
-        combinedPeers[p.id] = p.toJson();
-      }
+    if (_isCleared) {
+      return;
    }
-    for (var p in gFFI.groupModel.peers.map((e) => Peer.copy(e)).toList()) {
-      if (!combinedPeers.containsKey(p.id)) {
-        combinedPeers[p.id] = p.toJson();
-      }
-    }
-
-    List<Peer> parsedPeers = [];
-    for (var peer in combinedPeers.values) {
-      parsedPeers.add(Peer.fromJson(peer));
-    }
-
-    Set<String> peerIds = combinedPeers.keys.toSet();
-    for (final peer in gFFI.lanPeersModel.peers) {
-      if (!peerIds.contains(peer.id)) {
-        parsedPeers.add(peer);
-        peerIds.add(peer.id);
-      }
-    }
-
-    for (final peer in gFFI.recentPeersModel.peers) {
-      if (!peerIds.contains(peer.id)) {
-        parsedPeers.add(peer);
-        peerIds.add(peer.id);
-      }
-    }
-    for (final id in gFFI.recentPeersModel.restPeerIds) {
-      if (!peerIds.contains(id)) {
-        parsedPeers.add(Peer.fromJson({'id': id}));
-        peerIds.add(id);
-      }
-    }
-
-    peers = parsedPeers;
-    setState(() {
+    peers = mergeAutocompletePeers(
+      addressBookPeers: gFFI.abModel.allPeers(),
+      groupPeers: gFFI.groupModel.peers,
+      lanPeers: gFFI.lanPeersModel.peers,
+      recentPeers: gFFI.recentPeersModel.peers,
+      restRecentPeerIds: gFFI.recentPeersModel.restPeerIds,
+    );
+    _applyLastOnlineState(peers);
+    _scheduleSetState(() {
      _isPeersLoading = false;
      _isPeersLoaded = true;
    });
  }
+
+  void _updateOnlineState(Map<String, dynamic> evt) {
+    if (_isCleared) {
+      return;
+    }
+    _lastOnlineIds = _splitPeerIds(evt['onlines']);
+    _lastOfflineIds = _splitPeerIds(evt['offlines']);
+    final peersChanged = _applyLastOnlineState(peers);
+    final optionsChanged = _applyLastOnlineState(_lastQueryOnlineOptions);
+    if (peersChanged || optionsChanged) {
+      _scheduleSetState(() {});
+    }
+  }
+
+  void _scheduleSetState(VoidCallback callback) {
+    if (_isCleared) {
+      return;
+    }
+    final setState = _setState;
+    if (setState == null) {
+      callback();
+    } else {
+      setState(callback);
+    }
+  }
+
+  bool _applyLastOnlineState(List<Peer> peers) {
+    return updateAutocompletePeerOnlineStates(
+      peers,
+      onlines: _lastOnlineIds,
+      offlines: _lastOfflineIds,
+    );
+  }
+
+  Set<String> _splitPeerIds(dynamic ids) {
+    if (ids is! String || ids.isEmpty) {
+      return {};
+    }
+    return ids.split(',').where((id) => id.isNotEmpty).toSet();
+  }
+
+  void queryOnlines(Iterable<Peer> options) {
+    if (_isCleared) {
+      return;
+    }
+    _lastQueryOnlineOptions = options.toList(growable: false);
+    final ids = autocompleteOnlineQueryIds(
+      _lastQueryOnlineOptions,
+      limit: _maxQueryOnlineOptions,
+    ).toSet();
+    _queryOnlineTimer?.cancel();
+    _queryOnlineTimer = null;
+    if (ids.isEmpty) {
+      return;
+    }
+    final now = DateTime.now();
+    if (setEquals(ids, _lastQueryOnlineIds) &&
+        now.difference(_lastQueryOnlineTime) < _queryOnlineInterval) {
+      return;
+    }
+
+    _queryOnlineTimer = Timer(_queryOnlineDebounce, () async {
+      try {
+        await _queryOnlines(ids.toList(growable: false));
+        if (_isCleared) {
+          return;
+        }
+        _lastQueryOnlineIds = ids;
+        _lastQueryOnlineTime = DateTime.now();
+      } catch (e) {
+        debugPrint('query autocomplete online state failed: $e');
+      }
+    });
+  }
+
+  @visibleForTesting
+  void updateOnlineStateForTesting(Map<String, dynamic> evt) {
+    _updateOnlineState(evt);
+  }
+
+  @visibleForTesting
+  bool applyLastOnlineStateForTesting(List<Peer> peers) {
+    return _applyLastOnlineState(peers);
+  }
 }

 class AutocompletePeerTile extends StatefulWidget {
--- a/flutter/lib/common/widgets/login.dart
+++ b/flutter/lib/common/widgets/login.dart
@@ -24,6 +24,35 @@ const kOpSvgList = [
  'microsoft'
 ];

+class _OidcProviderBranding {
+  final String label;
+  final String iconKey;
+
+  const _OidcProviderBranding({
+    required this.label,
+    required this.iconKey,
+  });
+}
+
+_OidcProviderBranding _oidcProviderBranding(String op) {
+  switch (op.toLowerCase()) {
+    case 'azure':
+      return _OidcProviderBranding(
+        label: 'Microsoft',
+        iconKey: 'microsoft',
+      );
+    default:
+      return _OidcProviderBranding(
+        label: {
+              'github': 'GitHub',
+              'gitlab': 'GitLab',
+            }[op.toLowerCase()] ??
+            toCapitalized(op),
+        iconKey: op.toLowerCase(),
+      );
+  }
+}
+
 class _IconOP extends StatelessWidget {
  final String op;
  final String? icon;
@@ -74,11 +103,8 @@ class ButtonOP extends StatelessWidget {

  @override
  Widget build(BuildContext context) {
-    final opLabel = {
-          'github': 'GitHub',
-          'gitlab': 'GitLab'
-        }[op.toLowerCase()] ??
-        toCapitalized(op);
+    final branding = _oidcProviderBranding(op);
+    final buttonLabel = translate("Continue with {${branding.label}}");
    return Row(children: [
      Container(
        height: height,
@@ -95,7 +121,7 @@ class ButtonOP extends StatelessWidget {
                SizedBox(
                  width: 30,
                  child: _IconOP(
-                    op: op,
+                    op: branding.iconKey,
                    icon: icon,
                    margin: EdgeInsets.only(right: 5),
                  ),
@@ -103,8 +129,7 @@ class ButtonOP extends StatelessWidget {
                Expanded(
                  child: FittedBox(
                    fit: BoxFit.scaleDown,
-                    child: Center(
-                        child: Text(translate("Continue with {$opLabel}"))),
+                    child: Center(child: Text(buttonLabel)),
                  ),
                ),
              ],
--- a/flutter/lib/common/widgets/remote_input.dart
+++ b/flutter/lib/common/widgets/remote_input.dart
@@ -532,9 +532,7 @@ class _RawTouchGestureDetectorRegionState
      // Official
      TapGestureRecognizer:
          GestureRecognizerFactoryWithHandlers<TapGestureRecognizer>(
-              () => TapGestureRecognizer(
-                    supportedDevices: kTouchBasedDeviceKinds,
-                  ), (instance) {
+              () => TapGestureRecognizer(), (instance) {
        instance
          ..onTapDown = onTapDown
          ..onTapUp = onTapUp
@@ -542,18 +540,14 @@ class _RawTouchGestureDetectorRegionState
      }),
      DoubleTapGestureRecognizer:
          GestureRecognizerFactoryWithHandlers<DoubleTapGestureRecognizer>(
-              () => DoubleTapGestureRecognizer(
-                    supportedDevices: kTouchBasedDeviceKinds,
-                  ), (instance) {
+              () => DoubleTapGestureRecognizer(), (instance) {
        instance
          ..onDoubleTapDown = onDoubleTapDown
          ..onDoubleTap = onDoubleTap;
      }),
      LongPressGestureRecognizer:
          GestureRecognizerFactoryWithHandlers<LongPressGestureRecognizer>(
-              () => LongPressGestureRecognizer(
-                    supportedDevices: kTouchBasedDeviceKinds,
-                  ), (instance) {
+              () => LongPressGestureRecognizer(), (instance) {
        instance
          ..onLongPressDown = onLongPressDown
          ..onLongPressUp = onLongPressUp
@@ -563,9 +557,7 @@ class _RawTouchGestureDetectorRegionState
      // Customized
      HoldTapMoveGestureRecognizer:
          GestureRecognizerFactoryWithHandlers<HoldTapMoveGestureRecognizer>(
-              () => HoldTapMoveGestureRecognizer(
-                    supportedDevices: kTouchBasedDeviceKinds,
-                  ),
+              () => HoldTapMoveGestureRecognizer(),
              (instance) => instance
                ..onHoldDragStart = onHoldDragStart
                ..onHoldDragUpdate = onHoldDragUpdate
@@ -573,18 +565,14 @@ class _RawTouchGestureDetectorRegionState
                ..onHoldDragEnd = onHoldDragEnd),
      DoubleFinerTapGestureRecognizer:
          GestureRecognizerFactoryWithHandlers<DoubleFinerTapGestureRecognizer>(
-              () => DoubleFinerTapGestureRecognizer(
-                    supportedDevices: kTouchBasedDeviceKinds,
-                  ), (instance) {
+              () => DoubleFinerTapGestureRecognizer(), (instance) {
        instance
          ..onDoubleFinerTap = onDoubleFinerTap
          ..onDoubleFinerTapDown = onDoubleFinerTapDown;
      }),
      CustomTouchGestureRecognizer:
          GestureRecognizerFactoryWithHandlers<CustomTouchGestureRecognizer>(
-              () => CustomTouchGestureRecognizer(
-                    supportedDevices: kTouchBasedDeviceKinds,
-                  ), (instance) {
+              () => CustomTouchGestureRecognizer(), (instance) {
        instance.onOneFingerPanStart =
            (DragStartDetails d) => onOneFingerPanStart(context, d);
        instance
--- a/flutter/lib/common/widgets/toolbar.dart
+++ b/flutter/lib/common/widgets/toolbar.dart
@@ -13,8 +13,84 @@ import 'package:flutter_hbb/models/model.dart';
 import 'package:flutter_hbb/models/platform_model.dart';
 import 'package:flutter_hbb/utils/multi_window_manager.dart';
 import 'package:get/get.dart';
+import 'package:url_launcher/url_launcher.dart';

 bool isEditOsPassword = false;
+const String kPeerOptionAllowWaylandKeyboard = 'allow-wayland-keyboard';
+const String kWaylandKeyboardIssueUrl =
+    'https://github.com/rustdesk/rustdesk/issues/14586';
+final Set<String> _waylandKeyboardPromptSuppressedConnectionIds = <String>{};
+
+Future<bool> openWaylandKeyboardIssueUrl() {
+  return launchUrl(
+    Uri.parse(kWaylandKeyboardIssueUrl),
+    mode: LaunchMode.externalApplication,
+  );
+}
+
+bool isWaylandKeyboardPromptSuppressedForConnection(String connectionId) {
+  return _waylandKeyboardPromptSuppressedConnectionIds.contains(connectionId);
+}
+
+void setWaylandKeyboardPromptSuppressedForConnection(
+    String connectionId, bool suppressed) {
+  if (suppressed) {
+    _waylandKeyboardPromptSuppressedConnectionIds.add(connectionId);
+  } else {
+    _waylandKeyboardPromptSuppressedConnectionIds.remove(connectionId);
+  }
+}
+
+void clearWaylandKeyboardPromptSuppressedForConnection(String connectionId) {
+  _waylandKeyboardPromptSuppressedConnectionIds.remove(connectionId);
+}
+
+bool shouldShowWaylandKeyboardPrompt({
+  required String connectionId,
+  required bool isWaylandPeer,
+  required bool allowWaylandKeyboardRemembered,
+}) {
+  return isWaylandPeer &&
+      !allowWaylandKeyboardRemembered &&
+      !isWaylandKeyboardPromptSuppressedForConnection(connectionId);
+}
+
+Widget waylandKeyboardScopeChip(BuildContext context, String text) {
+  final colorScheme = Theme.of(context).colorScheme;
+  return Container(
+    padding: const EdgeInsets.symmetric(horizontal: 8, vertical: 4),
+    decoration: BoxDecoration(
+      borderRadius: BorderRadius.circular(999),
+      border: Border.all(color: colorScheme.primary.withOpacity(0.35)),
+    ),
+    child: Text(
+      text,
+      style: Theme.of(
+        context,
+      ).textTheme.bodySmall?.copyWith(fontWeight: FontWeight.w600),
+    ),
+  );
+}
+
+bool _isWindowsMode1PrivacyImpl(String privacyModeImpl) {
+  return privacyModeImpl == kPrivacyModeImplMag ||
+      privacyModeImpl == kPrivacyModeImplExcludeFromCapture;
+}
+
+// macOS privacy mode blacks out all online displays. Windows Mode 1 also
+// covers every local monitor with privacy overlay windows, so remote display
+// switching does not weaken local privacy protection.
+//
+// Keep this separate from the capture backend capability. The legacy Windows
+// magnifier capturer is not reliable for multi-monitor capture; WebRTC's
+// screen_capturer_win_magnifier also disables it when SM_CMONITORS != 1:
+// https://webrtc.googlesource.com/src/+/1845922d5a1bf9c27deeffb4a8c8daea124434c1/modules/desktop_capture/win/screen_capturer_win_magnifier.cc
+bool allowDisplaySwitchInPrivacyMode(PeerInfo pi, String privacyModeImpl) {
+  return pi.platform == kPeerPlatformMacOS ||
+      (pi.platform == kPeerPlatformWindows &&
+          _isWindowsMode1PrivacyImpl(privacyModeImpl) &&
+          versionCmp(pi.version, '1.4.8') >= 0);
+}

 class TTextMenu {
  final Widget child;
@@ -87,12 +163,179 @@ handleOsPasswordAction(
  }
 }

+void showWaylandKeyboardInputWarningDialog(
+    {required String id,
+    required String connectionId,
+    required FFI ffi,
+    required Future<void> Function() onEnable}) {
+  bool remember = false;
+  bool consentInProgress = false;
+  bool dialogClosed = false;
+
+  final dialogFuture = ffi.dialogManager.show((setState, close, context) {
+    void safeSetState(VoidCallback fn) {
+      if (dialogClosed) {
+        return;
+      }
+      try {
+        setState(fn);
+      } catch (e) {
+        debugPrint('Ignore setState after dialog disposal: $e');
+      }
+    }
+
+    void closeDialog() {
+      if (dialogClosed) {
+        return;
+      }
+      dialogClosed = true;
+      close();
+    }
+
+    Future<void> enableAndContinue() async {
+      if (consentInProgress || dialogClosed) {
+        return;
+      }
+      consentInProgress = true;
+      safeSetState(() {});
+      try {
+        await onEnable();
+      } catch (e, st) {
+        debugPrint('Failed to enable Wayland keyboard input consent: $e');
+        debugPrintStack(stackTrace: st);
+        consentInProgress = false;
+        safeSetState(() {});
+        return;
+      }
+
+      ffi.inputModel.keyboardInputAllowed = true;
+      var rememberPersisted = true;
+      if (remember) {
+        try {
+          await bind.mainSetPeerOption(
+              id: id,
+              key: kPeerOptionAllowWaylandKeyboard,
+              value: bool2option(kPeerOptionAllowWaylandKeyboard, true));
+        } catch (e) {
+          rememberPersisted = false;
+          debugPrint('Failed to persist Wayland keyboard input consent: $e');
+        }
+      }
+      // Always suppress prompt for current connection after explicit consent.
+      setWaylandKeyboardPromptSuppressedForConnection(connectionId, true);
+      closeDialog();
+      if (remember && !rememberPersisted) {
+        // It's a rare edge case that persisting the user's choice fails.
+        // Failed to persist the user's choice, but still allow keyboard input for current session.
+        showToast(translate('Failed'));
+      }
+    }
+
+    void cancel() {
+      if (consentInProgress) {
+        return;
+      }
+      closeDialog();
+    }
+
+    return CustomAlertDialog(
+      title: null,
+      content: Column(
+        mainAxisSize: MainAxisSize.min,
+        crossAxisAlignment: CrossAxisAlignment.start,
+        children: [
+          msgboxContent(
+            '',
+            'wayland-keyboard-input-disabled-tip',
+            'wayland-keyboard-input-consent-tip',
+          ),
+          SizedBox(height: isMobile ? 2 : 6),
+          if (isMobile) ...[
+            Text(
+              translate('wayland-keyboard-input-applies-to-tip'),
+              style: Theme.of(
+                context,
+              ).textTheme.bodyMedium?.copyWith(fontWeight: FontWeight.w600),
+            ).marginOnly(bottom: 6),
+            Wrap(
+              spacing: 6,
+              runSpacing: 6,
+              children: [
+                waylandKeyboardScopeChip(
+                    context, translate('Send clipboard keystrokes')),
+                waylandKeyboardScopeChip(
+                    context, translate('wayland-soft-keyboard-input-label')),
+              ],
+            ).marginOnly(bottom: 10),
+          ],
+          TextButton(
+            onPressed: consentInProgress
+                ? null
+                : () async {
+                    try {
+                      final opened = await openWaylandKeyboardIssueUrl();
+                      if (!opened) {
+                        // Opening this optional help link almost never fails in
+                        // normal desktop environments. Keep the result handled
+                        // for review hygiene, but avoid a low-value user toast.
+                        debugPrint('Failed to open Wayland keyboard issue URL');
+                      }
+                    } catch (e) {
+                      debugPrint(
+                          'Failed to open Wayland keyboard issue URL: $e');
+                    }
+                  },
+            style: TextButton.styleFrom(
+              foregroundColor: Colors.blue,
+              padding: EdgeInsets.zero,
+              minimumSize: Size.zero,
+              tapTargetSize: MaterialTapTargetSize.shrinkWrap,
+            ),
+            child: Text(
+              translate('Why this happens'),
+              style: const TextStyle(decoration: TextDecoration.underline),
+            ),
+          ).marginOnly(bottom: 6),
+          CheckboxListTile(
+            value: remember,
+            dense: true,
+            contentPadding: EdgeInsets.zero,
+            controlAffinity: ListTileControlAffinity.leading,
+            title: Text(translate('remember-wayland-keyboard-choice-tip')),
+            onChanged: consentInProgress
+                ? null
+                : (v) {
+                    safeSetState(() => remember = v == true);
+                  },
+          ),
+        ],
+      ),
+      actions: [
+        dialogButton(
+          'Cancel',
+          onPressed: consentInProgress ? null : cancel,
+          isOutline: true,
+        ),
+        dialogButton(
+          'OK',
+          onPressed:
+              consentInProgress ? null : () => unawaited(enableAndContinue()),
+        ),
+      ],
+      onCancel: consentInProgress ? null : cancel,
+      onSubmit: consentInProgress ? null : () => unawaited(enableAndContinue()),
+    );
+  }, clickMaskDismiss: false, backDismiss: false);
+  unawaited(dialogFuture.whenComplete(() => dialogClosed = true));
+}
+
 List<TTextMenu> toolbarControls(BuildContext context, String id, FFI ffi) {
  final ffiModel = ffi.ffiModel;
  final pi = ffiModel.pi;
  final perms = ffiModel.permissions;
  final sessionId = ffi.sessionId;
  final isDefaultConn = ffi.connType == ConnType.defaultConn;
+  final isWaylandPeer = pi.platform == kPeerPlatformLinux && pi.isWayland;

  List<TTextMenu> v = [];
  // elevation
@@ -142,11 +385,60 @@ List<TTextMenu> toolbarControls(BuildContext context, String id, FFI ffi) {
    v.add(TTextMenu(
        child: Text(translate('Send clipboard keystrokes')),
        onPressed: () async {
-          ClipboardData? data = await Clipboard.getData(Clipboard.kTextPlain);
-          if (data != null && data.text != null) {
-            bind.sessionInputString(
-                sessionId: sessionId, value: data.text ?? "");
+          Future<void> sendClipboardKeystrokes() async {
+            ClipboardData? data = await Clipboard.getData(Clipboard.kTextPlain);
+            if (data != null && data.text != null) {
+              bind.sessionInputString(
+                  sessionId: sessionId, value: data.text ?? "");
+            }
          }
+
+          final allowWaylandKeyboard =
+              mainGetPeerBoolOptionSync(id, kPeerOptionAllowWaylandKeyboard);
+          if (shouldShowWaylandKeyboardPrompt(
+            connectionId: sessionId.toString(),
+            isWaylandPeer: isWaylandPeer,
+            allowWaylandKeyboardRemembered: allowWaylandKeyboard,
+          )) {
+            ffi.inputModel.keyboardInputAllowed = false;
+            showWaylandKeyboardInputWarningDialog(
+              id: id,
+              connectionId: sessionId.toString(),
+              ffi: ffi,
+              onEnable: sendClipboardKeystrokes,
+            );
+            return;
+          }
+          await sendClipboardKeystrokes();
+        }));
+  }
+  if (isDefaultConn &&
+      isWaylandPeer &&
+      (mainGetPeerBoolOptionSync(id, kPeerOptionAllowWaylandKeyboard) ||
+          isWaylandKeyboardPromptSuppressedForConnection(
+              sessionId.toString()))) {
+    v.add(TTextMenu(
+        child: Text(translate('wayland-keyboard-input-reset-choice-tip')),
+        onPressed: () async {
+          var persistedCleared = false;
+          try {
+            await bind.mainSetPeerOption(
+                id: id,
+                key: kPeerOptionAllowWaylandKeyboard,
+                value: bool2option(kPeerOptionAllowWaylandKeyboard, false));
+            persistedCleared = true;
+          } catch (e) {
+            debugPrint(
+                'Failed to clear persisted Wayland keyboard permission: $e');
+          } finally {
+            clearWaylandKeyboardPromptSuppressedForConnection(
+                sessionId.toString());
+            ffi.inputModel.keyboardInputAllowed = false;
+            if (isMobile) {
+              await ffi.invokeMethod("enable_soft_keyboard", false);
+            }
+          }
+          showToast(translate(persistedCleared ? 'Successful' : 'Failed'));
        }));
  }
  // reset canvas
@@ -684,8 +976,10 @@ Future<List<TToggleMenu>> toolbarDisplayToggle(
        child: Text(translate('Lock after session end'))));
  }

+  final privacyModeState = PrivacyModeState.find(id);
  if (pi.isSupportMultiDisplay &&
-      PrivacyModeState.find(id).isEmpty &&
+      (privacyModeState.isEmpty ||
+          allowDisplaySwitchInPrivacyMode(pi, privacyModeState.value)) &&
      pi.displaysCount.value > 1 &&
      bind.mainGetUserDefaultOption(key: kKeyShowMonitorsToolbar) == 'Y') {
    final value =
@@ -759,7 +1053,8 @@ List<TToggleMenu> toolbarPrivacyMode(
  final ffiModel = ffi.ffiModel;
  final pi = ffiModel.pi;
  final sessionId = ffi.sessionId;
-  final hasPrivacyModePermission = ffiModel.permissions['privacy_mode'] != false;
+  final hasPrivacyModePermission =
+      ffiModel.permissions['privacy_mode'] != false;

  // Backend revocation already attempts to turn privacy mode off.
  // Still keep this menu when privacy mode is active, so users can turn it off
@@ -768,23 +1063,28 @@ List<TToggleMenu> toolbarPrivacyMode(
    return []; // No permission and not active, hide options.
  }

-  getDefaultMenu(Future<void> Function(SessionID sid, String opt) toggleFunc) {
-    final enabled =
-        !ffiModel.viewOnly && (hasPrivacyModePermission || privacyModeState.isNotEmpty);
+  bool checkDisplayAllowedForPrivacyMode(String targetImplKey, bool turnOn) {
+    if (!turnOn ||
+        allowDisplaySwitchInPrivacyMode(pi, targetImplKey) ||
+        (ffiModel.pi.currentDisplay == 0 &&
+            !bind.sessionIsMultiUiSession(sessionId: sessionId))) {
+      return true;
+    }
+    msgBox(sessionId, 'custom-nook-nocancel-hasclose', 'info',
+        'Please switch to Display 1 first', '', ffi.dialogManager);
+    return false;
+  }
+
+  getDefaultMenu(Future<void> Function(SessionID sid, String opt) toggleFunc,
+      String targetImplKey) {
+    final enabled = !ffiModel.viewOnly &&
+        (hasPrivacyModePermission || privacyModeState.isNotEmpty);
    return TToggleMenu(
        value: privacyModeState.isNotEmpty,
        onChanged: enabled
            ? (value) {
                if (value == null) return;
-                if (ffiModel.pi.currentDisplay != 0 &&
-                    ffiModel.pi.currentDisplay != kAllDisplayValue) {
-                  msgBox(
-                      sessionId,
-                      'custom-nook-nocancel-hasclose',
-                      'info',
-                      'Please switch to Display 1 first',
-                      '',
-                      ffi.dialogManager);
+                if (!checkDisplayAllowedForPrivacyMode(targetImplKey, value)) {
                  return;
                }
                final option = 'privacy-mode';
@@ -802,7 +1102,7 @@ List<TToggleMenu> toolbarPrivacyMode(
      getDefaultMenu((sid, opt) async {
        bind.sessionToggleOption(sessionId: sid, value: opt);
        togglePrivacyModeTime = DateTime.now();
-      })
+      }, kPrivacyModeImplMag)
    ];
  }
  if (privacyModeImpls.isEmpty) {
@@ -816,7 +1116,7 @@ List<TToggleMenu> toolbarPrivacyMode(
        bind.sessionTogglePrivacyMode(
            sessionId: sid, implKey: implKey, on: privacyModeState.isEmpty);
        togglePrivacyModeTime = DateTime.now();
-      })
+      }, implKey)
    ];
  } else {
    final visibleImpls = hasPrivacyModePermission
@@ -837,6 +1137,9 @@ List<TToggleMenu> toolbarPrivacyMode(
              ? (value) {
                  if (value == null) return;
                  if (value && !hasPrivacyModePermission) return;
+                  if (!checkDisplayAllowedForPrivacyMode(implKey, value)) {
+                    return;
+                  }
                  togglePrivacyModeTime = DateTime.now();
                  bind.sessionTogglePrivacyMode(
                      sessionId: sessionId, implKey: implKey, on: value);
--- a/flutter/lib/consts.dart
+++ b/flutter/lib/consts.dart
@@ -29,6 +29,10 @@ const String kPlatformAdditionsHasFileClipboard = "has_file_clipboard";
 const String kPlatformAdditionsSupportedPrivacyModeImpl =
    "supported_privacy_mode_impl";

+const String kPrivacyModeImplMag = 'privacy_mode_impl_mag';
+const String kPrivacyModeImplExcludeFromCapture =
+    'privacy_mode_impl_exclude_from_capture';
+
 const String kPeerPlatformWindows = "Windows";
 const String kPeerPlatformLinux = "Linux";
 const String kPeerPlatformMacOS = "Mac OS";
@@ -142,6 +146,10 @@ const String kOptionSwapLeftRightMouse = "swap-left-right-mouse";
 const String kOptionCodecPreference = "codec-preference";
 const String kOptionRemoteMenubarDragLeft = "remote-menubar-drag-left";
 const String kOptionRemoteMenubarDragRight = "remote-menubar-drag-right";
+const String kOptionRemoteMenubarEdge = "remote-menubar-edge";
+const String kOptionRemoteMenubarFraction = "remote-menubar-frac";
+const String kOptionAllowMultiEdgeToolbarDock =
+    "allow-multi-edge-toolbar-dock";
 const String kOptionHideAbTagsPanel = "hideAbTagsPanel";
 const String kOptionRemoteMenubarState = "remoteMenubarState";
 const String kOptionPeerSorting = "peer-sorting";
@@ -166,6 +174,8 @@ const String kOptionShowVirtualMouse = "show-virtual-mouse";
 const String kOptionVirtualMouseScale = "virtual-mouse-scale";
 const String kOptionShowVirtualJoystick = "show-virtual-joystick";
 const String kOptionAllowAskForNoteAtEndOfConnection = "allow-ask-for-note";
+const String kOptionAllowMonitorSwitchMainToolbar = "allow-monitor-switch-main-toolbar";
+const String kOptionAllowMonitorSwitchMinToolbar = "allow-monitor-switch-min-toolbar";
 const String kOptionEnableShowTerminalExtraKeys = "enable-show-terminal-extra-keys";

 // network options
--- a/flutter/lib/desktop/pages/connection_page.dart
+++ b/flutter/lib/desktop/pages/connection_page.dart
@@ -398,6 +398,7 @@ class _ConnectionPageState extends State<ConnectionPage>
                                  .contains(textToFind) ||
                              peer.alias.toLowerCase().contains(textToFind))
                          .toList();
+                      _allPeersLoader.queryOnlines(_autocompleteOpts);
                    }
                    return _autocompleteOpts;
                  },
--- a/flutter/lib/desktop/pages/desktop_setting_page.dart
+++ b/flutter/lib/desktop/pages/desktop_setting_page.dart
@@ -407,6 +407,7 @@ class _GeneralState extends State<_General> {
  final RxBool serviceStop =
      isWeb ? RxBool(false) : Get.find<RxBool>(tag: 'stop-service');
  RxBool serviceBtnEnabled = true.obs;
+  final GlobalKey _minToolbarOptionKey = GlobalKey();

  @override
  Widget build(BuildContext context) {
@@ -488,6 +489,16 @@ class _GeneralState extends State<_General> {
        _OptionCheckBox(context, 'Confirm before closing multiple tabs',
            kOptionEnableConfirmClosingTabs,
            isServer: false),
+      if (!bind.isIncomingOnly())
+        _OptionCheckBox(
+          context,
+          'allow-remote-toolbar-docking-any-edge',
+          kOptionAllowMultiEdgeToolbarDock,
+          isServer: false,
+          update: (_) {
+            reloadAllWindows();
+          },
+        ),
      _OptionCheckBox(context, 'Adaptive bitrate', kOptionEnableAbr),
      if (!isWeb) wallpaper(),
      if (!isWeb && !bind.isIncomingOnly()) ...[
@@ -595,6 +606,47 @@ class _GeneralState extends State<_General> {
        },
      ));
    }
+    children.add(_OptionCheckBox(
+      context,
+      'Show monitor switch button on the main toolbar',
+      kOptionAllowMonitorSwitchMainToolbar,
+      isServer: false,
+      update: (enabled) async {
+        if (!enabled) {
+          await mainSetLocalBoolOption(
+              kOptionAllowMonitorSwitchMinToolbar, false);
+        }
+        if (mounted) setState(() {});
+        reloadAllWindows();
+        if (enabled) {
+          WidgetsBinding.instance.addPostFrameCallback((_) {
+            final ctx = _minToolbarOptionKey.currentContext;
+            if (ctx != null) {
+              Scrollable.ensureVisible(
+                ctx,
+                alignment: 0.5,
+                duration: const Duration(milliseconds: 250),
+                curve: Curves.easeInOut,
+              );
+            }
+          });
+        }
+      },
+    ));
+    if (mainGetLocalBoolOptionSync(kOptionAllowMonitorSwitchMainToolbar)) {
+      children.add(KeyedSubtree(
+        key: _minToolbarOptionKey,
+        child: _OptionCheckBox(
+          context,
+          'Show on the minimized toolbar',
+          kOptionAllowMonitorSwitchMinToolbar,
+          isServer: false,
+          update: (_) {
+            reloadAllWindows();
+          },
+        ).marginOnly(left: _kCheckBoxLeftMargin * 3),
+      ));
+    }
    return _Card(title: 'Other', children: children);
  }

--- a/flutter/lib/desktop/pages/install_page.dart
+++ b/flutter/lib/desktop/pages/install_page.dart
@@ -65,7 +65,7 @@ class _InstallPageBodyState extends State<_InstallPageBody>
  late final TextEditingController controller;
  final RxBool startmenu = true.obs;
  final RxBool desktopicon = true.obs;
-  final RxBool printer = true.obs;
+  final RxBool printer = false.obs;
  final RxBool showProgress = false.obs;
  final RxBool btnEnabled = true.obs;

@@ -80,7 +80,7 @@ class _InstallPageBodyState extends State<_InstallPageBody>
    final installOptions = jsonDecode(bind.installInstallOptions());
    startmenu.value = installOptions['STARTMENUSHORTCUTS'] != '0';
    desktopicon.value = installOptions['DESKTOPSHORTCUTS'] != '0';
-    printer.value = installOptions['PRINTER'] != '0';
+    printer.value = installOptions['PRINTER'] == '1';
  }

  @override
--- a/flutter/lib/desktop/pages/remote_page.dart
+++ b/flutter/lib/desktop/pages/remote_page.dart
@@ -101,6 +101,9 @@ class _RemotePageState extends State<RemotePage>
  Function(bool)? _onEnterOrLeaveImage4Toolbar;

  late FFI _ffi;
+  Worker? _waylandKeyboardModeWorker;
+  bool _waylandKeyboardModeNormalized = false;
+  bool _waylandKeyboardModeNormalizing = false;

  SessionID get sessionId => _ffi.sessionId;

@@ -178,6 +181,48 @@ class _RemotePageState extends State<RemotePage>
    // Register callback to cancel debounce timer when relative mouse mode is disabled
    _ffi.inputModel.onRelativeMouseModeDisabled =
        _cancelPointerLockCenterDebounceTimer;
+
+    _waylandKeyboardModeWorker = ever(_ffi.ffiModel.pi.isSet, (bool isSet) {
+      if (isSet) {
+        unawaited(_normalizeWaylandKeyboardModeIfNeeded());
+      }
+    });
+    if (_ffi.ffiModel.pi.isSet.value) {
+      unawaited(_normalizeWaylandKeyboardModeIfNeeded());
+    }
+  }
+
+  Future<void> _normalizeWaylandKeyboardModeIfNeeded() async {
+    if (!mounted ||
+        _waylandKeyboardModeNormalized ||
+        _waylandKeyboardModeNormalizing) {
+      return;
+    }
+    _waylandKeyboardModeNormalizing = true;
+    try {
+      final pi = _ffi.ffiModel.pi;
+      if (pi.platform != kPeerPlatformLinux || !pi.isWayland) return;
+      final mapSupported = bind.sessionIsKeyboardModeSupported(
+          sessionId: sessionId, mode: kKeyMapMode);
+      if (!mapSupported) return;
+      final current = await bind.sessionGetKeyboardMode(sessionId: sessionId);
+      if (!mounted) return;
+      if (current == kKeyMapMode) {
+        _waylandKeyboardModeNormalized = true;
+        return;
+      }
+      await bind.sessionSetKeyboardMode(
+          sessionId: sessionId, value: kKeyMapMode);
+      if (!mounted) return;
+      await _ffi.inputModel.updateKeyboardMode();
+      if (!mounted) return;
+      _waylandKeyboardModeNormalized = true;
+    } catch (e, st) {
+      debugPrint('Failed to normalize Wayland keyboard mode: $e');
+      debugPrintStack(stackTrace: st);
+    } finally {
+      _waylandKeyboardModeNormalizing = false;
+    }
  }

  /// Cancel the pointer lock center debounce timer
@@ -318,6 +363,7 @@ class _RemotePageState extends State<RemotePage>

    _pointerLockCenterDebounceTimer?.cancel();
    _pointerLockCenterDebounceTimer = null;
+    _waylandKeyboardModeWorker?.dispose();
    // Clear callback reference to prevent memory leaks and stale references
    _ffi.inputModel.onRelativeMouseModeDisabled = null;
    // Relative mouse mode cleanup is centralized in FFI.close(closeSession: ...).
@@ -331,6 +377,9 @@ class _RemotePageState extends State<RemotePage>
    _ffi.imageModel.disposeImage();
    _ffi.cursorModel.disposeImages();
    _rawKeyFocusNode.dispose();
+    if (closeSession) {
+      clearWaylandKeyboardPromptSuppressedForConnection(sessionId.toString());
+    }
    await _ffi.close(closeSession: closeSession);
    _timer?.cancel();
    _ffi.dialogManager.dismissAll();
--- a/flutter/lib/desktop/pages/terminal_page.dart
+++ b/flutter/lib/desktop/pages/terminal_page.dart
@@ -27,6 +27,7 @@ class TerminalPage extends StatefulWidget {
  final bool? isSharedPassword;
  final String? connToken;
  final int terminalId;
+
  /// Tab key for focus management, passed from parent to avoid duplicate construction
  final String tabKey;
  final SimpleWrapper<State<TerminalPage>?> _lastState = SimpleWrapper(null);
@@ -43,6 +44,9 @@ class TerminalPage extends StatefulWidget {

 class _TerminalPageState extends State<TerminalPage>
    with AutomaticKeepAliveClientMixin {
+  static const EdgeInsets _defaultTerminalPadding =
+      EdgeInsets.symmetric(horizontal: 5.0, vertical: 2.0);
+
  late FFI _ffi;
  late TerminalModel _terminalModel;
  double? _cellHeight;
@@ -155,13 +159,27 @@ class _TerminalPageState extends State<TerminalPage>
  // extra space left after dividing the available height by the height of a single
  // terminal row (`_cellHeight`) and distributing it evenly as top and bottom padding.
  EdgeInsets _calculatePadding(double heightPx) {
-    if (_cellHeight == null) {
-      return const EdgeInsets.symmetric(horizontal: 5.0, vertical: 2.0);
+    final cellHeight = _cellHeight;
+    if (!heightPx.isFinite ||
+        heightPx <= 0 ||
+        cellHeight == null ||
+        !cellHeight.isFinite ||
+        cellHeight <= 0) {
+      return _defaultTerminalPadding;
+    }
+    final rows = (heightPx / cellHeight).floor();
+    if (rows <= 0) {
+      return _defaultTerminalPadding;
+    }
+    final extraSpace = heightPx - rows * cellHeight;
+    if (!extraSpace.isFinite || extraSpace < 0) {
+      return _defaultTerminalPadding;
    }
-    final rows = (heightPx / _cellHeight!).floor();
-    final extraSpace = heightPx - rows * _cellHeight!;
    final topBottom = extraSpace / 2.0;
-    return EdgeInsets.symmetric(horizontal: 5.0, vertical: topBottom);
+    return EdgeInsets.symmetric(
+      horizontal: _defaultTerminalPadding.horizontal / 2,
+      vertical: topBottom,
+    );
  }

