Revert "do not extract wixhelper.dll if jmods do not exist"

This reverts commit 624b623f8f.
explicitlly state arch for exe installer
2026-05-18 02:31:27 +00:00 · 2025-06-23 15:42:45 +02:00 · 2025-06-23 14:52:05 +02:00 · 2025-06-23 12:39:12 +02:00 · 2025-06-23 12:29:25 +02:00 · 2025-06-23 12:27:13 +02:00
190 changed files with 1584 additions and 5965 deletions
--- a/.github/CONTRIBUTING.md
+++ b/.github/CONTRIBUTING.md
@@ -20,10 +20,6 @@

 Translations are not managed directly in this repository. Instead, we use [Crowdin](https://translate.cryptomator.org/), which automatically synchronizes translations with this repository. If you want to help us with translations, please visit our translation project on Crowdin.

-## Use of Generative AI
-
-AI tools may assist your work, but every contribution must be fully understood, reviewed, and tested by you. Only submit changes you can clearly explain and justify. Unverified or low-quality AI output that wastes our time and resources will be closed without further review.
-
 ## Code of Conduct

 Help us keep Cryptomator open and inclusive. Please read and follow our [Code of Conduct](https://github.com/cryptomator/cryptomator/blob/develop/.github/CODE_OF_CONDUCT.md).
--- a/.github/actions/win-sign-action/action.yml
+++ b/.github/actions/win-sign-action/action.yml
@@ -1,76 +0,0 @@
-name: 'Windows Code Signing'
-description: 'Sign files on Windows with the Azure Trusted Signing'
-inputs:
-  base-dir:
-    description: 'Absolute path to the base directory to search for files'
-    required: true
-  recursive:
-    description: 'Whether to search recursively in subdirectories'
-    required: false
-    default: 'false'
-  file-extensions:
-    description: 'List of file extensions to sign, separated by comma'
-    required: true
-    default: 'exe,dll,ps1'
-  description:
-    description: 'Signature description'
-    required: true
-    default: 'Cryptomator'
-  url:
-    description: 'Signature URL'
-    required: false
-    default: 'https://cryptomator.org'
-  append-signature:
-    description: 'Whether to append the signature to existing signatures'
-    required: false
-    default: 'false'
-  tenant-id:
-    description: 'Azure Tenant ID'
-    required: true
-  client-id:
-    description: 'Azure Client ID'
-    required: true
-  client-secret:
-    description: 'Azure Client Secret'
-    required: true
-
-runs:
-  using: 'composite'
-  steps:
-    - name: Generate, mask, and output the input secrets
-      id: set-secrets
-      run: |
-        echo "::add-mask::${{ inputs.tenant-id }}"
-        echo "::add-mask::${{ inputs.client-id }}"
-        echo "::add-mask::${{ inputs.client-secret }}"
-        echo "tenant-id=${{ inputs.tenant-id }}" >> "$GITHUB_OUTPUT"
-        echo "client-id=${{ inputs.client-id }}" >> "$GITHUB_OUTPUT"
-        echo "client-secret=${{ inputs.client-secret }}" >> "$GITHUB_OUTPUT"
-      shell: bash
-    - name: Sign DLLs with Azure Trusted Signing
-      uses: azure/trusted-signing-action@fc390cf8ed0f14e248a542af1d838388a47c7a7c # v0.5.10
-      with:
-        files-folder: ${{ inputs.base-dir }}
-        files-folder-filter: ${{ inputs.file-extensions }}
-        files-folder-recurse: ${{ inputs.recursive }}
-        append-signature: ${{ inputs.append-signature }}
-        description: ${{ inputs.description }}
-        description-url: ${{ inputs.url }}
-        azure-tenant-id: ${{ steps.set-secrets.outputs.tenant-id }}
-        azure-client-id: ${{ steps.set-secrets.outputs.client-id }}
-        azure-client-secret: ${{ steps.set-secrets.outputs.client-secret }}
-        trusted-signing-account-name: cryptomatorSigning
-        certificate-profile-name: production
-        endpoint: https://weu.codesigning.azure.net/
-        timestamp-rfc3161: http://timestamp.acs.microsoft.com
-        timestamp-digest: SHA256
-        exclude-environment-credential: false
-        exclude-workload-identity-credential: true
-        exclude-managed-identity-credential: true
-        exclude-shared-token-cache-credential: true
-        exclude-visual-studio-credential: true
-        exclude-visual-studio-code-credential: true
-        exclude-azure-cli-credential: true
-        exclude-azure-powershell-credential: true
-        exclude-azure-developer-cli-credential: true
-        exclude-interactive-browser-credential: true
--- a/.github/workflows/appimage.yml
+++ b/.github/workflows/appimage.yml
@@ -19,7 +19,7 @@ on:

 env:
  JAVA_DIST: 'temurin'
-  JAVA_VERSION: '25.0.1+8.0.LTS'
+  JAVA_VERSION: '24.0.1+9'

 jobs:
  get-version:
@@ -37,21 +37,22 @@ jobs:
        include:
          - os: ubuntu-latest
            appimage-suffix: x86_64
-            openjfx-url: 'https://download2.gluonhq.com/openjfx/25/openjfx-25_linux-x64_bin-jmods.zip'
-            openjfx-sha: '96e520f48610d8ffb94ca30face1f11ffe8a977ddc1c4ff80b1a9e9f048bd94e'
+            openjfx-url: 'https://download2.gluonhq.com/openjfx/24.0.1/openjfx-24.0.1_linux-x64_bin-jmods.zip'
+            openjfx-sha: '425fac742b9fbd095b2ce868cff82d1024620f747c94a7144d0a4879e756146c'
          - os: ubuntu-24.04-arm
            appimage-suffix: aarch64
-            openjfx-url: 'https://download2.gluonhq.com/openjfx/25/openjfx-25_linux-aarch64_bin-jmods.zip'
-            openjfx-sha: '9ad4ca7b769ca4ee6419f1e99143dd6ff812f8be4fddb46a7d7cacbeea148af4'
+            openjfx-url: 'https://download2.gluonhq.com/openjfx/24.0.1/openjfx-24.0.1_linux-aarch64_bin-jmods.zip'
+            openjfx-sha: '7e02edd0f4ee5527a27c94b0bbba66fcaaff41009119e45d0eca0f96ddfb6e7b'
    steps:
-      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+      - uses: actions/checkout@v4
      - name: Setup Java
-        uses: actions/setup-java@dded0888837ed1f317902acf8a20df0ad188d165 # v5.0.0
+        uses: actions/setup-java@v4
        with:
          distribution: ${{ env.JAVA_DIST }}
          java-version: ${{ env.JAVA_VERSION }}
          check-latest: true
          cache: 'maven'
+
      - name: Download OpenJFX jmods
        id: download-jmods
        run: |
@@ -75,7 +76,7 @@ jobs:
      - name: Set version
        run : mvn versions:set -DnewVersion=${{ needs.get-version.outputs.semVerStr }}
      - name: Run maven
-        run: mvn -B clean package -Plinux -DskipTests
+        run: mvn -B clean package -Plinux -DskipTests -Djavafx.platform=linux
      - name: Patch target dir
        run: |
          cp LICENSE.txt target
@@ -95,7 +96,7 @@ jobs:
          --verbose
          --output runtime
          --module-path "${{ steps.jep-493-check.outputs.jmod_paths }}"
-          --add-modules java.base,java.desktop,java.instrument,java.logging,java.naming,java.net.http,java.scripting,java.sql,java.xml,javafx.base,javafx.graphics,javafx.controls,javafx.fxml,jdk.crypto.cryptoki,jdk.crypto.ec,jdk.unsupported,jdk.security.auth,jdk.accessibility,jdk.management.jfr,jdk.net,java.compiler
+          --add-modules java.base,java.desktop,java.instrument,java.logging,java.naming,java.net.http,java.scripting,java.sql,java.xml,javafx.base,javafx.graphics,javafx.controls,javafx.fxml,jdk.unsupported,jdk.security.auth,jdk.accessibility,jdk.management.jfr,jdk.net,java.compiler
          --strip-native-commands
          --no-header-files
          --no-man-pages
@@ -117,6 +118,7 @@ jobs:
          --app-version "${{  needs.get-version.outputs.semVerNum }}.${{  needs.get-version.outputs.revNum }}"
          --java-options "--enable-preview"
          --java-options "--enable-native-access=javafx.graphics,org.cryptomator.jfuse.linux.amd64,org.cryptomator.jfuse.linux.aarch64,org.purejava.appindicator"
+          --java-options "--sun-misc-unsafe-memory-access=allow"
          --java-options "-Xss5m"
          --java-options "-Xmx256m"
          --java-options "-Dcryptomator.appVersion=\"${{  needs.get-version.outputs.semVerStr }}\""
@@ -132,7 +134,6 @@ jobs:
          --java-options "-Dcryptomator.integrationsLinux.trayIconsDir=\"@{appdir}/usr/share/icons/hicolor/symbolic/apps\""
          --java-options "-Dcryptomator.buildNumber=\"appimage-${{  needs.get-version.outputs.revNum }}\""
          --java-options "-Dcryptomator.networking.truststore.p12Path=\"/etc/cryptomator/certs.p12\""
-          --java-options "-XX:ErrorFile=/cryptomator/cryptomator_crash.log"
          --resource-dir dist/linux/resources
      - name: Patch Cryptomator.AppDir
        run: |
@@ -175,7 +176,7 @@ jobs:
          gpg --batch --quiet --passphrase-fd 0 --pinentry-mode loopback -u 615D449FE6E6A235 --detach-sign -a cryptomator-*.AppImage
          gpg --batch --quiet --passphrase-fd 0 --pinentry-mode loopback -u 615D449FE6E6A235 --detach-sign -a cryptomator-*.AppImage.zsync
      - name: Upload artifacts
-        uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
+        uses: actions/upload-artifact@v4
        with:
          name: appimage-${{ matrix.appimage-suffix }}
          path: |
@@ -185,7 +186,7 @@ jobs:
          if-no-files-found: error
      - name: Publish AppImage on GitHub Releases
        if: startsWith(github.ref, 'refs/tags/') && github.event.action == 'published'
-        uses: softprops/action-gh-release@6da8fa9354ddfdc4aeace5fc48d7f679b5214090 # v2.4.1
+        uses: softprops/action-gh-release@v2
        with:
          fail_on_unmatched_files: true
          token: ${{ secrets.CRYPTOBOT_RELEASE_TOKEN }}
@@ -193,68 +194,3 @@ jobs:
            cryptomator-*.AppImage
            cryptomator-*.zsync
            cryptomator-*.asc
-
-  create-aur-bin-pr:
-    name: Create PR for aur-bin repo
-    needs: [build, get-version]
-    runs-on: ubuntu-latest
-    if: github.event_name == 'release' && needs.get-version.outputs.versionType == 'stable'
-    steps:
-      - name: Download AppImages
-        uses: actions/download-artifact@634f93cb2916e3fdff6788551b99b062d0335ce0 # v5.0.0
-        with:
-          path: downloads/
-          merge-multiple: true
-      - name: Compute sha256 hash of AppImages
-        id: checksums
-        run: |
-          X64_SHA256=$(sha256sum downloads/cryptomator-*-x86_64.AppImage | cut -d ' ' -f1)
-          echo "x64-sha256sum=${X64_SHA256}" >> "$GITHUB_OUTPUT"
-          AARCH64_SHA256=$(sha256sum downloads/cryptomator-*-aarch64.AppImage | cut -d ' ' -f1)
-          echo "aarch64-sha256sum=${AARCH64_SHA256}" >> "$GITHUB_OUTPUT"
-      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
-        with:
-          repository: 'cryptomator/aur-bin'
-          token: ${{ secrets.CRYPTOBOT_PR_TOKEN }}
-      - name: Install dependencies
-        run: |
-          sudo apt-get update
-          sudo apt-get -y install makepkg pacman-package-manager
-      - name: Checkout release branch
-        run: |
-          git checkout -b release/${{ needs.get-version.outputs.semVerStr }}
-      - name: Update build file
-        run: |
-          sed -i -e 's|^pkgver=.*$|pkgver=${{ needs.get-version.outputs.semVerStr }}|' PKGBUILD
-          sed -i -e 's|^pkgrel=.*$|pkgrel=1|' PKGBUILD
-          sed -i -e "s|^sha256sums_x86_64=.*$|sha256sums_x86_64=('${{ steps.checksums.outputs.x64-sha256sum }}'|" PKGBUILD
-          sed -i -e "s|^sha256sums_aarch64=.*$|sha256sums_aarch64=('${{ steps.checksums.outputs.aarch64-sha256sum}}'|" PKGBUILD
-          makepkg --printsrcinfo > .SRCINFO
-      - name: Commit and push
-        run: |
-          git config user.name "${{ github.actor }}"
-          git config user.email "${{ github.actor_id }}+${{ github.actor }}@users.noreply.github.com"
-          git config push.autoSetupRemote true
-          git stage .
-          git commit -m "Prepare release ${{needs.get-version.outputs.semVerStr}}"
-          git push
-      - name: Create pull request
-        id: create-pr
-        run: |
-          printf "> [!IMPORTANT]\n> Todos:\n> - [ ] Update build instructions\n> - [ ] Check for JDK update\n> - [ ] Check for JFX update" > pr_body.md
-          URL=$(gh pr create --title "Release ${{ needs.get-version.outputs.semVerStr }}" --body-file pr_body.md)
-          echo "PR_URL=$URL" >> "$GITHUB_OUTPUT"
-        env:
-          GH_TOKEN: ${{ secrets.CRYPTOBOT_PR_TOKEN }}
-      - name: Slack Notification
-        uses: rtCamp/action-slack-notify@e31e87e03dd19038e411e38ae27cbad084a90661 # v2.3.3
-        env:
-          SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK_URL }}
-          SLACK_USERNAME: 'Cryptobot'
-          SLACK_ICON: false
-          SLACK_ICON_EMOJI: ':bot:'
-          SLACK_CHANNEL: 'cryptomator-desktop'
-          SLACK_TITLE: "AUR-bin release PR for ${{ github.event.repository.name }} ${{ github.event.release.tag_name }} created."
-          SLACK_MESSAGE: "See <${{ steps.create-pr.outputs.PR_URL }}|PR> on how to proceed."
-          SLACK_FOOTER: false
-          MSG_MINIMAL: true
--- a/.github/workflows/aur.yml
+++ b/.github/workflows/aur.yml
@@ -1,95 +0,0 @@
-name: Create PR for AUR
-
-on:
-  release:
-    types: [published]
-  workflow_dispatch:
-    inputs:
-      tag:
-        description: 'Release tag'
-        required: true
-
-jobs:
-  get-version:
-    uses: ./.github/workflows/get-version.yml
-    with:
-      version: ${{ inputs.tag }}
-  tarball:
-    name: Determines tarball url and compute checksum
-    runs-on: ubuntu-latest
-    needs: [get-version]
-    if:  github.event_name == 'workflow_dispatch' || needs.get-version.outputs.versionType == 'stable'
-    env:
-      INPUT_TAG: ${{ inputs.tag }}
-    outputs:
-      url: ${{ steps.url.outputs.url}}
-      sha256: ${{ steps.sha256.outputs.sha256}}
-    steps:
-      - name: Determine tarball url
-        id: url
-        run: |
-          URL="";
-          if [[ -n "${INPUT_TAG}"  ]]; then
-            URL="https://github.com/cryptomator/cryptomator/archive/refs/tags/${INPUT_TAG}.tar.gz"
-          else
-            URL="https://github.com/cryptomator/cryptomator/archive/refs/tags/${{ github.event.release.tag_name }}.tar.gz"
-          fi
-          echo "url=${URL}" >> "$GITHUB_OUTPUT"
-      - name: Download source tarball and compute checksum
-        id: sha256
-        run: |
-          curl --silent --fail-with-body -L -H "Accept: application/vnd.github+json" ${{ steps.url.outputs.url }} --output cryptomator.tar.gz
-          TARBALL_SHA256=$(sha256sum cryptomator.tar.gz | cut -d ' ' -f1)
-          echo "sha256=${TARBALL_SHA256}" >> "$GITHUB_OUTPUT"
-  aur:
-    name: Create PR for AUR
-    runs-on: ubuntu-latest
-    needs: [tarball, get-version]
-    env:
-      AUR_PR_URL: tbd
-    steps:
-      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
-        with:
-          repository: 'cryptomator/aur'
-          token: ${{ secrets.CRYPTOBOT_PR_TOKEN }}
-      - name: Install dependencies
-        run: |
-          sudo apt-get update
-          sudo apt-get install makepkg pacman-package-manager
-      - name: Checkout release branch
-        run: |
-          git checkout -b release/${{ needs.get-version.outputs.semVerStr }}
-      - name: Update build file
-        run: |
-          sed -i -e 's|^pkgver=.*$|pkgver=${{ needs.get-version.outputs.semVerStr }}|' PKGBUILD
-          sed -i -e 's|^pkgrel=.*$|pkgrel=1|' PKGBUILD
-          sed -i -e "s|^sha256sums=.*$|sha256sums=('${{ needs.tarball.outputs.sha256 }}'|" PKGBUILD
-          makepkg --printsrcinfo > .SRCINFO
-      - name: Commit and push
-        run: |
-          git config user.name "${{ github.actor }}"
-          git config user.email "${{ github.actor_id }}+${{ github.actor }}@users.noreply.github.com"
-          git config push.autoSetupRemote true
-          git stage .
-          git commit -m "Prepare release ${{needs.get-version.outputs.semVerStr}}"
-          git push
-      - name: Create pull request
-        run: |
-          printf "> [!IMPORTANT]\n> Todos:\n> - [ ] Update build instructions\n> - [ ] Check for JDK update\n> - [ ] Check for JFX update" > pr_body.md
-          PR_URL=$(gh pr create --title "Release ${{ needs.get-version.outputs.semVerStr }}" --body-file pr_body.md)
-          echo "AUR_PR_URL=$PR_URL" >> "$GITHUB_ENV"
-        env:
-          GH_TOKEN: ${{ secrets.CRYPTOBOT_PR_TOKEN }}
-      - name: Slack Notification
-        if: github.event_name == 'release'
-        uses: rtCamp/action-slack-notify@e31e87e03dd19038e411e38ae27cbad084a90661 # v2.3.3
-        env:
-          SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK_URL }}
-          SLACK_USERNAME: 'Cryptobot'
-          SLACK_ICON: false
-          SLACK_ICON_EMOJI: ':bot:'
-          SLACK_CHANNEL: 'cryptomator-desktop'
-          SLACK_TITLE: "AUR release PR created for ${{ github.event.repository.name }} ${{ github.event.release.tag_name }} created."
-          SLACK_MESSAGE: "See <${{ env.AUR_PR_URL }}|PR> on how to proceed."
-          SLACK_FOOTER: false
-          MSG_MINIMAL: true
--- a/.github/workflows/av-whitelist.yml
+++ b/.github/workflows/av-whitelist.yml
@@ -30,18 +30,16 @@ jobs:
    runs-on: ubuntu-latest
    outputs:
      fileName: ${{ steps.extractName.outputs.fileName}}
-    env:
-      INPUT_URL: ${{ inputs.url }}
    steps:
      - name: Extract file name
        id: extractName
        run: |
-          url="${INPUT_URL}"
+          url="${{ inputs.url }}"
          echo "fileName=${url##*/}" >> $GITHUB_OUTPUT
      - name: Download file
-        run: curl --remote-name ${INPUT_URL} -L -o ${{steps.extractName.outputs.fileName}}
+        run: curl --remote-name ${{ inputs.url }} -L -o ${{steps.extractName.outputs.fileName}}
      - name: Upload artifact
-        uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
+        uses: actions/upload-artifact@v4
        with:
          name: ${{ steps.extractName.outputs.fileName }}
          path: ${{ steps.extractName.outputs.fileName }}
@@ -53,12 +51,12 @@ jobs:
    if: github.event_name == 'workflow_call' || inputs.kaspersky
    steps:
      - name: Download artifact
-        uses: actions/download-artifact@634f93cb2916e3fdff6788551b99b062d0335ce0 # v5.0.0
+        uses: actions/download-artifact@v4
        with:
          name: ${{ needs.download-file.outputs.fileName }}
          path: upload
      - name: Upload to Kaspersky
-        uses: SamKirkland/FTP-Deploy-Action@a51268f67f6605236975928ae28b0f7e9971d50a # v4.6.3
+        uses: SamKirkland/FTP-Deploy-Action@v4.3.5
        with:
          protocol: ftps
          server: allowlist.kaspersky-labs.com
@@ -73,12 +71,12 @@ jobs:
    if: github.event_name == 'workflow_call'  || inputs.avast
    steps:
      - name: Download artifact
-        uses: actions/download-artifact@634f93cb2916e3fdff6788551b99b062d0335ce0 # v5.0.0
+        uses: actions/download-artifact@v4
        with:
          name: ${{ needs.download-file.outputs.fileName }}
          path: upload
-      - name: Upload to Avast
-        uses: wlixcc/SFTP-Deploy-Action@a5ccb9c6211a94cc59404f0fdb2a9936a6dfee64 # v1.2.6
+      - name: Upload to Avast 
+        uses: wlixcc/SFTP-Deploy-Action@v1.2.6
        with:
          server: whitelisting.avast.com
          port: 22
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -11,7 +11,7 @@ on:

 env:
  JAVA_DIST: 'temurin'
-  JAVA_VERSION: 25
+  JAVA_VERSION: 24

 defaults:
  run:
@@ -22,14 +22,14 @@ jobs:
    name: Compile and Test
    runs-on: ubuntu-latest
    steps:
-      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
-      - uses: actions/setup-java@dded0888837ed1f317902acf8a20df0ad188d165 # v5.0.0
+      - uses: actions/checkout@v4
+      - uses: actions/setup-java@v4
        with:
          distribution: ${{ env.JAVA_DIST }}
          java-version: ${{ env.JAVA_VERSION }}
          cache: 'maven'
      - name: Cache SonarCloud packages
-        uses: actions/cache@0057852bfaa89a56745cba8c7296529d2fc39830 # v4.3.0
+        uses: actions/cache@v4
        with:
          path: ~/.sonar/cache
          key: ${{ runner.os }}-sonar
@@ -37,7 +37,7 @@ jobs:
      - name: Build and Test
        run: >
          xvfb-run
-          mvn -B verify
+          mvn -B verify -Djavafx.platform=linux
          jacoco:report
          org.sonarsource.scanner.maven:sonar-maven-plugin:sonar
          -Pcoverage
@@ -49,28 +49,28 @@ jobs:
          SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
      - name: Draft a release
        if: startsWith(github.ref, 'refs/tags/')
-        uses: softprops/action-gh-release@6da8fa9354ddfdc4aeace5fc48d7f679b5214090 # v2.4.1
+        uses: softprops/action-gh-release@v2
        with:
          draft: true
          discussion_category_name: releases
          token: ${{ secrets.CRYPTOBOT_RELEASE_TOKEN }}
          generate_release_notes: true
          body: |-
-            > [!NOTE]
-            > 🚧 Work in Progress 🚧
-            >
-            > Please be patient, the [builds are still running](https://github.com/cryptomator/cryptomator/actions). Binary packages can be found here in a few moments.   
-            
-            <!--REPLACE with auto-generated release notes (see below)
+            :construction: Work in Progress
            ### What's New 🎉
-            ### Bugfixes 🐛
-            ### Other Changes 📎
-            END REPLACE-->
            
-            Feel free to also read our [CHANGELOG.md](https://github.com/cryptomator/cryptomator/blob/develop/CHANGELOG.md).
+            ### Bugfixes 🐛
+            
+            ### Other Changes 📎
            
            ---
            
+            TODO FULL CHANGELOG
+            
+            📜 List of closed issues is available [here](TODO)
+            
+            ---
+            ⏳ Please be patient, the builds are still [running](https://github.com/cryptomator/cryptomator/actions). New versions of Cryptomator can be found here in a few moments. ⏳
            
            <!-- Don't forget to include the
            💾 SHA-256 checksums of release artifacts:
@@ -78,9 +78,4 @@ jobs:
            ```
            -->
            
-            > [!TIP]
-            > You can verify the GPG signature of all assets using our public key: [`5811 7AFA 1F85 B3EE C154  677D 615D 449F E6E6 A235`](https://gist.github.com/cryptobot/211111cf092037490275f39d408f461a).
-            
-            
-            
-            <!-- Auto-Generated Release Notes: -->
+            As usual, the GPG signatures can be checked using [our public key `5811 7AFA 1F85 B3EE C154  677D 615D 449F E6E6 A235`](https://gist.github.com/cryptobot/211111cf092037490275f39d408f461a).
--- a/.github/workflows/check-jdk-updates.yml
+++ b/.github/workflows/check-jdk-updates.yml
@@ -6,7 +6,7 @@ on:
  workflow_dispatch:

 env:
-  JDK_VERSION: '25.0.1+8.0.LTS'
+  JDK_VERSION: '24.0.1+9'
  JDK_VENDOR: temurin
  RUNTIME_VERSION_HELPER: >
    public class Test {
@@ -23,10 +23,10 @@ jobs:
        JDK_MAJOR_VERSION: 'toBeFilled'
    steps:
      - name: Determine current major version
-        run: echo 'JDK_MAJOR_VERSION=${{ env.JDK_VERSION }}'.substring(0,2) >> "$env:GITHUB_ENV"
+        run: echo 'JDK_MAJOR_VERSION=${{ env.JDK_VERSION }}'.substring(0,20) >> "$env:GITHUB_ENV"
        shell: pwsh
      - name: Checkout latest JDK ${{ env.JDK_MAJOR_VERSION }}
-        uses: actions/setup-java@dded0888837ed1f317902acf8a20df0ad188d165 # v5.0.0
+        uses: actions/setup-java@v4
        with:
          java-version: ${{ env.JDK_MAJOR_VERSION}}
          distribution: ${{ env.JDK_VENDOR }}
@@ -70,7 +70,7 @@ jobs:
          }
      - name: Notify
        if: steps.determine.outputs.UPDATE_AVAILABLE == 'true'
-        uses: rtCamp/action-slack-notify@e31e87e03dd19038e411e38ae27cbad084a90661 # v2.3.3
+        uses: rtCamp/action-slack-notify@v2
        env:
          SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK_URL }}
          SLACK_USERNAME: 'Cryptobot'
--- a/.github/workflows/debian.yml
+++ b/.github/workflows/debian.yml
@@ -23,12 +23,13 @@ on:

 env:
  JAVA_DIST: 'temurin'
-  JAVA_VERSION: '25.0.1+8.0.LTS'
-  DEB_BUILD_DEPENDS: 'debhelper (>=10), openjdk-25-jdk (>= 25+36), libgtk-3-0 (>= 3.20.0), libxxf86vm1, libgl1'
-  OPENJFX_JMODS_AMD64: 'https://download2.gluonhq.com/openjfx/25/openjfx-25_linux-x64_bin-jmods.zip'
-  OPENJFX_JMODS_AMD64_HASH: '96e520f48610d8ffb94ca30face1f11ffe8a977ddc1c4ff80b1a9e9f048bd94e'
-  OPENJFX_JMODS_AARCH64: 'https://download2.gluonhq.com/openjfx/25/openjfx-25_linux-aarch64_bin-jmods.zip'
-  OPENJFX_JMODS_AARCH64_HASH: '9ad4ca7b769ca4ee6419f1e99143dd6ff812f8be4fddb46a7d7cacbeea148af4'
+  JAVA_VERSION: '24.0.1+9'
+  COFFEELIBS_JDK: 24
+  COFFEELIBS_JDK_VERSION: '24.0.1+9-0ppa3'
+  OPENJFX_JMODS_AMD64: 'https://download2.gluonhq.com/openjfx/24.0.1/openjfx-24.0.1_linux-x64_bin-jmods.zip'
+  OPENJFX_JMODS_AMD64_HASH: '425fac742b9fbd095b2ce868cff82d1024620f747c94a7144d0a4879e756146c'
+  OPENJFX_JMODS_AARCH64: 'https://download2.gluonhq.com/openjfx/24.0.1/openjfx-24.0.1_linux-aarch64_bin-jmods.zip'
+  OPENJFX_JMODS_AARCH64_HASH: '7e02edd0f4ee5527a27c94b0bbba66fcaaff41009119e45d0eca0f96ddfb6e7b'

 jobs:
  get-version:
@@ -40,34 +41,30 @@ jobs:
    name: Build Debian Package
    runs-on: ubuntu-22.04
    needs: [get-version]
-    env:
-      INPUT_PPAVER: ${{ inputs.ppaver }}
    steps:
-      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+      - uses: actions/checkout@v4
      - id: deb-version
        name: Determine deb-version
        run: |
-          if [ -n "${INPUT_PPAVER}" ]; then
-            echo "debVersion=${INPUT_PPAVER}" >> "$GITHUB_OUTPUT"
+          if [ -n "${{inputs.ppaver}}" ]; then
+            echo "debVersion=${{inputs.ppaver }}" >> "$GITHUB_OUTPUT"
          else
            echo "debVersion=${{needs.get-version.outputs.semVerStr}}" >> "$GITHUB_OUTPUT"
          fi
      - name: Install build tools
        run: |
+          sudo add-apt-repository ppa:coffeelibs/openjdk
          sudo apt-get update
-          sudo apt-get install devscripts dput
-          sudo apt-get satisfy "${DEB_BUILD_DEPENDS}"
-        env:
-          DEB_BUILD_DEPENDS: ${{ env.DEB_BUILD_DEPENDS }}
+          sudo apt-get install debhelper devscripts dput coffeelibs-jdk-${{ env.COFFEELIBS_JDK }}=${{ env.COFFEELIBS_JDK_VERSION }}
      - name: Setup Java
-        uses: actions/setup-java@dded0888837ed1f317902acf8a20df0ad188d165 # v5.0.0
+        uses: actions/setup-java@v4
        with:
          distribution: ${{ env.JAVA_DIST }}
          java-version: ${{ env.JAVA_VERSION }}
          check-latest: true
          cache: 'maven'
      - name: Run maven
-        run: mvn -B clean package -Plinux -DskipTests
+        run: mvn -B clean package -Plinux -Djavafx.platform=linux -DskipTests
      - name: Download OpenJFX jmods
        id: download-jmods
        run: |
@@ -143,7 +140,7 @@ jobs:
        run: |
          gpg --batch --quiet --passphrase-fd 0 --pinentry-mode loopback -u 615D449FE6E6A235 --detach-sign -a cryptomator_*_amd64.deb
      - name: Upload artifacts
-        uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
+        uses: actions/upload-artifact@v4
        with:
          name: linux-deb-package
          path: |
--- a/.github/workflows/dependency-check.yml
+++ b/.github/workflows/dependency-check.yml
@@ -7,13 +7,12 @@ on:

 jobs:
  check-dependencies:
-    uses: skymatic/workflows/.github/workflows/run-dependency-check.yml@1074588008ae3326a2221ea451783280518f0366 # v3.0.1
+    uses: skymatic/workflows/.github/workflows/run-dependency-check.yml@v1
    with:
      runner-os: 'ubuntu-latest'
      java-distribution: 'temurin'
-      java-version: 25
+      java-version: 24
+      check-command: 'mvn -B validate -Pdependency-check -Djavafx.platform=linux'
    secrets:
      nvd-api-key: ${{ secrets.NVD_API_KEY }}
-      ossindex-username: ${{ secrets.OSSINDEX_USERNAME }}
-      ossindex-token: ${{ secrets.OSSINDEX_API_TOKEN }}
      slack-webhook-url: ${{ secrets.SLACK_WEBHOOK_URL }}
--- a/.github/workflows/dl-stats.yml
+++ b/.github/workflows/dl-stats.yml
@@ -10,7 +10,7 @@ jobs:
    steps:
      - name: Get download count of latest releases
        id: get-stats
-        uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0
+        uses: actions/github-script@v7
        with:
          script: |
            const query = `query($owner:String!, $name:String!) {
@@ -53,7 +53,7 @@ jobs:
          INTERVAL: 900
          JSON_DATA: ${{ steps.get-stats.outputs.result }}
      - name: Upload Results
-        uses: fjogeleit/http-request-action@1297c6fc63a79b147d1676540a3fd9d2e37817c5 # v1.16.5
+        uses: fjogeleit/http-request-action@v1
        with:
          url: 'https://graphite-us-central1.grafana.net/metrics'
          method: 'POST'
--- a/.github/workflows/error-db.yml
+++ b/.github/workflows/error-db.yml
@@ -14,7 +14,7 @@ jobs:
      - name: Query Discussion Data
        if: github.event_name == 'discussion_comment' || github.event_name == 'discussion' && github.event.action != 'deleted'
        id: query-data
-        uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0
+        uses: actions/github-script@v7
        with:
          script: |
            const query = `query ($owner: String!, $name: String!, $discussionNumber: Int!) {
@@ -42,7 +42,7 @@ jobs:
            return await github.graphql(query, variables)
      - name: Get Gist
        id: get-gist
-        uses: andymckay/get-gist-action@cf3bc8164af24126f7e5979eb6d3dc0c12309bd1 # not_tagged
+        uses: andymckay/get-gist-action@master
        with:
          gistURL: https://gist.github.com/cryptobot/accba9fb9555e7192271b85606f97230
      - name: Merge Error Code Data
@@ -58,7 +58,7 @@ jobs:
        env:
          DISCUSSION: ${{ steps.query-data.outputs.result }}
      - name: Patch Gist
-        uses: exuanbo/actions-deploy-gist@47697fceaeea2006a90594ee24eb9cd0a1121ef8 # v1.1.4
+        uses: exuanbo/actions-deploy-gist@v1
        with:
          token: ${{ secrets.CRYPTOBOT_GIST_TOKEN }}
          gist_id: accba9fb9555e7192271b85606f97230
--- a/.github/workflows/flathub.yml
+++ b/.github/workflows/flathub.yml
@@ -26,10 +26,13 @@ jobs:
      - name: Determine tarball url
        id: url
        run: |
-          URL="https://github.com/cryptomator/cryptomator/archive/refs/tags/${TAG}.tar.gz"
+          URL="";
+          if [[ -n "${{ inputs.tag }}"  ]]; then
+            URL="https://github.com/cryptomator/cryptomator/archive/refs/tags/${{ inputs.tag }}.tar.gz"
+          else
+            URL="https://github.com/cryptomator/cryptomator/archive/refs/tags/${{ github.event.release.tag_name }}.tar.gz"
+          fi
          echo "url=${URL}" >> "$GITHUB_OUTPUT"
-        env:
-          TAG: ${{ inputs.tag || github.event.release.tag_name}}
      - name: Download source tarball and compute checksum
        id: sha512
        run: |
@@ -43,10 +46,10 @@ jobs:
    env:
      FLATHUB_PR_URL: tbd
    steps:
-      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+      - uses: actions/checkout@v4
        with:
          repository: 'flathub/org.cryptomator.Cryptomator'
-          token: ${{ secrets.CRYPTOBOT_PR_TOKEN }}
+          token: ${{ secrets.CRYPTOBOT_WINGET_TOKEN }}
      - name: Checkout release branch
        run: |
          git checkout -b release/${{ needs.get-version.outputs.semVerStr }}
@@ -69,9 +72,9 @@ jobs:
          PR_URL=$(gh pr create --title "Release ${{ needs.get-version.outputs.semVerStr }}" --body-file pr_body.md)
          echo "FLATHUB_PR_URL=$PR_URL" >> "$GITHUB_ENV"
        env:
-          GH_TOKEN: ${{ secrets.CRYPTOBOT_PR_TOKEN }}
+          GH_TOKEN: ${{ secrets.CRYPTOBOT_WINGET_TOKEN }}
      - name: Slack Notification
-        uses: rtCamp/action-slack-notify@e31e87e03dd19038e411e38ae27cbad084a90661 # v2.3.3
+        uses: rtCamp/action-slack-notify@v2
        if: github.event_name == 'release'
        env:
          SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK_URL }}
--- a/.github/workflows/get-version.yml
+++ b/.github/workflows/get-version.yml
@@ -23,7 +23,7 @@ on:

 env:
  JAVA_DIST: 'temurin'
-  JAVA_VERSION: 25
+  JAVA_VERSION: 24

 jobs:
  determine-version:
@@ -35,11 +35,11 @@ jobs:
      revNum: ${{ steps.versions.outputs.revNum }}
      type: ${{ steps.versions.outputs.type}}
    steps:
-      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+      - uses: actions/checkout@v4
        with:
          fetch-depth: 0
      - name: Setup Java
-        uses: actions/setup-java@dded0888837ed1f317902acf8a20df0ad188d165 # v5.0.0
+        uses: actions/setup-java@v4
        with:
          distribution: ${{ env.JAVA_DIST }}
          java-version: ${{ env.JAVA_VERSION }}
@@ -49,8 +49,8 @@ jobs:
        run: |
          if [[ $GITHUB_REF =~ refs/tags/[0-9]+\.[0-9]+\.[0-9]+.* ]]; then
            SEM_VER_STR=${GITHUB_REF##*/}
-          elif [[ "${VERSION_STRING}" =~ [0-9]+\.[0-9]+\.[0-9]+.* ]]; then
-            SEM_VER_STR="${VERSION_STRING}"
+          elif [[ "${{ inputs.version }}" =~ [0-9]+\.[0-9]+\.[0-9]+.* ]]; then
+            SEM_VER_STR="${{ inputs.version }}"
          else
            SEM_VER_STR=`mvn help:evaluate -Dexpression=project.version -q -DforceStdout`
          fi
@@ -70,9 +70,7 @@ jobs:
          echo "semVerNum=${SEM_VER_NUM}" >> $GITHUB_OUTPUT
          echo "revNum=${REVCOUNT}" >> $GITHUB_OUTPUT
          echo "type=${TYPE}" >> $GITHUB_OUTPUT
-        env:
-          VERSION_STRING: ${{ inputs.version }}
      - name: Validate Version
-        uses: skymatic/semver-validation-action@7a6ae1c9e121540d11c9c7e4e667c83d583aa153 # v3.0.0
+        uses: skymatic/semver-validation-action@v3
        with:
          version: ${{ steps.versions.outputs.semVerStr }}
--- a/.github/workflows/mac-dmg-x64.yml
+++ b/.github/workflows/mac-dmg-x64.yml
@@ -24,7 +24,7 @@ on:

