From e34177cafbd5c6fec77cc1a1c2cd301a82f39366 Mon Sep 17 00:00:00 2001
From: Philipp Conzett <philippconzett@users.noreply.github.com>
Date: Sun, 25 May 2025 10:01:11 +0200
Subject: [PATCH 001/634] Add files via upload

---
 scripts/api/data/licenses/licenseEUPL-1.2.json   | 11 +++++++++++
 scripts/api/data/licenses/licenseODC-By-1.0.json | 11 +++++++++++
 scripts/api/data/licenses/licenseODbL-1.0.json   | 11 +++++++++++
 scripts/api/data/licenses/licensePDDL-1.0.json   | 11 +++++++++++
 4 files changed, 44 insertions(+)
 create mode 100644 scripts/api/data/licenses/licenseEUPL-1.2.json
 create mode 100644 scripts/api/data/licenses/licenseODC-By-1.0.json
 create mode 100644 scripts/api/data/licenses/licenseODbL-1.0.json
 create mode 100644 scripts/api/data/licenses/licensePDDL-1.0.json

diff --git a/scripts/api/data/licenses/licenseEUPL-1.2.json b/scripts/api/data/licenses/licenseEUPL-1.2.json
new file mode 100644
index 00000000000..54b62552d1c
--- /dev/null
+++ b/scripts/api/data/licenses/licenseEUPL-1.2.json
@@ -0,0 +1,11 @@
+{
+  "name": "EUPL-1.2",
+  "uri": "https://joinup.ec.europa.eu/page/eupl-text-11-12",
+  "shortDescription": "European Union Public License 1.2",
+  "active": true,
+  "sortOrder": 13,
+  "rightsIdentifier": "EUPL-1.2",
+  "rightsIdentifierScheme": "SPDX",
+  "schemeUri": "https://spdx.org/licenses/",
+  "languageCode": "en"
+}
\ No newline at end of file
diff --git a/scripts/api/data/licenses/licenseODC-By-1.0.json b/scripts/api/data/licenses/licenseODC-By-1.0.json
new file mode 100644
index 00000000000..fdeab439d86
--- /dev/null
+++ b/scripts/api/data/licenses/licenseODC-By-1.0.json
@@ -0,0 +1,11 @@
+{
+  "name": "ODC-By-1.0",
+  "uri": "https://opendatacommons.org/licenses/by/1.0/",
+  "shortDescription": "Open Data Commons Attribution License v1.0",
+  "active": true,
+  "sortOrder": 12,
+  "rightsIdentifier": "ODC-By-1.0",
+  "rightsIdentifierScheme": "SPDX",
+  "schemeUri": "https://spdx.org/licenses/",
+  "languageCode": "en"
+}
\ No newline at end of file
diff --git a/scripts/api/data/licenses/licenseODbL-1.0.json b/scripts/api/data/licenses/licenseODbL-1.0.json
new file mode 100644
index 00000000000..bf13ad404b4
--- /dev/null
+++ b/scripts/api/data/licenses/licenseODbL-1.0.json
@@ -0,0 +1,11 @@
+{
+  "name": "ODbL-1.0",
+  "uri": "http://www.opendatacommons.org/licenses/odbl/1.0/",
+  "shortDescription": "Open Data Commons Open Database License v1.0",
+  "active": true,
+  "sortOrder": 11,
+  "rightsIdentifier": "ODbL-1.0",
+  "rightsIdentifierScheme": "SPDX",
+  "schemeUri": "https://spdx.org/licenses/",
+  "languageCode": "en"
+}
\ No newline at end of file
diff --git a/scripts/api/data/licenses/licensePDDL-1.0.json b/scripts/api/data/licenses/licensePDDL-1.0.json
new file mode 100644
index 00000000000..ae01f3d2109
--- /dev/null
+++ b/scripts/api/data/licenses/licensePDDL-1.0.json
@@ -0,0 +1,11 @@
+{
+  "name": "PDDL-1.0",
+  "uri": "http://opendatacommons.org/licenses/pddl/1.0/",
+  "shortDescription": "Open Data Commons Public Domain Dedication & License 1.0",
+  "active": true,
+  "sortOrder": 12,
+  "rightsIdentifier": "PDDL-1.0",
+  "rightsIdentifierScheme": "SPDX",
+  "schemeUri": "https://spdx.org/licenses/",
+  "languageCode": "en"
+}
\ No newline at end of file

From f74b832ed160481a90f63344a73f607becae9e45 Mon Sep 17 00:00:00 2001
From: Philipp Conzett <philippconzett@users.noreply.github.com>
Date: Sun, 25 May 2025 11:07:51 +0200
Subject: [PATCH 002/634] Update config.rst

---
 doc/sphinx-guides/source/installation/config.rst | 12 +++++++++++-
 1 file changed, 11 insertions(+), 1 deletion(-)

diff --git a/doc/sphinx-guides/source/installation/config.rst b/doc/sphinx-guides/source/installation/config.rst
index d5fa101b095..d06ee9b242e 100644
--- a/doc/sphinx-guides/source/installation/config.rst
+++ b/doc/sphinx-guides/source/installation/config.rst
@@ -2038,13 +2038,23 @@ JSON files for `Creative Commons licenses <https://creativecommons.org/about/ccl
 
 .. _adding-custom-licenses:
 
+Adding Open Data Commons Licenses
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+JSON files for `Open Data Commons licenses <https://opendatacommons.org/licenses/>`_ are provided below.
+
+- :download:`licenseODbL-1.0.json <../../../../scripts/api/data/licenses/licenseODbL-1.0.json>`
+- :download:`licenseODC-By-1.0.json <../../../../scripts/api/data/licenses/licenseODC-By-1.0.json>`
+- :download:`licensePDDL-1.0.json <../../../../scripts/api/data/licenses/licensePDDL-1.0.json>`
+
 Adding Software Licenses
 ^^^^^^^^^^^^^^^^^^^^^^^^
 
 JSON files for software licenses are provided below.
 
-- :download:`licenseMIT.json <../../../../scripts/api/data/licenses/licenseMIT.json>`
 - :download:`licenseApache-2.0.json <../../../../scripts/api/data/licenses/licenseApache-2.0.json>`
+- :download:`licenseMIT.json <../../../../scripts/api/data/licenses/licenseMIT.json>`
+- :download:`licenseEUPL-1.2.json <../../../../scripts/api/data/licenses/licenseEUPL-1.2.json>`
 
 Adding Country-Specific Licenses
 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

From f2747649efa5ce2406e2f985eddfdda3f500375b Mon Sep 17 00:00:00 2001
From: Philip Durbin <philip_durbin@harvard.edu>
Date: Wed, 28 May 2025 10:09:54 -0400
Subject: [PATCH 003/634] make sort order unique #11522

---
 scripts/api/data/licenses/licenseEUPL-1.2.json | 4 ++--
 scripts/api/data/licenses/licensePDDL-1.0.json | 4 ++--
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/scripts/api/data/licenses/licenseEUPL-1.2.json b/scripts/api/data/licenses/licenseEUPL-1.2.json
index 54b62552d1c..cb3afad2fea 100644
--- a/scripts/api/data/licenses/licenseEUPL-1.2.json
+++ b/scripts/api/data/licenses/licenseEUPL-1.2.json
@@ -3,9 +3,9 @@
   "uri": "https://joinup.ec.europa.eu/page/eupl-text-11-12",
   "shortDescription": "European Union Public License 1.2",
   "active": true,
-  "sortOrder": 13,
+  "sortOrder": 14,
   "rightsIdentifier": "EUPL-1.2",
   "rightsIdentifierScheme": "SPDX",
   "schemeUri": "https://spdx.org/licenses/",
   "languageCode": "en"
-}
\ No newline at end of file
+}
diff --git a/scripts/api/data/licenses/licensePDDL-1.0.json b/scripts/api/data/licenses/licensePDDL-1.0.json
index ae01f3d2109..986b97e5b01 100644
--- a/scripts/api/data/licenses/licensePDDL-1.0.json
+++ b/scripts/api/data/licenses/licensePDDL-1.0.json
@@ -3,9 +3,9 @@
   "uri": "http://opendatacommons.org/licenses/pddl/1.0/",
   "shortDescription": "Open Data Commons Public Domain Dedication & License 1.0",
   "active": true,
-  "sortOrder": 12,
+  "sortOrder": 13,
   "rightsIdentifier": "PDDL-1.0",
   "rightsIdentifierScheme": "SPDX",
   "schemeUri": "https://spdx.org/licenses/",
   "languageCode": "en"
-}
\ No newline at end of file
+}

From b6dbf922fb4bc50742240fc9ab9443f529110443 Mon Sep 17 00:00:00 2001
From: Philip Durbin <philip_durbin@harvard.edu>
Date: Wed, 28 May 2025 10:16:54 -0400
Subject: [PATCH 004/634] add release note snippet

---
 doc/release-notes/11522-licenses-added.md | 13 +++++++++++++
 1 file changed, 13 insertions(+)
 create mode 100644 doc/release-notes/11522-licenses-added.md

diff --git a/doc/release-notes/11522-licenses-added.md b/doc/release-notes/11522-licenses-added.md
new file mode 100644
index 00000000000..0639b86a931
--- /dev/null
+++ b/doc/release-notes/11522-licenses-added.md
@@ -0,0 +1,13 @@
+### Additional licenses
+
+The following Open Data Commons licenses have been added:
+
+- Open Database License (ODbL)
+- Open Data Commons Attribution License (ODC-By)
+- Open Data Commons Public Domain Dedication and License (PDDL))
+
+The following software license has been added:
+
+- European Union Public License (EUPL)
+
+See [the guides](https://guides.dataverse.org/en/6.7/installation/config.html#configuring-licenses) and #11522.

From 7f6aaad27c02af31e13bfec7d515b8a869ccd0da Mon Sep 17 00:00:00 2001
From: Philip Durbin <philip_durbin@harvard.edu>
Date: Wed, 28 May 2025 10:36:18 -0400
Subject: [PATCH 005/634] add OGL-UK-3.0 license #9403 #11521

---
 doc/release-notes/11522-licenses-added.md        |  4 ++++
 doc/sphinx-guides/source/installation/config.rst |  1 +
 scripts/api/data/licenses/licenseOGL-UK-3.0.json | 11 +++++++++++
 3 files changed, 16 insertions(+)
 create mode 100644 scripts/api/data/licenses/licenseOGL-UK-3.0.json

diff --git a/doc/release-notes/11522-licenses-added.md b/doc/release-notes/11522-licenses-added.md
index 0639b86a931..1a02916f769 100644
--- a/doc/release-notes/11522-licenses-added.md
+++ b/doc/release-notes/11522-licenses-added.md
@@ -10,4 +10,8 @@ The following software license has been added:
 
 - European Union Public License (EUPL)
 
+The following country-specific license has been added:
+
+- Open Government Licence (OGL UK)
+
 See [the guides](https://guides.dataverse.org/en/6.7/installation/config.html#configuring-licenses) and #11522.
diff --git a/doc/sphinx-guides/source/installation/config.rst b/doc/sphinx-guides/source/installation/config.rst
index d06ee9b242e..0a09524abe3 100644
--- a/doc/sphinx-guides/source/installation/config.rst
+++ b/doc/sphinx-guides/source/installation/config.rst
@@ -2060,6 +2060,7 @@ Adding Country-Specific Licenses
 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
 
 - :download:`licenseEtalab-2.0.json <../../../../scripts/api/data/licenses/licenseEtalab-2.0.json>` used in France (Etalab Open License 2.0, CC-BY 2.0 compliant).
+- :download:`licenseOGL-UK-3.0.json <../../../../scripts/api/data/licenses/licenseOGL-UK-3.0.json>`
 
 Contributing to the Collection of Standard Licenses Above
 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
diff --git a/scripts/api/data/licenses/licenseOGL-UK-3.0.json b/scripts/api/data/licenses/licenseOGL-UK-3.0.json
new file mode 100644
index 00000000000..7363645e075
--- /dev/null
+++ b/scripts/api/data/licenses/licenseOGL-UK-3.0.json
@@ -0,0 +1,11 @@
+{
+  "name": "OGL UK 3.0",
+  "uri": "https://www.nationalarchives.gov.uk/doc/open-government-licence/version/3",
+  "shortDescription": "Open Government Licence v3.0.",
+  "active": true,
+  "sortOrder": 15,
+  "rightsIdentifier": "OGL-UK-3.0",
+  "rightsIdentifierScheme": "SPDX",
+  "schemeUri": "https://spdx.org/licenses/",
+  "languageCode": "en"
+}

From 7ac49381c58d134a23fb128065def0a05284071a Mon Sep 17 00:00:00 2001
From: Philip Durbin <philip_durbin@harvard.edu>
Date: Wed, 28 May 2025 10:38:43 -0400
Subject: [PATCH 006/634] use suggested text in release note snippet #11521

---
 doc/release-notes/11522-licenses-added.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/doc/release-notes/11522-licenses-added.md b/doc/release-notes/11522-licenses-added.md
index 1a02916f769..6afbb0fcb2c 100644
--- a/doc/release-notes/11522-licenses-added.md
+++ b/doc/release-notes/11522-licenses-added.md
@@ -14,4 +14,4 @@ The following country-specific license has been added:
 
 - Open Government Licence (OGL UK)
 
-See [the guides](https://guides.dataverse.org/en/6.7/installation/config.html#configuring-licenses) and #11522.
+The licenses above are widely recognized and used in Europe and beyond to promote data and software sharing. See [the guides](https://guides.dataverse.org/en/6.7/installation/config.html#configuring-licenses) and #11522.

From 9196846820df730722810a352f8d79217600e24f Mon Sep 17 00:00:00 2001
From: Philip Durbin <philip_durbin@harvard.edu>
Date: Wed, 28 May 2025 10:51:18 -0400
Subject: [PATCH 007/634] clarify how to add licenses #11521 #10426

---
 doc/sphinx-guides/source/installation/config.rst | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/doc/sphinx-guides/source/installation/config.rst b/doc/sphinx-guides/source/installation/config.rst
index 0a09524abe3..97f83fa4a43 100644
--- a/doc/sphinx-guides/source/installation/config.rst
+++ b/doc/sphinx-guides/source/installation/config.rst
@@ -2072,10 +2072,14 @@ If you do not find the license JSON you need above, you are encouraged to contri
 - Copy an existing license as a starting point.
 - Name your file using the SPDX identifier. For example, if the identifier is ``Apache-2.0``, you should name your file ``licenseApache-2.0.json``.
 - For the ``name`` field, use the "short identifier" from the SPDX landing page (e.g. ``Apache-2.0``).
-- For the ``description`` field, use the "full name" from the SPDX landing page (e.g. ``Apache License 2.0``).
+- For the ``shortDescription`` field, use the "full name" from the SPDX landing page (e.g. ``Apache License 2.0``) followed by a period (full-stop) (e.g. ``Apache License 2.0.``).
 - For the ``uri`` field, we encourage you to use the same resource that DataCite uses, which is often the same as the first "Other web pages for this license" on the SPDX page for the license. When these differ, or there are other concerns about the URI DataCite uses, please reach out to the community to see if a consensus can be reached.
 - For the ``active`` field, put ``true``.
 - For the ``sortOrder`` field, put the next sequential number after checking previous files with ``grep sortOrder scripts/api/data/licenses/*``.
+- For the ``rightsIdentifier`` field, use the identifier from SPDX (e.g. ``Apache-2.0``).
+- For the ``rightsIdentifierScheme`` field, use "SPDX".
+- For the ``schemeUri`` field, use "https://spdx.org/licenses/".
+- For the ``languageCode`` field, use "en".
 
 Note that prior to Dataverse 6.2, various license above have been added that do not adhere perfectly with this procedure. For example, the ``name`` for the CC0 license is ``CC0 1.0`` (no dash) rather than ``CC0-1.0`` (with a dash). We are keeping the existing names for backward compatibility. For more on standarizing license configuration, see https://github.com/IQSS/dataverse/issues/8512
 

From 253a0342528ba7103d1aff1dfb23ce756e91bb20 Mon Sep 17 00:00:00 2001
From: Jim Myers <qqmyers@hotmail.com>
Date: Tue, 8 Apr 2025 13:32:53 -0400
Subject: [PATCH 008/634] basic roleassignment auditing for assign, revoke

---
 .../dataverse/DataverseRoleServiceBean.java   |  50 +++++-
 .../iq/dataverse/RoleAssignmentAudit.java     | 157 ++++++++++++++++++
 .../command/impl/AssignRoleCommand.java       |  37 +++--
 .../CuratePublishedDatasetVersionCommand.java |   2 +-
 .../impl/DeleteDatasetVersionCommand.java     |   2 +-
 .../command/impl/DeleteRoleCommand.java       |   2 +-
 .../command/impl/RevokeAllRolesCommand.java   |   2 +-
 .../command/impl/RevokeRoleCommand.java       |  20 +--
 .../iq/dataverse/settings/FeatureFlags.java   |   5 +
 .../impl/DeletePrivateUrlCommandTest.java     |   2 +-
 10 files changed, 242 insertions(+), 37 deletions(-)
 create mode 100644 src/main/java/edu/harvard/iq/dataverse/RoleAssignmentAudit.java

diff --git a/src/main/java/edu/harvard/iq/dataverse/DataverseRoleServiceBean.java b/src/main/java/edu/harvard/iq/dataverse/DataverseRoleServiceBean.java
index b751841da74..00368ff0b67 100644
--- a/src/main/java/edu/harvard/iq/dataverse/DataverseRoleServiceBean.java
+++ b/src/main/java/edu/harvard/iq/dataverse/DataverseRoleServiceBean.java
@@ -4,6 +4,7 @@
 import edu.harvard.iq.dataverse.authorization.Permission;
 import edu.harvard.iq.dataverse.authorization.RoleAssignee;
 import edu.harvard.iq.dataverse.authorization.users.User;
+import edu.harvard.iq.dataverse.engine.command.DataverseRequest;
 import edu.harvard.iq.dataverse.authorization.RoleAssignmentSet;
 import edu.harvard.iq.dataverse.search.IndexAsync;
 import edu.harvard.iq.dataverse.search.IndexResponse;
@@ -13,7 +14,6 @@
 import java.util.Collection;
 import java.util.HashSet;
 import java.util.List;
-import java.util.Objects;
 import java.util.Set;
 import java.util.logging.Logger;
 import java.util.stream.Collectors;
@@ -23,6 +23,7 @@
 import jakarta.persistence.EntityManager;
 import jakarta.persistence.PersistenceContext;
 import jakarta.persistence.TypedQuery;
+import edu.harvard.iq.dataverse.settings.FeatureFlags;
 
 /**
  *
@@ -87,6 +88,23 @@ public RoleAssignment save(RoleAssignment assignment, boolean createIndex) {
         }
         return assignment;
     }
+    
+
+    /**
+     * Saves a RoleAssignmentAudit entry to the database.
+     * 
+     * @param audit The RoleAssignmentAudit object to be saved
+     * @return The persisted RoleAssignmentAudit object
+     */
+    public RoleAssignmentAudit saveAudit(RoleAssignmentAudit audit) {
+        if (audit.getAuditId() == null) {
+            em.persist(audit);
+            em.flush(); // Ensure the entity is persisted immediately
+        } else {
+            audit = em.merge(audit);
+        }
+        return audit;
+    }
 
     private IndexResponse indexDefinitionPoint(DvObject definitionPoint) {
         /**
@@ -135,7 +153,7 @@ public DataverseRole findCustomRoleByAliasAndOwner(String alias, Long ownerId) {
             .getSingleResult();
     }
 
-    public void revoke(Set<DataverseRole> roles, RoleAssignee assignee, DvObject defPoint) {
+/*    public void revoke(Set<DataverseRole> roles, RoleAssignee assignee, DvObject defPoint) {
         for (DataverseRole role : roles) {
             em.createNamedQuery("RoleAssignment.deleteByAssigneeIdentifier_RoleIdDefinition_PointId")
                 .setParameter("assigneeIdentifier", assignee.getIdentifier())
@@ -146,34 +164,47 @@ public void revoke(Set<DataverseRole> roles, RoleAssignee assignee, DvObject def
         }
         em.refresh(assignee);
     }
-
-    public void revoke(RoleAssignment ra) {
+*/
+    public void revoke(RoleAssignment ra, DataverseRequest req) {
         if (!em.contains(ra)) {
             ra = em.merge(ra);
         }
+        
+        // Create audit entry if feature flag is set
+        if (FeatureFlags.ROLE_ASSIGNMENT_AUDITING.enabled()) {
+            RoleAssignmentAudit audit = new RoleAssignmentAudit(ra, req, RoleAssignmentAudit.ActionType.REVOKE);
+            saveAudit(audit);
+        }
+        
         em.remove(ra);
         /**
          * @todo update permissionModificationTime here.
          */
         indexAsync.indexRole(ra);
     }
-
+    
     // "nuclear" remove-all roles for a user or group: 
     // (Note that all the "definition points" - i.e., the dvObjects
     // on which the roles were assigned - need to be reindexed for permissions
     // once the role assignments are removed!
-    public void revokeAll(RoleAssignee assignee) {
+    public void revokeAll(RoleAssignee assignee, DataverseRequest req) {
         Set<DvObject> reindexSet = new HashSet<>();
-
+    
         for (RoleAssignment ra : roleAssigneeService.getAssignmentsFor(assignee.getIdentifier())) {
             if (!em.contains(ra)) {
                 ra = em.merge(ra);
             }
+            
+            // Create audit entry if feature flag is set
+            if (FeatureFlags.ROLE_ASSIGNMENT_AUDITING.enabled()) {
+                RoleAssignmentAudit audit = new RoleAssignmentAudit(ra, req, RoleAssignmentAudit.ActionType.REVOKE);
+                saveAudit(audit);
+            }
+            
             em.remove(ra);
-
             reindexSet.add(ra.getDefinitionPoint());
         }
-
+    
         indexAsync.indexRoles(reindexSet);
     }
 
@@ -329,4 +360,5 @@ For a given permission and dataverse Id get all of the roles (built-in or owned
         }
         return retVal;
     }
+
 }
diff --git a/src/main/java/edu/harvard/iq/dataverse/RoleAssignmentAudit.java b/src/main/java/edu/harvard/iq/dataverse/RoleAssignmentAudit.java
new file mode 100644
index 00000000000..2eafafb6de4
--- /dev/null
+++ b/src/main/java/edu/harvard/iq/dataverse/RoleAssignmentAudit.java
@@ -0,0 +1,157 @@
+package edu.harvard.iq.dataverse;
+
+import jakarta.persistence.Column;
+import jakarta.persistence.Entity;
+import jakarta.persistence.EnumType;
+import jakarta.persistence.Enumerated;
+import jakarta.persistence.GeneratedValue;
+import jakarta.persistence.GenerationType;
+import jakarta.persistence.Id;
+import jakarta.persistence.Table;
+import jakarta.persistence.Temporal;
+import jakarta.persistence.TemporalType;
+import java.io.Serializable;
+import java.util.Date;
+
+import edu.harvard.iq.dataverse.engine.command.DataverseRequest;
+
+@Entity
+@Table(name = "role_assignment_audit")
+public class RoleAssignmentAudit implements Serializable {
+
+    @Id
+    @GeneratedValue(strategy = GenerationType.IDENTITY)
+    @Column(name = "audit_id")
+    private Long auditId;
+
+    @Column(name = "role_assignment_id")
+    private Long roleAssignmentId;
+
+    @Enumerated(EnumType.STRING)
+    @Column(name = "action_type", nullable = false)
+    private ActionType actionType;
+
+    @Temporal(TemporalType.TIMESTAMP)
+    @Column(name = "action_timestamp", nullable = false)
+    private Date actionTimestamp;
+
+    @Column(name = "action_by_identifier", nullable = false)
+    private String actionByIdentifier;
+
+    @Column(name = "assignee_identifier", nullable = false)
+    private String assigneeIdentifier;
+
+    @Column(name = "role_id")
+    private Long roleId;
+
+    @Column(name = "role_alias", nullable = false)
+    private String roleAlias;
+
+    @Column(name = "definition_point_id")
+    private Long definitionPointId;
+
+    @Column(name = "definition_point_identifier", nullable = false)
+    private String definitionPointIdentifier;
+
+    public enum ActionType {
+        ASSIGN, REVOKE
+    }
+
+    // Constructors
+    public RoleAssignmentAudit() {
+    }
+
+    public RoleAssignmentAudit(RoleAssignment roleAssignment, DataverseRequest request, ActionType actionType) {
+        this.roleAssignmentId = roleAssignment.getId();
+        this.actionType = actionType;
+        this.actionTimestamp = new Date();
+        this.actionByIdentifier = request.getUser().getIdentifier();
+        this.assigneeIdentifier = roleAssignment.getAssigneeIdentifier();
+        this.roleId = roleAssignment.getRole().getId();
+        this.roleAlias = roleAssignment.getRole().getAlias();
+        this.definitionPointId = roleAssignment.getDefinitionPoint().getId();
+        this.definitionPointIdentifier = roleAssignment.getDefinitionPoint().getIdentifier();
+    }
+
+    // Getters and setters
+    public Long getAuditId() {
+        return auditId;
+    }
+
+    public void setAuditId(Long auditId) {
+        this.auditId = auditId;
+    }
+
+    public Long getRoleAssignmentId() {
+        return roleAssignmentId;
+    }
+
+    public void setRoleAssignmentId(Long roleAssignmentId) {
+        this.roleAssignmentId = roleAssignmentId;
+    }
+
+    public ActionType getActionType() {
+        return actionType;
+    }
+
+    public void setActionType(ActionType actionType) {
+        this.actionType = actionType;
+    }
+
+    public Date getActionTimestamp() {
+        return actionTimestamp;
+    }
+
+    public void setActionTimestamp(Date actionTimestamp) {
+        this.actionTimestamp = actionTimestamp;
+    }
+
+    public String getActionByIdentifier() {
+        return actionByIdentifier;
+    }
+
+    public void setActionByIdentifier(String actionByIdentifier) {
+        this.actionByIdentifier = actionByIdentifier;
+    }
+
+    public String getAssigneeIdentifier() {
+        return assigneeIdentifier;
+    }
+
+    public void setAssigneeIdentifier(String assigneeIdentifier) {
+        this.assigneeIdentifier = assigneeIdentifier;
+    }
+
+    public Long getRoleId() {
+        return roleId;
+    }
+
+    public void setRoleId(Long roleId) {
+        this.roleId = roleId;
+    }
+
+    public String getRoleAlias() {
+        return roleAlias;
+    }
+
+    public void setRoleAlias(String roleAlias) {
+        this.roleAlias = roleAlias;
+    }
+
+    public Long getDefinitionPointId() {
+        return definitionPointId;
+    }
+
+    public void setDefinitionPointId(Long definitionPointId) {
+        this.definitionPointId = definitionPointId;
+    }
+
+    public String getDefinitionPointIdentifier() {
+        return definitionPointIdentifier;
+    }
+
+    public void setDefinitionPointIdentifier(String definitionPointIdentifier) {
+        this.definitionPointIdentifier = definitionPointIdentifier;
+    }
+
+}
\ No newline at end of file
diff --git a/src/main/java/edu/harvard/iq/dataverse/engine/command/impl/AssignRoleCommand.java b/src/main/java/edu/harvard/iq/dataverse/engine/command/impl/AssignRoleCommand.java
index 121af765737..2bd8b6c1090 100644
--- a/src/main/java/edu/harvard/iq/dataverse/engine/command/impl/AssignRoleCommand.java
+++ b/src/main/java/edu/harvard/iq/dataverse/engine/command/impl/AssignRoleCommand.java
@@ -19,7 +19,10 @@
 import edu.harvard.iq.dataverse.engine.command.exception.IllegalCommandException;
 import edu.harvard.iq.dataverse.util.BundleUtil;
 
+import edu.harvard.iq.dataverse.RoleAssignmentAudit;
+import edu.harvard.iq.dataverse.settings.FeatureFlags;
 import java.util.Collections;
+import java.util.Date;
 import java.util.HashSet;
 import java.util.Map;
 import java.util.Set;
@@ -61,21 +64,29 @@ public AssignRoleCommand(PrivateUrlUser privateUrlUser, DataverseRole memberRole
         this.anonymizedAccess= anonymizedAccess;
     }
 
-    @Override
-    public RoleAssignment execute(CommandContext ctxt) throws CommandException {
-        if (grantee instanceof AuthenticatedUser) {
-            AuthenticatedUser user = (AuthenticatedUser) grantee;
-            if (user.isDeactivated()) {
-                throw new IllegalCommandException("User " + user.getUserIdentifier() + " is deactivated and cannot be given a role.", this);
-            }
-        }
-        if(isExistingRole(ctxt)){
-            throw new IllegalCommandException(BundleUtil.getStringFromBundle("datasets.api.grant.role.assignee.has.role.error"), this);
+@Override
+public RoleAssignment execute(CommandContext ctxt) throws CommandException {
+    if (grantee instanceof AuthenticatedUser) {
+        AuthenticatedUser user = (AuthenticatedUser) grantee;
+        if (user.isDeactivated()) {
+            throw new IllegalCommandException("User " + user.getUserIdentifier() + " is deactivated and cannot be given a role.", this);
         }
-        // TODO make sure the role is defined on the dataverse.
-        RoleAssignment roleAssignment = new RoleAssignment(role, grantee, defPoint, privateUrlToken, anonymizedAccess);
-        return ctxt.roles().save(roleAssignment);
     }
+    if(isExistingRole(ctxt)){
+        throw new IllegalCommandException(BundleUtil.getStringFromBundle("datasets.api.grant.role.assignee.has.role.error"), this);
+    }
+    // TODO make sure the role is defined on the dataverse.
+    RoleAssignment roleAssignment = new RoleAssignment(role, grantee, defPoint, privateUrlToken, anonymizedAccess);
+    RoleAssignment savedRoleAssignment = ctxt.roles().save(roleAssignment);
+
+    // Check if ROLE_ASSIGNMENT_AUDITING feature flag is enabled
+    if (FeatureFlags.ROLE_ASSIGNMENT_AUDITING.enabled()) {
+        RoleAssignmentAudit audit = new RoleAssignmentAudit(savedRoleAssignment, getRequest(), RoleAssignmentAudit.ActionType.ASSIGN);
+        ctxt.roles().saveAudit(audit);
+    }
+
+    return savedRoleAssignment;
+}
 
     private boolean isExistingRole(CommandContext ctxt) {
         return ctxt.roles()
diff --git a/src/main/java/edu/harvard/iq/dataverse/engine/command/impl/CuratePublishedDatasetVersionCommand.java b/src/main/java/edu/harvard/iq/dataverse/engine/command/impl/CuratePublishedDatasetVersionCommand.java
index 3629432b7e4..45cee6e9595 100644
--- a/src/main/java/edu/harvard/iq/dataverse/engine/command/impl/CuratePublishedDatasetVersionCommand.java
+++ b/src/main/java/edu/harvard/iq/dataverse/engine/command/impl/CuratePublishedDatasetVersionCommand.java
@@ -189,7 +189,7 @@ public Dataset execute(CommandContext ctxt) throws CommandException {
 
         RoleAssignment ra = ctxt.privateUrl().getPrivateUrlRoleAssignmentFromDataset(savedDataset);
         if (ra != null) {
-            ctxt.roles().revoke(ra);
+            ctxt.roles().revoke(ra, getRequest());
         }
 
         // And update metadata at PID provider
diff --git a/src/main/java/edu/harvard/iq/dataverse/engine/command/impl/DeleteDatasetVersionCommand.java b/src/main/java/edu/harvard/iq/dataverse/engine/command/impl/DeleteDatasetVersionCommand.java
index a67d7008ef8..efb49a67b9d 100644
--- a/src/main/java/edu/harvard/iq/dataverse/engine/command/impl/DeleteDatasetVersionCommand.java
+++ b/src/main/java/edu/harvard/iq/dataverse/engine/command/impl/DeleteDatasetVersionCommand.java
@@ -92,7 +92,7 @@ protected void executeImpl(CommandContext ctxt) throws CommandException {
                     PrivateUrlUser privateUrlUser = new PrivateUrlUser(doomed.getId());
                     List<RoleAssignment> roleAssignments = ctxt.roles().directRoleAssignments(privateUrlUser, doomed);
                     for (RoleAssignment roleAssignment : roleAssignments) {
-                        ctxt.roles().revoke(roleAssignment);
+                        ctxt.roles().revoke(roleAssignment, getRequest());
                     }
                 }
                 boolean doNormalSolrDocCleanUp = true;
diff --git a/src/main/java/edu/harvard/iq/dataverse/engine/command/impl/DeleteRoleCommand.java b/src/main/java/edu/harvard/iq/dataverse/engine/command/impl/DeleteRoleCommand.java
index b0baf3a24e1..5608eb5af1f 100644
--- a/src/main/java/edu/harvard/iq/dataverse/engine/command/impl/DeleteRoleCommand.java
+++ b/src/main/java/edu/harvard/iq/dataverse/engine/command/impl/DeleteRoleCommand.java
@@ -25,7 +25,7 @@ public DeleteRoleCommand(DataverseRequest aRequest, DataverseRole doomed ) {
     @Override
     protected void executeImpl(CommandContext ctxt) throws CommandException {
         for ( RoleAssignment ra : ctxt.roles().roleAssignments(doomed.getId()) ) {
-            ctxt.roles().revoke(ra);
+            ctxt.roles().revoke(ra, getRequest());
         }
         ctxt.roles().delete(doomed.getId());
     }
diff --git a/src/main/java/edu/harvard/iq/dataverse/engine/command/impl/RevokeAllRolesCommand.java b/src/main/java/edu/harvard/iq/dataverse/engine/command/impl/RevokeAllRolesCommand.java
index e44431591c2..ed16889f736 100644
--- a/src/main/java/edu/harvard/iq/dataverse/engine/command/impl/RevokeAllRolesCommand.java
+++ b/src/main/java/edu/harvard/iq/dataverse/engine/command/impl/RevokeAllRolesCommand.java
@@ -42,7 +42,7 @@ protected void executeImpl(CommandContext ctxt) throws CommandException {
         }
         
         try {
-            ctxt.roles().revokeAll(assignee);
+            ctxt.roles().revokeAll(assignee, getRequest());
             
             ctxt.explicitGroups().revokeAllGroupsForAssignee(assignee);
             
diff --git a/src/main/java/edu/harvard/iq/dataverse/engine/command/impl/RevokeRoleCommand.java b/src/main/java/edu/harvard/iq/dataverse/engine/command/impl/RevokeRoleCommand.java
index 26ab88d29d8..f2899408393 100644
--- a/src/main/java/edu/harvard/iq/dataverse/engine/command/impl/RevokeRoleCommand.java
+++ b/src/main/java/edu/harvard/iq/dataverse/engine/command/impl/RevokeRoleCommand.java
@@ -19,18 +19,18 @@
  */
 // no annotations here, since permissions are dynamically decided
 public class RevokeRoleCommand extends AbstractVoidCommand {
-	
-	private final RoleAssignment toBeRevoked;
 
-	public RevokeRoleCommand(RoleAssignment toBeRevoked, DataverseRequest aRequest) {
+    private final RoleAssignment toBeRevoked;
+
+    public RevokeRoleCommand(RoleAssignment toBeRevoked, DataverseRequest aRequest) {
         super(aRequest, toBeRevoked.getDefinitionPoint());
-		this.toBeRevoked = toBeRevoked;
-	}
-	
-	@Override
-	protected void executeImpl(CommandContext ctxt) throws CommandException {
-		ctxt.roles().revoke(toBeRevoked);
-	}
+        this.toBeRevoked = toBeRevoked;
+    }
+
+    @Override
+    protected void executeImpl(CommandContext ctxt) throws CommandException {
+        ctxt.roles().revoke(toBeRevoked, getRequest());
+    }
         
     @Override
     public Map<String, Set<Permission>> getRequiredPermissions() {
diff --git a/src/main/java/edu/harvard/iq/dataverse/settings/FeatureFlags.java b/src/main/java/edu/harvard/iq/dataverse/settings/FeatureFlags.java
index 27c65ed067c..539e898255c 100644
--- a/src/main/java/edu/harvard/iq/dataverse/settings/FeatureFlags.java
+++ b/src/main/java/edu/harvard/iq/dataverse/settings/FeatureFlags.java
@@ -167,6 +167,11 @@ public enum FeatureFlags {
      */
     ADD_LOCAL_CONTEXTS_PERMISSION_CHECK("add-local-contexts-permission-check"),
 
+    /**
+     * This flag turns on auditing of role assignments - keeping a record of when roles were granted
+     * or revoked, at what times, and by whom.
+     */
+    ROLE_ASSIGNMENT_AUDITING("role-assignment-auditing"),
     ;
     
     final String flag;
diff --git a/src/test/java/edu/harvard/iq/dataverse/engine/command/impl/DeletePrivateUrlCommandTest.java b/src/test/java/edu/harvard/iq/dataverse/engine/command/impl/DeletePrivateUrlCommandTest.java
index 0a4e5ed2d7e..be633a68dba 100644
--- a/src/test/java/edu/harvard/iq/dataverse/engine/command/impl/DeletePrivateUrlCommandTest.java
+++ b/src/test/java/edu/harvard/iq/dataverse/engine/command/impl/DeletePrivateUrlCommandTest.java
@@ -64,7 +64,7 @@ public List<RoleAssignment> directRoleAssignments(RoleAssignee roas, DvObject dv
                     }
 
                     @Override
-                    public void revoke(RoleAssignment ra) {
+                    public void revoke(RoleAssignment ra, DataverseRequest req) {
                         // no-op
                     }
 

From a7f4b61c09505ffa92a8b6541b6a9823df1733d0 Mon Sep 17 00:00:00 2001
From: Jim Myers <qqmyers@hotmail.com>
Date: Tue, 8 Apr 2025 13:35:45 -0400
Subject: [PATCH 009/634] add indexes

---
 .../edu/harvard/iq/dataverse/RoleAssignmentAudit.java | 11 ++++++++++-
 1 file changed, 10 insertions(+), 1 deletion(-)

diff --git a/src/main/java/edu/harvard/iq/dataverse/RoleAssignmentAudit.java b/src/main/java/edu/harvard/iq/dataverse/RoleAssignmentAudit.java
index 2eafafb6de4..2645f641cc0 100644
--- a/src/main/java/edu/harvard/iq/dataverse/RoleAssignmentAudit.java
+++ b/src/main/java/edu/harvard/iq/dataverse/RoleAssignmentAudit.java
@@ -10,13 +10,22 @@
 import jakarta.persistence.Table;
 import jakarta.persistence.Temporal;
 import jakarta.persistence.TemporalType;
+import jakarta.persistence.Index;
 import java.io.Serializable;
 import java.util.Date;
 
 import edu.harvard.iq.dataverse.engine.command.DataverseRequest;
 
 @Entity
-@Table(name = "role_assignment_audit")
+@Table(name = "role_assignment_audit", indexes = {
+    @Index(name = "idx_raa_role_assignment_id", columnList = "role_assignment_id"),
+    @Index(name = "idx_raa_action_type", columnList = "action_type"),
+    @Index(name = "idx_raa_action_timestamp", columnList = "action_timestamp"),
+    @Index(name = "idx_raa_action_by_identifier", columnList = "action_by_identifier"),
+    @Index(name = "idx_raa_assignee_identifier", columnList = "assignee_identifier"),
+    @Index(name = "idx_raa_role_id", columnList = "role_id"),
+    @Index(name = "idx_raa_definition_point_id", columnList = "definition_point_id")
+})
 public class RoleAssignmentAudit implements Serializable {
 
     @Id

From bf0beedc2b1bf23329a51e0d14096ebdd447904c Mon Sep 17 00:00:00 2001
From: Jim Myers <qqmyers@hotmail.com>
Date: Tue, 8 Apr 2025 13:55:39 -0400
Subject: [PATCH 010/634] missing import

---
 .../engine/command/impl/DeletePrivateUrlCommandTest.java         | 1 +
 1 file changed, 1 insertion(+)

diff --git a/src/test/java/edu/harvard/iq/dataverse/engine/command/impl/DeletePrivateUrlCommandTest.java b/src/test/java/edu/harvard/iq/dataverse/engine/command/impl/DeletePrivateUrlCommandTest.java
index be633a68dba..640c66b61e4 100644
--- a/src/test/java/edu/harvard/iq/dataverse/engine/command/impl/DeletePrivateUrlCommandTest.java
+++ b/src/test/java/edu/harvard/iq/dataverse/engine/command/impl/DeletePrivateUrlCommandTest.java
@@ -8,6 +8,7 @@
 import edu.harvard.iq.dataverse.authorization.users.PrivateUrlUser;
 import edu.harvard.iq.dataverse.engine.TestCommandContext;
 import edu.harvard.iq.dataverse.engine.TestDataverseEngine;
+import edu.harvard.iq.dataverse.engine.command.DataverseRequest;
 import edu.harvard.iq.dataverse.engine.command.exception.CommandException;
 import edu.harvard.iq.dataverse.privateurl.PrivateUrl;
 import edu.harvard.iq.dataverse.privateurl.PrivateUrlServiceBean;

From 47e98050eedf41159a783f4a7eedb9f359c63a16 Mon Sep 17 00:00:00 2001
From: Jim Myers <qqmyers@hotmail.com>
Date: Tue, 8 Apr 2025 14:34:47 -0400
Subject: [PATCH 011/634] refresh assignment to get id

---
 .../harvard/iq/dataverse/DataverseRoleServiceBean.java   | 9 +++++----
 1 file changed, 5 insertions(+), 4 deletions(-)

diff --git a/src/main/java/edu/harvard/iq/dataverse/DataverseRoleServiceBean.java b/src/main/java/edu/harvard/iq/dataverse/DataverseRoleServiceBean.java
index 00368ff0b67..17938d900a3 100644
--- a/src/main/java/edu/harvard/iq/dataverse/DataverseRoleServiceBean.java
+++ b/src/main/java/edu/harvard/iq/dataverse/DataverseRoleServiceBean.java
@@ -77,15 +77,16 @@ public RoleAssignment save(RoleAssignment assignment) {
     public RoleAssignment save(RoleAssignment assignment, boolean createIndex) {
         if (assignment.getId() == null) {
             em.persist(assignment);
+            em.flush(); // Force synchronization with the database
+            em.refresh(assignment); // Refresh the entity to ensure it has the latest state, including the ID
         } else {
             assignment = em.merge(assignment);
         }
-        /**
-         * @todo update permissionModificationTime here.
-         */
-        if ( createIndex ) {
+        
+        if (createIndex) {
             indexAsync.indexRole(assignment);
         }
+        
         return assignment;
     }
     

From 1d3a1119e8bb3fade8e27c2275e57daa3ac43a3a Mon Sep 17 00:00:00 2001
From: Jim Myers <qqmyers@hotmail.com>
Date: Tue, 8 Apr 2025 15:33:29 -0400
Subject: [PATCH 012/634] history panel

---
 .../iq/dataverse/ManagePermissionsPage.java   | 100 ++++++++++++++++++
 .../iq/dataverse/RoleAssignmentAudit.java     |   7 +-
 src/main/java/propertyFiles/Bundle.properties |   7 ++
 src/main/webapp/permissions-manage.xhtml      |  34 ++++++
 4 files changed, 147 insertions(+), 1 deletion(-)

diff --git a/src/main/java/edu/harvard/iq/dataverse/ManagePermissionsPage.java b/src/main/java/edu/harvard/iq/dataverse/ManagePermissionsPage.java
index 0e277c5aa32..5359079ad3f 100644
--- a/src/main/java/edu/harvard/iq/dataverse/ManagePermissionsPage.java
+++ b/src/main/java/edu/harvard/iq/dataverse/ManagePermissionsPage.java
@@ -26,9 +26,12 @@
 import java.util.ArrayList;
 import java.util.Arrays;
 import java.util.Collections;
+import java.util.Comparator;
 import java.util.Date;
+import java.util.HashMap;
 import java.util.LinkedList;
 import java.util.List;
+import java.util.Map;
 import java.util.Set;
 import java.util.logging.Level;
 import java.util.logging.Logger;
@@ -230,6 +233,44 @@ public void cloneRole(String roleId) {
     public void editRole(String roleId) {
         setRole(roleService.find(Long.parseLong(roleId)));
     }
+    
+    /** Role Assignment History */
+    private List<RoleAssignmentHistoryEntry> roleAssignmentHistory;
+
+    public List<RoleAssignmentHistoryEntry> getRoleAssignmentHistory() {
+        if (roleAssignmentHistory == null) {
+            roleAssignmentHistory = new ArrayList<>();
+            
+            List<RoleAssignmentAudit> audits = em.createNamedQuery("RoleAssignmentAudit.findByDefinitionPointId", RoleAssignmentAudit.class)
+                    .setParameter("definitionPointId", dvObject.getId())
+                    .getResultList();
+            
+            Map<Long, RoleAssignmentHistoryEntry> historyMap = new HashMap<>();
+            
+            for (RoleAssignmentAudit audit : audits) {
+                Long roleAssignmentId = audit.getRoleAssignmentId();
+                RoleAssignmentHistoryEntry entry = historyMap.get(roleAssignmentId);
+                
+                if (entry == null) {
+                    entry = new RoleAssignmentHistoryEntry(audit.getAssigneeIdentifier(), audit.getRoleAlias());
+                    historyMap.put(roleAssignmentId, entry);
+                }
+                
+                if (audit.getActionType() == RoleAssignmentAudit.ActionType.ASSIGN) {
+                    entry.setAssignedBy(audit.getActionByIdentifier());
+                    entry.setAssignedAt(audit.getActionTimestamp());
+                } else if (audit.getActionType() == RoleAssignmentAudit.ActionType.REVOKE) {
+                    entry.setRevokedBy(audit.getActionByIdentifier());
+                    entry.setRevokedAt(audit.getActionTimestamp());
+                }
+            }
+            
+            roleAssignmentHistory.addAll(historyMap.values());
+            roleAssignmentHistory.sort(Comparator.comparing(RoleAssignmentHistoryEntry::getAssignedAt).reversed());
+        }
+        return roleAssignmentHistory;
+    }
+    
 
     /*
     ============================================================================
@@ -716,4 +757,63 @@ public Long getId() {
         }
 
     }
+    
+    public static class RoleAssignmentHistoryEntry {
+        private String roleName;
+        private String assigneeIdentifier;
+        private String assignedBy;
+        private Date assignedAt;
+        private String revokedBy;
+        private Date revokedAt;
+
+        public RoleAssignmentHistoryEntry(String assigneeIdentifier, String roleName) {
+            this.roleName = roleName;
+            this.assigneeIdentifier = assigneeIdentifier;
+            ;
+        }
+
+        public void setRevokedAt(Date actionTimestamp) {
+            revokedAt = actionTimestamp;
+
+        }
+
+        public void setRevokedBy(String actionByIdentifier) {
+            revokedBy = actionByIdentifier;
+
+        }
+
+        public void setAssignedAt(Date actionTimestamp) {
+            assignedAt = actionTimestamp;
+
+        }
+
+        public void setAssignedBy(String actionByIdentifier) {
+            assignedBy = actionByIdentifier;
+
+        }
+
+        public String getRoleName() {
+            return roleName;
+        }
+
+        public String getAssigneeIdentifier() {
+            return assigneeIdentifier;
+        }
+
+        public String getAssignedBy() {
+            return assignedBy;
+        }
+
+        public Date getAssignedAt() {
+            return assignedAt;
+        }
+
+        public String getRevokedBy() {
+            return revokedBy;
+        }
+
+        public Date getRevokedAt() {
+            return revokedAt;
+        }
+    }
 }
diff --git a/src/main/java/edu/harvard/iq/dataverse/RoleAssignmentAudit.java b/src/main/java/edu/harvard/iq/dataverse/RoleAssignmentAudit.java
index 2645f641cc0..2209977b541 100644
--- a/src/main/java/edu/harvard/iq/dataverse/RoleAssignmentAudit.java
+++ b/src/main/java/edu/harvard/iq/dataverse/RoleAssignmentAudit.java
@@ -11,6 +11,8 @@
 import jakarta.persistence.Temporal;
 import jakarta.persistence.TemporalType;
 import jakarta.persistence.Index;
+import jakarta.persistence.NamedQuery;
+
 import java.io.Serializable;
 import java.util.Date;
 
@@ -26,6 +28,9 @@
     @Index(name = "idx_raa_role_id", columnList = "role_id"),
     @Index(name = "idx_raa_definition_point_id", columnList = "definition_point_id")
 })
+@NamedQuery(name = "RoleAssignmentAudit.findByDefinitionPointId",
+query = "SELECT ra FROM RoleAssignmentAudit ra WHERE ra.definitionPointId = :definitionPointId ORDER BY ra.roleAssignmenId, ra.actionTimestamp DESC")
+
 public class RoleAssignmentAudit implements Serializable {
 
     @Id
@@ -79,7 +84,7 @@ public RoleAssignmentAudit(RoleAssignment roleAssignment, DataverseRequest reque
         this.roleId = roleAssignment.getRole().getId();
         this.roleAlias = roleAssignment.getRole().getAlias();
         this.definitionPointId = roleAssignment.getDefinitionPoint().getId();
-        this.definitionPointIdentifier = roleAssignment.getDefinitionPoint().getIdentifier();
+        this.definitionPointIdentifier = roleAssignment.getDefinitionPoint().getGlobalId().asString();
     }
 
     // Getters and setters
diff --git a/src/main/java/propertyFiles/Bundle.properties b/src/main/java/propertyFiles/Bundle.properties
index 05421179d7e..95341c74545 100644
--- a/src/main/java/propertyFiles/Bundle.properties
+++ b/src/main/java/propertyFiles/Bundle.properties
@@ -1203,6 +1203,13 @@ dataverse.permissions.roles.edit=Edit Role
 dataverse.permissions.roles.copy=Copy Role
 dataverse.permissions.roles.alias.required=Please enter a unique identifier for this role.
 dataverse.permissions.roles.name.required=Please enter a name for this role.
+dataverse.permissions.history=Role Assignment History
+dataverse.permissions.history.description=View the history of role assignments and revocations
+dataverse.permissions.history.role=Role
+dataverse.permissions.history.assignee=Assignee
+dataverse.permissions.history.assigned=Assigned
+dataverse.permissions.history.revoked=Revoked
+dataverse.permissions.history.notRevoked=Not Revoked
 
 # permissions-manage-files.xhtml
 dataverse.permissionsFiles.title=Restricted File Permissions
diff --git a/src/main/webapp/permissions-manage.xhtml b/src/main/webapp/permissions-manage.xhtml
index b328e4abc81..e3e5e4ecf6c 100644
--- a/src/main/webapp/permissions-manage.xhtml
+++ b/src/main/webapp/permissions-manage.xhtml
@@ -197,6 +197,40 @@
                                 </div>
                             </div>
                         </div>
+                        <!-- Role Assignment History Panel -->
+                        <div class="panel panel-default">
+                            <div data-toggle="collapse" data-target="#panelCollapseHistory" class="panel-heading text-info">
+                                #{bundle['dataverse.permissions.history']} <span class="glyphicon glyphicon-chevron-down"/>
+                                <span class="text-muted small pull-right">#{bundle['dataverse.permissions.history.description']}</span>
+                            </div>
+                            <div id="panelCollapseHistory" class="collapse">
+                                <div class="panel-body">
+                                    <p:dataTable id="roleAssignmentHistory" var="historyEntry" value="#{managePermissionsPage.roleAssignmentHistory}">
+                                        <p:column headerText="#{bundle['dataverse.permissions.history.role']}">
+                                            <h:outputText value="#{historyEntry.roleName}" />
+                                        </p:column>
+                                        <p:column headerText="#{bundle['dataverse.permissions.history.assignee']}">
+                                            <h:outputText value="#{historyEntry.assigneeIdentifier}" />
+                                        </p:column>
+                                        <p:column headerText="#{bundle['dataverse.permissions.history.assigned']}">
+                                            <h:outputText value="#{historyEntry.assignedBy}" />
+                                            <h:outputText value=" on " />
+                                            <h:outputText value="#{historyEntry.assignedAt}">
+                                                <f:convertDateTime pattern="yyyy-MM-dd HH:mm:ss" />
+                                            </h:outputText>
+                                        </p:column>
+                                        <p:column headerText="#{bundle['dataverse.permissions.history.revoked']}">
+                                            <h:outputText value="#{historyEntry.revokedBy}" rendered="#{historyEntry.revokedBy != null}" />
+                                            <h:outputText value=" on " rendered="#{historyEntry.revokedBy != null}" />
+                                            <h:outputText value="#{historyEntry.revokedAt}" rendered="#{historyEntry.revokedBy != null}">
+                                                <f:convertDateTime pattern="yyyy-MM-dd HH:mm:ss" />
+                                            </h:outputText>
+                                            <h:outputText value="#{bundle['dataverse.permissions.history.notRevoked']}" rendered="#{historyEntry.revokedBy == null}" />
+                                        </p:column>
+                                    </p:dataTable>
+                                </div>
+                            </div>
+                        </div>
                     </div>
 
                     <!-- Users/Groups Popup -->

From 2fbde58c32b026577f6c5059918bc2c6f3709002 Mon Sep 17 00:00:00 2001
From: Jim Myers <qqmyers@hotmail.com>
Date: Tue, 8 Apr 2025 15:46:17 -0400
Subject: [PATCH 013/634] typo

---
 src/main/java/edu/harvard/iq/dataverse/RoleAssignmentAudit.java | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/main/java/edu/harvard/iq/dataverse/RoleAssignmentAudit.java b/src/main/java/edu/harvard/iq/dataverse/RoleAssignmentAudit.java
index 2209977b541..8c64583e814 100644
--- a/src/main/java/edu/harvard/iq/dataverse/RoleAssignmentAudit.java
+++ b/src/main/java/edu/harvard/iq/dataverse/RoleAssignmentAudit.java
@@ -29,7 +29,7 @@
     @Index(name = "idx_raa_definition_point_id", columnList = "definition_point_id")
 })
 @NamedQuery(name = "RoleAssignmentAudit.findByDefinitionPointId",
-query = "SELECT ra FROM RoleAssignmentAudit ra WHERE ra.definitionPointId = :definitionPointId ORDER BY ra.roleAssignmenId, ra.actionTimestamp DESC")
+query = "SELECT ra FROM RoleAssignmentAudit ra WHERE ra.definitionPointId = :definitionPointId ORDER BY ra.roleAssignmentId, ra.actionTimestamp DESC")
 
 public class RoleAssignmentAudit implements Serializable {
 

From 9da8ee9c36be79c4883d5c75998c46c05fef54a5 Mon Sep 17 00:00:00 2001
From: Jim Myers <qqmyers@hotmail.com>
Date: Wed, 9 Apr 2025 11:58:02 -0400
Subject: [PATCH 014/634] file RAs

---
 .../dataverse/ManageFilePermissionsPage.java  | 37 ++++++++++++++++++
 .../iq/dataverse/ManagePermissionsPage.java   | 19 +++++----
 .../iq/dataverse/RoleAssignmentAudit.java     | 12 ++++--
 src/main/java/propertyFiles/Bundle.properties |  2 +-
 .../webapp/permissions-manage-files.xhtml     | 39 +++++++++++++++++++
 src/main/webapp/permissions-manage.xhtml      |  9 +++--
 6 files changed, 103 insertions(+), 15 deletions(-)

diff --git a/src/main/java/edu/harvard/iq/dataverse/ManageFilePermissionsPage.java b/src/main/java/edu/harvard/iq/dataverse/ManageFilePermissionsPage.java
index 1ead0b13cdc..4cfdeaeaac3 100644
--- a/src/main/java/edu/harvard/iq/dataverse/ManageFilePermissionsPage.java
+++ b/src/main/java/edu/harvard/iq/dataverse/ManageFilePermissionsPage.java
@@ -5,6 +5,7 @@
  */
 package edu.harvard.iq.dataverse;
 
+import edu.harvard.iq.dataverse.ManagePermissionsPage.RoleAssignmentHistoryEntry;
 import edu.harvard.iq.dataverse.api.Util;
 import edu.harvard.iq.dataverse.authorization.AuthenticationProvider;
 import edu.harvard.iq.dataverse.authorization.AuthenticationServiceBean;
@@ -151,6 +152,7 @@ public String init() {
             return permissionsWrapper.notAuthorized();
         }
         initMaps();
+        roleAssignmentHistory = null;
         return "";
     }
 
@@ -537,6 +539,41 @@ private boolean assignRole(RoleAssignee ra,  DataFile file, DataverseRole r) {
         return true;
     }
 
+    private List<RoleAssignmentHistoryEntry> roleAssignmentHistory;
+
+    public List<RoleAssignmentHistoryEntry> getRoleAssignmentHistory() {
+        if (roleAssignmentHistory == null) {
+            roleAssignmentHistory = new ArrayList<>();
+            
+            List<RoleAssignmentAudit> audits = em.createNamedQuery("RoleAssignmentAudit.findByOwnerId", RoleAssignmentAudit.class)
+                    .setParameter("datasetId", dataset.getId())
+                    .getResultList();
+            
+            Map<Long, RoleAssignmentHistoryEntry> historyMap = new HashMap<>();
+            
+            for (RoleAssignmentAudit audit : audits) {
+                Long roleAssignmentId = audit.getRoleAssignmentId();
+                RoleAssignmentHistoryEntry entry = historyMap.get(roleAssignmentId);
+                
+                if (entry == null) {
+                    entry = new RoleAssignmentHistoryEntry(audit.getAssigneeIdentifier(), audit.getRoleAlias(), audit.getDefinitionPointId()  );
+                    historyMap.put(roleAssignmentId, entry);
+                }
+                
+                if (audit.getActionType() == RoleAssignmentAudit.ActionType.ASSIGN) {
+                    entry.setAssignedBy(audit.getActionByIdentifier());
+                    entry.setAssignedAt(audit.getActionTimestamp());
+                } else if (audit.getActionType() == RoleAssignmentAudit.ActionType.REVOKE) {
+                    entry.setRevokedBy(audit.getActionByIdentifier());
+                    entry.setRevokedAt(audit.getActionTimestamp());
+                }
+            }
+            
+            roleAssignmentHistory.addAll(historyMap.values());
+            roleAssignmentHistory.sort(Comparator.comparing(RoleAssignmentHistoryEntry::getAssignedAt).reversed());
+        }
+        return roleAssignmentHistory;
+    }
 
     boolean renderUserGroupMessages = false;
     boolean renderFileMessages = false;
diff --git a/src/main/java/edu/harvard/iq/dataverse/ManagePermissionsPage.java b/src/main/java/edu/harvard/iq/dataverse/ManagePermissionsPage.java
index 5359079ad3f..9b2b04c33a6 100644
--- a/src/main/java/edu/harvard/iq/dataverse/ManagePermissionsPage.java
+++ b/src/main/java/edu/harvard/iq/dataverse/ManagePermissionsPage.java
@@ -252,7 +252,7 @@ public List<RoleAssignmentHistoryEntry> getRoleAssignmentHistory() {
                 RoleAssignmentHistoryEntry entry = historyMap.get(roleAssignmentId);
                 
                 if (entry == null) {
-                    entry = new RoleAssignmentHistoryEntry(audit.getAssigneeIdentifier(), audit.getRoleAlias());
+                    entry = new RoleAssignmentHistoryEntry(audit.getAssigneeIdentifier(), audit.getRoleAlias(), audit.getDefinitionPointId());
                     historyMap.put(roleAssignmentId, entry);
                 }
                 
@@ -765,31 +765,28 @@ public static class RoleAssignmentHistoryEntry {
         private Date assignedAt;
         private String revokedBy;
         private Date revokedAt;
+        private Long definitionPointId;  // New field
 
-        public RoleAssignmentHistoryEntry(String assigneeIdentifier, String roleName) {
+        public RoleAssignmentHistoryEntry(String assigneeIdentifier, String roleName, Long definitionPointId) {
             this.roleName = roleName;
             this.assigneeIdentifier = assigneeIdentifier;
-            ;
+            this.definitionPointId = definitionPointId;
         }
 
         public void setRevokedAt(Date actionTimestamp) {
             revokedAt = actionTimestamp;
-
         }
 
         public void setRevokedBy(String actionByIdentifier) {
             revokedBy = actionByIdentifier;
-
         }
 
         public void setAssignedAt(Date actionTimestamp) {
             assignedAt = actionTimestamp;
-
         }
 
         public void setAssignedBy(String actionByIdentifier) {
             assignedBy = actionByIdentifier;
-
         }
 
         public String getRoleName() {
@@ -815,5 +812,13 @@ public String getRevokedBy() {
         public Date getRevokedAt() {
             return revokedAt;
         }
+
+        public Long getDefinitionPointId() {
+            return definitionPointId;
+        }
+
+        public void setDefinitionPointId(Long definitionPointId) {
+            this.definitionPointId = definitionPointId;
+        }
     }
 }
diff --git a/src/main/java/edu/harvard/iq/dataverse/RoleAssignmentAudit.java b/src/main/java/edu/harvard/iq/dataverse/RoleAssignmentAudit.java
index 8c64583e814..dc6fb1806c2 100644
--- a/src/main/java/edu/harvard/iq/dataverse/RoleAssignmentAudit.java
+++ b/src/main/java/edu/harvard/iq/dataverse/RoleAssignmentAudit.java
@@ -11,6 +11,7 @@
 import jakarta.persistence.Temporal;
 import jakarta.persistence.TemporalType;
 import jakarta.persistence.Index;
+import jakarta.persistence.NamedQueries;
 import jakarta.persistence.NamedQuery;
 
 import java.io.Serializable;
@@ -28,9 +29,14 @@
     @Index(name = "idx_raa_role_id", columnList = "role_id"),
     @Index(name = "idx_raa_definition_point_id", columnList = "definition_point_id")
 })
-@NamedQuery(name = "RoleAssignmentAudit.findByDefinitionPointId",
-query = "SELECT ra FROM RoleAssignmentAudit ra WHERE ra.definitionPointId = :definitionPointId ORDER BY ra.roleAssignmentId, ra.actionTimestamp DESC")
-
+@NamedQueries({
+    @NamedQuery(name = "RoleAssignmentAudit.findByDefinitionPointId",
+        query = "SELECT ra FROM RoleAssignmentAudit ra WHERE ra.definitionPointId = :definitionPointId ORDER BY ra.roleAssignmentId, ra.actionTimestamp DESC"),
+    @NamedQuery(name = "RoleAssignmentAudit.findByOwnerId",
+    query = "SELECT ra FROM RoleAssignmentAudit ra JOIN DvObject d ON ra.definitionPointId = d.id " +
+            "WHERE d.owner.id = :datasetId " +
+            "ORDER BY ra.roleAssignmentId, ra.actionTimestamp DESC")
+})
 public class RoleAssignmentAudit implements Serializable {
 
     @Id
diff --git a/src/main/java/propertyFiles/Bundle.properties b/src/main/java/propertyFiles/Bundle.properties
index 95341c74545..095d2ff91e4 100644
--- a/src/main/java/propertyFiles/Bundle.properties
+++ b/src/main/java/propertyFiles/Bundle.properties
@@ -1210,7 +1210,7 @@ dataverse.permissions.history.assignee=Assignee
 dataverse.permissions.history.assigned=Assigned
 dataverse.permissions.history.revoked=Revoked
 dataverse.permissions.history.notRevoked=Not Revoked
-
+dataverse.permissions.history.file=File Id
 # permissions-manage-files.xhtml
 dataverse.permissionsFiles.title=Restricted File Permissions
 dataverse.permissionsFiles.usersOrGroups=Users/Groups
diff --git a/src/main/webapp/permissions-manage-files.xhtml b/src/main/webapp/permissions-manage-files.xhtml
index 4e4e56f2051..2be43b776b5 100644
--- a/src/main/webapp/permissions-manage-files.xhtml
+++ b/src/main/webapp/permissions-manage-files.xhtml
@@ -218,6 +218,45 @@
                             </div>
                         </div>
                     </div>
+                    <!-- Role Assignment History Panel -->
+                    <o:importConstants type="edu.harvard.iq.dataverse.settings.FeatureFlags" />
+                    <div class="panel panel-default" rendered="#{FeatureFlags.ROLE_ASSIGNMENT_AUDITING.enabled()}">
+                        <div data-toggle="collapse" data-target="#panelCollapseHistory" class="panel-heading text-info">
+                            #{bundle['dataverse.permissions.history']} <span class="glyphicon glyphicon-chevron-down"/>
+                            <span class="text-muted small pull-right">#{bundle['dataverse.permissions.history.description']}</span>
+                        </div>
+                        <div id="panelCollapseHistory" class="collapse">
+                            <div class="panel-body">
+                                <p:dataTable id="roleAssignmentHistory" var="historyEntry" value="#{manageFilePermissionsPage.roleAssignmentHistory}">
+                                    <p:column headerText="#{bundle['dataverse.permissions.history.assignee']}">
+                                        <h:outputText value="#{historyEntry.assignee}" />
+                                    </p:column>
+                                    <p:column headerText="#{bundle['dataverse.permissions.history.role']}">
+                                        <h:outputText value="#{historyEntry.role}" />
+                                    </p:column>
+                                    <p:column headerText="#{bundle['dataverse.permissions.history.file']}">
+                                        <h:outputText value="#{historyEntry.definitionPointId}" />
+                                    </p:column>
+                                    <p:column headerText="#{bundle['dataverse.permissions.history.assignedBy']}">
+                                        <h:outputText value="#{historyEntry.assignedBy}" />
+                                    </p:column>
+                                    <p:column headerText="#{bundle['dataverse.permissions.history.assignedAt']}">
+                                        <h:outputText value="#{historyEntry.assignedAt}">
+                                            <f:convertDateTime pattern="yyyy-MM-dd HH:mm:ss" />
+                                        </h:outputText>
+                                    </p:column>
+                                    <p:column headerText="#{bundle['dataverse.permissions.history.revokedBy']}">
+                                        <h:outputText value="#{historyEntry.revokedBy}" />
+                                    </p:column>
+                                    <p:column headerText="#{bundle['dataverse.permissions.history.revokedAt']}">
+                                        <h:outputText value="#{historyEntry.revokedAt}">
+                                            <f:convertDateTime pattern="yyyy-MM-dd HH:mm:ss" />
+                                        </h:outputText>
+                                    </p:column>
+                                </p:dataTable>
+                            </div>
+                        </div>
+                    </div>
                     <!-- View / Remove Users/Groups Popup -->
                     <p:dialog id="viewRemoveDialog" styleClass="largePopUp" header="#{bundle['dataverse.permissionsFiles.viewRemoveDialog.header']}" widgetVar="viewRemoveWidget" modal="true">
                         <div>
diff --git a/src/main/webapp/permissions-manage.xhtml b/src/main/webapp/permissions-manage.xhtml
index e3e5e4ecf6c..fbd37f5ffcd 100644
--- a/src/main/webapp/permissions-manage.xhtml
+++ b/src/main/webapp/permissions-manage.xhtml
@@ -104,7 +104,7 @@
                                     <div class="margin-bottom text-right">
                                         <p:commandLink id="userGroupsAdd" styleClass="btn btn-default"
                                                        actionListener="#{managePermissionsPage.initAssigneeDialog}"
-                                                       update="userGroupDialog"
+                                                       update="userGroupDialog roleAssignmentHistory"
                                                        oncomplete="PF('userGroupsForm').show();handleResizeDialog('userGroupDialog');">
                                             <span class="glyphicon glyphicon-user"/> #{bundle['dataverse.permissions.usersOrGroups.assignBtn']}
                                         </p:commandLink>
@@ -198,7 +198,8 @@
                             </div>
                         </div>
                         <!-- Role Assignment History Panel -->
-                        <div class="panel panel-default">
+                        <o:importConstants type="edu.harvard.iq.dataverse.settings.FeatureFlags" />
+                        <div class="panel panel-default" rendered="#{FeatureFlags.ROLE_ASSIGNMENT_AUDITING.enabled()}">
                             <div data-toggle="collapse" data-target="#panelCollapseHistory" class="panel-heading text-info">
                                 #{bundle['dataverse.permissions.history']} <span class="glyphicon glyphicon-chevron-down"/>
                                 <span class="text-muted small pull-right">#{bundle['dataverse.permissions.history.description']}</span>
@@ -240,7 +241,7 @@
                         <ui:include src="permissions-configure.xhtml"/>
                         <div class="button-block">
                             <p:commandButton value="#{bundle['saveChanges']}" styleClass="btn btn-default"
-                                           update=":#{p:resolveClientId('rolesPermissionsForm:configureSettings', view)} @([id$=assignedRoles]) assignedRoles @([id$=Messages])"
+                                           update=":#{p:resolveClientId('rolesPermissionsForm:configureSettings', view)} @([id$=assignedRoles]) assignedRoles roleAssignmentHistory @([id$=Messages])"
                                            actionListener="#{managePermissionsPage.saveConfiguration}"
                                            oncomplete="PF('accessForm').hide()"/>
                             <button class="btn btn-link" onclick="PF('accessForm').hide()" type="button">
@@ -261,7 +262,7 @@
                         <div class="button-block">
                             <p:commandButton value="#{bundle.continue}" styleClass="btn btn-default" onclick="PF('confirmation').hide()" 
                                              action="#{managePermissionsPage.removeRoleAssignment()}" 
-                                             update=":#{p:resolveClientId('rolesPermissionsForm:configureSettings', view)} assignedRoles @([id$=Messages])" />
+                                             update=":#{p:resolveClientId('rolesPermissionsForm:configureSettings', view)} assignedRoles roleAssignmentHistory @([id$=Messages])" />
                             <button class="btn btn-link" onclick="PF('confirmation').hide()" type="button">
                                 #{bundle.cancel}
                             </button>

From fe1f3e7add4873d437bbab47645ceae13d059832 Mon Sep 17 00:00:00 2001
From: Jim Myers <qqmyers@hotmail.com>
Date: Wed, 9 Apr 2025 12:43:20 -0400
Subject: [PATCH 015/634] minor fixes

---
 src/main/webapp/permissions-manage-files.xhtml | 2 +-
 src/main/webapp/permissions-manage.xhtml       | 1 +
 2 files changed, 2 insertions(+), 1 deletion(-)

diff --git a/src/main/webapp/permissions-manage-files.xhtml b/src/main/webapp/permissions-manage-files.xhtml
index 2be43b776b5..c50b2cffccb 100644
--- a/src/main/webapp/permissions-manage-files.xhtml
+++ b/src/main/webapp/permissions-manage-files.xhtml
@@ -229,7 +229,7 @@
                             <div class="panel-body">
                                 <p:dataTable id="roleAssignmentHistory" var="historyEntry" value="#{manageFilePermissionsPage.roleAssignmentHistory}">
                                     <p:column headerText="#{bundle['dataverse.permissions.history.assignee']}">
-                                        <h:outputText value="#{historyEntry.assignee}" />
+                                        <h:outputText value="#{historyEntry.assigneeIdentifier}" />
                                     </p:column>
                                     <p:column headerText="#{bundle['dataverse.permissions.history.role']}">
                                         <h:outputText value="#{historyEntry.role}" />
diff --git a/src/main/webapp/permissions-manage.xhtml b/src/main/webapp/permissions-manage.xhtml
index fbd37f5ffcd..98dfb240bee 100644
--- a/src/main/webapp/permissions-manage.xhtml
+++ b/src/main/webapp/permissions-manage.xhtml
@@ -5,6 +5,7 @@
       xmlns:ui="http://java.sun.com/jsf/facelets"
       xmlns:p="http://primefaces.org/ui"
       xmlns:c="http://java.sun.com/jsp/jstl/core"
+      xmlns:o="http://omnifaces.org/ui"
       xmlns:iqbs="http://xmlns.jcp.org/jsf/composite/iqbs">
     <h:head>
     </h:head>