  @override
--- a/flutter/lib/desktop/pages/terminal_tab_page.dart
+++ b/flutter/lib/desktop/pages/terminal_tab_page.dart
@@ -46,6 +46,7 @@ class _TerminalTabPageState extends State<TerminalTabPage> {
          .setTitle(getWindowNameWithId(id));
    };
    tabController.onRemoved = (_, id) => onRemoveId(id);
+    tabController.onCloseWindow = _closeWindowFromConnection;
    final terminalId = params['terminalId'] ?? _nextTerminalId++;
    tabController.add(_createTerminalTab(
      peerId: params['id'],
@@ -144,6 +145,8 @@ class _TerminalTabPageState extends State<TerminalTabPage> {
    _windowClosing = true;
    final tabKeys = tabController.state.value.tabs.map((t) => t.key).toList();
    // Remove all UI tabs immediately (same instant behavior as the old tabController.clear())
+    // Keep the cleanup target lookup below synchronous before its first await:
+    // it relies on the current frame still retaining each TerminalPage's FFI/model.
    tabController.clear();
    // Run session cleanup in parallel with bounded timeout (closeTerminal() has internal 3s timeout).
    // Skip tabs already being closed by a concurrent _closeTab() to avoid duplicate FFI calls.
@@ -368,8 +371,34 @@ class _TerminalTabPageState extends State<TerminalTabPage> {
    final persistentSessions =
        args['persistent_sessions'] as List<dynamic>? ?? [];
    final sortedSessions = persistentSessions.whereType<int>().toList()..sort();
+    var peerId = args['peer_id'] as String? ?? '';
+    if (peerId.isEmpty) {
+      if (tabController.state.value.tabs.isEmpty ||
+          tabController.state.value.selected >=
+              tabController.state.value.tabs.length) {
+        debugPrint('[TerminalTabPage] Skip restore: no selected tab');
+        return;
+      }
+      final currentTab = tabController.state.value.selectedTabInfo;
+      final parsed = _parseTabKey(currentTab.key);
+      if (parsed == null) return;
+      peerId = parsed.$1;
+    }
+    final existingTerminalIds = tabController.state.value.tabs
+        .map((tab) => _parseTabKey(tab.key))
+        .where((parsed) => parsed != null && parsed.$1 == peerId)
+        .map((parsed) => parsed!.$2)
+        .toSet();
+    if (existingTerminalIds.isEmpty) {
+      debugPrint(
+          '[TerminalTabPage] Skip restore: no seed tab for peer $peerId');
+      return;
+    }
    for (final terminalId in sortedSessions) {
-      _addNewTerminalForCurrentPeer(terminalId: terminalId);
+      if (!existingTerminalIds.add(terminalId)) {
+        continue;
+      }
+      _addNewTerminal(peerId, terminalId: terminalId);
      // A delay is required to ensure the UI has sufficient time to update
      // before adding the next terminal. Without this delay, `_TerminalPageState::dispose()`
      // may be called prematurely while the tab widget is still in the tab controller.
@@ -546,6 +575,11 @@ class _TerminalTabPageState extends State<TerminalTabPage> {
    }
  }

+  Future<void> _closeWindowFromConnection() async {
+    await _closeAllTabs();
+    await WindowController.fromWindowId(windowId()).close();
+  }
+
  int windowId() {
    return widget.params["windowId"];
  }
--- a/flutter/lib/desktop/widgets/remote_toolbar.dart
+++ b/flutter/lib/desktop/widgets/remote_toolbar.dart
--- a/flutter/lib/desktop/widgets/tabbar_widget.dart
+++ b/flutter/lib/desktop/widgets/tabbar_widget.dart
@@ -99,6 +99,7 @@ class DesktopTabController {
  /// index, key
  Function(int, String)? onRemoved;
  Function(String)? onSelected;
+  Future<void> Function()? onCloseWindow;

  DesktopTabController(
      {required this.tabType, this.onRemoved, this.onSelected});
@@ -592,13 +593,13 @@ class _DesktopTabState extends State<DesktopTab>
  }

  Widget _buildBar() {
+    final isIncomingHomePage = bind.isIncomingOnly() && isInHomePage();
    return Row(
      children: [
        Expanded(
            child: GestureDetector(
                // custom double tap handler
-                onTap: !(bind.isIncomingOnly() && isInHomePage()) &&
-                        showMaximize
+                onTap: !isIncomingHomePage && showMaximize
                    ? () {
                        final current = DateTime.now().millisecondsSinceEpoch;
                        final elapsed = current - _lastClickTime;
@@ -609,7 +610,7 @@ class _DesktopTabState extends State<DesktopTab>
                              .then((value) => stateGlobal.setMaximized(value));
                        }
                      }
-                    : null,
+                    : (isIncomingHomePage ? () {} : null), // Keep tap recognizer for Windows touch.
                onPanStart: (_) => startDragging(isMainWindow),
                onPanCancel: () {
                  // We want to disable dragging of the tab area in the tab bar.
--- a/flutter/lib/main.dart
+++ b/flutter/lib/main.dart
@@ -27,7 +27,10 @@ import 'common.dart';
 import 'consts.dart';
 import 'mobile/pages/home_page.dart';
 import 'mobile/pages/server_page.dart';
+import 'mobile/widgets/deploy_dialog.dart';
 import 'models/platform_model.dart';
+import 'native/font_manager.dart'
+    if (dart.library.html) 'web/font_manager.dart';

 import 'package:flutter_hbb/plugin/handlers.dart'
    if (dart.library.html) 'package:flutter_hbb/web/plugin/handlers.dart';
@@ -36,10 +39,15 @@ import 'package:flutter_hbb/plugin/handlers.dart'
 int? kWindowId;
 WindowType? kWindowType;
 late List<String> kBootArgs;
+bool _cjkFontLoaded = false;

 Future<void> main(List<String> args) async {
  earlyAssert();
  WidgetsFlutterBinding.ensureInitialized();
+  _cjkFontLoaded = await loadSystemCJKFonts();
+  if (_cjkFontLoaded) {
+    MyTheme.applyFontFallback([kLinuxCjkFontFamily]);
+  }

  debugPrint("launch args: $args");
  kBootArgs = List.from(args);
@@ -382,6 +390,7 @@ void _runApp(
      builder: (context, child) {
        child = _keepScaleBuilder(context, child);
        child = botToastBuilder(context, child);
+        if (_cjkFontLoaded) child = _mergeCjkFallback(context, child);
        return child;
      },
    ),
@@ -532,6 +541,7 @@ class _AppState extends State<App> with WidgetsBindingObserver {
              : (context, child) {
                  child = _keepScaleBuilder(context, child);
                  child = botToastBuilder(context, child);
+                  if (_cjkFontLoaded) child = _mergeCjkFallback(context, child);
                  if ((isDesktop && desktopType == DesktopType.main) ||
                      isWebDesktop) {
                    child = keyListenerBuilder(context, child);
@@ -575,6 +585,27 @@ _registerEventHandler() {
      NativeUiHandler.instance.onEvent(evt);
    });
  }
+  if (isAndroid) {
+    platformFFI.registerEventHandler(
+        'android_needs_deploy', 'android_needs_deploy', (_) async {
+      WidgetsBinding.instance.addPostFrameCallback((_) {
+        showDeployPromptDialog();
+      });
+    });
+  }
+}
+
+/// Merges the theme's fontFamilyFallback into [DefaultTextStyle] so that
+/// bare [Text] widgets (and those with inherit:true styles) also pick up the
+/// CJK fallback font loaded on ARM64 Linux.
+Widget _mergeCjkFallback(BuildContext context, Widget? child) {
+  final result = child ?? Container();
+  final fallback = Theme.of(context).textTheme.bodyMedium?.fontFamilyFallback;
+  if (fallback == null || fallback.isEmpty) return result;
+  return DefaultTextStyle.merge(
+    style: TextStyle(fontFamilyFallback: fallback),
+    child: result,
+  );
 }

 Widget keyListenerBuilder(BuildContext context, Widget? child) {
--- a/flutter/lib/mobile/pages/connection_page.dart
+++ b/flutter/lib/mobile/pages/connection_page.dart
@@ -207,6 +207,7 @@ class _ConnectionPageState extends State<ConnectionPage> {
                                    .contains(textToFind) ||
                                peer.alias.toLowerCase().contains(textToFind))
                            .toList();
+                        _allPeersLoader.queryOnlines(_autocompleteOpts);
                      }
                      return _autocompleteOpts;
                    },
--- a/flutter/lib/mobile/pages/remote_page.dart
+++ b/flutter/lib/mobile/pages/remote_page.dart
@@ -75,6 +75,9 @@ class _RemotePageState extends State<RemotePage> with WidgetsBindingObserver {
  final FocusNode _physicalFocusNode = FocusNode();
  var _showEdit = false; // use soft keyboard

+  Worker? _waylandKeyboardGateWorker;
+  bool _waylandKeyboardGateInitialized = false;
+
  InputModel get inputModel => gFFI.inputModel;
  SessionID get sessionId => gFFI.sessionId;

@@ -121,11 +124,33 @@ class _RemotePageState extends State<RemotePage> with WidgetsBindingObserver {
          isKeyboardVisible: keyboardVisibilityController.isVisible);
    });
    WidgetsBinding.instance.addObserver(this);
+
+    inputModel.keyboardInputAllowed = true;
+
+    // Wayland sessions may use clipboard-based text input on the controlled side.
+    // Require explicit user confirmation before allowing soft-keyboard and
+    // clipboard-assisted text input. Physical keyboard events are not gated here.
+    _waylandKeyboardGateWorker = ever(gFFI.ffiModel.pi.isSet, (bool isSet) {
+      if (isSet) {
+        _initWaylandKeyboardGateIfNeeded();
+      }
+    });
+    if (gFFI.ffiModel.pi.isSet.value) {
+      _initWaylandKeyboardGateIfNeeded();
+    }
  }

  @override
  Future<void> dispose() async {
    WidgetsBinding.instance.removeObserver(this);
+    // Close the session up-front. `gFFI.close()` below only calls `sessionClose`
+    // after several awaits (canvas save, image update, the `enable_soft_keyboard`
+    // platform call), so if the app is backgrounded while this page is disposing,
+    // dispose can be suspended before reaching it and the connection is never torn
+    // down. The reconnect then re-attaches to the leaked session and is stuck on
+    // "Connecting...". Dispatching it here makes teardown happen synchronously on
+    // pop; the `sessionClose` in `gFFI.close()` becomes a no-op once removed.
+    unawaited(bind.sessionClose(sessionId: sessionId));
    // https://github.com/flutter/flutter/issues/64935
    super.dispose();
    gFFI.dialogManager.hideMobileActionsOverlay(store: false);
@@ -135,6 +160,9 @@ class _RemotePageState extends State<RemotePage> with WidgetsBindingObserver {
    await gFFI.invokeMethod("enable_soft_keyboard", true);
    _mobileFocusNode.dispose();
    _physicalFocusNode.dispose();
+    clearWaylandKeyboardPromptSuppressedForConnection(sessionId.toString());
+    _waylandKeyboardGateWorker?.dispose();
+    inputModel.keyboardInputAllowed = true;
    await gFFI.close();
    _timer?.cancel();
    _iosKeyboardWorkaroundTimer?.cancel();
@@ -163,6 +191,40 @@ class _RemotePageState extends State<RemotePage> with WidgetsBindingObserver {
    gFFI.invokeMethod("try_sync_clipboard");
  }

+  bool _shouldGateKeyboardForWayland() {
+    if (!(isAndroid || isIOS)) return false;
+    final pi = gFFI.ffiModel.pi;
+    return pi.platform == kPeerPlatformLinux && pi.isWayland;
+  }
+
+  void _initWaylandKeyboardGateIfNeeded() {
+    if (!mounted) return;
+    if (_waylandKeyboardGateInitialized) return;
+    if (!_shouldGateKeyboardForWayland()) return;
+
+    _waylandKeyboardGateInitialized = true;
+
+    final allowWaylandKeyboard =
+        mainGetPeerBoolOptionSync(widget.id, kPeerOptionAllowWaylandKeyboard);
+    if (!shouldShowWaylandKeyboardPrompt(
+      connectionId: sessionId.toString(),
+      isWaylandPeer: _shouldGateKeyboardForWayland(),
+      allowWaylandKeyboardRemembered: allowWaylandKeyboard,
+    )) {
+      inputModel.keyboardInputAllowed = true;
+      return;
+    }
+
+    inputModel.keyboardInputAllowed = false;
+
+    // Ensure soft keyboard is not active before user confirms.
+    _showEdit = false;
+    gFFI.invokeMethod("enable_soft_keyboard", false);
+    _mobileFocusNode.unfocus();
+    _physicalFocusNode.requestFocus();
+    setState(() {});
+  }
+
  // to-do: It should be better to use transparent color instead of the bgColor.
  // But for now, the transparent color will cause the canvas to be white.
  // I'm sure that the white color is caused by the Overlay widget in BlockableOverlay.
@@ -294,7 +356,7 @@ class _RemotePageState extends State<RemotePage> with WidgetsBindingObserver {
                content == '【】')) {
          // can not only input content[0], because when input ], [ are also auo insert, which cause ] never be input
          bind.sessionInputString(sessionId: sessionId, value: content);
-          openKeyboard();
+          _openKeyboardUnlocked();
          return;
        }
        bind.sessionInputString(sessionId: sessionId, value: content);
@@ -306,6 +368,9 @@ class _RemotePageState extends State<RemotePage> with WidgetsBindingObserver {

  // handle mobile virtual keyboard
  void handleSoftKeyboardInput(String newValue) {
+    if (!inputModel.keyboardInputAllowed) {
+      return;
+    }
    if (isIOS) {
      _handleIOSSoftKeyboardInput(newValue);
    } else {
@@ -314,6 +379,9 @@ class _RemotePageState extends State<RemotePage> with WidgetsBindingObserver {
  }

  void inputChar(String char) {
+    if (!inputModel.keyboardInputAllowed) {
+      return;
+    }
    if (char == '\n') {
      char = 'VK_RETURN';
    } else if (char == ' ') {
@@ -323,6 +391,29 @@ class _RemotePageState extends State<RemotePage> with WidgetsBindingObserver {
  }

  void openKeyboard() {
+    final allowWaylandKeyboard =
+        mainGetPeerBoolOptionSync(widget.id, kPeerOptionAllowWaylandKeyboard);
+    if (shouldShowWaylandKeyboardPrompt(
+      connectionId: sessionId.toString(),
+      isWaylandPeer: _shouldGateKeyboardForWayland(),
+      allowWaylandKeyboardRemembered: allowWaylandKeyboard,
+    )) {
+      inputModel.keyboardInputAllowed = false;
+      showWaylandKeyboardInputWarningDialog(
+        id: widget.id,
+        connectionId: sessionId.toString(),
+        ffi: gFFI,
+        onEnable: () async {
+          _openKeyboardUnlocked();
+        },
+      );
+      return;
+    }
+    _openKeyboardUnlocked();
+  }
+
+  void _openKeyboardUnlocked() {
+    inputModel.keyboardInputAllowed = true;
    gFFI.invokeMethod("enable_soft_keyboard", true);
    // destroy first, so that our _value trick can work
    _value = initText;
@@ -426,10 +517,12 @@ class _RemotePageState extends State<RemotePage> with WidgetsBindingObserver {
                              }
                              return Container(
                                color: MyTheme.canvasColor,
-                                child: RawTouchGestureDetectorRegion(
-                                  child: getBodyForMobile(),
-                                  ffi: gFFI,
-                                ),
+                                child: inputModel.isPhysicalMouse.value
+                                    ? getBodyForMobile()
+                                    : RawTouchGestureDetectorRegion(
+                                        child: getBodyForMobile(),
+                                        ffi: gFFI,
+                                      ),
                              );
                            }),
                          ),
@@ -1127,7 +1220,11 @@ void showOptions(
  if (image != null) {
    displays.add(Padding(padding: const EdgeInsets.only(top: 8), child: image));
  }
-  if (pi.displays.length > 1 && pi.currentDisplay != kAllDisplayValue) {
+  final privacyModeState = PrivacyModeState.find(id);
+  if (pi.displays.length > 1 &&
+      pi.currentDisplay != kAllDisplayValue &&
+      (privacyModeState.isEmpty ||
+          allowDisplaySwitchInPrivacyMode(pi, privacyModeState.value))) {
    final cur = pi.currentDisplay;
    final children = <Widget>[];
    final isDarkTheme = MyTheme.currentThemeMode() == ThemeMode.dark;
@@ -1181,8 +1278,6 @@ void showOptions(
      await toolbarDisplayToggle(context, id, gFFI);

  List<TToggleMenu> privacyModeList = [];
-  // privacy mode
-  final privacyModeState = PrivacyModeState.find(id);
  if ((gFFI.ffiModel.pi.features.privacyMode && gFFI.ffiModel.keyboard) ||
      privacyModeState.isNotEmpty) {
    privacyModeList = toolbarPrivacyMode(privacyModeState, context, id, gFFI);
--- a/flutter/lib/mobile/pages/settings_page.dart
+++ b/flutter/lib/mobile/pages/settings_page.dart
@@ -17,6 +17,7 @@ import '../../common/widgets/login.dart';
 import '../../consts.dart';
 import '../../models/model.dart';
 import '../../models/platform_model.dart';
+import '../widgets/deploy_dialog.dart';
 import '../widgets/dialog.dart';
 import 'home_page.dart';
 import 'scan_page.dart';
@@ -728,6 +729,13 @@ class _SettingsState extends State<SettingsPage> with WidgetsBindingObserver {
                onPressed: (context) {
                  changeSocks5Proxy();
                }),
+          if (isAndroid && !bind.isOutgoingOnly())
+            SettingsTile(
+                title: Text(translate('Deploy')),
+                leading: Icon(Icons.cloud_upload),
+                onPressed: (context) {
+                  showDeployDialog();
+                }),
          if (!disabledSettings && !_hideNetwork && !_hideWebSocket)
            SettingsTile.switchTile(
              title: Text(translate('Use WebSocket')),
--- a/flutter/lib/mobile/pages/view_camera_page.dart
+++ b/flutter/lib/mobile/pages/view_camera_page.dart
@@ -259,11 +259,13 @@ class _ViewCameraPageState extends State<ViewCameraPage>
                        }
                        return Container(
                          color: MyTheme.canvasColor,
-                          child: RawTouchGestureDetectorRegion(
-                            child: getBodyForMobile(),
-                            ffi: gFFI,
-                            isCamera: true,
-                          ),
+                          child: inputModel.isPhysicalMouse.value
+                              ? getBodyForMobile()
+                              : RawTouchGestureDetectorRegion(
+                                  child: getBodyForMobile(),
+                                  ffi: gFFI,
+                                  isCamera: true,
+                                ),
                        );
                      }),
                    ),
--- a/flutter/lib/mobile/widgets/deploy_dialog.dart
+++ b/flutter/lib/mobile/widgets/deploy_dialog.dart
@@ -0,0 +1,114 @@
+import 'package:flutter/material.dart';
+import 'package:get/get.dart';
+
+import '../../common.dart';
+import '../../models/platform_model.dart';
+
+const _deployDialogTag = 'android-deploy-device';
+
+void showDeployPromptDialog() {
+  gFFI.dialogManager.dismissByTag(_deployDialogTag);
+  gFFI.dialogManager.show<bool>((setState, close, context) {
+    submit() => close(true);
+    return CustomAlertDialog(
+      title: Text(translate("Deploy")),
+      content: Text(translate("server_requires_deployment_tip")),
+      actions: [
+        dialogButton("Cancel", onPressed: close, isOutline: true),
+        dialogButton("OK", onPressed: submit),
+      ],
+      onSubmit: submit,
+      onCancel: close,
+    );
+  }, tag: _deployDialogTag).then((deploy) {
+    if (deploy == true) {
+      showDeployDialog();
+    }
+  });
+}
+
+void showDeployDialog() {
+  gFFI.dialogManager.dismissByTag(_deployDialogTag);
+  final tokenController = TextEditingController();
+  final idController = TextEditingController();
+  var errorText = "";
+  var isInProgress = false;
+  gFFI.dialogManager.show((setState, close, context) {
+    submit() async {
+      if (isInProgress) return;
+      final token = tokenController.text.trim();
+      if (token.isEmpty) {
+        setState(() {
+          errorText = translate("token is required!");
+        });
+        return;
+      }
+      setState(() {
+        errorText = "";
+        isInProgress = true;
+      });
+      String res;
+      try {
+        res = await bind.mainDeployDevice(
+            token: token, id: idController.text.trim());
+      } catch (e) {
+        setState(() {
+          errorText = translate(e.toString());
+          isInProgress = false;
+        });
+        return;
+      }
+      if (res.isEmpty) {
+        close();
+        await gFFI.serverModel.fetchID();
+        showToast(translate("Successful"));
+      } else {
+        setState(() {
+          errorText = translate(res.toString());
+          isInProgress = false;
+        });
+      }
+    }
+
+    return CustomAlertDialog(
+      title: Text(translate("Deploy")),
+      content: Column(
+        mainAxisSize: MainAxisSize.min,
+        children: [
+          TextField(
+            controller: tokenController,
+            decoration: InputDecoration(labelText: translate("API Token")),
+            obscureText: true,
+            enableSuggestions: false,
+            autocorrect: false,
+            autofocus: true,
+          ).workaroundFreezeLinuxMint(),
+          TextField(
+            controller: idController,
+            decoration:
+                InputDecoration(labelText: translate("Custom ID (optional)")),
+          ).workaroundFreezeLinuxMint(),
+          if (errorText.isNotEmpty)
+            Align(
+              alignment: Alignment.centerLeft,
+              child: SelectableText(
+                errorText,
+                style: TextStyle(
+                  color: Theme.of(context).colorScheme.error,
+                  fontSize: 12,
+                ),
+              ).paddingOnly(top: 8),
+            ),
+          if (isInProgress) const LinearProgressIndicator().paddingOnly(top: 8),
+        ],
+      ),
+      actions: [
+        dialogButton("Cancel",
+            onPressed: isInProgress ? null : close, isOutline: true),
+        dialogButton("OK", onPressed: isInProgress ? null : submit),
+      ],
+      onSubmit: submit,
+      onCancel: isInProgress ? null : close,
+    );
+  }, tag: _deployDialogTag);
+}
--- a/flutter/lib/mobile/widgets/dialog.dart
+++ b/flutter/lib/mobile/widgets/dialog.dart
@@ -117,13 +117,13 @@ void showServerSettingsWithValue(
            ),
            SizedBox(width: 8),
            Expanded(
-              child: TextFormField(
+              child: serverSettingsTextFormField(
+                label: label,
                controller: controller,
-                decoration: InputDecoration(
-                  errorText: errorMsg.isEmpty ? null : errorMsg,
-                  contentPadding:
-                      EdgeInsets.symmetric(horizontal: 8, vertical: 12),
-                ),
+                errorMsg: errorMsg,
+                contentPadding:
+                    EdgeInsets.symmetric(horizontal: 8, vertical: 12),
+                showLabelText: false,
                validator: validator,
                autofocus: autofocus,
              ).workaroundFreezeLinuxMint(),
@@ -132,12 +132,10 @@ void showServerSettingsWithValue(
        );
      }

-      return TextFormField(
+      return serverSettingsTextFormField(
+        label: label,
        controller: controller,
-        decoration: InputDecoration(
-          labelText: label,
-          errorText: errorMsg.isEmpty ? null : errorMsg,
-        ),
+        errorMsg: errorMsg,
        validator: validator,
      ).workaroundFreezeLinuxMint();
    }
@@ -209,6 +207,35 @@ void showServerSettingsWithValue(
  });
 }

+TextFormField serverSettingsTextFormField({
+  required String label,
+  required TextEditingController controller,
+  required String errorMsg,
+  String? Function(String?)? validator,
+  bool autofocus = false,
+  bool showLabelText = true,
+  EdgeInsetsGeometry? contentPadding,
+}) {
+  return TextFormField(
+    controller: controller,
+    decoration: InputDecoration(
+      labelText: showLabelText ? label : null,
+      errorText: errorMsg.isEmpty ? null : errorMsg,
+      contentPadding: contentPadding,
+    ),
+    validator: validator,
+    autofocus: autofocus,
+    keyboardType: TextInputType.visiblePassword,
+    textCapitalization: TextCapitalization.none,
+    autocorrect: false,
+    enableSuggestions: false,
+    smartDashesType: SmartDashesType.disabled,
+    smartQuotesType: SmartQuotesType.disabled,
+    enableIMEPersonalizedLearning: false,
+    spellCheckConfiguration: const SpellCheckConfiguration.disabled(),
+  );
+}
+
 void setPrivacyModeDialog(
  OverlayDialogManager dialogManager,
  List<TToggleMenu> privacyModeList,
--- a/flutter/lib/models/file_model.dart
+++ b/flutter/lib/models/file_model.dart
@@ -391,14 +391,30 @@ class FileController {

    await Future.delayed(Duration(milliseconds: 100));

-    final dir = (await bind.sessionGetPeerOption(
+    final savedDir = (await bind.sessionGetPeerOption(
        sessionId: sessionId, name: isLocal ? "local_dir" : "remote_dir"));
-    openDirectory(dir.isEmpty ? options.value.home : dir);
+    Future<bool> tryOpenReadyDirs() async {
+      final dirs = <String>{
+        if (directory.value.path.isNotEmpty) directory.value.path,
+        if (savedDir.isNotEmpty) savedDir,
+        options.value.home,
+      };
+      for (final dir in dirs) {
+        if (await _openDirectoryPath(dir, isBack: true)) {
+          return true;
+        }
+      }
+      return false;
+    }
+
+    var opened = await tryOpenReadyDirs();

    await Future.delayed(Duration(seconds: 1));

-    if (directory.value.path.isEmpty) {
-      openDirectory(options.value.home);
+    if (!opened) {
+      // The peer may become ready during the reconnect delay, so retry the
+      // same candidates instead of only retrying the default home directory.
+      await tryOpenReadyDirs();
    }
  }

@@ -429,19 +445,23 @@ class FileController {
    });
  }

-  Future<void> refresh() async {
-    await openDirectory(directory.value.path);
+  Future<bool> refresh() async {
+    // "." can be both a refresh command and a real remote directory path.
+    // Refresh must bypass openDirectory's command dispatch to avoid recursion.
+    return await _openDirectoryPath(directory.value.path, isBack: true);
  }

-  Future<void> openDirectory(String path, {bool isBack = false}) async {
-    if (path == ".") {
-      refresh();
-      return;
+  Future<bool> openDirectory(String path, {bool isBack = false}) async {
+    if (!isBack && path == ".") {
+      return await refresh();
    }
-    if (path == "..") {
-      goToParentDirectory();
-      return;
+    if (!isBack && path == "..") {
+      return await _goToParentDirectory(isBack: isBack);
    }
+    return await _openDirectoryPath(path, isBack: isBack);
+  }
+
+  Future<bool> _openDirectoryPath(String path, {bool isBack = false}) async {
    if (!isBack) {
      pushHistory();
    }
@@ -458,8 +478,10 @@ class FileController {
      final fd = await fileFetcher.fetchDirectory(path, isLocal, showHidden);
      fd.format(isWindows, sort: sortBy.value);
      directory.value = fd;
+      return true;
    } catch (e) {
      debugPrint("Failed to openDirectory $path: $e");
+      return false;
    }
  }

@@ -487,19 +509,22 @@ class FileController {
      goBack();
      return;
    }
-    openDirectory(path, isBack: true);
+    unawaited(_openDirectoryPath(path, isBack: true).then<void>((_) {}));
  }

  void goToParentDirectory() {
+    unawaited(_goToParentDirectory().then<void>((_) {}));
+  }
+
+  Future<bool> _goToParentDirectory({bool isBack = false}) async {
    final isWindows = options.value.isWindows;
    final dirPath = directory.value.path;
    var parent = PathUtil.dirname(dirPath, isWindows);
    // specially for C:\, D:\, goto '/'
    if (parent == dirPath && isWindows) {
-      openDirectory('/');
-      return;
+      return await _openDirectoryPath('/', isBack: isBack);
    }
-    openDirectory(parent);
+    return await _openDirectoryPath(parent, isBack: isBack);
  }

  // TODO deprecated this
--- a/flutter/lib/models/input_model.dart
+++ b/flutter/lib/models/input_model.dart
@@ -346,7 +346,7 @@ class InputModel {
  /// which runs per-engine, so each isolate registers its own handler tied
  /// to its own set of InputModels.
  static void initSideButtonChannel() {
-    if (!Platform.isLinux) return;
+    if (!isLinux) return;
    if (_sideButtonChannelInitialized) return;
    _sideButtonChannelInitialized = true;

@@ -474,6 +474,10 @@ class InputModel {

  late final SessionID sessionId;

+  // Local gate for clipboard-assisted input flows on mobile Wayland dialogs.
+  // It should not block physical keyboard events.
+  bool keyboardInputAllowed = true;
+
  bool get keyboardPerm => parent.target!.ffiModel.keyboard;
  String get id => parent.target?.id ?? '';
  String? get peerPlatform => parent.target?.ffiModel.pi.platform;
@@ -1303,7 +1307,8 @@ class InputModel {
    }
    if (isPhysicalMouse.value) {
      if (!_relativeMouse.handleRelativeMouseMove(e.localPosition)) {
-        handleMouse(_getMouseEvent(e, _kMouseEventMove), e.position,
+        final canvasPosition = _pointerPositionForRemoteCanvas(e);
+        handleMouse(_getMouseEvent(e, _kMouseEventMove), canvasPosition,
            edgeScroll: useEdgeScroll);
      }
    }
@@ -1544,7 +1549,8 @@ class InputModel {
        _relativeMouse
            .sendRelativeMouseButton(_getMouseEvent(e, _kMouseEventDown));
      } else {
-        handleMouse(_getMouseEvent(e, _kMouseEventDown), e.position);
+        final canvasPosition = _pointerPositionForRemoteCanvas(e);
+        handleMouse(_getMouseEvent(e, _kMouseEventDown), canvasPosition);
      }
    }
  }
@@ -1566,7 +1572,8 @@ class InputModel {
        _relativeMouse
            .sendRelativeMouseButton(_getMouseEvent(e, _kMouseEventUp));
      } else {
-        handleMouse(_getMouseEvent(e, _kMouseEventUp), e.position);
+        final canvasPosition = _pointerPositionForRemoteCanvas(e);
+        handleMouse(_getMouseEvent(e, _kMouseEventUp), canvasPosition);
      }
    }
  }
@@ -1588,12 +1595,40 @@ class InputModel {
    }
    if (isPhysicalMouse.value) {
      if (!_relativeMouse.handleRelativeMouseMove(e.localPosition)) {
-        handleMouse(_getMouseEvent(e, _kMouseEventMove), e.position,
+        final canvasPosition = _pointerPositionForRemoteCanvas(e);
+        handleMouse(_getMouseEvent(e, _kMouseEventMove), canvasPosition,
            edgeScroll: useEdgeScroll);
      }
    }
  }

+  /// Convert pointer coordinates into the visible remote canvas space.
+  ///
+  /// On mobile, the remote page body is wrapped in `SafeArea`, but the pointer
+  /// listener that feeds these events sits outside that subtree. As a result,
+  /// `event.localPosition` still includes the top/left safe-area inset.
+  ///
+  /// When the keyboard-visible path shows `KeyHelpTools`, the remote canvas is
+  /// also shifted downward by `CanvasModel.getAdjustY()`. The downstream mouse
+  /// mapping logic expects coordinates relative to the visible canvas area, so
+  /// we subtract both the mobile safe-area padding and the current canvas
+  /// adjustment before passing the position into mouse mapping.
+  ///
+  /// Desktop and web desktop continue to use the global position directly
+  /// because their pointer mapping is window-based.
+  Offset _pointerPositionForRemoteCanvas(PointerEvent event) {
+    if (isDesktop || isWebDesktop) {
+      return event.position;
+    }
+    final mediaData = MediaQueryData.fromView(
+        WidgetsBinding.instance.platformDispatcher.views.first);
+    final adjustY = parent.target?.canvasModel.getAdjustY() ?? 0.0;
+    return Offset(
+      event.localPosition.dx - mediaData.padding.left,
+      event.localPosition.dy - mediaData.padding.top - adjustY,
+    );
+  }
+
  static Future<Rect?> fillRemoteCoordsAndGetCurFrame(
      List<RemoteWindowCoords> remoteWindowCoords) async {
    final coords =
--- a/flutter/lib/models/model.dart
+++ b/flutter/lib/models/model.dart
@@ -55,6 +55,8 @@ import 'package:flutter_hbb/native/custom_cursor.dart'
 typedef HandleMsgBox = Function(Map<String, dynamic> evt, String id);
 typedef ReconnectHandle = Function(OverlayDialogManager, SessionID, bool);
 final _constSessionId = Uuid().v4obj();
+// Empirical restart reconnect cadence: keep the last frame briefly and retry quickly.
+const _restartReconnectSilentDelaySecs = 5;

 class CachedPeerData {
  Map<String, dynamic> updatePrivacyMode = {};
@@ -119,6 +121,7 @@ class FfiModel with ChangeNotifier {
  bool _touchMode = false;
  late VirtualMouseMode virtualMouseMode;
  Timer? _timer;
+  Timer? _restartReconnectDelayTimer;
  var _reconnects = 1;
  DateTime? _offlineReconnectStartTime;
  bool _viewOnly = false;
@@ -250,6 +253,7 @@ class FfiModel with ChangeNotifier {
    _inputBlocked = false;
    _timer?.cancel();
    _timer = null;
+    resetRestartReconnectState();
    clearPermissions();
    waitForImageTimer?.cancel();
    timerScreenshot?.cancel();
@@ -341,6 +345,7 @@ class FfiModel with ChangeNotifier {
      } else if (name == 'connection_ready') {
        setConnectionType(peerId, evt['secure'] == 'true',
            evt['direct'] == 'true', evt['stream_type'] ?? '');
+        resetRestartReconnectState();
      } else if (name == 'switch_display') {
        // switch display is kept for backward compatibility
        handleSwitchDisplay(evt, sessionId, peerId);
@@ -922,8 +927,28 @@ class FfiModel with ChangeNotifier {
      enterUserLoginAndPasswordDialog(
          sessionId, dialogManager, 'terminal-admin-login-tip', false);
    } else if (type == 'restarting') {
-      showMsgBox(sessionId, type, title, text, link, false, dialogManager,
-          hasCancel: false);
+      // Treat restart messages as reconnect control events. Rust still sends
+      // title/text for legacy UI and translation reuse; Flutter keeps the last
+      // frame briefly, then shows the Connecting overlay.
+      if (_restartReconnectDelayTimer == null) {
+        parent.target?.inputModel.setRelativeMouseMode(false);
+        bind.sessionReconnect(sessionId: sessionId, forceRelay: false);
+        clearPermissions();
+        // Retry once more after the silent window so restart reconnect attempts
+        // are spaced by the empirical short cadence instead of only updating UI.
+        _restartReconnectDelayTimer =
+            Timer(Duration(seconds: _restartReconnectSilentDelaySecs), () {
+          _restartReconnectDelayTimer = null;
+          if (parent.target?.closed == true) {
+            return;
+          }
+          reconnect(dialogManager, sessionId, false);
+        });
+      }
+    } else if (type == 'restarting-show') {
+      _restartReconnectDelayTimer?.cancel();
+      _restartReconnectDelayTimer = null;
+      reconnect(dialogManager, sessionId, false);
    } else if (type == 'wait-remote-accept-nook') {
      showWaitAcceptDialog(sessionId, type, title, text, dialogManager);
    } else if (type == 'on-uac' || type == 'on-foreground-elevated') {
@@ -949,6 +974,11 @@ class FfiModel with ChangeNotifier {
    }
  }

+  void resetRestartReconnectState() {
+    _restartReconnectDelayTimer?.cancel();
+    _restartReconnectDelayTimer = null;
+  }
+
  /// Auto-retry check for "Remote desktop is offline" error.
  /// returns true to auto-retry, false otherwise.
  bool shouldAutoRetryOnOffline(
@@ -1374,6 +1404,7 @@ class FfiModel with ChangeNotifier {
      if (displays.isNotEmpty) {
        _reconnects = 1;
        _offlineReconnectStartTime = null;
+        resetRestartReconnectState();
        waitForFirstImage.value = true;
        isRefreshing = false;
      }
@@ -3666,6 +3697,7 @@ class FFI {

  /// Mobile reuse FFI
  void mobileReset() {
+    ffiModel.resetRestartReconnectState();
    ffiModel.waitForFirstImage.value = true;
    ffiModel.isRefreshing = false;
    ffiModel.waitForImageDialogShow.value = true;
@@ -3879,6 +3911,7 @@ class FFI {
    }
    if (ffiModel.waitForFirstImage.value == true) {
      ffiModel.waitForFirstImage.value = false;
+      ffiModel.resetRestartReconnectState();
      dialogManager.dismissAll();
      await canvasModel.updateViewStyle();
      await canvasModel.updateScrollStyle();
--- a/flutter/lib/models/peer_model.dart
+++ b/flutter/lib/models/peer_model.dart
@@ -145,23 +145,26 @@ class Peer {
        note == other.note;
  }

