diff --git a/.github/dependabot.yml b/.github/dependabot.yml
index be3ba6a19..b2ace54c2 100644
--- a/.github/dependabot.yml
+++ b/.github/dependabot.yml
@@ -53,6 +53,4 @@ updates:
     groups:
       github-actions:
         patterns:
-          - "*"
-    labels:
-      - "misc:ci"
\ No newline at end of file
+          - "*"
\ No newline at end of file
diff --git a/.github/workflows/appimage.yml b/.github/workflows/appimage.yml
index c80be8844..521edeedd 100644
--- a/.github/workflows/appimage.yml
+++ b/.github/workflows/appimage.yml
@@ -8,16 +8,24 @@ on:
       version:
         description: 'Version'
         required: false
+  push:
+    branches-ignore:
+      - 'dependabot/**'
+    paths:
+      - '.github/workflows/appimage.yml'
+      - 'dist/linux/appimage/**'
+      - 'dist/linux/common/**'
+      - 'dist/linux/resources/**'
 
 env:
   JAVA_DIST: 'temurin'
-  JAVA_VERSION: '23.0.2'
+  JAVA_VERSION: '24.0.1+9'
 
 jobs:
   get-version:
     uses: ./.github/workflows/get-version.yml
     with:
-      version: ${{ inputs.version }}
+      version: ${{ inputs.version }} #okay if not defined
 
   build:
     name: Build AppImage
@@ -29,12 +37,12 @@ jobs:
         include:
           - os: ubuntu-latest
             appimage-suffix: x86_64
-            openjfx-url: 'https://download2.gluonhq.com/openjfx/23.0.2/openjfx-23.0.2_linux-x64_bin-jmods.zip'
-            openjfx-sha: '063baebc6922e4a89c94b9dfb7a4f53e59e8d6fec400d4e670b31bc2ab324dec'
+            openjfx-url: 'https://download2.gluonhq.com/openjfx/24.0.1/openjfx-24.0.1_linux-x64_bin-jmods.zip'
+            openjfx-sha: '425fac742b9fbd095b2ce868cff82d1024620f747c94a7144d0a4879e756146c'
           - os: ubuntu-24.04-arm
             appimage-suffix: aarch64
-            openjfx-url: 'https://download2.gluonhq.com/openjfx/23.0.2/openjfx-23.0.2_linux-aarch64_bin-jmods.zip'
-            openjfx-sha: '9bbedaeae1590b69e2b22237bda310936df33e344dbc243bea2e86acaab3a0d8'
+            openjfx-url: 'https://download2.gluonhq.com/openjfx/24.0.1/openjfx-24.0.1_linux-aarch64_bin-jmods.zip'
+            openjfx-sha: '7e02edd0f4ee5527a27c94b0bbba66fcaaff41009119e45d0eca0f96ddfb6e7b'
     steps:
       - uses: actions/checkout@v4
       - name: Setup Java
@@ -61,7 +69,7 @@ jobs:
           POM_JFX_VERSION=${POM_JFX_VERSION#*@}
           POM_JFX_VERSION=${POM_JFX_VERSION%%.*}
 
-          if [ $POM_JFX_VERSION -ne $JMOD_VERSION_AMD64 ]; then
+          if [ $POM_JFX_VERSION -ne $JMOD_VERSION ]; then
             >&2 echo "Major JavaFX version in pom.xml (${POM_JFX_VERSION}) != amd64 jmod version (${JMOD_VERSION})"
             exit 1
           fi
@@ -73,13 +81,21 @@ jobs:
         run: |
           cp LICENSE.txt target
           cp target/cryptomator-*.jar target/mods
+      - name: Run jlink with help option
+        id: jep-493-check
+        run: |
+          JMOD_PATHS="openjfx-jmods"
+          if ! ${JAVA_HOME}/bin/jlink --help | grep -q "Linking from run-time image enabled"; then
+            JMOD_PATHS="${JAVA_HOME}/jmods:${JMOD_PATHS}"
+          fi
+          echo "jmod_paths=${JMOD_PATHS}" >> "$GITHUB_OUTPUT"
       - name: Run jlink
         #Remark: no compression is applied for improved build compression later (here appimage)
         run: >
           ${JAVA_HOME}/bin/jlink
           --verbose
           --output runtime
-          --module-path "${JAVA_HOME}/jmods:openjfx-jmods"
+          --module-path "${{ steps.jep-493-check.outputs.jmod_paths }}"
           --add-modules java.base,java.desktop,java.instrument,java.logging,java.naming,java.net.http,java.scripting,java.sql,java.xml,javafx.base,javafx.graphics,javafx.controls,javafx.fxml,jdk.unsupported,jdk.security.auth,jdk.accessibility,jdk.management.jfr,jdk.net,java.compiler
           --strip-native-commands
           --no-header-files
@@ -101,7 +117,8 @@ jobs:
           --copyright "(C) 2016 - 2025 Skymatic GmbH"
           --app-version "${{  needs.get-version.outputs.semVerNum }}.${{  needs.get-version.outputs.revNum }}"
           --java-options "--enable-preview"
-          --java-options "--enable-native-access=org.cryptomator.jfuse.linux.amd64,org.cryptomator.jfuse.linux.aarch64,org.purejava.appindicator"
+          --java-options "--enable-native-access=javafx.graphics,org.cryptomator.jfuse.linux.amd64,org.cryptomator.jfuse.linux.aarch64,org.purejava.appindicator"
+          --java-options "--sun-misc-unsafe-memory-access=allow"
           --java-options "-Xss5m"
           --java-options "-Xmx256m"
           --java-options "-Dcryptomator.appVersion=\"${{  needs.get-version.outputs.semVerStr }}\""
@@ -152,7 +169,7 @@ jobs:
       - name: Build AppImage
         run: >
           ./squashfs-root/AppRun Cryptomator.AppDir cryptomator-${{  needs.get-version.outputs.semVerStr }}-${{ matrix.appimage-suffix }}.AppImage
-          -u 'gh-releases-zsync|cryptomator|cryptomator|latest|cryptomator-*-${{ matrix.appimage-suffix }}.AppImage.zsync'
+          -u "gh-releases-zsync|cryptomator|cryptomator|latest|cryptomator-*-${{ matrix.appimage-suffix }}.AppImage.zsync"
           --sign --sign-key=615D449FE6E6A235
       - name: Create detached GPG signatures
         run: |
diff --git a/.github/workflows/av-whitelist.yml b/.github/workflows/av-whitelist.yml
index 3cc164b30..8febeca49 100644
--- a/.github/workflows/av-whitelist.yml
+++ b/.github/workflows/av-whitelist.yml
@@ -76,7 +76,7 @@ jobs:
           name: ${{ needs.download-file.outputs.fileName }}
           path: upload
       - name: Upload to Avast 
-        uses: wlixcc/SFTP-Deploy-Action@v1.2.5
+        uses: wlixcc/SFTP-Deploy-Action@v1.2.6
         with:
           server: whitelisting.avast.com
           port: 22
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
index 545513129..7dae2755c 100644
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -2,12 +2,16 @@ name: Build
 
 on:
   push:
+    paths:
+      - '.github/workflows/build.yml'
+      - 'pom.xml'
+      - 'src/**'
   pull_request_target:
     types: [labeled]
 
 env:
   JAVA_DIST: 'temurin'
-  JAVA_VERSION: 23
+  JAVA_VERSION: 24
 
 defaults:
   run:
diff --git a/.github/workflows/check-jdk-updates.yml b/.github/workflows/check-jdk-updates.yml
index 64456baae..bf8d19e15 100644
--- a/.github/workflows/check-jdk-updates.yml
+++ b/.github/workflows/check-jdk-updates.yml
@@ -6,7 +6,7 @@ on:
   workflow_dispatch:
 
 env:
-  JDK_VERSION: '23.0.1+11'
+  JDK_VERSION: '24.0.1+9'
   JDK_VENDOR: temurin
   RUNTIME_VERSION_HELPER: >
     public class Test {
diff --git a/.github/workflows/debian.yml b/.github/workflows/debian.yml
index 197aaf7dc..9763717b3 100644
--- a/.github/workflows/debian.yml
+++ b/.github/workflows/debian.yml
@@ -5,41 +5,52 @@ on:
     inputs:
       semver:
         description: 'SemVer String (e.g. 1.7.0-beta1)'
-        required: true
       ppaver:
         description: 'Base PPA Version String (e.g. 1.6.16+1.7.0~beta1) without -0ppa1'
-        required: true
       dput:
         description: 'Upload to PPA'
         required: true
         default: false
         type: boolean
+  push:
+    branches-ignore:
+      - 'dependabot/**'
+    paths:
+      - '.github/workflows/debian.yml'
+      - 'dist/linux/debian/**'
+      - 'dist/linux/common/**'
+      - 'dist/linux/resources/**'
 
 env:
   JAVA_DIST: 'temurin'
-  JAVA_VERSION: '23.0.2+7'
-  COFFEELIBS_JDK: 23
-  COFFEELIBS_JDK_VERSION: '23.0.2+7-0ppa1'
-  OPENJFX_JMODS_AMD64: 'https://download2.gluonhq.com/openjfx/23.0.2/openjfx-23.0.2_linux-x64_bin-jmods.zip'
-  OPENJFX_JMODS_AMD64_HASH: '063baebc6922e4a89c94b9dfb7a4f53e59e8d6fec400d4e670b31bc2ab324dec'
-  OPENJFX_JMODS_AARCH64: 'https://download2.gluonhq.com/openjfx/23.0.2/openjfx-23.0.2_linux-aarch64_bin-jmods.zip'
-  OPENJFX_JMODS_AARCH64_HASH: '9bbedaeae1590b69e2b22237bda310936df33e344dbc243bea2e86acaab3a0d8'
+  JAVA_VERSION: '24.0.1+9'
+  COFFEELIBS_JDK: 24
+  COFFEELIBS_JDK_VERSION: '24.0.1+9-0ppa3'
+  OPENJFX_JMODS_AMD64: 'https://download2.gluonhq.com/openjfx/24.0.1/openjfx-24.0.1_linux-x64_bin-jmods.zip'
+  OPENJFX_JMODS_AMD64_HASH: '425fac742b9fbd095b2ce868cff82d1024620f747c94a7144d0a4879e756146c'
+  OPENJFX_JMODS_AARCH64: 'https://download2.gluonhq.com/openjfx/24.0.1/openjfx-24.0.1_linux-aarch64_bin-jmods.zip'
+  OPENJFX_JMODS_AARCH64_HASH: '7e02edd0f4ee5527a27c94b0bbba66fcaaff41009119e45d0eca0f96ddfb6e7b'
 
 jobs:
+  get-version:
+    uses: ./.github/workflows/get-version.yml
+    with:
+      version: ${{ inputs.semver }} #okay if not defined
+
   build:
     name: Build Debian Package
     runs-on: ubuntu-22.04
+    needs: [get-version]
     steps:
       - uses: actions/checkout@v4
-      - id: versions
-        name: Get version information
+      - id: deb-version
+        name: Determine deb-version
         run: |
-          SEM_VER_STR="${{ inputs.semver }}"
-          SEM_VER_NUM=`echo ${SEM_VER_STR} | sed -E 's/([0-9]+\.[0-9]+\.[0-9]+).*/\1/'`
-          REVCOUNT=`git rev-list --count HEAD`
-          echo "semVerStr=${SEM_VER_STR}" >> $GITHUB_OUTPUT
-          echo "semVerNum=${SEM_VER_NUM}" >> $GITHUB_OUTPUT
-          echo "revNum=${REVCOUNT}" >> $GITHUB_OUTPUT
+          if [ -n "${{inputs.ppaver}}" ]; then
+            echo "debVersion=${{inputs.ppaver }}" >> "$GITHUB_OUTPUT"
+          else
+            echo "debVersion=${{needs.get-version.outputs.semVerStr}}" >> "$GITHUB_OUTPUT"
+          fi
       - name: Install build tools
         run: |
           sudo add-apt-repository ppa:coffeelibs/openjdk
@@ -94,7 +105,7 @@ jobs:
           cp -r jmods pkgdir
           cp -r dist/linux/common/ pkgdir
           cp target/cryptomator-*.jar pkgdir/mods
-          tar -cJf cryptomator_${{ inputs.ppaver }}.orig.tar.xz -C pkgdir .
+          tar -cJf cryptomator_${{ steps.deb-version.outputs.debVersion }}.orig.tar.xz -C pkgdir .
       - name: Patch and rename pkgdir
         run: |
           cp -r dist/linux/debian/ pkgdir
@@ -103,12 +114,12 @@ jobs:
           envsubst '${SEMVER_STR} ${VERSION_NUM} ${REVISION_NUM} ${DISABLE_UPDATE_CHECK}' < dist/linux/debian/rules > pkgdir/debian/rules
           envsubst '${PPA_VERSION} ${RFC2822_TIMESTAMP}' < dist/linux/debian/changelog > pkgdir/debian/changelog
           find . -name "*.jar" >> pkgdir/debian/source/include-binaries
-          mv pkgdir cryptomator_${{ inputs.ppaver }}
+          mv pkgdir cryptomator_${{ steps.deb-version.outputs.debVersion }}
         env:
-          SEMVER_STR: ${{ steps.versions.outputs.semVerStr }}
-          VERSION_NUM: ${{ steps.versions.outputs.semVerNum }}
-          REVISION_NUM: ${{ steps.versions.outputs.revNum }}
-          PPA_VERSION: ${{ inputs.ppaver }}-0ppa1
+          SEMVER_STR: ${{ needs.get-version.outputs.semVerStr }}
+          VERSION_NUM: ${{ needs.get-version.outputs.semVerNum }}
+          REVISION_NUM: ${{ needs.get-version.outputs.revNum }}
+          PPA_VERSION: ${{ steps.deb-version.outputs.debVersion }}-0ppa1
       - name: Prepare GPG-Agent for signing with key 615D449FE6E6A235
         run: |
           echo "${GPG_PRIVATE_KEY}" | gpg --batch --quiet --import
@@ -118,12 +129,13 @@ jobs:
           GPG_PASSPHRASE: ${{ secrets.RELEASES_GPG_PASSPHRASE }}
       - name: debuild
         run: |
+          (sleep 8m; gpg --batch --quiet --pinentry-mode loopback -u 615D449FE6E6A235 --dry-run --sign README.md) &
           debuild -S -sa -d
           debuild -b -sa -d
         env:
           DEBSIGN_PROGRAM: gpg --batch --pinentry-mode loopback
           DEBSIGN_KEYID: 615D449FE6E6A235
-        working-directory: cryptomator_${{ inputs.ppaver }}
+        working-directory: cryptomator_${{ steps.deb-version.outputs.debVersion }}
       - name: Create detached GPG signatures
         run: |
           gpg --batch --quiet --passphrase-fd 0 --pinentry-mode loopback -u 615D449FE6E6A235 --detach-sign -a cryptomator_*_amd64.deb
@@ -140,7 +152,7 @@ jobs:
             cryptomator_*_amd64.deb
             cryptomator_*.asc
       - name: Publish on PPA
-        if: inputs.dput
+        if: inputs.dput && inputs.ppaver != ''
         run: dput ppa:sebastian-stenzel/cryptomator-beta cryptomator_*_source.changes
       # If ref is a tag, also upload to GitHub Releases:
       - name: Publish Debian package on GitHub Releases
diff --git a/.github/workflows/dependency-check.yml b/.github/workflows/dependency-check.yml
index 00e30c984..b44604490 100644
--- a/.github/workflows/dependency-check.yml
+++ b/.github/workflows/dependency-check.yml
@@ -11,7 +11,7 @@ jobs:
     with:
       runner-os: 'ubuntu-latest'
       java-distribution: 'temurin'
-      java-version: 23
+      java-version: 24
       check-command: 'mvn -B validate -Pdependency-check -Djavafx.platform=linux'
     secrets:
       nvd-api-key: ${{ secrets.NVD_API_KEY }}
diff --git a/.github/workflows/get-version.yml b/.github/workflows/get-version.yml
index 5a5ab09b0..4ee423386 100644
--- a/.github/workflows/get-version.yml
+++ b/.github/workflows/get-version.yml
@@ -23,7 +23,7 @@ on:
 
 env:
   JAVA_DIST: 'temurin'
-  JAVA_VERSION: 23
+  JAVA_VERSION: 24
 
 jobs:
   determine-version:
diff --git a/.github/workflows/mac-dmg-x64.yml b/.github/workflows/mac-dmg-x64.yml
index a26e32565..0a52e71a8 100644
--- a/.github/workflows/mac-dmg-x64.yml
+++ b/.github/workflows/mac-dmg-x64.yml
@@ -2,20 +2,29 @@ name: Build macOS .dmg for x64
 
 #######################################
 # STOP! DO NOT EDIT THIS FILE!
-# 
+#
 # It is a copy of mac-dmg.yml with tiny adjustements (mainly lines 42 to 47)
 # It was made necessary, since Github does not offer free macos intel runners for macos 15 and above.
-# This workflow can only be triggered by a release.
-# 
+#
 #######################################
 
 on:
   release:
     types: [published]
+  workflow_dispatch:
+    inputs:
+      version:
+        description: 'Version'
+        required: false
+      notarize:
+        description: 'Notarize'
+        required: true
+        default: false
+        type: boolean
 
 env:
   JAVA_DIST: 'temurin'
-  JAVA_VERSION: '23.0.2+7'
+  JAVA_VERSION: '24.0.1+9'
 
 jobs:
   get-version:
@@ -35,8 +44,8 @@ jobs:
           architecture: x64
           output-suffix: x64
           fuse-lib: macFUSE
-          openjfx-url: 'https://download2.gluonhq.com/openjfx/23.0.2/openjfx-23.0.2_osx-x64_bin-jmods.zip'
-          openjfx-sha: '5e6c65c065eea22430c0eab36f37a5985eb8ad99e19e8772262021740d338f68'
+          openjfx-url: 'https://download2.gluonhq.com/openjfx/24.0.1/openjfx-24.0.1_osx-x64_bin-jmods.zip'
+          openjfx-sha: '6e62a426d43c168a488521f904a523f3dd6ee2cf103e08136f2fd465c828a105'
     steps:
       - uses: actions/checkout@v4
       - name: Setup Java
@@ -75,13 +84,21 @@ jobs:
         run: |
           cp LICENSE.txt target
           cp target/cryptomator-*.jar target/mods
+      - name: Run jlink with help option
+        id: jep-493-check
+        run: |
+          JMOD_PATHS="openjfx-jmods"
+          if ! ${JAVA_HOME}/bin/jlink --help | grep -q "Linking from run-time image enabled"; then
+            JMOD_PATHS="${JAVA_HOME}/jmods:${JMOD_PATHS}"
+          fi
+          echo "jmod_paths=${JMOD_PATHS}" >> "$GITHUB_OUTPUT"
       - name: Run jlink
         #Remark: no compression is applied for improved build compression later (here dmg)
         run: >
           ${JAVA_HOME}/bin/jlink
           --verbose
           --output runtime
-          --module-path "${JAVA_HOME}/jmods:openjfx-jmods"
+          --module-path "${{ steps.jep-493-check.outputs.jmod_paths }}"
           --add-modules java.base,java.desktop,java.instrument,java.logging,java.naming,java.net.http,java.scripting,java.sql,java.xml,javafx.base,javafx.graphics,javafx.controls,javafx.fxml,jdk.unsupported,jdk.accessibility,jdk.management.jfr,java.compiler
           --strip-native-commands
           --no-header-files
@@ -103,7 +120,8 @@ jobs:
           --copyright "(C) 2016 - 2025 Skymatic GmbH"
           --app-version "${{ needs.get-version.outputs.semVerNum }}"
           --java-options "--enable-preview"
-          --java-options "--enable-native-access=org.cryptomator.jfuse.mac"
+          --java-options "--enable-native-access=javafx.graphics,org.cryptomator.jfuse.mac"
+          --java-options "--sun-misc-unsafe-memory-access=allow"
           --java-options "-Xss5m"
           --java-options "-Xmx256m"
           --java-options "-Dfile.encoding=\"utf-8\""
@@ -223,6 +241,11 @@ jobs:
           Cryptomator-${VERSION_NO}-${{ matrix.output-suffix }}.dmg dmg
         env:
           VERSION_NO: ${{ needs.get-version.outputs.semVerNum }}
+      - name: Codesign .dmg
+        run: |
+          codesign -s ${CODESIGN_IDENTITY} --timestamp Cryptomator-*.dmg
+        env:
+          CODESIGN_IDENTITY: ${{ secrets.MACOS_CODESIGN_IDENTITY }}
       - name: Notarize .dmg
         if: startsWith(github.ref, 'refs/tags/') || inputs.notarize
         uses: cocoalibs/xcode-notarization-action@v1
diff --git a/.github/workflows/mac-dmg.yml b/.github/workflows/mac-dmg.yml
index 27dd8cfdc..29b4a4b0c 100644
--- a/.github/workflows/mac-dmg.yml
+++ b/.github/workflows/mac-dmg.yml
@@ -13,10 +13,16 @@ on:
         required: true
         default: false
         type: boolean
+  push:
+    branches-ignore:
+      - 'dependabot/**'
+    paths:
+      - '.github/workflows/mac-dmg.yml'
+      - 'dist/mac/**'
 
 env:
   JAVA_DIST: 'temurin'
-  JAVA_VERSION: '23.0.2+7'
+  JAVA_VERSION: '24.0.1+9'
 
 jobs:
   get-version:
@@ -36,8 +42,8 @@ jobs:
           architecture: aarch64
           output-suffix: arm64
           fuse-lib: FUSE-T
-          openjfx-url: 'https://download2.gluonhq.com/openjfx/23.0.2/openjfx-23.0.2_osx-aarch64_bin-jmods.zip'
-          openjfx-sha: 'c690cc642a3924cf56622951f478ba57aec9ce09063761f800c3319331bed3fc'
+          openjfx-url: 'https://download2.gluonhq.com/openjfx/24.0.1/openjfx-24.0.1_osx-aarch64_bin-jmods.zip'
+          openjfx-sha: 'b5a94a13077507003fa852512bfa33f4fb680bc8076d8002e4227a84c85171d4'
     steps:
       - uses: actions/checkout@v4
       - name: Setup Java
@@ -76,13 +82,21 @@ jobs:
         run: |
           cp LICENSE.txt target
           cp target/cryptomator-*.jar target/mods
+      - name: Run jlink with help option
+        id: jep-493-check
+        run: |
+          JMOD_PATHS="openjfx-jmods"
+          if ! ${JAVA_HOME}/bin/jlink --help | grep -q "Linking from run-time image enabled"; then
+            JMOD_PATHS="${JAVA_HOME}/jmods:${JMOD_PATHS}"
+          fi
+          echo "jmod_paths=${JMOD_PATHS}" >> "$GITHUB_OUTPUT"
       - name: Run jlink
         #Remark: no compression is applied for improved build compression later (here dmg)
         run: >
           ${JAVA_HOME}/bin/jlink
           --verbose
           --output runtime
-          --module-path "${JAVA_HOME}/jmods:openjfx-jmods"
+          --module-path "${{ steps.jep-493-check.outputs.jmod_paths }}"
           --add-modules java.base,java.desktop,java.instrument,java.logging,java.naming,java.net.http,java.scripting,java.sql,java.xml,javafx.base,javafx.graphics,javafx.controls,javafx.fxml,jdk.unsupported,jdk.accessibility,jdk.management.jfr,java.compiler
           --strip-native-commands
           --no-header-files
@@ -104,7 +118,8 @@ jobs:
           --copyright "(C) 2016 - 2025 Skymatic GmbH"
           --app-version "${{ needs.get-version.outputs.semVerNum }}"
           --java-options "--enable-preview"
-          --java-options "--enable-native-access=org.cryptomator.jfuse.mac"
+          --java-options "--enable-native-access=javafx.graphics,org.cryptomator.jfuse.mac"
+          --java-options "--sun-misc-unsafe-memory-access=allow"
           --java-options "-Xss5m"
           --java-options "-Xmx256m"
           --java-options "-Dfile.encoding=\"utf-8\""
@@ -224,6 +239,11 @@ jobs:
           Cryptomator-${VERSION_NO}-${{ matrix.output-suffix }}.dmg dmg
         env:
           VERSION_NO: ${{ needs.get-version.outputs.semVerNum }}
+      - name: Codesign .dmg
+        run: |
+          codesign -s ${CODESIGN_IDENTITY} --timestamp Cryptomator-*.dmg
+        env:
+          CODESIGN_IDENTITY: ${{ secrets.MACOS_CODESIGN_IDENTITY }}
       - name: Notarize .dmg
         if: startsWith(github.ref, 'refs/tags/') || inputs.notarize
         uses: cocoalibs/xcode-notarization-action@v1
diff --git a/.github/workflows/pullrequest.yml b/.github/workflows/pullrequest.yml
index 5b0cb5111..28ab593cd 100644
--- a/.github/workflows/pullrequest.yml
+++ b/.github/workflows/pullrequest.yml
@@ -5,7 +5,7 @@ on:
 
 env:
   JAVA_DIST: 'temurin'
-  JAVA_VERSION: 23
+  JAVA_VERSION: 24
 
 defaults:
   run:
@@ -15,7 +15,6 @@ jobs:
   test:
     name: Compile and Test
     runs-on: ubuntu-latest
-    if: "!contains(github.event.head_commit.message, '[ci skip]') && !contains(github.event.head_commit.message, '[skip ci]')"
     steps:
       - uses: actions/checkout@v4
       - uses: actions/setup-java@v4
diff --git a/.github/workflows/win-exe.yml b/.github/workflows/win-exe.yml
index ed525a7f6..cfbbc05a7 100644
--- a/.github/workflows/win-exe.yml
+++ b/.github/workflows/win-exe.yml
@@ -12,14 +12,19 @@ on:
         description: 'Build debug version with console output'
         type: boolean
         default: false
+  push:
+    branches-ignore:
+      - 'dependabot/**'
+    paths:
+      - '.github/workflows/win-exe.yml'
+      - 'dist/win/**'
 
 
 env:
-  JAVA_DIST: 'zulu'
-  JAVA_VERSION: '23.0.2+7'
-  OPENJFX_JMODS_AMD64: 'https://download2.gluonhq.com/openjfx/23.0.1/openjfx-23.0.1_windows-x64_bin-jmods.zip'
-  OPENJFX_JMODS_AMD64_HASH: 'ee176dcee3bd78bde7910735bd67f67c792882f5b89626796ae06f7a1c0119d3'
-  WINFSP_MSI: 'https://github.com/winfsp/winfsp/releases/download/v2.0/winfsp-2.0.23075.msi'
+  OPENJFX_JMODS_AMD64: 'https://download2.gluonhq.com/openjfx/24.0.1/openjfx-24.0.1_windows-x64_bin-jmods.zip'
+  OPENJFX_JMODS_AMD64_HASH: 'f13d17c7caf88654fc835f1b4e75a9b0f34a888eb8abef381796c0002e63b03f'
+  WINFSP_MSI: 'https://github.com/winfsp/winfsp/releases/download/v2.1/winfsp-2.1.25156.msi'
+  WINFSP_MSI_HASH: '073a70e00f77423e34bed98b86e600def93393ba5822204fac57a29324db9f7a'
   WINFSP_UNINSTALLER: 'https://github.com/cryptomator/winfsp-uninstaller/releases/latest/download/winfsp-uninstaller.exe'
 
 defaults:
@@ -34,8 +39,21 @@ jobs:
 