 env:
  JAVA_DIST: 'temurin'
-  JAVA_VERSION: '25.0.1+8.0.LTS'
+  JAVA_VERSION: '24.0.1+9'

 jobs:
  get-version:
@@ -44,12 +44,12 @@ jobs:
          architecture: x64
          output-suffix: x64
          fuse-lib: macFUSE
-          openjfx-url: 'https://download2.gluonhq.com/openjfx/25/openjfx-25_osx-x64_bin-jmods.zip'
-          openjfx-sha: '0eba73fb28a24c845175d16fa2f8c081c936ce6de1be9b79eb6119fa32e53d52'
+          openjfx-url: 'https://download2.gluonhq.com/openjfx/24.0.1/openjfx-24.0.1_osx-x64_bin-jmods.zip'
+          openjfx-sha: '6e62a426d43c168a488521f904a523f3dd6ee2cf103e08136f2fd465c828a105'
    steps:
-      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+      - uses: actions/checkout@v4
      - name: Setup Java
-        uses: actions/setup-java@dded0888837ed1f317902acf8a20df0ad188d165 # v5.0.0
+        uses: actions/setup-java@v4
        with:
          distribution: ${{ env.JAVA_DIST }}
          java-version: ${{ env.JAVA_VERSION }}
@@ -79,7 +79,7 @@ jobs:
      - name: Set version
        run : mvn versions:set -DnewVersion=${{ needs.get-version.outputs.semVerStr }}
      - name: Run maven
-        run: mvn -B clean package -Pmac -DskipTests
+        run: mvn -B -Djavafx.platform=mac clean package -Pmac -DskipTests
      - name: Patch target dir
        run: |
          cp LICENSE.txt target
@@ -99,7 +99,7 @@ jobs:
          --verbose
          --output runtime
          --module-path "${{ steps.jep-493-check.outputs.jmod_paths }}"
-          --add-modules java.base,java.desktop,java.instrument,java.logging,java.naming,java.net.http,java.scripting,java.sql,java.xml,javafx.base,javafx.graphics,javafx.controls,javafx.fxml,jdk.crypto.cryptoki,jdk.crypto.ec,jdk.unsupported,jdk.accessibility,jdk.management.jfr,java.compiler
+          --add-modules java.base,java.desktop,java.instrument,java.logging,java.naming,java.net.http,java.scripting,java.sql,java.xml,javafx.base,javafx.graphics,javafx.controls,javafx.fxml,jdk.unsupported,jdk.accessibility,jdk.management.jfr,java.compiler
          --strip-native-commands
          --no-header-files
          --no-man-pages
@@ -121,6 +121,7 @@ jobs:
          --app-version "${{ needs.get-version.outputs.semVerNum }}"
          --java-options "--enable-preview"
          --java-options "--enable-native-access=javafx.graphics,org.cryptomator.jfuse.mac"
+          --java-options "--sun-misc-unsafe-memory-access=allow"
          --java-options "-Xss5m"
          --java-options "-Xmx256m"
          --java-options "-Dfile.encoding=\"utf-8\""
@@ -136,7 +137,6 @@ jobs:
          --java-options "-Dcryptomator.integrationsMac.keychainServiceName=\"Cryptomator\""
          --java-options "-Dcryptomator.mountPointsDir=\"@{userhome}/Library/Application Support/Cryptomator/mnt\""
          --java-options "-Dcryptomator.showTrayIcon=true"
-          --java-options "-Dcryptomator.updateMechanism=org.cryptomator.macos.update.DmgUpdateMechanism"
          --java-options "-Dcryptomator.buildNumber=\"dmg-${{ needs.get-version.outputs.revNum }}\""
          --mac-package-identifier org.cryptomator
          --resource-dir dist/mac/resources
@@ -151,23 +151,9 @@ jobs:
          VERSION_NO: ${{ needs.get-version.outputs.semVerNum }}
          REVISION_NO: ${{ needs.get-version.outputs.revNum }}
          PROVISIONING_PROFILE_BASE64: ${{ secrets.MACOS_PROVISIONING_PROFILE_BASE64 }}
-      - name: Build and install DockTilePlugin
-        env:
-          DERIVED_DATA_PATH: dist/mac/DockTilePlugin/build
-        run: |
-          xcodebuild -project dist/mac/DockTilePlugin/DockTilePlugin.xcodeproj \
-                     -scheme DockTilePlugin \
-                     -configuration Release \
-                     -destination "platform=macOS,arch=x86_64" \
-                     -derivedDataPath ${DERIVED_DATA_PATH} \
-                     -quiet \
-                     clean build
-          mkdir -p Cryptomator.app/Contents/PlugIns
-          cp -R ${DERIVED_DATA_PATH}/Build/Products/Release/Cryptomator.docktileplugin Cryptomator.app/Contents/PlugIns/
-          rm -rf ${DERIVED_DATA_PATH}
      - name: Generate license for dmg
        run: >
-          mvn -B license:add-third-party
+          mvn -B -Djavafx.platform=mac license:add-third-party
          -Dlicense.thirdPartyFilename=license.rtf
          -Dlicense.outputDirectory=dist/mac/dmg/resources
          -Dlicense.fileTemplate=dist/mac/dmg/resources/licenseTemplate.ftl
@@ -262,7 +248,7 @@ jobs:
          CODESIGN_IDENTITY: ${{ secrets.MACOS_CODESIGN_IDENTITY }}
      - name: Notarize .dmg
        if: startsWith(github.ref, 'refs/tags/') || inputs.notarize
-        uses: cocoalibs/xcode-notarization-action@5cf433d494b6fa26504b574c591f4dd120388846 # v1.0.3
+        uses: cocoalibs/xcode-notarization-action@v1
        with:
          app-path: 'Cryptomator-*.dmg'
          apple-id: ${{ secrets.MACOS_NOTARIZATION_APPLE_ID }}
@@ -283,7 +269,7 @@ jobs:
        run: security delete-keychain $RUNNER_TEMP/codesign.keychain-db
        continue-on-error: true
      - name: Upload artifacts
-        uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
+        uses: actions/upload-artifact@v4
        with:
          name: dmg-${{ matrix.output-suffix }}
          path: |
@@ -292,7 +278,7 @@ jobs:
          if-no-files-found: error
      - name: Publish dmg on GitHub Releases
        if: startsWith(github.ref, 'refs/tags/') && github.event.action == 'published'
-        uses: softprops/action-gh-release@6da8fa9354ddfdc4aeace5fc48d7f679b5214090 # v2.4.1
+        uses: softprops/action-gh-release@v2
        with:
          fail_on_unmatched_files: true
          token: ${{ secrets.CRYPTOBOT_RELEASE_TOKEN }}
--- a/.github/workflows/mac-dmg.yml
+++ b/.github/workflows/mac-dmg.yml
@@ -22,7 +22,7 @@ on:

 env:
  JAVA_DIST: 'temurin'
-  JAVA_VERSION: '25.0.1+8.0.LTS'
+  JAVA_VERSION: '24.0.1+9'

 jobs:
  get-version:
@@ -42,12 +42,12 @@ jobs:
          architecture: aarch64
          output-suffix: arm64
          fuse-lib: FUSE-T
-          openjfx-url: 'https://download2.gluonhq.com/openjfx/25/openjfx-25_osx-aarch64_bin-jmods.zip'
-          openjfx-sha: '13f8c0513c40c95881479fbcf0465a29a60217393fb0656f5e4eab78a9442fba'
+          openjfx-url: 'https://download2.gluonhq.com/openjfx/24.0.1/openjfx-24.0.1_osx-aarch64_bin-jmods.zip'
+          openjfx-sha: 'b5a94a13077507003fa852512bfa33f4fb680bc8076d8002e4227a84c85171d4'
    steps:
-      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+      - uses: actions/checkout@v4
      - name: Setup Java
-        uses: actions/setup-java@dded0888837ed1f317902acf8a20df0ad188d165 # v5.0.0
+        uses: actions/setup-java@v4
        with:
          distribution: ${{ env.JAVA_DIST }}
          java-version: ${{ env.JAVA_VERSION }}
@@ -77,7 +77,7 @@ jobs:
      - name: Set version
        run : mvn versions:set -DnewVersion=${{ needs.get-version.outputs.semVerStr }}
      - name: Run maven
-        run: mvn -B clean package -Pmac -DskipTests
+        run: mvn -B -Djavafx.platform=mac clean package -Pmac -DskipTests
      - name: Patch target dir
        run: |
          cp LICENSE.txt target
@@ -97,7 +97,7 @@ jobs:
          --verbose
          --output runtime
          --module-path "${{ steps.jep-493-check.outputs.jmod_paths }}"
-          --add-modules java.base,java.desktop,java.instrument,java.logging,java.naming,java.net.http,java.scripting,java.sql,java.xml,javafx.base,javafx.graphics,javafx.controls,javafx.fxml,jdk.crypto.cryptoki,jdk.crypto.ec,jdk.unsupported,jdk.accessibility,jdk.management.jfr,java.compiler
+          --add-modules java.base,java.desktop,java.instrument,java.logging,java.naming,java.net.http,java.scripting,java.sql,java.xml,javafx.base,javafx.graphics,javafx.controls,javafx.fxml,jdk.unsupported,jdk.accessibility,jdk.management.jfr,java.compiler
          --strip-native-commands
          --no-header-files
          --no-man-pages
@@ -119,6 +119,7 @@ jobs:
          --app-version "${{ needs.get-version.outputs.semVerNum }}"
          --java-options "--enable-preview"
          --java-options "--enable-native-access=javafx.graphics,org.cryptomator.jfuse.mac"
+          --java-options "--sun-misc-unsafe-memory-access=allow"
          --java-options "-Xss5m"
          --java-options "-Xmx256m"
          --java-options "-Dfile.encoding=\"utf-8\""
@@ -134,9 +135,7 @@ jobs:
          --java-options "-Dcryptomator.integrationsMac.keychainServiceName=\"Cryptomator\""
          --java-options "-Dcryptomator.mountPointsDir=\"@{userhome}/Library/Application Support/Cryptomator/mnt\""
          --java-options "-Dcryptomator.showTrayIcon=true"
-          --java-options "-Dcryptomator.updateMechanism=org.cryptomator.macos.update.DmgUpdateMechanism"
          --java-options "-Dcryptomator.buildNumber=\"dmg-${{ needs.get-version.outputs.revNum }}\""
-          --java-options "-XX:ErrorFile=/cryptomator/cryptomator_crash.log"
          --mac-package-identifier org.cryptomator
          --resource-dir dist/mac/resources
      - name: Patch Cryptomator.app
@@ -150,23 +149,9 @@ jobs:
          VERSION_NO: ${{ needs.get-version.outputs.semVerNum }}
          REVISION_NO: ${{ needs.get-version.outputs.revNum }}
          PROVISIONING_PROFILE_BASE64: ${{ secrets.MACOS_PROVISIONING_PROFILE_BASE64 }}
-      - name: Build and install DockTilePlugin
-        env:
-          DERIVED_DATA_PATH: dist/mac/DockTilePlugin/build
-        run: |
-          xcodebuild -project dist/mac/DockTilePlugin/DockTilePlugin.xcodeproj \
-                     -scheme DockTilePlugin \
-                     -configuration Release \
-                     -destination "platform=macOS,arch=arm64" \
-                     -derivedDataPath ${DERIVED_DATA_PATH} \
-                     -quiet \
-                     clean build
-          mkdir -p Cryptomator.app/Contents/PlugIns
-          cp -R ${DERIVED_DATA_PATH}/Build/Products/Release/Cryptomator.docktileplugin Cryptomator.app/Contents/PlugIns/
-          rm -rf ${DERIVED_DATA_PATH}
      - name: Generate license for dmg
        run: >
-          mvn -B license:add-third-party
+          mvn -B -Djavafx.platform=mac license:add-third-party
          -Dlicense.thirdPartyFilename=license.rtf
          -Dlicense.outputDirectory=dist/mac/dmg/resources
          -Dlicense.fileTemplate=dist/mac/dmg/resources/licenseTemplate.ftl
@@ -261,7 +246,7 @@ jobs:
          CODESIGN_IDENTITY: ${{ secrets.MACOS_CODESIGN_IDENTITY }}
      - name: Notarize .dmg
        if: startsWith(github.ref, 'refs/tags/') || inputs.notarize
-        uses: cocoalibs/xcode-notarization-action@5cf433d494b6fa26504b574c591f4dd120388846 # v1.0.3
+        uses: cocoalibs/xcode-notarization-action@v1
        with:
          app-path: 'Cryptomator-*.dmg'
          apple-id: ${{ secrets.MACOS_NOTARIZATION_APPLE_ID }}
@@ -282,7 +267,7 @@ jobs:
        run: security delete-keychain $RUNNER_TEMP/codesign.keychain-db
        continue-on-error: true
      - name: Upload artifacts
-        uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
+        uses: actions/upload-artifact@v4
        with:
          name: dmg-${{ matrix.output-suffix }}
          path: |
@@ -291,7 +276,7 @@ jobs:
          if-no-files-found: error
      - name: Publish dmg on GitHub Releases
        if: startsWith(github.ref, 'refs/tags/') && github.event.action == 'published'
-        uses: softprops/action-gh-release@6da8fa9354ddfdc4aeace5fc48d7f679b5214090 # v2.4.1
+        uses: softprops/action-gh-release@v2
        with:
          fail_on_unmatched_files: true
          token: ${{ secrets.CRYPTOBOT_RELEASE_TOKEN }}
--- a/.github/workflows/no-response.yml
+++ b/.github/workflows/no-response.yml
@@ -12,7 +12,7 @@ jobs:
      issues: write
      pull-requests: write
    steps:
-      - uses: actions/stale@5f858e3efba33a5ca4407a664cc011ad407f2008 # v10.1.0
+      - uses: actions/stale@v9
        with:
          days-before-stale: 14
          days-before-close: 0
--- a/.github/workflows/post-publish.yml
+++ b/.github/workflows/post-publish.yml
@@ -19,14 +19,14 @@ jobs:
          GPG_PRIVATE_KEY: ${{ secrets.RELEASES_GPG_PRIVATE_KEY }}
          GPG_PASSPHRASE: ${{ secrets.RELEASES_GPG_PASSPHRASE }}
      - name: Publish asc on GitHub Releases
-        uses: softprops/action-gh-release@6da8fa9354ddfdc4aeace5fc48d7f679b5214090 # v2.4.1
+        uses: softprops/action-gh-release@v2
        with:
          fail_on_unmatched_files: true
          token: ${{ secrets.CRYPTOBOT_RELEASE_TOKEN }}
          files: |
            cryptomator-*.tar.gz.asc
      - name: Slack Notification
-        uses: rtCamp/action-slack-notify@e31e87e03dd19038e411e38ae27cbad084a90661 # v2.3.3
+        uses: rtCamp/action-slack-notify@v2
        env:
          SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK_URL }}
          SLACK_USERNAME: 'Cryptobot'
--- a/.github/workflows/pullrequest.yml
+++ b/.github/workflows/pullrequest.yml
@@ -5,7 +5,7 @@ on:

 env:
  JAVA_DIST: 'temurin'
-  JAVA_VERSION: 25
+  JAVA_VERSION: 24

 defaults:
  run:
@@ -16,11 +16,11 @@ jobs:
    name: Compile and Test
    runs-on: ubuntu-latest
    steps:
-      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
-      - uses: actions/setup-java@dded0888837ed1f317902acf8a20df0ad188d165 # v5.0.0
+      - uses: actions/checkout@v4
+      - uses: actions/setup-java@v4
        with:
          distribution: ${{ env.JAVA_DIST }}
          java-version: ${{ env.JAVA_VERSION }}
          cache: 'maven'
      - name: Build and Test
-        run: xvfb-run mvn -B clean install jacoco:report -Pcoverage
+        run: xvfb-run mvn -B clean install jacoco:report -Pcoverage -Djavafx.platform=linux
--- a/.github/workflows/release-check.yml
+++ b/.github/workflows/release-check.yml
@@ -12,16 +12,16 @@ defaults:

 env:
  JAVA_DIST: 'temurin'
-  JAVA_VERSION: 25
+  JAVA_VERSION: 23

 jobs:
  check-preconditions:
    name: Validate commits pushed to release/hotfix branch to fulfill release requirements
    runs-on: ubuntu-latest
    steps:
-      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+      - uses: actions/checkout@v4
      - name: Setup Java
-        uses: actions/setup-java@dded0888837ed1f317902acf8a20df0ad188d165 # v5.0.0
+        uses: actions/setup-java@v4
        with:
          distribution: ${{ env.JAVA_DIST }}
          java-version: ${{ env.JAVA_VERSION }}
@@ -49,7 +49,7 @@ jobs:
            exit 1
          fi
      - name: Cache NVD DB
-        uses: actions/cache@0057852bfaa89a56745cba8c7296529d2fc39830 # v4.3.0
+        uses: actions/cache@v4
        with:
          path: ~/.m2/repository/org/owasp/dependency-check-data/
          key: dependency-check-${{ github.run_id }}
@@ -60,6 +60,6 @@ jobs:
      - name: Run org.owasp:dependency-check plugin
        id: dependency-check
        continue-on-error: true
-        run: mvn -B verify -Pdependency-check -DskipTests
+        run: mvn -B verify -Pdependency-check -DskipTests -Djavafx.platform=linux
        env:
          NVD_API_KEY: ${{ secrets.NVD_API_KEY }}
--- a/.github/workflows/stale.yml
+++ b/.github/workflows/stale.yml
@@ -12,7 +12,7 @@ jobs:
      issues: write
      pull-requests: write
    steps:
-      - uses: actions/stale@5f858e3efba33a5ca4407a664cc011ad407f2008 # v10.1.0
+      - uses: actions/stale@v9
        with:
          days-before-stale: 365
          days-before-close: 90
--- a/.github/workflows/win-exe.yml
+++ b/.github/workflows/win-exe.yml
@@ -8,9 +8,8 @@ on:
      version:
        description: 'Version'
        required: false
-      sign:
-        description: 'Sign binaries'
-        required: false
+      isDebug:
+        description: 'Build debug version with console output'
        type: boolean
        default: false
  push:
@@ -22,8 +21,8 @@ on:


 env:
-  OPENJFX_JMODS_AMD64: 'https://download2.gluonhq.com/openjfx/25/openjfx-25_windows-x64_bin-jmods.zip'
-  OPENJFX_JMODS_AMD64_HASH: 'c8eb9fd039b00e0020cf6c3db8ed7876bf3ee4d27860aa697a247b83b8296ae7'
+  OPENJFX_JMODS_AMD64: 'https://download2.gluonhq.com/openjfx/24.0.1/openjfx-24.0.1_windows-x64_bin-jmods.zip'
+  OPENJFX_JMODS_AMD64_HASH: 'f13d17c7caf88654fc835f1b4e75a9b0f34a888eb8abef381796c0002e63b03f'
  WINFSP_MSI: 'https://github.com/winfsp/winfsp/releases/download/v2.1/winfsp-2.1.25156.msi'
  WINFSP_MSI_HASH: '073a70e00f77423e34bed98b86e600def93393ba5822204fac57a29324db9f7a'
  WINFSP_UNINSTALLER: 'https://github.com/cryptomator/winfsp-uninstaller/releases/latest/download/winfsp-uninstaller.exe'
@@ -38,8 +37,8 @@ jobs:
    with:
      version: ${{ inputs.version }}

-  build-msi:
-    name: Build .msi Installer
+  build-appimage:
+    name: Build appimage
    runs-on: ${{ matrix.os }}
    needs: [ get-version ]
    strategy:
@@ -47,13 +46,21 @@ jobs:
        include:
          - arch: x64
            os: windows-latest
-            java-dist: 'zulu' #cannot use temurin, see https://github.com/cryptomator/cryptomator/issues/3824#issuecomment-2829827427
-            java-version: '25.0.1+8'
+            java-dist: 'zulu'
+            java-version: '24.0.1+9'
            java-package: 'jdk'
+          - arch: arm64
+            os: windows-11-arm
+            java-dist: 'liberica'
+            java-version: '24.0.1+11'
+            java-package: 'jdk+fx' #This is needed, as liberica contains JFX 24 Jmods for Windows ARM64
+    env:
+      LOOPBACK_ALIAS: 'cryptomator-vault'
+      WIN_CONSOLE_FLAG: ''
    steps:
-      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+      - uses: actions/checkout@v4
      - name: Setup Java
-        uses: actions/setup-java@dded0888837ed1f317902acf8a20df0ad188d165 # v5.0.0
+        uses: actions/setup-java@v4
        with:
          distribution: ${{ matrix.java-dist }}
          java-version: ${{ matrix.java-version }}
@@ -93,7 +100,7 @@ jobs:
      - name: Set version
        run: mvn versions:set -DnewVersion=${{ needs.get-version.outputs.semVerStr }}
      - name: Run maven
-        run: mvn -B clean package -Pwin -DskipTests
+        run: mvn -B clean package -Pwin -DskipTests -Djavafx.platform=win
      - name: Patch target dir
        run: |
          cp LICENSE.txt target
@@ -113,12 +120,15 @@ jobs:
          --verbose
          --output runtime
          --module-path "${{ steps.jep-493-check.outputs.jmod_paths }}"
-          --add-modules java.base,java.desktop,java.instrument,java.logging,java.naming,java.net.http,java.scripting,java.sql,java.xml,javafx.base,javafx.graphics,javafx.controls,javafx.fxml,jdk.crypto.cryptoki,jdk.crypto.ec,jdk.crypto.mscapi,jdk.unsupported,jdk.accessibility,jdk.management.jfr,java.compiler
+          --add-modules java.base,java.desktop,java.instrument,java.logging,java.naming,java.net.http,java.scripting,java.sql,java.xml,javafx.base,javafx.graphics,javafx.controls,javafx.fxml,jdk.crypto.mscapi,jdk.unsupported,jdk.accessibility,jdk.management.jfr,java.compiler
          --strip-native-commands
          --no-header-files
          --no-man-pages
          --strip-debug
          --compress zip-0
+      - name: Change win-console flag if debug is active
+        if: ${{ inputs.isDebug }}
+        run: echo "WIN_CONSOLE_FLAG=--win-console" >> $GITHUB_ENV
      - name: Run jpackage
        run: >
          ${JAVA_HOME}/bin/jpackage
@@ -135,6 +145,7 @@ jobs:
          --app-version "${{ needs.get-version.outputs.semVerNum }}.${{ needs.get-version.outputs.revNum }}"
          --java-options "--enable-preview"
          --java-options "--enable-native-access=javafx.graphics,org.cryptomator.jfuse.win,org.cryptomator.integrations.win"
+          --java-options "--sun-misc-unsafe-memory-access=allow"
          --java-options "-Xss5m"
          --java-options "-Xmx256m"
          --java-options "-Dcryptomator.appVersion=\"${{ needs.get-version.outputs.semVerStr }}\""
@@ -146,24 +157,31 @@ jobs:
          --java-options "-Dcryptomator.p12Path=\"@{appdata}/Cryptomator/key.p12;@{userhome}/AppData/Roaming/Cryptomator/key.p12\""
          --java-options "-Dcryptomator.ipcSocketPath=\"@{localappdata}/Cryptomator/ipc.socket\""
          --java-options "-Dcryptomator.mountPointsDir=\"@{userhome}/Cryptomator\""
-          --java-options "-Dcryptomator.loopbackAlias=\"cryptomator-vault\""
+          --java-options "-Dcryptomator.loopbackAlias=\"${{ env.LOOPBACK_ALIAS }}\""
          --java-options "-Dcryptomator.showTrayIcon=true"
          --java-options "-Dcryptomator.buildNumber=\"msi-${{ needs.get-version.outputs.revNum }}\""
          --java-options "-Dcryptomator.integrationsWin.autoStartShellLinkName=\"Cryptomator\""
          --java-options "-Dcryptomator.integrationsWin.keychainPaths=\"@{appdata}/Cryptomator/keychain.json;@{userhome}/AppData/Roaming/Cryptomator/keychain.json\""
          --java-options "-Dcryptomator.integrationsWin.windowsHelloKeychainPaths=\"@{appdata}/Cryptomator/windowsHelloKeychain.json\""
-          --java-options "-Dcryptomator.disableUpdateCheck=false"
-          --java-options "-XX:ErrorFile=C:/cryptomator/cryptomator_crash.log"
+          --java-options "-Djavafx.verbose=${{ inputs.isDebug }}"
          --resource-dir dist/win/resources
          --icon dist/win/resources/Cryptomator.ico
-          --add-launcher "Cryptomator (Debug)=dist/win/debug-launcher.properties"
+          ${WIN_CONSOLE_FLAG}
      - name: Patch Application Directory
        run: |
          cp dist/win/contrib/* appdir/Cryptomator
-      - name: Fix permissions
+      - name: Set LOOPBACK_ALIAS in patchWebDAV.bat
+        shell: pwsh
        run: |
-          attrib -r appdir/Cryptomator/Cryptomator.exe
-          attrib -r "appdir/Cryptomator/Cryptomator (Debug).exe"
+          $patchScript = "appdir\Cryptomator\patchWebDAV.bat"
+          try {
+            (Get-Content $patchScript ) -replace '::REPLACE ME', "SET LOOPBACK_ALIAS=`"${{ env.LOOPBACK_ALIAS}}`"" | Set-Content $patchScript
+          } catch {
+            Write-Host "Failed to set LOOPBACK_ALIAS for patchWebDAV.bat"
+            exit 1
+          }
+      - name: Fix permissions
+        run: attrib -r appdir/Cryptomator/Cryptomator.exe
        shell: pwsh
      - name: Extract jars with DLLs for Codesigning
        shell: pwsh
@@ -188,27 +206,16 @@ jobs:
          New-Item -Path appdir/jpackage-jmod -ItemType Directory
          & $env:JAVA_HOME\bin\jmod.exe extract --dir jpackage-jmod "${env:JAVA_HOME}\jmods\jdk.jpackage.jmod"
          Get-ChildItem -Recurse -Path "jpackage-jmod" -File wixhelper.dll | Select-Object -Last 1 | Copy-Item -Destination "appdir"
-      - name: Sign DLLs with Azure Trusted Signing
-        if: inputs.sign || github.event_name == 'release'
-        uses: ./.github/actions/win-sign-action
+      - name: Codesign
+        uses: skymatic/code-sign-action@v3
        with:
-          base-dir: ${{ github.workspace }}\appdir
+          certificate: ${{ secrets.WIN_CODESIGN_P12_BASE64 }}
+          password: ${{ secrets.WIN_CODESIGN_P12_PW }}
+          certificatesha1: 5FC94CE149E5B511E621F53A060AC67CBD446B3A
+          description: Cryptomator
+          timestampUrl: 'http://timestamp.digicert.com'
+          folder: appdir
          recursive: true
-          append-signature: true
-          tenant-id: ${{ secrets.AZURE_TENANT_ID }}
-          client-id: ${{ secrets.AZURE_CLIENT_ID }}
-          client-secret: ${{ secrets.AZURE_CLIENT_SECRET }}
-      - name: Sign DLLs with Actalis CodeSigner
-        if: inputs.sign || github.event_name == 'release'
-        uses: skymatic/workflows/.github/actions/win-sign-action@450e322ff2214d0be0b079b63343c894f3ef735f # no specific version
-        with:
-          base-dir: 'appdir'
-          file-extensions: 'dll,exe,ps1'
-          recursive: true
-          sign-description: 'Cryptomator'
-          sign-url: 'https://cryptomator.org'
-          username: ${{ secrets.WIN_CODESIGN_USERNAME }}
-          password: ${{ secrets.WIN_CODESIGN_PW }}
      - name: Replace DLLs inside jars with signed ones
        shell: pwsh
        run: |
@@ -223,24 +230,64 @@ jobs:
                  jar --file="$jarFile" --update $(Resolve-Path -Relative -Path $_)
              }
          }
-      - name: Generate license for MSI
+      - name: Generate license file
        run: >
-          mvn -B license:add-third-party
+          mvn -B license:add-third-party "-Djavafx.platform=win"
          "-Dlicense.thirdPartyFilename=license.rtf"
-          "-Dlicense.outputDirectory=dist/win/resources"
+          "-Dlicense.outputDirectory=appdir"
          "-Dlicense.fileTemplate=dist/win/resources/licenseTemplate.ftl"
          "-Dlicense.includedScopes=compile"
          "-Dlicense.excludedGroups=^org\.cryptomator"
          "-Dlicense.failOnMissing=true"
          "-Dlicense.licenseMergesUrl=file:///${{ github.workspace }}/license/merges"
        shell: pwsh
-      - name: Create MSI
+      - name: Upload artifacts
+        uses: actions/upload-artifact@v4
+        with:
+          name: appimage-${{ matrix.arch }}
+          include-hidden-files: true
+          if-no-files-found: error
+          path: |
+            appdir
+
+
+  build-msi:
+    name: Build .msi installer
+    runs-on: windows-latest
+    needs: [ get-version, build-appimage ]
+    steps:
+      - uses: actions/checkout@v4
+      - name: Download appimage
+        uses: actions/download-artifact@v4
+        with:
+          name: appimage-x64
+          path: appdir-x64
+      - name: Download appimage
+        uses: actions/download-artifact@v4
+        with:
+          name: appimage-arm64
+          path: appdir-arm64
+      - name: Setup Java
+        uses: actions/setup-java@v4
+        with:
+          distribution: 'zulu'
+          java-version: '24.0.1+9'
+          java-package: 'jdk'
+          cache: 'maven'
+      - name: Install wix and extensions
+        run: |
+          dotnet tool install --global wix --version 6.0.0
+          wix.exe extension add WixToolset.UI.wixext/6.0.0 --global
+          wix.exe extension add WixToolset.Util.wixext/6.0.0 --global
+      - name: Copy license file
+        run: cp appdir-x64/license.rtf dist/win/resources/license.rtf
+      - name: Create x64 MSI with x64 appimage
        run: >
          ${JAVA_HOME}/bin/jpackage
          --verbose
          --type msi
          --win-upgrade-uuid bda45523-42b1-4cae-9354-a45475ed4775
-          --app-image appdir/Cryptomator
+          --app-image appdir-x64/Cryptomator
          --dest installer
          --name Cryptomator
          --vendor "Skymatic GmbH"
@@ -256,19 +303,45 @@ jobs:
          --file-associations dist/win/resources/FAvaultFile.properties
        env:
          JP_WIXWIZARD_RESOURCES: ${{ github.workspace }}/dist/win/resources # requires abs path, used in resources/main.wxs
-          JP_WIXHELPER_DIR: ${{ github.workspace }}\appdir
-      - name: Sign MSI with Azure Trusted Signing
-        if: inputs.sign || github.event_name == 'release'
-        uses: ./.github/actions/win-sign-action
-        with:
-          base-dir: ${{ github.workspace }}\installer
-          file-extensions: msi
-          description: 'Cryptomator Installer'
-          tenant-id: ${{ secrets.AZURE_TENANT_ID }}
-          client-id: ${{ secrets.AZURE_CLIENT_ID }}
-          client-secret: ${{ secrets.AZURE_CLIENT_SECRET }}
+          JP_WIXHELPER_DIR: ${{ github.workspace }}\appdir-x64
      - name: Add possible alpha/beta tags and architecture to installer name
-        run: mv installer/Cryptomator-*.msi Cryptomator-${{ needs.get-version.outputs.semVerStr }}-${{ matrix.arch }}.msi
+        run: mv installer/Cryptomator-*.msi Cryptomator-${{ needs.get-version.outputs.semVerStr }}-x64.msi
+      - name: Copy license file for arm64
+        run: cp appdir-arm64/license.rtf dist/win/resources/license.rtf
+      - name: Create x64 MSI with arm64 appimage
+        run: >
+          ${JAVA_HOME}/bin/jpackage
+          --verbose
+          --type msi
+          --win-upgrade-uuid bda45523-42b1-4cae-9354-a45475ed4775
+          --app-image appdir-arm64/Cryptomator
+          --dest installer
+          --name Cryptomator
+          --vendor "Skymatic GmbH"
+          --copyright "(C) 2016 - 2025 Skymatic GmbH"
+          --app-version "${{ needs.get-version.outputs.semVerNum }}.${{ needs.get-version.outputs.revNum}}"
+          --win-menu
+          --win-dir-chooser
+          --win-shortcut-prompt
+          --win-update-url "https:\\cryptomator.org\downloads"
+          --win-menu-group Cryptomator
+          --resource-dir dist/win/resources
+          --license-file dist/win/resources/license.rtf
+          --file-associations dist/win/resources/FAvaultFile.properties
+        env:
+          JP_WIXWIZARD_RESOURCES: ${{ github.workspace }}/dist/win/resources # requires abs path, used in resources/main.wxs
+          JP_WIXHELPER_DIR: ${{ github.workspace }}\appdir-arm64
+      - name: Add possible alpha/beta tags and architecture to installer name
+        run: mv installer/Cryptomator-*.msi Cryptomator-${{ needs.get-version.outputs.semVerStr }}-arm64.msi
+      - name: Codesign MSIs
+        uses: skymatic/code-sign-action@v3
+        with:
+          certificate: ${{ secrets.WIN_CODESIGN_P12_BASE64 }}
+          password: ${{ secrets.WIN_CODESIGN_P12_PW }}
+          certificatesha1: 5FC94CE149E5B511E621F53A060AC67CBD446B3A
+          description: Cryptomator Installer
+          timestampUrl: 'http://timestamp.digicert.com'
+          folder: installer
      - name: Create detached GPG signature with key 615D449FE6E6A235
        run: |
          echo "${GPG_PRIVATE_KEY}" | gpg --batch --quiet --import
@@ -277,9 +350,9 @@ jobs:
          GPG_PRIVATE_KEY: ${{ secrets.RELEASES_GPG_PRIVATE_KEY }}
          GPG_PASSPHRASE: ${{ secrets.RELEASES_GPG_PASSPHRASE }}
      - name: Upload artifacts
-        uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
+        uses: actions/upload-artifact@v4
        with:
-          name: msi-${{ matrix.arch }}
+          name: msi-x64
          path: |
            Cryptomator-*.msi
            Cryptomator-*.asc
@@ -298,22 +371,28 @@ jobs:
            java-dist: 'zulu'
            java-version: '24.0.1+9'
            java-package: 'jdk'
+          - arch: arm64
+            os: windows-11-arm
+            executable-suffix: arm64
+            java-dist: 'liberica'
+            java-version: '24.0.1+11'
+            java-package: 'jdk+fx' #This is needed, as liberica contains JFX 24 Jmods for Windows ARM64
    steps:
-      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+      - uses: actions/checkout@v4
      - name: Install wix and extensions
        run: |
          dotnet tool install --global wix --version 6.0.0
          wix.exe extension add WixToolset.BootstrapperApplications.wixext/6.0.0 --global
          wix.exe extension add WixToolset.Util.wixext/6.0.0 --global
      - name: Download .msi
-        uses: actions/download-artifact@634f93cb2916e3fdff6788551b99b062d0335ce0 # v5.0.0
+        uses: actions/download-artifact@v4
        with:
          name: msi-${{ matrix.arch }}
          path: dist/win/bundle/resources
      - name: Strip version info from msi file name
        run: mv dist/win/bundle/resources/Cryptomator*.msi dist/win/bundle/resources/Cryptomator.msi
      - name: Setup Java
-        uses: actions/setup-java@dded0888837ed1f317902acf8a20df0ad188d165 # v5.0.0
+        uses: actions/setup-java@v4
        with:
          distribution: ${{ matrix.java-dist }}
          java-version: ${{ matrix.java-version }}
@@ -322,7 +401,7 @@ jobs:
          cache: 'maven'
      - name: Generate license for exe
        run: >
-          mvn -B license:add-third-party
+          mvn -B license:add-third-party "-Djavafx.platform=win"
          "-Dlicense.thirdPartyFilename=license.rtf"
          "-Dlicense.fileTemplate=dist/win/bundle/resources/licenseTemplate.ftl"
          "-Dlicense.outputDirectory=dist/win/bundle/resources"
@@ -349,6 +428,7 @@ jobs:
        working-directory: dist/win
        run: >
          wix build
+          -arch ${{ matrix.arch }}
          -define BundleName="Cryptomator"
          -define BundleVersion="${{ needs.get-version.outputs.semVerNum }}.${{ needs.get-version.outputs.revNum}}"
          -define BundleVendor="Skymatic GmbH"
@@ -363,51 +443,27 @@ jobs:
      - name: Detach burn engine in preparation to sign
        run: >
          wix burn detach installer/unsigned/Cryptomator-Installer.exe -engine tmp/engine.exe
-      - name: Sign WiX burn engine with Azure Trusted Signing
-        if: inputs.sign || github.event_name == 'release'
-        uses: ./.github/actions/win-sign-action
+      - name: Codesign burn engine
+        uses: skymatic/code-sign-action@v3
        with:
-          base-dir: ${{ github.workspace }}\tmp
-          file-extensions: exe
-          append-signature: true
-          description: 'Cryptomator Bundle Installer'
-          tenant-id: ${{ secrets.AZURE_TENANT_ID }}
-          client-id: ${{ secrets.AZURE_CLIENT_ID }}
-          client-secret: ${{ secrets.AZURE_CLIENT_SECRET }}
-      - name: Sign burn engine with Actalis CodeSigner
-        if: inputs.sign || github.event_name == 'release'
-        uses: skymatic/workflows/.github/actions/win-sign-action@450e322ff2214d0be0b079b63343c894f3ef735f # no specific version
-        with:
-          base-dir: 'tmp'
-          file-extensions: 'exe'
-          sign-description: 'Cryptomator Bundle Installer'
-          sign-url: 'https://cryptomator.org'
-          username: ${{ secrets.WIN_CODESIGN_USERNAME }}
-          password: ${{ secrets.WIN_CODESIGN_PW }}
+          certificate: ${{ secrets.WIN_CODESIGN_P12_BASE64 }}
+          password: ${{ secrets.WIN_CODESIGN_P12_PW }}
+          certificatesha1: 5FC94CE149E5B511E621F53A060AC67CBD446B3A
+          description: Cryptomator Installer
+          timestampUrl: 'http://timestamp.digicert.com'
+          folder: tmp
      - name: Reattach signed burn engine to installer
        run: >
          wix burn reattach installer/unsigned/Cryptomator-Installer.exe -engine tmp/engine.exe -o installer/Cryptomator-Installer.exe
-      - name: Sign EXE installer with Azure Trusted Signing
-        if: inputs.sign || github.event_name == 'release'
-        uses: ./.github/actions/win-sign-action
+      - name: Codesign EXE
+        uses: skymatic/code-sign-action@v3
        with:
-          base-dir: ${{ github.workspace }}\installer
-          file-extensions: exe
-          append-signature: true
-          description: 'Cryptomator Bundle Installer'
-          tenant-id: ${{ secrets.AZURE_TENANT_ID }}
-          client-id: ${{ secrets.AZURE_CLIENT_ID }}
-          client-secret: ${{ secrets.AZURE_CLIENT_SECRET }}
-      - name: Sign installer with Actalis CodeSigner
-        if: inputs.sign || github.event_name == 'release'
-        uses: skymatic/workflows/.github/actions/win-sign-action@450e322ff2214d0be0b079b63343c894f3ef735f # no specific version
-        with:
-          base-dir: 'installer'
-          file-extensions: 'exe'
-          sign-description: 'Cryptomator Bundle Installer'
-          sign-url: 'https://cryptomator.org'
-          username: ${{ secrets.WIN_CODESIGN_USERNAME }}
-          password: ${{ secrets.WIN_CODESIGN_PW }}
+          certificate: ${{ secrets.WIN_CODESIGN_P12_BASE64 }}
+          password: ${{ secrets.WIN_CODESIGN_P12_PW }}
+          certificatesha1: 5FC94CE149E5B511E621F53A060AC67CBD446B3A
+          description: Cryptomator Installer
+          timestampUrl: 'http://timestamp.digicert.com'
+          folder: installer
      - name: Add possible alpha/beta tags to installer name
        run: mv installer/Cryptomator-Installer.exe Cryptomator-${{ needs.get-version.outputs.semVerStr }}-${{ matrix.executable-suffix }}.exe
      - name: Create detached GPG signature with key 615D449FE6E6A235
@@ -418,7 +474,7 @@ jobs:
          GPG_PRIVATE_KEY: ${{ secrets.RELEASES_GPG_PRIVATE_KEY }}
          GPG_PASSPHRASE: ${{ secrets.RELEASES_GPG_PASSPHRASE }}
      - name: Upload artifacts
-        uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
+        uses: actions/upload-artifact@v4
        with:
          name: exe-${{ matrix.executable-suffix }}
          path: |
@@ -433,22 +489,26 @@ jobs:
    needs: [ build-msi, build-exe ]
    outputs:
      download-url-msi-x64: ${{ fromJSON(steps.publish.outputs.assets)[0].browser_download_url }}
+      download-url-msi-arm64: ${{ fromJSON(steps.publish.outputs.assets)[1].browser_download_url }}
      download-url-exe-x64: ${{ fromJSON(steps.publish.outputs.assets)[2].browser_download_url }}
+      download-url-exe-arm64: ${{ fromJSON(steps.publish.outputs.assets)[3].browser_download_url }}
    steps:
      - name: Download installers
-        uses: actions/download-artifact@634f93cb2916e3fdff6788551b99b062d0335ce0 # v5.0.0
+        uses: actions/download-artifact@v4
        with:
          merge-multiple: true
      - name: Publish installers on GitHub Releases
        id: publish
-        uses: softprops/action-gh-release@6da8fa9354ddfdc4aeace5fc48d7f679b5214090 # v2.4.1
+        uses: softprops/action-gh-release@v2
        with:
          fail_on_unmatched_files: true
          token: ${{ secrets.CRYPTOBOT_RELEASE_TOKEN }}
          # do not change ordering of filelist, required for correct job output
          files: |
            *x64.msi
+            *arm64.msi
            *x64.exe
+            *arm64.exe
            *.asc

  allowlist-msi-x64:
@@ -458,6 +518,13 @@ jobs:
      url: ${{ needs.publish.outputs.download-url-msi-x64 }}
    secrets: inherit