-  Peer.copy(Peer other)
-      : this(
-            id: other.id,
-            hash: other.hash,
-            password: other.password,
-            username: other.username,
-            hostname: other.hostname,
-            platform: other.platform,
-            alias: other.alias,
-            tags: other.tags.toList(),
-            forceAlwaysRelay: other.forceAlwaysRelay,
-            rdpPort: other.rdpPort,
-            rdpUsername: other.rdpUsername,
-            loginName: other.loginName,
-            device_group_name: other.device_group_name,
-            note: other.note,
-            sameServer: other.sameServer);
+  factory Peer.copy(Peer other) {
+    final peer = Peer(
+        id: other.id,
+        hash: other.hash,
+        password: other.password,
+        username: other.username,
+        hostname: other.hostname,
+        platform: other.platform,
+        alias: other.alias,
+        tags: other.tags.toList(),
+        forceAlwaysRelay: other.forceAlwaysRelay,
+        rdpPort: other.rdpPort,
+        rdpUsername: other.rdpUsername,
+        loginName: other.loginName,
+        device_group_name: other.device_group_name,
+        note: other.note,
+        sameServer: other.sameServer);
+    peer.online = other.online;
+    return peer;
+  }
 }

 enum UpdateEvent { online, load }
--- a/flutter/lib/models/terminal_model.dart
+++ b/flutter/lib/models/terminal_model.dart
@@ -27,25 +27,30 @@ class TerminalModel with ChangeNotifier {
  // Buffer for output data received before terminal view has valid dimensions.
  // This prevents NaN errors when writing to terminal before layout is complete.
  final _pendingOutputChunks = <String>[];
+  final _pendingOutputSuppressFlags = <bool>[];
  int _pendingOutputSize = 0;
  static const int _kMaxOutputBufferChars = 8 * 1024;
  // View ready state: true when terminal has valid dimensions, safe to write
  bool _terminalViewReady = false;
-
-  bool get isPeerWindows => parent.ffiModel.pi.platform == kPeerPlatformWindows;
+  bool _markViewReadyScheduled = false;
+  bool _suppressTerminalOutput = false;
+  bool _suppressNextTerminalDataOutput = false;

  void Function(int w, int h, int pw, int ph)? onResizeExternal;

  Future<void> _handleInput(String data) async {
-    // If we press the `Enter` button on Android,
-    // `data` can be '\r' or '\n' when using different keyboards.
-    // Android -> Windows. '\r' works, but '\n' does not. '\n' is just a newline.
-    // Android -> Linux. Both '\r' and '\n' work as expected (execute a command).
-    // So when we receive '\n', we may need to convert it to '\r' to ensure compatibility.
-    // Desktop -> Desktop works fine.
-    // Check if we are on mobile or web(mobile), and convert '\n' to '\r'.
+    // Soft keyboards (notably iOS) emit '\n' when Enter is pressed, while a
+    // real keyboard's Enter sends '\r'. Some Android keyboards also emit '\n'.
+    // - Peer Windows: '\r' works, '\n' is just a newline.
+    // - Peer Linux: canonical-mode shells accept both, but raw-mode apps
+    //   (readline, prompt_toolkit, vim, TUI frameworks) expect '\r'.
+    // - Peer macOS: same as Linux, raw-mode apps expect '\r'
+    //   (https://github.com/rustdesk/rustdesk/issues/14907).
+    // So on mobile / web-mobile, always normalize a lone '\n' to '\r'.
+    // We deliberately do not touch multi-character payloads (e.g. pasted text)
+    // so embedded newlines in pasted content are preserved.
    final isMobileOrWebMobile = (isMobile || (isWeb && !isWebDesktop));
-    if (isMobileOrWebMobile && isPeerWindows && data == '\n') {
+    if (isMobileOrWebMobile && data == '\n') {
      data = '\r';
    }
    if (_terminalOpened) {
@@ -70,7 +75,10 @@ class TerminalModel with ChangeNotifier {
    terminalController = TerminalController();

    // Setup terminal callbacks
-    terminal.onOutput = _handleInput;
+    terminal.onOutput = (data) {
+      if (_suppressTerminalOutput) return;
+      _handleInput(data);
+    };

    terminal.onResize = (w, h, pw, ph) async {
      // Validate all dimensions before using them
@@ -84,7 +92,7 @@ class TerminalModel with ChangeNotifier {
        // Mark terminal view as ready and flush any buffered output on first valid resize.
        // Must be after onResizeExternal so the view layer has valid dimensions before flushing.
        if (!_terminalViewReady) {
-          _markViewReady();
+          _scheduleMarkViewReady();
        }

        if (_terminalOpened) {
@@ -110,14 +118,16 @@ class TerminalModel with ChangeNotifier {
  void onReady() {
    parent.dialogManager.dismissAll();

-    // Fire and forget - don't block onReady
-    openTerminal().catchError((e) {
+    // Fire and forget - don't block onReady. If the transport reconnects while
+    // this model is still open, re-send OpenTerminal so the remote service marks
+    // the persistent session active again and resumes output streaming.
+    openTerminal(force: _terminalOpened).catchError((e) {
      debugPrint('[TerminalModel] Error opening terminal: $e');
    });
  }

-  Future<void> openTerminal() async {
-    if (_terminalOpened) return;
+  Future<void> openTerminal({bool force = false}) async {
+    if (_terminalOpened && !force) return;
    // Request the remote side to open a terminal with default shell
    // The remote side will decide which shell to use based on its OS

@@ -275,9 +285,12 @@ class TerminalModel with ChangeNotifier {
    if (success) {
      _terminalOpened = true;

-      // On reconnect ("Reconnected to existing terminal"), server may replay recent output.
-      // If this TerminalView instance is reused (not rebuilt), duplicate lines can appear.
-      // We intentionally accept this tradeoff for now to keep logic simple.
+      // On reconnect, the server may replay recent output. That replay can include
+      // terminal queries like DSR/DA; xterm answers them through onOutput as
+      // "^[[1;1R^[[2;2R^[[>0;0;0c", which must not be sent back to the peer.
+      final replayTerminalOutput = evt['replay_terminal_output'];
+      _suppressNextTerminalDataOutput = replayTerminalOutput == true ||
+          message == 'Reconnected to existing terminal with pending output';

      // Fallback: if terminal view is not yet ready but already has valid
      // dimensions (e.g. layout completed before open response arrived),
@@ -285,7 +298,7 @@ class TerminalModel with ChangeNotifier {
      if (!_terminalViewReady &&
          terminal.viewWidth > 0 &&
          terminal.viewHeight > 0) {
-        _markViewReady();
+        _scheduleMarkViewReady();
      }

      // Process any buffered input
@@ -297,12 +310,16 @@ class TerminalModel with ChangeNotifier {
      });

      final persistentSessions =
-          evt['persistent_sessions'] as List<dynamic>? ?? [];
+          (evt['persistent_sessions'] as List<dynamic>? ?? [])
+              .whereType<int>()
+              .where((id) => !parent.terminalModels.containsKey(id))
+              .toList();
      if (kWindowId != null && persistentSessions.isNotEmpty) {
        DesktopMultiWindow.invokeMethod(
            kWindowId!,
            kWindowEventRestoreTerminalSessions,
            jsonEncode({
+              'peer_id': id,
              'persistent_sessions': persistentSessions,
            }));
      }
@@ -332,6 +349,8 @@ class TerminalModel with ChangeNotifier {
    final data = evt['data'];

    if (data != null) {
+      final suppressTerminalOutput = _suppressNextTerminalDataOutput;
+      _suppressNextTerminalDataOutput = false;
      try {
        String text = '';
        if (data is String) {
@@ -351,7 +370,7 @@ class TerminalModel with ChangeNotifier {
          return;
        }

-        _writeToTerminal(text);
+        _writeToTerminal(text, suppressTerminalOutput: suppressTerminalOutput);
      } catch (e) {
        debugPrint('[TerminalModel] Failed to process terminal data: $e');
      }
@@ -361,7 +380,10 @@ class TerminalModel with ChangeNotifier {
  /// Write text to terminal, buffering if the view is not yet ready.
  /// All terminal output should go through this method to avoid NaN errors
  /// from writing before the terminal view has valid layout dimensions.
-  void _writeToTerminal(String text) {
+  void _writeToTerminal(
+    String text, {
+    bool suppressTerminalOutput = false,
+  }) {
    if (!_terminalViewReady) {
      // If a single chunk exceeds the cap, keep only its tail.
      // Note: truncation may split a multi-byte ANSI escape sequence,
@@ -373,34 +395,73 @@ class TerminalModel with ChangeNotifier {
        _pendingOutputChunks
          ..clear()
          ..add(truncated);
+        _pendingOutputSuppressFlags
+          ..clear()
+          ..add(suppressTerminalOutput);
        _pendingOutputSize = truncated.length;
      } else {
        _pendingOutputChunks.add(text);
+        _pendingOutputSuppressFlags.add(suppressTerminalOutput);
        _pendingOutputSize += text.length;
        // Drop oldest chunks if exceeds limit (whole chunks to preserve ANSI sequences)
        while (_pendingOutputSize > _kMaxOutputBufferChars &&
            _pendingOutputChunks.length > 1) {
          final removed = _pendingOutputChunks.removeAt(0);
+          _pendingOutputSuppressFlags.removeAt(0);
          _pendingOutputSize -= removed.length;
        }
      }
      return;
    }
-    terminal.write(text);
+    _writeTerminalChunk(text, suppressTerminalOutput: suppressTerminalOutput);
  }

  void _flushOutputBuffer() {
    if (_pendingOutputChunks.isEmpty) return;
    debugPrint(
        '[TerminalModel] Flushing $_pendingOutputSize buffered chars (${_pendingOutputChunks.length} chunks)');
-    for (final chunk in _pendingOutputChunks) {
-      terminal.write(chunk);
+    for (var i = 0; i < _pendingOutputChunks.length; i++) {
+      _writeTerminalChunk(
+        _pendingOutputChunks[i],
+        suppressTerminalOutput: _pendingOutputSuppressFlags[i],
+      );
    }
    _pendingOutputChunks.clear();
+    _pendingOutputSuppressFlags.clear();
    _pendingOutputSize = 0;
  }

+  void _writeTerminalChunk(
+    String text, {
+    required bool suppressTerminalOutput,
+  }) {
+    if (!suppressTerminalOutput) {
+      terminal.write(text);
+      return;
+    }
+    final previous = _suppressTerminalOutput;
+    _suppressTerminalOutput = true;
+    try {
+      terminal.write(text);
+    } finally {
+      _suppressTerminalOutput = previous;
+    }
+  }
+
  /// Mark terminal view as ready and flush buffered output.
+  void _scheduleMarkViewReady() {
+    if (_disposed || _terminalViewReady || _markViewReadyScheduled) return;
+    _markViewReadyScheduled = true;
+    WidgetsBinding.instance.addPostFrameCallback((_) {
+      _markViewReadyScheduled = false;
+      if (_disposed || _terminalViewReady) return;
+      if (terminal.viewWidth > 0 && terminal.viewHeight > 0) {
+        _markViewReady();
+      }
+    });
+    WidgetsBinding.instance.ensureVisualUpdate();
+  }
+
  void _markViewReady() {
    if (_terminalViewReady) return;
    _terminalViewReady = true;
@@ -426,7 +487,10 @@ class TerminalModel with ChangeNotifier {
    // Clear buffers to free memory
    _inputBuffer.clear();
    _pendingOutputChunks.clear();
+    _pendingOutputSuppressFlags.clear();
    _pendingOutputSize = 0;
+    _markViewReadyScheduled = false;
+    _suppressNextTerminalDataOutput = false;
    // Terminal cleanup is handled server-side when service closes
    super.dispose();
  }
--- a/flutter/lib/native/font_manager.dart
+++ b/flutter/lib/native/font_manager.dart
@@ -0,0 +1,109 @@
+import 'dart:ffi' show Abi;
+import 'dart:io';
+import 'dart:typed_data';
+
+import 'package:flutter/foundation.dart';
+import 'package:flutter/services.dart';
+
+/// Font family name registered with [FontLoader] when a system CJK font is
+/// successfully loaded on ARM64 Linux.
+const kLinuxCjkFontFamily = 'SystemCJK';
+
+const _kFontSearchPaths = [
+  // Debian / Ubuntu (noto-fonts / fonts-noto-cjk)
+  '/usr/share/fonts/opentype/noto/NotoSansCJK-Regular.ttc',
+  '/usr/share/fonts/truetype/noto/NotoSansCJK-Regular.ttc',
+  '/usr/share/fonts/opentype/noto/NotoSansCJKsc-Regular.otf',
+  // Fedora / RHEL / Rocky (google-noto-sans-cjk-fonts)
+  '/usr/share/fonts/google-noto-cjk/NotoSansCJK-Regular.ttc',
+  '/usr/share/fonts/google-noto-sans-cjk-fonts/NotoSansCJK-Regular.ttc',
+  // Arch Linux (noto-fonts-cjk)
+  '/usr/share/fonts/noto-cjk/NotoSansCJK-Regular.ttc',
+  '/usr/share/fonts/noto-cjk/NotoSansCJKsc-Regular.otf',
+  // Generic fallback paths
+  '/usr/share/fonts/noto/NotoSansCJK-Regular.ttc',
+  '/usr/share/fonts/noto/NotoSansCJKsc-Regular.otf',
+  // WenQuanYi — commonly pre-installed on CJK-locale systems
+  '/usr/share/fonts/truetype/wqy/wqy-microhei.ttc',
+  '/usr/share/fonts/truetype/wqy/wqy-zenhei.ttc',
+  '/usr/share/fonts/wqy-microhei/wqy-microhei.ttc',
+  '/usr/share/fonts/wqy-zenhei/wqy-zenhei.ttc',
+];
+
+/// Loads a system CJK font on ARM64 Linux into Flutter's font registry via
+/// [FontLoader], working around the missing fontconfig support in the
+/// flutter-elinux engine (https://github.com/flutter/flutter/issues/139293).
+///
+/// Returns true if a CJK font was successfully loaded; false otherwise.
+/// On all other platforms this is a no-op and returns false immediately.
+Future<bool> loadSystemCJKFonts() async {
+  if (Abi.current() != Abi.linuxArm64) return false;
+
+  final path = await _findCjkFontPath();
+  if (path == null) {
+    debugPrint('ARM64 Linux: no CJK font found; CJK text may not render');
+    return false;
+  }
+
+  try {
+    final loader = FontLoader(kLinuxCjkFontFamily);
+    final bytes = await File(path).readAsBytes();
+    loader.addFont(Future.value(ByteData.view(bytes.buffer, bytes.offsetInBytes, bytes.lengthInBytes)));
+    await loader.load();
+    debugPrint('ARM64 Linux: loaded CJK font from $path');
+    return true;
+  } catch (e) {
+    debugPrint('ARM64 Linux: failed to load CJK font: $e');
+    return false;
+  }
+}
+
+Future<String?> _findCjkFontPath() async {
+  // Query fc-list for each CJK script separately.  Fonts present in all three
+  // sets (zh ∩ ja ∩ ko) are true pan-CJK fonts; prefer them so we don't
+  // accidentally pick a Chinese-only font that lacks Japanese kana or Korean
+  // hangul glyphs.  fc-list is a fontconfig CLI tool available on most Linux
+  // systems independent of whether the Flutter engine was built with fontconfig.
+  final byLang = <String, Set<String>>{};
+  for (final lang in const ['zh', 'ja', 'ko']) {
+    final paths = <String>{};
+    try {
+      final r =
+          await Process.run('fc-list', [':lang=$lang', '--format=%{file}\n']);
+      if (r.exitCode == 0) {
+        for (final line in r.stdout.toString().split('\n')) {
+          final p = line.trim();
+          if (p.isNotEmpty && File(p).existsSync()) paths.add(p);
+        }
+      }
+    } catch (e) {
+      debugPrint('ARM64 Linux: fc-list failed for lang=$lang: $e');
+    }
+    byLang[lang] = paths;
+  }
+
+  final panCjk = byLang['zh']!
+      .intersection(byLang['ja']!)
+      .intersection(byLang['ko']!);
+  final anyCjk =
+      byLang.values.fold(<String>{}, (acc, s) => acc..addAll(s));
+
+  // Among candidates, prefer well-known pan-CJK font families.
+  String? pick(Iterable<String> pool) {
+    const preferred = ['notosanscjk', 'sourcehansans', 'sourcehanserif'];
+    for (final name in preferred) {
+      for (final p in pool) {
+        if (p.toLowerCase().contains(name)) return p;
+      }
+    }
+    return pool.isNotEmpty ? pool.first : null;
+  }
+
+  final found = pick(panCjk) ?? pick(anyCjk);
+  if (found != null) return found;
+
+  for (final p in _kFontSearchPaths) {
+    if (File(p).existsSync()) return p;
+  }
+  return null;
+}
--- a/flutter/lib/web/bridge.dart
+++ b/flutter/lib/web/bridge.dart
@@ -2034,7 +2034,14 @@ class RustdeskImpl {
  }

  String mainResolveAvatarUrl({required String avatar, dynamic hint}) {
-    return js.context.callMethod('getByName', ['resolve_avatar_url', avatar])?.toString() ?? avatar;
+    return js.context.callMethod(
+            'getByName', ['resolve_avatar_url', avatar])?.toString() ??
+        avatar;
+  }
+
+  Future<String> mainDeployDevice(
+      {required String token, required String id, dynamic hint}) {
+    throw UnimplementedError("mainDeployDevice");
  }

  void dispose() {}
--- a/flutter/lib/web/font_manager.dart
+++ b/flutter/lib/web/font_manager.dart
@@ -0,0 +1,8 @@
+/// Web stub for `native/font_manager.dart`.
+///
+/// The native implementation depends on `dart:io` (Process/File/Platform) to
+/// load a system CJK font on ARM64 Linux, which cannot compile for the web
+/// target. The web build has no such fontconfig limitation, so this is a no-op.
+const kLinuxCjkFontFamily = 'SystemCJK';
+
+Future<bool> loadSystemCJKFonts() async => false;
--- a/flutter/ndk_arm.sh
+++ b/flutter/ndk_arm.sh
@@ -1,2 +1,2 @@
 #!/usr/bin/env bash
-cargo ndk --platform 21 --target armv7-linux-androideabi build --release --features flutter,hwcodec
+cargo ndk --platform 21 --target armv7-linux-androideabi build --locked --release --features flutter,hwcodec
--- a/flutter/ndk_arm64.sh
+++ b/flutter/ndk_arm64.sh
@@ -1,2 +1,2 @@
 #!/usr/bin/env bash
-cargo ndk --platform 21 --target aarch64-linux-android build --release --features flutter,hwcodec
+cargo ndk --platform 21 --target aarch64-linux-android build --locked --release --features flutter,hwcodec
--- a/flutter/ndk_x64.sh
+++ b/flutter/ndk_x64.sh
@@ -1,2 +1,2 @@
 #!/usr/bin/env bash
-cargo ndk --platform 21 --target x86_64-linux-android build --release --features flutter
+cargo ndk --platform 21 --target x86_64-linux-android build --locked --release --features flutter
--- a/flutter/ndk_x86.sh
+++ b/flutter/ndk_x86.sh
@@ -7,4 +7,4 @@
 export CFLAGS="-DBROKEN_CLANG_ATOMICS"
 export CXXFLAGS="-DBROKEN_CLANG_ATOMICS"

-cargo ndk --platform 21 --target i686-linux-android build --release --features flutter
+cargo ndk --platform 21 --target i686-linux-android build --locked --release --features flutter
--- a/flutter/pubspec.yaml
+++ b/flutter/pubspec.yaml
@@ -16,7 +16,7 @@ publish_to: "none" # Remove this line if you wish to publish to pub.dev
 # Read more about iOS versioning at
 # https://developer.apple.com/library/archive/documentation/General/Reference/InfoPlistKeyReference/Articles/CoreFoundationKeys.html
 # 1.1.9-1 works for android, but for ios it becomes 1.1.91, need to set it to 1.1.9-a.1 for iOS, will get 1.1.9.1, but iOS store not allow 4 numbers
-version: 1.4.6+64
+version: 1.4.8+66

 environment:
  sdk: '^3.1.0'
--- a/flutter/run.sh
+++ b/flutter/run.sh
@@ -1,9 +1,9 @@
 #!/usr/bin/env bash

-cargo install flutter_rust_bridge_codegen --version 1.80.1 --features uuid
+cargo install flutter_rust_bridge_codegen --version 1.80.1 --features uuid --locked
 flutter pub get
 ~/.cargo/bin/flutter_rust_bridge_codegen --rust-input ../src/flutter_ffi.rs --dart-output ./lib/generated_bridge.dart --c-output ./macos/Runner/bridge_generated.h
 # call `flutter clean` if cargo build fails
 # export LLVM_HOME=/Library/Developer/CommandLineTools/usr/
-cargo build --features flutter
+cargo build --locked --features flutter
 flutter run $@
--- a/flutter/test/autocomplete_peer_merge_test.dart
+++ b/flutter/test/autocomplete_peer_merge_test.dart
@@ -0,0 +1,148 @@
+import 'package:flutter_hbb/common/widgets/autocomplete.dart';
+import 'package:flutter_hbb/models/peer_model.dart';
+import 'package:flutter_test/flutter_test.dart';
+
+Peer _peer({
+  required String id,
+  String alias = '',
+  String username = '',
+  String hostname = '',
+  bool online = false,
+}) {
+  final peer = Peer(
+    id: id,
+    username: username,
+    hostname: hostname,
+    alias: alias,
+    platform: '',
+    tags: [],
+    hash: '',
+    password: '',
+    forceAlwaysRelay: false,
+    rdpPort: '',
+    rdpUsername: '',
+    loginName: '',
+    device_group_name: '',
+    note: '',
+  );
+  peer.online = online;
+  return peer;
+}
+
+void main() {
+  test('merged autocomplete peers keep address book metadata and online state',
+      () {
+    final peers = mergeAutocompletePeers(
+      addressBookPeers: [
+        _peer(id: '123456789', alias: 'Office PC', username: 'ab-user'),
+      ],
+      lanPeers: [
+        _peer(id: '123456789', username: 'lan-user', online: true),
+      ],
+    );
+
+    expect(peers, hasLength(1));
+    expect(peers.single.id, '123456789');
+    expect(peers.single.alias, 'Office PC');
+    expect(peers.single.username, 'ab-user');
+    expect(peers.single.online, isTrue);
+  });
+
+  test('peer copies preserve online state', () {
+    final peer = _peer(id: '987654321', online: true);
+
+    expect(Peer.copy(peer).online, isTrue);
+  });
+
+  test('online callbacks update autocomplete-only peers', () {
+    final peers = mergeAutocompletePeers(restRecentPeerIds: ['112233445']);
+
+    final changed = updateAutocompletePeerOnlineStates(
+      peers,
+      onlines: {'112233445'},
+      offlines: {},
+    );
+
+    expect(changed, isTrue);
+    expect(peers.single.online, isTrue);
+  });
+
+  test('online query ids are deduplicated and limited', () {
+    final peers = List.generate(
+      25,
+      (index) => _peer(id: index.toString()),
+    )..insert(1, _peer(id: '0'));
+
+    final ids = autocompleteOnlineQueryIds(peers, limit: 20);
+
+    expect(ids, hasLength(20));
+    expect(ids.first, '0');
+    expect(ids.where((id) => id == '0'), hasLength(1));
+    expect(ids.last, '19');
+  });
+
+  test('empty online query ids cancel pending debounce', () async {
+    final queriedIds = <List<String>>[];
+    final loader = AllPeersLoader(
+      queryOnlines: (ids) async {
+        queriedIds.add(ids);
+      },
+      queryOnlineDebounce: Duration(milliseconds: 1),
+    );
+
+    loader.queryOnlines([_peer(id: '123456789')]);
+    loader.queryOnlines([]);
+    await Future.delayed(Duration(milliseconds: 2));
+
+    expect(queriedIds, isEmpty);
+  });
+
+  test('failed online query enqueue does not suppress retry', () async {
+    var queryCount = 0;
+    final loader = AllPeersLoader(
+      queryOnlines: (ids) {
+        queryCount += 1;
+        return Future<void>.error(Exception('queue full'));
+      },
+      queryOnlineDebounce: Duration(milliseconds: 1),
+    );
+
+    loader.queryOnlines([_peer(id: '123456789')]);
+    await Future.delayed(Duration(milliseconds: 2));
+
+    loader.queryOnlines([_peer(id: '123456789')]);
+    await Future.delayed(Duration(milliseconds: 2));
+
+    expect(queryCount, 2);
+  });
+
+  test('online callback updates currently displayed options', () async {
+    final loader = AllPeersLoader(
+      queryOnlines: (ids) async {},
+      queryOnlineDebounce: Duration(milliseconds: 1),
+    );
+    final displayedOptions = [_peer(id: '123456789')];
+
+    loader.queryOnlines(displayedOptions);
+    loader.updateOnlineStateForTesting({
+      'onlines': '123456789',
+      'offlines': '',
+    });
+
+    expect(displayedOptions.single.online, isTrue);
+    await Future.delayed(Duration(milliseconds: 2));
+  });
+
+  test('cached online callback state is reapplied after peers merge', () {
+    final loader = AllPeersLoader();
+    loader.updateOnlineStateForTesting({
+      'onlines': '123456789',
+      'offlines': '',
+    });
+
+    final mergedPeers = [_peer(id: '123456789')];
+    loader.applyLastOnlineStateForTesting(mergedPeers);
+
+    expect(mergedPeers.single.online, isTrue);
+  });
+}
--- a/flutter/test/cm_demo.dart
+++ b/flutter/test/cm_demo.dart
@@ -0,0 +1,63 @@
+import 'package:flutter/material.dart';
+import 'package:flutter_hbb/common.dart';
+import 'package:flutter_hbb/consts.dart';
+import 'package:flutter_hbb/desktop/pages/server_page.dart';
+import 'package:flutter_hbb/desktop/widgets/tabbar_widget.dart';
+import 'package:flutter_hbb/main.dart';
+import 'package:flutter_hbb/models/server_model.dart';
+import 'package:flutter_localizations/flutter_localizations.dart';
+import 'package:get/get.dart';
+import 'package:window_manager/window_manager.dart';
+
+final testClients = [
+  Client(0, false, false, false, "UserAAAAAA", "123123123", true, false, false),
+  Client(1, false, false, false, "UserBBBBB", "221123123", true, false, false),
+  Client(2, false, false, false, "UserC", "331123123", true, false, false),
+  Client(3, false, false, false, "UserDDDDDDDDDDDd", "441123123", true, false,
+      false)
+];
+
+/// flutter run -d {platform} -t test/cm_demo.dart to test cm
+void main() async {
+  isTest = true;
+  WidgetsFlutterBinding.ensureInitialized();
+  await windowManager.ensureInitialized();
+  await windowManager.setSize(const Size(400, 600));
+  await windowManager.setAlignment(Alignment.topRight);
+  await initEnv(kAppTypeMain);
+  for (var client in testClients) {
+    gFFI.serverModel.clients.add(client);
+    gFFI.serverModel.tabController.add(TabInfo(
+        key: client.id.toString(),
+        label: client.name,
+        closable: false,
+        page: buildConnectionCard(client)));
+  }
+
+  runApp(GetMaterialApp(
+      debugShowCheckedModeBanner: false,
+      theme: MyTheme.lightTheme,
+      darkTheme: MyTheme.darkTheme,
+      themeMode: MyTheme.currentThemeMode(),
+      localizationsDelegates: const [
+        GlobalMaterialLocalizations.delegate,
+        GlobalWidgetsLocalizations.delegate,
+        GlobalCupertinoLocalizations.delegate,
+      ],
+      supportedLocales: supportedLocales,
+      home: const DesktopServerPage()));
+  WindowOptions windowOptions = getHiddenTitleBarWindowOptions(
+      size: kConnectionManagerWindowSizeClosedChat);
+  windowManager.waitUntilReadyToShow(windowOptions, () async {
+    await windowManager.show();
+    // ensure initial window size to be changed
+    await windowManager.setSize(kConnectionManagerWindowSizeClosedChat);
+    await Future.wait([
+      windowManager.setAlignment(Alignment.topRight),
+      windowManager.focus(),
+      windowManager.setOpacity(1)
+    ]);
+    // ensure
+    windowManager.setAlignment(Alignment.topRight);
+  });
+}
--- a/flutter/test/cm_test.dart
+++ b/flutter/test/cm_test.dart
@@ -1,62 +1,20 @@
-import 'package:flutter/material.dart';
-import 'package:flutter_hbb/common.dart';
-import 'package:flutter_hbb/consts.dart';
-import 'package:flutter_hbb/desktop/pages/server_page.dart';
-import 'package:flutter_hbb/desktop/widgets/tabbar_widget.dart';
-import 'package:flutter_hbb/main.dart';
-import 'package:flutter_hbb/models/server_model.dart';
-import 'package:flutter_localizations/flutter_localizations.dart';
-import 'package:get/get.dart';
-import 'package:window_manager/window_manager.dart';
+import 'package:flutter_test/flutter_test.dart';

-final testClients = [
-  Client(0, false, false, false, "UserAAAAAA", "123123123", true, false, false, false),
-  Client(1, false, false, false, "UserBBBBB", "221123123", true, false, false, false),
-  Client(2, false, false, false, "UserC", "331123123", true, false, false, false),
-  Client(3, false, false, false, "UserDDDDDDDDDDDd", "441123123", true, false, false, false)
-];
+import 'cm_demo.dart' as cm_demo;

-/// flutter run -d {platform} -t test/cm_test.dart to test cm
-void main(List<String> args) async {
-  isTest = true;
-  WidgetsFlutterBinding.ensureInitialized();
-  await windowManager.ensureInitialized();
-  await windowManager.setSize(const Size(400, 600));
-  await windowManager.setAlignment(Alignment.topRight);
-  await initEnv(kAppTypeMain);
-  for (var client in testClients) {
-    gFFI.serverModel.clients.add(client);
-    gFFI.serverModel.tabController.add(TabInfo(
-        key: client.id.toString(),
-        label: client.name,
-        closable: false,
-        page: buildConnectionCard(client)));
-  }
-
-  runApp(GetMaterialApp(
-      debugShowCheckedModeBanner: false,
-      theme: MyTheme.lightTheme,
-      darkTheme: MyTheme.darkTheme,
-      themeMode: MyTheme.currentThemeMode(),
-      localizationsDelegates: const [
-        GlobalMaterialLocalizations.delegate,
-        GlobalWidgetsLocalizations.delegate,
-        GlobalCupertinoLocalizations.delegate,
-      ],
-      supportedLocales: supportedLocales,
-      home: const DesktopServerPage()));
-  WindowOptions windowOptions = getHiddenTitleBarWindowOptions(
-      size: kConnectionManagerWindowSizeClosedChat);
-  windowManager.waitUntilReadyToShow(windowOptions, () async {
-    await windowManager.show();
-    // ensure initial window size to be changed
-    await windowManager.setSize(kConnectionManagerWindowSizeClosedChat);
-    await Future.wait([
-      windowManager.setAlignment(Alignment.topRight),
-      windowManager.focus(),
-      windowManager.setOpacity(1)
+void main() {
+  test('connection manager demo clients match the current Client API', () {
+    expect(cm_demo.testClients, hasLength(4));
+    expect(cm_demo.testClients.map((client) => client.name), [
+      'UserAAAAAA',
+      'UserBBBBB',
+      'UserC',
+      'UserDDDDDDDDDDDd',
    ]);
-    // ensure
-    windowManager.setAlignment(Alignment.topRight);
+    expect(
+      cm_demo.testClients.every(
+          (client) => client.keyboard && !client.clipboard && !client.audio),
+      isTrue,
+    );
  });
 }
--- a/flutter/test/server_settings_dialog_test.dart
+++ b/flutter/test/server_settings_dialog_test.dart
@@ -0,0 +1,38 @@
+import 'package:flutter/material.dart';
+import 'package:flutter_test/flutter_test.dart';
+import 'package:flutter_hbb/mobile/widgets/dialog.dart';
+
+void main() {
+  testWidgets('server settings text fields preserve literal input',
+      (tester) async {
+    final controller = TextEditingController(text: 'AbCdR1c1E=');
+    addTearDown(controller.dispose);
+
+    await tester.pumpWidget(MaterialApp(
+      home: Scaffold(
+        body: serverSettingsTextFormField(
+          label: 'Key',
+          controller: controller,
+          errorMsg: '',
+          autofocus: true,
+        ),
+      ),
+    ));
+
+    final textField = tester.widget<TextField>(find.byType(TextField));
+
+    expect(textField.controller, controller);
+    expect(textField.autofocus, isTrue);
+    expect(textField.keyboardType, TextInputType.visiblePassword);
+    expect(textField.textCapitalization, TextCapitalization.none);
+    expect(textField.autocorrect, isFalse);
+    expect(textField.enableSuggestions, isFalse);
+    expect(textField.smartDashesType, SmartDashesType.disabled);
+    expect(textField.smartQuotesType, SmartQuotesType.disabled);
+    expect(textField.enableIMEPersonalizedLearning, isFalse);
+    expect(
+      textField.spellCheckConfiguration,
+      const SpellCheckConfiguration.disabled(),
+    );
+  });
+}
--- a/libs/clipboard/src/windows/wf_cliprdr.c
+++ b/libs/clipboard/src/windows/wf_cliprdr.c
@@ -39,6 +39,28 @@

 #define CLIPRDR_SVC_CHANNEL_NAME "cliprdr"

+/* Maximum number of clipboard streams accepted from a remote peer (integer overflow / DoS guard) */
+#define WF_CLIPRDR_MAX_STREAMS 16384
+
+/* Validates the remote descriptor array size after cItems has been read safely. */
+static BOOL wf_cliprdr_file_group_descriptor_size_valid(SIZE_T size, UINT count)
+{
+	SIZE_T header_size = offsetof(FILEGROUPDESCRIPTORW, fgd);
+	SIZE_T descriptors_size;
+
+	if (count == 0 || count > WF_CLIPRDR_MAX_STREAMS)
+		return FALSE;
+
+	if (size < header_size)
+		return FALSE;
+
+	if ((SIZE_T)count > (((SIZE_T)-1) - header_size) / sizeof(FILEDESCRIPTORW))
+		return FALSE;
+
+	descriptors_size = header_size + (SIZE_T)count * sizeof(FILEDESCRIPTORW);
+	return size >= descriptors_size;
+}
+
 /**
 * Clipboard Formats
 */
@@ -224,6 +246,7 @@ struct wf_clipboard

 	HWND hwnd;
 	HANDLE hmem;
+	SIZE_T hmem_data_len;
 	HANDLE thread;
 	HANDLE formatDataRespEvent;
 	BOOL formatDataRespReceived;
@@ -629,6 +652,50 @@ void CliprdrStream_Delete(CliprdrStream *instance)
 	}
 }

+static void wf_cliprdr_release_streams(IStream **streams, ULONG count)
+{
+	ULONG i;
+
+	if (!streams)
+		return;
+
+	for (i = 0; i < count; i++)
+	{
+		if (streams[i])
+			CliprdrStream_Release(streams[i]);
+	}
+
+	free(streams);
+}
+
+static void wf_cliprdr_reset_streams(CliprdrDataObject *instance)
+{
+	if (!instance)
+		return;
+
+	wf_cliprdr_release_streams(instance->m_pStream, instance->m_nStreams);
+	instance->m_pStream = NULL;
+	instance->m_nStreams = 0;
+}
+
+/* Only call after clipboard->hmem has been locked by GlobalLock. */
+static HRESULT wf_cliprdr_fail_locked_file_descriptor_data(wfClipboard *clipboard,
+															STGMEDIUM *medium,
+															CliprdrDataObject *instance,
+															IStream **streams,
+															ULONG stream_count,
+															HRESULT error)
+{
+	GlobalUnlock(clipboard->hmem);
+	GlobalFree(clipboard->hmem);
+	clipboard->hmem = NULL;
+	clipboard->hmem_data_len = 0;
+	medium->hGlobal = NULL;
+	wf_cliprdr_release_streams(streams, stream_count);
+	wf_cliprdr_reset_streams(instance);
+	return error;
+}
+
 /**
 * IDataObject
 */
@@ -747,6 +814,9 @@ static HRESULT STDMETHODCALLTYPE CliprdrDataObject_GetData(IDataObject *This, FO
 	{
 		// FILEGROUPDESCRIPTOR *dsc;
 		FILEGROUPDESCRIPTORW *dsc;
+		IStream **streams = NULL;
+		UINT stream_count = 0;
+		SIZE_T hmem_size;
 		// DWORD remote_format_id = get_remote_format_id(clipboard, instance->m_pFormatEtc[idx].cfFormat);
 		// FIXME: origin code may be failed here???
 		if (cliprdr_send_data_request(instance->m_connID, clipboard, instance->m_pFormatEtc[idx].cfFormat) != 0)
@@ -764,40 +834,48 @@ static HRESULT STDMETHODCALLTYPE CliprdrDataObject_GetData(IDataObject *This, FO
 		 * is the number of FILEDESCRIPTOR's */
 		// dsc = (FILEGROUPDESCRIPTOR *)GlobalLock(clipboard->hmem);
 		dsc = (FILEGROUPDESCRIPTORW *)GlobalLock(clipboard->hmem);
-		instance->m_nStreams = dsc->cItems;
-		GlobalUnlock(clipboard->hmem);
-
-		if (instance->m_nStreams > 0)
+		if (!dsc)
 		{
-			if (!instance->m_pStream)
-			{
-				instance->m_pStream = (LPSTREAM *)calloc(instance->m_nStreams, sizeof(LPSTREAM));
-
-				if (instance->m_pStream)
-				{
-					for (i = 0; i < instance->m_nStreams; i++)
-					{
-						instance->m_pStream[i] =
-							(IStream *)CliprdrStream_New(instance->m_connID, i, clipboard, &dsc->fgd[i]);
-
-						if (!instance->m_pStream[i])
-							return E_OUTOFMEMORY;
-					}
-				}
-			}
-		}
-
-		if (!instance->m_pStream)
-		{
-			if (clipboard->hmem)
-			{
-				GlobalFree(clipboard->hmem);
-				clipboard->hmem = NULL;
-			}
-
 			pMedium->hGlobal = NULL;
-			return E_OUTOFMEMORY;
+			GlobalFree(clipboard->hmem);
+			clipboard->hmem = NULL;
+			clipboard->hmem_data_len = 0;
+			wf_cliprdr_reset_streams(instance);
+			return E_UNEXPECTED;
 		}
+
+		hmem_size = clipboard->hmem_data_len;
+		/* cItems is remote-controlled; verify the fixed header exists before reading it. */
+		if (hmem_size < offsetof(FILEGROUPDESCRIPTORW, fgd))
+			return wf_cliprdr_fail_locked_file_descriptor_data(
+			    clipboard, pMedium, instance, NULL, 0, E_UNEXPECTED);
+
+		stream_count = dsc->cItems;
+		if (!wf_cliprdr_file_group_descriptor_size_valid(hmem_size, stream_count))
+			return wf_cliprdr_fail_locked_file_descriptor_data(
+			    clipboard, pMedium, instance, NULL, 0, E_UNEXPECTED);
+
+		streams = (IStream **)calloc(stream_count, sizeof(IStream *));
+		if (!streams)
+			return wf_cliprdr_fail_locked_file_descriptor_data(
+			    clipboard, pMedium, instance, NULL, 0, E_OUTOFMEMORY);
+
+		for (i = 0; i < stream_count; i++)
+		{
+			streams[i] =
+			    (IStream *)CliprdrStream_New(instance->m_connID, i, clipboard, &dsc->fgd[i]);
+			if (!streams[i])
+			{
+				return wf_cliprdr_fail_locked_file_descriptor_data(
+				    clipboard, pMedium, instance, streams, i, E_OUTOFMEMORY);
+			}
+		}
+
+		GlobalUnlock(clipboard->hmem);
+		wf_cliprdr_reset_streams(instance);
+		instance->m_pStream = streams;
+		instance->m_nStreams = stream_count;
+		return S_OK;
 	}
 	else if (instance->m_pFormatEtc[idx].cfFormat == RegisterClipboardFormat(CFSTR_FILECONTENTS))
 	{
@@ -2161,16 +2239,16 @@ static BOOL wf_cliprdr_add_to_file_arrays(wfClipboard *clipboard, WCHAR *full_fi
 		return FALSE;

