Merge branch 'release/1.5.4'

Preparing 1.5.4
New Crowdin translations (#1166 )
2026-05-16 01:31:28 +00:00 · 2020-05-12 16:26:44 +02:00 · 2020-05-12 16:21:50 +02:00 · 2020-05-12 16:20:49 +02:00 · 2020-05-12 16:18:11 +02:00 · 2020-05-12 11:59:22 +02:00
265 changed files with 9222 additions and 4016 deletions
--- a/.github/FUNDING.yml
+++ b/.github/FUNDING.yml
@@ -1,6 +1,6 @@
 # These are supported funding model platforms

-github: [overheadhunter, tobihagemann] # Replace with up to 4 GitHub Sponsors-enabled usernames e.g., [user1, user2]
+github: [cryptomator] # Replace with up to 4 GitHub Sponsors-enabled usernames e.g., [user1, user2]
 patreon: # Replace with a single Patreon username
 open_collective: # Replace with a single Open Collective username
 ko_fi: # Replace with a single Ko-fi username
--- a/.github/stale.yml
+++ b/.github/stale.yml
@@ -1,12 +1,14 @@
 # Number of days of inactivity before an issue becomes stale
-daysUntilStale: 90
+daysUntilStale: 180
 # Number of days of inactivity before a stale issue is closed
 daysUntilClose: 30
 # Issues with these labels will never be considered stale
 exemptLabels:
  - type:security-issue # never close automatically
+  - type:feature-request # never close automatically
  - state:awaiting-response # handled by different bot
  - state:blocked
+  - state:confirmed
 # Set to true to ignore issues in a milestone (defaults to false)
 exemptMilestones: true
 # Label to use when marking an issue as stale
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -0,0 +1,113 @@
+name: Build
+
+on:
+  [push]
+
+jobs: 
+  build:
+    name: Build and Test
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v2
+      - uses: actions/setup-java@v1
+        with:
+          java-version: 14
+      - uses: actions/cache@v1
+        with:
+          path: ~/.m2/repository
+          key: ${{ runner.os }}-maven-${{ hashFiles('**/pom.xml') }}
+          restore-keys: |
+            ${{ runner.os }}-maven-
+      - name: Ensure to use tagged version
+        run: mvn versions:set --file main/pom.xml -DnewVersion=${GITHUB_REF##*/} # use shell parameter expansion to strip of 'refs/tags'
+        if: startsWith(github.ref, 'refs/tags/')
+      - name: Build and Test
+        run: mvn -B install --file main/pom.xml -Pcoverage
+      - name: Run Codacy Coverage Reporter
+        run: |
+          curl -o ~/codacy-coverage-reporter.jar https://repo.maven.apache.org/maven2/com/codacy/codacy-coverage-reporter/7.1.0/codacy-coverage-reporter-7.1.0-assembly.jar
+          $JAVA_HOME/bin/java -jar ~/codacy-coverage-reporter.jar report -l Java -r main/commons/target/site/jacoco/jacoco.xml --partial
+          $JAVA_HOME/bin/java -jar ~/codacy-coverage-reporter.jar report -l Java -r main/keychain/target/site/jacoco/jacoco.xml --partial
+          $JAVA_HOME/bin/java -jar ~/codacy-coverage-reporter.jar report -l Java -r main/ui/target/site/jacoco/jacoco.xml --partial
+          $JAVA_HOME/bin/java -jar ~/codacy-coverage-reporter.jar report -l Java -r main/launcher/target/site/jacoco/jacoco.xml --partial
+          $JAVA_HOME/bin/java -jar ~/codacy-coverage-reporter.jar final
+        env:
+          CODACY_PROJECT_TOKEN: ${{ secrets.CODACY_PROJECT_TOKEN }}
+      - name: Assemble Buildkit
+        run: mvn -B package -DskipTests --file main/pom.xml --resume-from=buildkit -Prelease
+      - name: Upload buildkit-linux.zip
+        uses: actions/upload-artifact@v1
+        with:
+          name: buildkit-linux.zip
+          path: main/buildkit/target/buildkit-linux.zip
+      - name: Upload buildkit-mac.zip
+        uses: actions/upload-artifact@v1
+        with:
+          name: buildkit-mac.zip
+          path: main/buildkit/target/buildkit-mac.zip
+      - name: Upload buildkit-win.zip
+        uses: actions/upload-artifact@v1
+        with:
+          name: buildkit-win.zip
+          path: main/buildkit/target/buildkit-win.zip
+          
+  release:
+    name: Draft a Release on GitHub Releases
+    runs-on: ubuntu-latest
+    needs: build
+    if: startsWith(github.ref, 'refs/tags/')
+    steps:
+      - name: Download buildkit-linux.zip
+        uses: actions/download-artifact@v1
+        with:
+          name: buildkit-linux.zip
+          path: .
+      - name: Download buildkit-mac.zip
+        uses: actions/download-artifact@v1
+        with:
+          name: buildkit-mac.zip
+          path: .
+      - name: Download buildkit-win.zip
+        uses: actions/download-artifact@v1
+        with:
+          name: buildkit-win.zip
+          path: .
+      - name: Create Release
+        id: create_release
+        uses: actions/create-release@v1
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        with:
+          tag_name: ${{ github.ref }}
+          release_name: ${{ github.ref }}
+          body: |
+            :construction: Work in Progress
+          draft: true
+          prerelease: false
+      - name: Upload buildkit-linux.zip to GitHub Releases
+        uses: actions/upload-release-asset@v1.0.1
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        with:
+          upload_url: ${{ steps.create_release.outputs.upload_url }}
+          asset_path: buildkit-linux.zip
+          asset_name: buildkit-linux.zip
+          asset_content_type: application/zip
+      - name: Upload buildkit-mac.zip to GitHub Releases
+        uses: actions/upload-release-asset@v1.0.1
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        with:
+          upload_url: ${{ steps.create_release.outputs.upload_url }}
+          asset_path: buildkit-mac.zip
+          asset_name: buildkit-mac.zip
+          asset_content_type: application/zip
+      - name: Upload buildkit-win.zip to GitHub Releases
+        uses: actions/upload-release-asset@v1.0.1
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        with:
+          upload_url: ${{ steps.create_release.outputs.upload_url }}
+          asset_path: buildkit-win.zip
+          asset_name: buildkit-win.zip
+          asset_content_type: application/zip
--- a/.idea/compiler.xml
+++ b/.idea/compiler.xml
@@ -7,20 +7,20 @@
        <sourceTestOutputDir name="target/generated-test-sources/test-annotations" />
        <outputRelativeToContentRoot value="true" />
        <processorPath useClasspath="false">
-          <entry name="$MAVEN_REPOSITORY$/com/google/dagger/dagger-compiler/2.25.2/dagger-compiler-2.25.2.jar" />
-          <entry name="$MAVEN_REPOSITORY$/com/google/dagger/dagger/2.25.2/dagger-2.25.2.jar" />
+          <entry name="$MAVEN_REPOSITORY$/com/google/dagger/dagger-compiler/2.27/dagger-compiler-2.27.jar" />
+          <entry name="$MAVEN_REPOSITORY$/com/google/dagger/dagger/2.27/dagger-2.27.jar" />
          <entry name="$MAVEN_REPOSITORY$/javax/inject/javax.inject/1/javax.inject-1.jar" />
-          <entry name="$MAVEN_REPOSITORY$/com/google/dagger/dagger-producers/2.25.2/dagger-producers-2.25.2.jar" />
+          <entry name="$MAVEN_REPOSITORY$/com/google/dagger/dagger-producers/2.27/dagger-producers-2.27.jar" />
          <entry name="$MAVEN_REPOSITORY$/com/google/guava/failureaccess/1.0.1/failureaccess-1.0.1.jar" />
          <entry name="$MAVEN_REPOSITORY$/com/google/guava/guava/27.1-jre/guava-27.1-jre.jar" />
          <entry name="$MAVEN_REPOSITORY$/com/google/guava/listenablefuture/9999.0-empty-to-avoid-conflict-with-guava/listenablefuture-9999.0-empty-to-avoid-conflict-with-guava.jar" />
-          <entry name="$MAVEN_REPOSITORY$/com/google/code/findbugs/jsr305/3.0.2/jsr305-3.0.2.jar" />
+          <entry name="$MAVEN_REPOSITORY$/com/google/code/findbugs/jsr305/3.0.1/jsr305-3.0.1.jar" />
          <entry name="$MAVEN_REPOSITORY$/org/checkerframework/checker-qual/2.5.2/checker-qual-2.5.2.jar" />
          <entry name="$MAVEN_REPOSITORY$/com/google/errorprone/error_prone_annotations/2.2.0/error_prone_annotations-2.2.0.jar" />
          <entry name="$MAVEN_REPOSITORY$/com/google/j2objc/j2objc-annotations/1.1/j2objc-annotations-1.1.jar" />
          <entry name="$MAVEN_REPOSITORY$/org/codehaus/mojo/animal-sniffer-annotations/1.17/animal-sniffer-annotations-1.17.jar" />
          <entry name="$MAVEN_REPOSITORY$/org/checkerframework/checker-compat-qual/2.5.3/checker-compat-qual-2.5.3.jar" />
-          <entry name="$MAVEN_REPOSITORY$/com/google/dagger/dagger-spi/2.25.2/dagger-spi-2.25.2.jar" />
+          <entry name="$MAVEN_REPOSITORY$/com/google/dagger/dagger-spi/2.27/dagger-spi-2.27.jar" />
          <entry name="$MAVEN_REPOSITORY$/com/squareup/javapoet/1.11.1/javapoet-1.11.1.jar" />
          <entry name="$MAVEN_REPOSITORY$/com/google/googlejavaformat/google-java-format/1.5/google-java-format-1.5.jar" />
          <entry name="$MAVEN_REPOSITORY$/com/google/errorprone/javac-shaded/9-dev-r4023-3/javac-shaded-9-dev-r4023-3.jar" />
@@ -31,10 +31,10 @@
          <entry name="$MAVEN_REPOSITORY$/org/jetbrains/annotations/13.0/annotations-13.0.jar" />
          <entry name="$MAVEN_REPOSITORY$/org/jetbrains/kotlinx/kotlinx-metadata-jvm/0.1.0/kotlinx-metadata-jvm-0.1.0.jar" />
        </processorPath>
-        <module name="commons" />
        <module name="keychain" />
-        <module name="ui" />
        <module name="launcher" />
+        <module name="commons" />
+        <module name="ui" />
      </profile>
    </annotationProcessing>
  </component>
--- a/.idea/encodings.xml
+++ b/.idea/encodings.xml
@@ -1,11 +1,13 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <project version="4">
-  <component name="Encoding" addBOMForNewFiles="with NO BOM">
+  <component name="Encoding" defaultCharsetForPropertiesFiles="UTF-8">
    <file url="file://$PROJECT_DIR$/main" charset="UTF-8" />
-    <file url="file://$PROJECT_DIR$/main/buildkit" charset="UTF-8" />
-    <file url="file://$PROJECT_DIR$/main/commons" charset="UTF-8" />
-    <file url="file://$PROJECT_DIR$/main/keychain" charset="UTF-8" />
-    <file url="file://$PROJECT_DIR$/main/launcher" charset="UTF-8" />
-    <file url="file://$PROJECT_DIR$/main/ui" charset="UTF-8" />
+    <file url="file://$PROJECT_DIR$/main/commons/src/main/java" charset="UTF-8" />
+    <file url="file://$PROJECT_DIR$/main/keychain/src/main/java" charset="UTF-8" />
+    <file url="file://$PROJECT_DIR$/main/keychain/src/main/resources" charset="UTF-8" />
+    <file url="file://$PROJECT_DIR$/main/launcher/src/main/java" charset="UTF-8" />
+    <file url="file://$PROJECT_DIR$/main/ui/src/main/java" charset="UTF-8" />
+    <file url="file://$PROJECT_DIR$/main/ui/src/main/resources" charset="UTF-8" />
+    <file url="PROJECT" charset="UTF-8" />
  </component>
 </project>
--- a/.idea/jarRepositories.xml
+++ b/.idea/jarRepositories.xml
@@ -0,0 +1,30 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<project version="4">
+  <component name="RemoteRepositoriesConfiguration">
+    <remote-repository>
+      <option name="id" value="bintray" />
+      <option name="name" value="Bintray JCenter" />
+      <option name="url" value="https://jcenter.bintray.com" />
+    </remote-repository>
+    <remote-repository>
+      <option name="id" value="central" />
+      <option name="name" value="Maven Central Repository" />
+      <option name="url" value="https://repo.maven.apache.org/maven2" />
+    </remote-repository>
+    <remote-repository>
+      <option name="id" value="central" />
+      <option name="name" value="Maven Central repository" />
+      <option name="url" value="https://repo1.maven.org/maven2" />
+    </remote-repository>
+    <remote-repository>
+      <option name="id" value="jcenter" />
+      <option name="name" value="jcenter" />
+      <option name="url" value="https://jcenter.bintray.com" />
+    </remote-repository>
+    <remote-repository>
+      <option name="id" value="jboss.community" />
+      <option name="name" value="JBoss Community repository" />
+      <option name="url" value="https://repository.jboss.org/nexus/content/repositories/public/" />
+    </remote-repository>
+  </component>
+</project>
--- a/.idea/misc.xml
+++ b/.idea/misc.xml
@@ -8,7 +8,7 @@
      </list>
    </option>
  </component>
-  <component name="ProjectRootManager" version="2" languageLevel="JDK_11" default="false" project-jdk-name="11" project-jdk-type="JavaSDK">
+  <component name="ProjectRootManager" version="2" languageLevel="JDK_14" default="false" project-jdk-name="14" project-jdk-type="JavaSDK">
    <output url="file://$PROJECT_DIR$/out" />
  </component>
 </project>
--- a/.idea/runConfigurations/Cryptomator_macOS.xml
+++ b/.idea/runConfigurations/Cryptomator_macOS.xml
@@ -1,5 +1,8 @@
 <component name="ProjectRunConfigurationManager">
  <configuration default="false" name="Cryptomator macOS" type="Application" factoryName="Application">
+    <envs>
+      <env name="LD_LIBRARY_PATH" value="/usr/local/lib" />
+    </envs>
    <option name="MAIN_CLASS_NAME" value="org.cryptomator.launcher.Cryptomator" />
    <module name="launcher" />
    <option name="WORKING_DIRECTORY" value="$PROJECT_DIR$" />
--- a/.travis-deploy-release.tmpl.json
+++ b/.travis-deploy-release.tmpl.json
@@ -1,19 +0,0 @@
-{
-  "package": {
-	"name": "buildkit",
-	"repo": "cryptomator",
-	"subject": "cryptomator"
-  },
-  "version": {
-	"name": "$TRAVIS_TAG",
-	"desc": "Cryptomator version $TRAVIS_TAG",
-	"released": "$TODAY",
-	"vcs_tag": "$TRAVIS_TAG",
-	"gpgSign": true
-  },
-  "files":
-  [
-	{"includePattern": "main/buildkit/target/(buildkit-[a-z]+\\.zip)", "uploadPattern": "/$TRAVIS_TAG/$1"}
-  ],
-  "publish": true
-}
--- a/.travis-deploy-snapshot.json
+++ b/.travis-deploy-snapshot.json
@@ -1,15 +0,0 @@
-{
-  "package": {
-	"name": "buildkit",
-	"repo": "cryptomator",
-	"subject": "cryptomator"
-  },
-  "version": {
-	"name": "snapshot"
-  },
-  "files":
-  [
-	{"includePattern": "main/buildkit/target/(buildkit-[a-z]+\\.zip)", "uploadPattern": "/snapshot/$1", "matrixParams": {"override": 1}}
-  ],
-  "publish": true
-}
--- a/.travis.yml
+++ b/.travis.yml
@@ -1,65 +0,0 @@
-dist: bionic
-language: java
-sudo: false
-jdk:
- openjdk11
-cache:
-  directories:
-  - $HOME/.m2
-env:
-  global:
-    - secure: "HftEaabMmWn5GwKFKksUkOcelc3Mn7xazwAEy+4d4gL1+F8VhID/6DCK7nas+afUymWnxTano8Rv4Ci5MWryNkNkTH+FUPWmF3xWezc3hajSyS7RB92IZ8VPetl4Fo8UI1WwM5apDEaugalPxkIf8a7N+lpG5X/Gpumwzo3Be3w=" # BINTRAY_API_KEY
-    - secure: "oWFgRTVP6lyTa7qVxlvkpm20MtVc3BtmsNXQJS6bfg2A0o/iCQMNx7OD59BaafCLGRKvCcJVESiC8FlSylVMS7CDSyYu0gg70NUiIuHp4NBM5inFWYCy/PdQsCTzr5uvNG+rMFQpMFRaCV0FrfM3tLondcVkhsHL68l93Xoexx4=" # CODACY_PROJECT_TOKEN
-    - secure: "zJxgytA2Ks5Xzv+7kUaUq+EBFNQw9Qec63lcMJVuXVWczjL16nKW1EzzV515ag+OWL46z3lEPForDhufw0VtFnNmaX68jkO0mp01eLrHApc1llN2Y/U8GBXfNNazN4+Kom4H+z/AO+wJr8EsKMMUczCdQ3APgd9uVI0hzXw/Z3M=" # GITHUB_API_KEY
-addons:
-  apt:
-    packages:
-    - haveged
-install:
- curl -o $HOME/.m2/settings.xml https://gist.githubusercontent.com/cryptobot/cf5fbd909c4782aaeeeb7c7f4a1a43da/raw/e60ee486e34ee0c79f89f947abe2c83b4290c6bb/settings.xml
- mvn -fmain/pom.xml clean install -DskipTests -Dorg.slf4j.simpleLogger.log.org.apache.maven.cli.transfer.Slf4jMavenTransferListener=WARN org.codehaus.mojo:versions-maven-plugin:help dependency:go-offline -Pcoverage,release # "clean install" needed until we can exclude artifacts currently in the reactor, see https://maven.apache.org/plugins/maven-dependency-plugin/go-offline-mojo.html#excludeReactor and https://issues.apache.org/jira/browse/MDEP-568
-before_script:
- |
-  if [[ -n "$TRAVIS_TAG" ]]; then
-    mvn -fmain/pom.xml org.codehaus.mojo:versions-maven-plugin:set -DnewVersion=$TRAVIS_TAG
-  else
-    mvn -fmain/pom.xml org.codehaus.mojo:versions-maven-plugin:set -DnewVersion=SNAPSHOT-$(echo $TRAVIS_COMMIT | head -c7)
-  fi
-script:
- mvn --update-snapshots -fmain/pom.xml clean test verify -Pcoverage
-after_success:
- curl -o ~/codacy-coverage-reporter.jar https://oss.sonatype.org/service/local/repositories/releases/content/com/codacy/codacy-coverage-reporter/6.0.7/codacy-coverage-reporter-6.0.7-assembly.jar
- $JAVA_HOME/bin/java -jar ~/codacy-coverage-reporter.jar report -l Java -r main/commons/target/site/jacoco/jacoco.xml --partial
- $JAVA_HOME/bin/java -jar ~/codacy-coverage-reporter.jar report -l Java -r main/keychain/target/site/jacoco/jacoco.xml --partial
- $JAVA_HOME/bin/java -jar ~/codacy-coverage-reporter.jar report -l Java -r main/ui/target/site/jacoco/jacoco.xml --partial
- $JAVA_HOME/bin/java -jar ~/codacy-coverage-reporter.jar report -l Java -r main/launcher/target/site/jacoco/jacoco.xml --partial
- $JAVA_HOME/bin/java -jar ~/codacy-coverage-reporter.jar final
-before_deploy:
- mvn -fmain/pom.xml package -Prelease -DskipTests
- export TODAY=`date +'%Y-%m-%d'`; envsubst '$TRAVIS_TAG $TODAY' < .travis-deploy-release.tmpl.json > .travis-deploy-release.json
-deploy:
- provider: bintray # SNAPSHOTS
-  file: .travis-deploy-snapshot.json
-  user: cryptobot
-  key: $BINTRAY_API_KEY
-  skip_cleanup: true
-  on:
-    repo: cryptomator/cryptomator
-    branch: develop
- provider: bintray # RELEASES
-  file: .travis-deploy-release.json
-  user: cryptobot
-  key: $BINTRAY_API_KEY
-  skip_cleanup: true
-  on:
-    repo: cryptomator/cryptomator
-    tags: true
- provider: releases
-  api_key: $GITHUB_API_KEY
-  file_glob: true
-  file:
-    - "main/buildkit/target/buildkit-*.zip"
-  skip_cleanup: true
-  on:
-    repo: cryptomator/cryptomator
-    tags: true
--- a/LICENSES/AGPLv3.txt
+++ b/LICENSES/AGPLv3.txt
@@ -1,661 +0,0 @@
-                    GNU AFFERO GENERAL PUBLIC LICENSE
-                       Version 3, 19 November 2007
-
- Copyright (C) 2007 Free Software Foundation, Inc. <http://fsf.org/>
- Everyone is permitted to copy and distribute verbatim copies
- of this license document, but changing it is not allowed.
-
-                            Preamble
-
-  The GNU Affero General Public License is a free, copyleft license for
-software and other kinds of works, specifically designed to ensure
-cooperation with the community in the case of network server software.
-
-  The licenses for most software and other practical works are designed
-to take away your freedom to share and change the works.  By contrast,
-our General Public Licenses are intended to guarantee your freedom to
-share and change all versions of a program--to make sure it remains free
-software for all its users.
-
-  When we speak of free software, we are referring to freedom, not
-price.  Our General Public Licenses are designed to make sure that you
-have the freedom to distribute copies of free software (and charge for
-them if you wish), that you receive source code or can get it if you
-want it, that you can change the software or use pieces of it in new
-free programs, and that you know you can do these things.
-
-  Developers that use our General Public Licenses protect your rights
-with two steps: (1) assert copyright on the software, and (2) offer
-you this License which gives you legal permission to copy, distribute
-and/or modify the software.
-
-  A secondary benefit of defending all users' freedom is that
-improvements made in alternate versions of the program, if they
-receive widespread use, become available for other developers to
-incorporate.  Many developers of free software are heartened and
-encouraged by the resulting cooperation.  However, in the case of
-software used on network servers, this result may fail to come about.
-The GNU General Public License permits making a modified version and
-letting the public access it on a server without ever releasing its
-source code to the public.
-
-  The GNU Affero General Public License is designed specifically to
-ensure that, in such cases, the modified source code becomes available
-to the community.  It requires the operator of a network server to
-provide the source code of the modified version running there to the
-users of that server.  Therefore, public use of a modified version, on
-a publicly accessible server, gives the public access to the source
-code of the modified version.
-
-  An older license, called the Affero General Public License and
-published by Affero, was designed to accomplish similar goals.  This is
-a different license, not a version of the Affero GPL, but Affero has
-released a new version of the Affero GPL which permits relicensing under
-this license.
-
-  The precise terms and conditions for copying, distribution and
-modification follow.
-
-                       TERMS AND CONDITIONS
-
-  0. Definitions.
-
-  "This License" refers to version 3 of the GNU Affero General Public License.
-
-  "Copyright" also means copyright-like laws that apply to other kinds of
-works, such as semiconductor masks.
-
-  "The Program" refers to any copyrightable work licensed under this
-License.  Each licensee is addressed as "you".  "Licensees" and
-"recipients" may be individuals or organizations.
-
-  To "modify" a work means to copy from or adapt all or part of the work
-in a fashion requiring copyright permission, other than the making of an
-exact copy.  The resulting work is called a "modified version" of the
-earlier work or a work "based on" the earlier work.
-
-  A "covered work" means either the unmodified Program or a work based
-on the Program.
-
-  To "propagate" a work means to do anything with it that, without
-permission, would make you directly or secondarily liable for
-infringement under applicable copyright law, except executing it on a
-computer or modifying a private copy.  Propagation includes copying,
-distribution (with or without modification), making available to the
-public, and in some countries other activities as well.
-
-  To "convey" a work means any kind of propagation that enables other
-parties to make or receive copies.  Mere interaction with a user through
-a computer network, with no transfer of a copy, is not conveying.
-
-  An interactive user interface displays "Appropriate Legal Notices"
-to the extent that it includes a convenient and prominently visible
-feature that (1) displays an appropriate copyright notice, and (2)
-tells the user that there is no warranty for the work (except to the
-extent that warranties are provided), that licensees may convey the
-work under this License, and how to view a copy of this License.  If
-the interface presents a list of user commands or options, such as a
-menu, a prominent item in the list meets this criterion.
-
-  1. Source Code.
-
-  The "source code" for a work means the preferred form of the work
-for making modifications to it.  "Object code" means any non-source
-form of a work.
-
-  A "Standard Interface" means an interface that either is an official
-standard defined by a recognized standards body, or, in the case of
-interfaces specified for a particular programming language, one that
-is widely used among developers working in that language.
-
-  The "System Libraries" of an executable work include anything, other
-than the work as a whole, that (a) is included in the normal form of
-packaging a Major Component, but which is not part of that Major
-Component, and (b) serves only to enable use of the work with that
-Major Component, or to implement a Standard Interface for which an
-implementation is available to the public in source code form.  A
-"Major Component", in this context, means a major essential component
-(kernel, window system, and so on) of the specific operating system
-(if any) on which the executable work runs, or a compiler used to
-produce the work, or an object code interpreter used to run it.
-
-  The "Corresponding Source" for a work in object code form means all
-the source code needed to generate, install, and (for an executable
-work) run the object code and to modify the work, including scripts to
-control those activities.  However, it does not include the work's
-System Libraries, or general-purpose tools or generally available free
-programs which are used unmodified in performing those activities but
-which are not part of the work.  For example, Corresponding Source
-includes interface definition files associated with source files for
-the work, and the source code for shared libraries and dynamically
-linked subprograms that the work is specifically designed to require,
-such as by intimate data communication or control flow between those
-subprograms and other parts of the work.
-
-  The Corresponding Source need not include anything that users
-can regenerate automatically from other parts of the Corresponding
-Source.
-
-  The Corresponding Source for a work in source code form is that
-same work.
-
-  2. Basic Permissions.
-
-  All rights granted under this License are granted for the term of
-copyright on the Program, and are irrevocable provided the stated
-conditions are met.  This License explicitly affirms your unlimited
-permission to run the unmodified Program.  The output from running a
-covered work is covered by this License only if the output, given its
-content, constitutes a covered work.  This License acknowledges your
-rights of fair use or other equivalent, as provided by copyright law.
-
-  You may make, run and propagate covered works that you do not
-convey, without conditions so long as your license otherwise remains
-in force.  You may convey covered works to others for the sole purpose
-of having them make modifications exclusively for you, or provide you
-with facilities for running those works, provided that you comply with
-the terms of this License in conveying all material for which you do
-not control copyright.  Those thus making or running the covered works
-for you must do so exclusively on your behalf, under your direction
-and control, on terms that prohibit them from making any copies of
-your copyrighted material outside their relationship with you.
-
-  Conveying under any other circumstances is permitted solely under
-the conditions stated below.  Sublicensing is not allowed; section 10
-makes it unnecessary.
-
-  3. Protecting Users' Legal Rights From Anti-Circumvention Law.
-
-  No covered work shall be deemed part of an effective technological
-measure under any applicable law fulfilling obligations under article
-11 of the WIPO copyright treaty adopted on 20 December 1996, or
-similar laws prohibiting or restricting circumvention of such
-measures.
-
-  When you convey a covered work, you waive any legal power to forbid
-circumvention of technological measures to the extent such circumvention
-is effected by exercising rights under this License with respect to
-the covered work, and you disclaim any intention to limit operation or
-modification of the work as a means of enforcing, against the work's
-users, your or third parties' legal rights to forbid circumvention of
-technological measures.
-
-  4. Conveying Verbatim Copies.
-
-  You may convey verbatim copies of the Program's source code as you
-receive it, in any medium, provided that you conspicuously and
-appropriately publish on each copy an appropriate copyright notice;
-keep intact all notices stating that this License and any
-non-permissive terms added in accord with section 7 apply to the code;
-keep intact all notices of the absence of any warranty; and give all
-recipients a copy of this License along with the Program.
-
-  You may charge any price or no price for each copy that you convey,
-and you may offer support or warranty protection for a fee.
-
-  5. Conveying Modified Source Versions.
-
-  You may convey a work based on the Program, or the modifications to
-produce it from the Program, in the form of source code under the
-terms of section 4, provided that you also meet all of these conditions:
-
-    a) The work must carry prominent notices stating that you modified
-    it, and giving a relevant date.
-
-    b) The work must carry prominent notices stating that it is
-    released under this License and any conditions added under section
-    7.  This requirement modifies the requirement in section 4 to
-    "keep intact all notices".
-
-    c) You must license the entire work, as a whole, under this
-    License to anyone who comes into possession of a copy.  This
-    License will therefore apply, along with any applicable section 7
-    additional terms, to the whole of the work, and all its parts,
-    regardless of how they are packaged.  This License gives no
-    permission to license the work in any other way, but it does not
-    invalidate such permission if you have separately received it.
-
-    d) If the work has interactive user interfaces, each must display
-    Appropriate Legal Notices; however, if the Program has interactive
-    interfaces that do not display Appropriate Legal Notices, your
-    work need not make them do so.
-
-  A compilation of a covered work with other separate and independent
-works, which are not by their nature extensions of the covered work,
-and which are not combined with it such as to form a larger program,
-in or on a volume of a storage or distribution medium, is called an
-"aggregate" if the compilation and its resulting copyright are not
-used to limit the access or legal rights of the compilation's users
-beyond what the individual works permit.  Inclusion of a covered work
-in an aggregate does not cause this License to apply to the other
-parts of the aggregate.
-
-  6. Conveying Non-Source Forms.
-
-  You may convey a covered work in object code form under the terms
-of sections 4 and 5, provided that you also convey the
-machine-readable Corresponding Source under the terms of this License,
-in one of these ways:
-
-    a) Convey the object code in, or embodied in, a physical product
-    (including a physical distribution medium), accompanied by the
-    Corresponding Source fixed on a durable physical medium
-    customarily used for software interchange.
-
-    b) Convey the object code in, or embodied in, a physical product
-    (including a physical distribution medium), accompanied by a
-    written offer, valid for at least three years and valid for as
-    long as you offer spare parts or customer support for that product
-    model, to give anyone who possesses the object code either (1) a
-    copy of the Corresponding Source for all the software in the
-    product that is covered by this License, on a durable physical
-    medium customarily used for software interchange, for a price no
-    more than your reasonable cost of physically performing this
-    conveying of source, or (2) access to copy the
-    Corresponding Source from a network server at no charge.
-
-    c) Convey individual copies of the object code with a copy of the
-    written offer to provide the Corresponding Source.  This
-    alternative is allowed only occasionally and noncommercially, and
-    only if you received the object code with such an offer, in accord
-    with subsection 6b.
-
-    d) Convey the object code by offering access from a designated
-    place (gratis or for a charge), and offer equivalent access to the
-    Corresponding Source in the same way through the same place at no
-    further charge.  You need not require recipients to copy the
-    Corresponding Source along with the object code.  If the place to
-    copy the object code is a network server, the Corresponding Source
-    may be on a different server (operated by you or a third party)
-    that supports equivalent copying facilities, provided you maintain
-    clear directions next to the object code saying where to find the
-    Corresponding Source.  Regardless of what server hosts the
-    Corresponding Source, you remain obligated to ensure that it is
-    available for as long as needed to satisfy these requirements.
-
-    e) Convey the object code using peer-to-peer transmission, provided
-    you inform other peers where the object code and Corresponding
-    Source of the work are being offered to the general public at no
-    charge under subsection 6d.
-
-  A separable portion of the object code, whose source code is excluded
-from the Corresponding Source as a System Library, need not be
-included in conveying the object code work.
-
-  A "User Product" is either (1) a "consumer product", which means any
-tangible personal property which is normally used for personal, family,
-or household purposes, or (2) anything designed or sold for incorporation
-into a dwelling.  In determining whether a product is a consumer product,
-doubtful cases shall be resolved in favor of coverage.  For a particular
-product received by a particular user, "normally used" refers to a
-typical or common use of that class of product, regardless of the status
-of the particular user or of the way in which the particular user
-actually uses, or expects or is expected to use, the product.  A product
-is a consumer product regardless of whether the product has substantial
-commercial, industrial or non-consumer uses, unless such uses represent
-the only significant mode of use of the product.
-
-  "Installation Information" for a User Product means any methods,
-procedures, authorization keys, or other information required to install
-and execute modified versions of a covered work in that User Product from
-a modified version of its Corresponding Source.  The information must
-suffice to ensure that the continued functioning of the modified object
-code is in no case prevented or interfered with solely because
-modification has been made.
-
-  If you convey an object code work under this section in, or with, or
-specifically for use in, a User Product, and the conveying occurs as
-part of a transaction in which the right of possession and use of the
-User Product is transferred to the recipient in perpetuity or for a
-fixed term (regardless of how the transaction is characterized), the
-Corresponding Source conveyed under this section must be accompanied
-by the Installation Information.  But this requirement does not apply
-if neither you nor any third party retains the ability to install
-modified object code on the User Product (for example, the work has
-been installed in ROM).
-
-  The requirement to provide Installation Information does not include a
-requirement to continue to provide support service, warranty, or updates
-for a work that has been modified or installed by the recipient, or for
-the User Product in which it has been modified or installed.  Access to a
-network may be denied when the modification itself materially and
-adversely affects the operation of the network or violates the rules and
-protocols for communication across the network.
-
-  Corresponding Source conveyed, and Installation Information provided,
-in accord with this section must be in a format that is publicly
-documented (and with an implementation available to the public in
-source code form), and must require no special password or key for
-unpacking, reading or copying.
-
-  7. Additional Terms.
-
-  "Additional permissions" are terms that supplement the terms of this
-License by making exceptions from one or more of its conditions.
-Additional permissions that are applicable to the entire Program shall
-be treated as though they were included in this License, to the extent
-that they are valid under applicable law.  If additional permissions
-apply only to part of the Program, that part may be used separately
-under those permissions, but the entire Program remains governed by
-this License without regard to the additional permissions.
-
-  When you convey a copy of a covered work, you may at your option
-remove any additional permissions from that copy, or from any part of
-it.  (Additional permissions may be written to require their own
-removal in certain cases when you modify the work.)  You may place
-additional permissions on material, added by you to a covered work,
-for which you have or can give appropriate copyright permission.
-
-  Notwithstanding any other provision of this License, for material you
-add to a covered work, you may (if authorized by the copyright holders of
-that material) supplement the terms of this License with terms:
-
-    a) Disclaiming warranty or limiting liability differently from the
-    terms of sections 15 and 16 of this License; or
-
-    b) Requiring preservation of specified reasonable legal notices or
-    author attributions in that material or in the Appropriate Legal
-    Notices displayed by works containing it; or
-
-    c) Prohibiting misrepresentation of the origin of that material, or
-    requiring that modified versions of such material be marked in
-    reasonable ways as different from the original version; or
-
-    d) Limiting the use for publicity purposes of names of licensors or
-    authors of the material; or
-
-    e) Declining to grant rights under trademark law for use of some
-    trade names, trademarks, or service marks; or
-
-    f) Requiring indemnification of licensors and authors of that
-    material by anyone who conveys the material (or modified versions of
-    it) with contractual assumptions of liability to the recipient, for
-    any liability that these contractual assumptions directly impose on
-    those licensors and authors.
-
-  All other non-permissive additional terms are considered "further
-restrictions" within the meaning of section 10.  If the Program as you
-received it, or any part of it, contains a notice stating that it is
-governed by this License along with a term that is a further
-restriction, you may remove that term.  If a license document contains
-a further restriction but permits relicensing or conveying under this
-License, you may add to a covered work material governed by the terms
-of that license document, provided that the further restriction does
-not survive such relicensing or conveying.
-
-  If you add terms to a covered work in accord with this section, you
-must place, in the relevant source files, a statement of the
-additional terms that apply to those files, or a notice indicating
-where to find the applicable terms.
-
-  Additional terms, permissive or non-permissive, may be stated in the
-form of a separately written license, or stated as exceptions;
-the above requirements apply either way.
-
-  8. Termination.
-
-  You may not propagate or modify a covered work except as expressly
-provided under this License.  Any attempt otherwise to propagate or
-modify it is void, and will automatically terminate your rights under
-this License (including any patent licenses granted under the third
-paragraph of section 11).
-
-  However, if you cease all violation of this License, then your
-license from a particular copyright holder is reinstated (a)
-provisionally, unless and until the copyright holder explicitly and
-finally terminates your license, and (b) permanently, if the copyright
-holder fails to notify you of the violation by some reasonable means
-prior to 60 days after the cessation.
-
-  Moreover, your license from a particular copyright holder is
-reinstated permanently if the copyright holder notifies you of the
-violation by some reasonable means, this is the first time you have
-received notice of violation of this License (for any work) from that
-copyright holder, and you cure the violation prior to 30 days after
-your receipt of the notice.
-
-  Termination of your rights under this section does not terminate the
-licenses of parties who have received copies or rights from you under
-this License.  If your rights have been terminated and not permanently
-reinstated, you do not qualify to receive new licenses for the same
-material under section 10.
-
-  9. Acceptance Not Required for Having Copies.
-
-  You are not required to accept this License in order to receive or
-run a copy of the Program.  Ancillary propagation of a covered work
-occurring solely as a consequence of using peer-to-peer transmission
-to receive a copy likewise does not require acceptance.  However,
-nothing other than this License grants you permission to propagate or
-modify any covered work.  These actions infringe copyright if you do
-not accept this License.  Therefore, by modifying or propagating a
-covered work, you indicate your acceptance of this License to do so.
-
-  10. Automatic Licensing of Downstream Recipients.
-
-  Each time you convey a covered work, the recipient automatically
-receives a license from the original licensors, to run, modify and
-propagate that work, subject to this License.  You are not responsible
-for enforcing compliance by third parties with this License.
-
-  An "entity transaction" is a transaction transferring control of an
-organization, or substantially all assets of one, or subdividing an
-organization, or merging organizations.  If propagation of a covered
-work results from an entity transaction, each party to that
-transaction who receives a copy of the work also receives whatever
-licenses to the work the party's predecessor in interest had or could
-give under the previous paragraph, plus a right to possession of the
-Corresponding Source of the work from the predecessor in interest, if
-the predecessor has it or can get it with reasonable efforts.
-
-  You may not impose any further restrictions on the exercise of the
-rights granted or affirmed under this License.  For example, you may
-not impose a license fee, royalty, or other charge for exercise of
-rights granted under this License, and you may not initiate litigation
-(including a cross-claim or counterclaim in a lawsuit) alleging that
-any patent claim is infringed by making, using, selling, offering for
-sale, or importing the Program or any portion of it.
-
-  11. Patents.
-
-  A "contributor" is a copyright holder who authorizes use under this
-License of the Program or a work on which the Program is based.  The
-work thus licensed is called the contributor's "contributor version".
-
-  A contributor's "essential patent claims" are all patent claims
-owned or controlled by the contributor, whether already acquired or
-hereafter acquired, that would be infringed by some manner, permitted
-by this License, of making, using, or selling its contributor version,
-but do not include claims that would be infringed only as a
-consequence of further modification of the contributor version.  For
-purposes of this definition, "control" includes the right to grant
-patent sublicenses in a manner consistent with the requirements of
-this License.
-
-  Each contributor grants you a non-exclusive, worldwide, royalty-free
-patent license under the contributor's essential patent claims, to
-make, use, sell, offer for sale, import and otherwise run, modify and
-propagate the contents of its contributor version.
-
-  In the following three paragraphs, a "patent license" is any express
-agreement or commitment, however denominated, not to enforce a patent
-(such as an express permission to practice a patent or covenant not to
-sue for patent infringement).  To "grant" such a patent license to a
-party means to make such an agreement or commitment not to enforce a
-patent against the party.
-
-  If you convey a covered work, knowingly relying on a patent license,
-and the Corresponding Source of the work is not available for anyone
-to copy, free of charge and under the terms of this License, through a
-publicly available network server or other readily accessible means,
-then you must either (1) cause the Corresponding Source to be so
-available, or (2) arrange to deprive yourself of the benefit of the
-patent license for this particular work, or (3) arrange, in a manner
-consistent with the requirements of this License, to extend the patent
-license to downstream recipients.  "Knowingly relying" means you have
-actual knowledge that, but for the patent license, your conveying the
-covered work in a country, or your recipient's use of the covered work
-in a country, would infringe one or more identifiable patents in that
-country that you have reason to believe are valid.
-
-  If, pursuant to or in connection with a single transaction or
-arrangement, you convey, or propagate by procuring conveyance of, a
-covered work, and grant a patent license to some of the parties
-receiving the covered work authorizing them to use, propagate, modify
-or convey a specific copy of the covered work, then the patent license
-you grant is automatically extended to all recipients of the covered
-work and works based on it.
-
-  A patent license is "discriminatory" if it does not include within
-the scope of its coverage, prohibits the exercise of, or is
-conditioned on the non-exercise of one or more of the rights that are
-specifically granted under this License.  You may not convey a covered
-work if you are a party to an arrangement with a third party that is
-in the business of distributing software, under which you make payment
-to the third party based on the extent of your activity of conveying
-the work, and under which the third party grants, to any of the
-parties who would receive the covered work from you, a discriminatory
-patent license (a) in connection with copies of the covered work
-conveyed by you (or copies made from those copies), or (b) primarily
-for and in connection with specific products or compilations that
-contain the covered work, unless you entered into that arrangement,
-or that patent license was granted, prior to 28 March 2007.
-
-  Nothing in this License shall be construed as excluding or limiting
-any implied license or other defenses to infringement that may
-otherwise be available to you under applicable patent law.
-
-  12. No Surrender of Others' Freedom.
-
-  If conditions are imposed on you (whether by court order, agreement or
-otherwise) that contradict the conditions of this License, they do not
-excuse you from the conditions of this License.  If you cannot convey a
-covered work so as to satisfy simultaneously your obligations under this
-License and any other pertinent obligations, then as a consequence you may
-not convey it at all.  For example, if you agree to terms that obligate you
-to collect a royalty for further conveying from those to whom you convey
-the Program, the only way you could satisfy both those terms and this
-License would be to refrain entirely from conveying the Program.
-
-  13. Remote Network Interaction; Use with the GNU General Public License.
-
-  Notwithstanding any other provision of this License, if you modify the
-Program, your modified version must prominently offer all users
-interacting with it remotely through a computer network (if your version
-supports such interaction) an opportunity to receive the Corresponding
-Source of your version by providing access to the Corresponding Source
-from a network server at no charge, through some standard or customary
-means of facilitating copying of software.  This Corresponding Source
-shall include the Corresponding Source for any work covered by version 3
-of the GNU General Public License that is incorporated pursuant to the
-following paragraph.
-
-  Notwithstanding any other provision of this License, you have
-permission to link or combine any covered work with a work licensed
-under version 3 of the GNU General Public License into a single
-combined work, and to convey the resulting work.  The terms of this
-License will continue to apply to the part which is the covered work,
-but the work with which it is combined will remain governed by version
-3 of the GNU General Public License.
-
-  14. Revised Versions of this License.
-
-  The Free Software Foundation may publish revised and/or new versions of
-the GNU Affero General Public License from time to time.  Such new versions
-will be similar in spirit to the present version, but may differ in detail to
-address new problems or concerns.
-
-  Each version is given a distinguishing version number.  If the
-Program specifies that a certain numbered version of the GNU Affero General
-Public License "or any later version" applies to it, you have the
-option of following the terms and conditions either of that numbered
-version or of any later version published by the Free Software
-Foundation.  If the Program does not specify a version number of the
-GNU Affero General Public License, you may choose any version ever published
-by the Free Software Foundation.
-
-  If the Program specifies that a proxy can decide which future
-versions of the GNU Affero General Public License can be used, that proxy's
-public statement of acceptance of a version permanently authorizes you
-to choose that version for the Program.
-
-  Later license versions may give you additional or different