   build-msi:
     name: Build .msi Installer
-    runs-on: windows-latest
-    needs: [get-version]
+    runs-on: ${{ matrix.os }}
+    needs: [ get-version ]
+    strategy:
+      matrix:
+        include:
+          - arch: x64
+            os: windows-latest
+            java-dist: 'zulu'
+            java-version: '24.0.1+9'
+            java-package: 'jdk'
+          - arch: arm64
+            os: windows-11-arm
+            java-dist: 'liberica'
+            java-version: '24.0.1+11'
+            java-package: 'jdk+fx' #This is needed, as liberica contains JFX 24 Jmods for Windows ARM64
     env:
       LOOPBACK_ALIAS: 'cryptomator-vault'
       WIN_CONSOLE_FLAG: ''
@@ -44,23 +62,31 @@ jobs:
       - name: Setup Java
         uses: actions/setup-java@v4
         with:
-          distribution: ${{ env.JAVA_DIST }}
-          java-version: ${{ env.JAVA_VERSION }}
+          distribution: ${{ matrix.java-dist }}
+          java-version: ${{ matrix.java-version }}
+          java-package: ${{ matrix.java-package }}
           check-latest: true
           cache: 'maven'
+      - name: Install wix and extensions
+        run: |
+          dotnet tool install --global wix --version 6.0.0
+          wix.exe extension add WixToolset.UI.wixext/6.0.0 --global
+          wix.exe extension add WixToolset.Util.wixext/6.0.0 --global
       - name: Download and extract JavaFX jmods from Gluon
+        if: matrix.arch == 'x64'
         #In the last step we move all jmods files a dir level up because jmods are placed inside a directory in the zip
         run: |
-          curl --output jfxjmods.zip -L "${{ env.OPENJFX_JMODS_AMD64 }}"
-          if(!(Get-FileHash -Path jfxjmods.zip -Algorithm SHA256).Hash.ToLower().equals("${{ env.OPENJFX_JMODS_AMD64_HASH }}")) {
+          curl --output openjfx-jmods.zip -L "${{ env.OPENJFX_JMODS_AMD64 }}"
+          if(!(Get-FileHash -Path openjfx-jmods.zip -Algorithm SHA256).Hash.ToLower().equals("${{ env.OPENJFX_JMODS_AMD64_HASH }}")) {
             throw "Wrong checksum of JMOD archive downloaded from ${{ env.OPENJFX_JMODS_AMD64 }}.";
           }
-          Expand-Archive -Path jfxjmods.zip -DestinationPath jfxjmods
-          Get-ChildItem -Path jfxjmods -Recurse -Filter "*.jmod" | ForEach-Object { Move-Item -Path $_ -Destination $_.Directory.Parent}
+          Expand-Archive -Path openjfx-jmods.zip -DestinationPath openjfx-jmods
+          Get-ChildItem -Path openjfx-jmods -Recurse -Filter "*.jmod" | ForEach-Object { Move-Item -Path $_ -Destination $_.Directory.Parent}
         shell: pwsh
       - name: Ensure major jfx version in pom and in jmods is the same
+        if: matrix.arch == 'x64'
         run: |
-          JMOD_VERSION_AMD64=$(jmod describe jfxjmods/javafx.base.jmod | head -1)
+          JMOD_VERSION_AMD64=$(jmod describe openjfx-jmods/javafx.base.jmod | head -1)
           JMOD_VERSION_AMD64=${JMOD_VERSION_AMD64#*@}
           JMOD_VERSION_AMD64=${JMOD_VERSION_AMD64%%.*}
           POM_JFX_VERSION=$(mvn help:evaluate "-Dexpression=javafx.version" -q -DforceStdout)
@@ -72,20 +98,28 @@ jobs:
             exit 1
           fi
       - name: Set version
-        run : mvn versions:set -DnewVersion=${{ needs.get-version.outputs.semVerStr }}
+        run: mvn versions:set -DnewVersion=${{ needs.get-version.outputs.semVerStr }}
       - name: Run maven
         run: mvn -B clean package -Pwin -DskipTests -Djavafx.platform=win
       - name: Patch target dir
         run: |
           cp LICENSE.txt target
           cp target/cryptomator-*.jar target/mods
+      - name: Run jlink with help option
+        id: jep-493-check
+        run: |
+          JMOD_PATHS="openjfx-jmods"
+          if ! $(${JAVA_HOME}/bin/jlink --help | grep -q "Linking from run-time image enabled"); then
+            JMOD_PATHS="${JAVA_HOME}/jmods;${JMOD_PATHS}"
+          fi
+          echo "jmod_paths=${JMOD_PATHS}" >> "$GITHUB_OUTPUT"
       - name: Run jlink
-        #Remark: no compression is applied for improved build compression later (here msi)
+        # Remark: no compression is applied for improved build compression later (here msi)
         run: >
           ${JAVA_HOME}/bin/jlink
           --verbose
           --output runtime
-          --module-path "jfxjmods;${JAVA_HOME}/jmods"
+          --module-path "${{ steps.jep-493-check.outputs.jmod_paths }}"
           --add-modules java.base,java.desktop,java.instrument,java.logging,java.naming,java.net.http,java.scripting,java.sql,java.xml,javafx.base,javafx.graphics,javafx.controls,javafx.fxml,jdk.crypto.mscapi,jdk.unsupported,jdk.accessibility,jdk.management.jfr,java.compiler
           --strip-native-commands
           --no-header-files
@@ -110,7 +144,8 @@ jobs:
           --copyright "(C) 2016 - 2025 Skymatic GmbH"
           --app-version "${{ needs.get-version.outputs.semVerNum }}.${{ needs.get-version.outputs.revNum }}"
           --java-options "--enable-preview"
-          --java-options "--enable-native-access=org.cryptomator.jfuse.win,org.cryptomator.integrations.win"
+          --java-options "--enable-native-access=javafx.graphics,org.cryptomator.jfuse.win,org.cryptomator.integrations.win"
+          --java-options "--sun-misc-unsafe-memory-access=allow"
           --java-options "-Xss5m"
           --java-options "-Xmx256m"
           --java-options "-Dcryptomator.appVersion=\"${{ needs.get-version.outputs.semVerStr }}\""
@@ -127,6 +162,7 @@ jobs:
           --java-options "-Dcryptomator.buildNumber=\"msi-${{ needs.get-version.outputs.revNum }}\""
           --java-options "-Dcryptomator.integrationsWin.autoStartShellLinkName=\"Cryptomator\""
           --java-options "-Dcryptomator.integrationsWin.keychainPaths=\"@{appdata}/Cryptomator/keychain.json;@{userhome}/AppData/Roaming/Cryptomator/keychain.json\""
+          --java-options "-Dcryptomator.integrationsWin.windowsHelloKeychainPaths=\"@{appdata}/Cryptomator/windowsHelloKeychain.json\""
           --java-options "-Djavafx.verbose=${{ inputs.isDebug }}"
           --resource-dir dist/win/resources
           --icon dist/win/resources/Cryptomator.ico
@@ -237,8 +273,8 @@ jobs:
           description: Cryptomator Installer
           timestampUrl: 'http://timestamp.digicert.com'
           folder: installer
-      - name: Add possible alpha/beta tags to installer name
-        run: mv installer/Cryptomator-*.msi Cryptomator-${{ needs.get-version.outputs.semVerStr }}-x64.msi
+      - name: Add possible alpha/beta tags and architecture to installer name
+        run: mv installer/Cryptomator-*.msi Cryptomator-${{ needs.get-version.outputs.semVerStr }}-${{ matrix.arch }}.msi
       - name: Create detached GPG signature with key 615D449FE6E6A235
         run: |
           echo "${GPG_PRIVATE_KEY}" | gpg --batch --quiet --import
@@ -249,7 +285,7 @@ jobs:
       - name: Upload artifacts
         uses: actions/upload-artifact@v4
         with:
-          name: msi
+          name: msi-${{ matrix.arch }}
           path: |
             Cryptomator-*.msi
             Cryptomator-*.asc
@@ -257,21 +293,43 @@ jobs:
 
   build-exe:
     name: Build .exe installer
-    runs-on: windows-latest
-    needs: [get-version, build-msi]
+    runs-on: ${{ matrix.os }}
+    needs: [ get-version, build-msi ]
+    strategy:
+      matrix:
+        include:
+          - arch: x64
+            os: windows-latest
+            executable-suffix: x64
+            java-dist: 'zulu'
+            java-version: '24.0.1+9'
+            java-package: 'jdk'
+          - arch: arm64
+            os: windows-11-arm
+            executable-suffix: arm64
+            java-dist: 'liberica'
+            java-version: '24.0.1+11'
+            java-package: 'jdk+fx' #This is needed, as liberica contains JFX 24 Jmods for Windows ARM64
     steps:
       - uses: actions/checkout@v4
+      - name: Install wix and extensions
+        run: |
+          dotnet tool install --global wix --version 6.0.0
+          wix.exe extension add WixToolset.BootstrapperApplications.wixext/6.0.0 --global
+          wix.exe extension add WixToolset.Util.wixext/6.0.0 --global
       - name: Download .msi
         uses: actions/download-artifact@v4
         with:
-          name: msi
+          name: msi-${{ matrix.arch }}
           path: dist/win/bundle/resources
       - name: Strip version info from msi file name
         run: mv dist/win/bundle/resources/Cryptomator*.msi dist/win/bundle/resources/Cryptomator.msi
-      - uses: actions/setup-java@v4
+      - name: Setup Java
+        uses: actions/setup-java@v4
         with:
-          distribution: ${{ env.JAVA_DIST }}
-          java-version: ${{ env.JAVA_VERSION }}
+          distribution: ${{ matrix.java-dist }}
+          java-version: ${{ matrix.java-version }}
+          java-package: ${{ matrix.java-package }}
           check-latest: true
           cache: 'maven'
       - name: Generate license for exe
@@ -287,35 +345,36 @@ jobs:
         shell: pwsh
       - name: Download WinFsp
         run: |
-          curl --output dist/win/bundle/resources/winfsp.msi -L ${{ env.WINFSP_MSI }}
+          curl --output $env:WINFSP_PATH -L ${{ env.WINFSP_MSI }}
+          $computedHash = (Get-FileHash -Path $env:WINFSP_PATH -Algorithm SHA256).Hash.ToLower()
+          if ($computedHash -ne "${{ env.WINFSP_MSI_HASH }}") {
+            throw "Checksum mismatch for $env:WINFSP_PATH (expected ${{ env.WINFSP_MSI_HASH }}, got $computedHash)."
+          }
+        env:
+          WINFSP_PATH: 'dist/win/bundle/resources/winfsp.msi'
         shell: pwsh
       - name: Download Legacy-WinFsp uninstaller
         run: |
           curl --output dist/win/bundle/resources/winfsp-uninstaller.exe -L ${{ env.WINFSP_UNINSTALLER }}
         shell: pwsh
-      - name: Compile to wixObj file
+      - name: Create Wix Burn bundle
+        working-directory: dist/win
         run: >
-          "${WIX}/bin/candle.exe" dist/win/bundle/bundleWithWinfsp.wxs
-          -ext WixBalExtension
-          -ext WixUtilExtension
-          -out dist/win/bundle/
-          -dBundleVersion="${{ needs.get-version.outputs.semVerNum }}.${{ needs.get-version.outputs.revNum }}"
-          -dBundleVendor="Skymatic GmbH"
-          -dBundleCopyright="(C) 2016 - 2025 Skymatic GmbH"
-          -dAboutUrl="https://cryptomator.org"
-          -dHelpUrl="https://cryptomator.org/contact"
-          -dUpdateUrl="https://cryptomator.org/downloads/"
-      - name: Create executable with linker
-        run: >
-          "${WIX}/bin/light.exe" -b dist/win/ dist/win/bundle/bundleWithWinfsp.wixobj
-          -ext WixBalExtension
-          -ext WixUtilExtension
-          -out installer/unsigned/Cryptomator-Installer.exe
+          wix build
+          -define BundleName="Cryptomator"
+          -define BundleVersion="${{ needs.get-version.outputs.semVerNum }}.${{ needs.get-version.outputs.revNum}}"
+          -define BundleVendor="Skymatic GmbH"
+          -define BundleCopyright="(C) 2016 - 2025 Skymatic GmbH"
+          -define AboutUrl="https://cryptomator.org"
+          -define HelpUrl="https://cryptomator.org/contact"
+          -define UpdateUrl="https://cryptomator.org/downloads/"
+          -ext "WixToolset.Util.wixext"
+          -ext "WixToolset.BootstrapperApplications.wixext"
+          ./bundle/bundleWithWinfsp.wxs
+          -out "../../installer/unsigned/Cryptomator-Installer.exe"
       - name: Detach burn engine in preparation to sign
         run: >
-          "${WIX}/bin/insignia.exe"
-          -ib installer/unsigned/Cryptomator-Installer.exe
-          -o tmp/engine.exe
+          wix burn detach installer/unsigned/Cryptomator-Installer.exe -engine tmp/engine.exe
       - name: Codesign burn engine
         uses: skymatic/code-sign-action@v3
         with:
@@ -326,10 +385,8 @@ jobs:
           timestampUrl: 'http://timestamp.digicert.com'
           folder: tmp
       - name: Reattach signed burn engine to installer
-        run : >
-          "${WIX}/bin/insignia.exe"
-          -ab tmp/engine.exe installer/unsigned/Cryptomator-Installer.exe
-          -o installer/Cryptomator-Installer.exe
+        run: >
+          wix burn reattach installer/unsigned/Cryptomator-Installer.exe -engine tmp/engine.exe -o installer/Cryptomator-Installer.exe
       - name: Codesign EXE
         uses: skymatic/code-sign-action@v3
         with:
@@ -340,7 +397,7 @@ jobs:
           timestampUrl: 'http://timestamp.digicert.com'
           folder: installer
       - name: Add possible alpha/beta tags to installer name
-        run: mv installer/Cryptomator-Installer.exe Cryptomator-${{ needs.get-version.outputs.semVerStr }}-x64.exe
+        run: mv installer/Cryptomator-Installer.exe Cryptomator-${{ needs.get-version.outputs.semVerStr }}-${{ matrix.executable-suffix }}.exe
       - name: Create detached GPG signature with key 615D449FE6E6A235
         run: |
           echo "${GPG_PRIVATE_KEY}" | gpg --batch --quiet --import
@@ -351,7 +408,7 @@ jobs:
       - name: Upload artifacts
         uses: actions/upload-artifact@v4
         with:
-          name: exe
+          name: exe-${{ matrix.executable-suffix }}
           path: |
             Cryptomator-*.exe
             Cryptomator-*.asc
@@ -361,16 +418,18 @@ jobs:
     name: Publish installers to the github release
     if: startsWith(github.ref, 'refs/tags/') && github.event.action == 'published'
     runs-on: ubuntu-latest
-    needs: [build-msi, build-exe]
+    needs: [ build-msi, build-exe ]
     outputs:
-      download-url-msi: ${{ fromJSON(steps.publish.outputs.assets)[0].browser_download_url }}
-      download-url-exe: ${{ fromJSON(steps.publish.outputs.assets)[1].browser_download_url }}
+      download-url-msi-x64: ${{ fromJSON(steps.publish.outputs.assets)[0].browser_download_url }}
+      download-url-msi-arm64: ${{ fromJSON(steps.publish.outputs.assets)[1].browser_download_url }}
+      download-url-exe-x64: ${{ fromJSON(steps.publish.outputs.assets)[2].browser_download_url }}
+      download-url-exe-arm64: ${{ fromJSON(steps.publish.outputs.assets)[3].browser_download_url }}
     steps:
       - name: Download installers
         uses: actions/download-artifact@v4
         with:
           merge-multiple: true
-      - name: Publish .msi on GitHub Releases
+      - name: Publish installers on GitHub Releases
         id: publish
         uses: softprops/action-gh-release@v2
         with:
@@ -378,22 +437,38 @@ jobs:
           token: ${{ secrets.CRYPTOBOT_RELEASE_TOKEN }}
           # do not change ordering of filelist, required for correct job output
           files: |
-            *.msi
-            *.exe
+            *x64.msi
+            *arm64.msi
+            *x64.exe
+            *arm64.exe
             *.asc
 
-  allowlist-msi:
+  allowlist-msi-x64:
     uses: ./.github/workflows/av-whitelist.yml
-    needs: [publish]
+    needs: [ publish ]
     with:
-      url: ${{ needs.publish.outputs.download-url-msi }}
+      url: ${{ needs.publish.outputs.download-url-msi-x64 }}
     secrets: inherit
 
-  allowlist-exe:
+  allowlist-msi-arm64:
     uses: ./.github/workflows/av-whitelist.yml
-    needs: [publish, allowlist-msi]
+    needs: [ publish ]
     with:
-      url: ${{ needs.publish.outputs.download-url-exe }}
+      url: ${{ needs.publish.outputs.download-url-msi-arm64 }}
+    secrets: inherit
+
+  allowlist-exe-x64:
+    uses: ./.github/workflows/av-whitelist.yml
+    needs: [ publish, allowlist-msi-x64 ]
+    with:
+      url: ${{ needs.publish.outputs.download-url-exe-x64 }}
+    secrets: inherit
+
+  allowlist-exe-arm64:
+    uses: ./.github/workflows/av-whitelist.yml
+    needs: [ publish, allowlist-msi-arm64 ]
+    with:
+      url: ${{ needs.publish.outputs.download-url-exe-arm64 }}
     secrets: inherit
 
   notify-winget:
@@ -410,7 +485,7 @@ jobs:
           SLACK_ICON: false
           SLACK_ICON_EMOJI: ':bot:'
           SLACK_CHANNEL: 'cryptomator-desktop'
-          SLACK_TITLE: "MSI of ${{ github.event.repository.name }} ${{ github.event.release.tag_name }} published."
-          SLACK_MESSAGE: "Ready to <https://github.com/${{ github.repository }}/actions/workflows/winget.yml| release to winget>."
+          SLACK_TITLE: "MSI packages of ${{ github.event.repository.name }} ${{ github.event.release.tag_name }} published."
+          SLACK_MESSAGE: "Ready to <https://github.com/${{ github.repository }}/actions/workflows/winget.yml| release them to winget>."
           SLACK_FOOTER: false
-          MSG_MINIMAL: true
\ No newline at end of file
+          MSG_MINIMAL: true
diff --git a/.github/workflows/winget.yml b/.github/workflows/winget.yml
index 6d5a9c57d..476e409e3 100644
--- a/.github/workflows/winget.yml
+++ b/.github/workflows/winget.yml
@@ -23,5 +23,5 @@ jobs:
           identifier: Cryptomator.Cryptomator
           version: ${{ inputs.tag }}
           release-tag: ${{ inputs.tag }}
-          installers-regex: '\.msi$'
+          installers-regex: '-x64\.msi$'
           token: ${{ secrets.CRYPTOBOT_WINGET_TOKEN }}
\ No newline at end of file
diff --git a/.idea/misc.xml b/.idea/misc.xml
index 09accc25b..cbe05c79b 100644
--- a/.idea/misc.xml
+++ b/.idea/misc.xml
@@ -8,7 +8,7 @@
       </list>
     </option>
   </component>
-  <component name="ProjectRootManager" version="2" languageLevel="JDK_23" project-jdk-name="23" project-jdk-type="JavaSDK">
+  <component name="ProjectRootManager" version="2" languageLevel="JDK_24" project-jdk-name="24" project-jdk-type="JavaSDK">
     <output url="file://$PROJECT_DIR$/out" />
   </component>
 </project>
\ No newline at end of file
diff --git a/.idea/runConfigurations/Cryptomator_Linux.xml b/.idea/runConfigurations/Cryptomator_Linux.xml
index 1a1b394b5..e9ecf3a50 100644
--- a/.idea/runConfigurations/Cryptomator_Linux.xml
+++ b/.idea/runConfigurations/Cryptomator_Linux.xml
@@ -2,7 +2,7 @@
   <configuration default="false" name="Cryptomator Linux" type="Application" factoryName="Application">
     <option name="MAIN_CLASS_NAME" value="org.cryptomator.launcher.Cryptomator" />
     <module name="cryptomator" />
-    <option name="VM_PARAMETERS" value="-Dcryptomator.settingsPath=&quot;@{userhome}/.config/Cryptomator/settings.json&quot; -Dcryptomator.p12Path=&quot;@{userhome}/.config/Cryptomator/key.p12&quot; -Dcryptomator.ipcSocketPath=&quot;@{userhome}/.config/Cryptomator/ipc.socket&quot; -Dcryptomator.logDir=&quot;@{userhome}/.local/share/Cryptomator/logs&quot; -Dcryptomator.pluginDir=&quot;@{userhome}/.local/share/Cryptomator/plugins&quot; -Dcryptomator.mountPointsDir=&quot;@{userhome}/.local/share/Cryptomator/mnt&quot; -Dcryptomator.showTrayIcon=true -Xss20m -Xmx512m --enable-preview --enable-native-access=org.cryptomator.jfuse.linux.amd64,org.cryptomator.jfuse.linux.aarch64,org.purejava.appindicator" />
+    <option name="VM_PARAMETERS" value="-Dcryptomator.settingsPath=&quot;@{userhome}/.config/Cryptomator/settings.json&quot; -Dcryptomator.p12Path=&quot;@{userhome}/.config/Cryptomator/key.p12&quot; -Dcryptomator.ipcSocketPath=&quot;@{userhome}/.config/Cryptomator/ipc.socket&quot; -Dcryptomator.logDir=&quot;@{userhome}/.local/share/Cryptomator/logs&quot; -Dcryptomator.pluginDir=&quot;@{userhome}/.local/share/Cryptomator/plugins&quot; -Dcryptomator.mountPointsDir=&quot;@{userhome}/.local/share/Cryptomator/mnt&quot; -Dcryptomator.showTrayIcon=true -Xss20m -Xmx512m --enable-preview --enable-native-access=org.cryptomator.jfuse.linux.amd64,org.cryptomator.jfuse.linux.aarch64,org.purejava.appindicator,javafx.graphics" />
     <method v="2">
       <option name="Make" enabled="true" />
     </method>
diff --git a/.idea/runConfigurations/Cryptomator_Linux_Dev.xml b/.idea/runConfigurations/Cryptomator_Linux_Dev.xml
index ac4df5630..8aba3fd2d 100644
--- a/.idea/runConfigurations/Cryptomator_Linux_Dev.xml
+++ b/.idea/runConfigurations/Cryptomator_Linux_Dev.xml
@@ -2,7 +2,7 @@
   <configuration default="false" name="Cryptomator Linux Dev" type="Application" factoryName="Application">
     <option name="MAIN_CLASS_NAME" value="org.cryptomator.launcher.Cryptomator" />
     <module name="cryptomator" />
-    <option name="VM_PARAMETERS" value="-Dcryptomator.settingsPath=&quot;@{userhome}/.config/Cryptomator-Dev/settings.json&quot; -Dcryptomator.p12Path=&quot;@{userhome}/.config/Cryptomator-Dev/key.p12&quot; -Dcryptomator.ipcSocketPath=&quot;@{userhome}/.config/Cryptomator-Dev/ipc.socket&quot; -Dcryptomator.logDir=&quot;@{userhome}/.local/share/Cryptomator-Dev/logs&quot; -Dcryptomator.pluginDir=&quot;@{userhome}/.local/share/Cryptomator-Dev/plugins&quot; -Dcryptomator.mountPointsDir=&quot;@{userhome}/.local/share/Cryptomator-Dev/mnt&quot; -Dcryptomator.showTrayIcon=true -Dfuse.experimental=&quot;true&quot; -Xss20m -Xmx512m --enable-preview --enable-native-access=org.cryptomator.jfuse.linux.amd64,org.cryptomator.jfuse.linux.aarch64,org.purejava.appindicator" />
+    <option name="VM_PARAMETERS" value="-Dcryptomator.settingsPath=&quot;@{userhome}/.config/Cryptomator-Dev/settings.json&quot; -Dcryptomator.p12Path=&quot;@{userhome}/.config/Cryptomator-Dev/key.p12&quot; -Dcryptomator.ipcSocketPath=&quot;@{userhome}/.config/Cryptomator-Dev/ipc.socket&quot; -Dcryptomator.logDir=&quot;@{userhome}/.local/share/Cryptomator-Dev/logs&quot; -Dcryptomator.pluginDir=&quot;@{userhome}/.local/share/Cryptomator-Dev/plugins&quot; -Dcryptomator.mountPointsDir=&quot;@{userhome}/.local/share/Cryptomator-Dev/mnt&quot; -Dcryptomator.showTrayIcon=true -Dfuse.experimental=&quot;true&quot; -Xss20m -Xmx512m --enable-preview --enable-native-access=org.cryptomator.jfuse.linux.amd64,org.cryptomator.jfuse.linux.aarch64,org.purejava.appindicator,javafx.graphics" />
     <method v="2">
       <option name="Make" enabled="true" />
     </method>
diff --git a/.idea/runConfigurations/Cryptomator_Windows.xml b/.idea/runConfigurations/Cryptomator_Windows.xml
index 2e9fdb785..aa846de7b 100644
--- a/.idea/runConfigurations/Cryptomator_Windows.xml
+++ b/.idea/runConfigurations/Cryptomator_Windows.xml
@@ -2,7 +2,7 @@
   <configuration default="false" name="Cryptomator Windows" type="Application" factoryName="Application">
     <option name="MAIN_CLASS_NAME" value="org.cryptomator.launcher.Cryptomator" />
     <module name="cryptomator" />
-    <option name="VM_PARAMETERS" value="-Dcryptomator.settingsPath=&quot;@{appdata}/Cryptomator/settings.json;@{userhome}/AppData/Roaming/Cryptomator/settings.json&quot; -Dcryptomator.ipcSocketPath=&quot;@{localappdata}/Cryptomator/ipc.socket&quot; -Dcryptomator.logDir=&quot;@{localappdata}/Cryptomator&quot; -Dcryptomator.pluginDir=&quot;@{appdata}/Cryptomator/Plugins&quot; -Dcryptomator.integrationsWin.keychainPaths=&quot;@{appdata}/Cryptomator/keychain.json;@{userhome}/AppData/Roaming/Cryptomator/keychain.json&quot; -Dcryptomator.p12Path=&quot;@{appdata}/Cryptomator/key.p12;@{userhome}/AppData/Roaming/Cryptomator/key.p12&quot; -Dcryptomator.mountPointsDir=&quot;@{userhome}/Cryptomator&quot; -Dcryptomator.showTrayIcon=true -Xss2m -Xmx512m --enable-preview --enable-native-access=org.cryptomator.jfuse.win,org.cryptomator.integrations.win" />
+    <option name="VM_PARAMETERS" value="-Dcryptomator.settingsPath=&quot;@{appdata}/Cryptomator/settings.json;@{userhome}/AppData/Roaming/Cryptomator/settings.json&quot; -Dcryptomator.ipcSocketPath=&quot;@{localappdata}/Cryptomator/ipc.socket&quot; -Dcryptomator.logDir=&quot;@{localappdata}/Cryptomator&quot; -Dcryptomator.pluginDir=&quot;@{appdata}/Cryptomator/Plugins&quot; -Dcryptomator.integrationsWin.keychainPaths=&quot;@{appdata}/Cryptomator/keychain.json;@{userhome}/AppData/Roaming/Cryptomator/keychain.json&quot; -Dcryptomator.integrationsWin.windowsHelloKeychainPaths=&quot;@{appdata}/Cryptomator/windowsHelloKeychain.json;@{userhome}/AppData/Roaming/Cryptomator/windowsHelloKeychain.json&quot; -Dcryptomator.p12Path=&quot;@{appdata}/Cryptomator/key.p12;@{userhome}/AppData/Roaming/Cryptomator/key.p12&quot; -Dcryptomator.mountPointsDir=&quot;@{userhome}/Cryptomator&quot; -Dcryptomator.showTrayIcon=true -Xss2m -Xmx512m --enable-preview --enable-native-access=org.cryptomator.jfuse.win,org.cryptomator.integrations.win,javafx.graphics" />
     <method v="2">
       <option name="Make" enabled="true" />
     </method>
diff --git a/.idea/runConfigurations/Cryptomator_Windows_Dev.xml b/.idea/runConfigurations/Cryptomator_Windows_Dev.xml
index 50a07c3cb..fd3a32853 100644
--- a/.idea/runConfigurations/Cryptomator_Windows_Dev.xml
+++ b/.idea/runConfigurations/Cryptomator_Windows_Dev.xml
@@ -2,7 +2,7 @@
   <configuration default="false" name="Cryptomator Windows Dev" type="Application" factoryName="Application">
     <option name="MAIN_CLASS_NAME" value="org.cryptomator.launcher.Cryptomator" />
     <module name="cryptomator" />
-    <option name="VM_PARAMETERS" value="-Dcryptomator.settingsPath=&quot;@{appdata}/Cryptomator-Dev/settings.json;@{userhome}/AppData/Roaming/Cryptomator-Dev/settings.json&quot; -Dcryptomator.ipcSocketPath=&quot;@{localappdata}/Cryptomator-Dev/ipc.socket&quot; -Dcryptomator.logDir=&quot;@{localappdata}/Cryptomator-Dev&quot; -Dcryptomator.pluginDir=&quot;@{appdata}/Cryptomator-Dev/Plugins&quot; -Dcryptomator.integrationsWin.keychainPaths=&quot;@{appdata}/Cryptomator-Dev/keychain.json;@{userhome}/AppData/Roaming/Cryptomator-Dev/keychain.json&quot; -Dcryptomator.p12Path=&quot;@{appdata}/Cryptomator-Dev/key.p12;@{userhome}/AppData/Roaming/Cryptomator-Dev/key.p12&quot; -Dcryptomator.mountPointsDir=&quot;@{userhome}/Cryptomator-Dev&quot; -Dcryptomator.showTrayIcon=true -Xss2m -Xmx512m --enable-preview --enable-native-access=org.cryptomator.jfuse.win,org.cryptomator.integrations.win" />
+    <option name="VM_PARAMETERS" value="-Dcryptomator.settingsPath=&quot;@{appdata}/Cryptomator-Dev/settings.json;@{userhome}/AppData/Roaming/Cryptomator-Dev/settings.json&quot; -Dcryptomator.ipcSocketPath=&quot;@{localappdata}/Cryptomator-Dev/ipc.socket&quot; -Dcryptomator.logDir=&quot;@{localappdata}/Cryptomator-Dev&quot; -Dcryptomator.pluginDir=&quot;@{appdata}/Cryptomator-Dev/Plugins&quot; -Dcryptomator.integrationsWin.keychainPaths=&quot;@{appdata}/Cryptomator-Dev/keychain.json;@{userhome}/AppData/Roaming/Cryptomator-Dev/keychain.json&quot; -Dcryptomator.integrationsWin.windowsHelloKeychainPaths=&quot;@{appdata}/Cryptomator-Dev/windowsHelloKeychain.json;@{userhome}/AppData/Roaming/Cryptomator-Dev/windowsHelloKeychain.json&quot; -Dcryptomator.p12Path=&quot;@{appdata}/Cryptomator-Dev/key.p12;@{userhome}/AppData/Roaming/Cryptomator-Dev/key.p12&quot; -Dcryptomator.mountPointsDir=&quot;@{userhome}/Cryptomator-Dev&quot; -Dcryptomator.showTrayIcon=true -Xss2m -Xmx512m --enable-preview --enable-native-access=org.cryptomator.jfuse.win,org.cryptomator.integrations.win,javafx.graphics" />
     <method v="2">
       <option name="Make" enabled="true" />
     </method>
diff --git a/.idea/runConfigurations/Cryptomator_macOS.xml b/.idea/runConfigurations/Cryptomator_macOS.xml
index 006986c2c..c777434a2 100644
--- a/.idea/runConfigurations/Cryptomator_macOS.xml
+++ b/.idea/runConfigurations/Cryptomator_macOS.xml
@@ -5,7 +5,7 @@
     </envs>
     <option name="MAIN_CLASS_NAME" value="org.cryptomator.launcher.Cryptomator" />
     <module name="cryptomator" />
-    <option name="VM_PARAMETERS" value="-Dapple.awt.enableTemplateImages=true -Dcryptomator.settingsPath=&quot;@{userhome}/Library/Application Support/Cryptomator/settings.json&quot; -Dcryptomator.p12Path=&quot;@{userhome}/Library/Application Support/Cryptomator/key.p12&quot; -Dcryptomator.ipcSocketPath=&quot;@{userhome}/Library/Application Support/Cryptomator/ipc.socket&quot; -Dcryptomator.logDir=&quot;@{userhome}/Library/Logs/Cryptomator&quot; -Dcryptomator.pluginDir=&quot;@{userhome}/Library/Application Support/Cryptomator/Plugins&quot; -Dcryptomator.mountPointsDir=&quot;@{userhome}/Cryptomator&quot; -Dcryptomator.showTrayIcon=true -Dcryptomator.integrationsMac.keychainServiceName=Cryptomator -Xss2m -Xmx512m -ea --enable-preview --enable-native-access=org.cryptomator.jfuse.mac" />
+    <option name="VM_PARAMETERS" value="-Dapple.awt.enableTemplateImages=true -Dcryptomator.settingsPath=&quot;@{userhome}/Library/Application Support/Cryptomator/settings.json&quot; -Dcryptomator.p12Path=&quot;@{userhome}/Library/Application Support/Cryptomator/key.p12&quot; -Dcryptomator.ipcSocketPath=&quot;@{userhome}/Library/Application Support/Cryptomator/ipc.socket&quot; -Dcryptomator.logDir=&quot;@{userhome}/Library/Logs/Cryptomator&quot; -Dcryptomator.pluginDir=&quot;@{userhome}/Library/Application Support/Cryptomator/Plugins&quot; -Dcryptomator.mountPointsDir=&quot;@{userhome}/Cryptomator&quot; -Dcryptomator.showTrayIcon=true -Dcryptomator.integrationsMac.keychainServiceName=Cryptomator -Xss2m -Xmx512m -ea --enable-preview --enable-native-access=org.cryptomator.jfuse.mac,javafx.graphics" />
     <method v="2">
       <option name="Make" enabled="true" />
     </method>
diff --git a/.idea/runConfigurations/Cryptomator_macOS_Dev.xml b/.idea/runConfigurations/Cryptomator_macOS_Dev.xml
index d1534d9ed..5e317c6c4 100644
--- a/.idea/runConfigurations/Cryptomator_macOS_Dev.xml
+++ b/.idea/runConfigurations/Cryptomator_macOS_Dev.xml
@@ -5,7 +5,7 @@
     </envs>
     <option name="MAIN_CLASS_NAME" value="org.cryptomator.launcher.Cryptomator" />
     <module name="cryptomator" />
-    <option name="VM_PARAMETERS" value="-Dapple.awt.enableTemplateImages=true -Dcryptomator.settingsPath=&quot;@{userhome}/Library/Application Support/Cryptomator-Dev/settings.json&quot; -Dcryptomator.p12Path=&quot;@{userhome}/Library/Application Support/Cryptomator-Dev/key.p12&quot; -Dcryptomator.ipcSocketPath=&quot;@{userhome}/Library/Application Support/Cryptomator-Dev/ipc.socket&quot; -Dcryptomator.logDir=&quot;@{userhome}/Library/Logs/Cryptomator-Dev&quot; -Dcryptomator.pluginDir=&quot;@{userhome}/Library/Application Support/Cryptomator-Dev/Plugins&quot; -Dcryptomator.mountPointsDir=&quot;@{userhome}/Library/Application Support/Cryptomator-Dev/mnt&quot; -Dcryptomator.showTrayIcon=true -Dcryptomator.integrationsMac.keychainServiceName=Cryptomator -Xss2m -Xmx512m -ea --enable-preview --enable-native-access=org.cryptomator.jfuse.mac" />
+    <option name="VM_PARAMETERS" value="-Dapple.awt.enableTemplateImages=true -Dcryptomator.settingsPath=&quot;@{userhome}/Library/Application Support/Cryptomator-Dev/settings.json&quot; -Dcryptomator.p12Path=&quot;@{userhome}/Library/Application Support/Cryptomator-Dev/key.p12&quot; -Dcryptomator.ipcSocketPath=&quot;@{userhome}/Library/Application Support/Cryptomator-Dev/ipc.socket&quot; -Dcryptomator.logDir=&quot;@{userhome}/Library/Logs/Cryptomator-Dev&quot; -Dcryptomator.pluginDir=&quot;@{userhome}/Library/Application Support/Cryptomator-Dev/Plugins&quot; -Dcryptomator.mountPointsDir=&quot;@{userhome}/Library/Application Support/Cryptomator-Dev/mnt&quot; -Dcryptomator.showTrayIcon=true -Dcryptomator.integrationsMac.keychainServiceName=Cryptomator -Xss2m -Xmx512m -ea --enable-preview --enable-native-access=org.cryptomator.jfuse.mac,javafx.graphics" />
     <method v="2">
       <option name="Make" enabled="true" />
     </method>
diff --git a/README.md b/README.md
index d2bf39f29..9b57f3696 100644
--- a/README.md
+++ b/README.md
@@ -78,7 +78,7 @@ For more information on the security details visit [cryptomator.org](https://doc
 