From a1d5c8afe57ceeba6087b99206b35e966be4eb4c Mon Sep 17 00:00:00 2001
From: Jim Myers <qqmyers@hotmail.com>
Date: Wed, 9 Apr 2025 14:12:45 -0400
Subject: [PATCH 016/634] sync tables except def point

---
 src/main/java/propertyFiles/Bundle.properties |  9 ++++----
 .../webapp/permissions-manage-files.xhtml     |  5 +----
 src/main/webapp/permissions-manage.xhtml      | 22 +++++++++++--------
 3 files changed, 19 insertions(+), 17 deletions(-)

diff --git a/src/main/java/propertyFiles/Bundle.properties b/src/main/java/propertyFiles/Bundle.properties
index 095d2ff91e4..1d7e45c5479 100644
--- a/src/main/java/propertyFiles/Bundle.properties
+++ b/src/main/java/propertyFiles/Bundle.properties
@@ -1207,10 +1207,11 @@ dataverse.permissions.history=Role Assignment History
 dataverse.permissions.history.description=View the history of role assignments and revocations
 dataverse.permissions.history.role=Role
 dataverse.permissions.history.assignee=Assignee
-dataverse.permissions.history.assigned=Assigned
-dataverse.permissions.history.revoked=Revoked
-dataverse.permissions.history.notRevoked=Not Revoked
-dataverse.permissions.history.file=File Id
+dataverse.permissions.history.assignedBy=Assigned By
+dataverse.permissions.history.assignedAt=Assignment Date
+dataverse.permissions.history.revokedBy=Revoked By
+dataverse.permissions.history.revokedAt=Revocation Date
+dataverse.permissions.history.files={0} Files
 # permissions-manage-files.xhtml
 dataverse.permissionsFiles.title=Restricted File Permissions
 dataverse.permissionsFiles.usersOrGroups=Users/Groups
diff --git a/src/main/webapp/permissions-manage-files.xhtml b/src/main/webapp/permissions-manage-files.xhtml
index c50b2cffccb..64783288df1 100644
--- a/src/main/webapp/permissions-manage-files.xhtml
+++ b/src/main/webapp/permissions-manage-files.xhtml
@@ -232,10 +232,7 @@
                                         <h:outputText value="#{historyEntry.assigneeIdentifier}" />
                                     </p:column>
                                     <p:column headerText="#{bundle['dataverse.permissions.history.role']}">
-                                        <h:outputText value="#{historyEntry.role}" />
-                                    </p:column>
-                                    <p:column headerText="#{bundle['dataverse.permissions.history.file']}">
-                                        <h:outputText value="#{historyEntry.definitionPointId}" />
+                                        <h:outputText value="#{historyEntry.roleName}" />
                                     </p:column>
                                     <p:column headerText="#{bundle['dataverse.permissions.history.assignedBy']}">
                                         <h:outputText value="#{historyEntry.assignedBy}" />
diff --git a/src/main/webapp/permissions-manage.xhtml b/src/main/webapp/permissions-manage.xhtml
index 98dfb240bee..9c7b678167b 100644
--- a/src/main/webapp/permissions-manage.xhtml
+++ b/src/main/webapp/permissions-manage.xhtml
@@ -208,26 +208,30 @@
                             <div id="panelCollapseHistory" class="collapse">
                                 <div class="panel-body">
                                     <p:dataTable id="roleAssignmentHistory" var="historyEntry" value="#{managePermissionsPage.roleAssignmentHistory}">
+                                        <p:column headerText="#{bundle['dataverse.permissions.history.assignee']}">
+                                            <h:outputText value="#{historyEntry.assigneeIdentifier}" />
+                                        </p:column>
                                         <p:column headerText="#{bundle['dataverse.permissions.history.role']}">
                                             <h:outputText value="#{historyEntry.roleName}" />
                                         </p:column>
-                                        <p:column headerText="#{bundle['dataverse.permissions.history.assignee']}">
-                                            <h:outputText value="#{historyEntry.assigneeIdentifier}" />
+                                        <p:column headerText="#{bundle['dataverse.permissions.history.file']}">
+                                            <h:outputText value="#{historyEntry.definitionPointId}" />
                                         </p:column>
-                                        <p:column headerText="#{bundle['dataverse.permissions.history.assigned']}">
+                                        <p:column headerText="#{bundle['dataverse.permissions.history.assignedBy']}">
                                             <h:outputText value="#{historyEntry.assignedBy}" />
-                                            <h:outputText value=" on " />
+                                        </p:column>
+                                        <p:column headerText="#{bundle['dataverse.permissions.history.assignedAt']}">
                                             <h:outputText value="#{historyEntry.assignedAt}">
                                                 <f:convertDateTime pattern="yyyy-MM-dd HH:mm:ss" />
                                             </h:outputText>
                                         </p:column>
-                                        <p:column headerText="#{bundle['dataverse.permissions.history.revoked']}">
-                                            <h:outputText value="#{historyEntry.revokedBy}" rendered="#{historyEntry.revokedBy != null}" />
-                                            <h:outputText value=" on " rendered="#{historyEntry.revokedBy != null}" />
-                                            <h:outputText value="#{historyEntry.revokedAt}" rendered="#{historyEntry.revokedBy != null}">
+                                        <p:column headerText="#{bundle['dataverse.permissions.history.revokedBy']}">
+                                            <h:outputText value="#{historyEntry.revokedBy}" />
+                                        </p:column>
+                                        <p:column headerText="#{bundle['dataverse.permissions.history.revokedAt']}">
+                                            <h:outputText value="#{historyEntry.revokedAt}">
                                                 <f:convertDateTime pattern="yyyy-MM-dd HH:mm:ss" />
                                             </h:outputText>
-                                            <h:outputText value="#{bundle['dataverse.permissions.history.notRevoked']}" rendered="#{historyEntry.revokedBy == null}" />
                                         </p:column>
                                     </p:dataTable>
                                 </div>

From 52e18779d89c478c2caf14f2048711aa201c3301 Mon Sep 17 00:00:00 2001
From: Jim Myers <qqmyers@hotmail.com>
Date: Wed, 9 Apr 2025 14:39:38 -0400
Subject: [PATCH 017/634] aggregate multiple def pts, show tool tip with list

---
 .../iq/dataverse/ManageFilePermissionsPage.java    | 14 ++++++++++++++
 .../iq/dataverse/ManagePermissionsPage.java        | 13 +++++++------
 src/main/java/propertyFiles/Bundle.properties      |  1 +
 src/main/webapp/permissions-manage-files.xhtml     |  7 +++++++
 4 files changed, 29 insertions(+), 6 deletions(-)

diff --git a/src/main/java/edu/harvard/iq/dataverse/ManageFilePermissionsPage.java b/src/main/java/edu/harvard/iq/dataverse/ManageFilePermissionsPage.java
index 4cfdeaeaac3..c7adc5368b8 100644
--- a/src/main/java/edu/harvard/iq/dataverse/ManageFilePermissionsPage.java
+++ b/src/main/java/edu/harvard/iq/dataverse/ManageFilePermissionsPage.java
@@ -568,6 +568,20 @@ public List<RoleAssignmentHistoryEntry> getRoleAssignmentHistory() {
                     entry.setRevokedAt(audit.getActionTimestamp());
                 }
             }
+            // Second pass: Combine entries with matching criteria
+            Map<String, RoleAssignmentHistoryEntry> finalHistoryMap = new HashMap<>();
+            for (RoleAssignmentHistoryEntry entry : historyMap.values()) {
+                String key = entry.getAssigneeIdentifier() + "|" + entry.getRoleName() + "|" +
+                             entry.getAssignedBy() + "|" + entry.getAssignedAt() + "|" +
+                             entry.getRevokedBy() + "|" + entry.getRevokedAt();
+                
+                RoleAssignmentHistoryEntry existingEntry = finalHistoryMap.get(key);
+                if (existingEntry == null) {
+                    finalHistoryMap.put(key, entry);
+                } else {
+                    existingEntry.addDefinitionPointId(entry.getDefinitionPointIds().get(0));
+                }
+            }
             
             roleAssignmentHistory.addAll(historyMap.values());
             roleAssignmentHistory.sort(Comparator.comparing(RoleAssignmentHistoryEntry::getAssignedAt).reversed());
diff --git a/src/main/java/edu/harvard/iq/dataverse/ManagePermissionsPage.java b/src/main/java/edu/harvard/iq/dataverse/ManagePermissionsPage.java
index 9b2b04c33a6..89407c68378 100644
--- a/src/main/java/edu/harvard/iq/dataverse/ManagePermissionsPage.java
+++ b/src/main/java/edu/harvard/iq/dataverse/ManagePermissionsPage.java
@@ -765,12 +765,13 @@ public static class RoleAssignmentHistoryEntry {
         private Date assignedAt;
         private String revokedBy;
         private Date revokedAt;
-        private Long definitionPointId;  // New field
+        private List<Long> definitionPointIds;  // New field
 
         public RoleAssignmentHistoryEntry(String assigneeIdentifier, String roleName, Long definitionPointId) {
             this.roleName = roleName;
             this.assigneeIdentifier = assigneeIdentifier;
-            this.definitionPointId = definitionPointId;
+            this.definitionPointIds = new ArrayList<Long>();
+            definitionPointIds.add(definitionPointId);
         }
 
         public void setRevokedAt(Date actionTimestamp) {
@@ -813,12 +814,12 @@ public Date getRevokedAt() {
             return revokedAt;
         }
 
-        public Long getDefinitionPointId() {
-            return definitionPointId;
+        public List<Long> getDefinitionPointIds() {
+            return definitionPointIds;
         }
 
-        public void setDefinitionPointId(Long definitionPointId) {
-            this.definitionPointId = definitionPointId;
+        public void addDefinitionPointId(Long definitionPointId) {
+            definitionPointIds.add(definitionPointId);
         }
     }
 }
diff --git a/src/main/java/propertyFiles/Bundle.properties b/src/main/java/propertyFiles/Bundle.properties
index 1d7e45c5479..10cf777daf5 100644
--- a/src/main/java/propertyFiles/Bundle.properties
+++ b/src/main/java/propertyFiles/Bundle.properties
@@ -1211,6 +1211,7 @@ dataverse.permissions.history.assignedBy=Assigned By
 dataverse.permissions.history.assignedAt=Assignment Date
 dataverse.permissions.history.revokedBy=Revoked By
 dataverse.permissions.history.revokedAt=Revocation Date
+dataverse.permissions.history.definedOn=Defined On
 dataverse.permissions.history.files={0} Files
 # permissions-manage-files.xhtml
 dataverse.permissionsFiles.title=Restricted File Permissions
diff --git a/src/main/webapp/permissions-manage-files.xhtml b/src/main/webapp/permissions-manage-files.xhtml
index 64783288df1..4ead7ddec5b 100644
--- a/src/main/webapp/permissions-manage-files.xhtml
+++ b/src/main/webapp/permissions-manage-files.xhtml
@@ -234,6 +234,13 @@
                                     <p:column headerText="#{bundle['dataverse.permissions.history.role']}">
                                         <h:outputText value="#{historyEntry.roleName}" />
                                     </p:column>
+                                    <p:column headerText="#{bundle['dataverse.permissions.history.definedOn']}">
+                                        <h:outputText value="#{bundle['dataverse.permissions.history.files']}"
+                                                      title="#{historyEntry.definitionPointIds.stream().map(Object::toString).collect(java.util.stream.Collectors.joining(', '))}">
+                                            <f:param value="#{historyEntry.definitionPointIds.size()}" />
+                                            <p:tooltip/>
+                                        </h:outputText>
+                                    </p:column>
                                     <p:column headerText="#{bundle['dataverse.permissions.history.assignedBy']}">
                                         <h:outputText value="#{historyEntry.assignedBy}" />
                                     </p:column>

From 8b93f309565b29985be9ccf98430f9ba15734cb9 Mon Sep 17 00:00:00 2001
From: Jim Myers <qqmyers@hotmail.com>
Date: Wed, 9 Apr 2025 15:05:48 -0400
Subject: [PATCH 018/634] fixes

---
 .../edu/harvard/iq/dataverse/ManagePermissionsPage.java   | 8 ++++++++
 src/main/webapp/permissions-manage-files.xhtml            | 2 +-
 src/main/webapp/permissions-manage.xhtml                  | 3 ---
 3 files changed, 9 insertions(+), 4 deletions(-)

diff --git a/src/main/java/edu/harvard/iq/dataverse/ManagePermissionsPage.java b/src/main/java/edu/harvard/iq/dataverse/ManagePermissionsPage.java
index 89407c68378..d4bc281a89a 100644
--- a/src/main/java/edu/harvard/iq/dataverse/ManagePermissionsPage.java
+++ b/src/main/java/edu/harvard/iq/dataverse/ManagePermissionsPage.java
@@ -35,6 +35,8 @@
 import java.util.Set;
 import java.util.logging.Level;
 import java.util.logging.Logger;
+import java.util.stream.Collectors;
+
 import jakarta.ejb.EJB;
 import jakarta.faces.application.FacesMessage;
 import jakarta.faces.event.ActionEvent;
@@ -821,5 +823,11 @@ public List<Long> getDefinitionPointIds() {
         public void addDefinitionPointId(Long definitionPointId) {
             definitionPointIds.add(definitionPointId);
         }
+        
+        public String getDefinitionPointIdsAsString(List<Long> definitionPointIds) {
+            return definitionPointIds.stream()
+                    .map(Object::toString)
+                    .collect(Collectors.joining(", "));
+        }
     }
 }
diff --git a/src/main/webapp/permissions-manage-files.xhtml b/src/main/webapp/permissions-manage-files.xhtml
index 4ead7ddec5b..8ef11965b35 100644
--- a/src/main/webapp/permissions-manage-files.xhtml
+++ b/src/main/webapp/permissions-manage-files.xhtml
@@ -236,7 +236,7 @@
                                     </p:column>
                                     <p:column headerText="#{bundle['dataverse.permissions.history.definedOn']}">
                                         <h:outputText value="#{bundle['dataverse.permissions.history.files']}"
-                                                      title="#{historyEntry.definitionPointIds.stream().map(Object::toString).collect(java.util.stream.Collectors.joining(', '))}">
+                                                      title="#{historyEntry.definitionPointIdsAsString}">
                                             <f:param value="#{historyEntry.definitionPointIds.size()}" />
                                             <p:tooltip/>
                                         </h:outputText>
diff --git a/src/main/webapp/permissions-manage.xhtml b/src/main/webapp/permissions-manage.xhtml
index 9c7b678167b..dfab2a067a3 100644
--- a/src/main/webapp/permissions-manage.xhtml
+++ b/src/main/webapp/permissions-manage.xhtml
@@ -214,9 +214,6 @@
                                         <p:column headerText="#{bundle['dataverse.permissions.history.role']}">
                                             <h:outputText value="#{historyEntry.roleName}" />
                                         </p:column>
-                                        <p:column headerText="#{bundle['dataverse.permissions.history.file']}">
-                                            <h:outputText value="#{historyEntry.definitionPointId}" />
-                                        </p:column>
                                         <p:column headerText="#{bundle['dataverse.permissions.history.assignedBy']}">
                                             <h:outputText value="#{historyEntry.assignedBy}" />
                                         </p:column>

From d16eb77577f0ac99b033c7999c02144a664670a3 Mon Sep 17 00:00:00 2001
From: Jim Myers <qqmyers@hotmail.com>
Date: Thu, 10 Apr 2025 09:17:39 -0400
Subject: [PATCH 019/634] remove param

---
 .../java/edu/harvard/iq/dataverse/ManagePermissionsPage.java    | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/main/java/edu/harvard/iq/dataverse/ManagePermissionsPage.java b/src/main/java/edu/harvard/iq/dataverse/ManagePermissionsPage.java
index d4bc281a89a..8f8400fe8ca 100644
--- a/src/main/java/edu/harvard/iq/dataverse/ManagePermissionsPage.java
+++ b/src/main/java/edu/harvard/iq/dataverse/ManagePermissionsPage.java
@@ -824,7 +824,7 @@ public void addDefinitionPointId(Long definitionPointId) {
             definitionPointIds.add(definitionPointId);
         }
         
-        public String getDefinitionPointIdsAsString(List<Long> definitionPointIds) {
+        public String getDefinitionPointIdsAsString() {
             return definitionPointIds.stream()
                     .map(Object::toString)
                     .collect(Collectors.joining(", "));

From c622259b2626df70a111f1bfd619905a66335bad Mon Sep 17 00:00:00 2001
From: Jim Myers <qqmyers@hotmail.com>
Date: Thu, 10 Apr 2025 10:51:54 -0400
Subject: [PATCH 020/634] use final map to avoid duplicates

---
 .../edu/harvard/iq/dataverse/ManageFilePermissionsPage.java     | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/main/java/edu/harvard/iq/dataverse/ManageFilePermissionsPage.java b/src/main/java/edu/harvard/iq/dataverse/ManageFilePermissionsPage.java
index c7adc5368b8..0dbcba1fc97 100644
--- a/src/main/java/edu/harvard/iq/dataverse/ManageFilePermissionsPage.java
+++ b/src/main/java/edu/harvard/iq/dataverse/ManageFilePermissionsPage.java
@@ -583,7 +583,7 @@ public List<RoleAssignmentHistoryEntry> getRoleAssignmentHistory() {
                 }
             }
             
-            roleAssignmentHistory.addAll(historyMap.values());
+            roleAssignmentHistory.addAll(finalHistoryMap.values());
             roleAssignmentHistory.sort(Comparator.comparing(RoleAssignmentHistoryEntry::getAssignedAt).reversed());
         }
         return roleAssignmentHistory;

From 334d8e01a46258265b6fc3679b922d3054ec6b1c Mon Sep 17 00:00:00 2001
From: Jim Myers <qqmyers@hotmail.com>
Date: Thu, 10 Apr 2025 10:52:10 -0400
Subject: [PATCH 021/634] use h:outputFormat

---
 src/main/webapp/permissions-manage-files.xhtml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/main/webapp/permissions-manage-files.xhtml b/src/main/webapp/permissions-manage-files.xhtml
index 8ef11965b35..9e43d4ce910 100644
--- a/src/main/webapp/permissions-manage-files.xhtml
+++ b/src/main/webapp/permissions-manage-files.xhtml
@@ -235,11 +235,11 @@
                                         <h:outputText value="#{historyEntry.roleName}" />
                                     </p:column>
                                     <p:column headerText="#{bundle['dataverse.permissions.history.definedOn']}">
-                                        <h:outputText value="#{bundle['dataverse.permissions.history.files']}"
+                                        <h:outputFormat value="#{bundle['dataverse.permissions.history.files']}"
                                                       title="#{historyEntry.definitionPointIdsAsString}">
                                             <f:param value="#{historyEntry.definitionPointIds.size()}" />
                                             <p:tooltip/>
-                                        </h:outputText>
+                                        </h:outputFormat>
                                     </p:column>
                                     <p:column headerText="#{bundle['dataverse.permissions.history.assignedBy']}">
                                         <h:outputText value="#{historyEntry.assignedBy}" />

From 04ac9bad4fa8b1e82802bcbc2a5900da9d7d3b6b Mon Sep 17 00:00:00 2001
From: Jim Myers <qqmyers@hotmail.com>
Date: Mon, 14 Apr 2025 14:04:19 -0400
Subject: [PATCH 022/634] Drop refresh

---
 .../java/edu/harvard/iq/dataverse/DataverseRoleServiceBean.java  | 1 -
 1 file changed, 1 deletion(-)

diff --git a/src/main/java/edu/harvard/iq/dataverse/DataverseRoleServiceBean.java b/src/main/java/edu/harvard/iq/dataverse/DataverseRoleServiceBean.java
index 17938d900a3..8d31ff907b8 100644
--- a/src/main/java/edu/harvard/iq/dataverse/DataverseRoleServiceBean.java
+++ b/src/main/java/edu/harvard/iq/dataverse/DataverseRoleServiceBean.java
@@ -78,7 +78,6 @@ public RoleAssignment save(RoleAssignment assignment, boolean createIndex) {
         if (assignment.getId() == null) {
             em.persist(assignment);
             em.flush(); // Force synchronization with the database
-            em.refresh(assignment); // Refresh the entity to ensure it has the latest state, including the ID
         } else {
             assignment = em.merge(assignment);
         }

From c7251f58096cd98120591b18b35cfbae19ba9296 Mon Sep 17 00:00:00 2001
From: Jim Myers <qqmyers@hotmail.com>
Date: Mon, 14 Apr 2025 14:23:56 -0400
Subject: [PATCH 023/634] move RA to postFlush in create

---
 .../command/impl/CreateNewDatasetCommand.java | 25 +++++++++++--------
 1 file changed, 14 insertions(+), 11 deletions(-)

diff --git a/src/main/java/edu/harvard/iq/dataverse/engine/command/impl/CreateNewDatasetCommand.java b/src/main/java/edu/harvard/iq/dataverse/engine/command/impl/CreateNewDatasetCommand.java
index c22a2cdb4a2..5aa2ceb49e4 100644
--- a/src/main/java/edu/harvard/iq/dataverse/engine/command/impl/CreateNewDatasetCommand.java
+++ b/src/main/java/edu/harvard/iq/dataverse/engine/command/impl/CreateNewDatasetCommand.java
@@ -107,9 +107,23 @@ protected void handlePid(Dataset theDataset, CommandContext ctxt) throws Command
     
     @Override
     protected void postPersist( Dataset theDataset, CommandContext ctxt ){
+
+        
+        if ( template != null ) {
+            ctxt.templates().incrementUsageCount(template.getId());
+        }
+    }
+    
+    /* Saves role assignments for the dataset.
+     * Emails those able to publish the dataset (except the creator themselves who already gets an email)
+     * that a new dataset exists. 
+     * NB: These need the dataset id so have to be postDBFlush (vs postPersist())
+     */
+    protected void postDBFlush( Dataset theDataset, CommandContext ctxt ){
         // set the role to be default contributor role for its dataverse
         String privateUrlToken = null;
         if (theDataset.getOwner().getDefaultContributorRole() != null) {
+            logger.info("New Dataset id: " + theDataset.getId());
             RoleAssignment roleAssignment = new RoleAssignment(theDataset.getOwner().getDefaultContributorRole(),
                     getRequest().getUser(), theDataset, privateUrlToken);
             ctxt.roles().save(roleAssignment, false);
@@ -126,17 +140,6 @@ protected void postPersist( Dataset theDataset, CommandContext ctxt ){
             // linked here (?)
             theDataset.setPermissionModificationTime(getTimestamp());
         }
-        
-        if ( template != null ) {
-            ctxt.templates().incrementUsageCount(template.getId());
-        }
-    }
-    
-    /* Emails those able to publish the dataset (except the creator themselves who already gets an email)
-     * that a new dataset exists. 
-     * NB: Needs dataset id so has to be postDBFlush (vs postPersist())
-     */
-    protected void postDBFlush( Dataset theDataset, CommandContext ctxt ){
         if(ctxt.settings().isTrueForKey(SettingsServiceBean.Key.SendNotificationOnDatasetCreation, false)) {
         //QDR - alert curators that a dataset has been created
         //Should this create a notification too? (which would let us use the notification mailcapbilities to generate the subject/body.

From 614697b24193cc6e33033db4aaa0b7296aff97fb Mon Sep 17 00:00:00 2001
From: Jim Myers <qqmyers@hotmail.com>
Date: Mon, 14 Apr 2025 16:56:37 -0400
Subject: [PATCH 024/634] move audit code to service

---
 .../iq/dataverse/DataverseRoleServiceBean.java     | 14 ++++++++++----
 .../harvard/iq/dataverse/DataverseServiceBean.java |  6 +++---
 .../java/edu/harvard/iq/dataverse/api/Admin.java   |  5 +++--
 .../engine/command/impl/AssignRoleCommand.java     |  8 +-------
 .../command/impl/CreateDataverseCommand.java       |  6 +++---
 .../command/impl/CreateNewDatasetCommand.java      |  2 +-
 .../command/impl/CreateDataverseCommandTest.java   |  6 +++---
 .../command/impl/CreatePrivateUrlCommandTest.java  |  3 ++-
 .../command/impl/MoveDatasetCommandTest.java       |  6 +++---
 .../impl/ReturnDatasetToAuthorCommandTest.java     |  2 +-
 .../impl/SubmitDatasetForReviewCommandTest.java    |  2 +-
 11 files changed, 31 insertions(+), 29 deletions(-)

diff --git a/src/main/java/edu/harvard/iq/dataverse/DataverseRoleServiceBean.java b/src/main/java/edu/harvard/iq/dataverse/DataverseRoleServiceBean.java
index 8d31ff907b8..09097be9c8e 100644
--- a/src/main/java/edu/harvard/iq/dataverse/DataverseRoleServiceBean.java
+++ b/src/main/java/edu/harvard/iq/dataverse/DataverseRoleServiceBean.java
@@ -70,11 +70,11 @@ public DataverseRole save(DataverseRole aRole) {
         return aRole;
     }
 
-    public RoleAssignment save(RoleAssignment assignment) {
-        return save(assignment, true);
+    public RoleAssignment save(RoleAssignment assignment, DataverseRequest req) {
+        return save(assignment, true, req);
     }
     
-    public RoleAssignment save(RoleAssignment assignment, boolean createIndex) {
+    public RoleAssignment save(RoleAssignment assignment, boolean createIndex, DataverseRequest req) {
         if (assignment.getId() == null) {
             em.persist(assignment);
             em.flush(); // Force synchronization with the database
@@ -86,6 +86,12 @@ public RoleAssignment save(RoleAssignment assignment, boolean createIndex) {
             indexAsync.indexRole(assignment);
         }
         
+        // Check if ROLE_ASSIGNMENT_AUDITING feature flag is enabled
+        if (FeatureFlags.ROLE_ASSIGNMENT_AUDITING.enabled()) {
+            RoleAssignmentAudit audit = new RoleAssignmentAudit(assignment, req, RoleAssignmentAudit.ActionType.ASSIGN);
+            saveAudit(audit);
+        }
+
         return assignment;
     }
     
@@ -96,7 +102,7 @@ public RoleAssignment save(RoleAssignment assignment, boolean createIndex) {
      * @param audit The RoleAssignmentAudit object to be saved
      * @return The persisted RoleAssignmentAudit object
      */
-    public RoleAssignmentAudit saveAudit(RoleAssignmentAudit audit) {
+    private RoleAssignmentAudit saveAudit(RoleAssignmentAudit audit) {
         if (audit.getAuditId() == null) {
             em.persist(audit);
             em.flush(); // Ensure the entity is persisted immediately
diff --git a/src/main/java/edu/harvard/iq/dataverse/DataverseServiceBean.java b/src/main/java/edu/harvard/iq/dataverse/DataverseServiceBean.java
index f89e707cc03..06ea6969200 100644
--- a/src/main/java/edu/harvard/iq/dataverse/DataverseServiceBean.java
+++ b/src/main/java/edu/harvard/iq/dataverse/DataverseServiceBean.java
@@ -771,7 +771,7 @@ public List<Long> findAllDataverseDatasetChildren(Long dvId) {
     }
     
     public String addRoleAssignmentsToChildren(Dataverse owner, ArrayList<String> rolesToInherit,
-            boolean inheritAllRoles) {
+            boolean inheritAllRoles, DataverseRequest req) {
         /*
          * This query recursively finds all Dataverses that are inside/children of the
          * specified one. It recursively finds dvobjects of dtype 'Dataverse' whose
@@ -857,7 +857,7 @@ public String addRoleAssignmentsToChildren(Dataverse owner, ArrayList<String> ro
                     try {
                         RoleAssignment ra = new RoleAssignment(inheritableRole, roleUser, childDv, privateUrlToken);
                         if (!existingRAs.get(childDv.getId()).contains(ra)) {
-                            rolesService.save(ra);
+                            rolesService.save(ra, req);
                         }
                     } catch (Exception e) {
                         logger.warning("Unable to assign " + roleAssignment.getAssigneeIdentifier()
@@ -877,7 +877,7 @@ public String addRoleAssignmentsToChildren(Dataverse owner, ArrayList<String> ro
                             RoleAssignment ra = new RoleAssignment(inheritableRole, roleGroup, childDv,
                                     privateUrlToken);
                             if (!existingRAs.get(childDv.getId()).contains(ra)) {
-                                rolesService.save(ra);
+                                rolesService.save(ra, req);
                             }
                         } catch (Exception e) {
                             logger.warning("Unable to assign " + roleAssignment.getAssigneeIdentifier()
diff --git a/src/main/java/edu/harvard/iq/dataverse/api/Admin.java b/src/main/java/edu/harvard/iq/dataverse/api/Admin.java
index ac52b5d9fbf..4cbd405d2cf 100644
--- a/src/main/java/edu/harvard/iq/dataverse/api/Admin.java
+++ b/src/main/java/edu/harvard/iq/dataverse/api/Admin.java
@@ -2156,8 +2156,9 @@ public Response addRoleAssignementsToChildren(@Context ContainerRequestContext c
         if (owner == null) {
             return error(Response.Status.NOT_FOUND, "Could not find dataverse based on alias supplied: " + alias + ".");
         }
+        AuthenticatedUser user = null;
         try {
-            AuthenticatedUser user = getRequestAuthenticatedUserOrDie(crc);
+            user = getRequestAuthenticatedUserOrDie(crc);
             if (!user.isSuperuser()) {
                 return error(Response.Status.FORBIDDEN, "Superusers only.");
             }
@@ -2172,7 +2173,7 @@ public Response addRoleAssignementsToChildren(@Context ContainerRequestContext c
                 if (rolesToInherit.contains("*")) {
                     inheritAllRoles = true;
                 }
-                return ok(dataverseSvc.addRoleAssignmentsToChildren(owner, rolesToInherit, inheritAllRoles));
+                return ok(dataverseSvc.addRoleAssignmentsToChildren(owner, rolesToInherit, inheritAllRoles, createDataverseRequest(user)));
             }
         }
         return error(Response.Status.BAD_REQUEST,
diff --git a/src/main/java/edu/harvard/iq/dataverse/engine/command/impl/AssignRoleCommand.java b/src/main/java/edu/harvard/iq/dataverse/engine/command/impl/AssignRoleCommand.java
index 2bd8b6c1090..7260b433ddb 100644
--- a/src/main/java/edu/harvard/iq/dataverse/engine/command/impl/AssignRoleCommand.java
+++ b/src/main/java/edu/harvard/iq/dataverse/engine/command/impl/AssignRoleCommand.java
@@ -77,13 +77,7 @@ public RoleAssignment execute(CommandContext ctxt) throws CommandException {
     }
     // TODO make sure the role is defined on the dataverse.
     RoleAssignment roleAssignment = new RoleAssignment(role, grantee, defPoint, privateUrlToken, anonymizedAccess);
-    RoleAssignment savedRoleAssignment = ctxt.roles().save(roleAssignment);
-
-    // Check if ROLE_ASSIGNMENT_AUDITING feature flag is enabled
-    if (FeatureFlags.ROLE_ASSIGNMENT_AUDITING.enabled()) {
-        RoleAssignmentAudit audit = new RoleAssignmentAudit(savedRoleAssignment, getRequest(), RoleAssignmentAudit.ActionType.ASSIGN);
-        ctxt.roles().saveAudit(audit);
-    }
+    RoleAssignment savedRoleAssignment = ctxt.roles().save(roleAssignment, getRequest());
 
     return savedRoleAssignment;
 }
diff --git a/src/main/java/edu/harvard/iq/dataverse/engine/command/impl/CreateDataverseCommand.java b/src/main/java/edu/harvard/iq/dataverse/engine/command/impl/CreateDataverseCommand.java
index 145cfb6199c..d85e82844f5 100644
--- a/src/main/java/edu/harvard/iq/dataverse/engine/command/impl/CreateDataverseCommand.java
+++ b/src/main/java/edu/harvard/iq/dataverse/engine/command/impl/CreateDataverseCommand.java
@@ -95,7 +95,7 @@ protected Dataverse innerExecute(CommandContext ctxt) throws IllegalCommandExcep
         DataverseRole adminRole = ctxt.roles().findBuiltinRoleByAlias(DataverseRole.ADMIN);
         String privateUrlToken = null;
 
-        ctxt.roles().save(new RoleAssignment(adminRole, getRequest().getUser(), managedDv, privateUrlToken), false);
+        ctxt.roles().save(new RoleAssignment(adminRole, getRequest().getUser(), managedDv, privateUrlToken), false, getRequest());
         // Add additional role assignments if inheritance is set
         boolean inheritAllRoles = false;
         String rolesString = ctxt.settings().getValueForKey(SettingsServiceBean.Key.InheritParentRoleAssignments, "");
@@ -120,13 +120,13 @@ protected Dataverse innerExecute(CommandContext ctxt) throws IllegalCommandExcep
                             if (identifier.startsWith(AuthenticatedUser.IDENTIFIER_PREFIX)) {
                                 identifier = identifier.substring(AuthenticatedUser.IDENTIFIER_PREFIX.length());
                                 ctxt.roles().save(new RoleAssignment(role.getRole(),
-                                        ctxt.authentication().getAuthenticatedUser(identifier), managedDv, privateUrlToken), false);
+                                        ctxt.authentication().getAuthenticatedUser(identifier), managedDv, privateUrlToken), false, getRequest());
                             } else if (identifier.startsWith(Group.IDENTIFIER_PREFIX)) {
                                 identifier = identifier.substring(Group.IDENTIFIER_PREFIX.length());
                                 Group roleGroup = ctxt.groups().getGroup(identifier);
                                 if (roleGroup != null) {
                                     ctxt.roles().save(new RoleAssignment(role.getRole(),
-                                            roleGroup, managedDv, privateUrlToken), false);
+                                            roleGroup, managedDv, privateUrlToken), false, getRequest());
                                 }
                             }
                         }
diff --git a/src/main/java/edu/harvard/iq/dataverse/engine/command/impl/CreateNewDatasetCommand.java b/src/main/java/edu/harvard/iq/dataverse/engine/command/impl/CreateNewDatasetCommand.java
index 5aa2ceb49e4..d30443c5de3 100644
--- a/src/main/java/edu/harvard/iq/dataverse/engine/command/impl/CreateNewDatasetCommand.java
+++ b/src/main/java/edu/harvard/iq/dataverse/engine/command/impl/CreateNewDatasetCommand.java
@@ -126,7 +126,7 @@ protected void postDBFlush( Dataset theDataset, CommandContext ctxt ){
             logger.info("New Dataset id: " + theDataset.getId());
             RoleAssignment roleAssignment = new RoleAssignment(theDataset.getOwner().getDefaultContributorRole(),
                     getRequest().getUser(), theDataset, privateUrlToken);
-            ctxt.roles().save(roleAssignment, false);
+            ctxt.roles().save(roleAssignment, false, getRequest());
 
             // TODO: the above may be creating the role assignments and saving them 
             // in the database, but without properly linking them to the dataset
diff --git a/src/test/java/edu/harvard/iq/dataverse/engine/command/impl/CreateDataverseCommandTest.java b/src/test/java/edu/harvard/iq/dataverse/engine/command/impl/CreateDataverseCommandTest.java
index 73880b78e7b..dd7d60632f9 100644
--- a/src/test/java/edu/harvard/iq/dataverse/engine/command/impl/CreateDataverseCommandTest.java
+++ b/src/test/java/edu/harvard/iq/dataverse/engine/command/impl/CreateDataverseCommandTest.java
@@ -101,15 +101,15 @@ public DataverseRole findBuiltinRoleByAlias(String alias) {
         }
 
         @Override
-        public RoleAssignment save(RoleAssignment assignment) {
+        public RoleAssignment save(RoleAssignment assignment, DataverseRequest req) {
             assignment.setId( nextId() );
             assignments.add(assignment);
             return assignment;
         }
         
         @Override
-        public RoleAssignment save(RoleAssignment assignment, boolean index) {
-            return save (assignment);
+        public RoleAssignment save(RoleAssignment assignment, boolean index, DataverseRequest req) {
+            return save (assignment, req);
         }        
 
         @Override
diff --git a/src/test/java/edu/harvard/iq/dataverse/engine/command/impl/CreatePrivateUrlCommandTest.java b/src/test/java/edu/harvard/iq/dataverse/engine/command/impl/CreatePrivateUrlCommandTest.java
index 0ba29f74774..e3ecf6b8a9a 100644
--- a/src/test/java/edu/harvard/iq/dataverse/engine/command/impl/CreatePrivateUrlCommandTest.java
+++ b/src/test/java/edu/harvard/iq/dataverse/engine/command/impl/CreatePrivateUrlCommandTest.java
@@ -11,6 +11,7 @@
 import edu.harvard.iq.dataverse.authorization.users.PrivateUrlUser;
 import edu.harvard.iq.dataverse.engine.TestCommandContext;
 import edu.harvard.iq.dataverse.engine.TestDataverseEngine;
+import edu.harvard.iq.dataverse.engine.command.DataverseRequest;
 import edu.harvard.iq.dataverse.engine.command.exception.CommandException;
 import edu.harvard.iq.dataverse.privateurl.PrivateUrl;
 import edu.harvard.iq.dataverse.privateurl.PrivateUrlServiceBean;
@@ -79,7 +80,7 @@ public DataverseRole findBuiltinRoleByAlias(String alias) {
                     }
 
                     @Override
-                    public RoleAssignment save(RoleAssignment assignment) {
+                    public RoleAssignment save(RoleAssignment assignment, DataverseRequest req) {
                         // no-op
                         return assignment;
                     }
diff --git a/src/test/java/edu/harvard/iq/dataverse/engine/command/impl/MoveDatasetCommandTest.java b/src/test/java/edu/harvard/iq/dataverse/engine/command/impl/MoveDatasetCommandTest.java
index 380a4bbcf18..b8902728785 100644
--- a/src/test/java/edu/harvard/iq/dataverse/engine/command/impl/MoveDatasetCommandTest.java
+++ b/src/test/java/edu/harvard/iq/dataverse/engine/command/impl/MoveDatasetCommandTest.java
@@ -284,15 +284,15 @@ public DataverseRole findBuiltinRoleByAlias(String alias) {
         }
 
         @Override
-        public RoleAssignment save(RoleAssignment assignment) {
+        public RoleAssignment save(RoleAssignment assignment, DataverseRequest req) {
             assignment.setId(nextId());
             assignments.add(assignment);
             return assignment;
         }
 
         @Override
-        public RoleAssignment save(RoleAssignment assignment, boolean index) {
-            return save(assignment);
+        public RoleAssignment save(RoleAssignment assignment, boolean index, DataverseRequest req) {
+            return save(assignment, req);
         }
 
         @Override
diff --git a/src/test/java/edu/harvard/iq/dataverse/engine/command/impl/ReturnDatasetToAuthorCommandTest.java b/src/test/java/edu/harvard/iq/dataverse/engine/command/impl/ReturnDatasetToAuthorCommandTest.java
index 68c44764dff..2c133f33932 100644
--- a/src/test/java/edu/harvard/iq/dataverse/engine/command/impl/ReturnDatasetToAuthorCommandTest.java
+++ b/src/test/java/edu/harvard/iq/dataverse/engine/command/impl/ReturnDatasetToAuthorCommandTest.java
@@ -107,7 +107,7 @@ public DataverseRole findBuiltinRoleByAlias(String alias) {
                     }
 
                     @Override
-                    public RoleAssignment save(RoleAssignment assignment) {
+                    public RoleAssignment save(RoleAssignment assignment, DataverseRequest req) {
                         // no-op
                         return assignment;
                     }
diff --git a/src/test/java/edu/harvard/iq/dataverse/engine/command/impl/SubmitDatasetForReviewCommandTest.java b/src/test/java/edu/harvard/iq/dataverse/engine/command/impl/SubmitDatasetForReviewCommandTest.java
index 700ba332247..2f607aa7a0e 100644
--- a/src/test/java/edu/harvard/iq/dataverse/engine/command/impl/SubmitDatasetForReviewCommandTest.java
+++ b/src/test/java/edu/harvard/iq/dataverse/engine/command/impl/SubmitDatasetForReviewCommandTest.java
@@ -113,7 +113,7 @@ public DataverseRole findBuiltinRoleByAlias(String alias) {
                     }
 
                     @Override
-                    public RoleAssignment save(RoleAssignment assignment) {
+                    public RoleAssignment save(RoleAssignment assignment, DataverseRequest req) {
                         // no-op
                         return assignment;
                     }

From d896af5d893bf7cdf8eb143c5d0530aad64f5c32 Mon Sep 17 00:00:00 2001
From: Jim Myers <qqmyers@hotmail.com>
Date: Wed, 16 Apr 2025 14:41:14 -0400
Subject: [PATCH 025/634] update history when assignment made

---
 src/main/webapp/roles-assign.xhtml | 18 +-----------------
 1 file changed, 1 insertion(+), 17 deletions(-)

diff --git a/src/main/webapp/roles-assign.xhtml b/src/main/webapp/roles-assign.xhtml
index 93b9862c55d..8c5290b1580 100644
--- a/src/main/webapp/roles-assign.xhtml
+++ b/src/main/webapp/roles-assign.xhtml
@@ -89,7 +89,7 @@
             </div>
             <div class="button-block">
                 <p:commandButton styleClass="btn btn-default" value="#{bundle.saveChanges}"
-                               update="assignRoleContent assignedRoles @([id$=Messages])"
+                               update="assignRoleContent assignedRoles roleAssignmentHistory @([id$=Messages])"
                                actionListener="#{managePermissionsPage.assignRole}" 
                                oncomplete="if (args &amp;&amp; !args.validationFailed) PF('userGroupsForm').hide();">
                     <f:param name="DO_ASSIGN_VALIDATION" value="true"/>
@@ -100,20 +100,4 @@
             </div>
         </p:fragment>
     </p:dialog>
-    <p:dialog id="confirmFileDownloader" header="#{bundle['dataverse.permissions.usersOrGroups.assignDialog.header']}" widgetVar="confirmFileDownloader" modal="true">
-        <p class="help-block">
-            <span class="glyphicon glyphicon-warning-sign text-danger"/> <span class="text-danger">#{bundle['dataverse.permissions.usersOrGroups.assignDialog.fileDownloadConfirm']}</span>
-        </p>
-        <div class="button-block">
-            
-            <!-- THIS confirmFileDownloader POPUP HAS YET TO BE WIRED UP -->
-            
-            <p:commandButton value="#{bundle.continue}" styleClass="btn btn-default" onclick="PF('confirmFileDownloader').hide()"
-                             action="#{managePermissionsPage.assignRole}"
-                             update="assignRoleContent assignedRoles @([id$=Messages])" />
-            <button class="btn btn-link" onclick="PF('confirmFileDownloader').hide()" type="button">
-                #{bundle.cancel}
-            </button>
-        </div>
-    </p:dialog>
 </ui:composition>

From 06042f3eaab71ca59cf22dc2deec2c5c7d17716c Mon Sep 17 00:00:00 2001
From: Jim Myers <qqmyers@hotmail.com>
Date: Wed, 16 Apr 2025 15:27:58 -0400
Subject: [PATCH 026/634] handle dataverse, no filePIDs, more update history

---
 .../harvard/iq/dataverse/RoleAssignmentAudit.java   | 13 +++++++++----
 src/main/webapp/permissions-manage-files.xhtml      | 10 +++++-----
 2 files changed, 14 insertions(+), 9 deletions(-)

diff --git a/src/main/java/edu/harvard/iq/dataverse/RoleAssignmentAudit.java b/src/main/java/edu/harvard/iq/dataverse/RoleAssignmentAudit.java
index dc6fb1806c2..52292aeb065 100644
--- a/src/main/java/edu/harvard/iq/dataverse/RoleAssignmentAudit.java
+++ b/src/main/java/edu/harvard/iq/dataverse/RoleAssignmentAudit.java
@@ -61,16 +61,16 @@ public class RoleAssignmentAudit implements Serializable {
     @Column(name = "assignee_identifier", nullable = false)
     private String assigneeIdentifier;
 
-    @Column(name = "role_id")
+    @Column(name = "role_id", nullable = false)
     private Long roleId;
 
     @Column(name = "role_alias", nullable = false)
     private String roleAlias;
 
-    @Column(name = "definition_point_id")
+    @Column(name = "definition_point_id", nullable = false)
     private Long definitionPointId;
 
-    @Column(name = "definition_point_identifier", nullable = false)
+    @Column(name = "definition_point_identifier", nullable = true)
     private String definitionPointIdentifier;
 
     public enum ActionType {
@@ -90,7 +90,12 @@ public RoleAssignmentAudit(RoleAssignment roleAssignment, DataverseRequest reque
         this.roleId = roleAssignment.getRole().getId();
         this.roleAlias = roleAssignment.getRole().getAlias();
         this.definitionPointId = roleAssignment.getDefinitionPoint().getId();
-        this.definitionPointIdentifier = roleAssignment.getDefinitionPoint().getGlobalId().asString();
+        GlobalId globalId = roleAssignment.getDefinitionPoint().getGlobalId();
+        if(globalId != null) {
+            this.definitionPointIdentifier = roleAssignment.getDefinitionPoint().getGlobalId().asString();
+        } else if(roleAssignment.getDefinitionPoint() instanceof Dataverse dv) {
+            this.definitionPointIdentifier = dv.getAlias();
+        }
     }
 
     // Getters and setters
diff --git a/src/main/webapp/permissions-manage-files.xhtml b/src/main/webapp/permissions-manage-files.xhtml
index 9e43d4ce910..11fc97087fd 100644
--- a/src/main/webapp/permissions-manage-files.xhtml
+++ b/src/main/webapp/permissions-manage-files.xhtml
@@ -95,7 +95,7 @@
                                                                            update=":#{p:resolveClientId('rolesPermissionsForm:userGroups', view)}
                                                                            :#{p:resolveClientId('rolesPermissionsForm:restrictedFiles', view)}
                                                                            #{p:resolveClientId('rolesPermissionsForm:usersGroups', view)}
-                                                                           @([id$=Messages])">
+                                                                           roleAssignmentHistory @([id$=Messages])">
                                                                 <span class="glyphicon glyphicon-ok"/> #{bundle['dataverse.permissionsFiles.assignDialog.grantBtn']}
                                                             </p:commandLink>
                                                             <p:commandLink styleClass="btn btn-default"
@@ -103,7 +103,7 @@
                                                                            update=":#{p:resolveClientId('rolesPermissionsForm:userGroups', view)}
                                                                            :#{p:resolveClientId('rolesPermissionsForm:restrictedFiles', view)}
                                                                            #{p:resolveClientId('rolesPermissionsForm:usersGroups', view)}
-                                                                           @([id$=Messages])">
+                                                                           roleAssignmentHistory @([id$=Messages])">
                                                                 <span class="glyphicon glyphicon-ban-circle"/> #{bundle['dataverse.permissionsFiles.assignDialog.rejectBtn']}
                                                             </p:commandLink>
                                                         </div>
@@ -383,14 +383,14 @@
                             </div>
                             <div class="button-block">
                                 <p:commandLink styleClass="btn btn-default" rendered="#{empty manageFilePermissionsPage.fileRequester}"
-                                               update="assignRoleContent userGroups restrictedFiles @([id$=Messages])"
+                                               update="assignRoleContent userGroups restrictedFiles roleAssignmentHistory @([id$=Messages])"
                                                actionListener="#{manageFilePermissionsPage.grantAccess}" oncomplete="if (args &amp;&amp; !args.validationFailed) PF('assignWidget').hide();">
                                     <f:param name="DO_VALIDATION" value="true"/>
                                     <span class="glyphicon glyphicon-ok"/>
                                     <h:outputText value="#{bundle['dataverse.permissionsFiles.assignDialog.grantBtn']}"/>
                                 </p:commandLink>
                                 <p:commandLink styleClass="btn btn-default" rendered="#{!empty manageFilePermissionsPage.fileRequester}"
-                                               update="assignRoleContent userGroups fileAccessRequests restrictedFiles @([id$=Messages])"
+                                               update="assignRoleContent userGroups fileAccessRequests restrictedFiles roleAssignmentHistory @([id$=Messages])"
                                                actionListener="#{manageFilePermissionsPage.grantAccessToRequests(manageFilePermissionsPage.fileRequester)}" oncomplete="PF('assignWidget').hide();">
                                     <span class="glyphicon glyphicon-ok"/>
                                     <h:outputText value="#{bundle['dataverse.permissionsFiles.assignDialog.grantBtn']}"/>
@@ -415,7 +415,7 @@
                             <p:commandButton styleClass="btn btn-default" value="#{bundle.continue}" onclick="PF('confirmation').hide()"
                                              action="#{manageFilePermissionsPage.removeRoleAssignments()}"
                                              process="@this"
-                                             update=":#{p:resolveClientId('rolesPermissionsForm:userGroups', view)} :#{p:resolveClientId('rolesPermissionsForm:restrictedFiles', view)} @([id$=Messages])"
+                                             update=":#{p:resolveClientId('rolesPermissionsForm:userGroups', view)} :#{p:resolveClientId('rolesPermissionsForm:restrictedFiles', view)} roleAssignmentHistory @([id$=Messages])"
                                              oncomplete="PF('viewRemoveWidget').hide();"/>
                             <button class="btn btn-link" onclick="PF('confirmation').hide();" type="button">
                                 #{bundle.cancel}

From 1bb5fe208bf2f0e91d3fbf029b3964a297076c98 Mon Sep 17 00:00:00 2001
From: Jim Myers <qqmyers@hotmail.com>
Date: Wed, 16 Apr 2025 15:58:03 -0400
Subject: [PATCH 027/634] handle null assign dates (revoked perms that already
 existed)

---
 .../edu/harvard/iq/dataverse/ManagePermissionsPage.java  | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

diff --git a/src/main/java/edu/harvard/iq/dataverse/ManagePermissionsPage.java b/src/main/java/edu/harvard/iq/dataverse/ManagePermissionsPage.java
index 8f8400fe8ca..ef7c00b6c0a 100644
--- a/src/main/java/edu/harvard/iq/dataverse/ManagePermissionsPage.java
+++ b/src/main/java/edu/harvard/iq/dataverse/ManagePermissionsPage.java
@@ -266,10 +266,13 @@ public List<RoleAssignmentHistoryEntry> getRoleAssignmentHistory() {
                     entry.setRevokedAt(audit.getActionTimestamp());
                 }
             }
-            
+
             roleAssignmentHistory.addAll(historyMap.values());
-            roleAssignmentHistory.sort(Comparator.comparing(RoleAssignmentHistoryEntry::getAssignedAt).reversed());
-        }
+            roleAssignmentHistory.sort(Comparator
+                    .comparing(RoleAssignmentHistoryEntry::getAssignedAt, Comparator.nullsLast(Comparator.naturalOrder()))
+                    .thenComparing(RoleAssignmentHistoryEntry::getRevokedAt, Comparator.nullsFirst(Comparator.naturalOrder()))
+                    .reversed());
+        };
         return roleAssignmentHistory;
     }
     

From e687a87f8f51fc6409044357a3b85ce0033cc57f Mon Sep 17 00:00:00 2001
From: Jim Myers <qqmyers@hotmail.com>
Date: Wed, 16 Apr 2025 17:49:13 -0400
Subject: [PATCH 028/634] update fixes

---
 .../edu/harvard/iq/dataverse/ManageFilePermissionsPage.java  | 3 ++-
 .../java/edu/harvard/iq/dataverse/ManagePermissionsPage.java | 5 +++--
 src/main/webapp/permissions-manage-files.xhtml               | 3 +++
 src/main/webapp/permissions-manage.xhtml                     | 5 ++++-
 4 files changed, 12 insertions(+), 4 deletions(-)

diff --git a/src/main/java/edu/harvard/iq/dataverse/ManageFilePermissionsPage.java b/src/main/java/edu/harvard/iq/dataverse/ManageFilePermissionsPage.java
index 0dbcba1fc97..78e092844c2 100644
--- a/src/main/java/edu/harvard/iq/dataverse/ManageFilePermissionsPage.java
+++ b/src/main/java/edu/harvard/iq/dataverse/ManageFilePermissionsPage.java
@@ -152,7 +152,7 @@ public String init() {
             return permissionsWrapper.notAuthorized();
         }
         initMaps();
-        roleAssignmentHistory = null;
+
         return "";
     }
 
@@ -161,6 +161,7 @@ private void initMaps() {
         roleAssigneeMap.clear();
         fileMap.clear();
         fileAccessRequestMap.clear();
+        roleAssignmentHistory = null;
 
         for (DataFile file : dataset.getFiles()) {
 
diff --git a/src/main/java/edu/harvard/iq/dataverse/ManagePermissionsPage.java b/src/main/java/edu/harvard/iq/dataverse/ManagePermissionsPage.java
index ef7c00b6c0a..ff6fd659703 100644
--- a/src/main/java/edu/harvard/iq/dataverse/ManagePermissionsPage.java
+++ b/src/main/java/edu/harvard/iq/dataverse/ManagePermissionsPage.java
@@ -179,6 +179,7 @@ public List<RoleAssignmentRow> initRoleAssignments() {
                 }
             }
         }
+        roleAssignmentHistory = null; // Reset the history
         return raList;
     }
 
@@ -269,8 +270,8 @@ public List<RoleAssignmentHistoryEntry> getRoleAssignmentHistory() {
 
             roleAssignmentHistory.addAll(historyMap.values());
             roleAssignmentHistory.sort(Comparator
-                    .comparing(RoleAssignmentHistoryEntry::getAssignedAt, Comparator.nullsLast(Comparator.naturalOrder()))
-                    .thenComparing(RoleAssignmentHistoryEntry::getRevokedAt, Comparator.nullsFirst(Comparator.naturalOrder()))
+                    .comparing(RoleAssignmentHistoryEntry::getRevokedAt, Comparator.nullsFirst(Comparator.naturalOrder()))
+                    .thenComparing(RoleAssignmentHistoryEntry::getAssignedAt, Comparator.nullsLast(Comparator.naturalOrder()))
                     .reversed());
         };
         return roleAssignmentHistory;
diff --git a/src/main/webapp/permissions-manage-files.xhtml b/src/main/webapp/permissions-manage-files.xhtml
index 11fc97087fd..516ee9da0a1 100644
--- a/src/main/webapp/permissions-manage-files.xhtml
+++ b/src/main/webapp/permissions-manage-files.xhtml
@@ -226,7 +226,9 @@
                             <span class="text-muted small pull-right">#{bundle['dataverse.permissions.history.description']}</span>
                         </div>
                         <div id="panelCollapseHistory" class="collapse">
+                            <p:ajax event="toggle" update="historyTableContainer" />
                             <div class="panel-body">
+                              <h:panelGroup id="historyTableContainer">
                                 <p:dataTable id="roleAssignmentHistory" var="historyEntry" value="#{manageFilePermissionsPage.roleAssignmentHistory}">
                                     <p:column headerText="#{bundle['dataverse.permissions.history.assignee']}">
                                         <h:outputText value="#{historyEntry.assigneeIdentifier}" />
@@ -258,6 +260,7 @@
                                         </h:outputText>
                                     </p:column>
                                 </p:dataTable>
+                              </h:panelGroup>
                             </div>
                         </div>
                     </div>
diff --git a/src/main/webapp/permissions-manage.xhtml b/src/main/webapp/permissions-manage.xhtml
index dfab2a067a3..25b976f8e53 100644
--- a/src/main/webapp/permissions-manage.xhtml
+++ b/src/main/webapp/permissions-manage.xhtml
@@ -206,8 +206,10 @@
                                 <span class="text-muted small pull-right">#{bundle['dataverse.permissions.history.description']}</span>
                             </div>
                             <div id="panelCollapseHistory" class="collapse">
+                                <p:ajax event="toggle" update="historyTableContainer" />
                                 <div class="panel-body">
-                                    <p:dataTable id="roleAssignmentHistory" var="historyEntry" value="#{managePermissionsPage.roleAssignmentHistory}">
+                                  <h:panelGroup id="historyTableContainer">
+                                    <p:dataTable id="roleAssignmentHistory" widgetVar="roleAssignmentHistory" var="historyEntry" value="#{managePermissionsPage.roleAssignmentHistory}">
                                         <p:column headerText="#{bundle['dataverse.permissions.history.assignee']}">
                                             <h:outputText value="#{historyEntry.assigneeIdentifier}" />
                                         </p:column>
@@ -231,6 +233,7 @@
                                             </h:outputText>
                                         </p:column>
                                     </p:dataTable>
+                                  </h:panelGroup>
                                 </div>
                             </div>
                         </div>

From 1864d0dad2e8a652bc07508fd31c0edcf6ff3269 Mon Sep 17 00:00:00 2001
From: Jim Myers <qqmyers@hotmail.com>
Date: Fri, 18 Apr 2025 11:35:00 -0400
Subject: [PATCH 029/634] update sorting

---
 .../edu/harvard/iq/dataverse/ManageFilePermissionsPage.java  | 5 ++++-
 .../java/edu/harvard/iq/dataverse/ManagePermissionsPage.java | 2 +-
 2 files changed, 5 insertions(+), 2 deletions(-)

diff --git a/src/main/java/edu/harvard/iq/dataverse/ManageFilePermissionsPage.java b/src/main/java/edu/harvard/iq/dataverse/ManageFilePermissionsPage.java
index 78e092844c2..33314ef4fd3 100644
--- a/src/main/java/edu/harvard/iq/dataverse/ManageFilePermissionsPage.java
+++ b/src/main/java/edu/harvard/iq/dataverse/ManageFilePermissionsPage.java
@@ -585,7 +585,10 @@ public List<RoleAssignmentHistoryEntry> getRoleAssignmentHistory() {
             }
             
             roleAssignmentHistory.addAll(finalHistoryMap.values());
-            roleAssignmentHistory.sort(Comparator.comparing(RoleAssignmentHistoryEntry::getAssignedAt).reversed());
+            roleAssignmentHistory.sort(Comparator
+                    .comparing(RoleAssignmentHistoryEntry::getRevokedAt, Comparator.nullsLast(Comparator.naturalOrder()))
+                    .thenComparing(RoleAssignmentHistoryEntry::getAssignedAt, Comparator.nullsLast(Comparator.naturalOrder()))
+                    .reversed());
         }
         return roleAssignmentHistory;
     }
diff --git a/src/main/java/edu/harvard/iq/dataverse/ManagePermissionsPage.java b/src/main/java/edu/harvard/iq/dataverse/ManagePermissionsPage.java
index ff6fd659703..ff638a88866 100644
--- a/src/main/java/edu/harvard/iq/dataverse/ManagePermissionsPage.java
+++ b/src/main/java/edu/harvard/iq/dataverse/ManagePermissionsPage.java
@@ -270,7 +270,7 @@ public List<RoleAssignmentHistoryEntry> getRoleAssignmentHistory() {
 
             roleAssignmentHistory.addAll(historyMap.values());
             roleAssignmentHistory.sort(Comparator
-                    .comparing(RoleAssignmentHistoryEntry::getRevokedAt, Comparator.nullsFirst(Comparator.naturalOrder()))
+                    .comparing(RoleAssignmentHistoryEntry::getRevokedAt, Comparator.nullsLast(Comparator.naturalOrder()))
                     .thenComparing(RoleAssignmentHistoryEntry::getAssignedAt, Comparator.nullsLast(Comparator.naturalOrder()))
                     .reversed());
         };

From 65dc679465cc2d6ba367ca1473d307c105921cdd Mon Sep 17 00:00:00 2001
From: Jim Myers <qqmyers@hotmail.com>
Date: Fri, 18 Apr 2025 11:43:41 -0400
Subject: [PATCH 030/634] sortable, deferred load

---
 .../webapp/permissions-manage-files.xhtml     | 78 ++++++++++---------
 src/main/webapp/permissions-manage.xhtml      | 55 +++++++------
 2 files changed, 72 insertions(+), 61 deletions(-)

diff --git a/src/main/webapp/permissions-manage-files.xhtml b/src/main/webapp/permissions-manage-files.xhtml
index 516ee9da0a1..4d8612cae65 100644
--- a/src/main/webapp/permissions-manage-files.xhtml
+++ b/src/main/webapp/permissions-manage-files.xhtml
@@ -219,6 +219,7 @@
                         </div>
                     </div>
                     <!-- Role Assignment History Panel -->
+                    <!-- Role Assignment History Panel -->
                     <o:importConstants type="edu.harvard.iq.dataverse.settings.FeatureFlags" />
                     <div class="panel panel-default" rendered="#{FeatureFlags.ROLE_ASSIGNMENT_AUDITING.enabled()}">
                         <div data-toggle="collapse" data-target="#panelCollapseHistory" class="panel-heading text-info">
@@ -226,42 +227,47 @@
                             <span class="text-muted small pull-right">#{bundle['dataverse.permissions.history.description']}</span>
                         </div>
                         <div id="panelCollapseHistory" class="collapse">
-                            <p:ajax event="toggle" update="historyTableContainer" />
-                            <div class="panel-body">
-                              <h:panelGroup id="historyTableContainer">
-                                <p:dataTable id="roleAssignmentHistory" var="historyEntry" value="#{manageFilePermissionsPage.roleAssignmentHistory}">
-                                    <p:column headerText="#{bundle['dataverse.permissions.history.assignee']}">
-                                        <h:outputText value="#{historyEntry.assigneeIdentifier}" />
-                                    </p:column>
-                                    <p:column headerText="#{bundle['dataverse.permissions.history.role']}">
-                                        <h:outputText value="#{historyEntry.roleName}" />
-                                    </p:column>
-                                    <p:column headerText="#{bundle['dataverse.permissions.history.definedOn']}">
-                                        <h:outputFormat value="#{bundle['dataverse.permissions.history.files']}"
-                                                      title="#{historyEntry.definitionPointIdsAsString}">
-                                            <f:param value="#{historyEntry.definitionPointIds.size()}" />
-                                            <p:tooltip/>
-                                        </h:outputFormat>
-                                    </p:column>
-                                    <p:column headerText="#{bundle['dataverse.permissions.history.assignedBy']}">
-                                        <h:outputText value="#{historyEntry.assignedBy}" />
-                                    </p:column>
-                                    <p:column headerText="#{bundle['dataverse.permissions.history.assignedAt']}">
-                                        <h:outputText value="#{historyEntry.assignedAt}">
-                                            <f:convertDateTime pattern="yyyy-MM-dd HH:mm:ss" />
-                                        </h:outputText>
-                                    </p:column>
-                                    <p:column headerText="#{bundle['dataverse.permissions.history.revokedBy']}">
-                                        <h:outputText value="#{historyEntry.revokedBy}" />
-                                    </p:column>
-                                    <p:column headerText="#{bundle['dataverse.permissions.history.revokedAt']}">
-                                        <h:outputText value="#{historyEntry.revokedAt}">
-                                            <f:convertDateTime pattern="yyyy-MM-dd HH:mm:ss" />
-                                        </h:outputText>
-                                    </p:column>
-                                </p:dataTable>
-                              </h:panelGroup>
-                            </div>
+                            <p:panel id="historyPanel" deferred="true" deferredMode="visible">
+                                <div class="panel-body">
+                                    <h:panelGroup id="historyTableContainer">
+                                        <p:dataTable id="roleAssignmentHistory" var="historyEntry" value="#{manageFilePermissionsPage.roleAssignmentHistory}"
+                                                     sortMode="multiple"
+                                                     paginator="true" rows="10"
+                                                     paginatorTemplate="{CurrentPageReport} {FirstPageLink} {PreviousPageLink} {PageLinks} {NextPageLink} {LastPageLink} {RowsPerPageDropdown}"
+                                                     rowsPerPageTemplate="5,10,15">
+                                            <p:column headerText="#{bundle['dataverse.permissions.history.assignee']}" sortBy="#{historyEntry.assigneeIdentifier}">
+                                                <h:outputText value="#{historyEntry.assigneeIdentifier}" />
+                                            </p:column>
+                                            <p:column headerText="#{bundle['dataverse.permissions.history.role']}" sortBy="#{historyEntry.roleName}">
+                                                <h:outputText value="#{historyEntry.roleName}" />
+                                            </p:column>
+                                            <p:column headerText="#{bundle['dataverse.permissions.history.definedOn']}" sortBy="#{historyEntry.definitionPointIds.size()}">
+                                                <h:outputFormat value="#{bundle['dataverse.permissions.history.files']}"
+                                                                title="#{historyEntry.definitionPointIdsAsString}">
+                                                    <f:param value="#{historyEntry.definitionPointIds.size()}" />
+                                                    <p:tooltip/>
+                                                </h:outputFormat>
+                                            </p:column>
+                                            <p:column headerText="#{bundle['dataverse.permissions.history.assignedBy']}" sortBy="#{historyEntry.assignedBy}">
+                                                <h:outputText value="#{historyEntry.assignedBy}" />
+                                            </p:column>
+                                            <p:column headerText="#{bundle['dataverse.permissions.history.assignedAt']}" sortBy="#{historyEntry.assignedAt}">
+                                                <h:outputText value="#{historyEntry.assignedAt}">
+                                                    <f:convertDateTime pattern="yyyy-MM-dd HH:mm:ss" />
+                                                </h:outputText>
+                                            </p:column>
+                                            <p:column headerText="#{bundle['dataverse.permissions.history.revokedBy']}" sortBy="#{historyEntry.revokedBy}">
+                                                <h:outputText value="#{historyEntry.revokedBy}" />
+                                            </p:column>
+                                            <p:column headerText="#{bundle['dataverse.permissions.history.revokedAt']}" sortBy="#{historyEntry.revokedAt}">
+                                                <h:outputText value="#{historyEntry.revokedAt}">
+                                                    <f:convertDateTime pattern="yyyy-MM-dd HH:mm:ss" />
+                                                </h:outputText>
+                                            </p:column>
+                                        </p:dataTable>
+                                    </h:panelGroup>
+                                </div>
+                            </p:panel>
                         </div>
                     </div>
                     <!-- View / Remove Users/Groups Popup -->
diff --git a/src/main/webapp/permissions-manage.xhtml b/src/main/webapp/permissions-manage.xhtml
index 25b976f8e53..c47d4f773a6 100644
--- a/src/main/webapp/permissions-manage.xhtml
+++ b/src/main/webapp/permissions-manage.xhtml
@@ -208,31 +208,36 @@
                             <div id="panelCollapseHistory" class="collapse">
                                 <p:ajax event="toggle" update="historyTableContainer" />
                                 <div class="panel-body">
-                                  <h:panelGroup id="historyTableContainer">
-                                    <p:dataTable id="roleAssignmentHistory" widgetVar="roleAssignmentHistory" var="historyEntry" value="#{managePermissionsPage.roleAssignmentHistory}">
-                                        <p:column headerText="#{bundle['dataverse.permissions.history.assignee']}">
-                                            <h:outputText value="#{historyEntry.assigneeIdentifier}" />
-                                        </p:column>
-                                        <p:column headerText="#{bundle['dataverse.permissions.history.role']}">
-                                            <h:outputText value="#{historyEntry.roleName}" />
-                                        </p:column>
-                                        <p:column headerText="#{bundle['dataverse.permissions.history.assignedBy']}">
-                                            <h:outputText value="#{historyEntry.assignedBy}" />
-                                        </p:column>
-                                        <p:column headerText="#{bundle['dataverse.permissions.history.assignedAt']}">
-                                            <h:outputText value="#{historyEntry.assignedAt}">
-                                                <f:convertDateTime pattern="yyyy-MM-dd HH:mm:ss" />
-                                            </h:outputText>
-                                        </p:column>
-                                        <p:column headerText="#{bundle['dataverse.permissions.history.revokedBy']}">
-                                            <h:outputText value="#{historyEntry.revokedBy}" />
-                                        </p:column>
-                                        <p:column headerText="#{bundle['dataverse.permissions.history.revokedAt']}">
-                                            <h:outputText value="#{historyEntry.revokedAt}">
-                                                <f:convertDateTime pattern="yyyy-MM-dd HH:mm:ss" />
-                                            </h:outputText>
-                                        </p:column>
-                                    </p:dataTable>
+                                  <h:panelGroup id="historyTableContainer" deferred="true" deferredMode="visible">
+                                      <p:dataTable id="roleAssignmentHistory" widgetVar="roleAssignmentHistory" 
+                                                   var="historyEntry" value="#{managePermissionsPage.roleAssignmentHistory}"
+                                                   sortMode="multiple"
+                                                   paginator="true" rows="10"
+                                                   paginatorTemplate="{CurrentPageReport} {FirstPageLink} {PreviousPageLink} {PageLinks} {NextPageLink} {LastPageLink} {RowsPerPageDropdown}"
+                                                   rowsPerPageTemplate="5,10,15">
+                                          <p:column headerText="#{bundle['dataverse.permissions.history.assignee']}" sortBy="#{historyEntry.assigneeIdentifier}">
+                                              <h:outputText value="#{historyEntry.assigneeIdentifier}" />
+                                          </p:column>
+                                          <p:column headerText="#{bundle['dataverse.permissions.history.role']}" sortBy="#{historyEntry.roleName}">
+                                              <h:outputText value="#{historyEntry.roleName}" />
+                                          </p:column>
+                                          <p:column headerText="#{bundle['dataverse.permissions.history.assignedBy']}" sortBy="#{historyEntry.assignedBy}">
+                                              <h:outputText value="#{historyEntry.assignedBy}" />
+                                          </p:column>
+                                          <p:column headerText="#{bundle['dataverse.permissions.history.assignedAt']}" sortBy="#{historyEntry.assignedAt}">
+                                              <h:outputText value="#{historyEntry.assignedAt}">
+                                                  <f:convertDateTime pattern="yyyy-MM-dd HH:mm:ss" />
+                                              </h:outputText>
+                                          </p:column>
+                                          <p:column headerText="#{bundle['dataverse.permissions.history.revokedBy']}" sortBy="#{historyEntry.revokedBy}">
+                                              <h:outputText value="#{historyEntry.revokedBy}" />
+                                          </p:column>
+                                          <p:column headerText="#{bundle['dataverse.permissions.history.revokedAt']}" sortBy="#{historyEntry.revokedAt}">
+                                              <h:outputText value="#{historyEntry.revokedAt}">
+                                                  <f:convertDateTime pattern="yyyy-MM-dd HH:mm:ss" />
+                                              </h:outputText>
+                                          </p:column>
+                                      </p:dataTable>
                                   </h:panelGroup>
                                 </div>
                             </div>

From c87220ea6a4e510999a3a3c390b415ec9fa1d151 Mon Sep 17 00:00:00 2001
From: Jim Myers <qqmyers@hotmail.com>
Date: Fri, 18 Apr 2025 13:05:06 -0400
Subject: [PATCH 031/634] cleanup/drop deferred load (wasn't working)