-permissions.  However, no additional obligations are imposed on any
-author or copyright holder as a result of your choosing to follow a
-later version.
-
-  15. Disclaimer of Warranty.
-
-  THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY
-APPLICABLE LAW.  EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT
-HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY
-OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO,
-THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-PURPOSE.  THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM
-IS WITH YOU.  SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF
-ALL NECESSARY SERVICING, REPAIR OR CORRECTION.
-
-  16. Limitation of Liability.
-
-  IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING
-WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MODIFIES AND/OR CONVEYS
-THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY
-GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE
-USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF
-DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD
-PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS),
-EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF
-SUCH DAMAGES.
-
-  17. Interpretation of Sections 15 and 16.
-
-  If the disclaimer of warranty and limitation of liability provided
-above cannot be given local legal effect according to their terms,
-reviewing courts shall apply local law that most closely approximates
-an absolute waiver of all civil liability in connection with the
-Program, unless a warranty or assumption of liability accompanies a
-copy of the Program in return for a fee.
-
-                     END OF TERMS AND CONDITIONS
-
-            How to Apply These Terms to Your New Programs
-
-  If you develop a new program, and you want it to be of the greatest
-possible use to the public, the best way to achieve this is to make it
-free software which everyone can redistribute and change under these terms.
-
-  To do so, attach the following notices to the program.  It is safest
-to attach them to the start of each source file to most effectively
-state the exclusion of warranty; and each file should have at least
-the "copyright" line and a pointer to where the full notice is found.
-
-    <one line to give the program's name and a brief idea of what it does.>
-    Copyright (C) <year>  <name of author>
-
-    This program is free software: you can redistribute it and/or modify
-    it under the terms of the GNU Affero General Public License as published by
-    the Free Software Foundation, either version 3 of the License, or
-    (at your option) any later version.
-
-    This program is distributed in the hope that it will be useful,
-    but WITHOUT ANY WARRANTY; without even the implied warranty of
-    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-    GNU Affero General Public License for more details.
-
-    You should have received a copy of the GNU Affero General Public License
-    along with this program.  If not, see <http://www.gnu.org/licenses/>.
-
-Also add information on how to contact you by electronic and paper mail.
-
-  If your software can interact with users remotely through a computer
-network, you should also make sure that it provides a way for users to
-get its source.  For example, if your program is a web application, its
-interface could display a "Source" link that leads users to an archive
-of the code.  There are many ways you could offer source, and different
-solutions will be better for different programs; see section 13 for the
-specific requirements.
-
-  You should also get your employer (if you work as a programmer) or school,
-if any, to sign a "copyright disclaimer" for the program, if necessary.
-For more information on this, and how to apply and follow the GNU AGPL, see
-<http://www.gnu.org/licenses/>.
--- a/LICENSES/Apache-2.0.txt
+++ b/LICENSES/Apache-2.0.txt
@@ -1,202 +0,0 @@
-
-                                 Apache License
-                           Version 2.0, January 2004
-                        http://www.apache.org/licenses/
-
-   TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
-
-   1. Definitions.
-
-      "License" shall mean the terms and conditions for use, reproduction,
-      and distribution as defined by Sections 1 through 9 of this document.
-
-      "Licensor" shall mean the copyright owner or entity authorized by
-      the copyright owner that is granting the License.
-
-      "Legal Entity" shall mean the union of the acting entity and all
-      other entities that control, are controlled by, or are under common
-      control with that entity. For the purposes of this definition,
-      "control" means (i) the power, direct or indirect, to cause the
-      direction or management of such entity, whether by contract or
-      otherwise, or (ii) ownership of fifty percent (50%) or more of the
-      outstanding shares, or (iii) beneficial ownership of such entity.
-
-      "You" (or "Your") shall mean an individual or Legal Entity
-      exercising permissions granted by this License.
-
-      "Source" form shall mean the preferred form for making modifications,
-      including but not limited to software source code, documentation
-      source, and configuration files.
-
-      "Object" form shall mean any form resulting from mechanical
-      transformation or translation of a Source form, including but
-      not limited to compiled object code, generated documentation,
-      and conversions to other media types.
-
-      "Work" shall mean the work of authorship, whether in Source or
-      Object form, made available under the License, as indicated by a
-      copyright notice that is included in or attached to the work
-      (an example is provided in the Appendix below).
-
-      "Derivative Works" shall mean any work, whether in Source or Object
-      form, that is based on (or derived from) the Work and for which the
-      editorial revisions, annotations, elaborations, or other modifications
-      represent, as a whole, an original work of authorship. For the purposes
-      of this License, Derivative Works shall not include works that remain
-      separable from, or merely link (or bind by name) to the interfaces of,
-      the Work and Derivative Works thereof.
-
-      "Contribution" shall mean any work of authorship, including
-      the original version of the Work and any modifications or additions
-      to that Work or Derivative Works thereof, that is intentionally
-      submitted to Licensor for inclusion in the Work by the copyright owner
-      or by an individual or Legal Entity authorized to submit on behalf of
-      the copyright owner. For the purposes of this definition, "submitted"
-      means any form of electronic, verbal, or written communication sent
-      to the Licensor or its representatives, including but not limited to
-      communication on electronic mailing lists, source code control systems,
-      and issue tracking systems that are managed by, or on behalf of, the
-      Licensor for the purpose of discussing and improving the Work, but
-      excluding communication that is conspicuously marked or otherwise
-      designated in writing by the copyright owner as "Not a Contribution."
-
-      "Contributor" shall mean Licensor and any individual or Legal Entity
-      on behalf of whom a Contribution has been received by Licensor and
-      subsequently incorporated within the Work.
-
-   2. Grant of Copyright License. Subject to the terms and conditions of
-      this License, each Contributor hereby grants to You a perpetual,
-      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
-      copyright license to reproduce, prepare Derivative Works of,
-      publicly display, publicly perform, sublicense, and distribute the
-      Work and such Derivative Works in Source or Object form.
-
-   3. Grant of Patent License. Subject to the terms and conditions of
-      this License, each Contributor hereby grants to You a perpetual,
-      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
-      (except as stated in this section) patent license to make, have made,
-      use, offer to sell, sell, import, and otherwise transfer the Work,
-      where such license applies only to those patent claims licensable
-      by such Contributor that are necessarily infringed by their
-      Contribution(s) alone or by combination of their Contribution(s)
-      with the Work to which such Contribution(s) was submitted. If You
-      institute patent litigation against any entity (including a
-      cross-claim or counterclaim in a lawsuit) alleging that the Work
-      or a Contribution incorporated within the Work constitutes direct
-      or contributory patent infringement, then any patent licenses
-      granted to You under this License for that Work shall terminate
-      as of the date such litigation is filed.
-
-   4. Redistribution. You may reproduce and distribute copies of the
-      Work or Derivative Works thereof in any medium, with or without
-      modifications, and in Source or Object form, provided that You
-      meet the following conditions:
-
-      (a) You must give any other recipients of the Work or
-          Derivative Works a copy of this License; and
-
-      (b) You must cause any modified files to carry prominent notices
-          stating that You changed the files; and
-
-      (c) You must retain, in the Source form of any Derivative Works
-          that You distribute, all copyright, patent, trademark, and
-          attribution notices from the Source form of the Work,
-          excluding those notices that do not pertain to any part of
-          the Derivative Works; and
-
-      (d) If the Work includes a "NOTICE" text file as part of its
-          distribution, then any Derivative Works that You distribute must
-          include a readable copy of the attribution notices contained
-          within such NOTICE file, excluding those notices that do not
-          pertain to any part of the Derivative Works, in at least one
-          of the following places: within a NOTICE text file distributed
-          as part of the Derivative Works; within the Source form or
-          documentation, if provided along with the Derivative Works; or,
-          within a display generated by the Derivative Works, if and
-          wherever such third-party notices normally appear. The contents
-          of the NOTICE file are for informational purposes only and
-          do not modify the License. You may add Your own attribution
-          notices within Derivative Works that You distribute, alongside
-          or as an addendum to the NOTICE text from the Work, provided
-          that such additional attribution notices cannot be construed
-          as modifying the License.
-
-      You may add Your own copyright statement to Your modifications and
-      may provide additional or different license terms and conditions
-      for use, reproduction, or distribution of Your modifications, or
-      for any such Derivative Works as a whole, provided Your use,
-      reproduction, and distribution of the Work otherwise complies with
-      the conditions stated in this License.
-
-   5. Submission of Contributions. Unless You explicitly state otherwise,
-      any Contribution intentionally submitted for inclusion in the Work
-      by You to the Licensor shall be under the terms and conditions of
-      this License, without any additional terms or conditions.
-      Notwithstanding the above, nothing herein shall supersede or modify
-      the terms of any separate license agreement you may have executed
-      with Licensor regarding such Contributions.
-
-   6. Trademarks. This License does not grant permission to use the trade
-      names, trademarks, service marks, or product names of the Licensor,
-      except as required for reasonable and customary use in describing the
-      origin of the Work and reproducing the content of the NOTICE file.
-
-   7. Disclaimer of Warranty. Unless required by applicable law or
-      agreed to in writing, Licensor provides the Work (and each
-      Contributor provides its Contributions) on an "AS IS" BASIS,
-      WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
-      implied, including, without limitation, any warranties or conditions
-      of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
-      PARTICULAR PURPOSE. You are solely responsible for determining the
-      appropriateness of using or redistributing the Work and assume any
-      risks associated with Your exercise of permissions under this License.
-
-   8. Limitation of Liability. In no event and under no legal theory,
-      whether in tort (including negligence), contract, or otherwise,
-      unless required by applicable law (such as deliberate and grossly
-      negligent acts) or agreed to in writing, shall any Contributor be
-      liable to You for damages, including any direct, indirect, special,
-      incidental, or consequential damages of any character arising as a
-      result of this License or out of the use or inability to use the
-      Work (including but not limited to damages for loss of goodwill,
-      work stoppage, computer failure or malfunction, or any and all
-      other commercial damages or losses), even if such Contributor
-      has been advised of the possibility of such damages.
-
-   9. Accepting Warranty or Additional Liability. While redistributing
-      the Work or Derivative Works thereof, You may choose to offer,
-      and charge a fee for, acceptance of support, warranty, indemnity,
-      or other liability obligations and/or rights consistent with this
-      License. However, in accepting such obligations, You may act only
-      on Your own behalf and on Your sole responsibility, not on behalf
-      of any other Contributor, and only if You agree to indemnify,
-      defend, and hold each Contributor harmless for any liability
-      incurred by, or claims asserted against, such Contributor by reason
-      of your accepting any such warranty or additional liability.
-
-   END OF TERMS AND CONDITIONS
-
-   APPENDIX: How to apply the Apache License to your work.
-
-      To apply the Apache License to your work, attach the following
-      boilerplate notice, with the fields enclosed by brackets "[]"
-      replaced with your own identifying information. (Don't include
-      the brackets!)  The text should be enclosed in the appropriate
-      comment syntax for the file format. We also recommend that a
-      file or class name and description of purpose be included on the
-      same "printed page" as the copyright notice for easier
-      identification within third-party archives.
-
-   Copyright [yyyy] [name of copyright owner]
-
-   Licensed under the Apache License, Version 2.0 (the "License");
-   you may not use this file except in compliance with the License.
-   You may obtain a copy of the License at
-
-       http://www.apache.org/licenses/LICENSE-2.0
-
-   Unless required by applicable law or agreed to in writing, software
-   distributed under the License is distributed on an "AS IS" BASIS,
-   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-   See the License for the specific language governing permissions and
-   limitations under the License.
--- a/LICENSES/LGPLv2.1.txt
+++ b/LICENSES/LGPLv2.1.txt
@@ -1,502 +0,0 @@
-                  GNU LESSER GENERAL PUBLIC LICENSE
-                       Version 2.1, February 1999
-
- Copyright (C) 1991, 1999 Free Software Foundation, Inc.
- 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301  USA
- Everyone is permitted to copy and distribute verbatim copies
- of this license document, but changing it is not allowed.
-
-[This is the first released version of the Lesser GPL.  It also counts
- as the successor of the GNU Library Public License, version 2, hence
- the version number 2.1.]
-
-                            Preamble
-
-  The licenses for most software are designed to take away your
-freedom to share and change it.  By contrast, the GNU General Public
-Licenses are intended to guarantee your freedom to share and change
-free software--to make sure the software is free for all its users.
-
-  This license, the Lesser General Public License, applies to some
-specially designated software packages--typically libraries--of the
-Free Software Foundation and other authors who decide to use it.  You
-can use it too, but we suggest you first think carefully about whether
-this license or the ordinary General Public License is the better
-strategy to use in any particular case, based on the explanations below.
-
-  When we speak of free software, we are referring to freedom of use,
-not price.  Our General Public Licenses are designed to make sure that
-you have the freedom to distribute copies of free software (and charge
-for this service if you wish); that you receive source code or can get
-it if you want it; that you can change the software and use pieces of
-it in new free programs; and that you are informed that you can do
-these things.
-
-  To protect your rights, we need to make restrictions that forbid
-distributors to deny you these rights or to ask you to surrender these
-rights.  These restrictions translate to certain responsibilities for
-you if you distribute copies of the library or if you modify it.
-
-  For example, if you distribute copies of the library, whether gratis
-or for a fee, you must give the recipients all the rights that we gave
-you.  You must make sure that they, too, receive or can get the source
-code.  If you link other code with the library, you must provide
-complete object files to the recipients, so that they can relink them
-with the library after making changes to the library and recompiling
-it.  And you must show them these terms so they know their rights.
-
-  We protect your rights with a two-step method: (1) we copyright the
-library, and (2) we offer you this license, which gives you legal
-permission to copy, distribute and/or modify the library.
-
-  To protect each distributor, we want to make it very clear that
-there is no warranty for the free library.  Also, if the library is
-modified by someone else and passed on, the recipients should know
-that what they have is not the original version, so that the original
-author's reputation will not be affected by problems that might be
-introduced by others.
-
-  Finally, software patents pose a constant threat to the existence of
-any free program.  We wish to make sure that a company cannot
-effectively restrict the users of a free program by obtaining a
-restrictive license from a patent holder.  Therefore, we insist that
-any patent license obtained for a version of the library must be
-consistent with the full freedom of use specified in this license.
-
-  Most GNU software, including some libraries, is covered by the
-ordinary GNU General Public License.  This license, the GNU Lesser
-General Public License, applies to certain designated libraries, and
-is quite different from the ordinary General Public License.  We use
-this license for certain libraries in order to permit linking those
-libraries into non-free programs.
-
-  When a program is linked with a library, whether statically or using
-a shared library, the combination of the two is legally speaking a
-combined work, a derivative of the original library.  The ordinary
-General Public License therefore permits such linking only if the
-entire combination fits its criteria of freedom.  The Lesser General
-Public License permits more lax criteria for linking other code with
-the library.
-
-  We call this license the "Lesser" General Public License because it
-does Less to protect the user's freedom than the ordinary General
-Public License.  It also provides other free software developers Less
-of an advantage over competing non-free programs.  These disadvantages
-are the reason we use the ordinary General Public License for many
-libraries.  However, the Lesser license provides advantages in certain
-special circumstances.
-
-  For example, on rare occasions, there may be a special need to
-encourage the widest possible use of a certain library, so that it becomes
-a de-facto standard.  To achieve this, non-free programs must be
-allowed to use the library.  A more frequent case is that a free
-library does the same job as widely used non-free libraries.  In this
-case, there is little to gain by limiting the free library to free
-software only, so we use the Lesser General Public License.
-
-  In other cases, permission to use a particular library in non-free
-programs enables a greater number of people to use a large body of
-free software.  For example, permission to use the GNU C Library in
-non-free programs enables many more people to use the whole GNU
-operating system, as well as its variant, the GNU/Linux operating
-system.
-
-  Although the Lesser General Public License is Less protective of the
-users' freedom, it does ensure that the user of a program that is
-linked with the Library has the freedom and the wherewithal to run
-that program using a modified version of the Library.
-
-  The precise terms and conditions for copying, distribution and
-modification follow.  Pay close attention to the difference between a
-"work based on the library" and a "work that uses the library".  The
-former contains code derived from the library, whereas the latter must
-be combined with the library in order to run.
-
-                  GNU LESSER GENERAL PUBLIC LICENSE
-   TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION
-
-  0. This License Agreement applies to any software library or other
-program which contains a notice placed by the copyright holder or
-other authorized party saying it may be distributed under the terms of
-this Lesser General Public License (also called "this License").
-Each licensee is addressed as "you".
-
-  A "library" means a collection of software functions and/or data
-prepared so as to be conveniently linked with application programs
-(which use some of those functions and data) to form executables.
-
-  The "Library", below, refers to any such software library or work
-which has been distributed under these terms.  A "work based on the
-Library" means either the Library or any derivative work under
-copyright law: that is to say, a work containing the Library or a
-portion of it, either verbatim or with modifications and/or translated
-straightforwardly into another language.  (Hereinafter, translation is
-included without limitation in the term "modification".)
-
-  "Source code" for a work means the preferred form of the work for
-making modifications to it.  For a library, complete source code means
-all the source code for all modules it contains, plus any associated
-interface definition files, plus the scripts used to control compilation
-and installation of the library.
-
-  Activities other than copying, distribution and modification are not
-covered by this License; they are outside its scope.  The act of
-running a program using the Library is not restricted, and output from
-such a program is covered only if its contents constitute a work based
-on the Library (independent of the use of the Library in a tool for
-writing it).  Whether that is true depends on what the Library does
-and what the program that uses the Library does.
-
-  1. You may copy and distribute verbatim copies of the Library's
-complete source code as you receive it, in any medium, provided that
-you conspicuously and appropriately publish on each copy an
-appropriate copyright notice and disclaimer of warranty; keep intact
-all the notices that refer to this License and to the absence of any
-warranty; and distribute a copy of this License along with the
-Library.
-
-  You may charge a fee for the physical act of transferring a copy,
-and you may at your option offer warranty protection in exchange for a
-fee.
-
-  2. You may modify your copy or copies of the Library or any portion
-of it, thus forming a work based on the Library, and copy and
-distribute such modifications or work under the terms of Section 1
-above, provided that you also meet all of these conditions:
-
-    a) The modified work must itself be a software library.
-
-    b) You must cause the files modified to carry prominent notices
-    stating that you changed the files and the date of any change.
-
-    c) You must cause the whole of the work to be licensed at no
-    charge to all third parties under the terms of this License.
-
-    d) If a facility in the modified Library refers to a function or a
-    table of data to be supplied by an application program that uses
-    the facility, other than as an argument passed when the facility
-    is invoked, then you must make a good faith effort to ensure that,
-    in the event an application does not supply such function or
-    table, the facility still operates, and performs whatever part of
-    its purpose remains meaningful.
-
-    (For example, a function in a library to compute square roots has
-    a purpose that is entirely well-defined independent of the
-    application.  Therefore, Subsection 2d requires that any
-    application-supplied function or table used by this function must
-    be optional: if the application does not supply it, the square
-    root function must still compute square roots.)
-
-These requirements apply to the modified work as a whole.  If
-identifiable sections of that work are not derived from the Library,
-and can be reasonably considered independent and separate works in
-themselves, then this License, and its terms, do not apply to those
-sections when you distribute them as separate works.  But when you
-distribute the same sections as part of a whole which is a work based
-on the Library, the distribution of the whole must be on the terms of
-this License, whose permissions for other licensees extend to the
-entire whole, and thus to each and every part regardless of who wrote
-it.
-
-Thus, it is not the intent of this section to claim rights or contest
-your rights to work written entirely by you; rather, the intent is to
-exercise the right to control the distribution of derivative or
-collective works based on the Library.
-
-In addition, mere aggregation of another work not based on the Library
-with the Library (or with a work based on the Library) on a volume of
-a storage or distribution medium does not bring the other work under
-the scope of this License.
-
-  3. You may opt to apply the terms of the ordinary GNU General Public
-License instead of this License to a given copy of the Library.  To do
-this, you must alter all the notices that refer to this License, so
-that they refer to the ordinary GNU General Public License, version 2,
-instead of to this License.  (If a newer version than version 2 of the
-ordinary GNU General Public License has appeared, then you can specify
-that version instead if you wish.)  Do not make any other change in
-these notices.
-
-  Once this change is made in a given copy, it is irreversible for
-that copy, so the ordinary GNU General Public License applies to all
-subsequent copies and derivative works made from that copy.
-
-  This option is useful when you wish to copy part of the code of
-the Library into a program that is not a library.
-
-  4. You may copy and distribute the Library (or a portion or
-derivative of it, under Section 2) in object code or executable form
-under the terms of Sections 1 and 2 above provided that you accompany
-it with the complete corresponding machine-readable source code, which
-must be distributed under the terms of Sections 1 and 2 above on a
-medium customarily used for software interchange.
-
-  If distribution of object code is made by offering access to copy
-from a designated place, then offering equivalent access to copy the
-source code from the same place satisfies the requirement to
-distribute the source code, even though third parties are not
-compelled to copy the source along with the object code.
-
-  5. A program that contains no derivative of any portion of the
-Library, but is designed to work with the Library by being compiled or
-linked with it, is called a "work that uses the Library".  Such a
-work, in isolation, is not a derivative work of the Library, and
-therefore falls outside the scope of this License.
-
-  However, linking a "work that uses the Library" with the Library
-creates an executable that is a derivative of the Library (because it
-contains portions of the Library), rather than a "work that uses the
-library".  The executable is therefore covered by this License.
-Section 6 states terms for distribution of such executables.
-
-  When a "work that uses the Library" uses material from a header file
-that is part of the Library, the object code for the work may be a
-derivative work of the Library even though the source code is not.
-Whether this is true is especially significant if the work can be
-linked without the Library, or if the work is itself a library.  The
-threshold for this to be true is not precisely defined by law.
-
-  If such an object file uses only numerical parameters, data
-structure layouts and accessors, and small macros and small inline
-functions (ten lines or less in length), then the use of the object
-file is unrestricted, regardless of whether it is legally a derivative
-work.  (Executables containing this object code plus portions of the
-Library will still fall under Section 6.)
-
-  Otherwise, if the work is a derivative of the Library, you may
-distribute the object code for the work under the terms of Section 6.
-Any executables containing that work also fall under Section 6,
-whether or not they are linked directly with the Library itself.
-
-  6. As an exception to the Sections above, you may also combine or
-link a "work that uses the Library" with the Library to produce a
-work containing portions of the Library, and distribute that work
-under terms of your choice, provided that the terms permit
-modification of the work for the customer's own use and reverse
-engineering for debugging such modifications.
-
-  You must give prominent notice with each copy of the work that the
-Library is used in it and that the Library and its use are covered by
-this License.  You must supply a copy of this License.  If the work
-during execution displays copyright notices, you must include the
-copyright notice for the Library among them, as well as a reference
-directing the user to the copy of this License.  Also, you must do one
-of these things:
-
-    a) Accompany the work with the complete corresponding
-    machine-readable source code for the Library including whatever
-    changes were used in the work (which must be distributed under
-    Sections 1 and 2 above); and, if the work is an executable linked
-    with the Library, with the complete machine-readable "work that
-    uses the Library", as object code and/or source code, so that the
-    user can modify the Library and then relink to produce a modified
-    executable containing the modified Library.  (It is understood
-    that the user who changes the contents of definitions files in the
-    Library will not necessarily be able to recompile the application
-    to use the modified definitions.)
-
-    b) Use a suitable shared library mechanism for linking with the
-    Library.  A suitable mechanism is one that (1) uses at run time a
-    copy of the library already present on the user's computer system,
-    rather than copying library functions into the executable, and (2)
-    will operate properly with a modified version of the library, if
-    the user installs one, as long as the modified version is
-    interface-compatible with the version that the work was made with.
-
-    c) Accompany the work with a written offer, valid for at
-    least three years, to give the same user the materials
-    specified in Subsection 6a, above, for a charge no more
-    than the cost of performing this distribution.
-
-    d) If distribution of the work is made by offering access to copy
-    from a designated place, offer equivalent access to copy the above
-    specified materials from the same place.
-
-    e) Verify that the user has already received a copy of these
-    materials or that you have already sent this user a copy.
-
-  For an executable, the required form of the "work that uses the
-Library" must include any data and utility programs needed for
-reproducing the executable from it.  However, as a special exception,
-the materials to be distributed need not include anything that is
-normally distributed (in either source or binary form) with the major
-components (compiler, kernel, and so on) of the operating system on
-which the executable runs, unless that component itself accompanies
-the executable.
-
-  It may happen that this requirement contradicts the license
-restrictions of other proprietary libraries that do not normally
-accompany the operating system.  Such a contradiction means you cannot
-use both them and the Library together in an executable that you
-distribute.
-
-  7. You may place library facilities that are a work based on the
-Library side-by-side in a single library together with other library
-facilities not covered by this License, and distribute such a combined
-library, provided that the separate distribution of the work based on
-the Library and of the other library facilities is otherwise
-permitted, and provided that you do these two things:
-
-    a) Accompany the combined library with a copy of the same work
-    based on the Library, uncombined with any other library
-    facilities.  This must be distributed under the terms of the
-    Sections above.
-
-    b) Give prominent notice with the combined library of the fact
-    that part of it is a work based on the Library, and explaining
-    where to find the accompanying uncombined form of the same work.
-
-  8. You may not copy, modify, sublicense, link with, or distribute
-the Library except as expressly provided under this License.  Any
-attempt otherwise to copy, modify, sublicense, link with, or
-distribute the Library is void, and will automatically terminate your
-rights under this License.  However, parties who have received copies,
-or rights, from you under this License will not have their licenses
-terminated so long as such parties remain in full compliance.
-
-  9. You are not required to accept this License, since you have not
-signed it.  However, nothing else grants you permission to modify or
-distribute the Library or its derivative works.  These actions are
-prohibited by law if you do not accept this License.  Therefore, by
-modifying or distributing the Library (or any work based on the
-Library), you indicate your acceptance of this License to do so, and
-all its terms and conditions for copying, distributing or modifying
-the Library or works based on it.
-
-  10. Each time you redistribute the Library (or any work based on the
-Library), the recipient automatically receives a license from the
-original licensor to copy, distribute, link with or modify the Library
-subject to these terms and conditions.  You may not impose any further
-restrictions on the recipients' exercise of the rights granted herein.
-You are not responsible for enforcing compliance by third parties with
-this License.
-
-  11. If, as a consequence of a court judgment or allegation of patent
-infringement or for any other reason (not limited to patent issues),
-conditions are imposed on you (whether by court order, agreement or
-otherwise) that contradict the conditions of this License, they do not
-excuse you from the conditions of this License.  If you cannot
-distribute so as to satisfy simultaneously your obligations under this
-License and any other pertinent obligations, then as a consequence you
-may not distribute the Library at all.  For example, if a patent
-license would not permit royalty-free redistribution of the Library by
-all those who receive copies directly or indirectly through you, then
-the only way you could satisfy both it and this License would be to
-refrain entirely from distribution of the Library.
-
-If any portion of this section is held invalid or unenforceable under any
-particular circumstance, the balance of the section is intended to apply,
-and the section as a whole is intended to apply in other circumstances.
-
-It is not the purpose of this section to induce you to infringe any
-patents or other property right claims or to contest validity of any
-such claims; this section has the sole purpose of protecting the
-integrity of the free software distribution system which is
-implemented by public license practices.  Many people have made
-generous contributions to the wide range of software distributed
-through that system in reliance on consistent application of that
-system; it is up to the author/donor to decide if he or she is willing
-to distribute software through any other system and a licensee cannot
-impose that choice.
-
-This section is intended to make thoroughly clear what is believed to
-be a consequence of the rest of this License.
-
-  12. If the distribution and/or use of the Library is restricted in
-certain countries either by patents or by copyrighted interfaces, the
-original copyright holder who places the Library under this License may add
-an explicit geographical distribution limitation excluding those countries,
-so that distribution is permitted only in or among countries not thus
-excluded.  In such case, this License incorporates the limitation as if
-written in the body of this License.
-
-  13. The Free Software Foundation may publish revised and/or new
-versions of the Lesser General Public License from time to time.
-Such new versions will be similar in spirit to the present version,
-but may differ in detail to address new problems or concerns.
-
-Each version is given a distinguishing version number.  If the Library
-specifies a version number of this License which applies to it and
-"any later version", you have the option of following the terms and
-conditions either of that version or of any later version published by
-the Free Software Foundation.  If the Library does not specify a
-license version number, you may choose any version ever published by
-the Free Software Foundation.
-
-  14. If you wish to incorporate parts of the Library into other free
-programs whose distribution conditions are incompatible with these,
-write to the author to ask for permission.  For software which is
-copyrighted by the Free Software Foundation, write to the Free
-Software Foundation; we sometimes make exceptions for this.  Our
-decision will be guided by the two goals of preserving the free status
-of all derivatives of our free software and of promoting the sharing
-and reuse of software generally.
-
-                            NO WARRANTY
-
-  15. BECAUSE THE LIBRARY IS LICENSED FREE OF CHARGE, THERE IS NO
-WARRANTY FOR THE LIBRARY, TO THE EXTENT PERMITTED BY APPLICABLE LAW.
-EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR
-OTHER PARTIES PROVIDE THE LIBRARY "AS IS" WITHOUT WARRANTY OF ANY
-KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE
-IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-PURPOSE.  THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE
-LIBRARY IS WITH YOU.  SHOULD THE LIBRARY PROVE DEFECTIVE, YOU ASSUME
-THE COST OF ALL NECESSARY SERVICING, REPAIR OR CORRECTION.
-
-  16. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN
-WRITING WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY
-AND/OR REDISTRIBUTE THE LIBRARY AS PERMITTED ABOVE, BE LIABLE TO YOU
-FOR DAMAGES, INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR
-CONSEQUENTIAL DAMAGES ARISING OUT OF THE USE OR INABILITY TO USE THE
-LIBRARY (INCLUDING BUT NOT LIMITED TO LOSS OF DATA OR DATA BEING
-RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD PARTIES OR A
-FAILURE OF THE LIBRARY TO OPERATE WITH ANY OTHER SOFTWARE), EVEN IF
-SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH
-DAMAGES.
-
-                     END OF TERMS AND CONDITIONS
-
-           How to Apply These Terms to Your New Libraries
-
-  If you develop a new library, and you want it to be of the greatest
-possible use to the public, we recommend making it free software that
-everyone can redistribute and change.  You can do so by permitting
-redistribution under these terms (or, alternatively, under the terms of the
-ordinary General Public License).
-
-  To apply these terms, attach the following notices to the library.  It is
-safest to attach them to the start of each source file to most effectively
-convey the exclusion of warranty; and each file should have at least the
-"copyright" line and a pointer to where the full notice is found.
-
-    <one line to give the library's name and a brief idea of what it does.>
-    Copyright (C) <year>  <name of author>
-
-    This library is free software; you can redistribute it and/or
-    modify it under the terms of the GNU Lesser General Public
-    License as published by the Free Software Foundation; either
-    version 2.1 of the License, or (at your option) any later version.
-
-    This library is distributed in the hope that it will be useful,
-    but WITHOUT ANY WARRANTY; without even the implied warranty of
-    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
-    Lesser General Public License for more details.
-
-    You should have received a copy of the GNU Lesser General Public
-    License along with this library; if not, write to the Free Software
-    Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301  USA
-
-Also add information on how to contact you by electronic and paper mail.
-
-You should also get your employer (if you work as a programmer) or your
-school, if any, to sign a "copyright disclaimer" for the library, if
-necessary.  Here is a sample; alter the names:
-
-  Yoyodyne, Inc., hereby disclaims all copyright interest in the
-  library `Frob' (a library for tweaking knobs) written by James Random Hacker.
-
-  <signature of Ty Coon>, 1 April 1990
-  Ty Coon, President of Vice
-
-That's all there is to it!
--- a/LICENSES/MIT-X11.txt
+++ b/LICENSES/MIT-X11.txt
@@ -1,21 +0,0 @@
-The MIT License (MIT)
-
-Copyright (c) <year> <copyright holders>
-
-Permission is hereby granted, free of charge, to any person obtaining a copy
-of this software and associated documentation files (the "Software"), to deal
-in the Software without restriction, including without limitation the rights
-to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
-copies of the Software, and to permit persons to whom the Software is
-furnished to do so, subject to the following conditions:
-
-The above copyright notice and this permission notice shall be included in
-all copies or substantial portions of the Software.
-
-THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
-IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
-FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
-AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
-LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
-OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
-THE SOFTWARE.
--- a/LICENSES/Modified
+++ b/LICENSES/Modified
@@ -1,27 +0,0 @@
-Copyright (c) [year], [fullname]
-All rights reserved.
-
-Redistribution and use in source and binary forms, with or without
-modification, are permitted provided that the following conditions are met:
-
-* Redistributions of source code must retain the above copyright notice, this
-  list of conditions and the following disclaimer.
-
-* Redistributions in binary form must reproduce the above copyright notice,
-  this list of conditions and the following disclaimer in the documentation
-  and/or other materials provided with the distribution.
-
-* Neither the name of [project] nor the names of its
-  contributors may be used to endorse or promote products derived from
-  this software without specific prior written permission.
-
-THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
-AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
-DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
-FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
-SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
-CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
-OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
-OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
--- a/LICENSES/Simplified
+++ b/LICENSES/Simplified
@@ -1,23 +0,0 @@
-Copyright (c) [year], [fullname]
-All rights reserved.
-
-Redistribution and use in source and binary forms, with or without
-modification, are permitted provided that the following conditions are met:
-
-* Redistributions of source code must retain the above copyright notice, this
-  list of conditions and the following disclaimer.
-
-* Redistributions in binary form must reproduce the above copyright notice,
-  this list of conditions and the following disclaimer in the documentation
-  and/or other materials provided with the distribution.
-
-THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
-AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
-DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
-FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
-SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
-CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
-OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
-OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
--- a/LICENSES/_NOTICE.md
+++ b/LICENSES/_NOTICE.md
@@ -1,88 +0,0 @@
-# Third party softwares
-Cryptomator uses third party libraries and fonts that may be licensed under different licenses.
-
-## AquaFX
-The ProgressIndicator in ui/src/main/resource/css/mac_theme.css contains code from the AquaFX project.
-
-Copyright Claudine Zillmann (http://aquafx-project.com/)
-
-Licensed under the accompanying Modified BSD license file.
-
-## Apache Commons + Apache HttpComponents + Jackrabbit WebDAV Library
-Copyright The Apache Software Foundation
-
-Licensed under the Apache License, Version 2.0
-
-### Commons Codec
-
-src/test/org/apache/commons/codec/language/DoubleMetaphoneTest.java contains test data
-from http://aspell.net/test/orig/batch0.tab. Copyright (C) 2002 Kevin Atkinson (kevina@gnu.org)
-
-### Commons Lang
-
-This product includes software from the Spring Framework,
-under the Apache License 2.0 (see: StringUtils.containsWhitespace())
-
-### Jackrabbit WebDAV Library
-
-Based on source code originally developed by
-Day Software (http://www.day.com/).
-
-## CryptoLib + CryptoFS
-Copyright 2016, 2017 Skymatic UG (haftungsbeschränkt)
-
-Licensed under the GNU Affero General Public License, Version 3
-
-## Dagger 2
-Copyright 2014 Google, Inc.
-Copyright 2012 Square, Inc.
-
-Licensed under the Apache License, Version 2.0
-
-## EasyBind
-Copyright (c) 2014, TomasMikula
-
-Licensed under the accompanying simplified BSD license.
-
-
-## GSON + Guava
-Copyright Google, Inc.
-
-Licensed under the Apache License, Version 2.0
-
-## Jetty
-Copyright 1995-2017 Mort Bay Consulting Pty Ltd.
-
-The UnixCrypt.java code implements the one way cryptography used by
-Unix systems for simple password protection.  Copyright 1996 Aki Yoshida,
-modified April 2001  by Iris Van den Broeke, Daniel Deville.
-Permission to use, copy, modify and distribute UnixCrypt
-for non-commercial or commercial purposes and without fee is
-granted provided that the copyright notice appears in all copies.
-
-Licensed under the Apache License, Version 2.0
-
-
-## Logback
-Copyright (C) 1999-2017, QOS.ch. All rights reserved.
-
-Licensed under the GNU Lesser General Public License, Version 2.1
-
-## SIV-Mode
-Copyright (c) Sebastian Stenzel
-
-Licensed under the MIT / X11 License
-
-## SLF4J
-Copyright (c) 2004-2017 QOS.ch
-
-Licensed under the MIT / X11 License
-
-
-# Other third party assets
-Non-software work included in Cryptomator
-
-## Ionicons
-Copyright (c) 2016 Drifty (http://drifty.com/)
-
-ionicons.ttf Licensed under the accompanying MIT license
--- a/README.md
+++ b/README.md
@@ -1,6 +1,6 @@
 [![cryptomator](cryptomator.png)](https://cryptomator.org/)