 	/* add to name array */
-	clipboard->file_names[clipboard->nFiles] = (LPWSTR)malloc((size_t)MAX_PATH * sizeof(WCHAR));
-
-	if (!clipboard->file_names[clipboard->nFiles])
-		return FALSE;
-
 	// `MAX_PATH` is long enough for the file name.
 	// So we just return FALSE if the file name is too long, which is not a normal case.
 	if ((wcslen(full_file_name) + 1) > MAX_PATH)
 		return FALSE;

+	clipboard->file_names[clipboard->nFiles] = (LPWSTR)calloc(MAX_PATH, sizeof(WCHAR));
+
+	if (!clipboard->file_names[clipboard->nFiles])
+		return FALSE;
+
 	wcsncpy_s(clipboard->file_names[clipboard->nFiles], MAX_PATH, full_file_name, wcslen(full_file_name) + 1);
 	/* add to descriptor array */
 	clipboard->fileDescriptor[clipboard->nFiles] =
@@ -2778,6 +2856,7 @@ wf_cliprdr_server_format_data_response(CliprdrClientContext *context,
 			break;
 		}
 		clipboard->hmem = NULL;
+		clipboard->hmem_data_len = 0;

 		if (formatDataResponse->msgFlags != CB_RESPONSE_OK)
 		{
@@ -2811,6 +2890,7 @@ wf_cliprdr_server_format_data_response(CliprdrClientContext *context,
 			break;
 		}

+		clipboard->hmem_data_len = formatDataResponse->dataLen;
 		clipboard->hmem = hMem;
 		rc = CHANNEL_RC_OK;
 	} while (0);
--- a/libs/hbb_common
+++ b/libs/hbb_common
--- a/libs/portable/Cargo.toml
+++ b/libs/portable/Cargo.toml
@@ -1,6 +1,6 @@
 [package]
 name = "rustdesk-portable-packer"
-version = "1.4.6"
+version = "1.4.8"
 edition = "2021"
 description = "RustDesk Remote Desktop"

--- a/libs/portable/generate.py
+++ b/libs/portable/generate.py
@@ -2,6 +2,7 @@

 import os
 import optparse
+import subprocess
 from hashlib import md5
 import brotli
 import datetime
@@ -65,11 +66,15 @@ def write_app_metadata(output_folder: str):
    print(f"App metadata has been written to {output_path}")

 def build_portable(output_folder: str, target: str):
-    os.chdir(output_folder)
-    if target:
-        os.system("cargo build --release --target " + target)
-    else:
-        os.system("cargo build --release")
+    current_dir = os.getcwd()
+    try:
+        os.chdir(output_folder)
+        cmd = ["cargo", "build", "--locked", "--release"]
+        if target:
+            cmd.extend(["--target", target])
+        subprocess.run(cmd, check=True)
+    finally:
+        os.chdir(current_dir)

 # Linux: python3 generate.py -f ../rustdesk-portable-packer/test -o . -e ./test/main.py
 # Windows: python3 .\generate.py -f ..\rustdesk\flutter\build\windows\runner\Debug\ -o . -e ..\rustdesk\flutter\build\windows\runner\Debug\rustdesk.exe
--- a/libs/scrap/build.rs
+++ b/libs/scrap/build.rs
@@ -47,7 +47,7 @@ fn link_vcpkg(mut path: PathBuf, name: &str) -> PathBuf {
            format!("{}-{}", target_arch, target_os)
        }
    } else if target_os == "windows" {
-        "x64-windows-static".to_owned()
+        format!("{}-windows-static", target_arch)
    } else {
        format!("{}-{}", target_arch, target_os)
    };
--- a/libs/scrap/src/dxgi/mag.rs
+++ b/libs/scrap/src/dxgi/mag.rs
@@ -52,6 +52,33 @@ lazy_static::lazy_static! {
    static ref MAG_BUFFER: Mutex<(bool, Vec<u8>)> =  Default::default();
 }

+fn find_windows(cls: &str, name: &str) -> Result<Vec<HWND>> {
+    let name_c = CString::new(name)?;
+    let cls_c = if cls.is_empty() {
+        None
+    } else {
+        Some(CString::new(cls)?)
+    };
+    let mut hwnds = Vec::new();
+    unsafe {
+        let mut after = NULL as _;
+        loop {
+            let hwnd = FindWindowExA(
+                NULL as _,
+                after,
+                cls_c.as_ref().map_or(NULL as _, |c| c.as_ptr()),
+                name_c.as_ptr(),
+            );
+            if hwnd.is_null() {
+                break;
+            }
+            hwnds.push(hwnd);
+            after = hwnd;
+        }
+    }
+    Ok(hwnds)
+}
+
 pub type REFWICPixelFormatGUID = *const GUID;
 pub type WICPixelFormatGUID = GUID;

@@ -247,6 +274,8 @@ pub struct CapturerMag {
    rect: RECT,
    width: usize,
    height: usize,
+    excluded_window_target: Option<(String, String)>,
+    excluded_windows: Vec<HWND>,
 }

 impl Drop for CapturerMag {
@@ -261,6 +290,10 @@ impl CapturerMag {
        MagInterface::new().is_ok()
    }

+    // This captures through the legacy Windows Magnification API. Do not infer
+    // multi-monitor capture support from privacy overlay coverage: WebRTC also
+    // disables its magnifier capturer when SM_CMONITORS != 1.
+    // https://webrtc.googlesource.com/src/+/1845922d5a1bf9c27deeffb4a8c8daea124434c1/modules/desktop_capture/win/screen_capturer_win_magnifier.cc
    pub(crate) fn new(origin: (i32, i32), width: usize, height: usize) -> Result<Self> {
        unsafe {
            let x = GetSystemMetrics(SM_XVIRTUALSCREEN);
@@ -305,6 +338,8 @@ impl CapturerMag {
            },
            width,
            height,
+            excluded_window_target: None,
+            excluded_windows: Vec::new(),
        };

        unsafe {
@@ -436,19 +471,41 @@ impl CapturerMag {
    }

    pub(crate) fn exclude(&mut self, cls: &str, name: &str) -> Result<bool> {
-        let name_c = CString::new(name)?;
+        let mut hwnds = find_windows(cls, name)?;
+        hwnds.sort_unstable_by_key(|hwnd| *hwnd as usize);
+        self.excluded_window_target = Some((cls.to_owned(), name.to_owned()));
+        if hwnds.is_empty() {
+            self.excluded_windows.clear();
+            return Ok(false);
+        }
+
+        self.exclude_windows(&mut hwnds)?;
+        self.excluded_windows = hwnds;
+        Ok(true)
+    }
+
+    fn refresh_excluded_windows(&mut self) -> Result<()> {
+        let Some((cls, name)) = self.excluded_window_target.as_ref() else {
+            return Ok(());
+        };
+        let mut hwnds = find_windows(cls, name)?;
+        hwnds.sort_unstable_by_key(|hwnd| *hwnd as usize);
+        // This runs from frame() because refreshed privacy overlays get new
+        // HWNDs. It is only used on the legacy magnifier backend while privacy
+        // mode is active; if it shows up as hot-path cost, throttle this check.
+        // Keep the previous filter list while privacy windows are being recreated.
+        if hwnds.is_empty() || hwnds == self.excluded_windows {
+            return Ok(());
+        }
+
+        self.exclude_windows(&mut hwnds)?;
+        self.excluded_windows = hwnds;
+        Ok(())
+    }
+
+    fn exclude_windows(&mut self, hwnds: &mut [HWND]) -> Result<bool> {
+        let count = hwnds.len() as _;
        unsafe {
-            let mut hwnd = if cls.len() == 0 {
-                FindWindowExA(NULL as _, NULL as _, NULL as _, name_c.as_ptr())
-            } else {
-                let cls_c = CString::new(cls).unwrap();
-                FindWindowExA(NULL as _, NULL as _, cls_c.as_ptr(), name_c.as_ptr())
-            };
-
-            if hwnd.is_null() {
-                return Ok(false);
-            }
-
            if let Some(set_window_filter_list_func) =
                self.mag_interface.set_window_filter_list_func
            {
@@ -456,16 +513,15 @@ impl CapturerMag {
                    == set_window_filter_list_func(
                        self.magnifier_window,
                        MW_FILTERMODE_EXCLUDE,
-                        1,
-                        &mut hwnd,
+                        count,
+                        hwnds.as_mut_ptr(),
                    )
                {
                    return Err(Error::new(
                        ErrorKind::Other,
                        format!(
-                            "Failed MagSetWindowFilterList for cls {} name {}, error {}",
-                            cls,
-                            name,
+                            "Failed MagSetWindowFilterList for {} windows, error {}",
+                            count,
                            Error::last_os_error()
                        ),
                    ));
@@ -496,6 +552,7 @@ impl CapturerMag {
    }

    pub(crate) fn frame(&mut self, data: &mut Vec<u8>) -> Result<()> {
+        self.refresh_excluded_windows()?;
        Self::clear_data();

        unsafe {
--- a/libs/scrap/src/wayland/pipewire.rs
+++ b/libs/scrap/src/wayland/pipewire.rs
@@ -276,12 +276,21 @@ impl PipeWireRecorder {
        // see: https://gitlab.freedesktop.org/pipewire/pipewire/-/issues/982
        src.set_property("always-copy", &true)?;

+        // COSMIC/Wayland fix: insert videoconvert between pipewiresrc and appsink.
+        // xdg-desktop-portal-cosmic's modifier negotiation fails when the downstream
+        // format set is too narrow (appsink only accepts BGRx/RGBx), producing
+        // "no more output formats" / not-negotiated (-4). videoconvert accepts any
+        // system-memory video/x-raw format, widening negotiation so the portal can
+        // settle on a format it can deliver via its SHM path.
+        let convert = gst::ElementFactory::make("videoconvert", None)?;
+
        let sink = gst::ElementFactory::make("appsink", None)?;
        sink.set_property("drop", &true)?;
        sink.set_property("max-buffers", &1u32)?;

-        pipeline.add_many(&[&src, &sink])?;
-        src.link(&sink)?;
+        pipeline.add_many(&[&src, &convert, &sink])?;
+        src.link(&convert)?;
+        convert.link(&sink)?;

        let appsink = sink
            .dynamic_cast::<AppSink>()
--- a/res/PKGBUILD
+++ b/res/PKGBUILD
@@ -1,5 +1,5 @@
 pkgname=rustdesk
-pkgver=1.4.6
+pkgver=1.4.8
 pkgrel=0
 epoch=
 pkgdesc=""
--- a/res/bump.sh
+++ b/res/bump.sh
@@ -1,3 +1,3 @@
 #! /usr/bin/env bash
-sed -i "s/$1/$2/g" res/*spec res/PKGBUILD flutter/pubspec.yaml Cargo.toml .github/workflows/*yml flatpak/*json appimage/*yml libs/portable/Cargo.toml
+sed -i "s/\b$1\b/$2/g" res/*spec res/PKGBUILD flutter/pubspec.yaml Cargo.toml .github/workflows/*yml flatpak/*json appimage/*yml libs/portable/Cargo.toml
 cargo run # to bump version in cargo lock
--- a/res/msi/CustomActions/CustomActions.cpp
+++ b/res/msi/CustomActions/CustomActions.cpp
@@ -31,17 +31,17 @@ LExit:
    return WcaFinalize(er);
 }

-// Helper function to safely delete a file or directory using handle-based deletion.
-// This avoids TOCTOU (Time-Of-Check-Time-Of-Use) race conditions.
+// Helper function to safely delete a file using handle-based deletion.
+// Directories are refused after opening the handle.
 BOOL SafeDeleteItem(LPCWSTR fullPath)
 {
-    // Open the file/directory with DELETE access and FILE_FLAG_OPEN_REPARSE_POINT
+    // Open the file/directory with delete and attribute-read access plus FILE_FLAG_OPEN_REPARSE_POINT
    // to prevent following symlinks.
    // Use shared access to allow deletion even when other processes have the file open.
    DWORD flags = FILE_FLAG_BACKUP_SEMANTICS | FILE_FLAG_OPEN_REPARSE_POINT;
    HANDLE hFile = CreateFileW(
        fullPath,
-        DELETE,
+        DELETE | FILE_READ_ATTRIBUTES,
        FILE_SHARE_READ | FILE_SHARE_WRITE | FILE_SHARE_DELETE,  // Allow shared access
        NULL,
        OPEN_EXISTING,
@@ -55,6 +55,21 @@ BOOL SafeDeleteItem(LPCWSTR fullPath)
        return FALSE;
    }

+    BY_HANDLE_FILE_INFORMATION fileInfo;
+    if (FALSE == GetFileInformationByHandle(hFile, &fileInfo))
+    {
+        WcaLog(LOGMSG_STANDARD, "SafeDeleteItem: Failed to inspect '%ls'. Error: %lu", fullPath, GetLastError());
+        CloseHandle(hFile);
+        return FALSE;
+    }
+
+    if (fileInfo.dwFileAttributes & FILE_ATTRIBUTE_DIRECTORY)
+    {
+        WcaLog(LOGMSG_STANDARD, "SafeDeleteItem: Refusing to delete directory '%ls'.", fullPath);
+        CloseHandle(hFile);
+        return FALSE;
+    }
+
    // Use SetFileInformationByHandle to mark for deletion.
    // The file will be deleted when the handle is closed.
    FILE_DISPOSITION_INFO dispInfo;
@@ -77,98 +92,74 @@ BOOL SafeDeleteItem(LPCWSTR fullPath)
    return result;
 }

-// Helper function to recursively delete a directory's contents with detailed logging.
-void RecursiveDelete(LPCWSTR path)
+BOOL PathEndsWithSlash(LPCWSTR path)
 {
-    // Ensure the path is not empty or null.
-    if (path == NULL || path[0] == L'\0')
+    size_t length = 0;
+    HRESULT hr = StringCchLengthW(path, MAX_PATH, &length);
+    if (FAILED(hr) || length == 0)
+    {
+        return FALSE;
+    }
+
+    WCHAR last = path[length - 1];
+    return last == L'\\' || last == L'/';
+}
+
+void ClearReadOnlyAttribute(LPCWSTR fullPath, DWORD attributes)
+{
+    if (!(attributes & FILE_ATTRIBUTE_READONLY))
    {
        return;
    }

-    // Extra safety: never operate directly on a root path.
-    if (PathIsRootW(path))
+    DWORD writableAttributes = attributes & ~FILE_ATTRIBUTE_READONLY;
+    if (writableAttributes == 0)
    {
-        WcaLog(LOGMSG_STANDARD, "RecursiveDelete: refusing to operate on root path '%ls'.", path);
+        writableAttributes = FILE_ATTRIBUTE_NORMAL;
+    }
+
+    if (SetFileAttributesW(fullPath, writableAttributes))
+    {
+        WcaLog(LOGMSG_STANDARD, "Runtime cleanup cleared read-only attribute for '%ls'.", fullPath);
        return;
    }

-    // MAX_PATH is enough here since the installer should not be using longer paths.
-    // No need to handle extended-length paths (\\?\) in this context.
-    WCHAR searchPath[MAX_PATH];
-    HRESULT hr = StringCchPrintfW(searchPath, MAX_PATH, L"%s\\*", path);
-    if (FAILED(hr)) {
-        WcaLog(LOGMSG_STANDARD, "RecursiveDelete: Path too long to enumerate: %ls", path);
-        return;
+    WcaLog(LOGMSG_STANDARD, "Runtime cleanup failed to clear read-only attribute for '%ls'. Error: %lu", fullPath, GetLastError());
+}
+
+BOOL DeleteRuntimeGeneratedFile(LPCWSTR installFolder, LPCWSTR fileName)
+{
+    WCHAR fullPath[MAX_PATH];
+    LPCWSTR separator = PathEndsWithSlash(installFolder) ? L"" : L"\\";
+    HRESULT hr = StringCchPrintfW(fullPath, MAX_PATH, L"%s%s%s", installFolder, separator, fileName);
+    if (FAILED(hr))
+    {
+        WcaLog(LOGMSG_STANDARD, "Runtime cleanup path is too long for '%ls'.", fileName);
+        return FALSE;
    }

-    WIN32_FIND_DATAW findData;
-    HANDLE hFind = FindFirstFileW(searchPath, &findData);
-
-    if (hFind == INVALID_HANDLE_VALUE)
+    DWORD attributes = GetFileAttributesW(fullPath);
+    if (attributes == INVALID_FILE_ATTRIBUTES)
    {
-        // This can happen if the directory is empty or doesn't exist, which is not an error in our case.
-        WcaLog(LOGMSG_STANDARD, "RecursiveDelete: Failed to enumerate directory '%ls'. It may be missing or inaccessible. Error: %lu", path, GetLastError());
-        return;
+        DWORD error = GetLastError();
+        if (error == ERROR_FILE_NOT_FOUND || error == ERROR_PATH_NOT_FOUND)
+        {
+            return TRUE;
+        }
+
+        WcaLog(LOGMSG_STANDARD, "Runtime cleanup cannot stat '%ls'. Error: %lu", fullPath, error);
+        return FALSE;
    }

-    do
+    if (attributes & FILE_ATTRIBUTE_DIRECTORY)
    {
-        // Skip '.' and '..' directories.
-        if (wcscmp(findData.cFileName, L".") == 0 || wcscmp(findData.cFileName, L"..") == 0)
-        {
-            continue;
-        }
-
-        // MAX_PATH is enough here since the installer should not be using longer paths.
-        // No need to handle extended-length paths (\\?\) in this context.
-        WCHAR fullPath[MAX_PATH];
-        hr = StringCchPrintfW(fullPath, MAX_PATH, L"%s\\%s", path, findData.cFileName);
-        if (FAILED(hr)) {
-            WcaLog(LOGMSG_STANDARD, "RecursiveDelete: Path too long for item '%ls' in '%ls', skipping.", findData.cFileName, path);
-            continue;
-        }
-
-        // Before acting, ensure the read-only attribute is not set.
-        if (findData.dwFileAttributes & FILE_ATTRIBUTE_READONLY)
-        {
-            if (FALSE == SetFileAttributesW(fullPath, findData.dwFileAttributes & ~FILE_ATTRIBUTE_READONLY))
-            {
-                WcaLog(LOGMSG_STANDARD, "RecursiveDelete: Failed to remove read-only attribute. Error: %lu", GetLastError());
-            }
-        }
-
-        if (findData.dwFileAttributes & FILE_ATTRIBUTE_DIRECTORY)
-        {
-            // Check for reparse points (symlinks/junctions) to prevent directory traversal attacks.
-            // Do not follow reparse points, only remove the link itself.
-            if (findData.dwFileAttributes & FILE_ATTRIBUTE_REPARSE_POINT)
-            {
-                WcaLog(LOGMSG_STANDARD, "RecursiveDelete: Not recursing into reparse point (symlink/junction), deleting link itself: %ls", fullPath);
-                SafeDeleteItem(fullPath);
-            }
-            else
-            {
-                // Recursively delete directory contents first
-                RecursiveDelete(fullPath);
-                // Then delete the directory itself
-                SafeDeleteItem(fullPath);
-            }
-        }
-        else
-        {
-            // Delete file using safe handle-based deletion
-            SafeDeleteItem(fullPath);
-        }
-    } while (FindNextFileW(hFind, &findData) != 0);
-
-    DWORD lastError = GetLastError();
-    if (lastError != ERROR_NO_MORE_FILES)
-    {
-        WcaLog(LOGMSG_STANDARD, "RecursiveDelete: FindNextFileW failed with error %lu", lastError);
+        WcaLog(LOGMSG_STANDARD, "Runtime cleanup skipped directory '%ls'.", fullPath);
+        return FALSE;
    }

-    FindClose(hFind);
+    ClearReadOnlyAttribute(fullPath, attributes);
+    WcaLog(LOGMSG_STANDARD, "Runtime cleanup deleting '%ls'.", fullPath);
+    return SafeDeleteItem(fullPath);
 }

 // See `Package.wxs` for the sequence of this custom action.
@@ -178,13 +169,13 @@ void RecursiveDelete(LPCWSTR path)
 //   2. RemoveExistingProducts
 //      ├─ TerminateProcesses
 //      ├─ TryStopDeleteService
-//      ├─ RemoveInstallFolder - <-- Here
+//      ├─ RemoveRuntimeGeneratedFiles - <-- Here
 //      └─ RemoveFiles
 //   3. InstallValidate
 //   4. InstallFiles
 //   5. InstallExecute
 //   6. InstallFinalize
-UINT __stdcall RemoveInstallFolder(
+UINT __stdcall RemoveRuntimeGeneratedFiles(
    __in MSIHANDLE hInstall)
 {
    HRESULT hr = S_OK;
@@ -194,7 +185,7 @@ UINT __stdcall RemoveInstallFolder(
    LPWSTR pwz = NULL;
    LPWSTR pwzData = NULL;

-    hr = WcaInitialize(hInstall, "RemoveInstallFolder");
+    hr = WcaInitialize(hInstall, "RemoveRuntimeGeneratedFiles");
    ExitOnFailure(hr, "Failed to initialize");

    hr = WcaGetProperty(L"CustomActionData", &pwzData);
@@ -202,24 +193,20 @@ UINT __stdcall RemoveInstallFolder(

    pwz = pwzData;
    hr = WcaReadStringFromCaData(&pwz, &installFolder);
-    ExitOnFailure(hr, "failed to read database key from custom action data: %ls", pwz);
+    ExitOnFailure(hr, "failed to read install folder from custom action data: %ls", pwz);

    if (installFolder == NULL || installFolder[0] == L'\0') {
-        WcaLog(LOGMSG_STANDARD, "Install folder path is empty, skipping recursive delete.");
+        WcaLog(LOGMSG_STANDARD, "Install folder path is empty, skipping runtime cleanup.");
        goto LExit;
    }

    if (PathIsRootW(installFolder)) {
-        WcaLog(LOGMSG_STANDARD, "Refusing to recursively delete root folder '%ls'.", installFolder);
+        WcaLog(LOGMSG_STANDARD, "Refusing runtime cleanup in root folder '%ls'.", installFolder);
        goto LExit;
    }

-    WcaLog(LOGMSG_STANDARD, "Attempting to recursively delete contents of install folder: %ls", installFolder);
-
-    RecursiveDelete(installFolder);
-
-    // The standard MSI 'RemoveFolders' action will take care of removing the (now empty) directories.
-    // We don't need to call RemoveDirectoryW on installFolder itself, as it might still be in use by the installer.
+    WcaLog(LOGMSG_STANDARD, "Removing runtime-generated files from install folder: %ls", installFolder);
+    DeleteRuntimeGeneratedFile(installFolder, L"RuntimeBroker_rustdesk.exe");

 LExit:
    ReleaseStr(pwzData);
--- a/res/msi/CustomActions/CustomActions.def
+++ b/res/msi/CustomActions/CustomActions.def
@@ -2,7 +2,7 @@ LIBRARY "CustomActions"

 EXPORTS
    CustomActionHello
-    RemoveInstallFolder
+    RemoveRuntimeGeneratedFiles
    TerminateProcesses
    AddFirewallRules
    SetPropertyIsServiceRunning
--- a/res/msi/CustomActions/CustomActions.vcxproj
+++ b/res/msi/CustomActions/CustomActions.vcxproj
@@ -7,6 +7,10 @@
      <Configuration>Release</Configuration>
      <Platform>x64</Platform>
    </ProjectConfiguration>
+    <ProjectConfiguration Include="Release|ARM64">
+      <Configuration>Release</Configuration>
+      <Platform>ARM64</Platform>
+    </ProjectConfiguration>
  </ItemGroup>
  <PropertyGroup Label="Globals">
    <Keyword>Win32Proj</Keyword>
@@ -22,6 +26,12 @@
    <WholeProgramOptimization>true</WholeProgramOptimization>
    <CharacterSet>Unicode</CharacterSet>
  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|ARM64'" Label="Configuration">
+    <ConfigurationType>DynamicLibrary</ConfigurationType>
+    <UseDebugLibraries>false</UseDebugLibraries>
+    <WholeProgramOptimization>true</WholeProgramOptimization>
+    <CharacterSet>Unicode</CharacterSet>
+  </PropertyGroup>
  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
  <ImportGroup Label="ExtensionSettings">
  </ImportGroup>
@@ -30,6 +40,9 @@
  <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
  </ImportGroup>
+  <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Release|ARM64'">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
  <PropertyGroup Label="UserMacros" />
  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
    <ClCompile>
@@ -53,6 +66,28 @@
      <ModuleDefinitionFile>CustomActions.def</ModuleDefinitionFile>
    </Link>
  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|ARM64'">
+    <ClCompile>
+      <WarningLevel>Level3</WarningLevel>
+      <FunctionLevelLinking>true</FunctionLevelLinking>
+      <IntrinsicFunctions>true</IntrinsicFunctions>
+      <SDLCheck>true</SDLCheck>
+      <PreprocessorDefinitions>NDEBUG;EXAMPLECADLL_EXPORTS;_WINDOWS;_USRDLL;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <ConformanceMode>true</ConformanceMode>
+      <PrecompiledHeader>Use</PrecompiledHeader>
+      <PrecompiledHeaderFile>pch.h</PrecompiledHeaderFile>
+      <RuntimeLibrary>MultiThreaded</RuntimeLibrary>
+    </ClCompile>
+    <Link>
+      <AdditionalDependencies>msi.lib;version.lib;%(AdditionalDependencies)</AdditionalDependencies>
+      <SubSystem>Windows</SubSystem>
+      <EnableCOMDATFolding>true</EnableCOMDATFolding>
+      <OptimizeReferences>true</OptimizeReferences>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <EnableUAC>false</EnableUAC>
+      <ModuleDefinitionFile>CustomActions.def</ModuleDefinitionFile>
+    </Link>
+  </ItemDefinitionGroup>
  <ItemGroup>
    <ClInclude Include="Common.h" />
    <ClInclude Include="framework.h" />
@@ -65,6 +100,7 @@
    <ClCompile Include="FirewallRules.cpp" />
    <ClCompile Include="pch.cpp">
      <PrecompiledHeader Condition="'$(Configuration)|$(Platform)'=='Release|x64'">Create</PrecompiledHeader>
+      <PrecompiledHeader Condition="'$(Configuration)|$(Platform)'=='Release|ARM64'">Create</PrecompiledHeader>
    </ClCompile>
    <ClCompile Include="ReadConfig.cpp" />
    <ClCompile Include="RemotePrinter.cpp" />
--- a/res/msi/Package/Components/Folders.wxs
+++ b/res/msi/Package/Components/Folders.wxs
@@ -16,8 +16,15 @@
 		<!-- If a command line value was stored, restore it after the registry search has been performed -->
 		<SetProperty Action="RestoreSavedInstallFolderValue" Id="INSTALLFOLDER" Value="[SavedInstallFolderCmdLineValue]" After="AppSearch" Sequence="first" Condition="SavedInstallFolderCmdLineValue" />

-		<!-- If a command line value or registry value was set, update the main properties with the value -->
-		<SetProperty Id="INSTALLFOLDER_INNER" Value="[INSTALLFOLDER]" After="RestoreSavedInstallFolderValue" Sequence="first" Condition="INSTALLFOLDER" />
+		<!-- Normalize INSTALLFOLDER from the command line or registry before assigning INSTALLFOLDER_INNER. -->
+		<!-- Case 1: already ends with \$(var.Product)\, keep it unchanged. -->
+		<SetProperty Action="SetInstallFolderInnerFromProductDir" Id="INSTALLFOLDER_INNER" Value="[INSTALLFOLDER]" After="RestoreSavedInstallFolderValue" Sequence="first" Condition="INSTALLFOLDER AND INSTALLFOLDER ~&gt;&gt; &quot;\$(var.Product)\&quot;" />
+		<!-- Case 2: already ends with \$(var.Product) but has no trailing slash, add the slash. -->
+		<SetProperty Action="SetInstallFolderInnerFromProductDirNoSlash" Id="INSTALLFOLDER_INNER" Value="[INSTALLFOLDER]\" After="RestoreSavedInstallFolderValue" Sequence="first" Condition="INSTALLFOLDER AND INSTALLFOLDER ~&gt;&gt; &quot;\$(var.Product)&quot;" />
+		<!-- Case 3: ends with a slash but not \$(var.Product)\, append $(var.Product)\. -->
+		<SetProperty Action="SetInstallFolderInnerAppendProduct" Id="INSTALLFOLDER_INNER" Value="[INSTALLFOLDER]$(var.Product)\" After="RestoreSavedInstallFolderValue" Sequence="first" Condition="INSTALLFOLDER AND INSTALLFOLDER ~&gt;&gt; &quot;\&quot; AND NOT (INSTALLFOLDER ~&gt;&gt; &quot;\$(var.Product)\&quot; OR INSTALLFOLDER ~&gt;&gt; &quot;\$(var.Product)&quot;)" />
+		<!-- Case 4: has no trailing slash and does not end with \$(var.Product), append \$(var.Product)\. -->
+		<SetProperty Action="SetInstallFolderInnerAppendSlashProduct" Id="INSTALLFOLDER_INNER" Value="[INSTALLFOLDER]\$(var.Product)\" After="RestoreSavedInstallFolderValue" Sequence="first" Condition="INSTALLFOLDER AND NOT INSTALLFOLDER ~&gt;&gt; &quot;\&quot; AND NOT (INSTALLFOLDER ~&gt;&gt; &quot;\$(var.Product)\&quot; OR INSTALLFOLDER ~&gt;&gt; &quot;\$(var.Product)&quot;)" />

 		<!-- INSTALLFOLDER_INNER is defined for compatibility with previous versions of the installer. -->
 		<!-- Because we need to use INSTALLFOLDER as the command line argument. -->
--- a/res/msi/Package/Components/RustDesk.wxs
+++ b/res/msi/Package/Components/RustDesk.wxs
@@ -12,7 +12,7 @@
 			</Component>
 		</DirectoryRef>

-		<CustomAction Id="RemoveInstallFolder.SetParam" Return="check" Property="RemoveInstallFolder" Value="[INSTALLFOLDER_INNER]" />
+		<CustomAction Id="RemoveRuntimeGeneratedFiles.SetParam" Return="check" Property="RemoveRuntimeGeneratedFiles" Value="[INSTALLFOLDER_INNER]" />
 		<CustomAction Id="AddFirewallRules.SetParam" Return="check" Property="AddFirewallRules" Value="1[INSTALLFOLDER_INNER]$(var.Product).exe" />
 		<CustomAction Id="RemoveFirewallRules.SetParam" Return="check" Property="RemoveFirewallRules" Value="0[INSTALLFOLDER_INNER]$(var.Product).exe" />
 		<CustomAction Id="CreateStartService.SetParam" Return="check" Property="CreateStartService" Value="$(var.Product);&quot;[INSTALLFOLDER_INNER]$(var.Product).exe&quot; --service" />
@@ -67,7 +67,7 @@
 			Some msi packages reset the `VersionNT` value to 1000 on Windows 10.
 			https://www.advancedinstaller.com/user-guide/qa-OS-dependent-install.html -->
 			<!-- Remote printer also works on Win8.1 in my test. -->
-			<Custom Action="InstallPrinter" Before="InstallFinalize" Condition="VersionNT &gt;= 603 AND PRINTER = 1 OR PRINTER = &quot;Y&quot; OR PRINTER = &quot;y&quot;" />
+			<Custom Action="InstallPrinter" Before="InstallFinalize" Condition="VersionNT &gt;= 603 AND (PRINTER = 1 OR PRINTER = &quot;Y&quot; OR PRINTER = &quot;y&quot;)" />
 			<Custom Action="InstallPrinter.SetParam" Before="InstallPrinter" Condition="VersionNT &gt;= 603" />

 			<!--Workaround of "fire:FirewallException". If Outbound="Yes" or Outbound="true", the following error occurs.-->
@@ -77,21 +77,21 @@

 			<Custom Action="AddRegSoftwareSASGeneration" Before="InstallFinalize" Condition="NOT (Installed AND REMOVE AND NOT UPGRADINGPRODUCTCODE) AND (NOT CC_CONNECTION_TYPE=&quot;outgoing&quot;)"/>

-			<Custom Action="RemoveInstallFolder" Before="RemoveFiles"/>
-			<Custom Action="RemoveInstallFolder.SetParam" Before="RemoveInstallFolder"/>
-			<Custom Action="TryStopDeleteService" Before="RemoveInstallFolder.SetParam" />
+			<Custom Action="RemoveRuntimeGeneratedFiles" Before="RemoveFiles" Condition="Installed AND (REMOVE=&quot;ALL&quot; OR UPGRADINGPRODUCTCODE)"/>
+			<Custom Action="RemoveRuntimeGeneratedFiles.SetParam" Before="RemoveRuntimeGeneratedFiles" Condition="Installed AND (REMOVE=&quot;ALL&quot; OR UPGRADINGPRODUCTCODE)"/>
+			<Custom Action="TryStopDeleteService" Before="RemoveRuntimeGeneratedFiles.SetParam" />
 			<Custom Action="TryStopDeleteService.SetParam" Before="TryStopDeleteService" />

 			<Custom Action="RemoveFirewallRules" Before="RemoveFiles"/>
 			<Custom Action="RemoveFirewallRules.SetParam" Before="RemoveFirewallRules"/>

-			<Custom Action="UninstallPrinter" Before="RemoveInstallFolder" Condition="VersionNT &gt;= 603" />
+			<Custom Action="UninstallPrinter" Before="RemoveRuntimeGeneratedFiles" Condition="VersionNT &gt;= 603" />

-			<Custom Action="TerminateProcesses" Before="RemoveInstallFolder"/>
+			<Custom Action="TerminateProcesses" Before="RemoveRuntimeGeneratedFiles"/>
 			<Custom Action="TerminateProcesses.SetParam" Before="TerminateProcesses"/>
-			<Custom Action="TerminateBrokers" Before="RemoveInstallFolder"/>
+			<Custom Action="TerminateBrokers" Before="RemoveRuntimeGeneratedFiles"/>
 			<Custom Action="TerminateBrokers.SetParam" Before="TerminateBrokers"/>
-			<Custom Action="RemoveAmyuniIdd" Before="RemoveInstallFolder"/>
+			<Custom Action="RemoveAmyuniIdd" Before="RemoveRuntimeGeneratedFiles"/>
 			<Custom Action="RemoveAmyuniIdd.SetParam" Before="RemoveAmyuniIdd"/>
 		</InstallExecuteSequence>

--- a/res/msi/Package/Fragments/CustomActions.wxs
+++ b/res/msi/Package/Fragments/CustomActions.wxs
@@ -5,7 +5,7 @@
 		<Binary Id="Custom_Actions_Dll" SourceFile="$(var.CustomActions.TargetDir)$(var.CustomActions.TargetName).dll" />

 		<CustomAction Id="CustomActionHello" DllEntry="CustomActionHello" Impersonate="yes" Execute="immediate" Return="ignore" BinaryRef="Custom_Actions_Dll"/>
-		<CustomAction Id="RemoveInstallFolder" DllEntry="RemoveInstallFolder" Impersonate="no" Execute="deferred" Return="ignore" BinaryRef="Custom_Actions_Dll"/>
+		<CustomAction Id="RemoveRuntimeGeneratedFiles" DllEntry="RemoveRuntimeGeneratedFiles" Impersonate="no" Execute="deferred" Return="ignore" BinaryRef="Custom_Actions_Dll"/>
 		<CustomAction Id="TerminateProcesses" DllEntry="TerminateProcesses" Impersonate="yes" Execute="immediate" Return="ignore" BinaryRef="Custom_Actions_Dll"/>
 		<CustomAction Id="TerminateBrokers" DllEntry="TerminateProcesses" Impersonate="yes" Execute="immediate" Return="ignore" BinaryRef="Custom_Actions_Dll"/>
 		<CustomAction Id="AddFirewallRules" DllEntry="AddFirewallRules" Impersonate="no" Execute="deferred" Return="ignore" BinaryRef="Custom_Actions_Dll"/>
--- a/res/msi/Package/Fragments/ShortcutProperties.wxs
+++ b/res/msi/Package/Fragments/ShortcutProperties.wxs
@@ -4,17 +4,17 @@
 		<?include ..\Includes.wxi?>

 		<!--
-		Properties and related actions for specifying whether to install start menu/desktop shortcuts.
+		Properties and related actions for specifying whether to install shortcuts and the printer.
 		-->