 ### Dependencies
 
-* JDK 23 (e.g. temurin, zulu)
+* JDK 24 (e.g. temurin, zulu)
 * Maven 3
 
 ### Run Maven
diff --git a/dist/linux/appimage/build.sh b/dist/linux/appimage/build.sh
index e18054ae6..8d45739cb 100755
--- a/dist/linux/appimage/build.sh
+++ b/dist/linux/appimage/build.sh
@@ -12,7 +12,7 @@ command -v unzip >/dev/null 2>&1 || { echo >&2 "unzip not found."; exit 1; }
 
 VERSION=$(mvn -f ../../../pom.xml help:evaluate -Dexpression=project.version -q -DforceStdout)
 SEMVER_STR=${VERSION}
-CPU_ARCH=$(uname -p)
+CPU_ARCH=$(uname -m)
 
 if [[ ! "${CPU_ARCH}" =~ x86_64|aarch64 ]]; then echo "Platform ${CPU_ARCH} not supported"; exit 1; fi
 
@@ -23,12 +23,12 @@ mvn -B -f ../../../pom.xml clean package -Plinux -DskipTests -Djavafx.platform=l
 cp ../../../LICENSE.txt ../../../target
 cp ../../../target/cryptomator-*.jar ../../../target/mods
 
-JAVAFX_VERSION=23.0.2
+JAVAFX_VERSION=24.0.1
 JAVAFX_ARCH="x64"
-JAVAFX_JMODS_SHA256='063baebc6922e4a89c94b9dfb7a4f53e59e8d6fec400d4e670b31bc2ab324dec'
+JAVAFX_JMODS_SHA256='425fac742b9fbd095b2ce868cff82d1024620f747c94a7144d0a4879e756146c'
 if [ "${CPU_ARCH}" = "aarch64" ]; then
     JAVAFX_ARCH="aarch64"
-    JAVAFX_JMODS_SHA256='9bbedaeae1590b69e2b22237bda310936df33e344dbc243bea2e86acaab3a0d8'
+    JAVAFX_JMODS_SHA256='7e02edd0f4ee5527a27c94b0bbba66fcaaff41009119e45d0eca0f96ddfb6e7b'
 fi
 
 # download javaFX jmods
@@ -51,11 +51,17 @@ if [ $POM_JFX_VERSION -ne $JMOD_VERSION ]; then
 fi
 
 
-# add runtime
+# create runtime
+## check for JEP 493
+JMOD_PATHS="openjfx-jmods"
+if ! ${JAVA_HOME}/bin/jlink --help | grep -q "Linking from run-time image enabled"; then
+    JMOD_PATHS="${JAVA_HOME}/jmods:${JMOD_PATHS}"
+fi
+## create runtime image
 ${JAVA_HOME}/bin/jlink \
     --verbose \
     --output runtime \
-    --module-path "${JAVA_HOME}/jmods:openjfx-jmods" \
+    --module-path "${JMOD_PATHS}" \
     --add-modules java.base,java.desktop,java.instrument,java.logging,java.naming,java.net.http,java.scripting,java.sql,java.xml,javafx.base,javafx.graphics,javafx.controls,javafx.fxml,jdk.unsupported,jdk.security.auth,jdk.accessibility,jdk.management.jfr,jdk.net,java.compiler \
     --strip-native-commands \
     --no-header-files \
@@ -75,7 +81,7 @@ ${JAVA_HOME}/bin/jpackage \
     --name Cryptomator \
     --vendor "Skymatic GmbH" \
     --java-options "--enable-preview" \
-    --java-options "--enable-native-access=org.cryptomator.jfuse.linux.amd64,org.cryptomator.jfuse.linux.aarch64,org.purejava.appindicator" \
+    --java-options "--enable-native-access=javafx.graphics,org.cryptomator.jfuse.linux.amd64,org.cryptomator.jfuse.linux.aarch64,org.purejava.appindicator" \
     --copyright "(C) 2016 - 2025 Skymatic GmbH" \
     --java-options "-Xss5m" \
     --java-options "-Xmx256m" \
@@ -122,7 +128,7 @@ chmod +x /tmp/appimagetool.AppImage
 /tmp/appimagetool.AppImage \
     Cryptomator.AppDir \
     cryptomator-${SEMVER_STR}-${CPU_ARCH}.AppImage  \
-    -u 'gh-releases-zsync|cryptomator|cryptomator|latest|cryptomator-*-${CPU_ARCH}.AppImage.zsync'
+    -u "gh-releases-zsync|cryptomator|cryptomator|latest|cryptomator-*-${CPU_ARCH}.AppImage.zsync"
 
 echo ""
 echo "Done. AppImage successfully created: cryptomator-${SEMVER_STR}-${CPU_ARCH}.AppImage"
diff --git a/dist/linux/common/org.cryptomator.Cryptomator.metainfo.xml b/dist/linux/common/org.cryptomator.Cryptomator.metainfo.xml
index 16e2ba876..b088836f7 100644
--- a/dist/linux/common/org.cryptomator.Cryptomator.metainfo.xml
+++ b/dist/linux/common/org.cryptomator.Cryptomator.metainfo.xml
@@ -83,6 +83,9 @@
 	</content_rating>
 
 	<releases>
+		<release date="2025-06-24" version="1.17.0">
+			<url type="details">https://github.com/cryptomator/cryptomator/releases/1.17.0</url>
+		</release>
 		<release date="2025-05-15" version="1.16.2">
 			<url type="details">https://github.com/cryptomator/cryptomator/releases/1.16.2</url>
 		</release>
diff --git a/dist/linux/debian/changelog b/dist/linux/debian/changelog
index 84a9756f9..b4f3c295b 100644
--- a/dist/linux/debian/changelog
+++ b/dist/linux/debian/changelog
@@ -1,4 +1,4 @@
-cryptomator (${PPA_VERSION}) focal; urgency=low
+cryptomator (${PPA_VERSION}) jammy; urgency=low
 
   * Full changelog can be found on https://github.com/cryptomator/cryptomator/releases
 
diff --git a/dist/linux/debian/control b/dist/linux/debian/control
index 15626ba26..b0c2c6725 100644
--- a/dist/linux/debian/control
+++ b/dist/linux/debian/control
@@ -2,7 +2,7 @@ Source: cryptomator
 Maintainer: Cryptobot <releases@cryptomator.org>
 Section: utils
 Priority: optional
-Build-Depends: debhelper (>=10), coffeelibs-jdk-23 (>= 23.0.2+7-0ppa1), libgtk-3-0,  libxxf86vm1, libgl1
+Build-Depends: debhelper (>=10), coffeelibs-jdk-24 (>= 24.0.1+9-0ppa3), libgtk-3-0,  libxxf86vm1, libgl1
 Standards-Version: 4.5.0
 Homepage: https://cryptomator.org
 Vcs-Git: https://github.com/cryptomator/cryptomator.git
diff --git a/dist/linux/debian/rules b/dist/linux/debian/rules
index a899dba68..f69f4a789 100755
--- a/dist/linux/debian/rules
+++ b/dist/linux/debian/rules
@@ -4,7 +4,7 @@
 # Uncomment this to turn on verbose mode.
 #export DH_VERBOSE=1
 
-JAVA_HOME = /usr/lib/jvm/java-23-coffeelibs
+JAVA_HOME = /usr/lib/jvm/java-24-coffeelibs
 DEB_BUILD_ARCH ?= $(shell dpkg-architecture -qDEB_BUILD_ARCH)
 ifeq ($(DEB_BUILD_ARCH),amd64)
 JMODS_PATH = jmods/amd64:${JAVA_HOME}/jmods
@@ -44,7 +44,8 @@ override_dh_auto_build:
 		--name cryptomator \
 		--vendor "Skymatic GmbH" \
 		--java-options "--enable-preview" \
-		--java-options "--enable-native-access=org.cryptomator.jfuse.linux.amd64,org.cryptomator.jfuse.linux.aarch64,org.purejava.appindicator" \
+		--java-options "--enable-native-access=javafx.graphics,org.cryptomator.jfuse.linux.amd64,org.cryptomator.jfuse.linux.aarch64,org.purejava.appindicator" \
+		--java-options "--sun-misc-unsafe-memory-access=allow" \
 		--copyright "(C) 2016 - 2025 Skymatic GmbH" \
 		--java-options "-Xss5m" \
 		--java-options "-Xmx256m" \
diff --git a/dist/mac/dmg/build.sh b/dist/mac/dmg/build.sh
index e1bc3a125..c018c2d33 100755
--- a/dist/mac/dmg/build.sh
+++ b/dist/mac/dmg/build.sh
@@ -32,15 +32,15 @@ REVISION_NO=`git rev-list --count HEAD`
 VERSION_NO=`mvn -f../../../pom.xml help:evaluate -Dexpression=project.version -q -DforceStdout | sed -rn 's/.*([0-9]+\.[0-9]+\.[0-9]+).*/\1/p'`
 FUSE_LIB="FUSE-T"
 
-JAVAFX_VERSION=23.0.2
+JAVAFX_VERSION=24.0.1
 JAVAFX_ARCH="undefined"
 JAVAFX_JMODS_SHA256="undefined"
 if [ "$(machine)" = "arm64e" ]; then
     JAVAFX_ARCH="aarch64"
-    JAVAFX_JMODS_SHA256="c690cc642a3924cf56622951f478ba57aec9ce09063761f800c3319331bed3fc"
+    JAVAFX_JMODS_SHA256="b5a94a13077507003fa852512bfa33f4fb680bc8076d8002e4227a84c85171d4"
 else
     JAVAFX_ARCH="x64"
-    JAVAFX_JMODS_SHA256="5e6c65c065eea22430c0eab36f37a5985eb8ad99e19e8772262021740d338f68"
+    JAVAFX_JMODS_SHA256="6e62a426d43c168a488521f904a523f3dd6ee2cf103e08136f2fd465c828a105"
 fi
 JAVAFX_JMODS_URL="https://download2.gluonhq.com/openjfx/${JAVAFX_VERSION}/openjfx-${JAVAFX_VERSION}_osx-${JAVAFX_ARCH}_bin-jmods.zip"
 
@@ -75,10 +75,16 @@ mvn -B -Djavafx.platform=mac -f../../../pom.xml clean package -DskipTests -Pmac
 cp ../../../LICENSE.txt ../../../target
 cp ../../../target/${MAIN_JAR_GLOB} ../../../target/mods
 
-# add runtime
+# create runtime
+## check for JEP 493
+JMOD_PATHS="openjfx-jmods"
+if ! ${JAVA_HOME}/bin/jlink --help | grep -q "Linking from run-time image enabled"; then
+    JMOD_PATHS="${JAVA_HOME}/jmods:${JMOD_PATHS}"
+fi
+## create custom runtime
 ${JAVA_HOME}/bin/jlink \
     --output runtime \
-    --module-path "${JAVA_HOME}/jmods:openjfx-jmods" \
+    --module-path "${JMOD_PATHS}" \
     --add-modules java.base,java.desktop,java.instrument,java.logging,java.naming,java.net.http,java.scripting,java.sql,java.xml,javafx.base,javafx.graphics,javafx.controls,javafx.fxml,jdk.unsupported,jdk.security.auth,jdk.accessibility,jdk.management.jfr,java.compiler \
     --strip-native-commands \
     --no-header-files \
@@ -100,7 +106,7 @@ ${JAVA_HOME}/bin/jpackage \
     --copyright "(C) ${COPYRIGHT_YEARS} ${VENDOR}" \
     --app-version "${VERSION_NO}" \
     --java-options "--enable-preview" \
-    --java-options "--enable-native-access=org.cryptomator.jfuse.mac" \
+    --java-options "--enable-native-access=javafx.graphics,org.cryptomator.jfuse.mac" \
     --java-options "-Xss5m" \
     --java-options "-Xmx256m" \
     --java-options "-Dfile.encoding=\"utf-8\"" \
diff --git a/dist/win/build.ps1 b/dist/win/build.ps1
index 9864d6306..a861cf40d 100644
--- a/dist/win/build.ps1
+++ b/dist/win/build.ps1
@@ -18,14 +18,32 @@ $ProgressPreference = 'SilentlyContinue' # disables Invoke-WebRequest's progress
 # check preconditions
 if ((Get-Command "git" -ErrorAction SilentlyContinue) -eq $null)
 {
-   Write-Host "Unable to find git.exe in your PATH (try: choco install git)"
+   Write-Error "Unable to find git.exe in your PATH (try: choco install git)"
    exit 1
 }
 if ((Get-Command "mvn" -ErrorAction SilentlyContinue) -eq $null)
 {
-   Write-Host "Unable to find mvn.cmd in your PATH (try: choco install maven)"
+   Write-Error "Unable to find mvn.cmd in your PATH (try: choco install maven)"
    exit 1
 }
+if ((Get-Command 'wix' -ErrorAction SilentlyContinue) -eq $null)
+{
+   Write-Error 'Unable to find wix in your PATH (try: dotnet tool install --global wix --version 6.0.0)'
+   exit 1
+}
+$wixExtensions = & wix.exe extension list --global | Out-String
+if ($wixExtensions -notmatch 'WixToolset.UI.wixext') {
+    Write-Error 'Wix UI extension missing. Please install it with: wix.exe extension add WixToolset.UI.wixext/6.0.0 --global)'
+    exit 1
+}
+if ($wixExtensions -notmatch 'WixToolset.Util.wixext') {
+    Write-Error 'Wix Util extension missing. Please install it with: wix.exe extension add WixToolset.Util.wixext/6.0.0 --global)'
+    exit 1
+}
+if ($wixExtensions -notmatch 'WixToolset.BootstrapperApplications.wixext') {
+    Write-Error 'Wix Bootstrapper extension missing. Please install it with: wix.exe extension add WixToolset.BootstrapperApplications.wixext/6.0.0 --global)'
+    exit 1
+}
 
 $buildDir = Split-Path -Parent $PSCommandPath
 $version = $(mvn -f $buildDir/../../pom.xml help:evaluate -Dexpression="project.version" -q -DforceStdout)
@@ -50,37 +68,71 @@ if ($clean -and (Test-Path -Path $runtimeImagePath)) {
 	Remove-Item -Path $runtimeImagePath -Force -Recurse
 }
 
-## download jfx jmods
-$javaFxVersion='23.0.2'
-$javaFxJmodsUrl = "https://download2.gluonhq.com/openjfx/${javaFxVersion}/openjfx-${javaFxVersion}_windows-x64_bin-jmods.zip"
-$javaFxJmodsSHA256 = 'ee176dcee3bd78bde7910735bd67f67c792882f5b89626796ae06f7a1c0119d3'
-$javaFxJmods = '.\resources\jfxJmods.zip'
-if( !(Test-Path -Path $javaFxJmods) ) {
-	Write-Output "Downloading ${javaFxJmodsUrl}..."
-	Invoke-WebRequest $javaFxJmodsUrl -OutFile $javaFxJmods # redirects are followed by default
+## download jfx jmods for X64, while they are part of the Arm64 JDK
+$archCode = (Get-CimInstance Win32_Processor).Architecture
+$archName = switch ($archCode) {
+    9  { "x64 (AMD64)" }
+    12 { "ARM64" }
+    default { "WMI Win32_Processor.Architecture code ($archCode)" }
 }
 
-$jmodsChecksumActual = $(Get-FileHash -Path $javaFxJmods -Algorithm SHA256).Hash.ToLower()
-if( $jmodsChecksumActual -ne $javaFxJmodsSHA256 ) {
-	Write-Error "Checksum mismatch for jfxJmods.zip. Expected: $javaFxJmodsSHA256
-, actual: $jmodsChecksumActual"
-	exit 1;
+switch ($archName) {
+    'ARM64' {
+		$javafxBaseJmod = Join-Path $Env:JAVA_HOME "jmods\javafx.base.jmod"
+		if (!(Test-Path $javafxBaseJmod)) {
+			Write-Error "JavaFX module not found in JDK. Please ensure full JDK (including jmods) is installed."
+			exit 1
+		}
+
+        $jmodPaths = "$Env:JAVA_HOME/jmods"
+    }
+    'x64 (AMD64)' {
+		$javaFxVersion='24.0.1'
+		$javaFxJmodsUrl = "https://download2.gluonhq.com/openjfx/${javaFxVersion}/openjfx-${javaFxVersion}_windows-x64_bin-jmods.zip"
+		$javaFxJmodsSHA256 = 'f13d17c7caf88654fc835f1b4e75a9b0f34a888eb8abef381796c0002e63b03f'
+		$javaFxJmods = '.\resources\jfxJmods.zip'
+
+		if( !(Test-Path -Path $javaFxJmods) ) {
+			Write-Output "Downloading ${javaFxJmodsUrl}..."
+			Invoke-WebRequest $javaFxJmodsUrl -OutFile $javaFxJmods # redirects are followed by default
+		}
+
+		$jmodsChecksumActual = $(Get-FileHash -Path $javaFxJmods -Algorithm SHA256).Hash.ToLower()
+		if( $jmodsChecksumActual -ne $javaFxJmodsSHA256 ) {
+			Write-Error "Checksum mismatch for jfxJmods.zip. Expected: $javaFxJmodsSHA256
+		, actual: $jmodsChecksumActual"
+			exit 1;
+		}
+
+		Expand-Archive -Path $javaFxJmods -Force -DestinationPath ".\resources\"
+		Remove-Item -Recurse -Force -Path ".\resources\javafx-jmods" -ErrorAction Ignore
+		Move-Item -Force -Path ".\resources\javafx-jmods-*" -Destination ".\resources\javafx-jmods" -ErrorAction Stop
+
+		$jmodPaths="$buildDir/resources/javafx-jmods";
+    }
+    default {
+        Write-Error "Unsupported architecture: $arch"
+        exit 1
+    }
 }
-Expand-Archive -Path $javaFxJmods -Force -DestinationPath ".\resources\"
-Remove-Item -Recurse -Force -Path ".\resources\javafx-jmods" -ErrorAction Ignore
-Move-Item -Force -Path ".\resources\javafx-jmods-*" -Destination ".\resources\javafx-jmods" -ErrorAction Stop
 
 ## create custom runtime
+### check for JEP 493
+if ((& "$Env:JAVA_HOME\bin\jlink" --help | Select-String -Pattern "Linking from run-time image enabled" -SimpleMatch | Measure-Object).Count -eq 0 ) {
+	$jmodPaths="$Env:JAVA_HOME/jmods;" + $jmodPaths;
+}
+
+### create runtime
 & "$Env:JAVA_HOME\bin\jlink" `
 	--verbose `
 	--output runtime `
-	--module-path "$Env:JAVA_HOME/jmods;$buildDir/resources/javafx-jmods" `
+	--module-path $jmodPaths `
 	--add-modules java.base,java.desktop,java.instrument,java.logging,java.naming,java.net.http,java.scripting,java.sql,java.xml,jdk.unsupported,jdk.accessibility,jdk.management.jfr,jdk.crypto.mscapi,java.compiler,javafx.base,javafx.graphics,javafx.controls,javafx.fxml `
 	--strip-native-commands `
 	--no-header-files `
 	--no-man-pages `
 	--strip-debug `
-	--compress "zip-0" #do not compress to have improved msi compression
+	--compress "zip-0" #do not compress and use msi compression
 
 $appPath = ".\$AppName"
 if ($clean -and (Test-Path -Path $appPath)) {
@@ -100,7 +152,7 @@ if ($clean -and (Test-Path -Path $appPath)) {
 	--vendor $Vendor `
 	--copyright $copyright `
 	--java-options "--enable-preview" `
-	--java-options "--enable-native-access=org.cryptomator.jfuse.win,org.cryptomator.integrations.win" `
+	--java-options "--enable-native-access=javafx.graphics,org.cryptomator.jfuse.win,org.cryptomator.integrations.win" `
 	--java-options "-Xss5m" `
 	--java-options "-Xmx256m" `
 	--java-options "-Dcryptomator.appVersion=`"$semVerNo`"" `
@@ -116,6 +168,7 @@ if ($clean -and (Test-Path -Path $appPath)) {
 	--java-options "-Dcryptomator.loopbackAlias=`"$LoopbackAlias`"" `
 	--java-options "-Dcryptomator.integrationsWin.autoStartShellLinkName=`"$AppName`"" `
 	--java-options "-Dcryptomator.integrationsWin.keychainPaths=`"@{appdata}/$AppName/keychain.json;@{userhome}/AppData/Roaming/$AppName/keychain.json`"" `
+	--java-options "-Dcryptomator.integrationsWin.windowsHelloKeychainPaths=`"@{appdata}/$AppName/windowsHelloKeychain.json`"" `
 	--java-options "-Dcryptomator.showTrayIcon=true" `
 	--java-options "-Dcryptomator.buildNumber=`"msi-$revisionNo`"" `
 	--resource-dir resources `
@@ -166,6 +219,11 @@ $Env:JP_WIXHELPER_DIR = "."
 	--about-url $AboutUrl `
 	--file-associations resources/FAvaultFile.properties
 