-[![Build Status](https://travis-ci.org/cryptomator/cryptomator.svg?branch=master)](https://travis-ci.org/cryptomator/cryptomator)
+[![Build](https://github.com/cryptomator/cryptomator/workflows/Build/badge.svg)](https://github.com/cryptomator/cryptomator/actions?query=workflow%3ABuild)
 [![Known Vulnerabilities](https://snyk.io/test/github/cryptomator/cryptomator/badge.svg?targetFile=main%2Fpom.xml)](https://snyk.io/test/github/cryptomator/cryptomator?targetFile=main%2Fpom.xml)
 [![Codacy Badge](https://api.codacy.com/project/badge/Grade/2a0adf3cec6a4143b91035d3924178f1)](https://www.codacy.com/app/cryptomator/cryptomator?utm_source=github.com&amp;utm_medium=referral&amp;utm_content=cryptomator/cryptomator&amp;utm_campaign=Badge_Grade)
 [![Twitter](https://img.shields.io/badge/twitter-@Cryptomator-blue.svg?style=flat)](http://twitter.com/Cryptomator)
@@ -15,6 +15,10 @@ Cryptomator is provided free of charge as an open-source project despite the hig
 - [One-time or recurring donation via Cryptomator's website.](https://cryptomator.org/#donate)
 - [Become a sponsor via Cryptomator's sponsors website.](https://cryptomator.org/sponsors/)

+### Gold Sponsors
+
+[<img src="https://cryptomator.org/img/sponsors/geewhiz.svg" alt="gee-whiz" height="96">](https://www.gee-whiz.de/)
+
 ### Silver Sponsors

 [![TheBestVPN](https://cryptomator.org/img/sponsors/thebestvpn.png)](https://thebestvpn.com/)
@@ -37,7 +41,7 @@ Download native binaries of Cryptomator on [cryptomator.org](https://cryptomator
 - File names get encrypted
 - Folder structure gets obfuscated
 - Use as many vaults in your Dropbox as you want, each having individual passwords
- One thousand commits for the security of your data!! :tada:
+- Two thousand commits for the security of your data!! :tada:

 ### Privacy

@@ -55,13 +59,13 @@ Download native binaries of Cryptomator on [cryptomator.org](https://cryptomator

 ### Security Architecture

-For more information on the security details visit [cryptomator.org](https://cryptomator.org/architecture/).
+For more information on the security details visit [cryptomator.org](https://docs.cryptomator.org/en/latest/security/architecture/).

 ## Building

 ### Dependencies

-* JDK 11 (we recommend to use the latest version)
+* JDK 14 (e.g. adoptopenjdk)
 * Maven 3
 * Optional: OS-dependent build tools for native packaging (see [Windows](https://github.com/cryptomator/cryptomator-win), [OS X](https://github.com/cryptomator/cryptomator-osx), [Linux](https://github.com/cryptomator/builder-containers))

--- a/cryptomator.png
+++ b/cryptomator.png
--- a/main/buildkit/pom.xml
+++ b/main/buildkit/pom.xml
@@ -4,7 +4,7 @@
 	<parent>
 		<groupId>org.cryptomator</groupId>
 		<artifactId>main</artifactId>
-		<version>1.5.0-beta1</version>
+		<version>1.5.4</version>
 	</parent>
 	<artifactId>buildkit</artifactId>
 	<packaging>pom</packaging>
--- a/main/commons/pom.xml
+++ b/main/commons/pom.xml
@@ -4,7 +4,7 @@
 	<parent>
 		<groupId>org.cryptomator</groupId>
 		<artifactId>main</artifactId>
-		<version>1.5.0-beta1</version>
+		<version>1.5.4</version>
 	</parent>
 	<artifactId>commons</artifactId>
 	<name>Cryptomator Commons</name>
@@ -48,6 +48,12 @@
 			<artifactId>easybind</artifactId>
 		</dependency>

+		<!-- JWT -->
+		<dependency>
+			<groupId>com.auth0</groupId>
+			<artifactId>java-jwt</artifactId>
+		</dependency>
+
 		<!-- Google -->
 		<dependency>
 			<groupId>com.google.guava</groupId>
--- a/main/commons/src/main/java/org/cryptomator/common/CommonsModule.java
+++ b/main/commons/src/main/java/org/cryptomator/common/CommonsModule.java
@@ -5,7 +5,6 @@
 *******************************************************************************/
 package org.cryptomator.common;

-import dagger.Binds;
 import dagger.Module;
 import dagger.Provides;
 import javafx.beans.binding.Binding;
@@ -19,6 +18,8 @@ import org.cryptomator.common.vaults.VaultComponent;
 import org.cryptomator.common.vaults.VaultListManager;
 import org.cryptomator.frontend.webdav.WebDavServer;
 import org.fxmisc.easybind.EasyBind;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;

 import javax.inject.Named;
 import javax.inject.Singleton;
@@ -27,13 +28,29 @@ import java.util.Comparator;
 import java.util.concurrent.ExecutorService;
 import java.util.concurrent.Executors;
 import java.util.concurrent.ScheduledExecutorService;
+import java.util.concurrent.SynchronousQueue;
+import java.util.concurrent.ThreadPoolExecutor;
+import java.util.concurrent.TimeUnit;
 import java.util.concurrent.atomic.AtomicInteger;
-import java.util.function.Consumer;

@Module(subcomponents = {VaultComponent.class})
 public abstract class CommonsModule {

-	private static final int NUM_SCHEDULER_THREADS = 4;
+	private static final Logger LOG = LoggerFactory.getLogger(CommonsModule.class);
+	private static final int NUM_SCHEDULER_THREADS = 2;
+	private static final int NUM_CORE_BG_THREADS = 6;
+	private static final long BG_THREAD_KEEPALIVE_SECONDS = 60l;
+
+	@Provides
+	@Singleton
+	@Named("licensePublicKey")
+	static String provideLicensePublicKey() {
+		// in PEM format without the dash-escaped begin/end lines
+		return "MIGbMBAGByqGSM49AgEGBSuBBAAjA4GGAAQB7NfnqiZbg2KTmoflmZ71PbXru7oW" //
+				+ "fmnV2yv3eDjlDfGruBrqz9TtXBZV/eYWt31xu1osIqaT12lKBvZ511aaAkIBeOEV" //
+				+ "gwcBIlJr6kUw7NKzeJt7r2rrsOyQoOG2nWc/Of/NBqA3mIZRHk5Aq1YupFdD26QE" //
+				+ "r0DzRyj4ixPIt38CQB8=";
+	}

 	@Provides
 	@Singleton
@@ -56,21 +73,41 @@ public abstract class CommonsModule {

 	@Provides
 	@Singleton
-	static ScheduledExecutorService provideScheduledExecutorService(@Named("shutdownTaskScheduler") Consumer<Runnable> shutdownTaskScheduler) {
+	static ScheduledExecutorService provideScheduledExecutorService(ShutdownHook shutdownHook) {
 		final AtomicInteger threadNumber = new AtomicInteger(1);
 		ScheduledExecutorService executorService = Executors.newScheduledThreadPool(NUM_SCHEDULER_THREADS, r -> {
+			String name = String.format("App Scheduled Executor %02d", threadNumber.getAndIncrement());
 			Thread t = new Thread(r);
-			t.setName("Background Thread " + threadNumber.getAndIncrement());
+			t.setName(name);
+			t.setUncaughtExceptionHandler(CommonsModule::handleUncaughtExceptionInBackgroundThread);
 			t.setDaemon(true);
+			LOG.debug("Starting {}", t.getName());
 			return t;
 		});
-		shutdownTaskScheduler.accept(executorService::shutdown);
+		shutdownHook.runOnShutdown(executorService::shutdown);
 		return executorService;
 	}

-	@Binds
+	@Provides
 	@Singleton
-	abstract ExecutorService bindExecutorService(ScheduledExecutorService executor);
+	static ExecutorService provideExecutorService(ShutdownHook shutdownHook) {
+		final AtomicInteger threadNumber = new AtomicInteger(1);
+		ExecutorService executorService = new ThreadPoolExecutor(NUM_CORE_BG_THREADS, Integer.MAX_VALUE, BG_THREAD_KEEPALIVE_SECONDS, TimeUnit.SECONDS, new SynchronousQueue<>(), r -> {
+			String name = String.format("App Background Thread %03d", threadNumber.getAndIncrement());
+			Thread t = new Thread(r);
+			t.setName(name);
+			t.setUncaughtExceptionHandler(CommonsModule::handleUncaughtExceptionInBackgroundThread);
+			t.setDaemon(true);
+			LOG.debug("Starting {}", t.getName());
+			return t;
+		});
+		shutdownHook.runOnShutdown(executorService::shutdown);
+		return executorService;
+	}
+
+	private static void handleUncaughtExceptionInBackgroundThread(Thread thread, Throwable throwable) {
+		LOG.error("Uncaught exception in " + thread.getName(), throwable);
+	}

 	@Provides
 	@Singleton
--- a/main/commons/src/main/java/org/cryptomator/common/Constants.java
+++ b/main/commons/src/main/java/org/cryptomator/common/Constants.java
@@ -0,0 +1,7 @@
+package org.cryptomator.common;
+
+public interface Constants {
+
+	String MASTERKEY_FILENAME = "masterkey.cryptomator";
+
+}
--- a/main/commons/src/main/java/org/cryptomator/common/Environment.java
+++ b/main/commons/src/main/java/org/cryptomator/common/Environment.java
@@ -25,6 +25,7 @@ public class Environment {
 	private static final Path RELATIVE_HOME_DIR = Paths.get("~");
 	private static final Path ABSOLUTE_HOME_DIR = Paths.get(USER_HOME);
 	private static final char PATH_LIST_SEP = ':';
+	private static final int DEFAULT_MIN_PW_LENGTH = 8;

 	@Inject
 	public Environment() {
@@ -37,6 +38,8 @@ public class Environment {
 		LOG.debug("cryptomator.keychainPath: {}", System.getProperty("cryptomator.keychainPath"));
 		LOG.debug("cryptomator.logDir: {}", System.getProperty("cryptomator.logDir"));
 		LOG.debug("cryptomator.mountPointsDir: {}", System.getProperty("cryptomator.mountPointsDir"));
+		LOG.debug("cryptomator.minPwLength: {}", System.getProperty("cryptomator.minPwLength"));
+		LOG.debug("cryptomator.buildNumber: {}", System.getProperty("cryptomator.buildNumber"));
 	}

 	public boolean useCustomLogbackConfig() {
@@ -63,12 +66,29 @@ public class Environment {
 		return getPath("cryptomator.mountPointsDir").map(this::replaceHomeDir);
 	}

+	public Optional<String> getBuildNumber() {
+		return Optional.ofNullable(System.getProperty("cryptomator.buildNumber"));
+	}
+
+	public int getMinPwLength() {
+		return getInt("cryptomator.minPwLength", DEFAULT_MIN_PW_LENGTH);
+	}
+
+	private int getInt(String propertyName, int defaultValue) {
+		String value = System.getProperty(propertyName);
+		try {
+			return Integer.parseInt(value);
+		} catch (NumberFormatException e) { // includes "null" values
+			return defaultValue;
+		}
+	}
+
 	private Optional<Path> getPath(String propertyName) {
 		String value = System.getProperty(propertyName);
 		return Optional.ofNullable(value).map(Paths::get);
 	}
-
 	// visible for testing
+
 	Stream<Path> getPaths(String propertyName) {
 		Stream<String> rawSettingsPaths = getRawList(propertyName, PATH_LIST_SEP);
 		return rawSettingsPaths.filter(Predicate.not(Strings::isNullOrEmpty)).map(Paths::get).map(this::replaceHomeDir);
@@ -92,5 +112,4 @@ public class Environment {
 			return StreamSupport.stream(spliter, false);
 		}
 	}
-
 }
--- a/main/commons/src/main/java/org/cryptomator/common/LicenseChecker.java
+++ b/main/commons/src/main/java/org/cryptomator/common/LicenseChecker.java
@@ -0,0 +1,56 @@
+package org.cryptomator.common;
+
+import com.auth0.jwt.JWT;
+import com.auth0.jwt.algorithms.Algorithm;
+import com.auth0.jwt.exceptions.JWTVerificationException;
+import com.auth0.jwt.interfaces.DecodedJWT;
+import com.auth0.jwt.interfaces.JWTVerifier;
+import com.google.common.io.BaseEncoding;
+
+import javax.inject.Inject;
+import javax.inject.Named;
+import javax.inject.Singleton;
+import java.security.KeyFactory;
+import java.security.NoSuchAlgorithmException;
+import java.security.PublicKey;
+import java.security.interfaces.ECPublicKey;
+import java.security.spec.InvalidKeySpecException;
+import java.security.spec.X509EncodedKeySpec;
+import java.util.Optional;
+
+@Singleton
+class LicenseChecker {
+
+	private final JWTVerifier verifier;
+
+	@Inject
+	public LicenseChecker(@Named("licensePublicKey") String pemEncodedPublicKey) {
+		Algorithm algorithm = Algorithm.ECDSA512(decodePublicKey(pemEncodedPublicKey), null);
+		this.verifier = JWT.require(algorithm).build();
+	}
+
+	private static ECPublicKey decodePublicKey(String pemEncodedPublicKey) {
+		try {
+			byte[] keyBytes = BaseEncoding.base64().decode(pemEncodedPublicKey);
+			PublicKey key = KeyFactory.getInstance("EC").generatePublic(new X509EncodedKeySpec(keyBytes));
+			if (key instanceof ECPublicKey) {
+				return (ECPublicKey) key;
+			} else {
+				throw new IllegalStateException("Key not an EC public key.");
+			}
+		} catch (InvalidKeySpecException e) {
+			throw new IllegalArgumentException("Invalid license public key", e);
+		} catch (NoSuchAlgorithmException e) {
+			throw new IllegalStateException(e);
+		}
+	}
+
+	public Optional<DecodedJWT> check(String licenseKey) {
+		try {
+			return Optional.of(verifier.verify(licenseKey));
+		} catch (JWTVerificationException exception) {
+			return Optional.empty();
+		}
+	}
+
+}
--- a/main/commons/src/main/java/org/cryptomator/common/LicenseHolder.java
+++ b/main/commons/src/main/java/org/cryptomator/common/LicenseHolder.java
@@ -0,0 +1,79 @@
+package org.cryptomator.common;
+
+import com.auth0.jwt.interfaces.DecodedJWT;
+import javafx.beans.binding.Bindings;
+import javafx.beans.binding.BooleanBinding;
+import javafx.beans.binding.StringBinding;
+import javafx.beans.property.ObjectProperty;
+import javafx.beans.property.SimpleObjectProperty;
+import org.cryptomator.common.settings.Settings;
+
+import javax.inject.Inject;
+import javax.inject.Singleton;
+import java.util.Optional;
+
+@Singleton
+public class LicenseHolder {
+
+	private final Settings settings;
+	private final LicenseChecker licenseChecker;
+	private final ObjectProperty<DecodedJWT> validJwtClaims;
+	private final StringBinding licenseSubject;
+	private final BooleanBinding validLicenseProperty;
+
+	@Inject
+	public LicenseHolder(LicenseChecker licenseChecker, Settings settings) {
+		this.settings = settings;
+		this.licenseChecker = licenseChecker;
+		this.validJwtClaims = new SimpleObjectProperty<>();
+		this.licenseSubject = Bindings.createStringBinding(this::getLicenseSubject, validJwtClaims);
+		this.validLicenseProperty = validJwtClaims.isNotNull();
+
+		Optional<DecodedJWT> claims = licenseChecker.check(settings.licenseKey().get());
+		validJwtClaims.set(claims.orElse(null));
+	}
+
+	public boolean validateAndStoreLicense(String licenseKey) {
+		Optional<DecodedJWT> claims = licenseChecker.check(licenseKey);
+		validJwtClaims.set(claims.orElse(null));
+		if (claims.isPresent()) {
+			settings.licenseKey().set(licenseKey);
+			return true;
+		} else {
+			return false;
+		}
+	}
+
+	/* Observable Properties */
+
+	public Optional<String> getLicenseKey() {
+		DecodedJWT claims = validJwtClaims.get();
+		if (claims != null) {
+			return Optional.of(claims.getToken());
+		} else {
+			return Optional.empty();
+		}
+	}
+
+	public StringBinding licenseSubjectProperty() {
+		return licenseSubject;
+	}
+
+	public String getLicenseSubject() {
+		DecodedJWT claims = validJwtClaims.get();
+		if (claims != null) {
+			return claims.getSubject();
+		} else {
+			return null;
+		}
+	}
+
+	public BooleanBinding validLicenseProperty() {
+		return validLicenseProperty;
+	}
+
+	public boolean isValidLicense() {
+		return validLicenseProperty.get();
+	}
+
+}
--- a/main/commons/src/main/java/org/cryptomator/common/Optionals.java
+++ b/main/commons/src/main/java/org/cryptomator/common/Optionals.java
@@ -1,28 +0,0 @@
-/*******************************************************************************
- * Copyright (c) 2017 Skymatic UG (haftungsbeschränkt).
- * All rights reserved. This program and the accompanying materials
- * are made available under the terms of the accompanying LICENSE file.
- *******************************************************************************/
-package org.cryptomator.common;
-
-import java.util.Optional;
-import java.util.function.Function;
-
-public final class Optionals {
-
-	private Optionals() {
-	}
-
-	/**
-	 * Returns a function that is equivalent to the input function but immediately gets the value of the returned optional when invoked.
-	 * 
-	 * @param <T> the type of the input to the function
-	 * @param <R> the type of the result of the function
-	 * @param function An {@code Optional}-bearing input function {@code Function<Foo, Optional<Bar>>}
-	 * @return A {@code Function<Foo, Bar>}, that may throw a NoSuchElementException, if the original function returns an empty optional.
-	 */
-	public static <T, R> Function<T, R> unwrap(Function<T, Optional<R>> function) {
-		return t -> function.apply(t).get();
-	}
-
-}
--- a/main/commons/src/main/java/org/cryptomator/common/ShutdownHook.java
+++ b/main/commons/src/main/java/org/cryptomator/common/ShutdownHook.java
@@ -0,0 +1,96 @@
+/*******************************************************************************
+ * Copyright (c) 2017 Skymatic UG (haftungsbeschränkt).
+ * All rights reserved. This program and the accompanying materials
+ * are made available under the terms of the accompanying LICENSE file.
+ *******************************************************************************/
+package org.cryptomator.common;
+
+import com.google.common.util.concurrent.Runnables;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import javax.inject.Inject;
+import javax.inject.Singleton;
+import java.util.Queue;
+import java.util.concurrent.PriorityBlockingQueue;
+
+@Singleton
+public class ShutdownHook extends Thread {
+
+	private static final int PRIO_VERY_LAST = Integer.MIN_VALUE;
+	public static final int PRIO_LAST = PRIO_VERY_LAST + 1;
+	public static final int PRIO_DEFAULT = 0;
+	public static final int PRIO_FIRST = Integer.MAX_VALUE;
+	private static final Logger LOG = LoggerFactory.getLogger(ShutdownHook.class);
+	private static final OrderedTask POISON = new OrderedTask(PRIO_VERY_LAST, Runnables.doNothing());
+	private final Queue<OrderedTask> tasks = new PriorityBlockingQueue<>();
+
+	@Inject
+	ShutdownHook() {
+		super(null, null, "ShutdownTasks", 0);
+		Runtime.getRuntime().addShutdownHook(this);
+		LOG.debug("Registered shutdown hook.");
+	}
+
+	@Override
+	public void run() {
+		LOG.debug("Running graceful shutdown tasks...");
+		tasks.add(POISON);
+		Runnable task;
+		while ((task = tasks.remove()) != POISON) {
+			try {
+				task.run();
+			} catch (RuntimeException e) {
+				LOG.error("Exception while shutting down.", e);
+			}
+		}
+	}
+
+	/**
+	 * Schedules a task to be run during shutdown with default order
+	 *
+	 * @param task The task to be scheduled
+	 */
+	public void runOnShutdown(Runnable task) {
+		runOnShutdown(PRIO_DEFAULT, task);
+	}
+
+	/**
+	 * Schedules a task to be run with the given priority
+	 *
+	 * @param priority Tasks with high priority will be run before task with lower priority
+	 * @param task The task to be scheduled
+	 */
+	public void runOnShutdown(int priority, Runnable task) {
+		tasks.add(new OrderedTask(priority, task));
+	}
+
+	private static class OrderedTask implements Comparable<OrderedTask>, Runnable {
+
+		private final int priority;
+		private final Runnable task;
+
+		public OrderedTask(int priority, Runnable task) {
+			this.priority = priority;
+			this.task = task;
+		}
+
+		@Override
+		public int compareTo(OrderedTask other) {
+			// overflow-safe signum impl:
+			if (this.priority > other.priority) {
+				return -1; // higher prio -> this before other
+			} else if (this.priority < other.priority) {
+				return +1; // lower prio -> other before this
+			} else {
+				return 0; // same prio
+			}
+		}
+
+		@Override
+		public void run() {
+			task.run();
+		}
+	}
+
+}
--- a/main/commons/src/main/java/org/cryptomator/common/settings/Settings.java
+++ b/main/commons/src/main/java/org/cryptomator/common/settings/Settings.java
@@ -15,6 +15,8 @@ import javafx.beans.property.ObjectProperty;
 import javafx.beans.property.SimpleBooleanProperty;
 import javafx.beans.property.SimpleIntegerProperty;
 import javafx.beans.property.SimpleObjectProperty;
+import javafx.beans.property.SimpleStringProperty;
+import javafx.beans.property.StringProperty;
 import javafx.collections.FXCollections;
 import javafx.collections.ObservableList;
 import javafx.geometry.NodeOrientation;
@@ -35,6 +37,7 @@ public class Settings {
 	public static final VolumeImpl DEFAULT_PREFERRED_VOLUME_IMPL = System.getProperty("os.name").toLowerCase().contains("windows") ? VolumeImpl.DOKANY : VolumeImpl.FUSE;
 	public static final UiTheme DEFAULT_THEME = UiTheme.LIGHT;
 	public static final NodeOrientation DEFAULT_USER_INTERFACE_ORIENTATION = NodeOrientation.LEFT_TO_RIGHT;
+	private static final String DEFAULT_LICENSE_KEY = "";

 	private final ObservableList<VaultSettings> directories = FXCollections.observableArrayList(VaultSettings::observables);
 	private final BooleanProperty askedForUpdateCheck = new SimpleBooleanProperty(DEFAULT_ASKED_FOR_UPDATE_CHECK);
@@ -47,6 +50,7 @@ public class Settings {
 	private final ObjectProperty<VolumeImpl> preferredVolumeImpl = new SimpleObjectProperty<>(DEFAULT_PREFERRED_VOLUME_IMPL);
 	private final ObjectProperty<UiTheme> theme = new SimpleObjectProperty<>(DEFAULT_THEME);
 	private final ObjectProperty<NodeOrientation> userInterfaceOrientation = new SimpleObjectProperty<>(DEFAULT_USER_INTERFACE_ORIENTATION);
+	private final StringProperty licenseKey = new SimpleStringProperty(DEFAULT_LICENSE_KEY);

 	private Consumer<Settings> saveCmd;