---
 .../webapp/permissions-manage-files.xhtml     | 85 +++++++++----------
 src/main/webapp/permissions-manage.xhtml      | 72 ++++++++--------
 2 files changed, 72 insertions(+), 85 deletions(-)

diff --git a/src/main/webapp/permissions-manage-files.xhtml b/src/main/webapp/permissions-manage-files.xhtml
index 4d8612cae65..b5853783ef9 100644
--- a/src/main/webapp/permissions-manage-files.xhtml
+++ b/src/main/webapp/permissions-manage-files.xhtml
@@ -219,56 +219,47 @@
                         </div>
                     </div>
                     <!-- Role Assignment History Panel -->
-                    <!-- Role Assignment History Panel -->
                     <o:importConstants type="edu.harvard.iq.dataverse.settings.FeatureFlags" />
                     <div class="panel panel-default" rendered="#{FeatureFlags.ROLE_ASSIGNMENT_AUDITING.enabled()}">
-                        <div data-toggle="collapse" data-target="#panelCollapseHistory" class="panel-heading text-info">
-                            #{bundle['dataverse.permissions.history']} <span class="glyphicon glyphicon-chevron-down"/>
-                            <span class="text-muted small pull-right">#{bundle['dataverse.permissions.history.description']}</span>
-                        </div>
-                        <div id="panelCollapseHistory" class="collapse">
-                            <p:panel id="historyPanel" deferred="true" deferredMode="visible">
-                                <div class="panel-body">
-                                    <h:panelGroup id="historyTableContainer">
-                                        <p:dataTable id="roleAssignmentHistory" var="historyEntry" value="#{manageFilePermissionsPage.roleAssignmentHistory}"
-                                                     sortMode="multiple"
-                                                     paginator="true" rows="10"
-                                                     paginatorTemplate="{CurrentPageReport} {FirstPageLink} {PreviousPageLink} {PageLinks} {NextPageLink} {LastPageLink} {RowsPerPageDropdown}"
-                                                     rowsPerPageTemplate="5,10,15">
-                                            <p:column headerText="#{bundle['dataverse.permissions.history.assignee']}" sortBy="#{historyEntry.assigneeIdentifier}">
-                                                <h:outputText value="#{historyEntry.assigneeIdentifier}" />
-                                            </p:column>
-                                            <p:column headerText="#{bundle['dataverse.permissions.history.role']}" sortBy="#{historyEntry.roleName}">
-                                                <h:outputText value="#{historyEntry.roleName}" />
-                                            </p:column>
-                                            <p:column headerText="#{bundle['dataverse.permissions.history.definedOn']}" sortBy="#{historyEntry.definitionPointIds.size()}">
-                                                <h:outputFormat value="#{bundle['dataverse.permissions.history.files']}"
-                                                                title="#{historyEntry.definitionPointIdsAsString}">
-                                                    <f:param value="#{historyEntry.definitionPointIds.size()}" />
-                                                    <p:tooltip/>
-                                                </h:outputFormat>
-                                            </p:column>
-                                            <p:column headerText="#{bundle['dataverse.permissions.history.assignedBy']}" sortBy="#{historyEntry.assignedBy}">
-                                                <h:outputText value="#{historyEntry.assignedBy}" />
-                                            </p:column>
-                                            <p:column headerText="#{bundle['dataverse.permissions.history.assignedAt']}" sortBy="#{historyEntry.assignedAt}">
-                                                <h:outputText value="#{historyEntry.assignedAt}">
-                                                    <f:convertDateTime pattern="yyyy-MM-dd HH:mm:ss" />
-                                                </h:outputText>
-                                            </p:column>
-                                            <p:column headerText="#{bundle['dataverse.permissions.history.revokedBy']}" sortBy="#{historyEntry.revokedBy}">
-                                                <h:outputText value="#{historyEntry.revokedBy}" />
-                                            </p:column>
-                                            <p:column headerText="#{bundle['dataverse.permissions.history.revokedAt']}" sortBy="#{historyEntry.revokedAt}">
-                                                <h:outputText value="#{historyEntry.revokedAt}">
-                                                    <f:convertDateTime pattern="yyyy-MM-dd HH:mm:ss" />
-                                                </h:outputText>
-                                            </p:column>
-                                        </p:dataTable>
-                                    </h:panelGroup>
-                                </div>
-                            </p:panel>
+                      <div data-toggle="collapse" data-target="#panelCollapseHistory" class="panel-heading text-info">
+                        #{bundle['dataverse.permissions.history']} <span class="glyphicon glyphicon-chevron-down" /> <span class="text-muted small pull-right">#{bundle['dataverse.permissions.history.description']}</span>
+                      </div>
+                      <div id="panelCollapseHistory" class="collapse">
+                        <div class="panel-body">
+                            <p:dataTable id="roleAssignmentHistory" var="historyEntry" value="#{manageFilePermissionsPage.roleAssignmentHistory}" sortMode="multiple" paginator="true"
+                                rows="10" paginatorTemplate="{CurrentPageReport} {FirstPageLink} {PreviousPageLink} {PageLinks} {NextPageLink} {LastPageLink} {RowsPerPageDropdown}"
+                                rowsPerPageTemplate="5,10,15">
+                                <p:column headerText="#{bundle['dataverse.permissions.history.assignee']}" sortBy="#{historyEntry.assigneeIdentifier}">
+                                    <h:outputText value="#{historyEntry.assigneeIdentifier}" />
+                                </p:column>
+                                <p:column headerText="#{bundle['dataverse.permissions.history.role']}" sortBy="#{historyEntry.roleName}">
+                                    <h:outputText value="#{historyEntry.roleName}" />
+                                </p:column>
+                                <p:column headerText="#{bundle['dataverse.permissions.history.definedOn']}" sortBy="#{historyEntry.definitionPointIds.size()}">
+                                    <h:outputFormat value="#{bundle['dataverse.permissions.history.files']}" title="#{historyEntry.definitionPointIdsAsString}">
+                                        <f:param value="#{historyEntry.definitionPointIds.size()}" />
+                                        <p:tooltip />
+                                    </h:outputFormat>
+                                </p:column>
+                                <p:column headerText="#{bundle['dataverse.permissions.history.assignedBy']}" sortBy="#{historyEntry.assignedBy}">
+                                    <h:outputText value="#{historyEntry.assignedBy}" />
+                                </p:column>
+                                <p:column headerText="#{bundle['dataverse.permissions.history.assignedAt']}" sortBy="#{historyEntry.assignedAt}">
+                                    <h:outputText value="#{historyEntry.assignedAt}">
+                                        <f:convertDateTime pattern="yyyy-MM-dd HH:mm:ss" />
+                                    </h:outputText>
+                                </p:column>
+                                <p:column headerText="#{bundle['dataverse.permissions.history.revokedBy']}" sortBy="#{historyEntry.revokedBy}">
+                                    <h:outputText value="#{historyEntry.revokedBy}" />
+                                </p:column>
+                                <p:column headerText="#{bundle['dataverse.permissions.history.revokedAt']}" sortBy="#{historyEntry.revokedAt}">
+                                    <h:outputText value="#{historyEntry.revokedAt}">
+                                        <f:convertDateTime pattern="yyyy-MM-dd HH:mm:ss" />
+                                    </h:outputText>
+                                </p:column>
+                            </p:dataTable>
                         </div>
+                      </div>
                     </div>
                     <!-- View / Remove Users/Groups Popup -->
                     <p:dialog id="viewRemoveDialog" styleClass="largePopUp" header="#{bundle['dataverse.permissionsFiles.viewRemoveDialog.header']}" widgetVar="viewRemoveWidget" modal="true">
diff --git a/src/main/webapp/permissions-manage.xhtml b/src/main/webapp/permissions-manage.xhtml
index c47d4f773a6..d44b0bb47cc 100644
--- a/src/main/webapp/permissions-manage.xhtml
+++ b/src/main/webapp/permissions-manage.xhtml
@@ -201,47 +201,43 @@
                         <!-- Role Assignment History Panel -->
                         <o:importConstants type="edu.harvard.iq.dataverse.settings.FeatureFlags" />
                         <div class="panel panel-default" rendered="#{FeatureFlags.ROLE_ASSIGNMENT_AUDITING.enabled()}">
-                            <div data-toggle="collapse" data-target="#panelCollapseHistory" class="panel-heading text-info">
-                                #{bundle['dataverse.permissions.history']} <span class="glyphicon glyphicon-chevron-down"/>
-                                <span class="text-muted small pull-right">#{bundle['dataverse.permissions.history.description']}</span>
-                            </div>
-                            <div id="panelCollapseHistory" class="collapse">
-                                <p:ajax event="toggle" update="historyTableContainer" />
+                          <div data-toggle="collapse" data-target="#panelCollapseHistory" class="panel-heading text-info">
+                            #{bundle['dataverse.permissions.history']} <span class="glyphicon glyphicon-chevron-down" /> <span class="text-muted small pull-right">#{bundle['dataverse.permissions.history.description']}</span>
+                          </div>
+                          <div id="panelCollapseHistory" class="collapse">
+                            <p:panel id="historyPanel" deferred="true" deferredMode="visible">
                                 <div class="panel-body">
-                                  <h:panelGroup id="historyTableContainer" deferred="true" deferredMode="visible">
-                                      <p:dataTable id="roleAssignmentHistory" widgetVar="roleAssignmentHistory" 
-                                                   var="historyEntry" value="#{managePermissionsPage.roleAssignmentHistory}"
-                                                   sortMode="multiple"
-                                                   paginator="true" rows="10"
-                                                   paginatorTemplate="{CurrentPageReport} {FirstPageLink} {PreviousPageLink} {PageLinks} {NextPageLink} {LastPageLink} {RowsPerPageDropdown}"
-                                                   rowsPerPageTemplate="5,10,15">
-                                          <p:column headerText="#{bundle['dataverse.permissions.history.assignee']}" sortBy="#{historyEntry.assigneeIdentifier}">
-                                              <h:outputText value="#{historyEntry.assigneeIdentifier}" />
-                                          </p:column>
-                                          <p:column headerText="#{bundle['dataverse.permissions.history.role']}" sortBy="#{historyEntry.roleName}">
-                                              <h:outputText value="#{historyEntry.roleName}" />
-                                          </p:column>
-                                          <p:column headerText="#{bundle['dataverse.permissions.history.assignedBy']}" sortBy="#{historyEntry.assignedBy}">
-                                              <h:outputText value="#{historyEntry.assignedBy}" />
-                                          </p:column>
-                                          <p:column headerText="#{bundle['dataverse.permissions.history.assignedAt']}" sortBy="#{historyEntry.assignedAt}">
-                                              <h:outputText value="#{historyEntry.assignedAt}">
-                                                  <f:convertDateTime pattern="yyyy-MM-dd HH:mm:ss" />
-                                              </h:outputText>
-                                          </p:column>
-                                          <p:column headerText="#{bundle['dataverse.permissions.history.revokedBy']}" sortBy="#{historyEntry.revokedBy}">
-                                              <h:outputText value="#{historyEntry.revokedBy}" />
-                                          </p:column>
-                                          <p:column headerText="#{bundle['dataverse.permissions.history.revokedAt']}" sortBy="#{historyEntry.revokedAt}">
-                                              <h:outputText value="#{historyEntry.revokedAt}">
-                                                  <f:convertDateTime pattern="yyyy-MM-dd HH:mm:ss" />
-                                              </h:outputText>
-                                          </p:column>
-                                      </p:dataTable>
-                                  </h:panelGroup>
+                                    <p:dataTable id="roleAssignmentHistory" widgetVar="roleAssignmentHistory" var="historyEntry" value="#{managePermissionsPage.roleAssignmentHistory}"
+                                        sortMode="multiple" paginator="true" rows="10"
+                                        paginatorTemplate="{CurrentPageReport} {FirstPageLink} {PreviousPageLink} {PageLinks} {NextPageLink} {LastPageLink} {RowsPerPageDropdown}"
+                                        rowsPerPageTemplate="5,10,15">
+                                        <p:column headerText="#{bundle['dataverse.permissions.history.assignee']}" sortBy="#{historyEntry.assigneeIdentifier}">
+                                            <h:outputText value="#{historyEntry.assigneeIdentifier}" />
+                                        </p:column>
+                                        <p:column headerText="#{bundle['dataverse.permissions.history.role']}" sortBy="#{historyEntry.roleName}">
+                                            <h:outputText value="#{historyEntry.roleName}" />
+                                        </p:column>
+                                        <p:column headerText="#{bundle['dataverse.permissions.history.assignedBy']}" sortBy="#{historyEntry.assignedBy}">
+                                            <h:outputText value="#{historyEntry.assignedBy}" />
+                                        </p:column>
+                                        <p:column headerText="#{bundle['dataverse.permissions.history.assignedAt']}" sortBy="#{historyEntry.assignedAt}">
+                                            <h:outputText value="#{historyEntry.assignedAt}">
+                                                <f:convertDateTime pattern="yyyy-MM-dd HH:mm:ss" />
+                                            </h:outputText>
+                                        </p:column>
+                                        <p:column headerText="#{bundle['dataverse.permissions.history.revokedBy']}" sortBy="#{historyEntry.revokedBy}">
+                                            <h:outputText value="#{historyEntry.revokedBy}" />
+                                        </p:column>
+                                        <p:column headerText="#{bundle['dataverse.permissions.history.revokedAt']}" sortBy="#{historyEntry.revokedAt}">
+                                            <h:outputText value="#{historyEntry.revokedAt}">
+                                                <f:convertDateTime pattern="yyyy-MM-dd HH:mm:ss" />
+                                            </h:outputText>
+                                        </p:column>
+                                    </p:dataTable>
                                 </div>
-                            </div>
+                            </p:panel>
                         </div>
+                      </div>
                     </div>
 
                     <!-- Users/Groups Popup -->

From cb57117b67aa49f6732e0f91eba4d62712124552 Mon Sep 17 00:00:00 2001
From: Jim Myers <qqmyers@hotmail.com>
Date: Mon, 28 Apr 2025 13:53:30 -0400
Subject: [PATCH 032/634] make updating RA history conditional on flag being
 set.

---
 src/main/webapp/permissions-manage-files.xhtml | 16 +++++++++-------
 src/main/webapp/permissions-manage.xhtml       |  8 +++++---
 2 files changed, 14 insertions(+), 10 deletions(-)

diff --git a/src/main/webapp/permissions-manage-files.xhtml b/src/main/webapp/permissions-manage-files.xhtml
index b5853783ef9..c015de4f5b3 100644
--- a/src/main/webapp/permissions-manage-files.xhtml
+++ b/src/main/webapp/permissions-manage-files.xhtml
@@ -23,6 +23,8 @@
             <ui:param name="dataset" value="#{manageFilePermissionsPage.dataset}"/>
             <ui:param name="version" value="#{manageFilePermissionsPage.dataset.latestVersion}"/>
             <ui:param name="showMessagePanel" value="false"/>
+            <o:importConstants type="edu.harvard.iq.dataverse.settings.FeatureFlags" />
+            <ui:param name="RAAuditingEnabled" value="#{FeatureFlags.ROLE_ASSIGNMENT_AUDITING.enabled()}" />
             <ui:define name="body">
                 <h:form id="rolesPermissionsForm" styleClass="margin-top">
                     <div class="panel-group">
@@ -95,7 +97,7 @@
                                                                            update=":#{p:resolveClientId('rolesPermissionsForm:userGroups', view)}
                                                                            :#{p:resolveClientId('rolesPermissionsForm:restrictedFiles', view)}
                                                                            #{p:resolveClientId('rolesPermissionsForm:usersGroups', view)}
-                                                                           roleAssignmentHistory @([id$=Messages])">
+                                                                           @if(#{RAAuditingEnabled}) roleAssignmentHistory @([id$=Messages])">
                                                                 <span class="glyphicon glyphicon-ok"/> #{bundle['dataverse.permissionsFiles.assignDialog.grantBtn']}
                                                             </p:commandLink>
                                                             <p:commandLink styleClass="btn btn-default"
@@ -103,7 +105,7 @@
                                                                            update=":#{p:resolveClientId('rolesPermissionsForm:userGroups', view)}
                                                                            :#{p:resolveClientId('rolesPermissionsForm:restrictedFiles', view)}
                                                                            #{p:resolveClientId('rolesPermissionsForm:usersGroups', view)}
-                                                                           roleAssignmentHistory @([id$=Messages])">
+                                                                           @if(#{RAAuditingEnabled}) roleAssignmentHistory @([id$=Messages])">
                                                                 <span class="glyphicon glyphicon-ban-circle"/> #{bundle['dataverse.permissionsFiles.assignDialog.rejectBtn']}
                                                             </p:commandLink>
                                                         </div>
@@ -219,8 +221,8 @@
                         </div>
                     </div>
                     <!-- Role Assignment History Panel -->
-                    <o:importConstants type="edu.harvard.iq.dataverse.settings.FeatureFlags" />
-                    <div class="panel panel-default" rendered="#{FeatureFlags.ROLE_ASSIGNMENT_AUDITING.enabled()}">
+
+                    <div class="panel panel-default" rendered="#{RAAuditingEnabled}">
                       <div data-toggle="collapse" data-target="#panelCollapseHistory" class="panel-heading text-info">
                         #{bundle['dataverse.permissions.history']} <span class="glyphicon glyphicon-chevron-down" /> <span class="text-muted small pull-right">#{bundle['dataverse.permissions.history.description']}</span>
                       </div>
@@ -383,14 +385,14 @@
                             </div>
                             <div class="button-block">
                                 <p:commandLink styleClass="btn btn-default" rendered="#{empty manageFilePermissionsPage.fileRequester}"
-                                               update="assignRoleContent userGroups restrictedFiles roleAssignmentHistory @([id$=Messages])"
+                                               update="assignRoleContent userGroups restrictedFiles @if(#{RAAuditingEnabled}) roleAssignmentHistory @([id$=Messages])"
                                                actionListener="#{manageFilePermissionsPage.grantAccess}" oncomplete="if (args &amp;&amp; !args.validationFailed) PF('assignWidget').hide();">
                                     <f:param name="DO_VALIDATION" value="true"/>
                                     <span class="glyphicon glyphicon-ok"/>
                                     <h:outputText value="#{bundle['dataverse.permissionsFiles.assignDialog.grantBtn']}"/>
                                 </p:commandLink>
                                 <p:commandLink styleClass="btn btn-default" rendered="#{!empty manageFilePermissionsPage.fileRequester}"
-                                               update="assignRoleContent userGroups fileAccessRequests restrictedFiles roleAssignmentHistory @([id$=Messages])"
+                                               update="assignRoleContent userGroups fileAccessRequests restrictedFiles @if(#{RAAuditingEnabled}) roleAssignmentHistory @([id$=Messages])"
                                                actionListener="#{manageFilePermissionsPage.grantAccessToRequests(manageFilePermissionsPage.fileRequester)}" oncomplete="PF('assignWidget').hide();">
                                     <span class="glyphicon glyphicon-ok"/>
                                     <h:outputText value="#{bundle['dataverse.permissionsFiles.assignDialog.grantBtn']}"/>
@@ -415,7 +417,7 @@
                             <p:commandButton styleClass="btn btn-default" value="#{bundle.continue}" onclick="PF('confirmation').hide()"
                                              action="#{manageFilePermissionsPage.removeRoleAssignments()}"
                                              process="@this"
-                                             update=":#{p:resolveClientId('rolesPermissionsForm:userGroups', view)} :#{p:resolveClientId('rolesPermissionsForm:restrictedFiles', view)} roleAssignmentHistory @([id$=Messages])"
+                                             update=":#{p:resolveClientId('rolesPermissionsForm:userGroups', view)} :#{p:resolveClientId('rolesPermissionsForm:restrictedFiles', view)} @if(#{RAAuditingEnabled}) roleAssignmentHistory @([id$=Messages])"
                                              oncomplete="PF('viewRemoveWidget').hide();"/>
                             <button class="btn btn-link" onclick="PF('confirmation').hide();" type="button">
                                 #{bundle.cancel}
diff --git a/src/main/webapp/permissions-manage.xhtml b/src/main/webapp/permissions-manage.xhtml
index d44b0bb47cc..8be873ffe29 100644
--- a/src/main/webapp/permissions-manage.xhtml
+++ b/src/main/webapp/permissions-manage.xhtml
@@ -23,6 +23,8 @@
             <ui:param name="dataset" value="#{managePermissionsPage.dvObject.instanceofDataset ? managePermissionsPage.dvObject : null}"/>
             <ui:param name="version" value="#{managePermissionsPage.dvObject.instanceofDataset ? managePermissionsPage.dvObject.latestVersion : null}"/>
             <ui:param name="showMessagePanel" value="false"/>
+            <o:importConstants type="edu.harvard.iq.dataverse.settings.FeatureFlags" />
+            <ui:param name="RAAuditingEnabled" value="#{FeatureFlags.ROLE_ASSIGNMENT_AUDITING.enabled()}" />
             <ui:define name="body">
                 <h:form id="rolesPermissionsForm" styleClass="margin-top">
                     <div class="panel-group">
@@ -105,7 +107,7 @@
                                     <div class="margin-bottom text-right">
                                         <p:commandLink id="userGroupsAdd" styleClass="btn btn-default"
                                                        actionListener="#{managePermissionsPage.initAssigneeDialog}"
-                                                       update="userGroupDialog roleAssignmentHistory"
+                                                       update="userGroupDialog @if(#{RAAuditingEnabled}) roleAssignmentHistory"
                                                        oncomplete="PF('userGroupsForm').show();handleResizeDialog('userGroupDialog');">
                                             <span class="glyphicon glyphicon-user"/> #{bundle['dataverse.permissions.usersOrGroups.assignBtn']}
                                         </p:commandLink>
@@ -199,7 +201,7 @@
                             </div>
                         </div>
                         <!-- Role Assignment History Panel -->
-                        <o:importConstants type="edu.harvard.iq.dataverse.settings.FeatureFlags" />
+
                         <div class="panel panel-default" rendered="#{FeatureFlags.ROLE_ASSIGNMENT_AUDITING.enabled()}">
                           <div data-toggle="collapse" data-target="#panelCollapseHistory" class="panel-heading text-info">
                             #{bundle['dataverse.permissions.history']} <span class="glyphicon glyphicon-chevron-down" /> <span class="text-muted small pull-right">#{bundle['dataverse.permissions.history.description']}</span>
@@ -268,7 +270,7 @@
                         <div class="button-block">
                             <p:commandButton value="#{bundle.continue}" styleClass="btn btn-default" onclick="PF('confirmation').hide()" 
                                              action="#{managePermissionsPage.removeRoleAssignment()}" 
-                                             update=":#{p:resolveClientId('rolesPermissionsForm:configureSettings', view)} assignedRoles roleAssignmentHistory @([id$=Messages])" />
+                                             update=":#{p:resolveClientId('rolesPermissionsForm:configureSettings', view)} assignedRoles @if(#{RAAuditingEnabled}) roleAssignmentHistory @([id$=Messages])" />
                             <button class="btn btn-link" onclick="PF('confirmation').hide()" type="button">
                                 #{bundle.cancel}
                             </button>

From 04b37f25de54741457fccc974b6ab9fca6b57b93 Mon Sep 17 00:00:00 2001
From: Jim Myers <qqmyers@hotmail.com>
Date: Mon, 28 Apr 2025 14:08:32 -0400
Subject: [PATCH 033/634] missing widgetVar

---
 src/main/webapp/permissions-manage-files.xhtml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/main/webapp/permissions-manage-files.xhtml b/src/main/webapp/permissions-manage-files.xhtml
index c015de4f5b3..884925e1b98 100644
--- a/src/main/webapp/permissions-manage-files.xhtml
+++ b/src/main/webapp/permissions-manage-files.xhtml
@@ -228,7 +228,7 @@
                       </div>
                       <div id="panelCollapseHistory" class="collapse">
                         <div class="panel-body">
-                            <p:dataTable id="roleAssignmentHistory" var="historyEntry" value="#{manageFilePermissionsPage.roleAssignmentHistory}" sortMode="multiple" paginator="true"
+                            <p:dataTable id="roleAssignmentHistory" widgetVar="roleAssignmentHistory" var="historyEntry" value="#{manageFilePermissionsPage.roleAssignmentHistory}" sortMode="multiple" paginator="true"
                                 rows="10" paginatorTemplate="{CurrentPageReport} {FirstPageLink} {PreviousPageLink} {PageLinks} {NextPageLink} {LastPageLink} {RowsPerPageDropdown}"
                                 rowsPerPageTemplate="5,10,15">
                                 <p:column headerText="#{bundle['dataverse.permissions.history.assignee']}" sortBy="#{historyEntry.assigneeIdentifier}">

From b6b86ea88aae9f09ba60effc1d4e031098b8d0d0 Mon Sep 17 00:00:00 2001
From: Jim Myers <qqmyers@hotmail.com>
Date: Mon, 28 Apr 2025 14:55:40 -0400
Subject: [PATCH 034/634] Revert "make updating RA history conditional on flag
 being set."

This reverts commit 8f58f193482811c1279e3721f3971aaf3ce07dbe.
---
 src/main/webapp/permissions-manage-files.xhtml | 16 +++++++---------
 src/main/webapp/permissions-manage.xhtml       |  8 +++-----
 2 files changed, 10 insertions(+), 14 deletions(-)

diff --git a/src/main/webapp/permissions-manage-files.xhtml b/src/main/webapp/permissions-manage-files.xhtml
index 884925e1b98..282e1da9b17 100644
--- a/src/main/webapp/permissions-manage-files.xhtml
+++ b/src/main/webapp/permissions-manage-files.xhtml
@@ -23,8 +23,6 @@
             <ui:param name="dataset" value="#{manageFilePermissionsPage.dataset}"/>
             <ui:param name="version" value="#{manageFilePermissionsPage.dataset.latestVersion}"/>
             <ui:param name="showMessagePanel" value="false"/>
-            <o:importConstants type="edu.harvard.iq.dataverse.settings.FeatureFlags" />
-            <ui:param name="RAAuditingEnabled" value="#{FeatureFlags.ROLE_ASSIGNMENT_AUDITING.enabled()}" />
             <ui:define name="body">
                 <h:form id="rolesPermissionsForm" styleClass="margin-top">
                     <div class="panel-group">
@@ -97,7 +95,7 @@
                                                                            update=":#{p:resolveClientId('rolesPermissionsForm:userGroups', view)}
                                                                            :#{p:resolveClientId('rolesPermissionsForm:restrictedFiles', view)}
                                                                            #{p:resolveClientId('rolesPermissionsForm:usersGroups', view)}
-                                                                           @if(#{RAAuditingEnabled}) roleAssignmentHistory @([id$=Messages])">
+                                                                           roleAssignmentHistory @([id$=Messages])">
                                                                 <span class="glyphicon glyphicon-ok"/> #{bundle['dataverse.permissionsFiles.assignDialog.grantBtn']}
                                                             </p:commandLink>
                                                             <p:commandLink styleClass="btn btn-default"
@@ -105,7 +103,7 @@
                                                                            update=":#{p:resolveClientId('rolesPermissionsForm:userGroups', view)}
                                                                            :#{p:resolveClientId('rolesPermissionsForm:restrictedFiles', view)}
                                                                            #{p:resolveClientId('rolesPermissionsForm:usersGroups', view)}
-                                                                           @if(#{RAAuditingEnabled}) roleAssignmentHistory @([id$=Messages])">
+                                                                           roleAssignmentHistory @([id$=Messages])">
                                                                 <span class="glyphicon glyphicon-ban-circle"/> #{bundle['dataverse.permissionsFiles.assignDialog.rejectBtn']}
                                                             </p:commandLink>
                                                         </div>
@@ -221,8 +219,8 @@
                         </div>
                     </div>
                     <!-- Role Assignment History Panel -->
-
-                    <div class="panel panel-default" rendered="#{RAAuditingEnabled}">
+                    <o:importConstants type="edu.harvard.iq.dataverse.settings.FeatureFlags" />
+                    <div class="panel panel-default" rendered="#{FeatureFlags.ROLE_ASSIGNMENT_AUDITING.enabled()}">
                       <div data-toggle="collapse" data-target="#panelCollapseHistory" class="panel-heading text-info">
                         #{bundle['dataverse.permissions.history']} <span class="glyphicon glyphicon-chevron-down" /> <span class="text-muted small pull-right">#{bundle['dataverse.permissions.history.description']}</span>
                       </div>
@@ -385,14 +383,14 @@
                             </div>
                             <div class="button-block">
                                 <p:commandLink styleClass="btn btn-default" rendered="#{empty manageFilePermissionsPage.fileRequester}"
-                                               update="assignRoleContent userGroups restrictedFiles @if(#{RAAuditingEnabled}) roleAssignmentHistory @([id$=Messages])"
+                                               update="assignRoleContent userGroups restrictedFiles roleAssignmentHistory @([id$=Messages])"
                                                actionListener="#{manageFilePermissionsPage.grantAccess}" oncomplete="if (args &amp;&amp; !args.validationFailed) PF('assignWidget').hide();">
                                     <f:param name="DO_VALIDATION" value="true"/>
                                     <span class="glyphicon glyphicon-ok"/>
                                     <h:outputText value="#{bundle['dataverse.permissionsFiles.assignDialog.grantBtn']}"/>
                                 </p:commandLink>
                                 <p:commandLink styleClass="btn btn-default" rendered="#{!empty manageFilePermissionsPage.fileRequester}"
-                                               update="assignRoleContent userGroups fileAccessRequests restrictedFiles @if(#{RAAuditingEnabled}) roleAssignmentHistory @([id$=Messages])"
+                                               update="assignRoleContent userGroups fileAccessRequests restrictedFiles roleAssignmentHistory @([id$=Messages])"
                                                actionListener="#{manageFilePermissionsPage.grantAccessToRequests(manageFilePermissionsPage.fileRequester)}" oncomplete="PF('assignWidget').hide();">
                                     <span class="glyphicon glyphicon-ok"/>
                                     <h:outputText value="#{bundle['dataverse.permissionsFiles.assignDialog.grantBtn']}"/>
@@ -417,7 +415,7 @@
                             <p:commandButton styleClass="btn btn-default" value="#{bundle.continue}" onclick="PF('confirmation').hide()"
                                              action="#{manageFilePermissionsPage.removeRoleAssignments()}"
                                              process="@this"
-                                             update=":#{p:resolveClientId('rolesPermissionsForm:userGroups', view)} :#{p:resolveClientId('rolesPermissionsForm:restrictedFiles', view)} @if(#{RAAuditingEnabled}) roleAssignmentHistory @([id$=Messages])"
+                                             update=":#{p:resolveClientId('rolesPermissionsForm:userGroups', view)} :#{p:resolveClientId('rolesPermissionsForm:restrictedFiles', view)} roleAssignmentHistory @([id$=Messages])"
                                              oncomplete="PF('viewRemoveWidget').hide();"/>
                             <button class="btn btn-link" onclick="PF('confirmation').hide();" type="button">
                                 #{bundle.cancel}
diff --git a/src/main/webapp/permissions-manage.xhtml b/src/main/webapp/permissions-manage.xhtml
index 8be873ffe29..d44b0bb47cc 100644
--- a/src/main/webapp/permissions-manage.xhtml
+++ b/src/main/webapp/permissions-manage.xhtml
@@ -23,8 +23,6 @@
             <ui:param name="dataset" value="#{managePermissionsPage.dvObject.instanceofDataset ? managePermissionsPage.dvObject : null}"/>
             <ui:param name="version" value="#{managePermissionsPage.dvObject.instanceofDataset ? managePermissionsPage.dvObject.latestVersion : null}"/>
             <ui:param name="showMessagePanel" value="false"/>
-            <o:importConstants type="edu.harvard.iq.dataverse.settings.FeatureFlags" />
-            <ui:param name="RAAuditingEnabled" value="#{FeatureFlags.ROLE_ASSIGNMENT_AUDITING.enabled()}" />
             <ui:define name="body">
                 <h:form id="rolesPermissionsForm" styleClass="margin-top">
                     <div class="panel-group">
@@ -107,7 +105,7 @@
                                     <div class="margin-bottom text-right">
                                         <p:commandLink id="userGroupsAdd" styleClass="btn btn-default"
                                                        actionListener="#{managePermissionsPage.initAssigneeDialog}"
-                                                       update="userGroupDialog @if(#{RAAuditingEnabled}) roleAssignmentHistory"
+                                                       update="userGroupDialog roleAssignmentHistory"
                                                        oncomplete="PF('userGroupsForm').show();handleResizeDialog('userGroupDialog');">
                                             <span class="glyphicon glyphicon-user"/> #{bundle['dataverse.permissions.usersOrGroups.assignBtn']}
                                         </p:commandLink>
@@ -201,7 +199,7 @@
                             </div>
                         </div>
                         <!-- Role Assignment History Panel -->
-
+                        <o:importConstants type="edu.harvard.iq.dataverse.settings.FeatureFlags" />
                         <div class="panel panel-default" rendered="#{FeatureFlags.ROLE_ASSIGNMENT_AUDITING.enabled()}">
                           <div data-toggle="collapse" data-target="#panelCollapseHistory" class="panel-heading text-info">
                             #{bundle['dataverse.permissions.history']} <span class="glyphicon glyphicon-chevron-down" /> <span class="text-muted small pull-right">#{bundle['dataverse.permissions.history.description']}</span>
@@ -270,7 +268,7 @@
                         <div class="button-block">
                             <p:commandButton value="#{bundle.continue}" styleClass="btn btn-default" onclick="PF('confirmation').hide()" 
                                              action="#{managePermissionsPage.removeRoleAssignment()}" 
-                                             update=":#{p:resolveClientId('rolesPermissionsForm:configureSettings', view)} assignedRoles @if(#{RAAuditingEnabled}) roleAssignmentHistory @([id$=Messages])" />
+                                             update=":#{p:resolveClientId('rolesPermissionsForm:configureSettings', view)} assignedRoles roleAssignmentHistory @([id$=Messages])" />
                             <button class="btn btn-link" onclick="PF('confirmation').hide()" type="button">
                                 #{bundle.cancel}
                             </button>

From d3ab76bf39845aa02b96135c8bd8a80687d80fec Mon Sep 17 00:00:00 2001
From: Jim Myers <qqmyers@hotmail.com>
Date: Mon, 28 Apr 2025 16:12:05 -0400
Subject: [PATCH 035/634] update to fix 500 error re not finding ra history

---
 src/main/webapp/permissions-manage-files.xhtml | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/src/main/webapp/permissions-manage-files.xhtml b/src/main/webapp/permissions-manage-files.xhtml
index 282e1da9b17..1a93527dfef 100644
--- a/src/main/webapp/permissions-manage-files.xhtml
+++ b/src/main/webapp/permissions-manage-files.xhtml
@@ -95,7 +95,8 @@
                                                                            update=":#{p:resolveClientId('rolesPermissionsForm:userGroups', view)}
                                                                            :#{p:resolveClientId('rolesPermissionsForm:restrictedFiles', view)}
                                                                            #{p:resolveClientId('rolesPermissionsForm:usersGroups', view)}
-                                                                           roleAssignmentHistory @([id$=Messages])">
+                                                                           #{p:resolveClientId('rolesPermissionsForm:roleAssignmentHistory', view)}
+                                                                           @([id$=Messages])">
                                                                 <span class="glyphicon glyphicon-ok"/> #{bundle['dataverse.permissionsFiles.assignDialog.grantBtn']}
                                                             </p:commandLink>
                                                             <p:commandLink styleClass="btn btn-default"
@@ -103,7 +104,8 @@
                                                                            update=":#{p:resolveClientId('rolesPermissionsForm:userGroups', view)}
                                                                            :#{p:resolveClientId('rolesPermissionsForm:restrictedFiles', view)}
                                                                            #{p:resolveClientId('rolesPermissionsForm:usersGroups', view)}
-                                                                           roleAssignmentHistory @([id$=Messages])">
+                                                                           #{p:resolveClientId('rolesPermissionsForm:roleAssignmentHistory', view)}
+                                                                           @([id$=Messages])">
                                                                 <span class="glyphicon glyphicon-ban-circle"/> #{bundle['dataverse.permissionsFiles.assignDialog.rejectBtn']}
                                                             </p:commandLink>
                                                         </div>

From af6600f1a26483ad0cbf2d426ff9d9cc10b218fe Mon Sep 17 00:00:00 2001
From: Jim Myers <qqmyers@hotmail.com>
Date: Tue, 29 Apr 2025 08:56:53 -0400
Subject: [PATCH 036/634] word wrapping on perms form

---
 src/main/webapp/resources/css/structure.css | 1 +
 1 file changed, 1 insertion(+)

diff --git a/src/main/webapp/resources/css/structure.css b/src/main/webapp/resources/css/structure.css
index 4d83ddd489d..9e12a83f4a0 100644
--- a/src/main/webapp/resources/css/structure.css
+++ b/src/main/webapp/resources/css/structure.css
@@ -568,6 +568,7 @@ div.ui-tabs-panels .ui-tabs.ui-tabs-top .ui-tabs-nav.ui-widget-header {border-bo
 
 /* -------- PERMISSIONS -------- */
 div[id$='roleDisplay'] span.label, div[id$='roleDetails'] span.label {display:inline-block; margin-bottom:4px;}
+#rolesPermissionsForm {word-break:break-word;}
 
 /* -------- METRICS -------- */
 /* -- OLD LAYOUT, DATAVERSE -- */

From 4fca21b37d867aa20f31933c0c38144a3d85ca5f Mon Sep 17 00:00:00 2001
From: Jim Myers <qqmyers@hotmail.com>
Date: Mon, 7 Jul 2025 14:32:00 -0400
Subject: [PATCH 037/634] missing import

---
 .../java/edu/harvard/iq/dataverse/DataverseRoleServiceBean.java  | 1 +
 1 file changed, 1 insertion(+)

diff --git a/src/main/java/edu/harvard/iq/dataverse/DataverseRoleServiceBean.java b/src/main/java/edu/harvard/iq/dataverse/DataverseRoleServiceBean.java
index 09097be9c8e..a6e2a53dadd 100644
--- a/src/main/java/edu/harvard/iq/dataverse/DataverseRoleServiceBean.java
+++ b/src/main/java/edu/harvard/iq/dataverse/DataverseRoleServiceBean.java
@@ -14,6 +14,7 @@
 import java.util.Collection;
 import java.util.HashSet;
 import java.util.List;
+import java.util.Objects;
 import java.util.Set;
 import java.util.logging.Logger;
 import java.util.stream.Collectors;

From 8c0bfbf706b94cacfdc7a1fc803c0106af85203b Mon Sep 17 00:00:00 2001
From: Jim Myers <qqmyers@hotmail.com>
Date: Mon, 7 Jul 2025 17:22:12 -0400
Subject: [PATCH 038/634] refactor getting RA history

---
 .../dataverse/DataverseRoleServiceBean.java   | 162 ++++++++++++++++++
 .../dataverse/ManageFilePermissionsPage.java  |  48 +-----
 .../iq/dataverse/ManagePermissionsPage.java   | 111 +-----------
 3 files changed, 169 insertions(+), 152 deletions(-)

diff --git a/src/main/java/edu/harvard/iq/dataverse/DataverseRoleServiceBean.java b/src/main/java/edu/harvard/iq/dataverse/DataverseRoleServiceBean.java
index a6e2a53dadd..68fee4aacad 100644
--- a/src/main/java/edu/harvard/iq/dataverse/DataverseRoleServiceBean.java
+++ b/src/main/java/edu/harvard/iq/dataverse/DataverseRoleServiceBean.java
@@ -1,5 +1,6 @@
 package edu.harvard.iq.dataverse;
 
+import edu.harvard.iq.dataverse.DataverseRoleServiceBean.RoleAssignmentHistoryEntry;
 import edu.harvard.iq.dataverse.authorization.DataverseRole;
 import edu.harvard.iq.dataverse.authorization.Permission;
 import edu.harvard.iq.dataverse.authorization.RoleAssignee;
@@ -12,9 +13,13 @@
 import edu.harvard.iq.dataverse.search.SolrIndexServiceBean;
 import java.util.ArrayList;
 import java.util.Collection;
+import java.util.Comparator;
+import java.util.Date;
+import java.util.HashMap;
 import java.util.HashSet;
 import java.util.List;
 import java.util.Objects;
+import java.util.Map;
 import java.util.Set;
 import java.util.logging.Logger;
 import java.util.stream.Collectors;
@@ -367,5 +372,162 @@ For a given permission and dataverse Id get all of the roles (built-in or owned
         }
         return retVal;
     }
+    
+    /**
+     * Retrieves role assignment history for a specific definition point
+     * 
+     * @param definitionPointId The ID of the definition point
+     * @return List of role assignment history entries
+     */
+    public List<RoleAssignmentHistoryEntry> getRoleAssignmentHistory(Long definitionPointId) {
+        List<RoleAssignmentAudit> audits = em.createNamedQuery("RoleAssignmentAudit.findByDefinitionPointId", RoleAssignmentAudit.class)
+                .setParameter("definitionPointId", definitionPointId)
+                .getResultList();
+        
+        return processRoleAssignmentAudits(audits, false);
+    }
+
+    /**
+     * Retrieves role assignment history for all files in a dataset
+     * 
+     * @param datasetId The ID of the dataset
+     * @return List of role assignment history entries
+     */
+    public List<RoleAssignmentHistoryEntry> getChildRoleAssignmentHistory(Long datasetId) {
+        List<RoleAssignmentAudit> audits = em.createNamedQuery("RoleAssignmentAudit.findByOwnerId", RoleAssignmentAudit.class)
+                .setParameter("datasetId", datasetId)
+                .getResultList();
+        
+        return processRoleAssignmentAudits(audits, true);
+    }
+    
+    /**
+     * Common method to process role assignment audits and create history entries
+     * 
+     * @param audits List of role assignment audit records
+     * @param combineEntries Whether to combine entries for different files
+     * @return List of role assignment history entries
+     */
+    private List<RoleAssignmentHistoryEntry> processRoleAssignmentAudits(List<RoleAssignmentAudit> audits, boolean combineEntries) {
+        List<RoleAssignmentHistoryEntry> roleAssignmentHistory = new ArrayList<>();
+        Map<Long, RoleAssignmentHistoryEntry> historyMap = new HashMap<>();
+
+        // First pass: Create entries from audit records
+        for (RoleAssignmentAudit audit : audits) {
+            Long roleAssignmentId = audit.getRoleAssignmentId();
+            RoleAssignmentHistoryEntry entry = historyMap.get(roleAssignmentId);
+
+            if (entry == null) {
+                entry = new RoleAssignmentHistoryEntry(audit.getAssigneeIdentifier(), audit.getRoleAlias(), audit.getDefinitionPointId());
+                historyMap.put(roleAssignmentId, entry);
+            }
+
+            if (audit.getActionType() == RoleAssignmentAudit.ActionType.ASSIGN) {
+                entry.setAssignedBy(audit.getActionByIdentifier());
+                entry.setAssignedAt(audit.getActionTimestamp());
+            } else if (audit.getActionType() == RoleAssignmentAudit.ActionType.REVOKE) {
+                entry.setRevokedBy(audit.getActionByIdentifier());
+                entry.setRevokedAt(audit.getActionTimestamp());
+            }
+        }
+        
+        // Second pass: Combine entries with matching criteria if requested
+        if (combineEntries) {
+            Map<String, RoleAssignmentHistoryEntry> finalHistoryMap = new HashMap<>();
+            for (RoleAssignmentHistoryEntry entry : historyMap.values()) {
+                String key = entry.getAssigneeIdentifier() + "|" + entry.getRoleName() + "|" +
+                        entry.getAssignedBy() + "|" + entry.getAssignedAt() + "|" +
+                        entry.getRevokedBy() + "|" + entry.getRevokedAt();
+
+                RoleAssignmentHistoryEntry existingEntry = finalHistoryMap.get(key);
+                if (existingEntry == null) {
+                    finalHistoryMap.put(key, entry);
+                } else {
+                    existingEntry.addDefinitionPointId(entry.getDefinitionPointIds().get(0));
+                }
+            }
+            roleAssignmentHistory.addAll(finalHistoryMap.values());
+        } else {
+            roleAssignmentHistory.addAll(historyMap.values());
+        }
+
+        // Sort the entries
+        roleAssignmentHistory.sort(Comparator
+                .comparing(RoleAssignmentHistoryEntry::getRevokedAt, Comparator.nullsLast(Comparator.naturalOrder()))
+                .thenComparing(RoleAssignmentHistoryEntry::getAssignedAt, Comparator.nullsLast(Comparator.naturalOrder()))
+                .reversed());
 
+        return roleAssignmentHistory;
+    }
+
+    public static class RoleAssignmentHistoryEntry {
+        private String roleName;
+        private String assigneeIdentifier;
+        private String assignedBy;
+        private Date assignedAt;
+        private String revokedBy;
+        private Date revokedAt;
+        private List<Long> definitionPointIds;  // New field
+    
+        public RoleAssignmentHistoryEntry(String assigneeIdentifier, String roleName, Long definitionPointId) {
+            this.roleName = roleName;
+            this.assigneeIdentifier = assigneeIdentifier;
+            this.definitionPointIds = new ArrayList<Long>();
+            definitionPointIds.add(definitionPointId);
+        }
+    
+        public void setRevokedAt(Date actionTimestamp) {
+            revokedAt = actionTimestamp;
+        }
+    
+        public void setRevokedBy(String actionByIdentifier) {
+            revokedBy = actionByIdentifier;
+        }
+    
+        public void setAssignedAt(Date actionTimestamp) {
+            assignedAt = actionTimestamp;
+        }
+    
+        public void setAssignedBy(String actionByIdentifier) {
+            assignedBy = actionByIdentifier;
+        }
+    
+        public String getRoleName() {
+            return roleName;
+        }
+    
+        public String getAssigneeIdentifier() {
+            return assigneeIdentifier;
+        }
+    
+        public String getAssignedBy() {
+            return assignedBy;
+        }
+    
+        public Date getAssignedAt() {
+            return assignedAt;
+        }
+    
+        public String getRevokedBy() {
+            return revokedBy;
+        }
+    
+        public Date getRevokedAt() {
+            return revokedAt;
+        }
+    
+        public List<Long> getDefinitionPointIds() {
+            return definitionPointIds;
+        }
+    
+        public void addDefinitionPointId(Long definitionPointId) {
+            definitionPointIds.add(definitionPointId);
+        }
+        
+        public String getDefinitionPointIdsAsString() {
+            return definitionPointIds.stream()
+                    .map(Object::toString)
+                    .collect(Collectors.joining(", "));
+        }
+    }
 }
diff --git a/src/main/java/edu/harvard/iq/dataverse/ManageFilePermissionsPage.java b/src/main/java/edu/harvard/iq/dataverse/ManageFilePermissionsPage.java
index 33314ef4fd3..1cd59bbdf57 100644
--- a/src/main/java/edu/harvard/iq/dataverse/ManageFilePermissionsPage.java
+++ b/src/main/java/edu/harvard/iq/dataverse/ManageFilePermissionsPage.java
@@ -5,7 +5,7 @@
  */
 package edu.harvard.iq.dataverse;
 
-import edu.harvard.iq.dataverse.ManagePermissionsPage.RoleAssignmentHistoryEntry;
+import edu.harvard.iq.dataverse.DataverseRoleServiceBean.RoleAssignmentHistoryEntry;
 import edu.harvard.iq.dataverse.api.Util;
 import edu.harvard.iq.dataverse.authorization.AuthenticationProvider;
 import edu.harvard.iq.dataverse.authorization.AuthenticationServiceBean;
@@ -544,51 +544,7 @@ private boolean assignRole(RoleAssignee ra,  DataFile file, DataverseRole r) {
 
     public List<RoleAssignmentHistoryEntry> getRoleAssignmentHistory() {
         if (roleAssignmentHistory == null) {
-            roleAssignmentHistory = new ArrayList<>();
-            
-            List<RoleAssignmentAudit> audits = em.createNamedQuery("RoleAssignmentAudit.findByOwnerId", RoleAssignmentAudit.class)
-                    .setParameter("datasetId", dataset.getId())
-                    .getResultList();
-            
-            Map<Long, RoleAssignmentHistoryEntry> historyMap = new HashMap<>();
-            
-            for (RoleAssignmentAudit audit : audits) {
-                Long roleAssignmentId = audit.getRoleAssignmentId();
-                RoleAssignmentHistoryEntry entry = historyMap.get(roleAssignmentId);
-                
-                if (entry == null) {
-                    entry = new RoleAssignmentHistoryEntry(audit.getAssigneeIdentifier(), audit.getRoleAlias(), audit.getDefinitionPointId()  );
-                    historyMap.put(roleAssignmentId, entry);
-                }
-                
-                if (audit.getActionType() == RoleAssignmentAudit.ActionType.ASSIGN) {
-                    entry.setAssignedBy(audit.getActionByIdentifier());
-                    entry.setAssignedAt(audit.getActionTimestamp());
-                } else if (audit.getActionType() == RoleAssignmentAudit.ActionType.REVOKE) {
-                    entry.setRevokedBy(audit.getActionByIdentifier());
-                    entry.setRevokedAt(audit.getActionTimestamp());
-                }
-            }
-            // Second pass: Combine entries with matching criteria
-            Map<String, RoleAssignmentHistoryEntry> finalHistoryMap = new HashMap<>();
-            for (RoleAssignmentHistoryEntry entry : historyMap.values()) {
-                String key = entry.getAssigneeIdentifier() + "|" + entry.getRoleName() + "|" +
-                             entry.getAssignedBy() + "|" + entry.getAssignedAt() + "|" +
-                             entry.getRevokedBy() + "|" + entry.getRevokedAt();
-                
-                RoleAssignmentHistoryEntry existingEntry = finalHistoryMap.get(key);
-                if (existingEntry == null) {
-                    finalHistoryMap.put(key, entry);
-                } else {
-                    existingEntry.addDefinitionPointId(entry.getDefinitionPointIds().get(0));
-                }
-            }
-            
-            roleAssignmentHistory.addAll(finalHistoryMap.values());
-            roleAssignmentHistory.sort(Comparator
-                    .comparing(RoleAssignmentHistoryEntry::getRevokedAt, Comparator.nullsLast(Comparator.naturalOrder()))
-                    .thenComparing(RoleAssignmentHistoryEntry::getAssignedAt, Comparator.nullsLast(Comparator.naturalOrder()))
-                    .reversed());
+            roleAssignmentHistory = roleService.getChildRoleAssignmentHistory(dataset.getId());
         }
         return roleAssignmentHistory;
     }
diff --git a/src/main/java/edu/harvard/iq/dataverse/ManagePermissionsPage.java b/src/main/java/edu/harvard/iq/dataverse/ManagePermissionsPage.java
index ff638a88866..9401f112d51 100644
--- a/src/main/java/edu/harvard/iq/dataverse/ManagePermissionsPage.java
+++ b/src/main/java/edu/harvard/iq/dataverse/ManagePermissionsPage.java
@@ -35,7 +35,6 @@
 import java.util.Set;
 import java.util.logging.Level;
 import java.util.logging.Logger;
-import java.util.stream.Collectors;
 
 import jakarta.ejb.EJB;
 import jakarta.faces.application.FacesMessage;
@@ -238,42 +237,13 @@ public void editRole(String roleId) {
     }
     
     /** Role Assignment History */
-    private List<RoleAssignmentHistoryEntry> roleAssignmentHistory;
+    private List<DataverseRoleServiceBean.RoleAssignmentHistoryEntry> roleAssignmentHistory;
 
-    public List<RoleAssignmentHistoryEntry> getRoleAssignmentHistory() {
+    public List<DataverseRoleServiceBean.RoleAssignmentHistoryEntry> getRoleAssignmentHistory() {
+        
         if (roleAssignmentHistory == null) {
-            roleAssignmentHistory = new ArrayList<>();
-            
-            List<RoleAssignmentAudit> audits = em.createNamedQuery("RoleAssignmentAudit.findByDefinitionPointId", RoleAssignmentAudit.class)
-                    .setParameter("definitionPointId", dvObject.getId())
-                    .getResultList();
-            
-            Map<Long, RoleAssignmentHistoryEntry> historyMap = new HashMap<>();
-            
-            for (RoleAssignmentAudit audit : audits) {
-                Long roleAssignmentId = audit.getRoleAssignmentId();
-                RoleAssignmentHistoryEntry entry = historyMap.get(roleAssignmentId);
-                
-                if (entry == null) {
-                    entry = new RoleAssignmentHistoryEntry(audit.getAssigneeIdentifier(), audit.getRoleAlias(), audit.getDefinitionPointId());
-                    historyMap.put(roleAssignmentId, entry);
-                }
-                
-                if (audit.getActionType() == RoleAssignmentAudit.ActionType.ASSIGN) {
-                    entry.setAssignedBy(audit.getActionByIdentifier());
-                    entry.setAssignedAt(audit.getActionTimestamp());
-                } else if (audit.getActionType() == RoleAssignmentAudit.ActionType.REVOKE) {
-                    entry.setRevokedBy(audit.getActionByIdentifier());
-                    entry.setRevokedAt(audit.getActionTimestamp());
-                }
-            }
-
-            roleAssignmentHistory.addAll(historyMap.values());
-            roleAssignmentHistory.sort(Comparator
-                    .comparing(RoleAssignmentHistoryEntry::getRevokedAt, Comparator.nullsLast(Comparator.naturalOrder()))
-                    .thenComparing(RoleAssignmentHistoryEntry::getAssignedAt, Comparator.nullsLast(Comparator.naturalOrder()))
-                    .reversed());
-        };
+            roleAssignmentHistory = roleService.getRoleAssignmentHistory(dvObject.getId());
+        }
         return roleAssignmentHistory;
     }
     
@@ -763,75 +733,4 @@ public Long getId() {
         }
 
     }
-    
-    public static class RoleAssignmentHistoryEntry {
-        private String roleName;
-        private String assigneeIdentifier;
-        private String assignedBy;
-        private Date assignedAt;
-        private String revokedBy;
-        private Date revokedAt;
-        private List<Long> definitionPointIds;  // New field
-
-        public RoleAssignmentHistoryEntry(String assigneeIdentifier, String roleName, Long definitionPointId) {
-            this.roleName = roleName;
-            this.assigneeIdentifier = assigneeIdentifier;
-            this.definitionPointIds = new ArrayList<Long>();
-            definitionPointIds.add(definitionPointId);
-        }
-
-        public void setRevokedAt(Date actionTimestamp) {
-            revokedAt = actionTimestamp;
-        }
-
-        public void setRevokedBy(String actionByIdentifier) {
-            revokedBy = actionByIdentifier;
-        }
-
-        public void setAssignedAt(Date actionTimestamp) {
-            assignedAt = actionTimestamp;
-        }
-
-        public void setAssignedBy(String actionByIdentifier) {
-            assignedBy = actionByIdentifier;
-        }
-
-        public String getRoleName() {
-            return roleName;
-        }
-
-        public String getAssigneeIdentifier() {
-            return assigneeIdentifier;
-        }
-
-        public String getAssignedBy() {
-            return assignedBy;
-        }
-
-        public Date getAssignedAt() {
-            return assignedAt;
-        }
-
-        public String getRevokedBy() {
-            return revokedBy;
-        }
-
-        public Date getRevokedAt() {
-            return revokedAt;
-        }
-
-        public List<Long> getDefinitionPointIds() {
-            return definitionPointIds;
-        }
-
-        public void addDefinitionPointId(Long definitionPointId) {
-            definitionPointIds.add(definitionPointId);
-        }
-        
-        public String getDefinitionPointIdsAsString() {
-            return definitionPointIds.stream()
-                    .map(Object::toString)
-                    .collect(Collectors.joining(", "));
-        }
-    }
 }

From 859d0ab515f97eb449adad1f37bdb2daf1b3f067 Mon Sep 17 00:00:00 2001
From: Jim Myers <qqmyers@hotmail.com>
Date: Mon, 7 Jul 2025 17:22:20 -0400
Subject: [PATCH 039/634] api call

---
 .../harvard/iq/dataverse/api/Datasets.java    | 55 +++++++++++++++++++
 1 file changed, 55 insertions(+)

diff --git a/src/main/java/edu/harvard/iq/dataverse/api/Datasets.java b/src/main/java/edu/harvard/iq/dataverse/api/Datasets.java
index 878ebde0504..b818595400a 100644
--- a/src/main/java/edu/harvard/iq/dataverse/api/Datasets.java
+++ b/src/main/java/edu/harvard/iq/dataverse/api/Datasets.java
@@ -3,6 +3,7 @@
 import edu.harvard.iq.dataverse.*;
 import edu.harvard.iq.dataverse.DatasetLock.Reason;
 import edu.harvard.iq.dataverse.DatasetVersion.VersionState;
+import edu.harvard.iq.dataverse.DataverseRoleServiceBean.RoleAssignmentHistoryEntry;
 import edu.harvard.iq.dataverse.actionlogging.ActionLogRecord;
 import edu.harvard.iq.dataverse.api.auth.AuthRequired;
 import edu.harvard.iq.dataverse.api.dto.RoleAssignmentDTO;
@@ -5988,5 +5989,59 @@ public Response deleteVersionNote(@Context ContainerRequestContext crc, @PathPar
             return ok("Note deleted");
         }, getRequestUser(crc));
     }
+    
+    @GET
+    @AuthRequired
+    @Path("{identifier}/permissions/history")
+    public Response getRoleAssignmentHistory(@Context ContainerRequestContext crc, @PathParam("identifier") String id) {
+        return response(req -> {
+            Dataset dataset = findDatasetOrDie(id);
+            
+            // user is authenticated
+            AuthenticatedUser authenticatedUser = null;
+            try {
+                authenticatedUser = getRequestAuthenticatedUserOrDie(crc);
+            } catch (WrappedResponse ex) {
+                return error(Status.UNAUTHORIZED, "Authentication is required.");
+            }
+            
+            // Check if the user has permission to manage permissions for this dataset
+            if (!permissionService.userOn(authenticatedUser, dataset).has(Permission.ManageDatasetPermissions)) {
+                return error(Status.FORBIDDEN, "You do not have permission to view the role assignment history for this dataset");
+            }
+            
+            // Get the role assignment history
+            ManagePermissionsPage managePermissionsPage = new ManagePermissionsPage();
+            managePermissionsPage.setDvObject(dataset);
+            List<DataverseRoleServiceBean.RoleAssignmentHistoryEntry> history = managePermissionsPage.getRoleAssignmentHistory();
+            
+            // Convert to JSON array
+            JsonArrayBuilder jsonArray = Json.createArrayBuilder();
+            for (DataverseRoleServiceBean.RoleAssignmentHistoryEntry entry : history) {
+                JsonObjectBuilder job = Json.createObjectBuilder()
+                    .add("assigneeIdentifier", entry.getAssigneeIdentifier())
+                    .add("roleName", entry.getRoleName())
+                    .add("assignedBy", entry.getAssignedBy())
+                    .add("assignedAt", entry.getAssignedAt().toString());
+                
+                // Add revocation info if available
+                if (entry.getRevokedBy() != null) {
+                    job.add("revokedBy", entry.getRevokedBy());
+                } else {
+                    job.add("revokedBy", JsonValue.NULL);
+                }
+                
+                if (entry.getRevokedAt() != null) {
+                    job.add("revokedAt", entry.getRevokedAt().toString());
+                } else {
+                    job.add("revokedAt", JsonValue.NULL);
+                }
+                
+                jsonArray.add(job);
+            }
+            
+            return ok(jsonArray);
+        }, getRequestUser(crc));
+    }
 
 }

From 1c87cef8bfbcd437fde6454d20ba75c7665d7e1f Mon Sep 17 00:00:00 2001
From: Jim Myers <qqmyers@hotmail.com>
Date: Wed, 16 Jul 2025 17:07:42 -0400
Subject: [PATCH 040/634] remove unused imports

---
 .../java/edu/harvard/iq/dataverse/ManagePermissionsPage.java   | 3 ---
 1 file changed, 3 deletions(-)

diff --git a/src/main/java/edu/harvard/iq/dataverse/ManagePermissionsPage.java b/src/main/java/edu/harvard/iq/dataverse/ManagePermissionsPage.java
index 9401f112d51..4fbf520154b 100644
--- a/src/main/java/edu/harvard/iq/dataverse/ManagePermissionsPage.java
+++ b/src/main/java/edu/harvard/iq/dataverse/ManagePermissionsPage.java
@@ -26,12 +26,9 @@
 import java.util.ArrayList;
 import java.util.Arrays;
 import java.util.Collections;
-import java.util.Comparator;
 import java.util.Date;
-import java.util.HashMap;
 import java.util.LinkedList;
 import java.util.List;
-import java.util.Map;
 import java.util.Set;
 import java.util.logging.Level;
 import java.util.logging.Logger;

From a6a1ab1890e2505977088ca067554b838cc6d014 Mon Sep 17 00:00:00 2001
From: Jim Myers <qqmyers@hotmail.com>
Date: Wed, 16 Jul 2025 17:07:54 -0400
Subject: [PATCH 041/634] api call with i18n and csv option

---
 .../harvard/iq/dataverse/api/Datasets.java    | 76 ++++++++++++++-----
 1 file changed, 59 insertions(+), 17 deletions(-)

diff --git a/src/main/java/edu/harvard/iq/dataverse/api/Datasets.java b/src/main/java/edu/harvard/iq/dataverse/api/Datasets.java
index b818595400a..67f6e552057 100644
--- a/src/main/java/edu/harvard/iq/dataverse/api/Datasets.java
+++ b/src/main/java/edu/harvard/iq/dataverse/api/Datasets.java
@@ -5993,10 +5993,13 @@ public Response deleteVersionNote(@Context ContainerRequestContext crc, @PathPar
     @GET
     @AuthRequired
     @Path("{identifier}/permissions/history")
-    public Response getRoleAssignmentHistory(@Context ContainerRequestContext crc, @PathParam("identifier") String id) {
+    @Produces({ MediaType.APPLICATION_JSON, "text/csv" })
+    public Response getRoleAssignmentHistory(@Context ContainerRequestContext crc,
+            @PathParam("identifier") String id,
+            @Context HttpHeaders headers) {
         return response(req -> {
             Dataset dataset = findDatasetOrDie(id);
-            
+
             // user is authenticated
             AuthenticatedUser authenticatedUser = null;
             try {
@@ -6004,42 +6007,81 @@ public Response getRoleAssignmentHistory(@Context ContainerRequestContext crc, @
             } catch (WrappedResponse ex) {
                 return error(Status.UNAUTHORIZED, "Authentication is required.");
             }
-            
+
             // Check if the user has permission to manage permissions for this dataset
             if (!permissionService.userOn(authenticatedUser, dataset).has(Permission.ManageDatasetPermissions)) {
                 return error(Status.FORBIDDEN, "You do not have permission to view the role assignment history for this dataset");
             }
-            
+
             // Get the role assignment history
-            ManagePermissionsPage managePermissionsPage = new ManagePermissionsPage();
-            managePermissionsPage.setDvObject(dataset);
-            List<DataverseRoleServiceBean.RoleAssignmentHistoryEntry> history = managePermissionsPage.getRoleAssignmentHistory();
-            
-            // Convert to JSON array
+            List<DataverseRoleServiceBean.RoleAssignmentHistoryEntry> history = dataverseRoleService.getRoleAssignmentHistory(dataset.getId());
+
+            List<MediaType> acceptedTypes = headers.getAcceptableMediaTypes();
+            boolean wantCSV = acceptedTypes.stream()
+                    .anyMatch(mt -> mt.toString().equals("text/csv"));
+
+            if (wantCSV) {
+                String assigneeHeader = BundleUtil.getStringFromBundle("datasets.api.permissions.history.assignee");
+                String roleHeader = BundleUtil.getStringFromBundle("datasets.api.permissions.history.role");
+                String assignedByHeader = BundleUtil.getStringFromBundle("datasets.api.permissions.history.assignedBy");
+                String assignedAtHeader = BundleUtil.getStringFromBundle("datasets.api.permissions.history.assignedAt");
+                String revokedByHeader = BundleUtil.getStringFromBundle("datasets.api.permissions.history.revokedBy");
+                String revokedAtHeader = BundleUtil.getStringFromBundle("datasets.api.permissions.history.revokedAt");
+
+                // Generate CSV response
+                StringBuilder csvBuilder = new StringBuilder();
+                // Add CSV header with internationalized column names
+                csvBuilder.append(assigneeHeader).append(",")
+                        .append(roleHeader).append(",")
+                        .append(assignedByHeader).append(",")
+                        .append(assignedAtHeader).append(",")
+                        .append(revokedByHeader).append(",")
+                        .append(revokedAtHeader).append("\n");
+
+                // Add data rows
+                for (DataverseRoleServiceBean.RoleAssignmentHistoryEntry entry : history) {
+                    csvBuilder.append(entry.getAssigneeIdentifier()).append(",");
+                    csvBuilder.append(entry.getRoleName()).append(",");
+                    csvBuilder.append(entry.getAssignedBy()).append(",");
+                    csvBuilder.append(entry.getAssignedAt().toString()).append(",");
+
+                    // Handle nullable fields
+                    csvBuilder.append(entry.getRevokedBy() != null ? entry.getRevokedBy() : "").append(",");
+                    csvBuilder.append(entry.getRevokedAt() != null ? entry.getRevokedAt().toString() : "");
+                    csvBuilder.append("\n");
+                }
+
+                return Response.ok()
+                        .entity(csvBuilder.toString())
+                        .type("text/csv")
+                        .header("Content-Disposition", "attachment; filename=permissions_history.csv")
+                        .build();
+            }
+            // Or Json by default
             JsonArrayBuilder jsonArray = Json.createArrayBuilder();
             for (DataverseRoleServiceBean.RoleAssignmentHistoryEntry entry : history) {
                 JsonObjectBuilder job = Json.createObjectBuilder()
-                    .add("assigneeIdentifier", entry.getAssigneeIdentifier())
-                    .add("roleName", entry.getRoleName())
-                    .add("assignedBy", entry.getAssignedBy())
-                    .add("assignedAt", entry.getAssignedAt().toString());
-                
+                        .add("assigneeIdentifier", entry.getAssigneeIdentifier())
+                        .add("roleName", entry.getRoleName())
+                        .add("assignedBy", entry.getAssignedBy())
+                        .add("assignedAt", entry.getAssignedAt().toString());
+
                 // Add revocation info if available
                 if (entry.getRevokedBy() != null) {
                     job.add("revokedBy", entry.getRevokedBy());
                 } else {
                     job.add("revokedBy", JsonValue.NULL);
                 }
-                
+
                 if (entry.getRevokedAt() != null) {
                     job.add("revokedAt", entry.getRevokedAt().toString());
                 } else {
                     job.add("revokedAt", JsonValue.NULL);
                 }
-                
+
                 jsonArray.add(job);
             }
-            
+
             return ok(jsonArray);
         }, getRequestUser(crc));
     }

From c2c54dce9229fee7a4b5cb2db44528fd411d7dbf Mon Sep 17 00:00:00 2001
From: Jim Myers <qqmyers@hotmail.com>
Date: Wed, 16 Jul 2025 17:08:23 -0400
Subject: [PATCH 042/634] dataset/dataverse button to download csv

---
 src/main/webapp/permissions-manage.xhtml | 35 ++++++++++++++++++++++++
 1 file changed, 35 insertions(+)

diff --git a/src/main/webapp/permissions-manage.xhtml b/src/main/webapp/permissions-manage.xhtml
index d44b0bb47cc..ef9d9345b32 100644
--- a/src/main/webapp/permissions-manage.xhtml
+++ b/src/main/webapp/permissions-manage.xhtml
@@ -207,6 +207,41 @@
                           <div id="panelCollapseHistory" class="collapse">
                             <p:panel id="historyPanel" deferred="true" deferredMode="visible">
                                 <div class="panel-body">
+                                    <div class="button-group margin-bottom text-right">
+                                        <h:outputLink value="#{request.contextPath}/api/datasets/#{managePermissionsPage.dvObject.id}/permissions/history" 
+                                                     styleClass="btn btn-default" 
+                                                     rendered="#{managePermissionsPage.dvObject.instanceofDataset}"
+                                                     onclick="downloadCSV(this.href, 'dataset_permissions_history.csv'); return false;">
+                                            <span class="glyphicon glyphicon-download"></span> #{bundle['dataverse.permissions.history.download']}
+                                        </h:outputLink>
+                                        <h:outputLink value="#{request.contextPath}/api/dataverses/#{managePermissionsPage.dvObject.id}/permissions/history" 
+                                                     styleClass="btn btn-default" 
+                                                     rendered="#{managePermissionsPage.dvObject.instanceofDataverse}"
+                                                     onclick="downloadCSV(this.href, 'dataverse_permissions_history.csv'); return false;">
+                                            <span class="glyphicon glyphicon-download"></span> #{bundle['dataverse.permissions.history.download']}
+                                        </h:outputLink>
+                                    </div>
+
+                                    <script type="text/javascript">
+                                        function downloadCSV(url, filename) {
+                                            var xhr = new XMLHttpRequest();
+                                            xhr.open('GET', url, true);
+                                            xhr.setRequestHeader('Accept', 'text/csv');
+                                            xhr.responseType = 'blob';
+                                            
+                                            xhr.onload = function() {
+                                                if (this.status === 200) {
+                                                    var blob = new Blob([this.response], {type: 'text/csv'});
+                                                    var link = document.createElement('a');
+                                                    link.href = window.URL.createObjectURL(blob);
+                                                    link.download = filename;
+                                                    link.click();
+                                                }
+                                            };
+                                            
+                                            xhr.send();
+                                        }
+                                    </script>
                                     <p:dataTable id="roleAssignmentHistory" widgetVar="roleAssignmentHistory" var="historyEntry" value="#{managePermissionsPage.roleAssignmentHistory}"
                                         sortMode="multiple" paginator="true" rows="10"
                                         paginatorTemplate="{CurrentPageReport} {FirstPageLink} {PreviousPageLink} {PageLinks} {NextPageLink} {LastPageLink} {RowsPerPageDropdown}"

From b1b4503a5d43be52fd9609b29943e4daf7c052a0 Mon Sep 17 00:00:00 2001
From: Jim Myers <qqmyers@hotmail.com>
Date: Thu, 17 Jul 2025 13:46:32 -0400
Subject: [PATCH 043/634] refactor, apis for all three types