+if ($LASTEXITCODE -ne 0) {
+    Write-Error "jpackage MSI failed with exit code $LASTEXITCODE"
+	return 1;
+}
+
 #Create RTF license for bundle
 &mvn -B -f $buildDir/../../pom.xml license:add-third-party "-Djavafx.platform=win" `
  "-Dlicense.thirdPartyFilename=license.rtf" `
@@ -177,9 +235,19 @@ $Env:JP_WIXHELPER_DIR = "."
  "-Dlicense.licenseMergesUrl=file:///$buildDir/../../license/merges"
 
 # download Winfsp
-$winfspMsiUrl= 'https://github.com/winfsp/winfsp/releases/download/v2.0/winfsp-2.0.23075.msi'
+$winfspMsiUrl= 'https://github.com/winfsp/winfsp/releases/download/v2.1/winfsp-2.1.25156.msi'
+$winfspMsiHash = '073A70E00F77423E34BED98B86E600DEF93393BA5822204FAC57A29324DB9F7A'
 Write-Output "Downloading ${winfspMsiUrl}..."
 Invoke-WebRequest $winfspMsiUrl -OutFile ".\bundle\resources\winfsp.msi" # redirects are followed by default
+$computedHash = $(Get-FileHash -Path '.\bundle\resources\winfsp.msi' -Algorithm SHA256).Hash
+if (! $computedHash.Equals($winfspMsiHash)) {
+	Write-Error -Category InvalidData -CategoryActivity "Data integrity check failed" -Message @"
+	Downloaded Winfsp Installer does not match stored SHA256 checksum.
+	Expected: $winfspMsiHash
+	Actual:   $computedHash
+"@
+	exit 1
+}
 
 # download legacy-winfsp uninstaller
 $winfspUninstaller= 'https://github.com/cryptomator/winfsp-uninstaller/releases/latest/download/winfsp-uninstaller.exe'
@@ -187,14 +255,20 @@ Write-Output "Downloading ${winfspUninstaller}..."
 Invoke-WebRequest $winfspUninstaller -OutFile ".\bundle\resources\winfsp-uninstaller.exe" # redirects are followed by default
 
 # copy MSI to bundle resources
-Copy-Item ".\installer\$AppName-*.msi" -Destination ".\bundle\resources\$AppName.msi"
+Copy-Item ".\installer\$AppName-*.msi" -Destination ".\bundle\resources\$AppName.msi" -Force
 
 # create bundle including winfsp
-& "$env:WIX\bin\candle.exe" .\bundle\bundleWithWinfsp.wxs -ext WixBalExtension -ext WixUtilextension -out bundle\ `
-	-dBundleVersion="$semVerNo.$revisionNo" `
-	-dBundleVendor="$Vendor" `
-	-dBundleCopyright="$copyright" `
-	-dAboutUrl="$AboutUrl" `
-	-dHelpUrl="$HelpUrl" `
-	-dUpdateUrl="$UpdateUrl"
-& "$env:WIX\bin\light.exe" -b . .\bundle\BundlewithWinfsp.wixobj -ext WixBalExtension -ext WixUtilextension -out installer\$AppName-Installer.exe
\ No newline at end of file
+& wix build `
+	-define BundleName="$AppName" `
+	-define BundleVersion="$semVerNo.$revisionNo" `
+	-define BundleVendor="$Vendor" `
+	-define BundleCopyright="$copyright" `
+	-define AboutUrl="$AboutUrl" `
+	-define HelpUrl="$HelpUrl" `
+	-define UpdateUrl="$UpdateUrl" `
+	-ext "WixToolset.Util.wixext" `
+	-ext "WixToolset.BootstrapperApplications.wixext" `
+    .\bundle\bundleWithWinfsp.wxs `
+    -out "installer\$AppName-Installer.exe"
+
+Write-Output "Created EXE installer .\installer\$AppName-Installer.exe"
diff --git a/dist/win/bundle/bundleWithWinfsp.wxs b/dist/win/bundle/bundleWithWinfsp.wxs
index 8e009526e..1c9e7da20 100644
--- a/dist/win/bundle/bundleWithWinfsp.wxs
+++ b/dist/win/bundle/bundleWithWinfsp.wxs
@@ -1,66 +1,48 @@
-<?xml version="1.0"?>
-
-<!-- For Built in variables, see https://wixtoolset.org/docs/tools/burn/builtin-variables/-->
-<Wix xmlns="http://schemas.microsoft.com/wix/2006/wi" xmlns:bal="http://schemas.microsoft.com/wix/BalExtension" xmlns:util="http://schemas.microsoft.com/wix/UtilExtension">
-    <!-- see https://wixtoolset.org/documentation/manual/v3/xsd/wix/bundle.html-->
-    <!-- Attributes explicitly not used:
-        Condition - the single msi files have their own install conditions, no need to copy them here
-    -->
-
-    <Bundle Name="Cryptomator" UpgradeCode="29eea626-2e5b-4449-b5f8-4602925ddf7b" Version="$(var.BundleVersion)" Manufacturer="$(var.BundleVendor)"
-     AboutUrl="$(var.AboutUrl)" HelpUrl="$(var.HelpUrl)" UpdateUrl="$(var.UpdateUrl)" Copyright="$(var.BundleCopyright)" IconSourceFile="bundle\resources\Cryptomator.ico">
+<!-- For Built in variables, see https://wixtoolset.org/docs/tools/burn/builtin-variables/-->
+<ns0:Wix xmlns:ns0="http://wixtoolset.org/schemas/v4/wxs" xmlns:bal="http://wixtoolset.org/schemas/v4/wxs/bal" xmlns:util="http://wixtoolset.org/schemas/v4/wxs/util">
+    <ns0:Bundle Name="$(var.BundleName)"
+     UpgradeCode="29eea626-2e5b-4449-b5f8-4602925ddf7b"
+     Version="$(var.BundleVersion)"
+     Manufacturer="$(var.BundleVendor)"
+     AboutUrl="$(var.AboutUrl)"
+     HelpUrl="$(var.HelpUrl)"
+     UpdateUrl="$(var.UpdateUrl)"
+     Copyright="$(var.BundleCopyright)"
+     IconSourceFile="bundle\resources\Cryptomator.ico">
 
         <!-- detect outdated WinFsp installations -->
-        <util:ProductSearch
-            Variable="InstalledLegacyWinFspVersion"
-            Result="version"
-            UpgradeCode="82F812D9-4083-4EF1-8BC8-0F1EDA05B46B"/>
+        <util:ProductSearch Variable="InstalledLegacyWinFspVersion" Result="version" UpgradeCode="82F812D9-4083-4EF1-8BC8-0F1EDA05B46B" />
 
-        <!-- for definition of the standard themes, see https://github.com/wixtoolset/wix3/blob/master/src/ext/BalExtension/wixstdba/Resources/-->
-        <BootstrapperApplicationRef Id="WixStandardBootstrapperApplication.RtfLargeLicense">
-            <!-- see https://wixtoolset.org/documentation/manual/v3/xsd/bal/wixstandardbootstrapperapplication.html -->
-            <!-- Possible Attributes: LaunchTarget -->
-            <bal:WixStandardBootstrapperApplication
-                LicenseFile="bundle\resources\license.rtf"
-                ShowVersion="yes"
-                SuppressOptionsUI="yes"
-                ThemeFile="bundle\customBootstrapperTheme.xml"
-                LocalizationFile="bundle\customBootstrapperTheme.wxl"
-                LogoFile="bundle\resources\logo.png"/>
-            <Payload SourceFile="bundle\resources\logoSide.png" />
-        </BootstrapperApplicationRef>
+        <ns0:BootstrapperApplication>
+            <bal:WixStandardBootstrapperApplication LicenseFile="bundle\resources\license.rtf" ShowVersion="yes"
+              SuppressOptionsUI="yes"
+              Theme="rtfLargeLicense"
+              ThemeFile="bundle\resources\customBootstrapperTheme.xml"
+              LocalizationFile="bundle\resources\customBootstrapperTheme.wxl"
+              LogoSideFile="bundle\resources\logoSide.png"
+              LogoFile="bundle\resources\logo.png"
+              LaunchTarget="[ProgramFiles64Folder]\$(var.BundleName)\$(var.BundleName).exe" />
+            <ns0:Payload SourceFile="bundle\resources\logoSide.png"/>
+            <!-- Required due to https://github.com/wixtoolset/issues/issues/8104 -->
+            <ns0:Payload Name="Cryptobot.ico" SourceFile="bundle\resources\Cryptomator.ico"/>
+        </ns0:BootstrapperApplication>
 
-        <Chain>
-            <ExePackage Cache="yes" PerMachine="yes" Permanent="no"
-              SourceFile="resources\winfsp-uninstaller.exe"
-              DisplayName="Removing outdated WinFsp Driver"
-              Description="Executable to remove old winfsp"
-              DetectCondition="false"
-              InstallCondition="(InstalledLegacyWinFspVersion &lt;&gt; v0.0.0.0) AND ((WixBundleAction = 7) OR (WixBundleAction = 5))">
-                <CommandLine Condition="WixBundleUILevel &lt;= 3" InstallArgument="-q -l &quot;[WixBundleLog].winfsp-uninstaller.log&quot;" RepairArgument="-q" UninstallArgument="-s" />
+        <ns0:Chain>
+            <ns0:ExePackage Cache="keep" PerMachine="yes" Permanent="no" SourceFile="bundle\resources\winfsp-uninstaller.exe" DisplayName="Removing outdated WinFsp Driver" Description="Executable to remove old winfsp" DetectCondition="false" InstallCondition="(InstalledLegacyWinFspVersion &lt;&gt; v0.0.0.0) AND ((WixBundleAction = 7) OR (WixBundleAction = 5))" UninstallArguments="">
+                <ns0:CommandLine Condition="WixBundleUILevel &lt;= 3" InstallArgument="-q -l &quot;[WixBundleLog].winfsp-uninstaller.log&quot;" RepairArgument="-q" UninstallArgument="-s" />
                 <!-- XML allows line breaks in attributes, hence keep the line breaks here -->
-                <CommandLine Condition="WixBundleUILevel &gt; 3" InstallArgument="-l &quot;[WixBundleLog].winfsp-uninstaller.log&quot; -t &quot;Cryptomator Installer&quot; -m &quot;Cryptomator requires a newer version of the WinFsp driver. The installer will now uninstall WinFsp, possibly reboot, and afterwards proceed with the installation.
+                <ns0:CommandLine Condition="WixBundleUILevel &gt; 3" InstallArgument="-l &quot;[WixBundleLog].winfsp-uninstaller.log&quot; -t &quot;Cryptomator Installer&quot; -m &quot;Cryptomator requires a newer version of the WinFsp driver. The installer will now uninstall WinFsp, possibly reboot, and afterwards proceed with the installation.
 