@@ -65,6 +69,7 @@ public class Settings {
 		preferredVolumeImpl.addListener(this::somethingChanged);
 		theme.addListener(this::somethingChanged);
 		userInterfaceOrientation.addListener(this::somethingChanged);
+		licenseKey.addListener(this::somethingChanged);
 	}

 	void setSaveCmd(Consumer<Settings> saveCmd) {
@@ -126,4 +131,8 @@ public class Settings {
 	public ObjectProperty<NodeOrientation> userInterfaceOrientation() {
 		return userInterfaceOrientation;
 	}
+
+	public StringProperty licenseKey() {
+		return licenseKey;
+	}
 }
--- a/main/commons/src/main/java/org/cryptomator/common/settings/SettingsJsonAdapter.java
+++ b/main/commons/src/main/java/org/cryptomator/common/settings/SettingsJsonAdapter.java
@@ -38,6 +38,7 @@ public class SettingsJsonAdapter extends TypeAdapter<Settings> {
 		out.name("preferredVolumeImpl").value(value.preferredVolumeImpl().get().name());
 		out.name("theme").value(value.theme().get().name());
 		out.name("uiOrientation").value(value.userInterfaceOrientation().get().name());
+		out.name("licenseKey").value(value.licenseKey().get());
 		out.endObject();
 	}

@@ -57,43 +58,22 @@ public class SettingsJsonAdapter extends TypeAdapter<Settings> {
 		while (in.hasNext()) {
 			String name = in.nextName();
 			switch (name) {
-				case "directories":
-					settings.getDirectories().addAll(readVaultSettingsArray(in));
-					break;
-				case "askedForUpdateCheck":
-					settings.askedForUpdateCheck().set(in.nextBoolean());
-					break;
-				case "checkForUpdatesEnabled":
-					settings.checkForUpdates().set(in.nextBoolean());
-					break;
-				case "startHidden":
-					settings.startHidden().set(in.nextBoolean());
-					break;
-				case "port":
-					settings.port().set(in.nextInt());
-					break;
-				case "numTrayNotifications":
-					settings.numTrayNotifications().set(in.nextInt());
-					break;
-				case "preferredGvfsScheme":
-					settings.preferredGvfsScheme().set(parseWebDavUrlSchemePrefix(in.nextString()));
-					break;
-				case "debugMode":
-					settings.debugMode().set(in.nextBoolean());
-					break;
-				case "preferredVolumeImpl":
-					settings.preferredVolumeImpl().set(parsePreferredVolumeImplName(in.nextString()));
-					break;
-				case "theme":
-					settings.theme().set(parseUiTheme(in.nextString()));
-					break;
-				case "uiOrientation":
-					settings.userInterfaceOrientation().set(parseUiOrientation(in.nextString()));
-					break;
-				default:
+				case "directories" -> settings.getDirectories().addAll(readVaultSettingsArray(in));
+				case "askedForUpdateCheck" -> settings.askedForUpdateCheck().set(in.nextBoolean());
+				case "checkForUpdatesEnabled" -> settings.checkForUpdates().set(in.nextBoolean());
+				case "startHidden" -> settings.startHidden().set(in.nextBoolean());
+				case "port" -> settings.port().set(in.nextInt());
+				case "numTrayNotifications" -> settings.numTrayNotifications().set(in.nextInt());
+				case "preferredGvfsScheme" -> settings.preferredGvfsScheme().set(parseWebDavUrlSchemePrefix(in.nextString()));
+				case "debugMode" -> settings.debugMode().set(in.nextBoolean());
+				case "preferredVolumeImpl" -> settings.preferredVolumeImpl().set(parsePreferredVolumeImplName(in.nextString()));
+				case "theme" -> settings.theme().set(parseUiTheme(in.nextString()));
+				case "uiOrientation" -> settings.userInterfaceOrientation().set(parseUiOrientation(in.nextString()));
+				case "licenseKey" -> settings.licenseKey().set(in.nextString());
+				default -> {
 					LOG.warn("Unsupported vault setting found in JSON: " + name);
 					in.skipValue();
-					break;
+				}
 			}
 		}
 		in.endObject();
--- a/main/commons/src/main/java/org/cryptomator/common/settings/SettingsProvider.java
+++ b/main/commons/src/main/java/org/cryptomator/common/settings/SettingsProvider.java
@@ -10,7 +10,9 @@ package org.cryptomator.common.settings;

 import com.google.gson.Gson;
 import com.google.gson.GsonBuilder;
+import com.google.gson.JsonElement;
 import com.google.gson.JsonParseException;
+import com.google.gson.JsonParser;
 import org.cryptomator.common.Environment;
 import org.cryptomator.common.LazyInitializer;
 import org.slf4j.Logger;
@@ -32,7 +34,6 @@ import java.nio.file.Path;
 import java.nio.file.StandardCopyOption;
 import java.nio.file.StandardOpenOption;
 import java.util.Optional;
-import java.util.concurrent.Executors;
 import java.util.concurrent.ScheduledExecutorService;
 import java.util.concurrent.ScheduledFuture;
 import java.util.concurrent.TimeUnit;
@@ -46,16 +47,17 @@ public class SettingsProvider implements Supplier<Settings> {
 	private static final Logger LOG = LoggerFactory.getLogger(SettingsProvider.class);
 	private static final long SAVE_DELAY_MS = 1000;

-	private final ScheduledExecutorService saveScheduler = Executors.newSingleThreadScheduledExecutor();
 	private final AtomicReference<ScheduledFuture<?>> scheduledSaveCmd = new AtomicReference<>();
 	private final AtomicReference<Settings> settings = new AtomicReference<>();
 	private final SettingsJsonAdapter settingsJsonAdapter = new SettingsJsonAdapter();
 	private final Environment env;
+	private final ScheduledExecutorService scheduler;
 	private final Gson gson;

 	@Inject
-	public SettingsProvider(Environment env) {
+	public SettingsProvider(Environment env, ScheduledExecutorService scheduler) {
 		this.env = env;
+		this.scheduler = scheduler;
 		this.gson = new GsonBuilder() //
 				.setPrettyPrinting().setLenient().disableHtmlEscaping() //
 				.registerTypeAdapter(Settings.class, settingsJsonAdapter) //
@@ -77,12 +79,15 @@ public class SettingsProvider implements Supplier<Settings> {
 		LOG.debug("Attempting to load settings from {}", path);
 		try (InputStream in = Files.newInputStream(path, StandardOpenOption.READ); //
 			 Reader reader = new InputStreamReader(in, StandardCharsets.UTF_8)) {
-			Settings settings = gson.fromJson(reader, Settings.class);
-			if (settings == null) {
-				throw new IOException("Unexpected EOF");
+			JsonElement json = JsonParser.parseReader(reader);
+			if (json.isJsonObject()) {
+				Settings settings = gson.fromJson(json, Settings.class);
+				LOG.info("Settings loaded from {}", path);
+				return Stream.of(settings);
+			} else {
+				LOG.warn("Invalid json file {}", path);
+				return Stream.empty();
 			}
-			LOG.info("Settings loaded from {}", path);
-			return Stream.of(settings);
 		} catch (NoSuchFileException e) {
 			return Stream.empty();
 		} catch (IOException e) {
@@ -98,7 +103,7 @@ public class SettingsProvider implements Supplier<Settings> {
 		final Optional<Path> settingsPath = env.getSettingsPath().findFirst(); // alway save to preferred (first) path
 		settingsPath.ifPresent(path -> {
 			Runnable saveCommand = () -> this.save(settings, path);
-			ScheduledFuture<?> scheduledTask = saveScheduler.schedule(saveCommand, SAVE_DELAY_MS, TimeUnit.MILLISECONDS);
+			ScheduledFuture<?> scheduledTask = scheduler.schedule(saveCommand, SAVE_DELAY_MS, TimeUnit.MILLISECONDS);
 			ScheduledFuture<?> previouslyScheduledTask = scheduledSaveCmd.getAndSet(scheduledTask);
 			if (previouslyScheduledTask != null) {
 				previouslyScheduledTask.cancel(false);
--- a/main/commons/src/main/java/org/cryptomator/common/settings/UiTheme.java
+++ b/main/commons/src/main/java/org/cryptomator/common/settings/UiTheme.java
@@ -1,8 +1,8 @@
 package org.cryptomator.common.settings;

 public enum UiTheme {
-	LIGHT("Light"),
-	DARK("Dark");
+	LIGHT("preferences.general.theme.light"),
+	DARK("preferences.general.theme.dark");
 	// CUSTOM("Custom (%s)");

 	private String displayName;
--- a/main/commons/src/main/java/org/cryptomator/common/settings/VaultSettings.java
+++ b/main/commons/src/main/java/org/cryptomator/common/settings/VaultSettings.java
@@ -9,27 +9,23 @@ import com.google.common.base.Strings;
 import com.google.common.io.BaseEncoding;
 import javafx.beans.Observable;
 import javafx.beans.property.BooleanProperty;
+import javafx.beans.property.IntegerProperty;
 import javafx.beans.property.ObjectProperty;
 import javafx.beans.property.SimpleBooleanProperty;
+import javafx.beans.property.SimpleIntegerProperty;
 import javafx.beans.property.SimpleObjectProperty;
 import javafx.beans.property.SimpleStringProperty;
 import javafx.beans.property.StringProperty;
 import org.apache.commons.lang3.StringUtils;
 import org.fxmisc.easybind.EasyBind;

-import java.nio.ByteBuffer;
-import java.nio.charset.StandardCharsets;
 import java.nio.file.Path;
-import java.util.Base64;
-import java.util.List;
 import java.util.Objects;
 import java.util.Optional;
 import java.util.Random;
-import java.util.UUID;

 /**
 * The settings specific to a single vault.
- * TODO: Change the name of individualMountPath and its derivatives to customMountPath
 */
 public class VaultSettings {

@@ -38,6 +34,8 @@ public class VaultSettings {
 	public static final boolean DEFAULT_USES_INDIVIDUAL_MOUNTPATH = false;
 	public static final boolean DEFAULT_USES_READONLY_MODE = false;
 	public static final String DEFAULT_MOUNT_FLAGS = "";
+	public static final int DEFAULT_FILENAME_LENGTH_LIMIT = -1;
+	public static final WhenUnlocked DEFAULT_ACTION_AFTER_UNLOCK = WhenUnlocked.ASK;
 	
 	private static final Random RNG = new Random(); 

@@ -47,10 +45,12 @@ public class VaultSettings {
 	private final StringProperty winDriveLetter = new SimpleStringProperty();
 	private final BooleanProperty unlockAfterStartup = new SimpleBooleanProperty(DEFAULT_UNLOCK_AFTER_STARTUP);
 	private final BooleanProperty revealAfterMount = new SimpleBooleanProperty(DEFAULT_REAVEAL_AFTER_MOUNT);
-	private final BooleanProperty usesIndividualMountPath = new SimpleBooleanProperty(DEFAULT_USES_INDIVIDUAL_MOUNTPATH);
-	private final StringProperty individualMountPath = new SimpleStringProperty();
+	private final BooleanProperty useCustomMountPath = new SimpleBooleanProperty(DEFAULT_USES_INDIVIDUAL_MOUNTPATH);
+	private final StringProperty customMountPath = new SimpleStringProperty();
 	private final BooleanProperty usesReadOnlyMode = new SimpleBooleanProperty(DEFAULT_USES_READONLY_MODE);
 	private final StringProperty mountFlags = new SimpleStringProperty(DEFAULT_MOUNT_FLAGS);
+	private final IntegerProperty filenameLengthLimit = new SimpleIntegerProperty(DEFAULT_FILENAME_LENGTH_LIMIT);
+	private final ObjectProperty<WhenUnlocked> actionAfterUnlock = new SimpleObjectProperty<>(DEFAULT_ACTION_AFTER_UNLOCK);

 	public VaultSettings(String id) {
 		this.id = Objects.requireNonNull(id);
@@ -59,7 +59,7 @@ public class VaultSettings {
 	}

 	Observable[] observables() {
-		return new Observable[]{path, mountName, winDriveLetter, unlockAfterStartup, revealAfterMount, usesIndividualMountPath, individualMountPath, usesReadOnlyMode, mountFlags};
+		return new Observable[]{path, mountName, winDriveLetter, unlockAfterStartup, revealAfterMount, useCustomMountPath, customMountPath, usesReadOnlyMode, mountFlags, filenameLengthLimit, actionAfterUnlock};
 	}

 	private void deriveMountNameFromPath(Path path) {
@@ -123,17 +123,17 @@ public class VaultSettings {
 		return revealAfterMount;
 	}

-	public BooleanProperty usesIndividualMountPath() {
-		return usesIndividualMountPath;
+	public BooleanProperty useCustomMountPath() {
+		return useCustomMountPath;
 	}

-	public StringProperty individualMountPath() {
-		return individualMountPath;
+	public StringProperty customMountPath() {
+		return customMountPath;
 	}

-	public Optional<String> getIndividualMountPath() {
-		if (usesIndividualMountPath.get()) {
-			return Optional.ofNullable(Strings.emptyToNull(individualMountPath.get()));
+	public Optional<String> getCustomMountPath() {
+		if (useCustomMountPath.get()) {
+			return Optional.ofNullable(Strings.emptyToNull(customMountPath.get()));
 		} else {
 			return Optional.empty();
 		}
@@ -146,6 +146,18 @@ public class VaultSettings {
 	public StringProperty mountFlags() {
 		return mountFlags;
 	}
+	
+	public IntegerProperty filenameLengthLimit() {
+		return filenameLengthLimit;
+	}
+
+	public ObjectProperty<WhenUnlocked> actionAfterUnlock() {
+		return actionAfterUnlock;
+	}
+
+	public WhenUnlocked getActionAfterUnlock() {
+		return actionAfterUnlock.get();
+	}

 	/* Hashcode/Equals */

--- a/main/commons/src/main/java/org/cryptomator/common/settings/VaultSettingsJsonAdapter.java
+++ b/main/commons/src/main/java/org/cryptomator/common/settings/VaultSettingsJsonAdapter.java
@@ -25,10 +25,12 @@ class VaultSettingsJsonAdapter {
 		out.name("winDriveLetter").value(value.winDriveLetter().get());
 		out.name("unlockAfterStartup").value(value.unlockAfterStartup().get());
 		out.name("revealAfterMount").value(value.revealAfterMount().get());
-		out.name("usesIndividualMountPath").value(value.usesIndividualMountPath().get());
-		out.name("individualMountPath").value(value.individualMountPath().get());
+		out.name("useCustomMountPath").value(value.useCustomMountPath().get());
+		out.name("customMountPath").value(value.customMountPath().get());
 		out.name("usesReadOnlyMode").value(value.usesReadOnlyMode().get());
 		out.name("mountFlags").value(value.mountFlags().get());
+		out.name("filenameLengthLimit").value(value.filenameLengthLimit().get());
+		out.name("actionAfterUnlock").value(value.actionAfterUnlock().get().name());
 		out.endObject();
 	}

@@ -36,52 +38,36 @@ class VaultSettingsJsonAdapter {
 		String id = null;
 		String path = null;
 		String mountName = null;
-		String individualMountPath = null;
+		String customMountPath = null;
 		String winDriveLetter = null;
 		boolean unlockAfterStartup = VaultSettings.DEFAULT_UNLOCK_AFTER_STARTUP;
 		boolean revealAfterMount = VaultSettings.DEFAULT_REAVEAL_AFTER_MOUNT;
-		boolean usesIndividualMountPath = VaultSettings.DEFAULT_USES_INDIVIDUAL_MOUNTPATH;
+		boolean useCustomMountPath = VaultSettings.DEFAULT_USES_INDIVIDUAL_MOUNTPATH;
 		boolean usesReadOnlyMode = VaultSettings.DEFAULT_USES_READONLY_MODE;
 		String mountFlags = VaultSettings.DEFAULT_MOUNT_FLAGS;
+		int filenameLengthLimit = VaultSettings.DEFAULT_FILENAME_LENGTH_LIMIT;
+		WhenUnlocked actionAfterUnlock = VaultSettings.DEFAULT_ACTION_AFTER_UNLOCK;

 		in.beginObject();
 		while (in.hasNext()) {
 			String name = in.nextName();
 			switch (name) {
-				case "id":
-					id = in.nextString();
-					break;
-				case "path":
-					path = in.nextString();
-					break;
-				case "mountName":
-					mountName = in.nextString();
-					break;
-				case "winDriveLetter":
-					winDriveLetter = in.nextString();
-					break;
-				case "unlockAfterStartup":
-					unlockAfterStartup = in.nextBoolean();
-					break;
-				case "revealAfterMount":
-					revealAfterMount = in.nextBoolean();
-					break;
-				case "usesIndividualMountPath":
-					usesIndividualMountPath = in.nextBoolean();
-					break;
-				case "individualMountPath":
-					individualMountPath = in.nextString();
-					break;
-				case "usesReadOnlyMode":
-					usesReadOnlyMode = in.nextBoolean();
-					break;
-				case "mountFlags":
-					mountFlags = in.nextString();
-					break;
-				default:
+				case "id" -> id = in.nextString();
+				case "path" -> path = in.nextString();
+				case "mountName" -> mountName = in.nextString();
+				case "winDriveLetter" -> winDriveLetter = in.nextString();
+				case "unlockAfterStartup" -> unlockAfterStartup = in.nextBoolean();
+				case "revealAfterMount" -> revealAfterMount = in.nextBoolean();
+				case "usesIndividualMountPath", "useCustomMountPath" -> useCustomMountPath = in.nextBoolean();
+				case "individualMountPath", "customMountPath" -> customMountPath = in.nextString();
+				case "usesReadOnlyMode" -> usesReadOnlyMode = in.nextBoolean();
+				case "mountFlags" -> mountFlags = in.nextString();
+				case "filenameLengthLimit" -> filenameLengthLimit = in.nextInt();
+				case "actionAfterUnlock" -> actionAfterUnlock = parseActionAfterUnlock(in.nextString());
+				default -> {
 					LOG.warn("Unsupported vault setting found in JSON: " + name);
 					in.skipValue();
-					break;
+				}
 			}
 		}
 		in.endObject();
@@ -92,11 +78,22 @@ class VaultSettingsJsonAdapter {
 		vaultSettings.winDriveLetter().set(winDriveLetter);
 		vaultSettings.unlockAfterStartup().set(unlockAfterStartup);
 		vaultSettings.revealAfterMount().set(revealAfterMount);
-		vaultSettings.usesIndividualMountPath().set(usesIndividualMountPath);
-		vaultSettings.individualMountPath().set(individualMountPath);
+		vaultSettings.useCustomMountPath().set(useCustomMountPath);
+		vaultSettings.customMountPath().set(customMountPath);
 		vaultSettings.usesReadOnlyMode().set(usesReadOnlyMode);
 		vaultSettings.mountFlags().set(mountFlags);
+		vaultSettings.filenameLengthLimit().set(filenameLengthLimit);
+		vaultSettings.actionAfterUnlock().set(actionAfterUnlock);
 		return vaultSettings;
 	}

+	private WhenUnlocked parseActionAfterUnlock(String actionAfterUnlockName) {
+		try {
+			return WhenUnlocked.valueOf(actionAfterUnlockName.toUpperCase());
+		} catch (IllegalArgumentException e) {
+			LOG.warn("Invalid action after unlock {}. Defaulting to {}.", actionAfterUnlockName, VaultSettings.DEFAULT_ACTION_AFTER_UNLOCK);
+			return VaultSettings.DEFAULT_ACTION_AFTER_UNLOCK;
+		}
+	}
+
 }
--- a/main/commons/src/main/java/org/cryptomator/common/settings/VolumeImpl.java
+++ b/main/commons/src/main/java/org/cryptomator/common/settings/VolumeImpl.java
@@ -1,7 +1,5 @@
 package org.cryptomator.common.settings;

-import java.util.Arrays;
-
 public enum VolumeImpl {
 	WEBDAV("WebDAV"),
 	FUSE("FUSE"),
@@ -17,18 +15,4 @@ public enum VolumeImpl {
 		return displayName;
 	}

-	/**
-	 * Finds a VolumeImpl by display name.
-	 *
-	 * @param displayName Display name of the VolumeImpl
-	 * @return VolumeImpl with the given <code>displayName</code>.
-	 * @throws IllegalArgumentException if not volumeImpl with the given <code>displayName</code> was found.
-	 */
-	public static VolumeImpl forDisplayName(String displayName) throws IllegalArgumentException {
-		return Arrays.stream(values()) //
-				.filter(impl -> impl.displayName.equals(displayName)) //
-				.findAny() //
-				.orElseThrow(IllegalArgumentException::new);
-	}
-
 }
--- a/main/commons/src/main/java/org/cryptomator/common/settings/WebDavUrlScheme.java
+++ b/main/commons/src/main/java/org/cryptomator/common/settings/WebDavUrlScheme.java
@@ -1,7 +1,5 @@
 package org.cryptomator.common.settings;

-import java.util.Arrays;
-
 public enum WebDavUrlScheme {
 	DAV("dav", "dav:// (Gnome, Nautilus, ...)"),
 	WEBDAV("webdav", "webdav:// (KDE, Dolphin, ...)");
@@ -20,18 +18,4 @@ public enum WebDavUrlScheme {
 	public String getDisplayName() {
 		return displayName;
 	}
-
-	/**
-	 * Finds a WebDavUrlScheme by prefix.
-	 *
-	 * @param prefix Prefix of the WebDavUrlScheme
-	 * @return WebDavUrlScheme with the given <code>prefix</code>.
-	 * @throws IllegalArgumentException if not WebDavUrlScheme with the given <code>prefix</code> was found.
-	 */
-	public static WebDavUrlScheme forPrefix(String prefix) throws IllegalArgumentException {
-		return Arrays.stream(values()) //
-				.filter(impl -> impl.prefix.equals(prefix)) //
-				.findAny() //
-				.orElseThrow(IllegalArgumentException::new);
-	}
 }
--- a/main/commons/src/main/java/org/cryptomator/common/settings/WhenUnlocked.java
+++ b/main/commons/src/main/java/org/cryptomator/common/settings/WhenUnlocked.java
@@ -0,0 +1,17 @@
+package org.cryptomator.common.settings;
+
+public enum WhenUnlocked {
+	IGNORE("vaultOptions.general.actionAfterUnlock.ignore"),
+	REVEAL("vaultOptions.general.actionAfterUnlock.reveal"),
+	ASK("vaultOptions.general.actionAfterUnlock.ask");
+
+	private String displayName;
+
+	WhenUnlocked(String displayName) {
+		this.displayName = displayName;
+	}
+
+	public String getDisplayName() {
+		return displayName;
+	}
+}
--- a/main/commons/src/main/java/org/cryptomator/common/vaults/DokanyVolume.java
+++ b/main/commons/src/main/java/org/cryptomator/common/vaults/DokanyVolume.java
@@ -51,7 +51,7 @@ public class DokanyVolume implements Volume {
 		try {
 			this.mount = mountFactory.mount(fs.getPath("/"), mountPoint, mountName, FS_TYPE_NAME, mountFlags.strip());
 		} catch (MountFailedException e) {
-			if (vaultSettings.getIndividualMountPath().isPresent()) {
+			if (vaultSettings.getCustomMountPath().isPresent()) {
 				LOG.warn("Failed to mount vault into {}. Is this directory currently accessed by another process (e.g. Windows Explorer)?", mountPoint);
 			}
 			throw new VolumeException("Unable to mount Filesystem", e);
@@ -59,7 +59,7 @@ public class DokanyVolume implements Volume {
 	}

 	private Path determineMountPoint() throws VolumeException, IOException {
-		Optional<String> optionalCustomMountPoint = vaultSettings.getIndividualMountPath();
+		Optional<String> optionalCustomMountPoint = vaultSettings.getCustomMountPath();
 		if (optionalCustomMountPoint.isPresent()) {
 			Path customMountPoint = Paths.get(optionalCustomMountPoint.get());
 			checkProvidedMountPoint(customMountPoint);
--- a/main/commons/src/main/java/org/cryptomator/common/vaults/FuseVolume.java
+++ b/main/commons/src/main/java/org/cryptomator/common/vaults/FuseVolume.java
@@ -45,7 +45,7 @@ public class FuseVolume implements Volume {

 	@Override
 	public void mount(CryptoFileSystem fs, String mountFlags) throws IOException, FuseNotSupportedException, VolumeException {
-		Optional<String> optionalCustomMountPoint = vaultSettings.getIndividualMountPath();
+		Optional<String> optionalCustomMountPoint = vaultSettings.getCustomMountPath();
 		if (optionalCustomMountPoint.isPresent()) {
 			Path customMountPoint = Paths.get(optionalCustomMountPoint.get());
 			checkProvidedMountPoint(customMountPoint);
--- a/main/commons/src/main/java/org/cryptomator/common/vaults/Vault.java
+++ b/main/commons/src/main/java/org/cryptomator/common/vaults/Vault.java
@@ -10,14 +10,10 @@ package org.cryptomator.common.vaults;

 import com.google.common.base.Strings;
 import javafx.beans.Observable;
-import javafx.beans.binding.Binding;
 import javafx.beans.binding.Bindings;
 import javafx.beans.binding.BooleanBinding;
-import javafx.beans.binding.ObjectBinding;
 import javafx.beans.binding.StringBinding;
 import javafx.beans.property.ObjectProperty;
-import javafx.beans.property.SimpleObjectProperty;
-import org.apache.commons.lang3.StringUtils;
 import org.apache.commons.lang3.SystemUtils;
 import org.cryptomator.common.LazyInitializer;
 import org.cryptomator.common.settings.VaultSettings;
@@ -25,34 +21,32 @@ import org.cryptomator.cryptofs.CryptoFileSystem;
 import org.cryptomator.cryptofs.CryptoFileSystemProperties;
 import org.cryptomator.cryptofs.CryptoFileSystemProperties.FileSystemFlags;
 import org.cryptomator.cryptofs.CryptoFileSystemProvider;
+import org.cryptomator.cryptofs.common.Constants;
+import org.cryptomator.cryptofs.common.FileSystemCapabilityChecker;
 import org.cryptomator.cryptolib.api.CryptoException;
 import org.cryptomator.cryptolib.api.InvalidPassphraseException;
-import org.fxmisc.easybind.EasyBind;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;

 import javax.inject.Inject;
+import javax.inject.Named;
 import javax.inject.Provider;
 import java.io.IOException;
-import java.nio.file.FileAlreadyExistsException;
-import java.nio.file.Files;
 import java.nio.file.NoSuchFileException;
 import java.nio.file.NotDirectoryException;
 import java.nio.file.Path;
 import java.nio.file.Paths;
-import java.util.ArrayList;
 import java.util.EnumSet;
-import java.util.List;
 import java.util.Objects;
 import java.util.Set;
 import java.util.concurrent.atomic.AtomicReference;
-import java.util.function.Predicate;
+
+import static org.cryptomator.common.Constants.MASTERKEY_FILENAME;

@PerVault
 public class Vault {
-	
+
 	private static final Logger LOG = LoggerFactory.getLogger(Vault.class);
-	private static final String MASTERKEY_FILENAME = "masterkey.cryptomator"; // TODO: deduplicate constant declared in multiple classes
 	private static final Path HOME_DIR = Paths.get(SystemUtils.USER_HOME);

 	private final VaultSettings vaultSettings;
@@ -60,32 +54,40 @@ public class Vault {
 	private final StringBinding defaultMountFlags;
 	private final AtomicReference<CryptoFileSystem> cryptoFileSystem;
 	private final ObjectProperty<VaultState> state;
+	private final ObjectProperty<Exception> lastKnownException;
 	private final VaultStats stats;
 	private final StringBinding displayableName;
 	private final StringBinding displayablePath;
 	private final BooleanBinding locked;
 	private final BooleanBinding processing;
 	private final BooleanBinding unlocked;
+	private final BooleanBinding missing;
 	private final BooleanBinding needsMigration;
-	private final ObjectBinding<Path> accessPoint;
+	private final BooleanBinding unknownError;
+	private final StringBinding accessPoint;
+	private final BooleanBinding accessPointPresent;

 	private volatile Volume volume;

 	@Inject
-	Vault(VaultSettings vaultSettings, Provider<Volume> volumeProvider, @DefaultMountFlags StringBinding defaultMountFlags, AtomicReference<CryptoFileSystem> cryptoFileSystem, ObjectProperty<VaultState> state, VaultStats stats) {
+	Vault(VaultSettings vaultSettings, Provider<Volume> volumeProvider, @DefaultMountFlags StringBinding defaultMountFlags, AtomicReference<CryptoFileSystem> cryptoFileSystem, ObjectProperty<VaultState> state, @Named("lastKnownException") ObjectProperty<Exception> lastKnownException, VaultStats stats) {
 		this.vaultSettings = vaultSettings;
 		this.volumeProvider = volumeProvider;
 		this.defaultMountFlags = defaultMountFlags;
 		this.cryptoFileSystem = cryptoFileSystem;
 		this.state = state;
+		this.lastKnownException = lastKnownException;
 		this.stats = stats;
 		this.displayableName = Bindings.createStringBinding(this::getDisplayableName, vaultSettings.path());
 		this.displayablePath = Bindings.createStringBinding(this::getDisplayablePath, vaultSettings.path());
 		this.locked = Bindings.createBooleanBinding(this::isLocked, state);
 		this.processing = Bindings.createBooleanBinding(this::isProcessing, state);
 		this.unlocked = Bindings.createBooleanBinding(this::isUnlocked, state);
+		this.missing = Bindings.createBooleanBinding(this::isMissing, state);
 		this.needsMigration = Bindings.createBooleanBinding(this::isNeedsMigration, state);
-		this.accessPoint = Bindings.createObjectBinding(this::getAccessPoint, state);
+		this.unknownError = Bindings.createBooleanBinding(this::isUnknownError, state);
+		this.accessPoint = Bindings.createStringBinding(this::getAccessPoint, state);
+		this.accessPointPresent = this.accessPoint.isNotEmpty();
 	}

 	// ******************************************************************************
@@ -101,16 +103,25 @@ public class Vault {
 		if (vaultSettings.usesReadOnlyMode().get()) {
 			flags.add(FileSystemFlags.READONLY);
 		}
+		if (vaultSettings.filenameLengthLimit().get() == -1) {
+			LOG.debug("Determining file name length limitations...");
+			int limit = new FileSystemCapabilityChecker().determineSupportedFileNameLength(getPath());
+			vaultSettings.filenameLengthLimit().set(limit);
+			LOG.info("Storing file name length limit of {}", limit);
+		}
+		assert vaultSettings.filenameLengthLimit().get() > 0;
 		CryptoFileSystemProperties fsProps = CryptoFileSystemProperties.cryptoFileSystemProperties() //
 				.withPassphrase(passphrase) //
 				.withFlags(flags) //
 				.withMasterkeyFilename(MASTERKEY_FILENAME) //
+				.withMaxPathLength(vaultSettings.filenameLengthLimit().get() + Constants.MAX_ADDITIONAL_PATH_LENGTH) //
+				.withMaxNameLength(vaultSettings.filenameLengthLimit().get()) //
 				.build();
 		return CryptoFileSystemProvider.newFileSystem(getPath(), fsProps);
 	}

 	public synchronized void unlock(CharSequence passphrase) throws CryptoException, IOException, Volume.VolumeException {
-		if (vaultSettings.usesIndividualMountPath().get() && Strings.isNullOrEmpty(vaultSettings.individualMountPath().get())) {
+		if (vaultSettings.useCustomMountPath().get() && Strings.isNullOrEmpty(vaultSettings.customMountPath().get())) {
 			throw new NotDirectoryException("");
 		}
 		CryptoFileSystem fs = getCryptoFileSystem(passphrase);
@@ -154,6 +165,18 @@ public class Vault {
 		state.setValue(value);
 	}

+	public ObjectProperty<Exception> lastKnownExceptionProperty() {
+		return lastKnownException;
+	}
+
+	public Exception getLastKnownException() {
+		return lastKnownException.get();
+	}
+
+	public void setLastKnownException(Exception e) {
+		lastKnownException.setValue(e);
+	}
+
 	public BooleanBinding lockedProperty() {
 		return locked;
 	}
@@ -177,15 +200,31 @@ public class Vault {
 	public boolean isUnlocked() {
 		return state.get() == VaultState.UNLOCKED;
 	}
-	
+
+	public BooleanBinding missingProperty() {
+		return missing;
+	}
+
+	public boolean isMissing() {
+		return state.get() == VaultState.MISSING;
+	}
+
 	public BooleanBinding needsMigrationProperty() {
 		return needsMigration;
 	}
-	
+
 	public boolean isNeedsMigration() {
 		return state.get() == VaultState.NEEDS_MIGRATION;
 	}

+	public BooleanBinding unknownErrorProperty() {
+		return unknownError;
+	}
+
+	public boolean isUnknownError() {
+		return state.get() == VaultState.ERROR;
+	}
+
 	public StringBinding displayableNameProperty() {
 		return displayableName;
 	}
@@ -195,19 +234,27 @@ public class Vault {
 		return p.getFileName().toString();
 	}

-	public ObjectBinding<Path> accessPointProperty() {
+	public StringBinding accessPointProperty() {
 		return accessPoint;
 	}

-	public Path getAccessPoint() {
+	public String getAccessPoint() {
 		if (state.get() == VaultState.UNLOCKED) {
 			assert volume != null;
-			return volume.getMountPoint().orElse(Path.of(""));
+			return volume.getMountPoint().orElse(Path.of("")).toString();
 		} else {
-			return Path.of("");
+			return "";
 		}
 	}