+  allowlist-msi-arm64:
+    uses: ./.github/workflows/av-whitelist.yml
+    needs: [ publish ]
+    with:
+      url: ${{ needs.publish.outputs.download-url-msi-arm64 }}
+    secrets: inherit
+
  allowlist-exe-x64:
    uses: ./.github/workflows/av-whitelist.yml
    needs: [ publish, allowlist-msi-x64 ]
@@ -465,6 +532,13 @@ jobs:
      url: ${{ needs.publish.outputs.download-url-exe-x64 }}
    secrets: inherit

+  allowlist-exe-arm64:
+    uses: ./.github/workflows/av-whitelist.yml
+    needs: [ publish, allowlist-msi-arm64 ]
+    with:
+      url: ${{ needs.publish.outputs.download-url-exe-arm64 }}
+    secrets: inherit
+
  notify-winget:
    name: Notify for winget-release
    if: needs.get-version.outputs.versionType == 'stable'
@@ -472,7 +546,7 @@ jobs:
    runs-on: ubuntu-latest
    steps:
      - name: Slack Notification
-        uses: rtCamp/action-slack-notify@e31e87e03dd19038e411e38ae27cbad084a90661 # v2.3.3
+        uses: rtCamp/action-slack-notify@v2
        env:
          SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK_URL }}
          SLACK_USERNAME: 'Cryptobot'
--- a/.github/workflows/winget.yml
+++ b/.github/workflows/winget.yml
@@ -16,12 +16,12 @@ jobs:
        run: |
          gh repo sync cryptomator/winget-pkgs -b master --force
        env:
-          GH_TOKEN: ${{ secrets.CRYPTOBOT_PR_TOKEN }}
+          GH_TOKEN: ${{ secrets.CRYPTOBOT_WINGET_TOKEN }}
      - name: Submit package
-        uses: vedantmgoyal2009/winget-releaser@19e706d4c9121098010096f9c495a70a7518b30f # no_specific_version
+        uses: vedantmgoyal2009/winget-releaser@main
        with:
          identifier: Cryptomator.Cryptomator
          version: ${{ inputs.tag }}
          release-tag: ${{ inputs.tag }}
          installers-regex: '-x64\.msi$'
-          token: ${{ secrets.CRYPTOBOT_PR_TOKEN }}
+          token: ${{ secrets.CRYPTOBOT_WINGET_TOKEN }}
--- a/.idea/compiler.xml
+++ b/.idea/compiler.xml
@@ -14,15 +14,16 @@
        <option name="dagger.fastInit" value="enabled" />
        <option name="dagger.formatGeneratedSource" value="enabled" />
        <processorPath useClasspath="false">
-          <entry name="$MAVEN_REPOSITORY$/com/google/dagger/dagger-compiler/2.57.2/dagger-compiler-2.57.2.jar" />
-          <entry name="$MAVEN_REPOSITORY$/com/google/dagger/dagger/2.57.2/dagger-2.57.2.jar" />
+          <entry name="$MAVEN_REPOSITORY$/com/google/dagger/dagger-compiler/2.55/dagger-compiler-2.55.jar" />
+          <entry name="$MAVEN_REPOSITORY$/com/google/dagger/dagger/2.55/dagger-2.55.jar" />
          <entry name="$MAVEN_REPOSITORY$/jakarta/inject/jakarta.inject-api/2.0.1/jakarta.inject-api-2.0.1.jar" />
+          <entry name="$MAVEN_REPOSITORY$/javax/inject/javax.inject/1/javax.inject-1.jar" />
          <entry name="$MAVEN_REPOSITORY$/org/jspecify/jspecify/1.0.0/jspecify-1.0.0.jar" />
-          <entry name="$MAVEN_REPOSITORY$/com/google/dagger/dagger-spi/2.57.2/dagger-spi-2.57.2.jar" />
+          <entry name="$MAVEN_REPOSITORY$/com/google/dagger/dagger-spi/2.55/dagger-spi-2.55.jar" />
          <entry name="$MAVEN_REPOSITORY$/com/google/code/findbugs/jsr305/3.0.2/jsr305-3.0.2.jar" />
-          <entry name="$MAVEN_REPOSITORY$/com/google/devtools/ksp/symbol-processing-api/2.1.21-2.0.2/symbol-processing-api-2.1.21-2.0.2.jar" />
-          <entry name="$MAVEN_REPOSITORY$/com/google/googlejavaformat/google-java-format/1.5/google-java-format-1.5.jar" />
-          <entry name="$MAVEN_REPOSITORY$/com/google/errorprone/javac-shaded/9-dev-r4023-3/javac-shaded-9-dev-r4023-3.jar" />
+          <entry name="$MAVEN_REPOSITORY$/com/google/devtools/ksp/symbol-processing-api/2.0.21-1.0.28/symbol-processing-api-2.0.21-1.0.28.jar" />
+          <entry name="$MAVEN_REPOSITORY$/org/jetbrains/kotlin/kotlin-stdlib/2.0.21/kotlin-stdlib-2.0.21.jar" />
+          <entry name="$MAVEN_REPOSITORY$/org/jetbrains/annotations/13.0/annotations-13.0.jar" />
          <entry name="$MAVEN_REPOSITORY$/com/google/guava/failureaccess/1.0.2/failureaccess-1.0.2.jar" />
          <entry name="$MAVEN_REPOSITORY$/com/google/guava/guava/33.0.0-jre/guava-33.0.0-jre.jar" />
          <entry name="$MAVEN_REPOSITORY$/com/google/guava/listenablefuture/9999.0-empty-to-avoid-conflict-with-guava/listenablefuture-9999.0-empty-to-avoid-conflict-with-guava.jar" />
@@ -30,16 +31,14 @@
          <entry name="$MAVEN_REPOSITORY$/com/google/errorprone/error_prone_annotations/2.23.0/error_prone_annotations-2.23.0.jar" />
          <entry name="$MAVEN_REPOSITORY$/com/google/j2objc/j2objc-annotations/2.8/j2objc-annotations-2.8.jar" />
          <entry name="$MAVEN_REPOSITORY$/com/squareup/javapoet/1.13.0/javapoet-1.13.0.jar" />
+          <entry name="$MAVEN_REPOSITORY$/com/google/googlejavaformat/google-java-format/1.5/google-java-format-1.5.jar" />
+          <entry name="$MAVEN_REPOSITORY$/com/google/errorprone/javac-shaded/9-dev-r4023-3/javac-shaded-9-dev-r4023-3.jar" />
          <entry name="$MAVEN_REPOSITORY$/com/squareup/kotlinpoet/1.11.0/kotlinpoet-1.11.0.jar" />
          <entry name="$MAVEN_REPOSITORY$/org/jetbrains/kotlin/kotlin-stdlib-jdk8/1.6.10/kotlin-stdlib-jdk8-1.6.10.jar" />
          <entry name="$MAVEN_REPOSITORY$/org/jetbrains/kotlin/kotlin-stdlib-jdk7/1.6.10/kotlin-stdlib-jdk7-1.6.10.jar" />
          <entry name="$MAVEN_REPOSITORY$/org/jetbrains/kotlin/kotlin-reflect/1.6.10/kotlin-reflect-1.6.10.jar" />
-          <entry name="$MAVEN_REPOSITORY$/javax/inject/javax.inject/1/javax.inject-1.jar" />
          <entry name="$MAVEN_REPOSITORY$/net/ltgt/gradle/incap/incap/0.2/incap-0.2.jar" />
-          <entry name="$MAVEN_REPOSITORY$/org/checkerframework/checker-compat-qual/2.5.3/checker-compat-qual-2.5.3.jar" />
-          <entry name="$MAVEN_REPOSITORY$/org/jetbrains/kotlin/kotlin-metadata-jvm/2.1.21/kotlin-metadata-jvm-2.1.21.jar" />
-          <entry name="$MAVEN_REPOSITORY$/org/jetbrains/kotlin/kotlin-stdlib/2.1.21/kotlin-stdlib-2.1.21.jar" />
-          <entry name="$MAVEN_REPOSITORY$/org/jetbrains/annotations/13.0/annotations-13.0.jar" />
+          <entry name="$MAVEN_REPOSITORY$/org/checkerframework/checker-compat-qual/2.5.5/checker-compat-qual-2.5.5.jar" />
        </processorPath>
        <module name="cryptomator" />
      </profile>
--- a/.idea/inspectionProfiles/Project_Default.xml
+++ b/.idea/inspectionProfiles/Project_Default.xml
@@ -1,8 +1,10 @@
 <component name="InspectionProjectProfileManager">
  <profile version="1.0">
    <option name="myName" value="Project Default" />
-    <inspection_tool class="Deprecation" enabled="true" level="WARNING" enabled_by_default="true" editorAttributes="DEPRECATED_ATTRIBUTES" />
-    <inspection_tool class="MarkedForRemoval" enabled="true" level="WARNING" enabled_by_default="true" editorAttributes="MARKED_FOR_REMOVAL_ATTRIBUTES" />
-    <inspection_tool class="RedundantScheduledForRemovalAnnotation" enabled="true" level="WARNING" enabled_by_default="true" editorAttributes="MARKED_FOR_REMOVAL_ATTRIBUTES" />
+    <inspection_tool class="SpellCheckingInspection" enabled="true" level="TYPO" enabled_by_default="true">
+      <option name="processCode" value="true" />
+      <option name="processLiterals" value="true" />
+      <option name="processComments" value="true" />
+    </inspection_tool>
  </profile>
 </component>
--- a/.idea/misc.xml
+++ b/.idea/misc.xml
@@ -8,7 +8,7 @@
      </list>
    </option>
  </component>
-  <component name="ProjectRootManager" version="2" languageLevel="JDK_25" project-jdk-name="25" project-jdk-type="JavaSDK">
+  <component name="ProjectRootManager" version="2" languageLevel="JDK_24" project-jdk-name="24" project-jdk-type="JavaSDK">
    <output url="file://$PROJECT_DIR$/out" />
  </component>
 </project>
--- a/.idea/runConfigurations/Cryptomator_macOS.xml
+++ b/.idea/runConfigurations/Cryptomator_macOS.xml
@@ -5,7 +5,7 @@
    </envs>
    <option name="MAIN_CLASS_NAME" value="org.cryptomator.launcher.Cryptomator" />
    <module name="cryptomator" />
-    <option name="VM_PARAMETERS" value="-Dapple.awt.enableTemplateImages=true -Dcryptomator.settingsPath=&quot;@{userhome}/Library/Application Support/Cryptomator/settings.json&quot; -Dcryptomator.p12Path=&quot;@{userhome}/Library/Application Support/Cryptomator/key.p12&quot; -Dcryptomator.ipcSocketPath=&quot;@{userhome}/Library/Application Support/Cryptomator/ipc.socket&quot; -Dcryptomator.logDir=&quot;@{userhome}/Library/Logs/Cryptomator&quot; -Dcryptomator.pluginDir=&quot;@{userhome}/Library/Application Support/Cryptomator/Plugins&quot; -Dcryptomator.mountPointsDir=&quot;@{userhome}/Cryptomator&quot; -Dcryptomator.showTrayIcon=true -Dcryptomator.integrationsMac.keychainServiceName=Cryptomator -Dcryptomator.updateMechanism=org.cryptomator.macos.update.DmgUpdateMechanism -Xss2m -Xmx512m -ea --enable-preview --enable-native-access=org.cryptomator.jfuse.mac,javafx.graphics" />
+    <option name="VM_PARAMETERS" value="-Dapple.awt.enableTemplateImages=true -Dcryptomator.settingsPath=&quot;@{userhome}/Library/Application Support/Cryptomator/settings.json&quot; -Dcryptomator.p12Path=&quot;@{userhome}/Library/Application Support/Cryptomator/key.p12&quot; -Dcryptomator.ipcSocketPath=&quot;@{userhome}/Library/Application Support/Cryptomator/ipc.socket&quot; -Dcryptomator.logDir=&quot;@{userhome}/Library/Logs/Cryptomator&quot; -Dcryptomator.pluginDir=&quot;@{userhome}/Library/Application Support/Cryptomator/Plugins&quot; -Dcryptomator.mountPointsDir=&quot;@{userhome}/Cryptomator&quot; -Dcryptomator.showTrayIcon=true -Dcryptomator.integrationsMac.keychainServiceName=Cryptomator -Xss2m -Xmx512m -ea --enable-preview --enable-native-access=org.cryptomator.jfuse.mac,javafx.graphics" />
    <method v="2">
      <option name="Make" enabled="true" />
    </method>
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,19 +0,0 @@
-# Changelog
-
-All notable changes to this project will be documented in this file.
-
-The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.1.0/).
-
-The changelog starts with version 1.19.0.
-Changes to prior versions can be found on the [Github release page](https://github.com/cryptomator/cryptomator/releases).
-
-## [Unreleased](https://github.com/cryptomator/cryptomator/compare/1.18.0...HEAD)
-
-### Added
-* New Self-Update Mechanism (#3948)
-  * Implemented `.dmg` update mechanism
-  * Implemented Flatpak update mechanism
-
-### Changed
-* Built using JDK 25 (#4031)
-* Modernized Templage for GitHub Releases
--- a/dist/linux/appimage/build.sh
+++ b/dist/linux/appimage/build.sh
@@ -19,16 +19,16 @@ if [[ ! "${CPU_ARCH}" =~ x86_64|aarch64 ]]; then echo "Platform ${CPU_ARCH} not
 mvn -f ../../../pom.xml versions:set -DnewVersion=${SEMVER_STR}

 # compile
-mvn -B -f ../../../pom.xml clean package -Plinux -DskipTests
+mvn -B -f ../../../pom.xml clean package -Plinux -DskipTests -Djavafx.platform=linux
 cp ../../../LICENSE.txt ../../../target
 cp ../../../target/cryptomator-*.jar ../../../target/mods

-JAVAFX_VERSION=25
+JAVAFX_VERSION=24.0.1
 JAVAFX_ARCH="x64"
-JAVAFX_JMODS_SHA256='96e520f48610d8ffb94ca30face1f11ffe8a977ddc1c4ff80b1a9e9f048bd94e'
+JAVAFX_JMODS_SHA256='425fac742b9fbd095b2ce868cff82d1024620f747c94a7144d0a4879e756146c'
 if [ "${CPU_ARCH}" = "aarch64" ]; then
    JAVAFX_ARCH="aarch64"
-    JAVAFX_JMODS_SHA256='951c52481af0ec5885b06f1ebaa8a10da7e8ea23c5e1ef3e2f6f11fa1b3a7ce1'
+    JAVAFX_JMODS_SHA256='7e02edd0f4ee5527a27c94b0bbba66fcaaff41009119e45d0eca0f96ddfb6e7b'
 fi

 # download javaFX jmods
@@ -62,7 +62,7 @@ ${JAVA_HOME}/bin/jlink \
    --verbose \
    --output runtime \
    --module-path "${JMOD_PATHS}" \
-    --add-modules java.base,java.desktop,java.instrument,java.logging,java.naming,java.net.http,java.scripting,java.sql,java.xml,javafx.base,javafx.graphics,javafx.controls,javafx.fxml,jdk.crypto.cryptoki,jdk.crypto.ec,jdk.unsupported,jdk.security.auth,jdk.accessibility,jdk.management.jfr,jdk.net,java.compiler \
+    --add-modules java.base,java.desktop,java.instrument,java.logging,java.naming,java.net.http,java.scripting,java.sql,java.xml,javafx.base,javafx.graphics,javafx.controls,javafx.fxml,jdk.unsupported,jdk.security.auth,jdk.accessibility,jdk.management.jfr,jdk.net,java.compiler \
    --strip-native-commands \
    --no-header-files \
    --no-man-pages \
@@ -98,7 +98,6 @@ ${JAVA_HOME}/bin/jpackage \
    --java-options "-Dcryptomator.integrationsLinux.trayIconsDir=\"@{appdir}/usr/share/icons/hicolor/symbolic/apps\"" \
    --java-options "-Dcryptomator.buildNumber=\"appimage-${REVISION_NO}\"" \
    --java-options "-Dcryptomator.networking.truststore.p12Path=\"/etc/cryptomator/certs.p12\"" \
-    --java-options "-XX:ErrorFile=/cryptomator/cryptomator_crash.log" \
    --resource-dir ../resources

 # transform AppDir
--- a/dist/linux/common/org.cryptomator.Cryptomator.metainfo.xml
+++ b/dist/linux/common/org.cryptomator.Cryptomator.metainfo.xml
@@ -83,15 +83,6 @@
 	</content_rating>

 	<releases>
-		<release date="2025-11-12" version="1.18.0">
-			<url type="details">https://github.com/cryptomator/cryptomator/releases/1.18.0</url>
-		</release>
-		<release date="2025-07-08" version="1.17.1">
-			<url type="details">https://github.com/cryptomator/cryptomator/releases/1.17.1</url>
-		</release>
-		<release date="2025-06-24" version="1.17.0">
-			<url type="details">https://github.com/cryptomator/cryptomator/releases/1.17.0</url>
-		</release>
 		<release date="2025-05-15" version="1.16.2">
 			<url type="details">https://github.com/cryptomator/cryptomator/releases/1.16.2</url>
 		</release>
--- a/dist/linux/debian/control
+++ b/dist/linux/debian/control
@@ -2,7 +2,7 @@ Source: cryptomator
 Maintainer: Cryptobot <releases@cryptomator.org>
 Section: utils
 Priority: optional
-Build-Depends: debhelper (>=10), openjdk-25-jdk (>= 25+36), libgtk-3-0 (>= 3.20.0), libxxf86vm1, libgl1
+Build-Depends: debhelper (>=10), coffeelibs-jdk-24 (>= 24.0.1+9-0ppa3), libgtk-3-0,  libxxf86vm1, libgl1
 Standards-Version: 4.5.0
 Homepage: https://cryptomator.org
 Vcs-Git: https://github.com/cryptomator/cryptomator.git
@@ -12,7 +12,7 @@ Package: cryptomator
 Architecture: any
 Section: utils
 Priority: optional
-Depends: ${shlibs:Depends}, ${misc:Depends}, fuse3, libgtk-3-0 (>= 3.20.0)
+Depends: ${shlibs:Depends}, ${misc:Depends}, fuse3
 Recommends: gvfs-backends, gvfs-fuse, gnome-keyring
 XB-AppName: Cryptomator
 XB-Category: Utility;Security;FileTools;
--- a/dist/linux/debian/rules
+++ b/dist/linux/debian/rules
@@ -4,12 +4,11 @@
 # Uncomment this to turn on verbose mode.
 #export DH_VERBOSE=1

+JAVA_HOME = /usr/lib/jvm/java-24-coffeelibs
 DEB_BUILD_ARCH ?= $(shell dpkg-architecture -qDEB_BUILD_ARCH)
 ifeq ($(DEB_BUILD_ARCH),amd64)
-JAVA_HOME = /usr/lib/jvm/java-25-openjdk-amd64
 JMODS_PATH = jmods/amd64:${JAVA_HOME}/jmods
 else ifeq ($(DEB_BUILD_ARCH),arm64)
-JAVA_HOME = /usr/lib/jvm/java-25-openjdk-arm64
 JMODS_PATH = jmods/aarch64:${JAVA_HOME}/jmods
 endif

@@ -29,7 +28,7 @@ override_dh_auto_build:
 	$(JAVA_HOME)/bin/jlink \
 		--output runtime \
 		--module-path "${JMODS_PATH}" \
-		--add-modules java.base,java.desktop,java.instrument,java.logging,java.naming,java.net.http,java.scripting,java.sql,java.xml,javafx.base,javafx.graphics,javafx.controls,javafx.fxml,jdk.crypto.cryptoki,jdk.crypto.ec,jdk.unsupported,jdk.security.auth,jdk.accessibility,jdk.management.jfr,jdk.net,java.compiler \
+		--add-modules java.base,java.desktop,java.instrument,java.logging,java.naming,java.net.http,java.scripting,java.sql,java.xml,javafx.base,javafx.graphics,javafx.controls,javafx.fxml,jdk.unsupported,jdk.security.auth,jdk.accessibility,jdk.management.jfr,jdk.net,java.compiler \
 		--strip-native-commands \
 		--no-header-files \
 		--no-man-pages \
@@ -46,6 +45,7 @@ override_dh_auto_build:
 		--vendor "Skymatic GmbH" \
 		--java-options "--enable-preview" \
 		--java-options "--enable-native-access=javafx.graphics,org.cryptomator.jfuse.linux.amd64,org.cryptomator.jfuse.linux.aarch64,org.purejava.appindicator" \
+		--java-options "--sun-misc-unsafe-memory-access=allow" \
 		--copyright "(C) 2016 - 2025 Skymatic GmbH" \
 		--java-options "-Xss5m" \
 		--java-options "-Xmx256m" \
--- a/dist/mac/.gitignore
+++ b/dist/mac/.gitignore
@@ -1,2 +1 @@
 embedded.provisionprofile
-xcuserdata/
--- a/dist/mac/DockTilePlugin/CryptomatorDockTilePlugin.swift
+++ b/dist/mac/DockTilePlugin/CryptomatorDockTilePlugin.swift
@@ -1,19 +0,0 @@
-//
-//  CryptomatorDockTilePlugin.swift
-//  Integrations
-//
-//  Created by Tobias Hagemann on 22.09.25.
-//  Copyright © 2025 Cryptomator. All rights reserved.
-//
-
-import AppKit
-
-class CryptomatorDockTilePlugin: NSObject, NSDockTilePlugIn {
-	func setDockTile(_ dockTile: NSDockTile?) {
-		guard let dockTile = dockTile, let image = Bundle(for: Self.self).image(forResource: "Cryptomator") else {
-			return
-		}
-		dockTile.contentView = NSImageView(image: image)
-		dockTile.display()
-	}
-}
--- a/dist/mac/DockTilePlugin/DockTilePlugin.xcodeproj/project.pbxproj
+++ b/dist/mac/DockTilePlugin/DockTilePlugin.xcodeproj/project.pbxproj
@@ -1,314 +0,0 @@
-// !$*UTF8*$!
-{
-	archiveVersion = 1;
-	classes = {
-	};
-	objectVersion = 77;
-	objects = {
-
-/* Begin PBXBuildFile section */
-		74E08DE12E8584DE007E665C /* CryptomatorDockTilePlugin.swift in Sources */ = {isa = PBXBuildFile; fileRef = 74E08DE02E85847E007E665C /* CryptomatorDockTilePlugin.swift */; };
-		74E08DED2E858532007E665C /* Cryptomator.icns in Resources */ = {isa = PBXBuildFile; fileRef = 74E08DEC2E858532007E665C /* Cryptomator.icns */; };
-/* End PBXBuildFile section */
-
-/* Begin PBXFileReference section */
-		74E08DD92E858467007E665C /* Cryptomator.docktileplugin */ = {isa = PBXFileReference; explicitFileType = wrapper.cfbundle; includeInIndex = 0; path = Cryptomator.docktileplugin; sourceTree = BUILT_PRODUCTS_DIR; };
-		74E08DE02E85847E007E665C /* CryptomatorDockTilePlugin.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = CryptomatorDockTilePlugin.swift; sourceTree = "<group>"; };
-		74E08DEC2E858532007E665C /* Cryptomator.icns */ = {isa = PBXFileReference; lastKnownFileType = image.icns; name = Cryptomator.icns; path = ../resources/Cryptomator.icns; sourceTree = SOURCE_ROOT; };
-/* End PBXFileReference section */
-
-/* Begin PBXFrameworksBuildPhase section */
-		74E08DD62E858467007E665C /* Frameworks */ = {
-			isa = PBXFrameworksBuildPhase;
-			buildActionMask = 2147483647;
-			files = (
-			);
-			runOnlyForDeploymentPostprocessing = 0;
-		};
-/* End PBXFrameworksBuildPhase section */
-
-/* Begin PBXGroup section */
-		74E08DD02E858467007E665C = {
-			isa = PBXGroup;
-			children = (
-				74E08DE02E85847E007E665C /* CryptomatorDockTilePlugin.swift */,
-				74E08DEC2E858532007E665C /* Cryptomator.icns */,
-				74E08DDA2E858467007E665C /* Products */,
-			);
-			sourceTree = "<group>";
-		};
-		74E08DDA2E858467007E665C /* Products */ = {
-			isa = PBXGroup;
-			children = (
-				74E08DD92E858467007E665C /* Cryptomator.docktileplugin */,
-			);
-			name = Products;
-			sourceTree = "<group>";
-		};
-/* End PBXGroup section */
-
-/* Begin PBXNativeTarget section */
-		74E08DD82E858467007E665C /* DockTilePlugin */ = {
-			isa = PBXNativeTarget;
-			buildConfigurationList = 74E08DDD2E858467007E665C /* Build configuration list for PBXNativeTarget "DockTilePlugin" */;
-			buildPhases = (
-				74E08DD52E858467007E665C /* Sources */,
-				74E08DD62E858467007E665C /* Frameworks */,
-				74E08DD72E858467007E665C /* Resources */,
-			);
-			buildRules = (
-			);
-			dependencies = (
-			);
-			name = DockTilePlugin;
-			packageProductDependencies = (
-			);
-			productName = DockTilePlugin;
-			productReference = 74E08DD92E858467007E665C /* Cryptomator.docktileplugin */;
-			productType = "com.apple.product-type.bundle";
-		};
-/* End PBXNativeTarget section */
-
-/* Begin PBXProject section */
-		74E08DD12E858467007E665C /* Project object */ = {
-			isa = PBXProject;
-			attributes = {
-				BuildIndependentTargetsInParallel = 1;
-				LastUpgradeCheck = 2600;
-				ORGANIZATIONNAME = Cryptomator;
-				TargetAttributes = {
-					74E08DD82E858467007E665C = {
-						CreatedOnToolsVersion = 26.0.1;
-					};
-				};
-			};
-			buildConfigurationList = 74E08DD42E858467007E665C /* Build configuration list for PBXProject "DockTilePlugin" */;
-			developmentRegion = en;
-			hasScannedForEncodings = 0;
-			knownRegions = (
-				en,
-				Base,
-			);
-			mainGroup = 74E08DD02E858467007E665C;
-			minimizedProjectReferenceProxies = 1;
-			preferredProjectObjectVersion = 77;
-			productRefGroup = 74E08DDA2E858467007E665C /* Products */;
-			projectDirPath = "";
-			projectRoot = "";
-			targets = (
-				74E08DD82E858467007E665C /* DockTilePlugin */,
-			);
-		};
-/* End PBXProject section */
-
-/* Begin PBXResourcesBuildPhase section */
-		74E08DD72E858467007E665C /* Resources */ = {
-			isa = PBXResourcesBuildPhase;
-			buildActionMask = 2147483647;
-			files = (
-				74E08DED2E858532007E665C /* Cryptomator.icns in Resources */,
-			);
-			runOnlyForDeploymentPostprocessing = 0;
-		};
-/* End PBXResourcesBuildPhase section */
-
-/* Begin PBXSourcesBuildPhase section */
-		74E08DD52E858467007E665C /* Sources */ = {
-			isa = PBXSourcesBuildPhase;
-			buildActionMask = 2147483647;
-			files = (
-				74E08DE12E8584DE007E665C /* CryptomatorDockTilePlugin.swift in Sources */,
-			);
-			runOnlyForDeploymentPostprocessing = 0;
-		};
-/* End PBXSourcesBuildPhase section */
-
-/* Begin XCBuildConfiguration section */
-		74E08DDB2E858467007E665C /* Debug */ = {
-			isa = XCBuildConfiguration;
-			buildSettings = {
-				ALWAYS_SEARCH_USER_PATHS = NO;
-				ASSETCATALOG_COMPILER_GENERATE_SWIFT_ASSET_SYMBOL_EXTENSIONS = YES;
-				CLANG_ANALYZER_NONNULL = YES;
-				CLANG_ANALYZER_NUMBER_OBJECT_CONVERSION = YES_AGGRESSIVE;
-				CLANG_CXX_LANGUAGE_STANDARD = "gnu++20";
-				CLANG_ENABLE_MODULES = YES;
-				CLANG_ENABLE_OBJC_ARC = YES;
-				CLANG_ENABLE_OBJC_WEAK = YES;
-				CLANG_WARN_BLOCK_CAPTURE_AUTORELEASING = YES;
-				CLANG_WARN_BOOL_CONVERSION = YES;
-				CLANG_WARN_COMMA = YES;
-				CLANG_WARN_CONSTANT_CONVERSION = YES;
-				CLANG_WARN_DEPRECATED_OBJC_IMPLEMENTATIONS = YES;
-				CLANG_WARN_DIRECT_OBJC_ISA_USAGE = YES_ERROR;
-				CLANG_WARN_DOCUMENTATION_COMMENTS = YES;
-				CLANG_WARN_EMPTY_BODY = YES;
-				CLANG_WARN_ENUM_CONVERSION = YES;
-				CLANG_WARN_INFINITE_RECURSION = YES;
-				CLANG_WARN_INT_CONVERSION = YES;
-				CLANG_WARN_NON_LITERAL_NULL_CONVERSION = YES;
-				CLANG_WARN_OBJC_IMPLICIT_RETAIN_SELF = YES;
-				CLANG_WARN_OBJC_LITERAL_CONVERSION = YES;
-				CLANG_WARN_OBJC_ROOT_CLASS = YES_ERROR;
-				CLANG_WARN_QUOTED_INCLUDE_IN_FRAMEWORK_HEADER = YES;
-				CLANG_WARN_RANGE_LOOP_ANALYSIS = YES;
-				CLANG_WARN_STRICT_PROTOTYPES = YES;
-				CLANG_WARN_SUSPICIOUS_MOVE = YES;
-				CLANG_WARN_UNGUARDED_AVAILABILITY = YES_AGGRESSIVE;
-				CLANG_WARN_UNREACHABLE_CODE = YES;
-				CLANG_WARN__DUPLICATE_METHOD_MATCH = YES;
-				COPY_PHASE_STRIP = NO;
-				DEBUG_INFORMATION_FORMAT = dwarf;
-				DEVELOPMENT_TEAM = YZQJQUHA3L;
-				ENABLE_STRICT_OBJC_MSGSEND = YES;
-				ENABLE_TESTABILITY = YES;
-				ENABLE_USER_SCRIPT_SANDBOXING = YES;
-				GCC_C_LANGUAGE_STANDARD = gnu17;
-				GCC_DYNAMIC_NO_PIC = NO;
-				GCC_NO_COMMON_BLOCKS = YES;
-				GCC_OPTIMIZATION_LEVEL = 0;
-				GCC_PREPROCESSOR_DEFINITIONS = (
-					"DEBUG=1",
-					"$(inherited)",
-				);
-				GCC_WARN_64_TO_32_BIT_CONVERSION = YES;
-				GCC_WARN_ABOUT_RETURN_TYPE = YES_ERROR;
-				GCC_WARN_UNDECLARED_SELECTOR = YES;
-				GCC_WARN_UNINITIALIZED_AUTOS = YES_AGGRESSIVE;
-				GCC_WARN_UNUSED_FUNCTION = YES;
-				GCC_WARN_UNUSED_VARIABLE = YES;
-				LOCALIZATION_PREFERS_STRING_CATALOGS = YES;
-				MACOSX_DEPLOYMENT_TARGET = 11.5;
-				MTL_ENABLE_DEBUG_INFO = INCLUDE_SOURCE;
-				MTL_FAST_MATH = YES;
-				ONLY_ACTIVE_ARCH = YES;
-				SDKROOT = macosx;
-				SWIFT_VERSION = 5.0;
-			};
-			name = Debug;
-		};
-		74E08DDC2E858467007E665C /* Release */ = {
-			isa = XCBuildConfiguration;
-			buildSettings = {
-				ALWAYS_SEARCH_USER_PATHS = NO;
-				ASSETCATALOG_COMPILER_GENERATE_SWIFT_ASSET_SYMBOL_EXTENSIONS = YES;
-				CLANG_ANALYZER_NONNULL = YES;
-				CLANG_ANALYZER_NUMBER_OBJECT_CONVERSION = YES_AGGRESSIVE;
-				CLANG_CXX_LANGUAGE_STANDARD = "gnu++20";
-				CLANG_ENABLE_MODULES = YES;
-				CLANG_ENABLE_OBJC_ARC = YES;
-				CLANG_ENABLE_OBJC_WEAK = YES;
-				CLANG_WARN_BLOCK_CAPTURE_AUTORELEASING = YES;
-				CLANG_WARN_BOOL_CONVERSION = YES;
-				CLANG_WARN_COMMA = YES;
-				CLANG_WARN_CONSTANT_CONVERSION = YES;
-				CLANG_WARN_DEPRECATED_OBJC_IMPLEMENTATIONS = YES;
-				CLANG_WARN_DIRECT_OBJC_ISA_USAGE = YES_ERROR;
-				CLANG_WARN_DOCUMENTATION_COMMENTS = YES;
-				CLANG_WARN_EMPTY_BODY = YES;
-				CLANG_WARN_ENUM_CONVERSION = YES;
-				CLANG_WARN_INFINITE_RECURSION = YES;
-				CLANG_WARN_INT_CONVERSION = YES;
-				CLANG_WARN_NON_LITERAL_NULL_CONVERSION = YES;
-				CLANG_WARN_OBJC_IMPLICIT_RETAIN_SELF = YES;
-				CLANG_WARN_OBJC_LITERAL_CONVERSION = YES;
-				CLANG_WARN_OBJC_ROOT_CLASS = YES_ERROR;
-				CLANG_WARN_QUOTED_INCLUDE_IN_FRAMEWORK_HEADER = YES;
-				CLANG_WARN_RANGE_LOOP_ANALYSIS = YES;
-				CLANG_WARN_STRICT_PROTOTYPES = YES;
-				CLANG_WARN_SUSPICIOUS_MOVE = YES;
-				CLANG_WARN_UNGUARDED_AVAILABILITY = YES_AGGRESSIVE;
-				CLANG_WARN_UNREACHABLE_CODE = YES;
-				CLANG_WARN__DUPLICATE_METHOD_MATCH = YES;
-				COPY_PHASE_STRIP = NO;
-				DEBUG_INFORMATION_FORMAT = "dwarf-with-dsym";
-				DEVELOPMENT_TEAM = YZQJQUHA3L;
-				ENABLE_NS_ASSERTIONS = NO;
-				ENABLE_STRICT_OBJC_MSGSEND = YES;
-				ENABLE_USER_SCRIPT_SANDBOXING = YES;
-				GCC_C_LANGUAGE_STANDARD = gnu17;
-				GCC_NO_COMMON_BLOCKS = YES;
-				GCC_WARN_64_TO_32_BIT_CONVERSION = YES;
-				GCC_WARN_ABOUT_RETURN_TYPE = YES_ERROR;
-				GCC_WARN_UNDECLARED_SELECTOR = YES;
-				GCC_WARN_UNINITIALIZED_AUTOS = YES_AGGRESSIVE;
-				GCC_WARN_UNUSED_FUNCTION = YES;
-				GCC_WARN_UNUSED_VARIABLE = YES;
-				LOCALIZATION_PREFERS_STRING_CATALOGS = YES;
-				MACOSX_DEPLOYMENT_TARGET = 11.5;
-				MTL_ENABLE_DEBUG_INFO = NO;
-				MTL_FAST_MATH = YES;
-				SDKROOT = macosx;
-				SWIFT_VERSION = 5.0;
-			};
-			name = Release;
-		};
-		74E08DDE2E858467007E665C /* Debug */ = {
-			isa = XCBuildConfiguration;
-			buildSettings = {
-				CODE_SIGN_STYLE = Manual;
-				COMBINE_HIDPI_IMAGES = YES;
-				CURRENT_PROJECT_VERSION = 1;
-				DEVELOPMENT_TEAM = "";
-				GENERATE_INFOPLIST_FILE = YES;
-				INFOPLIST_KEY_NSHumanReadableCopyright = "Copyright © 2025 Cryptomator. All rights reserved.";
-				INFOPLIST_KEY_NSPrincipalClass = CryptomatorDockTilePlugin;
-				INSTALL_PATH = "$(LOCAL_LIBRARY_DIR)/Bundles";
-				MARKETING_VERSION = 1.0;
-				PRODUCT_BUNDLE_IDENTIFIER = org.cryptomator.DockTilePlugin;
-				PRODUCT_NAME = Cryptomator;
-				PROVISIONING_PROFILE_SPECIFIER = "";
-				SKIP_INSTALL = YES;
-				STRING_CATALOG_GENERATE_SYMBOLS = YES;
-				SWIFT_EMIT_LOC_STRINGS = YES;
-				WRAPPER_EXTENSION = docktileplugin;
-			};
-			name = Debug;
-		};
-		74E08DDF2E858467007E665C /* Release */ = {
-			isa = XCBuildConfiguration;
-			buildSettings = {
-				CODE_SIGN_STYLE = Manual;
-				COMBINE_HIDPI_IMAGES = YES;
-				CURRENT_PROJECT_VERSION = 1;
-				DEVELOPMENT_TEAM = "";
-				GENERATE_INFOPLIST_FILE = YES;
-				INFOPLIST_KEY_NSHumanReadableCopyright = "Copyright © 2025 Cryptomator. All rights reserved.";
-				INFOPLIST_KEY_NSPrincipalClass = CryptomatorDockTilePlugin;
-				INSTALL_PATH = "$(LOCAL_LIBRARY_DIR)/Bundles";
-				MARKETING_VERSION = 1.0;
-				PRODUCT_BUNDLE_IDENTIFIER = org.cryptomator.DockTilePlugin;
-				PRODUCT_NAME = Cryptomator;
-				PROVISIONING_PROFILE_SPECIFIER = "";
-				SKIP_INSTALL = YES;
-				STRING_CATALOG_GENERATE_SYMBOLS = YES;
-				SWIFT_EMIT_LOC_STRINGS = YES;
-				WRAPPER_EXTENSION = docktileplugin;
-			};
-			name = Release;
-		};
-/* End XCBuildConfiguration section */
-
-/* Begin XCConfigurationList section */
-		74E08DD42E858467007E665C /* Build configuration list for PBXProject "DockTilePlugin" */ = {
-			isa = XCConfigurationList;
-			buildConfigurations = (
-				74E08DDB2E858467007E665C /* Debug */,
-				74E08DDC2E858467007E665C /* Release */,
-			);
-			defaultConfigurationIsVisible = 0;
-			defaultConfigurationName = Release;
-		};
-		74E08DDD2E858467007E665C /* Build configuration list for PBXNativeTarget "DockTilePlugin" */ = {
-			isa = XCConfigurationList;
-			buildConfigurations = (
-				74E08DDE2E858467007E665C /* Debug */,
-				74E08DDF2E858467007E665C /* Release */,
-			);
-			defaultConfigurationIsVisible = 0;
-			defaultConfigurationName = Release;
-		};
-/* End XCConfigurationList section */
-	};
-	rootObject = 74E08DD12E858467007E665C /* Project object */;
-}
--- a/dist/mac/DockTilePlugin/DockTilePlugin.xcodeproj/project.xcworkspace/contents.xcworkspacedata
+++ b/dist/mac/DockTilePlugin/DockTilePlugin.xcodeproj/project.xcworkspace/contents.xcworkspacedata
@@ -1,7 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<Workspace
-   version = "1.0">
-   <FileRef
-      location = "self:">
-   </FileRef>
-</Workspace>
--- a/dist/mac/DockTilePlugin/DockTilePlugin.xcodeproj/xcshareddata/xcschemes/DockTilePlugin.xcscheme
+++ b/dist/mac/DockTilePlugin/DockTilePlugin.xcodeproj/xcshareddata/xcschemes/DockTilePlugin.xcscheme
@@ -1,67 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<Scheme
-   LastUpgradeVersion = "2600"
-   version = "1.7">
-   <BuildAction
-      parallelizeBuildables = "YES"
-      buildImplicitDependencies = "YES"
-      buildArchitectures = "Automatic">
-      <BuildActionEntries>
-         <BuildActionEntry
-            buildForTesting = "YES"
-            buildForRunning = "YES"
-            buildForProfiling = "YES"
-            buildForArchiving = "YES"
-            buildForAnalyzing = "YES">
-            <BuildableReference
-               BuildableIdentifier = "primary"
-               BlueprintIdentifier = "74E08DD82E858467007E665C"
-               BuildableName = "Cryptomator.docktileplugin"
-               BlueprintName = "DockTilePlugin"
-               ReferencedContainer = "container:DockTilePlugin.xcodeproj">
-            </BuildableReference>
-         </BuildActionEntry>
-      </BuildActionEntries>
-   </BuildAction>
-   <TestAction
-      buildConfiguration = "Debug"
-      selectedDebuggerIdentifier = "Xcode.DebuggerFoundation.Debugger.LLDB"
-      selectedLauncherIdentifier = "Xcode.DebuggerFoundation.Launcher.LLDB"
-      shouldUseLaunchSchemeArgsEnv = "YES"
-      shouldAutocreateTestPlan = "YES">
-   </TestAction>
-   <LaunchAction
-      buildConfiguration = "Debug"
-      selectedDebuggerIdentifier = "Xcode.DebuggerFoundation.Debugger.LLDB"
-      selectedLauncherIdentifier = "Xcode.DebuggerFoundation.Launcher.LLDB"
-      launchStyle = "0"
-      useCustomWorkingDirectory = "NO"
-      ignoresPersistentStateOnLaunch = "NO"
-      debugDocumentVersioning = "YES"
-      debugServiceExtension = "internal"
-      allowLocationSimulation = "YES">
-   </LaunchAction>
-   <ProfileAction
-      buildConfiguration = "Release"
-      shouldUseLaunchSchemeArgsEnv = "YES"
-      savedToolIdentifier = ""
-      useCustomWorkingDirectory = "NO"
-      debugDocumentVersioning = "YES">
-      <MacroExpansion>
-         <BuildableReference
-            BuildableIdentifier = "primary"
-            BlueprintIdentifier = "74E08DD82E858467007E665C"
-            BuildableName = "Cryptomator.docktileplugin"
-            BlueprintName = "DockTilePlugin"
-            ReferencedContainer = "container:DockTilePlugin.xcodeproj">
-         </BuildableReference>
-      </MacroExpansion>
-   </ProfileAction>
-   <AnalyzeAction
-      buildConfiguration = "Debug">
-   </AnalyzeAction>
-   <ArchiveAction
-      buildConfiguration = "Release"
-      revealArchiveInOrganizer = "YES">
-   </ArchiveAction>
-</Scheme>
--- a/dist/mac/dmg/build.sh
+++ b/dist/mac/dmg/build.sh
@@ -32,15 +32,15 @@ REVISION_NO=`git rev-list --count HEAD`
 VERSION_NO=`mvn -f../../../pom.xml help:evaluate -Dexpression=project.version -q -DforceStdout | sed -rn 's/.*([0-9]+\.[0-9]+\.[0-9]+).*/\1/p'`
 FUSE_LIB="FUSE-T"