 Do you want to continue?&quot;" RepairArgument="-q" UninstallArgument="-s" />
-                <ExitCode Behavior="success" Value="0"/>
-                <ExitCode Behavior="success" Value="1"/>
-                <ExitCode Behavior="error" Value="2"/>
-                <ExitCode Behavior="error" Value="3"/>
-                <ExitCode Behavior="forceReboot" Value="4"/>
-                <ExitCode Behavior="success" Value="5"/>
-            </ExePackage>
-            <!-- see https://wixtoolset.org/documentation/manual/v3/xsd/wix/msipackage.html-->
-            <MsiPackage
-                SourceFile="resources\Cryptomator.msi"
-                CacheId="cryptomator-bundle-cryptomator"
-                DisplayInternalUI="no"
-                Visible="no"/>
-            <MsiPackage
-                SourceFile="resources\winfsp.msi"
-                CacheId="cryptomator-bundle-winfsp"
-                Visible="yes"
-                DisplayInternalUI="no"
-                Permanent="yes"/>
-        </Chain>
-    </Bundle>
-</Wix>
+                <ns0:ExitCode Behavior="success" Value="0" />
+                <ns0:ExitCode Behavior="success" Value="1" />
+                <ns0:ExitCode Behavior="error" Value="2" />
+                <ns0:ExitCode Behavior="error" Value="3" />
+                <ns0:ExitCode Behavior="forceReboot" Value="4" />
+                <ns0:ExitCode Behavior="success" Value="5" />
+            </ns0:ExePackage>
+            <ns0:MsiPackage SourceFile="bundle\resources\Cryptomator.msi" CacheId="cryptomator-bundle-cryptomator" Visible="no" />
+            <ns0:MsiPackage SourceFile="bundle\resources\winfsp.msi" CacheId="cryptomator-bundle-winfsp" Visible="yes" Permanent="yes" />
+        </ns0:Chain>
+    </ns0:Bundle>
+</ns0:Wix>
\ No newline at end of file
diff --git a/dist/win/bundle/customBootstrapperTheme.wxl b/dist/win/bundle/customBootstrapperTheme.wxl
deleted file mode 100644
index cc464ce9c..000000000
--- a/dist/win/bundle/customBootstrapperTheme.wxl
+++ /dev/null
@@ -1,64 +0,0 @@
-<?xml version="1.0" encoding="utf-8"?>
-<!-- Copyright (c) .NET Foundation and contributors. All rights reserved. Licensed under the Microsoft Reciprocal License. See LICENSE.TXT file in the project root for full license information. -->
-
-
-<WixLocalization Culture="en-us" Language="1033" xmlns="http://schemas.microsoft.com/wix/2006/localization">
-  <String Id="Caption">[WixBundleName] Setup</String>
-  <String Id="Title">[WixBundleName]</String>
-  <String Id="InstallHeader">Welcome</String>
-  <String Id="InstallMessage">This Setup will install [WixBundleName] and additional dependencies on your computer.</String>
-  <String Id="InstallVersion">Version [WixBundleVersion]</String>
-  <String Id="ConfirmCancelMessage">Are you sure you want to cancel?</String>
-  <String Id="ExecuteUpgradeRelatedBundleMessage">Previous version</String>
-  <String Id="HelpHeader">Setup Help</String>
-  <String Id="HelpText">/install | /repair | /uninstall | /layout [directory] - installs, repairs, uninstalls or
-   creates a complete local copy of the bundle in directory. Install is the default.
-
-/passive | /quiet -  displays minimal UI with no prompts or displays no UI and
-   no prompts. By default UI and all prompts are displayed.
-
-/norestart   - suppress any attempts to restart. By default UI will prompt before restart.
-/log log.txt - logs to a specific file. By default a log file is created in %TEMP%.</String>
-  <String Id="HelpCloseButton">&amp;Close</String>
-  <String Id="InstallLicenseLinkText">[WixBundleName] &lt;a href="#"&gt;license terms&lt;/a&gt;.</String>
-  <String Id="InstallAcceptCheckbox">I &amp;agree to the license terms and conditions</String>
-  <String Id="InstallOptionsButton">&amp;Options</String>
-  <String Id="InstallInstallButton">&amp;Install</String>
-  <String Id="InstallCloseButton">&amp;Close</String>
-  <String Id="OptionsHeader">Setup Options</String>
-  <String Id="OptionsLocationLabel">Install location:</String>
-  <String Id="OptionsBrowseButton">&amp;Browse</String>
-  <String Id="OptionsOkButton">&amp;OK</String>
-  <String Id="OptionsCancelButton">&amp;Cancel</String>
-  <String Id="ProgressHeader">Setup Progress</String>
-  <String Id="ProgressLabel">Processing:</String>
-  <String Id="OverallProgressPackageText">Initializing...</String>
-  <String Id="ProgressCancelButton">&amp;Cancel</String>
-  <String Id="ModifyHeader">Modify Setup</String>
-  <String Id="ModifyRepairButton">&amp;Repair</String>
-  <String Id="ModifyUninstallButton">&amp;Uninstall</String>
-  <String Id="ModifyCloseButton">&amp;Close</String>
-  <String Id="SuccessRepairHeader">Repair Successfully Completed</String>
-  <String Id="SuccessUninstallHeader">Uninstall Successfully Completed</String>
-  <String Id="SuccessInstallHeader">Installation Successfully Completed</String> 
-  <String Id="SuccessHeader">Setup Successful</String>	
-  <String Id="SuccessLaunchButton">&amp;Launch</String>
-  <String Id="SuccessRestartText">You must restart your computer before you can use the software.</String>
-  <String Id="SuccessRestartButton">&amp;Restart</String>
-  <String Id="SuccessCloseButton">&amp;Close</String>
-  <String Id="FailureHeader">Setup Failed</String>
-  <String Id="FailureInstallHeader">Setup Failed</String>
-  <String Id="FailureUninstallHeader">Uninstall Failed</String>
-  <String Id="FailureRepairHeader">Repair Failed</String> 
-  <String Id="FailureHyperlinkLogText">One or more issues caused the setup to fail. Please fix the issues and then retry setup. For more information see the &lt;a href="#"&gt;log file&lt;/a&gt;.</String>
-  <String Id="FailureRestartText">You must restart your computer to complete the rollback of the software.</String>
-  <String Id="FailureRestartButton">&amp;Restart</String>
-  <String Id="FailureCloseButton">&amp;Close</String>
-  <String Id="FilesInUseHeader">Files In Use</String>
-  <String Id="FilesInUseLabel">The following applications are using files that need to be updated:</String>
-  <String Id="FilesInUseCloseRadioButton">Close the &amp;applications and attempt to restart them.</String>
-  <String Id="FilesInUseDontCloseRadioButton">&amp;Do not close applications. A reboot will be required.</String>
-  <String Id="FilesInUseOkButton">&amp;OK</String>
-  <String Id="FilesInUseCancelButton">&amp;Cancel</String>
-  <String Id="ErrorFailNoActionReboot">No action was taken as a system reboot is required.</String>
-</WixLocalization>
diff --git a/dist/win/bundle/customBootstrapperTheme.xml b/dist/win/bundle/customBootstrapperTheme.xml
deleted file mode 100644
index ef986bd27..000000000
--- a/dist/win/bundle/customBootstrapperTheme.xml
+++ /dev/null
@@ -1,91 +0,0 @@
-<?xml version="1.0" encoding="utf-8"?>
-<!-- Copyright (c) .NET Foundation and contributors. All rights reserved. Licensed under the Microsoft Reciprocal License. See LICENSE.TXT file in the project root for full license information. -->
-<!-- adjusted theme based on https://github.com/wixtoolset/wix3/blob/master/src/ext/BalExtension/wixstdba/Resources/HyperlinkSidebarTheme.xml -->
-
-
-<Theme xmlns="http://wixtoolset.org/schemas/thmutil/2010">
-    <Window Width="600" Height="450" HexStyle="100a0000" FontId="0">#(loc.Caption)</Window>
-    <Font Id="0" Height="-12" Weight="500" Foreground="000000" Background="FFFFFF">Segoe UI</Font>
-    <Font Id="1" Height="-24" Weight="500" Foreground="000000">Segoe UI</Font>
-    <Font Id="2" Height="-22" Weight="500" Foreground="666666">Segoe UI</Font>
-    <Font Id="3" Height="-12" Weight="500" Foreground="000000" Background="FFFFFF">Segoe UI</Font>
-    <Font Id="4" Height="-12" Weight="500" Foreground="ff0000" Background="FFFFFF" Underline="yes">Segoe UI</Font>
-    <Font Id="5" Height="-12" Weight="700" Foreground="000000" Background="FFFFFF">Segoe UI</Font>
-
-    <Image X="11" Y="11" Width="64" Height="64" ImageFile="logo.png" />
-    <Text X="80" Y="11" Width="-11" Height="64" FontId="1" DisablePrefix="yes">#(loc.Title)</Text>
-
-    <Page Name="Help">
-        <Image X="11" Y="11" Width="64" Height="64" ImageFile="logo.png" />
-        <Text X="80" Y="11" Width="-11" Height="64" FontId="1" DisablePrefix="yes">#(loc.Title)</Text>
-        <Text X="11" Y="80" Width="-11" Height="30" FontId="2" DisablePrefix="yes">#(loc.HelpHeader)</Text>
-        <Text X="11" Y="112" Width="-11" Height="-35" FontId="3" DisablePrefix="yes">#(loc.HelpText)</Text>
-        <Button Name="HelpCancelButton" X="-11" Y="-11" Width="75" Height="23" TabStop="yes" FontId="0">#(loc.HelpCloseButton)</Button>
-    </Page>
-    <Page Name="Install">
-        <Text X="185" Y="11" Width="-11" Height="32" FontId="1" DisablePrefix="yes">#(loc.Title)</Text>
-        <Image X="11" Y="11" Width="165" Height="400" ImageFile="logoside.png"/>
-        <Text X="185" Y="50" Width="-11" Height="32" FontId="2" DisablePrefix="yes">#(loc.InstallHeader)</Text>
-        <Text X="185" Y="91" Width="-11" Height="64" FontId="3" DisablePrefix="yes">#(loc.InstallMessage)</Text>
-        <Richedit Name="EulaRichedit" X="185" Y="131" Width="-12" Height="-65" HexStyle="0x00800000" TabStop="yes" FontId="0" />
-        <Checkbox Name="EulaAcceptCheckbox" X="185" Y="-46" Width="-11" Height="17" TabStop="yes" FontId="3" HideWhenDisabled="yes">#(loc.InstallAcceptCheckbox)</Checkbox>
-        <Text Name="InstallVersion" X="185" Y="-11" Width="-11" Height="17" FontId="3" DisablePrefix="yes" HideWhenDisabled="yes">#(loc.InstallVersion)</Text>
-        <Button Name="InstallButton" X="-91" Y="-11" Width="75" Height="23" TabStop="yes" FontId="0">#(loc.InstallInstallButton)</Button>
-        <Button Name="WelcomeCancelButton" X="-11" Y="-11" Width="75" Height="23" TabStop="yes" FontId="0">#(loc.InstallCloseButton)</Button>
-    </Page>
-    <Page Name="FilesInUse">
-        <Image X="11" Y="11" Width="64" Height="64" ImageFile="logo.png" />
-        <Text X="80" Y="11" Width="-11" Height="64" FontId="1" DisablePrefix="yes">#(loc.Title)</Text>
-        <Text X="11" Y="80" Width="-11" Height="30" FontId="2" DisablePrefix="yes">#(loc.FilesInUseHeader)</Text>
-        <Text X="11" Y="121" Width="-11" Height="34" FontId="3" DisablePrefix="yes">#(loc.FilesInUseLabel)</Text>
-        <Text Name="FilesInUseText" X="11" Y="150" Width="-11" Height="-86" FontId="3" DisablePrefix="yes" HexStyle="0x0000000C">A</Text>
-
-        <Button Name="FilesInUseCloseRadioButton" X="11" Y="-60" Width="-11" Height="23" TabStop="yes" FontId="0" HideWhenDisabled="yes" HexStyle="0x000009">#(loc.FilesInUseCloseRadioButton)</Button>
-        <Button Name="FilesInUseDontCloseRadioButton" X="11" Y="-40" Width="-11" Height="23" TabStop="yes" FontId="0" HideWhenDisabled="yes" HexStyle="0x000009">#(loc.FilesInUseDontCloseRadioButton)</Button>
-
-        <Button Name="FilesInUseOkButton" X="-91" Y="-11" Width="75" Height="23" TabStop="yes" FontId="0" HideWhenDisabled="yes">#(loc.FilesInUseOkButton)</Button>
-        <Button Name="FilesInUseCancelButton" X="-11" Y="-11" Width="75" Height="23" TabStop="yes" FontId="0">#(loc.FilesInUseCancelButton)</Button>
-    </Page>
-    <Page Name="Progress">
-        <Text X="80" Y="11" Width="-11" Height="32" FontId="1" DisablePrefix="yes">#(loc.Title)</Text>
-        <Image X="11" Y="11" Width="64" Height="64" ImageFile="logo.png"/>
-        <Text X="11" Y="80" Width="-11" Height="30" FontId="2" DisablePrefix="yes">#(loc.ProgressHeader)</Text>
-        <Text X="11" Y="141" Width="70" Height="17" FontId="3" DisablePrefix="yes">#(loc.ProgressLabel)</Text>
-        <Text Name="OverallProgressPackageText" X="85" Y="141" Width="-11" Height="17" FontId="3" DisablePrefix="yes">#(loc.OverallProgressPackageText)</Text>
-        <Progressbar Name="OverallCalculatedProgressbar" X="11" Y="163" Width="-11" Height="20" />
-        <Button Name="ProgressCancelButton" X="-11" Y="-11" Width="75" Height="23" TabStop="yes" FontId="0">#(loc.ProgressCancelButton)</Button>
-    </Page>
-    <Page Name="Modify">
-        <Image X="11" Y="11" Width="64" Height="64" ImageFile="logo.png" />
-        <Text X="80" Y="11" Width="-11" Height="64" FontId="1" DisablePrefix="yes">#(loc.Title)</Text>
-        <Text X="11" Y="80" Width="-11" Height="30" FontId="2" DisablePrefix="yes">#(loc.ModifyHeader)</Text>
-        <Button Name="RepairButton" X="-171" Y="-11" Width="75" Height="23" TabStop="yes" FontId="0" HideWhenDisabled="yes">#(loc.ModifyRepairButton)</Button>
-        <Button Name="UninstallButton" X="-91" Y="-11" Width="75" Height="23" TabStop="yes" FontId="0">#(loc.ModifyUninstallButton)</Button>
-        <Button Name="ModifyCancelButton" X="-11" Y="-11" Width="75" Height="23" TabStop="yes" FontId="0">#(loc.ModifyCloseButton)</Button>
-    </Page>
-    <Page Name="Success">
-        <Text X="185" Y="11" Width="-11" Height="32" FontId="1" DisablePrefix="yes">#(loc.Title)</Text>
-        <Image X="11" Y="11" Width="165" Height="400" ImageFile="logoside.png"/>
-        <Text Name="SuccessHeader" X="185" Y="50" Width="-11" Height="30" FontId="2" HideWhenDisabled="yes" DisablePrefix="yes">#(loc.SuccessHeader)</Text>
-        <Text Name="SuccessInstallHeader" X="185" Y="50" Width="-11" Height="100" FontId="2" HideWhenDisabled="yes" DisablePrefix="yes">#(loc.SuccessInstallHeader)</Text>
-        <Text Name="SuccessRepairHeader" X="185" Y="50" Width="-11" Height="100" FontId="2" HideWhenDisabled="yes" DisablePrefix="yes">#(loc.SuccessRepairHeader)</Text>
-        <Text Name="SuccessUninstallHeader" X="185" Y="50" Width="-11" Height="30" FontId="2" HideWhenDisabled="yes" DisablePrefix="yes">#(loc.SuccessUninstallHeader)</Text>
-        <Button Name="LaunchButton" X="-91" Y="-11" Width="75" Height="23" TabStop="yes" FontId="0" HideWhenDisabled="yes">#(loc.SuccessLaunchButton)</Button>
-        <Text Name="SuccessRestartText" X="185" Y="-51" Width="400" Height="34" FontId="3" HideWhenDisabled="yes" DisablePrefix="yes">#(loc.SuccessRestartText)</Text>
-        <Button Name="SuccessRestartButton" X="-91" Y="-11" Width="75" Height="23" TabStop="yes" FontId="0" HideWhenDisabled="yes">#(loc.SuccessRestartButton)</Button>
-        <Button Name="SuccessCancelButton" X="-11" Y="-11" Width="75" Height="23" TabStop="yes" FontId="0">#(loc.SuccessCloseButton)</Button>
-    </Page>
-    <Page Name="Failure">
-        <Text X="185" Y="11" Width="-11" Height="32" FontId="1" DisablePrefix="yes">#(loc.Title)</Text>
-        <Image X="11" Y="11" Width="165" Height="400" ImageFile="logoside.png"/>
-        <Text Name="FailureHeader" X="185" Y="50" Width="-11" Height="30" FontId="2" HideWhenDisabled="yes" DisablePrefix="yes">#(loc.FailureHeader)</Text>
-        <Text Name="FailureInstallHeader" X="185" Y="50" Width="-11" Height="30" FontId="2" HideWhenDisabled="yes" DisablePrefix="yes">#(loc.FailureInstallHeader)</Text>
-        <Text Name="FailureUninstallHeader" X="185" Y="50" Width="-11" Height="30" FontId="2" HideWhenDisabled="yes" DisablePrefix="yes">#(loc.FailureUninstallHeader)</Text>
-        <Text Name="FailureRepairHeader" X="185" Y="50" Width="-11" Height="30" FontId="2" HideWhenDisabled="yes" DisablePrefix="yes">#(loc.FailureRepairHeader)</Text>
-        <Hypertext Name="FailureLogFileLink" X="185" Y="121" Width="-11" Height="68" FontId="3" TabStop="yes" HideWhenDisabled="yes">#(loc.FailureHyperlinkLogText)</Hypertext>
-        <Hypertext Name="FailureMessageText" X="185" Y="-80" Width="-11" Height="140" FontId="5" TabStop="yes" HideWhenDisabled="yes" />
-        <Text Name="FailureRestartText" X="185" Y="-57" Width="-11" Height="80" FontId="3" HideWhenDisabled="yes" DisablePrefix="yes">#(loc.FailureRestartText)</Text>
-        <Button Name="FailureRestartButton" X="-91" Y="-11" Width="75" Height="23" TabStop="yes" FontId="0" HideWhenDisabled="yes">#(loc.FailureRestartButton)</Button>
-        <Button Name="FailureCloseButton" X="-11" Y="-11" Width="75" Height="23" TabStop="yes" FontId="0">#(loc.FailureCloseButton)</Button>
-    </Page>
-</Theme>
diff --git a/dist/win/bundle/resources/customBootstrapperTheme.wxl b/dist/win/bundle/resources/customBootstrapperTheme.wxl
new file mode 100644
index 000000000..f292f6833
--- /dev/null
+++ b/dist/win/bundle/resources/customBootstrapperTheme.wxl
@@ -0,0 +1,68 @@
+<!-- Copyright (c) .NET Foundation and contributors. All rights reserved. Licensed under the Microsoft Reciprocal License. See LICENSE.TXT file in the project root for full license information. -->
+
+
+<WixLocalization Culture="en-us" Language="1033" xmlns="http://wixtoolset.org/schemas/v4/wxl">
+  <String Id="Caption" Value="[WixBundleName] Setup" />
+  <String Id="Title" Value="[WixBundleName]" />
+  <String Id="InstallHeader" Value="Welcome" />
+  <String Id="InstallMessage" Value="Setup will install [WixBundleName] on your computer." />
+  <String Id="InstallVersion" Value="Version [WixBundleVersion]" />
+  <String Id="CheckingForUpdatesLabel" Value="Checking for updates" />
+  <String Id="UpdateButton" Value="&amp;Update to version [WixStdBAUpdateAvailable]" />
+  <String Id="InstallVersion" Value="Version [WixBundleVersion]" />
+  <String Id="ConfirmCancelMessage" Value="Are you sure you want to cancel?" />
+  <String Id="ExecuteUpgradeRelatedBundleMessage" Value="Previous version" />
+  <String Id="HelpHeader" Value="Setup Help" />
+  <String Id="HelpText" Value="/install | /repair | /uninstall | /layout [directory] - installs, repairs, uninstalls or&#xA;   creates a complete local copy of the bundle in directory. Install is the default.&#xA;&#xA;/passive | /quiet -  displays minimal UI with no prompts or displays no UI and&#xA;   no prompts. By default UI and all prompts are displayed.&#xA;&#xA;/norestart   - suppress any attempts to restart. By default UI will prompt before restart.&#xA;/log log.txt - logs to a specific file. By default a log file is created in %TEMP%." />
+  <String Id="HelpCloseButton" Value="&amp;Close" />
+  <String Id="InstallAcceptCheckbox" Value="I &amp;agree to the license terms and conditions" />
+  <String Id="InstallOptionsButton" Value="&amp;Options" />
+  <String Id="InstallInstallButton" Value="&amp;Install" />
+  <String Id="InstallCancelButton" Value="&amp;Cancel" />
+  <String Id="OptionsHeader" Value="Setup Options" />
+  <String Id="OptionsLocationLabel" Value="Install location:" />
+  <String Id="OptionsBrowseButton" Value="&amp;Browse" />
+  <String Id="OptionsOkButton" Value="&amp;OK" />
+  <String Id="OptionsCancelButton" Value="&amp;Cancel" />
+  <String Id="ProgressHeader" Value="Setup Progress" />
+  <String Id="ProgressLabel" Value="Processing:" />
+  <String Id="OverallProgressPackageText" Value="Initializing..." />
+  <String Id="ProgressCancelButton" Value="&amp;Cancel" />
+  <String Id="ModifyHeader" Value="Modify Setup" />
+  <String Id="ModifyRepairButton" Value="&amp;Repair" />
+  <String Id="ModifyUninstallButton" Value="&amp;Uninstall" />
+  <String Id="ModifyCancelButton" Value="&amp;Cancel" />
+  <String Id="SuccessHeader" Value="Setup Successful" />
+  <String Id="SuccessCacheHeader" Value="Cache Successfully Completed" />
+  <String Id="SuccessInstallHeader" Value="Installation Successfully Completed" />
+  <String Id="SuccessLayoutHeader" Value="Layout Successfully Completed" />
+  <String Id="SuccessModifyHeader" Value="Modify Successfully Completed" />
+  <String Id="SuccessRepairHeader" Value="Repair Successfully Completed" />
+  <String Id="SuccessUninstallHeader" Value="Uninstall Successfully Completed" />
+  <String Id="SuccessUnsafeUninstallHeader" Value="Uninstall Successfully Completed" />
+  <String Id="SuccessLaunchButton" Value="&amp;Launch" />
+  <String Id="SuccessRestartText" Value="You must restart your computer before you can use the software." />
+  <String Id="SuccessUninstallRestartText" Value="You must restart your computer to complete the removal of the software." />
+  <String Id="SuccessRestartButton" Value="&amp;Restart" />
+  <String Id="SuccessCloseButton" Value="&amp;Close" />
+  <String Id="FailureHeader" Value="Setup Failed" />
+  <String Id="FailureCacheHeader" Value="Cache Failed" />
+  <String Id="FailureInstallHeader" Value="Setup Failed" />
+  <String Id="FailureLayoutHeader" Value="Layout Failed" />
+  <String Id="FailureModifyHeader" Value="Modify Failed" />
+  <String Id="FailureRepairHeader" Value="Repair Failed" />
+  <String Id="FailureUninstallHeader" Value="Uninstall Failed" />
+  <String Id="FailureUnsafeUninstallHeader" Value="Uninstall Failed" />
+  <String Id="FailureHyperlinkLogText" Value="One or more issues caused the setup to fail. Please fix the issues and then retry setup. For more information see the &lt;a href=&quot;#&quot;&gt;log file&lt;/a&gt;." />
+  <String Id="FailureRestartText" Value="You must restart your computer to complete the rollback of the software." />
+  <String Id="FailureRestartButton" Value="&amp;Restart" />
+  <String Id="FailureCloseButton" Value="&amp;Close" />
+  <String Id="FilesInUseTitle" Value="Files In Use" />
+  <String Id="FilesInUseLabel" Value="The following applications are using files that need to be updated:" />
+  <String Id="FilesInUseNetfxCloseRadioButton" Value="Close the &amp;applications." />
+  <String Id="FilesInUseCloseRadioButton" Value="Close the &amp;applications and attempt to restart them." />
+  <String Id="FilesInUseDontCloseRadioButton" Value="&amp;Do not close applications. A reboot will be required." />
+  <String Id="FilesInUseRetryButton" Value="&amp;Retry" />
+  <String Id="FilesInUseIgnoreButton" Value="&amp;Ignore" />
+  <String Id="FilesInUseExitButton" Value="E&amp;xit" />
+</WixLocalization>
diff --git a/dist/win/bundle/resources/customBootstrapperTheme.xml b/dist/win/bundle/resources/customBootstrapperTheme.xml
new file mode 100644
index 000000000..0bf669420
--- /dev/null
+++ b/dist/win/bundle/resources/customBootstrapperTheme.xml
@@ -0,0 +1,133 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!-- Copyright (c) .NET Foundation and contributors. All rights reserved. Licensed under the Microsoft Reciprocal License. See LICENSE.TXT file in the project root for full license information. -->
+
+
+<Theme xmlns="http://wixtoolset.org/schemas/v4/thmutil">
+    <Font Id="0" Height="-12" Weight="500" Foreground="windowtext" Background="window">Segoe UI</Font>
+    <Font Id="1" Height="-24" Weight="500" Foreground="windowtext">Segoe UI</Font>
+    <Font Id="2" Height="-22" Weight="500" Foreground="graytext">Segoe UI</Font>
+    <Font Id="3" Height="-12" Weight="500" Foreground="windowtext" Background="window">Segoe UI</Font>
+
+    <Window Width="600" Height="450" HexStyle="100a0000" FontId="0" Caption="#(loc.Caption)" IconFile="Cryptobot.ico">
+        <Page Name="Help">
+            <Label X="80" Y="11" Width="-11" Height="32" FontId="1" DisablePrefix="yes">#(loc.Title)</Label>
+            <ImageControl X="11" Y="11" Width="64" Height="64" ImageFile="logo.png"/>
+            <Label X="11" Y="80" Width="-11" Height="32" FontId="2" DisablePrefix="yes">#(loc.HelpHeader)</Label>
+            <Label X="11" Y="121" Width="-11" Height="-35" FontId="3" DisablePrefix="yes">#(loc.HelpText)</Label>
+            <Button Name="HelpCloseButton" X="-11" Y="-11" Width="75" Height="23" TabStop="yes" FontId="0">
+                <Text>#(loc.HelpCloseButton)</Text>
+                <CloseWindowAction />
+            </Button>
+        </Page>
+        <Page Name="Loading">
+            <Label X="185" Y="50" Width="-11" Height="30" FontId="2" DisablePrefix="yes" Visible="no" Name="CheckingForUpdatesLabel" />
+        </Page>
+        <Page Name="Install">
+            <ImageControl X="11" Y="11" Width="165" Height="400" ImageFile="logoside.png"/>
+            <Label X="185" Y="11" Width="-11" Height="32" FontId="2" DisablePrefix="yes">#(loc.InstallHeader)</Label>
+            <Label X="185" Y="50" Width="-11" Height="64" FontId="3" DisablePrefix="yes">
+                <Text Condition="WixStdBASuppressOptionsUI">#(loc.InstallMessage)</Text>
+                <Text Condition="NOT WixStdBASuppressOptionsUI">#(loc.InstallMessageOptions)</Text>
+            </Label>
+            <Richedit Name="EulaRichedit" X="185" Y="91" Width="-12" Height="-64" HexStyle="0x00800000" TabStop="yes" FontId="0" />
+            <Checkbox Name="EulaAcceptCheckbox" X="185" Y="-39" Width="-11" Height="17" TabStop="yes" FontId="3" HideWhenDisabled="yes">#(loc.InstallAcceptCheckbox)</Checkbox>
+            <Label Name="InstallVersion" X="11" Y="-11" Width="165" Height="17" FontId="3" DisablePrefix="yes" VisibleCondition="WixStdBAShowVersion">#(loc.InstallVersion)</Label>
+            <Button Name="InstallUpdateButton" X="11" Y="-11" Width="200" Height="23" TabStop="yes" FontId="0" EnableCondition="WixStdBAUpdateAvailable" HideWhenDisabled="yes">#(loc.UpdateButton)</Button>
+            <Button Name="OptionsButton" X="-171" Y="-11" Width="75" Height="23" TabStop="yes" FontId="0" VisibleCondition="NOT WixStdBASuppressOptionsUI">
+                <Text>#(loc.InstallOptionsButton)</Text>
+                <ChangePageAction Page="Options" />
+            </Button>
+            <Button Name="InstallButton" X="-91" Y="-11" Width="75" Height="23" TabStop="yes" FontId="0">#(loc.InstallInstallButton)</Button>
+            <Button Name="InstallCancelButton" X="-11" Y="-11" Width="75" Height="23" TabStop="yes" FontId="0">
+                <Text>#(loc.InstallCancelButton)</Text>
+                <CloseWindowAction />
+            </Button>
+        </Page>
+        <Page Name="Options">
+            <Label X="80" Y="11" Width="-11" Height="32" FontId="1" DisablePrefix="yes">#(loc.Title)</Label>
+            <ImageControl X="11" Y="11" Width="64" Height="64" ImageFile="logo.png"/>
+            <Label X="11" Y="80" Width="-11" Height="30" FontId="2" DisablePrefix="yes">#(loc.OptionsHeader)</Label>
+            <Label X="11" Y="121" Width="-11" Height="17" FontId="3">#(loc.OptionsLocationLabel)</Label>
+            <Editbox Name="InstallFolder" X="11" Y="143" Width="-91" Height="21" TabStop="yes" FontId="3" FileSystemAutoComplete="yes" />
+            <Button Name="BrowseButton" X="-11" Y="142" Width="75" Height="23" TabStop="yes" FontId="3">
+                <Text>#(loc.OptionsBrowseButton)</Text>
+                <BrowseDirectoryAction VariableName="InstallFolder" />
+            </Button>
+            <Button Name="OptionsOkButton" X="-91" Y="-11" Width="75" Height="23" TabStop="yes" FontId="0">
+                <Text>#(loc.OptionsOkButton)</Text>
+                <ChangePageAction Page="Install" />
+            </Button>
+            <Button Name="OptionsCancelButton" X="-11" Y="-11" Width="75" Height="23" TabStop="yes" FontId="0">
+                <Text>#(loc.OptionsCancelButton)</Text>
+                <ChangePageAction Page="Install" Cancel="yes" />
+            </Button>
+        </Page>
+        <Page Name="Progress">
+            <Label X="80" Y="11" Width="-11" Height="32" FontId="1" DisablePrefix="yes">#(loc.Title)</Label>
+            <ImageControl X="11" Y="11" Width="64" Height="64" ImageFile="logo.png"/>
+            <Label X="11" Y="80" Width="-11" Height="30" FontId="2" DisablePrefix="yes">#(loc.ProgressHeader)</Label>
+            <Label X="11" Y="141" Width="70" Height="17" FontId="3" DisablePrefix="yes">#(loc.ProgressLabel)</Label>
+            <Label Name="OverallProgressPackageText" X="85" Y="141" Width="-11" Height="17" FontId="3" DisablePrefix="yes">#(loc.OverallProgressPackageText)</Label>
+            <Progressbar Name="OverallCalculatedProgressbar" X="11" Y="163" Width="-11" Height="20" />
+            <Button Name="ProgressCancelButton" X="-11" Y="-11" Width="75" Height="23" TabStop="yes" FontId="0">#(loc.ProgressCancelButton)</Button>
+        </Page>
+        <Page Name="Modify">
+            <ImageControl X="11" Y="11" Width="165" Height="400" ImageFile="logoside.png"/>
+            <Label X="185" Y="11" Width="-11" Height="32" FontId="2" DisablePrefix="yes">#(loc.ModifyHeader)</Label>
+            <Label Name="InstallVersion" X="11" Y="-11" Width="-11" Height="17" FontId="3" DisablePrefix="yes" VisibleCondition="WixStdBAShowVersion">#(loc.InstallVersion)</Label>
+            <Button Name="ModifyUpdateButton" X="11" Y="-11" Width="200" Height="23" TabStop="yes" FontId="0" EnableCondition="WixStdBAUpdateAvailable" HideWhenDisabled="yes">#(loc.UpdateButton)</Button>
+            <Button Name="RepairButton" X="-171" Y="-11" Width="75" Height="23" TabStop="yes" FontId="0" HideWhenDisabled="yes">#(loc.ModifyRepairButton)</Button>
+            <Button Name="UninstallButton" X="-91" Y="-11" Width="75" Height="23" TabStop="yes" FontId="0">#(loc.ModifyUninstallButton)</Button>
+            <Button Name="ModifyCancelButton" X="-11" Y="-11" Width="75" Height="23" TabStop="yes" FontId="0">
+                <Text>#(loc.ModifyCancelButton)</Text>
+                <CloseWindowAction />
+            </Button>
+        </Page>
+        <Page Name="Success">
+            <ImageControl X="11" Y="11" Width="165" Height="400" ImageFile="logoside.png"/>
+            <Label X="185" Y="11" Width="-11" Height="32" FontId="2" DisablePrefix="yes">
+                <Text>#(loc.SuccessHeader)</Text>
+                <Text Condition="WixBundleAction = 2">#(loc.SuccessLayoutHeader)</Text>
+                <Text Condition="WixBundleAction = 3">#(loc.SuccessUnsafeUninstallHeader)</Text>
+                <Text Condition="WixBundleAction = 4">#(loc.SuccessUninstallHeader)</Text>
+                <Text Condition="WixBundleAction = 5">#(loc.SuccessCacheHeader)</Text>
+                <Text Condition="WixBundleAction = 6">#(loc.SuccessInstallHeader)</Text>
+                <Text Condition="WixBundleAction = 7">#(loc.SuccessModifyHeader)</Text>
+                <Text Condition="WixBundleAction = 8">#(loc.SuccessRepairHeader)</Text>
+            </Label>
+            <Button Name="LaunchButton" X="-91" Y="-11" Width="75" Height="23" TabStop="yes" FontId="0" HideWhenDisabled="yes">#(loc.SuccessLaunchButton)</Button>
+            <Label X="185" Y="-51" Width="400" Height="34" FontId="3" DisablePrefix="yes" VisibleCondition="WixStdBARestartRequired">
+                <Text>#(loc.SuccessRestartText)</Text>
+                <Text Condition="WixBundleAction = 3">#(loc.SuccessUninstallRestartText)</Text>
+            </Label>
+            <Label Name="InstallVersion" X="11" Y="-11" Width="165" Height="17" FontId="3" DisablePrefix="yes" VisibleCondition="WixStdBAShowVersion">#(loc.InstallVersion)</Label>
+            <Button Name="SuccessRestartButton" X="-91" Y="-11" Width="75" Height="23" TabStop="yes" FontId="0" HideWhenDisabled="yes">#(loc.SuccessRestartButton)</Button>
+            <Button Name="SuccessCloseButton" X="-11" Y="-11" Width="75" Height="23" TabStop="yes" FontId="0">
+                <Text>#(loc.SuccessCloseButton)</Text>
+                <CloseWindowAction />
+            </Button>
+        </Page>
+        <Page Name="Failure">
+            <ImageControl X="11" Y="11" Width="165" Height="400" ImageFile="logoside.png"/>
+            <Label X="185" Y="11" Width="-11" Height="32" FontId="2" DisablePrefix="yes">
+                <Text>#(loc.FailureHeader)</Text>
+                <Text Condition="WixBundleAction = 2">#(loc.FailureLayoutHeader)</Text>
+                <Text Condition="WixBundleAction = 3">#(loc.FailureUnsafeUninstallHeader)</Text>
+                <Text Condition="WixBundleAction = 4">#(loc.FailureUninstallHeader)</Text>
+                <Text Condition="WixBundleAction = 5">#(loc.FailureCacheHeader)</Text>
+                <Text Condition="WixBundleAction = 6">#(loc.FailureInstallHeader)</Text>
+                <Text Condition="WixBundleAction = 7">#(loc.FailureModifyHeader)</Text>
+                <Text Condition="WixBundleAction = 8">#(loc.FailureRepairHeader)</Text>
+            </Label>
+            <Hypertext Name="FailureLogFileLink" X="185" Y="121" Width="-11" Height="68" FontId="3" TabStop="yes" HideWhenDisabled="yes">#(loc.FailureHyperlinkLogText)</Hypertext>
+            <Hypertext Name="FailureMessageText" X="185" Y="-115" Width="-11" Height="80" FontId="3" TabStop="yes" HideWhenDisabled="yes" />
+            <Label Name="InstallVersion" X="11" Y="-11" Width="165" Height="17" FontId="3" DisablePrefix="yes" VisibleCondition="WixStdBAShowVersion">#(loc.InstallVersion)</Label>
+            <Label X="185" Y="-57" Width="-11" Height="80" FontId="3" DisablePrefix="yes" VisibleCondition="WixStdBARestartRequired">#(loc.FailureRestartText)</Label>
+            <Button Name="FailureRestartButton" X="-91" Y="-11" Width="75" Height="23" TabStop="yes" FontId="0" HideWhenDisabled="yes">#(loc.FailureRestartButton)</Button>
+            <Button Name="FailureCloseButton" X="-11" Y="-11" Width="75" Height="23" TabStop="yes" FontId="0">
+                <Text>#(loc.FailureCloseButton)</Text>
+                <CloseWindowAction />
+            </Button>
+        </Page>
+    </Window>
+</Theme>
diff --git a/dist/win/launcher.bat b/dist/win/launcher.bat
index 8ab971dbb..0e6ec7042 100644
--- a/dist/win/launcher.bat
+++ b/dist/win/launcher.bat
@@ -6,9 +6,10 @@ java ^
 	-Dcryptomator.ipcSocketPath="~/AppData/Roaming/Cryptomator/ipc.socket" ^
 	-Dcryptomator.logDir="~/AppData/Roaming/Cryptomator" ^
 	-Dcryptomator.mountPointsDir="~/Cryptomator" ^
-	-Dcryptomator.keychainPath="~/AppData/Roaming/Cryptomator/keychain.json" ^
+	-Dcryptomator.integrationsWin.keychainPaths="~/AppData/Roaming/Cryptomator/keychain.json" ^
+	-Dcryptomator.integrationsWin.windowsHelloKeychainPaths="~/AppData/Roaming/Cryptomator/windowsHelloKeychain.json" ^
 	-Xss20m ^
 	-Xmx512m ^
 	--enable-preview `
 	--enable-native-access=org.cryptomator.jfuse.win `
-	-m org.cryptomator.desktop/org.cryptomator.launcher.Cryptomator
\ No newline at end of file
+	-m org.cryptomator.desktop/org.cryptomator.launcher.Cryptomator
diff --git a/dist/win/resources/customWizard.wxi b/dist/win/resources/customWizard.wxi
deleted file mode 100644
index ab25702ce..000000000
--- a/dist/win/resources/customWizard.wxi
+++ /dev/null
@@ -1,109 +0,0 @@
-<?xml version="1.0" encoding="utf-8"?>
-<Include>
-	<Fragment>
-		<!-- copy pasta from https://github.com/wixtoolset/wix3/blob/develop/src/ext/UIExtension/wixlib/WixUI_InstallDir.wxs with custom exit dialog-->
-		<UI Id="CustomWizard">
-			<TextStyle Id="WixUI_Font_Normal" FaceName="Tahoma" Size="8" />
-			<TextStyle Id="WixUI_Font_Bigger" FaceName="Tahoma" Size="12" />
-			<TextStyle Id="WixUI_Font_Title" FaceName="Tahoma" Size="9" Bold="yes" />
-
-			<Property Id="DefaultUIFont" Value="WixUI_Font_Normal" />
-			<Property Id="WixUI_Mode" Value="InstallDir" />
-
-			<DialogRef Id="BrowseDlg" />
-			<DialogRef Id="DiskCostDlg" />
-			<DialogRef Id="ErrorDlg" />
-			<DialogRef Id="FilesInUse" />
-			<DialogRef Id="MsiRMFilesInUse" />
-			<DialogRef Id="PrepareDlg" />
-			<DialogRef Id="ProgressDlg" />
-			<DialogRef Id="ResumeDlg" />
-			<DialogRef Id="UserExit" />
-
-			<Publish Dialog="BrowseDlg" Control="OK" Event="DoAction" Value="WixUIValidatePath" Order="3">1</Publish>
-			<Publish Dialog="BrowseDlg" Control="OK" Event="SpawnDialog" Value="InvalidDirDlg" Order="4"><![CDATA[NOT WIXUI_DONTVALIDATEPATH AND WIXUI_INSTALLDIR_VALID<>"1"]]></Publish>
-
-			<!-- custom end dialogs -->
-			<Publish Dialog="MyExitDialog" Control="Finish" Event="EndDialog" Value="Return" Order="999">1</Publish>
-			<Publish Dialog="MyFatalErrorDlg" Control="Finish" Event="EndDialog" Value="Return" Order="998">1</Publish>
-
-			<Publish Dialog="WelcomeDlg" Control="Next" Event="NewDialog" Value="LicenseAgreementDlg">NOT Installed</Publish>
-			<Publish Dialog="WelcomeDlg" Control="Next" Event="NewDialog" Value="VerifyReadyDlg">Installed AND PATCH</Publish>
-
-			<Publish Dialog="LicenseAgreementDlg" Control="Back" Event="NewDialog" Value="WelcomeDlg">1</Publish>
-			<Publish Dialog="LicenseAgreementDlg" Control="Next" Event="NewDialog" Value="InstallDirDlg">LicenseAccepted = "1"</Publish>
-
-			<Publish Dialog="InstallDirDlg" Control="Back" Event="NewDialog" Value="LicenseAgreementDlg">1</Publish>
-			<Publish Dialog="InstallDirDlg" Control="Next" Event="SetTargetPath" Value="[WIXUI_INSTALLDIR]" Order="1">1</Publish>
-			<Publish Dialog="InstallDirDlg" Control="Next" Event="DoAction" Value="WixUIValidatePath" Order="2">NOT WIXUI_DONTVALIDATEPATH</Publish>
-			<Publish Dialog="InstallDirDlg" Control="Next" Event="SpawnDialog" Value="InvalidDirDlg" Order="3"><![CDATA[NOT WIXUI_DONTVALIDATEPATH AND WIXUI_INSTALLDIR_VALID<>"1"]]></Publish>
-			<Publish Dialog="InstallDirDlg" Control="Next" Event="NewDialog" Value="VerifyReadyDlg" Order="4">WIXUI_DONTVALIDATEPATH OR WIXUI_INSTALLDIR_VALID="1"</Publish>
-			<Publish Dialog="InstallDirDlg" Control="ChangeFolder" Property="_BrowseProperty" Value="[WIXUI_INSTALLDIR]" Order="1">1</Publish>
-			<Publish Dialog="InstallDirDlg" Control="ChangeFolder" Event="SpawnDialog" Value="BrowseDlg" Order="2">1</Publish>
-
-			<Publish Dialog="VerifyReadyDlg" Control="Back" Event="NewDialog" Value="InstallDirDlg" Order="1">NOT Installed</Publish>
-			<Publish Dialog="VerifyReadyDlg" Control="Back" Event="NewDialog" Value="MaintenanceTypeDlg" Order="2">Installed AND NOT PATCH</Publish>
-			<Publish Dialog="VerifyReadyDlg" Control="Back" Event="NewDialog" Value="WelcomeDlg" Order="2">Installed AND PATCH</Publish>
-
-			<Publish Dialog="MaintenanceWelcomeDlg" Control="Next" Event="NewDialog" Value="MaintenanceTypeDlg">1</Publish>
-
-			<Publish Dialog="MaintenanceTypeDlg" Control="RepairButton" Event="NewDialog" Value="VerifyReadyDlg">1</Publish>
-			<Publish Dialog="MaintenanceTypeDlg" Control="RemoveButton" Event="NewDialog" Value="VerifyReadyDlg">1</Publish>
-			<Publish Dialog="MaintenanceTypeDlg" Control="Back" Event="NewDialog" Value="MaintenanceWelcomeDlg">1</Publish>
-
-			<Property Id="ARPNOMODIFY" Value="1" />
-
-			<!-- copy pasta from https://github.com/wixtoolset/wix3/blob/develop/src/ext/UIExtension/wixlib/ExitDialog.wxs with adjustments-->
-			<Dialog Id="MyExitDialog" Width="370" Height="270" Title="!(loc.ExitDialog_Title)">
-				<Control Id="Finish" Type="PushButton" X="236" Y="243" Width="56" Height="17" Default="yes" Cancel="yes" Text="!(loc.WixUIFinish)" />
-				<Control Id="Cancel" Type="PushButton" X="304" Y="243" Width="56" Height="17" Disabled="yes" Text="!(loc.WixUICancel)" />
-				<Control Id="Bitmap" Type="Bitmap" X="0" Y="0" Width="370" Height="234" TabSkip="no" Text="!(loc.ExitDialogBitmap)" />
-				<Control Id="Back" Type="PushButton" X="180" Y="243" Width="56" Height="17" Disabled="yes" Text="!(loc.WixUIBack)" />
-				<Control Id="BottomLine" Type="Line" X="0" Y="234" Width="370" Height="0" />
-				<Control Id="Description" Type="Text" X="135" Y="70" Width="220" Height="40" Transparent="yes" NoPrefix="yes" Text="!(loc.ExitDialogDescription)" />
-
-				<Control Id="Title" Type="Text" X="135" Y="20" Width="220" Height="60" Transparent="yes" NoPrefix="yes" Text="!(loc.ExitDialogTitle)" />
-				<!-- TODO: localize? -->
-				<Control Id="Suggestion" Type="Text" X="135" Y="100" Width="220" Height="60" Transparent="yes" NoPrefix="yes">
-					<Text>We recommend for the best user experience to download and install the following third party Windows driver:</Text>
-				</Control>
-				<Control Id="WinFsp" Type="Hyperlink" X="140" Y="125" Width="220" Height="60" Transparent="yes">
-					<Text><![CDATA[WinFsp (<a href="https://winfsp.dev/">Homepage</a>)]]></Text>
-				</Control>
-			</Dialog>
-
-			<!-- copy pasta from https://github.com/wixtoolset/wix3/blob/develop/src/ext/UIExtension/wixlib/FatalError.wxs with adjustments-->
-			<Dialog Id="MyFatalErrorDlg" Width="370" Height="270" Title="!(loc.FatalError_Title)">
-                <Control Id="Finish" Type="PushButton" X="236" Y="243" Width="56" Height="17" Default="yes" Cancel="yes" Text="!(loc.WixUIFinish)">
-                    <Publish Event="EndDialog" Value="Exit">1</Publish>
-                </Control>
-                <Control Id="Cancel" Type="PushButton" X="304" Y="243" Width="56" Height="17" Disabled="yes" Text="!(loc.WixUICancel)" />
-                <Control Id="Bitmap" Type="Bitmap" X="0" Y="0" Width="370" Height="234" TabSkip="no" Text="!(loc.FatalErrorBitmap)" />
-                <Control Id="Back" Type="PushButton" X="180" Y="243" Width="56" Height="17" Disabled="yes" Text="!(loc.WixUIBack)" />
-                <Control Id="BottomLine" Type="Line" X="0" Y="234" Width="370" Height="0" />
-                <Control Id="Title" Type="Text" X="135" Y="20" Width="220" Height="60" Transparent="yes" NoPrefix="yes" Text="!(loc.FatalErrorTitle)" />
-                <Control Id="Description" Type="Text" X="135" Y="70" Width="220" Height="80" Transparent="yes" NoPrefix="yes" Text="!(loc.FatalErrorDescription1) !(loc.FatalErrorDescription2)" />
-                <Control Id="DescriptionReason1" Type="Text" X="135" Y="160" Width="220" Height="20" Transparent="yes" NoPrefix="yes" Hidden="yes" >
-					<Text>Reason:</Text>
-                    <Condition Action="show">FOUNDRUNNINGAPP</Condition>
-                </Control>
-                <Control Id="DescriptionReason2" Type="Text" X="135" Y="170" Width="220" Height="40" Transparent="yes" NoPrefix="yes" Hidden="yes" >
-					<Text>Application to update was still running during installation.</Text>
-                    <Condition Action="show">FOUNDRUNNINGAPP</Condition>
-                </Control>
-            </Dialog>
-
-			<InstallUISequence>
-				<Show Dialog="MyExitDialog" Overridable="yes" OnExit="success"/>
-				<Show Dialog="MyFatalErrorDlg" Overridable="yes" OnExit="error"/>
-			</InstallUISequence>
-			<AdminUISequence>
-				<Show Dialog="MyExitDialog" Overridable="yes" OnExit="success"/>
-				<Show Dialog="MyFatalErrorDlg" Overridable="yes" OnExit="error"/>
-			</AdminUISequence>
-
-		</UI>
-
-		<UIRef Id="WixUI_Common" />
-	</Fragment>
-</Include>
\ No newline at end of file
diff --git a/dist/win/resources/main.wxs b/dist/win/resources/main.wxs
index 335dd3511..5616193a7 100644
--- a/dist/win/resources/main.wxs
+++ b/dist/win/resources/main.wxs
@@ -1,6 +1,5 @@
 <?xml version="1.0" encoding="utf-8"?>
-<Wix xmlns="http://schemas.microsoft.com/wix/2006/wi"
-     xmlns:util="http://schemas.microsoft.com/wix/UtilExtension">
+<ns0:Wix xmlns:ns0="http://wixtoolset.org/schemas/v4/wxs" xmlns:util="http://wixtoolset.org/schemas/v4/wxs/util" >
 