+	public BooleanBinding accessPointPresentProperty() {
+		return accessPointPresent;
+	}
+
+	public boolean isAccessPointPresent() {
+		return accessPointPresent.get();
+	}
+
 	public StringBinding displayablePathProperty() {
 		return displayablePath;
 	}
--- a/main/commons/src/main/java/org/cryptomator/common/vaults/VaultComponent.java
+++ b/main/commons/src/main/java/org/cryptomator/common/vaults/VaultComponent.java
@@ -10,6 +10,9 @@ import org.cryptomator.common.settings.VaultSettings;

 import dagger.Subcomponent;

+import javax.annotation.Nullable;
+import javax.inject.Named;
+
@PerVault
@Subcomponent(modules = {VaultModule.class})
 public interface VaultComponent {
@@ -25,6 +28,9 @@ public interface VaultComponent {
 		@BindsInstance
 		Builder initialVaultState(VaultState vaultState);

+		@BindsInstance
+		Builder initialErrorCause(@Nullable @Named("lastKnownException") Exception initialErrorCause);
+
 		VaultComponent build();
 	}

--- a/main/commons/src/main/java/org/cryptomator/common/vaults/VaultListManager.java
+++ b/main/commons/src/main/java/org/cryptomator/common/vaults/VaultListManager.java
@@ -14,20 +14,25 @@ import org.cryptomator.common.settings.Settings;
 import org.cryptomator.common.settings.VaultSettings;
 import org.cryptomator.cryptofs.CryptoFileSystemProvider;
 import org.cryptomator.cryptofs.migration.Migrators;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;

 import javax.inject.Inject;
 import javax.inject.Singleton;
 import java.io.IOException;
+import java.nio.file.Files;
 import java.nio.file.NoSuchFileException;
 import java.nio.file.Path;
 import java.util.Collection;
 import java.util.Optional;
 import java.util.stream.Collectors;

+import static org.cryptomator.common.Constants.MASTERKEY_FILENAME;
+
@Singleton
 public class VaultListManager {
-	
-	private static final String MASTERKEY_FILENAME = "masterkey.cryptomator"; // TODO: deduplicate constant declared in multiple classes
+
+	private static final Logger LOG = LoggerFactory.getLogger(VaultListManager.class);

 	private final VaultComponent.Builder vaultComponentBuilder;
 	private final ObservableList<Vault> vaultList;
@@ -36,7 +41,7 @@ public class VaultListManager {
 	public VaultListManager(VaultComponent.Builder vaultComponentBuilder, Settings settings) {
 		this.vaultComponentBuilder = vaultComponentBuilder;
 		this.vaultList = FXCollections.observableArrayList(Vault::observables);
-		
+
 		addAll(settings.getDirectories());
 		vaultList.addListener(new VaultListChangeListener(settings.getDirectories()));
 	}
@@ -46,47 +51,74 @@ public class VaultListManager {
 	}

 	public Vault add(Path pathToVault) throws NoSuchFileException {
-		if (!CryptoFileSystemProvider.containsVault(pathToVault, MASTERKEY_FILENAME)) {
-			throw new NoSuchFileException(pathToVault.toString(), null, "Not a vault directory");
+		Path normalizedPathToVault = pathToVault.normalize().toAbsolutePath();
+		if (!CryptoFileSystemProvider.containsVault(normalizedPathToVault, MASTERKEY_FILENAME)) {
+			throw new NoSuchFileException(normalizedPathToVault.toString(), null, "Not a vault directory");
 		}
-		Optional<Vault> alreadyExistingVault = get(pathToVault);
+		Optional<Vault> alreadyExistingVault = get(normalizedPathToVault);
 		if (alreadyExistingVault.isPresent()) {
 			return alreadyExistingVault.get();
 		} else {
 			VaultSettings vaultSettings = VaultSettings.withRandomId();
-			vaultSettings.path().set(pathToVault);
+			vaultSettings.path().set(normalizedPathToVault);
 			Vault newVault = create(vaultSettings);
 			vaultList.add(newVault);
 			return newVault;
 		}
 	}
-	
+
 	private void addAll(Collection<VaultSettings> vaultSettings) {
 		Collection<Vault> vaults = vaultSettings.stream().map(this::create).collect(Collectors.toList());
 		vaultList.addAll(vaults);
 	}
-	
+
 	private Optional<Vault> get(Path vaultPath) {
-		return vaultList.stream().filter(v -> v.getPath().equals(vaultPath)).findAny();
+		assert vaultPath.isAbsolute();
+		assert vaultPath.normalize().equals(vaultPath);
+		return vaultList.stream() //
+				.filter(v -> vaultPath.equals(v.getPath())) //
+				.findAny();
 	}

 	private Vault create(VaultSettings vaultSettings) {
-		VaultState vaultState = determineVaultState(vaultSettings.path().get());
-		VaultComponent comp = vaultComponentBuilder.vaultSettings(vaultSettings).initialVaultState(vaultState).build();
-		return comp.vault();
+		VaultComponent.Builder compBuilder = vaultComponentBuilder.vaultSettings(vaultSettings);
+		try {
+			VaultState vaultState = determineVaultState(vaultSettings.path().get());
+			compBuilder.initialVaultState(vaultState);
+		} catch (IOException e) {
+			LOG.warn("Failed to determine vault state for " + vaultSettings.path().get(), e);
+			compBuilder.initialVaultState(VaultState.ERROR);
+			compBuilder.initialErrorCause(e);
+		}
+		return compBuilder.build().vault();
+	}
+	
+	public static VaultState redetermineVaultState(Vault vault) {
+		VaultState previousState = vault.getState();
+		return switch (previousState) {
+			case LOCKED, NEEDS_MIGRATION, MISSING -> {
+				try {
+					VaultState determinedState = determineVaultState(vault.getPath());
+					vault.setState(determinedState);
+					yield determinedState;
+				} catch (IOException e) {
+					LOG.warn("Failed to determine vault state for " + vault.getPath(), e);
+					vault.setState(VaultState.ERROR);
+					vault.setLastKnownException(e);
+					yield VaultState.ERROR;
+				}
+			}
+			case ERROR, UNLOCKED, PROCESSING -> previousState;
+		};
 	}

-	private VaultState determineVaultState(Path pathToVault) {
-		try {
-			if (!CryptoFileSystemProvider.containsVault(pathToVault, MASTERKEY_FILENAME)) {
-				return VaultState.MISSING;
-			} else if (Migrators.get().needsMigration(pathToVault, MASTERKEY_FILENAME)) {
-				return VaultState.NEEDS_MIGRATION;
-			} else {
-				return VaultState.LOCKED;
-			}
-		} catch (IOException e) {
-			return VaultState.ERROR;
+	private static VaultState determineVaultState(Path pathToVault) throws IOException {
+		if (!CryptoFileSystemProvider.containsVault(pathToVault, MASTERKEY_FILENAME)) {
+			return VaultState.MISSING;
+		} else if (Migrators.get().needsMigration(pathToVault, MASTERKEY_FILENAME)) {
+			return VaultState.NEEDS_MIGRATION;
+		} else {
+			return VaultState.LOCKED;
 		}
 	}

--- a/main/commons/src/main/java/org/cryptomator/common/vaults/VaultModule.java
+++ b/main/commons/src/main/java/org/cryptomator/common/vaults/VaultModule.java
@@ -23,6 +23,8 @@ import org.cryptomator.cryptofs.CryptoFileSystem;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;

+import javax.annotation.Nullable;
+import javax.inject.Named;
 import java.io.IOException;
 import java.nio.file.Files;
 import java.nio.file.Path;
@@ -46,6 +48,14 @@ public class VaultModule {
 		return new SimpleObjectProperty<>(initialState);
 	}

+	@Provides
+	@Named("lastKnownException")
+	@PerVault
+	public ObjectProperty<Exception> provideLastKnownException(@Named("lastKnownException") @Nullable Exception initialErrorCause) {
+		return new SimpleObjectProperty<>(initialErrorCause);
+	}
+
+
 	@Provides
 	public Volume provideVolume(Settings settings, WebDavVolume webDavVolume, FuseVolume fuseVolume, DokanyVolume dokanyVolume) {
 		VolumeImpl preferredImpl = settings.preferredVolumeImpl().get();
--- a/main/commons/src/main/java/org/cryptomator/common/vaults/VaultStats.java
+++ b/main/commons/src/main/java/org/cryptomator/common/vaults/VaultStats.java
@@ -41,16 +41,13 @@ public class VaultStats {
 	}

 	private void vaultStateChanged(@SuppressWarnings("unused") Observable observable) {
-		switch (state.get()) {
-			case UNLOCKED:
-				assert fs.get() != null;
-				LOG.debug("start recording stats");
-				updateService.restart();
-				break;
-			default:
-				LOG.debug("stop recording stats");
-				updateService.cancel();
-				break;
+		if (VaultState.UNLOCKED.equals(state.get())) {
+			assert fs.get() != null;
+			LOG.debug("start recording stats");
+			updateService.restart();
+		} else {
+			LOG.debug("stop recording stats");
+			updateService.cancel();
 		}
 	}

--- a/main/commons/src/main/java/org/cryptomator/common/vaults/Volume.java
+++ b/main/commons/src/main/java/org/cryptomator/common/vaults/Volume.java
@@ -43,17 +43,10 @@ public interface Volume {
 	}

 	static VolumeImpl[] getCurrentSupportedAdapters() {
-		return Stream.of(VolumeImpl.values()).filter(impl -> {
-			switch (impl) {
-				case WEBDAV:
-					return WebDavVolume.isSupportedStatic();
-				case DOKANY:
-					return DokanyVolume.isSupportedStatic();
-				case FUSE:
-					return FuseVolume.isSupportedStatic();
-				default:
-					return false;//throw new IllegalStateException("Adapter not implemented.");
-			}
+		return Stream.of(VolumeImpl.values()).filter(impl -> switch (impl) {
+			case WEBDAV -> WebDavVolume.isSupportedStatic();
+			case DOKANY -> DokanyVolume.isSupportedStatic();
+			case FUSE -> FuseVolume.isSupportedStatic();
 		}).toArray(VolumeImpl[]::new);
 	}

--- a/main/commons/src/main/java/org/cryptomator/common/vaults/WindowsDriveLetters.java
+++ b/main/commons/src/main/java/org/cryptomator/common/vaults/WindowsDriveLetters.java
@@ -7,8 +7,6 @@ package org.cryptomator.common.vaults;

 import com.google.common.collect.Sets;
 import org.apache.commons.lang3.SystemUtils;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;

 import javax.inject.Inject;
 import javax.inject.Singleton;
@@ -22,12 +20,11 @@ import java.util.stream.StreamSupport;
@Singleton
 public final class WindowsDriveLetters {

-	private static final Logger LOG = LoggerFactory.getLogger(WindowsDriveLetters.class);
-	private static final Set<String> A_TO_Z;
+	private static final Set<String> C_TO_Z;

 	static {
-		try (IntStream stream = IntStream.rangeClosed('A', 'Z')) {
-			A_TO_Z = stream.mapToObj(i -> String.valueOf((char) i)).collect(Collectors.toSet());
+		try (IntStream stream = IntStream.rangeClosed('C', 'Z')) {
+			C_TO_Z = stream.mapToObj(i -> String.valueOf((char) i)).collect(Collectors.toSet());
 		}
 	}

@@ -36,21 +33,20 @@ public final class WindowsDriveLetters {
 	}

 	public Set<String> getAllDriveLetters() {
-		return A_TO_Z;
+		return C_TO_Z;
 	}

 	public Set<String> getOccupiedDriveLetters() {
 		if (!SystemUtils.IS_OS_WINDOWS) {
-			LOG.warn("Attempted to get occupied drive letters on non-Windows machine.");
 			return Set.of();
 		} else {
 			Iterable<Path> rootDirs = FileSystems.getDefault().getRootDirectories();
-			return StreamSupport.stream(rootDirs.spliterator(), false).map(p -> p.toString().substring(0,1)).collect(Collectors.toSet());
+			return StreamSupport.stream(rootDirs.spliterator(), false).map(p -> p.toString().substring(0, 1)).collect(Collectors.toSet());
 		}
 	}

 	public Set<String> getAvailableDriveLetters() {
-		return Sets.difference(A_TO_Z, getOccupiedDriveLetters());
+		return Sets.difference(C_TO_Z, getOccupiedDriveLetters());
 	}

 }
--- a/main/commons/src/test/java/org/cryptomator/common/LicenseCheckerTest.java
+++ b/main/commons/src/test/java/org/cryptomator/common/LicenseCheckerTest.java
@@ -0,0 +1,62 @@
+package org.cryptomator.common;
+
+import com.auth0.jwt.interfaces.DecodedJWT;
+import org.cryptomator.common.LicenseChecker;
+import org.junit.jupiter.api.Assertions;
+import org.junit.jupiter.api.BeforeEach;
+import org.junit.jupiter.api.Test;
+
+import java.util.Optional;
+
+class LicenseCheckerTest {
+
+	private static final String PUBLIC_KEY = "MIGbMBAGByqGSM49AgEGBSuBBAAjA4GGAAQBgc4HZz+/fBbC7lmEww0AO3NK9wVZ" //
+			+ "PDZ0VEnsaUFLEYpTzb90nITtJUcPUbvOsdZIZ1Q8fnbquAYgxXL5UgHMoywAib47" //
+			+ "6MkyyYgPk0BXZq3mq4zImTRNuaU9slj9TVJ3ScT3L1bXwVuPJDzpr5GOFpaj+WwM" //
+			+ "Al8G7CqwoJOsW7Kddns=";
+	
+	private LicenseChecker licenseChecker;
+
+	@BeforeEach
+	public void setup() {
+		licenseChecker = new LicenseChecker(PUBLIC_KEY);
+	}
+
+	@Test
+	public void testCheckValidLicense() {
+		String license = "eyJhbGciOiJFUzUxMiIsInR5cCI6IkpXVCIsImtpZCI6InhaRGZacHJ5NFA5dlpQWnlHMmZOQlJqLTdMejVvbVZkbTd0SG9DZ1NOZlkifQ.eyJzdWIiOiJjcnlwdG9ib3RAZXhhbXBsZS5jb20iLCJpYXQiOjE1MTYyMzkwMjJ9.AQaBIKQdNCxmRJi2wLOcbagTgi39WhdWwgdpKTYSPicg-aPr_tst_RjmnqMemx3cBe0Blr4nEbj_lAtSKHz_i61fAUyI1xCIAZYbK9Q3ICHIHQl3AiuCpBwFl-k81OB4QDYiKpEc9gLN5dhW_VymJMsgOvyiC0UjC91f2AM7s46byDNj";
+		
+		Optional<DecodedJWT> decoded = licenseChecker.check(license);
+		
+		Assertions.assertTrue(decoded.isPresent());
+		Assertions.assertEquals("cryptobot@example.com", decoded.get().getSubject());
+	}
+
+	@Test
+	public void testCheckInvalidLicenseHeader() {
+		String license = "EyJhbGciOiJFUzUxMiIsInR5cCI6IkpXVCIsImtpZCI6InhaRGZacHJ5NFA5dlpQWnlHMmZOQlJqLTdMejVvbVZkbTd0SG9DZ1NOZlkifQ.eyJzdWIiOiJjcnlwdG9ib3RAZXhhbXBsZS5jb20iLCJpYXQiOjE1MTYyMzkwMjJ9.AQaBIKQdNCxmRJi2wLOcbagTgi39WhdWwgdpKTYSPicg-aPr_tst_RjmnqMemx3cBe0Blr4nEbj_lAtSKHz_i61fAUyI1xCIAZYbK9Q3ICHIHQl3AiuCpBwFl-k81OB4QDYiKpEc9gLN5dhW_VymJMsgOvyiC0UjC91f2AM7s46byDNj";
+
+		Optional<DecodedJWT> decoded = licenseChecker.check(license);
+
+		Assertions.assertFalse(decoded.isPresent());
+	}
+
+	@Test
+	public void testCheckInvalidLicensePayload() {
+		String license = "eyJhbGciOiJFUzUxMiIsInR5cCI6IkpXVCIsImtpZCI6InhaRGZacHJ5NFA5dlpQWnlHMmZOQlJqLTdMejVvbVZkbTd0SG9DZ1NOZlkifQ.EyJzdWIiOiJjcnlwdG9ib3RAZXhhbXBsZS5jb20iLCJpYXQiOjE1MTYyMzkwMjJ9.AQaBIKQdNCxmRJi2wLOcbagTgi39WhdWwgdpKTYSPicg-aPr_tst_RjmnqMemx3cBe0Blr4nEbj_lAtSKHz_i61fAUyI1xCIAZYbK9Q3ICHIHQl3AiuCpBwFl-k81OB4QDYiKpEc9gLN5dhW_VymJMsgOvyiC0UjC91f2AM7s46byDNj";
+
+		Optional<DecodedJWT> decoded = licenseChecker.check(license);
+
+		Assertions.assertFalse(decoded.isPresent());
+	}
+
+	@Test
+	public void testCheckInvalidLicenseSignature() {
+		String license = "eyJhbGciOiJFUzUxMiIsInR5cCI6IkpXVCIsImtpZCI6InhaRGZacHJ5NFA5dlpQWnlHMmZOQlJqLTdMejVvbVZkbTd0SG9DZ1NOZlkifQ.eyJzdWIiOiJjcnlwdG9ib3RAZXhhbXBsZS5jb20iLCJpYXQiOjE1MTYyMzkwMjJ9.aQaBIKQdNCxmRJi2wLOcbagTgi39WhdWwgdpKTYSPicg-aPr_tst_RjmnqMemx3cBe0Blr4nEbj_lAtSKHz_i61fAUyI1xCIAZYbK9Q3ICHIHQl3AiuCpBwFl-k81OB4QDYiKpEc9gLN5dhW_VymJMsgOvyiC0UjC91f2AM7s46byDNj";
+
+		Optional<DecodedJWT> decoded = licenseChecker.check(license);
+
+		Assertions.assertFalse(decoded.isPresent());
+	}
+
+}
--- a/main/commons/src/test/java/org/cryptomator/common/settings/SettingsJsonAdapterTest.java
+++ b/main/commons/src/test/java/org/cryptomator/common/settings/SettingsJsonAdapterTest.java
@@ -7,6 +7,8 @@ package org.cryptomator.common.settings;

 import org.junit.jupiter.api.Assertions;
 import org.junit.jupiter.api.Test;
+import org.junit.jupiter.params.ParameterizedTest;
+import org.junit.jupiter.params.provider.ValueSource;

 import java.io.IOException;

@@ -34,4 +36,16 @@ public class SettingsJsonAdapterTest {
 		Assertions.assertEquals(VolumeImpl.FUSE, settings.preferredVolumeImpl().get());
 	}

+	@ParameterizedTest(name = "fromJson() should throw IOException for input: {0}")
+	@ValueSource(strings = {
+			"",
+			"<html>",
+			"{invalidjson}"
+	})
+	public void testDeserializeMalformed(String input) {
+		Assertions.assertThrows(IOException.class, () -> {
+			adapter.fromJson(input);
+		});
+	}
+
 }
--- a/main/commons/src/test/java/org/cryptomator/common/settings/VaultSettingsJsonAdapterTest.java
+++ b/main/commons/src/test/java/org/cryptomator/common/settings/VaultSettingsJsonAdapterTest.java
@@ -16,7 +16,6 @@ import java.io.IOException;
 import java.io.StringReader;
 import java.io.StringWriter;
 import java.nio.file.Paths;
-import java.util.Arrays;

 public class VaultSettingsJsonAdapterTest {

@@ -32,7 +31,7 @@ public class VaultSettingsJsonAdapterTest {
 		Assertions.assertEquals(Paths.get("/foo/bar"), vaultSettings.path().get());
 		Assertions.assertEquals("test", vaultSettings.mountName().get());
 		Assertions.assertEquals("X", vaultSettings.winDriveLetter().get());
-		Assertions.assertEquals("/home/test/crypto", vaultSettings.individualMountPath().get());
+		Assertions.assertEquals("/home/test/crypto", vaultSettings.customMountPath().get());
 		Assertions.assertEquals("--foo --bar", vaultSettings.mountFlags().get());


--- a/main/keychain/pom.xml
+++ b/main/keychain/pom.xml
@@ -4,7 +4,7 @@
 	<parent>
 		<groupId>org.cryptomator</groupId>
 		<artifactId>main</artifactId>
-		<version>1.5.0-beta1</version>
+		<version>1.5.4</version>
 	</parent>
 	<artifactId>keychain</artifactId>
 	<name>System Keychain Access</name>
@@ -40,7 +40,6 @@
 		<dependency>
 			<groupId>de.swiesend</groupId>
 			<artifactId>secret-service</artifactId>
-			<version>1.0.0-RC.3</version>
 		</dependency>

 		<!-- Logging -->
--- a/main/keychain/src/main/java/org/cryptomator/keychain/KeychainAccess.java
+++ b/main/keychain/src/main/java/org/cryptomator/keychain/KeychainAccess.java
@@ -28,4 +28,11 @@ public interface KeychainAccess {
 	 */
 	void deletePassphrase(String key) throws KeychainAccessException;

+	/**
+	 * Updates a passphrase with a given key.
+	 *
+	 * @param key Unique key previously used while {@link #storePassphrase(String, CharSequence) storing a passphrase}.
+	 * @param passphrase The secret to be updated in this keychain.
+	 */
+	void changePassphrase(String key, CharSequence passphrase) throws KeychainAccessException;
 }
--- a/main/keychain/src/main/java/org/cryptomator/keychain/KeychainModule.java
+++ b/main/keychain/src/main/java/org/cryptomator/keychain/KeychainModule.java
@@ -11,6 +11,7 @@ import dagger.Provides;
 import dagger.multibindings.ElementsIntoSet;
 import org.cryptomator.common.JniModule;

+import javax.inject.Singleton;
 import java.util.Optional;
 import java.util.Set;

@@ -24,6 +25,7 @@ public class KeychainModule {
 	}

 	@Provides
+	@Singleton
 	public Optional<KeychainAccess> provideSupportedKeychain(Set<KeychainAccessStrategy> keychainAccessStrategies) {
 		return keychainAccessStrategies.stream().filter(KeychainAccessStrategy::isSupported).map(KeychainAccess.class::cast).findFirst();
 	}
--- a/main/keychain/src/main/java/org/cryptomator/keychain/LinuxSecretServiceKeychainAccess.java
+++ b/main/keychain/src/main/java/org/cryptomator/keychain/LinuxSecretServiceKeychainAccess.java
@@ -48,4 +48,9 @@ public class LinuxSecretServiceKeychainAccess implements KeychainAccessStrategy
 	public void deletePassphrase(String key) throws KeychainAccessException {
 		delegate.orElseThrow(IllegalStateException::new).deletePassphrase(key);
 	}
+
+	@Override
+	public void changePassphrase(String key, CharSequence passphrase) throws KeychainAccessException {
+		delegate.orElseThrow(IllegalStateException::new).changePassphrase(key, passphrase);
+	}
 }
--- a/main/keychain/src/main/java/org/cryptomator/keychain/LinuxSecretServiceKeychainAccessImpl.java
+++ b/main/keychain/src/main/java/org/cryptomator/keychain/LinuxSecretServiceKeychainAccessImpl.java
@@ -9,6 +9,8 @@ import java.util.Map;

 class LinuxSecretServiceKeychainAccessImpl implements KeychainAccessStrategy {

+	private final String LABEL_FOR_SECRET_IN_KEYRING = "Cryptomator";
+
 	@Override
 	public boolean isSupported() {
 		try (@SuppressWarnings("unused") SimpleCollection keyring = new SimpleCollection()) {
@@ -24,7 +26,7 @@ class LinuxSecretServiceKeychainAccessImpl implements KeychainAccessStrategy {
 		try (SimpleCollection keyring = new SimpleCollection()) {
 			List<String> list = keyring.getItems(createAttributes(key));
 			if (list == null) {
-				keyring.createItem("Cryptomator", passphrase, createAttributes(key));
+				keyring.createItem(LABEL_FOR_SECRET_IN_KEYRING, passphrase, createAttributes(key));
 			}
 		} catch (IOException e) {
 			throw new KeychainAccessException(e);
@@ -57,6 +59,18 @@ class LinuxSecretServiceKeychainAccessImpl implements KeychainAccessStrategy {
 		}
 	}

+	@Override
+	public void changePassphrase(String key, CharSequence passphrase) throws KeychainAccessException {
+		try (SimpleCollection keyring = new SimpleCollection()) {
+			List<String> list = keyring.getItems(createAttributes(key));
+			if (list != null) {
+				keyring.updateItem(list.get(0), LABEL_FOR_SECRET_IN_KEYRING, passphrase, createAttributes(key));
+			}
+		} catch (IOException e) {
+			throw new KeychainAccessException(e);
+		}
+	}
+
 	private Map<String, String> createAttributes(String key) {
 		Map<String, String> attributes = new HashMap();
 		attributes.put("Vault", key);
--- a/main/keychain/src/main/java/org/cryptomator/keychain/MacSystemKeychainAccess.java
+++ b/main/keychain/src/main/java/org/cryptomator/keychain/MacSystemKeychainAccess.java
@@ -46,4 +46,9 @@ class MacSystemKeychainAccess implements KeychainAccessStrategy {
 		keychain().deletePassword(key);
 	}

+	@Override
+	public void changePassphrase(String key, CharSequence passphrase) throws KeychainAccessException {
+		storePassphrase(key, passphrase);
+	}
+
 }
--- a/main/keychain/src/main/java/org/cryptomator/keychain/WindowsProtectedKeychainAccess.java
+++ b/main/keychain/src/main/java/org/cryptomator/keychain/WindowsProtectedKeychainAccess.java
@@ -112,6 +112,11 @@ class WindowsProtectedKeychainAccess implements KeychainAccessStrategy {
 		saveKeychainEntries();
 	}

+	@Override
+	public void changePassphrase(String key, CharSequence passphrase) throws KeychainAccessException {
+		storePassphrase(key, passphrase);
+	}
+
 	@Override
 	public boolean isSupported() {
 		return SystemUtils.IS_OS_WINDOWS && winFunctions.isPresent() && !keychainPaths.isEmpty();
--- a/main/keychain/src/test/java/org/cryptomator/keychain/MapKeychainAccess.java
+++ b/main/keychain/src/test/java/org/cryptomator/keychain/MapKeychainAccess.java
@@ -31,6 +31,12 @@ class MapKeychainAccess implements KeychainAccessStrategy {
 		map.remove(key);
 	}

+	@Override
+	public void changePassphrase(String key, CharSequence passphrase) {
+		map.get(key);
+		storePassphrase(key, passphrase);
+	}
+
 	@Override
 	public boolean isSupported() {
 		return true;
--- a/main/launcher/pom.xml
+++ b/main/launcher/pom.xml
@@ -4,7 +4,7 @@
 	<parent>
 		<groupId>org.cryptomator</groupId>
 		<artifactId>main</artifactId>
-		<version>1.5.0-beta1</version>
+		<version>1.5.4</version>
 	</parent>
 	<artifactId>launcher</artifactId>
 	<name>Cryptomator Launcher</name>
--- a/main/launcher/src/main/java/org/cryptomator/launcher/CleanShutdownPerformer.java
+++ b/main/launcher/src/main/java/org/cryptomator/launcher/CleanShutdownPerformer.java
@@ -1,48 +0,0 @@
-/*******************************************************************************
- * Copyright (c) 2017 Skymatic UG (haftungsbeschränkt).
- * All rights reserved. This program and the accompanying materials
- * are made available under the terms of the accompanying LICENSE file.
- *******************************************************************************/
-package org.cryptomator.launcher;
-
-import java.util.concurrent.ConcurrentHashMap;
-import java.util.concurrent.ConcurrentMap;
-
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-
-import javax.inject.Inject;
-import javax.inject.Singleton;
-
-@Singleton
-class CleanShutdownPerformer extends Thread {
-
-	private static final Logger LOG = LoggerFactory.getLogger(CleanShutdownPerformer.class);
-	private final ConcurrentMap<Runnable, Boolean> tasks = new ConcurrentHashMap<>();
-
-	@Inject
-	CleanShutdownPerformer() {
-		super(null, null, "ShutdownTasks", 0);
-	}
-
-	@Override
-	public void run() {
-		LOG.debug("Running graceful shutdown tasks...");
-		tasks.keySet().forEach(r -> {
-			try {
-				r.run();
-			} catch (RuntimeException e) {
-				LOG.error("Exception while shutting down.", e);
-			}
-		});
-		tasks.clear();
-	}
-
-	void scheduleShutdownTask(Runnable task) {
-		tasks.put(task, Boolean.TRUE);
-	}
-
-	void registerShutdownHook() {
-		Runtime.getRuntime().addShutdownHook(this);
-	}
-}
--- a/main/launcher/src/main/java/org/cryptomator/launcher/Cryptomator.java
+++ b/main/launcher/src/main/java/org/cryptomator/launcher/Cryptomator.java
@@ -32,17 +32,15 @@ public class Cryptomator {
 	private final IpcFactory ipcFactory;
 	private final Optional<String> applicationVersion;
 	private final CountDownLatch shutdownLatch;
-	private final CleanShutdownPerformer shutdownPerformer;
 	private final UiLauncher uiLauncher;

 	@Inject
-	Cryptomator(LoggerConfiguration logConfig, DebugMode debugMode, IpcFactory ipcFactory, @Named("applicationVersion") Optional<String> applicationVersion, @Named("shutdownLatch") CountDownLatch shutdownLatch, CleanShutdownPerformer shutdownPerformer, UiLauncher uiLauncher) {
+	Cryptomator(LoggerConfiguration logConfig, DebugMode debugMode, IpcFactory ipcFactory, @Named("applicationVersion") Optional<String> applicationVersion, @Named("shutdownLatch") CountDownLatch shutdownLatch, UiLauncher uiLauncher) {
 		this.logConfig = logConfig;
 		this.debugMode = debugMode;
 		this.ipcFactory = ipcFactory;
 		this.applicationVersion = applicationVersion;
 		this.shutdownLatch = shutdownLatch;
-		this.shutdownPerformer = shutdownPerformer;
 		this.uiLauncher = uiLauncher;
 	}

@@ -90,7 +88,6 @@ public class Cryptomator {
 	 */
 	private int runGuiApplication() {
 		try {
-			shutdownPerformer.registerShutdownHook();
 			uiLauncher.launch();
 			shutdownLatch.await();
 			LOG.info("UI shut down");
--- a/main/launcher/src/main/java/org/cryptomator/launcher/CryptomatorModule.java
+++ b/main/launcher/src/main/java/org/cryptomator/launcher/CryptomatorModule.java
@@ -7,18 +7,10 @@ import javax.inject.Named;
 import javax.inject.Singleton;
 import java.util.Optional;
 import java.util.concurrent.CountDownLatch;
-import java.util.function.Consumer;

@Module
 class CryptomatorModule {
-
-	@Provides
-	@Singleton
-	@Named("shutdownTaskScheduler")
-	Consumer<Runnable> provideShutdownTaskScheduler(CleanShutdownPerformer shutdownPerformer) {
-		return shutdownPerformer::scheduleShutdownTask;
-	}
-
+	
 	@Provides
 	@Singleton
 	@Named("shutdownLatch")
--- a/main/launcher/src/main/java/org/cryptomator/launcher/FileOpenRequestHandler.java
+++ b/main/launcher/src/main/java/org/cryptomator/launcher/FileOpenRequestHandler.java
@@ -21,8 +21,10 @@ import java.nio.file.FileSystems;
 import java.nio.file.InvalidPathException;
 import java.nio.file.Path;
 import java.util.Arrays;
+import java.util.Collection;
 import java.util.Objects;
 import java.util.concurrent.BlockingQueue;
+import java.util.stream.Collectors;
 import java.util.stream.Stream;

@Singleton
@@ -40,7 +42,7 @@ class FileOpenRequestHandler {
 	}

 	private void openFiles(OpenFilesEvent evt) {
-		Stream<Path> pathsToOpen = evt.getFiles().stream().map(File::toPath);
+		Collection<Path> pathsToOpen = evt.getFiles().stream().map(File::toPath).collect(Collectors.toList());
 		AppLaunchEvent launchEvent = new AppLaunchEvent(AppLaunchEvent.EventType.OPEN_FILE, pathsToOpen);
 		tryToEnqueueFileOpenRequest(launchEvent);
 	}
@@ -51,16 +53,18 @@ class FileOpenRequestHandler {

 	// visible for testing
 	void handleLaunchArgs(FileSystem fs, String[] args) {
-		Stream<Path> pathsToOpen = Arrays.stream(args).map(str -> {
+		Collection<Path> pathsToOpen = Arrays.stream(args).map(str -> {
 			try {
 				return fs.getPath(str);
 			} catch (InvalidPathException e) {
 				LOG.trace("Argument not a valid path: {}", str);
 				return null;
 			}
-		}).filter(Objects::nonNull);
-		AppLaunchEvent launchEvent = new AppLaunchEvent(AppLaunchEvent.EventType.OPEN_FILE, pathsToOpen);
-		tryToEnqueueFileOpenRequest(launchEvent);
+		}).filter(Objects::nonNull).collect(Collectors.toList());
+		if (!pathsToOpen.isEmpty()) {
+			AppLaunchEvent launchEvent = new AppLaunchEvent(AppLaunchEvent.EventType.OPEN_FILE, pathsToOpen);
+			tryToEnqueueFileOpenRequest(launchEvent);
+		}
 	}


--- a/main/launcher/src/main/java/org/cryptomator/launcher/IpcProtocolImpl.java
+++ b/main/launcher/src/main/java/org/cryptomator/launcher/IpcProtocolImpl.java
@@ -8,6 +8,7 @@ import javax.inject.Inject;
 import javax.inject.Named;
 import javax.inject.Singleton;
 import java.util.Arrays;
+import java.util.Collections;
 import java.util.concurrent.BlockingQueue;
 import java.util.stream.Stream;

@@ -27,7 +28,7 @@ class IpcProtocolImpl implements IpcProtocol {

 	@Override
 	public void revealRunningApp() {
-		launchEventQueue.add(new AppLaunchEvent(AppLaunchEvent.EventType.REVEAL_APP, Stream.empty()));
+		launchEventQueue.add(new AppLaunchEvent(AppLaunchEvent.EventType.REVEAL_APP, Collections.emptyList()));
 	}