 		<!-- These are the actual properties that get used in conditions to determine whether to
-				 install start menu shortcuts, they are initialized with a default value to install shortcuts.
-				 They should not be set directly from the command line or registry, instead the CREATE* properties
-				 below should be set, then they will update these properties with their values only if set. -->
+				 install start menu shortcuts or the printer. Shortcut properties default to install;
+				 PRINTER defaults to not install. The CREATE* properties below update shortcut
+				 properties from command line, bundle, or registry values. -->
 		<Property Id="STARTMENUSHORTCUTS" Value="1" Secure="yes"></Property>
 		<Property Id="DESKTOPSHORTCUTS" Value="1" Secure="yes"></Property>
 		<Property Id="STARTUPSHORTCUTS" Value="1" Secure="yes"></Property>
-		<Property Id="PRINTER" Value="1" Secure="yes"></Property>
+		<Property Id="PRINTER" Secure="yes"></Property>

 		<!-- These properties get set from either the command line, bundle or registry value,
 				 if set they update the properties above with their value. -->
@@ -77,7 +77,11 @@
 		<!-- If a command line value or registry value was set, update the main properties with the value -->
 		<SetProperty Id="STARTMENUSHORTCUTS" Value="" After="RestoreSavedStartMenuShortcutsValue" Sequence="first" Condition="CREATESTARTMENUSHORTCUTS AND NOT (CREATESTARTMENUSHORTCUTS = 1 OR CREATESTARTMENUSHORTCUTS = &quot;Y&quot; OR CREATESTARTMENUSHORTCUTS = &quot;y&quot;)" />
 		<SetProperty Id="DESKTOPSHORTCUTS" Value="" After="RestoreSavedDesktopShortcutsValue" Sequence="first" Condition="CREATEDESKTOPSHORTCUTS AND NOT (CREATEDESKTOPSHORTCUTS = 1 OR CREATEDESKTOPSHORTCUTS = &quot;Y&quot; OR CREATEDESKTOPSHORTCUTS = &quot;y&quot;)" />
-		<SetProperty Id="PRINTER" Value="" After="RestoreSavedPrinterValue" Sequence="first" Condition="INSTALLPRINTER AND NOT (INSTALLPRINTER = 1 OR INSTALLPRINTER = &quot;Y&quot; OR INSTALLPRINTER = &quot;y&quot;)" />
+		<!-- PRINTER defaults to empty now, so a saved or command-line INSTALLPRINTER=1
+				 must explicitly enable the main PRINTER property. Non-truthy INSTALLPRINTER
+				 values still clear PRINTER so upgrades preserve an explicit disabled choice. -->
+		<SetProperty Action="SetPrinterValueEnabled" Id="PRINTER" Value="1" After="RestoreSavedPrinterValue" Sequence="first" Condition="INSTALLPRINTER = 1 OR INSTALLPRINTER = &quot;Y&quot; OR INSTALLPRINTER = &quot;y&quot;" />
+		<SetProperty Action="SetPrinterValueDisabled" Id="PRINTER" Value="" After="SetPrinterValueEnabled" Sequence="first" Condition="INSTALLPRINTER AND NOT (INSTALLPRINTER = 1 OR INSTALLPRINTER = &quot;Y&quot; OR INSTALLPRINTER = &quot;y&quot;)" />

 	</Fragment>
 </Wix>
--- a/res/msi/Package/Package.wixproj
+++ b/res/msi/Package/Package.wixproj
@@ -3,7 +3,7 @@
    <IncludeSearchPaths>
    </IncludeSearchPaths>
    <Configurations>Release</Configurations>
-    <Platforms>x64</Platforms>
+    <Platforms>x64;ARM64</Platforms>
  </PropertyGroup>
  <ItemGroup>
    <Content Include="Includes.wxi" />
--- a/res/msi/Package/UI/MyInstallDlg.wxs
+++ b/res/msi/Package/UI/MyInstallDlg.wxs
@@ -23,12 +23,13 @@ Patch dialog sequence:
 -->

 <Wix xmlns="http://wixtoolset.org/schemas/v4/wxs" xmlns:ui="http://wixtoolset.org/schemas/v4/wxs/ui">
+    <?include ../Includes.wxi?>
    <?foreach WIXUIARCH in X86;X64;A64 ?>
    <Fragment>
        <UI Id="UI_MyInstallDialog_$(WIXUIARCH)">
            <Publish Dialog="LicenseAgreementDlg" Control="Print" Event="DoAction" Value="WixUIPrintEula_$(WIXUIARCH)" />
            <Publish Dialog="BrowseDlg" Control="OK" Event="DoAction" Value="WixUIValidatePath_$(WIXUIARCH)" Order="3" Condition="NOT WIXUI_DONTVALIDATEPATH" />
-            <Publish Dialog="MyInstallDirDlg" Control="Next" Event="DoAction" Value="WixUIValidatePath_$(WIXUIARCH)" Order="2" Condition="NOT WIXUI_DONTVALIDATEPATH" />
+            <Publish Dialog="MyInstallDirDlg" Control="Next" Event="DoAction" Value="WixUIValidatePath_$(WIXUIARCH)" Order="5" Condition="NOT WIXUI_DONTVALIDATEPATH" />
        </UI>

        <UIRef Id="UI_MyInstallDialog" />
@@ -64,9 +65,16 @@ Patch dialog sequence:
            <Publish Dialog="LicenseAgreementDlg" Control="Next" Event="NewDialog" Value="MyInstallDirDlg" Condition="LicenseAccepted = &quot;1&quot;" />

            <Publish Dialog="MyInstallDirDlg" Control="Back" Event="NewDialog" Value="LicenseAgreementDlg" />
-            <Publish Dialog="MyInstallDirDlg" Control="Next" Event="SetTargetPath" Value="[WIXUI_INSTALLDIR]" Order="1" />
-            <Publish Dialog="MyInstallDirDlg" Control="Next" Event="SpawnDialog" Value="InvalidDirDlg" Order="3" Condition="NOT WIXUI_DONTVALIDATEPATH AND WIXUI_INSTALLDIR_VALID&lt;&gt;&quot;1&quot;" />
-            <Publish Dialog="MyInstallDirDlg" Control="Next" Event="NewDialog" Value="VerifyReadyDlg" Order="4" Condition="WIXUI_DONTVALIDATEPATH OR WIXUI_INSTALLDIR_VALID=&quot;1&quot;" />
+            <!-- Normalize INSTALLFOLDER_INNER before SetTargetPath and WixUIValidatePath run. -->
+            <!-- UI case 1: already ends with \$(var.Product) but has no trailing slash, add the slash. -->
+            <Publish Dialog="MyInstallDirDlg" Control="Next" Property="INSTALLFOLDER_INNER" Value="[INSTALLFOLDER_INNER]\" Order="1" Condition="INSTALLFOLDER_INNER AND INSTALLFOLDER_INNER ~&gt;&gt; &quot;\$(var.Product)&quot;" />
+            <!-- UI case 2: ends with a slash but not \$(var.Product)\, append $(var.Product)\. -->
+            <Publish Dialog="MyInstallDirDlg" Control="Next" Property="INSTALLFOLDER_INNER" Value="[INSTALLFOLDER_INNER]$(var.Product)\" Order="2" Condition="INSTALLFOLDER_INNER AND INSTALLFOLDER_INNER ~&gt;&gt; &quot;\&quot; AND NOT (INSTALLFOLDER_INNER ~&gt;&gt; &quot;\$(var.Product)\&quot; OR INSTALLFOLDER_INNER ~&gt;&gt; &quot;\$(var.Product)&quot;)" />
+            <!-- UI case 3: has no trailing slash and does not end with \$(var.Product), append \$(var.Product)\. -->
+            <Publish Dialog="MyInstallDirDlg" Control="Next" Property="INSTALLFOLDER_INNER" Value="[INSTALLFOLDER_INNER]\$(var.Product)\" Order="3" Condition="INSTALLFOLDER_INNER AND NOT INSTALLFOLDER_INNER ~&gt;&gt; &quot;\&quot; AND NOT (INSTALLFOLDER_INNER ~&gt;&gt; &quot;\$(var.Product)\&quot; OR INSTALLFOLDER_INNER ~&gt;&gt; &quot;\$(var.Product)&quot;)" />
+            <Publish Dialog="MyInstallDirDlg" Control="Next" Event="SetTargetPath" Value="[WIXUI_INSTALLDIR]" Order="4" />
+            <Publish Dialog="MyInstallDirDlg" Control="Next" Event="SpawnDialog" Value="InvalidDirDlg" Order="6" Condition="NOT WIXUI_DONTVALIDATEPATH AND WIXUI_INSTALLDIR_VALID&lt;&gt;&quot;1&quot;" />
+            <Publish Dialog="MyInstallDirDlg" Control="Next" Event="NewDialog" Value="VerifyReadyDlg" Order="7" Condition="WIXUI_DONTVALIDATEPATH OR WIXUI_INSTALLDIR_VALID=&quot;1&quot;" />
            <Publish Dialog="MyInstallDirDlg" Control="ChangeFolder" Property="_BrowseProperty" Value="[WIXUI_INSTALLDIR]" Order="1" />
            <Publish Dialog="MyInstallDirDlg" Control="ChangeFolder" Event="SpawnDialog" Value="BrowseDlg" Order="2" />
            <Publish Dialog="VerifyReadyDlg" Control="Back" Event="NewDialog" Value="MyInstallDirDlg" Order="1" Condition="NOT Installed" />
--- a/res/msi/msi.sln
+++ b/res/msi/msi.sln
@@ -10,12 +10,17 @@ EndProject
 Global
 	GlobalSection(SolutionConfigurationPlatforms) = preSolution
 		Release|x64 = Release|x64
+		Release|ARM64 = Release|ARM64
 	EndGlobalSection
 	GlobalSection(ProjectConfigurationPlatforms) = postSolution
 		{F403A403-CEFF-4399-B51C-CC646C8E98CF}.Release|x64.ActiveCfg = Release|x64
 		{F403A403-CEFF-4399-B51C-CC646C8E98CF}.Release|x64.Build.0 = Release|x64
+		{F403A403-CEFF-4399-B51C-CC646C8E98CF}.Release|ARM64.ActiveCfg = Release|ARM64
+		{F403A403-CEFF-4399-B51C-CC646C8E98CF}.Release|ARM64.Build.0 = Release|ARM64
 		{6B3647E0-B4A3-46AE-8757-A22EE51C1DAC}.Release|x64.ActiveCfg = Release|x64
 		{6B3647E0-B4A3-46AE-8757-A22EE51C1DAC}.Release|x64.Build.0 = Release|x64
+		{6B3647E0-B4A3-46AE-8757-A22EE51C1DAC}.Release|ARM64.ActiveCfg = Release|ARM64
+		{6B3647E0-B4A3-46AE-8757-A22EE51C1DAC}.Release|ARM64.Build.0 = Release|ARM64
 	EndGlobalSection
 	GlobalSection(SolutionProperties) = preSolution
 		HideSolutionNode = FALSE
--- a/res/osx-dist.sh
+++ b/res/osx-dist.sh
@@ -1,7 +1,7 @@
 #!/usr/bin/env bash

 echo $MACOS_CODESIGN_IDENTITY
-cargo install flutter_rust_bridge_codegen --version 1.80.1 --features uuid
+cargo install flutter_rust_bridge_codegen --version 1.80.1 --features uuid --locked
 cd flutter; flutter pub get; cd -
 ~/.cargo/bin/flutter_rust_bridge_codegen --rust-input ./src/flutter_ffi.rs --dart-output ./flutter/lib/generated_bridge.dart --c-output ./flutter/macos/Runner/bridge_generated.h
 ./build.py --flutter
--- a/res/rpm-flutter-suse.spec
+++ b/res/rpm-flutter-suse.spec
@@ -1,5 +1,5 @@
 Name:       rustdesk
-Version:    1.4.6
+Version:    1.4.8
 Release:    0
 Summary:    RPM package
 License:    GPL-3.0
--- a/res/rpm-flutter.spec
+++ b/res/rpm-flutter.spec
@@ -1,5 +1,5 @@
 Name:       rustdesk
-Version:    1.4.6
+Version:    1.4.8
 Release:    0
 Summary:    RPM package
 License:    GPL-3.0
--- a/res/rpm.spec
+++ b/res/rpm.spec
@@ -1,5 +1,5 @@
 Name:       rustdesk
-Version:    1.4.6
+Version:    1.4.8
 Release:    0
 Summary:    RPM package
 License:    GPL-3.0
--- a/res/vcpkg/ffmpeg/portfile.cmake
+++ b/res/vcpkg/ffmpeg/portfile.cmake
@@ -130,14 +130,18 @@ elseif(VCPKG_TARGET_IS_WINDOWS)
 --cc=cl \
 --enable-gpl \
 --enable-d3d11va \
--enable-cuda \
--enable-ffnvcodec \
--enable-hwaccel=h264_nvdec \
--enable-hwaccel=hevc_nvdec \
 --enable-hwaccel=h264_d3d11va \
 --enable-hwaccel=hevc_d3d11va \
 --enable-hwaccel=h264_d3d11va2 \
 --enable-hwaccel=hevc_d3d11va2 \
+")
+
+    if(VCPKG_TARGET_ARCHITECTURE STREQUAL "x86" OR VCPKG_TARGET_ARCHITECTURE STREQUAL "x64")
+        string(APPEND OPTIONS "\
+--enable-cuda \
+--enable-ffnvcodec \
+--enable-hwaccel=h264_nvdec \
+--enable-hwaccel=hevc_nvdec \
 --enable-amf \
 --enable-encoder=h264_amf \
 --enable-encoder=hevc_amf \
@@ -147,6 +151,7 @@ elseif(VCPKG_TARGET_IS_WINDOWS)
 --enable-encoder=h264_qsv \
 --enable-encoder=hevc_qsv \
 ")
+    endif()

    if(VCPKG_TARGET_ARCHITECTURE STREQUAL "x86")
        set(LIB_MACHINE_ARG /machine:x86)
@@ -154,6 +159,9 @@ elseif(VCPKG_TARGET_IS_WINDOWS)
    elseif(VCPKG_TARGET_ARCHITECTURE STREQUAL "x64")
        set(LIB_MACHINE_ARG /machine:x64)
        string(APPEND OPTIONS " --arch=x86_64")
+    elseif(VCPKG_TARGET_ARCHITECTURE STREQUAL "arm64")
+        set(LIB_MACHINE_ARG /machine:arm64)
+        string(APPEND OPTIONS " --arch=aarch64 --enable-cross-compile")
    else()
        message(FATAL_ERROR "Unsupported target architecture")
    endif()
--- a/src/client.rs
+++ b/src/client.rs
@@ -96,6 +96,8 @@ pub mod screenshot;

 pub const MILLI1: Duration = Duration::from_millis(1);
 pub const SEC30: Duration = Duration::from_secs(30);
+// Empirical restart reconnect grace window.
+const RESTART_REMOTE_DEVICE_GRACE: Duration = Duration::from_secs(5 * 60);
 pub const VIDEO_QUEUE_SIZE: usize = 120;
 const MAX_DECODE_FAIL_COUNTER: usize = 3;

@@ -1740,7 +1742,10 @@ pub struct LoginConfigHandler {
    features: Option<Features>,
    pub session_id: u64, // used for local <-> server communication
    pub supported_encoding: SupportedEncoding,
-    pub restarting_remote_device: bool,
+    restarting_remote_device: bool,
+    // Start time of the restart grace window. On Windows the peer may briefly
+    // reconnect before the real reboot disconnect.
+    restart_remote_device_at: Option<Instant>,
    pub force_relay: bool,
    pub direct: Option<bool>,
    pub received: bool,
@@ -1849,7 +1854,7 @@ impl LoginConfigHandler {
        }
        self.session_id = sid;
        self.supported_encoding = Default::default();
-        self.restarting_remote_device = false;
+        self.clear_restarting_remote_device();
        self.force_relay =
            config::option2bool("force-always-relay", &self.get_option("force-always-relay"))
                || force_relay
@@ -2779,6 +2784,30 @@ impl LoginConfigHandler {
        msg_out
    }

+    pub fn mark_restarting_remote_device(&mut self) {
+        self.restarting_remote_device = true;
+        self.restart_remote_device_at = Some(Instant::now());
+    }
+
+    pub fn clear_restarting_remote_device(&mut self) {
+        self.restarting_remote_device = false;
+        self.restart_remote_device_at = None;
+    }
+
+    pub fn is_restarting_remote_device(&self) -> bool {
+        if !self.restarting_remote_device {
+            return false;
+        }
+        // Keep this flag alive for a short grace window instead of clearing it on
+        // connection_ready or the first peer bytes. During OS restart the peer can
+        // briefly reconnect before the real reboot disconnect, and clearing it too
+        // early would let the next disconnect escape the restart flow and fall back
+        // to the normal error dialog / manual reconnect path.
+        self.restart_remote_device_at
+            .map(|started_at| started_at.elapsed() < RESTART_REMOTE_DEVICE_GRACE)
+            .unwrap_or(false)
+    }
+
    pub fn get_conn_token(&self) -> Option<String> {
        if self.password.is_empty() {
            return None;
@@ -3718,9 +3747,18 @@ pub trait Interface: Send + Clone + 'static + Sized {
    fn on_establish_connection_error(&self, err: String) {
        let title = "Connection Error";
        let text = err.to_string();
-        let lc = self.get_lch();
-        let direct = lc.read().unwrap().direct;
-        let received = lc.read().unwrap().received;
+        let lch = self.get_lch();
+        let (is_restarting, direct, received) = {
+            let lc = lch.read().unwrap();
+            (lc.is_restarting_remote_device(), lc.direct, lc.received)
+        };
+        if is_restarting {
+            log::info!("Restart remote device, suppress connection error: {err}");
+            // Flutter treats this as a reconnect control event. The text is kept
+            // for legacy UI and existing translation reuse.
+            self.msgbox("restarting", "Restarting remote device", "Connection in progress. Please wait.", "");
+            return;
+        }

        let mut relay_hint = false;
        let mut relay_hint_type = "relay-hint";
--- a/src/client/io_loop.rs
+++ b/src/client/io_loop.rs
@@ -10,6 +10,10 @@ use crate::{
    common::get_default_sound_input,
    ui_session_interface::{InvokeUiSession, Session},
 };
+
+// Empirical no-data window before exposing the restart reconnect state to the UI.
+// Restart msgbox text is kept as a legacy UI fallback; Flutter handles the type as a control event.
+const RESTART_REMOTE_DEVICE_NO_DATA_TIMEOUT: Duration = Duration::from_secs(5);
 #[cfg(feature = "unix-file-copy-paste")]
 use crate::{clipboard::try_empty_clipboard_files, clipboard_file::unix_file_clip};
 #[cfg(any(
@@ -153,7 +157,6 @@ impl<T: InvokeUiSession> Remote<T> {
            }
        };

-        let mut last_recv_time = Instant::now();
        let mut received = false;
        let conn_type = if self.handler.is_file_transfer() {
            ConnType::FILE_TRANSFER
@@ -219,6 +222,7 @@ impl<T: InvokeUiSession> Remote<T> {
                let mut fps_instant = Instant::now();

                let _keep_it = client::hc_connection(feedback, rendezvous_server, token).await;
+                let mut last_recv_time = Instant::now();

                loop {
                    tokio::select! {
@@ -244,7 +248,7 @@ impl<T: InvokeUiSession> Remote<T> {
                            } else {
                                if self.handler.is_restarting_remote_device() {
                                    log::info!("Restart remote device");
-                                    self.handler.msgbox("restarting", "Restarting remote device", "remote_restarting_tip", "");
+                                    self.handler.msgbox("restarting", "Restarting remote device", "Connection in progress. Please wait.", "");
                                } else {
                                    log::info!("Reset by the peer");
                                    self.handler.msgbox("error", "Connection Error", "Reset by the peer", "");
@@ -279,6 +283,12 @@ impl<T: InvokeUiSession> Remote<T> {
                            }
                        }
                        _ = status_timer.tick() => {
+                            if self.handler.is_restarting_remote_device()
+                                && last_recv_time.elapsed() >= RESTART_REMOTE_DEVICE_NO_DATA_TIMEOUT
+                            {
+                                self.handler.msgbox("restarting-show", "Restarting remote device", "Connection in progress. Please wait.", "");
+                                break;
+                            }
                            let elapsed = fps_instant.elapsed().as_millis();
                            if elapsed < 1000 {
                                continue;
@@ -1426,7 +1436,11 @@ impl<T: InvokeUiSession> Remote<T> {
                    self.handler.set_cursor_position(cp);
                }
                Some(message::Union::Clipboard(cb)) => {
-                    if !self.handler.lc.read().unwrap().disable_clipboard.v {
+                    let clipboard_allowed = {
+                        let lc = self.handler.lc.read().unwrap();
+                        !lc.disable_clipboard.v && !lc.view_only.v
+                    };
+                    if clipboard_allowed {
                        #[cfg(not(any(target_os = "android", target_os = "ios")))]
                        update_clipboard(vec![cb], ClipboardSide::Client);
                        #[cfg(target_os = "ios")]
@@ -1445,7 +1459,11 @@ impl<T: InvokeUiSession> Remote<T> {
                    }
                }
                Some(message::Union::MultiClipboards(_mcb)) => {
-                    if !self.handler.lc.read().unwrap().disable_clipboard.v {
+                    let clipboard_allowed = {
+                        let lc = self.handler.lc.read().unwrap();
+                        !lc.disable_clipboard.v && !lc.view_only.v
+                    };
+                    if clipboard_allowed {
                        #[cfg(not(any(target_os = "android", target_os = "ios")))]
                        update_clipboard(_mcb.clipboards, ClipboardSide::Client);
                        #[cfg(target_os = "ios")]
--- a/src/clipboard.rs
+++ b/src/clipboard.rs
@@ -1,5 +1,7 @@
 #[cfg(not(target_os = "android"))]
 use arboard::{ClipboardData, ClipboardFormat};
+#[cfg(target_os = "linux")]
+use arboard::{LinuxClipboardKind, SetExtLinux};
 use hbb_common::{bail, log, message_proto::*, ResultType};
 use std::{
    sync::{Arc, Mutex},
@@ -54,6 +56,27 @@ pub fn check_clipboard(
    side: ClipboardSide,
    force: bool,
 ) -> Option<Message> {
+    let (msg, clipboards) = read_clipboard_message(ctx, side, force)?;
+    *LAST_MULTI_CLIPBOARDS.lock().unwrap() = clipboards;
+    Some(msg)
+}
+
+#[cfg(target_os = "linux")]
+pub fn peek_clipboard(
+    ctx: &mut Option<ClipboardContext>,
+    side: ClipboardSide,
+    force: bool,
+) -> Option<Message> {
+    let (msg, _) = read_clipboard_message(ctx, side, force)?;
+    Some(msg)
+}
+
+#[cfg(not(target_os = "android"))]
+fn read_clipboard_message(
+    ctx: &mut Option<ClipboardContext>,
+    side: ClipboardSide,
+    force: bool,
+) -> Option<(Message, MultiClipboards)> {
    if ctx.is_none() {
        *ctx = ClipboardContext::new().ok();
    }
@@ -64,8 +87,7 @@ pub fn check_clipboard(
                let mut msg = Message::new();
                let clipboards = proto::create_multi_clipboards(content);
                msg.set_multi_clipboards(clipboards.clone());
-                *LAST_MULTI_CLIPBOARDS.lock().unwrap() = clipboards;
-                return Some(msg);
+                return Some((msg, clipboards));
            }
        }
        Err(e) => {
@@ -219,10 +241,7 @@ fn do_update_clipboard_(mut to_update_data: Vec<ClipboardData>, side: ClipboardS
        }
    }
    if let Some(ctx) = ctx.as_mut() {
-        to_update_data.push(ClipboardData::Special((
-            RUSTDESK_CLIPBOARD_OWNER_FORMAT.to_owned(),
-            side.get_owner_data(),
-        )));
+        to_update_data = append_owner_marker(to_update_data, side);
        if let Err(e) = ctx.set(&to_update_data) {
            log::debug!("Failed to set clipboard: {}", e);
        } else {
@@ -231,6 +250,29 @@ fn do_update_clipboard_(mut to_update_data: Vec<ClipboardData>, side: ClipboardS
    }
 }

+#[cfg(not(target_os = "android"))]
+fn append_owner_marker(mut data: Vec<ClipboardData>, side: ClipboardSide) -> Vec<ClipboardData> {
+    data.push(ClipboardData::Special((
+        RUSTDESK_CLIPBOARD_OWNER_FORMAT.to_owned(),
+        side.get_owner_data(),
+    )));
+    data
+}
+
+#[cfg(target_os = "linux")]
+pub fn set_text_clipboard_with_owner_sync(text: &str, side: ClipboardSide) -> ResultType<()> {
+    let mut ctx = CLIPBOARD_CTX.lock().unwrap();
+    if ctx.is_none() {
+        *ctx = Some(ClipboardContext::new()?);
+    }
+    let clipboard_ctx = match ctx.as_mut() {
+        Some(ctx) => ctx,
+        None => bail!("Failed to create clipboard context"),
+    };
+    let data = append_owner_marker(vec![ClipboardData::Text(text.to_owned())], side);
+    clipboard_ctx.set_with_owner_marker_for_linux(&data)
+}
+
 #[cfg(not(target_os = "android"))]
 pub fn update_clipboard(multi_clipboards: Vec<Clipboard>, side: ClipboardSide) {
    std::thread::spawn(move || {
@@ -382,6 +424,24 @@ impl ClipboardContext {
        Ok(())
    }

+    #[cfg(target_os = "linux")]
+    fn set_with_owner_marker_for_linux(&mut self, data: &[ClipboardData]) -> ResultType<()> {
+        let _lock = ARBOARD_MTX.lock().unwrap();
+        self.inner
+            .set()
+            .clipboard(LinuxClipboardKind::Clipboard)
+            .formats(data)?;
+        if let Err(e) = self
+            .inner
+            .set()
+            .clipboard(LinuxClipboardKind::Primary)
+            .formats(data)
+        {
+            log::warn!("Failed to set PRIMARY clipboard with owner marker: {}", e);
+        }
+        Ok(())
+    }
+
    #[cfg(all(feature = "unix-file-copy-paste", target_os = "macos"))]
    fn get_file_urls_set_by_rustdesk(
        data: Vec<ClipboardData>,
--- a/src/core_main.rs
+++ b/src/core_main.rs
@@ -146,7 +146,13 @@ pub fn core_main() -> Option<Vec<String>> {
        crate::portable_service::client::set_quick_support(_is_quick_support);
    }
    let mut log_name = "".to_owned();
-    if args.len() > 0 && args[0].starts_with("--") {
+    // Keep portable-service logs under a stable directory name.
+    let has_portable_service_shmem_arg = args
+        .iter()
+        .any(|arg| arg.starts_with("--portable-service-shmem-name="));
+    if has_portable_service_shmem_arg {
+        log_name = "portable-service".to_owned();
+    } else if args.len() > 0 && args[0].starts_with("--") {
        let name = args[0].replace("--", "");
        if !name.is_empty() {
            log_name = name;
@@ -193,6 +199,20 @@ pub fn core_main() -> Option<Vec<String>> {
        }
        std::thread::spawn(move || crate::start_server(false, no_server));
    } else {
+        #[cfg(any(target_os = "linux", target_os = "macos"))]
+        // Root CLI management commands must talk to the user `--server` main IPC.
+        // Example: `sudo rustdesk --option custom-rendezvous-server` should query the
+        // user's IPC instead of root's `/tmp/<app>-0/ipc`; `connect()` still limits this
+        // routing to empty-postfix main IPC only.
+        let _user_main_ipc_scope = if crate::platform::is_installed()
+            && is_root()
+            && is_user_main_ipc_scope_cli_command(&args)
+        {
+            Some(crate::ipc::UserMainIpcScope::new())
+        } else {
+            None
+        };
+
        #[cfg(windows)]
        {
            use crate::platform;
@@ -242,11 +262,9 @@ pub fn core_main() -> Option<Vec<String>> {
                if config::is_disable_installation() {
                    return None;
                }
-                #[cfg(not(windows))]
-                let options = "desktopicon startmenu";
-                #[cfg(windows)]
-                let options = "desktopicon startmenu printer";
-                let res = platform::install_me(options, "".to_owned(), true, args.len() > 1);
+                let (printer_override, debug) = parse_silent_install_args(&args);
+                let options = platform::get_silent_install_options(printer_override);
+                let res = platform::install_me(options, "".to_owned(), true, debug);
                let text = match res {
                    Ok(_) => translate("Installation Successful!".to_string()),
                    Err(err) => {
@@ -412,7 +430,7 @@ pub fn core_main() -> Option<Vec<String>> {
            }
            return None;
        } else if args[0] == "--password" {
-            if config::is_disable_settings() {
+            if is_cli_setting_change_disabled() {
                println!("Settings are disabled!");
                return None;
            }
@@ -454,7 +472,7 @@ pub fn core_main() -> Option<Vec<String>> {
            println!("{}", crate::ipc::get_id());
            return None;
        } else if args[0] == "--set-id" {
-            if config::is_disable_settings() {
+            if is_cli_setting_change_disabled() {
                println!("Settings are disabled!");
                return None;
            }
@@ -501,7 +519,7 @@ pub fn core_main() -> Option<Vec<String>> {
            }
            return None;
        } else if args[0] == "--option" {
-            if config::is_disable_settings() {
+            if is_cli_setting_change_disabled() {
                println!("Settings are disabled!");
                return None;
            }
@@ -621,6 +639,56 @@ pub fn core_main() -> Option<Vec<String>> {
                println!("Installation and administrative privileges required!");
            }
            return None;
+        } else if args[0] == "--deploy" {
+            if config::Config::no_register_device() {
+                println!("Cannot deploy an unregistrable device!");
+            } else if config::is_outgoing_only() {
+                println!("Cannot deploy Outgoing-only clients.");
+            } else if crate::platform::is_installed() && is_root() {
+                let max = args.len() - 1;
+                let pos = args.iter().position(|x| x == "--token").unwrap_or(max);
+                if pos >= max {
+                    println!("--token is required!");
+                    return None;
+                }
+                let token = args[pos + 1].to_owned();
+                let get_value = |c: &str| {
+                    let pos = args.iter().position(|x| x == c).unwrap_or(max);
+                    if pos < max {
+                        Some(args[pos + 1].to_owned())
+                    } else {
+                        None
+                    }
+                };
+                let new_id = get_value("--id");
+                match crate::ui_interface::deploy_device(token, new_id) {
+                    crate::ui_interface::DeployResult::Ok => {
+                        println!("Device deployed.");
+                    }
+                    crate::ui_interface::DeployResult::NotEnabled => {
+                        println!("Server does not require deployment.");
+                        std::process::exit(3);
+                    }
+                    crate::ui_interface::DeployResult::InvalidInput => {
+                        println!("Invalid input.");
+                        std::process::exit(5);
+                    }
+                    crate::ui_interface::DeployResult::IdTaken(id) => {
+                        println!(
+                            "Id `{}` is already used by another machine on the server.",
+                            id
+                        );
+                        std::process::exit(6);
+                    }
+                    crate::ui_interface::DeployResult::Error(err) => {
+                        println!("{}", err);
+                        std::process::exit(1);
+                    }
+                }
+            } else {
+                println!("Installation and administrative privileges required!");
+            }
+            return None;
        } else if args[0] == "--check-hwcodec-config" {
            #[cfg(feature = "hwcodec")]
            crate::ipc::hwcodec_process();
@@ -840,6 +908,82 @@ fn is_root() -> bool {
    crate::platform::is_root()
 }

+#[cfg(any(target_os = "linux", target_os = "macos", test))]
+fn is_user_main_ipc_scope_cli_command(args: &[String]) -> bool {
+    matches!(
+        args.first().map(String::as_str),
+        Some("--password")
+            | Some("--set-unlock-pin")
+            | Some("--get-id")
+            | Some("--set-id")
+            | Some("--config")
+            | Some("--option")
+            | Some("--assign")
+            | Some("--deploy")
+    )
+}
+
+#[inline]
+fn is_cli_setting_change_disabled() -> bool {
+    let option = config::keys::OPTION_ALLOW_COMMAND_LINE_SETTINGS_WHEN_SETTINGS_DISABLED;
+    let allow_command_line_settings =
+        config::option2bool(option, &crate::get_builtin_option(option));
+    config::is_disable_settings() && !allow_command_line_settings
+}
+
+#[cfg(windows)]
+fn parse_silent_install_args(args: &[String]) -> (Option<bool>, bool) {
+    let mut printer_override = None;
+    let mut debug = false;
+
+    for arg in args.iter().skip(1) {
+        match arg.as_str() {
+            "printer=1" => printer_override = Some(true),
+            "printer=0" => printer_override = Some(false),
+            "debug" => debug = true,
+            _ => {}
+        }
+    }
+
+    (printer_override, debug)
+}
+
+#[cfg(test)]
+mod tests {
+    use super::*;
+
+    fn args(values: &[&str]) -> Vec<String> {
+        values.iter().map(|value| value.to_string()).collect()
+    }
+
+    #[test]
+    fn user_main_ipc_scope_cli_command_matches_management_commands_only() {
+        for command in [
+            "--password",
+            "--set-unlock-pin",
+            "--get-id",
+            "--set-id",
+            "--config",
+            "--option",
+            "--assign",
+            "--deploy",
+        ] {
+            assert!(is_user_main_ipc_scope_cli_command(&args(&[command])));
+        }
+
+        for command in [
+            "--service",
+            "--server",
+            "--tray",
+            "--cm",
+            "--check-hwcodec-config",
+            "--connect",
+        ] {
+            assert!(!is_user_main_ipc_scope_cli_command(&args(&[command])));
+        }
+    }
+}
+
 /// Check if the executable is a Quick Support version.
 /// Note: This function must be kept in sync with `libs/portable/src/main.rs`.
 #[cfg(windows)]
--- a/src/flutter.rs
+++ b/src/flutter.rs
@@ -1135,6 +1135,10 @@ impl InvokeUiSession for FlutterHandler {
                    ("message", json!(&opened.message)),
                    ("pid", json!(opened.pid)),
                    ("service_id", json!(&opened.service_id)),
+                    (
+                        "replay_terminal_output",
+                        json!(opened.replay_terminal_output),
+                    ),
                ];
                if !opened.persistent_sessions.is_empty() {
                    event_data.push(("persistent_sessions", json!(opened.persistent_sessions)));
--- a/src/flutter_ffi.rs
+++ b/src/flutter_ffi.rs
@@ -326,12 +326,14 @@ pub fn session_toggle_option(session_id: SessionID, value: String) {
        try_sync_peer_option(&session, &session_id, &value, None);
    }
    #[cfg(not(target_os = "ios"))]
-    if sessions::get_session_by_session_id(&session_id).is_some() && value == "disable-clipboard" {
+    if sessions::get_session_by_session_id(&session_id).is_some()
+        && (value == "disable-clipboard" || value == "view-only")
+    {
        crate::flutter::update_text_clipboard_required();
    }
    #[cfg(feature = "unix-file-copy-paste")]
    if sessions::get_session_by_session_id(&session_id).is_some()
-        && value == config::keys::OPTION_ENABLE_FILE_COPY_PASTE
+        && (value == config::keys::OPTION_ENABLE_FILE_COPY_PASTE || value == "view-only")
    {
        crate::flutter::update_file_clipboard_required();
    }
@@ -1153,6 +1155,22 @@ pub fn main_get_api_server() -> String {
    get_api_server()
 }

+pub fn main_deploy_device(token: String, id: String) -> String {
+    #[cfg(target_os = "android")]
+    {
+        let new_id = match id.trim() {
+            "" => None,
+            id => Some(id.to_owned()),
+        };
+        ui_interface::deploy_device(token, new_id).message()
+    }
+    #[cfg(not(target_os = "android"))]
+    {
+        let _ = (token, id);
+        "Deployment is not supported on this platform.".to_owned()
+    }
+}
+
 pub fn main_resolve_avatar_url(avatar: String) -> SyncReturn<String> {
    SyncReturn(resolve_avatar_url(avatar))
 }
@@ -2116,6 +2134,7 @@ pub fn main_start_service() {
    #[cfg(target_os = "android")]
    {
        config::Config::set_option("stop-service".into(), "".into());
+        crate::rendezvous_mediator::reset_needs_deploy_notification();
        crate::rendezvous_mediator::RendezvousMediator::restart();
    }
 }
@@ -2471,23 +2490,13 @@ pub fn is_disable_installation() -> SyncReturn<bool> {
 }

 pub fn is_preset_password() -> bool {
-    let hard = config::HARD_SETTINGS
-        .read()
-        .unwrap()
-        .get("password")
-        .cloned()
-        .unwrap_or_default();
-    if hard.is_empty() {
-        return false;
-    }
-
    // On desktop, service owns the authoritative config; query it via IPC and return only a boolean.
    #[cfg(not(any(target_os = "android", target_os = "ios")))]
    return crate::ipc::is_permanent_password_preset();

    // On mobile, we have no service IPC; verify against local storage.
    #[cfg(any(target_os = "android", target_os = "ios"))]
-    return config::Config::matches_permanent_password_plain(&hard);
+    return config::Config::is_using_preset_password();
 }

 // Don't call this function for desktop version.
@@ -3065,6 +3074,7 @@ pub mod server_side {
    pub unsafe extern "system" fn Java_ffi_FFI_startService(_env: JNIEnv, _class: JClass) {
        log::debug!("startService from jvm");
        config::Config::set_option("stop-service".into(), "".into());
+        crate::rendezvous_mediator::reset_needs_deploy_notification();
        crate::rendezvous_mediator::RendezvousMediator::restart();
    }

--- a/src/ipc.rs
+++ b/src/ipc.rs
@@ -1,33 +1,28 @@
-use crate::{
-    common::CheckTestNatType,
-    privacy_mode::PrivacyModeState,
-    ui_interface::{get_local_option, set_local_option},
-};
-use bytes::Bytes;
-use parity_tokio_ipc::{
-    Connection as Conn, ConnectionClient as ConnClient, Endpoint, Incoming, SecurityAttributes,
-};
-use serde_derive::{Deserialize, Serialize};
-use std::{
-    collections::HashMap,
-    sync::atomic::{AtomicBool, Ordering},
-};
-#[cfg(not(windows))]
-use std::{fs::File, io::prelude::*};
+#[path = "ipc/auth.rs"]
+mod ipc_auth;
+#[cfg(any(target_os = "linux", target_os = "macos"))]
+#[path = "ipc/fs.rs"]
+mod ipc_fs;