   <?ifdef JpIsSystemWide ?>
     <?define JpInstallScope="perMachine"?>
@@ -30,174 +29,165 @@
 
   <?include $(var.JpConfigDir)/overrides.wxi ?>
 
-  <Product
-    Id="$(var.JpProductCode)"
-    Name="$(var.JpAppName)"
-    Language="$(var.JpProductLanguage)"
-    Version="$(var.JpAppVersion)"
-    Manufacturer="$(var.JpAppVendor)"
-    UpgradeCode="$(var.JpProductUpgradeCode)">
+  <ns0:Package
+   Name="$(var.JpAppName)"
+   Language="$(var.JpProductLanguage)"
+   Version="$(var.JpAppVersion)"
+   Manufacturer="$(var.JpAppVendor)"
+   UpgradeCode="$(var.JpProductUpgradeCode)"
+   InstallerVersion="$(var.JpInstallerVersion)"
+   Compressed="$(var.JpCompressedMsi)"
+   ProductCode="$(var.JpProductCode)"
+   Scope="$(var.JpInstallScope)">
 
-    <Package
-      Description="$(var.JpAppDescription)"
-      Manufacturer="$(var.JpAppVendor)"
-      InstallerVersion="$(var.JpInstallerVersion)"
-      Compressed="$(var.JpCompressedMsi)"
-      InstallScope="$(var.JpInstallScope)" Platform="x64"
-    />
+    <ns0:SummaryInformation Manufacturer="$(var.JpAppVendor)" Description="$(var.JpAppDescription)"/>
+    <ns0:Media Id="1" Cabinet="Data.cab" EmbedCab="yes" />
 
-    <Media Id="1" Cabinet="Data.cab" EmbedCab="yes" />
 
-    <Upgrade Id="$(var.JpProductUpgradeCode)">
-      <UpgradeVersion
-        OnlyDetect="$(var.JpUpgradeVersionOnlyDetectUpgrade)"
-        Property="JP_UPGRADABLE_FOUND"
-        Maximum="$(var.JpAppVersion)"
-        MigrateFeatures="yes"
-        IncludeMaximum="yes" />  <!-- TODO: check if this needs to be set to yes-->
-      <UpgradeVersion
-        OnlyDetect="$(var.JpUpgradeVersionOnlyDetectDowngrade)"
-        Property="JP_DOWNGRADABLE_FOUND"
-        Minimum="$(var.JpAppVersion)"
-        MigrateFeatures="yes"
-        IncludeMinimum="$(var.JpUpgradeVersionOnlyDetectDowngrade)" />
-    </Upgrade>
+    <ns0:Upgrade Id="$(var.JpProductUpgradeCode)">
+      <ns0:UpgradeVersion
+       OnlyDetect="$(var.JpUpgradeVersionOnlyDetectUpgrade)"
+       Property="JP_UPGRADABLE_FOUND"
+       Maximum="$(var.JpAppVersion)"
+       MigrateFeatures="yes"
+       IncludeMaximum="$(var.JpUpgradeVersionOnlyDetectUpgrade)"/> <!-- TODO in earlier versions, this was set to yes-->
+      <ns0:UpgradeVersion
+       OnlyDetect="$(var.JpUpgradeVersionOnlyDetectDowngrade)"
+       Property="JP_DOWNGRADABLE_FOUND"
+       Minimum="$(var.JpAppVersion)"
+       MigrateFeatures="yes"
+       IncludeMinimum="$(var.JpUpgradeVersionOnlyDetectDowngrade)" />
+    </ns0:Upgrade>
 
     <?ifndef JpAllowUpgrades ?>
-    <CustomAction Id="JpDisallowUpgrade" Error="!(loc.DisallowUpgradeErrorMessage)" />
+    <ns0:CustomAction Id="JpDisallowUpgrade" Error="!(loc.DisallowUpgradeErrorMessage)" />
     <?endif?>
     <?ifndef JpAllowDowngrades ?>
-    <CustomAction Id="JpDisallowDowngrade" Error="!(loc.DowngradeErrorMessage)" />
+    <ns0:CustomAction Id="JpDisallowDowngrade" Error="!(loc.DowngradeErrorMessage)" />
     <?endif?>
 
-    <Binary Id="JpCaDll" SourceFile="$(env.JP_WIXHELPER_DIR)\wixhelper.dll"/>
-    <CustomAction Id="JpFindRelatedProducts" BinaryKey="JpCaDll" DllEntry="FindRelatedProductsEx" />
+    <!-- TODO: how does this work again? -->
+    <ns0:Binary Id="JpCaDll" SourceFile="$(env.JP_WIXHELPER_DIR)\wixhelper.dll" />
+    <ns0:CustomAction Id="JpFindRelatedProducts" BinaryRef="JpCaDll" DllEntry="FindRelatedProductsEx" />
 
     <?ifndef SkipCryptomatorLegacyCheck ?>
       <!-- Block installation if innosetup entry of Cryptomator is found -->
-      <Property Id="OLDEXEINSTALLER">
-        <RegistrySearch Id="InnoSetupInstallation" Root="HKLM" Key="Software\Microsoft\Windows\CurrentVersion\Uninstall\Cryptomator_is1" Type="raw" Name="DisplayName" />
-      </Property>
+      <ns0:Property Id="OLDEXEINSTALLER">
+        <ns0:RegistrySearch Id="InnoSetupInstallation" Root="HKLM" Key="Software\Microsoft\Windows\CurrentVersion\Uninstall\Cryptomator_is1" Type="raw" Name="DisplayName" />
+      </ns0:Property>
       <!-- TODO: localize -->
-      <Condition Message="A lower version of [ProductName] is already installed. Uninstall it first and then start the setup again. Setup will now exit.">
-          <![CDATA[Installed OR NOT OLDEXEINSTALLER]]>
-      </Condition>
+      <ns0:Launch Message="A lower version of [ProductName] is already installed. Uninstall it first and then start the setup again. Setup will now exit." Condition="Installed OR NOT OLDEXEINSTALLER" />
     <?endif?>
     <!-- Cryptomator uses UNIX Sockets, which are supported starting with Windows 10 v1803-->
-    <Property Id="WINDOWSBUILDNUMBER" Secure="yes">
-      <RegistrySearch Id="BuildNumberSearch" Root="HKLM" Key="SOFTWARE\Microsoft\Windows NT\CurrentVersion" Name="CurrentBuildNumber" Type="raw" />
-    </Property>
-    <Condition Message="This application requires Windows 10 version 1803 (build 17134) or newer.">
-      <![CDATA[Installed OR (WINDOWSBUILDNUMBER >= 17134)]]>
-    </Condition>
+    <ns0:Property Id="WINDOWSBUILDNUMBER" Secure="yes">
+      <ns0:RegistrySearch Id="BuildNumberSearch" Root="HKLM" Key="SOFTWARE\Microsoft\Windows NT\CurrentVersion" Name="CurrentBuildNumber" Type="raw" />
+    </ns0:Property>
+    <ns0:Launch Message="This application requires Windows 10 version 1803 (build 17134) or newer." Condition="Installed OR (WINDOWSBUILDNUMBER >= 17134)" />
 
     <!-- Non-Opening ProgID -->
-    <DirectoryRef Id="INSTALLDIR">
-        <Component Win64="yes" Id="nonStartingProgID" >
-          <File Id="IconFileForEncryptedData" KeyPath="yes" Source="$(env.JP_WIXWIZARD_RESOURCES)\$(var.IconFileEncryptedData)" Name="$(var.IconFileEncryptedData)"></File>
-          <ProgId Id="$(var.JpAppName).Encrypted.1" Description="$(var.JpAppName) Encrypted Data" Icon="IconFileForEncryptedData" IconIndex="0">
-            <Extension Id="c9r" Advertise="no" ContentType="$(var.ProgIdContentType)">
-              <MIME ContentType="$(var.ProgIdContentType)" Default="yes"></MIME>
-            </Extension>
-            <Extension Id="c9s" Advertise="no" ContentType="$(var.ProgIdContentType)"/>
-          </ProgId>
-        </Component>
-    </DirectoryRef>
+    <ns0:DirectoryRef Id="INSTALLDIR">
+        <ns0:Component Bitness="always64" Id="nonStartingProgID" >
+          <ns0:File Id="IconFileForEncryptedData" KeyPath="yes" Source="$(env.JP_WIXWIZARD_RESOURCES)\$(var.IconFileEncryptedData)" Name="$(var.IconFileEncryptedData)"/>
+          <ns0:ProgId Id="$(var.JpAppName).Encrypted.1" Description="$(var.JpAppName) Encrypted Data" Icon="IconFileForEncryptedData" IconIndex="0">
+            <ns0:Extension Id="c9r" Advertise="no" ContentType="$(var.ProgIdContentType)">
+              <ns0:MIME ContentType="$(var.ProgIdContentType)" Default="yes"/>
+            </ns0:Extension>
+            <ns0:Extension Id="c9s" Advertise="no" ContentType="$(var.ProgIdContentType)"/>
+          </ns0:ProgId>
+        </ns0:Component>
+    </ns0:DirectoryRef>
 
     <!-- Standard required root -->
-    <Directory Id="TARGETDIR" Name="SourceDir"/>
 
-    <Feature Id="DefaultFeature" Title="!(loc.MainFeatureTitle)" Level="1">
-      <ComponentGroupRef Id="Shortcuts"/>
-      <ComponentGroupRef Id="Files"/>
-      <ComponentGroupRef Id="FileAssociations"/>
+    <ns0:Feature Id="DefaultFeature" Title="!(loc.MainFeatureTitle)" Level="1">
+      <ns0:ComponentGroupRef Id="Shortcuts"/>
+      <ns0:ComponentGroupRef Id="Files"/>
+      <ns0:ComponentGroupRef Id="FileAssociations"/>
       <!-- Ref to additional ProgIDs -->
-      <ComponentRef Id="nonStartingProgID" />
-    </Feature>
+      <ns0:ComponentRef Id="nonStartingProgID" />
+    </ns0:Feature>
 
-    <CustomAction Id="JpSetARPINSTALLLOCATION" Property="ARPINSTALLLOCATION" Value="[INSTALLDIR]" />
-    <CustomAction Id="JpSetARPCOMMENTS" Property="ARPCOMMENTS" Value="$(var.JpAppDescription)" />
-    <CustomAction Id="JpSetARPCONTACT" Property="ARPCONTACT" Value="$(var.JpAppVendor)" />
-    <CustomAction Id="JpSetARPSIZE" Property="ARPSIZE" Value="$(var.JpAppSizeKb)" />
+    <ns0:CustomAction Id="JpSetARPINSTALLLOCATION" Property="ARPINSTALLLOCATION" Value="[INSTALLDIR]" />
+    <ns0:CustomAction Id="JpSetARPCOMMENTS" Property="ARPCOMMENTS" Value="$(var.JpAppDescription)" />
+    <ns0:CustomAction Id="JpSetARPCONTACT" Property="ARPCONTACT" Value="$(var.JpAppVendor)" />
+    <ns0:CustomAction Id="JpSetARPSIZE" Property="ARPSIZE" Value="$(var.JpAppSizeKb)" />
 
     <?ifdef JpHelpURL ?>
-      <CustomAction Id="JpSetARPHELPLINK" Property="ARPHELPLINK" Value="$(var.JpHelpURL)" />
+      <ns0:CustomAction Id="JpSetARPHELPLINK" Property="ARPHELPLINK" Value="$(var.JpHelpURL)" />
     <?endif?>
 
     <?ifdef JpAboutURL ?>
-      <CustomAction Id="JpSetARPURLINFOABOUT" Property="ARPURLINFOABOUT" Value="$(var.JpAboutURL)" />
+      <ns0:CustomAction Id="JpSetARPURLINFOABOUT" Property="ARPURLINFOABOUT" Value="$(var.JpAboutURL)" />
     <?endif?>
 
     <?ifdef JpUpdateURL ?>
-      <CustomAction Id="JpSetARPURLUPDATEINFO" Property="ARPURLUPDATEINFO" Value="$(var.JpUpdateURL)" />
+      <ns0:CustomAction Id="JpSetARPURLUPDATEINFO" Property="ARPURLUPDATEINFO" Value="$(var.JpUpdateURL)" />
     <?endif?>
 
-    <Property Id="WixQuietExec64CmdTimeout" Value="20" />
+    <ns0:Property Id="WixQuietExec64CmdTimeout" Value="20" />
     <!-- Note for custom actions: Immediate CAs run BEFORE the files are installed, hence if you depend on installed files, the CAs must be deferred.-->
     <!-- WebDAV patches -->
-    <SetProperty Id="PatchWebDAV" Value="&quot;[INSTALLDIR]patchWebDAV.bat&quot;"
-            Sequence="execute" Before="PatchWebDAV" />
-    <CustomAction Id="PatchWebDAV" BinaryKey="WixCA" DllEntry="WixQuietExec64" Execute="deferred" Return="ignore" Impersonate="no"/>
+    <ns0:SetProperty Id="PatchWebDAV" Value="&quot;[INSTALLDIR]patchWebDAV.bat&quot;" Sequence="execute" Before="PatchWebDAV" />
+    <ns0:CustomAction Id="PatchWebDAV" BinaryRef="Wix4UtilCA_$(sys.BUILDARCHSHORT)" DllEntry="WixQuietExec" Execute="deferred" Return="ignore" Impersonate="no"/>
 
     <!-- Running App detection and exit -->
-    <Property Id="FOUNDRUNNINGAPP" Admin="yes"/>
+    <ns0:Property Id="FOUNDRUNNINGAPP" Admin="yes"/>
     <util:CloseApplication
-      Target="$(var.CloseApplicationTarget)"
-      Id="Close$(var.JpAppName)"
-      CloseMessage="no"
-      RebootPrompt="no"
-      PromptToContinue="yes"
-      Description="A running instance of $(var.JpAppName) is found, using files marked for update. Please close it to continue."
-      Property="FOUNDRUNNINGAPP"
-      >
-    </util:CloseApplication>
-    <CustomAction Id="FailOnRunningApp" Error="Installation aborted, because files marked for update are used by a running instance of $(var.JpAppName)."/>
+     Target="$(var.CloseApplicationTarget)"
+     Id="Close$(var.JpAppName)"
+     CloseMessage="no"
+     RebootPrompt="no"
+     PromptToContinue="yes"
+     Description="A running instance of $(var.JpAppName) is found, using files marked for update. Please close it to continue."
+     Property="FOUNDRUNNINGAPP"
+     />
+    <ns0:CustomAction Id="FailOnRunningApp" Error="Installation aborted, because files marked for update are used by a running instance of $(var.JpAppName)."/>
 
     <?ifdef JpIcon ?>
-    <Property Id="ARPPRODUCTICON" Value="JpARPPRODUCTICON"/>
-    <Icon Id="JpARPPRODUCTICON" SourceFile="$(var.JpIcon)"/>
+    <ns0:Property Id="ARPPRODUCTICON" Value="JpARPPRODUCTICON"/>
+    <ns0:Icon Id="JpARPPRODUCTICON" SourceFile="$(var.JpIcon)"/>
     <?endif?>
 
-    <UIRef Id="JpUI"/>
+    <ns0:UIRef Id="JpUI"/>
 
-    <InstallExecuteSequence>
-      <Custom Action="JpSetARPINSTALLLOCATION" After="CostFinalize">Not Installed</Custom>
-      <Custom Action="JpSetARPCOMMENTS" After="CostFinalize">Not Installed</Custom>
-      <Custom Action="JpSetARPCONTACT" After="CostFinalize">Not Installed</Custom>
-      <Custom Action="JpSetARPSIZE" After="CostFinalize">Not Installed</Custom>
+    <ns0:InstallExecuteSequence>
+      <ns0:Custom Action="JpSetARPINSTALLLOCATION" After="CostFinalize" Condition="Not Installed" />
+      <ns0:Custom Action="JpSetARPCOMMENTS" After="CostFinalize" Condition="Not Installed" />
+      <ns0:Custom Action="JpSetARPCONTACT" After="CostFinalize" Condition="Not Installed" />
+      <ns0:Custom Action="JpSetARPSIZE" After="CostFinalize" Condition="Not Installed" />
       <?ifdef JpHelpURL ?>
-        <Custom Action="JpSetARPHELPLINK" After="CostFinalize">Not Installed</Custom>
+        <ns0:Custom Action="JpSetARPHELPLINK" After="CostFinalize" Condition="Not Installed" />
       <?endif?>
       <?ifdef JpAboutURL ?>
-        <Custom Action="JpSetARPURLINFOABOUT" After="CostFinalize">Not Installed</Custom>
+        <ns0:Custom Action="JpSetARPURLINFOABOUT" After="CostFinalize" Condition="Not Installed" />
       <?endif?>
       <?ifdef JpUpdateURL ?>
-        <Custom Action="JpSetARPURLUPDATEINFO" After="CostFinalize">Not Installed</Custom>
+        <ns0:Custom Action="JpSetARPURLUPDATEINFO" After="CostFinalize" Condition="Not Installed" />
       <?endif?>
 
       <?ifndef JpAllowUpgrades ?>
-      <Custom Action="JpDisallowUpgrade" After="JpFindRelatedProducts">JP_UPGRADABLE_FOUND</Custom>
+      <ns0:Custom Action="JpDisallowUpgrade" After="JpFindRelatedProducts" Condition="JP_UPGRADABLE_FOUND"/>
       <?endif?>
       <?ifndef JpAllowDowngrades ?>
-      <Custom Action="JpDisallowDowngrade" After="JpFindRelatedProducts">JP_DOWNGRADABLE_FOUND</Custom>
+      <ns0:Custom Action="JpDisallowDowngrade" After="JpFindRelatedProducts" Condition="JP_DOWNGRADABLE_FOUND" />
       <?endif?>
-      <Custom Action="JpFindRelatedProducts" After="FindRelatedProducts"/>
+      <ns0:Custom Action="JpFindRelatedProducts" After="FindRelatedProducts"/>
 
       <!-- Check and fail if Cryptomator is running -->
-      <Custom Action="WixCloseApplications" Before="InstallValidate"></Custom>
-      <Custom Action="FailOnRunningApp" After="WixCloseApplications" >FOUNDRUNNINGAPP</Custom>
+      <ns0:Custom Action="override Wix4CloseApplications_$(sys.BUILDARCHSHORT)" Before="InstallValidate" />
+      <ns0:Custom Action="FailOnRunningApp" After="Wix4CloseApplications_$(sys.BUILDARCHSHORT)" Condition="FOUNDRUNNINGAPP" />
 
-      <RemoveExistingProducts After="InstallValidate"/> <!-- Moved from CostInitialize, due to WixCloseApplications -->
+      <ns0:RemoveExistingProducts After="InstallValidate"/> <!-- Moved from CostInitialize, due to Wix4CloseApplications_* -->
+      <!-- Skip action on uninstall -->
+      <!-- TODO: don't skip action, but remove cryptomator alias from hosts file -->
+      <ns0:Custom Action="PatchWebDAV" After="InstallFiles" Condition="NOT (Installed AND (NOT REINSTALL) AND (NOT UPGRADINGPRODUCTCODE) AND REMOVE)"/>
+    </ns0:InstallExecuteSequence>
 
-      <Custom Action="PatchWebDAV" After="InstallFiles">NOT Installed OR REINSTALL</Custom>
-    </InstallExecuteSequence>
+    <ns0:InstallUISequence>
+      <ns0:Custom Action="JpFindRelatedProducts" After="FindRelatedProducts"/>
+    </ns0:InstallUISequence>
 
-    <InstallUISequence>
-      <Custom Action="JpFindRelatedProducts" After="FindRelatedProducts"/>
-    </InstallUISequence>
-
-    <WixVariable Id="WixUIBannerBmp" Value="$(env.JP_WIXWIZARD_RESOURCES)\banner.bmp" />
-    <WixVariable Id="WixUIDialogBmp" Value="$(env.JP_WIXWIZARD_RESOURCES)\background.bmp" />
-  </Product>
-
-</Wix>
+    <ns0:WixVariable Id="WixUIBannerBmp" Value="$(env.JP_WIXWIZARD_RESOURCES)\banner.bmp" />
+    <ns0:WixVariable Id="WixUIDialogBmp" Value="$(env.JP_WIXWIZARD_RESOURCES)\background.bmp" />
+  </ns0:Package>
+</ns0:Wix>
diff --git a/dist/win/resources/overrides.wxi b/dist/win/resources/overrides.wxi
index c4c946868..a5580e5f0 100644
--- a/dist/win/resources/overrides.wxi
+++ b/dist/win/resources/overrides.wxi
@@ -47,4 +47,4 @@ Legacy Installation settings:
 - SkipCryptomatorLegacyCheck
 Should be defined to disable checking for the inno setup installation of Cryptomator and undefined, to enable it.
  -->
-<Include/>
+<ns0:Include xmlns:ns0="http://wixtoolset.org/schemas/v4/wxs"></ns0:Include>
diff --git a/dist/win/resources/ui.wxf b/dist/win/resources/ui.wxf
deleted file mode 100644
index 0aadc0b05..000000000
--- a/dist/win/resources/ui.wxf
+++ /dev/null
@@ -1,16 +0,0 @@
-<?xml version="1.0" ?>
-<Wix xmlns="http://schemas.microsoft.com/wix/2006/wi" xmlns:util="http://schemas.microsoft.com/wix/UtilExtension">
-  <Fragment>
-    <Property Id="WIXUI_INSTALLDIR" Value="INSTALLDIR"></Property>
-    <WixVariable Id="WixUILicenseRtf" Value="$(var.JpLicenseRtf)"></WixVariable>
-    <UI Id="JpUI">
-      <UIRef Id="CustomWizard" />
-      <DialogRef Id="InstallDirNotEmptyDlg"></DialogRef>
-      <Publish Dialog="ShortcutPromptDlg" Control="Back" Event="NewDialog" Value="InstallDirDlg">1</Publish>
-      <Publish Dialog="ShortcutPromptDlg" Control="Next" Event="NewDialog" Value="VerifyReadyDlg">1</Publish>
-      <Publish Dialog="VerifyReadyDlg" Control="Back" Event="NewDialog" Value="ShortcutPromptDlg" Order="6">NOT Installed</Publish>
-      <UIRef Id="CustomWizard" />
-    </UI>
-  </Fragment>
-  <?include $(env.JP_WIXWIZARD_RESOURCES)\customWizard.wxi ?>
-</Wix>
\ No newline at end of file
diff --git a/pom.xml b/pom.xml
index fd3a8cd0b..62d1eb2d3 100644
--- a/pom.xml
+++ b/pom.xml
@@ -3,7 +3,7 @@
 	<modelVersion>4.0.0</modelVersion>
 	<groupId>org.cryptomator</groupId>
 	<artifactId>cryptomator</artifactId>
-	<version>1.16.2</version>
+	<version>1.17.0</version>
 	<name>Cryptomator Desktop App</name>
 
 	<organization>
@@ -26,7 +26,7 @@
 
 	<properties>
 		<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
-		<project.jdk.version>23</project.jdk.version>
+		<project.jdk.version>24</project.jdk.version>
 
 		<!-- Group IDs of jars that need to stay on the class path for now -->
 		<!-- remove them, as soon they got modularized or support is dropped (i.e., WebDAV) -->
@@ -34,19 +34,19 @@
 
 		<!-- cryptomator dependencies -->
 		<cryptomator.cryptofs.version>2.9.0</cryptomator.cryptofs.version>
-		<cryptomator.integrations.version>1.5.1</cryptomator.integrations.version>
-		<cryptomator.integrations.win.version>1.3.0</cryptomator.integrations.win.version>
-		<cryptomator.integrations.mac.version>1.3.2</cryptomator.integrations.mac.version>
-		<cryptomator.integrations.linux.version>1.5.3</cryptomator.integrations.linux.version>
+		<cryptomator.integrations.version>1.6.0</cryptomator.integrations.version>
+		<cryptomator.integrations.win.version>1.5.0</cryptomator.integrations.win.version>
+		<cryptomator.integrations.mac.version>1.4.0</cryptomator.integrations.mac.version>
+		<cryptomator.integrations.linux.version>1.6.0</cryptomator.integrations.linux.version>
 		<cryptomator.fuse.version>5.0.5</cryptomator.fuse.version>
 		<cryptomator.webdav.version>2.0.10</cryptomator.webdav.version>
 
 		<!-- 3rd party dependencies -->
 		<commons-lang3.version>3.17.0</commons-lang3.version>
-		<dagger.version>2.56.1</dagger.version>
+		<dagger.version>2.56.2</dagger.version>
 		<easybind.version>2.2</easybind.version>
-		<jackson.version>2.18.3</jackson.version>
-		<javafx.version>23.0.2</javafx.version>
+		<jackson.version>2.19.1</jackson.version>
+		<javafx.version>24.0.1</javafx.version>
 		<jwt.version>4.5.0</jwt.version>
 		<nimbus-jose.version>9.37.3</nimbus-jose.version>
 		<logback.version>1.5.18</logback.version>
@@ -55,13 +55,13 @@
 		<zxcvbn.version>1.9.0</zxcvbn.version>
 