 	@Override
--- a/main/launcher/src/main/java/org/cryptomator/logging/LoggerConfiguration.java
+++ b/main/launcher/src/main/java/org/cryptomator/logging/LoggerConfiguration.java
@@ -5,9 +5,8 @@ import ch.qos.logback.classic.Logger;
 import ch.qos.logback.classic.LoggerContext;
 import ch.qos.logback.classic.spi.ILoggingEvent;
 import ch.qos.logback.core.Appender;
-import ch.qos.logback.core.hook.DelayingShutdownHook;
-import ch.qos.logback.core.util.Duration;
 import org.cryptomator.common.Environment;
+import org.cryptomator.common.ShutdownHook;

 import javax.inject.Inject;
 import javax.inject.Named;
@@ -16,26 +15,27 @@ import java.util.Map;

@Singleton
 public class LoggerConfiguration {
-
-	private static final double SHUTDOWN_DELAY_MS = 100;
-
+	
 	private final LoggerContext context;
 	private final Environment environment;
 	private final Appender<ILoggingEvent> stdout;
 	private final Appender<ILoggingEvent> upgrade;
 	private final Appender<ILoggingEvent> file;
+	private final ShutdownHook shutdownHook;

 	@Inject
 	LoggerConfiguration(LoggerContext context, //
 						Environment environment, //
 						@Named("stdoutAppender") Appender<ILoggingEvent> stdout, //
 						@Named("upgradeAppender") Appender<ILoggingEvent> upgrade, //
-						@Named("fileAppender") Appender<ILoggingEvent> file) {
+						@Named("fileAppender") Appender<ILoggingEvent> file, //
+						ShutdownHook shutdownHook) {
 		this.context = context;
 		this.environment = environment;
 		this.stdout = stdout;
 		this.upgrade = upgrade;
 		this.file = file;
+		this.shutdownHook = shutdownHook;
 	}

 	public void init() {
@@ -55,16 +55,15 @@ public class LoggerConfiguration {
 			}

 			// configure upgrade logger:
-			Logger upgrades = context.getLogger("org.cryptomator.ui.model.upgrade");
+			Logger upgrades = context.getLogger("org.cryptomator.cryptofs.migration");
 			upgrades.setLevel(Level.DEBUG);
 			upgrades.addAppender(stdout);
 			upgrades.addAppender(upgrade);
+			upgrades.addAppender(file);
 			upgrades.setAdditive(false);

 			// add shutdown hook
-			DelayingShutdownHook shutdownHook = new DelayingShutdownHook();
-			shutdownHook.setContext(context);
-			shutdownHook.setDelay(Duration.buildByMilliseconds(SHUTDOWN_DELAY_MS));
+			shutdownHook.runOnShutdown(ShutdownHook.PRIO_LAST, context::stop);
 		}
 	}

--- a/main/launcher/src/test/java/org/cryptomator/launcher/FileOpenRequestHandlerTest.java
+++ b/main/launcher/src/test/java/org/cryptomator/launcher/FileOpenRequestHandlerTest.java
@@ -15,16 +15,14 @@ import org.junit.jupiter.api.DisplayName;
 import org.junit.jupiter.api.Test;
 import org.mockito.Mockito;

-import java.io.IOException;
 import java.nio.file.FileSystem;
 import java.nio.file.InvalidPathException;
 import java.nio.file.Path;
 import java.nio.file.Paths;
-import java.util.List;
+import java.util.Collection;
+import java.util.Collections;
 import java.util.concurrent.ArrayBlockingQueue;
 import java.util.concurrent.BlockingQueue;
-import java.util.stream.Collectors;
-import java.util.stream.Stream;

 public class FileOpenRequestHandlerTest {

@@ -39,32 +37,30 @@ public class FileOpenRequestHandlerTest {

 	@Test
 	@DisplayName("./cryptomator.exe foo bar")
-	public void testOpenArgsWithCorrectPaths() throws IOException {
+	public void testOpenArgsWithCorrectPaths() {
 		inTest.handleLaunchArgs(new String[]{"foo", "bar"});

 		AppLaunchEvent evt = queue.poll();
 		Assertions.assertNotNull(evt);
-		List<Path> paths = evt.getPathsToOpen().collect(Collectors.toList());
+		Collection<Path> paths = evt.getPathsToOpen();
 		MatcherAssert.assertThat(paths, CoreMatchers.hasItems(Paths.get("foo"), Paths.get("bar")));
 	}

 	@Test
 	@DisplayName("./cryptomator.exe foo (with 'foo' being an invalid path)")
-	public void testOpenArgsWithIncorrectPaths() throws IOException {
+	public void testOpenArgsWithIncorrectPaths() {
 		FileSystem fs = Mockito.mock(FileSystem.class);
 		Mockito.when(fs.getPath("foo")).thenThrow(new InvalidPathException("foo", "foo is not a path"));
 		inTest.handleLaunchArgs(fs, new String[]{"foo"});

 		AppLaunchEvent evt = queue.poll();
-		Assertions.assertNotNull(evt);
-		List<Path> paths = evt.getPathsToOpen().collect(Collectors.toList());
-		Assertions.assertTrue(paths.isEmpty());
+		Assertions.assertNull(evt);
 	}

 	@Test
 	@DisplayName("./cryptomator.exe foo (with full event queue)")
-	public void testOpenArgsWithFullQueue() throws IOException {
-		queue.add(new AppLaunchEvent(AppLaunchEvent.EventType.OPEN_FILE, Stream.empty()));
+	public void testOpenArgsWithFullQueue() {
+		queue.add(new AppLaunchEvent(AppLaunchEvent.EventType.OPEN_FILE, Collections.emptyList()));
 		Assumptions.assumeTrue(queue.remainingCapacity() == 0);

 		inTest.handleLaunchArgs(new String[]{"foo"});
--- a/main/pom.xml
+++ b/main/pom.xml
@@ -3,13 +3,13 @@
 	<modelVersion>4.0.0</modelVersion>
 	<groupId>org.cryptomator</groupId>
 	<artifactId>main</artifactId>
-	<version>1.5.0-beta1</version>
+	<version>1.5.4</version>
 	<packaging>pom</packaging>
 	<name>Cryptomator</name>

 	<organization>
 		<name>cryptomator.org</name>
-		<url>http://cryptomator.org</url>
+		<url>https://cryptomator.org</url>
 	</organization>

 	<developers>
@@ -23,35 +23,35 @@
 	<properties>
 		<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>

-		<!-- dependency versions -->
-		<cryptomator.cryptofs.version>1.9.0-rc2</cryptomator.cryptofs.version>
-		<cryptomator.jni.version>2.2.1</cryptomator.jni.version>
-		<cryptomator.fuse.version>1.2.1</cryptomator.fuse.version>
-		<cryptomator.dokany.version>1.1.11</cryptomator.dokany.version>
-		<cryptomator.webdav.version>1.0.10</cryptomator.webdav.version>
-
-		<javafx.version>13.0.1</javafx.version>
+		<!-- cryptomator dependencies -->
+		<cryptomator.cryptofs.version>1.9.10</cryptomator.cryptofs.version>
+		<cryptomator.jni.version>2.2.2</cryptomator.jni.version>
+		<cryptomator.fuse.version>1.2.3</cryptomator.fuse.version>
+		<cryptomator.dokany.version>1.1.15</cryptomator.dokany.version>
+		<cryptomator.webdav.version>1.0.11</cryptomator.webdav.version>

+		<!-- 3rd party dependencies -->
+		<javafx.version>14</javafx.version>
 		<commons-lang3.version>3.9</commons-lang3.version>
-
+		<secret-service.version>1.0.0</secret-service.version>
+		<jwt.version>3.10.2</jwt.version>
 		<easybind.version>1.0.3</easybind.version>
-
-		<guava.version>28.1-jre</guava.version>
-		<dagger.version>2.25.2</dagger.version>
+		<guava.version>28.2-jre</guava.version>
+		<dagger.version>2.27</dagger.version>
 		<gson.version>2.8.6</gson.version>
-
-		<slf4j.version>1.7.29</slf4j.version>
+		<slf4j.version>1.7.30</slf4j.version>
 		<logback.version>1.2.3</logback.version>

-		<junit.jupiter.version>5.5.2</junit.jupiter.version>
-		<mockito.version>3.1.0</mockito.version>
+		<!-- test dependencies -->
+		<junit.jupiter.version>5.6.1</junit.jupiter.version>
+		<mockito.version>3.3.3</mockito.version>
 		<hamcrest.version>2.2</hamcrest.version>
 	</properties>

 	<repositories>
 		<repository>
 			<id>jcenter</id>
-			<url>http://jcenter.bintray.com</url>
+			<url>https://jcenter.bintray.com</url>
 		</repository>
 	</repositories>

@@ -80,6 +80,11 @@
 			</dependency>

 			<!-- Cryptomator Libs -->
+			<dependency>
+				<groupId>org.cryptomator</groupId>
+				<artifactId>siv-mode</artifactId>
+				<version>1.4.0</version>
+			</dependency>
 			<dependency>
 				<groupId>org.cryptomator</groupId>
 				<artifactId>cryptofs</artifactId>
@@ -157,6 +162,20 @@
 				<version>${commons-lang3.version}</version>
 			</dependency>

+			<!-- Linux System Keychain -->
+			<dependency>
+				<groupId>de.swiesend</groupId>
+				<artifactId>secret-service</artifactId>
+				<version>${secret-service.version}</version>
+			</dependency>
+			
+			<!-- JWT -->
+			<dependency>
+				<groupId>com.auth0</groupId>
+				<artifactId>java-jwt</artifactId>
+				<version>${jwt.version}</version>
+			</dependency>
+
 			<!-- EasyBind -->
 			<dependency>
 				<groupId>org.fxmisc.easybind</groupId>
@@ -261,7 +280,7 @@
 			<plugins>
 				<plugin>
 					<artifactId>maven-dependency-plugin</artifactId>
-					<version>3.1.1</version>
+					<version>3.1.2</version>
 					<executions>
 						<execution>
 							<id>copy-libs</id>
@@ -275,9 +294,15 @@
 						</execution>
 					</executions>
 				</plugin>
+				<plugin>
+					<groupId>org.codehaus.mojo</groupId>
+					<artifactId>license-maven-plugin</artifactId>
+					<version>2.0.0</version>
+				</plugin>
 				<plugin>
 					<groupId>org.apache.maven.plugins</groupId>
 					<artifactId>maven-jar-plugin</artifactId>
+					<version>3.2.0</version>
 					<configuration>
 						<archive>
 							<manifest>
@@ -319,7 +344,7 @@
 				<artifactId>maven-compiler-plugin</artifactId>
 				<version>3.8.1</version>
 				<configuration>
-					<release>11</release>
+					<release>14</release>
 					<annotationProcessorPaths>
 						<path>
 							<groupId>com.google.dagger</groupId>
--- a/main/ui/pom.xml
+++ b/main/ui/pom.xml
@@ -4,7 +4,7 @@
 	<parent>
 		<groupId>org.cryptomator</groupId>
 		<artifactId>main</artifactId>
-		<version>1.5.0-beta1</version>
+		<version>1.5.4</version>
 	</parent>
 	<artifactId>ui</artifactId>
 	<name>Cryptomator GUI</name>
@@ -37,7 +37,7 @@
 		<dependency>
 			<groupId>org.fxmisc.easybind</groupId>
 			<artifactId>easybind</artifactId>
-		</dependency>	
+		</dependency>

 		<!-- Google -->
 		<dependency>
@@ -65,7 +65,7 @@
 		<dependency>
 			<groupId>com.nulab-inc</groupId>
 			<artifactId>zxcvbn</artifactId>
-			<version>1.2.7</version>
+			<version>1.3.0</version>
 		</dependency>
 		
 		<!-- Logging -->
@@ -88,4 +88,36 @@
 			<scope>test</scope>
 		</dependency>
 	</dependencies>
+	
+	<build>
+		<plugins>
+			<plugin>
+				<groupId>org.codehaus.mojo</groupId>
+				<artifactId>license-maven-plugin</artifactId>
+				<executions>
+					<execution>
+						<id>add-third-party</id>
+						<goals>
+							<goal>add-third-party</goal>
+						</goals>
+						<phase>generate-resources</phase>
+						<configuration>
+							<outputDirectory>${project.basedir}/src/main/resources/license</outputDirectory>
+							<thirdPartyFilename>THIRD-PARTY.txt</thirdPartyFilename>
+							<includedScopes>compile</includedScopes>
+							<excludedGroups>org\.cryptomator</excludedGroups>
+							<licenseMerges>
+								<licenseMerge>Apache License v2.0|Apache License, Version 2.0|The Apache Software License, Version 2.0|Apache 2.0|Apache Software License - Version 2.0</licenseMerge>
+								<licenseMerge>MIT License|The MIT License (MIT)|The MIT License|MIT license</licenseMerge>
+								<licenseMerge>LGPL 2.1|LGPL, version 2.1|GNU Lesser/Library General Public License version 2|GNU Lesser General Public License Version 2.1</licenseMerge>
+								<licenseMerge>GPLv2|GNU General Public License Version 2</licenseMerge>
+								<licenseMerge>GPLv2+CE|CDDL + GPLv2 with classpath exception</licenseMerge>
+							</licenseMerges>
+							<fileTemplate>${project.basedir}/src/license/template.ftl</fileTemplate>
+						</configuration>
+					</execution>
+				</executions>
+			</plugin>
+		</plugins>
+	</build>
 </project>
--- a/main/ui/src/license/THIRD-PARTY.properties
+++ b/main/ui/src/license/THIRD-PARTY.properties
@@ -0,0 +1 @@
+com.github.serceman--jnr-fuse--0.5.4=MIT License
--- a/main/ui/src/license/template.ftl
+++ b/main/ui/src/license/template.ftl
@@ -0,0 +1,35 @@
+<#function artifactFormat p>
+    <#if p.name?index_of('Unnamed') &gt; -1>
+        <#return p.artifactId + " (" + p.groupId + ":" + p.artifactId + ":" + p.version + " - " + (p.url!"no url defined") + ")">
+    <#else>
+        <#return p.name + " (" + p.groupId + ":" + p.artifactId + ":" + p.version + " - " + (p.url!"no url defined") + ")">
+    </#if>
+</#function>
+This program is free software: you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation, either version 3 of the License, or
+(at your option) any later version.
+
+This program is distributed in the hope that it will be useful,
+but WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+GNU General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with this program.  If not, see http://www.gnu.org/licenses/.
+
+Cryptomator uses ${dependencyMap?size} third-party dependencies under the following licenses:
+<#list licenseMap as e>
+	<#assign license = e.getKey()/>
+	<#assign projects = e.getValue()/>
+	<#if projects?size &gt; 0>
+	${license}:
+	<#list projects as project>
+		- ${artifactFormat(project)}
+	</#list>
+	</#if>
+</#list>
+
+Cryptomator uses other third-party assets under the following licenses:
+	SIL OFL 1.1 License:
+		- Font Awesome 5.12.0 (https://fontawesome.com/)
--- a/main/ui/src/main/java/org/cryptomator/ui/addvaultwizard/AddVaultFailureExisitingController.java
+++ b/main/ui/src/main/java/org/cryptomator/ui/addvaultwizard/AddVaultFailureExisitingController.java
@@ -1,51 +0,0 @@
-package org.cryptomator.ui.addvaultwizard;
-
-import dagger.Lazy;
-import javafx.beans.binding.Bindings;
-import javafx.beans.binding.StringBinding;
-import javafx.beans.property.ObjectProperty;
-import javafx.fxml.FXML;
-import javafx.scene.Scene;
-import javafx.stage.Stage;
-import org.cryptomator.ui.common.FxController;
-import org.cryptomator.ui.common.FxmlFile;
-import org.cryptomator.ui.common.FxmlScene;
-
-import javax.inject.Inject;
-import java.nio.file.Path;
-
-@AddVaultWizardScoped
-public class AddVaultFailureExisitingController implements FxController {
-
-	private final Stage window;
-	private final Lazy<Scene> previousScene;
-	private final StringBinding vaultName;
-
-	@Inject
-	AddVaultFailureExisitingController(@AddVaultWizardWindow Stage window, @FxmlScene(FxmlFile.ADDVAULT_EXISTING) Lazy<Scene> previousScene, ObjectProperty<Path> pathOfFailedVault){
-		this.window = window;
-		this.previousScene = previousScene;
-		this.vaultName = Bindings.createStringBinding(() -> pathOfFailedVault.get().getFileName().toString(),pathOfFailedVault);
-	}
-
-	@FXML
-	public void close(){
-		window.close();
-	}
-
-	@FXML
-	public void back(){
-		window.setScene(previousScene.get());
-	}
-
-	// Getter & Setter
-
-	public StringBinding vaultNameProperty(){
-		return vaultName;
-	}
-
-	public String getVaultName(){
-		return vaultName.get();
-	}
-
-}
--- a/main/ui/src/main/java/org/cryptomator/ui/addvaultwizard/AddVaultModule.java
+++ b/main/ui/src/main/java/org/cryptomator/ui/addvaultwizard/AddVaultModule.java
@@ -19,18 +19,29 @@ import org.cryptomator.ui.common.FxController;
 import org.cryptomator.ui.common.FxControllerKey;
 import org.cryptomator.ui.common.FxmlFile;
 import org.cryptomator.ui.common.FxmlScene;
+import org.cryptomator.ui.common.NewPasswordController;
+import org.cryptomator.ui.common.PasswordStrengthUtil;
+import org.cryptomator.ui.common.StageFactory;
 import org.cryptomator.ui.mainwindow.MainWindow;
+import org.cryptomator.ui.recoverykey.RecoveryKeyDisplayController;

 import javax.inject.Named;
 import javax.inject.Provider;
 import java.nio.file.Path;
+import java.util.List;
 import java.util.Map;
-import java.util.Optional;
 import java.util.ResourceBundle;

@Module
 public abstract class AddVaultModule {

+	@Provides
+	@AddVaultWizardScoped
+	@Named("newPassword")
+	static ObjectProperty<CharSequence> provideNewPasswordProperty() {
+		return new SimpleObjectProperty<>("");
+	}
+
 	@Provides
 	@AddVaultWizardWindow
 	@AddVaultWizardScoped
@@ -41,13 +52,12 @@ public abstract class AddVaultModule {
 	@Provides
 	@AddVaultWizardWindow
 	@AddVaultWizardScoped
-	static Stage provideStage(@MainWindow Stage owner, ResourceBundle resourceBundle, @Named("windowIcon") Optional<Image> windowIcon) {
-		Stage stage = new Stage();
+	static Stage provideStage(StageFactory factory, @MainWindow Stage owner, ResourceBundle resourceBundle) {
+		Stage stage = factory.create();
 		stage.setTitle(resourceBundle.getString("addvaultwizard.title"));
 		stage.setResizable(false);
 		stage.initModality(Modality.WINDOW_MODAL);
 		stage.initOwner(owner);
-		windowIcon.ifPresent(stage.getIcons()::add);
 		return stage;
 	}

@@ -93,14 +103,7 @@ public abstract class AddVaultModule {
 	static Scene provideChooseExistingVaultScene(@AddVaultWizardWindow FXMLLoaderFactory fxmlLoaders) {
 		return fxmlLoaders.createScene(FxmlFile.ADDVAULT_EXISTING.getRessourcePathString());
 	}
-
-	@Provides
-	@FxmlScene(FxmlFile.ADDVAULT_EXISTING_ERROR)
-	@AddVaultWizardScoped
-	static Scene provideChooseExistingVaultErrorScene(@AddVaultWizardWindow FXMLLoaderFactory fxmlLoaders) {
-		return fxmlLoaders.createScene(FxmlFile.ADDVAULT_EXISTING_ERROR.getRessourcePathString());
-	}
-
+	
 	@Provides
 	@FxmlScene(FxmlFile.ADDVAULT_NEW_NAME)
 	@AddVaultWizardScoped
@@ -148,11 +151,6 @@ public abstract class AddVaultModule {
 	@FxControllerKey(ChooseExistingVaultController.class)
 	abstract FxController bindChooseExistingVaultController(ChooseExistingVaultController controller);

-	@Binds
-	@IntoMap
-	@FxControllerKey(AddVaultFailureExisitingController.class)
-	abstract FxController bindAddVaultFailureExistingController(AddVaultFailureExisitingController controller);
-
 	@Binds
 	@IntoMap
 	@FxControllerKey(CreateNewVaultNameController.class)
@@ -168,13 +166,28 @@ public abstract class AddVaultModule {
 	@FxControllerKey(CreateNewVaultPasswordController.class)
 	abstract FxController bindCreateNewVaultPasswordController(CreateNewVaultPasswordController controller);

-	@Binds
+	@Provides
 	@IntoMap
-	@FxControllerKey(AddVaultSuccessController.class)
-	abstract FxController bindAddVaultSuccessController(AddVaultSuccessController controller);
+	@FxControllerKey(NewPasswordController.class)
+	static FxController provideNewPasswordController(ResourceBundle resourceBundle, PasswordStrengthUtil strengthRater, @Named("newPassword") ObjectProperty<CharSequence> password) {
+		return new NewPasswordController(resourceBundle, strengthRater, password);
+	}

 	@Binds
 	@IntoMap
 	@FxControllerKey(CreateNewVaultRecoveryKeyController.class)
 	abstract FxController bindCreateNewVaultRecoveryKeyController(CreateNewVaultRecoveryKeyController controller);
+
+	@Provides
+	@IntoMap
+	@FxControllerKey(RecoveryKeyDisplayController.class)
+	static FxController provideRecoveryKeyDisplayController(@AddVaultWizardWindow Stage window, @Named("vaultName") StringProperty vaultName, @Named("recoveryKey") StringProperty recoveryKey, ResourceBundle localization) {
+		return new RecoveryKeyDisplayController(window, vaultName.get(), recoveryKey.get(), localization);
+	}
+
+	@Binds
+	@IntoMap
+	@FxControllerKey(AddVaultSuccessController.class)
+	abstract FxController bindAddVaultSuccessController(AddVaultSuccessController controller);
+	
 }
--- a/main/ui/src/main/java/org/cryptomator/ui/addvaultwizard/AddVaultSuccessController.java
+++ b/main/ui/src/main/java/org/cryptomator/ui/addvaultwizard/AddVaultSuccessController.java
@@ -27,7 +27,7 @@ public class AddVaultSuccessController implements FxController {
 	@FXML
 	public void unlockAndClose() {
 		close();
-		fxApplication.showUnlockWindow(vault.get());
+		fxApplication.startUnlockWorkflow(vault.get());
 	}

 	@FXML
--- a/main/ui/src/main/java/org/cryptomator/ui/addvaultwizard/ChooseExistingVaultController.java
+++ b/main/ui/src/main/java/org/cryptomator/ui/addvaultwizard/ChooseExistingVaultController.java
@@ -4,10 +4,13 @@ import dagger.Lazy;
 import javafx.beans.property.ObjectProperty;
 import javafx.fxml.FXML;
 import javafx.scene.Scene;
+import javafx.scene.image.Image;
 import javafx.stage.FileChooser;
 import javafx.stage.Stage;
+import org.apache.commons.lang3.SystemUtils;
 import org.cryptomator.common.vaults.Vault;
 import org.cryptomator.common.vaults.VaultListManager;
+import org.cryptomator.ui.common.ErrorComponent;
 import org.cryptomator.ui.common.FxController;
 import org.cryptomator.ui.common.FxmlFile;
 import org.cryptomator.ui.common.FxmlScene;
@@ -15,7 +18,11 @@ import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;

 import javax.inject.Inject;
+import javax.inject.Named;
 import java.io.File;
+import java.io.IOException;
+import java.io.InputStream;
+import java.io.UncheckedIOException;
 import java.nio.file.NoSuchFileException;
 import java.nio.file.Path;
 import java.util.ResourceBundle;
@@ -28,24 +35,36 @@ public class ChooseExistingVaultController implements FxController {
 	private final Stage window;
 	private final Lazy<Scene> welcomeScene;
 	private final Lazy<Scene> successScene;
-	private final Lazy<Scene> errorScene;
+	private final ErrorComponent.Builder errorComponent;
 	private final ObjectProperty<Path> vaultPath;
 	private final ObjectProperty<Vault> vault;
 	private final VaultListManager vaultListManager;
 	private final ResourceBundle resourceBundle;

+	private Image screenshot;
+
 	@Inject
-	ChooseExistingVaultController(@AddVaultWizardWindow Stage window, @FxmlScene(FxmlFile.ADDVAULT_WELCOME) Lazy<Scene> welcomeScene, @FxmlScene(FxmlFile.ADDVAULT_SUCCESS) Lazy<Scene> successScene, @FxmlScene(FxmlFile.ADDVAULT_EXISTING_ERROR) Lazy<Scene> errorScene, ObjectProperty<Path> vaultPath, @AddVaultWizardWindow ObjectProperty<Vault> vault, VaultListManager vaultListManager, ResourceBundle resourceBundle) {
+	ChooseExistingVaultController(@AddVaultWizardWindow Stage window, @FxmlScene(FxmlFile.ADDVAULT_WELCOME) Lazy<Scene> welcomeScene, @FxmlScene(FxmlFile.ADDVAULT_SUCCESS) Lazy<Scene> successScene, ErrorComponent.Builder errorComponent, ObjectProperty<Path> vaultPath, @AddVaultWizardWindow ObjectProperty<Vault> vault, VaultListManager vaultListManager, ResourceBundle resourceBundle) {
 		this.window = window;
 		this.welcomeScene = welcomeScene;
 		this.successScene = successScene;
-		this.errorScene = errorScene;
+		this.errorComponent = errorComponent;
 		this.vaultPath = vaultPath;
 		this.vault = vault;
 		this.vaultListManager = vaultListManager;
 		this.resourceBundle = resourceBundle;
 	}

+	@FXML
+	public void initialize() {
+		final String resource = SystemUtils.IS_OS_MAC ? "/select-masterkey-mac.png" : "/select-masterkey-win.png";
+		try (InputStream in = getClass().getResourceAsStream(resource)) {
+			this.screenshot = new Image(in);
+		} catch (IOException e) {
+			throw new UncheckedIOException(e);
+		}
+	}
+
 	@FXML
 	public void back() {
 		window.setScene(welcomeScene.get());
@@ -65,9 +84,15 @@ public class ChooseExistingVaultController implements FxController {
 				window.setScene(successScene.get());
 			} catch (NoSuchFileException e) {
 				LOG.error("Failed to open existing vault.", e);
-				window.setScene(errorScene.get());
+				errorComponent.cause(e).window(window).returnToScene(window.getScene()).build().showErrorScene();
 			}
 		}
 	}

+	/* Getter */
+
+	public Image getScreenshot() {
+		return screenshot;
+	}
+
 }
--- a/main/ui/src/main/java/org/cryptomator/ui/addvaultwizard/CreateNewVaultLocationController.java
+++ b/main/ui/src/main/java/org/cryptomator/ui/addvaultwizard/CreateNewVaultLocationController.java
@@ -16,6 +16,7 @@ import javafx.scene.control.Toggle;
 import javafx.scene.control.ToggleGroup;
 import javafx.stage.DirectoryChooser;
 import javafx.stage.Stage;
+import org.cryptomator.ui.common.ErrorComponent;
 import org.cryptomator.ui.common.FxController;
 import org.cryptomator.ui.common.FxmlFile;
 import org.cryptomator.ui.common.FxmlScene;
@@ -41,6 +42,7 @@ public class CreateNewVaultLocationController implements FxController {
 	private final Stage window;
 	private final Lazy<Scene> chooseNameScene;
 	private final Lazy<Scene> choosePasswordScene;
+	private final ErrorComponent.Builder errorComponent;
 	private final LocationPresets locationPresets;
 	private final ObjectProperty<Path> vaultPath;
 	private final StringProperty vaultName;
@@ -52,15 +54,18 @@ public class CreateNewVaultLocationController implements FxController {

 	private Path customVaultPath = DEFAULT_CUSTOM_VAULT_PATH;
 	public ToggleGroup predefinedLocationToggler;
+	public RadioButton iclouddriveRadioButton;
 	public RadioButton dropboxRadioButton;
 	public RadioButton gdriveRadioButton;
+	public RadioButton onedriveRadioButton;
 	public RadioButton customRadioButton;

 	@Inject
-	CreateNewVaultLocationController(@AddVaultWizardWindow Stage window, @FxmlScene(FxmlFile.ADDVAULT_NEW_NAME) Lazy<Scene> chooseNameScene, @FxmlScene(FxmlFile.ADDVAULT_NEW_PASSWORD) Lazy<Scene> choosePasswordScene, LocationPresets locationPresets, ObjectProperty<Path> vaultPath, @Named("vaultName") StringProperty vaultName, ResourceBundle resourceBundle) {
+	CreateNewVaultLocationController(@AddVaultWizardWindow Stage window, @FxmlScene(FxmlFile.ADDVAULT_NEW_NAME) Lazy<Scene> chooseNameScene, @FxmlScene(FxmlFile.ADDVAULT_NEW_PASSWORD) Lazy<Scene> choosePasswordScene, ErrorComponent.Builder errorComponent, LocationPresets locationPresets, ObjectProperty<Path> vaultPath, @Named("vaultName") StringProperty vaultName, ResourceBundle resourceBundle) {
 		this.window = window;
 		this.chooseNameScene = chooseNameScene;
 		this.choosePasswordScene = choosePasswordScene;
+		this.errorComponent = errorComponent;
 		this.locationPresets = locationPresets;
 		this.vaultPath = vaultPath;
 		this.vaultName = vaultName;
@@ -91,10 +96,14 @@ public class CreateNewVaultLocationController implements FxController {
 	}

 	private void togglePredefinedLocation(@SuppressWarnings("unused") ObservableValue<? extends Toggle> observable, @SuppressWarnings("unused") Toggle oldValue, Toggle newValue) {
-		if (dropboxRadioButton.equals(newValue)) {
+		if (iclouddriveRadioButton.equals(newValue)) {
+			vaultPath.set(locationPresets.getIclouddriveLocation().resolve(vaultName.get()));
+		} else if (dropboxRadioButton.equals(newValue)) {
 			vaultPath.set(locationPresets.getDropboxLocation().resolve(vaultName.get()));
 		} else if (gdriveRadioButton.equals(newValue)) {
 			vaultPath.set(locationPresets.getGdriveLocation().resolve(vaultName.get()));
+		} else if (onedriveRadioButton.equals(newValue)) {
+			vaultPath.set(locationPresets.getOnedriveLocation().resolve(vaultName.get()));
 		} else if (customRadioButton.equals(newValue)) {
 			vaultPath.set(customVaultPath.resolve(vaultName.get()));
 		}
@@ -117,9 +126,8 @@ public class CreateNewVaultLocationController implements FxController {
 			LOG.warn("Can not use already existing vault path {}", vaultPath.get());
 			warningText.set(resourceBundle.getString("addvaultwizard.new.fileAlreadyExists"));
 		} catch (IOException e) {
-			LOG.warn("Can not create vault at path: {}", vaultPath.get());
-			LOG.warn("Thrown Exception:", e);
-			warningText.set(resourceBundle.getString("addvaultwizard.new.ioException"));
+			LOG.error("Failed to create and delete directory at chosen vault path.", e);
+			errorComponent.cause(e).window(window).returnToScene(window.getScene()).build().showErrorScene();
 		}
 	}

--- a/main/ui/src/main/java/org/cryptomator/ui/addvaultwizard/CreateNewVaultPasswordController.java
+++ b/main/ui/src/main/java/org/cryptomator/ui/addvaultwizard/CreateNewVaultPasswordController.java
@@ -5,30 +5,25 @@ import javafx.beans.binding.Bindings;
 import javafx.beans.binding.BooleanBinding;
 import javafx.beans.binding.ObjectBinding;
 import javafx.beans.property.BooleanProperty;
-import javafx.beans.property.IntegerProperty;
 import javafx.beans.property.ObjectProperty;
 import javafx.beans.property.SimpleBooleanProperty;
-import javafx.beans.property.SimpleIntegerProperty;
 import javafx.beans.property.StringProperty;
 import javafx.fxml.FXML;
 import javafx.scene.Scene;
 import javafx.scene.control.ContentDisplay;
-import javafx.scene.control.Label;
-import javafx.scene.layout.HBox;
+import javafx.scene.control.Toggle;
+import javafx.scene.control.ToggleGroup;
 import javafx.stage.Stage;
 import org.cryptomator.common.vaults.Vault;
 import org.cryptomator.common.vaults.VaultListManager;
 import org.cryptomator.cryptofs.CryptoFileSystemProperties;
 import org.cryptomator.cryptofs.CryptoFileSystemProvider;
+import org.cryptomator.ui.common.ErrorComponent;
 import org.cryptomator.ui.common.FxController;
 import org.cryptomator.ui.common.FxmlFile;
 import org.cryptomator.ui.common.FxmlScene;
 import org.cryptomator.ui.common.Tasks;
-import org.cryptomator.ui.controls.FontAwesome5IconView;
-import org.cryptomator.ui.controls.NiceSecurePasswordField;
-import org.cryptomator.ui.common.PasswordStrengthUtil;
 import org.cryptomator.ui.recoverykey.RecoveryKeyFactory;
-import org.fxmisc.easybind.EasyBind;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;

@@ -48,16 +43,18 @@ import java.util.ResourceBundle;
 import java.util.concurrent.ExecutorService;

 import static java.nio.charset.StandardCharsets.US_ASCII;
+import static org.cryptomator.common.Constants.MASTERKEY_FILENAME;

@AddVaultWizardScoped
 public class CreateNewVaultPasswordController implements FxController {

 	private static final Logger LOG = LoggerFactory.getLogger(CreateNewVaultPasswordController.class);
-	private static final String MASTERKEY_FILENAME = "masterkey.cryptomator"; // TODO: deduplicate constant declared in multiple classes

 	private final Stage window;
 	private final Lazy<Scene> chooseLocationScene;
 	private final Lazy<Scene> recoveryKeyScene;
+	private final Lazy<Scene> successScene;
+	private final ErrorComponent.Builder errorComponent;
 	private final ExecutorService executor;
 	private final RecoveryKeyFactory recoveryKeyFactory;
 	private final StringProperty vaultNameProperty;
@@ -66,26 +63,23 @@ public class CreateNewVaultPasswordController implements FxController {
 	private final StringProperty recoveryKeyProperty;
 	private final VaultListManager vaultListManager;
 	private final ResourceBundle resourceBundle;
-	private final PasswordStrengthUtil strengthRater;
+	private final ObjectProperty<CharSequence> password;
 	private final ReadmeGenerator readmeGenerator;
-	private final IntegerProperty passwordStrength;
 	private final BooleanProperty processing;
 	private final BooleanProperty readyToCreateVault;
 	private final ObjectBinding<ContentDisplay> createVaultButtonState;