---
 .../iq/dataverse/api/AbstractApiBean.java     | 90 +++++++++++++++++++
 .../harvard/iq/dataverse/api/Datasets.java    | 76 +---------------
 .../harvard/iq/dataverse/api/Dataverses.java  | 23 +++++
 .../edu/harvard/iq/dataverse/api/Files.java   | 23 +++++
 4 files changed, 137 insertions(+), 75 deletions(-)

diff --git a/src/main/java/edu/harvard/iq/dataverse/api/AbstractApiBean.java b/src/main/java/edu/harvard/iq/dataverse/api/AbstractApiBean.java
index 018657bff4d..a6562b7c1d9 100644
--- a/src/main/java/edu/harvard/iq/dataverse/api/AbstractApiBean.java
+++ b/src/main/java/edu/harvard/iq/dataverse/api/AbstractApiBean.java
@@ -5,6 +5,7 @@
 import static edu.harvard.iq.dataverse.api.Datasets.handleVersion;
 import edu.harvard.iq.dataverse.authorization.AuthenticationServiceBean;
 import edu.harvard.iq.dataverse.authorization.DataverseRole;
+import edu.harvard.iq.dataverse.authorization.Permission;
 import edu.harvard.iq.dataverse.authorization.RoleAssignee;
 import edu.harvard.iq.dataverse.authorization.groups.GroupServiceBean;
 import edu.harvard.iq.dataverse.authorization.users.AuthenticatedUser;
@@ -45,6 +46,7 @@
 import jakarta.validation.constraints.NotNull;
 import jakarta.ws.rs.container.ContainerRequestContext;
 import jakarta.ws.rs.core.Context;
+import jakarta.ws.rs.core.HttpHeaders;
 import jakarta.ws.rs.core.MediaType;
 import jakarta.ws.rs.core.Response;
 import jakarta.ws.rs.core.Response.ResponseBuilder;
@@ -643,6 +645,94 @@ protected DatasetFieldType findDatasetFieldType(String idtf) throws NumberFormat
         return isNumeric(idtf) ? datasetFieldSvc.find(Long.parseLong(idtf))
                 : datasetFieldSvc.findByNameOpt(idtf);
     }
+    
+    /**
+     * Gets role assignment history for a DvObject (Dataset, Dataverse, or DataFile)
+     * 
+     * @param dvObject The DvObject to get history for
+     * @param authenticatedUser The authenticated user making the request
+     * @param headers HTTP headers from the request (for content negotiation)
+     * @return Response containing history in JSON or CSV format
+     */
+    protected Response getRoleAssignmentHistoryResponse(DvObject dvObject, AuthenticatedUser authenticatedUser, HttpHeaders headers) {
+        // Check if the user has permission to manage permissions for this object
+        if (!permissionSvc.userOn(authenticatedUser, dvObject).has(Permission.ManageDatasetPermissions)) {
+            return error(Status.FORBIDDEN, "You do not have permission to view the role assignment history for this " + dvObject.getClass().getSimpleName().toLowerCase());
+        }
+
+        // Get the role assignment history
+        List<DataverseRoleServiceBean.RoleAssignmentHistoryEntry> history = rolesSvc.getRoleAssignmentHistory(dvObject.getId());
+
+        List<MediaType> acceptedTypes = headers.getAcceptableMediaTypes();
+        boolean wantCSV = acceptedTypes.stream()
+                .anyMatch(mt -> mt.toString().equals("text/csv"));
+
+        if (wantCSV) {
+            String assigneeHeader = BundleUtil.getStringFromBundle("datasets.api.permissions.history.assignee");
+            String roleHeader = BundleUtil.getStringFromBundle("datasets.api.permissions.history.role");
+            String assignedByHeader = BundleUtil.getStringFromBundle("datasets.api.permissions.history.assignedBy");
+            String assignedAtHeader = BundleUtil.getStringFromBundle("datasets.api.permissions.history.assignedAt");
+            String revokedByHeader = BundleUtil.getStringFromBundle("datasets.api.permissions.history.revokedBy");
+            String revokedAtHeader = BundleUtil.getStringFromBundle("datasets.api.permissions.history.revokedAt");
+
+            // Generate CSV response
+            StringBuilder csvBuilder = new StringBuilder();
+            // Add CSV header with internationalized column names
+            csvBuilder.append(assigneeHeader).append(",")
+                    .append(roleHeader).append(",")
+                    .append(assignedByHeader).append(",")
+                    .append(assignedAtHeader).append(",")
+                    .append(revokedByHeader).append(",")
+                    .append(revokedAtHeader).append("\n");
+
+            // Add data rows
+            for (DataverseRoleServiceBean.RoleAssignmentHistoryEntry entry : history) {
+                csvBuilder.append(entry.getAssigneeIdentifier()).append(",");
+                csvBuilder.append(entry.getRoleName()).append(",");
+                csvBuilder.append(entry.getAssignedBy()).append(",");
+                csvBuilder.append(entry.getAssignedAt().toString()).append(",");
+
+                // Handle nullable fields
+                csvBuilder.append(entry.getRevokedBy() != null ? entry.getRevokedBy() : "").append(",");
+                csvBuilder.append(entry.getRevokedAt() != null ? entry.getRevokedAt().toString() : "");
+                csvBuilder.append("\n");
+            }
+
+            String objectType = dvObject.getClass().getSimpleName().toLowerCase();
+            return Response.ok()
+                    .entity(csvBuilder.toString())
+                    .type("text/csv")
+                    .header("Content-Disposition", "attachment; filename=" + objectType + "_permissions_history.csv")
+                    .build();
+        }
+        
+        // Or Json by default
+        JsonArrayBuilder jsonArray = Json.createArrayBuilder();
+        for (DataverseRoleServiceBean.RoleAssignmentHistoryEntry entry : history) {
+            JsonObjectBuilder job = Json.createObjectBuilder()
+                    .add("assigneeIdentifier", entry.getAssigneeIdentifier())
+                    .add("roleName", entry.getRoleName())
+                    .add("assignedBy", entry.getAssignedBy())
+                    .add("assignedAt", entry.getAssignedAt().toString());
+
+            // Add revocation info if available
+            if (entry.getRevokedBy() != null) {
+                job.add("revokedBy", entry.getRevokedBy());
+            } else {
+                job.add("revokedBy", JsonValue.NULL);
+            }
+
+            if (entry.getRevokedAt() != null) {
+                job.add("revokedAt", entry.getRevokedAt().toString());
+            } else {
+                job.add("revokedAt", JsonValue.NULL);
+            }
+
+            jsonArray.add(job);
+        }
+
+        return ok(jsonArray);
+    }
 
     /* =================== *\
      *  Command Execution  *
diff --git a/src/main/java/edu/harvard/iq/dataverse/api/Datasets.java b/src/main/java/edu/harvard/iq/dataverse/api/Datasets.java
index 67f6e552057..9bbf191dda1 100644
--- a/src/main/java/edu/harvard/iq/dataverse/api/Datasets.java
+++ b/src/main/java/edu/harvard/iq/dataverse/api/Datasets.java
@@ -6008,81 +6008,7 @@ public Response getRoleAssignmentHistory(@Context ContainerRequestContext crc,
                 return error(Status.UNAUTHORIZED, "Authentication is required.");
             }
 
-            // Check if the user has permission to manage permissions for this dataset
-            if (!permissionService.userOn(authenticatedUser, dataset).has(Permission.ManageDatasetPermissions)) {
-                return error(Status.FORBIDDEN, "You do not have permission to view the role assignment history for this dataset");
-            }
-
-            // Get the role assignment history
-            List<DataverseRoleServiceBean.RoleAssignmentHistoryEntry> history = dataverseRoleService.getRoleAssignmentHistory(dataset.getId());
-
-            List<MediaType> acceptedTypes = headers.getAcceptableMediaTypes();
-            boolean wantCSV = acceptedTypes.stream()
-                    .anyMatch(mt -> mt.toString().equals("text/csv"));
-
-            if (wantCSV) {
-                String assigneeHeader = BundleUtil.getStringFromBundle("datasets.api.permissions.history.assignee");
-                String roleHeader = BundleUtil.getStringFromBundle("datasets.api.permissions.history.role");
-                String assignedByHeader = BundleUtil.getStringFromBundle("datasets.api.permissions.history.assignedBy");
-                String assignedAtHeader = BundleUtil.getStringFromBundle("datasets.api.permissions.history.assignedAt");
-                String revokedByHeader = BundleUtil.getStringFromBundle("datasets.api.permissions.history.revokedBy");
-                String revokedAtHeader = BundleUtil.getStringFromBundle("datasets.api.permissions.history.revokedAt");
-
-                // Generate CSV response
-                StringBuilder csvBuilder = new StringBuilder();
-                // Add CSV header with internationalized column names
-                csvBuilder.append(assigneeHeader).append(",")
-                        .append(roleHeader).append(",")
-                        .append(assignedByHeader).append(",")
-                        .append(assignedAtHeader).append(",")
-                        .append(revokedByHeader).append(",")
-                        .append(revokedAtHeader).append("\n");
-
-                // Add data rows
-                for (DataverseRoleServiceBean.RoleAssignmentHistoryEntry entry : history) {
-                    csvBuilder.append(entry.getAssigneeIdentifier()).append(",");
-                    csvBuilder.append(entry.getRoleName()).append(",");
-                    csvBuilder.append(entry.getAssignedBy()).append(",");
-                    csvBuilder.append(entry.getAssignedAt().toString()).append(",");
-
-                    // Handle nullable fields
-                    csvBuilder.append(entry.getRevokedBy() != null ? entry.getRevokedBy() : "").append(",");
-                    csvBuilder.append(entry.getRevokedAt() != null ? entry.getRevokedAt().toString() : "");
-                    csvBuilder.append("\n");
-                }
-
-                return Response.ok()
-                        .entity(csvBuilder.toString())
-                        .type("text/csv")
-                        .header("Content-Disposition", "attachment; filename=permissions_history.csv")
-                        .build();
-            }
-            // Or Json by default
-            JsonArrayBuilder jsonArray = Json.createArrayBuilder();
-            for (DataverseRoleServiceBean.RoleAssignmentHistoryEntry entry : history) {
-                JsonObjectBuilder job = Json.createObjectBuilder()
-                        .add("assigneeIdentifier", entry.getAssigneeIdentifier())
-                        .add("roleName", entry.getRoleName())
-                        .add("assignedBy", entry.getAssignedBy())
-                        .add("assignedAt", entry.getAssignedAt().toString());
-
-                // Add revocation info if available
-                if (entry.getRevokedBy() != null) {
-                    job.add("revokedBy", entry.getRevokedBy());
-                } else {
-                    job.add("revokedBy", JsonValue.NULL);
-                }
-
-                if (entry.getRevokedAt() != null) {
-                    job.add("revokedAt", entry.getRevokedAt().toString());
-                } else {
-                    job.add("revokedAt", JsonValue.NULL);
-                }
-
-                jsonArray.add(job);
-            }
-
-            return ok(jsonArray);
+            return getRoleAssignmentHistoryResponse(dataset, authenticatedUser, headers);
         }, getRequestUser(crc));
     }
 
diff --git a/src/main/java/edu/harvard/iq/dataverse/api/Dataverses.java b/src/main/java/edu/harvard/iq/dataverse/api/Dataverses.java
index b1d56b6b8a9..cc850dee1f4 100644
--- a/src/main/java/edu/harvard/iq/dataverse/api/Dataverses.java
+++ b/src/main/java/edu/harvard/iq/dataverse/api/Dataverses.java
@@ -71,6 +71,7 @@
 import jakarta.servlet.http.HttpServletResponse;
 import jakarta.ws.rs.WebApplicationException;
 import jakarta.ws.rs.core.Context;
+import jakarta.ws.rs.core.HttpHeaders;
 import jakarta.ws.rs.core.StreamingOutput;
 import org.glassfish.jersey.media.multipart.FormDataBodyPart;
 import org.glassfish.jersey.media.multipart.FormDataContentDisposition;
@@ -1931,4 +1932,26 @@ public Response deleteFeaturedItems(@Context ContainerRequestContext crc, @PathP
             return e.getResponse();
         }
     }
+    
+    @GET
+    @AuthRequired
+    @Path("{identifier}/permissions/history")
+    @Produces({ MediaType.APPLICATION_JSON, "text/csv" })
+    public Response getRoleAssignmentHistory(@Context ContainerRequestContext crc,
+            @PathParam("identifier") String id,
+            @Context HttpHeaders headers) {
+        return response(req -> {
+            Dataverse dataverse = findDataverseOrDie(id);
+
+            // user is authenticated
+            AuthenticatedUser authenticatedUser = null;
+            try {
+                authenticatedUser = getRequestAuthenticatedUserOrDie(crc);
+            } catch (WrappedResponse ex) {
+                return error(Status.UNAUTHORIZED, "Authentication is required.");
+            }
+
+            return getRoleAssignmentHistoryResponse(dataverse, authenticatedUser, headers);
+        }, getRequestUser(crc));
+    }
 }
diff --git a/src/main/java/edu/harvard/iq/dataverse/api/Files.java b/src/main/java/edu/harvard/iq/dataverse/api/Files.java
index 61a69236f57..59470530047 100644
--- a/src/main/java/edu/harvard/iq/dataverse/api/Files.java
+++ b/src/main/java/edu/harvard/iq/dataverse/api/Files.java
@@ -60,6 +60,7 @@
 import jakarta.ws.rs.core.HttpHeaders;
 import jakarta.ws.rs.core.MediaType;
 import jakarta.ws.rs.core.Response;
+import jakarta.ws.rs.core.Response.Status;
 
 import static edu.harvard.iq.dataverse.util.json.JsonPrinter.jsonDT;
 import static jakarta.ws.rs.core.Response.Status.BAD_REQUEST;
@@ -1048,4 +1049,26 @@ public Response getFileVersionsList(@Context ContainerRequestContext crc, @PathP
             return ex.getResponse();
         }
     }
+    
+    @GET
+    @AuthRequired
+    @Path("{identifier}/permissions/history")
+    @Produces({ MediaType.APPLICATION_JSON, "text/csv" })
+    public Response getRoleAssignmentHistory(@Context ContainerRequestContext crc,
+            @PathParam("identifier") String id,
+            @Context HttpHeaders headers) {
+        return response(req -> {
+            DataFile dataFile = findDataFileOrDie(id);
+
+            // user is authenticated
+            AuthenticatedUser authenticatedUser = null;
+            try {
+                authenticatedUser = getRequestAuthenticatedUserOrDie(crc);
+            } catch (WrappedResponse ex) {
+                return error(Status.UNAUTHORIZED, "Authentication is required.");
+            }
+
+            return getRoleAssignmentHistoryResponse(dataFile, authenticatedUser, headers);
+        }, getRequestUser(crc));
+    }
 }

From 0989e35999f93a260a92a2fe2777cb5f3c67806b Mon Sep 17 00:00:00 2001
From: Jim Myers <qqmyers@hotmail.com>
Date: Thu, 17 Jul 2025 13:46:53 -0400
Subject: [PATCH 044/634] download csv buttons

---
 .../webapp/permissions-manage-files.xhtml     |  9 +++++++
 src/main/webapp/permissions-manage.xhtml      | 26 +++----------------
 .../webapp/resources/js/rahistory_utils.js    | 17 ++++++++++++
 3 files changed, 29 insertions(+), 23 deletions(-)
 create mode 100644 src/main/webapp/resources/js/rahistory_utils.js

diff --git a/src/main/webapp/permissions-manage-files.xhtml b/src/main/webapp/permissions-manage-files.xhtml
index 1a93527dfef..9aaf306532b 100644
--- a/src/main/webapp/permissions-manage-files.xhtml
+++ b/src/main/webapp/permissions-manage-files.xhtml
@@ -9,6 +9,7 @@
       xmlns:jsf="http://xmlns.jcp.org/jsf"
       xmlns:iqbs="http://xmlns.jcp.org/jsf/composite/iqbs">
     <h:head>
+        <h:outputScript library="js" name="rahistory_utils.js" />
     </h:head>
     <h:body>
         <f:metadata>
@@ -228,6 +229,14 @@
                       </div>
                       <div id="panelCollapseHistory" class="collapse">
                         <div class="panel-body">
+                        <!-- Download button for file permissions history -->
+                            <div class="button-group margin-bottom text-right">
+                                <h:outputLink value="#{request.contextPath}/api/files/#{manageFilePermissionsPage.dvObject.id}/permissions/history" 
+                                             styleClass="btn btn-default" 
+                                             onclick="downloadRAHistoryCSV(this.href, 'datafile_permissions_history.csv'); return false;">
+                                    <span class="glyphicon glyphicon-download"></span> #{bundle['dataverse.permissions.history.download']}
+                                </h:outputLink>
+                            </div>
                             <p:dataTable id="roleAssignmentHistory" widgetVar="roleAssignmentHistory" var="historyEntry" value="#{manageFilePermissionsPage.roleAssignmentHistory}" sortMode="multiple" paginator="true"
                                 rows="10" paginatorTemplate="{CurrentPageReport} {FirstPageLink} {PreviousPageLink} {PageLinks} {NextPageLink} {LastPageLink} {RowsPerPageDropdown}"
                                 rowsPerPageTemplate="5,10,15">
diff --git a/src/main/webapp/permissions-manage.xhtml b/src/main/webapp/permissions-manage.xhtml
index ef9d9345b32..a860f19bc07 100644
--- a/src/main/webapp/permissions-manage.xhtml
+++ b/src/main/webapp/permissions-manage.xhtml
@@ -8,6 +8,7 @@
       xmlns:o="http://omnifaces.org/ui"
       xmlns:iqbs="http://xmlns.jcp.org/jsf/composite/iqbs">
     <h:head>
+        <h:outputScript library="js" name="rahistory_utils.js" />
     </h:head>
 
     <h:body>
@@ -211,37 +212,16 @@
                                         <h:outputLink value="#{request.contextPath}/api/datasets/#{managePermissionsPage.dvObject.id}/permissions/history" 
                                                      styleClass="btn btn-default" 
                                                      rendered="#{managePermissionsPage.dvObject.instanceofDataset}"
-                                                     onclick="downloadCSV(this.href, 'dataset_permissions_history.csv'); return false;">
+                                                     onclick="downloadRAHistoryCSV(this.href, 'dataset_permissions_history.csv'); return false;">
                                             <span class="glyphicon glyphicon-download"></span> #{bundle['dataverse.permissions.history.download']}
                                         </h:outputLink>
                                         <h:outputLink value="#{request.contextPath}/api/dataverses/#{managePermissionsPage.dvObject.id}/permissions/history" 
                                                      styleClass="btn btn-default" 
                                                      rendered="#{managePermissionsPage.dvObject.instanceofDataverse}"
-                                                     onclick="downloadCSV(this.href, 'dataverse_permissions_history.csv'); return false;">
+                                                     onclick="downloadRAHistoryCSV(this.href, 'dataverse_permissions_history.csv'); return false;">
                                             <span class="glyphicon glyphicon-download"></span> #{bundle['dataverse.permissions.history.download']}
                                         </h:outputLink>
                                     </div>
-
-                                    <script type="text/javascript">
-                                        function downloadCSV(url, filename) {
-                                            var xhr = new XMLHttpRequest();
-                                            xhr.open('GET', url, true);
-                                            xhr.setRequestHeader('Accept', 'text/csv');
-                                            xhr.responseType = 'blob';
-                                            
-                                            xhr.onload = function() {
-                                                if (this.status === 200) {
-                                                    var blob = new Blob([this.response], {type: 'text/csv'});
-                                                    var link = document.createElement('a');
-                                                    link.href = window.URL.createObjectURL(blob);
-                                                    link.download = filename;
-                                                    link.click();
-                                                }
-                                            };
-                                            
-                                            xhr.send();
-                                        }
-                                    </script>
                                     <p:dataTable id="roleAssignmentHistory" widgetVar="roleAssignmentHistory" var="historyEntry" value="#{managePermissionsPage.roleAssignmentHistory}"
                                         sortMode="multiple" paginator="true" rows="10"
                                         paginatorTemplate="{CurrentPageReport} {FirstPageLink} {PreviousPageLink} {PageLinks} {NextPageLink} {LastPageLink} {RowsPerPageDropdown}"
diff --git a/src/main/webapp/resources/js/rahistory_utils.js b/src/main/webapp/resources/js/rahistory_utils.js
new file mode 100644
index 00000000000..af9fce889d3
--- /dev/null
+++ b/src/main/webapp/resources/js/rahistory_utils.js
@@ -0,0 +1,17 @@
+function downloadRAHistoryCSV(url, filename) {
+    fetch(url, {
+        headers: {
+            'Accept': 'text/csv'
+        }
+    })
+    .then(response => response.blob())
+    .then(blob => {
+        const link = document.createElement('a');
+        link.href = URL.createObjectURL(blob);
+        link.download = filename;
+        document.body.appendChild(link);
+        link.click();
+        document.body.removeChild(link);
+    })
+    .catch(error => console.error('Error downloading CSV:', error));
+}
\ No newline at end of file

From db6e94b32a3f66d1436f24e665b36af2666b5573 Mon Sep 17 00:00:00 2001
From: Jim Myers <qqmyers@hotmail.com>
Date: Thu, 17 Jul 2025 13:47:08 -0400
Subject: [PATCH 045/634] strings for csv headers and button

---
 src/main/java/propertyFiles/Bundle.properties | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/src/main/java/propertyFiles/Bundle.properties b/src/main/java/propertyFiles/Bundle.properties
index 10cf777daf5..93bb79ff491 100644
--- a/src/main/java/propertyFiles/Bundle.properties
+++ b/src/main/java/propertyFiles/Bundle.properties
@@ -1213,6 +1213,7 @@ dataverse.permissions.history.revokedBy=Revoked By
 dataverse.permissions.history.revokedAt=Revocation Date
 dataverse.permissions.history.definedOn=Defined On
 dataverse.permissions.history.files={0} Files
+dataverse.permissions.history.download=Download (CSV)
 # permissions-manage-files.xhtml
 dataverse.permissionsFiles.title=Restricted File Permissions
 dataverse.permissionsFiles.usersOrGroups=Users/Groups
@@ -3229,6 +3230,13 @@ updateDatasetFieldsCommand.api.processDatasetUpdate.parseError=Error parsing dat
 
 #AbstractApiBean.java
 abstractApiBean.error.datasetInternalVersionNumberIsOutdated=Dataset internal version number {0} is outdated
+# Role Assignment History (used in the AbstractApiBean)
+datasets.api.permissions.history.assignee=Assignee
+datasets.api.permissions.history.role=Role
+datasets.api.permissions.history.assignedBy=Assigned By
+datasets.api.permissions.history.assignedAt=Assigned At
+datasets.api.permissions.history.revokedBy=Revoked By
+datasets.api.permissions.history.revokedAt=Revoked At
 
 #RoleAssigneeServiceBean.java
 roleAssigneeServiceBean.error.dataverseRequestCannotBeNull=DataverseRequest cannot be null.
\ No newline at end of file

From 7e468f44bc3e743a06fdf9d1c1b9cc1b4504d358 Mon Sep 17 00:00:00 2001
From: Jim Myers <qqmyers@hotmail.com>
Date: Mon, 21 Jul 2025 17:24:21 -0400
Subject: [PATCH 046/634] try signed URLs for CSV buttons, fix files
 reporting/api

---
 .../dataverse/DataverseRoleServiceBean.java   |  2 +-
 .../dataverse/ManageFilePermissionsPage.java  | 44 +++++++++++++-
 .../iq/dataverse/ManagePermissionsPage.java   | 60 +++++++++++++++++++
 .../iq/dataverse/api/AbstractApiBean.java     | 26 +++++---
 .../harvard/iq/dataverse/api/Datasets.java    | 29 +++++----
 .../harvard/iq/dataverse/api/Dataverses.java  |  2 +-
 .../edu/harvard/iq/dataverse/api/Files.java   | 22 -------
 src/main/webapp/permissions-manage.xhtml      |  9 +--
 .../webapp/resources/js/rahistory_utils.js    | 24 +++++++-
 9 files changed, 165 insertions(+), 53 deletions(-)

diff --git a/src/main/java/edu/harvard/iq/dataverse/DataverseRoleServiceBean.java b/src/main/java/edu/harvard/iq/dataverse/DataverseRoleServiceBean.java
index 68fee4aacad..257985dc65a 100644
--- a/src/main/java/edu/harvard/iq/dataverse/DataverseRoleServiceBean.java
+++ b/src/main/java/edu/harvard/iq/dataverse/DataverseRoleServiceBean.java
@@ -393,7 +393,7 @@ public List<RoleAssignmentHistoryEntry> getRoleAssignmentHistory(Long definition
      * @param datasetId The ID of the dataset
      * @return List of role assignment history entries
      */
-    public List<RoleAssignmentHistoryEntry> getChildRoleAssignmentHistory(Long datasetId) {
+    public List<RoleAssignmentHistoryEntry> getFilesRoleAssignmentHistory(Long datasetId) {
         List<RoleAssignmentAudit> audits = em.createNamedQuery("RoleAssignmentAudit.findByOwnerId", RoleAssignmentAudit.class)
                 .setParameter("datasetId", datasetId)
                 .getResultList();
diff --git a/src/main/java/edu/harvard/iq/dataverse/ManageFilePermissionsPage.java b/src/main/java/edu/harvard/iq/dataverse/ManageFilePermissionsPage.java
index 1cd59bbdf57..574ea0a9664 100644
--- a/src/main/java/edu/harvard/iq/dataverse/ManageFilePermissionsPage.java
+++ b/src/main/java/edu/harvard/iq/dataverse/ManageFilePermissionsPage.java
@@ -15,14 +15,20 @@
 import edu.harvard.iq.dataverse.authorization.RoleAssigneeDisplayInfo;
 import edu.harvard.iq.dataverse.authorization.groups.GroupServiceBean;
 import edu.harvard.iq.dataverse.authorization.groups.impl.explicit.ExplicitGroupServiceBean;
+import edu.harvard.iq.dataverse.authorization.users.ApiToken;
 import edu.harvard.iq.dataverse.authorization.users.AuthenticatedUser;
+import edu.harvard.iq.dataverse.authorization.users.User;
 import edu.harvard.iq.dataverse.engine.command.exception.CommandException;
 import edu.harvard.iq.dataverse.engine.command.exception.PermissionException;
 import edu.harvard.iq.dataverse.engine.command.impl.AssignRoleCommand;
 import edu.harvard.iq.dataverse.engine.command.impl.RevokeRoleCommand;
+import edu.harvard.iq.dataverse.settings.JvmSettings;
 import edu.harvard.iq.dataverse.util.BundleUtil;
 import edu.harvard.iq.dataverse.util.DateUtil;
 import edu.harvard.iq.dataverse.util.JsfHelper;
+import edu.harvard.iq.dataverse.util.SystemConfig;
+import edu.harvard.iq.dataverse.util.UrlSignerUtil;
+
 import static edu.harvard.iq.dataverse.util.JsfHelper.JH;
 import java.sql.Timestamp;
 import java.util.*;
@@ -544,7 +550,7 @@ private boolean assignRole(RoleAssignee ra,  DataFile file, DataverseRole r) {
 
     public List<RoleAssignmentHistoryEntry> getRoleAssignmentHistory() {
         if (roleAssignmentHistory == null) {
-            roleAssignmentHistory = roleService.getChildRoleAssignmentHistory(dataset.getId());
+            roleAssignmentHistory = roleService.getFilesRoleAssignmentHistory(dataset.getId());
         }
         return roleAssignmentHistory;
     }
@@ -578,7 +584,43 @@ public void setRenderFileMessages(boolean renderFileMessages) {
         this.renderFileMessages = renderFileMessages;
     }
 
+    public String getsignedUrlForRAHistoryCsv() {
+        String apiPath = "/api/v1/datasets/" + dataset.getId() + "/files/permissions/history";
+        
+        try {
+            // Get the application URL from the system config
+            String baseUrl = SystemConfig.getDataverseSiteUrlStatic();
+            if (baseUrl.endsWith("/")) {
+                baseUrl = baseUrl.substring(0, baseUrl.length() - 1);
+            }
+            
+            // Construct the full URL
+            String fullApiPath = baseUrl + apiPath;
+            
+            // Generate a signed URL with the user's API token
+            User user = session.getUser();
+            String key = null;
+            if (user instanceof AuthenticatedUser) {
+                ApiToken apiToken = authenticationService.findApiTokenByUser((AuthenticatedUser) user);
+                if (apiToken != null && !apiToken.isExpired() && !apiToken.isDisabled()) {
+                    key = apiToken.getTokenString();
+                }
+            }
+            key = JvmSettings.API_SIGNING_SECRET.lookupOptional().orElse("") + key;
+            if(key.length() >= 36) {
+                return UrlSignerUtil.signUrl(fullApiPath, 10, user.getIdentifier(), "GET", key);
+            }
+        } catch (Exception e) {
+            logger.log(Level.SEVERE, "Error generating signed URL for permissions history CSV: " + e.getMessage(), e);
+            return null;
+        }
+        return null;
+    } 
+    public String getPermissionsHistoryFilename() {
+        // For datasets, replace colons in the PID with underscores
+        return dataset.getGlobalId().asString().replace(":", "_") + "_files_permissions_history.csv";
 
+    }
 
 
     // inner class used fordisplay of role assignments
diff --git a/src/main/java/edu/harvard/iq/dataverse/ManagePermissionsPage.java b/src/main/java/edu/harvard/iq/dataverse/ManagePermissionsPage.java
index 4fbf520154b..2a08b64fed6 100644
--- a/src/main/java/edu/harvard/iq/dataverse/ManagePermissionsPage.java
+++ b/src/main/java/edu/harvard/iq/dataverse/ManagePermissionsPage.java
@@ -11,17 +11,24 @@
 import edu.harvard.iq.dataverse.authorization.groups.impl.builtin.AuthenticatedUsers;
 import edu.harvard.iq.dataverse.authorization.groups.impl.explicit.ExplicitGroup;
 import edu.harvard.iq.dataverse.authorization.groups.impl.explicit.ExplicitGroupServiceBean;
+import edu.harvard.iq.dataverse.authorization.users.ApiToken;
 import edu.harvard.iq.dataverse.authorization.users.AuthenticatedUser;
+import edu.harvard.iq.dataverse.authorization.users.User;
 import edu.harvard.iq.dataverse.engine.command.exception.CommandException;
 import edu.harvard.iq.dataverse.engine.command.exception.PermissionException;
 import edu.harvard.iq.dataverse.engine.command.impl.AssignRoleCommand;
 import edu.harvard.iq.dataverse.engine.command.impl.CreateRoleCommand;
 import edu.harvard.iq.dataverse.engine.command.impl.RevokeRoleCommand;
 import edu.harvard.iq.dataverse.engine.command.impl.UpdateDataverseDefaultContributorRoleCommand;
+import edu.harvard.iq.dataverse.settings.JvmSettings;
 import edu.harvard.iq.dataverse.util.BundleUtil;
 import edu.harvard.iq.dataverse.util.JsfHelper;
 import static edu.harvard.iq.dataverse.util.JsfHelper.JH;
 import edu.harvard.iq.dataverse.util.StringUtil;
+import edu.harvard.iq.dataverse.util.SystemConfig;
+import edu.harvard.iq.dataverse.util.URLTokenUtil;
+import edu.harvard.iq.dataverse.util.UrlSignerUtil;
+
 import java.sql.Timestamp;
 import java.util.ArrayList;
 import java.util.Arrays;
@@ -688,6 +695,59 @@ public Boolean getRenderRoleMessages() {
     public void setRenderRoleMessages(Boolean renderRoleMessages) {
         this.renderRoleMessages = renderRoleMessages;
     }
+    
+    public String getsignedUrlForRAHistoryCsv() {
+        String apiPath;
+        
+        if (dvObject instanceof Dataverse dv) {
+            // For Dataverses, use the dataverses API endpoint with the alias
+            apiPath = "/api/v1/dataverses/" + dv.getAlias() + "/permissions/history";
+        } else if (dvObject instanceof Dataset) {
+            // For Datasets, use the datasets API endpoint with the ID
+            apiPath = "/api/v1/datasets/" + dvObject.getId() + "/permissions/history";
+        } else {
+            // For other types (like DataFile), return null or a default path
+            return null;
+        }
+        
+        try {
+            // Get the application URL from the system config
+            String baseUrl = SystemConfig.getDataverseSiteUrlStatic();
+            if (baseUrl.endsWith("/")) {
+                baseUrl = baseUrl.substring(0, baseUrl.length() - 1);
+            }
+            
+            // Construct the full URL
+            String fullApiPath = baseUrl + apiPath;
+            
+            // Generate a signed URL with the user's API token
+            User user = session.getUser();
+            String key = null;
+            if (user instanceof AuthenticatedUser) {
+                ApiToken apiToken = authenticationService.findApiTokenByUser((AuthenticatedUser) user);
+                if (apiToken != null && !apiToken.isExpired() && !apiToken.isDisabled()) {
+                    key = apiToken.getTokenString();
+                }
+            }
+            key = JvmSettings.API_SIGNING_SECRET.lookupOptional().orElse("") + key;
+            if(key.length() >= 36) {
+                return UrlSignerUtil.signUrl(fullApiPath, 10, user.getIdentifier(), "GET", key);
+            }
+        } catch (Exception e) {
+            logger.log(Level.SEVERE, "Error generating signed URL for permissions history CSV: " + e.getMessage(), e);
+            return null;
+        }
+        return null;
+    }
+    
+    public String getPermissionsHistoryFilename() {
+        if (dvObject instanceof Dataverse dv) {
+            return dv.getAlias() + "_permissions_history.csv";
+        } else {
+            // For datasets, replace colons in the PID with underscores
+            return dvObject.getGlobalId().asString().replace(":", "_") + "_permissions_history.csv";
+        }
+    }
 
     // inner class used for display of role assignments
     public static class RoleAssignmentRow {
diff --git a/src/main/java/edu/harvard/iq/dataverse/api/AbstractApiBean.java b/src/main/java/edu/harvard/iq/dataverse/api/AbstractApiBean.java
index a6562b7c1d9..afbd82dedc2 100644
--- a/src/main/java/edu/harvard/iq/dataverse/api/AbstractApiBean.java
+++ b/src/main/java/edu/harvard/iq/dataverse/api/AbstractApiBean.java
@@ -654,14 +654,22 @@ protected DatasetFieldType findDatasetFieldType(String idtf) throws NumberFormat
      * @param headers HTTP headers from the request (for content negotiation)
      * @return Response containing history in JSON or CSV format
      */
-    protected Response getRoleAssignmentHistoryResponse(DvObject dvObject, AuthenticatedUser authenticatedUser, HttpHeaders headers) {
+    protected Response getRoleAssignmentHistoryResponse(DvObject dvObject, AuthenticatedUser authenticatedUser, boolean forFiles, HttpHeaders headers) {
         // Check if the user has permission to manage permissions for this object
         if (!permissionSvc.userOn(authenticatedUser, dvObject).has(Permission.ManageDatasetPermissions)) {
             return error(Status.FORBIDDEN, "You do not have permission to view the role assignment history for this " + dvObject.getClass().getSimpleName().toLowerCase());
         }
 
         // Get the role assignment history
-        List<DataverseRoleServiceBean.RoleAssignmentHistoryEntry> history = rolesSvc.getRoleAssignmentHistory(dvObject.getId());
+        List<DataverseRoleServiceBean.RoleAssignmentHistoryEntry> history = null;
+        String definitionPoint;
+        if (forFiles == false) {
+            history = rolesSvc.getRoleAssignmentHistory(dvObject.getId());
+            definitionPoint = BundleUtil.getStringFromBundle("datasets.api.permissions.history.definitionPoint");
+        } else {
+            history = rolesSvc.getFilesRoleAssignmentHistory(dvObject.getId());
+            definitionPoint = BundleUtil.getStringFromBundle("datasets.api.permissions.history.definitionPoints");
+        }
 
         List<MediaType> acceptedTypes = headers.getAcceptableMediaTypes();
         boolean wantCSV = acceptedTypes.stream()
@@ -678,7 +686,9 @@ protected Response getRoleAssignmentHistoryResponse(DvObject dvObject, Authentic
             // Generate CSV response
             StringBuilder csvBuilder = new StringBuilder();
             // Add CSV header with internationalized column names
-            csvBuilder.append(assigneeHeader).append(",")
+                csvBuilder
+                    .append(definitionPoint).append(",")
+                    .append(assigneeHeader).append(",")
                     .append(roleHeader).append(",")
                     .append(assignedByHeader).append(",")
                     .append(assignedAtHeader).append(",")
@@ -687,10 +697,11 @@ protected Response getRoleAssignmentHistoryResponse(DvObject dvObject, Authentic
 
             // Add data rows
             for (DataverseRoleServiceBean.RoleAssignmentHistoryEntry entry : history) {
-                csvBuilder.append(entry.getAssigneeIdentifier()).append(",");
-                csvBuilder.append(entry.getRoleName()).append(",");
-                csvBuilder.append(entry.getAssignedBy()).append(",");
-                csvBuilder.append(entry.getAssignedAt().toString()).append(",");
+                csvBuilder.append(entry.getDefinitionPointIdsAsString()).append(",")
+                    .append(entry.getAssigneeIdentifier()).append(",")
+                    .append(entry.getRoleName()).append(",")
+                    .append(entry.getAssignedBy()).append(",")
+                    .append(entry.getAssignedAt().toString()).append(",");
 
                 // Handle nullable fields
                 csvBuilder.append(entry.getRevokedBy() != null ? entry.getRevokedBy() : "").append(",");
@@ -710,6 +721,7 @@ protected Response getRoleAssignmentHistoryResponse(DvObject dvObject, Authentic
         JsonArrayBuilder jsonArray = Json.createArrayBuilder();
         for (DataverseRoleServiceBean.RoleAssignmentHistoryEntry entry : history) {
             JsonObjectBuilder job = Json.createObjectBuilder()
+                    .add(definitionPoint, entry.getDefinitionPointIdsAsString())
                     .add("assigneeIdentifier", entry.getAssigneeIdentifier())
                     .add("roleName", entry.getRoleName())
                     .add("assignedBy", entry.getAssignedBy())
diff --git a/src/main/java/edu/harvard/iq/dataverse/api/Datasets.java b/src/main/java/edu/harvard/iq/dataverse/api/Datasets.java
index e657ac02175..e2b8c7f5c80 100644
--- a/src/main/java/edu/harvard/iq/dataverse/api/Datasets.java
+++ b/src/main/java/edu/harvard/iq/dataverse/api/Datasets.java
@@ -5,6 +5,7 @@
 import edu.harvard.iq.dataverse.DatasetVersion.VersionState;
 import edu.harvard.iq.dataverse.DataverseRoleServiceBean.RoleAssignmentHistoryEntry;
 import edu.harvard.iq.dataverse.actionlogging.ActionLogRecord;
+import edu.harvard.iq.dataverse.api.AbstractApiBean.WrappedResponse;
 import edu.harvard.iq.dataverse.api.auth.AuthRequired;
 import edu.harvard.iq.dataverse.api.dto.RoleAssignmentDTO;
 import edu.harvard.iq.dataverse.authorization.AuthenticationServiceBean;
@@ -5985,23 +5986,31 @@ public Response deleteVersionNote(@Context ContainerRequestContext crc, @PathPar
     @GET
     @AuthRequired
     @Path("{identifier}/permissions/history")
+    public Response getRoleAssignmentHistory(@Context ContainerRequestContext crc, @PathParam("identifier") String id, @Context HttpHeaders headers) {
+        return response(req -> {
+            Dataset dataset = findDatasetOrDie(id);
+            
+            // user is authenticated
+            AuthenticatedUser authenticatedUser = getRequestAuthenticatedUserOrDie(crc);
+
+            return getRoleAssignmentHistoryResponse(dataset, authenticatedUser, false, headers);
+        }, getRequestUser(crc));
+    }
+
+    @GET
+    @AuthRequired
+    @Path("{identifier}/files/permissions/history")
     @Produces({ MediaType.APPLICATION_JSON, "text/csv" })
-    public Response getRoleAssignmentHistory(@Context ContainerRequestContext crc,
+    public Response getFilesRoleAssignmentHistory(@Context ContainerRequestContext crc,
             @PathParam("identifier") String id,
             @Context HttpHeaders headers) {
         return response(req -> {
             Dataset dataset = findDatasetOrDie(id);
-
+            
             // user is authenticated
-            AuthenticatedUser authenticatedUser = null;
-            try {
-                authenticatedUser = getRequestAuthenticatedUserOrDie(crc);
-            } catch (WrappedResponse ex) {
-                return error(Status.UNAUTHORIZED, "Authentication is required.");
-            }
+            AuthenticatedUser authenticatedUser = getRequestAuthenticatedUserOrDie(crc);
 
-            return getRoleAssignmentHistoryResponse(dataset, authenticatedUser, headers);
+            return getRoleAssignmentHistoryResponse(dataset, authenticatedUser, true, headers);
         }, getRequestUser(crc));
     }
-
 }
diff --git a/src/main/java/edu/harvard/iq/dataverse/api/Dataverses.java b/src/main/java/edu/harvard/iq/dataverse/api/Dataverses.java
index cc850dee1f4..0747dd1b994 100644
--- a/src/main/java/edu/harvard/iq/dataverse/api/Dataverses.java
+++ b/src/main/java/edu/harvard/iq/dataverse/api/Dataverses.java
@@ -1951,7 +1951,7 @@ public Response getRoleAssignmentHistory(@Context ContainerRequestContext crc,
                 return error(Status.UNAUTHORIZED, "Authentication is required.");
             }
 
-            return getRoleAssignmentHistoryResponse(dataverse, authenticatedUser, headers);
+            return getRoleAssignmentHistoryResponse(dataverse, authenticatedUser, false, headers);
         }, getRequestUser(crc));
     }
 }
diff --git a/src/main/java/edu/harvard/iq/dataverse/api/Files.java b/src/main/java/edu/harvard/iq/dataverse/api/Files.java
index 59470530047..779f043fb7c 100644
--- a/src/main/java/edu/harvard/iq/dataverse/api/Files.java
+++ b/src/main/java/edu/harvard/iq/dataverse/api/Files.java
@@ -1049,26 +1049,4 @@ public Response getFileVersionsList(@Context ContainerRequestContext crc, @PathP
             return ex.getResponse();
         }
     }
-    
-    @GET
-    @AuthRequired
-    @Path("{identifier}/permissions/history")
-    @Produces({ MediaType.APPLICATION_JSON, "text/csv" })
-    public Response getRoleAssignmentHistory(@Context ContainerRequestContext crc,
-            @PathParam("identifier") String id,
-            @Context HttpHeaders headers) {
-        return response(req -> {
-            DataFile dataFile = findDataFileOrDie(id);
-
-            // user is authenticated
-            AuthenticatedUser authenticatedUser = null;
-            try {
-                authenticatedUser = getRequestAuthenticatedUserOrDie(crc);
-            } catch (WrappedResponse ex) {
-                return error(Status.UNAUTHORIZED, "Authentication is required.");
-            }
-
-            return getRoleAssignmentHistoryResponse(dataFile, authenticatedUser, headers);
-        }, getRequestUser(crc));
-    }
 }
diff --git a/src/main/webapp/permissions-manage.xhtml b/src/main/webapp/permissions-manage.xhtml
index a860f19bc07..ee8bd263f2e 100644
--- a/src/main/webapp/permissions-manage.xhtml
+++ b/src/main/webapp/permissions-manage.xhtml
@@ -209,18 +209,11 @@
                             <p:panel id="historyPanel" deferred="true" deferredMode="visible">
                                 <div class="panel-body">
                                     <div class="button-group margin-bottom text-right">
-                                        <h:outputLink value="#{request.contextPath}/api/datasets/#{managePermissionsPage.dvObject.id}/permissions/history" 
+                                        <h:outputLink value="#{managePermissionsPage.signedUrlForRAHistoryCsv}" 
                                                      styleClass="btn btn-default" 
-                                                     rendered="#{managePermissionsPage.dvObject.instanceofDataset}"
                                                      onclick="downloadRAHistoryCSV(this.href, 'dataset_permissions_history.csv'); return false;">
                                             <span class="glyphicon glyphicon-download"></span> #{bundle['dataverse.permissions.history.download']}
                                         </h:outputLink>
-                                        <h:outputLink value="#{request.contextPath}/api/dataverses/#{managePermissionsPage.dvObject.id}/permissions/history" 
-                                                     styleClass="btn btn-default" 
-                                                     rendered="#{managePermissionsPage.dvObject.instanceofDataverse}"
-                                                     onclick="downloadRAHistoryCSV(this.href, 'dataverse_permissions_history.csv'); return false;">
-                                            <span class="glyphicon glyphicon-download"></span> #{bundle['dataverse.permissions.history.download']}
-                                        </h:outputLink>
                                     </div>
                                     <p:dataTable id="roleAssignmentHistory" widgetVar="roleAssignmentHistory" var="historyEntry" value="#{managePermissionsPage.roleAssignmentHistory}"
                                         sortMode="multiple" paginator="true" rows="10"
diff --git a/src/main/webapp/resources/js/rahistory_utils.js b/src/main/webapp/resources/js/rahistory_utils.js
index af9fce889d3..ca4804e9f98 100644
--- a/src/main/webapp/resources/js/rahistory_utils.js
+++ b/src/main/webapp/resources/js/rahistory_utils.js
@@ -1,17 +1,35 @@
 function downloadRAHistoryCSV(url, filename) {
+    // Check if URL is null or undefined
+    if (!url) {
+        console.error('Error: Cannot download CSV - URL is null or undefined');
+        // Display an error message to the user
+        alert('Cannot download permissions history. The URL is not available.');
+        return;
+    }
+    
     fetch(url, {
         headers: {
             'Accept': 'text/csv'
         }
     })
-    .then(response => response.blob())
+    .then(response => {
+        // Check if response is ok (status in the range 200-299)
+        if (!response.ok) {
+            throw new Error('Network response was not ok: ' + response.status);
+        }
+        return response.blob();
+    })
     .then(blob => {
         const link = document.createElement('a');
         link.href = URL.createObjectURL(blob);
-        link.download = filename;
+        link.download = filename || 'permissions_history.csv'; // Provide default filename if none provided
         document.body.appendChild(link);
         link.click();
         document.body.removeChild(link);
     })
-    .catch(error => console.error('Error downloading CSV:', error));
+    .catch(error => {
+        console.error('Error downloading CSV:', error);
+        // Display a user-friendly error message
+        alert('Failed to download permissions history. Please try again later.');
+    });
 }
\ No newline at end of file

From 13ac931ef0c6ea99816a47acb1880b8757768507 Mon Sep 17 00:00:00 2001
From: Jim Myers <qqmyers@hotmail.com>
Date: Wed, 23 Jul 2025 18:31:41 -0400
Subject: [PATCH 047/634] use getUserIdentifier()

---
 .../edu/harvard/iq/dataverse/ManagePermissionsPage.java  | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

diff --git a/src/main/java/edu/harvard/iq/dataverse/ManagePermissionsPage.java b/src/main/java/edu/harvard/iq/dataverse/ManagePermissionsPage.java
index 2a08b64fed6..2a6d2b024a8 100644
--- a/src/main/java/edu/harvard/iq/dataverse/ManagePermissionsPage.java
+++ b/src/main/java/edu/harvard/iq/dataverse/ManagePermissionsPage.java
@@ -723,15 +723,18 @@ public String getsignedUrlForRAHistoryCsv() {
             // Generate a signed URL with the user's API token
             User user = session.getUser();
             String key = null;
-            if (user instanceof AuthenticatedUser) {
-                ApiToken apiToken = authenticationService.findApiTokenByUser((AuthenticatedUser) user);
+            String userId=null;
+            if (user instanceof AuthenticatedUser aUser) {
+                userId = aUser.getUserIdentifier();
+                ApiToken apiToken = authenticationService.findApiTokenByUser(aUser);
+                
                 if (apiToken != null && !apiToken.isExpired() && !apiToken.isDisabled()) {
                     key = apiToken.getTokenString();
                 }
             }
             key = JvmSettings.API_SIGNING_SECRET.lookupOptional().orElse("") + key;
             if(key.length() >= 36) {
-                return UrlSignerUtil.signUrl(fullApiPath, 10, user.getIdentifier(), "GET", key);
+                return UrlSignerUtil.signUrl(fullApiPath, 10, userId, "GET", key);
             }
         } catch (Exception e) {
             logger.log(Level.SEVERE, "Error generating signed URL for permissions history CSV: " + e.getMessage(), e);

From 7ed23bf632ab903234b15e055e94c74b5d552089 Mon Sep 17 00:00:00 2001
From: Jim Myers <qqmyers@hotmail.com>
Date: Thu, 24 Jul 2025 10:32:24 -0400
Subject: [PATCH 048/634] add missing strings

---
 src/main/java/propertyFiles/Bundle.properties | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/src/main/java/propertyFiles/Bundle.properties b/src/main/java/propertyFiles/Bundle.properties
index 8d65b3b0689..6caabb3c818 100644
--- a/src/main/java/propertyFiles/Bundle.properties
+++ b/src/main/java/propertyFiles/Bundle.properties
@@ -3232,6 +3232,8 @@ updateDatasetFieldsCommand.api.processDatasetUpdate.parseError=Error parsing dat
 #AbstractApiBean.java
 abstractApiBean.error.datasetInternalVersionNumberIsOutdated=Dataset internal version number {0} is outdated
 # Role Assignment History (used in the AbstractApiBean)
+datasets.api.permissions.history.definitionPoint=Definition Point
+datasets.api.permissions.history.definitionPoints=Definition Points
 datasets.api.permissions.history.assignee=Assignee
 datasets.api.permissions.history.role=Role
 datasets.api.permissions.history.assignedBy=Assigned By

From 94235c7b826cdc88be6f4f3f6e1ebdbfd87b6f9f Mon Sep 17 00:00:00 2001
From: Jim Myers <qqmyers@hotmail.com>
Date: Thu, 24 Jul 2025 10:32:50 -0400
Subject: [PATCH 049/634] update files page, use new filenames

---
 src/main/webapp/permissions-manage-files.xhtml | 6 +++---
 src/main/webapp/permissions-manage.xhtml       | 2 +-
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/src/main/webapp/permissions-manage-files.xhtml b/src/main/webapp/permissions-manage-files.xhtml
index 9aaf306532b..1572d5c703a 100644
--- a/src/main/webapp/permissions-manage-files.xhtml
+++ b/src/main/webapp/permissions-manage-files.xhtml
@@ -229,11 +229,11 @@
                       </div>
                       <div id="panelCollapseHistory" class="collapse">
                         <div class="panel-body">
-                        <!-- Download button for file permissions history -->
+                            <!-- Download button for file permissions history -->
                             <div class="button-group margin-bottom text-right">
-                                <h:outputLink value="#{request.contextPath}/api/files/#{manageFilePermissionsPage.dvObject.id}/permissions/history" 
+                                <h:outputLink value="#{manageFilePermissionsPage.signedUrlForRAHistoryCsv}" 
                                              styleClass="btn btn-default" 
-                                             onclick="downloadRAHistoryCSV(this.href, 'datafile_permissions_history.csv'); return false;">
+                                             onclick="downloadRAHistoryCSV(this.href, '#{manageFilePermissionsPage.permissionsHistoryFilename}'); return false;">
                                     <span class="glyphicon glyphicon-download"></span> #{bundle['dataverse.permissions.history.download']}
                                 </h:outputLink>
                             </div>
diff --git a/src/main/webapp/permissions-manage.xhtml b/src/main/webapp/permissions-manage.xhtml
index ee8bd263f2e..a47820e0b90 100644
--- a/src/main/webapp/permissions-manage.xhtml
+++ b/src/main/webapp/permissions-manage.xhtml
@@ -211,7 +211,7 @@
                                     <div class="button-group margin-bottom text-right">
                                         <h:outputLink value="#{managePermissionsPage.signedUrlForRAHistoryCsv}" 
                                                      styleClass="btn btn-default" 
-                                                     onclick="downloadRAHistoryCSV(this.href, 'dataset_permissions_history.csv'); return false;">
+                                                     onclick="downloadRAHistoryCSV(this.href, '#{managePermissionsPage.permissionsHistoryFilename}'); return false;">
                                             <span class="glyphicon glyphicon-download"></span> #{bundle['dataverse.permissions.history.download']}
                                         </h:outputLink>
                                     </div>

From aad80c4270722dff9529e60501556506386d715a Mon Sep 17 00:00:00 2001
From: Jim Myers <qqmyers@hotmail.com>
Date: Thu, 24 Jul 2025 10:46:44 -0400
Subject: [PATCH 050/634] fix file url generation - authUser

---
 .../harvard/iq/dataverse/ManageFilePermissionsPage.java   | 8 +++++---
 .../edu/harvard/iq/dataverse/ManagePermissionsPage.java   | 6 +++---
 2 files changed, 8 insertions(+), 6 deletions(-)

diff --git a/src/main/java/edu/harvard/iq/dataverse/ManageFilePermissionsPage.java b/src/main/java/edu/harvard/iq/dataverse/ManageFilePermissionsPage.java
index 574ea0a9664..a571f798060 100644
--- a/src/main/java/edu/harvard/iq/dataverse/ManageFilePermissionsPage.java
+++ b/src/main/java/edu/harvard/iq/dataverse/ManageFilePermissionsPage.java
@@ -600,15 +600,17 @@ public String getsignedUrlForRAHistoryCsv() {
             // Generate a signed URL with the user's API token
             User user = session.getUser();
             String key = null;
-            if (user instanceof AuthenticatedUser) {
-                ApiToken apiToken = authenticationService.findApiTokenByUser((AuthenticatedUser) user);
+            String userId=null;
+            if (user instanceof AuthenticatedUser authUser) {
+                userId = authUser.getUserIdentifier();
+                ApiToken apiToken = authenticationService.findApiTokenByUser(authUser);
                 if (apiToken != null && !apiToken.isExpired() && !apiToken.isDisabled()) {
                     key = apiToken.getTokenString();
                 }
             }
             key = JvmSettings.API_SIGNING_SECRET.lookupOptional().orElse("") + key;
             if(key.length() >= 36) {
-                return UrlSignerUtil.signUrl(fullApiPath, 10, user.getIdentifier(), "GET", key);
+                return UrlSignerUtil.signUrl(fullApiPath, 10, userId, "GET", key);
             }
         } catch (Exception e) {
             logger.log(Level.SEVERE, "Error generating signed URL for permissions history CSV: " + e.getMessage(), e);
diff --git a/src/main/java/edu/harvard/iq/dataverse/ManagePermissionsPage.java b/src/main/java/edu/harvard/iq/dataverse/ManagePermissionsPage.java
index 2a6d2b024a8..ed1665f4208 100644
--- a/src/main/java/edu/harvard/iq/dataverse/ManagePermissionsPage.java
+++ b/src/main/java/edu/harvard/iq/dataverse/ManagePermissionsPage.java
@@ -724,9 +724,9 @@ public String getsignedUrlForRAHistoryCsv() {
             User user = session.getUser();
             String key = null;
             String userId=null;
-            if (user instanceof AuthenticatedUser aUser) {
-                userId = aUser.getUserIdentifier();
-                ApiToken apiToken = authenticationService.findApiTokenByUser(aUser);
+            if (user instanceof AuthenticatedUser authUser) {
+                userId = authUser.getUserIdentifier();
+                ApiToken apiToken = authenticationService.findApiTokenByUser(authUser);
                 
                 if (apiToken != null && !apiToken.isExpired() && !apiToken.isDisabled()) {
                     key = apiToken.getTokenString();

From 233f3e476e401cb779d798a07c3a66eac98702e7 Mon Sep 17 00:00:00 2001
From: Jim Myers <qqmyers@hotmail.com>
Date: Thu, 24 Jul 2025 13:43:59 -0400
Subject: [PATCH 051/634] add produces annotation

---
 src/main/java/edu/harvard/iq/dataverse/api/Datasets.java | 1 +
 1 file changed, 1 insertion(+)

diff --git a/src/main/java/edu/harvard/iq/dataverse/api/Datasets.java b/src/main/java/edu/harvard/iq/dataverse/api/Datasets.java
index e2b8c7f5c80..9054dda4d58 100644
--- a/src/main/java/edu/harvard/iq/dataverse/api/Datasets.java
+++ b/src/main/java/edu/harvard/iq/dataverse/api/Datasets.java
@@ -5986,6 +5986,7 @@ public Response deleteVersionNote(@Context ContainerRequestContext crc, @PathPar
     @GET
     @AuthRequired
     @Path("{identifier}/permissions/history")
+    @Produces({ MediaType.APPLICATION_JSON, "text/csv" })
     public Response getRoleAssignmentHistory(@Context ContainerRequestContext crc, @PathParam("identifier") String id, @Context HttpHeaders headers) {
         return response(req -> {
             Dataset dataset = findDatasetOrDie(id);

From c0897a9d1b2a4a5b90ea601bfba2375574d0f970 Mon Sep 17 00:00:00 2001
From: Jim Myers <qqmyers@hotmail.com>
Date: Thu, 24 Jul 2025 14:36:10 -0400
Subject: [PATCH 052/634] move script to end of body

---
 src/main/webapp/permissions-manage-files.xhtml | 5 ++---
 src/main/webapp/permissions-manage.xhtml       | 4 +---
 2 files changed, 3 insertions(+), 6 deletions(-)

diff --git a/src/main/webapp/permissions-manage-files.xhtml b/src/main/webapp/permissions-manage-files.xhtml
index 1572d5c703a..80e0a4eb1d3 100644
--- a/src/main/webapp/permissions-manage-files.xhtml
+++ b/src/main/webapp/permissions-manage-files.xhtml
@@ -8,9 +8,7 @@
       xmlns:o="http://omnifaces.org/ui"
       xmlns:jsf="http://xmlns.jcp.org/jsf"
       xmlns:iqbs="http://xmlns.jcp.org/jsf/composite/iqbs">
-    <h:head>
-        <h:outputScript library="js" name="rahistory_utils.js" />
-    </h:head>
+    
     <h:body>
         <f:metadata>
             <f:viewParam name="id" value="#{manageFilePermissionsPage.dataset.id}"/>
@@ -434,6 +432,7 @@
                         </div>
                     </p:dialog>
                 </h:form>
+                <script src="#{resource['js/rahistory_utils.js']}?version=#{settingsWrapper.appVersion}"></script>
             </ui:define>
         </ui:composition>
     </h:body>
diff --git a/src/main/webapp/permissions-manage.xhtml b/src/main/webapp/permissions-manage.xhtml
index a47820e0b90..354b963be6c 100644
--- a/src/main/webapp/permissions-manage.xhtml
+++ b/src/main/webapp/permissions-manage.xhtml
@@ -7,9 +7,6 @@
       xmlns:c="http://java.sun.com/jsp/jstl/core"
       xmlns:o="http://omnifaces.org/ui"
       xmlns:iqbs="http://xmlns.jcp.org/jsf/composite/iqbs">
-    <h:head>
-        <h:outputScript library="js" name="rahistory_utils.js" />
-    </h:head>
 
     <h:body>
         <f:metadata>
@@ -283,6 +280,7 @@
                         </div>
                     </p:dialog>
                 </h:form>
+                <script src="#{resource['js/rahistory_utils.js']}?version=#{settingsWrapper.appVersion}"></script>
             </ui:define>
         </ui:composition>
     </h:body>

From 59c0680a8848d892494d98107ba3aec8e13d685d Mon Sep 17 00:00:00 2001
From: Jim Myers <qqmyers@hotmail.com>
Date: Thu, 24 Jul 2025 14:36:26 -0400
Subject: [PATCH 053/634] handle commas w/multiple def pts

---
 .../java/edu/harvard/iq/dataverse/api/AbstractApiBean.java   | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/src/main/java/edu/harvard/iq/dataverse/api/AbstractApiBean.java b/src/main/java/edu/harvard/iq/dataverse/api/AbstractApiBean.java
index afbd82dedc2..8cdca1956d2 100644
--- a/src/main/java/edu/harvard/iq/dataverse/api/AbstractApiBean.java
+++ b/src/main/java/edu/harvard/iq/dataverse/api/AbstractApiBean.java
@@ -697,6 +697,11 @@ protected Response getRoleAssignmentHistoryResponse(DvObject dvObject, Authentic
 
             // Add data rows
             for (DataverseRoleServiceBean.RoleAssignmentHistoryEntry entry : history) {
+                String definitionPointIds = entry.getDefinitionPointIdsAsString();
+                // Handle multiple comma-separated values in definitionPointIds column
+                if(definitionPointIds.contains(",")) {
+                    definitionPointIds = "\"" + definitionPointIds + "\"";
+                }
                 csvBuilder.append(entry.getDefinitionPointIdsAsString()).append(",")
                     .append(entry.getAssigneeIdentifier()).append(",")
                     .append(entry.getRoleName()).append(",")

From c16730747d3f7d554bc1bcb63032e1d241741ec5 Mon Sep 17 00:00:00 2001
From: Jim Myers <qqmyers@hotmail.com>
Date: Thu, 24 Jul 2025 15:00:23 -0400
Subject: [PATCH 054/634] reuse strings

---
 .../iq/dataverse/api/AbstractApiBean.java     | 21 +++++++++----------
 src/main/java/propertyFiles/Bundle.properties |  9 --------
 2 files changed, 10 insertions(+), 20 deletions(-)

diff --git a/src/main/java/edu/harvard/iq/dataverse/api/AbstractApiBean.java b/src/main/java/edu/harvard/iq/dataverse/api/AbstractApiBean.java
index e45598ebc6e..9f8a9e77c94 100644
--- a/src/main/java/edu/harvard/iq/dataverse/api/AbstractApiBean.java
+++ b/src/main/java/edu/harvard/iq/dataverse/api/AbstractApiBean.java
@@ -676,13 +676,10 @@ protected Response getRoleAssignmentHistoryResponse(DvObject dvObject, Authentic
 
         // Get the role assignment history
         List<DataverseRoleServiceBean.RoleAssignmentHistoryEntry> history = null;
-        String definitionPoint;
         if (forFiles == false) {
             history = rolesSvc.getRoleAssignmentHistory(dvObject.getId());
-            definitionPoint = BundleUtil.getStringFromBundle("datasets.api.permissions.history.definitionPoint");
         } else {
             history = rolesSvc.getFilesRoleAssignmentHistory(dvObject.getId());
-            definitionPoint = BundleUtil.getStringFromBundle("datasets.api.permissions.history.definitionPoints");
         }
 
         List<MediaType> acceptedTypes = headers.getAcceptableMediaTypes();
@@ -690,18 +687,20 @@ protected Response getRoleAssignmentHistoryResponse(DvObject dvObject, Authentic
                 .anyMatch(mt -> mt.toString().equals("text/csv"));
 
         if (wantCSV) {
-            String assigneeHeader = BundleUtil.getStringFromBundle("datasets.api.permissions.history.assignee");
-            String roleHeader = BundleUtil.getStringFromBundle("datasets.api.permissions.history.role");
-            String assignedByHeader = BundleUtil.getStringFromBundle("datasets.api.permissions.history.assignedBy");
-            String assignedAtHeader = BundleUtil.getStringFromBundle("datasets.api.permissions.history.assignedAt");
-            String revokedByHeader = BundleUtil.getStringFromBundle("datasets.api.permissions.history.revokedBy");
-            String revokedAtHeader = BundleUtil.getStringFromBundle("datasets.api.permissions.history.revokedAt");
+            //Reusing strings from history panel
+            String definedOn = BundleUtil.getStringFromBundle("dataverse.permissions.history.definedOn");
+            String assigneeHeader = BundleUtil.getStringFromBundle("dataverse.permissions.history.assignee");
+            String roleHeader = BundleUtil.getStringFromBundle("dataverse.permissions.history.role");
+            String assignedByHeader = BundleUtil.getStringFromBundle("dataverse.permissions.history.assignedBy");
+            String assignedAtHeader = BundleUtil.getStringFromBundle("dataverse.permissions.history.assignedAt");
+            String revokedByHeader = BundleUtil.getStringFromBundle("dataverse.permissions.history.revokedBy");
+            String revokedAtHeader = BundleUtil.getStringFromBundle("dataverse.permissions.history.revokedAt");
 
             // Generate CSV response
             StringBuilder csvBuilder = new StringBuilder();
             // Add CSV header with internationalized column names
                 csvBuilder
-                    .append(definitionPoint).append(",")
+                    .append(definedOn).append(",")
                     .append(assigneeHeader).append(",")
                     .append(roleHeader).append(",")
                     .append(assignedByHeader).append(",")
@@ -740,7 +739,7 @@ protected Response getRoleAssignmentHistoryResponse(DvObject dvObject, Authentic
         JsonArrayBuilder jsonArray = Json.createArrayBuilder();
         for (DataverseRoleServiceBean.RoleAssignmentHistoryEntry entry : history) {
             JsonObjectBuilder job = Json.createObjectBuilder()
-                    .add(definitionPoint, entry.getDefinitionPointIdsAsString())
+                    .add("definedOn", entry.getDefinitionPointIdsAsString())
                     .add("assigneeIdentifier", entry.getAssigneeIdentifier())
                     .add("roleName", entry.getRoleName())
                     .add("assignedBy", entry.getAssignedBy())
diff --git a/src/main/java/propertyFiles/Bundle.properties b/src/main/java/propertyFiles/Bundle.properties
index 381ba878844..ede0bbb8f8a 100644
--- a/src/main/java/propertyFiles/Bundle.properties
+++ b/src/main/java/propertyFiles/Bundle.properties
@@ -3232,15 +3232,6 @@ datasetFieldValidator.error.emptyRequiredSingleValueForField=Empty required valu
 updateDatasetFieldsCommand.api.processDatasetUpdate.parseError=Error parsing dataset update: {0}
 
 #AbstractApiBean.java
-# Role Assignment History (used in the AbstractApiBean)
-datasets.api.permissions.history.definitionPoint=Definition Point
-datasets.api.permissions.history.definitionPoints=Definition Points
-datasets.api.permissions.history.assignee=Assignee
-datasets.api.permissions.history.role=Role
-datasets.api.permissions.history.assignedBy=Assigned By
-datasets.api.permissions.history.assignedAt=Assigned At
-datasets.api.permissions.history.revokedBy=Revoked By
-datasets.api.permissions.history.revokedAt=Revoked At
 abstractApiBean.error.internalVersionTimestampIsOutdated=Internal version timestamp {0} is outdated
 
 #RoleAssigneeServiceBean.java

From f10dcbbc4e0385dc93cb5d4283867f5b16ce68c8 Mon Sep 17 00:00:00 2001
From: Jim Myers <qqmyers@hotmail.com>
Date: Thu, 24 Jul 2025 17:10:36 -0400
Subject: [PATCH 055/634] handle missing assignment info

---
 .../iq/dataverse/api/AbstractApiBean.java     | 29 ++++++++++++-------
 1 file changed, 18 insertions(+), 11 deletions(-)

diff --git a/src/main/java/edu/harvard/iq/dataverse/api/AbstractApiBean.java b/src/main/java/edu/harvard/iq/dataverse/api/AbstractApiBean.java
index 9f8a9e77c94..a9bb064f487 100644
--- a/src/main/java/edu/harvard/iq/dataverse/api/AbstractApiBean.java
+++ b/src/main/java/edu/harvard/iq/dataverse/api/AbstractApiBean.java
@@ -718,13 +718,11 @@ protected Response getRoleAssignmentHistoryResponse(DvObject dvObject, Authentic
                 csvBuilder.append(entry.getDefinitionPointIdsAsString()).append(",")
                     .append(entry.getAssigneeIdentifier()).append(",")
                     .append(entry.getRoleName()).append(",")
-                    .append(entry.getAssignedBy()).append(",")
-                    .append(entry.getAssignedAt().toString()).append(",");
-
-                // Handle nullable fields
-                csvBuilder.append(entry.getRevokedBy() != null ? entry.getRevokedBy() : "").append(",");
-                csvBuilder.append(entry.getRevokedAt() != null ? entry.getRevokedAt().toString() : "");
-                csvBuilder.append("\n");
+                    .append(entry.getAssignedBy() != null ? entry.getAssignedBy() : "").append(",")
+                    .append(entry.getAssignedAt() != null ? entry.getAssignedAt().toString() : "").append(",")
+                    .append(entry.getRevokedBy() != null ? entry.getRevokedBy() : "").append(",")
+                    .append(entry.getRevokedAt() != null ? entry.getRevokedAt().toString() : "")
+                    .append("\n");
             }
 
             String objectType = dvObject.getClass().getSimpleName().toLowerCase();
@@ -741,9 +739,19 @@ protected Response getRoleAssignmentHistoryResponse(DvObject dvObject, Authentic
             JsonObjectBuilder job = Json.createObjectBuilder()
                     .add("definedOn", entry.getDefinitionPointIdsAsString())
                     .add("assigneeIdentifier", entry.getAssigneeIdentifier())
-                    .add("roleName", entry.getRoleName())
-                    .add("assignedBy", entry.getAssignedBy())
-                    .add("assignedAt", entry.getAssignedAt().toString());
+                    .add("roleName", entry.getRoleName());
+                    
+            // Add assignment info if available
+            if (entry.getAssignedBy()!= null) {
+                job.add("assignedBy", entry.getAssignedBy());
+            } else {
+                job.add("assignedBy", JsonValue.NULL);
+            }
+            if (entry.getAssignedAt()!= null) {
+                job.add("assignedAt", entry.getAssignedAt().toString());
+            } else {
+                job.add("assignedAt", JsonValue.NULL);
+            }
 
             // Add revocation info if available
             if (entry.getRevokedBy() != null) {
@@ -751,7 +759,6 @@ protected Response getRoleAssignmentHistoryResponse(DvObject dvObject, Authentic
             } else {
                 job.add("revokedBy", JsonValue.NULL);
             }
-
             if (entry.getRevokedAt() != null) {
                 job.add("revokedAt", entry.getRevokedAt().toString());
             } else {

From 080372639a499855d20d5fb906147f317834fd47 Mon Sep 17 00:00:00 2001
From: Jim Myers <qqmyers@hotmail.com>
Date: Thu, 24 Jul 2025 15:03:23 -0400
Subject: [PATCH 056/634] fix comma handling

---
 src/main/java/edu/harvard/iq/dataverse/api/AbstractApiBean.java | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/main/java/edu/harvard/iq/dataverse/api/AbstractApiBean.java b/src/main/java/edu/harvard/iq/dataverse/api/AbstractApiBean.java
index a9bb064f487..4c3b99423d6 100644
--- a/src/main/java/edu/harvard/iq/dataverse/api/AbstractApiBean.java
+++ b/src/main/java/edu/harvard/iq/dataverse/api/AbstractApiBean.java
@@ -715,7 +715,7 @@ protected Response getRoleAssignmentHistoryResponse(DvObject dvObject, Authentic
                 if(definitionPointIds.contains(",")) {
                     definitionPointIds = "\"" + definitionPointIds + "\"";
                 }
-                csvBuilder.append(entry.getDefinitionPointIdsAsString()).append(",")
+                csvBuilder.append(definitionPointIds).append(",")
                     .append(entry.getAssigneeIdentifier()).append(",")
                     .append(entry.getRoleName()).append(",")
                     .append(entry.getAssignedBy() != null ? entry.getAssignedBy() : "").append(",")

From 715badb279b287f327bd141fec30fa70d5519dad Mon Sep 17 00:00:00 2001
From: Jim Myers <qqmyers@hotmail.com>
Date: Thu, 24 Jul 2025 17:39:42 -0400
Subject: [PATCH 057/634] change api paths to mirror /assignment endpoints

---
 src/main/java/edu/harvard/iq/dataverse/api/Datasets.java | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/main/java/edu/harvard/iq/dataverse/api/Datasets.java b/src/main/java/edu/harvard/iq/dataverse/api/Datasets.java
index 91239af8816..03c9b53ce4a 100644
--- a/src/main/java/edu/harvard/iq/dataverse/api/Datasets.java
+++ b/src/main/java/edu/harvard/iq/dataverse/api/Datasets.java
@@ -6023,7 +6023,7 @@ public Response deleteVersionNote(@Context ContainerRequestContext crc, @PathPar
     
     @GET
     @AuthRequired
-    @Path("{identifier}/permissions/history")
+    @Path("{identifier}/assignments/history")
     @Produces({ MediaType.APPLICATION_JSON, "text/csv" })
     public Response getRoleAssignmentHistory(@Context ContainerRequestContext crc, @PathParam("identifier") String id, @Context HttpHeaders headers) {
         return response(req -> {
@@ -6038,7 +6038,7 @@ public Response getRoleAssignmentHistory(@Context ContainerRequestContext crc, @
 