-JAVAFX_VERSION=25
+JAVAFX_VERSION=24.0.1
 JAVAFX_ARCH="undefined"
 JAVAFX_JMODS_SHA256="undefined"
 if [ "$(machine)" = "arm64e" ]; then
    JAVAFX_ARCH="aarch64"
-    JAVAFX_JMODS_SHA256="13f8c0513c40c95881479fbcf0465a29a60217393fb0656f5e4eab78a9442fba"
+    JAVAFX_JMODS_SHA256="b5a94a13077507003fa852512bfa33f4fb680bc8076d8002e4227a84c85171d4"
 else
    JAVAFX_ARCH="x64"
-    JAVAFX_JMODS_SHA256="0eba73fb28a24c845175d16fa2f8c081c936ce6de1be9b79eb6119fa32e53d52"
+    JAVAFX_JMODS_SHA256="6e62a426d43c168a488521f904a523f3dd6ee2cf103e08136f2fd465c828a105"
 fi
 JAVAFX_JMODS_URL="https://download2.gluonhq.com/openjfx/${JAVAFX_VERSION}/openjfx-${JAVAFX_VERSION}_osx-${JAVAFX_ARCH}_bin-jmods.zip"

@@ -71,7 +71,7 @@ if [ "${POM_JFX_VERSION}" -ne "${JMOD_VERSION}" ]; then
 fi

 # compile
-mvn -B -f../../../pom.xml clean package -DskipTests -Pmac
+mvn -B -Djavafx.platform=mac -f../../../pom.xml clean package -DskipTests -Pmac
 cp ../../../LICENSE.txt ../../../target
 cp ../../../target/${MAIN_JAR_GLOB} ../../../target/mods

@@ -85,7 +85,7 @@ fi
 ${JAVA_HOME}/bin/jlink \
    --output runtime \
    --module-path "${JMOD_PATHS}" \
-    --add-modules java.base,java.desktop,java.instrument,java.logging,java.naming,java.net.http,java.scripting,java.sql,java.xml,javafx.base,javafx.graphics,javafx.controls,javafx.fxml,jdk.crypto.cryptoki,jdk.crypto.ec,jdk.unsupported,jdk.security.auth,jdk.accessibility,jdk.management.jfr,java.compiler \
+    --add-modules java.base,java.desktop,java.instrument,java.logging,java.naming,java.net.http,java.scripting,java.sql,java.xml,javafx.base,javafx.graphics,javafx.controls,javafx.fxml,jdk.unsupported,jdk.security.auth,jdk.accessibility,jdk.management.jfr,java.compiler \
    --strip-native-commands \
    --no-header-files \
    --no-man-pages \
@@ -115,7 +115,6 @@ ${JAVA_HOME}/bin/jpackage \
    --java-options "-Dsun.java2d.metal=true" \
    --java-options "-Dcryptomator.appVersion=\"${VERSION_NO}\"" \
    --java-options "-Dcryptomator.logDir=\"@{userhome}/Library/Logs/${APP_NAME}\"" \
-    --java-options "-XX:ErrorFile=/cryptomator/cryptomator_crash.log" \
    --java-options "-Dcryptomator.pluginDir=\"@{userhome}/Library/Application Support/${APP_NAME}/Plugins\"" \
    --java-options "-Dcryptomator.settingsPath=\"@{userhome}/Library/Application Support/${APP_NAME}/settings.json\"" \
    --java-options "-Dcryptomator.ipcSocketPath=\"@{userhome}/Library/Application Support/${APP_NAME}/ipc.socket\"" \
@@ -123,7 +122,6 @@ ${JAVA_HOME}/bin/jpackage \
    --java-options "-Dcryptomator.integrationsMac.keychainServiceName=\"${APP_NAME}\"" \
    --java-options "-Dcryptomator.mountPointsDir=\"@{userhome}/Library/Application Support${APP_NAME}/mnt\"" \
    --java-options "-Dcryptomator.showTrayIcon=true" \
-    --java-options "-Dcryptomator.updateMechanism=org.cryptomator.macos.update.DmgUpdateMechanism" \
    --java-options "-Dcryptomator.buildNumber=\"dmg-${REVISION_NO}\"" \
    --mac-package-identifier ${PACKAGE_IDENTIFIER} \
    --resource-dir ../resources
@@ -134,21 +132,8 @@ sed -i '' "s|###BUNDLE_SHORT_VERSION_STRING###|${VERSION_NO}|g" ${APP_NAME}.app/
 sed -i '' "s|###BUNDLE_VERSION###|${REVISION_NO}|g" ${APP_NAME}.app/Contents/Info.plist
 cp ../embedded.provisionprofile ${APP_NAME}.app/Contents/

-# build and install dock tile plugin
-echo "Building and installing Cryptomator.docktileplugin..."
-DERIVED_DATA_PATH=../DockTilePlugin/build
-xcodebuild -project ../DockTilePlugin/DockTilePlugin.xcodeproj \
-           -scheme DockTilePlugin \
-           -configuration Release \
-           -derivedDataPath ${DERIVED_DATA_PATH} \
-           -quiet \
-           clean build
-mkdir -p ${APP_NAME}.app/Contents/PlugIns
-cp -R ${DERIVED_DATA_PATH}/Build/Products/Release/Cryptomator.docktileplugin ${APP_NAME}.app/Contents/PlugIns/
-rm -rf ${DERIVED_DATA_PATH}
-
 # generate license
-mvn -B -f../../../pom.xml license:add-third-party \
+mvn -B -Djavafx.platform=mac -f../../../pom.xml license:add-third-party \
    -Dlicense.thirdPartyFilename=license.rtf \
    -Dlicense.outputDirectory=dist/mac/dmg/resources \
    -Dlicense.fileTemplate=resources/licenseTemplate.ftl \
--- a/dist/mac/resources/Info.plist
+++ b/dist/mac/resources/Info.plist
@@ -116,8 +116,5 @@
  <!-- allow utilization of integrated GPU, see https://developer.apple.com/library/mac/qa/qa1734/_index.html -->
  <key>NSSupportsAutomaticGraphicsSwitching</key>
  <true/>
-  <!-- register dock tile plugin -->
-  <key>NSDockTilePlugIn</key>
-  <string>Cryptomator.docktileplugin</string>
 </dict>
 </plist>
--- a/dist/win/.gitignore
+++ b/dist/win/.gitignore
@@ -4,8 +4,7 @@ installer
 *.wixobj
 *.pdb
 *.msi
-*Debug.properties
 *.exe
 *.jmod
 resources/jfxJmods.zip
-license.rtf
+license.rtf
--- a/dist/win/build.bat
+++ b/dist/win/build.bat
@@ -11,10 +11,6 @@ SET HELP_URL="https://cryptomator.org/contact/"
 SET MODULE_AND_MAIN_CLASS="org.cryptomator.desktop/org.cryptomator.launcher.Cryptomator"
 SET LOOPBACK_ALIAS="cryptomator-vault"

-:: read clean parameter from command line
-SET CLEAN=0
-IF "%~1"=="clean" SET CLEAN=1
-
 pwsh -NoLogo -NoProfile -ExecutionPolicy Unrestricted -Command .\build.ps1^
 -AppName %APPNAME%^
 -MainJarGlob "%MAIN_JAR_GLOB%"^
@@ -26,4 +22,4 @@ pwsh -NoLogo -NoProfile -ExecutionPolicy Unrestricted -Command .\build.ps1^
 -HelpUrl "%HELP_URL%"^
 -UpdateUrl "%UPDATE_URL%"^
 -LoopbackAlias "%LOOPBACK_ALIAS%"^
- -Clean %CLEAN%
+ -Clean 1
--- a/dist/win/build.ps1
+++ b/dist/win/build.ps1
@@ -9,15 +9,9 @@ Param(
 	[Parameter(Mandatory, HelpMessage="Please provide an update url")][string] $UpdateUrl,
 	[Parameter(Mandatory, HelpMessage="Please provide an about url")][string] $AboutUrl,
 	[Parameter(Mandatory, HelpMessage="Please provide an alias for localhost")][string] $LoopbackAlias,
-	[bool] $clean = $false # if true, cleans up previous build artifacts
+	[bool] $clean
 )

-# ============================
-# Function Definitions Section
-# ============================
-
-function Main {
-
 [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
 $ProgressPreference = 'SilentlyContinue' # disables Invoke-WebRequest's progress bar, which slows down downloads to a few bytes/s

@@ -56,16 +50,16 @@ $version = $(mvn -f $buildDir/../../pom.xml help:evaluate -Dexpression="project.
 $semVerNo = $version -replace '(\d+\.\d+\.\d+).*','$1'
 $revisionNo = $(git rev-list --count HEAD)

-Write-Host "`$version=$version"
-Write-Host "`$semVerNo=$semVerNo"
-Write-Host "`$revisionNo=$revisionNo"
-Write-Host "`$buildDir=$buildDir"
-Write-Host "`$Env:JAVA_HOME=$Env:JAVA_HOME"
+Write-Output "`$version=$version"
+Write-Output "`$semVerNo=$semVerNo"
+Write-Output "`$revisionNo=$revisionNo"
+Write-Output "`$buildDir=$buildDir"
+Write-Output "`$Env:JAVA_HOME=$Env:JAVA_HOME"

 $copyright = "(C) $CopyrightStartYear - $((Get-Date).Year) $Vendor"

 # compile
-&mvn -B -f $buildDir/../../pom.xml clean package -DskipTests -Pwin
+&mvn -B -f $buildDir/../../pom.xml clean package -DskipTests -Pwin "-Djavafx.platform=win"
 Copy-Item "$buildDir\..\..\target\$MainJarGlob.jar" -Destination "$buildDir\..\..\target\mods"

 # add runtime
@@ -77,7 +71,7 @@ if ($clean -and (Test-Path -Path $runtimeImagePath)) {
 ## download jfx jmods for X64, while they are part of the Arm64 JDK
 $archCode = (Get-CimInstance Win32_Processor).Architecture
 $archName = switch ($archCode) {
-    9  { "x64" }
+    9  { "x64 (AMD64)" }
    12 { "ARM64" }
    default { "WMI Win32_Processor.Architecture code ($archCode)" }
 }
@@ -86,20 +80,20 @@ switch ($archName) {
    'ARM64' {
 		$javafxBaseJmod = Join-Path $Env:JAVA_HOME "jmods\javafx.base.jmod"
 		if (!(Test-Path $javafxBaseJmod)) {
-			Write-Error "JavaFX module not found in JDK. Please ensure a JDK with JavaFX (including jmods) is installed."
+			Write-Error "JavaFX module not found in JDK. Please ensure full JDK (including jmods) is installed."
 			exit 1
 		}

        $jmodPaths = "$Env:JAVA_HOME/jmods"
    }
-    'x64' {
-		$javaFxVersion='25'
+    'x64 (AMD64)' {
+		$javaFxVersion='24.0.1'
 		$javaFxJmodsUrl = "https://download2.gluonhq.com/openjfx/${javaFxVersion}/openjfx-${javaFxVersion}_windows-x64_bin-jmods.zip"
-		$javaFxJmodsSHA256 = 'c8eb9fd039b00e0020cf6c3db8ed7876bf3ee4d27860aa697a247b83b8296ae7'
+		$javaFxJmodsSHA256 = 'f13d17c7caf88654fc835f1b4e75a9b0f34a888eb8abef381796c0002e63b03f'
 		$javaFxJmods = '.\resources\jfxJmods.zip'

 		if( !(Test-Path -Path $javaFxJmods) ) {
-			Write-Host "Downloading ${javaFxJmodsUrl}..."
+			Write-Output "Downloading ${javaFxJmodsUrl}..."
 			Invoke-WebRequest $javaFxJmodsUrl -OutFile $javaFxJmods # redirects are followed by default
 		}

@@ -133,7 +127,7 @@ if ((& "$Env:JAVA_HOME\bin\jlink" --help | Select-String -Pattern "Linking from
 	--verbose `
 	--output runtime `
 	--module-path $jmodPaths `
-	--add-modules java.base,java.desktop,java.instrument,java.logging,java.naming,java.net.http,java.scripting,java.sql,java.xml,jdk.unsupported,jdk.accessibility,jdk.management.jfr,jdk.crypto.cryptoki,jdk.crypto.ec,jdk.crypto.mscapi,java.compiler,javafx.base,javafx.graphics,javafx.controls,javafx.fxml `
+	--add-modules java.base,java.desktop,java.instrument,java.logging,java.naming,java.net.http,java.scripting,java.sql,java.xml,jdk.unsupported,jdk.accessibility,jdk.management.jfr,jdk.crypto.mscapi,java.compiler,javafx.base,javafx.graphics,javafx.controls,javafx.fxml `
 	--strip-native-commands `
 	--no-header-files `
 	--no-man-pages `
@@ -145,31 +139,6 @@ if ($clean -and (Test-Path -Path $appPath)) {
 	Remove-Item -Path $appPath -Force -Recurse
 }

-
-$javaOptions = @(
-"--java-options", "--enable-native-access=javafx.graphics,org.cryptomator.jfuse.win,org.cryptomator.integrations.win"
-"--java-options", "-Xss5m"
-"--java-options", "-Xmx256m"
-"--java-options", "-Dcryptomator.appVersion=`"$semVerNo`""
-"--java-options", "-Dfile.encoding=`"utf-8`""
-"--java-options", "-Djava.net.useSystemProxies=true"
-"--java-options", "-Dcryptomator.logDir=`"@{localappdata}/$AppName`""
-"--java-options", "-XX:ErrorFile=`"C:/cryptomator/cryptomator_crash.log`""
-"--java-options", "-Dcryptomator.pluginDir=`"@{appdata}/$AppName/Plugins`""
-"--java-options", "-Dcryptomator.settingsPath=`"@{appdata}/$AppName/settings.json;@{userhome}/AppData/Roaming/$AppName/settings.json`""
-"--java-options", "-Dcryptomator.ipcSocketPath=`"@{localappdata}/$AppName/ipc.socket`""
-"--java-options", "-Dcryptomator.p12Path=`"@{appdata}/$AppName/key.p12;@{userhome}/AppData/Roaming/$AppName/key.p12`""
-"--java-options", "-Dcryptomator.mountPointsDir=`"@{userhome}/$AppName`""
-"--java-options", "-Dcryptomator.loopbackAlias=`"$LoopbackAlias`""
-"--java-options", "-Dcryptomator.integrationsWin.autoStartShellLinkName=`"$AppName`""
-"--java-options", "-Dcryptomator.integrationsWin.keychainPaths=`"@{appdata}/$AppName/keychain.json;@{userhome}/AppData/Roaming/$AppName/keychain.json`""
-"--java-options", "-Dcryptomator.integrationsWin.windowsHelloKeychainPaths=`"@{appdata}/$AppName/windowsHelloKeychain.json`""
-"--java-options", "-Dcryptomator.showTrayIcon=true"
-"--java-options", "-Dcryptomator.buildNumber=`"msi-$revisionNo`""
-"--java-options", "-Dcryptomator.disableUpdateCheck=false"
-)
-
-
 # create app dir
 & "$Env:JAVA_HOME\bin\jpackage" `
 	--verbose `
@@ -182,19 +151,31 @@ $javaOptions = @(
 	--name $AppName `
 	--vendor $Vendor `
 	--copyright $copyright `
+	--java-options "--enable-preview" `
+	--java-options "--enable-native-access=javafx.graphics,org.cryptomator.jfuse.win,org.cryptomator.integrations.win" `
+	--java-options "-Xss5m" `
+	--java-options "-Xmx256m" `
+	--java-options "-Dcryptomator.appVersion=`"$semVerNo`"" `
 	--app-version "$semVerNo.$revisionNo" `
+	--java-options "-Dfile.encoding=`"utf-8`"" `
+	--java-options "-Djava.net.useSystemProxies=true" `
+	--java-options "-Dcryptomator.logDir=`"@{localappdata}/$AppName`"" `
+	--java-options "-Dcryptomator.pluginDir=`"@{appdata}/$AppName/Plugins`"" `
+	--java-options "-Dcryptomator.settingsPath=`"@{appdata}/$AppName/settings.json;@{userhome}/AppData/Roaming/$AppName/settings.json`"" `
+	--java-options "-Dcryptomator.ipcSocketPath=`"@{localappdata}/$AppName/ipc.socket`"" `
+	--java-options "-Dcryptomator.p12Path=`"@{appdata}/$AppName/key.p12;@{userhome}/AppData/Roaming/$AppName/key.p12`"" `
+	--java-options "-Dcryptomator.mountPointsDir=`"@{userhome}/$AppName`"" `
+	--java-options "-Dcryptomator.loopbackAlias=`"$LoopbackAlias`"" `
+	--java-options "-Dcryptomator.integrationsWin.autoStartShellLinkName=`"$AppName`"" `
+	--java-options "-Dcryptomator.integrationsWin.keychainPaths=`"@{appdata}/$AppName/keychain.json;@{userhome}/AppData/Roaming/$AppName/keychain.json`"" `
+	--java-options "-Dcryptomator.integrationsWin.windowsHelloKeychainPaths=`"@{appdata}/$AppName/windowsHelloKeychain.json`"" `
+	--java-options "-Dcryptomator.showTrayIcon=true" `
+	--java-options "-Dcryptomator.buildNumber=`"msi-$revisionNo`"" `
 	--resource-dir resources `
-	--icon resources/$AppName.ico `
-	--add-launcher "${AppName} (Debug)=$buildDir\debug-launcher.properties" `
-	@javaOptions
-
-if ($LASTEXITCODE -ne 0) {
-    Write-Error "jpackage Appimage failed with exit code $LASTEXITCODE"
-	return 1;
-}
+	--icon resources/$AppName.ico

 #Create RTF license for msi
-&mvn -B -f $buildDir/../../pom.xml license:add-third-party `
+&mvn -B -f $buildDir/../../pom.xml license:add-third-party "-Djavafx.platform=win" `
 "-Dlicense.thirdPartyFilename=license.rtf" `
 "-Dlicense.fileTemplate=$buildDir\resources\licenseTemplate.ftl" `
 "-Dlicense.outputDirectory=$buildDir\resources\" `
@@ -206,7 +187,14 @@ if ($LASTEXITCODE -ne 0) {
 # patch app dir
 Copy-Item "contrib\*" -Destination "$AppName"
 attrib -r "$AppName\$AppName.exe"
-attrib -r "$AppName\${AppName} (Debug).exe"
+# patch batch script to set hostfile
+$webDAVPatcher = "$AppName\patchWebDAV.bat"
+try {
+	(Get-Content $webDAVPatcher ) -replace '::REPLACE ME', "SET LOOPBACK_ALIAS=`"$LoopbackAlias`"" | Set-Content $webDAVPatcher
+} catch {
+   Write-Host "Failed to set LOOPBACK_ALIAS for patchWebDAV.bat"
+   exit 1
+}

 # create .msi
 $Env:JP_WIXWIZARD_RESOURCES = "$buildDir\resources"
@@ -237,7 +225,7 @@ if ($LASTEXITCODE -ne 0) {
 }

 #Create RTF license for bundle
-&mvn -B -f $buildDir/../../pom.xml license:add-third-party `
+&mvn -B -f $buildDir/../../pom.xml license:add-third-party "-Djavafx.platform=win" `
 "-Dlicense.thirdPartyFilename=license.rtf" `
 "-Dlicense.fileTemplate=$buildDir\bundle\resources\licenseTemplate.ftl" `
 "-Dlicense.outputDirectory=$buildDir\bundle\resources\" `
@@ -249,7 +237,7 @@ if ($LASTEXITCODE -ne 0) {
 # download Winfsp
 $winfspMsiUrl= 'https://github.com/winfsp/winfsp/releases/download/v2.1/winfsp-2.1.25156.msi'
 $winfspMsiHash = '073A70E00F77423E34BED98B86E600DEF93393BA5822204FAC57A29324DB9F7A'
-Write-Host "Downloading ${winfspMsiUrl}..."
+Write-Output "Downloading ${winfspMsiUrl}..."
 Invoke-WebRequest $winfspMsiUrl -OutFile ".\bundle\resources\winfsp.msi" # redirects are followed by default
 $computedHash = $(Get-FileHash -Path '.\bundle\resources\winfsp.msi' -Algorithm SHA256).Hash
 if (! $computedHash.Equals($winfspMsiHash)) {
@@ -263,7 +251,7 @@ if (! $computedHash.Equals($winfspMsiHash)) {

 # download legacy-winfsp uninstaller
 $winfspUninstaller= 'https://github.com/cryptomator/winfsp-uninstaller/releases/latest/download/winfsp-uninstaller.exe'
-Write-Host "Downloading ${winfspUninstaller}..."
+Write-Output "Downloading ${winfspUninstaller}..."
 Invoke-WebRequest $winfspUninstaller -OutFile ".\bundle\resources\winfsp-uninstaller.exe" # redirects are followed by default

 # copy MSI to bundle resources
@@ -283,18 +271,4 @@ Copy-Item ".\installer\$AppName-*.msi" -Destination ".\bundle\resources\$AppName
    .\bundle\bundleWithWinfsp.wxs `
    -out "installer\$AppName-Installer.exe"

-Write-Host "Created EXE installer .\installer\$AppName-Installer.exe"
-return 0;
-}
-
-# ============================
-# Script Execution Starts Here
-# ============================
-if ($clean) {
-	Write-Host "Cleaning up previous build artifacts..."
-	Remove-Item -Path ".\runtime" -Force -Recurse -ErrorAction Ignore -ProgressAction SilentlyContinue
-	Remove-Item -Path ".\$AppName" -Force -Recurse -ErrorAction Ignore -ProgressAction SilentlyContinue
-	Remove-Item -Path ".\installer" -Force -Recurse -ErrorAction Ignore -ProgressAction SilentlyContinue
-}
-return Main
-
+Write-Output "Created EXE installer .\installer\$AppName-Installer.exe"
--- a/dist/win/bundle/bundleWithWinfsp.wxs
+++ b/dist/win/bundle/bundleWithWinfsp.wxs
@@ -27,8 +27,6 @@
            <ns0:Payload Name="Cryptobot.ico" SourceFile="bundle\resources\Cryptomator.ico"/>
        </ns0:BootstrapperApplication>

-        <ns0:Variable Name="DISABLEUPDATECHECK" bal:Overridable="yes" Type="string" Value="false"/>
-
        <ns0:Chain>
            <ns0:ExePackage Cache="keep" PerMachine="yes" Permanent="no" SourceFile="bundle\resources\winfsp-uninstaller.exe" DisplayName="Removing outdated WinFsp Driver" Description="Executable to remove old winfsp" DetectCondition="false" InstallCondition="(InstalledLegacyWinFspVersion &lt;&gt; v0.0.0.0) AND ((WixBundleAction = 7) OR (WixBundleAction = 5))" UninstallArguments="">
                <ns0:CommandLine Condition="WixBundleUILevel &lt;= 3" InstallArgument="-q -l &quot;[WixBundleLog].winfsp-uninstaller.log&quot;" RepairArgument="-q" UninstallArgument="-s" />
@@ -43,9 +41,7 @@ Do you want to continue?&quot;" RepairArgument="-q" UninstallArgument="-s" />
                <ns0:ExitCode Behavior="forceReboot" Value="4" />
                <ns0:ExitCode Behavior="success" Value="5" />
            </ns0:ExePackage>
-            <ns0:MsiPackage SourceFile="bundle\resources\Cryptomator.msi" CacheId="cryptomator-bundle-cryptomator" Visible="no">
-                <ns0:MsiProperty Name="DISABLEUPDATECHECK" Value="[DISABLEUPDATECHECK]"/>
-            </ns0:MsiPackage>
+            <ns0:MsiPackage SourceFile="bundle\resources\Cryptomator.msi" CacheId="cryptomator-bundle-cryptomator" Visible="no" />
            <ns0:MsiPackage SourceFile="bundle\resources\winfsp.msi" CacheId="cryptomator-bundle-winfsp" Visible="yes" Permanent="yes" />
        </ns0:Chain>
    </ns0:Bundle>
--- a/dist/win/contrib/patchUpdateCheck.bat
+++ b/dist/win/contrib/patchUpdateCheck.bat
@@ -1,18 +0,0 @@
-@echo off
-:: Batch wrapper for PowerShell script to modify Cryptomator update check settings
-:: This is executed as a Custom Action during MSI installation
-:: This file must be located in the INSTALLDIR
-
-set "DISABLEUPDATECHECK=%~1"
-
-:: Log for debugging
-echo DISABLEUPDATECHECK=%DISABLEUPDATECHECK%
-
-:: Change to INSTALLDIR
-cd %~dp0
-:: Execute the PowerShell script
-powershell.exe -NoLogo -NoProfile -NonInteractive -ExecutionPolicy RemoteSigned -File ".\patchUpdateCheck.ps1"^
- -DisableUpdateCheck "%DISABLEUPDATECHECK%"
-
-:: Return the exit code from PowerShell
-exit /b %ERRORLEVEL%
--- a/dist/win/contrib/patchUpdateCheck.ps1
+++ b/dist/win/contrib/patchUpdateCheck.ps1
@@ -1,58 +0,0 @@
-# PowerShell script to modify Cryptomator.cfg to set disableUpdateCheck property
-# This script is executed as a Custom Action during MSI installation
-# If the DisableUpdateCheck parameter is set to true, it disables the update check in Cryptomator by modifying the Cryptomator.cfg file.
-# NOTE: This file must be located in the same directory as set in the MSI property INSTALLDIR
-
-param(
-    [Parameter(Mandatory)][string]$DisableUpdateCheck
-)
-
-try {
-    # Log parameters for debugging (visible in MSI verbose logs)
-    Write-Host "DisableUpdateCheck: $DisableUpdateCheck"
-
-    # Parse DisableUpdateCheck value (handle various input formats)
-    $shouldDisable = $false
-    if ($DisableUpdateCheck) {
-        $DisableUpdateCheck = $DisableUpdateCheck.Trim().ToLower()
-        $shouldDisable = ($DisableUpdateCheck -eq 'true') -or ($DisableUpdateCheck -eq '1') -or ($DisableUpdateCheck -eq 'yes')
-    }
-
-    Write-Host "Setting cryptomator.disableUpdateCheck to: $shouldDisable"
-    if (-not $shouldDisable) {
-        Write-Host 'Disable-Update-Check property is by default "false". Skipping config modification.'
-        exit 0
-    }
-
-    # Determine the .cfg file path
-    $cfgDir = Join-Path $PSScriptRoot 'app'
-    $cfgFiles = Get-ChildItem -Path $cfgDir -Filter '*.cfg' -File
-
-    if ($cfgFiles.Count -eq 0) {
-        Write-Error "No .cfg file found in directory: $cfgDir"
-        exit 1
-    }
-
-    foreach ($file in $cfgFiles) {
-        $cfgFile = $file.FullName
-        Write-Host "Modifying configuration file: $cfgFile"
-        # Read the current configuration
-        $content = Get-Content $cfgFile -Raw -ErrorAction Stop
-
-        # Add the new option based on the property value
-        # Use regular expressions substitutions to replace the property
-        $searchExpression = '(?<Prefix>java-options=-Dcryptomator\.disableUpdateCheck)=false'
-        $replacementExpression = '${Prefix}=true'
-        $content = $content -replace $searchExpression,$replacementExpression
-
-        # Write the modified content back
-        Set-Content -Path $cfgFile -Value $content -NoNewline
-        Write-Host "Successfully updated $cfgFile"
-    }
-
-    exit 0
-}
-catch {
-    Write-Error "Error modifying configuration file: $_"
-    exit 1
-}
--- a/dist/win/contrib/patchWebDAV.bat
+++ b/dist/win/contrib/patchWebDAV.bat
@@ -1,18 +1,7 @@
@echo off
-:: Batch wrapper for PowerShell script to adjust Windows network settings for the Cryptomator WebDAVAdapter 
-:: This is executed as a Custom Action during MSI installation
-:: This file must be located in the INSTALLDIR
+:: Default values for Cryptomator builds
+::REPLACE ME

-set "LOOPBACK_ALIAS=%1"
-
-:: Log for debugging
-echo LOOPBACK_ALIAS=%LOOPBACK_ALIAS%
-
-:: Change to INSTALLDIR
 cd %~dp0
-:: Execute the PowerShell script
-powershell -NoLogo -NoProfile -NonInteractive -ExecutionPolicy RemoteSigned -File .\patchWebDAV.ps1^
- -LoopbackAlias %LOOPBACK_ALIAS%
-
-:: Return the exit code from PowerShell
-exit /b %ERRORLEVEL%
+powershell -NoLogo -NoProfile -NonInteractive -ExecutionPolicy RemoteSigned -Command .\patchWebDAV.ps1^
+ -LoopbackAlias %LOOPBACK_ALIAS%
--- a/dist/win/debug-launcher.properties
+++ b/dist/win/debug-launcher.properties
@@ -1,4 +0,0 @@
-win-console=true
-win-shortcut=false
-win-menu=false
-description=Debug Launcher with Console for Cryptomator
--- a/dist/win/launcher.bat
+++ b/dist/win/launcher.bat
@@ -0,0 +1,15 @@
+@echo off
+java ^
+	-p "mods" ^
+	-cp "libs/*" ^
+	-Dcryptomator.settingsPath="~/AppData/Roaming/Cryptomator/settings.json" ^
+	-Dcryptomator.ipcSocketPath="~/AppData/Roaming/Cryptomator/ipc.socket" ^
+	-Dcryptomator.logDir="~/AppData/Roaming/Cryptomator" ^
+	-Dcryptomator.mountPointsDir="~/Cryptomator" ^
+	-Dcryptomator.integrationsWin.keychainPaths="~/AppData/Roaming/Cryptomator/keychain.json" ^
+	-Dcryptomator.integrationsWin.windowsHelloKeychainPaths="~/AppData/Roaming/Cryptomator/windowsHelloKeychain.json" ^
+	-Xss20m ^
+	-Xmx512m ^
+	--enable-preview `
+	--enable-native-access=org.cryptomator.jfuse.win `
+	-m org.cryptomator.desktop/org.cryptomator.launcher.Cryptomator
--- a/dist/win/resources/main.wxs
+++ b/dist/win/resources/main.wxs
@@ -26,7 +26,6 @@
  <?define IconFileEncryptedData= "Cryptomator-Vault.ico" ?>
  <?define ProgIdContentType= "application/vnd.cryptomator.encrypted" ?>
  <?define CloseApplicationTarget= "cryptomator.exe" ?>
-  <?define LoopbackAlias= "cryptomator-vault" ?>

  <?include $(var.JpConfigDir)/overrides.wxi ?>

@@ -127,18 +126,10 @@

    <ns0:Property Id="WixQuietExec64CmdTimeout" Value="20" />
    <!-- Note for custom actions: Immediate CAs run BEFORE the files are installed, hence if you depend on installed files, the CAs must be deferred.-->
-
-    <!-- Property for controlling update check behavior (can be set via command line) -->
-    <ns0:Property Id="DISABLEUPDATECHECK" Secure="yes" />
-
    <!-- WebDAV patches -->
-    <ns0:SetProperty Id="PatchWebDAV" Value="&quot;[INSTALLDIR]patchWebDAV.bat&quot; &quot;$(var.LoopbackAlias)&quot;" Sequence="execute" Before="PatchWebDAV" />
+    <ns0:SetProperty Id="PatchWebDAV" Value="&quot;[INSTALLDIR]patchWebDAV.bat&quot;" Sequence="execute" Before="PatchWebDAV" />
    <ns0:CustomAction Id="PatchWebDAV" BinaryRef="Wix4UtilCA_$(sys.BUILDARCHSHORT)" DllEntry="WixQuietExec" Execute="deferred" Return="ignore" Impersonate="no"/>

-    <!-- Update check configuration -->
-    <ns0:SetProperty Id="PatchUpdateCheck" Value="&quot;[INSTALLDIR]patchUpdateCheck.bat&quot; &quot;[DISABLEUPDATECHECK]&quot;" Sequence="execute" Before="PatchUpdateCheck" />
-    <ns0:CustomAction Id="PatchUpdateCheck" BinaryRef="Wix4UtilCA_$(sys.BUILDARCHSHORT)" DllEntry="WixQuietExec64" Execute="deferred" Return="ignore" Impersonate="no"/>
-
    <!-- Running App detection and exit -->
    <ns0:Property Id="FOUNDRUNNINGAPP" Admin="yes"/>
    <util:CloseApplication
@@ -190,8 +181,6 @@
      <!-- Skip action on uninstall -->
      <!-- TODO: don't skip action, but remove cryptomator alias from hosts file -->
      <ns0:Custom Action="PatchWebDAV" After="InstallFiles" Condition="NOT (Installed AND (NOT REINSTALL) AND (NOT UPGRADINGPRODUCTCODE) AND REMOVE)"/>
-      <!-- Configure update check setting if property is provided -->
-      <ns0:Custom Action="PatchUpdateCheck" After="PatchWebDAV" Condition="DISABLEUPDATECHECK AND NOT (Installed AND (NOT REINSTALL) AND (NOT UPGRADINGPRODUCTCODE) AND REMOVE)"/>
    </ns0:InstallExecuteSequence>

    <ns0:InstallUISequence>
--- a/dist/win/resources/overrides.wxi
+++ b/dist/win/resources/overrides.wxi
@@ -41,7 +41,7 @@ Media Type of the encrypted data files. Default is "application/vnd.cryptomator.