-	public NiceSecurePasswordField passwordField;
-	public NiceSecurePasswordField reenterField;
-	public Label passwordStrengthLabel;
-	public HBox passwordMatchBox;
-	public FontAwesome5IconView checkmark;
-	public FontAwesome5IconView cross;
-	public Label passwordMatchLabel;
+	public ToggleGroup recoveryKeyChoice;
+	public Toggle showRecoveryKey;
+	public Toggle skipRecoveryKey;

 	@Inject
-	CreateNewVaultPasswordController(@AddVaultWizardWindow Stage window, @FxmlScene(FxmlFile.ADDVAULT_NEW_LOCATION) Lazy<Scene> chooseLocationScene, @FxmlScene(FxmlFile.ADDVAULT_NEW_RECOVERYKEY) Lazy<Scene> recoveryKeyScene, ExecutorService executor, RecoveryKeyFactory recoveryKeyFactory, @Named("vaultName") StringProperty vaultName, ObjectProperty<Path> vaultPath, @AddVaultWizardWindow ObjectProperty<Vault> vault, @Named("recoveryKey") StringProperty recoveryKey, VaultListManager vaultListManager, ResourceBundle resourceBundle, PasswordStrengthUtil strengthRater, ReadmeGenerator readmeGenerator) {
+	CreateNewVaultPasswordController(@AddVaultWizardWindow Stage window, @FxmlScene(FxmlFile.ADDVAULT_NEW_LOCATION) Lazy<Scene> chooseLocationScene, @FxmlScene(FxmlFile.ADDVAULT_NEW_RECOVERYKEY) Lazy<Scene> recoveryKeyScene, @FxmlScene(FxmlFile.ADDVAULT_SUCCESS) Lazy<Scene> successScene, ErrorComponent.Builder errorComponent, ExecutorService executor, RecoveryKeyFactory recoveryKeyFactory, @Named("vaultName") StringProperty vaultName, ObjectProperty<Path> vaultPath, @AddVaultWizardWindow ObjectProperty<Vault> vault, @Named("recoveryKey") StringProperty recoveryKey, VaultListManager vaultListManager, ResourceBundle resourceBundle, @Named("newPassword") ObjectProperty<CharSequence> password, ReadmeGenerator readmeGenerator) {
 		this.window = window;
 		this.chooseLocationScene = chooseLocationScene;
 		this.recoveryKeyScene = recoveryKeyScene;
+		this.successScene = successScene;
+		this.errorComponent = errorComponent;
 		this.executor = executor;
 		this.recoveryKeyFactory = recoveryKeyFactory;
 		this.vaultNameProperty = vaultName;
@@ -94,9 +88,8 @@ public class CreateNewVaultPasswordController implements FxController {
 		this.recoveryKeyProperty = recoveryKey;
 		this.vaultListManager = vaultListManager;
 		this.resourceBundle = resourceBundle;
-		this.strengthRater = strengthRater;
+		this.password = password;
 		this.readmeGenerator = readmeGenerator;
-		this.passwordStrength = new SimpleIntegerProperty(-1);
 		this.processing = new SimpleBooleanProperty();
 		this.readyToCreateVault = new SimpleBooleanProperty();
 		this.createVaultButtonState = Bindings.createObjectBinding(this::getCreateVaultButtonState, processing);
@@ -104,22 +97,8 @@ public class CreateNewVaultPasswordController implements FxController {

 	@FXML
 	public void initialize() {
-		//binds the actual strength value to the rating of the password util
-		passwordStrength.bind(Bindings.createIntegerBinding(() -> strengthRater.computeRate(passwordField.getCharacters().toString()), passwordField.textProperty()));
-		//binding indicating if the passwords not match
-		BooleanBinding passwordsMatch = Bindings.createBooleanBinding(() -> CharSequence.compare(passwordField.getCharacters(), reenterField.getCharacters()) == 0, passwordField.textProperty(), reenterField.textProperty());
-		BooleanBinding reenterFieldNotEmpty = reenterField.textProperty().isNotEmpty();
-		readyToCreateVault.bind(reenterFieldNotEmpty.and(passwordsMatch).and(processing.not()));
-		//make match indicator invisible when passwords do not match or one is empty
-		passwordMatchBox.visibleProperty().bind(reenterFieldNotEmpty);
-		checkmark.visibleProperty().bind(passwordsMatch.and(reenterFieldNotEmpty));
-		checkmark.managedProperty().bind(checkmark.visibleProperty());
-		cross.visibleProperty().bind(passwordsMatch.not().and(reenterFieldNotEmpty));
-		cross.managedProperty().bind(cross.visibleProperty());
-		passwordMatchLabel.textProperty().bind(Bindings.when(passwordsMatch.and(reenterFieldNotEmpty)).then(resourceBundle.getString("addvaultwizard.new.passwordsMatch")).otherwise(resourceBundle.getString("addvaultwizard.new.passwordsDoNotMatch")));
-
-		//bindsings for the password strength indicator
-		passwordStrengthLabel.textProperty().bind(EasyBind.map(passwordStrength, strengthRater::getStrengthDescription));
+		BooleanBinding isValidNewPassword = Bindings.createBooleanBinding(() -> password.get() != null && password.get().length() > 0, password);
+		readyToCreateVault.bind(isValidNewPassword.and(recoveryKeyChoice.selectedToggleProperty().isNotNull()).and(processing.not()));
 	}

 	@FXML
@@ -130,26 +109,53 @@ public class CreateNewVaultPasswordController implements FxController {
 	@FXML
 	public void next() {
 		Path pathToVault = vaultPathProperty.get();
-		
+
 		try {
 			Files.createDirectory(pathToVault);
-		} catch (FileAlreadyExistsException e) {
-			LOG.error("Vault dir already exists.", e);
-			window.setScene(chooseLocationScene.get());
 		} catch (IOException e) {
-			// TODO show generic error screen
-			LOG.error("", e);
+			LOG.error("Failed to create vault directory.", e);
+			errorComponent.cause(e).window(window).returnToScene(window.getScene()).build().showErrorScene();
+			return;
 		}

+		if (showRecoveryKey.equals(recoveryKeyChoice.getSelectedToggle())) {
+			showRecoveryKeyScene();
+		} else if (skipRecoveryKey.equals(recoveryKeyChoice.getSelectedToggle())) {
+			showSuccessScene();
+		} else {
+			throw new IllegalStateException("Unexpected toggle state");
+		}
+	}
+
+	private void showRecoveryKeyScene() {
+		Path pathToVault = vaultPathProperty.get();
 		processing.set(true);
 		Tasks.create(() -> {
-			initializeVault(pathToVault, passwordField.getCharacters());
-			return recoveryKeyFactory.createRecoveryKey(pathToVault, passwordField.getCharacters());
+			initializeVault(pathToVault, password.get());
+			return recoveryKeyFactory.createRecoveryKey(pathToVault, password.get());
 		}).onSuccess(recoveryKey -> {
-			initializationSucceeded(pathToVault, recoveryKey);
+			initializationSucceeded(pathToVault);
+			recoveryKeyProperty.set(recoveryKey);
+			window.setScene(recoveryKeyScene.get());
 		}).onError(IOException.class, e -> {
-			// TODO show generic error screen
-			LOG.error("", e);
+			LOG.error("Failed to initialize vault.", e);
+			errorComponent.cause(e).window(window).returnToScene(window.getScene()).build().showErrorScene();
+		}).andFinally(() -> {
+			processing.set(false);
+		}).runOnce(executor);
+	}
+
+	private void showSuccessScene() {
+		Path pathToVault = vaultPathProperty.get();
+		processing.set(true);
+		Tasks.create(() -> {
+			initializeVault(pathToVault, password.get());
+		}).onSuccess(() -> {
+			initializationSucceeded(pathToVault);
+			window.setScene(successScene.get());
+		}).onError(IOException.class, e -> {
+			LOG.error("Failed to initialize vault.", e);
+			errorComponent.cause(e).window(window).returnToScene(window.getScene()).build().showErrorScene();
 		}).andFinally(() -> {
 			processing.set(false);
 		}).runOnce(executor);
@@ -175,13 +181,11 @@ public class CreateNewVaultPasswordController implements FxController {
 		}
 		LOG.info("Created vault at {}", path);
 	}
-	
-	private void initializationSucceeded(Path pathToVault, String recoveryKey) {
+
+	private void initializationSucceeded(Path pathToVault) {
 		try {
 			Vault newVault = vaultListManager.add(pathToVault);
 			vaultProperty.set(newVault);
-			recoveryKeyProperty.set(recoveryKey);
-			window.setScene(recoveryKeyScene.get());
 		} catch (NoSuchFileException e) {
 			throw new UncheckedIOException(e);
 		}
@@ -197,14 +201,6 @@ public class CreateNewVaultPasswordController implements FxController {
 		return vaultNameProperty;
 	}

-	public IntegerProperty passwordStrengthProperty() {
-		return passwordStrength;
-	}
-
-	public int getPasswordStrength() {
-		return passwordStrength.get();
-	}
-
 	public BooleanProperty readyToCreateVaultProperty() {
 		return readyToCreateVault;
 	}
--- a/main/ui/src/main/java/org/cryptomator/ui/addvaultwizard/CreateNewVaultRecoveryKeyController.java
+++ b/main/ui/src/main/java/org/cryptomator/ui/addvaultwizard/CreateNewVaultRecoveryKeyController.java
@@ -1,7 +1,6 @@
 package org.cryptomator.ui.addvaultwizard;

 import dagger.Lazy;
-import javafx.beans.property.StringProperty;
 import javafx.fxml.FXML;
 import javafx.scene.Scene;
 import javafx.stage.Stage;
@@ -10,33 +9,20 @@ import org.cryptomator.ui.common.FxmlFile;
 import org.cryptomator.ui.common.FxmlScene;

 import javax.inject.Inject;
-import javax.inject.Named;

 public class CreateNewVaultRecoveryKeyController implements FxController {

 	private final Stage window;
 	private final Lazy<Scene> successScene;
-	private final StringProperty recoveryKeyProperty;

 	@Inject
-	CreateNewVaultRecoveryKeyController(@AddVaultWizardWindow Stage window, @FxmlScene(FxmlFile.ADDVAULT_SUCCESS) Lazy<Scene> successScene, @Named("recoveryKey")StringProperty recoveryKey) {
+	CreateNewVaultRecoveryKeyController(@AddVaultWizardWindow Stage window, @FxmlScene(FxmlFile.ADDVAULT_SUCCESS) Lazy<Scene> successScene) {
 		this.window = window;
 		this.successScene = successScene;
-		this.recoveryKeyProperty = recoveryKey;
 	}

 	@FXML
 	public void next() {
 		window.setScene(successScene.get());
 	}
-
-	/* Getter/Setter */
-
-	public String getRecoveryKey() {
-		return recoveryKeyProperty.get();
-	}
-
-	public StringProperty recoveryKeyProperty() {
-		return recoveryKeyProperty;
-	}
 }
--- a/main/ui/src/main/java/org/cryptomator/ui/addvaultwizard/LocationPresets.java
+++ b/main/ui/src/main/java/org/cryptomator/ui/addvaultwizard/LocationPresets.java
@@ -13,20 +13,30 @@ import java.nio.file.Paths;
 public class LocationPresets {

 	private static final String USER_HOME = System.getProperty("user.home");
+	private static final String[] ICLOUDDRIVE_LOCATIONS = {"~/Library/Mobile Documents/iCloud~com~setolabs~Cryptomator/Documents", "~/iCloudDrive/iCloud~com~setolabs~Cryptomator"};
 	private static final String[] DROPBOX_LOCATIONS = {"~/Dropbox"};
 	private static final String[] GDRIVE_LOCATIONS = {"~/Google Drive"};
+	private static final String[] ONEDRIVE_LOCATIONS = {"~/OneDrive"};

+	private final ReadOnlyObjectProperty<Path> iclouddriveLocation;
 	private final ReadOnlyObjectProperty<Path> dropboxLocation;
 	private final ReadOnlyObjectProperty<Path> gdriveLocation;
+	private final ReadOnlyObjectProperty<Path> onedriveLocation;
+	private final BooleanBinding foundIclouddrive;
 	private final BooleanBinding foundDropbox;
 	private final BooleanBinding foundGdrive;
+	private final BooleanBinding foundOnedrive;

 	@Inject
 	public LocationPresets() {
+		this.iclouddriveLocation = new SimpleObjectProperty<>(existingWritablePath(ICLOUDDRIVE_LOCATIONS));
 		this.dropboxLocation = new SimpleObjectProperty<>(existingWritablePath(DROPBOX_LOCATIONS));
 		this.gdriveLocation = new SimpleObjectProperty<>(existingWritablePath(GDRIVE_LOCATIONS));
+		this.onedriveLocation = new SimpleObjectProperty<>(existingWritablePath(ONEDRIVE_LOCATIONS));
+		this.foundIclouddrive = iclouddriveLocation.isNotNull();
 		this.foundDropbox = dropboxLocation.isNotNull();
 		this.foundGdrive = gdriveLocation.isNotNull();
+		this.foundOnedrive = onedriveLocation.isNotNull();
 	}

 	private static Path existingWritablePath(String... candidates) {
@@ -49,6 +59,22 @@ public class LocationPresets {

 	/* Observables */

+	public ReadOnlyObjectProperty<Path> iclouddriveLocationProperty() {
+		return iclouddriveLocation;
+	}
+
+	public Path getIclouddriveLocation() {
+		return iclouddriveLocation.get();
+	}
+
+	public BooleanBinding foundIclouddriveProperty() {
+		return foundIclouddrive;
+	}
+
+	public boolean isFoundIclouddrive() {
+		return foundIclouddrive.get();
+	}
+
 	public ReadOnlyObjectProperty<Path> dropboxLocationProperty() {
 		return dropboxLocation;
 	}
@@ -73,7 +99,7 @@ public class LocationPresets {
 		return gdriveLocation.get();
 	}

-	public BooleanBinding froundGdriveProperty() {
+	public BooleanBinding foundGdriveProperty() {
 		return foundGdrive;
 	}

@@ -81,4 +107,20 @@ public class LocationPresets {
 		return foundGdrive.get();
 	}

+	public ReadOnlyObjectProperty<Path> onedriveLocationProperty() {
+		return onedriveLocation;
+	}
+
+	public Path getOnedriveLocation() {
+		return onedriveLocation.get();
+	}
+
+	public BooleanBinding foundOnedriveProperty() {
+		return foundOnedrive;
+	}
+
+	public boolean isFoundOnedrive() {
+		return foundOnedrive.get();
+	}
+
 }
--- a/main/ui/src/main/java/org/cryptomator/ui/addvaultwizard/ReadmeGenerator.java
+++ b/main/ui/src/main/java/org/cryptomator/ui/addvaultwizard/ReadmeGenerator.java
@@ -10,29 +10,45 @@ public class ReadmeGenerator {
 	// specs: https://web.archive.org/web/20190708132914/http://www.kleinlercher.at/tools/Windows_Protocols/Word2007RTFSpec9.pdf
 	private static final String RTF_HEADER = "{\\rtf1\\fbidis\\ansi\\uc0\\fs32\n";
 	private static final String RTF_FOOTER = "}";
-	private static final String HELP_URL = "{\\field{\\*\\fldinst HYPERLINK \"http://www.google.com/\"}{\\fldrslt google.com}}";
+	private static final String HEADING = "\\fs40\\qc %s";
+	private static final String EMPTY_PAR = "";
+	private static final String DONT_PAR = "\\b %s";
+	private static final String IDENT_PAR = "    %s";
+	private static final String HELP_URL = "{\\field{\\*\\fldinst HYPERLINK \"http://docs.cryptomator.org/\"}{\\fldrslt http://docs.cryptomator.org}}";

 	private final ResourceBundle resourceBundle;

 	@Inject
-	public ReadmeGenerator(ResourceBundle resourceBundle){
+	public ReadmeGenerator(ResourceBundle resourceBundle) {
 		this.resourceBundle = resourceBundle;
 	}
 	
 	public String createVaultStorageLocationReadmeRtf() {
 		return createDocument(List.of( //
-				resourceBundle.getString("addvault.new.readme.storageLocation.1"), //
+				String.format(HEADING, resourceBundle.getString("addvault.new.readme.storageLocation.1")), //
 				resourceBundle.getString("addvault.new.readme.storageLocation.2"), //
-				resourceBundle.getString("addvault.new.readme.storageLocation.3"),  //
-				String.format(resourceBundle.getString("addvault.new.readme.storageLocation.4"), HELP_URL)  //
+				EMPTY_PAR, //
+				String.format(DONT_PAR, resourceBundle.getString("addvault.new.readme.storageLocation.3")),  //
+				String.format(IDENT_PAR, resourceBundle.getString("addvault.new.readme.storageLocation.4")),  //
+				String.format(IDENT_PAR, resourceBundle.getString("addvault.new.readme.storageLocation.5")),  //
+				EMPTY_PAR, //
+				resourceBundle.getString("addvault.new.readme.storageLocation.6"),  //
+				String.format(IDENT_PAR, resourceBundle.getString("addvault.new.readme.storageLocation.7")),  //
+				String.format(IDENT_PAR, resourceBundle.getString("addvault.new.readme.storageLocation.8")),  //
+				String.format(IDENT_PAR, resourceBundle.getString("addvault.new.readme.storageLocation.9")),  //
+				EMPTY_PAR, //
+				String.format(resourceBundle.getString("addvault.new.readme.storageLocation.10"), HELP_URL)  //
 		));
 	}
 	
 	public String createVaultAccessLocationReadmeRtf() {
 		return createDocument(List.of( //
-				resourceBundle.getString("addvault.new.readme.accessLocation.1"), //
+				String.format(HEADING,resourceBundle.getString("addvault.new.readme.accessLocation.1")), //
 				resourceBundle.getString("addvault.new.readme.accessLocation.2"), //
-				resourceBundle.getString("addvault.new.readme.accessLocation.3")  //
+				EMPTY_PAR, //
+				resourceBundle.getString("addvault.new.readme.accessLocation.3"), //
+				EMPTY_PAR, //
+				resourceBundle.getString("addvault.new.readme.accessLocation.4")
 		));
 	}

@@ -40,9 +56,9 @@ public class ReadmeGenerator {
 	String createDocument(Iterable<String> paragraphs) {
 		StringBuilder sb = new StringBuilder(RTF_HEADER);
 		for (String p : paragraphs) {
-			sb.append("\\par {\\sa80 ");
+			sb.append("{\\sa80 ");
 			appendEscaped(sb, p);
-			sb.append("}\n");
+			sb.append("}\\par \n");
 		}
 		sb.append(RTF_FOOTER);
 		return sb.toString();
--- a/main/ui/src/main/java/org/cryptomator/ui/changepassword/ChangePasswordController.java
+++ b/main/ui/src/main/java/org/cryptomator/ui/changepassword/ChangePasswordController.java
@@ -2,78 +2,60 @@ package org.cryptomator.ui.changepassword;

 import javafx.beans.binding.Bindings;
 import javafx.beans.binding.BooleanBinding;
-import javafx.beans.property.IntegerProperty;
-import javafx.beans.property.SimpleIntegerProperty;
+import javafx.beans.property.ObjectProperty;
 import javafx.fxml.FXML;
 import javafx.scene.control.Button;
 import javafx.scene.control.CheckBox;
-import javafx.scene.control.Label;
-import javafx.scene.layout.HBox;
 import javafx.stage.Stage;
 import org.cryptomator.common.vaults.Vault;
 import org.cryptomator.cryptofs.CryptoFileSystemProvider;
 import org.cryptomator.cryptolib.api.InvalidPassphraseException;
+import org.cryptomator.keychain.KeychainAccess;
+import org.cryptomator.keychain.KeychainAccessException;
+import org.cryptomator.ui.common.Animations;
+import org.cryptomator.ui.common.ErrorComponent;
 import org.cryptomator.ui.common.FxController;
-import org.cryptomator.ui.controls.FontAwesome5IconView;
 import org.cryptomator.ui.controls.NiceSecurePasswordField;
-import org.cryptomator.ui.common.PasswordStrengthUtil;
-import org.fxmisc.easybind.EasyBind;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;

 import javax.inject.Inject;
+import javax.inject.Named;
 import java.io.IOException;
-import java.util.ResourceBundle;
+import java.nio.CharBuffer;
+import java.util.Optional;
+
+import static org.cryptomator.common.Constants.MASTERKEY_FILENAME;

@ChangePasswordScoped
 public class ChangePasswordController implements FxController {

 	private static final Logger LOG = LoggerFactory.getLogger(ChangePasswordController.class);
-	private static final String MASTERKEY_FILENAME = "masterkey.cryptomator"; // TODO: deduplicate constant declared in multiple classes

 	private final Stage window;
 	private final Vault vault;
-	private final ResourceBundle resourceBundle;
-	private final PasswordStrengthUtil strengthRater;
-	private final IntegerProperty passwordStrength;
+	private final ObjectProperty<CharSequence> newPassword;
+	private final ErrorComponent.Builder errorComponent;
+	private final Optional<KeychainAccess> keychain;

 	public NiceSecurePasswordField oldPasswordField;
-	public NiceSecurePasswordField newPasswordField;
-	public NiceSecurePasswordField reenterPasswordField;
-	public Label passwordStrengthLabel;
-	public HBox passwordMatchBox;
-	public FontAwesome5IconView checkmark;
-	public FontAwesome5IconView cross;
-	public Label passwordMatchLabel;
 	public CheckBox finalConfirmationCheckbox;
 	public Button finishButton;

 	@Inject
-	public ChangePasswordController(@ChangePasswordWindow Stage window, @ChangePasswordWindow Vault vault, ResourceBundle resourceBundle, PasswordStrengthUtil strengthRater) {
+	public ChangePasswordController(@ChangePasswordWindow Stage window, @ChangePasswordWindow Vault vault, @Named("newPassword") ObjectProperty<CharSequence> newPassword, ErrorComponent.Builder errorComponent, Optional<KeychainAccess> keychain) {
 		this.window = window;
 		this.vault = vault;
-		this.resourceBundle = resourceBundle;
-		this.strengthRater = strengthRater;
-		this.passwordStrength = new SimpleIntegerProperty(-1);
+		this.newPassword = newPassword;
+		this.errorComponent = errorComponent;
+		this.keychain = keychain;
 	}

 	@FXML
 	public void initialize() {
-		//binds the actual strength value to the rating of the password util
-		passwordStrength.bind(Bindings.createIntegerBinding(() -> strengthRater.computeRate(newPasswordField.getCharacters().toString()), newPasswordField.textProperty()));
-		//binding indicating if the passwords not match
-		BooleanBinding passwordsMatch = Bindings.createBooleanBinding(() -> CharSequence.compare(newPasswordField.getCharacters(), reenterPasswordField.getCharacters()) == 0, newPasswordField.textProperty(), reenterPasswordField.textProperty());
-		BooleanBinding reenterFieldNotEmpty = reenterPasswordField.textProperty().isNotEmpty();
-		//disable the finish button when passwords do not match or one is empty
-		finishButton.disableProperty().bind(reenterFieldNotEmpty.not().or(passwordsMatch.not()).or(finalConfirmationCheckbox.selectedProperty().not()));
-		//make match indicator invisible when passwords do not match or one is empty
-		passwordMatchBox.visibleProperty().bind(reenterFieldNotEmpty);
-		checkmark.visibleProperty().bind(passwordsMatch.and(reenterFieldNotEmpty));
-		checkmark.managedProperty().bind(checkmark.visibleProperty());
-		cross.visibleProperty().bind(passwordsMatch.not().and(reenterFieldNotEmpty));
-		cross.managedProperty().bind(cross.visibleProperty());
-		passwordMatchLabel.textProperty().bind(Bindings.when(passwordsMatch.and(reenterFieldNotEmpty)).then(resourceBundle.getString("changepassword.passwordsMatch")).otherwise(resourceBundle.getString("changepassword.passwordsDoNotMatch")));
-		passwordStrengthLabel.textProperty().bind(EasyBind.map(passwordStrength, strengthRater::getStrengthDescription));
+		BooleanBinding hasNotConfirmedCheckbox = finalConfirmationCheckbox.selectedProperty().not();
+		BooleanBinding isInvalidNewPassword = Bindings.createBooleanBinding(() -> newPassword.get() == null || newPassword.get().length() == 0, newPassword); 
+		finishButton.disableProperty().bind(hasNotConfirmedCheckbox.or(isInvalidNewPassword));
 	}

 	@FXML
@@ -84,16 +66,28 @@ public class ChangePasswordController implements FxController {
 	@FXML
 	public void finish() {
 		try {
-			CryptoFileSystemProvider.changePassphrase(vault.getPath(), MASTERKEY_FILENAME, oldPasswordField.getCharacters(), newPasswordField.getCharacters());
-			LOG.info("Successful changed password for {}", vault.getDisplayableName());
+			CryptoFileSystemProvider.changePassphrase(vault.getPath(), MASTERKEY_FILENAME, oldPasswordField.getCharacters(), newPassword.get());
+			LOG.info("Successfully changed password for {}", vault.getDisplayableName());
 			window.close();
+			updatePasswordInSystemkeychain();
 		} catch (IOException e) {
-			//TODO
 			LOG.error("IO error occured during password change. Unable to perform operation.", e);
-			e.printStackTrace();
+			errorComponent.cause(e).window(window).returnToScene(window.getScene()).build().showErrorScene();
 		} catch (InvalidPassphraseException e) {
-			//TODO
-			LOG.info("Wrong old password.");
+			Animations.createShakeWindowAnimation(window).play();
+			oldPasswordField.selectAll();
+			oldPasswordField.requestFocus();
+		}
+	}
+
+	private void updatePasswordInSystemkeychain() {
+		if (keychain.isPresent()) {
+			try {
+				keychain.get().changePassphrase(vault.getId(), CharBuffer.wrap(newPassword.get()));
+				LOG.info("Successfully updated password in system keychain for {}", vault.getDisplayableName());
+			} catch (KeychainAccessException e) {
+				LOG.error("Failed to update password in system keychain.", e);
+			}
 		}
 	}

@@ -102,12 +96,5 @@ public class ChangePasswordController implements FxController {
 	public Vault getVault() {
 		return vault;
 	}
-
-	public IntegerProperty passwordStrengthProperty() {
-		return passwordStrength;
-	}
-
-	public int getPasswordStrength() {
-		return passwordStrength.get();
-	}
+	
 }
--- a/main/ui/src/main/java/org/cryptomator/ui/changepassword/ChangePasswordModule.java
+++ b/main/ui/src/main/java/org/cryptomator/ui/changepassword/ChangePasswordModule.java
@@ -4,6 +4,8 @@ import dagger.Binds;
 import dagger.Module;
 import dagger.Provides;
 import dagger.multibindings.IntoMap;
+import javafx.beans.property.ObjectProperty;
+import javafx.beans.property.SimpleObjectProperty;
 import javafx.scene.Scene;
 import javafx.scene.image.Image;
 import javafx.stage.Modality;
@@ -14,15 +16,26 @@ import org.cryptomator.ui.common.FxController;
 import org.cryptomator.ui.common.FxControllerKey;
 import org.cryptomator.ui.common.FxmlFile;
 import org.cryptomator.ui.common.FxmlScene;
+import org.cryptomator.ui.common.NewPasswordController;
+import org.cryptomator.ui.common.PasswordStrengthUtil;
+import org.cryptomator.ui.common.StageFactory;

 import javax.inject.Named;
 import javax.inject.Provider;
+import java.nio.CharBuffer;
+import java.util.List;
 import java.util.Map;
-import java.util.Optional;
 import java.util.ResourceBundle;

@Module
 abstract class ChangePasswordModule {
+	
+	@Provides
+	@ChangePasswordScoped
+	@Named("newPassword")
+	static ObjectProperty<CharSequence> provideNewPasswordProperty() {
+		return new SimpleObjectProperty<>("");
+	}

 	@Provides
 	@ChangePasswordWindow
@@ -34,13 +47,12 @@ abstract class ChangePasswordModule {
 	@Provides
 	@ChangePasswordWindow
 	@ChangePasswordScoped
-	static Stage provideStage(@Named("changePasswordOwner") Stage owner, ResourceBundle resourceBundle, @Named("windowIcon") Optional<Image> windowIcon) {
-		Stage stage = new Stage();
+	static Stage provideStage(StageFactory factory, @Named("changePasswordOwner") Stage owner, ResourceBundle resourceBundle) {
+		Stage stage = factory.create();
 		stage.setTitle(resourceBundle.getString("changepassword.title"));
 		stage.setResizable(false);
 		stage.initModality(Modality.WINDOW_MODAL);
 		stage.initOwner(owner);
-		windowIcon.ifPresent(stage.getIcons()::add);
 		return stage;
 	}

@@ -58,5 +70,12 @@ abstract class ChangePasswordModule {
 	@IntoMap
 	@FxControllerKey(ChangePasswordController.class)
 	abstract FxController bindUnlockController(ChangePasswordController controller);
+	
+	@Provides
+	@IntoMap
+	@FxControllerKey(NewPasswordController.class)
+	static FxController provideNewPasswordController(ResourceBundle resourceBundle, PasswordStrengthUtil strengthRater, @Named("newPassword") ObjectProperty<CharSequence> password) {
+		return new NewPasswordController(resourceBundle, strengthRater, password);
+	}

 }
--- a/main/ui/src/main/java/org/cryptomator/ui/common/Animations.java
+++ b/main/ui/src/main/java/org/cryptomator/ui/common/Animations.java
@@ -0,0 +1,36 @@
+package org.cryptomator.ui.common;
+
+import javafx.animation.KeyFrame;
+import javafx.animation.KeyValue;
+import javafx.animation.Timeline;
+import javafx.beans.value.WritableValue;
+import javafx.stage.Window;
+import javafx.util.Duration;
+
+public class Animations {
+	
+	public static Timeline createShakeWindowAnimation(Window window) {
+		WritableValue<Double> writableWindowX = new WritableValue<>() {
+			@Override
+			public Double getValue() {
+				return window.getX();
+			}
+
+			@Override
+			public void setValue(Double value) {
+				window.setX(value);
+			}
+		};
+		return new Timeline( //
+				new KeyFrame(Duration.ZERO, new KeyValue(writableWindowX, window.getX())), //
+				new KeyFrame(new Duration(100), new KeyValue(writableWindowX, window.getX() - 22.0)), //
+				new KeyFrame(new Duration(200), new KeyValue(writableWindowX, window.getX() + 18.0)), //
+				new KeyFrame(new Duration(300), new KeyValue(writableWindowX, window.getX() - 14.0)), //
+				new KeyFrame(new Duration(400), new KeyValue(writableWindowX, window.getX() + 10.0)), //
+				new KeyFrame(new Duration(500), new KeyValue(writableWindowX, window.getX() - 6.0)), //
+				new KeyFrame(new Duration(600), new KeyValue(writableWindowX, window.getX() + 2.0)), //
+				new KeyFrame(new Duration(700), new KeyValue(writableWindowX, window.getX())) //
+		);
+	}
+
+}
--- a/main/ui/src/main/java/org/cryptomator/ui/common/ErrorComponent.java
+++ b/main/ui/src/main/java/org/cryptomator/ui/common/ErrorComponent.java
@@ -0,0 +1,40 @@
+package org.cryptomator.ui.common;
+
+import dagger.BindsInstance;
+import dagger.Subcomponent;
+import javafx.scene.Scene;
+import javafx.stage.Stage;
+
+import javax.annotation.Nullable;
+
+@Subcomponent(modules = {ErrorModule.class})
+public interface ErrorComponent {
+
+	Stage window();
+
+	@FxmlScene(FxmlFile.ERROR)
+	Scene scene();
+
+	default void showErrorScene() {
+		Stage stage = window();
+		stage.setScene(scene());
+		stage.show();
+	}
+	
+	@Subcomponent.Builder
+	interface Builder {
+		
+		@BindsInstance
+		Builder cause(Throwable cause);
+		
+		@BindsInstance
+		Builder window(Stage window);
+		
+		@BindsInstance
+		Builder returnToScene(@Nullable Scene previousScene);
+
+		ErrorComponent build();
+		
+	}
+
+}
--- a/main/ui/src/main/java/org/cryptomator/ui/common/ErrorController.java
+++ b/main/ui/src/main/java/org/cryptomator/ui/common/ErrorController.java
@@ -0,0 +1,45 @@
+package org.cryptomator.ui.common;
+
+import javafx.fxml.FXML;
+import javafx.scene.Scene;
+import javafx.stage.Stage;
+
+import javax.annotation.Nullable;
+import javax.inject.Inject;
+import javax.inject.Named;
+
+public class ErrorController implements FxController {
+
+	private final String stackTrace;
+	private final Scene previousScene;
+	private final Stage window;
+
+	@Inject
+	ErrorController(@Named("stackTrace") String stackTrace, @Nullable Scene previousScene, Stage window) {
+		this.stackTrace = stackTrace;
+		this.previousScene = previousScene;
+		this.window = window;
+	}
+
+	@FXML
+	public void back() {
+		if (previousScene != null) {
+			window.setScene(previousScene);
+		}
+	}
+
+	@FXML
+	public void close() {
+		window.close();
+	}
+
+	/* Getter/Setter */
+	
+	public boolean isPreviousScenePresent() {
+		return previousScene != null;
+	}
+
+	public String getStackTrace() {
+		return stackTrace;
+	}
+}
--- a/main/ui/src/main/java/org/cryptomator/ui/common/ErrorModule.java
+++ b/main/ui/src/main/java/org/cryptomator/ui/common/ErrorModule.java
@@ -0,0 +1,46 @@
+package org.cryptomator.ui.common;
+
+import dagger.Binds;
+import dagger.Module;
+import dagger.Provides;
+import dagger.multibindings.IntoMap;
+import javafx.scene.Scene;
+
+import javax.inject.Named;
+import javax.inject.Provider;
+import java.io.ByteArrayOutputStream;
+import java.io.PrintStream;
+import java.nio.charset.StandardCharsets;
+import java.util.Map;
+import java.util.ResourceBundle;
+
+@Module
+abstract class ErrorModule {
+
+	@Provides
+	static FXMLLoaderFactory provideFxmlLoaderFactory(Map<Class<? extends FxController>, Provider<FxController>> factories, DefaultSceneFactory sceneFactory, ResourceBundle resourceBundle) {
+		return new FXMLLoaderFactory(factories, sceneFactory, resourceBundle);
+	}
+
+	@Provides
+	@Named("stackTrace")
+	static String provideStackTrace(Throwable cause) {
+		// TODO deduplicate VaultDetailUnknownErrorController.java
+		ByteArrayOutputStream baos = new ByteArrayOutputStream();
+		cause.printStackTrace(new PrintStream(baos));
+		return baos.toString(StandardCharsets.UTF_8);
+	}
+
+	@Binds
+	@IntoMap
+	@FxControllerKey(ErrorController.class)
+	abstract FxController bindErrorController(ErrorController controller);
+
+	@Provides
+	@FxmlScene(FxmlFile.ERROR)
+	static Scene provideErrorScene(FXMLLoaderFactory fxmlLoaders) {
+		return fxmlLoaders.createScene(FxmlFile.ERROR.getRessourcePathString());
+	}
+
+
+}
--- a/main/ui/src/main/java/org/cryptomator/ui/common/FXMLLoaderFactory.java
+++ b/main/ui/src/main/java/org/cryptomator/ui/common/FXMLLoaderFactory.java
@@ -1,6 +1,5 @@
 package org.cryptomator.ui.common;