     @GET
     @AuthRequired
-    @Path("{identifier}/files/permissions/history")
+    @Path("{identifier}/files/assignments/history")
     @Produces({ MediaType.APPLICATION_JSON, "text/csv" })
     public Response getFilesRoleAssignmentHistory(@Context ContainerRequestContext crc,
             @PathParam("identifier") String id,

From baf5e180a236977f4b84509e5bb71f3079046d9a Mon Sep 17 00:00:00 2001
From: Jim Myers <qqmyers@hotmail.com>
Date: Fri, 25 Jul 2025 11:52:45 -0400
Subject: [PATCH 058/634] change flag name, class names to remove audit

---
 .../dataverse/DataverseRoleServiceBean.java   | 28 +++++++++----------
 .../dataverse/ManageFilePermissionsPage.java  |  6 ++--
 .../iq/dataverse/ManagePermissionsPage.java   |  4 +--
 ...tAudit.java => RoleAssignmentHistory.java} | 14 +++++-----
 .../iq/dataverse/api/AbstractApiBean.java     |  6 ++--
 .../harvard/iq/dataverse/api/Datasets.java    |  2 +-
 .../command/impl/AssignRoleCommand.java       |  2 +-
 .../iq/dataverse/settings/FeatureFlags.java   |  4 +--
 8 files changed, 33 insertions(+), 33 deletions(-)
 rename src/main/java/edu/harvard/iq/dataverse/{RoleAssignmentAudit.java => RoleAssignmentHistory.java} (89%)

diff --git a/src/main/java/edu/harvard/iq/dataverse/DataverseRoleServiceBean.java b/src/main/java/edu/harvard/iq/dataverse/DataverseRoleServiceBean.java
index 257985dc65a..78a6628ec3a 100644
--- a/src/main/java/edu/harvard/iq/dataverse/DataverseRoleServiceBean.java
+++ b/src/main/java/edu/harvard/iq/dataverse/DataverseRoleServiceBean.java
@@ -94,7 +94,7 @@ public RoleAssignment save(RoleAssignment assignment, boolean createIndex, Datav
         
         // Check if ROLE_ASSIGNMENT_AUDITING feature flag is enabled
         if (FeatureFlags.ROLE_ASSIGNMENT_AUDITING.enabled()) {
-            RoleAssignmentAudit audit = new RoleAssignmentAudit(assignment, req, RoleAssignmentAudit.ActionType.ASSIGN);
+            RoleAssignmentHistory audit = new RoleAssignmentHistory(assignment, req, RoleAssignmentHistory.ActionType.ASSIGN);
             saveAudit(audit);
         }
 
@@ -103,12 +103,12 @@ public RoleAssignment save(RoleAssignment assignment, boolean createIndex, Datav
     
 
     /**
-     * Saves a RoleAssignmentAudit entry to the database.
+     * Saves a RoleAssignmentHistory entry to the database.
      * 
-     * @param audit The RoleAssignmentAudit object to be saved
-     * @return The persisted RoleAssignmentAudit object
+     * @param audit The RoleAssignmentHistory object to be saved
+     * @return The persisted RoleAssignmentHistory object
      */
-    private RoleAssignmentAudit saveAudit(RoleAssignmentAudit audit) {
+    private RoleAssignmentHistory saveAudit(RoleAssignmentHistory audit) {
         if (audit.getAuditId() == null) {
             em.persist(audit);
             em.flush(); // Ensure the entity is persisted immediately
@@ -184,7 +184,7 @@ public void revoke(RoleAssignment ra, DataverseRequest req) {
         
         // Create audit entry if feature flag is set
         if (FeatureFlags.ROLE_ASSIGNMENT_AUDITING.enabled()) {
-            RoleAssignmentAudit audit = new RoleAssignmentAudit(ra, req, RoleAssignmentAudit.ActionType.REVOKE);
+            RoleAssignmentHistory audit = new RoleAssignmentHistory(ra, req, RoleAssignmentHistory.ActionType.REVOKE);
             saveAudit(audit);
         }
         
@@ -209,7 +209,7 @@ public void revokeAll(RoleAssignee assignee, DataverseRequest req) {
             
             // Create audit entry if feature flag is set
             if (FeatureFlags.ROLE_ASSIGNMENT_AUDITING.enabled()) {
-                RoleAssignmentAudit audit = new RoleAssignmentAudit(ra, req, RoleAssignmentAudit.ActionType.REVOKE);
+                RoleAssignmentHistory audit = new RoleAssignmentHistory(ra, req, RoleAssignmentHistory.ActionType.REVOKE);
                 saveAudit(audit);
             }
             
@@ -380,7 +380,7 @@ For a given permission and dataverse Id get all of the roles (built-in or owned
      * @return List of role assignment history entries
      */
     public List<RoleAssignmentHistoryEntry> getRoleAssignmentHistory(Long definitionPointId) {
-        List<RoleAssignmentAudit> audits = em.createNamedQuery("RoleAssignmentAudit.findByDefinitionPointId", RoleAssignmentAudit.class)
+        List<RoleAssignmentHistory> audits = em.createNamedQuery("RoleAssignmentHistory.findByDefinitionPointId", RoleAssignmentHistory.class)
                 .setParameter("definitionPointId", definitionPointId)
                 .getResultList();
         
@@ -394,7 +394,7 @@ public List<RoleAssignmentHistoryEntry> getRoleAssignmentHistory(Long definition
      * @return List of role assignment history entries
      */
     public List<RoleAssignmentHistoryEntry> getFilesRoleAssignmentHistory(Long datasetId) {
-        List<RoleAssignmentAudit> audits = em.createNamedQuery("RoleAssignmentAudit.findByOwnerId", RoleAssignmentAudit.class)
+        List<RoleAssignmentHistory> audits = em.createNamedQuery("RoleAssignmentHistory.findByOwnerId", RoleAssignmentHistory.class)
                 .setParameter("datasetId", datasetId)
                 .getResultList();
         
@@ -402,18 +402,18 @@ public List<RoleAssignmentHistoryEntry> getFilesRoleAssignmentHistory(Long datas
     }
     
     /**
-     * Common method to process role assignment audits and create history entries
+     * Common method to process role assignment history rows and create consolidated history entries
      * 
      * @param audits List of role assignment audit records
      * @param combineEntries Whether to combine entries for different files
      * @return List of role assignment history entries
      */
-    private List<RoleAssignmentHistoryEntry> processRoleAssignmentAudits(List<RoleAssignmentAudit> audits, boolean combineEntries) {
+    private List<RoleAssignmentHistoryEntry> processRoleAssignmentAudits(List<RoleAssignmentHistory> audits, boolean combineEntries) {
         List<RoleAssignmentHistoryEntry> roleAssignmentHistory = new ArrayList<>();
         Map<Long, RoleAssignmentHistoryEntry> historyMap = new HashMap<>();
 
         // First pass: Create entries from audit records
-        for (RoleAssignmentAudit audit : audits) {
+        for (RoleAssignmentHistory audit : audits) {
             Long roleAssignmentId = audit.getRoleAssignmentId();
             RoleAssignmentHistoryEntry entry = historyMap.get(roleAssignmentId);
 
@@ -422,10 +422,10 @@ private List<RoleAssignmentHistoryEntry> processRoleAssignmentAudits(List<RoleAs
                 historyMap.put(roleAssignmentId, entry);
             }
 
-            if (audit.getActionType() == RoleAssignmentAudit.ActionType.ASSIGN) {
+            if (audit.getActionType() == RoleAssignmentHistory.ActionType.ASSIGN) {
                 entry.setAssignedBy(audit.getActionByIdentifier());
                 entry.setAssignedAt(audit.getActionTimestamp());
-            } else if (audit.getActionType() == RoleAssignmentAudit.ActionType.REVOKE) {
+            } else if (audit.getActionType() == RoleAssignmentHistory.ActionType.REVOKE) {
                 entry.setRevokedBy(audit.getActionByIdentifier());
                 entry.setRevokedAt(audit.getActionTimestamp());
             }
diff --git a/src/main/java/edu/harvard/iq/dataverse/ManageFilePermissionsPage.java b/src/main/java/edu/harvard/iq/dataverse/ManageFilePermissionsPage.java
index a571f798060..0c49346fd80 100644
--- a/src/main/java/edu/harvard/iq/dataverse/ManageFilePermissionsPage.java
+++ b/src/main/java/edu/harvard/iq/dataverse/ManageFilePermissionsPage.java
@@ -5,7 +5,7 @@
  */
 package edu.harvard.iq.dataverse;
 
-import edu.harvard.iq.dataverse.DataverseRoleServiceBean.RoleAssignmentHistoryEntry;
+import edu.harvard.iq.dataverse.DataverseRoleServiceBean.RoleAssignmentHistoryConsolidatedEntry;
 import edu.harvard.iq.dataverse.api.Util;
 import edu.harvard.iq.dataverse.authorization.AuthenticationProvider;
 import edu.harvard.iq.dataverse.authorization.AuthenticationServiceBean;
@@ -546,9 +546,9 @@ private boolean assignRole(RoleAssignee ra,  DataFile file, DataverseRole r) {
         return true;
     }
 
-    private List<RoleAssignmentHistoryEntry> roleAssignmentHistory;
+    private List<RoleAssignmentHistoryConsolidatedEntry> roleAssignmentHistory;
 
-    public List<RoleAssignmentHistoryEntry> getRoleAssignmentHistory() {
+    public List<RoleAssignmentHistoryConsolidatedEntry> getRoleAssignmentHistory() {
         if (roleAssignmentHistory == null) {
             roleAssignmentHistory = roleService.getFilesRoleAssignmentHistory(dataset.getId());
         }
diff --git a/src/main/java/edu/harvard/iq/dataverse/ManagePermissionsPage.java b/src/main/java/edu/harvard/iq/dataverse/ManagePermissionsPage.java
index ed1665f4208..1f980c877ba 100644
--- a/src/main/java/edu/harvard/iq/dataverse/ManagePermissionsPage.java
+++ b/src/main/java/edu/harvard/iq/dataverse/ManagePermissionsPage.java
@@ -241,9 +241,9 @@ public void editRole(String roleId) {
     }
     
     /** Role Assignment History */
-    private List<DataverseRoleServiceBean.RoleAssignmentHistoryEntry> roleAssignmentHistory;
+    private List<DataverseRoleServiceBean.RoleAssignmentHistoryConsolidatedEntry> roleAssignmentHistory;
 
-    public List<DataverseRoleServiceBean.RoleAssignmentHistoryEntry> getRoleAssignmentHistory() {
+    public List<DataverseRoleServiceBean.RoleAssignmentHistoryConsolidatedEntry> getRoleAssignmentHistory() {
         
         if (roleAssignmentHistory == null) {
             roleAssignmentHistory = roleService.getRoleAssignmentHistory(dvObject.getId());
diff --git a/src/main/java/edu/harvard/iq/dataverse/RoleAssignmentAudit.java b/src/main/java/edu/harvard/iq/dataverse/RoleAssignmentHistory.java
similarity index 89%
rename from src/main/java/edu/harvard/iq/dataverse/RoleAssignmentAudit.java
rename to src/main/java/edu/harvard/iq/dataverse/RoleAssignmentHistory.java
index 52292aeb065..ebc6d95288a 100644
--- a/src/main/java/edu/harvard/iq/dataverse/RoleAssignmentAudit.java
+++ b/src/main/java/edu/harvard/iq/dataverse/RoleAssignmentHistory.java
@@ -30,14 +30,14 @@
     @Index(name = "idx_raa_definition_point_id", columnList = "definition_point_id")
 })
 @NamedQueries({
-    @NamedQuery(name = "RoleAssignmentAudit.findByDefinitionPointId",
-        query = "SELECT ra FROM RoleAssignmentAudit ra WHERE ra.definitionPointId = :definitionPointId ORDER BY ra.roleAssignmentId, ra.actionTimestamp DESC"),
-    @NamedQuery(name = "RoleAssignmentAudit.findByOwnerId",
-    query = "SELECT ra FROM RoleAssignmentAudit ra JOIN DvObject d ON ra.definitionPointId = d.id " +
+    @NamedQuery(name = "RoleAssignmentHistory.findByDefinitionPointId",
+        query = "SELECT ra FROM RoleAssignmentHistory ra WHERE ra.definitionPointId = :definitionPointId ORDER BY ra.roleAssignmentId, ra.actionTimestamp DESC"),
+    @NamedQuery(name = "RoleAssignmentHistory.findByOwnerId",
+    query = "SELECT ra FROM RoleAssignmentHistory ra JOIN DvObject d ON ra.definitionPointId = d.id " +
             "WHERE d.owner.id = :datasetId " +
             "ORDER BY ra.roleAssignmentId, ra.actionTimestamp DESC")
 })
-public class RoleAssignmentAudit implements Serializable {
+public class RoleAssignmentHistory implements Serializable {
 
     @Id
     @GeneratedValue(strategy = GenerationType.IDENTITY)
@@ -78,10 +78,10 @@ public enum ActionType {
     }
 
     // Constructors
-    public RoleAssignmentAudit() {
+    public RoleAssignmentHistory() {
     }
 
-    public RoleAssignmentAudit(RoleAssignment roleAssignment, DataverseRequest request, ActionType actionType) {
+    public RoleAssignmentHistory(RoleAssignment roleAssignment, DataverseRequest request, ActionType actionType) {
         this.roleAssignmentId = roleAssignment.getId();
         this.actionType = actionType;
         this.actionTimestamp = new Date();
diff --git a/src/main/java/edu/harvard/iq/dataverse/api/AbstractApiBean.java b/src/main/java/edu/harvard/iq/dataverse/api/AbstractApiBean.java
index 4c3b99423d6..fb5868d76b0 100644
--- a/src/main/java/edu/harvard/iq/dataverse/api/AbstractApiBean.java
+++ b/src/main/java/edu/harvard/iq/dataverse/api/AbstractApiBean.java
@@ -675,7 +675,7 @@ protected Response getRoleAssignmentHistoryResponse(DvObject dvObject, Authentic
         }
 
         // Get the role assignment history
-        List<DataverseRoleServiceBean.RoleAssignmentHistoryEntry> history = null;
+        List<DataverseRoleServiceBean.RoleAssignmentHistoryConsolidatedEntry> history = null;
         if (forFiles == false) {
             history = rolesSvc.getRoleAssignmentHistory(dvObject.getId());
         } else {
@@ -709,7 +709,7 @@ protected Response getRoleAssignmentHistoryResponse(DvObject dvObject, Authentic
                     .append(revokedAtHeader).append("\n");
 
             // Add data rows
-            for (DataverseRoleServiceBean.RoleAssignmentHistoryEntry entry : history) {
+            for (DataverseRoleServiceBean.RoleAssignmentHistoryConsolidatedEntry entry : history) {
                 String definitionPointIds = entry.getDefinitionPointIdsAsString();
                 // Handle multiple comma-separated values in definitionPointIds column
                 if(definitionPointIds.contains(",")) {
@@ -735,7 +735,7 @@ protected Response getRoleAssignmentHistoryResponse(DvObject dvObject, Authentic
         
         // Or Json by default
         JsonArrayBuilder jsonArray = Json.createArrayBuilder();
-        for (DataverseRoleServiceBean.RoleAssignmentHistoryEntry entry : history) {
+        for (DataverseRoleServiceBean.RoleAssignmentHistoryConsolidatedEntry entry : history) {
             JsonObjectBuilder job = Json.createObjectBuilder()
                     .add("definedOn", entry.getDefinitionPointIdsAsString())
                     .add("assigneeIdentifier", entry.getAssigneeIdentifier())
diff --git a/src/main/java/edu/harvard/iq/dataverse/api/Datasets.java b/src/main/java/edu/harvard/iq/dataverse/api/Datasets.java
index 03c9b53ce4a..6dd0baaa2c7 100644
--- a/src/main/java/edu/harvard/iq/dataverse/api/Datasets.java
+++ b/src/main/java/edu/harvard/iq/dataverse/api/Datasets.java
@@ -3,7 +3,7 @@
 import edu.harvard.iq.dataverse.*;
 import edu.harvard.iq.dataverse.DatasetLock.Reason;
 import edu.harvard.iq.dataverse.DatasetVersion.VersionState;
-import edu.harvard.iq.dataverse.DataverseRoleServiceBean.RoleAssignmentHistoryEntry;
+import edu.harvard.iq.dataverse.DataverseRoleServiceBean.RoleAssignmentHistoryConsolidatedEntry;
 import edu.harvard.iq.dataverse.actionlogging.ActionLogRecord;
 import edu.harvard.iq.dataverse.api.AbstractApiBean.WrappedResponse;
 import edu.harvard.iq.dataverse.api.auth.AuthRequired;
diff --git a/src/main/java/edu/harvard/iq/dataverse/engine/command/impl/AssignRoleCommand.java b/src/main/java/edu/harvard/iq/dataverse/engine/command/impl/AssignRoleCommand.java
index 7260b433ddb..db3c41f0f03 100644
--- a/src/main/java/edu/harvard/iq/dataverse/engine/command/impl/AssignRoleCommand.java
+++ b/src/main/java/edu/harvard/iq/dataverse/engine/command/impl/AssignRoleCommand.java
@@ -19,7 +19,7 @@
 import edu.harvard.iq.dataverse.engine.command.exception.IllegalCommandException;
 import edu.harvard.iq.dataverse.util.BundleUtil;
 
-import edu.harvard.iq.dataverse.RoleAssignmentAudit;
+import edu.harvard.iq.dataverse.RoleAssignmentHistory;
 import edu.harvard.iq.dataverse.settings.FeatureFlags;
 import java.util.Collections;
 import java.util.Date;
diff --git a/src/main/java/edu/harvard/iq/dataverse/settings/FeatureFlags.java b/src/main/java/edu/harvard/iq/dataverse/settings/FeatureFlags.java
index 539e898255c..7d3fec6822f 100644
--- a/src/main/java/edu/harvard/iq/dataverse/settings/FeatureFlags.java
+++ b/src/main/java/edu/harvard/iq/dataverse/settings/FeatureFlags.java
@@ -168,10 +168,10 @@ public enum FeatureFlags {
     ADD_LOCAL_CONTEXTS_PERMISSION_CHECK("add-local-contexts-permission-check"),
 
     /**
-     * This flag turns on auditing of role assignments - keeping a record of when roles were granted
+     * This flag turns on history tracking of role assignments - keeping a record of when roles were granted
      * or revoked, at what times, and by whom.
      */
-    ROLE_ASSIGNMENT_AUDITING("role-assignment-auditing"),
+    ROLE_ASSIGNMENT_HISTORY("role-assignment-history"),
     ;
     
     final String flag;

From 696f009201567c1950008040ee6810d8fd867f1c Mon Sep 17 00:00:00 2001
From: Jim Myers <qqmyers@hotmail.com>
Date: Fri, 25 Jul 2025 11:53:05 -0400
Subject: [PATCH 059/634] more audit changes

---
 .../dataverse/DataverseRoleServiceBean.java   | 104 +++++++++---------
 .../iq/dataverse/RoleAssignmentHistory.java   |   2 +-
 2 files changed, 53 insertions(+), 53 deletions(-)

diff --git a/src/main/java/edu/harvard/iq/dataverse/DataverseRoleServiceBean.java b/src/main/java/edu/harvard/iq/dataverse/DataverseRoleServiceBean.java
index 78a6628ec3a..3b058c00c82 100644
--- a/src/main/java/edu/harvard/iq/dataverse/DataverseRoleServiceBean.java
+++ b/src/main/java/edu/harvard/iq/dataverse/DataverseRoleServiceBean.java
@@ -1,6 +1,6 @@
 package edu.harvard.iq.dataverse;
 
-import edu.harvard.iq.dataverse.DataverseRoleServiceBean.RoleAssignmentHistoryEntry;
+import edu.harvard.iq.dataverse.DataverseRoleServiceBean.RoleAssignmentHistoryConsolidatedEntry;
 import edu.harvard.iq.dataverse.authorization.DataverseRole;
 import edu.harvard.iq.dataverse.authorization.Permission;
 import edu.harvard.iq.dataverse.authorization.RoleAssignee;
@@ -92,10 +92,10 @@ public RoleAssignment save(RoleAssignment assignment, boolean createIndex, Datav
             indexAsync.indexRole(assignment);
         }
         
-        // Check if ROLE_ASSIGNMENT_AUDITING feature flag is enabled
-        if (FeatureFlags.ROLE_ASSIGNMENT_AUDITING.enabled()) {
-            RoleAssignmentHistory audit = new RoleAssignmentHistory(assignment, req, RoleAssignmentHistory.ActionType.ASSIGN);
-            saveAudit(audit);
+        // Check if ROLE_ASSIGNMENT_HISTORY feature flag is enabled
+        if (FeatureFlags.ROLE_ASSIGNMENT_HISTORY.enabled()) {
+            RoleAssignmentHistory entry = new RoleAssignmentHistory(assignment, req, RoleAssignmentHistory.ActionType.ASSIGN);
+            saveHistoryEntry(entry);
         }
 
         return assignment;
@@ -105,17 +105,17 @@ public RoleAssignment save(RoleAssignment assignment, boolean createIndex, Datav
     /**
      * Saves a RoleAssignmentHistory entry to the database.
      * 
-     * @param audit The RoleAssignmentHistory object to be saved
+     * @param entry The RoleAssignmentHistory object to be saved
      * @return The persisted RoleAssignmentHistory object
      */
-    private RoleAssignmentHistory saveAudit(RoleAssignmentHistory audit) {
-        if (audit.getAuditId() == null) {
-            em.persist(audit);
+    private RoleAssignmentHistory saveHistoryEntry(RoleAssignmentHistory entry) {
+        if (entry.getEntryId() == null) {
+            em.persist(entry);
             em.flush(); // Ensure the entity is persisted immediately
         } else {
-            audit = em.merge(audit);
+            entry = em.merge(entry);
         }
-        return audit;
+        return entry;
     }
 
     private IndexResponse indexDefinitionPoint(DvObject definitionPoint) {
@@ -182,10 +182,10 @@ public void revoke(RoleAssignment ra, DataverseRequest req) {
             ra = em.merge(ra);
         }
         
-        // Create audit entry if feature flag is set
-        if (FeatureFlags.ROLE_ASSIGNMENT_AUDITING.enabled()) {
-            RoleAssignmentHistory audit = new RoleAssignmentHistory(ra, req, RoleAssignmentHistory.ActionType.REVOKE);
-            saveAudit(audit);
+        // Create history entry if feature flag is set
+        if (FeatureFlags.ROLE_ASSIGNMENT_HISTORY.enabled()) {
+            RoleAssignmentHistory entry = new RoleAssignmentHistory(ra, req, RoleAssignmentHistory.ActionType.REVOKE);
+            saveHistoryEntry(entry);
         }
         
         em.remove(ra);
@@ -207,10 +207,10 @@ public void revokeAll(RoleAssignee assignee, DataverseRequest req) {
                 ra = em.merge(ra);
             }
             
-            // Create audit entry if feature flag is set
-            if (FeatureFlags.ROLE_ASSIGNMENT_AUDITING.enabled()) {
-                RoleAssignmentHistory audit = new RoleAssignmentHistory(ra, req, RoleAssignmentHistory.ActionType.REVOKE);
-                saveAudit(audit);
+            // Create history entry if feature flag is set
+            if (FeatureFlags.ROLE_ASSIGNMENT_HISTORY.enabled()) {
+                RoleAssignmentHistory entry = new RoleAssignmentHistory(ra, req, RoleAssignmentHistory.ActionType.REVOKE);
+                saveHistoryEntry(entry);
             }
             
             em.remove(ra);
@@ -379,12 +379,12 @@ For a given permission and dataverse Id get all of the roles (built-in or owned
      * @param definitionPointId The ID of the definition point
      * @return List of role assignment history entries
      */
-    public List<RoleAssignmentHistoryEntry> getRoleAssignmentHistory(Long definitionPointId) {
-        List<RoleAssignmentHistory> audits = em.createNamedQuery("RoleAssignmentHistory.findByDefinitionPointId", RoleAssignmentHistory.class)
+    public List<RoleAssignmentHistoryConsolidatedEntry> getRoleAssignmentHistory(Long definitionPointId) {
+        List<RoleAssignmentHistory> entries = em.createNamedQuery("RoleAssignmentHistory.findByDefinitionPointId", RoleAssignmentHistory.class)
                 .setParameter("definitionPointId", definitionPointId)
                 .getResultList();
         
-        return processRoleAssignmentAudits(audits, false);
+        return processRoleAssignmentEntries(entries, false);
     }
 
     /**
@@ -393,53 +393,53 @@ public List<RoleAssignmentHistoryEntry> getRoleAssignmentHistory(Long definition
      * @param datasetId The ID of the dataset
      * @return List of role assignment history entries
      */
-    public List<RoleAssignmentHistoryEntry> getFilesRoleAssignmentHistory(Long datasetId) {
-        List<RoleAssignmentHistory> audits = em.createNamedQuery("RoleAssignmentHistory.findByOwnerId", RoleAssignmentHistory.class)
+    public List<RoleAssignmentHistoryConsolidatedEntry> getFilesRoleAssignmentHistory(Long datasetId) {
+        List<RoleAssignmentHistory> entries = em.createNamedQuery("RoleAssignmentHistory.findByOwnerId", RoleAssignmentHistory.class)
                 .setParameter("datasetId", datasetId)
                 .getResultList();
         
-        return processRoleAssignmentAudits(audits, true);
+        return processRoleAssignmentEntries(entries, true);
     }
     
     /**
-     * Common method to process role assignment history rows and create consolidated history entries
+     * Common method to process role assignment history entries and create consolidated history entries
      * 
-     * @param audits List of role assignment audit records
+     * @param entries List of role assignment history records
      * @param combineEntries Whether to combine entries for different files
      * @return List of role assignment history entries
      */
-    private List<RoleAssignmentHistoryEntry> processRoleAssignmentAudits(List<RoleAssignmentHistory> audits, boolean combineEntries) {
-        List<RoleAssignmentHistoryEntry> roleAssignmentHistory = new ArrayList<>();
-        Map<Long, RoleAssignmentHistoryEntry> historyMap = new HashMap<>();
-
-        // First pass: Create entries from audit records
-        for (RoleAssignmentHistory audit : audits) {
-            Long roleAssignmentId = audit.getRoleAssignmentId();
-            RoleAssignmentHistoryEntry entry = historyMap.get(roleAssignmentId);
-
-            if (entry == null) {
-                entry = new RoleAssignmentHistoryEntry(audit.getAssigneeIdentifier(), audit.getRoleAlias(), audit.getDefinitionPointId());
-                historyMap.put(roleAssignmentId, entry);
+    private List<RoleAssignmentHistoryConsolidatedEntry> processRoleAssignmentEntries(List<RoleAssignmentHistory> entries, boolean combineEntries) {
+        List<RoleAssignmentHistoryConsolidatedEntry> roleAssignmentHistory = new ArrayList<>();
+        Map<Long, RoleAssignmentHistoryConsolidatedEntry> historyMap = new HashMap<>();
+
+        // First pass: Create consolidatedEntries from history records
+        for (RoleAssignmentHistory entry : entries) {
+            Long roleAssignmentId = entry.getRoleAssignmentId();
+            RoleAssignmentHistoryConsolidatedEntry consolidatedEntry = historyMap.get(roleAssignmentId);
+
+            if (consolidatedEntry == null) {
+                consolidatedEntry = new RoleAssignmentHistoryConsolidatedEntry(entry.getAssigneeIdentifier(), entry.getRoleAlias(), entry.getDefinitionPointId());
+                historyMap.put(roleAssignmentId, consolidatedEntry);
             }
 
-            if (audit.getActionType() == RoleAssignmentHistory.ActionType.ASSIGN) {
-                entry.setAssignedBy(audit.getActionByIdentifier());
-                entry.setAssignedAt(audit.getActionTimestamp());
-            } else if (audit.getActionType() == RoleAssignmentHistory.ActionType.REVOKE) {
-                entry.setRevokedBy(audit.getActionByIdentifier());
-                entry.setRevokedAt(audit.getActionTimestamp());
+            if (entry.getActionType() == RoleAssignmentHistory.ActionType.ASSIGN) {
+                consolidatedEntry.setAssignedBy(entry.getActionByIdentifier());
+                consolidatedEntry.setAssignedAt(entry.getActionTimestamp());
+            } else if (entry.getActionType() == RoleAssignmentHistory.ActionType.REVOKE) {
+                consolidatedEntry.setRevokedBy(entry.getActionByIdentifier());
+                consolidatedEntry.setRevokedAt(entry.getActionTimestamp());
             }
         }
         
         // Second pass: Combine entries with matching criteria if requested
         if (combineEntries) {
-            Map<String, RoleAssignmentHistoryEntry> finalHistoryMap = new HashMap<>();
-            for (RoleAssignmentHistoryEntry entry : historyMap.values()) {
+            Map<String, RoleAssignmentHistoryConsolidatedEntry> finalHistoryMap = new HashMap<>();
+            for (RoleAssignmentHistoryConsolidatedEntry entry : historyMap.values()) {
                 String key = entry.getAssigneeIdentifier() + "|" + entry.getRoleName() + "|" +
                         entry.getAssignedBy() + "|" + entry.getAssignedAt() + "|" +
                         entry.getRevokedBy() + "|" + entry.getRevokedAt();
 
-                RoleAssignmentHistoryEntry existingEntry = finalHistoryMap.get(key);
+                RoleAssignmentHistoryConsolidatedEntry existingEntry = finalHistoryMap.get(key);
                 if (existingEntry == null) {
                     finalHistoryMap.put(key, entry);
                 } else {
@@ -453,14 +453,14 @@ private List<RoleAssignmentHistoryEntry> processRoleAssignmentAudits(List<RoleAs
 
         // Sort the entries
         roleAssignmentHistory.sort(Comparator
-                .comparing(RoleAssignmentHistoryEntry::getRevokedAt, Comparator.nullsLast(Comparator.naturalOrder()))
-                .thenComparing(RoleAssignmentHistoryEntry::getAssignedAt, Comparator.nullsLast(Comparator.naturalOrder()))
+                .comparing(RoleAssignmentHistoryConsolidatedEntry::getRevokedAt, Comparator.nullsLast(Comparator.naturalOrder()))
+                .thenComparing(RoleAssignmentHistoryConsolidatedEntry::getAssignedAt, Comparator.nullsLast(Comparator.naturalOrder()))
                 .reversed());
 
         return roleAssignmentHistory;
     }
 
-    public static class RoleAssignmentHistoryEntry {
+    public static class RoleAssignmentHistoryConsolidatedEntry {
         private String roleName;
         private String assigneeIdentifier;
         private String assignedBy;
@@ -469,7 +469,7 @@ public static class RoleAssignmentHistoryEntry {
         private Date revokedAt;
         private List<Long> definitionPointIds;  // New field
     
-        public RoleAssignmentHistoryEntry(String assigneeIdentifier, String roleName, Long definitionPointId) {
+        public RoleAssignmentHistoryConsolidatedEntry(String assigneeIdentifier, String roleName, Long definitionPointId) {
             this.roleName = roleName;
             this.assigneeIdentifier = assigneeIdentifier;
             this.definitionPointIds = new ArrayList<Long>();
diff --git a/src/main/java/edu/harvard/iq/dataverse/RoleAssignmentHistory.java b/src/main/java/edu/harvard/iq/dataverse/RoleAssignmentHistory.java
index ebc6d95288a..62bed6b3233 100644
--- a/src/main/java/edu/harvard/iq/dataverse/RoleAssignmentHistory.java
+++ b/src/main/java/edu/harvard/iq/dataverse/RoleAssignmentHistory.java
@@ -99,7 +99,7 @@ public RoleAssignmentHistory(RoleAssignment roleAssignment, DataverseRequest req
     }
 
     // Getters and setters
-    public Long getAuditId() {
+    public Long getEntryId() {
         return auditId;
     }
 

From ec2042dcddbeeb8f732e51565af375c1c033edb8 Mon Sep 17 00:00:00 2001
From: Jim Myers <qqmyers@hotmail.com>
Date: Fri, 25 Jul 2025 11:53:18 -0400
Subject: [PATCH 060/634] documentation

---
 doc/release-notes/11612-RAHistory.md          |  17 ++
 doc/sphinx-guides/source/api/native-api.rst   | 161 ++++++++++++++++++
 .../source/installation/config.rst            |   3 +
 .../source/user/dataverse-management.rst      |   4 +-
 4 files changed, 184 insertions(+), 1 deletion(-)
 create mode 100644 doc/release-notes/11612-RAHistory.md

diff --git a/doc/release-notes/11612-RAHistory.md b/doc/release-notes/11612-RAHistory.md
new file mode 100644
index 00000000000..b61fc9d0406
--- /dev/null
+++ b/doc/release-notes/11612-RAHistory.md
@@ -0,0 +1,17 @@
+# Role Assignment History Tracking
+
+Dataverse can now track the history of role assignments, allowing administrators to see who assigned or revoked roles, when these actions occurred, and which roles were involved. This feature helps with auditing and understanding permission changes over time.
+
+## Key components of this feature:
+
+- **Feature Flag**: The functionality can be enabled/disabled via the `ROLE_ASSIGNMENT_HISTORY` feature flag 
+- **UI Integration**: New history panels on permission management pages showing the complete history of role assignments/revocations
+- **CSV Export**: Administrators can download the role assignment history for a given collection or dataset (or files in a dataset) as a CSV file directly from the new panels
+- **API Access**: New API endpoints provide access to role assignment history in both JSON and CSV formats:
+  - `/api/dataverses/{identifier}/assignments/history`
+  - `/api/datasets/{identifier}/assignments/history`
+  - `/api/datasets/{identifier}/files/assignments/history`
+  
+All return JSON by default but will return an internationalized CSV if an `Accept: text/csv` header is adde
+
+For more information, see #11612
\ No newline at end of file
diff --git a/doc/sphinx-guides/source/api/native-api.rst b/doc/sphinx-guides/source/api/native-api.rst
index 95307f77e48..431c2776a50 100644
--- a/doc/sphinx-guides/source/api/native-api.rst
+++ b/doc/sphinx-guides/source/api/native-api.rst
@@ -1440,6 +1440,60 @@ The fully expanded example above (without environment variables) looks like this
 
   curl -H "X-Dataverse-key: xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx" -X POST "https://demo.dataverse.org/api/dataverses/1/templates" --upload-file dataverse-template.json
 
+
+Dataverse Role Assignment History
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+Get the history of role assignments for a collection. This API call returns a list of role assignments and revocations for the specified dataset.
+
+.. code-block:: bash
+
+  export API_TOKEN=xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
+  export SERVER_URL=https://demo.dataverse.org
+  export ID=1
+
+  curl -H "X-Dataverse-key:$API_TOKEN" -H "Accept: application/json" "$SERVER_URL/api/dataverses/$ID/assignments/history"
+
+The fully expanded example above (without environment variables) looks like this:
+
+.. code-block:: bash
+
+  curl -H "X-Dataverse-key:xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx" -H "Accept: application/json" "https://demo.dataverse.org/api/dataverses/3/assignments/history"
+
+You can also use the collection alias instead of the numeric id:
+
+.. code-block:: bash
+
+  export API_TOKEN=xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
+  export SERVER_URL=https://demo.dataverse.org
+  export DV_ALIAS=dvAlias
+
+  curl -H "X-Dataverse-key:$API_TOKEN" -H "Accept: application/json" "$SERVER_URL/api/dataverses/$DV_ALIAS/assignments/history"
+
+The fully expanded example above (without environment variables) looks like this:
+
+.. code-block:: bash
+
+  curl -H "X-Dataverse-key:xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx" -H "Accept: application/json" "https://demo.dataverse.org/api/datasets/dvAlias/assignments/history"
+
+To retrieve the history in CSV format, change the Accept header to "text/csv":
+
+.. code-block:: bash
+
+  export API_TOKEN=xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
+  export SERVER_URL=https://demo.dataverse.org
+  export ID=3
+
+  curl -H "X-Dataverse-key:$API_TOKEN" -H "Accept: text/csv" "$SERVER_URL/api/dataverses/$ID/assignments/history"
+
+The fully expanded example above (without environment variables) looks like this:
+
+.. code-block:: bash
+
+  curl -H "X-Dataverse-key:xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx" -H "Accept: text/csv" "https://demo.dataverse.org/api/dataverses/3/assignments/history"
+
+Note: This feature requires the "role-assignment-history" feature flag to be enabled (see :ref:`feature-flags`).
+
 Datasets
 --------
 
@@ -4009,6 +4063,113 @@ Upon success, the API will return a JSON response with a success message and the
 The API call will report a 400 (BAD REQUEST) error if any of the files specified do not exist or are not in the latest version of the specified dataset.
 The ``fileIds`` in the JSON payload should be an array of file IDs that you want to delete from the dataset.
 
+.. _api-dataset-role-assignment-history:
+
+Dataset Role Assignment History
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+Get the history of role assignments for a dataset. This API call returns a list of role assignments and revocations for the specified dataset.
+
+.. code-block:: bash
+
+  export API_TOKEN=xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
+  export SERVER_URL=https://demo.dataverse.org
+  export ID=3
+
+  curl -H "X-Dataverse-key:$API_TOKEN" -H "Accept: application/json" "$SERVER_URL/api/datasets/$ID/assignments/history"
+
+The fully expanded example above (without environment variables) looks like this:
+
+.. code-block:: bash
+
+  curl -H "X-Dataverse-key:xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx" -H "Accept: application/json" "https://demo.dataverse.org/api/datasets/3/assignments/history"
+
+You can also use the persistent identifier instead of the numeric id:
+
+.. code-block:: bash
+
+  export API_TOKEN=xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
+  export SERVER_URL=https://demo.dataverse.org
+  export PERSISTENT_IDENTIFIER=doi:10.5072/FK2/ABCDEF
+
+  curl -H "X-Dataverse-key:$API_TOKEN" -H "Accept: application/json" "$SERVER_URL/api/datasets/:persistentId/assignments/history?persistentId=$PERSISTENT_IDENTIFIER"
+
+The fully expanded example above (without environment variables) looks like this:
+
+.. code-block:: bash
+
+  curl -H "X-Dataverse-key:xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx" -H "Accept: application/json" "https://demo.dataverse.org/api/datasets/:persistentId/assignments/history?persistentId=doi:10.5072/FK2/ABCDEF"
+
+To retrieve the history in CSV format, change the Accept header to "text/csv":
+
+.. code-block:: bash
+
+  export API_TOKEN=xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
+  export SERVER_URL=https://demo.dataverse.org
+  export ID=3
+
+  curl -H "X-Dataverse-key:$API_TOKEN" -H "Accept: text/csv" "$SERVER_URL/api/datasets/$ID/assignments/history"
+
+The fully expanded example above (without environment variables) looks like this:
+
+.. code-block:: bash
+
+  curl -H "X-Dataverse-key:xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx" -H "Accept: text/csv" "https://demo.dataverse.org/api/datasets/3/assignments/history"
+
+Note: This feature requires the "role-assignment-history" feature flag to be enabled (see :ref:`feature-flags`).
+
+Dataset Files Role Assignment History
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+Get the history of role assignments for the files in a dataset. This API call returns a list of role assignments and revocations for all files in the specified dataset.
+
+.. code-block:: bash
+
+  export API_TOKEN=xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
+  export SERVER_URL=https://demo.dataverse.org
+  export ID=3
+
+  curl -H "X-Dataverse-key:$API_TOKEN" -H "Accept: application/json" "$SERVER_URL/api/datasets/$ID/files/assignments/history"
+
+The fully expanded example above (without environment variables) looks like this:
+
+.. code-block:: bash
+
+  curl -H "X-Dataverse-key:xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx" -H "Accept: application/json" "https://demo.dataverse.org/api/datasets/3/files/assignments/history"
+
+You can also use the persistent identifier instead of the numeric id:
+
+.. code-block:: bash
+
+  export API_TOKEN=xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
+  export SERVER_URL=https://demo.dataverse.org
+  export PERSISTENT_IDENTIFIER=doi:10.5072/FK2/ABCDEF
+
+  curl -H "X-Dataverse-key:$API_TOKEN" -H "Accept: application/json" "$SERVER_URL/api/datasets/:persistentId/files/assignments/history?persistentId=$PERSISTENT_IDENTIFIER"
+
+The fully expanded example above (without environment variables) looks like this:
+
+.. code-block:: bash
+
+  curl -H "X-Dataverse-key:xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx" -H "Accept: application/json" "https://demo.dataverse.org/api/datasets/:persistentId/files/assignments/history?persistentId=doi:10.5072/FK2/ABCDEF"
+
+To retrieve the history in CSV format, change the Accept header to "text/csv":
+
+.. code-block:: bash
+
+  export API_TOKEN=xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
+  export SERVER_URL=https://demo.dataverse.org
+  export ID=3
+
+  curl -H "X-Dataverse-key:$API_TOKEN" -H "Accept: text/csv" "$SERVER_URL/api/datasets/files/$ID/assignments/history"
+
+The fully expanded example above (without environment variables) looks like this:
+
+.. code-block:: bash
+
+  curl -H "X-Dataverse-key:xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx" -H "Accept: text/csv" "https://demo.dataverse.org/api/datasets/3/files/assignments/history"
+
+Note: This feature requires the "role-assignment-history" feature flag to be enabled (see :ref:`feature-flags`).
 
 Files
 -----
diff --git a/doc/sphinx-guides/source/installation/config.rst b/doc/sphinx-guides/source/installation/config.rst
index 83a6d42c15d..eb177f2f274 100644
--- a/doc/sphinx-guides/source/installation/config.rst
+++ b/doc/sphinx-guides/source/installation/config.rst
@@ -3750,6 +3750,9 @@ please find all known feature flags below. Any of these flags can be activated u
     * - enable-version-note
       - Turns on the ability to add/view/edit/delete per-dataset-version notes intended to provide :ref:`provenance` information about why the dataset/version was created.  
       - ``Off``
+    * - role-assignment-history
+      - Turns on tracking/display of role assignments and revocations for collections, datasets, and files
+      - ``Off``
 
 **Note:** Feature flags can be set via any `supported MicroProfile Config API source`_, e.g. the environment variable
 ``DATAVERSE_FEATURE_XXX`` (e.g. ``DATAVERSE_FEATURE_API_SESSION_AUTH=1``). These environment variables can be set in your shell before starting Payara. If you are using :doc:`Docker for development </container/dev-usage>`, you can set them in the `docker compose <https://docs.docker.com/compose/environment-variables/set-environment-variables/>`_ file.
diff --git a/doc/sphinx-guides/source/user/dataverse-management.rst b/doc/sphinx-guides/source/user/dataverse-management.rst
index d88d0a45e68..ecbafc807a4 100755
--- a/doc/sphinx-guides/source/user/dataverse-management.rst
+++ b/doc/sphinx-guides/source/user/dataverse-management.rst
@@ -119,7 +119,7 @@ Clicking on Permissions will bring you to this page:
 
 |image3|
 
-When you access a Dataverse collection's permissions page, you will see three sections:
+When you access a Dataverse collection's permissions page, you will see three or four sections:
 
 **Permissions:** Here you can decide the requirements that determine which types of users can add datasets and sub Dataverse collections to your Dataverse collection, and what permissions they'll be granted when they do so.
 
@@ -127,6 +127,8 @@ When you access a Dataverse collection's permissions page, you will see three se
 
 **Roles:** Here you can reference a full list of roles that can be assigned to users of your Dataverse collection. Each role lists the permissions that it offers.
 
+**Role Assignment History** If enabled, you'll be able to see the history of when roles have been assigned and revoked and by whom.
+
 Please note that even on a newly created Dataverse collection, you may see user and groups have already been granted role(s) if your installation has ``:InheritParentRoleAssignments`` set. For more on this setting, see the :doc:`/installation/config` section of the Installation Guide.
 
 Setting Access Configurations

From dfba6a74669fb18fad52e4e14b0a12f63084dc8c Mon Sep 17 00:00:00 2001
From: Jim Myers <qqmyers@hotmail.com>
Date: Fri, 25 Jul 2025 13:46:35 -0400
Subject: [PATCH 061/634] change revokeRole to add OnDataverse, add dv
 roleassignment/history call

---
 .../edu/harvard/iq/dataverse/api/Dataverses.java     |  2 +-
 .../edu/harvard/iq/dataverse/api/DatasetsIT.java     |  2 +-
 .../java/edu/harvard/iq/dataverse/api/UtilIT.java    | 12 +++++++++++-
 3 files changed, 13 insertions(+), 3 deletions(-)

diff --git a/src/main/java/edu/harvard/iq/dataverse/api/Dataverses.java b/src/main/java/edu/harvard/iq/dataverse/api/Dataverses.java
index 9dc36b253cc..156f868753c 100644
--- a/src/main/java/edu/harvard/iq/dataverse/api/Dataverses.java
+++ b/src/main/java/edu/harvard/iq/dataverse/api/Dataverses.java
@@ -1965,7 +1965,7 @@ public Response createTemplate(@Context ContainerRequestContext crc, String body
     
     @GET
     @AuthRequired
-    @Path("{identifier}/permissions/history")
+    @Path("{identifier}/assignments/history")
     @Produces({ MediaType.APPLICATION_JSON, "text/csv" })
     public Response getRoleAssignmentHistory(@Context ContainerRequestContext crc,
             @PathParam("identifier") String id,
diff --git a/src/test/java/edu/harvard/iq/dataverse/api/DatasetsIT.java b/src/test/java/edu/harvard/iq/dataverse/api/DatasetsIT.java
index e0d15e13b6d..cc8312b0868 100644
--- a/src/test/java/edu/harvard/iq/dataverse/api/DatasetsIT.java
+++ b/src/test/java/edu/harvard/iq/dataverse/api/DatasetsIT.java
@@ -2053,7 +2053,7 @@ public void testPrivateUrl() {
         int roleAssignmentId = (int) roleAssignment.get("id");
         logger.info("role assignment id: " + roleAssignmentId);
         assertEquals(roleAssignmentIdFromCreate, roleAssignmentId);
-        Response revoke = UtilIT.revokeRole(dataverseAlias, roleAssignmentId, apiToken);
+        Response revoke = UtilIT.revokeRoleOnDataverse(dataverseAlias, roleAssignmentId, apiToken);
         revoke.prettyPrint();
         assertEquals(OK.getStatusCode(), revoke.getStatusCode());
 
diff --git a/src/test/java/edu/harvard/iq/dataverse/api/UtilIT.java b/src/test/java/edu/harvard/iq/dataverse/api/UtilIT.java
index eb191c1bad7..fa340600ed2 100644
--- a/src/test/java/edu/harvard/iq/dataverse/api/UtilIT.java
+++ b/src/test/java/edu/harvard/iq/dataverse/api/UtilIT.java
@@ -2575,7 +2575,7 @@ static Response grantRoleOnDataset(String definitionPoint, String role, String r
                 .post("api/datasets/:persistentId/assignments?key=" + apiToken + "&persistentId=" + definitionPoint);
     }
 
-    static Response revokeRole(String definitionPoint, long doomed, String apiToken) {
+    static Response revokeRoleOnDataverse(String definitionPoint, long doomed, String apiToken) {
         return given()
                 .header(API_TOKEN_HTTP_HEADER, apiToken)
                 .delete("api/dataverses/" + definitionPoint + "/assignments/" + doomed);
@@ -5006,4 +5006,14 @@ public static Response getTemplates(String dataverseAlias, String apiToken) {
                 .header(API_TOKEN_HTTP_HEADER, apiToken)
                 .get("/api/dataverses/" + dataverseAlias + "/templates");
     }
+
+    public static Response getDataverseRoleAssignmentHistory(String dataverseAlias, boolean downloadAsCsv, String apiToken) {
+        RequestSpecification requestSpecification = given()
+                .header(API_TOKEN_HTTP_HEADER, apiToken);
+        
+        requestSpecification = requestSpecification.header("Accept", downloadAsCsv ? "text/csv" : "application/json");
+        
+        return requestSpecification
+                .get("/api/v1/dataverses/" + dataverseAlias + "/assignments/history");
+    }
 }

From bc97830b7afa0b6ef73081a8adf7612d31947eee Mon Sep 17 00:00:00 2001
From: Jim Myers <qqmyers@hotmail.com>
Date: Fri, 25 Jul 2025 13:46:46 -0400
Subject: [PATCH 062/634] dataverse-level test

---
 .../iq/dataverse/api/AbstractApiBean.java     |  34 ++--
 .../api/RoleAssignmentHistoryIT.java          | 146 ++++++++++++++++++
 2 files changed, 170 insertions(+), 10 deletions(-)
 create mode 100644 src/test/java/edu/harvard/iq/dataverse/api/RoleAssignmentHistoryIT.java

diff --git a/src/main/java/edu/harvard/iq/dataverse/api/AbstractApiBean.java b/src/main/java/edu/harvard/iq/dataverse/api/AbstractApiBean.java
index fb5868d76b0..59a0a075923 100644
--- a/src/main/java/edu/harvard/iq/dataverse/api/AbstractApiBean.java
+++ b/src/main/java/edu/harvard/iq/dataverse/api/AbstractApiBean.java
@@ -697,16 +697,7 @@ protected Response getRoleAssignmentHistoryResponse(DvObject dvObject, Authentic
             String revokedAtHeader = BundleUtil.getStringFromBundle("dataverse.permissions.history.revokedAt");
 
             // Generate CSV response
-            StringBuilder csvBuilder = new StringBuilder();
-            // Add CSV header with internationalized column names
-                csvBuilder
-                    .append(definedOn).append(",")
-                    .append(assigneeHeader).append(",")
-                    .append(roleHeader).append(",")
-                    .append(assignedByHeader).append(",")
-                    .append(assignedAtHeader).append(",")
-                    .append(revokedByHeader).append(",")
-                    .append(revokedAtHeader).append("\n");
+            StringBuilder csvBuilder = getHistoryCsvHeaderRow();
 
             // Add data rows
             for (DataverseRoleServiceBean.RoleAssignmentHistoryConsolidatedEntry entry : history) {
@@ -771,6 +762,29 @@ protected Response getRoleAssignmentHistoryResponse(DvObject dvObject, Authentic
         return ok(jsonArray);
     }
 
+    static StringBuilder getHistoryCsvHeaderRow() {
+        // Reusing strings from history panel
+        String definedOn = BundleUtil.getStringFromBundle("dataverse.permissions.history.definedOn");
+        String assigneeHeader = BundleUtil.getStringFromBundle("dataverse.permissions.history.assignee");
+        String roleHeader = BundleUtil.getStringFromBundle("dataverse.permissions.history.role");
+        String assignedByHeader = BundleUtil.getStringFromBundle("dataverse.permissions.history.assignedBy");
+        String assignedAtHeader = BundleUtil.getStringFromBundle("dataverse.permissions.history.assignedAt");
+        String revokedByHeader = BundleUtil.getStringFromBundle("dataverse.permissions.history.revokedBy");
+        String revokedAtHeader = BundleUtil.getStringFromBundle("dataverse.permissions.history.revokedAt");
+
+        // Generate CSV response
+        StringBuilder csvBuilder = new StringBuilder();
+        // Add CSV header with internationalized column names
+        csvBuilder
+                .append(definedOn).append(",")
+                .append(assigneeHeader).append(",")
+                .append(roleHeader).append(",")
+                .append(assignedByHeader).append(",")
+                .append(assignedAtHeader).append(",")
+                .append(revokedByHeader).append(",")
+                .append(revokedAtHeader).append("\n");
+        return csvBuilder;
+    }
     /* =================== *\
      *  Command Execution  *
     \* =================== */
diff --git a/src/test/java/edu/harvard/iq/dataverse/api/RoleAssignmentHistoryIT.java b/src/test/java/edu/harvard/iq/dataverse/api/RoleAssignmentHistoryIT.java
new file mode 100644
index 00000000000..3548cc074f7
--- /dev/null
+++ b/src/test/java/edu/harvard/iq/dataverse/api/RoleAssignmentHistoryIT.java
@@ -0,0 +1,146 @@
+package edu.harvard.iq.dataverse.api;
+
+import io.restassured.RestAssured;
+import io.restassured.path.json.JsonPath;
+import io.restassured.response.Response;
+import jakarta.json.JsonArray;
+import jakarta.json.JsonObject;
+import jakarta.json.JsonValue;
+
+import java.util.List;
+import java.util.Map;
+import java.util.logging.Logger;
+
+import static jakarta.ws.rs.core.Response.Status.*;
+import static org.hamcrest.CoreMatchers.*;
+import static org.junit.jupiter.api.Assertions.*;
+
+import org.junit.jupiter.api.BeforeAll;
+import org.junit.jupiter.api.Test;
+
+import edu.harvard.iq.dataverse.authorization.DataverseRole;
+import edu.harvard.iq.dataverse.util.BundleUtil;
+
+/**
+ * Integration tests for the Role Assignment History API endpoints.
+ * 
+ * @author [Your Name]
+ */
+public class RoleAssignmentHistoryIT {
+    
+    private static final Logger logger = Logger.getLogger(RoleAssignmentHistoryIT.class.getCanonicalName());
+
+    @BeforeAll
+    public static void setUp() {
+        RestAssured.baseURI = UtilIT.getRestAssuredBaseUri();
+    }
+    
+    @Test
+    public void testDataverseRoleAssignmentHistory() {
+        // Create admin user
+        Response createAdminUser = UtilIT.createRandomUser();
+        String adminUsername = UtilIT.getUsernameFromResponse(createAdminUser);
+        String adminApiToken = UtilIT.getApiTokenFromResponse(createAdminUser);
+        UtilIT.setSuperuserStatus(adminUsername, true);
+        
+        // Create regular users
+        Response createUser1 = UtilIT.createRandomUser();
+        String username1 = UtilIT.getUsernameFromResponse(createUser1);
+        
+        Response createUser2 = UtilIT.createRandomUser();
+        String username2 = UtilIT.getUsernameFromResponse(createUser2);
+        
+        // Create dataverse
+        Response createDataverseResponse = UtilIT.createRandomDataverse(adminApiToken);
+        createDataverseResponse.then().assertThat().statusCode(CREATED.getStatusCode());
+        String dataverseAlias = UtilIT.getAliasFromResponse(createDataverseResponse);
+        
+        // Assign roles to users
+        Response grantContributor = UtilIT.grantRoleOnDataverse(dataverseAlias, DataverseRole.DS_CONTRIBUTOR, "@" + username1, adminApiToken);
+        grantContributor.then().assertThat().statusCode(OK.getStatusCode());
+        
+        Response grantCurator = UtilIT.grantRoleOnDataverse(dataverseAlias, DataverseRole.CURATOR, "@" + username2, adminApiToken);
+        grantCurator.then().assertThat().statusCode(OK.getStatusCode());
+        
+        // Revoke role from user1
+        grantContributor.prettyPrint();
+        String idToDelete = JsonPath.from(grantContributor.getBody().asString()).getString("data.id");
+        Response revokeContributor = UtilIT.revokeRoleOnDataverse(dataverseAlias, Long.parseLong(idToDelete), adminApiToken);
+        revokeContributor.then().assertThat().statusCode(OK.getStatusCode());
+        
+        // Get role assignment history in JSON format
+        Response historyJson = UtilIT.getDataverseRoleAssignmentHistory(dataverseAlias, false, adminApiToken);
+        historyJson.then().assertThat().statusCode(OK.getStatusCode());
+        
+        historyJson.prettyPrint();
+        
+        // Verify JSON response structure
+        List<Map<String, Object>> data = JsonPath.from(historyJson.getBody().asString()).getList("data");
+        // History should contain 2 entries
+        assertTrue(data.size() == 2);
+        
+        // Verify the first history entry (the one unrevoked assignment)
+        Map<String, Object> firstEntry = data.get(0);
+        // Entry should have definedOn field
+        assertTrue(firstEntry.containsKey("definedOn"));
+        assertTrue(firstEntry.containsKey("assigneeIdentifier"));
+        assertEquals("@" + username2, firstEntry.get("assigneeIdentifier"));
+        assertTrue(firstEntry.containsKey("roleName"));
+        assertEquals(DataverseRole.CURATOR, firstEntry.get("roleName"));
+        assertTrue(firstEntry.containsKey("assignedBy"));
+        assertEquals("@" + adminUsername, firstEntry.get("assignedBy"));
+        assertTrue(firstEntry.containsKey("assignedAt"));
+        assertNotEquals(JsonValue.NULL, firstEntry.get("assignedAt"));
+        assertTrue(firstEntry.containsKey("revokedBy"));
+        assertEquals(JsonValue.NULL, firstEntry.get("revokedBy"));
+        assertTrue(firstEntry.containsKey("revokedAt"));
+        assertEquals(JsonValue.NULL, firstEntry.get("revokedAt"));
+        
+        // Verify the second history entry
+        Map<String, Object> secondEntry = data.get(0);
+        // Entry should have definedOn field
+        assertTrue(secondEntry.containsKey("definedOn"));
+        assertTrue(secondEntry.containsKey("assigneeIdentifier"));
+        assertEquals("@" + username1, secondEntry.get("assigneeIdentifier"));
+        assertTrue(secondEntry.containsKey("roleName"));
+        assertEquals(DataverseRole.DS_CONTRIBUTOR, secondEntry.get("roleName"));
+        assertTrue(secondEntry.containsKey("assignedBy"));
+        assertEquals("@" + adminUsername, secondEntry.get("assignedBy"));
+        assertTrue(secondEntry.containsKey("assignedAt"));
+        assertNotEquals(JsonValue.NULL, secondEntry.get("assignedAt"));
+        assertTrue(secondEntry.containsKey("revokedBy"));
+        assertEquals("@" + adminUsername, secondEntry.get("revokedBy"));
+        assertTrue(secondEntry.containsKey("revokedAt"));
+        assertNotEquals(JsonValue.NULL, secondEntry.get("revokedAt"));
+        
+        // Get role assignment history in CSV format
+        Response historyCsv = UtilIT.getDataverseRoleAssignmentHistory(dataverseAlias, false, adminApiToken);
+        historyCsv.then().assertThat().statusCode(OK.getStatusCode());
+        
+        // Generate CSV response
+        StringBuilder csvBuilder = AbstractApiBean.getHistoryCsvHeaderRow();
+        // Verify CSV response
+        String csvBody = historyCsv.getBody().asString();
+        assertTrue(csvBody.startsWith(csvBuilder.toString()));
+        String[] strings = csvBody.split("\n");
+        assertTrue(strings[1].contains("@" + username2 + "," + DataverseRole.CURATOR + ",@" + adminUsername));
+        assertTrue(strings[2].contains("@" + username2 + "," + DataverseRole.DS_CONTRIBUTOR + ",@" + adminUsername));
+        
+        // Clean up
+        Response deleteDataverseResponse = UtilIT.deleteDataverse(dataverseAlias, adminApiToken);
+        deleteDataverseResponse.then().assertThat().statusCode(OK.getStatusCode());
+        
+        Response deleteUser2Response = UtilIT.deleteUser(username2);
+        deleteUser2Response.prettyPrint();
+        assertEquals(200, deleteUser2Response.getStatusCode());
+        
+        Response deleteUser1Response = UtilIT.deleteUser(username1);
+        deleteUser1Response.prettyPrint();
+        assertEquals(200, deleteUser1Response.getStatusCode());
+        
+        Response deleteAdminUserResponse = UtilIT.deleteUser(adminUsername);
+        deleteAdminUserResponse.prettyPrint();
+        assertEquals(200, deleteAdminUserResponse.getStatusCode());
+    }
+}
+

From fd4983c15ba2fb4e5c04e0907f56fb32e1f00f08 Mon Sep 17 00:00:00 2001
From: Jim Myers <qqmyers@hotmail.com>
Date: Fri, 25 Jul 2025 14:55:07 -0400
Subject: [PATCH 063/634] Change to combine up to the same minute

---
 .../harvard/iq/dataverse/DataverseRoleServiceBean.java    | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/src/main/java/edu/harvard/iq/dataverse/DataverseRoleServiceBean.java b/src/main/java/edu/harvard/iq/dataverse/DataverseRoleServiceBean.java
index 3b058c00c82..ce8d7ea7328 100644
--- a/src/main/java/edu/harvard/iq/dataverse/DataverseRoleServiceBean.java
+++ b/src/main/java/edu/harvard/iq/dataverse/DataverseRoleServiceBean.java
@@ -435,10 +435,12 @@ private List<RoleAssignmentHistoryConsolidatedEntry> processRoleAssignmentEntrie
         if (combineEntries) {
             Map<String, RoleAssignmentHistoryConsolidatedEntry> finalHistoryMap = new HashMap<>();
             for (RoleAssignmentHistoryConsolidatedEntry entry : historyMap.values()) {
+                // Test for dates that are the same to the minute
                 String key = entry.getAssigneeIdentifier() + "|" + entry.getRoleName() + "|" +
-                        entry.getAssignedBy() + "|" + entry.getAssignedAt() + "|" +
-                        entry.getRevokedBy() + "|" + entry.getRevokedAt();
-
+                        entry.getAssignedBy() + "|" +
+                        (entry.getAssignedAt() != null ? new java.text.SimpleDateFormat("yyyy-MM-dd HH:mm").format(entry.getAssignedAt()) : "null") + "|" +
+                        entry.getRevokedBy() + "|" +
+                        (entry.getRevokedAt() != null ? new java.text.SimpleDateFormat("yyyy-MM-dd HH:mm").format(entry.getRevokedAt()) : "null");
                 RoleAssignmentHistoryConsolidatedEntry existingEntry = finalHistoryMap.get(key);
                 if (existingEntry == null) {
                     finalHistoryMap.put(key, entry);

From 94f4ff23036cf17a96f60dddfe222bc2868cfd1a Mon Sep 17 00:00:00 2001
From: Jim Myers <qqmyers@hotmail.com>
Date: Fri, 25 Jul 2025 14:55:59 -0400
Subject: [PATCH 064/634] dataset, files ra history tests, fix csv for
 dataverse test

---
 .../api/RoleAssignmentHistoryIT.java          | 294 ++++++++++++++++--
 .../edu/harvard/iq/dataverse/api/UtilIT.java  |  20 ++
 2 files changed, 293 insertions(+), 21 deletions(-)

diff --git a/src/test/java/edu/harvard/iq/dataverse/api/RoleAssignmentHistoryIT.java b/src/test/java/edu/harvard/iq/dataverse/api/RoleAssignmentHistoryIT.java
index 3548cc074f7..97f5e7af544 100644
--- a/src/test/java/edu/harvard/iq/dataverse/api/RoleAssignmentHistoryIT.java
+++ b/src/test/java/edu/harvard/iq/dataverse/api/RoleAssignmentHistoryIT.java
@@ -27,14 +27,14 @@
  * @author [Your Name]
  */
 public class RoleAssignmentHistoryIT {
-    
+
     private static final Logger logger = Logger.getLogger(RoleAssignmentHistoryIT.class.getCanonicalName());
 
     @BeforeAll
     public static void setUp() {
         RestAssured.baseURI = UtilIT.getRestAssuredBaseUri();
     }
-    
+
     @Test
     public void testDataverseRoleAssignmentHistory() {
         // Create admin user
@@ -42,43 +42,43 @@ public void testDataverseRoleAssignmentHistory() {
         String adminUsername = UtilIT.getUsernameFromResponse(createAdminUser);
         String adminApiToken = UtilIT.getApiTokenFromResponse(createAdminUser);
         UtilIT.setSuperuserStatus(adminUsername, true);
-        
+
         // Create regular users
         Response createUser1 = UtilIT.createRandomUser();
         String username1 = UtilIT.getUsernameFromResponse(createUser1);
-        
+
         Response createUser2 = UtilIT.createRandomUser();
         String username2 = UtilIT.getUsernameFromResponse(createUser2);
-        
+
         // Create dataverse
         Response createDataverseResponse = UtilIT.createRandomDataverse(adminApiToken);
         createDataverseResponse.then().assertThat().statusCode(CREATED.getStatusCode());
         String dataverseAlias = UtilIT.getAliasFromResponse(createDataverseResponse);
-        
+
         // Assign roles to users
         Response grantContributor = UtilIT.grantRoleOnDataverse(dataverseAlias, DataverseRole.DS_CONTRIBUTOR, "@" + username1, adminApiToken);
         grantContributor.then().assertThat().statusCode(OK.getStatusCode());
-        
+
         Response grantCurator = UtilIT.grantRoleOnDataverse(dataverseAlias, DataverseRole.CURATOR, "@" + username2, adminApiToken);
         grantCurator.then().assertThat().statusCode(OK.getStatusCode());
-        
+
         // Revoke role from user1
         grantContributor.prettyPrint();
         String idToDelete = JsonPath.from(grantContributor.getBody().asString()).getString("data.id");
         Response revokeContributor = UtilIT.revokeRoleOnDataverse(dataverseAlias, Long.parseLong(idToDelete), adminApiToken);
         revokeContributor.then().assertThat().statusCode(OK.getStatusCode());
-        
+
         // Get role assignment history in JSON format
         Response historyJson = UtilIT.getDataverseRoleAssignmentHistory(dataverseAlias, false, adminApiToken);
         historyJson.then().assertThat().statusCode(OK.getStatusCode());
-        
+
         historyJson.prettyPrint();
-        
+
         // Verify JSON response structure
         List<Map<String, Object>> data = JsonPath.from(historyJson.getBody().asString()).getList("data");
         // History should contain 2 entries
         assertTrue(data.size() == 2);
-        
+
         // Verify the first history entry (the one unrevoked assignment)
         Map<String, Object> firstEntry = data.get(0);
         // Entry should have definedOn field
@@ -95,7 +95,7 @@ public void testDataverseRoleAssignmentHistory() {
         assertEquals(JsonValue.NULL, firstEntry.get("revokedBy"));
         assertTrue(firstEntry.containsKey("revokedAt"));
         assertEquals(JsonValue.NULL, firstEntry.get("revokedAt"));
-        
+
         // Verify the second history entry
         Map<String, Object> secondEntry = data.get(0);
         // Entry should have definedOn field
@@ -112,11 +112,11 @@ public void testDataverseRoleAssignmentHistory() {
         assertEquals("@" + adminUsername, secondEntry.get("revokedBy"));
         assertTrue(secondEntry.containsKey("revokedAt"));
         assertNotEquals(JsonValue.NULL, secondEntry.get("revokedAt"));
-        
+
         // Get role assignment history in CSV format
-        Response historyCsv = UtilIT.getDataverseRoleAssignmentHistory(dataverseAlias, false, adminApiToken);
+        Response historyCsv = UtilIT.getDataverseRoleAssignmentHistory(dataverseAlias, true, adminApiToken);
         historyCsv.then().assertThat().statusCode(OK.getStatusCode());
-        
+
         // Generate CSV response
         StringBuilder csvBuilder = AbstractApiBean.getHistoryCsvHeaderRow();
         // Verify CSV response
@@ -125,22 +125,274 @@ public void testDataverseRoleAssignmentHistory() {
         String[] strings = csvBody.split("\n");
         assertTrue(strings[1].contains("@" + username2 + "," + DataverseRole.CURATOR + ",@" + adminUsername));
         assertTrue(strings[2].contains("@" + username2 + "," + DataverseRole.DS_CONTRIBUTOR + ",@" + adminUsername));
-        
+
         // Clean up
         Response deleteDataverseResponse = UtilIT.deleteDataverse(dataverseAlias, adminApiToken);
         deleteDataverseResponse.then().assertThat().statusCode(OK.getStatusCode());
-        
+
         Response deleteUser2Response = UtilIT.deleteUser(username2);
         deleteUser2Response.prettyPrint();
         assertEquals(200, deleteUser2Response.getStatusCode());
-        
+
         Response deleteUser1Response = UtilIT.deleteUser(username1);
         deleteUser1Response.prettyPrint();
         assertEquals(200, deleteUser1Response.getStatusCode());
-        
+
         Response deleteAdminUserResponse = UtilIT.deleteUser(adminUsername);
         deleteAdminUserResponse.prettyPrint();
         assertEquals(200, deleteAdminUserResponse.getStatusCode());
     }
-}
 