 		<!-- test dependencies -->
-		<junit.jupiter.version>5.12.2</junit.jupiter.version>
-		<mockito.version>5.17.0</mockito.version>
+		<junit.jupiter.version>5.13.1</junit.jupiter.version>
+		<mockito.version>5.18.0</mockito.version>
 		<hamcrest.version>3.0</hamcrest.version>
 
 		<!-- build-time dependencies -->
 		<jetbrains.annotations.version>26.0.2</jetbrains.annotations.version>
-		<dependency-check.version>12.1.1</dependency-check.version>
+		<dependency-check.version>12.1.3</dependency-check.version>
 		<jacoco.version>0.8.13</jacoco.version>
 		<license-generator.version>2.5.0</license-generator.version>
 		<junit-tree-reporter.version>1.4.0</junit-tree-reporter.version>
@@ -225,7 +225,7 @@
 		<dependency>
 			<groupId>com.github.ben-manes.caffeine</groupId>
 			<artifactId>caffeine</artifactId>
-			<version>3.2.0</version>
+			<version>3.2.1</version>
 		</dependency>
 		<!-- JUnit / Mockito / Hamcrest -->
 		<dependency>
@@ -358,7 +358,7 @@
 					<consoleOutputReporter>
 						<disable>true</disable>
 					</consoleOutputReporter>
-					<argLine>@{surefire.jacoco.args} -javaagent:${org.mockito:mockito-core:jar}</argLine>
+					<argLine>@{surefire.jacoco.args} -javaagent:${org.mockito:mockito-core:jar} --enable-native-access=javafx.graphics</argLine>
 					<statelessTestsetInfoReporter
 							implementation="org.apache.maven.plugin.surefire.extensions.junit5.JUnit5StatelessTestsetInfoTreeReporter">
 					</statelessTestsetInfoReporter>
diff --git a/src/main/java/org/cryptomator/common/Environment.java b/src/main/java/org/cryptomator/common/Environment.java
index 981b3729b..39214e626 100644
--- a/src/main/java/org/cryptomator/common/Environment.java
+++ b/src/main/java/org/cryptomator/common/Environment.java
@@ -23,6 +23,7 @@ public class Environment {
 	private static final String SETTINGS_PATH_PROP_NAME = "cryptomator.settingsPath";
 	private static final String IPC_SOCKET_PATH_PROP_NAME = "cryptomator.ipcSocketPath";
 	private static final String KEYCHAIN_PATHS_PROP_NAME = "cryptomator.integrationsWin.keychainPaths";
+	private static final String WINDOWS_HELLO_KEYCHAIN_PATHS_PROP_NAME = "cryptomator.integrationsWin.windowsHelloKeychainPaths";
 	private static final String P12_PATH_PROP_NAME = "cryptomator.p12Path";
 	private static final String LOG_DIR_PROP_NAME = "cryptomator.logDir";
 	private static final String LOOPBACK_ALIAS_PROP_NAME = "cryptomator.loopbackAlias";
@@ -45,6 +46,7 @@ public class Environment {
 		logCryptomatorSystemProperty(SETTINGS_PATH_PROP_NAME);
 		logCryptomatorSystemProperty(IPC_SOCKET_PATH_PROP_NAME);
 		logCryptomatorSystemProperty(KEYCHAIN_PATHS_PROP_NAME);
+		logCryptomatorSystemProperty(WINDOWS_HELLO_KEYCHAIN_PATHS_PROP_NAME);
 		logCryptomatorSystemProperty(P12_PATH_PROP_NAME);
 		logCryptomatorSystemProperty(LOG_DIR_PROP_NAME);
 		logCryptomatorSystemProperty(LOOPBACK_ALIAS_PROP_NAME);
@@ -85,6 +87,10 @@ public class Environment {
 		return getPaths(KEYCHAIN_PATHS_PROP_NAME);
 	}
 
+	public Stream<Path> getWindowsHelloKeychainPath() {
+		return getPaths(WINDOWS_HELLO_KEYCHAIN_PATHS_PROP_NAME);
+	}
+
 	public Stream<Path> getP12Path() {
 		return getPaths(P12_PATH_PROP_NAME);
 	}
diff --git a/src/main/java/org/cryptomator/common/keychain/KeychainManager.java b/src/main/java/org/cryptomator/common/keychain/KeychainManager.java
index 04a46e742..2ac356f9e 100644
--- a/src/main/java/org/cryptomator/common/keychain/KeychainManager.java
+++ b/src/main/java/org/cryptomator/common/keychain/KeychainManager.java
@@ -42,25 +42,11 @@ public class KeychainManager implements KeychainAccessProvider {
 		return result;
 	}
 
-	@Override
-	public String displayName() {
-		return getClass().getName();
-	}
-
 	@Override
 	public void storePassphrase(String key, String displayName, CharSequence passphrase) throws KeychainAccessException {
-		storePassphrase(key, displayName, passphrase, true);
-	}
-
-	//TODO: remove ignored parameter once the API is fixed
-	@Override
-	public void storePassphrase(String key, String displayName, CharSequence passphrase, boolean ignored) throws KeychainAccessException {
 		try {
 			lock.writeLock().lock();
-			var kc = getKeychainOrFail();
-			//this is the only keychain actually using the parameter
-			var usesOSAuth = (kc.getClass().getName().equals("org.cryptomator.macos.keychain.TouchIdKeychainAccess"));
-			kc.storePassphrase(key, displayName, passphrase, usesOSAuth);
+			getKeychainOrFail().storePassphrase(key, displayName, passphrase);
 		} finally {
 			lock.writeLock().unlock();
 		}
diff --git a/src/main/java/org/cryptomator/common/settings/Settings.java b/src/main/java/org/cryptomator/common/settings/Settings.java
index 907d99885..b382cd1ac 100644
--- a/src/main/java/org/cryptomator/common/settings/Settings.java
+++ b/src/main/java/org/cryptomator/common/settings/Settings.java
@@ -44,7 +44,7 @@ public class Settings {
 	@Deprecated // to be changed to "whatever is available" eventually
 	static final String DEFAULT_KEYCHAIN_PROVIDER = SystemUtils.IS_OS_WINDOWS ? "org.cryptomator.windows.keychain.WindowsProtectedKeychainAccess" : //
 			SystemUtils.IS_OS_MAC ? "org.cryptomator.macos.keychain.MacSystemKeychainAccess" : //
-					"org.cryptomator.linux.keychain.SecretServiceKeychainAccess";
+					"org.cryptomator.linux.keychain.GnomeKeyringKeychainAccess";
 	static final String DEFAULT_QUICKACCESS_SERVICE = SystemUtils.IS_OS_WINDOWS ? "org.cryptomator.windows.quickaccess.ExplorerQuickAccessService" : //
 			SystemUtils.IS_OS_LINUX ? "org.cryptomator.linux.quickaccess.NautilusBookmarks" : null;
 
@@ -147,6 +147,11 @@ public class Settings {
 
 	@SuppressWarnings("deprecation")
 	private void migrateLegacySettings(SettingsJson json) {
+		// migrate renamed keychainAccess
+		if(this.keychainProvider.getValueSafe().equals("org.cryptomator.linux.keychain.SecretServiceKeychainAccess")) {
+			this.keychainProvider.setValue("org.cryptomator.linux.keychain.GnomeKeyringKeychainAccess");
+		}
+
 		// implicit migration of 1.6.x legacy setting "preferredVolumeImpl":
 		if (this.mountService.get() == null && json.preferredVolumeImpl != null) {
 			this.mountService.set(switch (json.preferredVolumeImpl) {
diff --git a/src/main/java/org/cryptomator/common/vaults/VaultListManager.java b/src/main/java/org/cryptomator/common/vaults/VaultListManager.java
index c362ca0c0..6dacfcb8a 100644
--- a/src/main/java/org/cryptomator/common/vaults/VaultListManager.java
+++ b/src/main/java/org/cryptomator/common/vaults/VaultListManager.java
@@ -9,6 +9,7 @@
 package org.cryptomator.common.vaults;
 
 import org.apache.commons.lang3.SystemUtils;
+import org.cryptomator.common.Constants;
 import org.cryptomator.common.settings.Settings;
 import org.cryptomator.common.settings.VaultSettings;
 import org.cryptomator.cryptofs.CryptoFileSystemProvider;
@@ -35,6 +36,7 @@ import static org.cryptomator.common.Constants.MASTERKEY_FILENAME;
 import static org.cryptomator.common.Constants.VAULTCONFIG_FILENAME;
 import static org.cryptomator.common.vaults.VaultState.Value.ERROR;
 import static org.cryptomator.common.vaults.VaultState.Value.LOCKED;
+import static org.cryptomator.common.vaults.VaultState.Value.NEEDS_MIGRATION;
 
 @Singleton
 public class VaultListManager {
@@ -104,7 +106,7 @@ public class VaultListManager {
 		vaultList.addAll(vaults);
 	}
 
-	private Optional<Vault> get(Path vaultPath) {
+	public Optional<Vault> get(Path vaultPath) {
 		assert vaultPath.isAbsolute();
 		assert vaultPath.normalize().equals(vaultPath);
 		return vaultList.stream() //
@@ -115,13 +117,15 @@ public class VaultListManager {
 	private Vault create(VaultSettings vaultSettings) {
 		var wrapper = new VaultConfigCache(vaultSettings);
 		try {
-			if (Objects.isNull(vaultSettings.lastKnownKeyLoader.get())) {
-				var keyIdScheme = wrapper.get().getKeyId().getScheme();
-				vaultSettings.lastKnownKeyLoader.set(keyIdScheme);
-			}
 			var vaultState = determineVaultState(vaultSettings.path.get());
 			if (vaultState == LOCKED) { //for legacy reasons: pre v8 vault do not have a config, but they are in the NEEDS_MIGRATION state
 				wrapper.reloadConfig();
+				if (Objects.isNull(vaultSettings.lastKnownKeyLoader.get())) {
+					var keyIdScheme = wrapper.get().getKeyId().getScheme();
+					vaultSettings.lastKnownKeyLoader.set(keyIdScheme);
+				}
+			} else if (vaultState == NEEDS_MIGRATION) {
+				vaultSettings.lastKnownKeyLoader.set(Constants.DEFAULT_KEY_ID.toString());
 			}
 			return vaultComponentFactory.create(vaultSettings, wrapper, vaultState, null).vault();
 		} catch (IOException e) {
diff --git a/src/main/java/org/cryptomator/logging/LogbackConfigurator.java b/src/main/java/org/cryptomator/logging/LogbackConfigurator.java
index 3b77993cc..7e8b9e6c4 100644
--- a/src/main/java/org/cryptomator/logging/LogbackConfigurator.java
+++ b/src/main/java/org/cryptomator/logging/LogbackConfigurator.java
@@ -90,6 +90,9 @@ public class LogbackConfigurator extends ContextAwareBase implements Configurato
 			// configure fuse file locking logger:
 			Logger fuseLocking = context.getLogger("org.cryptomator.frontend.fuse.locks");
 			fuseLocking.setLevel(Level.OFF);
+			//deactivate kwallet unsettling message
+			Logger kdeWallet = context.getLogger("org.purejava.kwallet.freedesktop.dbus.handlers");
+			kdeWallet.setLevel(Level.OFF);
 		}
 		return ExecutionStatus.DO_NOT_INVOKE_NEXT_IF_ANY;
 	}
diff --git a/src/main/java/org/cryptomator/ui/addvaultwizard/ReadmeGenerator.java b/src/main/java/org/cryptomator/ui/addvaultwizard/ReadmeGenerator.java
index a25384c78..a38929a35 100644
--- a/src/main/java/org/cryptomator/ui/addvaultwizard/ReadmeGenerator.java
+++ b/src/main/java/org/cryptomator/ui/addvaultwizard/ReadmeGenerator.java
@@ -79,7 +79,7 @@ public class ReadmeGenerator {
 			} else if (c <= 0xFF) {
 				sb.append("\\'").append(String.format("%02X", c));
 			} else if (c < 0xFFFF) {
-				sb.append("\\uc1\\u").append(c);
+				sb.append("\\u").append(c);
 			}
 		});
 	}
diff --git a/src/main/java/org/cryptomator/ui/error/ErrorComponent.java b/src/main/java/org/cryptomator/ui/error/ErrorComponent.java
index 47798c920..5d287942d 100644
--- a/src/main/java/org/cryptomator/ui/error/ErrorComponent.java
+++ b/src/main/java/org/cryptomator/ui/error/ErrorComponent.java
@@ -20,8 +20,8 @@ public interface ErrorComponent {
 	default Stage show() {
 		Stage stage = window();
 		stage.setScene(scene());
-		stage.setMinWidth(420);
-		stage.setMinHeight(300);
+		stage.setMinWidth(450);
+		stage.setMinHeight(450);
 		stage.show();
 		return stage;
 	}
diff --git a/src/main/java/org/cryptomator/ui/eventview/EventListCellController.java b/src/main/java/org/cryptomator/ui/eventview/EventListCellController.java
index 487049d4c..3157f9f40 100644
--- a/src/main/java/org/cryptomator/ui/eventview/EventListCellController.java
+++ b/src/main/java/org/cryptomator/ui/eventview/EventListCellController.java
@@ -133,9 +133,9 @@ public class EventListCellController implements FxController {
 		eventMessage.setValue(resourceBundle.getString("eventView.entry.brokenFileNode.message"));
 		eventDescription.setValue(bfe.ciphertextPath().getFileName().toString());
 		if (revealService != null) {
-			addAction("eventView.entry.brokenFileNode.showEncrypted", () -> reveal(revealService, convertVaultPathToSystemPath(bfe.ciphertextPath())));
+			addAction("eventView.entry.brokenFileNode.showEncrypted", () -> reveal(revealService, bfe.ciphertextPath()));
 		} else {
-			addAction("eventView.entry.brokenFileNode.copyEncrypted", () -> copyToClipboard(convertVaultPathToSystemPath(bfe.ciphertextPath()).toString()));
+			addAction("eventView.entry.brokenFileNode.copyEncrypted", () -> copyToClipboard(bfe.ciphertextPath().toString()));
 		}
 		addAction("eventView.entry.brokenFileNode.copyDecrypted", () -> copyToClipboard(convertVaultPathToSystemPath(bfe.cleartextPath()).toString()));
 	}
diff --git a/src/main/java/org/cryptomator/ui/fxapp/AppLaunchEventHandler.java b/src/main/java/org/cryptomator/ui/fxapp/AppLaunchEventHandler.java
index 39e40600e..9d0702314 100644
--- a/src/main/java/org/cryptomator/ui/fxapp/AppLaunchEventHandler.java
+++ b/src/main/java/org/cryptomator/ui/fxapp/AppLaunchEventHandler.java
@@ -12,6 +12,7 @@ import javax.inject.Named;
 import javafx.application.Platform;
 import java.io.IOException;
 import java.nio.file.Path;
+import java.util.Optional;
 import java.util.concurrent.BlockingQueue;
 import java.util.concurrent.ExecutorService;
 
@@ -58,29 +59,30 @@ class AppLaunchEventHandler {
 		switch (event.type()) {
 			case REVEAL_APP -> appWindows.showMainWindow();
 			case OPEN_FILE -> Platform.runLater(() -> {
-				event.pathsToOpen().forEach(this::addOrRevealVault);
+				event.pathsToOpen().forEach(this::openPotentialVault);
 			});
 			default -> LOG.warn("Unsupported event type: {}", event.type());
 		}
 	}
 
 	// TODO deduplicate MainWindowController...
-	private void addOrRevealVault(Path potentialVaultPath) {
+	private void openPotentialVault(Path path) {
 		assert Platform.isFxApplicationThread();
 		try {
-			final Vault v;
-			if (potentialVaultPath.getFileName().toString().endsWith(CRYPTOMATOR_FILENAME_EXT)) {
-				v = vaultListManager.add(potentialVaultPath.getParent());
+			Path potentialVaultPath = path.getFileName().toString().endsWith(CRYPTOMATOR_FILENAME_EXT) ? path.getParent() : path;
+			final Optional<Vault> v = vaultListManager.get(potentialVaultPath);
+			if (v.isPresent()) {
+				if (v.get().isUnlocked()) {
+					vaultService.reveal(v.get());
+				} else if (v.get().isLocked()) {
+					appWindows.startUnlockWorkflow(v.get(), null);
+				}
 			} else {
-				v = vaultListManager.add(potentialVaultPath);
+				vaultListManager.add(potentialVaultPath);
+				LOG.debug("Added vault {}", potentialVaultPath);
 			}
-
-			if (v.isUnlocked()) {
-				vaultService.reveal(v);
-			}
-			LOG.debug("Added vault {}", potentialVaultPath);
 		} catch (IOException e) {
-			LOG.error("Failed to add vault " + potentialVaultPath, e);
+			LOG.error("Failed to add vault " + path, e);
 		}
 	}
 
diff --git a/src/main/java/org/cryptomator/ui/preferences/GeneralPreferencesController.java b/src/main/java/org/cryptomator/ui/preferences/GeneralPreferencesController.java
index 4505f412d..584749920 100644
--- a/src/main/java/org/cryptomator/ui/preferences/GeneralPreferencesController.java
+++ b/src/main/java/org/cryptomator/ui/preferences/GeneralPreferencesController.java
@@ -85,7 +85,7 @@ public class GeneralPreferencesController implements FxController {
 		var keychainSettingsConverter = new ServiceToSettingsConverter<>(keychainAccessProviders);
 		keychainBackendChoiceBox.getItems().addAll(keychainAccessProviders);
 		keychainBackendChoiceBox.setValue(keychainSettingsConverter.fromString(settings.keychainProvider.get()));
-		keychainBackendChoiceBox.setConverter(new KeychainProviderDisplayNameConverter());
+		keychainBackendChoiceBox.setConverter(new NamedServiceConverter<>());
 		Bindings.bindBidirectional(settings.keychainProvider, keychainBackendChoiceBox.valueProperty(), keychainSettingsConverter);
 		useKeychainCheckbox.selectedProperty().bindBidirectional(settings.useKeychain);
 		keychainBackendChoiceBox.disableProperty().bind(useKeychainCheckbox.selectedProperty().not());
@@ -106,13 +106,13 @@ public class GeneralPreferencesController implements FxController {
 			var idsAndNames = settings.directories.stream().collect(Collectors.toMap(vs -> vs.id, vs -> vs.displayName.getValue()));
 			if (!idsAndNames.isEmpty()) {
 				if (LOG.isDebugEnabled()) {
-					LOG.debug("Migrating keychain entries {} from {} to {}", idsAndNames.keySet(), oldProvider.displayName(), newProvider.displayName());
+					LOG.debug("Migrating keychain entries {} from {} to {}", idsAndNames.keySet(), oldProvider.getName(), newProvider.getName());
 				}
 				keychainMigrations = keychainMigrations.thenRunAsync(() -> {
 					try {
 						KeychainManager.migrate(oldProvider, newProvider, idsAndNames);
 					} catch (KeychainAccessException e) {
-						LOG.warn("Failed to migrate all entries from {} to {}", oldProvider.displayName(), newProvider.displayName(), e);
+						LOG.warn("Failed to migrate all entries from {} to {}", oldProvider.getName(), newProvider.getName(), e);
 					}
 				}, backgroundExecutor);
 			}
@@ -151,25 +151,6 @@ public class GeneralPreferencesController implements FxController {
 	}
 
 	/* Helper classes */
-
-	private static class KeychainProviderDisplayNameConverter extends StringConverter<KeychainAccessProvider> {
-
-		@Override
-		public String toString(KeychainAccessProvider provider) {
-			if (provider == null) {
-				return null;
-			} else {
-				return provider.displayName();
-			}
-		}
-
-		@Override
-		public KeychainAccessProvider fromString(String string) {
-			throw new UnsupportedOperationException();
-		}
-
-	}
-
 	private static class NamedServiceConverter<T extends NamedServiceProvider> extends StringConverter<T> {
 
 		@Override
diff --git a/src/main/resources/i18n/strings_ar.properties b/src/main/resources/i18n/strings_ar.properties
index 5faff677f..4e4b34095 100644
--- a/src/main/resources/i18n/strings_ar.properties
+++ b/src/main/resources/i18n/strings_ar.properties
@@ -423,6 +423,7 @@ main.vaultDetail.stats=إحصائيات الخزنة
 main.vaultDetail.locateEncryptedFileBtn=تحديد موقع الملف المشفر
 main.vaultDetail.locateEncryptedFileBtn.tooltip=اختر ملف من خزانتك لتحديد مكان نظيره المشفر
 main.vaultDetail.encryptedPathsCopied=تم نسخ مسارات الملفات إلى الحافظة!
+main.vaultDetail.decryptName.buttonLabel=فك تشفير اسم الملف
 ### Missing
 main.vaultDetail.missing.info=لم يتمكن Cryptomator من العثور على خزنة في هذا المسار.
 main.vaultDetail.missing.recheck=إعادة الفحص
diff --git a/src/main/resources/i18n/strings_de.properties b/src/main/resources/i18n/strings_de.properties
index e190914d2..1d0dcda87 100644
--- a/src/main/resources/i18n/strings_de.properties
+++ b/src/main/resources/i18n/strings_de.properties
@@ -616,7 +616,7 @@ eventView.entry.decryptionFailed.copyEncrypted=Pfad der verschlüsselten Datei k
 eventView.entry.brokenDirFile.message=Ungültiger Verzeichnislink
 eventView.entry.brokenDirFile.showEncrypted=Defekten, verschlüsselten Link anzeigen
 eventView.entry.brokenDirFile.copyEncrypted=Pfad des ungültigen Links kopieren
-eventView.entry.brokenFileNode.message=Fehlender Dateisystemknoten
+eventView.entry.brokenFileNode.message=Beschädigter Dateisystemknoten
 eventView.entry.brokenFileNode.showEncrypted=Beschädigten, verschlüsselten Knoten anzeigen
-eventView.entry.brokenFileNode.copyEncrypted=Pfad des kaputten, verschlüsselten Knotens kopieren
+eventView.entry.brokenFileNode.copyEncrypted=Pfad des beschädigten, verschlüsselten Knotens kopieren
 eventView.entry.brokenFileNode.copyDecrypted=Pfad der entschlüsselten Datei kopieren
diff --git a/src/main/resources/i18n/strings_fi.properties b/src/main/resources/i18n/strings_fi.properties
index ee3979bab..3ab91964b 100644
--- a/src/main/resources/i18n/strings_fi.properties
+++ b/src/main/resources/i18n/strings_fi.properties
@@ -177,6 +177,7 @@ hub.registerFailed.description.generic=Rekisteröinnissä tapahtui virhe. Löyd
 hub.registerFailed.description.deviceAlreadyExists=Tämä laite on jo rekisteröity toiselle käyttäjälle. Yritä vaihtaa käyttäjätiliä tai käytää toista laitetta.
 ### Unauthorized
 hub.unauthorized.message=Pääsy estetty
+hub.unauthorized.description=Sinulla ei ole oikeutta avata tätä holvia. Ota yhteyttä holvin omistajaan pyytääksesi pääsyä.
 ### Requires Account Initialization
 hub.requireAccountInit.message=Toimia vaaditaan
 hub.requireAccountInit.description.0=Jatkaaksesi, ole hyvä ja suorita tarvittavat toimenpiteet
@@ -282,6 +283,7 @@ preferences.title=Asetukset
 ## General
 preferences.general=Yleiset
 preferences.general.startHidden=Piilota ikkuna kun Cryptomator käynnistyy
+preferences.general.autoCloseVaults=Lukitse holvit kysymättä, kun ohjelma suljetaan
 preferences.general.debugLogging=Ota virheloki käyttöön
 preferences.general.debugDirectory=Näytä lokitiedostot
 preferences.general.autoStart=Käynnistä Cryptomator järjestelmän käynnistyessä
@@ -330,6 +332,7 @@ preferences.updates.upToDate=Cryptomator on ajan tasalla.
 
 ## Contribution
 preferences.contribute=Tue meitä
+preferences.contribute.registeredFor=Tukijan sertifikaatti rekisteröity %s
 preferences.contribute.noCertificate=Tue Cryptomatoria ja saa tukijasertifikaatti. Se on kuin lisenssiavain, mutta mahtaville ihmisille, jotka käyttävät vapaata ohjelmistoa. ;-)
 preferences.contribute.getCertificate=Eikö sinulla ole sellaista? Lue lisää miten voit hankkia sellaisen.
 preferences.contribute.promptText=Liitä tukijasertifikaatin koodi tähän
@@ -391,6 +394,7 @@ main.vaultlist.contextMenu.vaultoptions=Näytä holvin asetukset
 main.vaultlist.contextMenu.reveal=Paljasta Asema
 main.vaultlist.addVaultBtn.menuItemNew=Luo uusi holvi...
 main.vaultlist.addVaultBtn.menuItemExisting=Avaa olemassa oleva holvi...
+main.vaultlist.showEventsButton.tooltip=Avaa tapahtumanäkymä
 ##Notificaition
 main.notification.updateAvailable=Päivitys on saatavilla.
 main.notification.support=Tue Cryptomatoria.
@@ -419,6 +423,9 @@ main.vaultDetail.stats=Holvin tilastot
 main.vaultDetail.locateEncryptedFileBtn=Etsi salattu tiedosto
 main.vaultDetail.locateEncryptedFileBtn.tooltip=Valitse tiedosto holvistasi löytääksesi sen salatun vastineen
 main.vaultDetail.encryptedPathsCopied=Polut kopioitu leikepöydälle!
+main.vaultDetail.locateEncrypted.filePickerTitle=Valitse tiedosto holvin sisältä
+main.vaultDetail.decryptName.buttonLabel=Pura tiedoston nimen salaus
+main.vaultDetail.decryptName.tooltip=Valitse salattu tiedosto purkaaksesi nimen salauksen
 ### Missing
 main.vaultDetail.missing.info=Cryptomator ei löytänyt täältä holvia.
 main.vaultDetail.missing.recheck=Tarkista uudelleen
@@ -435,6 +442,7 @@ main.vaultDetail.error.windowTitle=Virhe ladatessa holvia
 # Wrong File Alert
 wrongFileAlert.title=Kuinka tiedostoja salataan
 wrongFileAlert.message=Yritkö salata nämä tiedostot?
+wrongFileAlert.description=Tätä varten Cryptomator luo levyn järjestelmäsi tiedostonhallintaan.
 wrongFileAlert.instruction.0=Salaa tiedostot seuraavasti:
 wrongFileAlert.instruction.1=1. Avaa holvisi.
 wrongFileAlert.instruction.2=2. Klikkaa "Paljasta" avataksesi aseman tiedostoselaimessasi.
@@ -545,6 +553,10 @@ updateReminder.yesAutomatically=Kyllä, automaattisesti
 dokanySupportEnd.preferencesBtn=Avaa asetukset
 
 #Retry If Readonly
+retryIfReadonly.title=Rajoitettu holvin pääsy
+retryIfReadonly.message=Ei kirjoitusoikeuksia holvihakemistoon
+retryIfReadonly.description=Cryptomator ei voi kirjoittaa holvihakemistoon. Voit vaihtaa holvin lukutilaan ja yrittää uudelleen. Tämä vaihtoehto voidaan poistaa käytöstä holvin asetuksissa.
+retryIfReadonly.retry=Vaihda ja yritä uudelleen
 
 # Share Vault
 shareVault.title=Jaa holvi
@@ -554,14 +566,46 @@ shareVault.instruction.1=1. Jaa käyttöoikeus salattuun holvikansioon pilvipalv
 shareVault.instruction.2=2. Jaa holvin salasana turvallisella tavalla.
 shareVault.remarkBestPractices=Lisätietoja varten tutustu hyvien käytäntöjen suosituksiin dokumentaatiossamme.
 shareVault.docsTooltip=Avaa dokumentaatio lukeaksesi lisää holvein jakamisesta.
+shareVault.hubAd.description=Turvallinen tapa työskennellä tiimeissä
+shareVault.hubAd.keyManagement=• Nollatieto avainten hallinta
+shareVault.hubAd.authentication=• Vahva todennus
+shareVault.hubAd.encryption=• Päästä päähän salaus
 shareVault.visitHub=Käy Cryptomator Hubissa
 
 shareVault.hub.message=Kuinka jakaa Hub -holvi
+shareVault.hub.description=Jotta holvin sisältö voitaisiin jakaa toisen tiimin jäsenen kanssa, sinun on suoritettava kaksi vaihetta:
 shareVault.hub.instruction.1=1. Jaa käyttöoikeus salattuun holvikansioon pilvipalvelun kautta.
+shareVault.hub.instruction.2=2. Myönnä käyttöoikeus tiimin jäsenelle Cryptomator Hubissa.
 shareVault.hub.openHub=Avaa Cryptomator Hub
 