 Close Application settings:
 - CloseApplicationTarget
-Full name of executable to be checked in the close application util. Default is "cryptomator.exe"
+Full name of executable to be checkd in the close application util. Default is "cryptomator.exe"

 Legacy Installation settings:
 - SkipCryptomatorLegacyCheck
--- a/license/merges
+++ b/license/merges
@@ -1,6 +1,6 @@
-Apache License v2.0|Apache License, Version 2.0|The Apache License, Version 2.0|The Apache Software License, Version 2.0|Apache 2.0|Apache Software License - Version 2.0|Apache-2.0
-MIT License|MIT|The MIT License (MIT)|The MIT License|MIT license
-LGPL 2.1|LGPL, version 2.1|GNU Lesser/Library General Public License version 2|GNU Lesser General Public License Version 2.1|GNU Lesser General Public License
+Apache License v2.0|Apache License, Version 2.0|The Apache Software License, Version 2.0|Apache 2.0|Apache Software License - Version 2.0|Apache-2.0
+MIT License|The MIT License (MIT)|The MIT License|MIT license
+LGPL 2.1|LGPL, version 2.1|GNU Lesser/Library General Public License version 2|GNU Lesser General Public License Version 2.1
 GPLv2|GNU General Public License Version 2
 GPLv2+CE|CDDL + GPLv2 with classpath exception
 Eclipse Public License - Version 1.0|Eclipse Public License - v 1.0
--- a/pom.xml
+++ b/pom.xml
@@ -3,7 +3,7 @@
 	<modelVersion>4.0.0</modelVersion>
 	<groupId>org.cryptomator</groupId>
 	<artifactId>cryptomator</artifactId>
-	<version>1.19.0</version>
+	<version>1.17.0-SNAPSHOT</version>
 	<name>Cryptomator Desktop App</name>

 	<organization>
@@ -26,7 +26,7 @@

 	<properties>
 		<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
-		<project.jdk.version>25</project.jdk.version>
+		<project.jdk.version>24</project.jdk.version>

 		<!-- Group IDs of jars that need to stay on the class path for now -->
 		<!-- remove them, as soon they got modularized or support is dropped (i.e., WebDAV) -->
@@ -34,60 +34,57 @@

 		<!-- cryptomator dependencies -->
 		<cryptomator.cryptofs.version>2.9.0</cryptomator.cryptofs.version>
-		<cryptomator.integrations.version>1.8.0-beta1</cryptomator.integrations.version>
-		<cryptomator.integrations.win.version>1.5.1</cryptomator.integrations.win.version>
-		<cryptomator.integrations.mac.version>1.5.0-beta2</cryptomator.integrations.mac.version>
-		<cryptomator.integrations.linux.version>1.7.0-beta2</cryptomator.integrations.linux.version>
-		<cryptomator.fuse.version>5.1.0</cryptomator.fuse.version>
-		<cryptomator.webdav.version>3.0.0</cryptomator.webdav.version>
+		<cryptomator.integrations.version>1.6.0</cryptomator.integrations.version>
+		<cryptomator.integrations.win.version>1.5.0</cryptomator.integrations.win.version>
+		<cryptomator.integrations.mac.version>1.4.0</cryptomator.integrations.mac.version>
+		<cryptomator.integrations.linux.version>1.6.0</cryptomator.integrations.linux.version>
+		<cryptomator.fuse.version>5.0.5</cryptomator.fuse.version>
+		<cryptomator.webdav.version>2.0.10</cryptomator.webdav.version>

 		<!-- 3rd party dependencies -->
-		<commons-lang3.version>3.19.0</commons-lang3.version>
-		<dagger.version>2.57.2</dagger.version>
+		<commons-lang3.version>3.17.0</commons-lang3.version>
+		<dagger.version>2.56.2</dagger.version>
 		<easybind.version>2.2</easybind.version>
-		<jackson.version>2.20.0</jackson.version>
-		<javafx.version>25</javafx.version>
+		<jackson.version>2.19.1</jackson.version>
+		<javafx.version>24.0.1</javafx.version>
 		<jwt.version>4.5.0</jwt.version>
-		<nimbus-jose.version>10.5</nimbus-jose.version>
-		<logback.version>1.5.19</logback.version>
+		<nimbus-jose.version>9.37.3</nimbus-jose.version>
+		<logback.version>1.5.18</logback.version>
 		<slf4j.version>2.0.17</slf4j.version>
 		<tinyoauth2.version>0.8.1</tinyoauth2.version>
 		<zxcvbn.version>1.9.0</zxcvbn.version>

 		<!-- test dependencies -->
-		<junit.jupiter.version>5.13.4</junit.jupiter.version>
-		<mockito.version>5.20.0</mockito.version>
+		<junit.jupiter.version>5.13.1</junit.jupiter.version>
+		<mockito.version>5.18.0</mockito.version>
 		<hamcrest.version>3.0</hamcrest.version>

 		<!-- build-time dependencies -->
-		<jetbrains.annotations.version>26.0.2-1</jetbrains.annotations.version>
-		<dependency-check.version>12.1.5</dependency-check.version>
-		<jacoco.version>0.8.14</jacoco.version>
-		<license-generator.version>2.7.0</license-generator.version>
+		<jetbrains.annotations.version>26.0.2</jetbrains.annotations.version>
+		<dependency-check.version>12.1.3</dependency-check.version>
+		<jacoco.version>0.8.13</jacoco.version>
+		<license-generator.version>2.5.0</license-generator.version>
 		<junit-tree-reporter.version>1.4.0</junit-tree-reporter.version>
-		<mvn-compiler.version>3.14.1</mvn-compiler.version>
+		<mvn-compiler.version>3.14.0</mvn-compiler.version>
 		<mvn-resources.version>3.3.1</mvn-resources.version>
 		<mvn-dependency.version>3.8.1</mvn-dependency.version>
-		<mvn-surefire.version>3.5.4</mvn-surefire.version>
+		<mvn-surefire.version>3.5.3</mvn-surefire.version>
 		<mvn-jar.version>3.4.2</mvn-jar.version>

 		<!-- Property used by surefire to determine jacoco engine -->
 		<surefire.jacoco.args></surefire.jacoco.args>
 	</properties>

-	<repositories>
-		<repository>
-			<name>Central Portal Snapshots</name>
-			<id>central-portal-snapshots</id>
-			<url>https://central.sonatype.com/repository/maven-snapshots/</url>
-			<releases>
-				<enabled>false</enabled>
-			</releases>
-			<snapshots>
-				<enabled>true</enabled>
-			</snapshots>
-		</repository>
-	</repositories>
+	<!-- TODO: Remove once webdav version 2.0.11 is released -->
+	<dependencyManagement>
+		<dependencies>
+			<dependency>
+				<groupId>org.cryptomator</groupId>
+				<artifactId>webdav-nio-adapter-servlet</artifactId>
+				<version>1.2.9</version>
+			</dependency>
+		</dependencies>
+	</dependencyManagement>

 	<dependencies>
 		<!-- Cryptomator Libs -->
@@ -228,7 +225,7 @@
 		<dependency>
 			<groupId>com.github.ben-manes.caffeine</groupId>
 			<artifactId>caffeine</artifactId>
-			<version>3.2.2</version>
+			<version>3.2.1</version>
 		</dependency>
 		<!-- JUnit / Mockito / Hamcrest -->
 		<dependency>
@@ -258,7 +255,7 @@
 		<dependency>
 			<groupId>com.google.jimfs</groupId>
 			<artifactId>jimfs</artifactId>
-			<version>1.3.1</version>
+			<version>1.3.0</version>
 			<scope>test</scope>
 		</dependency>

--- a/src/main/java/module-info.java
+++ b/src/main/java/module-info.java
@@ -50,12 +50,12 @@ open module org.cryptomator.desktop {
 	requires io.github.coffeelibs.tinyoauth2client;
 	requires org.slf4j;
 	requires org.apache.commons.lang3;
-	requires com.github.benmanes.caffeine;

 	/* dagger bs */
 	requires jakarta.inject;
 	requires static javax.inject;
 	requires java.compiler;
+	requires com.github.benmanes.caffeine;

 	uses org.cryptomator.common.locationpresets.LocationPresetsProvider;
 	uses SSLContextProvider;
--- a/src/main/java/org/cryptomator/common/CommonsModule.java
+++ b/src/main/java/org/cryptomator/common/CommonsModule.java
@@ -74,6 +74,13 @@ public abstract class CommonsModule {
 		return new MasterkeyFileAccess(Constants.PEPPER, csprng);
 	}

+	@Provides
+	@Singleton
+	@Named("SemVer")
+	static Comparator<String> providesSemVerComparator() {
+		return new SemVerComparator();
+	}
+
 	@Provides
 	@Singleton
 	static Optional<RevealPathService> provideRevealPathService() {
--- a/src/main/java/org/cryptomator/common/Environment.java
+++ b/src/main/java/org/cryptomator/common/Environment.java
@@ -124,15 +124,6 @@ public class Environment {
 		return Optional.ofNullable(System.getProperty(BUILD_NUMBER_PROP_NAME));
 	}

-	/**
-	 * Returns the app version concatenated with the build number (if defined).
-	 *
-	 * @return version string formatted like {@code 1.2.3-4567} or {@code 1.2.3} if no build number is defined.
-	 */
-	public String getAppVersionWithBuildNumber() {
-		return getAppVersion() + getBuildNumber().map("-"::concat).orElse("");
-	}
-
 	public Optional<Path> getPluginDir() {
 		return getPath(PLUGIN_DIR_PROP_NAME);
 	}
--- a/src/main/java/org/cryptomator/common/SemVerComparator.java
+++ b/src/main/java/org/cryptomator/common/SemVerComparator.java
@@ -0,0 +1,81 @@
+/*******************************************************************************
+ * Copyright (c) 2016, 2017 Sebastian Stenzel and others.
+ * All rights reserved.
+ * This program and the accompanying materials are made available under the terms of the accompanying LICENSE file.
+ *
+ * Contributors:
+ *     Sebastian Stenzel - initial API and implementation
+ *******************************************************************************/
+package org.cryptomator.common;
+
+import org.apache.commons.lang3.StringUtils;
+
+import java.util.Comparator;
+
+/**
+ * Compares version strings according to <a href="http://semver.org/spec/v2.0.0.html">SemVer 2.0.0</a>.
+ */
+public class SemVerComparator implements Comparator<String> {
+
+	private static final char VERSION_SEP = '.'; // http://semver.org/spec/v2.0.0.html#spec-item-2
+	private static final String PRE_RELEASE_SEP = "-"; // http://semver.org/spec/v2.0.0.html#spec-item-9
+	private static final String BUILD_SEP = "+"; // http://semver.org/spec/v2.0.0.html#spec-item-10
+
+	@Override
+	public int compare(String version1, String version2) {
+		// "Build metadata SHOULD be ignored when determining version precedence.
+		// Thus two versions that differ only in the build metadata, have the same precedence."
+		String v1WithoutBuildMetadata = StringUtils.substringBefore(version1, BUILD_SEP);
+		String v2WithoutBuildMetadata = StringUtils.substringBefore(version2, BUILD_SEP);
+
+		if (v1WithoutBuildMetadata.equals(v2WithoutBuildMetadata)) {
+			return 0;
+		}
+
+		String v1MajorMinorPatch = StringUtils.substringBefore(v1WithoutBuildMetadata, PRE_RELEASE_SEP);
+		String v2MajorMinorPatch = StringUtils.substringBefore(v2WithoutBuildMetadata, PRE_RELEASE_SEP);
+		String v1PreReleaseVersion = StringUtils.substringAfter(v1WithoutBuildMetadata, PRE_RELEASE_SEP);
+		String v2PreReleaseVersion = StringUtils.substringAfter(v2WithoutBuildMetadata, PRE_RELEASE_SEP);
+		return compare(v1MajorMinorPatch, v1PreReleaseVersion, v2MajorMinorPatch, v2PreReleaseVersion);
+	}
+
+	private int compare(String v1MajorMinorPatch, String v1PreReleaseVersion, String v2MajorMinorPatch, String v2PreReleaseVersion) {
+		int comparisonResult = compareNumericallyThenLexicographically(v1MajorMinorPatch, v2MajorMinorPatch);
+		if (comparisonResult == 0) {
+			if (v1PreReleaseVersion.isEmpty()) {
+				return 1; // 1.0.0 > 1.0.0-BETA
+			} else if (v2PreReleaseVersion.isEmpty()) {
+				return -1; // 1.0.0-BETA < 1.0.0
+			} else {
+				return compareNumericallyThenLexicographically(v1PreReleaseVersion, v2PreReleaseVersion);
+			}
+		} else {
+			return comparisonResult;
+		}
+	}
+
+	private int compareNumericallyThenLexicographically(String version1, String version2) {
+		final String[] vComps1 = StringUtils.split(version1, VERSION_SEP);
+		final String[] vComps2 = StringUtils.split(version2, VERSION_SEP);
+		final int commonCompCount = Math.min(vComps1.length, vComps2.length);
+
+		for (int i = 0; i < commonCompCount; i++) {
+			int subversionComparisonResult = 0;
+			try {
+				final int v1 = Integer.parseInt(vComps1[i]);
+				final int v2 = Integer.parseInt(vComps2[i]);
+				subversionComparisonResult = v1 - v2;
+			} catch (NumberFormatException ex) {
+				// ok, lets compare this fragment lexicographically
+				subversionComparisonResult = vComps1[i].compareTo(vComps2[i]);
+			}
+			if (subversionComparisonResult != 0) {
+				return subversionComparisonResult;
+			}
+		}
+
+		// all in common so far? longest version string is considered the higher version:
+		return vComps1.length - vComps2.length;
+	}
+
+}
--- a/src/main/java/org/cryptomator/common/recovery/BackupRestorer.java
+++ b/src/main/java/org/cryptomator/common/recovery/BackupRestorer.java
@@ -1,53 +0,0 @@
-package org.cryptomator.common.recovery;
-
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-
-import java.io.IOException;
-import java.nio.file.Path;
-import java.nio.file.Files;
-import java.nio.file.StandardCopyOption;
-import java.nio.file.attribute.FileTime;
-import java.util.stream.Stream;
-
-import static org.cryptomator.common.Constants.MASTERKEY_BACKUP_SUFFIX;
-
-public final class BackupRestorer {
-
-	private static final Logger LOG = LoggerFactory.getLogger(BackupRestorer.class);
-
-	private BackupRestorer() {}
-
-	public static void restoreIfBackupPresent(Path vaultPath, String filePrefix) {
-		Path targetFile = vaultPath.resolve(filePrefix);
-
-		try (Stream<Path> files = Files.list(vaultPath)) {
-			files.filter(file -> isFileMatchingPattern(file.getFileName().toString(), filePrefix))
-					.max((f1, f2) -> {
-						try {
-							FileTime time1 = Files.getLastModifiedTime(f1);
-							FileTime time2 = Files.getLastModifiedTime(f2);
-							return time1.compareTo(time2);
-						} catch (IOException e) {
-							return 0;
-						}
-					})
-					.ifPresent(backupFile -> copyBackupFile(backupFile, targetFile));
-		} catch (IOException e) {
-			LOG.info("Unable to restore backup files in '{}'", vaultPath, e);
-		}
-	}
-
-	private static boolean isFileMatchingPattern(String fileName, String filePrefix) {
-		return fileName.startsWith(filePrefix) && fileName.endsWith(MASTERKEY_BACKUP_SUFFIX);
-	}
-
-	private static void copyBackupFile(Path backupFile, Path configPath) {
-		try {
-			Files.copy(backupFile, configPath, StandardCopyOption.REPLACE_EXISTING);
-			LOG.debug("Backup restored - file: '{}'  path: '{}'", backupFile, configPath);
-		} catch (IOException e) {
-			LOG.warn("Unable to copy backup file from '{}' to '{}'", backupFile, configPath, e);
-		}
-	}
-}
--- a/src/main/java/org/cryptomator/common/recovery/CryptoFsInitializer.java
+++ b/src/main/java/org/cryptomator/common/recovery/CryptoFsInitializer.java
@@ -1,33 +0,0 @@
-package org.cryptomator.common.recovery;
-
-import java.io.IOException;
-import java.nio.file.Path;
-
-import org.cryptomator.cryptofs.CryptoFileSystemProperties;
-import org.cryptomator.cryptofs.CryptoFileSystemProvider;
-import org.cryptomator.cryptolib.api.Masterkey;
-import org.cryptomator.cryptolib.api.CryptorProvider;
-import org.cryptomator.cryptolib.api.CryptoException;
-import org.cryptomator.cryptolib.api.MasterkeyLoader;
-
-import static org.cryptomator.common.Constants.DEFAULT_KEY_ID;
-
-public final class CryptoFsInitializer {
-
-	private CryptoFsInitializer() {}
-
-	public static void init(Path recoveryPath,
-							Masterkey masterkey,
-							int shorteningThreshold,
-							CryptorProvider.Scheme scheme) throws IOException, CryptoException {
-
-		MasterkeyLoader loader = ignored -> masterkey.copy();
-		CryptoFileSystemProperties fsProps = CryptoFileSystemProperties //
-				.cryptoFileSystemProperties() //
-				.withCipherCombo(scheme) //
-				.withKeyLoader(loader) //
-				.withShorteningThreshold(shorteningThreshold) //
-				.build();
-		CryptoFileSystemProvider.initialize(recoveryPath, fsProps, DEFAULT_KEY_ID);
-	}
-}
--- a/src/main/java/org/cryptomator/common/recovery/MasterkeyService.java
+++ b/src/main/java/org/cryptomator/common/recovery/MasterkeyService.java
@@ -1,101 +0,0 @@
-package org.cryptomator.common.recovery;
-
-import org.cryptomator.common.vaults.Vault;
-import org.cryptomator.cryptolib.api.CryptoException;
-import org.cryptomator.cryptolib.api.Cryptor;
-import org.cryptomator.cryptolib.api.CryptorProvider;
-import org.cryptomator.cryptolib.api.Masterkey;
-import org.cryptomator.cryptolib.common.MasterkeyFileAccess;
-import org.cryptomator.ui.recoverykey.RecoveryKeyFactory;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-
-import java.io.IOException;
-import java.nio.ByteBuffer;
-import java.nio.channels.FileChannel;
-import java.nio.file.Files;
-import java.nio.file.Path;
-import java.nio.file.StandardOpenOption;
-import java.security.NoSuchAlgorithmException;
-import java.security.SecureRandom;
-import java.util.Arrays;
-import java.util.NoSuchElementException;
-import java.util.Optional;
-import java.util.UUID;
-import java.util.stream.Stream;
-
-import static org.cryptomator.common.Constants.MASTERKEY_FILENAME;
-import static org.cryptomator.cryptofs.common.Constants.DATA_DIR_NAME;
-
-public final class MasterkeyService {
-
-	private static final Logger LOG = LoggerFactory.getLogger(MasterkeyService.class);
-
-	private MasterkeyService() {}
-
-	public static void recoverFromRecoveryKey(String recoveryKey, RecoveryKeyFactory recoveryKeyFactory, Path recoveryPath, CharSequence newPassword) throws IOException {
-		recoveryKeyFactory.newMasterkeyFileWithPassphrase(recoveryPath, recoveryKey, newPassword);
-	}
-
-	public static Masterkey load(MasterkeyFileAccess masterkeyFileAccess, Path masterkeyFilePath, CharSequence password) throws IOException {
-		return masterkeyFileAccess.load(masterkeyFilePath, password);
-	}
-
-	public static CryptorProvider.Scheme validateRecoveryKeyAndDetectCombo(RecoveryKeyFactory recoveryKeyFactory, //
-																		   Vault vault, String recoveryKey, //
-																		   MasterkeyFileAccess masterkeyFileAccess) throws IOException, CryptoException, NoSuchElementException {
-		String tmpPass = UUID.randomUUID().toString();
-		try (RecoveryDirectory recoveryDirectory = RecoveryDirectory.create(vault.getPath())) {
-			Path tempRecoveryPath = recoveryDirectory.getRecoveryPath();
-			recoverFromRecoveryKey(recoveryKey, recoveryKeyFactory, tempRecoveryPath, tmpPass);
-			Path masterkeyFilePath = tempRecoveryPath.resolve(MASTERKEY_FILENAME);
-
-			try (Masterkey mk = load(masterkeyFileAccess, masterkeyFilePath, tmpPass)) {
-				return detect(mk, vault.getPath()).orElseThrow();
-			}
-		}
-	}
-
-	public static Optional<CryptorProvider.Scheme> detect(Masterkey masterkey, Path vaultPath) {
-		try (Stream<Path> paths = Files.walk(vaultPath.resolve(DATA_DIR_NAME))) {
-			Optional<Path> c9rFile = paths //
-					.filter(p -> p.toString().endsWith(".c9r")) //
-					.filter(p -> !p.endsWith("dir.c9r")) //
-					.findFirst();
-			if (c9rFile.isEmpty()) {
-				LOG.info("Unable to detect Crypto scheme: No *.c9r file found in {}", vaultPath);
-				return Optional.empty();
-			}
-			return determineScheme(c9rFile.get(), masterkey);
-		} catch (IOException e) {
-			LOG.info("Unable to detect Crypto scheme: Failed to inspect vault", e);
-			return Optional.empty();
-		}
-	}
-
-	private static Optional<CryptorProvider.Scheme> determineScheme(Path c9rFile, Masterkey masterkey) {
-		return Arrays.stream(CryptorProvider.Scheme.values()).filter(scheme -> {
-			try (Cryptor cryptor = CryptorProvider.forScheme(scheme).provide(masterkey.copy(), SecureRandom.getInstanceStrong())) {
-				int headerSize = cryptor.fileHeaderCryptor().headerSize();
-
-				ByteBuffer headerBuf = ByteBuffer.allocate(headerSize);
-
-				try (FileChannel channel = FileChannel.open(c9rFile, StandardOpenOption.READ)) {
-					channel.read(headerBuf, 0);
-				}
-
-				headerBuf.flip();
-				cryptor.fileHeaderCryptor().decryptHeader(headerBuf.duplicate());
-				LOG.debug("Detected Crypto scheme: {}", scheme);
-				return true;
-			} catch (IllegalArgumentException | CryptoException e) {
-				LOG.debug("Could not decrypt with scheme: {}", scheme);
-				return false;
-			} catch (IOException | NoSuchAlgorithmException e) {
-				LOG.warn("Unable to detect Crypto scheme: Failed to decrypt .c9r file", e);
-				return false;
-			}
-		}).findFirst();
-	}
-
-}
--- a/src/main/java/org/cryptomator/common/recovery/RecoveryActionType.java
+++ b/src/main/java/org/cryptomator/common/recovery/RecoveryActionType.java
@@ -1,10 +0,0 @@
-package org.cryptomator.common.recovery;
-
-public enum RecoveryActionType {
-	RESTORE_ALL,
-	RESTORE_MASTERKEY,
-	RESTORE_VAULT_CONFIG,
-	RESET_PASSWORD,
-	SHOW_KEY,
-	CONVERT_VAULT
-}
--- a/src/main/java/org/cryptomator/common/recovery/RecoveryDirectory.java
+++ b/src/main/java/org/cryptomator/common/recovery/RecoveryDirectory.java
@@ -1,56 +0,0 @@
-package org.cryptomator.common.recovery;
-
-import java.io.IOException;
-import java.nio.file.Files;
-import java.nio.file.Path;
-import java.nio.file.StandardCopyOption;
-import java.util.Comparator;
-
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-
-public final class RecoveryDirectory implements AutoCloseable {
-
-	private static final Logger LOG = LoggerFactory.getLogger(RecoveryDirectory.class);
-
-	private final Path recoveryPath;
-	private final Path vaultPath;
-
-	private RecoveryDirectory(Path vaultPath, Path recoveryPath) {
-		this.vaultPath = vaultPath;
-		this.recoveryPath = recoveryPath;
-	}
-
-	public static RecoveryDirectory create(Path vaultPath) throws IOException {
-		Path tempDir = Files.createTempDirectory("cryptomator");
-		return new RecoveryDirectory(vaultPath, tempDir);
-	}
-
-	public void moveRecoveredFile(String file) throws IOException {
-		Files.move(recoveryPath.resolve(file), vaultPath.resolve(file), StandardCopyOption.REPLACE_EXISTING);
-	}
-
-	private void deleteRecoveryDirectory() {
-		try (var paths = Files.walk(recoveryPath)) {
-			paths.sorted(Comparator.reverseOrder()).forEach(p -> {
-				try {
-					Files.delete(p);
-				} catch (IOException e) {
-					LOG.info("Unable to delete {}. Please delete it manually.", p);
-				}
-			});
-		} catch (IOException e) {
-			LOG.error("Failed to clean up recovery directory", e);
-		}
-	}
-
-	@Override
-	public void close() {
-		deleteRecoveryDirectory();
-	}
-
-	public Path getRecoveryPath() {
-		return recoveryPath;
-	}
-
-}
--- a/src/main/java/org/cryptomator/common/recovery/VaultPreparator.java
+++ b/src/main/java/org/cryptomator/common/recovery/VaultPreparator.java
@@ -1,54 +0,0 @@
-package org.cryptomator.common.recovery;
-
-import org.apache.commons.lang3.SystemUtils;
-import org.cryptomator.common.settings.VaultSettings;
-import org.cryptomator.common.vaults.Vault;
-import org.cryptomator.common.vaults.VaultComponent;
-import org.cryptomator.common.vaults.VaultConfigCache;
-import org.cryptomator.common.vaults.VaultListManager;
-import org.cryptomator.integrations.mount.MountService;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-
-import java.io.IOException;
-import java.nio.file.Path;
-import java.util.List;
-import java.util.ResourceBundle;
-
-import static org.cryptomator.common.vaults.VaultState.Value.LOCKED;
-
-public final class VaultPreparator {
-
-	private static final Logger LOG = LoggerFactory.getLogger(VaultPreparator.class);
-
-	private VaultPreparator() {}
-
-	public static Vault prepareVault(Path selectedDirectory, //
-									 VaultComponent.Factory vaultComponentFactory, //
-									 List<MountService> mountServices, //
-									 ResourceBundle resourceBundle) {
-		VaultSettings vaultSettings = VaultSettings.withRandomId();
-		vaultSettings.path.set(selectedDirectory);
-		if (selectedDirectory.getFileName() != null) {
-			vaultSettings.displayName.set(selectedDirectory.getFileName().toString());
-		} else {
-			vaultSettings.displayName.set(resourceBundle.getString("defaults.vault.vaultName"));
-		}
-
-		var wrapper = new VaultConfigCache(vaultSettings);
-		Vault vault = vaultComponentFactory.create(vaultSettings, wrapper, LOCKED, null).vault();
-		try {
-			VaultListManager.determineVaultState(vault.getPath());
-		} catch (IOException e) {
-			LOG.warn("Failed to determine vault state for {}", vaultSettings.path.get(), e);
-		}
-
-		//due to https://github.com/cryptomator/cryptomator/issues/2880#issuecomment-1680313498
-		var nameOfWinfspLocalMounter = "org.cryptomator.frontend.fuse.mount.WinFspMountProvider";
-		if (SystemUtils.IS_OS_WINDOWS && vaultSettings.path.get().toString().contains("Dropbox") && mountServices.stream().anyMatch(s -> s.getClass().getName().equals(nameOfWinfspLocalMounter))) {
-			vaultSettings.mountService.setValue(nameOfWinfspLocalMounter);
-		}
-
-		return vault;
-	}
-}
--- a/src/main/java/org/cryptomator/common/settings/Settings.java
+++ b/src/main/java/org/cryptomator/common/settings/Settings.java
@@ -25,8 +25,8 @@ import javafx.beans.property.StringProperty;
 import javafx.collections.FXCollections;
 import javafx.collections.ObservableList;
 import javafx.geometry.NodeOrientation;
-import java.nio.file.Path;
 import java.time.Instant;
+import java.util.function.Consumer;

 public class Settings {

@@ -51,7 +51,6 @@ public class Settings {
 	static final String DEFAULT_USER_INTERFACE_ORIENTATION = NodeOrientation.LEFT_TO_RIGHT.name();
 	public static final Instant DEFAULT_TIMESTAMP = Instant.parse("2000-01-01T00:00:00Z");

-	private final SettingsProvider provider;
 	public final ObservableList<VaultSettings> directories;
 	public final BooleanProperty startHidden;
 	public final BooleanProperty autoCloseVaults;
@@ -76,13 +75,13 @@ public class Settings {
 	public final BooleanProperty checkForUpdates;
 	public final ObjectProperty<Instant> lastUpdateCheckReminder;
 	public final ObjectProperty<Instant> lastSuccessfulUpdateCheck;
-	public final ObjectProperty<Path> previouslyUsedVaultDirectory;
-	public final StringProperty lastUpdateAttemptedByVersion;

-	public static Settings create(SettingsProvider provider, Environment env) {
+	private Consumer<Settings> saveCmd;
+
+	public static Settings create(Environment env) {
 		var defaults = new SettingsJson();
 		defaults.showTrayIcon = env.showTrayIcon();
-		return new Settings(provider, defaults);
+		return new Settings(defaults);
 	}

 	/**
@@ -90,8 +89,7 @@ public class Settings {
 	 *
 	 * @param json The parsed settings.json
 	 */
-	Settings(SettingsProvider provider, SettingsJson json) {
-		this.provider = provider;
+	Settings(SettingsJson json) {
 		this.directories = FXCollections.observableArrayList(VaultSettings::observables);
 		this.startHidden = new SimpleBooleanProperty(this, "startHidden", json.startHidden);
 		this.autoCloseVaults = new SimpleBooleanProperty(this, "autoCloseVaults", json.autoCloseVaults);
@@ -116,8 +114,6 @@ public class Settings {
 		this.checkForUpdates = new SimpleBooleanProperty(this, "checkForUpdates", json.checkForUpdatesEnabled);
 		this.lastUpdateCheckReminder = new SimpleObjectProperty<>(this, "lastUpdateCheckReminder", json.lastReminderForUpdateCheck);
 		this.lastSuccessfulUpdateCheck = new SimpleObjectProperty<>(this, "lastSuccessfulUpdateCheck", json.lastSuccessfulUpdateCheck);
-		this.previouslyUsedVaultDirectory = new SimpleObjectProperty<>(this, "previouslyUsedVaultDirectory", json.previouslyUsedVaultDirectory);
-		this.lastUpdateAttemptedByVersion = new SimpleStringProperty(this, "lastUpdateAttemptedByVersion", json.lastUpdateAttemptedByVersion);

 		this.directories.addAll(json.directories.stream().map(VaultSettings::new).toList());

@@ -147,8 +143,6 @@ public class Settings {
 		checkForUpdates.addListener(this::somethingChanged);
 		lastUpdateCheckReminder.addListener(this::somethingChanged);
 		lastSuccessfulUpdateCheck.addListener(this::somethingChanged);
-		previouslyUsedVaultDirectory.addListener(this::somethingChanged);
-		lastUpdateAttemptedByVersion.addListener(this::somethingChanged);
 	}

 	@SuppressWarnings("deprecation")
@@ -210,8 +204,6 @@ public class Settings {
 		json.checkForUpdatesEnabled = checkForUpdates.get();
 		json.lastReminderForUpdateCheck = lastUpdateCheckReminder.get();
 		json.lastSuccessfulUpdateCheck = lastSuccessfulUpdateCheck.get();
-		json.previouslyUsedVaultDirectory = previouslyUsedVaultDirectory.get();
-		json.lastUpdateAttemptedByVersion = lastUpdateAttemptedByVersion.get();
 		return json;
 	}

@@ -224,12 +216,20 @@ public class Settings {
 		}
 	}

-	private void somethingChanged(@SuppressWarnings("unused") Observable observable) {
-		provider.scheduleSave(this);
+
+	// TODO rename to setChangeListener
+	void setSaveCmd(Consumer<Settings> saveCmd) {
+		this.saveCmd = saveCmd;
 	}

-	public void saveNow() {
-		provider.saveNow(this);
+	private void somethingChanged(@SuppressWarnings("unused") Observable observable) {
+		this.save();
+	}
+
+	void save() {
+		if (saveCmd != null) {
+			saveCmd.accept(this);
+		}
 	}

 }
--- a/src/main/java/org/cryptomator/common/settings/SettingsJson.java
+++ b/src/main/java/org/cryptomator/common/settings/SettingsJson.java
@@ -5,7 +5,6 @@ import com.fasterxml.jackson.annotation.JsonIgnoreProperties;
 import com.fasterxml.jackson.annotation.JsonInclude;
 import com.fasterxml.jackson.annotation.JsonProperty;

-import java.nio.file.Path;
 import java.time.Instant;
 import java.util.List;

@@ -93,10 +92,4 @@ class SettingsJson {

 	@JsonProperty("quickAccessService")
 	String quickAccessService = Settings.DEFAULT_QUICKACCESS_SERVICE;
-
-	@JsonProperty("previouslyUsedVaultDirectory")
-	Path previouslyUsedVaultDirectory;
-
-	@JsonProperty("lastUpdateAttemptedByVersion")
-	String lastUpdateAttemptedByVersion;
 }
--- a/src/main/java/org/cryptomator/common/settings/SettingsProvider.java
+++ b/src/main/java/org/cryptomator/common/settings/SettingsProvider.java
@@ -26,9 +26,7 @@ import java.nio.file.NoSuchFileException;
 import java.nio.file.Path;
 import java.nio.file.StandardCopyOption;
 import java.nio.file.StandardOpenOption;
-import java.util.concurrent.CompletableFuture;
-import java.util.concurrent.ExecutionException;
-import java.util.concurrent.Future;
+import java.util.Optional;
 import java.util.concurrent.ScheduledExecutorService;
 import java.util.concurrent.ScheduledFuture;
 import java.util.concurrent.TimeUnit;
@@ -63,7 +61,8 @@ public class SettingsProvider implements Supplier<Settings> {
 		Settings settings = env.getSettingsPath() //
 				.flatMap(this::tryLoad) //
 				.findFirst() //
-				.orElseGet(() -> Settings.create(this, env));
+				.orElseGet(() -> Settings.create(env));
+		settings.setSaveCmd(this::scheduleSave);
 		return settings;
 	}