 #[cfg(all(feature = "flutter", feature = "plugin_framework"))]
 #[cfg(not(any(target_os = "android", target_os = "ios")))]
 use crate::plugin::ipc::Plugin;
+use crate::{
+    common::{is_server, CheckTestNatType},
+    privacy_mode,
+    privacy_mode::PrivacyModeState,
+    rendezvous_mediator::RendezvousMediator,
+    ui_interface::{get_local_option, set_local_option},
+};
+use bytes::Bytes;
 #[cfg(not(any(target_os = "android", target_os = "ios")))]
 pub use clipboard::ClipboardFile;
+#[cfg(target_os = "linux")]
+use hbb_common::anyhow;
 use hbb_common::{
    allow_err, bail, bytes,
    bytes_codec::BytesCodec,
-    config::{
-        self,
-        keys::{self, OPTION_ALLOW_WEBSOCKET},
-        Config, Config2,
-    },
+    config::{self, keys::OPTION_ALLOW_WEBSOCKET, Config, Config2},
    futures::StreamExt as _,
    futures_util::sink::SinkExt,
    log, password_security as password, timeout,
@@ -38,13 +33,92 @@ use hbb_common::{
    tokio_util::codec::Framed,
    ResultType,
 };
-
-use crate::{common::is_server, privacy_mode, rendezvous_mediator::RendezvousMediator};
+#[cfg(windows)]
+pub(crate) use ipc_auth::authorize_windows_portable_service_ipc_connection;
+#[cfg(windows)]
+pub(crate) use ipc_auth::ensure_peer_executable_matches_current_by_pid_opt;
+#[cfg(windows)]
+pub(crate) use ipc_auth::log_rejected_windows_ipc_connection;
+#[cfg(any(target_os = "linux", target_os = "macos"))]
+use ipc_auth::{active_uid, authorize_service_scoped_ipc_connection};
+#[cfg(windows)]
+use ipc_auth::{
+    authorize_windows_main_ipc_connection, portable_service_listener_security_attributes,
+    should_allow_everyone_create_on_windows,
+};
+#[cfg(target_os = "linux")]
+pub(crate) use ipc_auth::{
+    ensure_peer_executable_matches_current_by_fd, is_allowed_service_peer_uid,
+    log_rejected_uinput_connection, peer_uid_from_fd,
+};
+#[cfg(target_os = "linux")]
+use ipc_fs::terminal_count_candidate_uids;
+#[cfg(any(target_os = "linux", target_os = "macos"))]
+use ipc_fs::{
+    check_pid, ensure_secure_ipc_parent_dir, scrub_secure_ipc_parent_dir,
+    should_scrub_parent_entries_after_check_pid, write_pid,
+};
+use parity_tokio_ipc::{
+    Connection as Conn, ConnectionClient as ConnClient, Endpoint, Incoming, SecurityAttributes,
+};
+use serde_derive::{Deserialize, Serialize};
+#[cfg(any(target_os = "linux", target_os = "macos"))]
+use std::cell::Cell;
+#[cfg(any(target_os = "linux", target_os = "macos"))]
+use std::os::unix::fs::PermissionsExt;
+use std::{
+    collections::HashMap,
+    sync::atomic::{AtomicBool, Ordering},
+};

 // IPC actions here.
 pub const IPC_ACTION_CLOSE: &str = "close";
+#[cfg(target_os = "windows")]
+const PORTABLE_SERVICE_IPC_HANDSHAKE_TIMEOUT_MS: u64 = 3_000;
+#[cfg(target_os = "windows")]
+pub(crate) const IPC_TOKEN_LEN: usize = 64;
+#[cfg(target_os = "windows")]
+const IPC_TOKEN_RANDOM_BYTES: usize = IPC_TOKEN_LEN / 2;
+#[cfg(target_os = "windows")]
+const _: () = assert!(IPC_TOKEN_LEN % 2 == 0);
 pub static EXIT_RECV_CLOSE: AtomicBool = AtomicBool::new(true);

+#[cfg(any(target_os = "linux", target_os = "macos"))]
+thread_local! {
+    static USE_USER_MAIN_IPC: Cell<bool> = Cell::new(false);
+}
+
+#[must_use = "bind this guard to a local variable to keep the IPC scope active"]
+/// Thread-local guard for routing root main IPC to the active user on Linux/macOS.
+#[cfg(any(target_os = "linux", target_os = "macos"))]
+pub(crate) struct UserMainIpcScope {
+    previous: bool,
+}
+
+#[cfg(any(target_os = "linux", target_os = "macos"))]
+impl UserMainIpcScope {
+    pub(crate) fn new() -> Self {
+        let previous = USE_USER_MAIN_IPC.with(|use_user_main| {
+            let previous = use_user_main.get();
+            use_user_main.set(true);
+            previous
+        });
+        Self { previous }
+    }
+}
+
+#[cfg(any(target_os = "linux", target_os = "macos"))]
+impl Drop for UserMainIpcScope {
+    fn drop(&mut self) {
+        USE_USER_MAIN_IPC.with(|use_user_main| use_user_main.set(self.previous));
+    }
+}
+
+#[inline]
+pub async fn connect_service(ms_timeout: u64) -> ResultType<ConnectionTmpl<ConnClient>> {
+    connect(ms_timeout, crate::POSTFIX_SERVICE).await
+}
+
 #[derive(Debug, Serialize, Deserialize, Clone)]
 #[serde(tag = "t", content = "c")]
 pub enum FS {
@@ -207,6 +281,8 @@ pub enum DataControl {
 pub enum DataPortableService {
    Ping,
    Pong,
+    AuthToken(String),
+    AuthResult(bool),
    ConnCount(Option<usize>),
    Mouse((Vec<u8>, i32, String, u32, bool, bool)),
    Pointer((Vec<u8>, i32)),
@@ -273,6 +349,7 @@ pub enum Data {
    ClipboardNonFile(Option<(String, Vec<ClipboardNonFile>)>),
    PrivacyModeState((i32, PrivacyModeState, String)),
    TestRendezvousServer,
+    Deployed,
    #[cfg(not(any(target_os = "android", target_os = "ios")))]
    Keyboard(DataKeyboard),
    #[cfg(not(any(target_os = "android", target_os = "ios")))]
@@ -411,6 +488,22 @@ pub async fn start(postfix: &str) -> ResultType<()> {
                Ok(stream) => {
                    let mut stream = Connection::new(stream);
                    let postfix = postfix.to_owned();
+                    #[cfg(any(target_os = "linux", target_os = "macos"))]
+                    if config::is_service_ipc_postfix(&postfix) {
+                        if !authorize_service_scoped_ipc_connection(&stream, &postfix) {
+                            continue;
+                        }
+                    }
+                    #[cfg(windows)]
+                    if postfix.is_empty() {
+                        // Windows main IPC (`postfix == ""`) is authorized here.
+                        // Other security-sensitive channels use dedicated authorization paths:
+                        // - `_portable_service`: portable-service listener + handshake policy
+                        // - service-scoped postfixes: service-specific listener/authorization
+                        if !authorize_windows_main_ipc_connection(&stream, &postfix) {
+                            continue;
+                        }
+                    }
                    tokio::spawn(async move {
                        loop {
                            match stream.next().await {
@@ -419,9 +512,48 @@ pub async fn start(postfix: &str) -> ResultType<()> {
                                    break;
                                }
                                Ok(Some(data)) => {
+                                    // On Linux/macOS, the protected `_service` channel is used only for
+                                    // syncing config between root service and the active user process.
+                                    //
+                                    // NOTE: `is_service_ipc_postfix()` also includes `_uinput_*`, but those
+                                    // channels are handled by the dedicated uinput listener/protocol in
+                                    // `src/server/uinput.rs` and therefore do not share this Data enum
+                                    // allowlist. The SyncConfig allowlist here is intentionally scoped to the
+                                    // `_service` channel only.
+                                    //
+                                    // Keep this explicit branch to avoid policy drift between `_service` and
+                                    // uinput IPC paths while still minimizing exposed message surface here.
+                                    #[cfg(any(target_os = "linux", target_os = "macos"))]
+                                    if postfix == crate::POSTFIX_SERVICE {
+                                        if matches!(&data, Data::SyncConfig(_)) {
+                                            handle(data, &mut stream).await;
+                                        } else {
+                                            log::warn!(
+                                                "Rejected non-sync data on protected _service IPC channel: postfix={}, data_kind={:?}, peer_uid={:?}",
+                                                postfix,
+                                                std::mem::discriminant(&data),
+                                                stream.peer_uid()
+                                            );
+                                            // Close the connection to avoid keeping a protected channel
+                                            // alive while repeatedly receiving invalid traffic.
+                                            break;
+                                        }
+                                        continue;
+                                    }
                                    handle(data, &mut stream).await;
                                }
-                                _ => {}
+                                Ok(None) => {
+                                    // `Ok(None)` means a complete frame arrived but did not
+                                    // deserialize into `Data`. Peer close/reset is returned as
+                                    // `Err` by `ConnectionTmpl::next()`. Keep the historical
+                                    // ignore behavior except on the protected `_service` channel.
+                                    #[cfg(any(target_os = "linux", target_os = "macos"))]
+                                    {
+                                        if postfix == crate::POSTFIX_SERVICE {
+                                            break;
+                                        }
+                                    }
+                                }
                            }
                        }
                    });
@@ -436,20 +568,77 @@ pub async fn start(postfix: &str) -> ResultType<()> {

 pub async fn new_listener(postfix: &str) -> ResultType<Incoming> {
    let path = Config::ipc_path(postfix);
-    #[cfg(not(any(windows, target_os = "android", target_os = "ios")))]
-    check_pid(postfix).await;
+    #[cfg(any(target_os = "linux", target_os = "macos"))]
+    let should_scrub_parent_entries = ensure_secure_ipc_parent_dir(&path, postfix)?;
+    #[cfg(any(target_os = "linux", target_os = "macos"))]
+    let existing_listener_alive = check_pid(postfix).await;
+    #[cfg(any(target_os = "linux", target_os = "macos"))]
+    if should_scrub_parent_entries_after_check_pid(
+        should_scrub_parent_entries,
+        existing_listener_alive,
+    ) {
+        scrub_secure_ipc_parent_dir(&path, postfix)?;
+    }
    let mut endpoint = Endpoint::new(path.clone());
-    match SecurityAttributes::allow_everyone_create() {
+    let security_attrs = {
+        #[cfg(windows)]
+        {
+            if postfix == "_portable_service" {
+                portable_service_listener_security_attributes()
+            } else if should_allow_everyone_create_on_windows(postfix) {
+                SecurityAttributes::allow_everyone_create()
+            } else {
+                Ok(SecurityAttributes::empty())
+            }
+        }
+        #[cfg(not(windows))]
+        {
+            SecurityAttributes::allow_everyone_create()
+        }
+    };
+    match security_attrs {
        Ok(attr) => endpoint.set_security_attributes(attr),
-        Err(err) => log::error!("Failed to set ipc{} security: {}", postfix, err),
+        Err(err) => {
+            log::error!("Failed to set ipc{} security: {}", postfix, err);
+            #[cfg(windows)]
+            if postfix == "_portable_service" {
+                // Fail closed for `_portable_service` when SDDL construction fails.
+                // This endpoint is security-critical and must not start with default ACLs.
+                return Err(err.into());
+            }
+        }
    };
    match endpoint.incoming() {
        Ok(incoming) => {
-            log::info!("Started ipc{} server at path: {}", postfix, &path);
-            #[cfg(not(windows))]
+            if postfix == crate::POSTFIX_SERVICE {
+                log::info!("Started protected ipc service server: postfix={}", postfix);
+            } else {
+                log::info!("Started ipc{} server at path: {}", postfix, &path);
+            }
+            #[cfg(any(target_os = "linux", target_os = "macos"))]
            {
-                use std::os::unix::fs::PermissionsExt;
-                std::fs::set_permissions(&path, std::fs::Permissions::from_mode(0o0777)).ok();
+                // NOTE: On Linux/macOS, some IPC sockets are intentionally world-connectable
+                // (0666) so the active (non-root) user process can connect. Authorization is
+                // enforced at accept-time for these channels, and the protected `_service`
+                // channel is further restricted by an explicit message allowlist (SyncConfig
+                // only).
+                let socket_mode = if config::is_service_ipc_postfix(postfix) {
+                    0o0666
+                } else {
+                    0o0600
+                };
+                if let Err(err) =
+                    std::fs::set_permissions(&path, std::fs::Permissions::from_mode(socket_mode))
+                {
+                    log::error!(
+                        "Failed to set permissions on ipc{} socket at path {}: {}",
+                        postfix,
+                        &path,
+                        err
+                    );
+                    std::fs::remove_file(&path).ok();
+                    return Err(err.into());
+                }
                write_pid(postfix);
            }
            Ok(incoming)
@@ -650,15 +839,7 @@ async fn handle(data: Data, stream: &mut Connection) {
                        "N".to_owned()
                    });
                } else if name == "permanent-password-is-preset" {
-                    let hard = config::HARD_SETTINGS
-                        .read()
-                        .unwrap()
-                        .get("password")
-                        .cloned()
-                        .unwrap_or_default();
-                    let is_preset =
-                        !hard.is_empty() && Config::matches_permanent_password_plain(&hard);
-                    value = Some(if is_preset {
+                    value = Some(if Config::is_using_preset_password() {
                        "Y".to_owned()
                    } else {
                        "N".to_owned()
@@ -709,7 +890,7 @@ async fn handle(data: Data, stream: &mut Connection) {
                        log::warn!("Changing permanent password is disabled");
                        updated = false;
                    } else {
-                        Config::set_permanent_password(&value);
+                        updated = Config::set_permanent_password(&value);
                    }
                    // Explicitly ACK/NACK permanent-password writes. This allows UIs/FFI to
                    // distinguish "accepted by daemon" vs "IPC send succeeded" without
@@ -778,6 +959,10 @@ async fn handle(data: Data, stream: &mut Connection) {
        Data::TestRendezvousServer => {
            crate::test_rendezvous_server();
        }
+        Data::Deployed => {
+            crate::rendezvous_mediator::NEEDS_DEPLOY.store(false, Ordering::SeqCst);
+            crate::rendezvous_mediator::RendezvousMediator::restart();
+        }
        #[cfg(feature = "flutter")]
        #[cfg(not(any(target_os = "android", target_os = "ios")))]
        Data::SwitchSidesRequest(id) => {
@@ -953,15 +1138,212 @@ async fn handle(data: Data, stream: &mut Connection) {
            );
        }
        _ => {}
+    };
+}
+
+#[cfg(target_os = "windows")]
+pub(crate) fn generate_one_time_ipc_token() -> ResultType<String> {
+    use hbb_common::rand::{rngs::OsRng, RngCore as _};
+    use std::fmt::Write as _;
+
+    let mut random_bytes = [0u8; IPC_TOKEN_RANDOM_BYTES];
+    let mut rng = OsRng;
+    rng.try_fill_bytes(&mut random_bytes).map_err(|err| {
+        hbb_common::anyhow::anyhow!(
+            "failed to generate portable service ipc token from OsRng: {}",
+            err
+        )
+    })?;
+
+    let mut token = String::with_capacity(IPC_TOKEN_LEN);
+    for byte in random_bytes {
+        let _ = write!(token, "{:02x}", byte);
+    }
+    Ok(token)
+}
+
+#[cfg(target_os = "windows")]
+pub(crate) fn constant_time_ipc_token_eq(expected: &str, candidate: &str) -> bool {
+    if expected.len() != IPC_TOKEN_LEN || candidate.len() != IPC_TOKEN_LEN {
+        return false;
+    }
+    expected
+        .as_bytes()
+        .iter()
+        .zip(candidate.as_bytes().iter())
+        .fold(0u8, |diff, (left, right)| diff | (*left ^ *right))
+        == 0
+}
+
+#[cfg(target_os = "windows")]
+pub(crate) async fn portable_service_ipc_handshake_as_client<T>(
+    stream: &mut ConnectionTmpl<T>,
+    token: &str,
+) -> ResultType<()>
+where
+    T: AsyncRead + AsyncWrite + std::marker::Unpin,
+{
+    stream
+        .send(&Data::DataPortableService(DataPortableService::AuthToken(
+            token.to_owned(),
+        )))
+        .await?;
+    match stream
+        .next_timeout(PORTABLE_SERVICE_IPC_HANDSHAKE_TIMEOUT_MS)
+        .await?
+    {
+        Some(Data::DataPortableService(DataPortableService::AuthResult(true))) => Ok(()),
+        Some(Data::DataPortableService(DataPortableService::AuthResult(false))) => {
+            bail!("portable service ipc handshake was rejected by server")
+        }
+        Some(_) | None => bail!("portable service ipc handshake returned an unexpected response"),
    }
 }

-pub async fn connect(ms_timeout: u64, postfix: &str) -> ResultType<ConnectionTmpl<ConnClient>> {
-    let path = Config::ipc_path(postfix);
-    let client = timeout(ms_timeout, Endpoint::connect(&path)).await??;
+#[cfg(target_os = "windows")]
+pub(crate) async fn portable_service_ipc_handshake_as_server<T, F>(
+    stream: &mut ConnectionTmpl<T>,
+    mut validate_token: F,
+) -> ResultType<()>
+where
+    T: AsyncRead + AsyncWrite + std::marker::Unpin,
+    // Token validators must use `constant_time_ipc_token_eq` or an equivalent
+    // fixed-length comparison; this handshake is part of the privilege boundary.
+    F: FnMut(&str) -> bool,
+{
+    let authorized = match stream
+        .next_timeout(PORTABLE_SERVICE_IPC_HANDSHAKE_TIMEOUT_MS)
+        .await?
+    {
+        Some(Data::DataPortableService(DataPortableService::AuthToken(token))) => {
+            validate_token(&token)
+        }
+        Some(_) | None => false,
+    };
+    stream
+        .send(&Data::DataPortableService(DataPortableService::AuthResult(
+            authorized,
+        )))
+        .await?;
+    if !authorized {
+        bail!("portable service ipc handshake failed")
+    }
+    Ok(())
+}
+
+#[inline]
+async fn connect_with_path(ms_timeout: u64, path: &str) -> ResultType<ConnectionTmpl<ConnClient>> {
+    let client = timeout(ms_timeout, Endpoint::connect(path)).await??;
    Ok(ConnectionTmpl::new(client))
 }

+#[cfg(any(target_os = "linux", target_os = "macos"))]
+#[inline]
+fn select_server_uid_for_user_main_ipc(
+    server_uids: &[u32],
+    active_uid: Option<u32>,
+    prefer_root: bool,
+) -> ResultType<u32> {
+    let mut server_uids = server_uids.to_vec();
+    server_uids.sort_unstable();
+    server_uids.dedup();
+
+    match server_uids.as_slice() {
+        [] => {
+            if let Some(uid) = active_uid {
+                // If no `--server` processes are found but the active user is identifiable,
+                // try the active user anyway because the main process may also listen on "" IPC.
+                return Ok(uid);
+            } else {
+                bail!("No --server process found for user main IPC")
+            }
+        }
+        [uid] => return Ok(*uid),
+        _ => {}
+    }
+
+    if prefer_root && server_uids.contains(&0) {
+        return Ok(0);
+    }
+    if let Some(active_uid) = active_uid.filter(|uid| server_uids.contains(uid)) {
+        return Ok(active_uid);
+    }
+    bail!("Multiple --server processes found for user main IPC");
+}
+
+#[cfg(any(target_os = "linux", target_os = "macos"))]
+fn running_server_uids_for_current_exe() -> ResultType<Vec<u32>> {
+    let current_exe = std::env::current_exe()?;
+    let current_exe_path = std::fs::canonicalize(&current_exe)?;
+    let current_pid = hbb_common::sysinfo::Pid::from_u32(std::process::id());
+    let mut sys = hbb_common::sysinfo::System::new();
+    sys.refresh_processes();
+    let mut server_uids = Vec::new();
+    for process in sys.processes().values() {
+        if process.pid() == current_pid {
+            continue;
+        }
+        if process.cmd().get(1).map_or(true, |arg| arg != "--server") {
+            continue;
+        }
+        let Ok(process_path) = std::fs::canonicalize(process.exe()) else {
+            continue;
+        };
+        if process_path != current_exe_path {
+            continue;
+        }
+        let Some(uid) = process.user_id().map(|uid| **uid as u32) else {
+            // Root CLI management commands need a stable matching `--server` target.
+            // If this key process races during enumeration, failing the command is clearer
+            // than silently skipping it; `--server` is not expected to exit frequently.
+            bail!("Failed to read --server process uid");
+        };
+        server_uids.push(uid);
+    }
+    Ok(server_uids)
+}
+
+#[cfg(any(target_os = "linux", target_os = "macos"))]
+fn user_main_ipc_server_uid() -> ResultType<u32> {
+    let server_uids = running_server_uids_for_current_exe()?;
+    #[cfg(target_os = "linux")]
+    let prefer_root = crate::platform::linux::is_login_screen_wayland();
+    #[cfg(target_os = "macos")]
+    let prefer_root = false;
+    select_server_uid_for_user_main_ipc(&server_uids, active_uid(), prefer_root)
+}
+
+pub async fn connect(ms_timeout: u64, postfix: &str) -> ResultType<ConnectionTmpl<ConnClient>> {
+    #[cfg(any(target_os = "linux", target_os = "macos"))]
+    {
+        let use_user_main_ipc = USE_USER_MAIN_IPC.with(|use_user_main| use_user_main.get());
+        let is_root_main_ipc =
+            unsafe { hbb_common::libc::geteuid() == 0 } && postfix.is_empty() && use_user_main_ipc;
+        if is_root_main_ipc {
+            let uid = user_main_ipc_server_uid()?;
+            let path = Config::ipc_path_for_uid(uid, postfix);
+            return connect_with_path(ms_timeout, &path).await;
+        }
+        let path = Config::ipc_path(postfix);
+        return connect_with_path(ms_timeout, &path).await;
+    }
+    #[cfg(not(any(target_os = "linux", target_os = "macos")))]
+    {
+        let path = Config::ipc_path(postfix);
+        connect_with_path(ms_timeout, &path).await
+    }
+}
+
+#[cfg(target_os = "linux")]
+pub async fn connect_for_uid(
+    ms_timeout: u64,
+    uid: u32,
+    postfix: &str,
+) -> ResultType<ConnectionTmpl<ConnClient>> {
+    let path = Config::ipc_path_for_uid(uid, postfix);
+    connect_with_path(ms_timeout, &path).await
+}
+
 #[cfg(target_os = "linux")]
 #[tokio::main(flavor = "current_thread")]
 pub async fn start_pa() {
@@ -1039,54 +1421,6 @@ pub async fn start_pa() {
    }
 }

-#[inline]
-#[cfg(not(windows))]
-fn get_pid_file(postfix: &str) -> String {
-    let path = Config::ipc_path(postfix);
-    format!("{}.pid", path)
-}
-
-#[cfg(not(any(windows, target_os = "android", target_os = "ios")))]
-async fn check_pid(postfix: &str) {
-    let pid_file = get_pid_file(postfix);
-    if let Ok(mut file) = File::open(&pid_file) {
-        let mut content = String::new();
-        file.read_to_string(&mut content).ok();
-        let pid = content.parse::<usize>().unwrap_or(0);
-        if pid > 0 {
-            use hbb_common::sysinfo::System;
-            let mut sys = System::new();
-            sys.refresh_processes();
-            if let Some(p) = sys.process(pid.into()) {
-                if let Some(current) = sys.process((std::process::id() as usize).into()) {
-                    if current.name() == p.name() {
-                        // double check with connect
-                        if connect(1000, postfix).await.is_ok() {
-                            return;
-                        }
-                    }
-                }
-            }
-        }
-    }
-    // if not remove old ipc file, the new ipc creation will fail
-    // if we remove a ipc file, but the old ipc process is still running,
-    // new connection to the ipc will connect to new ipc, old connection to old ipc still keep alive
-    std::fs::remove_file(&Config::ipc_path(postfix)).ok();
-}
-
-#[inline]
-#[cfg(not(windows))]
-fn write_pid(postfix: &str) {
-    let path = get_pid_file(postfix);
-    if let Ok(mut file) = File::create(&path) {
-        use std::os::unix::fs::PermissionsExt;
-        std::fs::set_permissions(&path, std::fs::Permissions::from_mode(0o0777)).ok();
-        file.write_all(&std::process::id().to_string().into_bytes())
-            .ok();
-    }
-}
-
 pub struct ConnectionTmpl<T> {
    inner: Framed<T, BytesCodec>,
 }
@@ -1208,11 +1542,6 @@ fn apply_permanent_password_storage_and_salt_payload(payload: Option<&str>) -> R
        bail!("Invalid permanent-password-storage-and-salt payload");
    };

-    if storage.is_empty() {
-        Config::set_permanent_password_storage_for_sync("", "")?;
-        return Ok(());
-    }
-
    Config::set_permanent_password_storage_for_sync(storage, salt)?;
    Ok(())
 }
@@ -1533,6 +1862,13 @@ pub async fn test_rendezvous_server() -> ResultType<()> {
    Ok(())
 }

+#[tokio::main(flavor = "current_thread")]
+pub async fn notify_deployed() -> ResultType<()> {
+    let mut c = connect(1000, "").await?;
+    c.send(&Data::Deployed).await?;
+    Ok(())
+}
+
 #[tokio::main(flavor = "current_thread")]
 pub async fn send_url_scheme(url: String) -> ResultType<()> {
    connect(1_000, "_url")
@@ -1550,9 +1886,10 @@ pub fn close_all_instances() -> ResultType<bool> {
    }
 }

+#[cfg(windows)]
 #[tokio::main(flavor = "current_thread")]
 pub async fn connect_to_user_session(usid: Option<u32>) -> ResultType<()> {
-    let mut stream = crate::ipc::connect(1000, crate::POSTFIX_SERVICE).await?;
+    let mut stream = crate::ipc::connect_service(1000).await?;
    timeout(1000, stream.send(&crate::ipc::Data::UserSid(usid))).await??;
    Ok(())
 }
@@ -1678,13 +2015,76 @@ pub async fn update_controlling_session_count(count: usize) -> ResultType<()> {
 #[cfg(target_os = "linux")]
 #[tokio::main(flavor = "current_thread")]
 pub async fn get_terminal_session_count() -> ResultType<usize> {
-    let ms_timeout = 1_000;
-    let mut c = connect(ms_timeout, "").await?;
-    c.send(&Data::TerminalSessionCount(0)).await?;
-    if let Some(Data::TerminalSessionCount(c)) = c.next_timeout(ms_timeout).await? {
-        return Ok(c);
+    let timeout_ms = 1_000;
+    let effective_uid = unsafe { hbb_common::libc::geteuid() as u32 };
+    let candidate_uids = terminal_count_candidate_uids(effective_uid);
+    let mut last_err: Option<anyhow::Error> = None;
+    for candidate_uid in candidate_uids {
+        let socket_path = Config::ipc_path_for_uid(candidate_uid, "");
+        let connect_result = timeout(timeout_ms, Endpoint::connect(&socket_path))
+            .await
+            .map_err(|err| {
+                anyhow::anyhow!(
+                    "Timeout connecting to terminal ipc at {}: {}",
+                    socket_path,
+                    err
+                )
+            });
+        let connection = match connect_result {
+            Ok(Ok(connection)) => connection,
+            Ok(Err(err)) => {
+                last_err = Some(anyhow::anyhow!(
+                    "Failed to connect to terminal ipc at {}: {}",
+                    socket_path,
+                    err
+                ));
+                continue;
+            }
+            Err(err) => {
+                last_err = Some(err);
+                continue;
+            }
+        };
+        let mut ipc_conn = ConnectionTmpl::new(connection);
+        if let Err(err) = ipc_conn.send(&Data::TerminalSessionCount(0)).await {
+            last_err = Some(anyhow::anyhow!(
+                "Failed to request terminal session count via ipc at {}: {}",
+                socket_path,
+                err
+            ));
+            continue;
+        }
+        match ipc_conn.next_timeout(timeout_ms).await {
+            Ok(Some(Data::TerminalSessionCount(session_count))) => {
+                return Ok(session_count);
+            }
+            Ok(None) => {
+                last_err = Some(anyhow::anyhow!(
+                    "Invalid response when requesting terminal session count via ipc at {}",
+                    socket_path
+                ));
+            }
+            Ok(other) => {
+                last_err = Some(anyhow::anyhow!(
+                    "Unexpected response when requesting terminal session count via ipc at {}: {:?}",
+                    socket_path,
+                    other.map(|v| std::mem::discriminant(&v))
+                ));
+            }
+            Err(err) => {
+                last_err = Some(anyhow::anyhow!(
+                    "Failed to read terminal session count via ipc at {}: {}",
+                    socket_path,
+                    err
+                ));
+            }
+        }
+    }
+    if let Some(err) = last_err {
+        Err(err.into())
+    } else {
+        Ok(0)
    }
-    Ok(0)
 }