+    @Test
+    public void testDatasetRoleAssignmentHistory() {
+        // Create admin user
+        Response createAdminUser = UtilIT.createRandomUser();
+        String adminUsername = UtilIT.getUsernameFromResponse(createAdminUser);
+        String adminApiToken = UtilIT.getApiTokenFromResponse(createAdminUser);
+        UtilIT.setSuperuserStatus(adminUsername, true);
+
+        // Create regular users
+        Response createUser1 = UtilIT.createRandomUser();
+        String username1 = UtilIT.getUsernameFromResponse(createUser1);
+
+        Response createUser2 = UtilIT.createRandomUser();
+        String username2 = UtilIT.getUsernameFromResponse(createUser2);
+
+        // Create dataverse and dataset
+        Response createDataverseResponse = UtilIT.createRandomDataverse(adminApiToken);
+        createDataverseResponse.then().assertThat().statusCode(CREATED.getStatusCode());
+        String dataverseAlias = UtilIT.getAliasFromResponse(createDataverseResponse);
+
+        Response createDatasetResponse = UtilIT.createRandomDatasetViaNativeApi(dataverseAlias, adminApiToken);
+        createDatasetResponse.then().assertThat().statusCode(CREATED.getStatusCode());
+        Integer datasetId = JsonPath.from(createDatasetResponse.body().asString()).getInt("data.id");
+
+        // Assign roles to users on dataset
+        Response grantEditor = UtilIT.grantRoleOnDataset(datasetId.toString(), DataverseRole.EDITOR, "@" + username1, adminApiToken);
+        grantEditor.then().assertThat().statusCode(OK.getStatusCode());
+
+        Response grantFileDownloader = UtilIT.grantRoleOnDataset(datasetId.toString(), DataverseRole.FILE_DOWNLOADER, "@" + username2, adminApiToken);
+        grantFileDownloader.then().assertThat().statusCode(OK.getStatusCode());
+
+        // Revoke role from user1
+        grantEditor.prettyPrint();
+        Long idToDelete = JsonPath.from(grantEditor.getBody().asString()).getLong("data.id");
+        Response revokeEditor = UtilIT.revokeRoleOnDataset(datasetId.toString(), idToDelete, adminApiToken);
+        revokeEditor.then().assertThat().statusCode(OK.getStatusCode());
+
+        // Get role assignment history in JSON format
+        Response historyJson = UtilIT.getDatasetRoleAssignmentHistory(datasetId, false, adminApiToken);
+        historyJson.then().assertThat().statusCode(OK.getStatusCode());
+
+        historyJson.prettyPrint();
+
+        // Verify JSON response structure
+        List<Map<String, Object>> data = JsonPath.from(historyJson.getBody().asString()).getList("data");
+        // History should contain 2 entries
+        assertTrue(data.size() == 2);
+
+        // Verify the first history entry (the one unrevoked assignment)
+        Map<String, Object> firstEntry = data.get(0);
+        // Entry should have definedOn field
+        assertTrue(firstEntry.containsKey("definedOn"));
+        assertEquals(datasetId.toString(), firstEntry.get("definedOn"));
+        assertTrue(firstEntry.containsKey("assigneeIdentifier"));
+        assertEquals("@" + username2, firstEntry.get("assigneeIdentifier"));
+        assertTrue(firstEntry.containsKey("roleName"));
+        assertEquals(DataverseRole.FILE_DOWNLOADER, firstEntry.get("roleName"));
+        assertTrue(firstEntry.containsKey("assignedBy"));
+        assertEquals("@" + adminUsername, firstEntry.get("assignedBy"));
+        assertTrue(firstEntry.containsKey("assignedAt"));
+        assertNotEquals(JsonValue.NULL, firstEntry.get("assignedAt"));
+        assertTrue(firstEntry.containsKey("revokedBy"));
+        assertEquals(JsonValue.NULL, firstEntry.get("revokedBy"));
+        assertTrue(firstEntry.containsKey("revokedAt"));
+        assertEquals(JsonValue.NULL, firstEntry.get("revokedAt"));
+
+        // Verify the second history entry
+        Map<String, Object> secondEntry = data.get(0);
+        // Entry should have definedOn field
+        assertTrue(secondEntry.containsKey("definedOn"));
+        assertTrue(secondEntry.containsKey("assigneeIdentifier"));
+        assertEquals("@" + username1, secondEntry.get("assigneeIdentifier"));
+        assertTrue(secondEntry.containsKey("roleName"));
+        assertEquals(DataverseRole.EDITOR, secondEntry.get("roleName"));
+        assertTrue(secondEntry.containsKey("assignedBy"));
+        assertEquals("@" + adminUsername, secondEntry.get("assignedBy"));
+        assertTrue(secondEntry.containsKey("assignedAt"));
+        assertNotEquals(JsonValue.NULL, secondEntry.get("assignedAt"));
+        assertTrue(secondEntry.containsKey("revokedBy"));
+        assertEquals("@" + adminUsername, secondEntry.get("revokedBy"));
+        assertTrue(secondEntry.containsKey("revokedAt"));
+        assertNotEquals(JsonValue.NULL, secondEntry.get("revokedAt"));
+
+        // Get role assignment history in CSV format
+        Response historyCsv = UtilIT.getDatasetRoleAssignmentHistory(datasetId, true, adminApiToken);
+        historyCsv.then().assertThat().statusCode(OK.getStatusCode());
+
+        // Generate CSV response
+        StringBuilder csvBuilder = AbstractApiBean.getHistoryCsvHeaderRow();
+        // Verify CSV response
+        String csvBody = historyCsv.getBody().asString();
+        assertTrue(csvBody.startsWith(csvBuilder.toString()));
+        String[] strings = csvBody.split("\n");
+        assertTrue(strings[1].contains("@" + username2 + "," + DataverseRole.FILE_DOWNLOADER + ",@" + adminUsername));
+        assertTrue(strings[2].contains("@" + username1 + "," + DataverseRole.EDITOR + ",@" + adminUsername));
+
+        // Clean up
+        Response deleteDatasetResponse = UtilIT.destroyDataset(datasetId, adminApiToken);
+        deleteDatasetResponse.then().assertThat().statusCode(OK.getStatusCode());
+
+        Response deleteDataverseResponse = UtilIT.deleteDataverse(dataverseAlias, adminApiToken);
+        deleteDataverseResponse.then().assertThat().statusCode(OK.getStatusCode());
+
+        Response deleteUser2Response = UtilIT.deleteUser(username2);
+        deleteUser2Response.prettyPrint();
+        assertEquals(200, deleteUser2Response.getStatusCode());
+
+        Response deleteUser1Response = UtilIT.deleteUser(username1);
+        deleteUser1Response.prettyPrint();
+        assertEquals(200, deleteUser1Response.getStatusCode());
+
+        Response deleteAdminUserResponse = UtilIT.deleteUser(adminUsername);
+        deleteAdminUserResponse.prettyPrint();
+        assertEquals(200, deleteAdminUserResponse.getStatusCode());
+    }
+
+    /*
+     * This test is primarily to check the unique functionality for files where grants on multiple files within the same minute will be combined into one entry.
+     */
+    @Test
+    public void testFileRoleAssignmentHistory() {
+        // Create admin user
+        Response createAdminUser = UtilIT.createRandomUser();
+        String adminUsername = UtilIT.getUsernameFromResponse(createAdminUser);
+        String adminApiToken = UtilIT.getApiTokenFromResponse(createAdminUser);
+        UtilIT.setSuperuserStatus(adminUsername, true);
+
+        // Create regular user
+        Response createUser1 = UtilIT.createRandomUser();
+        String username1 = UtilIT.getUsernameFromResponse(createUser1);
+
+        // Create dataverse and dataset
+        Response createDataverseResponse = UtilIT.createRandomDataverse(adminApiToken);
+        createDataverseResponse.then().assertThat().statusCode(CREATED.getStatusCode());
+        String dataverseAlias = UtilIT.getAliasFromResponse(createDataverseResponse);
+
+        Response createDatasetResponse = UtilIT.createRandomDatasetViaNativeApi(dataverseAlias, adminApiToken);
+        createDatasetResponse.then().assertThat().statusCode(CREATED.getStatusCode());
+        Integer datasetId = JsonPath.from(createDatasetResponse.body().asString()).getInt("data.id");
+
+        // Upload two files
+        String pathToFile1 = "src/main/webapp/resources/images/dataverseproject.png";
+        Response addFile1Response = UtilIT.uploadFileViaNative(datasetId.toString(), pathToFile1, adminApiToken);
+        addFile1Response.then().assertThat()
+                .statusCode(OK.getStatusCode())
+                .body("data.files[0].label", equalTo("dataverseproject.png"));
+        Long file1Id = JsonPath.from(addFile1Response.body().asString()).getLong("data.files[0].dataFile.id");
+
+        String pathToFile2 = "src/main/webapp/resources/images/cc0.png";
+        Response addFile2Response = UtilIT.uploadFileViaNative(datasetId.toString(), pathToFile2, adminApiToken);
+        addFile2Response.then().assertThat()
+                .statusCode(OK.getStatusCode())
+                .body("data.files[0].label", equalTo("cc0.png"));
+        Long file2Id = JsonPath.from(addFile2Response.body().asString()).getLong("data.files[0].dataFile.id");
+
+        // Restrict both files
+        Response restrictFile1Response = UtilIT.restrictFile(file1Id.toString(), true, adminApiToken);
+        restrictFile1Response.then().assertThat().statusCode(OK.getStatusCode());
+
+        Response restrictFile2Response = UtilIT.restrictFile(file2Id.toString(), true, adminApiToken);
+        restrictFile2Response.then().assertThat().statusCode(OK.getStatusCode());
+
+        // Assign FileDownloader role to both users on both files
+        String fileIds = file1Id + ", " + file2Id;
+        Response grantFileDownloader1 = UtilIT.grantFileAccess(file1Id.toString(), "@" + username1, adminApiToken);
+        grantFileDownloader1.then().assertThat().statusCode(OK.getStatusCode());
+
+        Response grantFileDownloader2 = UtilIT.grantFileAccess(file2Id.toString(), "@" + username1, adminApiToken);
+        grantFileDownloader2.then().assertThat().statusCode(OK.getStatusCode());
+
+        // Get role assignment history in JSON format
+        Response historyJson = UtilIT.getDatasetFilesRoleAssignmentHistory(datasetId, false, adminApiToken);
+        historyJson.then().assertThat().statusCode(OK.getStatusCode());
+
+        historyJson.prettyPrint();
+
+        // Verify JSON response structure
+        List<Map<String, Object>> data = JsonPath.from(historyJson.getBody().asString()).getList("data");
+        // History should usually contain 1 entry as both files should be listed on one line if the roles were assigned in the same minute
+        // When that isn't the case, their assignedAt dates must be different.
+        assertTrue(data.size() > 0);
+
+        if (data.size() == 1) {
+            // Verify the first history entry (the one unrevoked assignment)
+            Map<String, Object> firstEntry = data.get(0);
+            // Entry should have definedOn field with both file IDs
+            assertTrue(firstEntry.containsKey("definedOn"));
+            assertEquals(fileIds, firstEntry.get("definedOn"));
+            assertTrue(firstEntry.containsKey("assigneeIdentifier"));
+            assertEquals("@" + username1, firstEntry.get("assigneeIdentifier"));
+            assertTrue(firstEntry.containsKey("roleName"));
+            assertEquals(DataverseRole.FILE_DOWNLOADER, firstEntry.get("roleName"));
+            assertTrue(firstEntry.containsKey("assignedBy"));
+            assertEquals("@" + adminUsername, firstEntry.get("assignedBy"));
+            assertTrue(firstEntry.containsKey("assignedAt"));
+            assertNotEquals(JsonValue.NULL, firstEntry.get("assignedAt"));
+            assertTrue(firstEntry.containsKey("revokedBy"));
+            assertEquals(JsonValue.NULL, firstEntry.get("revokedBy"));
+            assertTrue(firstEntry.containsKey("revokedAt"));
+            assertEquals(JsonValue.NULL, firstEntry.get("revokedAt"));
+        } else {
+            Map<String, Object> firstEntry = data.get(0);
+            // Entry should have definedOn field with the first file ID
+            assertTrue(firstEntry.containsKey("definedOn"));
+            assertEquals(file1Id.toString(), firstEntry.get("definedOn"));
+            assertTrue(firstEntry.containsKey("assigneeIdentifier"));
+            assertEquals("@" + username1, firstEntry.get("assigneeIdentifier"));
+            assertTrue(firstEntry.containsKey("roleName"));
+            assertEquals(DataverseRole.FILE_DOWNLOADER, firstEntry.get("roleName"));
+            assertTrue(firstEntry.containsKey("assignedBy"));
+            assertEquals("@" + adminUsername, firstEntry.get("assignedBy"));
+            assertTrue(firstEntry.containsKey("assignedAt"));
+            assertNotEquals(JsonValue.NULL, firstEntry.get("assignedAt"));
+            assertTrue(firstEntry.containsKey("revokedBy"));
+            assertEquals(JsonValue.NULL, firstEntry.get("revokedBy"));
+            assertTrue(firstEntry.containsKey("revokedAt"));
+            assertEquals(JsonValue.NULL, firstEntry.get("revokedAt"));
+            Map<String, Object> secondEntry = data.get(1);
+            // Entry should have definedOn field with the second file ID
+            assertTrue(secondEntry.containsKey("definedOn"));
+            assertEquals(file2Id.toString(), secondEntry.get("definedOn"));
+            assertTrue(secondEntry.containsKey("assigneeIdentifier"));
+            assertEquals("@" + username1, secondEntry.get("assigneeIdentifier"));
+            assertTrue(secondEntry.containsKey("roleName"));
+            assertEquals(DataverseRole.FILE_DOWNLOADER, secondEntry.get("roleName"));
+            assertTrue(secondEntry.containsKey("assignedBy"));
+            assertEquals("@" + adminUsername, secondEntry.get("assignedBy"));
+            assertTrue(secondEntry.containsKey("assignedAt"));
+            assertNotEquals(JsonValue.NULL, secondEntry.get("assignedAt"));
+            assertTrue(secondEntry.containsKey("revokedBy"));
+            assertEquals(JsonValue.NULL, secondEntry.get("revokedBy"));
+            assertTrue(secondEntry.containsKey("revokedAt"));
+            assertEquals(JsonValue.NULL, firstEntry.get("revokedAt"));
+            // For two lines the assignedAt dates should be different
+            assertNotEquals(firstEntry.get("assignedAt"), secondEntry.get("assignedAt"));
+        }
+
+        // Clean up
+        Response deleteDatasetResponse = UtilIT.destroyDataset(datasetId, adminApiToken);
+        deleteDatasetResponse.then().assertThat().statusCode(OK.getStatusCode());
+
+        Response deleteDataverseResponse = UtilIT.deleteDataverse(dataverseAlias, adminApiToken);
+        deleteDataverseResponse.then().assertThat().statusCode(OK.getStatusCode());
+
+        Response deleteUser1Response = UtilIT.deleteUser(username1);
+        deleteUser1Response.prettyPrint();
+        assertEquals(200, deleteUser1Response.getStatusCode());
+
+        Response deleteAdminUserResponse = UtilIT.deleteUser(adminUsername);
+        deleteAdminUserResponse.prettyPrint();
+        assertEquals(200, deleteAdminUserResponse.getStatusCode());
+    }
+}
diff --git a/src/test/java/edu/harvard/iq/dataverse/api/UtilIT.java b/src/test/java/edu/harvard/iq/dataverse/api/UtilIT.java
index fa340600ed2..167f9ea6c44 100644
--- a/src/test/java/edu/harvard/iq/dataverse/api/UtilIT.java
+++ b/src/test/java/edu/harvard/iq/dataverse/api/UtilIT.java
@@ -5016,4 +5016,24 @@ public static Response getDataverseRoleAssignmentHistory(String dataverseAlias,
         return requestSpecification
                 .get("/api/v1/dataverses/" + dataverseAlias + "/assignments/history");
     }
+    
+    public static Response getDatasetRoleAssignmentHistory(Integer datasetId, boolean downloadAsCsv, String apiToken) {
+        RequestSpecification requestSpecification = given()
+                .header(API_TOKEN_HTTP_HEADER, apiToken);
+        
+        requestSpecification = requestSpecification.header("Accept", downloadAsCsv ? "text/csv" : "application/json");
+        
+        return requestSpecification
+                .get("/api/v1/datasets/" + datasetId + "/assignments/history");
+    }
+    
+    public static Response getDatasetFilesRoleAssignmentHistory(Integer datasetId, boolean downloadAsCsv, String apiToken) {
+        RequestSpecification requestSpecification = given()
+                .header(API_TOKEN_HTTP_HEADER, apiToken);
+        
+        requestSpecification = requestSpecification.header("Accept", downloadAsCsv ? "text/csv" : "application/json");
+        
+        return requestSpecification
+                .get("/api/v1/datasets/" + datasetId + "/files/assignments/history");
+    }
 }

From ceaf8551638976621d98bafb5cfcd94a1ba41f19 Mon Sep 17 00:00:00 2001
From: Jim Myers <qqmyers@hotmail.com>
Date: Fri, 25 Jul 2025 16:27:48 -0400
Subject: [PATCH 065/634] local tests

---
 .../DataverseRoleServiceBeanTest.java         | 311 ++++++++++++++++++
 1 file changed, 311 insertions(+)
 create mode 100644 src/test/java/edu/harvard/iq/dataverse/DataverseRoleServiceBeanTest.java

diff --git a/src/test/java/edu/harvard/iq/dataverse/DataverseRoleServiceBeanTest.java b/src/test/java/edu/harvard/iq/dataverse/DataverseRoleServiceBeanTest.java
new file mode 100644
index 00000000000..95a278fd7c7
--- /dev/null
+++ b/src/test/java/edu/harvard/iq/dataverse/DataverseRoleServiceBeanTest.java
@@ -0,0 +1,311 @@
+package edu.harvard.iq.dataverse;
+
+import edu.harvard.iq.dataverse.DataverseRoleServiceBean.RoleAssignmentHistoryConsolidatedEntry;
+import edu.harvard.iq.dataverse.RoleAssignmentHistory;
+import edu.harvard.iq.dataverse.authorization.DataverseRole;
+import edu.harvard.iq.dataverse.authorization.RoleAssignee;
+
+import org.junit.jupiter.api.BeforeEach;
+import org.junit.jupiter.api.Test;
+import org.junit.jupiter.api.extension.ExtendWith;
+import org.mockito.InjectMocks;
+import org.mockito.Mock;
+import org.mockito.junit.jupiter.MockitoExtension;
+
+import jakarta.persistence.EntityManager;
+import jakarta.persistence.TypedQuery;
+import java.lang.reflect.Method;
+import java.util.ArrayList;
+import java.util.Calendar;
+import java.util.Date;
+import java.util.List;
+
+import static org.junit.jupiter.api.Assertions.*;
+import static org.mockito.Mockito.*;
+
+@ExtendWith(MockitoExtension.class)
+public class DataverseRoleServiceBeanTest {
+
+    @InjectMocks
+    private DataverseRoleServiceBean dataverseRoleServiceBean;
+
+    @Mock
+    private EntityManager em;
+
+    private Method processRoleAssignmentEntriesMethod;
+
+    @BeforeEach
+    public void setUp() throws Exception {
+        // Get the private method using reflection
+        processRoleAssignmentEntriesMethod = DataverseRoleServiceBean.class.getDeclaredMethod(
+                "processRoleAssignmentEntries", List.class, boolean.class);
+        processRoleAssignmentEntriesMethod.setAccessible(true);
+    }
+
+    @Test
+    public void testProcessRoleAssignmentEntries_WithoutCombining() throws Exception {
+        // Create test data
+        List<RoleAssignmentHistory> entries = new ArrayList<>();
+
+        // Create two entries for the same role assignment (assign and revoke)
+        RoleAssignmentHistory entry1 = createRoleAssignmentHistoryEntry(
+                1L, "user1", "role1", 101L, "admin1",
+                new Date(), RoleAssignmentHistory.ActionType.ASSIGN);
+
+        RoleAssignmentHistory entry2 = createRoleAssignmentHistoryEntry(
+                1L, "user1", "role1", 101L, "admin2",
+                new Date(), RoleAssignmentHistory.ActionType.REVOKE);
+
+        // Create another role assignment for a different user
+        RoleAssignmentHistory entry3 = createRoleAssignmentHistoryEntry(
+                2L, "user2", "role2", 102L, "admin1",
+                new Date(), RoleAssignmentHistory.ActionType.ASSIGN);
+
+        entries.add(entry1);
+        entries.add(entry2);
+        entries.add(entry3);
+
+        // Call the private method
+        @SuppressWarnings("unchecked")
+        List<RoleAssignmentHistoryConsolidatedEntry> result = (List<RoleAssignmentHistoryConsolidatedEntry>) processRoleAssignmentEntriesMethod.invoke(
+                dataverseRoleServiceBean, entries, false);
+
+        // Verify results
+        assertEquals(2, result.size(), "Should have 2 consolidated entries");
+
+        // Find the entry for user1 - should always be second since it it revoked and the user2 role is not.
+        RoleAssignmentHistoryConsolidatedEntry user1Entry = result.get(1);
+
+        assertNotNull(user1Entry, "Should have an entry for user1");
+        assertEquals("role1", user1Entry.getRoleName());
+        assertEquals("admin1", user1Entry.getAssignedBy());
+        assertEquals("admin2", user1Entry.getRevokedBy());
+        assertNotNull(user1Entry.getAssignedAt());
+        assertNotNull(user1Entry.getRevokedAt());
+        assertEquals(1, user1Entry.getDefinitionPointIds().size());
+        assertEquals(101L, user1Entry.getDefinitionPointIds().get(0));
+
+        // Find the entry for user2 - always fist since it is not revoked
+        RoleAssignmentHistoryConsolidatedEntry user2Entry = result.get(0);
+
+        assertNotNull(user2Entry, "Should have an entry for user2");
+        assertEquals("role2", user2Entry.getRoleName());
+        assertEquals("admin1", user2Entry.getAssignedBy());
+        assertNull(user2Entry.getRevokedBy());
+        assertNotNull(user2Entry.getAssignedAt());
+        assertNull(user2Entry.getRevokedAt());
+        assertEquals(1, user2Entry.getDefinitionPointIds().size());
+        assertEquals(102L, user2Entry.getDefinitionPointIds().get(0));
+    }
+
+    @Test
+    public void testProcessRoleAssignmentEntries_WithCombining() throws Exception {
+        // Create test data
+        List<RoleAssignmentHistory> entries = new ArrayList<>();
+
+        // Create entries for the same minute but different definition points
+        Date baseTime = new Date();
+        Calendar cal = Calendar.getInstance();
+        cal.setTime(baseTime);
+
+        // First role assignment
+        RoleAssignmentHistory entry1 = createRoleAssignmentHistoryEntry(
+                1L, "user1", "role1", 101L, "admin1",
+                baseTime, RoleAssignmentHistory.ActionType.ASSIGN);
+
+        // Second role assignment with same minute
+        RoleAssignmentHistory entry2 = createRoleAssignmentHistoryEntry(
+                2L, "user1", "role1", 102L, "admin1",
+                baseTime, RoleAssignmentHistory.ActionType.ASSIGN);
+
+        // Third role assignment with different minute
+        cal.add(Calendar.MINUTE, 1);
+        Date laterTime = cal.getTime();
+        RoleAssignmentHistory entry3 = createRoleAssignmentHistoryEntry(
+                3L, "user1", "role1", 103L, "admin1",
+                laterTime, RoleAssignmentHistory.ActionType.ASSIGN);
+
+        // Fourth role assignment with different role
+        RoleAssignmentHistory entry4 = createRoleAssignmentHistoryEntry(
+                4L, "user1", "role2", 104L, "admin1",
+                baseTime, RoleAssignmentHistory.ActionType.ASSIGN);
+
+        entries.add(entry1);
+        entries.add(entry2);
+        entries.add(entry3);
+        entries.add(entry4);
+
+        // Call the private method
+        @SuppressWarnings("unchecked")
+        List<RoleAssignmentHistoryConsolidatedEntry> result = (List<RoleAssignmentHistoryConsolidatedEntry>) processRoleAssignmentEntriesMethod.invoke(
+                dataverseRoleServiceBean, entries, true);
+
+        // Verify results
+        assertEquals(3, result.size(), "Should have 3 consolidated entries");
+
+        // Find the entry for user1 with role1 and baseTime
+        RoleAssignmentHistoryConsolidatedEntry combinedEntry = result.stream()
+                .filter(e -> e.getAssigneeIdentifier().equals("user1") &&
+                        e.getRoleName().equals("role1") &&
+                        e.getDefinitionPointIds().contains(101L))
+                .findFirst()
+                .orElse(null);
+
+        assertNotNull(combinedEntry, "Should have a combined entry for user1 with role1");
+        assertEquals(2, combinedEntry.getDefinitionPointIds().size(),
+                "Combined entry should have 2 definition points");
+        assertTrue(combinedEntry.getDefinitionPointIds().contains(101L),
+                "Combined entry should contain definition point 101");
+        assertTrue(combinedEntry.getDefinitionPointIds().contains(102L),
+                "Combined entry should contain definition point 102");
+
+        // Find the entry for user1 with role1 and laterTime
+        RoleAssignmentHistoryConsolidatedEntry laterEntry = result.stream()
+                .filter(e -> e.getAssigneeIdentifier().equals("user1") &&
+                        e.getRoleName().equals("role1") &&
+                        !e.getDefinitionPointIds().contains(101L))
+                .findFirst()
+                .orElse(null);
+
+        assertNotNull(laterEntry, "Should have an entry for user1 with role1 at later time");
+        assertEquals(1, laterEntry.getDefinitionPointIds().size());
+        assertEquals(103L, laterEntry.getDefinitionPointIds().get(0));
+
+        // Find the entry for user1 with role2
+        RoleAssignmentHistoryConsolidatedEntry role2Entry = result.stream()
+                .filter(e -> e.getAssigneeIdentifier().equals("user1") &&
+                        e.getRoleName().equals("role2"))
+                .findFirst()
+                .orElse(null);
+
+        assertNotNull(role2Entry, "Should have an entry for user1 with role2");
+        assertEquals(1, role2Entry.getDefinitionPointIds().size());
+        assertEquals(104L, role2Entry.getDefinitionPointIds().get(0));
+    }
+
+    @Test
+    public void testProcessRoleAssignmentEntries_WithAssignAndRevokeAndCombining() throws Exception {
+        // Create test data
+        List<RoleAssignmentHistory> entries = new ArrayList<>();
+
+        // Create base time
+        Date baseTime = new Date();
+        Calendar cal = Calendar.getInstance();
+        cal.setTime(baseTime);
+
+        // Create revoke time (5 minutes later)
+        cal.add(Calendar.MINUTE, 5);
+        Date revokeTime = cal.getTime();
+
+        // First role assignment and revoke
+        RoleAssignmentHistory entry1 = createRoleAssignmentHistoryEntry(
+                1L, "user1", "role1", 101L, "admin1",
+                baseTime, RoleAssignmentHistory.ActionType.ASSIGN);
+
+        RoleAssignmentHistory entry2 = createRoleAssignmentHistoryEntry(
+                1L, "user1", "role1", 101L, "admin2",
+                revokeTime, RoleAssignmentHistory.ActionType.REVOKE);
+
+        // Second role assignment and revoke (same times)
+        RoleAssignmentHistory entry3 = createRoleAssignmentHistoryEntry(
+                2L, "user1", "role1", 102L, "admin1",
+                baseTime, RoleAssignmentHistory.ActionType.ASSIGN);
+
+        RoleAssignmentHistory entry4 = createRoleAssignmentHistoryEntry(
+                2L, "user1", "role1", 102L, "admin2",
+                revokeTime, RoleAssignmentHistory.ActionType.REVOKE);
+
+        // Third role assignment with different revoke time
+        cal.add(Calendar.MINUTE, 1);
+        Date laterRevokeTime = cal.getTime();
+
+        RoleAssignmentHistory entry5 = createRoleAssignmentHistoryEntry(
+                3L, "user1", "role1", 103L, "admin1",
+                baseTime, RoleAssignmentHistory.ActionType.ASSIGN);
+
+        RoleAssignmentHistory entry6 = createRoleAssignmentHistoryEntry(
+                3L, "user1", "role1", 103L, "admin2",
+                laterRevokeTime, RoleAssignmentHistory.ActionType.REVOKE);
+
+        entries.add(entry1);
+        entries.add(entry2);
+        entries.add(entry3);
+        entries.add(entry4);
+        entries.add(entry5);
+        entries.add(entry6);
+
+        // Call the private method
+        @SuppressWarnings("unchecked")
+        List<RoleAssignmentHistoryConsolidatedEntry> result = (List<RoleAssignmentHistoryConsolidatedEntry>) processRoleAssignmentEntriesMethod.invoke(
+                dataverseRoleServiceBean, entries, true);
+
+        // Verify results
+        assertEquals(2, result.size(), "Should have 2 consolidated entries");
+
+        // Find the entry for user1 with role1 and baseTime - oldest == last
+        RoleAssignmentHistoryConsolidatedEntry combinedEntry = result.get(1);
+
+        assertNotNull(combinedEntry, "Should have a combined entry for user1 with role1");
+        assertEquals(2, combinedEntry.getDefinitionPointIds().size(),
+                "Combined entry should have 2 definition points");
+        assertTrue(combinedEntry.getDefinitionPointIds().contains(101L),
+                "Combined entry should contain definition point 101");
+        assertTrue(combinedEntry.getDefinitionPointIds().contains(102L),
+                "Combined entry should contain definition point 102");
+
+        // Find the entry for user1 with role1 and laterTime
+        RoleAssignmentHistoryConsolidatedEntry laterEntry = result.stream()
+                .filter(e -> e.getAssigneeIdentifier().equals("user1") &&
+                        e.getRoleName().equals("role1") &&
+                        !e.getDefinitionPointIds().contains(101L))
+                .findFirst()
+                .orElse(null);
+
+        assertNotNull(laterEntry, "Should have an entry for user1 with role1 at later time");
+        assertEquals(1, laterEntry.getDefinitionPointIds().size());
+        assertEquals(103L, laterEntry.getDefinitionPointIds().get(0));
+
+    }
+
+    private RoleAssignmentHistory createRoleAssignmentHistoryEntry(
+            Long roleAssignmentId, String assigneeIdentifier, String roleAlias,
+            Long definitionPointId, String actionByIdentifier,
+            Date actionTimestamp, RoleAssignmentHistory.ActionType actionType) {
+
+        // Create a DataverseRole
+        DataverseRole role = new DataverseRole();
+        role.setAlias(roleAlias);
+        role.setId(1L); // Arbitrary ID for testing
+
+        // Create a DvObject for definition point
+        DvObject dvObject = new Dataverse();
+        dvObject.setId(definitionPointId);
+
+        // Create a RoleAssignee (using a mock since it's an interface)
+        RoleAssignee assignee = mock(RoleAssignee.class);
+        when(assignee.getIdentifier()).thenReturn(assigneeIdentifier);
+
+        // Create the RoleAssignment
+        RoleAssignment roleAssignment = new RoleAssignment(role, assignee, dvObject, null);
+        // Set the ID using reflection since it's normally set by the persistence layer
+        try {
+            java.lang.reflect.Field idField = RoleAssignment.class.getDeclaredField("id");
+            idField.setAccessible(true);
+            idField.set(roleAssignment, roleAssignmentId);
+        } catch (Exception e) {
+            throw new RuntimeException("Failed to set RoleAssignment ID", e);
+        }
+
+        // Create the RoleAssignmentHistory entry
+        RoleAssignmentHistory history = new RoleAssignmentHistory();
+        history.setRoleAssignmentId(roleAssignmentId);
+        history.setAssigneeIdentifier(assigneeIdentifier);
+        history.setRoleAlias(roleAlias);
+        history.setDefinitionPointId(definitionPointId);
+        history.setActionByIdentifier(actionByIdentifier);
+        history.setActionTimestamp(actionTimestamp);
+        history.setActionType(actionType);
+
+        return history;
+    }
+}
\ No newline at end of file

From 8ad46ff58f5738f6b824181201957fa1a2772222 Mon Sep 17 00:00:00 2001
From: Jim Myers <qqmyers@hotmail.com>
Date: Fri, 25 Jul 2025 16:28:04 -0400
Subject: [PATCH 066/634] IT tests (for use when the feature is on)

---
 .../harvard/iq/dataverse/api/RoleAssignmentHistoryIT.java | 8 +++-----
 1 file changed, 3 insertions(+), 5 deletions(-)

diff --git a/src/test/java/edu/harvard/iq/dataverse/api/RoleAssignmentHistoryIT.java b/src/test/java/edu/harvard/iq/dataverse/api/RoleAssignmentHistoryIT.java
index 97f5e7af544..3e105ac9976 100644
--- a/src/test/java/edu/harvard/iq/dataverse/api/RoleAssignmentHistoryIT.java
+++ b/src/test/java/edu/harvard/iq/dataverse/api/RoleAssignmentHistoryIT.java
@@ -3,8 +3,6 @@
 import io.restassured.RestAssured;
 import io.restassured.path.json.JsonPath;
 import io.restassured.response.Response;
-import jakarta.json.JsonArray;
-import jakarta.json.JsonObject;
 import jakarta.json.JsonValue;
 
 import java.util.List;
@@ -19,12 +17,12 @@
 import org.junit.jupiter.api.Test;
 
 import edu.harvard.iq.dataverse.authorization.DataverseRole;
-import edu.harvard.iq.dataverse.util.BundleUtil;
 
 /**
- * Integration tests for the Role Assignment History API endpoints.
+ * Integration tests for the Role Assignment History API endpoints. 
+ * 
+ * Note: These tests require the role-assignment-history FeatureFlag to be true and are not run in normal builds
  * 
- * @author [Your Name]
  */
 public class RoleAssignmentHistoryIT {
 

From 77972b2238d79e6e41302ddb864484a158f2c1d3 Mon Sep 17 00:00:00 2001
From: Jim Myers <qqmyers@hotmail.com>
Date: Fri, 25 Jul 2025 16:28:25 -0400
Subject: [PATCH 067/634] doc updates with info on response formats

---
 doc/sphinx-guides/source/api/native-api.rst | 40 +++++++++++++++++++++
 1 file changed, 40 insertions(+)

diff --git a/doc/sphinx-guides/source/api/native-api.rst b/doc/sphinx-guides/source/api/native-api.rst
index 431c2776a50..e81a5a147db 100644
--- a/doc/sphinx-guides/source/api/native-api.rst
+++ b/doc/sphinx-guides/source/api/native-api.rst
@@ -1476,6 +1476,22 @@ The fully expanded example above (without environment variables) looks like this
 
   curl -H "X-Dataverse-key:xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx" -H "Accept: application/json" "https://demo.dataverse.org/api/datasets/dvAlias/assignments/history"
 
+The response is a JSON array of role assignment history entries with the following structure for each entry:
+
+.. code-block:: json
+
+  {
+    "definedOn": "1",
+    "assigneeIdentifier": "@user1",
+    "roleName": "Admin",
+    "assignedBy": "@dataverseAdmin",
+    "assignedAt": "2023-01-01T12:00:00Z",
+    "revokedBy": null,
+    "revokedAt": null
+  }
+
+For revoked assignments, the "revokedBy" and "revokedAt" fields will contain values instead of null.
+
 To retrieve the history in CSV format, change the Accept header to "text/csv":
 
 .. code-block:: bash
@@ -1492,6 +1508,8 @@ The fully expanded example above (without environment variables) looks like this
 
   curl -H "X-Dataverse-key:xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx" -H "Accept: text/csv" "https://demo.dataverse.org/api/dataverses/3/assignments/history"
 
+The CSV response has column headers mirroring the json entries. They are internationalized (when internationalization is configured).
+
 Note: This feature requires the "role-assignment-history" feature flag to be enabled (see :ref:`feature-flags`).
 
 Datasets
@@ -4100,6 +4118,22 @@ The fully expanded example above (without environment variables) looks like this
 
   curl -H "X-Dataverse-key:xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx" -H "Accept: application/json" "https://demo.dataverse.org/api/datasets/:persistentId/assignments/history?persistentId=doi:10.5072/FK2/ABCDEF"
 
+The response is a JSON array of role assignment history entries with the following structure for each entry:
+
+.. code-block:: json
+
+  {
+    "definedOn": "3",
+    "assigneeIdentifier": "@user1",
+    "roleName": "Admin",
+    "assignedBy": "@dataverseAdmin",
+    "assignedAt": "2023-01-01T12:00:00Z",
+    "revokedBy": null,
+    "revokedAt": null
+  }
+
+For revoked assignments, the "revokedBy" and "revokedAt" fields will contain values instead of null.
+
 To retrieve the history in CSV format, change the Accept header to "text/csv":
 
 .. code-block:: bash
@@ -4116,6 +4150,8 @@ The fully expanded example above (without environment variables) looks like this
 
   curl -H "X-Dataverse-key:xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx" -H "Accept: text/csv" "https://demo.dataverse.org/api/datasets/3/assignments/history"
 
+The CSV response has column headers mirroring the json entries. They are internationalized (when internationalization is configured).
+
 Note: This feature requires the "role-assignment-history" feature flag to be enabled (see :ref:`feature-flags`).
 
 Dataset Files Role Assignment History
@@ -4153,6 +4189,8 @@ The fully expanded example above (without environment variables) looks like this
 
   curl -H "X-Dataverse-key:xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx" -H "Accept: application/json" "https://demo.dataverse.org/api/datasets/:persistentId/files/assignments/history?persistentId=doi:10.5072/FK2/ABCDEF"
 
+The JSON response for this call is the same as for the /api/datasets/{id}/assignments/history call above with the exception that definedOn will be a comma separated list of one or more file ids.
+
 To retrieve the history in CSV format, change the Accept header to "text/csv":
 
 .. code-block:: bash
@@ -4169,6 +4207,8 @@ The fully expanded example above (without environment variables) looks like this
 
   curl -H "X-Dataverse-key:xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx" -H "Accept: text/csv" "https://demo.dataverse.org/api/datasets/3/files/assignments/history"
 
+The CSV response for this call is the same as for the /api/datasets/{id}/assignments/history call above with the exception that definedOn will be a comma separated list of one or more file ids.
+
 Note: This feature requires the "role-assignment-history" feature flag to be enabled (see :ref:`feature-flags`).
 
 Files

From a348b98bac4ac871f696954b929fdecd519f0444 Mon Sep 17 00:00:00 2001
From: Jim Myers <qqmyers@hotmail.com>
Date: Fri, 25 Jul 2025 18:13:04 -0400
Subject: [PATCH 068/634] change table, get rid of audit word

---
 .../iq/dataverse/RoleAssignmentHistory.java   | 28 +++++++++----------
 1 file changed, 14 insertions(+), 14 deletions(-)

diff --git a/src/main/java/edu/harvard/iq/dataverse/RoleAssignmentHistory.java b/src/main/java/edu/harvard/iq/dataverse/RoleAssignmentHistory.java
index 62bed6b3233..a5f1666794a 100644
--- a/src/main/java/edu/harvard/iq/dataverse/RoleAssignmentHistory.java
+++ b/src/main/java/edu/harvard/iq/dataverse/RoleAssignmentHistory.java
@@ -20,15 +20,15 @@
 import edu.harvard.iq.dataverse.engine.command.DataverseRequest;
 
 @Entity
-@Table(name = "role_assignment_audit", indexes = {
-    @Index(name = "idx_raa_role_assignment_id", columnList = "role_assignment_id"),
-    @Index(name = "idx_raa_action_type", columnList = "action_type"),
-    @Index(name = "idx_raa_action_timestamp", columnList = "action_timestamp"),
-    @Index(name = "idx_raa_action_by_identifier", columnList = "action_by_identifier"),
-    @Index(name = "idx_raa_assignee_identifier", columnList = "assignee_identifier"),
-    @Index(name = "idx_raa_role_id", columnList = "role_id"),
-    @Index(name = "idx_raa_definition_point_id", columnList = "definition_point_id")
-})
+@Table(name = "roleassignmenthistory", indexes = {
+        @Index(columnList = "role_assignment_id"),
+        @Index(columnList = "action_type"),
+        @Index(columnList = "action_timestamp"),
+        @Index(columnList = "action_by_identifier"),
+        @Index(columnList = "assignee_identifier"),
+        @Index(columnList = "role_id"),
+        @Index(columnList = "definition_point_id")
+    })
 @NamedQueries({
     @NamedQuery(name = "RoleAssignmentHistory.findByDefinitionPointId",
         query = "SELECT ra FROM RoleAssignmentHistory ra WHERE ra.definitionPointId = :definitionPointId ORDER BY ra.roleAssignmentId, ra.actionTimestamp DESC"),
@@ -41,8 +41,8 @@ public class RoleAssignmentHistory implements Serializable {
 
     @Id
     @GeneratedValue(strategy = GenerationType.IDENTITY)
-    @Column(name = "audit_id")
-    private Long auditId;
+    @Column(name = "entry_id")
+    private Long entry_id;
 
     @Column(name = "role_assignment_id")
     private Long roleAssignmentId;
@@ -100,11 +100,11 @@ public RoleAssignmentHistory(RoleAssignment roleAssignment, DataverseRequest req
 
     // Getters and setters
     public Long getEntryId() {
-        return auditId;
+        return entry_id;
     }
 
-    public void setAuditId(Long auditId) {
-        this.auditId = auditId;
+    public void setEntryId(Long entryId) {
+        this.entry_id = entryId;
     }
 
     public Long getRoleAssignmentId() {

From a1a85b4a3ce02c890e9eabe38e331135f00df5cd Mon Sep 17 00:00:00 2001
From: Jim Myers <qqmyers@hotmail.com>
Date: Fri, 25 Jul 2025 18:26:56 -0400
Subject: [PATCH 069/634] update flag name in xhtml

---
 src/main/webapp/permissions-manage-files.xhtml | 2 +-
 src/main/webapp/permissions-manage.xhtml       | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/main/webapp/permissions-manage-files.xhtml b/src/main/webapp/permissions-manage-files.xhtml
index 80e0a4eb1d3..5f450c4ae63 100644
--- a/src/main/webapp/permissions-manage-files.xhtml
+++ b/src/main/webapp/permissions-manage-files.xhtml
@@ -221,7 +221,7 @@
                     </div>
                     <!-- Role Assignment History Panel -->
                     <o:importConstants type="edu.harvard.iq.dataverse.settings.FeatureFlags" />
-                    <div class="panel panel-default" rendered="#{FeatureFlags.ROLE_ASSIGNMENT_AUDITING.enabled()}">
+                    <div class="panel panel-default" rendered="#{FeatureFlags.ROLE_ASSIGNMENT_HISTORY.enabled()}">
                       <div data-toggle="collapse" data-target="#panelCollapseHistory" class="panel-heading text-info">
                         #{bundle['dataverse.permissions.history']} <span class="glyphicon glyphicon-chevron-down" /> <span class="text-muted small pull-right">#{bundle['dataverse.permissions.history.description']}</span>
                       </div>
diff --git a/src/main/webapp/permissions-manage.xhtml b/src/main/webapp/permissions-manage.xhtml
index 354b963be6c..6289089c912 100644
--- a/src/main/webapp/permissions-manage.xhtml
+++ b/src/main/webapp/permissions-manage.xhtml
@@ -198,7 +198,7 @@
                         </div>
                         <!-- Role Assignment History Panel -->
                         <o:importConstants type="edu.harvard.iq.dataverse.settings.FeatureFlags" />
-                        <div class="panel panel-default" rendered="#{FeatureFlags.ROLE_ASSIGNMENT_AUDITING.enabled()}">
+                        <div class="panel panel-default" rendered="#{FeatureFlags.ROLE_ASSIGNMENT_HISTORY.enabled()}">
                           <div data-toggle="collapse" data-target="#panelCollapseHistory" class="panel-heading text-info">
                             #{bundle['dataverse.permissions.history']} <span class="glyphicon glyphicon-chevron-down" /> <span class="text-muted small pull-right">#{bundle['dataverse.permissions.history.description']}</span>
                           </div>

From 8a8ebe24c9539a615a11842a132cd89f29ffc9b3 Mon Sep 17 00:00:00 2001
From: Steven Winship <39765413+stevenwinship@users.noreply.github.com>
Date: Tue, 5 Aug 2025 14:07:44 -0400
Subject: [PATCH 070/634] feature to extend the get storage driver API

---
 .../11695-change-api-get-storage-driver.md    | 10 ++++++
 doc/sphinx-guides/source/api/changelog.rst    |  1 +
 .../edu/harvard/iq/dataverse/api/Admin.java   |  3 +-
 .../harvard/iq/dataverse/api/Datasets.java    |  2 +-
 .../iq/dataverse/util/json/JsonPrinter.java   | 10 ++++++
 .../harvard/iq/dataverse/api/DatasetsIT.java  | 31 +++++++++++++++++++
 .../harvard/iq/dataverse/api/S3AccessIT.java  |  8 ++---
 .../edu/harvard/iq/dataverse/api/UtilIT.java  |  6 ++++
 8 files changed, 65 insertions(+), 6 deletions(-)
 create mode 100644 doc/release-notes/11695-change-api-get-storage-driver.md

diff --git a/doc/release-notes/11695-change-api-get-storage-driver.md b/doc/release-notes/11695-change-api-get-storage-driver.md
new file mode 100644
index 00000000000..3680da4b72c
--- /dev/null
+++ b/doc/release-notes/11695-change-api-get-storage-driver.md
@@ -0,0 +1,10 @@
+## Get Dataset/Dataverse Storage Driver API
+
+### Changed Json response - breaking change!
+
+The API for getting the Storage Driver info has been changed/extended.
+/api/datasets/{identifier}/storageDriver
+/api/admin/dataverse/{dataverse-alias}/storageDriver
+changed "message" to "name" and added "type" and "label"
+
+See also [the guides](https://dataverse-guide--11664.org.readthedocs.build/en/11664/api/native-api.html#configure-a-dataset-to-store-all-new-files-in-a-specific-file-store), #11695, and #11664.
diff --git a/doc/sphinx-guides/source/api/changelog.rst b/doc/sphinx-guides/source/api/changelog.rst
index 16157459220..e8354a2db9f 100644
--- a/doc/sphinx-guides/source/api/changelog.rst
+++ b/doc/sphinx-guides/source/api/changelog.rst
@@ -13,6 +13,7 @@ v6.8
 - For POST /api/files/{id}/metadata passing an empty string ("description":"")  or array ("categories":[]) will no longer be ignored. Empty fields will now clear out the values in the file's metadata. To ignore the fields simply do not include them in the JSON string.
 - For PUT /api/datasets/{id}/editMetadata the query parameter "sourceInternalVersionNumber" has been removed and replaced with "sourceLastUpdateTime" to verify that the data being edited hasn't been modified and isn't stale.
 - For GET /api/dataverses/$dataverse-alias/links the Json response has changed breaking the backward compatibility of the API.
+- For GET /api/admin/dataverse/{dataverse-alias}/storageDriver and /api/datasets/{identifier}/storageDriver the driver name is no longer returned in data.message. This value is now returned in data.name.
 
 v6.7
 ----
diff --git a/src/main/java/edu/harvard/iq/dataverse/api/Admin.java b/src/main/java/edu/harvard/iq/dataverse/api/Admin.java
index ac52b5d9fbf..1d726830c31 100644
--- a/src/main/java/edu/harvard/iq/dataverse/api/Admin.java
+++ b/src/main/java/edu/harvard/iq/dataverse/api/Admin.java
@@ -20,6 +20,7 @@
 import edu.harvard.iq.dataverse.settings.JvmSettings;
 import edu.harvard.iq.dataverse.util.StringUtil;
 import edu.harvard.iq.dataverse.util.cache.CacheFactoryBean;
+import edu.harvard.iq.dataverse.util.json.JsonPrinter;
 import edu.harvard.iq.dataverse.util.json.NullSafeJsonBuilder;
 import edu.harvard.iq.dataverse.validation.EMailValidator;
 import edu.harvard.iq.dataverse.EjbDataverseEngine;
@@ -2196,7 +2197,7 @@ public Response getStorageDriver(@Context ContainerRequestContext crc, @PathPara
             return wr.getResponse();
         }
         //Note that this returns what's set directly on this dataverse. If null/DataAccess.UNDEFINED_STORAGE_DRIVER_IDENTIFIER, the user would have to recurse the chain of parents to find the effective storageDriver
-        return ok(dataverse.getStorageDriverId());
+        return ok(JsonPrinter.jsonStorageDriver(dataverse.getStorageDriverId()));
     }
     
     @PUT
diff --git a/src/main/java/edu/harvard/iq/dataverse/api/Datasets.java b/src/main/java/edu/harvard/iq/dataverse/api/Datasets.java
index 3db5e04b4ab..6c0f1460a74 100644
--- a/src/main/java/edu/harvard/iq/dataverse/api/Datasets.java
+++ b/src/main/java/edu/harvard/iq/dataverse/api/Datasets.java
@@ -3701,7 +3701,7 @@ public Response getFileStore(@Context ContainerRequestContext crc, @PathParam("i
             return error(Response.Status.NOT_FOUND, "No such dataset");
         }
 
-        return response(req -> ok(dataset.getEffectiveStorageDriverId()), getRequestUser(crc));
+        return ok(JsonPrinter.jsonStorageDriver(dataset.getStorageDriverId()));
     }
 
     @PUT
diff --git a/src/main/java/edu/harvard/iq/dataverse/util/json/JsonPrinter.java b/src/main/java/edu/harvard/iq/dataverse/util/json/JsonPrinter.java
index 592a893083c..a7bf0d637fd 100644
--- a/src/main/java/edu/harvard/iq/dataverse/util/json/JsonPrinter.java
+++ b/src/main/java/edu/harvard/iq/dataverse/util/json/JsonPrinter.java
@@ -39,6 +39,7 @@
 import edu.harvard.iq.dataverse.workflow.Workflow;
 import edu.harvard.iq.dataverse.workflow.step.WorkflowStepData;
 
+import java.io.IOException;
 import java.util.*;
 import jakarta.json.Json;
 import jakarta.json.JsonArrayBuilder;
@@ -1610,4 +1611,13 @@ public static JsonArrayBuilder jsonTemplateInstructions(Map<String, String> temp
 
         return jsonArrayBuilder;
     }
+
+    public static JsonObjectBuilder jsonStorageDriver(String storageDriverId) {
+        JsonObjectBuilder jsonObjectBuilder = new NullSafeJsonBuilder();
+        jsonObjectBuilder.add("name", storageDriverId);
+        jsonObjectBuilder.add("type", DataAccess.getDriverType(storageDriverId));
+        jsonObjectBuilder.add("label", DataAccess.getStorageDriverLabelFor(storageDriverId));
+
+        return jsonObjectBuilder;
+    }
 }
diff --git a/src/test/java/edu/harvard/iq/dataverse/api/DatasetsIT.java b/src/test/java/edu/harvard/iq/dataverse/api/DatasetsIT.java
index f3a83c74224..2ad726aaecf 100644
--- a/src/test/java/edu/harvard/iq/dataverse/api/DatasetsIT.java
+++ b/src/test/java/edu/harvard/iq/dataverse/api/DatasetsIT.java
@@ -5982,6 +5982,37 @@ public void testGetGlobusUploadParameters() {
         GlobusOverlayAccessIOTest.tearDown();
     }
 
+    @Test
+    public void testSetGetDatasetStorageDriver() {
+        Response createUser = UtilIT.createRandomUser();
+        createUser.then().assertThat().statusCode(OK.getStatusCode());
+        String apiToken = UtilIT.getApiTokenFromResponse(createUser);
+        String username = UtilIT.getUsernameFromResponse(createUser);
+        Response makeSuperUser = UtilIT.makeSuperUser(username);
+        assertEquals(200, makeSuperUser.getStatusCode());
+        Response createDataverse = UtilIT.createRandomDataverse(apiToken);
+        String dataverseAlias = UtilIT.getAliasFromResponse(createDataverse);
+        Response createDataset = UtilIT.createRandomDatasetViaNativeApi(dataverseAlias, apiToken);
+        Integer datasetId = UtilIT.getDatasetIdFromResponse(createDataset);
+
+        Response storageDrivers = UtilIT.listStorageDrivers(apiToken);
+        storageDrivers.prettyPrint();
+        JsonObject data = JsonUtil.getJsonObject(storageDrivers.getBody().asString());
+        String first = data.getJsonObject("data").keySet().iterator().next();
+        String name = data.getJsonObject("data").getString(first);
+
+        Response setDriver = UtilIT.setDatasetStorageDriver(datasetId, first, apiToken);
+        setDriver.prettyPrint();
+        assertEquals(200, setDriver.getStatusCode());
+        Response getDriver = UtilIT.getDatasetStorageDriver(datasetId, apiToken);
+        getDriver.prettyPrint();
+        assertEquals(200, getDriver.getStatusCode());
+        getDriver.then().assertThat()
+                .body("data.name", CoreMatchers.equalTo(name))
+                .body("data.type", CoreMatchers.notNullValue())
+                .statusCode(OK.getStatusCode());
+    }
+
     @Test
     public void testGetCanDownloadAtLeastOneFile() {
         Response createUserResponse = UtilIT.createRandomUser();
diff --git a/src/test/java/edu/harvard/iq/dataverse/api/S3AccessIT.java b/src/test/java/edu/harvard/iq/dataverse/api/S3AccessIT.java
index 137c2ef4c7b..d5fecb32937 100644
--- a/src/test/java/edu/harvard/iq/dataverse/api/S3AccessIT.java
+++ b/src/test/java/edu/harvard/iq/dataverse/api/S3AccessIT.java
@@ -142,7 +142,7 @@ public void testNonDirectUpload() {
         Response originalStorageDriver = UtilIT.getStorageDriver(dataverseAlias, superuserApiToken);
         originalStorageDriver.prettyPrint();
         originalStorageDriver.then().assertThat()
-                .body("data.message", equalTo("undefined"))
+                .body("data.name", equalTo("undefined"))
                 .statusCode(200);
 
         Response setStorageDriverToS3 = UtilIT.setStorageDriver(dataverseAlias, driverLabel, superuserApiToken);
@@ -273,7 +273,7 @@ public void testDirectUpload() {
         Response originalStorageDriver = UtilIT.getStorageDriver(dataverseAlias, superuserApiToken);
         originalStorageDriver.prettyPrint();
         originalStorageDriver.then().assertThat()
-                .body("data.message", equalTo("undefined"))
+                .body("data.name", equalTo("undefined"))
                 .statusCode(200);
 
         Response setStorageDriverToS3 = UtilIT.setStorageDriver(dataverseAlias, driverLabel, superuserApiToken);
@@ -491,7 +491,7 @@ public void testDirectUploadDetectStataFile() {
         Response originalStorageDriver = UtilIT.getStorageDriver(dataverseAlias, superuserApiToken);
         originalStorageDriver.prettyPrint();
         originalStorageDriver.then().assertThat()
-                .body("data.message", equalTo("undefined"))
+                .body("data.name", equalTo("undefined"))
                 .statusCode(200);
 
         Response setStorageDriverToS3 = UtilIT.setStorageDriver(dataverseAlias, driverLabel, superuserApiToken);
@@ -689,7 +689,7 @@ public void testDirectUploadWithFileCountLimit() throws JsonParseException {
         Response originalStorageDriver = UtilIT.getStorageDriver(dataverseAlias, superuserApiToken);
         originalStorageDriver.prettyPrint();
         originalStorageDriver.then().assertThat()
-                .body("data.message", equalTo("undefined"))
+                .body("data.name", equalTo("undefined"))
                 .statusCode(200);
 
         Response setStorageDriverToS3 = UtilIT.setStorageDriver(dataverseAlias, driverLabel, superuserApiToken);
diff --git a/src/test/java/edu/harvard/iq/dataverse/api/UtilIT.java b/src/test/java/edu/harvard/iq/dataverse/api/UtilIT.java
index 24f2adbb3ed..e3e62a7a412 100644
--- a/src/test/java/edu/harvard/iq/dataverse/api/UtilIT.java
+++ b/src/test/java/edu/harvard/iq/dataverse/api/UtilIT.java
@@ -4505,6 +4505,12 @@ static Response setDatasetStorageDriver(Integer datasetId, String driverLabel, S
                 .put("/api/datasets/" + datasetId + "/storageDriver");
     }
 
+    static Response getDatasetStorageDriver(Integer datasetId, String apiToken) {
+        return given()
+                .header(API_TOKEN_HTTP_HEADER, apiToken)
+                .get("/api/datasets/" + datasetId + "/storageDriver");
+    }
+
     /** GET on /api/admin/savedsearches/list */
     static Response getSavedSearchList() {
         return given().get("/api/admin/savedsearches/list");

From 8e8b420aae3a2325096f0d893e70794db74e9ca4 Mon Sep 17 00:00:00 2001
From: Steven Winship <39765413+stevenwinship@users.noreply.github.com>
Date: Tue, 5 Aug 2025 14:21:21 -0400
Subject: [PATCH 071/634] remove unused import

---
 .../java/edu/harvard/iq/dataverse/util/json/JsonPrinter.java     | 1 -
 1 file changed, 1 deletion(-)

diff --git a/src/main/java/edu/harvard/iq/dataverse/util/json/JsonPrinter.java b/src/main/java/edu/harvard/iq/dataverse/util/json/JsonPrinter.java
index a7bf0d637fd..06995d4943c 100644
--- a/src/main/java/edu/harvard/iq/dataverse/util/json/JsonPrinter.java
+++ b/src/main/java/edu/harvard/iq/dataverse/util/json/JsonPrinter.java
@@ -39,7 +39,6 @@
 import edu.harvard.iq.dataverse.workflow.Workflow;
 import edu.harvard.iq.dataverse.workflow.step.WorkflowStepData;
 
-import java.io.IOException;
 import java.util.*;
 import jakarta.json.Json;
 import jakarta.json.JsonArrayBuilder;

From 648641c04ac5518289df28107df0e7859e4a1cf0 Mon Sep 17 00:00:00 2001
From: Steven Winship <39765413+stevenwinship@users.noreply.github.com>
Date: Tue, 5 Aug 2025 14:23:22 -0400
Subject: [PATCH 072/634] add test

---
 src/test/java/edu/harvard/iq/dataverse/api/DatasetsIT.java | 1 +
 1 file changed, 1 insertion(+)

diff --git a/src/test/java/edu/harvard/iq/dataverse/api/DatasetsIT.java b/src/test/java/edu/harvard/iq/dataverse/api/DatasetsIT.java
index 2ad726aaecf..0828f3d2789 100644
--- a/src/test/java/edu/harvard/iq/dataverse/api/DatasetsIT.java
+++ b/src/test/java/edu/harvard/iq/dataverse/api/DatasetsIT.java
@@ -6010,6 +6010,7 @@ public void testSetGetDatasetStorageDriver() {
         getDriver.then().assertThat()
                 .body("data.name", CoreMatchers.equalTo(name))
                 .body("data.type", CoreMatchers.notNullValue())
+                .body("data.label", CoreMatchers.notNullValue())
                 .statusCode(OK.getStatusCode());
     }
 

From 2c03617bfb5889a7c2b88cffeca68ce6d3bde096 Mon Sep 17 00:00:00 2001
From: Stephen Kraffmiller <skraffmiller@hmdc.harvard.edu>
Date: Thu, 7 Aug 2025 09:37:23 -0400
Subject: [PATCH 073/634] #11710 dummy endpoint to start

---
 .../java/edu/harvard/iq/dataverse/api/Dataverses.java    | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/src/main/java/edu/harvard/iq/dataverse/api/Dataverses.java b/src/main/java/edu/harvard/iq/dataverse/api/Dataverses.java
index 6b7e783a3eb..1523703893a 100644
--- a/src/main/java/edu/harvard/iq/dataverse/api/Dataverses.java
+++ b/src/main/java/edu/harvard/iq/dataverse/api/Dataverses.java
@@ -1763,6 +1763,15 @@ public Response linkDataverse(@Context ContainerRequestContext crc, @PathParam("
             return ex.getResponse();
         }
     }
+    
+    @GET
+    @AuthRequired
+    @Path("/linkingDataverses/{searchTerm}")
+    public Response getLinkingDataverseList(){
+        return null;
+    }
+    
+    
 
     @GET
     @AuthRequired

From d37725bc61606e524e52cce60e26bad9d04b24d6 Mon Sep 17 00:00:00 2001
From: Stephen Kraffmiller <skraffmiller@hmdc.harvard.edu>
Date: Thu, 7 Aug 2025 13:20:05 -0400
Subject: [PATCH 074/634] #11710 update path

---
 src/main/java/edu/harvard/iq/dataverse/api/Dataverses.java | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/src/main/java/edu/harvard/iq/dataverse/api/Dataverses.java b/src/main/java/edu/harvard/iq/dataverse/api/Dataverses.java
index 1523703893a..dba634e8ba9 100644
--- a/src/main/java/edu/harvard/iq/dataverse/api/Dataverses.java
+++ b/src/main/java/edu/harvard/iq/dataverse/api/Dataverses.java
@@ -1766,8 +1766,9 @@ public Response linkDataverse(@Context ContainerRequestContext crc, @PathParam("
     
     @GET
     @AuthRequired
-    @Path("/linkingDataverses/{searchTerm}")
-    public Response getLinkingDataverseList(){
+    @Path("{identifier}/linkingDataverses/{searchTerm}")
+    public Response getLinkingDataverseList(@PathParam("identifier") String dvIdtf, @PathParam("searchTerm") String searchTerm){
+        
         return null;
     }
     

From 59db4ff859fca947516827f0d3e2dc7c10af2c7b Mon Sep 17 00:00:00 2001
From: Stephen Kraffmiller <skraffmiller@hmdc.harvard.edu>
Date: Thu, 7 Aug 2025 16:24:38 -0400
Subject: [PATCH 075/634] #11710 add api functionality and tests

---
 .../iq/dataverse/DataverseServiceBean.java    | 23 +++++++++++++++----
 .../iq/dataverse/api/AbstractApiBean.java     |  2 +-
 .../dataverse/api/DataverseFeaturedItems.java |  2 +-
 .../harvard/iq/dataverse/api/Dataverses.java  | 20 ++++++++++++----
 .../iq/dataverse/api/DataversesIT.java        | 22 ++++++++++++++++++
 .../edu/harvard/iq/dataverse/api/UtilIT.java  | 12 ++++++++++
 6 files changed, 69 insertions(+), 12 deletions(-)

diff --git a/src/main/java/edu/harvard/iq/dataverse/DataverseServiceBean.java b/src/main/java/edu/harvard/iq/dataverse/DataverseServiceBean.java
index c14711060af..23d94338992 100644
--- a/src/main/java/edu/harvard/iq/dataverse/DataverseServiceBean.java
+++ b/src/main/java/edu/harvard/iq/dataverse/DataverseServiceBean.java
@@ -505,18 +505,29 @@ public List<Dataverse> filterByAliasQuery(String filterQuery) {
         return ret;
     }
     
-    public List<Dataverse> filterDataversesForLinking(String query, DataverseRequest req, Dataset dataset) {
+    public List<Dataverse> filterDataversesForLinking(String query, DataverseRequest req, DvObject dvo) {
 
         List<Dataverse> dataverseList = new ArrayList<>();
 
         List<Dataverse> results = filterDataversesByNamePattern(query);
         
-        if (results == null || results.size() == 0) {
+        if (results == null || results.isEmpty()) {
             return null; 
         }
+        
+        Dataset linkedDataset = null;
+        Dataverse linkedDataverse = null;
+        List<Object> alreadyLinkeddv_ids;
+        
+        if ((dvo instanceof Dataset)) {
+            linkedDataset = (Dataset) dvo;
+            alreadyLinkeddv_ids = em.createNativeQuery("SELECT linkingdataverse_id   FROM datasetlinkingdataverse WHERE dataset_id = " + linkedDataset.getId()).getResultList();
+        } else {
+            linkedDataverse = (Dataverse) dvo;
+            alreadyLinkeddv_ids = em.createNativeQuery("SELECT linkingdataverse_id   FROM dataverselinkingdataverse WHERE dataverse_id = " + linkedDataverse.getId()).getResultList();
+        }
 
-        List<Object> alreadyLinkeddv_ids = em.createNativeQuery("SELECT linkingdataverse_id   FROM datasetlinkingdataverse WHERE dataset_id = " + dataset.getId()).getResultList();
-        List<Dataverse> remove = new ArrayList<>();
+         List<Dataverse> remove = new ArrayList<>();
 
         if (alreadyLinkeddv_ids != null && !alreadyLinkeddv_ids.isEmpty()) {
             alreadyLinkeddv_ids.stream().map((testDVId) -> this.find(testDVId)).forEachOrdered((removeIt) -> {
@@ -526,9 +537,11 @@ public List<Dataverse> filterDataversesForLinking(String query, DataverseRequest
         
         for (Dataverse res : results) {
             if (!remove.contains(res)) {
-                if (this.permissionService.requestOn(req, res).has(Permission.LinkDataset)) {
+                if ((linkedDataset != null && this.permissionService.requestOn(req, res).has(Permission.LinkDataset))
+                       || (linkedDataverse != null && this.permissionService.requestOn(req, res).has(Permission.LinkDataverse))) {
                     dataverseList.add(res);
                 }
+
             }
         }
 
diff --git a/src/main/java/edu/harvard/iq/dataverse/api/AbstractApiBean.java b/src/main/java/edu/harvard/iq/dataverse/api/AbstractApiBean.java
index 76ef91fbd3a..f99727b16db 100644
--- a/src/main/java/edu/harvard/iq/dataverse/api/AbstractApiBean.java
+++ b/src/main/java/edu/harvard/iq/dataverse/api/AbstractApiBean.java
@@ -601,7 +601,7 @@ protected DvObject findDvo(@NotNull final String id) throws WrappedResponse {
      * @throws WrappedResponse
      */
     @NotNull
-    protected DvObject findDvoByIdAndFeaturedItemTypeOrDie(@NotNull final String dvIdtf, String type) throws WrappedResponse {
+    protected DvObject findDvoByIdAndTypeOrDie(@NotNull final String dvIdtf, String type) throws WrappedResponse {
         try {
             DataverseFeaturedItem.TYPES dvType = DataverseFeaturedItem.getDvType(type);
             DvObject dvObject = null;
diff --git a/src/main/java/edu/harvard/iq/dataverse/api/DataverseFeaturedItems.java b/src/main/java/edu/harvard/iq/dataverse/api/DataverseFeaturedItems.java
index 30c3146fbfb..00f1aa76e7e 100644
--- a/src/main/java/edu/harvard/iq/dataverse/api/DataverseFeaturedItems.java
+++ b/src/main/java/edu/harvard/iq/dataverse/api/DataverseFeaturedItems.java
@@ -63,7 +63,7 @@ public Response updateFeaturedItem(@Context ContainerRequestContext crc,
             if (dataverseFeaturedItem == null) {
                 throw new WrappedResponse(error(Response.Status.NOT_FOUND, MessageFormat.format(BundleUtil.getStringFromBundle("dataverseFeaturedItems.errors.notFound"), id)));
             }
-            DvObject dvObject = (dvObjectIdtf != null) ? findDvoByIdAndFeaturedItemTypeOrDie(dvObjectIdtf, type) : null;
+            DvObject dvObject = (dvObjectIdtf != null) ? findDvoByIdAndTypeOrDie(dvObjectIdtf, type) : null;
             UpdatedDataverseFeaturedItemDTO updatedDataverseFeaturedItemDTO = UpdatedDataverseFeaturedItemDTO.fromFormData(content, displayOrder, keepFile, imageFileInputStream, contentDispositionHeader, type, dvObject);
             return ok(json(execCommand(new UpdateDataverseFeaturedItemCommand(createDataverseRequest(getRequestUser(crc)), dataverseFeaturedItem, updatedDataverseFeaturedItemDTO))));
         } catch (WrappedResponse e) {
diff --git a/src/main/java/edu/harvard/iq/dataverse/api/Dataverses.java b/src/main/java/edu/harvard/iq/dataverse/api/Dataverses.java
index dba634e8ba9..ae49e34d693 100644
--- a/src/main/java/edu/harvard/iq/dataverse/api/Dataverses.java
+++ b/src/main/java/edu/harvard/iq/dataverse/api/Dataverses.java
@@ -1767,9 +1767,19 @@ public Response linkDataverse(@Context ContainerRequestContext crc, @PathParam("
     @GET
     @AuthRequired
     @Path("{identifier}/linkingDataverses/{searchTerm}")
-    public Response getLinkingDataverseList(@PathParam("identifier") String dvIdtf, @PathParam("searchTerm") String searchTerm){
-        
-        return null;
+    public Response getLinkingDataverseList(@Context ContainerRequestContext crc, @PathParam("identifier") String dvIdtf, @PathParam("searchTerm") String searchTerm, @FormDataParam("type") String type){
+        //first determine what you are linking based on identifier and type
+        try{
+           DvObject   dvObject = findDvoByIdAndTypeOrDie(dvIdtf, type);
+           List<Dataverse> dataversesForLinking = dataverseService.filterDataversesForLinking(searchTerm, createDataverseRequest(getRequestUser(crc)), dvObject);
+                JsonArrayBuilder dvBuilder = Json.createArrayBuilder();
+                for (Dataverse dv : dataversesForLinking) {
+                    dvBuilder.add(dv.getAlias());
+                }
+                return ok(dvBuilder);        
+        } catch (WrappedResponse wr) {
+            return wr.getResponse();
+        }
     }
     
     
@@ -1813,7 +1823,7 @@ public Response createFeaturedItem(@Context ContainerRequestContext crc,
         try {
             dataverse = findDataverseOrDie(dvIdtf);
             if (dvObjectIdtf != null) {
-                dvObject = findDvoByIdAndFeaturedItemTypeOrDie(dvObjectIdtf, type);
+                dvObject = findDvoByIdAndTypeOrDie(dvObjectIdtf, type);
             }
         } catch (WrappedResponse wr) {
             return wr.getResponse();
@@ -1901,7 +1911,7 @@ public Response updateFeaturedItems(
 
                 // ignore dvObject if the id is missing or an empty string
                 DvObject dvObject = dvObjectIdtf.get(i) != null && !dvObjectIdtf.get(i).isEmpty()
-                        ? findDvoByIdAndFeaturedItemTypeOrDie(dvObjectIdtf.get(i), types.get(i)) : null;
+                        ? findDvoByIdAndTypeOrDie(dvObjectIdtf.get(i), types.get(i)) : null;
                 if (ids.get(i) == 0) {
                     newItems.add(NewDataverseFeaturedItemDTO.fromFormData(
                             contents.get(i), displayOrders.get(i), fileInputStream, contentDisposition, types.get(i), dvObject));
diff --git a/src/test/java/edu/harvard/iq/dataverse/api/DataversesIT.java b/src/test/java/edu/harvard/iq/dataverse/api/DataversesIT.java
index 3e1a160c9f2..4d9f8aa9509 100644
--- a/src/test/java/edu/harvard/iq/dataverse/api/DataversesIT.java
+++ b/src/test/java/edu/harvard/iq/dataverse/api/DataversesIT.java
@@ -677,6 +677,28 @@ public void testImportDDI() throws IOException, InterruptedException {
         Response deleteUserResponse = UtilIT.deleteUser(username);
         assertEquals(200, deleteUserResponse.getStatusCode());
     }
+    
+    @Test
+    public void testGetLinkableDataverses(){
+        Response createUser = UtilIT.createRandomUser();
+        String username = UtilIT.getUsernameFromResponse(createUser);
+        Response makeSuperUser = UtilIT.makeSuperUser(username);
+        assertEquals(200, makeSuperUser.getStatusCode());
+        String apiToken = UtilIT.getApiTokenFromResponse(createUser);
+        
+        Response createDataverseResponse = UtilIT.createRandomDataverse(apiToken);
+        String dataverseAlias = UtilIT.getAliasFromResponse(createDataverseResponse);
+
+        Response publishDataverse = UtilIT.publishDataverseViaNativeApi(dataverseAlias, apiToken);
+        assertEquals(200, publishDataverse.getStatusCode());
+        
+        Response createDatasetResponse = UtilIT.createRandomDatasetViaNativeApi(dataverseAlias, apiToken);
+        createDatasetResponse.prettyPrint();
+        String datasetPersistentId = UtilIT.getDatasetPersistentIdFromResponse(createDatasetResponse);
+        
+        Response getLinkableDataverses = UtilIT.getLinkableDataverses("dataset", datasetPersistentId, apiToken, dataverseAlias);
+        getLinkableDataverses.prettyPrint();
+    }
 
     @Test
     public void testImport() throws IOException, InterruptedException {
diff --git a/src/test/java/edu/harvard/iq/dataverse/api/UtilIT.java b/src/test/java/edu/harvard/iq/dataverse/api/UtilIT.java
index 24f2adbb3ed..77b4303393e 100644
--- a/src/test/java/edu/harvard/iq/dataverse/api/UtilIT.java
+++ b/src/test/java/edu/harvard/iq/dataverse/api/UtilIT.java
@@ -4773,6 +4773,18 @@ static Response updateDataverseFeaturedItem(long featuredItemId,
                                                 String apiToken) {
         return updateDataverseFeaturedItem(featuredItemId, content, displayOrder, keepFile, pathToFile, null, null, apiToken);
     }
+    
+    static Response getLinkableDataverses (String type, String dvObjectId, String apiToken, String dataverseAlias) {
+                return given()
+                .header(API_TOKEN_HTTP_HEADER, apiToken)
+                .contentType("application/json")
+                .get("/api/dataverses/" + dataverseAlias + "/featuredItems");
+                
+                /*
+                {identifier}/linkingDataverses/{searchTerm}
+                */
+        
+    }
     static Response updateDataverseFeaturedItem(long featuredItemId,
                                                 String content,
                                                 int displayOrder,

From 1203c435472d980fc648d3b25940f8d2d6cad5a2 Mon Sep 17 00:00:00 2001
From: Stephen Kraffmiller <skraffmiller@hmdc.harvard.edu>
Date: Fri, 8 Aug 2025 16:54:52 -0400
Subject: [PATCH 076/634] #11710 fix test