@@ -72,7 +71,7 @@ public class SettingsProvider implements Supplier<Settings> {
 		try (InputStream in = Files.newInputStream(path, StandardOpenOption.READ)) {
 			var json = JSON.reader().readValue(in, SettingsJson.class);
 			LOG.info("Settings loaded from {}", path);
-			var settings = new Settings(this, json);
+			var settings = new Settings(json);
 			return Stream.of(settings);
 		} catch (JacksonException e) {
 			LOG.warn("Failed to parse json file {}", path, e);
@@ -85,33 +84,19 @@ public class SettingsProvider implements Supplier<Settings> {
 		}
 	}

-	void saveNow(Settings settings) {
-		try {
-			scheduleSave(settings, 0L).get();
-		} catch (InterruptedException e) {
-			Thread.currentThread().interrupt();
-			LOG.error("Saving settings was interrupted.", e);
-		} catch (ExecutionException e) {
-			LOG.error("Unexpected exception while saving.", e);
-		}
-	}
-
-	void scheduleSave(Settings settings) {
-		scheduleSave(settings, SAVE_DELAY_MS);
-	}
-
-	private Future<?> scheduleSave(Settings settings, long delayMillis) {
+	private void scheduleSave(Settings settings) {
 		if (settings == null) {
-			return CompletableFuture.completedFuture(null);
+			return;
 		}
-		final Path settingsPath = env.getSettingsPath().findFirst().orElseThrow(); // always save to preferred (first) path
-		Runnable saveCommand = () -> this.save(settings, settingsPath);
-		ScheduledFuture<?> scheduledTask = scheduler.schedule(saveCommand, delayMillis, TimeUnit.MILLISECONDS);
-		ScheduledFuture<?> previouslyScheduledTask = scheduledSaveCmd.getAndSet(scheduledTask);
-		if (previouslyScheduledTask != null) {
-			previouslyScheduledTask.cancel(false);
-		}
-		return scheduledTask;
+		final Optional<Path> settingsPath = env.getSettingsPath().findFirst(); // always save to preferred (first) path
+		settingsPath.ifPresent(path -> {
+			Runnable saveCommand = () -> this.save(settings, path);
+			ScheduledFuture<?> scheduledTask = scheduler.schedule(saveCommand, SAVE_DELAY_MS, TimeUnit.MILLISECONDS);
+			ScheduledFuture<?> previouslyScheduledTask = scheduledSaveCmd.getAndSet(scheduledTask);
+			if (previouslyScheduledTask != null) {
+				previouslyScheduledTask.cancel(false);
+			}
+		});
 	}

 	private void save(Settings settings, Path settingsPath) {
@@ -122,7 +107,7 @@ public class SettingsProvider implements Supplier<Settings> {
 			Path tmpPath = settingsPath.resolveSibling(settingsPath.getFileName().toString() + ".tmp");
 			try (OutputStream out = Files.newOutputStream(tmpPath, StandardOpenOption.CREATE, StandardOpenOption.TRUNCATE_EXISTING, StandardOpenOption.WRITE)) {
 				var jsonObj = settings.serialized();
-				jsonObj.writtenByVersion = env.getAppVersionWithBuildNumber();
+				jsonObj.writtenByVersion = env.getAppVersion() + env.getBuildNumber().map("-"::concat).orElse("");
 				JSON.writerWithDefaultPrettyPrinter().writeValue(out, jsonObj);
 			}
 			Files.move(tmpPath, settingsPath, StandardCopyOption.REPLACE_EXISTING);
--- a/src/main/java/org/cryptomator/common/vaults/Vault.java
+++ b/src/main/java/org/cryptomator/common/vaults/Vault.java
@@ -23,6 +23,7 @@ import org.cryptomator.cryptofs.event.FilesystemEvent;
 import org.cryptomator.cryptolib.api.CryptoException;
 import org.cryptomator.cryptolib.api.MasterkeyLoader;
 import org.cryptomator.cryptolib.api.MasterkeyLoadingFailedException;
+import org.cryptomator.event.VaultEvent;
 import org.cryptomator.integrations.mount.MountFailedException;
 import org.cryptomator.integrations.mount.Mountpoint;
 import org.cryptomator.integrations.mount.UnmountFailedException;
@@ -34,6 +35,7 @@ import org.slf4j.LoggerFactory;

 import javax.inject.Inject;
 import javax.inject.Named;
+import javafx.application.Platform;
 import javafx.beans.Observable;
 import javafx.beans.binding.Bindings;
 import javafx.beans.binding.BooleanBinding;
@@ -73,7 +75,6 @@ public class Vault {
 	private final BooleanBinding missing;
 	private final BooleanBinding needsMigration;
 	private final BooleanBinding unknownError;
-	private final BooleanBinding missingVaultConfig;
 	private final ObjectBinding<Mountpoint> mountPoint;
 	private final Mounter mounter;
 	private final Settings settings;
@@ -102,7 +103,6 @@ public class Vault {
 		this.processing = Bindings.createBooleanBinding(this::isProcessing, state);
 		this.unlocked = Bindings.createBooleanBinding(this::isUnlocked, state);
 		this.missing = Bindings.createBooleanBinding(this::isMissing, state);
-		this.missingVaultConfig = Bindings.createBooleanBinding(this::isMissingVaultConfig, state);
 		this.needsMigration = Bindings.createBooleanBinding(this::isNeedsMigration, state);
 		this.unknownError = Bindings.createBooleanBinding(this::isUnknownError, state);
 		this.mountPoint = Bindings.createObjectBinding(this::getMountPoint, state);
@@ -336,14 +336,6 @@ public class Vault {
 		return state.get() == VaultState.Value.ERROR;
 	}

-	public BooleanBinding missingVaultConfigProperty() {
-		return missingVaultConfig;
-	}
-
-	public boolean isMissingVaultConfig() {
-		return state.get() == VaultState.Value.VAULT_CONFIG_MISSING || state.get() == VaultState.Value.ALL_MISSING;
-	}
-
 	public ReadOnlyStringProperty displayNameProperty() {
 		return vaultSettings.displayName;
 	}
--- a/src/main/java/org/cryptomator/common/vaults/VaultConfigCache.java
+++ b/src/main/java/org/cryptomator/common/vaults/VaultConfigCache.java
@@ -20,7 +20,7 @@ public class VaultConfigCache {
 	private final VaultSettings settings;
 	private final AtomicReference<VaultConfig.UnverifiedVaultConfig> config;

-	public VaultConfigCache(VaultSettings settings) {
+	VaultConfigCache(VaultSettings settings) {
 		this.settings = settings;
 		this.config = new AtomicReference<>(null);
 	}
--- a/src/main/java/org/cryptomator/common/vaults/VaultListManager.java
+++ b/src/main/java/org/cryptomator/common/vaults/VaultListManager.java
@@ -9,14 +9,13 @@
 package org.cryptomator.common.vaults;

 import org.apache.commons.lang3.SystemUtils;
-import org.cryptomator.common.recovery.BackupRestorer;
+import org.cryptomator.common.Constants;
 import org.cryptomator.common.settings.Settings;
 import org.cryptomator.common.settings.VaultSettings;
 import org.cryptomator.cryptofs.CryptoFileSystemProvider;
 import org.cryptomator.cryptofs.DirStructure;
 import org.cryptomator.cryptofs.migration.Migrators;
 import org.cryptomator.integrations.mount.MountService;
-import org.cryptomator.ui.keyloading.masterkeyfile.MasterkeyFileLoadingStrategy;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;

@@ -35,7 +34,9 @@ import java.util.ResourceBundle;

 import static org.cryptomator.common.Constants.MASTERKEY_FILENAME;
 import static org.cryptomator.common.Constants.VAULTCONFIG_FILENAME;
-import static org.cryptomator.common.vaults.VaultState.Value.*;
+import static org.cryptomator.common.vaults.VaultState.Value.ERROR;
+import static org.cryptomator.common.vaults.VaultState.Value.LOCKED;
+import static org.cryptomator.common.vaults.VaultState.Value.NEEDS_MIGRATION;

@Singleton
 public class VaultListManager {
@@ -66,12 +67,6 @@ public class VaultListManager {
 		autoLocker.init();
 	}

-	public boolean isAlreadyAdded(Path vaultPath) {
-		assert vaultPath.isAbsolute();
-		assert vaultPath.normalize().equals(vaultPath);
-		return vaultList.stream().anyMatch(v -> vaultPath.equals(v.getPath()));
-	}
-
 	public Vault add(Path pathToVault) throws IOException {
 		Path normalizedPathToVault = pathToVault.normalize().toAbsolutePath();
 		if (CryptoFileSystemProvider.checkDirStructureForVault(normalizedPathToVault, VAULTCONFIG_FILENAME, MASTERKEY_FILENAME) == DirStructure.UNRELATED) {
@@ -119,122 +114,59 @@ public class VaultListManager {
 				.findAny();
 	}

-	public void addVault(Vault vault) {
-		Path path = vault.getPath().normalize().toAbsolutePath();
-		if (!isAlreadyAdded(path)) {
-			vaultList.add(vault);
-		}
-	}
-
 	private Vault create(VaultSettings vaultSettings) {
 		var wrapper = new VaultConfigCache(vaultSettings);
 		try {
 			var vaultState = determineVaultState(vaultSettings.path.get());
-			initializeLastKnownKeyLoaderIfPossible(vaultSettings, vaultState, wrapper);
-
+			if (vaultState == LOCKED) { //for legacy reasons: pre v8 vault do not have a config, but they are in the NEEDS_MIGRATION state
+				wrapper.reloadConfig();
+				if (Objects.isNull(vaultSettings.lastKnownKeyLoader.get())) {
+					var keyIdScheme = wrapper.get().getKeyId().getScheme();
+					vaultSettings.lastKnownKeyLoader.set(keyIdScheme);
+				}
+			} else if (vaultState == NEEDS_MIGRATION) {
+				vaultSettings.lastKnownKeyLoader.set(Constants.DEFAULT_KEY_ID.toString());
+			}
 			return vaultComponentFactory.create(vaultSettings, wrapper, vaultState, null).vault();
 		} catch (IOException e) {
-			LOG.warn("Failed to determine vault state for {}", vaultSettings.path.get(), e);
+			LOG.warn("Failed to determine vault state for " + vaultSettings.path.get(), e);
 			return vaultComponentFactory.create(vaultSettings, wrapper, ERROR, e).vault();
 		}
 	}

-	private void initializeLastKnownKeyLoaderIfPossible(VaultSettings vaultSettings, VaultState.Value vaultState, VaultConfigCache wrapper) throws IOException {
-		if (vaultSettings.lastKnownKeyLoader.get() != null) {
-			return;
-		}
-
-		switch (vaultState) {
-			case LOCKED -> {
-				wrapper.reloadConfig();
-				vaultSettings.lastKnownKeyLoader.set(wrapper.get().getKeyId().getScheme());
-			}
-			case NEEDS_MIGRATION -> {
-				//for legacy reasons: pre v8 vault do not have a config, but they are in the NEEDS_MIGRATION state
-				vaultSettings.lastKnownKeyLoader.set(MasterkeyFileLoadingStrategy.SCHEME);
-			}
-			case VAULT_CONFIG_MISSING ->  {
-				//Nothing to do here, since there is no config to read
-			}
-			case MISSING, ALL_MISSING, ERROR, PROCESSING -> {
-				// no config available or not safe to load
-			}
-			default -> {
-				if (Files.exists(vaultSettings.path.get().resolve(VAULTCONFIG_FILENAME))) {
-					try {
-						wrapper.reloadConfig();
-						vaultSettings.lastKnownKeyLoader.set(wrapper.get().getKeyId().getScheme());
-					} catch (IOException e) {
-						LOG.debug("Unable to load config for {}", vaultSettings.path.get(), e);
-					}
-				}
-			}
-		}
-	}
-
 	public static VaultState.Value redetermineVaultState(Vault vault) {
 		VaultState state = vault.stateProperty();
-		VaultState.Value previous = state.getValue();
-
-		if (previous.equals(UNLOCKED) || previous.equals(PROCESSING)) {
-			return previous;
-		}
-
-		try {
-			VaultState.Value determined = determineVaultState(vault.getPath());
-
-			if (determined == LOCKED) {
-				vault.getVaultConfigCache().reloadConfig();
+		VaultState.Value previousState = state.getValue();
+		return switch (previousState) {
+			case LOCKED, NEEDS_MIGRATION, MISSING -> {
+				try {
+					var determinedState = determineVaultState(vault.getPath());
+					if (determinedState == LOCKED) {
+						vault.getVaultConfigCache().reloadConfig();
+					}
+					state.set(determinedState);
+					yield determinedState;
+				} catch (IOException e) {
+					LOG.warn("Failed to determine vault state for " + vault.getPath(), e);
+					state.set(ERROR);
+					vault.setLastKnownException(e);
+					yield ERROR;
+				}
 			}
-
-			state.set(determined);
-			return determined;
-		} catch (IOException e) {
-			LOG.warn("Failed to (re)determine vault state for {}", vault.getPath(), e);
-			vault.setLastKnownException(e);
-			state.set(ERROR);
-			return ERROR;
-		}
+			case ERROR, UNLOCKED, PROCESSING -> previousState;
+		};
 	}

-	public static VaultState.Value determineVaultState(Path pathToVault) throws IOException {
+	private static VaultState.Value determineVaultState(Path pathToVault) throws IOException {
 		if (!Files.exists(pathToVault)) {
-			return MISSING;
+			return VaultState.Value.MISSING;
 		}
-
-		VaultState.Value structureResult = checkDirStructure(pathToVault);
-
-		if (structureResult == LOCKED || structureResult == NEEDS_MIGRATION) {
-			return structureResult;
-		}
-
-		Path pathToVaultConfig = pathToVault.resolve(VAULTCONFIG_FILENAME);
-		Path pathToMasterkey = pathToVault.resolve(MASTERKEY_FILENAME);
-
-		if (!Files.exists(pathToVaultConfig)) {
-			BackupRestorer.restoreIfBackupPresent(pathToVault, VAULTCONFIG_FILENAME);
-		}
-		if (!Files.exists(pathToMasterkey)) {
-			BackupRestorer.restoreIfBackupPresent(pathToVault, MASTERKEY_FILENAME);
-		}
-
-		boolean hasConfig = Files.exists(pathToVaultConfig);
-
-		if (!hasConfig && !Files.exists(pathToMasterkey)) {
-			return ALL_MISSING;
-		}
-		if (!hasConfig) {
-			return VAULT_CONFIG_MISSING;
-		}
-
-		return checkDirStructure(pathToVault);
-	}
-
-	private static VaultState.Value checkDirStructure(Path pathToVault) throws IOException {
 		return switch (CryptoFileSystemProvider.checkDirStructureForVault(pathToVault, VAULTCONFIG_FILENAME, MASTERKEY_FILENAME)) {
-			case VAULT -> LOCKED;
-			case UNRELATED -> MISSING;
-			case MAYBE_LEGACY -> Migrators.get().needsMigration(pathToVault, VAULTCONFIG_FILENAME, MASTERKEY_FILENAME) ? NEEDS_MIGRATION : MISSING;
+			case VAULT -> VaultState.Value.LOCKED;
+			case UNRELATED -> VaultState.Value.MISSING;
+			case MAYBE_LEGACY -> Migrators.get().needsMigration(pathToVault, VAULTCONFIG_FILENAME, MASTERKEY_FILENAME) ? //
+					VaultState.Value.NEEDS_MIGRATION //
+					: VaultState.Value.MISSING;
 		};
 	}

--- a/src/main/java/org/cryptomator/common/vaults/VaultState.java
+++ b/src/main/java/org/cryptomator/common/vaults/VaultState.java
@@ -25,16 +25,6 @@ public class VaultState extends ObservableValueBase<VaultState.Value> implements
 		 */
 		MISSING,

-		/**
-		 * No vault config found at the provided path
-		 */
-		VAULT_CONFIG_MISSING,
-
-		/**
-		 * No vault config and masterkey found at the provided path
-		 */
-		ALL_MISSING,
-
 		/**
 		 * Vault requires migration to a newer vault format
 		 */
--- a/src/main/java/org/cryptomator/ipc/Server.java
+++ b/src/main/java/org/cryptomator/ipc/Server.java
@@ -53,26 +53,18 @@ class Server implements IpcCommunicator {
 	@Override
 	public void listen(IpcMessageListener listener, Executor executor) {
 		executor.execute(() -> {
-			int errorCount = 0;
 			while (serverSocketChannel.isOpen()) {
 				try (var ch = serverSocketChannel.accept()) {
 					while (ch.isConnected()) {
 						var msg = IpcMessage.receive(ch);
 						listener.handleMessage(msg);
 					}
-					errorCount = 0;
 				} catch (AsynchronousCloseException e) {
-					LOG.info("Closing server socket due to closed channel.");
 					return; // serverSocketChannel closed or listener interrupted
 				} catch (EOFException | ClosedChannelException e) {
 					// continue with next connected client
 				} catch (IOException e) {
-					errorCount++;
 					LOG.error("Failed to read IPC message", e);
-					if(errorCount > 100) { //apparently something is broken, prevent log spam
-						LOG.info("Closing server socket due to too many failed requests.");
-						return;
-					}
 				}
 			}
 		});
--- a/src/main/java/org/cryptomator/logging/LogbackConfigurator.java
+++ b/src/main/java/org/cryptomator/logging/LogbackConfigurator.java
@@ -90,9 +90,6 @@ public class LogbackConfigurator extends ContextAwareBase implements Configurato
 			// configure fuse file locking logger:
 			Logger fuseLocking = context.getLogger("org.cryptomator.frontend.fuse.locks");
 			fuseLocking.setLevel(Level.OFF);
-			//deactivate kwallet unsettling message
-			Logger kdeWallet = context.getLogger("org.purejava.kwallet.freedesktop.dbus.handlers");
-			kdeWallet.setLevel(Level.OFF);
 		}
 		return ExecutionStatus.DO_NOT_INVOKE_NEXT_IF_ANY;
 	}
--- a/src/main/java/org/cryptomator/ui/addvaultwizard/CreateNewVaultExpertSettingsController.java
+++ b/src/main/java/org/cryptomator/ui/addvaultwizard/CreateNewVaultExpertSettingsController.java
@@ -26,7 +26,7 @@ public class CreateNewVaultExpertSettingsController implements FxController {

 	public static final int MAX_SHORTENING_THRESHOLD = 220;
 	public static final int MIN_SHORTENING_THRESHOLD = 36;
-	private static final String DOCS_NAME_SHORTENING_URL = "https://docs.cryptomator.org/security/vault/#name-shortening";
+	private static final String DOCS_NAME_SHORTENING_URL = "https://docs.cryptomator.org/security/architecture/#name-shortening";

 	private final Stage window;
 	private final Lazy<Application> application;
--- a/src/main/java/org/cryptomator/ui/addvaultwizard/CreateNewVaultLocationController.java
+++ b/src/main/java/org/cryptomator/ui/addvaultwizard/CreateNewVaultLocationController.java
@@ -4,7 +4,6 @@ import dagger.Lazy;
 import org.cryptomator.common.ObservableUtil;
 import org.cryptomator.common.locationpresets.LocationPreset;
 import org.cryptomator.common.locationpresets.LocationPresetsProvider;
-import org.cryptomator.common.settings.Settings;
 import org.cryptomator.ui.common.FxController;
 import org.cryptomator.ui.common.FxmlFile;
 import org.cryptomator.ui.common.FxmlScene;
@@ -39,7 +38,6 @@ import javafx.stage.WindowEvent;
 import java.io.File;
 import java.io.IOException;
 import java.nio.file.Files;
-import java.nio.file.InvalidPathException;
 import java.nio.file.Path;
 import java.nio.file.Paths;
 import java.util.Optional;
@@ -66,7 +64,6 @@ public class CreateNewVaultLocationController implements FxController {
 	private final BooleanProperty loadingPresetLocations = new SimpleBooleanProperty(false);
 	private final ObservableList<Node> radioButtons;
 	private final ObservableList<Node> sortedRadioButtons;
-	private final Settings settings;

 	private Path customVaultPath = DEFAULT_CUSTOM_VAULT_PATH;

@@ -85,7 +82,6 @@ public class CreateNewVaultLocationController implements FxController {
 									 @FxmlScene(FxmlFile.ADDVAULT_NEW_EXPERT_SETTINGS) Lazy<Scene> chooseExpertSettingsScene, //
 									 ObjectProperty<Path> vaultPath, //
 									 @Named("vaultName") StringProperty vaultName, //
-									 Settings settings, //
 									 ExecutorService backgroundExecutor, ResourceBundle resourceBundle) {
 		this.window = window;
 		this.chooseNameScene = chooseNameScene;
@@ -100,18 +96,6 @@ public class CreateNewVaultLocationController implements FxController {
 		this.usePresetPath = new SimpleBooleanProperty();
 		this.radioButtons = FXCollections.observableArrayList();
 		this.sortedRadioButtons = radioButtons.sorted(this::compareLocationPresets);
-		this.settings = settings;
-
-		Path previouslyUsedDirectory = settings.previouslyUsedVaultDirectory.get();
-		if (previouslyUsedDirectory != null) {
-			try {
-				if (Files.exists(previouslyUsedDirectory) && Files.isDirectory(previouslyUsedDirectory) && isActuallyWritable(previouslyUsedDirectory)) {
-					this.customVaultPath = previouslyUsedDirectory;
-				}
-			} catch (InvalidPathException | NullPointerException e) {
-				LOG.warn("Invalid previously used vault directory path: {}", previouslyUsedDirectory, e);
-			}
-		}
 	}

 	private VaultPathStatus validatePath(Path p) throws NullPointerException {
@@ -212,12 +196,6 @@ public class CreateNewVaultLocationController implements FxController {
 	@FXML
 	public void next() {
 		if (validVaultPath.getValue()) {
-			if (this.getVaultPath() != null) {
-				Path parentPath = this.getVaultPath().getParent();
-				if (parentPath != null) {
-					this.settings.previouslyUsedVaultDirectory.setValue(parentPath);
-				}
-			}
 			window.setScene(chooseExpertSettingsScene.get());
 		}
 	}
--- a/src/main/java/org/cryptomator/ui/changepassword/PasswordStrengthUtil.java
+++ b/src/main/java/org/cryptomator/ui/changepassword/PasswordStrengthUtil.java
@@ -20,6 +20,7 @@ import java.util.ResourceBundle;
 public class PasswordStrengthUtil {

 	private static final int PW_TRUNC_LEN = 100; // truncate very long passwords, since zxcvbn memory and runtime depends vastly on the length
+	private static final String RESSOURCE_PREFIX = "passwordStrength.messageLabel.";
 	private static final List<String> SANITIZED_INPUTS = List.of("cryptomator");

 	private final ResourceBundle resourceBundle;
@@ -47,15 +48,13 @@ public class PasswordStrengthUtil {
 	}

 	public String getStrengthDescription(Number score) {
-		return switch (score.intValue()) {
-			case -1 -> String.format(resourceBundle.getString("passwordStrength.messageLabel.tooShort"), minPwLength);
-			case 0 -> resourceBundle.getString("passwordStrength.messageLabel.0");
-			case 1 -> resourceBundle.getString("passwordStrength.messageLabel.1");
-			case 2 -> resourceBundle.getString("passwordStrength.messageLabel.2");
-			case 3 -> resourceBundle.getString("passwordStrength.messageLabel.3");
-			case 4 -> resourceBundle.getString("passwordStrength.messageLabel.4");
-			default -> "";
-		};
+		if (score.intValue() == -1) {
+			return String.format(resourceBundle.getString(RESSOURCE_PREFIX + "tooShort"), minPwLength);
+		} else if (resourceBundle.containsKey(RESSOURCE_PREFIX + score.intValue())) {
+			return resourceBundle.getString(RESSOURCE_PREFIX + score.intValue());
+		} else {
+			return "";
+		}
 	}

 }
--- a/src/main/java/org/cryptomator/ui/common/FxmlFile.java
+++ b/src/main/java/org/cryptomator/ui/common/FxmlFile.java
@@ -42,10 +42,9 @@ public enum FxmlFile {
 	QUIT("/fxml/quit.fxml"), //
 	QUIT_FORCED("/fxml/quit_forced.fxml"), //
 	RECOVERYKEY_CREATE("/fxml/recoverykey_create.fxml"), //
-	RECOVERYKEY_EXPERT_SETTINGS("/fxml/recoverykey_expert_settings.fxml"), //
-	RECOVERYKEY_ONBOARDING("/fxml/recoverykey_onboarding.fxml"), //
 	RECOVERYKEY_RECOVER("/fxml/recoverykey_recover.fxml"), //
 	RECOVERYKEY_RESET_PASSWORD("/fxml/recoverykey_reset_password.fxml"), //
+	RECOVERYKEY_RESET_PASSWORD_SUCCESS("/fxml/recoverykey_reset_password_success.fxml"), //
 	RECOVERYKEY_SUCCESS("/fxml/recoverykey_success.fxml"), //
 	SHARE_VAULT("/fxml/share_vault.fxml"), //
 	SIMPLE_DIALOG("/fxml/simple_dialog.fxml"), //
--- a/src/main/java/org/cryptomator/ui/convertvault/ConvertVaultModule.java
+++ b/src/main/java/org/cryptomator/ui/convertvault/ConvertVaultModule.java
@@ -4,10 +4,8 @@ import dagger.Binds;
 import dagger.Module;
 import dagger.Provides;
 import dagger.multibindings.IntoMap;
-import org.cryptomator.common.recovery.RecoveryActionType;
 import org.cryptomator.common.vaults.Vault;
 import org.cryptomator.cryptofs.VaultConfig;
-import org.cryptomator.cryptolib.common.MasterkeyFileAccess;
 import org.cryptomator.ui.changepassword.NewPasswordController;
 import org.cryptomator.ui.changepassword.PasswordStrengthUtil;
 import org.cryptomator.ui.common.DefaultSceneFactory;
@@ -22,7 +20,6 @@ import org.cryptomator.ui.recoverykey.RecoveryKeyValidateController;

 import javax.inject.Named;
 import javax.inject.Provider;
-import javafx.beans.property.SimpleObjectProperty;
 import javafx.beans.property.SimpleStringProperty;
 import javafx.beans.property.StringProperty;
 import javafx.scene.Scene;
@@ -122,8 +119,8 @@ abstract class ConvertVaultModule {
 	@Provides
 	@IntoMap
 	@FxControllerKey(RecoveryKeyValidateController.class)
-	static FxController provideRecoveryKeyValidateController(@ConvertVaultWindow Vault vault, @ConvertVaultWindow VaultConfig.UnverifiedVaultConfig vaultConfig, @ConvertVaultWindow StringProperty recoveryKey, RecoveryKeyFactory recoveryKeyFactory, MasterkeyFileAccess masterkeyFileAccess) {
-		return new RecoveryKeyValidateController(vault, vaultConfig, recoveryKey, recoveryKeyFactory, masterkeyFileAccess, new SimpleObjectProperty<>(RecoveryActionType.CONVERT_VAULT), new SimpleObjectProperty<>(null));
+	static FxController bindRecoveryKeyValidateController(@ConvertVaultWindow Vault vault, @ConvertVaultWindow VaultConfig.UnverifiedVaultConfig vaultConfig, @ConvertVaultWindow StringProperty recoveryKey, RecoveryKeyFactory recoveryKeyFactory) {
+		return new RecoveryKeyValidateController(vault, vaultConfig, recoveryKey, recoveryKeyFactory);
 	}

 }
--- a/src/main/java/org/cryptomator/ui/decryptname/DecryptFileNamesViewController.java
+++ b/src/main/java/org/cryptomator/ui/decryptname/DecryptFileNamesViewController.java
@@ -194,7 +194,7 @@ public class DecryptFileNamesViewController implements FxController {
 		}
 	}

-	//observable getter
+	//obvservable getter

 	public ObservableValue<String> dropZoneTextProperty() {
 		return dropZoneText;
--- a/src/main/java/org/cryptomator/ui/dialogs/Dialogs.java
+++ b/src/main/java/org/cryptomator/ui/dialogs/Dialogs.java
@@ -2,7 +2,6 @@ package org.cryptomator.ui.dialogs;

 import org.cryptomator.common.settings.Settings;
 import org.cryptomator.common.vaults.Vault;
-import org.cryptomator.ui.common.DefaultSceneFactory;
 import org.cryptomator.ui.common.StageFactory;
 import org.cryptomator.ui.controls.FontAwesome5Icon;
 import org.cryptomator.ui.fxapp.FxApplicationScoped;
@@ -20,21 +19,17 @@ public class Dialogs {

 	private final ResourceBundle resourceBundle;
 	private final StageFactory stageFactory;
-	private final DefaultSceneFactory sceneFactory;
-
-	private static final String BUTTON_KEY_CLOSE = "generic.button.close";

 	@Inject
-	public Dialogs(ResourceBundle resourceBundle, StageFactory stageFactory, DefaultSceneFactory sceneFactory) {
+	public Dialogs(ResourceBundle resourceBundle, StageFactory stageFactory) {
 		this.resourceBundle = resourceBundle;
 		this.stageFactory = stageFactory;
-		this.sceneFactory = sceneFactory;
 	}

 	private static final Logger LOG = LoggerFactory.getLogger(Dialogs.class);

 	private SimpleDialog.Builder createDialogBuilder() {
-		return new SimpleDialog.Builder(resourceBundle, stageFactory, sceneFactory);
+		return new SimpleDialog.Builder(resourceBundle, stageFactory);
 	}

 	public SimpleDialog.Builder prepareRemoveVaultDialog(Stage window, Vault vault, ObservableList<Vault> vaults) {
@@ -52,43 +47,6 @@ public class Dialogs {
 				});
 	}

-	public SimpleDialog.Builder prepareContactHubVaultOwner(Stage window) {
-		return createDialogBuilder().setOwner(window) //
-				.setTitleKey("contactHubVaultOwner.title") //
-				.setMessageKey("contactHubVaultOwner.message") //
-				.setDescriptionKey("contactHubVaultOwner.description") //
-				.setIcon(FontAwesome5Icon.EXCLAMATION)//
-				.setOkButtonKey(BUTTON_KEY_CLOSE);
-	}
-
-	public SimpleDialog.Builder prepareRecoveryVaultAdded(Stage window, String displayName) {
-		return createDialogBuilder().setOwner(window) //
-				.setTitleKey("recover.existing.title") //
-				.setMessageKey("recover.existing.message") //
-				.setDescriptionKey("recover.existing.description", displayName) //
-				.setIcon(FontAwesome5Icon.CHECK)//
-				.setOkButtonKey(BUTTON_KEY_CLOSE);
-	}
-	public SimpleDialog.Builder prepareRecoveryVaultAlreadyExists(Stage window, String displayName) {
-		return createDialogBuilder().setOwner(window) //
-				.setTitleKey("recover.alreadyExists.title") //
-				.setMessageKey("recover.alreadyExists.message") //
-				.setDescriptionKey("recover.alreadyExists.description", displayName) //
-				.setIcon(FontAwesome5Icon.EXCLAMATION)//
-				.setOkButtonKey(BUTTON_KEY_CLOSE);
-	}
-
-	public SimpleDialog.Builder prepareRecoverPasswordSuccess(Stage window) {
-		return createDialogBuilder()
-				.setOwner(window) //
-				.setTitleKey("recoveryKey.recover.title") //
-				.setMessageKey("recoveryKey.recover.resetSuccess.message") //
-				.setDescriptionKey("recoveryKey.recover.resetSuccess.description") //
-				.setIcon(FontAwesome5Icon.CHECK)
-				.setOkAction(Stage::close)
-				.setOkButtonKey(BUTTON_KEY_CLOSE);
-	}
-
 	public SimpleDialog.Builder prepareRemoveCertDialog(Stage window, Settings settings) {
 		return createDialogBuilder() //
 				.setOwner(window) //
@@ -111,7 +69,7 @@ public class Dialogs {
 				.setMessageKey("dokanySupportEnd.message") //
 				.setDescriptionKey("dokanySupportEnd.description") //
 				.setIcon(FontAwesome5Icon.EXCLAMATION) //
-				.setOkButtonKey(BUTTON_KEY_CLOSE) //
+				.setOkButtonKey("generic.button.close") //
 				.setCancelButtonKey("dokanySupportEnd.preferencesBtn") //
 				.setOkAction(Stage::close) //
 				.setCancelAction(cancelAction);
@@ -125,20 +83,8 @@ public class Dialogs {
 				.setDescriptionKey("retryIfReadonly.description") //
 				.setIcon(FontAwesome5Icon.EXCLAMATION) //
 				.setOkButtonKey("retryIfReadonly.retry") //
-				.setCancelButtonKey(BUTTON_KEY_CLOSE) //
+				.setCancelButtonKey("generic.button.close") //
 				.setOkAction(okAction) //
 				.setCancelAction(Stage::close);
 	}
-
-	public SimpleDialog.Builder prepareNoDDirectorySelectedDialog(Stage window) {
-		return createDialogBuilder() //
-				.setOwner(window) //
-				.setTitleKey("recover.invalidSelection.title") //
-				.setMessageKey("recover.invalidSelection.message") //
-				.setDescriptionKey("recover.invalidSelection.description") //
-				.setIcon(FontAwesome5Icon.EXCLAMATION) //
-				.setOkButtonKey("generic.button.change") //
-				.setOkAction(Stage::close);
-	}
-
 }
--- a/src/main/java/org/cryptomator/ui/dialogs/SimpleDialog.java
+++ b/src/main/java/org/cryptomator/ui/dialogs/SimpleDialog.java
@@ -1,6 +1,5 @@
 package org.cryptomator.ui.dialogs;

-import org.cryptomator.ui.common.DefaultSceneFactory;
 import org.cryptomator.ui.common.FxmlFile;
 import org.cryptomator.ui.common.FxmlLoaderFactory;
 import org.cryptomator.ui.common.StageFactory;
@@ -31,15 +30,15 @@ public class SimpleDialog {

 		FxmlLoaderFactory loaderFactory = FxmlLoaderFactory.forController( //
 				new SimpleDialogController(resolveText(builder.messageKey, null), //
-						resolveText(builder.descriptionKey, builder.descriptionArgs), //
+						resolveText(builder.descriptionKey, null), //
 						builder.icon, //
 						resolveText(builder.okButtonKey, null), //
 						builder.cancelButtonKey != null ? resolveText(builder.cancelButtonKey, null) : null, //
 						() -> builder.okAction.accept(dialogStage), //
 						() -> builder.cancelAction.accept(dialogStage)), //
-				builder.sceneFactory, builder.resourceBundle);
+				Scene::new, builder.resourceBundle);

-		dialogStage.setScene(loaderFactory.createScene(FxmlFile.SIMPLE_DIALOG));
+		dialogStage.setScene(new Scene(loaderFactory.load(FxmlFile.SIMPLE_DIALOG.getRessourcePathString()).getRoot()));
 	}

 	public void showAndWait() {
@@ -63,22 +62,19 @@ public class SimpleDialog {
 		private Stage owner;
 		private final ResourceBundle resourceBundle;
 		private final StageFactory stageFactory;
-		private final DefaultSceneFactory sceneFactory;
 		private String titleKey;
 		private String[] titleArgs;
 		private String messageKey;
 		private String descriptionKey;
-		private String[] descriptionArgs;
 		private String okButtonKey;
 		private String cancelButtonKey;
 		private FontAwesome5Icon icon;
 		private Consumer<Stage> okAction = Stage::close;
 		private Consumer<Stage> cancelAction = Stage::close;

-		public Builder(ResourceBundle resourceBundle, StageFactory stageFactory, DefaultSceneFactory sceneFactory) {
+		public Builder(ResourceBundle resourceBundle, StageFactory stageFactory) {
 			this.resourceBundle = resourceBundle;
 			this.stageFactory = stageFactory;
-			this.sceneFactory = sceneFactory;
 		}

 		public Builder setOwner(Stage owner) {
@@ -97,9 +93,8 @@ public class SimpleDialog {
 			return this;
 		}

-		public Builder setDescriptionKey(String descriptionKey, String... args) {
+		public Builder setDescriptionKey(String descriptionKey) {
 			this.descriptionKey = descriptionKey;
-			this.descriptionArgs = args;
 			return this;
 		}

--- a/src/main/java/org/cryptomator/ui/eventview/EventViewController.java
+++ b/src/main/java/org/cryptomator/ui/eventview/EventViewController.java
@@ -49,7 +49,7 @@ public class EventViewController implements FxController {
 	}

 	/**
-	 * Comparison method for the lru cache. During comparison the map is accessed.
+	 * Comparison method for the lru cache. During comparsion the map is accessed.
 	 * First the entries are compared by the event timestamp, then vaultId, then identifying path and lastly by class name.
 	 *
 	 * @param left an entry of a {@link FSEventBucket} and its content
--- a/src/main/java/org/cryptomator/ui/fxapp/FxApplicationModule.java
+++ b/src/main/java/org/cryptomator/ui/fxapp/FxApplicationModule.java
@@ -15,18 +15,20 @@ import org.cryptomator.ui.lock.LockComponent;
 import org.cryptomator.ui.mainwindow.MainWindowComponent;
 import org.cryptomator.ui.preferences.PreferencesComponent;
 import org.cryptomator.ui.quit.QuitComponent;
-import org.cryptomator.ui.recoverykey.RecoveryKeyComponent;
 import org.cryptomator.ui.sharevault.ShareVaultComponent;
 import org.cryptomator.ui.traymenu.TrayMenuComponent;
 import org.cryptomator.ui.unlock.UnlockComponent;
 import org.cryptomator.ui.updatereminder.UpdateReminderComponent;
 import org.cryptomator.ui.vaultoptions.VaultOptionsComponent;