 async fn handle_wayland_screencast_restore_token(
@@ -1715,9 +2115,81 @@ pub async fn set_install_option(k: String, v: String) -> ResultType<()> {
 #[cfg(test)]
 mod test {
    use super::*;
+
    #[test]
    fn verify_ffi_enum_data_size() {
        println!("{}", std::mem::size_of::<Data>());
        assert!(std::mem::size_of::<Data>() <= 120);
    }
+
+    #[cfg(any(target_os = "linux", target_os = "macos"))]
+    #[test]
+    fn test_service_ipc_path_is_shared_across_uids() {
+        assert_eq!(
+            Config::ipc_path_for_uid(0, crate::POSTFIX_SERVICE),
+            Config::ipc_path_for_uid(501, crate::POSTFIX_SERVICE)
+        );
+    }
+
+    #[cfg(any(target_os = "linux", target_os = "macos"))]
+    #[test]
+    fn test_ipc_path_differs_by_uid_for_cm() {
+        let effective_uid = unsafe { hbb_common::libc::geteuid() as u32 };
+        let other_uid = effective_uid.saturating_add(1);
+        let postfix = "_cm";
+
+        // Default connect path targets the current effective uid.
+        assert_eq!(
+            Config::ipc_path(postfix),
+            Config::ipc_path_for_uid(effective_uid, postfix)
+        );
+        // A different uid yields a different socket path - this is the root cause of the
+        // cross-user regression when root spawns a user process but still connects as uid 0.
+        assert_ne!(
+            Config::ipc_path(postfix),
+            Config::ipc_path_for_uid(other_uid, postfix)
+        );
+    }
+
+    #[cfg(any(target_os = "linux", target_os = "macos"))]
+    #[test]
+    fn test_select_server_uid_uses_active_uid_when_no_server_found() {
+        assert_eq!(
+            select_server_uid_for_user_main_ipc(&[], Some(501), false).unwrap(),
+            501
+        );
+    }
+
+    #[cfg(any(target_os = "linux", target_os = "macos"))]
+    #[test]
+    fn test_select_server_uid_uses_single_server_uid() {
+        assert_eq!(
+            select_server_uid_for_user_main_ipc(&[501], None, false).unwrap(),
+            501
+        );
+    }
+
+    #[cfg(any(target_os = "linux", target_os = "macos"))]
+    #[test]
+    fn test_select_server_uid_prefers_active_uid_with_multiple_servers() {
+        assert_eq!(
+            select_server_uid_for_user_main_ipc(&[0, 501], Some(501), false).unwrap(),
+            501
+        );
+    }
+
+    #[cfg(any(target_os = "linux", target_os = "macos"))]
+    #[test]
+    fn test_select_server_uid_prefers_root_on_wayland_login_screen() {
+        assert_eq!(
+            select_server_uid_for_user_main_ipc(&[0, 501], Some(501), true).unwrap(),
+            0
+        );
+    }
+
+    #[cfg(any(target_os = "linux", target_os = "macos"))]
+    #[test]
+    fn test_select_server_uid_fails_when_multiple_servers_are_ambiguous() {
+        assert!(select_server_uid_for_user_main_ipc(&[501, 502], None, false).is_err());
+    }
 }
--- a/src/ipc/auth.rs
+++ b/src/ipc/auth.rs
--- a/src/ipc/fs.rs
+++ b/src/ipc/fs.rs
@@ -0,0 +1,951 @@
+#[cfg(target_os = "linux")]
+use super::ipc_auth::active_uid;
+use crate::ipc::{connect, Data};
+use hbb_common::{config, log, ResultType};
+use std::{
+    ffi::CString,
+    io::{Error, ErrorKind},
+    os::unix::ffi::OsStrExt,
+    path::Path,
+};
+
+struct FdGuard(i32);
+impl Drop for FdGuard {
+    fn drop(&mut self) {
+        unsafe {
+            hbb_common::libc::close(self.0);
+        }
+    }
+}
+
+#[cfg(target_os = "linux")]
+#[inline]
+pub(crate) fn terminal_count_candidate_uids(effective_uid: u32) -> Vec<u32> {
+    if effective_uid != 0 {
+        return vec![effective_uid];
+    }
+    let mut candidates = Vec::with_capacity(2);
+    if let Some(uid) = active_uid().filter(|uid| *uid != 0) {
+        candidates.push(uid);
+    }
+    candidates.push(0);
+    candidates
+}
+
+#[inline]
+fn expected_ipc_parent_mode(postfix: &str) -> u32 {
+    if config::is_service_ipc_postfix(postfix) {
+        0o0711
+    } else {
+        0o0700
+    }
+}
+
+fn open_ipc_parent_dir_fd(parent_c: &CString) -> std::io::Result<i32> {
+    let fd = unsafe {
+        hbb_common::libc::open(
+            parent_c.as_ptr(),
+            hbb_common::libc::O_RDONLY
+                | hbb_common::libc::O_DIRECTORY
+                | hbb_common::libc::O_CLOEXEC
+                | hbb_common::libc::O_NOFOLLOW,
+        )
+    };
+    if fd < 0 {
+        Err(std::io::Error::last_os_error())
+    } else {
+        Ok(fd)
+    }
+}
+
+// Remove one preexisting IPC artifact via an already-opened parent directory FD.
+//
+// Security intent:
+// - Bind cleanup to the exact parent inode that passed O_NOFOLLOW + fstat checks.
+// - Avoid path-based TOCTOU during scrub (e.g., parent path rename/swap race).
+//
+// Flow:
+// 1) fstatat(..., AT_SYMLINK_NOFOLLOW) to inspect the target entry under parent_fd.
+// 2) Decide file vs directory from st_mode.
+// 3) unlinkat relative to parent_fd (AT_REMOVEDIR for directories).
+//
+// Error policy:
+// - NotFound is treated as benign (already removed / raced away).
+// - Other errors are surfaced explicitly.
+fn remove_parent_entry_via_fd(
+    parent_fd: i32,
+    parent_dir: &Path,
+    entry_name: &str,
+) -> ResultType<()> {
+    if entry_name.contains('/') {
+        return Err(Error::new(
+            ErrorKind::InvalidInput,
+            format!(
+                "invalid ipc parent entry name (contains '/'): parent={}, entry={}",
+                parent_dir.display(),
+                entry_name
+            ),
+        )
+        .into());
+    }
+    let entry_c = CString::new(entry_name.as_bytes().to_vec()).map_err(|err| {
+        Error::new(
+            ErrorKind::InvalidInput,
+            format!(
+                "invalid ipc parent entry name: parent={}, entry={}, err={}",
+                parent_dir.display(),
+                entry_name,
+                err
+            ),
+        )
+    })?;
+    let mut stat: hbb_common::libc::stat = unsafe { std::mem::zeroed() };
+    let stat_rc = unsafe {
+        hbb_common::libc::fstatat(
+            parent_fd,
+            entry_c.as_ptr(),
+            &mut stat,
+            hbb_common::libc::AT_SYMLINK_NOFOLLOW,
+        )
+    };
+    if stat_rc != 0 {
+        let err = std::io::Error::last_os_error();
+        if err.kind() == ErrorKind::NotFound {
+            return Ok(());
+        }
+        return Err(Error::new(
+            err.kind(),
+            format!(
+                "failed to stat preexisting ipc parent dir entry by fd: parent={}, entry={}, err={}",
+                parent_dir.display(),
+                entry_name,
+                err
+            ),
+        )
+        .into());
+    }
+
+    let is_dir = (stat.st_mode & (hbb_common::libc::S_IFMT as hbb_common::libc::mode_t))
+        == hbb_common::libc::S_IFDIR;
+    let unlink_flags = if is_dir {
+        hbb_common::libc::AT_REMOVEDIR
+    } else {
+        0
+    };
+    let unlink_rc =
+        unsafe { hbb_common::libc::unlinkat(parent_fd, entry_c.as_ptr(), unlink_flags) };
+    if unlink_rc != 0 {
+        let err = std::io::Error::last_os_error();
+        if err.kind() == ErrorKind::NotFound {
+            return Ok(());
+        }
+        return Err(Error::new(
+            err.kind(),
+            format!(
+                "failed to remove preexisting ipc parent dir entry by fd: parent={}, entry={}, err={}",
+                parent_dir.display(),
+                entry_name,
+                err
+            ),
+        )
+        .into());
+    }
+    Ok(())
+}
+
+fn scrub_preexisting_ipc_parent_entries(
+    parent_fd: i32,
+    parent_dir: &Path,
+    postfix: &str,
+) -> ResultType<()> {
+    let ipc_basename = format!("ipc{}", postfix);
+    remove_parent_entry_via_fd(parent_fd, parent_dir, &ipc_basename)?;
+    remove_parent_entry_via_fd(parent_fd, parent_dir, &format!("{}.pid", ipc_basename))?;
+    Ok(())
+}
+
+fn remove_ipc_socket_via_secure_parent_fd(postfix: &str) -> ResultType<()> {
+    let path = config::Config::ipc_path(postfix);
+    let parent_dir = Path::new(&path)
+        .parent()
+        .ok_or_else(|| Error::new(ErrorKind::InvalidInput, format!("invalid ipc path: {path}")))?;
+    let parent_c = CString::new(parent_dir.as_os_str().as_bytes().to_vec())?;
+    let fd = match open_ipc_parent_dir_fd(&parent_c) {
+        Ok(fd) => fd,
+        Err(open_err) => {
+            if open_err.kind() == ErrorKind::NotFound {
+                return Ok(());
+            }
+            return Err(Error::new(
+                open_err.kind(),
+                format!(
+                    "failed to open ipc parent dir for stale socket cleanup (no-follow): postfix={}, parent={}, err={}",
+                    postfix,
+                    parent_dir.display(),
+                    open_err
+                ),
+            )
+            .into());
+        }
+    };
+    let _fd_guard = FdGuard(fd);
+    remove_parent_entry_via_fd(fd, parent_dir, &format!("ipc{}", postfix))
+}
+
+// Purpose:
+// - Harden the IPC parent directory before creating/listening socket files.
+// - Prevent symlink/path-race abuse and reject unsafe owner/mode.
+//
+// Approach:
+// - Open parent dir with O_NOFOLLOW/O_DIRECTORY and operate on that fd.
+// - Validate inode type/owner/mode via fstat.
+// - For protected service postfix, optionally adopt owner (root only), then scrub stale
+//   rustdesk IPC artifacts when directory trust boundary changed.
+//
+// Main steps:
+// 1) Resolve parent path and open/create directory securely.
+// 2) Verify directory inode type and owner uid.
+// 3) Enforce expected mode via fchmod on opened fd.
+// 4) Scrub stale IPC artifacts when owner/mode was unsafe before hardening.
+//
+// References:
+// - open(2): O_NOFOLLOW/O_DIRECTORY/O_CLOEXEC
+//   https://man7.org/linux/man-pages/man2/open.2.html
+// - fstat(2): verify file type/metadata on opened fd
+//   https://man7.org/linux/man-pages/man2/fstat.2.html
+// - fchown(2): adopt ownership when running as root
+//   https://man7.org/linux/man-pages/man2/chown.2.html
+// - fchmod(2): enforce exact mode on opened fd
+//   https://man7.org/linux/man-pages/man2/fchmod.2.html
+pub(crate) fn ensure_secure_ipc_parent_dir(path: &str, postfix: &str) -> ResultType<bool> {
+    let parent_dir = Path::new(path)
+        .parent()
+        .ok_or_else(|| Error::new(ErrorKind::InvalidInput, format!("invalid ipc path: {path}")))?;
+    // Harden against common TOCTOU by opening the parent directory with O_NOFOLLOW (so the parent
+    // itself cannot be a symlink) and then operating on its FD (fstat/fchown/fchmod). This ensures
+    // we mutate the inode we opened, though it does not protect against symlinks in ancestor path
+    // components.
+    let parent_c = CString::new(parent_dir.as_os_str().as_bytes().to_vec())?;
+    let fd = match open_ipc_parent_dir_fd(&parent_c) {
+        Ok(fd) => fd,
+        Err(open_err) => {
+            // If the directory doesn't exist yet, create it with the expected mode. The parent
+            // dir is intended to be a single-level /tmp path, so mkdir is sufficient here.
+            if open_err.raw_os_error() == Some(hbb_common::libc::ENOENT) {
+                let expected_mode = expected_ipc_parent_mode(postfix);
+                let rc = unsafe {
+                    hbb_common::libc::mkdir(
+                        parent_c.as_ptr(),
+                        expected_mode as hbb_common::libc::mode_t,
+                    )
+                };
+                if rc != 0 {
+                    let mkdir_err = std::io::Error::last_os_error();
+                    // Handle a race where another process created the directory first.
+                    if mkdir_err.raw_os_error() != Some(hbb_common::libc::EEXIST) {
+                        return Err(Error::new(
+                            mkdir_err.kind(),
+                            format!(
+                                "failed to mkdir ipc parent dir: postfix={}, parent={}, err={}",
+                                postfix,
+                                parent_dir.display(),
+                                mkdir_err
+                            ),
+                        )
+                        .into());
+                    }
+                }
+                match open_ipc_parent_dir_fd(&parent_c) {
+                    Ok(fd) => fd,
+                    Err(err) => {
+                        return Err(Error::new(
+                            err.kind(),
+                            format!(
+                                "failed to open ipc parent dir (no-follow): postfix={}, parent={}, err={}",
+                                postfix,
+                                parent_dir.display(),
+                                err
+                            ),
+                        )
+                        .into());
+                    }
+                }
+            } else {
+                return Err(Error::new(
+                    open_err.kind(),
+                    format!(
+                        "failed to open ipc parent dir (no-follow): postfix={}, parent={}, err={}",
+                        postfix,
+                        parent_dir.display(),
+                        open_err
+                    ),
+                )
+                .into());
+            }
+        }
+    };
+    let _fd_guard = FdGuard(fd);
+
+    let mut st: hbb_common::libc::stat = unsafe { std::mem::zeroed() };
+    if unsafe { hbb_common::libc::fstat(fd, &mut st as *mut _) } != 0 {
+        let os_err = std::io::Error::last_os_error();
+        return Err(Error::new(
+            os_err.kind(),
+            format!(
+                "failed to stat ipc parent dir: postfix={}, parent={}, err={}",
+                postfix,
+                parent_dir.display(),
+                os_err
+            ),
+        )
+        .into());
+    }
+    let mode = st.st_mode as u32;
+    let is_dir = (mode & (hbb_common::libc::S_IFMT as u32)) == (hbb_common::libc::S_IFDIR as u32);
+    if !is_dir {
+        return Err(Error::new(
+            ErrorKind::PermissionDenied,
+            format!(
+                "ipc parent is not directory: postfix={}, parent={}",
+                postfix,
+                parent_dir.display()
+            ),
+        )
+        .into());
+    }
+
+    let expected_uid = unsafe { hbb_common::libc::geteuid() as u32 };
+    let mut owner_uid = st.st_uid as u32;
+    let mut adopted_foreign_service_parent = false;
+    // Service-scoped IPC may be created by different privilege contexts historically.
+    // If running as root on protected service postfix, try adopting ownership first.
+    if owner_uid != expected_uid && expected_uid == 0 && config::is_service_ipc_postfix(postfix) {
+        let rc = unsafe {
+            hbb_common::libc::fchown(
+                fd,
+                expected_uid as hbb_common::libc::uid_t,
+                hbb_common::libc::gid_t::MAX,
+            )
+        };
+        if rc == 0 {
+            let mut st2: hbb_common::libc::stat = unsafe { std::mem::zeroed() };
+            if unsafe { hbb_common::libc::fstat(fd, &mut st2 as *mut _) } == 0 {
+                owner_uid = st2.st_uid as u32;
+                st = st2;
+                adopted_foreign_service_parent = true;
+            }
+        } else {
+            // Keep behavior unchanged; capture errno to ease diagnosing why chown failed.
+            let err = std::io::Error::last_os_error();
+            log::warn!(
+                "Failed to chown ipc parent dir, parent={}, postfix={}, expected_uid={}, rc={}, err={:?}",
+                parent_dir.display(),
+                postfix,
+                expected_uid,
+                rc,
+                err
+            );
+        }
+    }
+    if owner_uid != expected_uid {
+        return Err(Error::new(
+            ErrorKind::PermissionDenied,
+            format!(
+                "unsafe ipc parent owner, postfix={}, expected uid {expected_uid}, got {owner_uid}: {}",
+                postfix,
+                parent_dir.display()
+            ),
+        )
+        .into());
+    }
+
+    let expected_mode = expected_ipc_parent_mode(postfix);
+    // Include special bits (setuid/setgid/sticky) to ensure the directory is hardened to the exact
+    // expected mode.
+    let current_mode = (st.st_mode as u32) & 0o7777;
+    let repaired_parent_mode = current_mode != expected_mode;
+    let had_untrusted_parent_mode = (current_mode & 0o022) != 0;
+    if repaired_parent_mode {
+        // Use fchmod on the opened fd to avoid path-race between check and chmod.
+        if unsafe { hbb_common::libc::fchmod(fd, expected_mode as hbb_common::libc::mode_t) } != 0 {
+            let os_err = std::io::Error::last_os_error();
+            return Err(Error::new(
+                os_err.kind(),
+                format!(
+                    "failed to chmod ipc parent dir: postfix={}, parent={}, err={}",
+                    postfix,
+                    parent_dir.display(),
+                    os_err
+                ),
+            )
+            .into());
+        }
+    }
+    let should_scrub =
+        repaired_parent_mode || adopted_foreign_service_parent || had_untrusted_parent_mode;
+    Ok(should_scrub)
+}
+
+pub(crate) fn scrub_secure_ipc_parent_dir(path: &str, postfix: &str) -> ResultType<()> {
+    let parent_dir = Path::new(path)
+        .parent()
+        .ok_or_else(|| Error::new(ErrorKind::InvalidInput, format!("invalid ipc path: {path}")))?;
+    let parent_c = CString::new(parent_dir.as_os_str().as_bytes().to_vec())?;
+    let fd = open_ipc_parent_dir_fd(&parent_c).map_err(|err| {
+        Error::new(
+            err.kind(),
+            format!(
+                "failed to open ipc parent dir for scrub (no-follow): postfix={}, parent={}, err={}",
+                postfix,
+                parent_dir.display(),
+                err
+            ),
+        )
+    })?;
+    let _fd_guard = FdGuard(fd);
+    scrub_preexisting_ipc_parent_entries(fd, parent_dir, postfix)
+}
+
+#[inline]
+pub(crate) fn get_pid_file(postfix: &str) -> String {
+    let path = config::Config::ipc_path(postfix);
+    format!("{}.pid", path)
+}
+
+// Purpose:
+// - Write current process pid to pid file without following attacker-controlled symlinks.
+// - Ensure the pid file is a regular file owned by the opened inode path.
+//
+// Approach:
+// - Use libc open/fstat/write syscalls (FFI) so flags and inode validation are explicit.
+// - Open file with O_NOFOLLOW/O_CLOEXEC and verify S_IFREG with fstat before write.
+// - Keep unsafe scopes minimal and check syscall return values immediately.
+//
+// Main steps:
+// 1) Secure-open pid file (without truncation).
+// 2) Validate opened inode is a regular file owned by current euid.
+// 3) Enforce pid file mode to 0600 and truncate via ftruncate after validation.
+// 4) Write process id bytes through fd.
+//
+// Why not plain std::fs::write?
+// - std::fs helpers cannot enforce this exact open-time hardening sequence
+//   (especially "open with O_NOFOLLOW, then fstat the same opened inode").
+//
+// References:
+// - open(2): O_NOFOLLOW/O_CLOEXEC/O_NONBLOCK
+//   https://man7.org/linux/man-pages/man2/open.2.html
+// - fstat(2): verify file type on opened fd
+//   https://man7.org/linux/man-pages/man2/fstat.2.html
+// - fchmod(2): enforce secure mode on reused pid file
+//   https://man7.org/linux/man-pages/man2/fchmod.2.html
+// - ftruncate(2): truncate after validation
+//   https://man7.org/linux/man-pages/man2/ftruncate.2.html
+// - write(2): write bytes via fd
+//   https://man7.org/linux/man-pages/man2/write.2.html
+fn write_pid_file(path: &Path) -> ResultType<()> {
+    let path_c = CString::new(path.as_os_str().as_bytes().to_vec()).map_err(|err| {
+        Error::new(
+            ErrorKind::InvalidInput,
+            format!("invalid pid file path '{}': {}", path.display(), err),
+        )
+    })?;
+    let flags = hbb_common::libc::O_WRONLY
+        | hbb_common::libc::O_CREAT
+        | hbb_common::libc::O_CLOEXEC
+        | hbb_common::libc::O_NOFOLLOW
+        | hbb_common::libc::O_NONBLOCK;
+    let fd = unsafe { hbb_common::libc::open(path_c.as_ptr(), flags, 0o0600) };
+    if fd < 0 {
+        let os_err = std::io::Error::last_os_error();
+        return Err(Error::new(
+            os_err.kind(),
+            format!(
+                "failed to open pid file with no-follow '{}': {}",
+                path.display(),
+                os_err
+            ),
+        )
+        .into());
+    }
+    let _fd_guard = FdGuard(fd);
+    let mut stat: hbb_common::libc::stat = unsafe { std::mem::zeroed() };
+    if unsafe { hbb_common::libc::fstat(fd, &mut stat) } != 0 {
+        let os_err = std::io::Error::last_os_error();
+        return Err(Error::new(
+            os_err.kind(),
+            format!("failed to stat pid file '{}': {}", path.display(), os_err),
+        )
+        .into());
+    }
+    if (stat.st_mode & (hbb_common::libc::S_IFMT as hbb_common::libc::mode_t))
+        != (hbb_common::libc::S_IFREG as hbb_common::libc::mode_t)
+    {
+        return Err(Error::new(
+            ErrorKind::PermissionDenied,
+            format!("pid file path is not a regular file: '{}'", path.display()),
+        )
+        .into());
+    }
+    let expected_uid = unsafe { hbb_common::libc::geteuid() as u32 };
+    if stat.st_uid as u32 != expected_uid {
+        return Err(Error::new(
+            ErrorKind::PermissionDenied,
+            format!(
+                "pid file owner mismatch: expected uid {}, got {} for '{}'",
+                expected_uid,
+                stat.st_uid,
+                path.display()
+            ),
+        )
+        .into());
+    }
+    if unsafe { hbb_common::libc::fchmod(fd, 0o600) } != 0 {
+        let os_err = std::io::Error::last_os_error();
+        return Err(Error::new(
+            os_err.kind(),
+            format!("failed to chmod pid file '{}': {}", path.display(), os_err),
+        )
+        .into());
+    }
+    if unsafe { hbb_common::libc::ftruncate(fd, 0) } != 0 {
+        let os_err = std::io::Error::last_os_error();
+        return Err(Error::new(
+            os_err.kind(),
+            format!(
+                "failed to truncate pid file '{}': {}",
+                path.display(),
+                os_err
+            ),
+        )
+        .into());
+    }
+
+    let bytes = std::process::id().to_string();
+    let buf = bytes.as_bytes();
+    // `write(2)` is allowed to return a short write even for regular files.
+    // PID content is tiny and usually written in one shot, but we still loop
+    // until all bytes are persisted so this path is semantically correct.
+    let mut written = 0usize;
+    while written < buf.len() {
+        let rc = unsafe {
+            hbb_common::libc::write(
+                fd,
+                buf[written..].as_ptr() as *const hbb_common::libc::c_void,
+                buf.len() - written,
+            )
+        };
+        if rc < 0 {
+            let os_err = std::io::Error::last_os_error();
+            return Err(Error::new(
+                os_err.kind(),
+                format!("failed to write pid file '{}': {}", path.display(), os_err),
+            )
+            .into());
+        }
+        if rc == 0 {
+            return Err(Error::new(
+                ErrorKind::WriteZero,
+                format!(
+                    "failed to write pid file '{}': write returned 0 bytes",
+                    path.display()
+                ),
+            )
+            .into());
+        }
+        written += rc as usize;
+    }
+    Ok(())
+}
+
+#[inline]
+pub(crate) fn write_pid(postfix: &str) {
+    let path = std::path::PathBuf::from(get_pid_file(postfix));
+    if let Err(err) = write_pid_file(&path) {
+        log::warn!(
+            "Failed to write pid file for postfix '{}', path='{}', err={}",
+            postfix,
+            path.display(),
+            err
+        );
+    }
+}
+
+// Purpose:
+// - Read pid file safely and avoid trusting symlink/non-regular files.
+//
+// Approach:
+// - Use libc open/fstat/read syscalls (FFI) to control flags and inode checks.
+// - Open path with O_NOFOLLOW, validate opened fd via fstat, then read and parse.
+// - Keep unsafe scopes minimal and check syscall return values immediately.
+//
+// Main steps:
+// 1) Secure-open pid file read-only.
+// 2) Ensure fd points to regular file.
+// 3) Read bytes and parse usize pid.
+//
+// References:
+// - open(2): O_NOFOLLOW/O_CLOEXEC/O_NONBLOCK
+//   https://man7.org/linux/man-pages/man2/open.2.html
+// - fstat(2): validate S_IFREG on opened fd
+//   https://man7.org/linux/man-pages/man2/fstat.2.html
+// - read(2): read bytes via fd
+//   https://man7.org/linux/man-pages/man2/read.2.html
+#[inline]
+fn read_pid_file_secure(path: &Path) -> Option<usize> {
+    let path_c = CString::new(path.as_os_str().as_bytes().to_vec()).ok()?;
+    let flags = hbb_common::libc::O_RDONLY
+        | hbb_common::libc::O_CLOEXEC
+        | hbb_common::libc::O_NOFOLLOW
+        | hbb_common::libc::O_NONBLOCK;
+    let fd = unsafe { hbb_common::libc::open(path_c.as_ptr(), flags) };
+    if fd < 0 {
+        return None;
+    }
+    let _fd_guard = FdGuard(fd);
+
+    let mut stat: hbb_common::libc::stat = unsafe { std::mem::zeroed() };
+    if unsafe { hbb_common::libc::fstat(fd, &mut stat) } != 0 {
+        return None;
+    }
+    if (stat.st_mode & (hbb_common::libc::S_IFMT as hbb_common::libc::mode_t))
+        != (hbb_common::libc::S_IFREG as hbb_common::libc::mode_t)
+    {
+        return None;
+    }
+
+    let mut buffer = [0u8; 64];
+    let read_len = unsafe {
+        hbb_common::libc::read(
+            fd,
+            buffer.as_mut_ptr() as *mut hbb_common::libc::c_void,
+            buffer.len(),
+        )
+    };
+    if read_len <= 0 {
+        return None;
+    }
+    let content = String::from_utf8_lossy(&buffer[..read_len as usize]).to_string();
+    content.trim().parse::<usize>().ok()
+}
+
+#[inline]
+async fn probe_existing_listener(postfix: &str) -> bool {
+    let Ok(mut stream) = connect(1000, postfix).await else {
+        return false;
+    };
+    if postfix != crate::POSTFIX_SERVICE {
+        return true;
+    }
+    if stream.send(&Data::SyncConfig(None)).await.is_err() {
+        return false;
+    }
+    matches!(
+        stream.next_timeout(1000).await,
+        Ok(Some(Data::SyncConfig(Some(_))))
+    )
+}
+
+pub(crate) async fn check_pid(postfix: &str) -> bool {
+    let pid_file = std::path::PathBuf::from(get_pid_file(postfix));
+    if let Some(pid) = read_pid_file_secure(&pid_file) {
+        if pid > 0 {
+            let mut sys = hbb_common::sysinfo::System::new();
+            sys.refresh_processes();
+            if let Some(p) = sys.process(pid.into()) {
+                if let Some(current) = sys.process((std::process::id() as usize).into()) {
+                    if current.name() == p.name() && probe_existing_listener(postfix).await {
+                        return true;
+                    }
+                }
+            }
+        }
+    }
+    if probe_existing_listener(postfix).await {
+        return true;
+    }
+    // if not remove old ipc file, the new ipc creation will fail
+    // if we remove a ipc file, but the old ipc process is still running,
+    // new connection to the ipc will connect to new ipc, old connection to old ipc still keep alive
+    if let Err(err) = remove_ipc_socket_via_secure_parent_fd(postfix) {
+        log::debug!(
+            "Failed to remove stale ipc socket via secure parent fd: postfix={}, err={}",
+            postfix,
+            err
+        );
+    }
+    false
+}
+
+#[inline]
+pub(crate) fn should_scrub_parent_entries_after_check_pid(
+    should_scrub_parent_entries: bool,
+    existing_listener_alive: bool,
+) -> bool {
+    should_scrub_parent_entries && !existing_listener_alive
+}
+
+#[cfg(test)]
+mod tests {
+    #[test]
+    fn test_write_pid_file_rejects_symlink() {
+        use std::os::unix::fs::symlink;
+
+        let unique = format!(
+            "rustdesk-ipc-pid-file-test-{}-{}",
+            std::process::id(),
+            std::time::SystemTime::now()
+                .duration_since(std::time::UNIX_EPOCH)
+                .unwrap_or_default()
+                .as_nanos()
+        );
+        let base = std::env::temp_dir().join(unique);
+        std::fs::create_dir_all(&base).unwrap();
+
+        let target = base.join("target_pid");
+        std::fs::write(&target, b"origin").unwrap();
+        let link = base.join("pid_link");
+        symlink(&target, &link).unwrap();
+
+        let res = super::write_pid_file(&link);
+        assert!(res.is_err());
+        assert_eq!(std::fs::read_to_string(&target).unwrap(), "origin");
+
+        std::fs::remove_file(&link).ok();
+        std::fs::remove_file(&target).ok();
+        std::fs::remove_dir_all(&base).ok();
+    }
+
+    #[test]
+    fn test_ensure_secure_ipc_parent_dir_rejects_symlink_parent() {
+        use std::os::unix::fs::symlink;
+
+        let unique = format!(
+            "rustdesk-ipc-secure-dir-test-{}-{}",
+            std::process::id(),
+            std::time::SystemTime::now()
+                .duration_since(std::time::UNIX_EPOCH)
+                .unwrap_or_default()
+                .as_nanos()
+        );
+        let base = std::env::temp_dir().join(unique);
+        let real_dir = base.join("real");
+        let link_dir = base.join("link");
+        std::fs::create_dir_all(&real_dir).unwrap();
+        symlink(&real_dir, &link_dir).unwrap();
+        let ipc_path = link_dir.join("ipc_service");
+        let res =
+            super::ensure_secure_ipc_parent_dir(ipc_path.to_string_lossy().as_ref(), "_service");
+        assert!(res.is_err());
+        std::fs::remove_file(&link_dir).ok();
+        std::fs::remove_dir_all(&real_dir).ok();
+        std::fs::remove_dir_all(&base).ok();
+    }
+
+    #[test]
+    fn test_ensure_secure_ipc_parent_dir_creates_parent_with_expected_mode() {
+        use std::os::unix::fs::PermissionsExt;
+
+        let unique = format!(
+            "rustdesk-ipc-secure-dir-create-test-{}-{}",
+            std::process::id(),
+            std::time::SystemTime::now()
+                .duration_since(std::time::UNIX_EPOCH)
+                .unwrap_or_default()
+                .as_nanos()
+        );
+        let base = std::env::temp_dir().join(unique);
+        std::fs::create_dir_all(&base).unwrap();
+
+        // Intentionally choose a parent that does not exist to exercise the ENOENT -> mkdir branch.
+        let parent_dir = base.join("parent");
+        assert!(!parent_dir.exists());
+        let ipc_path = parent_dir.join("ipc");
+
+        let res = super::ensure_secure_ipc_parent_dir(ipc_path.to_string_lossy().as_ref(), "");
+        // Restrictive umask can make mkdir create a stricter initial mode. In that case
+        // ensure_secure_ipc_parent_dir repairs it with fchmod and may request a scrub.
+        res.unwrap();
+
+        let md = std::fs::metadata(&parent_dir).unwrap();
+        assert!(md.is_dir());
+        let mode = md.permissions().mode() & 0o777;
+        assert_eq!(mode, 0o0700);
+
+        std::fs::remove_dir_all(&base).ok();
+    }
+
+    #[test]
+    fn test_scrub_preexisting_ipc_parent_entries_only_removes_target_postfix_artifacts() {
+        use std::os::unix::ffi::OsStrExt;
+
+        let unique = format!(
+            "rustdesk-ipc-scrub-test-{}-{}",
+            std::process::id(),
+            std::time::SystemTime::now()
+                .duration_since(std::time::UNIX_EPOCH)
+                .unwrap_or_default()
+                .as_nanos()
+        );
+        let base = std::env::temp_dir().join(unique);
+        std::fs::create_dir_all(&base).unwrap();
+
+        let ipc_file = base.join("ipc_service");
+        let ipc_pid_file = base.join("ipc_service.pid");
+        let ipc_other_postfix_file = base.join("ipc_uinput_1");
+        let keep_file = base.join("keep.txt");
+        let keep_dir = base.join("keep_dir");
+
+        std::fs::write(&ipc_file, b"socket-placeholder").unwrap();
+        std::fs::write(&ipc_pid_file, b"1234").unwrap();
+        std::fs::write(&ipc_other_postfix_file, b"other-postfix").unwrap();
+        std::fs::write(&keep_file, b"keep").unwrap();
+        std::fs::create_dir_all(&keep_dir).unwrap();
+
+        let base_c = std::ffi::CString::new(base.as_os_str().as_bytes().to_vec()).unwrap();
+        let base_fd = super::open_ipc_parent_dir_fd(&base_c).unwrap();
+        let _base_guard = super::FdGuard(base_fd);
+        super::scrub_preexisting_ipc_parent_entries(base_fd, &base, "_service").unwrap();
+
+        assert!(!ipc_file.exists());
+        assert!(!ipc_pid_file.exists());
+        assert!(ipc_other_postfix_file.exists());
+        assert!(keep_file.exists());
+        assert!(keep_dir.exists());
+
+        std::fs::remove_file(&ipc_other_postfix_file).ok();
+        std::fs::remove_file(&keep_file).ok();
+        std::fs::remove_dir_all(&keep_dir).ok();
+        std::fs::remove_dir_all(&base).ok();
+    }
+
+    #[test]
+    fn test_scrub_preexisting_ipc_parent_entries_should_bind_to_opened_inode_not_path() {
+        use std::os::unix::ffi::OsStrExt;
+
+        let unique = format!(
+            "rustdesk-ipc-scrub-fd-bind-test-{}-{}",
+            std::process::id(),
+            std::time::SystemTime::now()
+                .duration_since(std::time::UNIX_EPOCH)
+                .unwrap_or_default()
+                .as_nanos()
+        );
+        let base = std::env::temp_dir().join(unique);
+        std::fs::create_dir_all(&base).unwrap();
+
+        let trusted_parent = base.join("trusted_parent");
+        let trusted_parent_moved = base.join("trusted_parent_moved");
+        let attacker_parent = base.join("attacker_parent");
+        std::fs::create_dir_all(&trusted_parent).unwrap();
+        std::fs::create_dir_all(&attacker_parent).unwrap();
+
+        let trusted_ipc_file = trusted_parent.join("ipc_service");
+        let attacker_ipc_file = attacker_parent.join("ipc_service");
+        std::fs::write(&trusted_ipc_file, b"trusted").unwrap();
+        std::fs::write(&attacker_ipc_file, b"attacker").unwrap();
+
+        let trusted_parent_c =
+            std::ffi::CString::new(trusted_parent.as_os_str().as_bytes().to_vec()).unwrap();
+        let trusted_parent_fd = super::open_ipc_parent_dir_fd(&trusted_parent_c).unwrap();
+        let _trusted_parent_guard = super::FdGuard(trusted_parent_fd);
+
+        // Swap the path after the trusted inode has been opened.
+        std::fs::rename(&trusted_parent, &trusted_parent_moved).unwrap();
+        std::fs::rename(&attacker_parent, &trusted_parent).unwrap();
+
+        super::scrub_preexisting_ipc_parent_entries(trusted_parent_fd, &trusted_parent, "_service")
+            .unwrap();
+
+        // Expected secure behavior: scrub should target the inode that was opened before path swap.
+        assert!(
+            !trusted_parent_moved.join("ipc_service").exists(),
+            "trusted inode artifact should be removed even after path swap"
+        );
+        assert!(
+            trusted_parent.join("ipc_service").exists(),
+            "path-swapped attacker directory should not be scrubbed"
+        );
+
+        std::fs::remove_dir_all(&base).ok();
+    }
+
+    #[test]
+    fn test_ensure_secure_ipc_parent_dir_keeps_service_artifacts_before_liveness_probe() {
+        use std::os::unix::fs::PermissionsExt;
+
+        let unique = format!(
+            "rustdesk-ipc-secure-dir-order-test-{}-{}",
+            std::process::id(),
+            std::time::SystemTime::now()
+                .duration_since(std::time::UNIX_EPOCH)
+                .unwrap_or_default()
+                .as_nanos()
+        );
+        let base = std::env::temp_dir().join(unique);
+        std::fs::create_dir_all(&base).unwrap();
+
+        let parent_dir = base.join("service_parent");
+        std::fs::create_dir_all(&parent_dir).unwrap();
+        // Trigger "had_untrusted_service_parent_mode".
+        std::fs::set_permissions(&parent_dir, std::fs::Permissions::from_mode(0o777)).unwrap();
+
+        let ipc_file = parent_dir.join("ipc_service");
+        let ipc_pid_file = parent_dir.join("ipc_service.pid");
+        std::fs::write(&ipc_file, b"socket-placeholder").unwrap();
+        std::fs::write(&ipc_pid_file, b"1234").unwrap();
+
+        let res =
+            super::ensure_secure_ipc_parent_dir(ipc_file.to_string_lossy().as_ref(), "_service");
+        assert_eq!(res.unwrap(), true);
+
+        // Parent hardening should run first; artifacts should stay until liveness probe completes.
+        assert!(ipc_file.exists(), "ipc socket marker should be preserved");
+        assert!(ipc_pid_file.exists(), "pid marker should be preserved");
+
+        std::fs::remove_dir_all(&base).ok();
+    }
+
+    #[test]
+    fn test_ensure_secure_ipc_parent_dir_marks_non_service_mode_repair_for_scrub() {
+        use std::os::unix::fs::PermissionsExt;
+
+        let unique = format!(
+            "rustdesk-ipc-nonservice-mode-repair-test-{}-{}",
+            std::process::id(),
+            std::time::SystemTime::now()
+                .duration_since(std::time::UNIX_EPOCH)
+                .unwrap_or_default()
+                .as_nanos()
+        );
+        let base = std::env::temp_dir().join(unique);
+        std::fs::create_dir_all(&base).unwrap();
+
+        let parent_dir = base.join("non_service_parent");
+        std::fs::create_dir_all(&parent_dir).unwrap();
+        std::fs::set_permissions(&parent_dir, std::fs::Permissions::from_mode(0o755)).unwrap();
+
+        let ipc_file = parent_dir.join("ipc");
+        std::fs::write(&ipc_file, b"socket-placeholder").unwrap();
+
+        let res = super::ensure_secure_ipc_parent_dir(ipc_file.to_string_lossy().as_ref(), "");
+        assert_eq!(res.unwrap(), true);
+
+        std::fs::remove_dir_all(&base).ok();
+    }
+
+    #[test]
+    fn test_should_scrub_parent_entries_after_check_pid_only_when_requested_and_not_alive() {
+        assert!(!super::should_scrub_parent_entries_after_check_pid(
+            false, false
+        ));
+        assert!(!super::should_scrub_parent_entries_after_check_pid(
+            false, true
+        ));
+        assert!(super::should_scrub_parent_entries_after_check_pid(
+            true, false
+        ));
+        assert!(!super::should_scrub_parent_entries_after_check_pid(
+            true, true
+        ));
+    }
+}
--- a/src/lang/ar.rs
+++ b/src/lang/ar.rs
@@ -743,6 +743,23 @@ pub static ref T: std::collections::HashMap<&'static str, &'static str> =
        ("Display Name", "اسم العرض"),
        ("password-hidden-tip", "كلمة المرور مخفية"),
        ("preset-password-in-use-tip", "كلمة المرور المحددة مسبقًا قيد الاستخدام"),
-        ("Enable privacy mode", ""),
+        ("Enable privacy mode", "تفعيل وضع الخصوصية"),
+        ("allow-remote-toolbar-docking-any-edge", "السماح بإرساء شريط الأدوات البعيد إلى أي حافة من حواف النافذة"),
+        ("API Token", "رمز واجهة برمجة التطبيقات API"),
+        ("Deploy", "نشر"),
+        ("Custom ID (optional)", "معرّف مخصص (اختياري)"),
+        ("server_requires_deployment_tip", "يتطلب الخادم نشر هذا الجهاز بشكل صريح. هل تريد النشر الآن؟"),
+        ("The server does not require explicit deployment.", "لا يتطلب الخادم نشرًا صريحًا."),
+        ("Unknown response.", "استجابة غير معروفة."),
+        ("wayland-keyboard-input-disabled-tip", "هل تريد السماح بإدخال لوحة المفاتيح؟"),
+        ("wayland-keyboard-input-consent-tip", "ما تكتبه على هذا الكمبيوتر البعيد (بما في ذلك كلمات المرور) قد تتمكن التطبيقات الأخرى الموجودة عليه من قراءته."),
+        ("wayland-keyboard-input-applies-to-tip", "ينطبق هذا الاختيار على:"),
+        ("wayland-soft-keyboard-input-label", "إدخال لوحة المفاتيح الافتراضية"),
+        ("wayland-keyboard-input-reset-choice-tip", "إعادة تعيين اختيار إدخال لوحة المفاتيح"),
+        ("remember-wayland-keyboard-choice-tip", "لا تسأل مرة أخرى لهذا الكمبيوتر البعيد"),
+        ("Why this happens", "سبب حدوث ذلك"),
+        ("Switch display", "تبديل الشاشة"),
+        ("Show monitor switch button on the main toolbar", "إظهار زر تبديل الشاشة على شريط الأدوات الرئيسي"),