-import com.google.common.base.Splitter;
 import javafx.fxml.FXMLLoader;
 import javafx.scene.Parent;
 import javafx.scene.Scene;
@@ -9,7 +8,6 @@ import javax.inject.Provider;
 import java.io.IOException;
 import java.io.InputStream;
 import java.io.UncheckedIOException;
-import java.util.List;
 import java.util.Map;
 import java.util.ResourceBundle;
 import java.util.function.Function;
@@ -65,8 +63,9 @@ public class FXMLLoaderFactory {
 			throw new UncheckedIOException("Failed to load " + fxmlResourceName, e);
 		}
 		Parent root = loader.getRoot();
-		List<String> addtionalStyleSheets = Splitter.on(',').omitEmptyStrings().splitToList(resourceBundle.getString("additionalStyleSheets"));
-		addtionalStyleSheets.forEach(styleSheet -> root.getStylesheets().add("/css/" + styleSheet));
+		// TODO: discuss if we can remove language-specific stylesheets
+		// List<String> addtionalStyleSheets = Splitter.on(',').omitEmptyStrings().splitToList(resourceBundle.getString("additionalStyleSheets"));
+		// addtionalStyleSheets.forEach(styleSheet -> root.getStylesheets().add("/css/" + styleSheet));
 		return sceneFactory.apply(root);
 	}

--- a/main/ui/src/main/java/org/cryptomator/ui/common/FxControllerKey.java
+++ b/main/ui/src/main/java/org/cryptomator/ui/common/FxControllerKey.java
@@ -14,7 +14,6 @@ import java.lang.annotation.Target;
 import static java.lang.annotation.ElementType.METHOD;
 import static java.lang.annotation.RetentionPolicy.RUNTIME;

-// TODO rename after refactoring
@Documented
@Target(METHOD)
@Retention(RUNTIME)
--- a/main/ui/src/main/java/org/cryptomator/ui/common/FxmlFile.java
+++ b/main/ui/src/main/java/org/cryptomator/ui/common/FxmlFile.java
@@ -1,26 +1,31 @@
 package org.cryptomator.ui.common;

 public enum FxmlFile {
-	ADDVAULT_WELCOME("/fxml/addvault_welcome.fxml"), //
 	ADDVAULT_EXISTING("/fxml/addvault_existing.fxml"), //
-	ADDVAULT_EXISTING_ERROR("/fxml/addvault_existing_error.fxml"),
 	ADDVAULT_NEW_NAME("/fxml/addvault_new_name.fxml"), //
 	ADDVAULT_NEW_LOCATION("/fxml/addvault_new_location.fxml"), //
 	ADDVAULT_NEW_PASSWORD("/fxml/addvault_new_password.fxml"), //
 	ADDVAULT_NEW_RECOVERYKEY("/fxml/addvault_new_recoverykey.fxml"), //
 	ADDVAULT_SUCCESS("/fxml/addvault_success.fxml"), //
+	ADDVAULT_WELCOME("/fxml/addvault_welcome.fxml"), //
 	CHANGEPASSWORD("/fxml/changepassword.fxml"), //
+	ERROR("/fxml/error.fxml"), //
 	FORGET_PASSWORD("/fxml/forget_password.fxml"), //
 	MAIN_WINDOW("/fxml/main_window.fxml"), //
+	MIGRATION_CAPABILITY_ERROR("/fxml/migration_capability_error.fxml"), //
+	MIGRATION_IMPOSSIBLE("/fxml/migration_impossible.fxml"),
 	MIGRATION_RUN("/fxml/migration_run.fxml"), //
 	MIGRATION_START("/fxml/migration_start.fxml"), //
 	MIGRATION_SUCCESS("/fxml/migration_success.fxml"), //
 	PREFERENCES("/fxml/preferences.fxml"), //
 	QUIT("/fxml/quit.fxml"), //
 	RECOVERYKEY_CREATE("/fxml/recoverykey_create.fxml"), //
-	RECOVERYKEY_DISPLAY("/fxml/recoverykey_display.fxml"), //
+	RECOVERYKEY_RECOVER("/fxml/recoverykey_recover.fxml"), //
+	RECOVERYKEY_RESET_PASSWORD("/fxml/recoverykey_reset_password.fxml"), //
+	RECOVERYKEY_SUCCESS("/fxml/recoverykey_success.fxml"), //
 	REMOVE_VAULT("/fxml/remove_vault.fxml"), //
 	UNLOCK("/fxml/unlock.fxml"),
+	UNLOCK_INVALID_MOUNT_POINT("/fxml/unlock_invalid_mount_point.fxml"), //
 	UNLOCK_SUCCESS("/fxml/unlock_success.fxml"), //
 	VAULT_OPTIONS("/fxml/vault_options.fxml"), //
 	WRONGFILEALERT("/fxml/wrongfilealert.fxml");
--- a/main/ui/src/main/java/org/cryptomator/ui/common/NewPasswordController.java
+++ b/main/ui/src/main/java/org/cryptomator/ui/common/NewPasswordController.java
@@ -0,0 +1,74 @@
+package org.cryptomator.ui.common;
+
+import javafx.beans.Observable;
+import javafx.beans.binding.Bindings;
+import javafx.beans.binding.BooleanBinding;
+import javafx.beans.property.IntegerProperty;
+import javafx.beans.property.ObjectProperty;
+import javafx.beans.property.SimpleIntegerProperty;
+import javafx.fxml.FXML;
+import javafx.scene.control.Label;
+import org.cryptomator.ui.controls.FontAwesome5IconView;
+import org.cryptomator.ui.controls.NiceSecurePasswordField;
+import org.fxmisc.easybind.EasyBind;
+
+import java.util.ResourceBundle;
+
+public class NewPasswordController implements FxController {
+
+	private final ResourceBundle resourceBundle;
+	private final PasswordStrengthUtil strengthRater;
+	private final ObjectProperty<CharSequence> password;
+	private final IntegerProperty passwordStrength = new SimpleIntegerProperty(-1);
+
+	public NiceSecurePasswordField passwordField;
+	public NiceSecurePasswordField reenterField;
+	public Label passwordStrengthLabel;
+	public Label passwordMatchLabel;
+	public FontAwesome5IconView checkmark;
+	public FontAwesome5IconView cross;
+
+	public NewPasswordController(ResourceBundle resourceBundle, PasswordStrengthUtil strengthRater, ObjectProperty<CharSequence> password) {
+		this.resourceBundle = resourceBundle;
+		this.strengthRater = strengthRater;
+		this.password = password;
+	}
+
+	@FXML
+	public void initialize() {
+		BooleanBinding passwordsMatch = Bindings.createBooleanBinding(this::hasSamePasswordInBothFields, passwordField.textProperty(), reenterField.textProperty());
+		BooleanBinding reenterFieldNotEmpty = reenterField.textProperty().isNotEmpty();
+		passwordStrength.bind(Bindings.createIntegerBinding(() -> strengthRater.computeRate(passwordField.getCharacters()), passwordField.textProperty()));
+		passwordStrengthLabel.textProperty().bind(EasyBind.map(passwordStrength, strengthRater::getStrengthDescription));
+		
+		passwordMatchLabel.visibleProperty().bind(reenterFieldNotEmpty);
+		passwordMatchLabel.graphicProperty().bind(Bindings.when(passwordsMatch.and(reenterFieldNotEmpty)).then(checkmark).otherwise(cross));
+		passwordMatchLabel.textProperty().bind(Bindings.when(passwordsMatch.and(reenterFieldNotEmpty)).then(resourceBundle.getString("newPassword.passwordsMatch")).otherwise(resourceBundle.getString("newPassword.passwordsDoNotMatch")));
+
+		passwordField.textProperty().addListener(this::passwordsDidChange);
+		reenterField.textProperty().addListener(this::passwordsDidChange);
+	}
+
+	private void passwordsDidChange(@SuppressWarnings("unused") Observable observable) {
+		if (hasSamePasswordInBothFields() && strengthRater.fulfillsMinimumRequirements(passwordField.getCharacters())) {
+			password.set(passwordField.getCharacters());
+		} else {
+			password.set("");
+		}
+	}
+
+	private boolean hasSamePasswordInBothFields() {
+		return CharSequence.compare(passwordField.getCharacters(), reenterField.getCharacters()) == 0;
+	}
+
+	/* Getter/Setter */
+
+	public IntegerProperty passwordStrengthProperty() {
+		return passwordStrength;
+	}
+
+	public int getPasswordStrength() {
+		return passwordStrength.get();
+	}
+
+}
--- a/main/ui/src/main/java/org/cryptomator/ui/common/PasswordStrengthUtil.java
+++ b/main/ui/src/main/java/org/cryptomator/ui/common/PasswordStrengthUtil.java
@@ -8,12 +8,11 @@
 *******************************************************************************/
 package org.cryptomator.ui.common;

-import com.google.common.base.Strings;
 import com.nulabinc.zxcvbn.Zxcvbn;
+import org.cryptomator.common.Environment;
 import org.cryptomator.ui.fxapp.FxApplicationScoped;

 import javax.inject.Inject;
-import java.util.ArrayList;
 import java.util.List;
 import java.util.ResourceBundle;

@@ -22,30 +21,37 @@ public class PasswordStrengthUtil {

 	private static final int PW_TRUNC_LEN = 100; // truncate very long passwords, since zxcvbn memory and runtime depends vastly on the length
 	private static final String RESSOURCE_PREFIX = "passwordStrength.messageLabel.";
+	private static final List<String> SANITIZED_INPUTS = List.of("cryptomator");

-	private final Zxcvbn zxcvbn;
-	private final List<String> sanitizedInputs;
 	private final ResourceBundle resourceBundle;
+	private final int minPwLength;
+	private final Zxcvbn zxcvbn;

 	@Inject
-	public PasswordStrengthUtil(ResourceBundle resourceBundle) {
+	public PasswordStrengthUtil(ResourceBundle resourceBundle, Environment environment) {
 		this.resourceBundle = resourceBundle;
+		this.minPwLength = environment.getMinPwLength();
 		this.zxcvbn = new Zxcvbn();
-		this.sanitizedInputs = List.of("cryptomator");
 	}

-	public int computeRate(String password) {
-		if (Strings.isNullOrEmpty(password)) {
+	public boolean fulfillsMinimumRequirements(CharSequence password) {
+		return password.length() >= minPwLength;
+	}
+
+	public int computeRate(CharSequence password) {
+		if (password == null || password.length() < minPwLength) {
 			return -1;
 		} else {
 			int numCharsToRate = Math.min(PW_TRUNC_LEN, password.length());
-			return zxcvbn.measure(password.substring(0, numCharsToRate), sanitizedInputs).getScore();
+			return zxcvbn.measure(password.subSequence(0, numCharsToRate), SANITIZED_INPUTS).getScore();
 		}
 	}

 	public String getStrengthDescription(Number score) {
-		if (resourceBundle.containsKey(RESSOURCE_PREFIX + score.intValue())) {
-			return resourceBundle.getString("passwordStrength.messageLabel." + score.intValue());
+		if (score.intValue() == -1) {
+			return String.format(resourceBundle.getString(RESSOURCE_PREFIX + "tooShort"), minPwLength);
+		} else if (resourceBundle.containsKey(RESSOURCE_PREFIX + score.intValue())) {
+			return resourceBundle.getString(RESSOURCE_PREFIX + score.intValue());
 		} else {
 			return "";
 		}
--- a/main/ui/src/main/java/org/cryptomator/ui/common/StageFactory.java
+++ b/main/ui/src/main/java/org/cryptomator/ui/common/StageFactory.java
@@ -0,0 +1,26 @@
+package org.cryptomator.ui.common;
+
+import javafx.stage.Stage;
+import javafx.stage.StageStyle;
+
+import java.util.function.Consumer;
+
+public class StageFactory {
+
+	private final Consumer<Stage> initializer;
+
+	public StageFactory(Consumer<Stage> initializer) {
+		this.initializer = initializer;
+	}
+	
+	public Stage create() {
+		return create(StageStyle.DECORATED);
+	}
+	
+	public Stage create(StageStyle stageStyle) {
+		Stage stage = new Stage(stageStyle);
+		initializer.accept(stage);
+		return stage;
+	}
+
+}
--- a/main/ui/src/main/java/org/cryptomator/ui/common/Tasks.java
+++ b/main/ui/src/main/java/org/cryptomator/ui/common/Tasks.java
@@ -73,21 +73,21 @@ public class Tasks {
 			return new TaskImpl<>(callable, successHandler, errorHandlers, finallyHandler);
 		}

-		public Task<T> runOnce(ExecutorService executorService) {
+		public Task<T> runOnce(ExecutorService executor) {
 			Task<T> task = build();
-			executorService.submit(task);
+			executor.submit(task);
 			return task;
 		}

-		public Task<T> scheduleOnce(ScheduledExecutorService executorService, long delay, TimeUnit unit) {
+		public Task<T> scheduleOnce(ScheduledExecutorService scheduler, long delay, TimeUnit unit) {
 			Task<T> task = build();
-			executorService.schedule(task, delay, unit);
+			scheduler.schedule(task, delay, unit);
 			return task;
 		}

-		public ScheduledService<T> schedulePeriodically(ExecutorService executorService, Duration initialDelay, Duration period) {
+		public ScheduledService<T> schedulePeriodically(ExecutorService executor, Duration initialDelay, Duration period) {
 			ScheduledService<T> service = new RestartingService<>(this::build);
-			service.setExecutor(executorService);
+			service.setExecutor(executor);
 			service.setDelay(initialDelay);
 			service.setPeriod(period);
 			Platform.runLater(service::start);
--- a/main/ui/src/main/java/org/cryptomator/ui/common/UserInteractionLock.java
+++ b/main/ui/src/main/java/org/cryptomator/ui/common/UserInteractionLock.java
@@ -0,0 +1,51 @@
+package org.cryptomator.ui.common;
+
+import javafx.application.Platform;
+import javafx.beans.property.BooleanProperty;
+import javafx.beans.property.ReadOnlyBooleanProperty;
+import javafx.beans.property.SimpleBooleanProperty;
+
+import java.util.concurrent.locks.Condition;
+import java.util.concurrent.locks.Lock;
+import java.util.concurrent.locks.ReentrantLock;
+
+public class UserInteractionLock<E extends Enum> {
+
+	private final Lock lock = new ReentrantLock();
+	private final Condition condition = lock.newCondition();
+	private final BooleanProperty awaitingInteraction = new SimpleBooleanProperty();
+	private volatile E state;
+	
+	public UserInteractionLock(E initialValue) {
+		state = initialValue;
+	}
+	
+	public void interacted(E result) {
+		assert Platform.isFxApplicationThread();
+		lock.lock();
+		try {
+			state = result;
+			awaitingInteraction.set(false);
+			condition.signal();
+		} finally {
+			lock.unlock();
+		}
+	}
+	
+	public E awaitInteraction() throws InterruptedException {
+		assert !Platform.isFxApplicationThread();
+		lock.lock();
+		try {
+			Platform.runLater(() -> awaitingInteraction.set(true));
+			condition.await();
+			return state;
+		} finally {
+			lock.unlock();
+		}
+	}
+	
+	public ReadOnlyBooleanProperty awaitingInteraction() {
+		return awaitingInteraction;
+	}
+
+}
--- a/main/ui/src/main/java/org/cryptomator/ui/common/VaultService.java
+++ b/main/ui/src/main/java/org/cryptomator/ui/common/VaultService.java
@@ -0,0 +1,197 @@
+package org.cryptomator.ui.common;
+
+import javafx.concurrent.Task;
+import org.cryptomator.common.vaults.Vault;
+import org.cryptomator.common.vaults.VaultState;
+import org.cryptomator.common.vaults.Volume;
+import org.cryptomator.cryptolib.api.InvalidPassphraseException;
+import org.cryptomator.keychain.KeychainAccess;
+import org.cryptomator.ui.fxapp.FxApplicationScoped;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import javax.inject.Inject;
+import java.nio.CharBuffer;
+import java.util.ArrayList;
+import java.util.Arrays;
+import java.util.Collection;
+import java.util.Iterator;
+import java.util.List;
+import java.util.Optional;
+import java.util.concurrent.ExecutionException;
+import java.util.concurrent.ExecutorService;
+import java.util.stream.Collectors;
+
+@FxApplicationScoped
+public class VaultService {
+
+	private static final Logger LOG = LoggerFactory.getLogger(VaultService.class);
+
+	private final ExecutorService executorService;
+	private final Optional<KeychainAccess> keychain;
+
+	@Inject
+	public VaultService(ExecutorService executorService, Optional<KeychainAccess> keychain) {
+		this.executorService = executorService;
+		this.keychain = keychain;
+	}
+
+	public void reveal(Vault vault) {
+		executorService.execute(createRevealTask(vault));
+	}
+
+	/**
+	 * Creates but doesn't start a reveal task.
+	 *
+	 * @param vault The vault to reveal
+	 */
+	public Task<Vault> createRevealTask(Vault vault) {
+		Task<Vault> task = new RevealVaultTask(vault);
+		task.setOnSucceeded(evt -> LOG.info("Revealed {}", vault.getDisplayableName()));
+		task.setOnFailed(evt -> LOG.error("Failed to reveal " + vault.getDisplayableName(), evt.getSource().getException()));
+		return task;
+	}
+
+	/**
+	 * Locks a vault in a background thread.
+	 *
+	 * @param vault The vault to lock
+	 * @param forced Whether to attempt a forced lock
+	 */
+	public void lock(Vault vault, boolean forced) {
+		executorService.execute(createLockTask(vault, forced));
+	}
+
+	/**
+	 * Creates but doesn't start a lock task.
+	 *
+	 * @param vault The vault to lock
+	 * @param forced Whether to attempt a forced lock
+	 * @return The task
+	 */
+	public Task<Vault> createLockTask(Vault vault, boolean forced) {
+		Task<Vault> task = new LockVaultTask(vault, forced);
+		task.setOnSucceeded(evt -> LOG.info("Locked {}", vault.getDisplayableName()));
+		task.setOnFailed(evt -> LOG.error("Failed to lock " + vault.getDisplayableName(), evt.getSource().getException()));
+		return task;
+	}
+
+	/**
+	 * Locks all given vaults in a background thread.
+	 *
+	 * @param vaults The vaults to lock
+	 * @param forced Whether to attempt a forced lock
+	 */
+	public void lockAll(Collection<Vault> vaults, boolean forced) {
+		executorService.execute(createLockAllTask(vaults, forced));
+	}
+
+	/**
+	 * Creates but doesn't start a lock-all task.
+	 *
+	 * @param vaults The list of vaults to be locked
+	 * @param forced Whether to attempt a forced lock
+	 * @return Meta-Task that waits until all vaults are locked or fails after the first failure of a subtask
+	 */
+	public Task<Collection<Vault>> createLockAllTask(Collection<Vault> vaults, boolean forced) {
+		List<Task<Vault>> lockTasks = vaults.stream().map(v -> new LockVaultTask(v, forced)).collect(Collectors.toUnmodifiableList());
+		lockTasks.forEach(executorService::execute);
+		Task<Collection<Vault>> task = new WaitForTasksTask(lockTasks);
+		String vaultNames = vaults.stream().map(Vault::getDisplayableName).collect(Collectors.joining(", "));
+		task.setOnSucceeded(evt -> LOG.info("Locked {}", vaultNames));
+		task.setOnFailed(evt -> LOG.error("Failed to lock vaults " + vaultNames, evt.getSource().getException()));
+		return task;
+	}
+
+	private static class RevealVaultTask extends Task<Vault> {
+
+		private final Vault vault;
+
+		/**
+		 * @param vault The vault to lock
+		 */
+		public RevealVaultTask(Vault vault) {
+			this.vault = vault;
+		}
+
+		@Override
+		protected Vault call() throws Volume.VolumeException {
+			vault.reveal();
+			return vault;
+		}
+	}
+
+	/**
+	 * A task that waits for completion of multiple other tasks
+	 */
+	private static class WaitForTasksTask extends Task<Collection<Vault>> {
+
+		private final Collection<Task<Vault>> startedTasks;
+
+		public WaitForTasksTask(Collection<Task<Vault>> tasks) {
+			this.startedTasks = List.copyOf(tasks);
+		}
+
+		@Override
+		protected Collection<Vault> call() throws ExecutionException, InterruptedException {
+			Iterator<Task<Vault>> remainingTasks = startedTasks.iterator();
+			Collection<Vault> completed = new ArrayList<>();
+			try {
+				// wait for all tasks:
+				while (remainingTasks.hasNext()) {
+					Vault done = remainingTasks.next().get();
+					completed.add(done);
+				}
+			} catch (ExecutionException e) {
+				// cancel all remaining:
+				while (remainingTasks.hasNext()) {
+					remainingTasks.next().cancel(true);
+				}
+				throw e;
+			}
+			return completed;
+		}
+	}
+
+	/**
+	 * A task that locks a vault
+	 */
+	private static class LockVaultTask extends Task<Vault> {
+
+		private final Vault vault;
+		private final boolean forced;
+
+		/**
+		 * @param vault The vault to lock
+		 * @param forced Whether to attempt a forced lock
+		 */
+		public LockVaultTask(Vault vault, boolean forced) {
+			this.vault = vault;
+			this.forced = forced;
+		}
+
+		@Override
+		protected Vault call() throws Volume.VolumeException {
+			vault.lock(forced);
+			return vault;
+		}
+
+		@Override
+		protected void scheduled() {
+			vault.setState(VaultState.PROCESSING);
+		}
+
+		@Override
+		protected void succeeded() {
+			vault.setState(VaultState.LOCKED);
+		}
+
+		@Override
+		protected void failed() {
+			vault.setState(VaultState.UNLOCKED);
+		}
+
+	}
+
+
+}
--- a/main/ui/src/main/java/org/cryptomator/ui/controls/FontAwesome5Icon.java
+++ b/main/ui/src/main/java/org/cryptomator/ui/controls/FontAwesome5Icon.java
@@ -5,28 +5,39 @@ package org.cryptomator.ui.controls;
 */
 public enum FontAwesome5Icon {
 	ANCHOR("\uF13D"), //
-	ARROW_ALT_UP("\uF357"), //
+	ARROW_UP("\uF062"), //
 	CHECK("\uF00C"), //
 	COG("\uF013"), //
 	COGS("\uF085"), //
-	EXCLAMATION("\uF12A"),
+	COPY("\uF0C5"), //
+	CROWN("\uF521"), //
+	EXCLAMATION("\uF12A"), //
+	EXCLAMATION_CIRCLE("\uF06A"), //
 	EXCLAMATION_TRIANGLE("\uF071"), //
 	EYE("\uF06E"), //
 	EYE_SLASH("\uF070"), //
+	FILE("\uF15B"), //
 	FILE_IMPORT("\uF56F"), //
 	FOLDER_OPEN("\uF07C"), //
+	HAND_HOLDING_HEART("\uF4BE"), //
+	HEART("\uF004"), //
 	HDD("\uF0A0"), //
+	INFO("\uF129"), //
+	INFO_CIRCLE("\uF05A"), //
 	KEY("\uF084"), //
-	LOCK_ALT("\uF30D"), //
-	LOCK_OPEN_ALT("\uF3C2"), //
-	MINUS("\uF068"), //
+	LINK("\uF0C1"), //
+	LOCK("\uF023"), //
+	LOCK_OPEN("\uF3C1"), //
+	MAGIC("\uF0D0"), //
 	PLUS("\uF067"), //
+	PRINT("\uF02F"), //
 	QUESTION("\uF128"), //
-	SPARKLES("\uF890"), //
+	SEARCH("\uF002"), //
 	SPINNER("\uF110"), //
 	SYNC("\uF021"), //
 	TIMES("\uF00D"), //
 	WRENCH("\uF0AD"), //
+	WINDOW_MINIMIZE("\uF2D1"), //
 	;

 	private final String unicode;
--- a/main/ui/src/main/java/org/cryptomator/ui/controls/FontAwesome5IconView.java
+++ b/main/ui/src/main/java/org/cryptomator/ui/controls/FontAwesome5IconView.java
@@ -18,7 +18,7 @@ public class FontAwesome5IconView extends Text {

 	private static final FontAwesome5Icon DEFAULT_GLYPH = FontAwesome5Icon.ANCHOR;
 	private static final double DEFAULT_GLYPH_SIZE = 12.0;
-	private static final String FONT_PATH = "/css/fontawesome5-pro-solid.otf";
+	private static final String FONT_PATH = "/css/fontawesome5-free-solid.otf";
 	private static final Font FONT;

 	private ObjectProperty<FontAwesome5Icon> glyph = new SimpleObjectProperty<>(this, "glyph", DEFAULT_GLYPH);
--- a/main/ui/src/main/java/org/cryptomator/ui/controls/FormattedLabel.java
+++ b/main/ui/src/main/java/org/cryptomator/ui/controls/FormattedLabel.java
@@ -12,7 +12,7 @@ public class FormattedLabel extends Label {

 	private final StringProperty format = new SimpleStringProperty("");
 	private final ObjectProperty<Object> arg1 = new SimpleObjectProperty<>();
-	// TODO: add arg2, arg3, ... on demand
+	// add arg2, arg3, ... on demand

 	public FormattedLabel() {
 		textProperty().bind(createStringBinding());
--- a/main/ui/src/main/java/org/cryptomator/ui/controls/FormattedString.java
+++ b/main/ui/src/main/java/org/cryptomator/ui/controls/FormattedString.java
@@ -0,0 +1,58 @@
+package org.cryptomator.ui.controls;
+
+import javafx.beans.binding.Bindings;
+import javafx.beans.binding.StringBinding;
+import javafx.beans.property.ObjectProperty;
+import javafx.beans.property.SimpleObjectProperty;
+import javafx.beans.property.SimpleStringProperty;
+import javafx.beans.property.StringProperty;
+
+public class FormattedString {
+
+	private final StringProperty format = new SimpleStringProperty("");
+	private final ObjectProperty<Object> arg1 = new SimpleObjectProperty<>();
+	// add arg2, arg3, ... on demand
+	private final StringBinding value;
+	
+	public FormattedString() {
+		this.value = Bindings.createStringBinding(this::computeValue, format, arg1);
+	}
+
+	protected String computeValue() {
+		return String.format(format.get(), arg1.get());
+	}
+
+	/* Observables */
+
+	public StringProperty formatProperty() {
+		return format;
+	}
+
+	public String getFormat() {
+		return format.get();
+	}
+
+	public void setFormat(String format) {
+		this.format.set(format);
+	}
+
+	public ObjectProperty<Object> arg1Property() {
+		return arg1;
+	}
+
+	public Object getArg1() {
+		return arg1.get();
+	}
+
+	public void setArg1(Object arg1) {
+		this.arg1.set(arg1);
+	}
+
+	public StringBinding valueProperty() {
+		return value;
+	}
+
+	public String getValue() {
+		return value.get();
+	}
+}
--- a/main/ui/src/main/java/org/cryptomator/ui/controls/NiceSecurePasswordField.java
+++ b/main/ui/src/main/java/org/cryptomator/ui/controls/NiceSecurePasswordField.java
@@ -1,5 +1,6 @@
 package org.cryptomator.ui.controls;

+import javafx.beans.Observable;
 import javafx.beans.binding.Bindings;
 import javafx.beans.property.StringProperty;
 import javafx.geometry.Pos;
@@ -32,7 +33,7 @@ public class NiceSecurePasswordField extends StackPane {
 		iconContainer.getStyleClass().add(ICONS_STLYE_CLASS);
 		StackPane.setAlignment(iconContainer, Pos.CENTER_RIGHT);

-		capsLockedIcon.setGlyph(FontAwesome5Icon.ARROW_ALT_UP);
+		capsLockedIcon.setGlyph(FontAwesome5Icon.ARROW_UP);
 		capsLockedIcon.setGlyphSize(ICON_SIZE);
 		capsLockedIcon.visibleProperty().bind(passwordField.capsLockedProperty());
 		capsLockedIcon.managedProperty().bind(passwordField.capsLockedProperty());
@@ -55,19 +56,24 @@ public class NiceSecurePasswordField extends StackPane {
 		passwordField.revealPasswordProperty().bind(revealPasswordButton.selectedProperty());

 		getChildren().addAll(passwordField, iconContainer);
+		disabledProperty().addListener(this::disabledChanged);
 	}

 	private FontAwesome5Icon getRevealPasswordGlyph() {
 		return revealPasswordButton.isSelected() ? FontAwesome5Icon.EYE_SLASH : FontAwesome5Icon.EYE;
 	}

+	private void disabledChanged(@SuppressWarnings("unused") Observable observable) {
+		revealPasswordButton.setSelected(false);
+	}
+
 	/* Passthrough */

 	@Override
 	public void requestFocus() {
 		passwordField.requestFocus();
 	}
-	
+
 	public String getText() {
 		return passwordField.getText();
 	}
@@ -88,8 +94,8 @@ public class NiceSecurePasswordField extends StackPane {
 		passwordField.setPassword(password);
 	}

-	public void swipe() {
-		passwordField.swipe();;
+	public void wipe() {
+		passwordField.wipe();
 	}

 	public void selectAll() {
--- a/main/ui/src/main/java/org/cryptomator/ui/controls/SecurePasswordField.java
+++ b/main/ui/src/main/java/org/cryptomator/ui/controls/SecurePasswordField.java
@@ -22,6 +22,8 @@ import javafx.scene.control.TextField;
 import javafx.scene.input.DragEvent;
 import javafx.scene.input.Dragboard;
 import javafx.scene.input.KeyCode;
+import javafx.scene.input.KeyCodeCombination;
+import javafx.scene.input.KeyCombination;
 import javafx.scene.input.KeyEvent;
 import javafx.scene.input.TransferMode;

@@ -38,11 +40,12 @@ import java.util.Arrays;
 */
 public class SecurePasswordField extends TextField {

-	private static final char SWIPE_CHAR = ' ';
+	private static final char WIPE_CHAR = ' ';
 	private static final int INITIAL_BUFFER_SIZE = 50;
 	private static final int GROW_BUFFER_SIZE = 50;
 	private static final String DEFAULT_PLACEHOLDER = "●";
 	private static final String STYLE_CLASS = "secure-password-field";
+	private static final KeyCodeCombination SHORTCUT_BACKSPACE = new KeyCodeCombination(KeyCode.BACK_SPACE, KeyCombination.SHORTCUT_DOWN);

 	private final String placeholderChar;
 	private final BooleanProperty capsLocked = new SimpleBooleanProperty();
@@ -74,12 +77,10 @@ public class SecurePasswordField extends TextField {
 	}

 	public Object queryAccessibleAttribute(AccessibleAttribute attribute, Object... parameters) {
-		switch(attribute) {
-			case TEXT:
-				return null;
-			default:
-				return super.queryAccessibleAttribute(attribute, parameters);
-		}
+		return switch (attribute) {
+			case TEXT -> null;
+			default -> super.queryAccessibleAttribute(attribute, parameters);
+		};
 	}

 	private void handleDragOver(DragEvent event) {
@@ -101,6 +102,8 @@ public class SecurePasswordField extends TextField {
 	private void handleKeyEvent(KeyEvent e) {
 		if (e.getCode() == KeyCode.CAPS) {
 			updateCapsLocked();
+		} else if (SHORTCUT_BACKSPACE.match(e)) {
+			wipe();
 		}
 	}

@@ -186,7 +189,7 @@ public class SecurePasswordField extends TextField {
 		if (length > content.length) {
 			char[] newContent = new char[length + GROW_BUFFER_SIZE];
 			System.arraycopy(content, 0, newContent, 0, content.length);
-			swipe(content);
+			wipe(content);
 			this.content = newContent;
 		}
 	}
@@ -198,7 +201,7 @@ public class SecurePasswordField extends TextField {
 	 * @implNote The CharSequence will not copy the backing char[].
 	 * Therefore any mutation to the SecurePasswordField's content will mutate or eventually swipe the returned CharSequence.
 	 * @implSpec The CharSequence is usually in <a href="https://www.unicode.org/glossary/#normalization_form_c">NFC</a> representation (unless NFD-encoded char[] is set via {@link #setPassword(char[])}).
-	 * @see #swipe()
+	 * @see #wipe()
 	 */
 	@Override
 	public CharSequence getCharacters() {
@@ -217,7 +220,7 @@ public class SecurePasswordField extends TextField {
 			buf[i] = password.charAt(i);
 		}
 		setPassword(buf);
-		Arrays.fill(buf, SWIPE_CHAR);
+		Arrays.fill(buf, WIPE_CHAR);
 	}

 	/**
@@ -228,7 +231,7 @@ public class SecurePasswordField extends TextField {
 	 * @param password
 	 */
 	public void setPassword(char[] password) {
-		swipe();
+		wipe();
 		content = Arrays.copyOf(password, password.length);
 		length = password.length;

@@ -239,14 +242,14 @@ public class SecurePasswordField extends TextField {
 	/**
 	 * Destroys the stored password by overriding each character with a different character.
 	 */
-	public void swipe() {
-		swipe(content);
+	public void wipe() {
+		wipe(content);
 		length = 0;
 		setText(null);
 	}

-	private void swipe(char[] buffer) {
-		Arrays.fill(buffer, SWIPE_CHAR);
+	private void wipe(char[] buffer) {
+		Arrays.fill(buffer, WIPE_CHAR);
 	}

 	/* Observable Properties */
--- a/Show More
+++ b/Show More
				`@@ -0,0 +1 @@`
				`com.github.serceman--jnr-fuse--0.5.4=MIT License`