+import javax.inject.Named;
+import javafx.beans.property.BooleanProperty;
+import javafx.beans.property.SimpleBooleanProperty;
 import javafx.scene.image.Image;
 import java.io.IOException;
 import java.io.InputStream;

-@Module(subcomponents = {TrayMenuComponent.class, //
+@Module(includes = {UpdateCheckerModule.class}, subcomponents = {TrayMenuComponent.class, //
 		DecryptNameComponent.class, //
 		MainWindowComponent.class, //
 		PreferencesComponent.class, //
@@ -38,8 +40,7 @@ import java.io.InputStream;
 		HealthCheckComponent.class, //
 		UpdateReminderComponent.class, //
 		ShareVaultComponent.class, //
-		EventViewComponent.class, //
-		RecoveryKeyComponent.class})
+		EventViewComponent.class})
 abstract class FxApplicationModule {

 	private static Image createImageFromResource(String resourceName) throws IOException {
--- a/src/main/java/org/cryptomator/ui/fxapp/FxApplicationTerminator.java
+++ b/src/main/java/org/cryptomator/ui/fxapp/FxApplicationTerminator.java
@@ -28,7 +28,7 @@ import static org.cryptomator.common.vaults.VaultState.Value.*;
@FxApplicationScoped
 public class FxApplicationTerminator {

-	private static final Set<VaultState.Value> STATES_ALLOWING_TERMINATION = EnumSet.of(LOCKED, NEEDS_MIGRATION, MISSING, ERROR, VAULT_CONFIG_MISSING, ALL_MISSING);
+	private static final Set<VaultState.Value> STATES_ALLOWING_TERMINATION = EnumSet.of(LOCKED, NEEDS_MIGRATION, MISSING, ERROR);
 	private static final Set<VaultState.Value> STATES_PREVENT_TERMINATION = EnumSet.of(PROCESSING);
 	private static final Logger LOG = LoggerFactory.getLogger(FxApplicationTerminator.class);

@@ -110,7 +110,7 @@ public class FxApplicationTerminator {
 		} else if (settings.autoCloseVaults.get() && !preventQuitWithGracefulLock.get()) {
 			var lockAllTask = vaultService.createLockAllTask(vaults.filtered(Vault::isUnlocked), false);
 			lockAllTask.setOnSucceeded(event -> {
-				LOG.info("Locked remaining vaults was successful.");
+				LOG.info("Locked remaining vaults was succesful.");
 				exitingResponse.performQuit();
 			});
 			lockAllTask.setOnFailed(event -> {
--- a/src/main/java/org/cryptomator/ui/fxapp/UpdateChecker.java
+++ b/src/main/java/org/cryptomator/ui/fxapp/UpdateChecker.java
@@ -0,0 +1,135 @@
+package org.cryptomator.ui.fxapp;
+
+import org.cryptomator.common.Environment;
+import org.cryptomator.common.SemVerComparator;
+import org.cryptomator.common.settings.Settings;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import javax.inject.Inject;
+import javafx.beans.binding.Bindings;
+import javafx.beans.binding.BooleanBinding;
+import javafx.beans.property.ObjectProperty;
+import javafx.beans.property.ReadOnlyStringProperty;
+import javafx.beans.property.SimpleObjectProperty;
+import javafx.beans.property.SimpleStringProperty;
+import javafx.beans.property.StringProperty;
+import javafx.concurrent.ScheduledService;
+import javafx.concurrent.Worker;
+import javafx.concurrent.WorkerStateEvent;
+import javafx.util.Duration;
+import java.time.Instant;
+import java.util.Comparator;
+
+@FxApplicationScoped
+public class UpdateChecker {
+
+	private static final Logger LOG = LoggerFactory.getLogger(UpdateChecker.class);
+	private static final Duration AUTO_CHECK_DELAY = Duration.seconds(5);
+
+	private final Environment env;
+	private final Settings settings;
+	private final StringProperty latestVersion = new SimpleStringProperty();
+	private final ScheduledService<String> updateCheckerService;
+	private final ObjectProperty<UpdateCheckState> state = new SimpleObjectProperty<>(UpdateCheckState.NOT_CHECKED);
+	private final ObjectProperty<Instant> lastSuccessfulUpdateCheck;
+	private final Comparator<String> versionComparator = new SemVerComparator();
+	private final BooleanBinding updateAvailable;
+	private final BooleanBinding checkFailed;
+
+	@Inject
+	UpdateChecker(Settings settings, //
+				  Environment env, //
+				  ScheduledService<String> updateCheckerService) {
+		this.env = env;
+		this.settings = settings;
+		this.updateCheckerService = updateCheckerService;
+		this.lastSuccessfulUpdateCheck = settings.lastSuccessfulUpdateCheck;
+		this.updateAvailable = Bindings.createBooleanBinding(this::isUpdateAvailable, latestVersion);
+		this.checkFailed = Bindings.equal(UpdateCheckState.CHECK_FAILED, state);
+	}
+
+	public void automaticallyCheckForUpdatesIfEnabled() {
+		if (!env.disableUpdateCheck() && settings.checkForUpdates.get()) {
+			startCheckingForUpdates(AUTO_CHECK_DELAY);
+		}
+	}
+
+	public void checkForUpdatesNow() {
+		startCheckingForUpdates(Duration.ZERO);
+	}
+
+	private void startCheckingForUpdates(Duration initialDelay) {
+		updateCheckerService.cancel();
+		updateCheckerService.reset();
+		updateCheckerService.setDelay(initialDelay);
+		updateCheckerService.setOnRunning(this::checkStarted);
+		updateCheckerService.setOnSucceeded(this::checkSucceeded);
+		updateCheckerService.setOnFailed(this::checkFailed);
+		updateCheckerService.start();
+	}
+
+	private void checkStarted(WorkerStateEvent event) {
+		LOG.debug("Checking for updates...");
+		state.set(UpdateCheckState.IS_CHECKING);
+	}
+
+	private void checkSucceeded(WorkerStateEvent event) {
+		var latestVersionString = updateCheckerService.getValue();
+		LOG.info("Current version: {}, latest version: {}", getCurrentVersion(), latestVersionString);
+		lastSuccessfulUpdateCheck.set(Instant.now());
+		latestVersion.set(latestVersionString);
+		state.set(UpdateCheckState.CHECK_SUCCESSFUL);
+	}
+
+	private void checkFailed(WorkerStateEvent event) {
+		state.set(UpdateCheckState.CHECK_FAILED);
+	}
+
+	public enum UpdateCheckState {
+		NOT_CHECKED,
+		IS_CHECKING,
+		CHECK_SUCCESSFUL,
+		CHECK_FAILED;
+	}
+
+	/* Observable Properties */
+	public BooleanBinding checkingForUpdatesProperty() {
+		return updateCheckerService.stateProperty().isEqualTo(Worker.State.RUNNING);
+	}
+
+	public ReadOnlyStringProperty latestVersionProperty() {
+		return latestVersion;
+	}
+
+	public BooleanBinding updateAvailableProperty() {
+		return updateAvailable;
+	}
+
+	public BooleanBinding checkFailedProperty() {
+		return checkFailed;
+	}
+
+	public boolean isUpdateAvailable() {
+		String currentVersion = getCurrentVersion();
+		String latestVersionString = latestVersion.get();
+
+		if (currentVersion == null || latestVersionString == null) {
+			return false;
+		} else {
+			return versionComparator.compare(currentVersion, latestVersionString) < 0;
+		}
+	}
+
+	public ObjectProperty<Instant> lastSuccessfulUpdateCheckProperty() {
+		return lastSuccessfulUpdateCheck;
+	}
+
+	public ObjectProperty<UpdateCheckState> updateCheckStateProperty() {
+		return state;
+	}
+
+	public String getCurrentVersion() {
+		return env.getAppVersion();
+	}
+}
--- a/src/main/java/org/cryptomator/ui/fxapp/UpdateCheckerModule.java
+++ b/src/main/java/org/cryptomator/ui/fxapp/UpdateCheckerModule.java
@@ -0,0 +1,93 @@
+package org.cryptomator.ui.fxapp;
+
+import dagger.Module;
+import dagger.Provides;
+import org.apache.commons.lang3.SystemUtils;
+import org.cryptomator.common.Environment;
+import org.cryptomator.common.settings.Settings;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import javax.inject.Named;
+import javafx.beans.binding.Bindings;
+import javafx.beans.binding.ObjectBinding;
+import javafx.concurrent.ScheduledService;
+import javafx.concurrent.Task;
+import javafx.util.Duration;
+import java.io.UncheckedIOException;
+import java.net.URI;
+import java.net.http.HttpClient;
+import java.net.http.HttpRequest;
+import java.util.Optional;
+import java.util.concurrent.ExecutorService;
+
+@Module
+public abstract class UpdateCheckerModule {
+
+	private static final Logger LOG = LoggerFactory.getLogger(UpdateCheckerModule.class);
+
+	private static final URI LATEST_VERSION_URI = URI.create("https://api.cryptomator.org/desktop/latest-version.json");
+	private static final Duration UPDATE_CHECK_INTERVAL = Duration.hours(3);
+	private static final Duration DISABLED_UPDATE_CHECK_INTERVAL = Duration.hours(100000); // Duration.INDEFINITE leads to overflows...
+
+	@Provides
+	@FxApplicationScoped
+	static Optional<HttpClient> provideHttpClient() {
+		try {
+			return Optional.of(HttpClient.newBuilder() //
+					.followRedirects(HttpClient.Redirect.NORMAL) // from version 1.6.11 onwards, Cryptomator can follow redirects, in case this URL ever changes
+					.build());
+		} catch (UncheckedIOException e) {
+			LOG.error("HttpClient for update check cannot be created.", e);
+			return Optional.empty();
+		}
+	}
+
+	@Provides
+	@FxApplicationScoped
+	static HttpRequest provideCheckForUpdatesRequest(Environment env) {
+		String userAgent = String.format("Cryptomator VersionChecker/%s %s %s (%s)", //
+				env.getAppVersion(), //
+				SystemUtils.OS_NAME, //
+				SystemUtils.OS_VERSION, //
+				SystemUtils.OS_ARCH); //
+		return HttpRequest.newBuilder() //
+				.uri(LATEST_VERSION_URI) //
+				.header("User-Agent", userAgent) //
+				.timeout(java.time.Duration.ofSeconds(10))
+				.build();
+	}
+
+	@Provides
+	@Named("checkForUpdatesInterval")
+	@FxApplicationScoped
+	static ObjectBinding<Duration> provideCheckForUpdateInterval(Settings settings) {
+		return Bindings.when(settings.checkForUpdates).then(UPDATE_CHECK_INTERVAL).otherwise(DISABLED_UPDATE_CHECK_INTERVAL);
+	}
+
+	@Provides
+	@FxApplicationScoped
+	static ScheduledService<String> provideCheckForUpdatesService(ExecutorService executor, Optional<HttpClient> httpClient, HttpRequest checkForUpdatesRequest, @Named("checkForUpdatesInterval") ObjectBinding<Duration> period) {
+		ScheduledService<String> service = new ScheduledService<>() {
+			@Override
+			protected Task<String> createTask() {
+				if (httpClient.isPresent()) {
+					return new UpdateCheckerTask(httpClient.get(), checkForUpdatesRequest);
+				} else {
+					return new Task<>() {
+						@Override
+						protected String call() {
+							throw new NullPointerException("No HttpClient present.");
+						}
+					};
+				}
+			}
+		};
+		service.setOnFailed(event -> LOG.error("Failed to execute update service", service.getException()));
+		service.setExecutor(executor);
+		service.periodProperty().bind(period);
+		return service;
+	}
+
+
+}
--- a/src/main/java/org/cryptomator/ui/fxapp/UpdateCheckerTask.java
+++ b/src/main/java/org/cryptomator/ui/fxapp/UpdateCheckerTask.java
@@ -0,0 +1,58 @@
+package org.cryptomator.ui.fxapp;
+
+import com.fasterxml.jackson.databind.ObjectMapper;
+import com.google.common.io.ByteStreams;
+import org.apache.commons.lang3.SystemUtils;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import javafx.concurrent.Task;
+import java.io.IOException;
+import java.io.InputStream;
+import java.net.http.HttpClient;
+import java.net.http.HttpRequest;
+import java.net.http.HttpResponse;
+
+public class UpdateCheckerTask extends Task<String> {
+
+	private static final ObjectMapper JSON = new ObjectMapper();
+	private static final Logger LOG = LoggerFactory.getLogger(UpdateCheckerTask.class);
+
+	private static final long MAX_RESPONSE_SIZE = 10L * 1024; // 10kb should be sufficient. protect against flooding
+
+	private final HttpClient httpClient;
+	private final HttpRequest checkForUpdatesRequest;
+
+	UpdateCheckerTask(HttpClient httpClient, HttpRequest checkForUpdatesRequest) {
+		this.httpClient = httpClient;
+		this.checkForUpdatesRequest = checkForUpdatesRequest;
+
+		setOnFailed(event -> LOG.error("Failed to check for updates", getException()));
+	}
+
+	@Override
+	protected String call() throws IOException, InterruptedException {
+		HttpResponse<InputStream> response = httpClient.send(checkForUpdatesRequest, HttpResponse.BodyHandlers.ofInputStream());
+		if (response.statusCode() == 200) {
+			return processBody(response);
+		} else {
+			throw new IOException("Unexpected HTTP response code " + response.statusCode());
+		}
+	}
+
+	private String processBody(HttpResponse<InputStream> response) throws IOException {
+		try (InputStream in = response.body(); //
+			 InputStream limitedIn = ByteStreams.limit(in, MAX_RESPONSE_SIZE)) {
+			var json = JSON.reader().readTree(limitedIn);
+			if (SystemUtils.IS_OS_MAC_OSX) {
+				return json.get("mac").asText();
+			} else if (SystemUtils.IS_OS_WINDOWS) {
+				return json.get("win").asText();
+			} else if (SystemUtils.IS_OS_LINUX) {
+				return json.get("linux").asText();
+			} else {
+				throw new IllegalStateException("Unsupported operating system");
+			}
+		}
+	}
+}
--- a/src/main/java/org/cryptomator/ui/keyloading/KeyLoadingStrategy.java
+++ b/src/main/java/org/cryptomator/ui/keyloading/KeyLoadingStrategy.java
@@ -46,16 +46,15 @@ public interface KeyLoadingStrategy extends MasterkeyLoader {
 	/**
 	 * Determines whether the provided key loader scheme corresponds to a Masterkey File Vault.
 	 * <p>
-	 * This method checks if the {@code keyLoader} parameter starts with the known Masterkey File Vault scheme
+	 * This method checks if the {@code keyLoader} parameter matches the known Masterkey File Vault scheme
 	 * {@link MasterkeyFileLoadingStrategy#SCHEME}.
-	 * This allows identifying not only exact matches but also variants or extended schemes based on the Masterkey scheme.
 	 * </p>
 	 *
 	 * @param keyLoader A string representing the key loader scheme to be checked.
-	 * @return {@code true} if the given key loader scheme starts with the Masterkey File Vault scheme; {@code false} otherwise.
+	 * @return {@code true} if the given key loader scheme represents a Masterkey File Vault; {@code false} otherwise.
 	 */
 	static boolean isMasterkeyFileVault(String keyLoader) {
-		return keyLoader.startsWith(MasterkeyFileLoadingStrategy.SCHEME);
+		return MasterkeyFileLoadingStrategy.SCHEME.equals(keyLoader);
 	}

 	/**
--- a/src/main/java/org/cryptomator/ui/keyloading/masterkeyfile/ChooseMasterkeyFileController.java
+++ b/src/main/java/org/cryptomator/ui/keyloading/masterkeyfile/ChooseMasterkeyFileController.java
@@ -1,18 +1,14 @@
 package org.cryptomator.ui.keyloading.masterkeyfile;

-import org.cryptomator.common.recovery.RecoveryActionType;
 import org.cryptomator.common.vaults.Vault;
 import org.cryptomator.ui.common.FxController;
 import org.cryptomator.ui.keyloading.KeyLoading;
-import org.cryptomator.ui.recoverykey.RecoveryKeyComponent;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;

 import javax.inject.Inject;
-import javafx.beans.property.SimpleObjectProperty;
+import javafx.beans.binding.StringBinding;
 import javafx.fxml.FXML;
-import javafx.scene.control.Button;
-import javafx.scene.control.CheckBox;
 import javafx.stage.FileChooser;
 import javafx.stage.Stage;
 import javafx.stage.WindowEvent;
@@ -31,41 +27,17 @@ public class ChooseMasterkeyFileController implements FxController {
 	private final Stage window;
 	private final Vault vault;
 	private final CompletableFuture<Path> result;
-	private final RecoveryKeyComponent.Factory recoveryKeyWindow;
 	private final ResourceBundle resourceBundle;

-	@FXML
-	private CheckBox restoreInsteadCheckBox;
-	@FXML
-	private Button forwardButton;
-
 	@Inject
-	public ChooseMasterkeyFileController(@KeyLoading Stage window, //
-										 @KeyLoading Vault vault, //
-										 CompletableFuture<Path> result, //
-										 RecoveryKeyComponent.Factory recoveryKeyWindow, //
-										 ResourceBundle resourceBundle) {
+	public ChooseMasterkeyFileController(@KeyLoading Stage window, @KeyLoading Vault vault, CompletableFuture<Path> result, ResourceBundle resourceBundle) {
 		this.window = window;
 		this.vault = vault;
 		this.result = result;
-		this.recoveryKeyWindow = recoveryKeyWindow;
 		this.resourceBundle = resourceBundle;
 		this.window.setOnHiding(this::windowClosed);
 	}

-	@FXML
-	private void initialize() {
-		restoreInsteadCheckBox.selectedProperty().addListener((_, _, newVal) -> {
-			if (newVal) {
-				forwardButton.setText(resourceBundle.getString("addvaultwizard.existing.restore"));
-				forwardButton.setOnAction(_ -> restoreMasterkey());
-			} else {
-				forwardButton.setText(resourceBundle.getString("generic.button.choose"));
-				forwardButton.setOnAction(_ -> proceed());
-			}
-		});
-	}
-
 	@FXML
 	public void cancel() {
 		window.close();
@@ -75,13 +47,6 @@ public class ChooseMasterkeyFileController implements FxController {
 		result.cancel(true);
 	}

-	@FXML
-	void restoreMasterkey() {
-		Stage ownerStage = (Stage) window.getOwner();
-		window.close();
-		recoveryKeyWindow.create(vault, ownerStage, new SimpleObjectProperty<>(RecoveryActionType.RESTORE_MASTERKEY)).showOnboardingDialogWindow();
-	}
-
 	@FXML
 	public void proceed() {
 		LOG.trace("proceed()");
@@ -97,7 +62,7 @@ public class ChooseMasterkeyFileController implements FxController {

 	//--- Setter & Getter ---

-	public String getDisplayName() {
+	public String getDisplayName(){
 		return vault.getDisplayName();
 	}

--- a/src/main/java/org/cryptomator/ui/mainwindow/MainWindowController.java
+++ b/src/main/java/org/cryptomator/ui/mainwindow/MainWindowController.java
@@ -7,7 +7,7 @@ import org.cryptomator.common.vaults.Vault;
 import org.cryptomator.common.vaults.VaultListManager;
 import org.cryptomator.ui.common.FxController;
 import org.cryptomator.ui.fxapp.FxApplicationWindows;
-import org.cryptomator.updater.UpdateChecker;
+import org.cryptomator.ui.fxapp.UpdateChecker;
 import org.cryptomator.ui.preferences.SelectedPreferencesTab;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
--- a/src/main/java/org/cryptomator/ui/mainwindow/MainWindowModule.java
+++ b/src/main/java/org/cryptomator/ui/mainwindow/MainWindowModule.java
@@ -18,7 +18,6 @@ import org.cryptomator.ui.error.ErrorComponent;
 import org.cryptomator.ui.fxapp.FxApplicationTerminator;
 import org.cryptomator.ui.fxapp.PrimaryStage;
 import org.cryptomator.ui.migration.MigrationComponent;
-import org.cryptomator.ui.recoverykey.RecoveryKeyComponent;
 import org.cryptomator.ui.stats.VaultStatisticsComponent;
 import org.cryptomator.ui.traymenu.TrayMenuComponent;
 import org.cryptomator.ui.wrongfilealert.WrongFileAlertComponent;
@@ -33,7 +32,7 @@ import javafx.stage.Stage;
 import java.util.Map;
 import java.util.ResourceBundle;

-@Module(subcomponents = {AddVaultWizardComponent.class, MigrationComponent.class, VaultStatisticsComponent.class, WrongFileAlertComponent.class, ErrorComponent.class, RecoveryKeyComponent.class})
+@Module(subcomponents = {AddVaultWizardComponent.class, MigrationComponent.class, VaultStatisticsComponent.class, WrongFileAlertComponent.class, ErrorComponent.class})
 abstract class MainWindowModule {

 	@Provides
--- a/src/main/java/org/cryptomator/ui/mainwindow/VaultDetailController.java
+++ b/src/main/java/org/cryptomator/ui/mainwindow/VaultDetailController.java
@@ -52,7 +52,7 @@ public class VaultDetailController implements FxController {
 				case LOCKED -> FontAwesome5Icon.LOCK;
 				case PROCESSING -> FontAwesome5Icon.SPINNER;
 				case UNLOCKED -> FontAwesome5Icon.LOCK_OPEN;
-				case NEEDS_MIGRATION, MISSING, VAULT_CONFIG_MISSING, ALL_MISSING, ERROR -> FontAwesome5Icon.EXCLAMATION_TRIANGLE;
+				case NEEDS_MIGRATION, MISSING, ERROR -> FontAwesome5Icon.EXCLAMATION_TRIANGLE;
 			};
 		} else {
 			return FontAwesome5Icon.EXCLAMATION_TRIANGLE;
--- a/src/main/java/org/cryptomator/ui/mainwindow/VaultDetailMissingVaultController.java
+++ b/src/main/java/org/cryptomator/ui/mainwindow/VaultDetailMissingVaultController.java
@@ -1,26 +1,20 @@
 package org.cryptomator.ui.mainwindow;

-import org.cryptomator.common.recovery.RecoveryActionType;
 import org.cryptomator.common.vaults.Vault;
 import org.cryptomator.common.vaults.VaultListManager;
 import org.cryptomator.ui.common.FxController;
 import org.cryptomator.ui.dialogs.Dialogs;
-import org.cryptomator.ui.keyloading.KeyLoadingStrategy;
-import org.cryptomator.ui.recoverykey.RecoveryKeyComponent;

 import javax.inject.Inject;
 import javafx.beans.property.ObjectProperty;
-import javafx.beans.property.SimpleObjectProperty;
 import javafx.collections.ObservableList;
 import javafx.fxml.FXML;
 import javafx.stage.FileChooser;
 import javafx.stage.Stage;
 import java.io.File;
-import java.nio.file.Files;
 import java.util.ResourceBundle;

 import static org.cryptomator.common.Constants.CRYPTOMATOR_FILENAME_GLOB;
-import static org.cryptomator.common.Constants.MASTERKEY_FILENAME;

@MainWindowScoped
 public class VaultDetailMissingVaultController implements FxController {
@@ -29,7 +23,6 @@ public class VaultDetailMissingVaultController implements FxController {
 	private final ObservableList<Vault> vaults;
 	private final ResourceBundle resourceBundle;
 	private final Stage window;
-	private final RecoveryKeyComponent.Factory recoveryKeyWindow;
 	private final Dialogs dialogs;

 	@Inject
@@ -37,13 +30,11 @@ public class VaultDetailMissingVaultController implements FxController {
 											 ObservableList<Vault> vaults, //
 											 ResourceBundle resourceBundle, //
 											 @MainWindow Stage window, //
-											 Dialogs dialogs, //
-											 RecoveryKeyComponent.Factory recoveryKeyWindow) {
+											 Dialogs dialogs) {
 		this.vault = vault;
 		this.vaults = vaults;
 		this.resourceBundle = resourceBundle;
 		this.window = window;
-		this.recoveryKeyWindow = recoveryKeyWindow;
 		this.dialogs = dialogs;
 	}

@@ -57,19 +48,6 @@ public class VaultDetailMissingVaultController implements FxController {
 		dialogs.prepareRemoveVaultDialog(window, vault.get(), vaults).build().showAndWait();
 	}

-	@FXML
-	void restoreVaultConfig() {
-		if(KeyLoadingStrategy.isHubVault(vault.get().getVaultSettings().lastKnownKeyLoader.get())){
-			dialogs.prepareContactHubVaultOwner(window).build().showAndWait();
-		}
-		else if(Files.exists(vault.get().getPath().resolve(MASTERKEY_FILENAME))){
-			recoveryKeyWindow.create(vault.get(), window, new SimpleObjectProperty<>(RecoveryActionType.RESTORE_VAULT_CONFIG)).showOnboardingDialogWindow();
-		}
-		else {
-			recoveryKeyWindow.create(vault.get(), window, new SimpleObjectProperty<>(RecoveryActionType.RESTORE_ALL)).showOnboardingDialogWindow();
-		}
-	}
-
 	@FXML
 	void changeLocation() {
 		// copied from ChooseExistingVaultController class
--- a/src/main/java/org/cryptomator/ui/mainwindow/VaultListCellController.java
+++ b/src/main/java/org/cryptomator/ui/mainwindow/VaultListCellController.java
@@ -55,7 +55,7 @@ public class VaultListCellController implements FxController {
 				case LOCKED -> FontAwesome5Icon.LOCK;
 				case PROCESSING -> FontAwesome5Icon.SPINNER;
 				case UNLOCKED -> FontAwesome5Icon.LOCK_OPEN;
-				case NEEDS_MIGRATION, MISSING, VAULT_CONFIG_MISSING, ALL_MISSING, ERROR -> FontAwesome5Icon.EXCLAMATION_TRIANGLE;
+				case NEEDS_MIGRATION, MISSING, ERROR -> FontAwesome5Icon.EXCLAMATION_TRIANGLE;
 			};
 		} else {
 			return FontAwesome5Icon.EXCLAMATION_TRIANGLE;
--- a/src/main/java/org/cryptomator/ui/mainwindow/VaultListContextMenuController.java
+++ b/src/main/java/org/cryptomator/ui/mainwindow/VaultListContextMenuController.java
@@ -20,13 +20,11 @@ import javafx.stage.Stage;
 import java.util.EnumSet;
 import java.util.Objects;

-import static org.cryptomator.common.vaults.VaultState.Value.ALL_MISSING;
 import static org.cryptomator.common.vaults.VaultState.Value.ERROR;
 import static org.cryptomator.common.vaults.VaultState.Value.LOCKED;
 import static org.cryptomator.common.vaults.VaultState.Value.MISSING;
 import static org.cryptomator.common.vaults.VaultState.Value.NEEDS_MIGRATION;
 import static org.cryptomator.common.vaults.VaultState.Value.UNLOCKED;
-import static org.cryptomator.common.vaults.VaultState.Value.VAULT_CONFIG_MISSING;

@MainWindowScoped
 public class VaultListContextMenuController implements FxController {
@@ -65,7 +63,7 @@ public class VaultListContextMenuController implements FxController {

 		this.selectedVaultState = selectedVault.flatMap(Vault::stateProperty).orElse(null);
 		this.selectedVaultPassphraseStored = selectedVault.map(this::isPasswordStored).orElse(false);
-		this.selectedVaultRemovable = selectedVaultState.map(EnumSet.of(LOCKED, MISSING, ERROR, NEEDS_MIGRATION, ALL_MISSING, VAULT_CONFIG_MISSING)::contains).orElse(false);
+		this.selectedVaultRemovable = selectedVaultState.map(EnumSet.of(LOCKED, MISSING, ERROR, NEEDS_MIGRATION)::contains).orElse(false);
 		this.selectedVaultUnlockable = selectedVaultState.map(LOCKED::equals).orElse(false);
 		this.selectedVaultLockable = selectedVaultState.map(UNLOCKED::equals).orElse(false);
 	}
@@ -104,12 +102,6 @@ public class VaultListContextMenuController implements FxController {
 		vaultService.reveal(vault);
 	}

-	@FXML
-	public void didClickShareVault() {
-		var vault = Objects.requireNonNull(selectedVault.get());
-		appWindows.showShareVaultWindow(vault);
-	}
-
 	// Getter and Setter

 	public ObservableValue<Boolean> selectedVaultUnlockableProperty() {
--- a/src/main/java/org/cryptomator/ui/mainwindow/VaultListController.java
+++ b/src/main/java/org/cryptomator/ui/mainwindow/VaultListController.java
@@ -1,16 +1,11 @@
 package org.cryptomator.ui.mainwindow;

 import org.apache.commons.lang3.SystemUtils;
-import org.cryptomator.common.recovery.RecoveryActionType;
-import org.cryptomator.common.recovery.VaultPreparator;
 import org.cryptomator.common.settings.Settings;
 import org.cryptomator.common.vaults.Vault;
-import org.cryptomator.common.vaults.VaultComponent;
 import org.cryptomator.common.vaults.VaultListManager;
 import org.cryptomator.cryptofs.CryptoFileSystemProvider;
 import org.cryptomator.cryptofs.DirStructure;
-import org.cryptomator.cryptofs.common.Constants;
-import org.cryptomator.integrations.mount.MountService;
 import org.cryptomator.ui.addvaultwizard.AddVaultWizardComponent;
 import org.cryptomator.ui.common.FxController;
 import org.cryptomator.ui.common.VaultService;
@@ -18,7 +13,6 @@ import org.cryptomator.ui.dialogs.Dialogs;
 import org.cryptomator.ui.fxapp.FxFSEventList;
 import org.cryptomator.ui.fxapp.FxApplicationWindows;
 import org.cryptomator.ui.preferences.SelectedPreferencesTab;
-import org.cryptomator.ui.recoverykey.RecoveryKeyComponent;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;

@@ -28,7 +22,6 @@ import javafx.beans.binding.BooleanBinding;
 import javafx.beans.property.BooleanProperty;
 import javafx.beans.property.ObjectProperty;
 import javafx.beans.property.SimpleBooleanProperty;
-import javafx.beans.property.SimpleObjectProperty;
 import javafx.beans.value.ObservableValue;
 import javafx.collections.ListChangeListener;
 import javafx.collections.ObservableList;
@@ -44,14 +37,11 @@ import javafx.scene.input.KeyEvent;
 import javafx.scene.input.MouseEvent;
 import javafx.scene.input.TransferMode;
 import javafx.scene.layout.StackPane;
-import javafx.stage.DirectoryChooser;
 import javafx.stage.Stage;
 import java.io.File;
 import java.io.IOException;
-import java.nio.file.Files;
 import java.nio.file.Path;
 import java.util.EnumSet;
-import java.util.List;
 import java.util.Optional;
 import java.util.ResourceBundle;
 import java.util.Set;
@@ -60,12 +50,10 @@ import java.util.stream.Collectors;
 import static org.cryptomator.common.Constants.CRYPTOMATOR_FILENAME_EXT;
 import static org.cryptomator.common.Constants.MASTERKEY_FILENAME;
 import static org.cryptomator.common.Constants.VAULTCONFIG_FILENAME;
-import static org.cryptomator.common.vaults.VaultState.Value.ALL_MISSING;
 import static org.cryptomator.common.vaults.VaultState.Value.ERROR;
 import static org.cryptomator.common.vaults.VaultState.Value.LOCKED;
 import static org.cryptomator.common.vaults.VaultState.Value.MISSING;
 import static org.cryptomator.common.vaults.VaultState.Value.NEEDS_MIGRATION;
-import static org.cryptomator.common.vaults.VaultState.Value.VAULT_CONFIG_MISSING;

@MainWindowScoped
 public class VaultListController implements FxController {
@@ -87,10 +75,6 @@ public class VaultListController implements FxController {
 	private final ObservableValue<Double> cellSize;
 	private final Dialogs dialogs;

-	private final VaultComponent.Factory vaultComponentFactory;
-	private final RecoveryKeyComponent.Factory recoveryKeyWindow;
-	private final List<MountService> mountServices;
-
 	public ListView<Vault> vaultList;
 	public StackPane root;
 	@FXML
@@ -110,9 +94,6 @@ public class VaultListController implements FxController {
 						FxApplicationWindows appWindows, //
 						Settings settings, //
 						Dialogs dialogs, //
-						RecoveryKeyComponent.Factory recoveryKeyWindow, //
-						VaultComponent.Factory vaultComponentFactory, //
-						List<MountService> mountServices, //
 						FxFSEventList fxFSEventList) {
 		this.mainWindow = mainWindow;
 		this.vaults = vaults;
@@ -124,9 +105,6 @@ public class VaultListController implements FxController {
 		this.resourceBundle = resourceBundle;
 		this.appWindows = appWindows;
 		this.dialogs = dialogs;
-		this.recoveryKeyWindow = recoveryKeyWindow;
-		this.vaultComponentFactory = vaultComponentFactory;
-		this.mountServices = mountServices;

 		this.emptyVaultList = Bindings.isEmpty(vaults);
 		this.unreadEvents = fxFSEventList.unreadEventsProperty();
@@ -226,26 +204,6 @@ public class VaultListController implements FxController {
 		VaultListManager.redetermineVaultState(newValue);
 	}

-	private Optional<Path> chooseValidVaultDirectory() {
-		DirectoryChooser directoryChooser = new DirectoryChooser();
-		File selectedDirectory;
-
-		do {
-			selectedDirectory = directoryChooser.showDialog(mainWindow);
-			if (selectedDirectory == null) {
-				return Optional.empty();
-			}
-
-			Path selectedPath = selectedDirectory.toPath();
-			if (!Files.isDirectory(selectedPath.resolve(Constants.DATA_DIR_NAME))) {
-				dialogs.prepareNoDDirectorySelectedDialog(mainWindow).build().showAndWait();
-				selectedDirectory = null;
-			}
-		} while (selectedDirectory == null);
-
-		return Optional.of(selectedDirectory.toPath());
-	}
-
 	@FXML
 	public void didClickAddNewVault() {
 		addVaultWizard.build().showAddNewVaultWizard(resourceBundle);
@@ -256,40 +214,9 @@ public class VaultListController implements FxController {
 		addVaultWizard.build().showAddExistingVaultWizard(resourceBundle);
 	}

-	@FXML
-	public void didClickRecoverExistingVault() {
-		Optional<Path> selectedDirectory = chooseValidVaultDirectory();
-		if (selectedDirectory.isEmpty()) {
-			return;
-		}
-
-		Path path = selectedDirectory.get();
-		Optional<Vault> matchingVaultListEntry = vaultListManager.get(path);
-		if (matchingVaultListEntry.isPresent()) {
-			dialogs.prepareRecoveryVaultAlreadyExists(mainWindow, matchingVaultListEntry.get().getDisplayName()) //
-					.setOkAction(Stage::close) //
-					.build().showAndWait();
-			return;
-		}
-
-		Vault preparedVault = VaultPreparator.prepareVault(path, vaultComponentFactory, mountServices, resourceBundle);
-		VaultListManager.redetermineVaultState(preparedVault);
-
-		switch (preparedVault.getState()) {
-			case VAULT_CONFIG_MISSING -> recoveryKeyWindow.create(preparedVault, mainWindow, new SimpleObjectProperty<>(RecoveryActionType.RESTORE_VAULT_CONFIG)).showOnboardingDialogWindow();
-			case ALL_MISSING -> recoveryKeyWindow.create(preparedVault, mainWindow, new SimpleObjectProperty<>(RecoveryActionType.RESTORE_ALL)).showOnboardingDialogWindow();
-			case LOCKED, NEEDS_MIGRATION -> {
-				vaultListManager.addVault(preparedVault);
-				dialogs.prepareRecoveryVaultAdded(mainWindow, preparedVault.getDisplayName()).setOkAction(Stage::close).build().showAndWait();
-			}
-			default -> LOG.warn("Unhandled vault state during recovery: {}", preparedVault.getState());
-		}
-
-	}
-
 	private void pressedShortcutToRemoveVault() {
 		final var vault = selectedVault.get();
-		if (vault != null && EnumSet.of(LOCKED, MISSING, ERROR, NEEDS_MIGRATION, ALL_MISSING, VAULT_CONFIG_MISSING).contains(vault.getState())) {
+		if (vault != null && EnumSet.of(LOCKED, MISSING, ERROR, NEEDS_MIGRATION).contains(vault.getState())) {
 			dialogs.prepareRemoveVaultDialog(mainWindow, vault, vaults).build().showAndWait();
 		}
 	}
--- a/src/main/java/org/cryptomator/ui/preferences/AboutController.java
+++ b/src/main/java/org/cryptomator/ui/preferences/AboutController.java
@@ -3,7 +3,7 @@ package org.cryptomator.ui.preferences;
 import com.google.common.io.CharStreams;
 import org.cryptomator.common.Environment;
 import org.cryptomator.ui.common.FxController;
-import org.cryptomator.updater.UpdateChecker;
+import org.cryptomator.ui.fxapp.UpdateChecker;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;

--- a/src/main/java/org/cryptomator/ui/preferences/PreferencesController.java
+++ b/src/main/java/org/cryptomator/ui/preferences/PreferencesController.java
@@ -2,7 +2,7 @@ package org.cryptomator.ui.preferences;

 import org.cryptomator.common.Environment;
 import org.cryptomator.ui.common.FxController;
-import org.cryptomator.updater.UpdateChecker;
+import org.cryptomator.ui.fxapp.UpdateChecker;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;