+        ("Show on the minimized toolbar", "الإظهار على شريط الأدوات المُصغّر"),
    ].iter().cloned().collect();
 }
--- a/src/lang/be.rs
+++ b/src/lang/be.rs
@@ -360,7 +360,7 @@ pub static ref T: std::collections::HashMap<&'static str, &'static str> =
        ("Recording", "Запіс"),
        ("Directory", "Каталог"),
        ("Automatically record incoming sessions", "Аўтаматычна запісваць уваходныя сесіі"),
-        ("Automatically record outgoing sessions", ""),
+        ("Automatically record outgoing sessions", "Аўтаматычна запісваць выходныя сесіі"),
        ("Change", "Змяніць"),
        ("Start session recording", "Пачаць запіс сесіі"),
        ("Stop session recording", "Спыніць запіс сесіі"),
@@ -379,7 +379,7 @@ pub static ref T: std::collections::HashMap<&'static str, &'static str> =
        ("Screen Share", "Дэманстрацыя экрана"),
        ("ubuntu-21-04-required", "Wayland патрабуе Ubuntu версіі 21.04 або навейшай."),
        ("wayland-requires-higher-linux-version", "Для Wayland патрабуецца вышэйшая версія дыстрыбутыва Linux. Карыстайцеся працоўным сталом X11 або зменіце сваю АС."),
-        ("xdp-portal-unavailable", ""),
+        ("xdp-portal-unavailable", "Не ўдалося захапіць экран Wayland. Магчыма, XDG Desktop Portal завяршыўся аварыйна або недаступны. Паспрабуйце перазапусціць яго камандай `systemctl --user restart xdg-desktop-portal`."),
        ("JumpLink", "Прагляд"),
        ("Please Select the screen to be shared(Operate on the peer side).", "Выберыце экран для дэманстрацыі (кіруецца на баку абанента)."),
        ("Show RustDesk", "Паказаць RustDesk"),
@@ -743,6 +743,23 @@ pub static ref T: std::collections::HashMap<&'static str, &'static str> =
        ("Display Name", "Імя для адлюстравання"),
        ("password-hidden-tip", "Зададзены пастаянны пароль (скрыты)."),
        ("preset-password-in-use-tip", "Пададзены пароль цяпер выкарыстоўваецца"),
-        ("Enable privacy mode", ""),
+        ("Enable privacy mode", "Уключыць рэжым канфідэнцыйнасці"),
+        ("allow-remote-toolbar-docking-any-edge", "Дазволіць замацоўванне аддаленай панэлі інструментаў да любога краю акна"),
+        ("API Token", "Токен API"),
+        ("Deploy", "Разгарнуць"),
+        ("Custom ID (optional)", "Карыстальніцкі ID (неабавязкова)"),
+        ("server_requires_deployment_tip", "Сервер патрабуе яўнага разгортвання гэтай прылады. Разгарнуць зараз?"),
+        ("The server does not require explicit deployment.", "Сервер не патрабуе яўнага разгортвання."),
+        ("Unknown response.", "Невядомы адказ."),
+        ("wayland-keyboard-input-disabled-tip", "Дазволіць увод з клавіятуры?"),
+        ("wayland-keyboard-input-consent-tip", "Тое, што вы набіраеце на гэтым аддаленым кампутары (у тым ліку паролі), могуць прачытаць іншыя праграмы на ім."),
+        ("wayland-keyboard-input-applies-to-tip", "Гэты выбар прымяняецца да:"),
+        ("wayland-soft-keyboard-input-label", "Увод з экраннай клавіятуры"),
+        ("wayland-keyboard-input-reset-choice-tip", "Скінуць выбар уводу з клавіятуры"),
+        ("remember-wayland-keyboard-choice-tip", "Не пытацца зноў для гэтага аддаленага кампутара"),
+        ("Why this happens", "Чаму гэта адбываецца"),
+        ("Switch display", "Пераключыць дысплэй"),
+        ("Show monitor switch button on the main toolbar", "Паказваць кнопку пераключэння манітора на галоўнай панэлі інструментаў"),
+        ("Show on the minimized toolbar", "Паказваць на згорнутай панэлі інструментаў"),
    ].iter().cloned().collect();
 }
--- a/src/lang/bg.rs
+++ b/src/lang/bg.rs
@@ -303,7 +303,7 @@ pub static ref T: std::collections::HashMap<&'static str, &'static str> =
        ("Ignore Battery Optimizations", "Игнорирай оптимизациите на батерията"),
        ("android_open_battery_optimizations_tip", "Ако искате да деактивирате тази функция, моля, отидете на следващата страница с настройки на приложението RustDesk, намерете и въведете [Battery], премахнете отметката от [Unrestricted]"),
        ("Start on boot", "Стартирайте при зареждане"),
-        ("Start the screen sharing service on boot, requires special permissions", ""),
+        ("Start the screen sharing service on boot, requires special permissions", "Стартиране на услугата за споделяне на екрана при зареждане, изисква специални разрешения"),
        ("Connection not allowed", "Връзката непозволена"),
        ("Legacy mode", "По остарял начин"),
        ("Map mode", "По начин със съответствие (map)"),
@@ -379,7 +379,7 @@ pub static ref T: std::collections::HashMap<&'static str, &'static str> =
        ("Screen Share", "Споделяне на екрана"),
        ("ubuntu-21-04-required", "Wayland изисква Ubuntu 21.04 или по-нов"),
        ("wayland-requires-higher-linux-version", "Wayland изисква по-нов Linux. Моля, опитайте с X11 или сменете операционната система."),
-        ("xdp-portal-unavailable", ""),
+        ("xdp-portal-unavailable", "Заснемането на екрана под Wayland е неуспешно. XDG Desktop Portal може да е блокирал или да е недостъпен. Опитайте да го рестартирате с `systemctl --user restart xdg-desktop-portal`."),
        ("JumpLink", "Препратка"),
        ("Please Select the screen to be shared(Operate on the peer side).", "Моля, изберете екрана, който да бъде споделен (спрямо отдалечената страна)."),
        ("Show RustDesk", "Покажи RustDesk"),
@@ -557,7 +557,7 @@ pub static ref T: std::collections::HashMap<&'static str, &'static str> =
        ("List", "Списък"),
        ("Virtual display", "Виртуален екран"),
        ("Plug out all", "Разкачане на всички"),
-        ("True color (4:4:4)", ""),
+        ("True color (4:4:4)", "Истински цвят (4:4:4)"),
        ("Enable blocking user input", "Разрешаване на блокиране на потребителско въвеждане"),
        ("id_input_tip", "Можете да въведете ID, директен IP адрес или домейн с порт (<domain>:<port>).\nАко искате да получите достъп до устройство на друг сървър, моля, добавете адреса на сървъра (<id>@<server_address >?key=<key_value>), например\n9123456234@192.168.16.1:21117?key=5Qbwsde3unUcJBtrx9ZkvUmwFNoExHzpryHuPUdqlWM=.\nАко искате да получите достъп до устройство на обществен сървър, моля, въведете \"<id>@public\" , ключът не е необходим за публичен сървър"),
        ("privacy_mode_impl_mag_tip", "Режим 1"),
@@ -567,7 +567,7 @@ pub static ref T: std::collections::HashMap<&'static str, &'static str> =
        ("idd_not_support_under_win10_2004_tip", "Индиректен драйвер за дисплей не се поддържа. Изисква се Windows 10, версия 2004 или по-нова."),
        ("input_source_1_tip", "Входен източник 1"),
        ("input_source_2_tip", "Входен източник 2"),
-        ("Swap control-command key", ""),
+        ("Swap control-command key", "Размяна на клавишите control и command"),
        ("swap-left-right-mouse", "Размяна на копчетата на мишката"),
        ("2FA code", "Код за Двуфакторно удостоверяване"),
        ("More", "Повече"),
@@ -579,9 +579,9 @@ pub static ref T: std::collections::HashMap<&'static str, &'static str> =
        ("2FA code must be 6 digits.", "Кодът за 2FA (двуфакторно удостоверяване) трябва да е 6-цифрен"),
        ("Multiple Windows sessions found", "Установени са няколко Windwos сесии"),
        ("Please select the session you want to connect to", "Моля определете сесия към която искате да се свърженете"),
-        ("powered_by_me", ""),
-        ("outgoing_only_desk_tip", ""),
-        ("preset_password_warning", ""),
+        ("powered_by_me", "Работи с RustDesk"),
+        ("outgoing_only_desk_tip", "Това е персонализирано издание.\nМожете да се свързвате с други устройства, но други устройства не могат да се свързват с вашето устройство."),
+        ("preset_password_warning", "Това персонализирано издание идва с предварително зададена парола. Всеки, който знае тази парола, може да получи пълен контрол върху вашето устройство. Ако не сте очаквали това, незабавно деинсталирайте софтуера."),
        ("Security Alert", "Предупреждение за сигурност"),
        ("My address book", "Моята адресна книга"),
        ("Personal", "Личен"),
@@ -591,25 +591,25 @@ pub static ref T: std::collections::HashMap<&'static str, &'static str> =
        ("Read-only", "Само четене"),
        ("Read/Write", "Писане/четене"),
        ("Full Control", "Пълен контрол"),
-        ("share_warning_tip", ""),
+        ("share_warning_tip", "Полетата по-горе са споделени и видими за други хора."),
        ("Everyone", "Всички"),
-        ("ab_web_console_tip", ""),
-        ("allow-only-conn-window-open-tip", ""),
-        ("no_need_privacy_mode_no_physical_displays_tip", ""),
+        ("ab_web_console_tip", "Повече в уеб конзолата"),
+        ("allow-only-conn-window-open-tip", "Разрешаване на връзка само ако прозорецът на RustDesk е отворен"),
+        ("no_need_privacy_mode_no_physical_displays_tip", "Няма физически екрани, не е необходимо да се използва режимът на поверителност."),
        ("Follow remote cursor", "Следвай отдалечения курсор"),
        ("Follow remote window focus", "Следвай фокуса на отдалечените прозорци"),
-        ("default_proxy_tip", ""),
-        ("no_audio_input_device_tip", ""),
+        ("default_proxy_tip", "Протоколът и портът по подразбиране са Socks5 и 1080"),
+        ("no_audio_input_device_tip", "Не е намерено устройство за аудио вход."),
        ("Incoming", "Входящ"),
        ("Outgoing", "Изходящ"),
        ("Clear Wayland screen selection", "Изчистване избор на Wayland екран"),
-        ("clear_Wayland_screen_selection_tip", ""),
-        ("confirm_clear_Wayland_screen_selection_tip", ""),
-        ("android_new_voice_call_tip", ""),
-        ("texture_render_tip", ""),
+        ("clear_Wayland_screen_selection_tip", "След изчистване на избора на екран можете да изберете отново екрана за споделяне."),
+        ("confirm_clear_Wayland_screen_selection_tip", "Сигурни ли сте, че искате да изчистите избора на екран за Wayland?"),
+        ("android_new_voice_call_tip", "Получена е нова заявка за гласово обаждане. Ако приемете, звукът ще премине към гласова комуникация."),
+        ("texture_render_tip", "Използвайте рендер на текстури, за да направите картината по-плавна. Можете да опитате да изключите тази опция, ако срещнете проблеми с изобразяването."),
        ("Use texture rendering", "Използвай рендер на текстури"),
        ("Floating window", "Плаващ прозорец"),
-        ("floating_window_tip", ""),
+        ("floating_window_tip", "Помага за поддържане на фоновата услуга на RustDesk"),
        ("Keep screen on", "Запази екранът включен"),
        ("Never", "Никога"),
        ("During controlled", "Докато е обект на управление"),
@@ -621,128 +621,145 @@ pub static ref T: std::collections::HashMap<&'static str, &'static str> =
        ("Volume down", "Намаляване звук"),
        ("Power", "Мощност"),
        ("Telegram bot", "Телеграм бот"),
-        ("enable-bot-tip", ""),
-        ("enable-bot-desc", ""),
-        ("cancel-2fa-confirm-tip", ""),
-        ("cancel-bot-confirm-tip", ""),
+        ("enable-bot-tip", "Ако активирате тази функция, можете да получавате 2FA кода от вашия бот. Той може да функционира и като известие за връзка."),
+        ("enable-bot-desc", "1. Отворете чат с @BotFather.\n2. Изпратете командата \"/newbot\". След като завършите тази стъпка, ще получите токен.\n3. Започнете чат с новосъздадения си бот. Изпратете съобщение, започващо с наклонена черта (\"/\"), например \"/hello\", за да го активирате.\n"),
+        ("cancel-2fa-confirm-tip", "Сигурни ли сте, че искате да отмените 2FA?"),
+        ("cancel-bot-confirm-tip", "Сигурни ли сте, че искате да отмените бота на Telegram?"),
        ("About RustDesk", "За RustDesk"),
-        ("Send clipboard keystrokes", ""),
-        ("network_error_tip", ""),
+        ("Send clipboard keystrokes", "Изпращане на клавишни натискания от клипборда"),
+        ("network_error_tip", "Моля, проверете мрежовата си връзка, след което натиснете повторен опит."),
        ("Unlock with PIN", "Отключване с PIN"),
-        ("Requires at least {} characters", ""),
+        ("Requires at least {} characters", "Изисква поне {} знака"),
        ("Wrong PIN", "Грешен PIN"),
        ("Set PIN", "Избор PIN"),
        ("Enable trusted devices", "Позволяване доверени устройства"),
        ("Manage trusted devices", "Управление доверени устройства"),
        ("Platform", "Платформа"),
        ("Days remaining", "Оставащи дни"),
-        ("enable-trusted-devices-tip", ""),
-        ("Parent directory", ""),
+        ("enable-trusted-devices-tip", "Пропускане на 2FA проверката на доверени устройства"),
+        ("Parent directory", "Родителска папка"),
        ("Resume", "Възобновяване"),
        ("Invalid file name", "Невалидно име за файл"),
-        ("one-way-file-transfer-tip", ""),
-        ("Authentication Required", ""),
-        ("Authenticate", ""),
-        ("web_id_input_tip", ""),
-        ("Download", ""),
-        ("Upload folder", ""),
-        ("Upload files", ""),
-        ("Clipboard is synchronized", ""),
-        ("Update client clipboard", ""),
-        ("Untagged", ""),
-        ("new-version-of-{}-tip", ""),
-        ("Accessible devices", ""),
+        ("one-way-file-transfer-tip", "Еднопосочното прехвърляне на файлове е активирано от управляваната страна."),
+        ("Authentication Required", "Изисква се удостоверяване"),
+        ("Authenticate", "Удостоверяване"),
+        ("web_id_input_tip", "Можете да въведете ID на същия сървър, директният достъп по IP не се поддържа в уеб клиента.\nАко искате да получите достъп до устройство на друг сървър, моля, добавете адреса на сървъра (<id>@<server_address>?key=<key_value>), например,\n9123456234@192.168.16.1:21117?key=5Qbwsde3unUcJBtrx9ZkvUmwFNoExHzpryHuPUdqlWM=.\nАко искате да получите достъп до устройство на публичен сървър, моля, въведете \"<id>@public\", за публичен сървър не е необходим ключ."),
+        ("Download", "Изтегляне"),
+        ("Upload folder", "Качване на папка"),
+        ("Upload files", "Качване на файлове"),
+        ("Clipboard is synchronized", "Клипбордът е синхронизиран"),
+        ("Update client clipboard", "Обновяване на клипборда на клиента"),
+        ("Untagged", "Без етикет"),
+        ("new-version-of-{}-tip", "Налична е нова версия на {}"),
+        ("Accessible devices", "Достъпни устройства"),
        ("upgrade_remote_rustdesk_client_to_{}_tip", "Моля, надстройте клиента RustDesk до версия {} или по-нова от отдалечената страна!"),
-        ("d3d_render_tip", ""),
-        ("Use D3D rendering", ""),
-        ("Printer", ""),
-        ("printer-os-requirement-tip", ""),
-        ("printer-requires-installed-{}-client-tip", ""),
-        ("printer-{}-not-installed-tip", ""),
-        ("printer-{}-ready-tip", ""),
-        ("Install {} Printer", ""),
-        ("Outgoing Print Jobs", ""),
-        ("Incoming Print Jobs", ""),
-        ("Incoming Print Job", ""),
-        ("use-the-default-printer-tip", ""),
-        ("use-the-selected-printer-tip", ""),
-        ("auto-print-tip", ""),
-        ("print-incoming-job-confirm-tip", ""),
-        ("remote-printing-disallowed-tile-tip", ""),
-        ("remote-printing-disallowed-text-tip", ""),
-        ("save-settings-tip", ""),
-        ("dont-show-again-tip", ""),
-        ("Take screenshot", ""),
-        ("Taking screenshot", ""),
-        ("screenshot-merged-screen-not-supported-tip", ""),
-        ("screenshot-action-tip", ""),
-        ("Save as", ""),
-        ("Copy to clipboard", ""),
-        ("Enable remote printer", ""),
-        ("Downloading {}", ""),
-        ("{} Update", ""),
-        ("{}-to-update-tip", ""),
-        ("download-new-version-failed-tip", ""),
-        ("Auto update", ""),
-        ("update-failed-check-msi-tip", ""),
-        ("websocket_tip", ""),
-        ("Use WebSocket", ""),
-        ("Trackpad speed", ""),
-        ("Default trackpad speed", ""),
-        ("Numeric one-time password", ""),
-        ("Enable IPv6 P2P connection", ""),
-        ("Enable UDP hole punching", ""),
+        ("d3d_render_tip", "Когато е активиран D3D рендерът, екранът за отдалечено управление може да е черен на някои машини."),
+        ("Use D3D rendering", "Използвай D3D рендер"),
+        ("Printer", "Принтер"),
+        ("printer-os-requirement-tip", "Функцията за изходящ печат изисква Windows 10 или по-нова версия."),
+        ("printer-requires-installed-{}-client-tip", "За да използвате отдалечен печат, на това устройство трябва да е инсталиран {}."),
+        ("printer-{}-not-installed-tip", "Принтерът {} не е инсталиран."),
+        ("printer-{}-ready-tip", "Принтерът {} е инсталиран и готов за употреба."),
+        ("Install {} Printer", "Инсталиране на принтер {}"),
+        ("Outgoing Print Jobs", "Изходящи задачи за печат"),
+        ("Incoming Print Jobs", "Входящи задачи за печат"),
+        ("Incoming Print Job", "Входяща задача за печат"),
+        ("use-the-default-printer-tip", "Използване на принтера по подразбиране"),
+        ("use-the-selected-printer-tip", "Използване на избрания принтер"),
+        ("auto-print-tip", "Автоматичен печат с избрания принтер."),
+        ("print-incoming-job-confirm-tip", "Получихте задача за печат от отдалечено устройство. Искате ли да я изпълните от вашата страна?"),
+        ("remote-printing-disallowed-tile-tip", "Отдалеченият печат не е разрешен"),
+        ("remote-printing-disallowed-text-tip", "Настройките за разрешения на управляваната страна забраняват отдалечен печат."),
+        ("save-settings-tip", "Запазване на настройките"),
+        ("dont-show-again-tip", "Не показвай това отново"),
+        ("Take screenshot", "Снимка на екрана"),
+        ("Taking screenshot", "Правене на снимка на екрана"),
+        ("screenshot-merged-screen-not-supported-tip", "Обединяването на снимки от няколко екрана в момента не се поддържа. Моля, превключете към един екран и опитайте отново."),
+        ("screenshot-action-tip", "Моля, изберете как да продължите със снимката на екрана."),
+        ("Save as", "Запазване като"),
+        ("Copy to clipboard", "Копиране в клипборда"),
+        ("Enable remote printer", "Позволяване на отдалечен принтер"),
+        ("Downloading {}", "Изтегляне на {}"),
+        ("{} Update", "Обновяване на {}"),
+        ("{}-to-update-tip", "{} ще се затвори сега и ще инсталира новата версия."),
+        ("download-new-version-failed-tip", "Изтеглянето е неуспешно. Можете да опитате отново или да натиснете бутона \"Изтегляне\", за да изтеглите от страницата за издания и да обновите ръчно."),
+        ("Auto update", "Автоматично обновяване"),
+        ("update-failed-check-msi-tip", "Проверката на метода на инсталиране е неуспешна. Моля, натиснете бутона \"Изтегляне\", за да изтеглите от страницата за издания и да обновите ръчно."),
+        ("websocket_tip", "При използване на WebSocket се поддържат само препредаващи връзки."),
+        ("Use WebSocket", "Използване на WebSocket"),
+        ("Trackpad speed", "Скорост на тъчпада"),
+        ("Default trackpad speed", "Скорост на тъчпада по подразбиране"),
+        ("Numeric one-time password", "Цифрова еднократна парола"),
+        ("Enable IPv6 P2P connection", "Позволяване на IPv6 P2P връзка"),
+        ("Enable UDP hole punching", "Позволяване на UDP hole punching"),
        ("View camera", "Преглед на камерата"),
-        ("Enable camera", ""),
-        ("No cameras", ""),
-        ("view_camera_unsupported_tip", ""),
-        ("Terminal", ""),
-        ("Enable terminal", ""),
-        ("New tab", ""),
-        ("Keep terminal sessions on disconnect", ""),
-        ("Terminal (Run as administrator)", ""),
-        ("terminal-admin-login-tip", ""),
-        ("Failed to get user token.", ""),
-        ("Incorrect username or password.", ""),
-        ("The user is not an administrator.", ""),
-        ("Failed to check if the user is an administrator.", ""),
-        ("Supported only in the installed version.", ""),
-        ("elevation_username_tip", ""),
-        ("Preparing for installation ...", ""),
-        ("Show my cursor", ""),
-        ("Scale custom", ""),
-        ("Custom scale slider", ""),
-        ("Decrease", ""),
-        ("Increase", ""),
-        ("Show virtual mouse", ""),
-        ("Virtual mouse size", ""),
-        ("Small", ""),
-        ("Large", ""),
-        ("Show virtual joystick", ""),
-        ("Edit note", ""),
-        ("Alias", ""),
-        ("ScrollEdge", ""),
-        ("Allow insecure TLS fallback", ""),
-        ("allow-insecure-tls-fallback-tip", ""),
-        ("Disable UDP", ""),
-        ("disable-udp-tip", ""),
-        ("server-oss-not-support-tip", ""),
-        ("input note here", ""),
-        ("note-at-conn-end-tip", ""),
-        ("Show terminal extra keys", ""),
-        ("Relative mouse mode", ""),
-        ("rel-mouse-not-supported-peer-tip", ""),
-        ("rel-mouse-not-ready-tip", ""),
-        ("rel-mouse-lock-failed-tip", ""),
-        ("rel-mouse-exit-{}-tip", ""),
-        ("rel-mouse-permission-lost-tip", ""),
-        ("Changelog", ""),
-        ("keep-awake-during-outgoing-sessions-label", ""),
-        ("keep-awake-during-incoming-sessions-label", ""),
+        ("Enable camera", "Позволяване на камерата"),
+        ("No cameras", "Няма камери"),
+        ("view_camera_unsupported_tip", "Отдалеченото устройство не поддържа преглед на камерата."),
+        ("Terminal", "Терминал"),
+        ("Enable terminal", "Позволяване на терминал"),
+        ("New tab", "Нов раздел"),
+        ("Keep terminal sessions on disconnect", "Запазване на терминалните сесии при прекъсване на връзката"),
+        ("Terminal (Run as administrator)", "Терминал (изпълнение като администратор)"),
+        ("terminal-admin-login-tip", "Моля, въведете потребителското име и паролата на администратора на управляваната страна."),
+        ("Failed to get user token.", "Неуспешно получаване на потребителски токен."),
+        ("Incorrect username or password.", "Неправилно потребителско име или парола."),
+        ("The user is not an administrator.", "Потребителят не е администратор."),
+        ("Failed to check if the user is an administrator.", "Неуспешна проверка дали потребителят е администратор."),
+        ("Supported only in the installed version.", "Поддържа се само в инсталираната версия."),
+        ("elevation_username_tip", "Въведете username или domain\\username"),
+        ("Preparing for installation ...", "Подготовка за инсталиране ..."),
+        ("Show my cursor", "Показвай моя курсор"),
+        ("Scale custom", "Персонализиран мащаб"),
+        ("Custom scale slider", "Плъзгач за персонализиран мащаб"),
+        ("Decrease", "Намаляване"),
+        ("Increase", "Увеличаване"),
+        ("Show virtual mouse", "Показвай виртуална мишка"),
+        ("Virtual mouse size", "Размер на виртуалната мишка"),
+        ("Small", "Малък"),
+        ("Large", "Голям"),
+        ("Show virtual joystick", "Показвай виртуален джойстик"),
+        ("Edit note", "Редактиране на бележка"),
+        ("Alias", "Псевдоним"),
+        ("ScrollEdge", "Превъртане при ръба"),
+        ("Allow insecure TLS fallback", "Позволяване на несигурно връщане към TLS"),
+        ("allow-insecure-tls-fallback-tip", "По подразбиране RustDesk проверява сертификата на сървъра за протоколи, използващи TLS.\nКогато тази опция е активирана, RustDesk ще пропусне стъпката на проверка и ще продължи в случай на неуспешна проверка."),
+        ("Disable UDP", "Забрана на UDP"),
+        ("disable-udp-tip", "Управлява дали да се използва само TCP.\nКогато тази опция е активирана, RustDesk вече няма да използва UDP 21116, а вместо това ще се използва TCP 21116."),
+        ("server-oss-not-support-tip", "ЗАБЕЛЕЖКА: RustDesk server OSS не включва тази функция."),
+        ("input note here", "въведете бележка тук"),
+        ("note-at-conn-end-tip", "Питане за бележка в края на връзката"),
+        ("Show terminal extra keys", "Показвай допълнителните клавиши на терминала"),
+        ("Relative mouse mode", "Относителен режим на мишката"),
+        ("rel-mouse-not-supported-peer-tip", "Относителният режим на мишката не се поддържа от свързания партньор."),
+        ("rel-mouse-not-ready-tip", "Относителният режим на мишката все още не е готов. Моля, опитайте отново."),
+        ("rel-mouse-lock-failed-tip", "Неуспешно заключване на курсора. Относителният режим на мишката е изключен."),
+        ("rel-mouse-exit-{}-tip", "Натиснете {} за изход."),
+        ("rel-mouse-permission-lost-tip", "Разрешението за клавиатура беше отнето. Относителният режим на мишката е изключен."),
+        ("Changelog", "Списък с промени"),
+        ("keep-awake-during-outgoing-sessions-label", "Поддържай екрана активен по време на изходящи сесии"),
+        ("keep-awake-during-incoming-sessions-label", "Поддържай екрана активен по време на входящи сесии"),
        ("Continue with {}", "Продължи с {}"),
-        ("Display Name", ""),
-        ("password-hidden-tip", ""),
-        ("preset-password-in-use-tip", ""),
-        ("Enable privacy mode", ""),
+        ("Display Name", "Показвано име"),
+        ("password-hidden-tip", "Зададена е постоянна парола (скрита)."),
+        ("preset-password-in-use-tip", "В момента се използва предварително зададена парола."),
+        ("Enable privacy mode", "Позволяване на режим на поверителност"),
+        ("allow-remote-toolbar-docking-any-edge", "Позволяване на закачане на отдалечената лента с инструменти към всеки ръб на прозореца"),
+        ("API Token", "API токен"),
+        ("Deploy", "Внедряване"),
+        ("Custom ID (optional)", "Персонализиран ID (по избор)"),
+        ("server_requires_deployment_tip", "Сървърът изисква това устройство да бъде внедрено изрично. Да се внедри ли сега?"),
+        ("The server does not require explicit deployment.", "Сървърът не изисква изрично внедряване."),
+        ("Unknown response.", "Неизвестен отговор."),
+        ("wayland-keyboard-input-disabled-tip", "Да се позволи ли въвеждане от клавиатура?"),
+        ("wayland-keyboard-input-consent-tip", "Това, което въвеждате на този отдалечен компютър (включително пароли), може да бъде прочетено от други приложения на него."),
+        ("wayland-keyboard-input-applies-to-tip", "Този избор се отнася за:"),
+        ("wayland-soft-keyboard-input-label", "Въвеждане от софтуерна клавиатура"),
+        ("wayland-keyboard-input-reset-choice-tip", "Нулиране на избора за въвеждане от клавиатура"),
+        ("remember-wayland-keyboard-choice-tip", "Не питай отново за този отдалечен компютър"),
+        ("Why this happens", "Защо се случва това"),
+        ("Switch display", "Превключване на дисплея"),
+        ("Show monitor switch button on the main toolbar", "Показване на бутона за превключване на монитора в главната лента с инструменти"),
+        ("Show on the minimized toolbar", "Показване в минимизираната лента с инструменти"),
    ].iter().cloned().collect();
 }
--- a/src/lang/ca.rs
+++ b/src/lang/ca.rs
@@ -360,7 +360,7 @@ pub static ref T: std::collections::HashMap<&'static str, &'static str> =
        ("Recording", "Gravació"),
        ("Directory", "Contactes"),
        ("Automatically record incoming sessions", "Enregistrament automàtic de sessions entrants"),
-        ("Automatically record outgoing sessions", ""),
+        ("Automatically record outgoing sessions", "Enregistrament automàtic de sessions sortints"),
        ("Change", "Canvia"),
        ("Start session recording", "Inicia la gravació de la sessió"),
        ("Stop session recording", "Atura la gravació de la sessió"),
@@ -379,7 +379,7 @@ pub static ref T: std::collections::HashMap<&'static str, &'static str> =
        ("Screen Share", "Compartició de pantalla"),
        ("ubuntu-21-04-required", "Wayland requereix Ubuntu 21.04 o superior"),
        ("wayland-requires-higher-linux-version", "Wayland requereix una versió superior de sistema Linux per a funcionar. Proveu iniciant un entorn d'escriptori amb x11 o actualitzeu el vostre sistema operatiu."),
-        ("xdp-portal-unavailable", ""),
+        ("xdp-portal-unavailable", "Ha fallat la captura de pantalla del Wayland. És possible que el XDG Desktop Portal hagi fallat o no estigui disponible. Proveu de reiniciar-lo amb `systemctl --user restart xdg-desktop-portal`."),
        ("JumpLink", "Marcador"),
        ("Please Select the screen to be shared(Operate on the peer side).", "Seleccioneu la pantalla que compartireu (quina serà visible al client)"),
        ("Show RustDesk", "Mostra el RustDesk"),
@@ -650,43 +650,43 @@ pub static ref T: std::collections::HashMap<&'static str, &'static str> =
        ("Clipboard is synchronized", "El porta-retalls està sincronitzat"),
        ("Update client clipboard", "Actualitza el porta-retalls del client"),
        ("Untagged", "Sense etiquetar"),
-        ("new-version-of-{}-tip", ""),
+        ("new-version-of-{}-tip", "Hi ha disponible una versió nova de {}"),
        ("Accessible devices", "Dispositius accessibles"),
-        ("upgrade_remote_rustdesk_client_to_{}_tip", ""),
-        ("d3d_render_tip", ""),
+        ("upgrade_remote_rustdesk_client_to_{}_tip", "Actualitzeu el client RustDesk a la versió {} o superior a la part remota!"),
+        ("d3d_render_tip", "Quan la renderització D3D està habilitada, en alguns equips la pantalla del control remot pot quedar en negre."),
        ("Use D3D rendering", "Utilitza renderització D3D"),
        ("Printer", "Impressora"),
-        ("printer-os-requirement-tip", ""),
-        ("printer-requires-installed-{}-client-tip", ""),
-        ("printer-{}-not-installed-tip", ""),
-        ("printer-{}-ready-tip", ""),
+        ("printer-os-requirement-tip", "La funció d'impressió sortint requereix Windows 10 o superior."),
+        ("printer-requires-installed-{}-client-tip", "Per a utilitzar la impressió remota, cal instal·lar {} en aquest dispositiu."),
+        ("printer-{}-not-installed-tip", "La impressora {} no està instal·lada."),
+        ("printer-{}-ready-tip", "La impressora {} està instal·lada i a punt per a utilitzar-se."),
        ("Install {} Printer", "Instal·la {} impressora"),
        ("Outgoing Print Jobs", "Treballs d'impressió sortints"),
        ("Incoming Print Jobs", "Treballs d'impressió entrants"),
        ("Incoming Print Job", "Treballs d'impressió entrant"),
-        ("use-the-default-printer-tip", ""),
-        ("use-the-selected-printer-tip", ""),
-        ("auto-print-tip", ""),
-        ("print-incoming-job-confirm-tip", ""),
-        ("remote-printing-disallowed-tile-tip", ""),
-        ("remote-printing-disallowed-text-tip", ""),
-        ("save-settings-tip", ""),
-        ("dont-show-again-tip", ""),
+        ("use-the-default-printer-tip", "Utilitza la impressora per defecte"),
+        ("use-the-selected-printer-tip", "Utilitza la impressora seleccionada"),
+        ("auto-print-tip", "Imprimeix automàticament utilitzant la impressora seleccionada."),
+        ("print-incoming-job-confirm-tip", "Heu rebut un treball d'impressió des de la part remota. Voleu executar-lo al vostre costat?"),
+        ("remote-printing-disallowed-tile-tip", "Impressió remota no permesa"),
+        ("remote-printing-disallowed-text-tip", "La configuració de permisos de la part controlada denega la impressió remota."),
+        ("save-settings-tip", "Desa la configuració"),
+        ("dont-show-again-tip", "No tornis a mostrar això"),
        ("Take screenshot", "Fes una captura de pantalla"),
        ("Taking screenshot", "Fent la captura de pantalla"),
-        ("screenshot-merged-screen-not-supported-tip", ""),
-        ("screenshot-action-tip", ""),
+        ("screenshot-merged-screen-not-supported-tip", "Actualment no és possible combinar captures de pantalla de diverses pantalles. Canvieu a una sola pantalla i torneu a provar."),
+        ("screenshot-action-tip", "Seleccioneu com voleu continuar amb la captura de pantalla."),
        ("Save as", "Anomena i desa"),
        ("Copy to clipboard", "Copia al porta-retalls"),
        ("Enable remote printer", "Habilita l'impressora remota"),
        ("Downloading {}", "Descarregant {}"),
        ("{} Update", "{} Actualitza"),
-        ("{}-to-update-tip", ""),
-        ("download-new-version-failed-tip", ""),
+        ("{}-to-update-tip", "{} es tancarà ara i instal·larà la versió nova."),
+        ("download-new-version-failed-tip", "Ha fallat la descàrrega. Podeu tornar a provar o fer clic al botó \"Descarrega\" per descarregar-la des de la pàgina de publicacions i actualitzar-la manualment."),
        ("Auto update", "Actualització automàtica"),
-        ("update-failed-check-msi-tip", ""),
-        ("websocket_tip", ""),
-        ("Use WebSocket", ""),
+        ("update-failed-check-msi-tip", "Ha fallat la comprovació del mètode d'instal·lació. Feu clic al botó \"Descarrega\" per descarregar-la des de la pàgina de publicacions i actualitzar-la manualment."),
+        ("websocket_tip", "En utilitzar WebSocket, només s'admeten connexions per repetidor."),
+        ("Use WebSocket", "Utilitza WebSocket"),
        ("Trackpad speed", "Velocitat del trackpad"),
        ("Default trackpad speed", "Velocitat per defecte del trackpad"),
        ("Numeric one-time password", "Contrasenya numèrica d'un sol ús"),
@@ -695,19 +695,19 @@ pub static ref T: std::collections::HashMap<&'static str, &'static str> =
        ("View camera", "Mostra la càmera"),
        ("Enable camera", "Habilita la càmera"),
        ("No cameras", "No hi ha càmeres"),
-        ("view_camera_unsupported_tip", ""),
+        ("view_camera_unsupported_tip", "El dispositiu remot no admet la visualització de la càmera."),
        ("Terminal", "Terminal"),
        ("Enable terminal", "Habilita el terminal"),
        ("New tab", "Nova finestra"),
        ("Keep terminal sessions on disconnect", "Mantingues les sessions de terminal desconnectades"),
        ("Terminal (Run as administrator)", "Terminal (executa com a administrador"),
-        ("terminal-admin-login-tip", ""),
+        ("terminal-admin-login-tip", "Inseriu el nom d'usuari i la contrasenya de l'administrador de la part controlada."),
        ("Failed to get user token.", "No s'ha pogut obtenir el token d'usuari."),
        ("Incorrect username or password.", "Nom d'usuari o contrasenya incorrecte"),
        ("The user is not an administrator.", "Aquest usuari no és administrador"),
        ("Failed to check if the user is an administrator.", "No s'ha pogut comprovar si l'usuari és administrador."),
        ("Supported only in the installed version.", "Només compatible amb la versió instal·lada."),
-        ("elevation_username_tip", ""),
+        ("elevation_username_tip", "Inseriu el nom d'usuari o domini\\nomusuari"),
        ("Preparing for installation ...", "Preparant per a l'instal·lació..."),
        ("Show my cursor", "Mostra el meu punter"),
        ("Scale custom", "Escala personalitzada"),
@@ -721,28 +721,45 @@ pub static ref T: std::collections::HashMap<&'static str, &'static str> =
        ("Show virtual joystick", "Mostra el joystick virtual"),
        ("Edit note", "Edita la nota"),
        ("Alias", "Alias"),
-        ("ScrollEdge", ""),
-        ("Allow insecure TLS fallback", ""),
-        ("allow-insecure-tls-fallback-tip", ""),
-        ("Disable UDP", ""),
-        ("disable-udp-tip", ""),
-        ("server-oss-not-support-tip", ""),
-        ("input note here", ""),
-        ("note-at-conn-end-tip", ""),
-        ("Show terminal extra keys", ""),
-        ("Relative mouse mode", ""),
-        ("rel-mouse-not-supported-peer-tip", ""),
-        ("rel-mouse-not-ready-tip", ""),
-        ("rel-mouse-lock-failed-tip", ""),
-        ("rel-mouse-exit-{}-tip", ""),
-        ("rel-mouse-permission-lost-tip", ""),
-        ("Changelog", ""),
-        ("keep-awake-during-outgoing-sessions-label", ""),
-        ("keep-awake-during-incoming-sessions-label", ""),
+        ("ScrollEdge", "Desplaçament a la vora"),
+        ("Allow insecure TLS fallback", "Permet l'ús alternatiu de TLS no segur"),
+        ("allow-insecure-tls-fallback-tip", "Per defecte, el RustDesk verifica el certificat del servidor per als protocols que utilitzen TLS.\nAmb aquesta opció habilitada, el RustDesk ometrà el pas de verificació i continuarà en cas que aquesta falli."),
+        ("Disable UDP", "Inhabilita l'UDP"),
+        ("disable-udp-tip", "Controla si s'utilitza només TCP.\nAmb aquesta opció habilitada, el RustDesk ja no utilitzarà l'UDP 21116, sinó que utilitzarà el TCP 21116 en el seu lloc."),
+        ("server-oss-not-support-tip", "NOTA: El RustDesk Server OSS no inclou aquesta característica."),
+        ("input note here", "inseriu la nota aquí"),
+        ("note-at-conn-end-tip", "Demana una nota en finalitzar la connexió"),
+        ("Show terminal extra keys", "Mostra les tecles addicionals del terminal"),
+        ("Relative mouse mode", "Mode de ratolí relatiu"),
+        ("rel-mouse-not-supported-peer-tip", "El client connectat no admet el mode de ratolí relatiu."),
+        ("rel-mouse-not-ready-tip", "El mode de ratolí relatiu encara no està a punt. Torneu a provar."),
+        ("rel-mouse-lock-failed-tip", "Ha fallat el bloqueig del cursor. S'ha inhabilitat el mode de ratolí relatiu."),
+        ("rel-mouse-exit-{}-tip", "Premeu {} per a sortir."),
+        ("rel-mouse-permission-lost-tip", "S'ha revocat el permís del teclat. S'ha inhabilitat el mode de ratolí relatiu."),
+        ("Changelog", "Registre de canvis"),
+        ("keep-awake-during-outgoing-sessions-label", "Mantén la pantalla activa durant les sessions sortints"),
+        ("keep-awake-during-incoming-sessions-label", "Mantén la pantalla activa durant les sessions entrants"),
        ("Continue with {}", "Continua amb {}"),
-        ("Display Name", ""),
-        ("password-hidden-tip", ""),
-        ("preset-password-in-use-tip", ""),
-        ("Enable privacy mode", ""),
+        ("Display Name", "Nom visible"),
+        ("password-hidden-tip", "La contrasenya permanent està definida (oculta)."),
+        ("preset-password-in-use-tip", "Actualment s'està utilitzant una contrasenya preestablerta."),
+        ("Enable privacy mode", "Habilita el Mode privat"),
+        ("allow-remote-toolbar-docking-any-edge", "Permet ancorar la barra d'eines remota a qualsevol vora de la finestra"),
+        ("API Token", "Testimoni de l'API"),
+        ("Deploy", "Desplega"),
+        ("Custom ID (optional)", "ID personalitzada (opcional)"),
+        ("server_requires_deployment_tip", "El servidor requereix que aquest dispositiu es desplegui explícitament. Voleu desplegar-lo ara?"),
+        ("The server does not require explicit deployment.", "El servidor no requereix un desplegament explícit."),
+        ("Unknown response.", "Resposta desconeguda."),
+        ("wayland-keyboard-input-disabled-tip", "Voleu permetre l'entrada de teclat?"),
+        ("wayland-keyboard-input-consent-tip", "Allò que escriviu en aquest equip remot (incloses les contrasenyes) podria ser llegit per altres aplicacions que hi hagi."),
+        ("wayland-keyboard-input-applies-to-tip", "Aquesta opció s'aplica a:"),
+        ("wayland-soft-keyboard-input-label", "Entrada de teclat virtual"),
+        ("wayland-keyboard-input-reset-choice-tip", "Restableix l'opció d'entrada de teclat"),
+        ("remember-wayland-keyboard-choice-tip", "No tornis a preguntar-ho per a aquest equip remot"),
+        ("Why this happens", "Per què passa això"),
+        ("Switch display", "Canvia de pantalla"),
+        ("Show monitor switch button on the main toolbar", "Mostra el botó de canvi de monitor a la barra d’eines principal"),
+        ("Show on the minimized toolbar", "Mostra a la barra d’eines minimitzada"),
    ].iter().cloned().collect();
 }
--- a/Show More
+++ b/Show More
				`@@ -1 +0,0 @@`
				<svg xmlns="http://www.w3.org/2000/svg" width="256" height="199"><path fill="#0089d6" d="M118.432 187.698c32.89-5.81 60.055-10.618 60.367-10.684l.568-.12-31.052-36.935c-17.078-20.314-31.051-37.014-31.051-37.11 0-.182 32.063-88.477 32.243-88.792.06-.105 21.88 37.567 52.893 91.32 29.035 50.323 52.973 91.815 53.195 92.203l.405.707-98.684-.012-98.684-.013 59.8-10.564zM0 176.435c0-.052 14.631-25.451 32.514-56.442l32.514-56.347 37.891-31.799C123.76 14.358 140.867.027 140.935.001c.069-.026-.205.664-.609 1.534s-18.919 40.582-41.145 88.25l-40.41 86.67-29.386.037c-16.162.02-29.385-.005-29.385-.057z"/></svg>