---
 .../harvard/iq/dataverse/api/Dataverses.java  | 14 +++++++++--
 .../iq/dataverse/api/DataversesIT.java        |  9 +++++++-
 .../edu/harvard/iq/dataverse/api/UtilIT.java  | 23 +++++++++++--------
 3 files changed, 34 insertions(+), 12 deletions(-)

diff --git a/src/main/java/edu/harvard/iq/dataverse/api/Dataverses.java b/src/main/java/edu/harvard/iq/dataverse/api/Dataverses.java
index ae49e34d693..21b67d1c3c9 100644
--- a/src/main/java/edu/harvard/iq/dataverse/api/Dataverses.java
+++ b/src/main/java/edu/harvard/iq/dataverse/api/Dataverses.java
@@ -1766,9 +1766,16 @@ public Response linkDataverse(@Context ContainerRequestContext crc, @PathParam("
     
     @GET
     @AuthRequired
-    @Path("{identifier}/linkingDataverses/{searchTerm}")
-    public Response getLinkingDataverseList(@Context ContainerRequestContext crc, @PathParam("identifier") String dvIdtf, @PathParam("searchTerm") String searchTerm, @FormDataParam("type") String type){
+    @Produces(MediaType.APPLICATION_JSON)
+    @Consumes(MediaType.MULTIPART_FORM_DATA)
+    @Path("{identifier}/{type}/linkingDataverses/{searchTerm}")
+    public Response getLinkingDataverseList(@Context ContainerRequestContext crc, @PathParam("identifier") String dvIdtf, @PathParam("searchTerm") String searchTerm, @PathParam("type") String type){
         //first determine what you are linking based on identifier and type
+        System.out.print("@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@");
+        System.out.print("in dataverses method");
+        System.out.print("id: " + dvIdtf);
+        System.out.print("searchTerm: " + searchTerm);
+        System.out.print("type: " + type);
         try{
            DvObject   dvObject = findDvoByIdAndTypeOrDie(dvIdtf, type);
            List<Dataverse> dataversesForLinking = dataverseService.filterDataversesForLinking(searchTerm, createDataverseRequest(getRequestUser(crc)), dvObject);
@@ -1779,6 +1786,9 @@ public Response getLinkingDataverseList(@Context ContainerRequestContext crc, @P
                 return ok(dvBuilder);        
         } catch (WrappedResponse wr) {
             return wr.getResponse();
+        } catch (Exception e){
+            return error(Status.BAD_REQUEST, e.getLocalizedMessage());
+            
         }
     }
     
diff --git a/src/test/java/edu/harvard/iq/dataverse/api/DataversesIT.java b/src/test/java/edu/harvard/iq/dataverse/api/DataversesIT.java
index 4d9f8aa9509..e13d83f6f88 100644
--- a/src/test/java/edu/harvard/iq/dataverse/api/DataversesIT.java
+++ b/src/test/java/edu/harvard/iq/dataverse/api/DataversesIT.java
@@ -696,8 +696,15 @@ public void testGetLinkableDataverses(){
         createDatasetResponse.prettyPrint();
         String datasetPersistentId = UtilIT.getDatasetPersistentIdFromResponse(createDatasetResponse);
         
-        Response getLinkableDataverses = UtilIT.getLinkableDataverses("dataset", datasetPersistentId, apiToken, dataverseAlias);
+        Integer datasetId = UtilIT.getDatasetIdFromResponse(createDatasetResponse);
+        UtilIT.publishDatasetViaNativeApi(datasetPersistentId, "major", apiToken);
+         
+        System.out.print("After pub dataset");
+        
+        Response getLinkableDataverses = UtilIT.getLinkableDataverses("dataset", datasetPersistentId, apiToken, "dv0");
         getLinkableDataverses.prettyPrint();
+                getLinkableDataverses.then().assertThat()
+                .statusCode(OK.getStatusCode());
     }
 
     @Test
diff --git a/src/test/java/edu/harvard/iq/dataverse/api/UtilIT.java b/src/test/java/edu/harvard/iq/dataverse/api/UtilIT.java
index 77b4303393e..f28c0b3e640 100644
--- a/src/test/java/edu/harvard/iq/dataverse/api/UtilIT.java
+++ b/src/test/java/edu/harvard/iq/dataverse/api/UtilIT.java
@@ -4774,16 +4774,21 @@ static Response updateDataverseFeaturedItem(long featuredItemId,
         return updateDataverseFeaturedItem(featuredItemId, content, displayOrder, keepFile, pathToFile, null, null, apiToken);
     }
     
-    static Response getLinkableDataverses (String type, String dvObjectId, String apiToken, String dataverseAlias) {
-                return given()
+    static Response getLinkableDataverses (String type, String dvObjectId, String apiToken, String searchTerm) {
+
+        String idInPath = dvObjectId; // Assume it's a number to start.
+        String optionalQueryParam = ""; // If idOrPersistentId is a number we'll just put it in the path.
+        if (type.equals("dataset")) {
+            if (!NumberUtils.isCreatable(idInPath)) {
+                idInPath = ":persistentId";
+                optionalQueryParam = "?persistentId=" + dvObjectId;
+            }
+        }
+
+        return given()
                 .header(API_TOKEN_HTTP_HEADER, apiToken)
-                .contentType("application/json")
-                .get("/api/dataverses/" + dataverseAlias + "/featuredItems");
-                
-                /*
-                {identifier}/linkingDataverses/{searchTerm}
-                */
-        
+                .get("/api/dataverses/" + idInPath + "/" + type + "/linkingDataverses/" + searchTerm + optionalQueryParam);
+
     }
     static Response updateDataverseFeaturedItem(long featuredItemId,
                                                 String content,

From 8e8b084c038a0b103314e203e5b735ea624330f3 Mon Sep 17 00:00:00 2001
From: Stephen Kraffmiller <skraffmiller@hmdc.harvard.edu>
Date: Mon, 11 Aug 2025 08:49:06 -0400
Subject: [PATCH 077/634] #11710 add "mini" dv to json printer

---
 .../java/edu/harvard/iq/dataverse/api/Dataverses.java |  2 +-
 .../harvard/iq/dataverse/util/json/JsonPrinter.java   | 11 +++++++++++
 2 files changed, 12 insertions(+), 1 deletion(-)

diff --git a/src/main/java/edu/harvard/iq/dataverse/api/Dataverses.java b/src/main/java/edu/harvard/iq/dataverse/api/Dataverses.java
index 21b67d1c3c9..a6aa24f417b 100644
--- a/src/main/java/edu/harvard/iq/dataverse/api/Dataverses.java
+++ b/src/main/java/edu/harvard/iq/dataverse/api/Dataverses.java
@@ -1781,7 +1781,7 @@ public Response getLinkingDataverseList(@Context ContainerRequestContext crc, @P
            List<Dataverse> dataversesForLinking = dataverseService.filterDataversesForLinking(searchTerm, createDataverseRequest(getRequestUser(crc)), dvObject);
                 JsonArrayBuilder dvBuilder = Json.createArrayBuilder();
                 for (Dataverse dv : dataversesForLinking) {
-                    dvBuilder.add(dv.getAlias());
+                    dvBuilder.add(json(dv, true));
                 }
                 return ok(dvBuilder);        
         } catch (WrappedResponse wr) {
diff --git a/src/main/java/edu/harvard/iq/dataverse/util/json/JsonPrinter.java b/src/main/java/edu/harvard/iq/dataverse/util/json/JsonPrinter.java
index 592a893083c..ec9abdfa7cc 100644
--- a/src/main/java/edu/harvard/iq/dataverse/util/json/JsonPrinter.java
+++ b/src/main/java/edu/harvard/iq/dataverse/util/json/JsonPrinter.java
@@ -269,6 +269,17 @@ public static JsonObjectBuilder json(Workflow wf){
 
         return bld;
     }
+    
+    public static JsonObjectBuilder json(Dataverse dv, Boolean mini) {
+        if (!mini){
+            return json(dv, false, false, null);
+        } else {
+            return jsonObjectBuilder()
+                .add("id", dv.getId())
+                .add("alias", dv.getAlias())
+                .add("name", dv.getName());           
+        }
+    }
 
     public static JsonObjectBuilder json(Dataverse dv) {
         return json(dv, false, false, null);

From bb40ca4b40e35a9f2315606913f2c309af363213 Mon Sep 17 00:00:00 2001
From: Stephen Kraffmiller <skraffmiller@hmdc.harvard.edu>
Date: Mon, 11 Aug 2025 14:42:05 -0400
Subject: [PATCH 078/634] #11710 fix templates test for existing
 databases/templates

---
 .../iq/dataverse/api/DataversesIT.java        | 26 +++++++++++++++++--
 1 file changed, 24 insertions(+), 2 deletions(-)

diff --git a/src/test/java/edu/harvard/iq/dataverse/api/DataversesIT.java b/src/test/java/edu/harvard/iq/dataverse/api/DataversesIT.java
index e13d83f6f88..53643e3d5a5 100644
--- a/src/test/java/edu/harvard/iq/dataverse/api/DataversesIT.java
+++ b/src/test/java/edu/harvard/iq/dataverse/api/DataversesIT.java
@@ -2314,17 +2314,39 @@ public void testUpdateInputLevelDisplayOnCreateOverride() {
     }
 
     @Test
-    public void testCreateAndGetTemplates() {
+    public void testCreateAndGetTemplates() throws JsonParseException  {
         Response createUserResponse = UtilIT.createRandomUser();
         String apiToken = UtilIT.getApiTokenFromResponse(createUserResponse);
 
         Response createSecondUserResponse = UtilIT.createRandomUser();
         String secondApiToken = UtilIT.getApiTokenFromResponse(createSecondUserResponse);
-
+        /*
+        We need to make this a non-inherited metadatablocks so the get template will only get templates from current dv
+         */
+        
         Response createDataverseResponse = UtilIT.createRandomDataverse(apiToken);
         createDataverseResponse.then().assertThat().statusCode(CREATED.getStatusCode());
         String dataverseAlias = UtilIT.getAliasFromResponse(createDataverseResponse);
 
+        String newName = "New Test Dataverse Name";
+        String newAffiliation = "New Test Dataverse Affiliation";
+        String newDataverseType = Dataverse.DataverseType.TEACHING_COURSES.toString();
+        String[] newContactEmails = new String[]{"new_email@dataverse.com"};
+        String[] newInputLevelNames = new String[]{"geographicCoverage"};
+        String[] newFacetIds = new String[]{"contributorName"};
+        String[] newMetadataBlockNames = new String[]{"citation", "geospatial", "biomedical"};
+
+        // Assert that the error is returned for having both MetadataBlockNames and inheritMetadataBlocksFromParent
+       Response updateDataverseResponse = UtilIT.updateDataverse(
+                dataverseAlias, dataverseAlias, newName, newAffiliation, newDataverseType, newContactEmails, newInputLevelNames,
+                null, newMetadataBlockNames, apiToken,
+                Boolean.FALSE, Boolean.FALSE, null
+        );
+        updateDataverseResponse.then().assertThat()
+                .statusCode(OK.getStatusCode());
+   
+
+
         // Create a template
 
         String jsonString = """

From 791edfb2a4237eb28ae2ef71f9dd76b3e23d4a33 Mon Sep 17 00:00:00 2001
From: Stephen Kraffmiller <skraffmiller@hmdc.harvard.edu>
Date: Tue, 12 Aug 2025 09:47:49 -0400
Subject: [PATCH 079/634] #11710 code cleanup

---
 src/test/java/edu/harvard/iq/dataverse/api/DataversesIT.java | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/src/test/java/edu/harvard/iq/dataverse/api/DataversesIT.java b/src/test/java/edu/harvard/iq/dataverse/api/DataversesIT.java
index 53643e3d5a5..889f9589819 100644
--- a/src/test/java/edu/harvard/iq/dataverse/api/DataversesIT.java
+++ b/src/test/java/edu/harvard/iq/dataverse/api/DataversesIT.java
@@ -2320,6 +2320,7 @@ public void testCreateAndGetTemplates() throws JsonParseException  {
 
         Response createSecondUserResponse = UtilIT.createRandomUser();
         String secondApiToken = UtilIT.getApiTokenFromResponse(createSecondUserResponse);
+        
         /*
         We need to make this a non-inherited metadatablocks so the get template will only get templates from current dv
          */
@@ -2342,10 +2343,9 @@ public void testCreateAndGetTemplates() throws JsonParseException  {
                 null, newMetadataBlockNames, apiToken,
                 Boolean.FALSE, Boolean.FALSE, null
         );
+       
         updateDataverseResponse.then().assertThat()
                 .statusCode(OK.getStatusCode());
-   
-
 
         // Create a template
 
@@ -2384,6 +2384,7 @@ public void testCreateAndGetTemplates() throws JsonParseException  {
                 jsonString,
                 apiToken
         );
+        
         createTemplateResponse.then().assertThat().statusCode(OK.getStatusCode())
                 .body("data.name", equalTo("Dataverse template"))
                 .body("data.usageCount", equalTo(0))

From 61dae90a8f203b6dca0df9c5317e70c40df40d24 Mon Sep 17 00:00:00 2001
From: Stephen Kraffmiller <skraffmiller@hmdc.harvard.edu>
Date: Tue, 12 Aug 2025 10:51:39 -0400
Subject: [PATCH 080/634] #11710 add test for perms

---
 .../harvard/iq/dataverse/api/Dataverses.java  |  6 +--
 .../iq/dataverse/api/DataversesIT.java        | 46 ++++++++++++++++---
 2 files changed, 40 insertions(+), 12 deletions(-)

diff --git a/src/main/java/edu/harvard/iq/dataverse/api/Dataverses.java b/src/main/java/edu/harvard/iq/dataverse/api/Dataverses.java
index a6aa24f417b..f4788120ae5 100644
--- a/src/main/java/edu/harvard/iq/dataverse/api/Dataverses.java
+++ b/src/main/java/edu/harvard/iq/dataverse/api/Dataverses.java
@@ -1771,11 +1771,7 @@ public Response linkDataverse(@Context ContainerRequestContext crc, @PathParam("
     @Path("{identifier}/{type}/linkingDataverses/{searchTerm}")
     public Response getLinkingDataverseList(@Context ContainerRequestContext crc, @PathParam("identifier") String dvIdtf, @PathParam("searchTerm") String searchTerm, @PathParam("type") String type){
         //first determine what you are linking based on identifier and type
-        System.out.print("@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@");
-        System.out.print("in dataverses method");
-        System.out.print("id: " + dvIdtf);
-        System.out.print("searchTerm: " + searchTerm);
-        System.out.print("type: " + type);
+
         try{
            DvObject   dvObject = findDvoByIdAndTypeOrDie(dvIdtf, type);
            List<Dataverse> dataversesForLinking = dataverseService.filterDataversesForLinking(searchTerm, createDataverseRequest(getRequestUser(crc)), dvObject);
diff --git a/src/test/java/edu/harvard/iq/dataverse/api/DataversesIT.java b/src/test/java/edu/harvard/iq/dataverse/api/DataversesIT.java
index 889f9589819..d35270de1a3 100644
--- a/src/test/java/edu/harvard/iq/dataverse/api/DataversesIT.java
+++ b/src/test/java/edu/harvard/iq/dataverse/api/DataversesIT.java
@@ -681,30 +681,62 @@ public void testImportDDI() throws IOException, InterruptedException {
     @Test
     public void testGetLinkableDataverses(){
         Response createUser = UtilIT.createRandomUser();
-        String username = UtilIT.getUsernameFromResponse(createUser);
-        Response makeSuperUser = UtilIT.makeSuperUser(username);
-        assertEquals(200, makeSuperUser.getStatusCode());
         String apiToken = UtilIT.getApiTokenFromResponse(createUser);
         
         Response createDataverseResponse = UtilIT.createRandomDataverse(apiToken);
         String dataverseAlias = UtilIT.getAliasFromResponse(createDataverseResponse);
+        
+        //Create dataverse for linking
+        Response createDataverseResponseForLinking = UtilIT.createRandomDataverse(apiToken);
+        String dataverseAliasForLinking = UtilIT.getAliasFromResponse(createDataverseResponseForLinking);
 
         Response publishDataverse = UtilIT.publishDataverseViaNativeApi(dataverseAlias, apiToken);
         assertEquals(200, publishDataverse.getStatusCode());
         
+        publishDataverse = UtilIT.publishDataverseViaNativeApi(dataverseAliasForLinking, apiToken);
+        assertEquals(200, publishDataverse.getStatusCode());
+        
         Response createDatasetResponse = UtilIT.createRandomDatasetViaNativeApi(dataverseAlias, apiToken);
         createDatasetResponse.prettyPrint();
         String datasetPersistentId = UtilIT.getDatasetPersistentIdFromResponse(createDatasetResponse);
         
         Integer datasetId = UtilIT.getDatasetIdFromResponse(createDatasetResponse);
         UtilIT.publishDatasetViaNativeApi(datasetPersistentId, "major", apiToken);
-         
-        System.out.print("After pub dataset");
         
-        Response getLinkableDataverses = UtilIT.getLinkableDataverses("dataset", datasetPersistentId, apiToken, "dv0");
+        Response getLinkableDataverses = UtilIT.getLinkableDataverses("dataset", datasetPersistentId, apiToken, dataverseAliasForLinking);
         getLinkableDataverses.prettyPrint();
                 getLinkableDataverses.then().assertThat()
-                .statusCode(OK.getStatusCode());
+                .statusCode(OK.getStatusCode())
+                .body("data[0].alias", equalTo(dataverseAliasForLinking));
+                
+        Response getLinkableDataversesForDataverse = UtilIT.getLinkableDataverses("dataverse", dataverseAlias, apiToken, dataverseAliasForLinking);
+        getLinkableDataversesForDataverse.prettyPrint();
+                getLinkableDataverses.then().assertThat()
+                .statusCode(OK.getStatusCode())                
+                .body("data[0].alias", equalTo(dataverseAliasForLinking));  
+                
+        // create new user and dataverse - the new dataverse should not be available to the first user for linking...
+        Response createUserTwo = UtilIT.createRandomUser();
+        String apiTokenTwo = UtilIT.getApiTokenFromResponse(createUserTwo);
+        
+        //Create dataverse that should be unavailable for linking
+        Response createDataverseResponseUnavailableForLinking = UtilIT.createRandomDataverse(apiTokenTwo);
+        createDataverseResponseUnavailableForLinking.prettyPrint();
+        String dataverseAliasUnavailableForLinking = UtilIT.getAliasFromResponse(createDataverseResponseUnavailableForLinking);
+        
+        Response getUnavailableForDataset = UtilIT.getLinkableDataverses("dataset", datasetPersistentId, apiToken, dataverseAliasUnavailableForLinking);
+        getUnavailableForDataset.prettyPrint();
+                getUnavailableForDataset.then().assertThat()
+                .statusCode(OK.getStatusCode())
+                .body("data.size()", equalTo(0));
+                
+        Response getUnavailableForDataverse = UtilIT.getLinkableDataverses("dataverse", dataverseAlias, apiToken, dataverseAliasUnavailableForLinking);
+        getUnavailableForDataverse.prettyPrint();
+                getUnavailableForDataverse.then().assertThat()
+                .statusCode(OK.getStatusCode())                
+                .body("data.size()", equalTo(0));
+
+        
     }
 
     @Test

From 32d06ed75bbb7f06a25d856a37963978855cc8a2 Mon Sep 17 00:00:00 2001
From: Stephen Kraffmiller <skraffmiller@hmdc.harvard.edu>
Date: Tue, 12 Aug 2025 11:02:07 -0400
Subject: [PATCH 081/634] #11710 add publish to test

---
 src/test/java/edu/harvard/iq/dataverse/api/DataversesIT.java | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/src/test/java/edu/harvard/iq/dataverse/api/DataversesIT.java b/src/test/java/edu/harvard/iq/dataverse/api/DataversesIT.java
index d35270de1a3..678616d7db8 100644
--- a/src/test/java/edu/harvard/iq/dataverse/api/DataversesIT.java
+++ b/src/test/java/edu/harvard/iq/dataverse/api/DataversesIT.java
@@ -723,6 +723,8 @@ public void testGetLinkableDataverses(){
         Response createDataverseResponseUnavailableForLinking = UtilIT.createRandomDataverse(apiTokenTwo);
         createDataverseResponseUnavailableForLinking.prettyPrint();
         String dataverseAliasUnavailableForLinking = UtilIT.getAliasFromResponse(createDataverseResponseUnavailableForLinking);
+        publishDataverse = UtilIT.publishDataverseViaNativeApi(dataverseAliasUnavailableForLinking, apiTokenTwo);
+        assertEquals(200, publishDataverse.getStatusCode());
         
         Response getUnavailableForDataset = UtilIT.getLinkableDataverses("dataset", datasetPersistentId, apiToken, dataverseAliasUnavailableForLinking);
         getUnavailableForDataset.prettyPrint();

From 59572c9485e49f2d00d1857034819c07b7337a47 Mon Sep 17 00:00:00 2001
From: Stephen Kraffmiller <skraffmiller@hmdc.harvard.edu>
Date: Tue, 12 Aug 2025 14:20:51 -0400
Subject: [PATCH 082/634] #11710 code cleanup

---
 src/main/java/edu/harvard/iq/dataverse/DataverseServiceBean.java | 1 -
 src/main/java/edu/harvard/iq/dataverse/api/Dataverses.java       | 1 -
 2 files changed, 2 deletions(-)

diff --git a/src/main/java/edu/harvard/iq/dataverse/DataverseServiceBean.java b/src/main/java/edu/harvard/iq/dataverse/DataverseServiceBean.java
index 23d94338992..b8ce8cb1a6b 100644
--- a/src/main/java/edu/harvard/iq/dataverse/DataverseServiceBean.java
+++ b/src/main/java/edu/harvard/iq/dataverse/DataverseServiceBean.java
@@ -541,7 +541,6 @@ public List<Dataverse> filterDataversesForLinking(String query, DataverseRequest
                        || (linkedDataverse != null && this.permissionService.requestOn(req, res).has(Permission.LinkDataverse))) {
                     dataverseList.add(res);
                 }
-
             }
         }
 
diff --git a/src/main/java/edu/harvard/iq/dataverse/api/Dataverses.java b/src/main/java/edu/harvard/iq/dataverse/api/Dataverses.java
index f4788120ae5..8bfa3594602 100644
--- a/src/main/java/edu/harvard/iq/dataverse/api/Dataverses.java
+++ b/src/main/java/edu/harvard/iq/dataverse/api/Dataverses.java
@@ -1767,7 +1767,6 @@ public Response linkDataverse(@Context ContainerRequestContext crc, @PathParam("
     @GET
     @AuthRequired
     @Produces(MediaType.APPLICATION_JSON)
-    @Consumes(MediaType.MULTIPART_FORM_DATA)
     @Path("{identifier}/{type}/linkingDataverses/{searchTerm}")
     public Response getLinkingDataverseList(@Context ContainerRequestContext crc, @PathParam("identifier") String dvIdtf, @PathParam("searchTerm") String searchTerm, @PathParam("type") String type){
         //first determine what you are linking based on identifier and type

From d6625a4692ecfbf06ab026379e35afedaa4e1deb Mon Sep 17 00:00:00 2001
From: Stephen Kraffmiller <skraffmiller@hmdc.harvard.edu>
Date: Tue, 12 Aug 2025 14:53:07 -0400
Subject: [PATCH 083/634] #11710 test that linked dv's are removed from list

---
 .../iq/dataverse/api/DataversesIT.java        | 23 +++++++++++++++++--
 1 file changed, 21 insertions(+), 2 deletions(-)

diff --git a/src/test/java/edu/harvard/iq/dataverse/api/DataversesIT.java b/src/test/java/edu/harvard/iq/dataverse/api/DataversesIT.java
index 678616d7db8..5358debacda 100644
--- a/src/test/java/edu/harvard/iq/dataverse/api/DataversesIT.java
+++ b/src/test/java/edu/harvard/iq/dataverse/api/DataversesIT.java
@@ -682,7 +682,8 @@ public void testImportDDI() throws IOException, InterruptedException {
     public void testGetLinkableDataverses(){
         Response createUser = UtilIT.createRandomUser();
         String apiToken = UtilIT.getApiTokenFromResponse(createUser);
-        
+        String username = UtilIT.getUsernameFromResponse(createUser);
+
         Response createDataverseResponse = UtilIT.createRandomDataverse(apiToken);
         String dataverseAlias = UtilIT.getAliasFromResponse(createDataverseResponse);
         
@@ -737,7 +738,25 @@ public void testGetLinkableDataverses(){
                 getUnavailableForDataverse.then().assertThat()
                 .statusCode(OK.getStatusCode())                
                 .body("data.size()", equalTo(0));
-
+        
+        //now link a dataverse and see that it's unavailable in the future          
+       
+        Response makeSuperUser = UtilIT.setSuperuserStatus(username, Boolean.TRUE);
+                
+        Response linkDataset = UtilIT.linkDataset(datasetPersistentId, dataverseAliasForLinking, apiToken);
+        linkDataset.prettyPrint();
+        linkDataset.then().assertThat()
+                .statusCode(OK.getStatusCode());  
+        
+        //set it back to non-super user so perms are limited
+        UtilIT.setSuperuserStatus(username, Boolean.FALSE);
+        
+        //should get an empty list because dataset is already linked
+        getLinkableDataverses = UtilIT.getLinkableDataverses("dataset", datasetPersistentId, apiToken, dataverseAliasForLinking);
+        getLinkableDataverses.prettyPrint();
+                getLinkableDataverses.then().assertThat()
+                .statusCode(OK.getStatusCode())
+                .body("data.size()", equalTo(0));
         
     }
 

From 12f69ffaae42873c9008238e4fd9dfc7c013fd5a Mon Sep 17 00:00:00 2001
From: Stephen Kraffmiller <skraffmiller@hmdc.harvard.edu>
Date: Tue, 12 Aug 2025 15:00:04 -0400
Subject: [PATCH 084/634] #11710 clean up comments

---
 src/test/java/edu/harvard/iq/dataverse/api/DataversesIT.java | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/test/java/edu/harvard/iq/dataverse/api/DataversesIT.java b/src/test/java/edu/harvard/iq/dataverse/api/DataversesIT.java
index 5358debacda..7782dea8fea 100644
--- a/src/test/java/edu/harvard/iq/dataverse/api/DataversesIT.java
+++ b/src/test/java/edu/harvard/iq/dataverse/api/DataversesIT.java
@@ -739,7 +739,7 @@ public void testGetLinkableDataverses(){
                 .statusCode(OK.getStatusCode())                
                 .body("data.size()", equalTo(0));
         
-        //now link a dataverse and see that it's unavailable in the future          
+        //now link a dataset and see that it's unavailable in the future          
        
         Response makeSuperUser = UtilIT.setSuperuserStatus(username, Boolean.TRUE);
                 
@@ -748,7 +748,7 @@ public void testGetLinkableDataverses(){
         linkDataset.then().assertThat()
                 .statusCode(OK.getStatusCode());  
         
-        //set it back to non-super user so perms are limited
+        //set user api back to non-super user so perms are limited
         UtilIT.setSuperuserStatus(username, Boolean.FALSE);
         
         //should get an empty list because dataset is already linked

From 8456b90a1cc015ff3f935217bdf79649f43f93c6 Mon Sep 17 00:00:00 2001
From: Stephen Kraffmiller <skraffmiller@hmdc.harvard.edu>
Date: Tue, 12 Aug 2025 15:30:32 -0400
Subject: [PATCH 085/634] Update native-api.rst

---
 doc/sphinx-guides/source/api/native-api.rst | 44 +++++++++++++++++++++
 1 file changed, 44 insertions(+)

diff --git a/doc/sphinx-guides/source/api/native-api.rst b/doc/sphinx-guides/source/api/native-api.rst
index 8de396e14b3..53270476437 100644
--- a/doc/sphinx-guides/source/api/native-api.rst
+++ b/doc/sphinx-guides/source/api/native-api.rst
@@ -732,6 +732,50 @@ Note: you must have "Add Dataset" permission in the given collection to invoke t
 
 .. _featured-collections:
 
+List Dataverse Collections that a given Dataset or Dataverse Collection may be linked to
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+The user may provide a search term to limit the list of Dataverse Collections returned
+The response is a JSON array of the ids, aliases, and names of the Dataverse collections that a given Dataset or Dataverse Collection may be linked to:
+
+For a given Dataverse Collection:
+
+.. code-block:: bash
+
+  export API_TOKEN=xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
+  export SERVER_URL=https://demo.dataverse.org
+  export OBJECT_TYPE=dataverse
+  export ID=collectionAlias
+  export SEARCH_TERM=searchOn
+
+  curl -H "X-Dataverse-key:$API_TOKEN" -X GET "$SERVER_URL/api/dataverses/$ID/$OBJECT_TYPE/linkingDataverses/$SEARCH_TERM" 
+
+The fully expanded example above (without environment variables) looks like this:
+
+.. code-block:: bash
+
+  curl -H "X-Dataverse-key:xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx" -X GET "https://demo.dataverse.org/api/dataverses/collectionAlias/dataverse/linkingDataverses/searchOn" 
+
+For a given Dataset:
+
+.. code-block:: bash
+
+  export API_TOKEN=xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
+  export SERVER_URL=https://demo.dataverse.org
+  export OBJECT_TYPE=dataset
+  export PERSISTENT_IDENTIFIER=doi:10.5072/FK2/J8SJZB
+  export SEARCH_TERM=searchOn
+
+  curl -H "X-Dataverse-key:$API_TOKEN" -X GET "$SERVER_URL/api/dataverses/:persistentId/$OBJECT_TYPE/linkingDataverses/$SEARCH_TERM?persistentId=$PERSISTENT_IDENTIFIER"" 
+
+The fully expanded example above (without environment variables) looks like this:
+
+.. code-block:: bash
+
+  curl -H "X-Dataverse-key:xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx" -X GET "https://demo.dataverse.org/api/dataverses/:persistentId/dataset/linkingDataverses/searchOn?persistentId=doi:10.5072/FK2/J8SJZB" 
+
+
+
 List Featured Collections for a Dataverse Collection
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

From bb74b24000878104063f0ddf816290388c8aafcc Mon Sep 17 00:00:00 2001
From: Stephen Kraffmiller <skraffmiller@hmdc.harvard.edu>
Date: Tue, 12 Aug 2025 15:32:50 -0400
Subject: [PATCH 086/634] Update native-api.rst

---
 doc/sphinx-guides/source/api/native-api.rst | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/doc/sphinx-guides/source/api/native-api.rst b/doc/sphinx-guides/source/api/native-api.rst
index 53270476437..9a861c353d7 100644
--- a/doc/sphinx-guides/source/api/native-api.rst
+++ b/doc/sphinx-guides/source/api/native-api.rst
@@ -732,11 +732,11 @@ Note: you must have "Add Dataset" permission in the given collection to invoke t
 
 .. _featured-collections:
 
-List Dataverse Collections that a given Dataset or Dataverse Collection may be linked to
-~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+List Dataverse Collections to which a given Dataset or Dataverse Collection may be linked
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
-The user may provide a search term to limit the list of Dataverse Collections returned
-The response is a JSON array of the ids, aliases, and names of the Dataverse collections that a given Dataset or Dataverse Collection may be linked to:
+The user may provide a search term to limit the list of Dataverse Collections returned.
+The response is a JSON array of the ids, aliases, and names of the Dataverse collections to which a given Dataset or Dataverse Collection may be linked:
 
 For a given Dataverse Collection:
 

From 01de521e93b58c5dd7cc89cc6edf5795a8d60434 Mon Sep 17 00:00:00 2001
From: Stephen Kraffmiller <skraffmiller@hmdc.harvard.edu>
Date: Tue, 12 Aug 2025 16:53:21 -0400
Subject: [PATCH 087/634] #11710 add test for partial search term

---
 .../edu/harvard/iq/dataverse/api/Dataverses.java     | 12 +++++++-----
 .../edu/harvard/iq/dataverse/api/DataversesIT.java   | 12 +++++++++++-
 2 files changed, 18 insertions(+), 6 deletions(-)

diff --git a/src/main/java/edu/harvard/iq/dataverse/api/Dataverses.java b/src/main/java/edu/harvard/iq/dataverse/api/Dataverses.java
index 8bfa3594602..4d11cc0152a 100644
--- a/src/main/java/edu/harvard/iq/dataverse/api/Dataverses.java
+++ b/src/main/java/edu/harvard/iq/dataverse/api/Dataverses.java
@@ -1771,14 +1771,16 @@ public Response linkDataverse(@Context ContainerRequestContext crc, @PathParam("
     public Response getLinkingDataverseList(@Context ContainerRequestContext crc, @PathParam("identifier") String dvIdtf, @PathParam("searchTerm") String searchTerm, @PathParam("type") String type){
         //first determine what you are linking based on identifier and type
 
-        try{
-           DvObject   dvObject = findDvoByIdAndTypeOrDie(dvIdtf, type);
-           List<Dataverse> dataversesForLinking = dataverseService.filterDataversesForLinking(searchTerm, createDataverseRequest(getRequestUser(crc)), dvObject);
-                JsonArrayBuilder dvBuilder = Json.createArrayBuilder();
+        try {
+            DvObject dvObject = findDvoByIdAndTypeOrDie(dvIdtf, type);
+            List<Dataverse> dataversesForLinking = dataverseService.filterDataversesForLinking(searchTerm, createDataverseRequest(getRequestUser(crc)), dvObject);
+            JsonArrayBuilder dvBuilder = Json.createArrayBuilder();
+            if (dataversesForLinking != null && !dataversesForLinking.isEmpty()) {
                 for (Dataverse dv : dataversesForLinking) {
                     dvBuilder.add(json(dv, true));
                 }
-                return ok(dvBuilder);        
+            }
+            return ok(dvBuilder);       
         } catch (WrappedResponse wr) {
             return wr.getResponse();
         } catch (Exception e){
diff --git a/src/test/java/edu/harvard/iq/dataverse/api/DataversesIT.java b/src/test/java/edu/harvard/iq/dataverse/api/DataversesIT.java
index 7782dea8fea..3967666d798 100644
--- a/src/test/java/edu/harvard/iq/dataverse/api/DataversesIT.java
+++ b/src/test/java/edu/harvard/iq/dataverse/api/DataversesIT.java
@@ -715,7 +715,17 @@ public void testGetLinkableDataverses(){
                 getLinkableDataverses.then().assertThat()
                 .statusCode(OK.getStatusCode())                
                 .body("data[0].alias", equalTo(dataverseAliasForLinking));  
-                
+                                        
+        //Should be able to get based on a partial alias...
+        // Partial must include the first part of the name
+        String searchTerm = dataverseAliasForLinking.substring(0, 5);
+            
+        Response getLinkableDataversesForDataversePartial = UtilIT.getLinkableDataverses("dataverse", dataverseAlias, apiToken, searchTerm);
+        getLinkableDataversesForDataversePartial.prettyPrint();
+                getLinkableDataversesForDataversePartial.then().assertThat()
+                .statusCode(OK.getStatusCode())                
+                .body("data[0].alias", equalTo(dataverseAliasForLinking));         
+                                
         // create new user and dataverse - the new dataverse should not be available to the first user for linking...
         Response createUserTwo = UtilIT.createRandomUser();
         String apiTokenTwo = UtilIT.getApiTokenFromResponse(createUserTwo);

From 9e391921948730c5d34663d2bd0bde74b34828df Mon Sep 17 00:00:00 2001
From: Stephen Kraffmiller <skraffmiller@hmdc.harvard.edu>
Date: Tue, 12 Aug 2025 16:56:34 -0400
Subject: [PATCH 088/634] Update native-api.rst

---
 doc/sphinx-guides/source/api/native-api.rst | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/doc/sphinx-guides/source/api/native-api.rst b/doc/sphinx-guides/source/api/native-api.rst
index 9a861c353d7..22a77cf0d4a 100644
--- a/doc/sphinx-guides/source/api/native-api.rst
+++ b/doc/sphinx-guides/source/api/native-api.rst
@@ -735,7 +735,7 @@ Note: you must have "Add Dataset" permission in the given collection to invoke t
 List Dataverse Collections to which a given Dataset or Dataverse Collection may be linked
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
-The user may provide a search term to limit the list of Dataverse Collections returned.
+The user must provide a search term to limit the list of Dataverse Collections returned. The search term will be compared to the name of the Dataverse Collections and must include the beginning of the Dataverse Collections' names.
 The response is a JSON array of the ids, aliases, and names of the Dataverse collections to which a given Dataset or Dataverse Collection may be linked:
 
 For a given Dataverse Collection:

From 3157b2461f789f059329f58c1bdc142573fab551 Mon Sep 17 00:00:00 2001
From: Stephen Kraffmiller <skraffmiller@hmdc.harvard.edu>
Date: Wed, 13 Aug 2025 10:32:35 -0400
Subject: [PATCH 089/634] Create 11710-get-available-dataverses-api.md

---
 doc/release-notes/11710-get-available-dataverses-api.md | 5 +++++
 1 file changed, 5 insertions(+)
 create mode 100644 doc/release-notes/11710-get-available-dataverses-api.md

diff --git a/doc/release-notes/11710-get-available-dataverses-api.md b/doc/release-notes/11710-get-available-dataverses-api.md
new file mode 100644
index 00000000000..6658d1d8fd5
--- /dev/null
+++ b/doc/release-notes/11710-get-available-dataverses-api.md
@@ -0,0 +1,5 @@
+### New API endpoint for retrieving a list of Dataverse Collections to which a given Dataset or Dataverse Collection may be linked
+
+-The end point also takes in a search term which currently must be the start of the collections' names.
+-The user calling this API must have Link Dataset or Link Dataverse permission on the Dataverse Collections returned.
+-If the Collection has already been linked to the given Dataset or Collection, it will not be returned.

From 250e0e4c46107f0de3d106579260786993402614 Mon Sep 17 00:00:00 2001
From: Stephen Kraffmiller <skraffmiller@hmdc.harvard.edu>
Date: Wed, 13 Aug 2025 10:45:31 -0400
Subject: [PATCH 090/634] #11710 add cleanup after tests

---
 .../iq/dataverse/api/DataversesIT.java        | 24 +++++++++++++++++++
 1 file changed, 24 insertions(+)

diff --git a/src/test/java/edu/harvard/iq/dataverse/api/DataversesIT.java b/src/test/java/edu/harvard/iq/dataverse/api/DataversesIT.java
index 3967666d798..34a5c6a6cec 100644
--- a/src/test/java/edu/harvard/iq/dataverse/api/DataversesIT.java
+++ b/src/test/java/edu/harvard/iq/dataverse/api/DataversesIT.java
@@ -729,6 +729,7 @@ public void testGetLinkableDataverses(){
         // create new user and dataverse - the new dataverse should not be available to the first user for linking...
         Response createUserTwo = UtilIT.createRandomUser();
         String apiTokenTwo = UtilIT.getApiTokenFromResponse(createUserTwo);
+        String usernameTwo = UtilIT.getUsernameFromResponse(createUserTwo);
         
         //Create dataverse that should be unavailable for linking
         Response createDataverseResponseUnavailableForLinking = UtilIT.createRandomDataverse(apiTokenTwo);
@@ -767,6 +768,29 @@ public void testGetLinkableDataverses(){
                 getLinkableDataverses.then().assertThat()
                 .statusCode(OK.getStatusCode())
                 .body("data.size()", equalTo(0));
+                
+    //set user api back to super user for cleanup
+        UtilIT.setSuperuserStatus(username, Boolean.TRUE);
+                
+                
+        // Clean up
+        Response destroyDatasetResponse = UtilIT.destroyDataset(datasetId, apiToken);
+        assertEquals(200, destroyDatasetResponse.getStatusCode());
+
+        Response deleteDataverseResponse = UtilIT.deleteDataverse(dataverseAlias, apiToken);
+        assertEquals(200, deleteDataverseResponse.getStatusCode());
+        
+        deleteDataverseResponse = UtilIT.deleteDataverse(dataverseAliasForLinking, apiToken);
+        assertEquals(200, deleteDataverseResponse.getStatusCode());
+        
+        deleteDataverseResponse = UtilIT.deleteDataverse(dataverseAliasUnavailableForLinking, apiToken);
+        assertEquals(200, deleteDataverseResponse.getStatusCode());
+        
+        Response deleteUserResponse = UtilIT.deleteUser(usernameTwo);
+        assertEquals(200, deleteUserResponse.getStatusCode()); 
+        
+        deleteUserResponse = UtilIT.deleteUser(username);
+        assertEquals(200, deleteUserResponse.getStatusCode());           
         
     }
 

From 9be5fb38f77b150f6a7d22be46cba109ac8e089f Mon Sep 17 00:00:00 2001
From: Stephen Kraffmiller <skraffmiller@hmdc.harvard.edu>
Date: Wed, 13 Aug 2025 14:21:17 -0400
Subject: [PATCH 091/634] Update native-api.rst

---
 doc/sphinx-guides/source/api/native-api.rst | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/doc/sphinx-guides/source/api/native-api.rst b/doc/sphinx-guides/source/api/native-api.rst
index 22a77cf0d4a..2cdcbc65eb4 100644
--- a/doc/sphinx-guides/source/api/native-api.rst
+++ b/doc/sphinx-guides/source/api/native-api.rst
@@ -766,7 +766,7 @@ For a given Dataset:
   export PERSISTENT_IDENTIFIER=doi:10.5072/FK2/J8SJZB
   export SEARCH_TERM=searchOn
 
-  curl -H "X-Dataverse-key:$API_TOKEN" -X GET "$SERVER_URL/api/dataverses/:persistentId/$OBJECT_TYPE/linkingDataverses/$SEARCH_TERM?persistentId=$PERSISTENT_IDENTIFIER"" 
+  curl -H "X-Dataverse-key:$API_TOKEN" -X GET "$SERVER_URL/api/dataverses/:persistentId/$OBJECT_TYPE/linkingDataverses/$SEARCH_TERM?persistentId=$PERSISTENT_IDENTIFIER" 
 
 The fully expanded example above (without environment variables) looks like this:
 

From d6404b9142d51b74a5e29fdb8aedbe6d1e1133e2 Mon Sep 17 00:00:00 2001
From: Stephen Kraffmiller <skraffmiller@hmdc.harvard.edu>
Date: Thu, 14 Aug 2025 16:55:47 -0400
Subject: [PATCH 092/634] #11387 update command to allow for leaving input
 levels alone

---
 .../impl/AbstractWriteDataverseCommand.java   |  8 ++-
 .../iq/dataverse/api/DataversesIT.java        | 53 ++++++++++++++++---
 .../edu/harvard/iq/dataverse/api/UtilIT.java  | 20 +++++++
 3 files changed, 73 insertions(+), 8 deletions(-)

diff --git a/src/main/java/edu/harvard/iq/dataverse/engine/command/impl/AbstractWriteDataverseCommand.java b/src/main/java/edu/harvard/iq/dataverse/engine/command/impl/AbstractWriteDataverseCommand.java
index 8227572da3b..e4fd5373c7d 100644
--- a/src/main/java/edu/harvard/iq/dataverse/engine/command/impl/AbstractWriteDataverseCommand.java
+++ b/src/main/java/edu/harvard/iq/dataverse/engine/command/impl/AbstractWriteDataverseCommand.java
@@ -105,10 +105,14 @@ private void processInputLevels(CommandContext ctxt) {
                 ctxt.fieldTypeInputLevels().deleteDataverseFieldTypeInputLevelFor(dataverse);
             } else {
                 dataverse.addInputLevelsMetadataBlocksIfNotPresent(inputLevels);
-                ctxt.fieldTypeInputLevels().deleteDataverseFieldTypeInputLevelFor(dataverse);
+                //if levels not empty either create or update (handled by save - update when id not null create if null)
                 inputLevels.forEach(inputLevel -> {
+                    DataverseFieldTypeInputLevel ftil = ctxt.fieldTypeInputLevels().findByDataverseIdDatasetFieldTypeId(dataverse.getId(), inputLevel.getDatasetFieldType().getId());
+                    if(ftil != null){
+                        inputLevel.setId(ftil.getId());
+                    }
                     inputLevel.setDataverse(dataverse);
-                    ctxt.fieldTypeInputLevels().create(inputLevel);
+                    ctxt.fieldTypeInputLevels().save(inputLevel);
                 });
             }
         }
diff --git a/src/test/java/edu/harvard/iq/dataverse/api/DataversesIT.java b/src/test/java/edu/harvard/iq/dataverse/api/DataversesIT.java
index 3e1a160c9f2..50f171de352 100644
--- a/src/test/java/edu/harvard/iq/dataverse/api/DataversesIT.java
+++ b/src/test/java/edu/harvard/iq/dataverse/api/DataversesIT.java
@@ -1255,6 +1255,45 @@ public void testUpdateInputLevels() {
         updateDataverseInputLevelsResponse.then().assertThat()
                 .body("message", equalTo("Error while updating dataverse input levels: Input level list cannot be null or empty"))
                 .statusCode(INTERNAL_SERVER_ERROR.getStatusCode());
+        
+        //Add new types and see that previously changed ones remain as before... #11387
+        testInputLevelNames = new String[]{"subtitle", "relatedMaterial"};
+       
+        testRequiredInputLevels = new boolean[] {false, false};
+        testIncludedInputLevels = new boolean[] {true, true};
+        boolean [] testDisplayOnCreate = new boolean[] {true, true};
+         updateDataverseInputLevelsResponse = UtilIT.updateDataverseInputLevels(dataverseAlias, testInputLevelNames, testRequiredInputLevels, testIncludedInputLevels, testDisplayOnCreate, apiToken);
+         actualInputLevelName = updateDataverseInputLevelsResponse.then().extract().path("data.inputLevels[0].datasetFieldTypeName");
+        int subtitleInputLevelIndex = actualInputLevelName.equals("subtitle") ? 0 : 1;
+        updateDataverseInputLevelsResponse.prettyPrint();
+        
+        updateDataverseInputLevelsResponse.then().assertThat()
+                .body(String.format("data.inputLevels[%d].include", subtitleInputLevelIndex), equalTo(true))
+                .body(String.format("data.inputLevels[%d].required", subtitleInputLevelIndex), equalTo(false))
+                .body(String.format("data.inputLevels[%d].displayOnCreate", subtitleInputLevelIndex), equalTo(true))
+                .body(String.format("data.inputLevels[%d].include", 1 - subtitleInputLevelIndex), equalTo(true))
+                .body(String.format("data.inputLevels[%d].required", 1 - subtitleInputLevelIndex), equalTo(false))
+                .body(String.format("data.inputLevels[%d].displayOnCreate", 1 - subtitleInputLevelIndex), equalTo(true))
+                .statusCode(OK.getStatusCode());
+         actualFieldTypeName1 = updateDataverseInputLevelsResponse.then().extract().path("data.inputLevels[0].datasetFieldTypeName");
+         actualFieldTypeName2 = updateDataverseInputLevelsResponse.then().extract().path("data.inputLevels[1].datasetFieldTypeName");
+        assertNotEquals(actualFieldTypeName1, actualFieldTypeName2);
+        assertThat(testInputLevelNames, hasItemInArray(actualFieldTypeName1));
+        assertThat(testInputLevelNames, hasItemInArray(actualFieldTypeName2));
+        
+ 
+        testInputLevelNames = new String[]{"subtitle", "otherReferences"};
+        testRequiredInputLevels = new boolean[] {false, false};
+        testIncludedInputLevels = new boolean[] {true, true};
+        testDisplayOnCreate = new boolean[] {false, true};
+        
+        updateDataverseInputLevelsResponse = UtilIT.updateDataverseInputLevels(dataverseAlias, testInputLevelNames, testRequiredInputLevels, testIncludedInputLevels, testDisplayOnCreate, apiToken);
+        updateDataverseInputLevelsResponse.prettyPrint();
+
+        updateDataverseInputLevelsResponse.then().assertThat()
+                .statusCode(OK.getStatusCode());
+      
+        
     }
 
     @Test
@@ -2274,14 +2313,16 @@ public void testUpdateInputLevelDisplayOnCreateOverride() {
                 .body("data[0].displayName", equalTo("Citation Metadata"))
                 .body("data.size()", equalTo(expectedOnlyDisplayedOnCreateNumberOfMetadataBlocks))
                 .body("data[0].fields.author.childFields.size()", is(4));
-        
+             
         updateResponse = UtilIT.updateDataverseInputLevelDisplayOnCreate(
-            dataverseAlias, "subtitle", false, apiToken);
+                dataverseAlias, "subtitle", false, apiToken);
+        String actualInputLevelName = updateResponse.then().extract().path("data.inputLevels[0].datasetFieldTypeName");
+        int subtitleIndex = actualInputLevelName.equals("subtitle") ? 0 : 1;
         updateResponse.then().assertThat()
-                .statusCode(OK.getStatusCode())
-                .body("data.inputLevels[0].displayOnCreate", equalTo(false))
-                .body("data.inputLevels[0].datasetFieldTypeName", equalTo("subtitle"));
-        
+                .body(String.format("data.inputLevels[%d].displayOnCreate", subtitleIndex), equalTo(false))
+                .body(String.format("data.inputLevels[%d].datasetFieldTypeName", subtitleIndex), equalTo("subtitle"))
+                .statusCode(OK.getStatusCode());
+
     }
 
     @Test
diff --git a/src/test/java/edu/harvard/iq/dataverse/api/UtilIT.java b/src/test/java/edu/harvard/iq/dataverse/api/UtilIT.java
index 24f2adbb3ed..8c858a17ec9 100644
--- a/src/test/java/edu/harvard/iq/dataverse/api/UtilIT.java
+++ b/src/test/java/edu/harvard/iq/dataverse/api/UtilIT.java
@@ -4578,6 +4578,18 @@ public static Response updateDataverseInputLevels(String dataverseAlias, String[
                 .contentType(ContentType.JSON)
                 .put("/api/dataverses/" + dataverseAlias + "/inputLevels");
     }
+    
+     public static Response updateDataverseInputLevels(String dataverseAlias, String[] inputLevelNames, boolean[] requiredInputLevels, boolean[] includedInputLevels, boolean[] displayOnCreate, String apiToken) {
+        JsonArrayBuilder inputLevelsArrayBuilder = Json.createArrayBuilder();
+        for (int i = 0; i < inputLevelNames.length; i++) {
+            inputLevelsArrayBuilder.add(createInputLevelObject(inputLevelNames[i], requiredInputLevels[i], includedInputLevels[i], displayOnCreate[i]));
+        }
+        return given()
+                .header(API_TOKEN_HTTP_HEADER, apiToken)
+                .body(inputLevelsArrayBuilder.build().toString())
+                .contentType(ContentType.JSON)
+                .put("/api/dataverses/" + dataverseAlias + "/inputLevels");
+    }
 
     private static JsonObjectBuilder createInputLevelObject(String name, boolean required, boolean include) {
         return Json.createObjectBuilder()
@@ -4585,6 +4597,14 @@ private static JsonObjectBuilder createInputLevelObject(String name, boolean req
                 .add("required", required)
                 .add("include", include);
     }
+    
+    private static JsonObjectBuilder createInputLevelObject(String name, boolean required, boolean include, boolean displayOnCreate) {
+        return Json.createObjectBuilder()
+                .add("datasetFieldTypeName", name)
+                .add("required", required)
+                .add("include", include)
+                .add("displayOnCreate", displayOnCreate);
+    }
 
     public static Response getOpenAPI(String accept, String format) {
         Response response = given()

From 2788a6d7e5d2959fef406c1dee47dc16081a7ab1 Mon Sep 17 00:00:00 2001
From: Stephen Kraffmiller <skraffmiller@hmdc.harvard.edu>
Date: Fri, 15 Aug 2025 10:42:46 -0400
Subject: [PATCH 093/634] #11387 update test; cleanup

---
 .../edu/harvard/iq/dataverse/api/DataversesIT.java    | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/src/test/java/edu/harvard/iq/dataverse/api/DataversesIT.java b/src/test/java/edu/harvard/iq/dataverse/api/DataversesIT.java
index 50f171de352..b07c3e4ffa0 100644
--- a/src/test/java/edu/harvard/iq/dataverse/api/DataversesIT.java
+++ b/src/test/java/edu/harvard/iq/dataverse/api/DataversesIT.java
@@ -1289,10 +1289,21 @@ public void testUpdateInputLevels() {
         
         updateDataverseInputLevelsResponse = UtilIT.updateDataverseInputLevels(dataverseAlias, testInputLevelNames, testRequiredInputLevels, testIncludedInputLevels, testDisplayOnCreate, apiToken);
         updateDataverseInputLevelsResponse.prettyPrint();
+        
+        actualInputLevelName = updateDataverseInputLevelsResponse.then().extract().path("data.inputLevels[0].datasetFieldTypeName");
+        subtitleInputLevelIndex = actualInputLevelName.equals("subtitle") ? 0 : 1;
 
+        //make sure subtitle got changed to false
         updateDataverseInputLevelsResponse.then().assertThat()
+                .body(String.format("data.inputLevels[%d].displayOnCreate", subtitleInputLevelIndex), equalTo(false))
                 .statusCode(OK.getStatusCode());
       
+        //make superuser for cleanup
+        String username = UtilIT.getUsernameFromResponse(createUserResponse);
+        UtilIT.setSuperuserStatus(username, Boolean.TRUE);
+        Response deleteDataverse1Response = UtilIT.deleteDataverse(dataverseAlias, apiToken);
+        deleteDataverse1Response.prettyPrint();
+        assertEquals(200, deleteDataverse1Response.getStatusCode());
         
     }
 

From 08dfd98b0bbc4165068bf077c952865db526770d Mon Sep 17 00:00:00 2001
From: Stephen Kraffmiller <skraffmiller@hmdc.harvard.edu>
Date: Fri, 15 Aug 2025 11:31:23 -0400
Subject: [PATCH 094/634] #11387 fix test

---
 .../engine/command/impl/CreateDataverseCommandTest.java         | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/test/java/edu/harvard/iq/dataverse/engine/command/impl/CreateDataverseCommandTest.java b/src/test/java/edu/harvard/iq/dataverse/engine/command/impl/CreateDataverseCommandTest.java
index 73880b78e7b..2d2fd943d4d 100644
--- a/src/test/java/edu/harvard/iq/dataverse/engine/command/impl/CreateDataverseCommandTest.java
+++ b/src/test/java/edu/harvard/iq/dataverse/engine/command/impl/CreateDataverseCommandTest.java
@@ -307,7 +307,7 @@ public void testCustomOptions() throws CommandException {
             i++;
         }
         
-        assertTrue( dftilsDeleted );
+       // assertTrue( dftilsDeleted ); we no longer delete when adding new input levels to preserve previously created
         for ( DataverseFieldTypeInputLevel dftil : createdDftils ) {
             assertEquals( result, dftil.getDataverse() );
         }

From 949b61758c7712cc91ab998c9f427e303b810bd9 Mon Sep 17 00:00:00 2001
From: Stephen Kraffmiller <skraffmiller@hmdc.harvard.edu>
Date: Fri, 15 Aug 2025 15:43:07 -0400
Subject: [PATCH 095/634] #11387 source format

---
 src/test/java/edu/harvard/iq/dataverse/api/DataversesIT.java | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/src/test/java/edu/harvard/iq/dataverse/api/DataversesIT.java b/src/test/java/edu/harvard/iq/dataverse/api/DataversesIT.java
index b07c3e4ffa0..36901548f2d 100644
--- a/src/test/java/edu/harvard/iq/dataverse/api/DataversesIT.java
+++ b/src/test/java/edu/harvard/iq/dataverse/api/DataversesIT.java
@@ -2324,9 +2324,8 @@ public void testUpdateInputLevelDisplayOnCreateOverride() {
                 .body("data[0].displayName", equalTo("Citation Metadata"))
                 .body("data.size()", equalTo(expectedOnlyDisplayedOnCreateNumberOfMetadataBlocks))
                 .body("data[0].fields.author.childFields.size()", is(4));
-             
-        updateResponse = UtilIT.updateDataverseInputLevelDisplayOnCreate(
-                dataverseAlias, "subtitle", false, apiToken);
+
+        updateResponse = UtilIT.updateDataverseInputLevelDisplayOnCreate(dataverseAlias, "subtitle", false, apiToken);
         String actualInputLevelName = updateResponse.then().extract().path("data.inputLevels[0].datasetFieldTypeName");
         int subtitleIndex = actualInputLevelName.equals("subtitle") ? 0 : 1;
         updateResponse.then().assertThat()

From a451f375b7bf9b497d997d1e188aef19b6ac6683 Mon Sep 17 00:00:00 2001
From: Stephen Kraffmiller <skraffmiller@hmdc.harvard.edu>
Date: Mon, 18 Aug 2025 15:32:50 -0400
Subject: [PATCH 096/634] #11710 change search term to query param

---
 src/main/java/edu/harvard/iq/dataverse/api/Dataverses.java | 4 ++--
 src/test/java/edu/harvard/iq/dataverse/api/UtilIT.java     | 4 ++--
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/src/main/java/edu/harvard/iq/dataverse/api/Dataverses.java b/src/main/java/edu/harvard/iq/dataverse/api/Dataverses.java
index 22f12ca06ff..b771275a112 100644
--- a/src/main/java/edu/harvard/iq/dataverse/api/Dataverses.java
+++ b/src/main/java/edu/harvard/iq/dataverse/api/Dataverses.java
@@ -1775,8 +1775,8 @@ public Response linkDataverse(@Context ContainerRequestContext crc, @PathParam("
     @GET
     @AuthRequired
     @Produces(MediaType.APPLICATION_JSON)
-    @Path("{identifier}/{type}/linkingDataverses/{searchTerm}")
-    public Response getLinkingDataverseList(@Context ContainerRequestContext crc, @PathParam("identifier") String dvIdtf, @PathParam("searchTerm") String searchTerm, @PathParam("type") String type){
+    @Path("{identifier}/{type}/linkingDataverses")
+    public Response getLinkingDataverseList(@Context ContainerRequestContext crc, @PathParam("identifier") String dvIdtf, @QueryParam("searchTerm") String searchTerm, @PathParam("type") String type){
         //first determine what you are linking based on identifier and type
 
         try {
diff --git a/src/test/java/edu/harvard/iq/dataverse/api/UtilIT.java b/src/test/java/edu/harvard/iq/dataverse/api/UtilIT.java
index f28c0b3e640..fc2adc16682 100644
--- a/src/test/java/edu/harvard/iq/dataverse/api/UtilIT.java
+++ b/src/test/java/edu/harvard/iq/dataverse/api/UtilIT.java
@@ -4781,13 +4781,13 @@ static Response getLinkableDataverses (String type, String dvObjectId, String ap
         if (type.equals("dataset")) {
             if (!NumberUtils.isCreatable(idInPath)) {
                 idInPath = ":persistentId";
-                optionalQueryParam = "?persistentId=" + dvObjectId;
+                optionalQueryParam = "&persistentId=" + dvObjectId;
             }
         }
 
         return given()
                 .header(API_TOKEN_HTTP_HEADER, apiToken)
-                .get("/api/dataverses/" + idInPath + "/" + type + "/linkingDataverses/" + searchTerm + optionalQueryParam);
+                .get("/api/dataverses/" + idInPath + "/" + type + "/linkingDataverses?searchTerm=" + searchTerm + optionalQueryParam);
 
     }
     static Response updateDataverseFeaturedItem(long featuredItemId,

From 645dd38079c39632b0c07d6b5f8721fa0a2d63ad Mon Sep 17 00:00:00 2001
From: Stephen Kraffmiller <skraffmiller@hmdc.harvard.edu>
Date: Mon, 18 Aug 2025 16:12:04 -0400
Subject: [PATCH 097/634] #11710 test for empty search

---
 .../edu/harvard/iq/dataverse/DataverseServiceBean.java   | 4 ++++
 .../java/edu/harvard/iq/dataverse/api/DataversesIT.java  | 9 +++++++++
 2 files changed, 13 insertions(+)

diff --git a/src/main/java/edu/harvard/iq/dataverse/DataverseServiceBean.java b/src/main/java/edu/harvard/iq/dataverse/DataverseServiceBean.java
index b8ce8cb1a6b..6e3a3dcc1c8 100644
--- a/src/main/java/edu/harvard/iq/dataverse/DataverseServiceBean.java
+++ b/src/main/java/edu/harvard/iq/dataverse/DataverseServiceBean.java
@@ -535,6 +535,10 @@ public List<Dataverse> filterDataversesForLinking(String query, DataverseRequest
             });
         }
         
+        if (dvo instanceof Dataverse dataverse){
+            remove.add(dataverse);
+        }
+        
         for (Dataverse res : results) {
             if (!remove.contains(res)) {
                 if ((linkedDataset != null && this.permissionService.requestOn(req, res).has(Permission.LinkDataset))
diff --git a/src/test/java/edu/harvard/iq/dataverse/api/DataversesIT.java b/src/test/java/edu/harvard/iq/dataverse/api/DataversesIT.java
index 34a5c6a6cec..167aa4ad756 100644
--- a/src/test/java/edu/harvard/iq/dataverse/api/DataversesIT.java
+++ b/src/test/java/edu/harvard/iq/dataverse/api/DataversesIT.java
@@ -721,6 +721,15 @@ public void testGetLinkableDataverses(){
         String searchTerm = dataverseAliasForLinking.substring(0, 5);
             
         Response getLinkableDataversesForDataversePartial = UtilIT.getLinkableDataverses("dataverse", dataverseAlias, apiToken, searchTerm);
+        getLinkableDataversesForDataversePartial.prettyPrint();
+                getLinkableDataversesForDataversePartial.then().assertThat()
+                .statusCode(OK.getStatusCode())                
+                .body("data[0].alias", equalTo(dataverseAliasForLinking));  
+                
+                
+        //Try with empty string search term        
+        searchTerm = "";
+        getLinkableDataversesForDataversePartial = UtilIT.getLinkableDataverses("dataverse", dataverseAlias, apiToken, searchTerm);
         getLinkableDataversesForDataversePartial.prettyPrint();
                 getLinkableDataversesForDataversePartial.then().assertThat()
                 .statusCode(OK.getStatusCode())                

From 694cd3431cf4fc5c92e405551d873df1242dd8bb Mon Sep 17 00:00:00 2001
From: Stephen Kraffmiller <skraffmiller@hmdc.harvard.edu>
Date: Tue, 19 Aug 2025 10:13:03 -0400
Subject: [PATCH 098/634] Update native-api.rst

---
 doc/sphinx-guides/source/api/native-api.rst | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/doc/sphinx-guides/source/api/native-api.rst b/doc/sphinx-guides/source/api/native-api.rst
index 2e0d7a6f230..0a208967f07 100644
--- a/doc/sphinx-guides/source/api/native-api.rst
+++ b/doc/sphinx-guides/source/api/native-api.rst
@@ -735,7 +735,7 @@ Note: you must have "Add Dataset" permission in the given collection to invoke t
 List Dataverse Collections to which a given Dataset or Dataverse Collection may be linked
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
-The user must provide a search term to limit the list of Dataverse Collections returned. The search term will be compared to the name of the Dataverse Collections and must include the beginning of the Dataverse Collections' names.
+The user may provide a search term to limit the list of Dataverse Collections returned. The search term will be compared to the name of the Dataverse Collections and must include the beginning of the Dataverse Collections' names.
 The response is a JSON array of the ids, aliases, and names of the Dataverse collections to which a given Dataset or Dataverse Collection may be linked:
 
 For a given Dataverse Collection:
@@ -748,13 +748,13 @@ For a given Dataverse Collection:
   export ID=collectionAlias
   export SEARCH_TERM=searchOn
 
-  curl -H "X-Dataverse-key:$API_TOKEN" -X GET "$SERVER_URL/api/dataverses/$ID/$OBJECT_TYPE/linkingDataverses/$SEARCH_TERM" 
+  curl -H "X-Dataverse-key:$API_TOKEN" -X GET "$SERVER_URL/api/dataverses/$ID/$OBJECT_TYPE/linkingDataverses?searchTerm=$SEARCH_TERM" 
 
 The fully expanded example above (without environment variables) looks like this:
 
 .. code-block:: bash
 
-  curl -H "X-Dataverse-key:xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx" -X GET "https://demo.dataverse.org/api/dataverses/collectionAlias/dataverse/linkingDataverses/searchOn" 
+  curl -H "X-Dataverse-key:xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx" -X GET "https://demo.dataverse.org/api/dataverses/collectionAlias/dataverse/linkingDataverses?searchTerm=searchOn" 
 
 For a given Dataset:
 
@@ -766,13 +766,13 @@ For a given Dataset:
   export PERSISTENT_IDENTIFIER=doi:10.5072/FK2/J8SJZB
   export SEARCH_TERM=searchOn
 
-  curl -H "X-Dataverse-key:$API_TOKEN" -X GET "$SERVER_URL/api/dataverses/:persistentId/$OBJECT_TYPE/linkingDataverses/$SEARCH_TERM?persistentId=$PERSISTENT_IDENTIFIER" 
+  curl -H "X-Dataverse-key:$API_TOKEN" -X GET "$SERVER_URL/api/dataverses/:persistentId/$OBJECT_TYPE/linkingDataverses?searchTerm=SEARCH_TERM&persistentId=$PERSISTENT_IDENTIFIER" 
 
 The fully expanded example above (without environment variables) looks like this:
 
 .. code-block:: bash
 
-  curl -H "X-Dataverse-key:xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx" -X GET "https://demo.dataverse.org/api/dataverses/:persistentId/dataset/linkingDataverses/searchOn?persistentId=doi:10.5072/FK2/J8SJZB" 
+  curl -H "X-Dataverse-key:xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx" -X GET "https://demo.dataverse.org/api/dataverses/:persistentId/dataset/linkingDataverses?searchTerm=searchOn&persistentId=doi:10.5072/FK2/J8SJZB" 
 
 
 

From 2644fc73dbeeb7abf8acebb601781403f4e7eb9c Mon Sep 17 00:00:00 2001
From: Stephen Kraffmiller <skraffmiller@hmdc.harvard.edu>
Date: Tue, 19 Aug 2025 15:38:02 -0400
Subject: [PATCH 099/634] #11387 get actual index for test

---
 .../java/edu/harvard/iq/dataverse/api/DataversesIT.java  | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

diff --git a/src/test/java/edu/harvard/iq/dataverse/api/DataversesIT.java b/src/test/java/edu/harvard/iq/dataverse/api/DataversesIT.java
index 36901548f2d..e851134a8c7 100644
--- a/src/test/java/edu/harvard/iq/dataverse/api/DataversesIT.java
+++ b/src/test/java/edu/harvard/iq/dataverse/api/DataversesIT.java
@@ -2306,12 +2306,15 @@ public void testUpdateInputLevelDisplayOnCreateOverride() {
                 .body("data.inputLevels[0].displayOnCreate", equalTo(true))
                 .body("data.inputLevels[0].datasetFieldTypeName", equalTo("notesText"));
         
+        String actualInputLevelName = updateResponse.then().extract().path("data.inputLevels[0].datasetFieldTypeName");        
+        int subtitleInputLevelIndex = actualInputLevelName.equals("subtitle") ? 0 : 1;
+        
         updateResponse = UtilIT.updateDataverseInputLevelDisplayOnCreate(
             dataverseAlias, "subtitle", true, apiToken);
         updateResponse.then().assertThat()
                 .statusCode(OK.getStatusCode())
-                .body("data.inputLevels[0].displayOnCreate", equalTo(true))
-                .body("data.inputLevels[0].datasetFieldTypeName", equalTo("subtitle"));
+                .body(String.format("data.inputLevels[%d].displayOnCreate", subtitleInputLevelIndex), equalTo(true))
+                .body(String.format("data.inputLevels[%d].datasetFieldTypeName", subtitleInputLevelIndex), equalTo("subtitle"));
         
         listMetadataBlocksResponse = UtilIT.listMetadataBlocks(dataverseAlias, true, true, apiToken);
         listMetadataBlocksResponse.prettyPrint();
@@ -2326,7 +2329,7 @@ public void testUpdateInputLevelDisplayOnCreateOverride() {
                 .body("data[0].fields.author.childFields.size()", is(4));
 
         updateResponse = UtilIT.updateDataverseInputLevelDisplayOnCreate(dataverseAlias, "subtitle", false, apiToken);
-        String actualInputLevelName = updateResponse.then().extract().path("data.inputLevels[0].datasetFieldTypeName");
+        actualInputLevelName = updateResponse.then().extract().path("data.inputLevels[0].datasetFieldTypeName");
         int subtitleIndex = actualInputLevelName.equals("subtitle") ? 0 : 1;
         updateResponse.then().assertThat()
                 .body(String.format("data.inputLevels[%d].displayOnCreate", subtitleIndex), equalTo(false))

From a9f7f078b76bd2681b4fcb79ac6f62fed8984b26 Mon Sep 17 00:00:00 2001
From: Stephen Kraffmiller <skraffmiller@hmdc.harvard.edu>
Date: Tue, 19 Aug 2025 17:04:16 -0400
Subject: [PATCH 100/634] #11387 fix get index for test

---
 .../java/edu/harvard/iq/dataverse/api/DataversesIT.java   | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/src/test/java/edu/harvard/iq/dataverse/api/DataversesIT.java b/src/test/java/edu/harvard/iq/dataverse/api/DataversesIT.java
index e851134a8c7..17256d3317b 100644
--- a/src/test/java/edu/harvard/iq/dataverse/api/DataversesIT.java
+++ b/src/test/java/edu/harvard/iq/dataverse/api/DataversesIT.java
@@ -2306,11 +2306,13 @@ public void testUpdateInputLevelDisplayOnCreateOverride() {
                 .body("data.inputLevels[0].displayOnCreate", equalTo(true))
                 .body("data.inputLevels[0].datasetFieldTypeName", equalTo("notesText"));
         
-        String actualInputLevelName = updateResponse.then().extract().path("data.inputLevels[0].datasetFieldTypeName");        
-        int subtitleInputLevelIndex = actualInputLevelName.equals("subtitle") ? 0 : 1;
-        
+
         updateResponse = UtilIT.updateDataverseInputLevelDisplayOnCreate(
             dataverseAlias, "subtitle", true, apiToken);
+        
+        String actualInputLevelName = updateResponse.then().extract().path("data.inputLevels[0].datasetFieldTypeName");        
+        int subtitleInputLevelIndex = actualInputLevelName.equals("subtitle") ? 0 : 1;
+        updateResponse.prettyPrint();
         updateResponse.then().assertThat()
                 .statusCode(OK.getStatusCode())
                 .body(String.format("data.inputLevels[%d].displayOnCreate", subtitleInputLevelIndex), equalTo(true))

From 04f6534e4da7a3ff373fe9e72fb1aba371fbf97c Mon Sep 17 00:00:00 2001
From: Stephen Kraffmiller <skraffmiller@hmdc.harvard.edu>
Date: Wed, 20 Aug 2025 11:20:58 -0400
Subject: [PATCH 101/634] #11387 guard against differing json array in test