 # Decrypt File Names
+decryptNames.title=Pura tiedostonimien salaus
+decryptNames.filePicker.title=Valitse salattu tiedosto
+decryptNames.dropZone.message=Pudota tiedostoja tai napsauta valitaksesi
+decryptNames.dropZone.error.generic=Tiedostonimien salauksen purku epäonnistui
 
 
 # Event View
+eventView.title=Tapahtumat
+eventView.filter.allVaults=Kaikki
+eventView.clearListButton.tooltip=Tyhjennä luettelo
 ## event list entries
+eventView.entry.vaultLocked.description=Avaa "%s" lisätietoja varten
+eventView.entry.conflictResolved.message=Ratkaistu ristiriita
+eventView.entry.conflictResolved.showDecrypted=Näytä purettu tiedosto
+eventView.entry.conflictResolved.copyDecrypted=Kopioi purettu polku
+eventView.entry.conflict.message=Ristiriidan ratkaisu epäonnistui
+eventView.entry.conflict.showDecrypted=Näytä purettu, alkuperäinen tiedosto
+eventView.entry.conflict.copyDecrypted=Näytä purettu, alkuperäinen polku
+eventView.entry.conflict.showEncrypted=Näytä ristiriitainen, salattu tiedosto
+eventView.entry.conflict.copyEncrypted=Kopioi ristiriitainen, salattu polku
+eventView.entry.decryptionFailed.message=Salauksen purku epäonnistui
+eventView.entry.decryptionFailed.showEncrypted=Näytä salattu tiedosto
+eventView.entry.decryptionFailed.copyEncrypted=Kopioi salattu polku
+eventView.entry.brokenDirFile.message=Virheellinen hakemiston linkki
+eventView.entry.brokenDirFile.showEncrypted=Näytä virheellinen, salattu linkki
+eventView.entry.brokenDirFile.copyEncrypted=Kopioi virheellisen polun linkki
+eventView.entry.brokenFileNode.message=Virheellinen tiedostojärjestelmän solmu
+eventView.entry.brokenFileNode.showEncrypted=Näytä virheellinen, salattu solmu
+eventView.entry.brokenFileNode.copyEncrypted=Kopioi virheellisen, salatun solmun polku
+eventView.entry.brokenFileNode.copyDecrypted=Kopioi purettu polku
diff --git a/src/main/resources/i18n/strings_ko.properties b/src/main/resources/i18n/strings_ko.properties
index ab03e9c6c..dd97c84e1 100644
--- a/src/main/resources/i18n/strings_ko.properties
+++ b/src/main/resources/i18n/strings_ko.properties
@@ -424,6 +424,9 @@ main.vaultDetail.stats=Vault 통계
 main.vaultDetail.locateEncryptedFileBtn=암호화된 파일 위치
 main.vaultDetail.locateEncryptedFileBtn.tooltip=암호화된 파일을 보기 위해 Vault에서 파일을 선택하십시오.
 main.vaultDetail.encryptedPathsCopied=클립보드에 복사됨!
+main.vaultDetail.locateEncrypted.filePickerTitle=Vault 내부에서 파일 선택
+main.vaultDetail.decryptName.buttonLabel=파일명 복호화
+main.vaultDetail.decryptName.tooltip=암호화된 볼트 파일을 선택해 파일 이름을 복호화
 ### Missing
 main.vaultDetail.missing.info=Cryptomator가 이 경로에 있는 Vault를 찾지 못했습니다.
 main.vaultDetail.missing.recheck=다시 시도
@@ -580,11 +583,21 @@ shareVault.hub.instruction.2=2. Cryptomator Hub에서 팀 구성원에 접근을
 shareVault.hub.openHub=Cryptomator Hub 열기
 
 # Decrypt File Names
+decryptNames.title=파일명 복호화
+decryptNames.filePicker.title=암호화된 파일 선택
+decryptNames.filePicker.extensionDescription=Cryptomator로 암호화된 파일
+decryptNames.copyTable.tooltip=테이블 복사
+decryptNames.clearTable.tooltip=테이블 비우기
+decryptNames.dropZone.message=파일을 여기에 드롭하거나 클릭하세요
+decryptNames.dropZone.error.vaultInternalFiles=복호화 가능한 이름이 선택되지 않은 Vailt 내부 파일
+decryptNames.dropZone.error.noDirIdBackup=선택된 파일 폴더에 dirId.c9r 파일이 포함되어 있지 않습니다
+decryptNames.dropZone.error.generic=파일 이름 복호화 실패
 
 
 # Event View
 eventView.title=이벤트
 eventView.filter.allVaults=전체
+eventView.clearListButton.tooltip=목록 지우기
 ## event list entries
 eventView.entry.vaultLocked.description="%s"를 잠금 해제하여 세부정보 보기
 eventView.entry.conflictResolved.message=해결된 충돌
diff --git a/src/main/resources/i18n/strings_mk.properties b/src/main/resources/i18n/strings_mk.properties
index a2ea03831..f6766ee83 100644
--- a/src/main/resources/i18n/strings_mk.properties
+++ b/src/main/resources/i18n/strings_mk.properties
@@ -1,6 +1,7 @@
 # Locale Specific CSS files such as CJK, RTL,...
 
 # Generics
+generic.action.dismiss=Откажи
 ## Button
 generic.button.apply=Примени
 generic.button.back=Назад
@@ -13,6 +14,7 @@ generic.button.copied=Копирано!
 generic.button.done=Прифати
 generic.button.next=Продолжи
 generic.button.print=Печати
+generic.button.remove=Отстрани
 
 # Error
 error.message=Грешка
@@ -22,6 +24,8 @@ error.hyperlink.report=Пријави ја оваа грешка
 error.technicalDetails=Детали:
 error.existingSolutionDescription=Не очекуваше да се случи ова. Но најдовме постоечко решение за оваа грешка. Ве молиме погледнете го следниот линк.
 error.hyperlink.solution=Пребарај решение
+error.dismiss=Откажи
+error.lookUpSolution=Пребарај решение
 
 # Defaults
 defaults.vault.vaultName=Сеф
diff --git a/src/main/resources/i18n/strings_vi.properties b/src/main/resources/i18n/strings_vi.properties
index 858d0f527..2254972b3 100644
--- a/src/main/resources/i18n/strings_vi.properties
+++ b/src/main/resources/i18n/strings_vi.properties
@@ -68,6 +68,7 @@ addvaultwizard.new.validCharacters.dashes=Dấu gạch ngang (%s) hoặc dấu g
 ### Expert Settings
 addvaultwizard.new.expertSettings.enableExpertSettingsCheckbox="Bật các cài đặt chuyên gia"
 addvaultwizard.new.expertSettings.shorteningThreshold.invalid=Nhập giá trị từ 36 đến 220 (mặc định 220)
+addvaultwizard.new.expertSettings.shorteningThreshold.tooltip=Mở tài liệu để tìm hiểu thêm.
 addvaultwizard.new.expertSettings.shorteningThreshold.title="Chiều dài tối đa của tên các file được mã hóa"
 addvaultwizard.new.expertSettings.shorteningThreshold.valid="Hợp lệ"
 ### Password
@@ -138,7 +139,12 @@ unlock.error.customPath.message=Không thể gắn vault vào đường dẫn t
 unlock.error.customPath.description.notSupported=Nếu bạn muốn tiếp tục sử dụng đường dẫn tuỳ chỉnh, vui lòng chuyển đến tuỳ chọn và chọn loại ổ đĩa hỗ trợ nó. Nếu không, hãy chuyển đến tuỳ chọn vault và chọn điểm gắn kết được hỗ trợ.
 unlock.error.customPath.description.notExists=Đường dẫn gắn kết tuỳ chỉnh không tồn tại. Tạo nó trong hệ thống tệp cục bộ của bạn hoặc thay đổi nó trong các tuỳ chọn vault.
 unlock.error.customPath.description.inUse="Ký hiệu ổ cứng hoặc đường dẫn tự gán "%s" đã bị chiếm dụng".
+unlock.error.customPath.description.hideawayNotDir=Không thể xóa tệp tạm thời, tệp ẩn "%3$s" dùng để mở khóa. Vui lòng kiểm tra tệp này và xóa nó bằng tay.
+unlock.error.customPath.description.couldNotBeCleaned=Vault của bạn không gắn được vào đường dẫn "%s". Vui lòng thử lại hoặc chọn một đường dẫn khác.
+unlock.error.customPath.description.notEmptyDir=Đường dẫn tùy chỉnh "%s" không phải là một thư mục trống. Vui lòng chọn một thư mục trống và thử lại.
+unlock.error.customPath.description.generic=Bạn đã chọn một đường dẫn gắn tùy chỉnh cho vault này, nhưng việc sử dụng nó đã thất bại với thông báo: %2$s
 unlock.error.restartRequired.message=Không thể mở vault
+unlock.error.restartRequired.description=Thay đổi loại ổ đĩa trong tùy chọn vault hoặc khởi động lại Cryptomator.
 unlock.error.title=Mở khóa "%s" không thành công
 ## Hub
 hub.noKeychain.message=Không thể truy cập khoá thiết bị
@@ -153,18 +159,30 @@ hub.receive.message=Đang xử lý phản hồi…
 hub.receive.description=Cryptomator đang nhận và xử lý phản hồi từ Hub. Vui lòng chờ.
 ### Register Device
 hub.register.message=Thiết bị mới
+hub.register.description=Đây là lần đầu tiên truy cập Hub từ thiết bị này. Vui lòng đăng ký bằng Khóa Tài Khoản của bạn.
 hub.register.nameLabel=Tên thiết bị
+hub.register.invalidAccountKeyLabel=Khóa Tài Khoản không đúng
 hub.register.registerBtn=Đăng ký
 ### Register Device Legacy
 hub.register.legacy.occupiedMsg=Tên đã sử dụng
+hub.register.legacy.description=Đây là lần đầu tiên truy cập Hub từ thiết bị này. Vui lòng đăng ký.
 ### Registration Success
 hub.registerSuccess.message=Đã đăng ký thiết bị
+hub.registerSuccess.description=Thiết bị của bạn đã được đăng ký thành công. Bạn có thể tiếp tục mở khóa vault.
 hub.registerSuccess.unlockBtn=Mở khoá
+hub.registerSuccess.legacy.description=Để truy cập vault, thiết bị của bạn cần được chủ sở hữu vault cấp phép.
 ### Registration Failed
 hub.registerFailed.message=Đăng ký thiết bị thất bại
+hub.registerFailed.description.generic=Đã xảy ra lỗi trong quá trình đăng ký. Để biết thêm chi tiết, vui lòng kiểm tra nhật ký ứng dụng.
+hub.registerFailed.description.deviceAlreadyExists=Thiết bị này đã được đăng ký cho người dùng khác. Hãy thử tài khoản khác hoặc sử dụng một thiết bị khác.
 ### Unauthorized
 hub.unauthorized.message=Truy cập bị từ chối
+hub.unauthorized.description=Bạn không được phép mở vault này. Vui lòng liên hệ với chủ sở hữu vault để yêu cầu quyền truy cập.
 ### Requires Account Initialization
+hub.requireAccountInit.message=Cần thực hiện hành động
+hub.requireAccountInit.description.0=Để tiếp tục, vui lòng hoàn thành các bước yêu cầu trong
+hub.requireAccountInit.description.1=Hồ sơ người dùng
+hub.requireAccountInit.description.2=.
 ### License Exceeded
 hub.invalidLicense.message=Giấy phép Hub không hợp lệ
 hub.invalidLicense.description=Phiên bản Cryptomator Hub của bạn có giấy phép không hợp lệ. Vui lòng thông báo cho quản trị viên Hub để nâng cấp hoặc gia hạn giấy phép.
@@ -265,10 +283,12 @@ preferences.title=Tùy chỉnh
 ## General
 preferences.general=Chung
 preferences.general.startHidden=Ẩn cửa sổ khi khởi động Cryptomator
+preferences.general.autoCloseVaults=Tự động khóa vaults khi thoát ứng dụng mà không cần xác nhận
 preferences.general.debugLogging=Bật nhật kí gỡ lỗi
 preferences.general.debugDirectory=Mở tệp nhật ký
 preferences.general.autoStart=Khởi chạy Cryptomator khi khởi động hệ thống
 preferences.general.keychainBackend=Lưu mật khẩu với
+preferences.general.quickAccessService=Thêm các vault đã mở khóa vào khu vực truy cập nhanh
 ## Interface
 preferences.interface=Giao diện
 preferences.interface.theme=Cái nhìn và cảm nhận
@@ -282,8 +302,10 @@ preferences.interface.interfaceOrientation=Định hướng giao diện
 preferences.interface.interfaceOrientation.ltr=Trái sang phải
 preferences.interface.interfaceOrientation.rtl=Phải sang trái
 preferences.interface.showTrayIcon=Hiển thị biểu tượng khay (yêu cầu khởi động lại)
+preferences.interface.compactMode=Bật danh sách vault thu gọn
 ## Volume
 preferences.volume=Ổ lưu trữ ảo
+preferences.volume.type=Loại ổ đĩa mặc định
 preferences.volume.type.automatic=Tự động
 preferences.volume.docsTooltip=Mở tài liệu để tìm hiểu thêm về các loại ổ đĩa khác nhau.
 preferences.volume.fuseRestartRequired=Để áp dụng các thay đổi, Cryptomator cần được khởi động lại.
@@ -300,10 +322,13 @@ preferences.updates.currentVersion=Phiên bản hiện tại: %s
 preferences.updates.autoUpdateCheck=Tự động kiểm tra phiên bản mới
 preferences.updates.checkNowBtn=Kiểm tra ngay
 preferences.updates.updateAvailable=Có bản cập nhật lên phiên bản %s.
+preferences.updates.lastUpdateCheck=Lần kiểm tra cuối: %s
 preferences.updates.lastUpdateCheck.never=không bao giờ
 preferences.updates.lastUpdateCheck.recently=gần đây
 preferences.updates.lastUpdateCheck.daysAgo=%s ngày trước
 preferences.updates.lastUpdateCheck.hoursAgo=%s giờ trước
+preferences.updates.checkFailed=Không thể kiểm tra cập nhật. Vui lòng kiểm tra kết nối internet hoặc thử lại sau.
+preferences.updates.upToDate=Cryptomator đã được cập nhật mới nhất.
 
 ## Contribution
 preferences.contribute=Hỗ trợ chúng tôi
@@ -311,8 +336,14 @@ preferences.contribute.registeredFor=Chứng nhận Người Hỗ Trợ được
 preferences.contribute.noCertificate=Hỗ trợ Cryptomator và lấy về cho bạn chứng nhận người hỗ trợ. Chứng nhận này giống như giấy phép sử dụng phần mềm, nhưng chỉ dành cho những con người tuyệt vời đang dùng phần mềm tự do. ;-)
 preferences.contribute.getCertificate=Bạn chưa có? Tìm hiểu cách bạn có thể lấy được nó.
 preferences.contribute.promptText=Vui lòng dán mã chứng nhận người hỗ trợ vào đây
+preferences.contribute.thankYou=Cảm ơn bạn đã hỗ trợ phát triển mã nguồn mở của Cryptomator!
+preferences.contribute.donate=Ủng Hộ
+preferences.contribute.sponsor=Nhà tài trợ
 
 ### Remove License Key Dialog
+removeCert.title=Xoá Chứng chỉ
+removeCert.message=Xóa chứng chỉ người ủng hộ?
+removeCert.description=Các tính năng chính của Cryptomator không bị ảnh hưởng bởi điều này. Việc truy cập vào các vault của bạn không bị hạn chế và mức độ bảo mật cũng không bị giảm.
 #<-- Add entries for donations and code/translation/documentation contribution -->
 
 ## About
@@ -362,7 +393,12 @@ main.vaultlist.contextMenu.unlock=Mở khoá…
 main.vaultlist.contextMenu.unlockNow=Mở khóa bây giờ
 main.vaultlist.contextMenu.vaultoptions=Hiện tùy chọn vault
 main.vaultlist.contextMenu.reveal=Hiển thị Ổ đĩa
+main.vaultlist.addVaultBtn.menuItemNew=Tạo Vault Mới...
+main.vaultlist.addVaultBtn.menuItemExisting=Mở Vault Hiện Có...
+main.vaultlist.showEventsButton.tooltip=Mở xem sự kiện
 ##Notificaition
+main.notification.updateAvailable=Có bản cập nhật mới.
+main.notification.support=Hỗ trợ Cryptomator.
 ## Vault Detail
 ### Welcome
 main.vaultDetail.welcomeOnboarding=Cảm ơn bạn đã chọn Cryptomator để bảo vệ tệp của bạn. Nếu bạn cần bất kỳ hỗ trợ nào, hãy xem hướng dẫn bắt đầu của chúng tôi:
@@ -388,6 +424,9 @@ main.vaultDetail.stats=Thống kê Vault
 main.vaultDetail.locateEncryptedFileBtn=Định vị Tệp Đã mã hoá
 main.vaultDetail.locateEncryptedFileBtn.tooltip=Chọn một tệp từ vaule của bạn để xác định vị trí đối tác được mã hoá của nó
 main.vaultDetail.encryptedPathsCopied=Đường dẫn Đã sao chép vào Bảng tạm!
+main.vaultDetail.locateEncrypted.filePickerTitle=Chọn tệp bên trong Vault
+main.vaultDetail.decryptName.buttonLabel=Giải mã tên tệp
+main.vaultDetail.decryptName.tooltip=Chọn một tệp vault đã được mã hóa để giải mã tên của nó
 ### Missing
 main.vaultDetail.missing.info=Cryptomator không thể tìm thấy vault tại đường dẫn này.
 main.vaultDetail.missing.recheck=Kiểm tra lại
@@ -426,6 +465,7 @@ vaultOptions.general.startHealthCheckBtn=Bắt đầu Kiểm tra sức khỏe
 
 ## Mount
 vaultOptions.mount=Gắn kết
+vaultOptions.mount.info=Mở phần tùy chọn ổ đĩa ảo để thay đổi các cài đặt mặc định.
 vaultOptions.mount.readonly=Chỉ đọc
 vaultOptions.mount.customMountFlags=Cờ gắn kết tuỳ chỉnh
 vaultOptions.mount.winDriveLetterOccupied=đã bị chiếm
@@ -436,6 +476,7 @@ vaultOptions.mount.mountPoint.custom=Sử dụng thư mục đã chọn
 vaultOptions.mount.mountPoint.directoryPickerButton=Chọn…
 vaultOptions.mount.mountPoint.directoryPickerTitle=Chọn một thư mục
 vaultOptions.mount.volumeType.default=Mặc định (%s)
+vaultOptions.mount.volumeType.restartRequired=Để sử dụng loại ổ đĩa này, Cryptomator cần được khởi động lại.
 vaultOptions.mount.volume.tcp.port=Cổng TCP
 vaultOptions.mount.volume.type=Loại Ổ đĩa
 ## Master Key
@@ -504,25 +545,78 @@ quit.forced.forceAndQuitBtn=Bắt buộc và Thoát
 # Update Reminder
 updateReminder.title=Kiểm tra cập nhật
 updateReminder.message=Kiểm tra cập nhật?
+updateReminder.description=Luôn cập nhật các tính năng mới, sửa lỗi và cải tiến bảo mật. Chúng tôi khuyến nghị để tự động kiểm tra cập nhật.
 updateReminder.notNow=Không phải bây giờ
+updateReminder.yesOnce=Có, chỉ một lần
+updateReminder.yesAutomatically=Có, tự động
 
 #Dokany Support End
 dokanySupportEnd.title=Thông báo ngừng phát triển
 dokanySupportEnd.message=Kết thúc hỗ trợ cho Dokany
+dokanySupportEnd.description=Loại ổ đĩa Dokany không còn được Cryptomator hỗ trợ. Cài đặt của bạn đã được điều chỉnh để sử dụng loại ổ đĩa mặc định. Bạn có thể xem loại mặc định trong phần tùy chọn.
 dokanySupportEnd.preferencesBtn=Mở Tuỳ chọn
 
 #Retry If Readonly
+retryIfReadonly.title=Truy cập Vault bị giới hạn
+retryIfReadonly.message=Không có quyền ghi vào thư mục vault
+retryIfReadonly.description=Cryptomator không thể ghi vào thư mục vault. Bạn có thể chuyển vault sang chế độ chỉ đọc và thử lại. Tùy chọn này có thể được tắt trong phần tùy chọn vault.
+retryIfReadonly.retry=Thay đổi và Thử lại
 
 # Share Vault
 shareVault.title=Chia sẻ Vault
+shareVault.message=Bạn muốn chia sẻ vault của mình với người khác không?
+shareVault.description=Luôn cẩn trọng khi chia sẻ vault của bạn với người khác. Tóm lại, hãy làm theo các bước sau:
+shareVault.instruction.1=1. Chia sẻ quyền truy cập thư mục vault đã mã hóa qua dịch vụ lưu trữ đám mây.
+shareVault.instruction.2=2. Chia sẻ mật khẩu vault một cách an toàn.
+shareVault.remarkBestPractices=Để biết thêm thông tin, hãy tham khảo các gợi ý về phương pháp tốt nhất trong tài liệu của chúng tôi.
+shareVault.docsTooltip=Mở tài liệu hướng dẫn để tìm hiểu thêm về việc chia sẻ vault.
 shareVault.hubAd.description=Cách an toàn để làm việc theo nhóm
 shareVault.hubAd.keyManagement=• Quản lý khóa Zero-knowledge
+shareVault.hubAd.authentication=• Xác thực bảo mật cao
 shareVault.hubAd.encryption=• Mã hóa đầu cuối
 shareVault.visitHub=Truy cập Cryptomator Hub
 
+shareVault.hub.message=Hướng dẫn chia sẻ vault trên Hub
+shareVault.hub.description=Để chia sẻ nội dung vault với thành viên nhóm khác, bạn cần thực hiện hai bước sau:
+shareVault.hub.instruction.1=1. Chia sẻ quyền truy cập thư mục vault đã mã hóa qua dịch vụ lưu trữ đám mây.
+shareVault.hub.instruction.2=2. Cấp quyền truy cập cho thành viên nhóm trong Cryptomator Hub.
+shareVault.hub.openHub=Mở Cryptomator Hub
 
 # Decrypt File Names
+decryptNames.title=Giải mã tên tệp
+decryptNames.filePicker.title=Chọn tệp được mã hóa
+decryptNames.filePicker.extensionDescription=Tệp mã hóa Cryptomator
+decryptNames.copyTable.tooltip=Sao chép bảng
+decryptNames.clearTable.tooltip=Xóa bảng
+decryptNames.copyHint=Sao chép nội dung ô với %s
+decryptNames.dropZone.message=Kéo thả tệp hoặc nhấp để chọn
+decryptNames.dropZone.error.vaultInternalFiles=Đã chọn các tệp bên trong vault không có tên giải mã được
+decryptNames.dropZone.error.foreignFiles=Các tệp không thuộc vault "%s"
+decryptNames.dropZone.error.noDirIdBackup=Thư mục của các tệp đã chọn không chứa tệp dirId.c9r
+decryptNames.dropZone.error.generic=Không thể giải mã tên tệp
 
 
 # Event View
+eventView.title=Sự kiện
+eventView.filter.allVaults=Tất cả
+eventView.clearListButton.tooltip=Xóa danh sách
 ## event list entries
+eventView.entry.vaultLocked.description=Mở khóa "%s" để xem chi tiết
+eventView.entry.conflictResolved.message=Đã xử lý xung đột
+eventView.entry.conflictResolved.showDecrypted=Xem tệp đã giải mã
+eventView.entry.conflictResolved.copyDecrypted=Sao chép đường dẫn giải mã
+eventView.entry.conflict.message=Giải quyết xung đột thất bại
+eventView.entry.conflict.showDecrypted=Xem tệp gốc đã giải mã
+eventView.entry.conflict.copyDecrypted=Sao chép đường dẫn gốc đã giải mã
+eventView.entry.conflict.showEncrypted=Hiển thị tệp bị xung đột, đã mã hóa
+eventView.entry.conflict.copyEncrypted=Sao chép đường dẫn mã hóa bị xung đột
+eventView.entry.decryptionFailed.message=Giải mã thất bại
+eventView.entry.decryptionFailed.showEncrypted=Hiển thị tệp đã mã hóa
+eventView.entry.decryptionFailed.copyEncrypted=Sao chép đường dẫn tệp đã mã hóa
+eventView.entry.brokenDirFile.message=Liên kết thư mục hỏng
+eventView.entry.brokenDirFile.showEncrypted=Hiển thị liên kết mã hóa bị hỏng
+eventView.entry.brokenDirFile.copyEncrypted=Sao chép đường dẫn liên kết bị hỏng
+eventView.entry.brokenFileNode.message=Nút tập tin bị hỏng
+eventView.entry.brokenFileNode.showEncrypted=Hiển thị nút mã hóa bị hỏng
+eventView.entry.brokenFileNode.copyEncrypted=Sao chép đường dẫn nút mã hóa bị hỏng
+eventView.entry.brokenFileNode.copyDecrypted=Sao chép đường dẫn giải mã
diff --git a/src/test/java/org/cryptomator/common/keychain/MapKeychainAccess.java b/src/test/java/org/cryptomator/common/keychain/MapKeychainAccess.java
index 73c8da522..c2d171c3b 100644
--- a/src/test/java/org/cryptomator/common/keychain/MapKeychainAccess.java
+++ b/src/test/java/org/cryptomator/common/keychain/MapKeychainAccess.java
@@ -16,12 +16,7 @@ class MapKeychainAccess implements KeychainAccessProvider {
 	private final Map<String, char[]> map = new HashMap<>();
 
 	@Override
-	public String displayName() {
-		return getClass().getName();
-	}
-
-	@Override
-	public void storePassphrase(String key, String displayName,CharSequence passphrase, boolean ignored) {
+	public void storePassphrase(String key, String displayName,CharSequence passphrase) {
 		char[] pw = new char[passphrase.length()];
 		for (int i = 0; i < passphrase.length(); i++) {
 			pw[i] = passphrase.charAt(i);
diff --git a/src/test/java/org/cryptomator/ui/addvaultwizard/ReadMeGeneratorTest.java b/src/test/java/org/cryptomator/ui/addvaultwizard/ReadMeGeneratorTest.java
index 10451daa2..fe681531f 100644
--- a/src/test/java/org/cryptomator/ui/addvaultwizard/ReadMeGeneratorTest.java
+++ b/src/test/java/org/cryptomator/ui/addvaultwizard/ReadMeGeneratorTest.java
@@ -16,7 +16,7 @@ public class ReadMeGeneratorTest {
 	@CsvSource({ //
 			"test,test", //
 			"t\u00E4st,t\\'E4st", //
-			"t\uD83D\uDE09st,t\\uc1\\u55357\\uc1\\u56841st", //
+			"t\uD83D\uDE09st,t\\u55357\\u56841st", //
 	})
 	public void testEscapeNonAsciiChars(String input, String expectedResult) {
 		ReadmeGenerator readmeGenerator = new ReadmeGenerator(null);
@@ -40,7 +40,7 @@ public class ReadMeGeneratorTest {
 		MatcherAssert.assertThat(result, CoreMatchers.startsWith("{\\rtf1\\fbidis\\ansi\\uc0\\fs32"));
 		MatcherAssert.assertThat(result, CoreMatchers.containsString("{\\sa80 Dear User,}\\par"));
 		MatcherAssert.assertThat(result, CoreMatchers.containsString("{\\sa80 \\b please don't touch the \"d\" directory.}\\par "));
-		MatcherAssert.assertThat(result, CoreMatchers.containsString("{\\sa80 Thank you for your cooperation \\uc1\\u55357\\uc1\\u56841}\\par"));
+		MatcherAssert.assertThat(result, CoreMatchers.containsString("{\\sa80 Thank you for your cooperation \\u55357\\u56841}\\par"));
 		MatcherAssert.assertThat(result, CoreMatchers.endsWith("}"));
 	}