--- a/src/main/java/org/cryptomator/ui/preferences/UpdatesPreferencesController.java
+++ b/src/main/java/org/cryptomator/ui/preferences/UpdatesPreferencesController.java
@@ -2,37 +2,25 @@ package org.cryptomator.ui.preferences;

 import org.cryptomator.common.Environment;
 import org.cryptomator.common.settings.Settings;
-import org.cryptomator.common.vaults.Vault;
-import org.cryptomator.integrations.update.UpdateStep;
 import org.cryptomator.ui.common.FxController;
-import org.cryptomator.ui.common.VaultService;
-import org.cryptomator.updater.UpdateChecker;
-import org.cryptomator.updater.FallbackUpdateInfo;
-import org.cryptomator.updater.UpdateService;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
+import org.cryptomator.ui.fxapp.UpdateChecker;

 import javax.inject.Inject;
 import javafx.animation.PauseTransition;
 import javafx.application.Application;
-import javafx.application.Platform;
 import javafx.beans.binding.Bindings;
 import javafx.beans.binding.BooleanBinding;
-import javafx.beans.binding.BooleanExpression;
 import javafx.beans.binding.ObjectBinding;
 import javafx.beans.binding.StringBinding;
 import javafx.beans.property.BooleanProperty;
 import javafx.beans.property.ReadOnlyStringProperty;
 import javafx.beans.property.SimpleBooleanProperty;
-import javafx.beans.property.SimpleStringProperty;
-import javafx.beans.property.StringProperty;
 import javafx.beans.value.ObservableValue;
-import javafx.collections.ObservableList;
-import javafx.concurrent.Worker;
-import javafx.concurrent.WorkerStateEvent;
 import javafx.fxml.FXML;
 import javafx.scene.control.CheckBox;
 import javafx.scene.control.ContentDisplay;
+import java.net.URLEncoder;
+import java.nio.charset.StandardCharsets;
 import java.time.Duration;
 import java.time.Instant;
 import java.time.LocalDateTime;
@@ -46,64 +34,73 @@ import java.util.ResourceBundle;
@PreferencesScoped
 public class UpdatesPreferencesController implements FxController {

-	private static final Logger LOG = LoggerFactory.getLogger(UpdatesPreferencesController.class);
-	private static final DateTimeFormatter FORMATTER = DateTimeFormatter.ofLocalizedDateTime(FormatStyle.MEDIUM).withLocale(Locale.getDefault());
+	private static final String DOWNLOADS_URI_TEMPLATE = "https://cryptomator.org/downloads/" //
+			+ "?utm_source=cryptomator-desktop" //
+			+ "&utm_medium=update-notification&" //
+			+ "utm_campaign=app-update-%s";

 	private final Application application;
 	private final Environment environment;
 	private final ResourceBundle resourceBundle;
 	private final Settings settings;
 	private final UpdateChecker updateChecker;
-	private final UpdateService updateService;
-	private final ObservableList<Vault> unlockedVaults;
-	private final VaultService vaultService;
-	private final ObjectBinding<Worker<?>> worker;
-	private final BooleanExpression running;
-	private final StringBinding updateButtonTitle;
-	private final ObjectBinding<ContentDisplay> updateButtonState;
-	private final ObservableValue<String> timeDifferenceMessage;
+	private final ObjectBinding<ContentDisplay> checkForUpdatesButtonState;
+	private final ReadOnlyStringProperty latestVersion;
+	private final ObservableValue<Instant> lastSuccessfulUpdateCheck;
 	private final StringBinding lastUpdateCheckMessage;
-	private final BooleanBinding prohibitUpdateWhileUnlocked;
-	private final BooleanBinding updateButtonDisabled;
-	private final StringProperty errorMessage = new SimpleStringProperty("");
+	private final ObservableValue<String> timeDifferenceMessage;
+	private final String currentVersion;
+	private final BooleanBinding updateAvailable;
+	private final BooleanBinding checkFailed;
 	private final BooleanProperty upToDateLabelVisible = new SimpleBooleanProperty(false);
+	private final DateTimeFormatter formatter;
+	private final BooleanBinding upToDate;
+	private final String downloadsUri;

 	/* FXML */
 	public CheckBox checkForUpdatesCheckbox;

 	@Inject
-	UpdatesPreferencesController(Application application, Environment environment, ResourceBundle resourceBundle, Settings settings, UpdateChecker updateChecker, ObservableList<Vault> vaults, VaultService vaultService) {
+	UpdatesPreferencesController(Application application, Environment environment, ResourceBundle resourceBundle, Settings settings, UpdateChecker updateChecker) {
 		this.application = application;
 		this.environment = environment;
 		this.resourceBundle = resourceBundle;
 		this.settings = settings;
 		this.updateChecker = updateChecker;
-		this.updateService = new UpdateService(updateChecker.updateProperty());
-		this.unlockedVaults = vaults.filtered(Vault::isUnlocked);
-		this.vaultService = vaultService;
-		this.worker = Bindings.when(updateChecker.updateAvailableProperty()).<Worker<?>>then(this.updateService).otherwise(this.updateChecker);
-		this.running = Bindings.createBooleanBinding(this::isRunning, updateService.stateProperty(), updateChecker.stateProperty());
-		this.updateButtonTitle = Bindings.createStringBinding(this::getUpdateButtonTitle, worker, updateService.stateProperty(), updateService.messageProperty());
-		this.updateButtonState = Bindings.createObjectBinding(this::getUpdateButtonState, updateChecker.stateProperty(), updateService.stateProperty());
-		this.timeDifferenceMessage = Bindings.createStringBinding(this::getTimeDifferenceMessage, updateChecker.lastSuccessfulUpdateCheckProperty());
-		this.lastUpdateCheckMessage = Bindings.createStringBinding(this::getLastUpdateCheckMessage, updateChecker.lastSuccessfulUpdateCheckProperty());
-		this.prohibitUpdateWhileUnlocked = Bindings.createBooleanBinding(this::isProhibitUpdateWhileUnlocked, unlockedVaults, updateChecker.updateProperty());
-		this.updateButtonDisabled = Bindings.when(worker.isEqualTo(updateChecker)).then(running).otherwise(prohibitUpdateWhileUnlocked.or(running));
+		this.checkForUpdatesButtonState = Bindings.when(updateChecker.checkingForUpdatesProperty()).then(ContentDisplay.LEFT).otherwise(ContentDisplay.TEXT_ONLY);
+		this.latestVersion = updateChecker.latestVersionProperty();
+		this.lastSuccessfulUpdateCheck = updateChecker.lastSuccessfulUpdateCheckProperty();
+		this.timeDifferenceMessage = Bindings.createStringBinding(this::getTimeDifferenceMessage, lastSuccessfulUpdateCheck);
+		this.currentVersion = environment.getAppVersion();
+		this.updateAvailable = updateChecker.updateAvailableProperty();
+		this.formatter = DateTimeFormatter.ofLocalizedDateTime(FormatStyle.MEDIUM).withLocale(Locale.getDefault());
+		this.upToDate = updateChecker.updateCheckStateProperty().isEqualTo(UpdateChecker.UpdateCheckState.CHECK_SUCCESSFUL).and(latestVersion.isEqualTo(currentVersion));
+		this.checkFailed = updateChecker.checkFailedProperty();
+		this.lastUpdateCheckMessage = Bindings.createStringBinding(this::getLastUpdateCheckMessage, lastSuccessfulUpdateCheck);
+		this.downloadsUri = DOWNLOADS_URI_TEMPLATE.formatted(URLEncoder.encode(currentVersion, StandardCharsets.US_ASCII));
 	}

 	public void initialize() {
 		checkForUpdatesCheckbox.selectedProperty().bindBidirectional(settings.checkForUpdates);
-		updateChecker.updateAvailableProperty().addListener((_, _, hasUpdate) -> {
-			if (!hasUpdate) {
+
+		upToDate.addListener((_, _, newVal) -> {
+			if (newVal) {
 				upToDateLabelVisible.set(true);
 				PauseTransition delay = new PauseTransition(javafx.util.Duration.seconds(5));
 				delay.setOnFinished(_ -> upToDateLabelVisible.set(false));
 				delay.play();
 			}
 		});
-		updateChecker.setOnFailed(this::checkFailed);
-		updateService.setOnSucceeded(this::updateSucceeded);
-		updateService.setOnFailed(this::updateFailed);
+	}
+
+	@FXML
+	public void checkNow() {
+		updateChecker.checkForUpdatesNow();
+	}
+
+	@FXML
+	public void visitDownloadsPage() {
+		application.getHostServices().showDocument(downloadsUri);
 	}

 	@FXML
@@ -111,104 +108,38 @@ public class UpdatesPreferencesController implements FxController {
 		environment.getLogDir().ifPresent(logDirPath -> application.getHostServices().showDocument(logDirPath.toUri().toString()));
 	}

-	@FXML
-	public void startWork() {
-		if (worker.get().equals(updateChecker)) {
-			updateChecker.checkForUpdatesNow();
-		} else if (!unlockedVaults.isEmpty()) {
-			LOG.warn("Cannot start update due to unlocked vaults.");
-		} else if (worker.get().equals(updateService)) {
-			LOG.info("User started update to version {}", updateChecker.getUpdate().version());
-			updateService.start();
-		}
-	}
-
-	private void checkFailed(WorkerStateEvent workerStateEvent) {
-		assert workerStateEvent.getSource() == updateChecker;
-		LOG.error("Update check failed.", updateChecker.getException());
-		errorMessage.set(resourceBundle.getString("preferences.updates.checkFailed"));
-	}
-
-	private void updateSucceeded(WorkerStateEvent workerStateEvent) {
-		assert workerStateEvent.getSource() == updateService;
-		var lastStep = updateService.getValue();
-		if (lastStep == UpdateStep.EXIT) {
-			// Record that this version attempted an update, so next launch can choose fallback if needed
-			settings.lastUpdateAttemptedByVersion.set(environment.getAppVersionWithBuildNumber());
-			settings.saveNow();
-			LOG.info("Exiting app to update...");
-			Platform.exit();
-		} else if (lastStep == UpdateStep.RETRY) {
-			updateService.reset();
-		} else {
-			LOG.info("Update succeeded.");
-		}
-	}
-
-	private void updateFailed(WorkerStateEvent workerStateEvent) {
-		assert workerStateEvent.getSource() == updateService;
-		LOG.error("Update failed.", updateService.getException());
-		updateService.reset();
-		errorMessage.set(resourceBundle.getString("preferences.updates.updateFailed"));
-		// try fallback mechanism:
-		updateChecker.recheckWithFallbackMechanism();
-	}
-
-	@FXML
-	public void lockAllGracefully() {
-		vaultService.lockAll(unlockedVaults, false);
-	}
-
 	/* Observable Properties */

-	public UpdateChecker getUpdateChecker() {
-		return updateChecker;
+	public ObjectBinding<ContentDisplay> checkForUpdatesButtonStateProperty() {
+		return checkForUpdatesButtonState;
 	}

-	public ObjectBinding<Worker<?>> workerProperty() {
-		return worker;
+	public ContentDisplay getCheckForUpdatesButtonState() {
+		return checkForUpdatesButtonState.get();
 	}

-	public Worker<?> getWorker() {
-		return worker.get();
+	public ReadOnlyStringProperty latestVersionProperty() {
+		return latestVersion;
 	}

-	public BooleanExpression runningProperty() {
-		return running;
+	public String getLatestVersion() {
+		return latestVersion.get();
 	}

-	public boolean isRunning() {
-		return updateChecker.getState() == Worker.State.RUNNING || updateService.getState() == Worker.State.RUNNING;
+	public String getCurrentVersion() {
+		return currentVersion;
 	}

-	public StringBinding updateButtonTitleProperty() {
-		return updateButtonTitle;
+	public StringBinding lastUpdateCheckMessageProperty() {
+		return lastUpdateCheckMessage;
 	}

-	public String getUpdateButtonTitle() {
-		if (worker.get() == updateChecker) {
-			return resourceBundle.getString("preferences.updates.checkNowBtn");
+	public String getLastUpdateCheckMessage() {
+		Instant lastCheck = lastSuccessfulUpdateCheck.getValue();
+		if (lastCheck != null && !lastCheck.equals(Settings.DEFAULT_TIMESTAMP)) {
+			return formatter.format(LocalDateTime.ofInstant(lastCheck, ZoneId.systemDefault()));
 		} else {
-			return switch (updateService.getState()) {
-				case READY -> updateChecker.getUpdate().updateMechanism().getName();
-				case SCHEDULED, RUNNING -> updateService.getMessage();
-				case SUCCEEDED -> resourceBundle.getString("generic.button.done");
-				case FAILED, CANCELLED -> "failed"; // should never be visible
-			};
-		}
-	}
-
-	public ObjectBinding<ContentDisplay> updateButtonStateProperty() {
-		return updateButtonState;
-	}
-
-	public ContentDisplay getUpdateButtonState() {
-		if (updateService.isRunning()) { // isRunning() covers RUNNING and SCHEDULED states
-			return ContentDisplay.BOTTOM;
-		} else if (updateChecker.getState() == Worker.State.RUNNING) {
-			return ContentDisplay.LEFT;
-		} else {
-			return ContentDisplay.TEXT_ONLY;
+			return "-";
 		}
 	}

@@ -217,7 +148,7 @@ public class UpdatesPreferencesController implements FxController {
 	}

 	public String getTimeDifferenceMessage() {
-		var lastSuccessCheck = updateChecker.getLastSuccessfulUpdateCheck();
+		var lastSuccessCheck = lastSuccessfulUpdateCheck.getValue();
 		var duration = Duration.between(lastSuccessCheck, Instant.now());
 		var hours = duration.toHours();
 		if (lastSuccessCheck.equals(Settings.DEFAULT_TIMESTAMP)) {
@@ -231,44 +162,6 @@ public class UpdatesPreferencesController implements FxController {
 		}
 	}

-	public StringBinding lastUpdateCheckMessageProperty() {
-		return lastUpdateCheckMessage;
-	}
-
-	public String getLastUpdateCheckMessage() {
-		Instant lastCheck = updateChecker.getLastSuccessfulUpdateCheck();
-		if (lastCheck != null && !lastCheck.equals(Settings.DEFAULT_TIMESTAMP)) {
-			return FORMATTER.format(LocalDateTime.ofInstant(lastCheck, ZoneId.systemDefault()));
-		} else {
-			return "-";
-		}
-	}
-
-	public String getErrorMessage() {
-		return errorMessage.get();
-	}
-
-	public ReadOnlyStringProperty errorMessageProperty() {
-		return errorMessage;
-	}
-
-	public boolean isProhibitUpdateWhileUnlocked() {
-		// If the result of the last update check was from the fallback mechanism, we don't need to show the warning
-		return !unlockedVaults.isEmpty() && !FallbackUpdateInfo.class.isInstance(updateChecker.getUpdate());
-	}
-
-	public BooleanBinding prohibitUpdateWhileUnlockedProperty() {
-		return prohibitUpdateWhileUnlocked;
-	}
-
-	public boolean isUpdateButtonDisabled() {
-		return updateButtonDisabled.get();
-	}
-
-	public BooleanBinding updateButtonDisabledProperty() {
-		return updateButtonDisabled;
-	}
-
 	public BooleanProperty upToDateLabelVisibleProperty() {
 		return upToDateLabelVisible;
 	}
@@ -277,4 +170,20 @@ public class UpdatesPreferencesController implements FxController {
 		return upToDateLabelVisible.get();
 	}

+	public BooleanBinding updateAvailableProperty() {
+		return updateAvailable;
+	}
+
+	public boolean isUpdateAvailable() {
+		return updateAvailable.get();
+	}
+
+	public BooleanBinding checkFailedProperty() {
+		return checkFailed;
+	}
+
+	public boolean isCheckFailed() {
+		return checkFailed.getValue();
+	}
+
 }
--- a/src/main/java/org/cryptomator/ui/recoverykey/RecoveryKeyComponent.java
+++ b/src/main/java/org/cryptomator/ui/recoverykey/RecoveryKeyComponent.java
@@ -3,13 +3,11 @@ package org.cryptomator.ui.recoverykey;
 import dagger.BindsInstance;
 import dagger.Lazy;
 import dagger.Subcomponent;
-import org.cryptomator.common.recovery.RecoveryActionType;
 import org.cryptomator.common.vaults.Vault;
 import org.cryptomator.ui.common.FxmlFile;
 import org.cryptomator.ui.common.FxmlScene;

 import javax.inject.Named;
-import javafx.beans.property.ObjectProperty;
 import javafx.scene.Scene;
 import javafx.stage.Stage;

@@ -26,9 +24,6 @@ public interface RecoveryKeyComponent {
 	@FxmlScene(FxmlFile.RECOVERYKEY_RECOVER)
 	Lazy<Scene> recoverScene();

-	@FxmlScene(FxmlFile.RECOVERYKEY_ONBOARDING)
-	Lazy<Scene> recoverOnboardingScene();
-
 	default void showRecoveryKeyCreationWindow() {
 		Stage stage = window();
 		stage.setScene(creationScene().get());
@@ -43,19 +38,11 @@ public interface RecoveryKeyComponent {
 		stage.show();
 	}

-	default void showOnboardingDialogWindow() {
-		Stage stage = window();
-		stage.setScene(recoverOnboardingScene().get());
-		stage.sizeToScene();
-		stage.show();
-	}

 	@Subcomponent.Factory
 	interface Factory {

-		RecoveryKeyComponent create(@BindsInstance @RecoveryKeyWindow Vault vault, //
-									@BindsInstance @Named("keyRecoveryOwner") Stage owner, //
-									@BindsInstance @Named("recoverType") ObjectProperty<RecoveryActionType> recoverType);
+		RecoveryKeyComponent create(@BindsInstance @RecoveryKeyWindow Vault vault, @BindsInstance @Named("keyRecoveryOwner") Stage owner);
 	}

 }
--- a/src/main/java/org/cryptomator/ui/recoverykey/RecoveryKeyCreationController.java
+++ b/src/main/java/org/cryptomator/ui/recoverykey/RecoveryKeyCreationController.java
@@ -1,45 +1,28 @@
 package org.cryptomator.ui.recoverykey;

 import dagger.Lazy;
-import org.cryptomator.common.recovery.CryptoFsInitializer;
-import org.cryptomator.common.recovery.MasterkeyService;
-import org.cryptomator.common.recovery.RecoveryActionType;
-import org.cryptomator.common.recovery.RecoveryDirectory;
 import org.cryptomator.common.vaults.Vault;
-import org.cryptomator.common.vaults.VaultListManager;
 import org.cryptomator.cryptolib.api.CryptoException;
 import org.cryptomator.cryptolib.api.InvalidPassphraseException;
-import org.cryptomator.cryptolib.api.Masterkey;
-import org.cryptomator.cryptolib.common.MasterkeyFileAccess;
 import org.cryptomator.ui.common.Animations;
 import org.cryptomator.ui.common.FxController;
 import org.cryptomator.ui.common.FxmlFile;
 import org.cryptomator.ui.common.FxmlScene;
-import org.cryptomator.ui.controls.FormattedLabel;
 import org.cryptomator.ui.controls.NiceSecurePasswordField;
-import org.cryptomator.ui.dialogs.Dialogs;
 import org.cryptomator.ui.fxapp.FxApplicationWindows;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;

 import javax.inject.Inject;
-import javax.inject.Named;
-import javafx.beans.property.IntegerProperty;
-import javafx.beans.property.ObjectProperty;
 import javafx.beans.property.StringProperty;
 import javafx.concurrent.Task;
 import javafx.fxml.FXML;
 import javafx.scene.Scene;
-import javafx.scene.control.Button;
 import javafx.stage.Stage;
 import java.io.IOException;
-import java.nio.file.Path;
 import java.util.ResourceBundle;
 import java.util.concurrent.ExecutorService;

-import static org.cryptomator.common.Constants.MASTERKEY_FILENAME;
-import static org.cryptomator.common.Constants.VAULTCONFIG_FILENAME;
-
@RecoveryKeyScoped
 public class RecoveryKeyCreationController implements FxController {

@@ -47,71 +30,23 @@ public class RecoveryKeyCreationController implements FxController {

 	private final Stage window;
 	private final Lazy<Scene> successScene;
-	private final Lazy<Scene> recoverykeyExpertSettingsScene;
-	private final MasterkeyFileAccess masterkeyFileAccess;
 	private final Vault vault;
 	private final ExecutorService executor;
 	private final RecoveryKeyFactory recoveryKeyFactory;
 	private final StringProperty recoveryKeyProperty;
 	private final FxApplicationWindows appWindows;
 	public NiceSecurePasswordField passwordField;
-	private final IntegerProperty shorteningThreshold;
-	private final ObjectProperty<RecoveryActionType> recoverType;
-	private final ResourceBundle resourceBundle;
-	public FormattedLabel descriptionLabel;
-	public Button cancelButton;
-	public Button nextButton;
-	private final VaultListManager vaultListManager;
-	private final Dialogs dialogs;

 	@Inject
-	public RecoveryKeyCreationController(FxApplicationWindows appWindows, //
-										 @RecoveryKeyWindow Stage window, //
-										 @FxmlScene(FxmlFile.RECOVERYKEY_SUCCESS) Lazy<Scene> successScene, //
-										 @FxmlScene(FxmlFile.RECOVERYKEY_EXPERT_SETTINGS) Lazy<Scene> recoverykeyExpertSettingsScene, //
-										 @RecoveryKeyWindow Vault vault, //
-										 RecoveryKeyFactory recoveryKeyFactory, //
-										 MasterkeyFileAccess masterkeyFileAccess, //
-										 ExecutorService executor, //
-										 @RecoveryKeyWindow StringProperty recoveryKey, //
-										 @Named("shorteningThreshold") IntegerProperty shorteningThreshold, //
-										 @Named("recoverType") ObjectProperty<RecoveryActionType> recoverType, //
-										 VaultListManager vaultListManager, //
-										 ResourceBundle resourceBundle, //
-										 Dialogs dialogs) {
+	public RecoveryKeyCreationController(@RecoveryKeyWindow Stage window, @FxmlScene(FxmlFile.RECOVERYKEY_SUCCESS) Lazy<Scene> successScene, @RecoveryKeyWindow Vault vault, RecoveryKeyFactory recoveryKeyFactory, ExecutorService executor, @RecoveryKeyWindow StringProperty recoveryKey, FxApplicationWindows appWindows, ResourceBundle resourceBundle) {
 		this.window = window;
+		window.setTitle(resourceBundle.getString("recoveryKey.display.title"));
 		this.successScene = successScene;
-		this.recoverykeyExpertSettingsScene = recoverykeyExpertSettingsScene;
 		this.vault = vault;
 		this.executor = executor;
 		this.recoveryKeyFactory = recoveryKeyFactory;
 		this.recoveryKeyProperty = recoveryKey;
 		this.appWindows = appWindows;
-		this.recoverType = recoverType;
-		this.resourceBundle = resourceBundle;
-		this.masterkeyFileAccess = masterkeyFileAccess;
-		this.shorteningThreshold = shorteningThreshold;
-		this.vaultListManager = vaultListManager;
-		this.dialogs = dialogs;
-	}
-
-	@FXML
-	public void initialize() {
-		if (recoverType.get() == RecoveryActionType.SHOW_KEY) {
-			window.setTitle(resourceBundle.getString("recoveryKey.display.title"));
-		} else if (recoverType.get() == RecoveryActionType.RESTORE_VAULT_CONFIG) {
-			window.setTitle(resourceBundle.getString("recover.recoverVaultConfig.title"));
-			descriptionLabel.formatProperty().set(resourceBundle.getString("recoveryKey.recover.description"));
-			cancelButton.setOnAction((_) -> back());
-			cancelButton.setText(resourceBundle.getString("generic.button.back"));
-			nextButton.setOnAction((_) -> restoreWithPassword());
-		}
-	}
-
-	@FXML
-	public void back() {
-		window.setScene(recoverykeyExpertSettingsScene.get());
-		window.centerOnScreen();
 	}

 	@FXML
@@ -136,42 +71,6 @@ public class RecoveryKeyCreationController implements FxController {
 		executor.submit(task);
 	}

-	@FXML
-	public void restoreWithPassword() {
-
-		try (RecoveryDirectory recoveryDirectory = RecoveryDirectory.create(vault.getPath())) {
-			Path recoveryPath = recoveryDirectory.getRecoveryPath();
-
-			Path masterkeyFilePath = vault.getPath().resolve(MASTERKEY_FILENAME);
-
-			try (Masterkey masterkey = MasterkeyService.load(masterkeyFileAccess, masterkeyFilePath, passwordField.getCharacters())) {
-				var combo = MasterkeyService.detect(masterkey, vault.getPath())
-						.orElseThrow(() -> new IllegalStateException("Could not detect combo for vault path: " + vault.getPath()));
-
-				CryptoFsInitializer.init(recoveryPath, masterkey, shorteningThreshold.get(), combo);
-			}
-
-			recoveryDirectory.moveRecoveredFile(VAULTCONFIG_FILENAME);
-
-			if (!vaultListManager.isAlreadyAdded(vault.getPath())) {
-				vaultListManager.add(vault.getPath());
-			}
-			window.close();
-			dialogs.prepareRecoverPasswordSuccess((Stage)window.getOwner()) //
-					.setTitleKey("recover.recoverVaultConfig.title") //
-					.setMessageKey("recoveryKey.recover.resetVaultConfigSuccess.message") //
-					.setDescriptionKey("recoveryKey.recover.resetMasterkeyFileSuccess.description")
-					.build().showAndWait();
-
-		} catch (InvalidPassphraseException e) {
-			LOG.info("Password invalid", e);
-			Animations.createShakeWindowAnimation(window).play();
-		} catch (IOException | CryptoException | IllegalStateException e) {
-			LOG.error("Recovery process failed", e);
-			appWindows.showErrorWindow(e, window, null);
-		}
-	}
-
 	@FXML
 	public void close() {
 		window.close();
--- a/src/main/java/org/cryptomator/ui/recoverykey/RecoveryKeyExpertSettingsController.java
+++ b/src/main/java/org/cryptomator/ui/recoverykey/RecoveryKeyExpertSettingsController.java
@@ -1,123 +0,0 @@
-package org.cryptomator.ui.recoverykey;
-
-import javax.inject.Inject;
-import javax.inject.Named;
-import javafx.application.Application;
-import javafx.beans.binding.Bindings;
-import javafx.beans.binding.BooleanBinding;
-import javafx.beans.property.IntegerProperty;
-import javafx.beans.property.ObjectProperty;
-import javafx.fxml.FXML;
-import javafx.scene.Scene;
-import javafx.scene.control.CheckBox;
-import javafx.stage.Stage;
-
-import dagger.Lazy;
-import org.cryptomator.common.recovery.RecoveryActionType;
-import org.cryptomator.common.vaults.Vault;
-import org.cryptomator.common.vaults.VaultState;
-import org.cryptomator.ui.addvaultwizard.CreateNewVaultExpertSettingsController;
-import org.cryptomator.ui.common.FxController;
-import org.cryptomator.ui.common.FxmlFile;
-import org.cryptomator.ui.common.FxmlScene;
-import org.cryptomator.ui.controls.NumericTextField;
-
-@RecoveryKeyScoped
-public class RecoveryKeyExpertSettingsController implements FxController {
-
-	public static final int MAX_SHORTENING_THRESHOLD = 220;
-	public static final int MIN_SHORTENING_THRESHOLD = 36;
-	private static final String DOCS_NAME_SHORTENING_URL = "https://docs.cryptomator.org/security/vault/#name-shortening";
-
-	private final Stage window;
-	private final Lazy<Application> application;
-	private final Vault vault;
-	private final ObjectProperty<RecoveryActionType> recoverType;
-	private final IntegerProperty shorteningThreshold;
-	private final Lazy<Scene> resetPasswordScene;
-	private final Lazy<Scene> createScene;
-	private final Lazy<Scene> onBoardingScene;
-	private final Lazy<Scene> recoverScene;
-	private final BooleanBinding validShorteningThreshold;
-
-	@FXML
-	public CheckBox expertSettingsCheckBox;
-	@FXML
-	public NumericTextField shorteningThresholdTextField;
-
-	@Inject
-	public RecoveryKeyExpertSettingsController(@RecoveryKeyWindow Stage window, //
-											   Lazy<Application> application, //
-											   @RecoveryKeyWindow Vault vault, //
-											   @Named("recoverType") ObjectProperty<RecoveryActionType> recoverType, //
-											   @Named("shorteningThreshold") IntegerProperty shorteningThreshold, //
-											   @FxmlScene(FxmlFile.RECOVERYKEY_RESET_PASSWORD) Lazy<Scene> resetPasswordScene, //
-											   @FxmlScene(FxmlFile.RECOVERYKEY_CREATE) Lazy<Scene> createScene, //
-											   @FxmlScene(FxmlFile.RECOVERYKEY_ONBOARDING) Lazy<Scene> onBoardingScene, //
-											   @FxmlScene(FxmlFile.RECOVERYKEY_RECOVER) Lazy<Scene> recoverScene) {
-		this.window = window;
-		this.application = application;
-		this.vault = vault;
-		this.recoverType = recoverType;
-		this.shorteningThreshold = shorteningThreshold;
-		this.resetPasswordScene = resetPasswordScene;
-		this.createScene = createScene;
-		this.onBoardingScene = onBoardingScene;
-		this.recoverScene = recoverScene;
-		this.validShorteningThreshold = Bindings.createBooleanBinding(this::isValidShorteningThreshold, shorteningThreshold);
-	}
-
-	@FXML
-	public void initialize() {
-		shorteningThresholdTextField.setPromptText(MIN_SHORTENING_THRESHOLD + "-" + MAX_SHORTENING_THRESHOLD);
-		shorteningThresholdTextField.setText(Integer.toString(MAX_SHORTENING_THRESHOLD));
-		shorteningThresholdTextField.textProperty().addListener((_, _, newValue) -> {
-			try {
-				int intValue = Integer.parseInt(newValue);
-				shorteningThreshold.set(intValue);
-			} catch (NumberFormatException e) {
-				shorteningThreshold.set(0); //the value is set to 0 to ensure that an invalid value assignment is detected during a NumberFormatException
-			}
-		});
-	}
-
-	@FXML
-	public void toggleUseExpertSettings() {
-		if (!expertSettingsCheckBox.isSelected()) {
-			shorteningThresholdTextField.setText(Integer.toString(CreateNewVaultExpertSettingsController.MAX_SHORTENING_THRESHOLD));
-		}
-	}
-
-	public void openDocs() {
-		application.get().getHostServices().showDocument(DOCS_NAME_SHORTENING_URL);
-	}
-
-	public BooleanBinding validShorteningThresholdProperty() {
-		return validShorteningThreshold;
-	}
-
-	public boolean isValidShorteningThreshold() {
-		var value = shorteningThreshold.get();
-		return value >= MIN_SHORTENING_THRESHOLD && value <= MAX_SHORTENING_THRESHOLD;
-	}
-
-	@FXML
-	public void back() {
-		if (recoverType.get() == RecoveryActionType.RESTORE_ALL && vault.getState() == VaultState.Value.VAULT_CONFIG_MISSING) {
-			window.setScene(recoverScene.get());
-		} else if (recoverType.get() == RecoveryActionType.RESTORE_ALL && vault.getState() == VaultState.Value.ALL_MISSING) {
-			window.setScene(recoverScene.get());
-		} else if (recoverType.get() == RecoveryActionType.RESTORE_VAULT_CONFIG) {
-			window.setScene(onBoardingScene.get());
-		}
-	}
-
-	@FXML
-	public void next() {
-		if (recoverType.get() == RecoveryActionType.RESTORE_VAULT_CONFIG) {
-			window.setScene(createScene.get());
-		} else {
-			window.setScene(resetPasswordScene.get());
-		}
-	}
-}
--- a/src/main/java/org/cryptomator/ui/recoverykey/RecoveryKeyModule.java
+++ b/src/main/java/org/cryptomator/ui/recoverykey/RecoveryKeyModule.java
@@ -5,12 +5,8 @@ import dagger.Module;
 import dagger.Provides;
 import dagger.multibindings.IntoMap;
 import org.cryptomator.common.Nullable;
-import org.cryptomator.common.recovery.RecoveryActionType;
 import org.cryptomator.common.vaults.Vault;
 import org.cryptomator.cryptofs.VaultConfig;
-import org.cryptomator.cryptolib.api.CryptorProvider;
-import org.cryptomator.cryptolib.common.MasterkeyFileAccess;
-import org.cryptomator.ui.addvaultwizard.CreateNewVaultExpertSettingsController;
 import org.cryptomator.ui.common.DefaultSceneFactory;
 import org.cryptomator.ui.common.FxController;
 import org.cryptomator.ui.common.FxControllerKey;
@@ -23,10 +19,6 @@ import org.cryptomator.ui.common.StageFactory;

 import javax.inject.Named;
 import javax.inject.Provider;
-import javafx.beans.property.IntegerProperty;
-import javafx.beans.property.ObjectProperty;
-import javafx.beans.property.SimpleIntegerProperty;
-import javafx.beans.property.SimpleObjectProperty;
 import javafx.beans.property.SimpleStringProperty;
 import javafx.beans.property.StringProperty;
 import javafx.scene.Scene;
@@ -107,18 +99,12 @@ abstract class RecoveryKeyModule {
 	}

 	@Provides
-	@FxmlScene(FxmlFile.RECOVERYKEY_ONBOARDING)
+	@FxmlScene(FxmlFile.RECOVERYKEY_RESET_PASSWORD_SUCCESS)
 	@RecoveryKeyScoped
-	static Scene provideRecoveryKeyOnboardingScene(@RecoveryKeyWindow FxmlLoaderFactory fxmlLoaders) {
-		return fxmlLoaders.createScene(FxmlFile.RECOVERYKEY_ONBOARDING);
+	static Scene provideRecoveryKeyResetPasswordSuccessScene(@RecoveryKeyWindow FxmlLoaderFactory fxmlLoaders) {
+		return fxmlLoaders.createScene(FxmlFile.RECOVERYKEY_RESET_PASSWORD_SUCCESS);
 	}

-	@Provides
-	@FxmlScene(FxmlFile.RECOVERYKEY_EXPERT_SETTINGS)
-	@RecoveryKeyScoped
-	static Scene provideRecoveryKeyExpertSettingsScene(@RecoveryKeyWindow FxmlLoaderFactory fxmlLoaders) {
-		return fxmlLoaders.createScene(FxmlFile.RECOVERYKEY_EXPERT_SETTINGS);
-	}

 	// ------------------

@@ -134,25 +120,6 @@ abstract class RecoveryKeyModule {
 		return new RecoveryKeyDisplayController(window, vault.getDisplayName(), recoveryKey.get(), localization);
 	}

-	@Provides
-	@Named("shorteningThreshold")
-	@RecoveryKeyScoped
-	static IntegerProperty provideShorteningThreshold() {
-		return new SimpleIntegerProperty(CreateNewVaultExpertSettingsController.MAX_SHORTENING_THRESHOLD);
-	}
-
-	@Provides
-	@Named("cipherCombo")
-	@RecoveryKeyScoped
-	static ObjectProperty<CryptorProvider.Scheme> provideCipherCombo() {
-		return new SimpleObjectProperty<>();
-	}
-
-	@Binds
-	@IntoMap
-	@FxControllerKey(RecoveryKeyExpertSettingsController.class)
-	abstract FxController provideRecoveryKeyExpertSettingsController(RecoveryKeyExpertSettingsController controller);
-
 	@Binds
 	@IntoMap
 	@FxControllerKey(RecoveryKeyRecoverController.class)
@@ -170,14 +137,14 @@ abstract class RecoveryKeyModule {

 	@Binds
 	@IntoMap
-	@FxControllerKey(RecoveryKeyOnboardingController.class)
-	abstract FxController bindRecoveryKeyOnboardingController(RecoveryKeyOnboardingController controller);
+	@FxControllerKey(RecoveryKeyResetPasswordSuccessController.class)
+	abstract FxController bindRecoveryKeyResetPasswordSuccessController(RecoveryKeyResetPasswordSuccessController controller);

 	@Provides
 	@IntoMap
 	@FxControllerKey(RecoveryKeyValidateController.class)
-	static FxController bindRecoveryKeyValidateController(@RecoveryKeyWindow Vault vault, @RecoveryKeyWindow @Nullable VaultConfig.UnverifiedVaultConfig vaultConfig, @RecoveryKeyWindow StringProperty recoveryKey, RecoveryKeyFactory recoveryKeyFactory, @Named("recoverType") ObjectProperty<RecoveryActionType>  recoverType, @Named("cipherCombo") ObjectProperty<CryptorProvider.Scheme> cipherCombo, @Nullable MasterkeyFileAccess masterkeyFileAccess) {
-		return new RecoveryKeyValidateController(vault, vaultConfig, recoveryKey, recoveryKeyFactory, masterkeyFileAccess, recoverType, cipherCombo);
+	static FxController bindRecoveryKeyValidateController(@RecoveryKeyWindow Vault vault, @RecoveryKeyWindow @Nullable VaultConfig.UnverifiedVaultConfig vaultConfig, @RecoveryKeyWindow StringProperty recoveryKey, RecoveryKeyFactory recoveryKeyFactory) {
+		return new RecoveryKeyValidateController(vault, vaultConfig, recoveryKey, recoveryKeyFactory);
 	}

 	@Provides
--- a/Show More
+++ b/Show More
Author	SHA1	Message	Date
Armin Schrenk	e2ba37bbc7	Revert "do not extract wixhelper.dll if jmods do not exist" This reverts commit `624b623f8f`.	2025-06-23 15:42:45 +02:00
Armin Schrenk	60459c739e	explicitlly state arch for exe installer	2025-06-23 14:52:05 +02:00
Armin Schrenk	2f43c6688d	install wix 6.x on msi runner	2025-06-23 12:39:12 +02:00
Armin Schrenk	ac0b422701	add x86 installer with arm64 payload	2025-06-23 12:29:25 +02:00
Armin Schrenk	03fa62be01	include hidden files for upload	2025-06-23 12:27:13 +02:00
Armin Schrenk	fb86702cae	fix wrong license placement path	2025-06-23 12:10:21 +02:00
Armin Schrenk	7cdd950290	fix wrong paths and keys	2025-06-23 11:58:12 +02:00
Armin Schrenk	624b623f8f	do not extract wixhelper.dll if jmods do not exist	2025-06-23 11:57:22 +02:00
Armin Schrenk	f681618f30	fix errors	2025-06-23 11:44:30 +02:00
Armin Schrenk	39fc1fb7c9	First draft for workarounding #3899	2025-06-23 11:36:25 +02:00