---
 .../iq/dataverse/api/DataversesIT.java        | 28 +++++++++++++------
 1 file changed, 20 insertions(+), 8 deletions(-)

diff --git a/src/test/java/edu/harvard/iq/dataverse/api/DataversesIT.java b/src/test/java/edu/harvard/iq/dataverse/api/DataversesIT.java
index 17256d3317b..e650cd11f6f 100644
--- a/src/test/java/edu/harvard/iq/dataverse/api/DataversesIT.java
+++ b/src/test/java/edu/harvard/iq/dataverse/api/DataversesIT.java
@@ -1261,19 +1261,31 @@ public void testUpdateInputLevels() {
        
         testRequiredInputLevels = new boolean[] {false, false};
         testIncludedInputLevels = new boolean[] {true, true};
-        boolean [] testDisplayOnCreate = new boolean[] {true, true};
+        boolean [] testDisplayOnCreate = new boolean[] {true, false};
          updateDataverseInputLevelsResponse = UtilIT.updateDataverseInputLevels(dataverseAlias, testInputLevelNames, testRequiredInputLevels, testIncludedInputLevels, testDisplayOnCreate, apiToken);
-         actualInputLevelName = updateDataverseInputLevelsResponse.then().extract().path("data.inputLevels[0].datasetFieldTypeName");
-        int subtitleInputLevelIndex = actualInputLevelName.equals("subtitle") ? 0 : 1;
-        updateDataverseInputLevelsResponse.prettyPrint();
-        
+         updateDataverseInputLevelsResponse.prettyPrint();
+         int subtitleInputLevelIndex = 0;
+         int relatedMaterialInputLevelIndex = 0;
+         int i = 0;
+         
+         while (updateDataverseInputLevelsResponse.then().extract().path(String.format("data.inputLevels[%d].datasetFieldTypeName", i)) != null){
+             actualInputLevelName = updateDataverseInputLevelsResponse.then().extract().path(String.format("data.inputLevels[%d].datasetFieldTypeName", i)).toString();
+             if (actualInputLevelName.equals("subtitle")){
+                 subtitleInputLevelIndex = i;
+             }
+             if (actualInputLevelName.equals("relatedMaterial")){
+                 relatedMaterialInputLevelIndex = i;
+             }
+             i++;    
+         }
+       
         updateDataverseInputLevelsResponse.then().assertThat()
                 .body(String.format("data.inputLevels[%d].include", subtitleInputLevelIndex), equalTo(true))
                 .body(String.format("data.inputLevels[%d].required", subtitleInputLevelIndex), equalTo(false))
                 .body(String.format("data.inputLevels[%d].displayOnCreate", subtitleInputLevelIndex), equalTo(true))
-                .body(String.format("data.inputLevels[%d].include", 1 - subtitleInputLevelIndex), equalTo(true))
-                .body(String.format("data.inputLevels[%d].required", 1 - subtitleInputLevelIndex), equalTo(false))
-                .body(String.format("data.inputLevels[%d].displayOnCreate", 1 - subtitleInputLevelIndex), equalTo(true))
+                .body(String.format("data.inputLevels[%d].include", relatedMaterialInputLevelIndex), equalTo(true))
+                .body(String.format("data.inputLevels[%d].required", relatedMaterialInputLevelIndex), equalTo(false))
+                .body(String.format("data.inputLevels[%d].displayOnCreate", relatedMaterialInputLevelIndex), equalTo(false))
                 .statusCode(OK.getStatusCode());
          actualFieldTypeName1 = updateDataverseInputLevelsResponse.then().extract().path("data.inputLevels[0].datasetFieldTypeName");
          actualFieldTypeName2 = updateDataverseInputLevelsResponse.then().extract().path("data.inputLevels[1].datasetFieldTypeName");

From e001ff048dcb7593acbc2b7b44a46aef8eded424 Mon Sep 17 00:00:00 2001
From: Stephen Kraffmiller <skraffmiller@hmdc.harvard.edu>
Date: Wed, 20 Aug 2025 13:26:27 -0400
Subject: [PATCH 102/634] #11387 more array testing fun

---
 .../iq/dataverse/api/DataversesIT.java        | 23 +++++++++++++++----
 1 file changed, 18 insertions(+), 5 deletions(-)

diff --git a/src/test/java/edu/harvard/iq/dataverse/api/DataversesIT.java b/src/test/java/edu/harvard/iq/dataverse/api/DataversesIT.java
index e650cd11f6f..682b2ddc8a3 100644
--- a/src/test/java/edu/harvard/iq/dataverse/api/DataversesIT.java
+++ b/src/test/java/edu/harvard/iq/dataverse/api/DataversesIT.java
@@ -1287,8 +1287,9 @@ public void testUpdateInputLevels() {
                 .body(String.format("data.inputLevels[%d].required", relatedMaterialInputLevelIndex), equalTo(false))
                 .body(String.format("data.inputLevels[%d].displayOnCreate", relatedMaterialInputLevelIndex), equalTo(false))
                 .statusCode(OK.getStatusCode());
-         actualFieldTypeName1 = updateDataverseInputLevelsResponse.then().extract().path("data.inputLevels[0].datasetFieldTypeName");
-         actualFieldTypeName2 = updateDataverseInputLevelsResponse.then().extract().path("data.inputLevels[1].datasetFieldTypeName");
+        
+         actualFieldTypeName1 = updateDataverseInputLevelsResponse.then().extract().path(String.format("data.inputLevels[%d].datasetFieldTypeName", subtitleInputLevelIndex));
+         actualFieldTypeName2 = updateDataverseInputLevelsResponse.then().extract().path(String.format("data.inputLevels[%d].datasetFieldTypeName", relatedMaterialInputLevelIndex));
         assertNotEquals(actualFieldTypeName1, actualFieldTypeName2);
         assertThat(testInputLevelNames, hasItemInArray(actualFieldTypeName1));
         assertThat(testInputLevelNames, hasItemInArray(actualFieldTypeName2));
@@ -1302,9 +1303,21 @@ public void testUpdateInputLevels() {
         updateDataverseInputLevelsResponse = UtilIT.updateDataverseInputLevels(dataverseAlias, testInputLevelNames, testRequiredInputLevels, testIncludedInputLevels, testDisplayOnCreate, apiToken);
         updateDataverseInputLevelsResponse.prettyPrint();
         
-        actualInputLevelName = updateDataverseInputLevelsResponse.then().extract().path("data.inputLevels[0].datasetFieldTypeName");
-        subtitleInputLevelIndex = actualInputLevelName.equals("subtitle") ? 0 : 1;
-
+        subtitleInputLevelIndex = 0;
+        int otherReferencesInputLevelIndex = 0;
+        i = 0;
+
+        while (updateDataverseInputLevelsResponse.then().extract().path(String.format("data.inputLevels[%d].datasetFieldTypeName", i)) != null) {
+            actualInputLevelName = updateDataverseInputLevelsResponse.then().extract().path(String.format("data.inputLevels[%d].datasetFieldTypeName", i)).toString();
+            if (actualInputLevelName.equals("subtitle")) {
+                subtitleInputLevelIndex = i;
+            }
+            if (actualInputLevelName.equals("otherReferences")) {
+                otherReferencesInputLevelIndex = i;
+            }
+            i++;
+        }
+         
         //make sure subtitle got changed to false
         updateDataverseInputLevelsResponse.then().assertThat()
                 .body(String.format("data.inputLevels[%d].displayOnCreate", subtitleInputLevelIndex), equalTo(false))

From de9f68768555affdad2ef0e2d193e362246c6de4 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Fri, 22 Aug 2025 00:11:29 +0000
Subject: [PATCH 103/634] Bump actions/setup-java from 4 to 5

Bumps [actions/setup-java](https://github.com/actions/setup-java) from 4 to 5.
- [Release notes](https://github.com/actions/setup-java/releases)
- [Commits](https://github.com/actions/setup-java/compare/v4...v5)

---
updated-dependencies:
- dependency-name: actions/setup-java
  dependency-version: '5'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 .github/workflows/container_app_pr.yml       | 2 +-
 .github/workflows/deploy_beta_testing.yml    | 2 +-
 .github/workflows/maven_cache_management.yml | 2 +-
 .github/workflows/maven_unit_test.yml        | 6 +++---
 .github/workflows/spi_release.yml            | 6 +++---
 5 files changed, 9 insertions(+), 9 deletions(-)

diff --git a/.github/workflows/container_app_pr.yml b/.github/workflows/container_app_pr.yml
index a4c52805156..b9f9fc6a51c 100644
--- a/.github/workflows/container_app_pr.yml
+++ b/.github/workflows/container_app_pr.yml
@@ -23,7 +23,7 @@ jobs:
             - uses: actions/checkout@v4
               with:
                   ref: 'refs/pull/${{ github.event.client_payload.pull_request.number }}/merge'
-            - uses: actions/setup-java@v4
+            - uses: actions/setup-java@v5
               with:
                   java-version: "17"
                   distribution: 'adopt'
diff --git a/.github/workflows/deploy_beta_testing.yml b/.github/workflows/deploy_beta_testing.yml
index 7a236a316fb..dc49c51e9d3 100644
--- a/.github/workflows/deploy_beta_testing.yml
+++ b/.github/workflows/deploy_beta_testing.yml
@@ -16,7 +16,7 @@ jobs:
     steps:
       - uses: actions/checkout@v4
 
-      - uses: actions/setup-java@v4
+      - uses: actions/setup-java@v5
         with:
           distribution: 'zulu'
           java-version: '17'
diff --git a/.github/workflows/maven_cache_management.yml b/.github/workflows/maven_cache_management.yml
index fedf63b7c54..8099119760d 100644
--- a/.github/workflows/maven_cache_management.yml
+++ b/.github/workflows/maven_cache_management.yml
@@ -36,7 +36,7 @@ jobs:
             - name: Determine Java version from Parent POM
               run: echo "JAVA_VERSION=$(grep '<target.java.version>' modules/dataverse-parent/pom.xml | cut -f2 -d'>' | cut -f1 -d'<')" >> ${GITHUB_ENV}
             - name: Set up JDK ${{ env.JAVA_VERSION }}
-              uses: actions/setup-java@v4
+              uses: actions/setup-java@v5
               with:
                   java-version: ${{ env.JAVA_VERSION }}
                   distribution: temurin
diff --git a/.github/workflows/maven_unit_test.yml b/.github/workflows/maven_unit_test.yml
index f0cf461d8e6..5335efc2c76 100644
--- a/.github/workflows/maven_unit_test.yml
+++ b/.github/workflows/maven_unit_test.yml
@@ -39,7 +39,7 @@ jobs:
           # Basic setup chores
           - uses: actions/checkout@v4
           - name: Set up JDK ${{ matrix.jdk }}
-            uses: actions/setup-java@v4
+            uses: actions/setup-java@v5
             with:
                 java-version: ${{ matrix.jdk }}
                 distribution: temurin
@@ -105,7 +105,7 @@ jobs:
             # Basic setup chores
             - uses: actions/checkout@v4
             - name: Set up JDK ${{ matrix.jdk }}
-              uses: actions/setup-java@v4
+              uses: actions/setup-java@v5
               with:
                   java-version: ${{ matrix.jdk }}
                   distribution: temurin
@@ -138,7 +138,7 @@ jobs:
             # TODO: As part of #10618 change to setup-maven custom action
             # Basic setup chores
           - uses: actions/checkout@v4
-          - uses: actions/setup-java@v4
+          - uses: actions/setup-java@v5
             with:
                 java-version: '17'
                 distribution: temurin
diff --git a/.github/workflows/spi_release.yml b/.github/workflows/spi_release.yml
index 6398edca412..1c896aaff6f 100644
--- a/.github/workflows/spi_release.yml
+++ b/.github/workflows/spi_release.yml
@@ -38,7 +38,7 @@ jobs:
         if: github.event_name == 'pull_request' && needs.check-secrets.outputs.available == 'true'
         steps:
             - uses: actions/checkout@v4
-            - uses: actions/setup-java@v4
+            - uses: actions/setup-java@v5
               with:
                   java-version: '17'
                   distribution: 'adopt'
@@ -64,7 +64,7 @@ jobs:
         if: github.event_name == 'push' && needs.check-secrets.outputs.available == 'true'
         steps:
             -   uses: actions/checkout@v4
-            -   uses: actions/setup-java@v4
+            -   uses: actions/setup-java@v5
                 with:
                     java-version: '17'
                     distribution: 'adopt'
@@ -76,7 +76,7 @@ jobs:
 
             # Running setup-java again overwrites the settings.xml - IT'S MANDATORY TO DO THIS SECOND SETUP!!!
             -   name: Set up Maven Central Repository
-                uses: actions/setup-java@v4
+                uses: actions/setup-java@v5
                 with:
                     java-version: '17'
                     distribution: 'adopt'

From 9d24e0946bea91110b6f25c809133ee2aafb14bb Mon Sep 17 00:00:00 2001
From: Florian Fritze <florian.fritze@ub.uni-stuttgart.de>
Date: Thu, 21 Aug 2025 15:33:33 +0200
Subject: [PATCH 104/634] integer detection for array access

---
 .../edu/harvard/iq/dataverse/DatasetFieldServiceBean.java | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/src/main/java/edu/harvard/iq/dataverse/DatasetFieldServiceBean.java b/src/main/java/edu/harvard/iq/dataverse/DatasetFieldServiceBean.java
index dce7a98fd75..49fdafd2f5e 100644
--- a/src/main/java/edu/harvard/iq/dataverse/DatasetFieldServiceBean.java
+++ b/src/main/java/edu/harvard/iq/dataverse/DatasetFieldServiceBean.java
@@ -764,7 +764,13 @@ Object processPathSegment(int index, String[] pathParts, JsonValue curPath, Stri
                 }
 
             } else {
-                curPath = ((JsonObject) curPath).get(pathParts[index]);
+                try {
+                    int indexNumber = Integer.parseInt(pathParts[index]);
+                    curPath = ((JsonObject) curPath).get(indexNumber);
+                } catch (NumberFormatException nfe) {
+                    curPath = ((JsonObject) curPath).get(pathParts[index]);
+                }
+                // curPath = ((JsonObject) curPath).get(pathParts[index]);
                 logger.fine("Found next Path object " + curPath.toString());
                 return processPathSegment(index + 1, pathParts, curPath, termUri);
             }

From 894d3d5b2ea4eba018c55c7c074a2ca527819835 Mon Sep 17 00:00:00 2001
From: Florian Fritze <florian.fritze@ub.uni-stuttgart.de>
Date: Fri, 22 Aug 2025 07:27:25 +0200
Subject: [PATCH 105/634] first check if it's a number

---
 .../iq/dataverse/DatasetFieldServiceBean.java       | 13 +++++++++----
 1 file changed, 9 insertions(+), 4 deletions(-)

diff --git a/src/main/java/edu/harvard/iq/dataverse/DatasetFieldServiceBean.java b/src/main/java/edu/harvard/iq/dataverse/DatasetFieldServiceBean.java
index 49fdafd2f5e..35b34c8d3a5 100644
--- a/src/main/java/edu/harvard/iq/dataverse/DatasetFieldServiceBean.java
+++ b/src/main/java/edu/harvard/iq/dataverse/DatasetFieldServiceBean.java
@@ -43,6 +43,7 @@
 import jakarta.persistence.criteria.*;
 import org.apache.commons.codec.digest.DigestUtils;
 import org.apache.commons.lang3.StringUtils;
+import org.apache.commons.lang3.math.NumberUtils;
 import org.apache.http.HttpResponse;
 import org.apache.http.HttpResponseInterceptor;
 import org.apache.http.client.methods.HttpGet;
@@ -764,10 +765,14 @@ Object processPathSegment(int index, String[] pathParts, JsonValue curPath, Stri
                 }
 
             } else {
-                try {
-                    int indexNumber = Integer.parseInt(pathParts[index]);
-                    curPath = ((JsonObject) curPath).get(indexNumber);
-                } catch (NumberFormatException nfe) {
+                if (NumberUtils.isCreatable(pathParts[index])) {
+                    try {
+                        int indexNumber = Integer.parseInt(pathParts[index]);
+                        curPath = ((JsonObject) curPath).get(indexNumber);
+                    } catch (NumberFormatException nfe) {
+                        logger.fine("Please provide a valid integer number " + pathParts[index]);
+                    }
+                } else {
                     curPath = ((JsonObject) curPath).get(pathParts[index]);
                 }
                 // curPath = ((JsonObject) curPath).get(pathParts[index]);

From 69e5a349f3cd44f28b86ff0e1dac4ba5eb71f803 Mon Sep 17 00:00:00 2001
From: Florian Fritze <florian.fritze@ub.uni-stuttgart.de>
Date: Fri, 22 Aug 2025 08:03:34 +0200
Subject: [PATCH 106/634] JsonArray fix

---
 .../java/edu/harvard/iq/dataverse/DatasetFieldServiceBean.java  | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/main/java/edu/harvard/iq/dataverse/DatasetFieldServiceBean.java b/src/main/java/edu/harvard/iq/dataverse/DatasetFieldServiceBean.java
index 35b34c8d3a5..244e7f959d8 100644
--- a/src/main/java/edu/harvard/iq/dataverse/DatasetFieldServiceBean.java
+++ b/src/main/java/edu/harvard/iq/dataverse/DatasetFieldServiceBean.java
@@ -768,7 +768,7 @@ Object processPathSegment(int index, String[] pathParts, JsonValue curPath, Stri
                 if (NumberUtils.isCreatable(pathParts[index])) {
                     try {
                         int indexNumber = Integer.parseInt(pathParts[index]);
-                        curPath = ((JsonObject) curPath).get(indexNumber);
+                        curPath = ((JsonArray) curPath).get(indexNumber);
                     } catch (NumberFormatException nfe) {
                         logger.fine("Please provide a valid integer number " + pathParts[index]);
                     }

From 5c1ce14f5abae0ce350ca113caa5deb89153794b Mon Sep 17 00:00:00 2001
From: Stephen Kraffmiller <skraffmiller@hmdc.harvard.edu>
Date: Tue, 26 Aug 2025 11:33:42 -0400
Subject: [PATCH 107/634] #11719 combine perms and search filter for query

---
 .../iq/dataverse/DataverseServiceBean.java    | 41 +++++++++++++++++++
 .../iq/dataverse/PermissionServiceBean.java   | 24 +++++++++--
 .../harvard/iq/dataverse/api/Dataverses.java  | 18 +++++++-
 .../iq/dataverse/api/DataversesIT.java        | 17 ++++++--
 4 files changed, 91 insertions(+), 9 deletions(-)

diff --git a/src/main/java/edu/harvard/iq/dataverse/DataverseServiceBean.java b/src/main/java/edu/harvard/iq/dataverse/DataverseServiceBean.java
index 6e3a3dcc1c8..85d4179a6d9 100644
--- a/src/main/java/edu/harvard/iq/dataverse/DataverseServiceBean.java
+++ b/src/main/java/edu/harvard/iq/dataverse/DataverseServiceBean.java
@@ -550,6 +550,47 @@ public List<Dataverse> filterDataversesForLinking(String query, DataverseRequest
 
         return dataverseList;
     }
+    
+    
+    public List<Dataverse> removeUnlinkableDataverses (List<Dataverse> allWithPerms, DvObject dvo){
+        List<Dataverse> dataverseList = new ArrayList<>();
+        Dataset linkedDataset = null;
+        Dataverse linkedDataverse = null;
+        List<Object> alreadyLinkeddv_ids;
+        
+        if ((dvo instanceof Dataset)) {
+            linkedDataset = (Dataset) dvo;
+            alreadyLinkeddv_ids = em.createNativeQuery("SELECT linkingdataverse_id   FROM datasetlinkingdataverse WHERE dataset_id = " + linkedDataset.getId()).getResultList();
+        } else {
+            linkedDataverse = (Dataverse) dvo;
+            alreadyLinkeddv_ids = em.createNativeQuery("SELECT linkingdataverse_id   FROM dataverselinkingdataverse WHERE dataverse_id = " + linkedDataverse.getId()).getResultList();
+        }
+
+         List<Dataverse> remove = new ArrayList<>();
+
+        if (alreadyLinkeddv_ids != null && !alreadyLinkeddv_ids.isEmpty()) {
+            alreadyLinkeddv_ids.stream().map((testDVId) -> this.find(testDVId)).forEachOrdered((removeIt) -> {
+                remove.add(removeIt);
+            });
+        }
+        
+        if (dvo instanceof Dataverse dataverse){
+            remove.add(dataverse);
+        }  else {
+            //dataset is always owned by a dataverse
+            remove.add((Dataverse)dvo.getOwner());
+        }
+        
+        for (Dataverse res : allWithPerms) {
+            if (!remove.contains(res)) {
+                   dataverseList.add(res);
+            }
+        }
+        
+       return dataverseList; 
+    }
+    
+  
     public List<Dataverse> filterDataversesForUnLinking(String query, DataverseRequest req, Dataset dataset) {
         List<Object> alreadyLinkeddv_ids = em.createNativeQuery("SELECT linkingdataverse_id FROM datasetlinkingdataverse WHERE dataset_id = " + dataset.getId()).getResultList();
         List<Dataverse> dataverseList = new ArrayList<>();
diff --git a/src/main/java/edu/harvard/iq/dataverse/PermissionServiceBean.java b/src/main/java/edu/harvard/iq/dataverse/PermissionServiceBean.java
index f1099c0a439..778bf23586a 100644
--- a/src/main/java/edu/harvard/iq/dataverse/PermissionServiceBean.java
+++ b/src/main/java/edu/harvard/iq/dataverse/PermissionServiceBean.java
@@ -101,7 +101,7 @@ WITH grouplist AS (
                   WHERE explicitgroup_authenticateduser.containedauthenticatedusers_id = @USERID
                 )
                         
-                SELECT * FROM DATAVERSE WHERE id IN (
+                SELECT * FROM DATAVERSE WHERE id  IN (
                   SELECT definitionpoint_id
                   FROM roleassignment
                   WHERE roleassignment.assigneeidentifier IN (
@@ -157,7 +157,7 @@ AND EXISTS (SELECT id FROM dataverserole WHERE dataverserole.id = roleassignment
                        AND @IPRANGESQL
                      )
                   )
-                )
+                ) @SEARCHCLAUSE
             """;
     /**
      * A request-level permission query (e.g includes IP ras).
@@ -921,8 +921,16 @@ private boolean hasUnrestrictedReleasedFiles(DatasetVersion targetDatasetVersion
     public List<Dataverse> findPermittedCollections(DataverseRequest request, AuthenticatedUser user, Permission permission) {
         return findPermittedCollections(request, user, 1 << permission.ordinal());
     }
+    
+    public List<Dataverse> findPermittedCollections(DataverseRequest request, AuthenticatedUser user, Permission permission, String searchTerm) {
+        return findPermittedCollections(request, user, 1 << permission.ordinal(), searchTerm);
+    }
 
     public List<Dataverse> findPermittedCollections(DataverseRequest request, AuthenticatedUser user, int permissionBit) {
+         return findPermittedCollections(request, user, permissionBit, "");
+    }
+    
+    public List<Dataverse> findPermittedCollections(DataverseRequest request, AuthenticatedUser user, int permissionBit, String searchTerm) {
         if (user != null) {
             // IP Group - Only check IP if a User is calling for themself
             String ipRangeSQL = "FALSE";
@@ -950,16 +958,26 @@ public List<Dataverse> findPermittedCollections(DataverseRequest request, Authen
                     }
                 }
             }
+            
+            String searchClause = "";
+            if (!searchTerm.isEmpty()){
+              searchClause =    " AND ((LOWER(DATAVERSE.alias) LIKE '%@ALIAS%') OR (LOWER(DATAVERSE.name) LIKE '%@NAME%') OR (LOWER(DATAVERSE.affiliation) LIKE '%@AFFILIATION%')) "
+                      .replace("@ALIAS", searchTerm.toLowerCase())
+                      .replace("@NAME", searchTerm.toLowerCase())
+                      .replace("@AFFILIATION", searchTerm.toLowerCase());
+            }
 
             String sqlCode = LIST_ALL_DATAVERSES_USER_HAS_PERMISSION
                     .replace("@USERID", String.valueOf(user.getId()))
                     .replace("@PERMISSIONBIT", String.valueOf(permissionBit))
-                    .replace("@IPRANGESQL", ipRangeSQL);
+                    .replace("@IPRANGESQL", ipRangeSQL)
+                    .replace("@SEARCHCLAUSE", searchClause);
             return em.createNativeQuery(sqlCode, Dataverse.class).getResultList();
         }
         return null;
     }
 
+
     /**
      * Calculates the complete list of role assignments for a given user on a DvObject.
      * This includes roles assigned directly to the user and roles inherited from any groups
diff --git a/src/main/java/edu/harvard/iq/dataverse/api/Dataverses.java b/src/main/java/edu/harvard/iq/dataverse/api/Dataverses.java
index 5522b35906b..bf332a5bb3d 100644
--- a/src/main/java/edu/harvard/iq/dataverse/api/Dataverses.java
+++ b/src/main/java/edu/harvard/iq/dataverse/api/Dataverses.java
@@ -15,6 +15,7 @@
 import edu.harvard.iq.dataverse.authorization.groups.impl.explicit.ExplicitGroup;
 import edu.harvard.iq.dataverse.authorization.groups.impl.explicit.ExplicitGroupProvider;
 import edu.harvard.iq.dataverse.authorization.groups.impl.explicit.ExplicitGroupServiceBean;
+import edu.harvard.iq.dataverse.authorization.groups.impl.ipaddress.ip.IpAddress;
 import edu.harvard.iq.dataverse.authorization.users.AuthenticatedUser;
 import edu.harvard.iq.dataverse.authorization.users.User;
 import edu.harvard.iq.dataverse.dataset.DatasetType;
@@ -1781,8 +1782,21 @@ public Response getLinkingDataverseList(@Context ContainerRequestContext crc, @P
 
         try {
             DvObject dvObject = findDvoByIdAndTypeOrDie(dvIdtf, type);
-            List<Dataverse> dataversesForLinking = dataverseService.filterDataversesForLinking(searchTerm, createDataverseRequest(getRequestUser(crc)), dvObject);
-            JsonArrayBuilder dvBuilder = Json.createArrayBuilder();
+           // List<Dataverse> dataversesForLinking = dataverseService.filterDataversesForLinking(searchTerm, createDataverseRequest(getRequestUser(crc)), dvObject);
+           // public List<Dataverse> findPermittedCollections(DataverseRequest request, AuthenticatedUser user, Permission permission, String searchTerm) {
+   
+           AuthenticatedUser requestUser = (AuthenticatedUser)getRequestUser(crc);
+           List<Dataverse> dataversesForLinking = new ArrayList<>();
+  
+           if ((dvObject instanceof Dataset)) {
+               dataversesForLinking = permissionService.findPermittedCollections( new DataverseRequest(requestUser, (IpAddress) null), requestUser, Permission.LinkDataset, searchTerm);
+           } else {
+               dataversesForLinking = permissionService.findPermittedCollections( new DataverseRequest(requestUser, (IpAddress) null), requestUser, Permission.LinkDataverse, searchTerm);
+
+           }
+               
+           dataversesForLinking = dataverseService.removeUnlinkableDataverses(dataversesForLinking, dvObject);
+           JsonArrayBuilder dvBuilder = Json.createArrayBuilder();
             if (dataversesForLinking != null && !dataversesForLinking.isEmpty()) {
                 for (Dataverse dv : dataversesForLinking) {
                     dvBuilder.add(json(dv, true));
diff --git a/src/test/java/edu/harvard/iq/dataverse/api/DataversesIT.java b/src/test/java/edu/harvard/iq/dataverse/api/DataversesIT.java
index 167aa4ad756..9ba53f2e8b6 100644
--- a/src/test/java/edu/harvard/iq/dataverse/api/DataversesIT.java
+++ b/src/test/java/edu/harvard/iq/dataverse/api/DataversesIT.java
@@ -683,7 +683,7 @@ public void testGetLinkableDataverses(){
         Response createUser = UtilIT.createRandomUser();
         String apiToken = UtilIT.getApiTokenFromResponse(createUser);
         String username = UtilIT.getUsernameFromResponse(createUser);
-
+        
         Response createDataverseResponse = UtilIT.createRandomDataverse(apiToken);
         String dataverseAlias = UtilIT.getAliasFromResponse(createDataverseResponse);
         
@@ -718,7 +718,7 @@ public void testGetLinkableDataverses(){
                                         
         //Should be able to get based on a partial alias...
         // Partial must include the first part of the name
-        String searchTerm = dataverseAliasForLinking.substring(0, 5);
+        String searchTerm = dataverseAliasForLinking.substring(0, 7);
             
         Response getLinkableDataversesForDataversePartial = UtilIT.getLinkableDataverses("dataverse", dataverseAlias, apiToken, searchTerm);
         getLinkableDataversesForDataversePartial.prettyPrint();
@@ -745,15 +745,21 @@ public void testGetLinkableDataverses(){
         createDataverseResponseUnavailableForLinking.prettyPrint();
         String dataverseAliasUnavailableForLinking = UtilIT.getAliasFromResponse(createDataverseResponseUnavailableForLinking);
         publishDataverse = UtilIT.publishDataverseViaNativeApi(dataverseAliasUnavailableForLinking, apiTokenTwo);
+        publishDataverse.prettyPrint();
         assertEquals(200, publishDataverse.getStatusCode());
         
-        Response getUnavailableForDataset = UtilIT.getLinkableDataverses("dataset", datasetPersistentId, apiToken, dataverseAliasUnavailableForLinking);
+        //user 3 will not have permissions
+        Response createUserThree = UtilIT.createRandomUser();
+        String apiTokenThree = UtilIT.getApiTokenFromResponse(createUserThree);
+        String usernameThree = UtilIT.getUsernameFromResponse(createUserThree);
+        
+        Response getUnavailableForDataset = UtilIT.getLinkableDataverses("dataset", datasetPersistentId, apiTokenThree, dataverseAliasUnavailableForLinking);
         getUnavailableForDataset.prettyPrint();
                 getUnavailableForDataset.then().assertThat()
                 .statusCode(OK.getStatusCode())
                 .body("data.size()", equalTo(0));
                 
-        Response getUnavailableForDataverse = UtilIT.getLinkableDataverses("dataverse", dataverseAlias, apiToken, dataverseAliasUnavailableForLinking);
+        Response getUnavailableForDataverse = UtilIT.getLinkableDataverses("dataverse", dataverseAlias, apiTokenThree, dataverseAliasUnavailableForLinking);
         getUnavailableForDataverse.prettyPrint();
                 getUnavailableForDataverse.then().assertThat()
                 .statusCode(OK.getStatusCode())                
@@ -798,6 +804,9 @@ public void testGetLinkableDataverses(){
         Response deleteUserResponse = UtilIT.deleteUser(usernameTwo);
         assertEquals(200, deleteUserResponse.getStatusCode()); 
         
+        deleteUserResponse = UtilIT.deleteUser(usernameThree);
+        assertEquals(200, deleteUserResponse.getStatusCode()); 
+        
         deleteUserResponse = UtilIT.deleteUser(username);
         assertEquals(200, deleteUserResponse.getStatusCode());           
         

From 2bcfa709ec04aaca0c5166f3086ebdcedcbd370c Mon Sep 17 00:00:00 2001
From: Stephen Kraffmiller <skraffmiller@hmdc.harvard.edu>
Date: Tue, 26 Aug 2025 14:55:13 -0400
Subject: [PATCH 108/634] #11710 refactor query update

---
 .../harvard/iq/dataverse/PermissionServiceBean.java  | 12 ++----------
 .../edu/harvard/iq/dataverse/api/DataversesIT.java   | 10 ++++++++--
 2 files changed, 10 insertions(+), 12 deletions(-)

diff --git a/src/main/java/edu/harvard/iq/dataverse/PermissionServiceBean.java b/src/main/java/edu/harvard/iq/dataverse/PermissionServiceBean.java
index 778bf23586a..6fe5db974eb 100644
--- a/src/main/java/edu/harvard/iq/dataverse/PermissionServiceBean.java
+++ b/src/main/java/edu/harvard/iq/dataverse/PermissionServiceBean.java
@@ -157,7 +157,7 @@ AND EXISTS (SELECT id FROM dataverserole WHERE dataverserole.id = roleassignment
                        AND @IPRANGESQL
                      )
                   )
-                ) @SEARCHCLAUSE
+                ) AND ((LOWER(DATAVERSE.alias) LIKE '%@SEARCHTERM%') OR (LOWER(DATAVERSE.name) LIKE '%@SEARCHTERM%') OR (LOWER(DATAVERSE.affiliation) LIKE '%@SEARCHTERM%')) 
             """;
     /**
      * A request-level permission query (e.g includes IP ras).
@@ -959,19 +959,11 @@ public List<Dataverse> findPermittedCollections(DataverseRequest request, Authen
                 }
             }
             
-            String searchClause = "";
-            if (!searchTerm.isEmpty()){
-              searchClause =    " AND ((LOWER(DATAVERSE.alias) LIKE '%@ALIAS%') OR (LOWER(DATAVERSE.name) LIKE '%@NAME%') OR (LOWER(DATAVERSE.affiliation) LIKE '%@AFFILIATION%')) "
-                      .replace("@ALIAS", searchTerm.toLowerCase())
-                      .replace("@NAME", searchTerm.toLowerCase())
-                      .replace("@AFFILIATION", searchTerm.toLowerCase());
-            }
-
             String sqlCode = LIST_ALL_DATAVERSES_USER_HAS_PERMISSION
                     .replace("@USERID", String.valueOf(user.getId()))
                     .replace("@PERMISSIONBIT", String.valueOf(permissionBit))
                     .replace("@IPRANGESQL", ipRangeSQL)
-                    .replace("@SEARCHCLAUSE", searchClause);
+                    .replace("@SEARCHTERM", searchTerm);
             return em.createNativeQuery(sqlCode, Dataverse.class).getResultList();
         }
         return null;
diff --git a/src/test/java/edu/harvard/iq/dataverse/api/DataversesIT.java b/src/test/java/edu/harvard/iq/dataverse/api/DataversesIT.java
index 9ba53f2e8b6..64c88197494 100644
--- a/src/test/java/edu/harvard/iq/dataverse/api/DataversesIT.java
+++ b/src/test/java/edu/harvard/iq/dataverse/api/DataversesIT.java
@@ -753,17 +753,23 @@ public void testGetLinkableDataverses(){
         String apiTokenThree = UtilIT.getApiTokenFromResponse(createUserThree);
         String usernameThree = UtilIT.getUsernameFromResponse(createUserThree);
         
-        Response getUnavailableForDataset = UtilIT.getLinkableDataverses("dataset", datasetPersistentId, apiTokenThree, dataverseAliasUnavailableForLinking);
+        Response getUnavailableForDataset = UtilIT.getLinkableDataverses("dataset", datasetPersistentId, apiToken, dataverseAliasUnavailableForLinking);
         getUnavailableForDataset.prettyPrint();
                 getUnavailableForDataset.then().assertThat()
                 .statusCode(OK.getStatusCode())
                 .body("data.size()", equalTo(0));
                 
-        Response getUnavailableForDataverse = UtilIT.getLinkableDataverses("dataverse", dataverseAlias, apiTokenThree, dataverseAliasUnavailableForLinking);
+        Response getUnavailableForDataverse = UtilIT.getLinkableDataverses("dataverse", dataverseAlias, apiToken, dataverseAliasUnavailableForLinking);
         getUnavailableForDataverse.prettyPrint();
                 getUnavailableForDataverse.then().assertThat()
                 .statusCode(OK.getStatusCode())                
                 .body("data.size()", equalTo(0));
+                
+        Response getNoPermsOnAnyCollection = UtilIT.getLinkableDataverses("dataverse", dataverseAlias, apiTokenThree, "");
+        getNoPermsOnAnyCollection.prettyPrint();
+                getNoPermsOnAnyCollection.then().assertThat()
+                .statusCode(OK.getStatusCode())                
+                .body("data.size()", equalTo(0));        
         
         //now link a dataset and see that it's unavailable in the future          
        

From 36f36f749107d6ce28caec381885bf4d3b1ca8f3 Mon Sep 17 00:00:00 2001
From: Leonid Andreev <leonid@hmdc.harvard.edu>
Date: Tue, 26 Aug 2025 15:01:14 -0400
Subject: [PATCH 109/634] Expanding the ExportDataProvider interface to add
 hooks for more efficient handling of the raw data for datasets with massive
 numbers of ingested/tabular datafiles and variables. #11766 #11405

---
 modules/dataverse-spi/pom.xml                 |  2 +-
 .../gdcc/spi/export/ExportDataProvider.java   | 28 +++++++++++++++++--
 2 files changed, 27 insertions(+), 3 deletions(-)

diff --git a/modules/dataverse-spi/pom.xml b/modules/dataverse-spi/pom.xml
index b00053fe5e0..8c31a2a4026 100644
--- a/modules/dataverse-spi/pom.xml
+++ b/modules/dataverse-spi/pom.xml
@@ -13,7 +13,7 @@
     
     <groupId>io.gdcc</groupId>
     <artifactId>dataverse-spi</artifactId>
-    <version>2.0.0${project.version.suffix}</version>
+    <version>2.1.0${project.version.suffix}</version>
     <packaging>jar</packaging>
     
     <name>Dataverse SPI Plugin API</name>
diff --git a/modules/dataverse-spi/src/main/java/io/gdcc/spi/export/ExportDataProvider.java b/modules/dataverse-spi/src/main/java/io/gdcc/spi/export/ExportDataProvider.java
index d039ac39e8f..45b332fb088 100644
--- a/modules/dataverse-spi/src/main/java/io/gdcc/spi/export/ExportDataProvider.java
+++ b/modules/dataverse-spi/src/main/java/io/gdcc/spi/export/ExportDataProvider.java
@@ -21,8 +21,13 @@ public interface ExportDataProvider {
      *          OAI_ORE export are the only two that provide 'complete'
      *          dataset-level metadata along with basic file metadata for each file
      *          in the dataset.
+     * @param options - optional argument(s). currently supports DatasetMetadataOnly: 
+     *               in a situation where we need to generate a format like DC,
+     *               that has no use for file-level metadata, it makes sense to
+     *               skip retrieving and formatting it, since there can be quite a few
+     *               files in a dataset.
      */
-    JsonObject getDatasetJson();
+    JsonObject getDatasetJson(ExportDataOption... options);    
 
     /**
      * 
@@ -39,7 +44,7 @@ public interface ExportDataProvider {
      * Dataverse is capable of extracting DDI-centric metadata from tabular
      * datafiles. This detailed metadata, which is only available for successfully
      * "ingested" tabular files, is not included in the output of any other methods
-     * in this interface.
+     * in this interface. 
      * 
      * @return - a JSONArray with one entry per ingested tabular dataset file.
      * @apiNote - there is no JSON schema available for this output and the format
@@ -50,6 +55,20 @@ public interface ExportDataProvider {
      */
     JsonArray getDatasetFileDetails();
 
+    /**
+     * Similar to the above, but 
+     * a) retrieves the information for the ingested/tabular data files _only_
+     * b) provides an option for retrieving this stuff in batches 
+     * c) provides an option for skipping restricted/embargoed etc. files.
+     * Intended for datasets with massive numbers of tabular files and datavariables. 
+     * @param offset (can be null)
+     * @param length (can be null)
+     * @param options (optional) supports PublicFilesOnly;
+     * @return json array containing the datafile/filemetadata->datatable->datavariable metadata
+     * @throws ExportException
+     */
+    JsonArray getTabularDataDetails(Integer offset, Integer length, ExportDataOption ... options) throws ExportException;
+    
     /**
      * 
      * @return - the subset of metadata conforming to the schema.org standard as
@@ -92,5 +111,10 @@ public interface ExportDataProvider {
     default Optional<InputStream> getPrerequisiteInputStream() {
         return Optional.empty();
     }
+    
+    public enum ExportDataOption {
+        DatasetMetadataOnly,
+        PublicFilesOnly;
+    }
 
 }

From f9963ca3405f158116f198c573418f8ede13932f Mon Sep 17 00:00:00 2001
From: Leonid Andreev <leonid@hmdc.harvard.edu>
Date: Tue, 26 Aug 2025 15:14:34 -0400
Subject: [PATCH 110/634] cosmetic #11766

---
 .../src/main/java/io/gdcc/spi/export/ExportDataProvider.java  | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/modules/dataverse-spi/src/main/java/io/gdcc/spi/export/ExportDataProvider.java b/modules/dataverse-spi/src/main/java/io/gdcc/spi/export/ExportDataProvider.java
index 45b332fb088..eefe0d7d828 100644
--- a/modules/dataverse-spi/src/main/java/io/gdcc/spi/export/ExportDataProvider.java
+++ b/modules/dataverse-spi/src/main/java/io/gdcc/spi/export/ExportDataProvider.java
@@ -21,7 +21,7 @@ public interface ExportDataProvider {
      *          OAI_ORE export are the only two that provide 'complete'
      *          dataset-level metadata along with basic file metadata for each file
      *          in the dataset.
-     * @param options - optional argument(s). currently supports DatasetMetadataOnly: 
+     * @param options - optional argument(s). needs to support ExportDataOption.DatasetMetadataOnly: 
      *               in a situation where we need to generate a format like DC,
      *               that has no use for file-level metadata, it makes sense to
      *               skip retrieving and formatting it, since there can be quite a few
@@ -63,7 +63,7 @@ public interface ExportDataProvider {
      * Intended for datasets with massive numbers of tabular files and datavariables. 
      * @param offset (can be null)
      * @param length (can be null)
-     * @param options (optional) supports PublicFilesOnly;
+     * @param options (optional) current use case is ExportDataOption.PublicFilesOnly;
      * @return json array containing the datafile/filemetadata->datatable->datavariable metadata
      * @throws ExportException
      */

From f18f663c347059148571e416973989c835f923c2 Mon Sep 17 00:00:00 2001
From: Steven Winship <39765413+stevenwinship@users.noreply.github.com>
Date: Tue, 26 Aug 2025 16:55:59 -0400
Subject: [PATCH 111/634] adding directUpload to the Json response

---
 src/main/java/edu/harvard/iq/dataverse/api/Admin.java        | 2 +-
 src/main/java/edu/harvard/iq/dataverse/api/Datasets.java     | 2 +-
 .../java/edu/harvard/iq/dataverse/util/json/JsonPrinter.java | 5 ++++-
 src/test/java/edu/harvard/iq/dataverse/api/DatasetsIT.java   | 1 +
 src/test/java/edu/harvard/iq/dataverse/api/S3AccessIT.java   | 4 ++++
 5 files changed, 11 insertions(+), 3 deletions(-)

diff --git a/src/main/java/edu/harvard/iq/dataverse/api/Admin.java b/src/main/java/edu/harvard/iq/dataverse/api/Admin.java
index 1d726830c31..8354c8e71d2 100644
--- a/src/main/java/edu/harvard/iq/dataverse/api/Admin.java
+++ b/src/main/java/edu/harvard/iq/dataverse/api/Admin.java
@@ -2197,7 +2197,7 @@ public Response getStorageDriver(@Context ContainerRequestContext crc, @PathPara
             return wr.getResponse();
         }
         //Note that this returns what's set directly on this dataverse. If null/DataAccess.UNDEFINED_STORAGE_DRIVER_IDENTIFIER, the user would have to recurse the chain of parents to find the effective storageDriver
-        return ok(JsonPrinter.jsonStorageDriver(dataverse.getStorageDriverId()));
+        return ok(JsonPrinter.jsonStorageDriver(dataverse.getStorageDriverId(), null));
     }
     
     @PUT
diff --git a/src/main/java/edu/harvard/iq/dataverse/api/Datasets.java b/src/main/java/edu/harvard/iq/dataverse/api/Datasets.java
index fd7ca0d61cb..fa7f12e0436 100644
--- a/src/main/java/edu/harvard/iq/dataverse/api/Datasets.java
+++ b/src/main/java/edu/harvard/iq/dataverse/api/Datasets.java
@@ -3690,7 +3690,7 @@ public Response getFileStore(@Context ContainerRequestContext crc, @PathParam("i
             return error(Response.Status.NOT_FOUND, "No such dataset");
         }
 
-        return ok(JsonPrinter.jsonStorageDriver(dataset.getStorageDriverId()));
+        return ok(JsonPrinter.jsonStorageDriver(dataset.getStorageDriverId(), dataset));
     }
 
     @PUT
diff --git a/src/main/java/edu/harvard/iq/dataverse/util/json/JsonPrinter.java b/src/main/java/edu/harvard/iq/dataverse/util/json/JsonPrinter.java
index 5ac5e4a8fd8..7dfb0ab3c2a 100644
--- a/src/main/java/edu/harvard/iq/dataverse/util/json/JsonPrinter.java
+++ b/src/main/java/edu/harvard/iq/dataverse/util/json/JsonPrinter.java
@@ -1634,11 +1634,14 @@ public static JsonArrayBuilder jsonTemplateInstructions(Map<String, String> temp
         return jsonArrayBuilder;
     }
 
-    public static JsonObjectBuilder jsonStorageDriver(String storageDriverId) {
+    public static JsonObjectBuilder jsonStorageDriver(String storageDriverId, Dataset dataset) {
         JsonObjectBuilder jsonObjectBuilder = new NullSafeJsonBuilder();
         jsonObjectBuilder.add("name", storageDriverId);
         jsonObjectBuilder.add("type", DataAccess.getDriverType(storageDriverId));
         jsonObjectBuilder.add("label", DataAccess.getStorageDriverLabelFor(storageDriverId));
+        if (dataset != null) {
+            jsonObjectBuilder.add("directUpload", DataAccess.uploadToDatasetAllowed(dataset, storageDriverId));
+        }
 
         return jsonObjectBuilder;
     }
diff --git a/src/test/java/edu/harvard/iq/dataverse/api/DatasetsIT.java b/src/test/java/edu/harvard/iq/dataverse/api/DatasetsIT.java
index ecbad14830d..2dd6ff00c7b 100644
--- a/src/test/java/edu/harvard/iq/dataverse/api/DatasetsIT.java
+++ b/src/test/java/edu/harvard/iq/dataverse/api/DatasetsIT.java
@@ -6087,6 +6087,7 @@ public void testSetGetDatasetStorageDriver() {
                 .body("data.name", CoreMatchers.equalTo(name))
                 .body("data.type", CoreMatchers.notNullValue())
                 .body("data.label", CoreMatchers.notNullValue())
+                .body("data.directUpload", CoreMatchers.notNullValue())
                 .statusCode(OK.getStatusCode());
     }
 
diff --git a/src/test/java/edu/harvard/iq/dataverse/api/S3AccessIT.java b/src/test/java/edu/harvard/iq/dataverse/api/S3AccessIT.java
index d5fecb32937..24625c87ce2 100644
--- a/src/test/java/edu/harvard/iq/dataverse/api/S3AccessIT.java
+++ b/src/test/java/edu/harvard/iq/dataverse/api/S3AccessIT.java
@@ -1,5 +1,6 @@
 package edu.harvard.iq.dataverse.api;
 
+import org.hamcrest.CoreMatchers;
 import software.amazon.awssdk.auth.credentials.AwsBasicCredentials;
 import software.amazon.awssdk.auth.credentials.StaticCredentialsProvider;
 import software.amazon.awssdk.core.ResponseInputStream;
@@ -153,6 +154,9 @@ public void testNonDirectUpload() {
         Response updatedStorageDriver = UtilIT.getStorageDriver(dataverseAlias, superuserApiToken);
         updatedStorageDriver.prettyPrint();
         updatedStorageDriver.then().assertThat()
+                .body("data.type", CoreMatchers.notNullValue())
+                .body("data.label", CoreMatchers.notNullValue())
+                .body("data.directUpload", CoreMatchers.nullValue())
                 .statusCode(200);
 
         Response createDatasetResponse = UtilIT.createRandomDatasetViaNativeApi(dataverseAlias, apiToken);

From 6d1c0900db58af89ca18b1e5e842f6bca29b91df Mon Sep 17 00:00:00 2001
From: Steven Winship <39765413+stevenwinship@users.noreply.github.com>
Date: Wed, 27 Aug 2025 10:20:38 -0400
Subject: [PATCH 112/634] return default storage driver when undefined

---
 .../edu/harvard/iq/dataverse/api/Admin.java   |  2 +-
 .../harvard/iq/dataverse/api/Datasets.java    |  2 +-
 .../harvard/iq/dataverse/api/DatasetsIT.java  | 19 +++++++++++++++++++
 .../iq/dataverse/api/DataversesIT.java        | 12 ++++++++++++
 4 files changed, 33 insertions(+), 2 deletions(-)

diff --git a/src/main/java/edu/harvard/iq/dataverse/api/Admin.java b/src/main/java/edu/harvard/iq/dataverse/api/Admin.java
index 8354c8e71d2..71406d9f293 100644
--- a/src/main/java/edu/harvard/iq/dataverse/api/Admin.java
+++ b/src/main/java/edu/harvard/iq/dataverse/api/Admin.java
@@ -2197,7 +2197,7 @@ public Response getStorageDriver(@Context ContainerRequestContext crc, @PathPara
             return wr.getResponse();
         }
         //Note that this returns what's set directly on this dataverse. If null/DataAccess.UNDEFINED_STORAGE_DRIVER_IDENTIFIER, the user would have to recurse the chain of parents to find the effective storageDriver
-        return ok(JsonPrinter.jsonStorageDriver(dataverse.getStorageDriverId(), null));
+        return ok(JsonPrinter.jsonStorageDriver(dataverse.getEffectiveStorageDriverId(), null));
     }
     
     @PUT
diff --git a/src/main/java/edu/harvard/iq/dataverse/api/Datasets.java b/src/main/java/edu/harvard/iq/dataverse/api/Datasets.java
index fa7f12e0436..151b833d3c4 100644
--- a/src/main/java/edu/harvard/iq/dataverse/api/Datasets.java
+++ b/src/main/java/edu/harvard/iq/dataverse/api/Datasets.java
@@ -3690,7 +3690,7 @@ public Response getFileStore(@Context ContainerRequestContext crc, @PathParam("i
             return error(Response.Status.NOT_FOUND, "No such dataset");
         }
 
-        return ok(JsonPrinter.jsonStorageDriver(dataset.getStorageDriverId(), dataset));
+        return ok(JsonPrinter.jsonStorageDriver(dataset.getEffectiveStorageDriverId(), dataset));
     }
 
     @PUT
diff --git a/src/test/java/edu/harvard/iq/dataverse/api/DatasetsIT.java b/src/test/java/edu/harvard/iq/dataverse/api/DatasetsIT.java
index 2dd6ff00c7b..46da46e68ea 100644
--- a/src/test/java/edu/harvard/iq/dataverse/api/DatasetsIT.java
+++ b/src/test/java/edu/harvard/iq/dataverse/api/DatasetsIT.java
@@ -6089,6 +6089,25 @@ public void testSetGetDatasetStorageDriver() {
                 .body("data.label", CoreMatchers.notNullValue())
                 .body("data.directUpload", CoreMatchers.notNullValue())
                 .statusCode(OK.getStatusCode());
+
+        // Test dataset under root with default storage driver
+        Response getStorageDriverResponse = UtilIT.getStorageDriver("root", apiToken);
+        getStorageDriverResponse.prettyPrint();
+        data = JsonUtil.getJsonObject(getStorageDriverResponse.getBody().asString());
+        name = data.getJsonObject("data").getString("name");
+        String type = data.getJsonObject("data").getString("type");
+        String label = data.getJsonObject("data").getString("label");
+        createDataset = UtilIT.createRandomDatasetViaNativeApi("root", apiToken);
+        datasetId = UtilIT.getDatasetIdFromResponse(createDataset);
+        getDriver = UtilIT.getDatasetStorageDriver(datasetId, apiToken);
+        getDriver.prettyPrint();
+        assertEquals(200, getDriver.getStatusCode());
+        getDriver.then().assertThat()
+                .body("data.name", CoreMatchers.equalTo(name))
+                .body("data.type", CoreMatchers.equalTo(type))
+                .body("data.label", CoreMatchers.equalTo(label))
+                .body("data.directUpload", CoreMatchers.notNullValue())
+                .statusCode(OK.getStatusCode());
     }
 
     @Test
diff --git a/src/test/java/edu/harvard/iq/dataverse/api/DataversesIT.java b/src/test/java/edu/harvard/iq/dataverse/api/DataversesIT.java
index 3e1a160c9f2..64ce24076a0 100644
--- a/src/test/java/edu/harvard/iq/dataverse/api/DataversesIT.java
+++ b/src/test/java/edu/harvard/iq/dataverse/api/DataversesIT.java
@@ -2371,6 +2371,18 @@ public void testCreateAndGetTemplates() {
         getTemplateResponse.then().assertThat().statusCode(UNAUTHORIZED.getStatusCode());
     }
 
+    @Test
+    public void testGetStorageDriver() {
+        Response updatedStorageDriver = UtilIT.getStorageDriver("root", getSuperuserToken());
+        updatedStorageDriver.prettyPrint();
+        updatedStorageDriver.then().assertThat()
+                .body("data.name", CoreMatchers.notNullValue())
+                .body("data.type", CoreMatchers.notNullValue())
+                .body("data.label", CoreMatchers.notNullValue())
+                .body("data.directUpload", CoreMatchers.nullValue())
+                .statusCode(200);
+    }
+
     private String getSuperuserToken() {
         Response createResponse = UtilIT.createRandomUser();
         String adminApiToken = UtilIT.getApiTokenFromResponse(createResponse);

From b88796c8574ea3b335e50a39ae3b0353b72559f5 Mon Sep 17 00:00:00 2001
From: Steven Winship <39765413+stevenwinship@users.noreply.github.com>
Date: Wed, 27 Aug 2025 11:50:13 -0400
Subject: [PATCH 113/634] add new query param to api call and directDownload to
 json output

---
 .../11695-change-api-get-storage-driver.md            |  2 ++
 .../source/admin/dataverses-datasets.rst              |  4 ++++
 src/main/java/edu/harvard/iq/dataverse/api/Admin.java | 11 ++++++++---
 .../harvard/iq/dataverse/util/json/JsonPrinter.java   |  6 ++++++
 .../java/edu/harvard/iq/dataverse/api/DatasetsIT.java |  4 +++-
 .../edu/harvard/iq/dataverse/api/DataversesIT.java    | 11 ++++++++++-
 .../java/edu/harvard/iq/dataverse/api/UtilIT.java     |  6 +++++-
 7 files changed, 38 insertions(+), 6 deletions(-)

diff --git a/doc/release-notes/11695-change-api-get-storage-driver.md b/doc/release-notes/11695-change-api-get-storage-driver.md
index 3680da4b72c..cd78c642a2a 100644
--- a/doc/release-notes/11695-change-api-get-storage-driver.md
+++ b/doc/release-notes/11695-change-api-get-storage-driver.md
@@ -7,4 +7,6 @@ The API for getting the Storage Driver info has been changed/extended.
 /api/admin/dataverse/{dataverse-alias}/storageDriver
 changed "message" to "name" and added "type" and "label"
 
+Also added query param for /api/admin/dataverse/{dataverse-alias}/storageDriver?defaultToOwner=true to recurse the chain of parents to find the effective storageDriver
+
 See also [the guides](https://dataverse-guide--11664.org.readthedocs.build/en/11664/api/native-api.html#configure-a-dataset-to-store-all-new-files-in-a-specific-file-store), #11695, and #11664.
diff --git a/doc/sphinx-guides/source/admin/dataverses-datasets.rst b/doc/sphinx-guides/source/admin/dataverses-datasets.rst
index a37819c90e1..fcfbd0c62f3 100644
--- a/doc/sphinx-guides/source/admin/dataverses-datasets.rst
+++ b/doc/sphinx-guides/source/admin/dataverses-datasets.rst
@@ -60,6 +60,10 @@ The current driver can be seen using::
 
     curl -H "X-Dataverse-key: $API_TOKEN" http://$SERVER/api/admin/dataverse/$dataverse-alias/storageDriver
 
+Or to recurse the chain of parents to find the effective storageDriver::
+
+    curl -H "X-Dataverse-key: $API_TOKEN" http://$SERVER/api/admin/dataverse/$dataverse-alias/storageDriver?defaultToOwner=true
+
 (Note that for ``dataverse.files.store1.label=MyLabel``, ``store1`` will be returned.)
 
 and can be reset to the default store with::
diff --git a/src/main/java/edu/harvard/iq/dataverse/api/Admin.java b/src/main/java/edu/harvard/iq/dataverse/api/Admin.java
index 71406d9f293..48246820bc7 100644
--- a/src/main/java/edu/harvard/iq/dataverse/api/Admin.java
+++ b/src/main/java/edu/harvard/iq/dataverse/api/Admin.java
@@ -2183,7 +2183,8 @@ public Response addRoleAssignementsToChildren(@Context ContainerRequestContext c
     @GET
     @AuthRequired
     @Path("/dataverse/{alias}/storageDriver")
-    public Response getStorageDriver(@Context ContainerRequestContext crc, @PathParam("alias") String alias) throws WrappedResponse {
+    public Response getStorageDriver(@Context ContainerRequestContext crc, @PathParam("alias") String alias,
+                                     @QueryParam("defaultToOwner") Boolean defaultToOwner) throws WrappedResponse {
         Dataverse dataverse = dataverseSvc.findByAlias(alias);
         if (dataverse == null) {
             return error(Response.Status.NOT_FOUND, "Could not find dataverse based on alias supplied: " + alias + ".");
@@ -2196,8 +2197,12 @@ public Response getStorageDriver(@Context ContainerRequestContext crc, @PathPara
         } catch (WrappedResponse wr) {
             return wr.getResponse();
         }
-        //Note that this returns what's set directly on this dataverse. If null/DataAccess.UNDEFINED_STORAGE_DRIVER_IDENTIFIER, the user would have to recurse the chain of parents to find the effective storageDriver
-        return ok(JsonPrinter.jsonStorageDriver(dataverse.getEffectiveStorageDriverId(), null));
+
+        if (defaultToOwner != null && defaultToOwner) {
+            return ok(JsonPrinter.jsonStorageDriver(dataverse.getEffectiveStorageDriverId(), null));
+        } else {
+            return ok(JsonPrinter.jsonStorageDriver(dataverse.getStorageDriverId(), null));
+        }
     }
     
     @PUT
diff --git a/src/main/java/edu/harvard/iq/dataverse/util/json/JsonPrinter.java b/src/main/java/edu/harvard/iq/dataverse/util/json/JsonPrinter.java
index 7dfb0ab3c2a..a6066b1da64 100644
--- a/src/main/java/edu/harvard/iq/dataverse/util/json/JsonPrinter.java
+++ b/src/main/java/edu/harvard/iq/dataverse/util/json/JsonPrinter.java
@@ -40,6 +40,7 @@
 import edu.harvard.iq.dataverse.workflow.Workflow;
 import edu.harvard.iq.dataverse.workflow.step.WorkflowStepData;
 
+import java.io.IOException;
 import java.util.*;
 import jakarta.json.Json;
 import jakarta.json.JsonArrayBuilder;
@@ -1641,6 +1642,11 @@ public static JsonObjectBuilder jsonStorageDriver(String storageDriverId, Datase
         jsonObjectBuilder.add("label", DataAccess.getStorageDriverLabelFor(storageDriverId));
         if (dataset != null) {
             jsonObjectBuilder.add("directUpload", DataAccess.uploadToDatasetAllowed(dataset, storageDriverId));
+            try {
+                jsonObjectBuilder.add("directDownload", DataAccess.getStorageIO(dataset).downloadRedirectEnabled());
+            } catch (IOException ex) {
+                logger.fine("Failed to get Storage IO for dataset " + ex.getMessage());
+            }
         }
 
         return jsonObjectBuilder;
diff --git a/src/test/java/edu/harvard/iq/dataverse/api/DatasetsIT.java b/src/test/java/edu/harvard/iq/dataverse/api/DatasetsIT.java
index 46da46e68ea..25e4451ac9f 100644
--- a/src/test/java/edu/harvard/iq/dataverse/api/DatasetsIT.java
+++ b/src/test/java/edu/harvard/iq/dataverse/api/DatasetsIT.java
@@ -6088,10 +6088,11 @@ public void testSetGetDatasetStorageDriver() {
                 .body("data.type", CoreMatchers.notNullValue())
                 .body("data.label", CoreMatchers.notNullValue())
                 .body("data.directUpload", CoreMatchers.notNullValue())
+                .body("data.directDownload", CoreMatchers.notNullValue())
                 .statusCode(OK.getStatusCode());
 
         // Test dataset under root with default storage driver
-        Response getStorageDriverResponse = UtilIT.getStorageDriver("root", apiToken);
+        Response getStorageDriverResponse = UtilIT.getStorageDriver("root", apiToken, Boolean.TRUE);
         getStorageDriverResponse.prettyPrint();
         data = JsonUtil.getJsonObject(getStorageDriverResponse.getBody().asString());
         name = data.getJsonObject("data").getString("name");
@@ -6107,6 +6108,7 @@ public void testSetGetDatasetStorageDriver() {
                 .body("data.type", CoreMatchers.equalTo(type))
                 .body("data.label", CoreMatchers.equalTo(label))
                 .body("data.directUpload", CoreMatchers.notNullValue())
+                .body("data.directDownload", CoreMatchers.notNullValue())
                 .statusCode(OK.getStatusCode());
     }
 
diff --git a/src/test/java/edu/harvard/iq/dataverse/api/DataversesIT.java b/src/test/java/edu/harvard/iq/dataverse/api/DataversesIT.java
index 64ce24076a0..4cc3ddb0be6 100644
--- a/src/test/java/edu/harvard/iq/dataverse/api/DataversesIT.java
+++ b/src/test/java/edu/harvard/iq/dataverse/api/DataversesIT.java
@@ -1,5 +1,6 @@
 package edu.harvard.iq.dataverse.api;
 
+import edu.harvard.iq.dataverse.dataaccess.DataAccess;
 import edu.harvard.iq.dataverse.util.json.JsonParseException;
 import edu.harvard.iq.dataverse.util.json.JsonParser;
 import edu.harvard.iq.dataverse.util.json.JsonUtil;
@@ -2373,13 +2374,21 @@ public void testCreateAndGetTemplates() {
 
     @Test
     public void testGetStorageDriver() {
-        Response updatedStorageDriver = UtilIT.getStorageDriver("root", getSuperuserToken());
+        Response updatedStorageDriver = UtilIT.getStorageDriver("root", getSuperuserToken(), Boolean.TRUE);
         updatedStorageDriver.prettyPrint();
         updatedStorageDriver.then().assertThat()
                 .body("data.name", CoreMatchers.notNullValue())
                 .body("data.type", CoreMatchers.notNullValue())
                 .body("data.label", CoreMatchers.notNullValue())
                 .body("data.directUpload", CoreMatchers.nullValue())
+                .body("data.directDownload", CoreMatchers.nullValue())
+                .statusCode(200);
+
+        // Root without default is undefined
+        updatedStorageDriver = UtilIT.getStorageDriver("root", getSuperuserToken(), null);
+        updatedStorageDriver.prettyPrint();
+        updatedStorageDriver.then().assertThat()
+                .body("data.name", CoreMatchers.equalTo(DataAccess.UNDEFINED_STORAGE_DRIVER_IDENTIFIER))
                 .statusCode(200);
     }
 
diff --git a/src/test/java/edu/harvard/iq/dataverse/api/UtilIT.java b/src/test/java/edu/harvard/iq/dataverse/api/UtilIT.java
index 9cf320666c6..67028d8be06 100644
--- a/src/test/java/edu/harvard/iq/dataverse/api/UtilIT.java
+++ b/src/test/java/edu/harvard/iq/dataverse/api/UtilIT.java
@@ -2911,9 +2911,13 @@ static Response listStorageDrivers(String apiToken) {
     }
 
     static Response getStorageDriver(String dvAlias, String apiToken) {
+        return getStorageDriver(dvAlias, apiToken, null);
+    }
+    static Response getStorageDriver(String dvAlias, String apiToken, Boolean defaultToOwner) {
+        String params = defaultToOwner != null ? "?defaultToOwner=" + defaultToOwner : "";
         return given()
                 .header(API_TOKEN_HTTP_HEADER, apiToken)
-                .get("/api/admin/dataverse/" + dvAlias + "/storageDriver");
+                .get("/api/admin/dataverse/" + dvAlias + "/storageDriver" + params);
     }
 
     static Response setStorageDriver(String dvAlias, String label, String apiToken) {

From 409f77da07a67319c8bf99d4de2373f59ed922bc Mon Sep 17 00:00:00 2001
From: Philip Durbin <philip_durbin@harvard.edu>
Date: Wed, 27 Aug 2025 14:50:30 -0400
Subject: [PATCH 114/634] update Maven snapshot release id and URL #11766
 #11512

---
 modules/dataverse-spi/pom.xml | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/modules/dataverse-spi/pom.xml b/modules/dataverse-spi/pom.xml
index 8c31a2a4026..a603e274234 100644
--- a/modules/dataverse-spi/pom.xml
+++ b/modules/dataverse-spi/pom.xml
@@ -64,11 +64,13 @@
     
     <distributionManagement>
         <snapshotRepository>
-            <id>ossrh</id>
-            <url>https://s01.oss.sonatype.org/content/repositories/snapshots</url>
+            <id>central</id>
+            <url>https://central.sonatype.com/repository/maven-snapshots/</url>
         </snapshotRepository>
         <repository>
+            <!--TODO: change this from ossrh to central?-->
             <id>ossrh</id>
+            <!--TODO: change this url?-->
             <url>https://s01.oss.sonatype.org/service/local/staging/deploy/maven2/</url>
         </repository>
     </distributionManagement>
@@ -110,7 +112,9 @@
                 <artifactId>nexus-staging-maven-plugin</artifactId>
                 <extensions>true</extensions>
                 <configuration>
+                    <!--TODO: change this from ossrh to central?-->
                     <serverId>ossrh</serverId>
+                    <!--TODO: change this URL?-->
                     <nexusUrl>https://s01.oss.sonatype.org</nexusUrl>
                     <autoReleaseAfterClose>true</autoReleaseAfterClose>
                 </configuration>

From 4ed1879c26e947fcb81d085fa7431541a76c291f Mon Sep 17 00:00:00 2001
From: Philip Durbin <philip_durbin@harvard.edu>
Date: Wed, 27 Aug 2025 14:51:08 -0400
Subject: [PATCH 115/634] explain how to publish a maven snapshot locally
 #11766 #11512

---
 .../developers/making-library-releases.rst    | 26 +++++++++++++++++++
 1 file changed, 26 insertions(+)

diff --git a/doc/sphinx-guides/source/developers/making-library-releases.rst b/doc/sphinx-guides/source/developers/making-library-releases.rst
index be867f9196a..0daa7fb89db 100755
--- a/doc/sphinx-guides/source/developers/making-library-releases.rst
+++ b/doc/sphinx-guides/source/developers/making-library-releases.rst
@@ -36,6 +36,32 @@ Releasing a Snapshot Version to Maven Central
 
 That is to say, to make a snapshot release, you only need to get one or more commits into the default branch.
 
+It's possible, of course, to make snapshot releases outside of GitHub Actions, from environments such as your laptop. Generally, you'll want to look at the GitHub Action and try to do the equivalent. You'll need a file set up locally at ``~/.m2/settings.xml`` with the following (contact a core developer for the redacted bits):
+
+.. code-block:: bash
+
+  <settings>
+    <servers>
+      <server>
+        <id>central</id>
+        <username>REDACTED</username>
+        <password>REDACTED</password>
+      </server>
+    </servers>
+  </settings>
+
+Then, study the GitHub Action and perform similar commands from your local environment. For example, as of this writing, for the dataverse-spi project, you can run the following commands, substituting the suffix you need:
+
+``mvn -f modules/dataverse-spi -Dproject.version.suffix="2.1.0-PR11767-SNAPSHOT" verify``
+
+``mvn -f modules/dataverse-spi -Dproject.version.suffix="2.1.0-PR11767-SNAPSHOT" deploy``
+
+This will upload the snapshot here, for example: https://central.sonatype.com/repository/maven-snapshots/io/gdcc/dataverse-spi/2.1.02.1.0-PR11767-SNAPSHOT/dataverse-spi-2.1.02.1.0-PR11767-20250827.182026-1.jar
+
+Before OSSRH was retired, you could browse through snapshot jars you published at https://s01.oss.sonatype.org/content/repositories/snapshots/io/gdcc/dataverse-spi/2.0.0-PR9685-SNAPSHOT/, for example. Now, even though you may see the URL of the jar as shown above during the "deploy" step, if you try to browse the various snapshot jars at https://central.sonatype.com/repository/maven-snapshots/io/gdcc/dataverse-spi/2.1.02.1.0-PR11767-SNAPSHOT/ you'll see "This maven2 hosted repository is not directly browseable at this URL. Please use the browse or HTML index views to inspect the contents of this repository." Sadly, the "browse" and "HTML index" links don't work, as noted in a `question <https://community.sonatype.com/t/this-maven2-group-repository-is-not-directly-browseable-at-this-url/8991>`_ on the Sonatype Community forum. Below is a suggestion for confirming that the jar was uploaded properly, which is to use Maven to copy the jar to your local directory. You could then compare checksums.
+
+``mvn dependency:copy -DrepoUrl=https://central.sonatype.com/repository/maven-snapshots/ -Dartifact=io.gdcc:dataverse-spi:2.1.02.1.0-PR11767-SNAPSHOT -DoutputDirectory=.``
+
 Releasing a Release (Non-Snapshot) Version to Maven Central
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

From c688965eb4a64f4faacc70a164be62e35ee39c41 Mon Sep 17 00:00:00 2001
From: Stephen Kraffmiller <skraffmiller@hmdc.harvard.edu>
Date: Wed, 27 Aug 2025 15:00:45 -0400
Subject: [PATCH 116/634] #11710 separate perms test from lookup

---
 .../iq/dataverse/DataverseServiceBean.java    | 51 ++++++++++++++++++
 .../iq/dataverse/PermissionServiceBean.java   | 14 ++---
 .../iq/dataverse/api/AbstractApiBean.java     |  6 ++-
 .../dataverse/api/DataverseFeaturedItems.java |  2 +-
 .../harvard/iq/dataverse/api/Dataverses.java  | 53 ++++++++++---------
 5 files changed, 88 insertions(+), 38 deletions(-)

diff --git a/src/main/java/edu/harvard/iq/dataverse/DataverseServiceBean.java b/src/main/java/edu/harvard/iq/dataverse/DataverseServiceBean.java
index 85d4179a6d9..d3f96da107e 100644
--- a/src/main/java/edu/harvard/iq/dataverse/DataverseServiceBean.java
+++ b/src/main/java/edu/harvard/iq/dataverse/DataverseServiceBean.java
@@ -687,6 +687,57 @@ public List<Dataverse> filterDataversesByNamePattern(String pattern) {
         return searchResults;
     }
     
+    /* 
+        This method takes a search parameter and expands it into a list of 
+        Dataverses with matching names. 
+        The search is performed on the name with the trailing word "dataverse"
+        stripped (if present). This way the search on "data" (or on "da" pr 
+        "dat") does NOT return almost every dataverse in the database - since
+        most of them have names that end in "... Dataverse". 
+        The query isn't pretty, but it works, and it's still EJB QL (and NOT a 
+        native query). 
+    */
+    public List<Dataverse> filterDataversesByNameAliasPattern(String pattern) {
+
+        pattern = pattern.toLowerCase();
+        
+        String pattern1 = pattern + "%";
+        String pattern2 = "% " + pattern + "%";
+
+        // Adjust the queries for very short, 1 and 2-character patterns:
+        if (pattern.length() == 1) {
+            pattern1 = pattern;
+            pattern2 = pattern + " %";
+        } 
+        /*if (pattern.length() == 2) {
+            pattern2 = pattern + "%";
+        }*/
+        
+        
+        String qstr = "select dv from Dataverse dv "
+                + "where (LOWER(dv.name) LIKE :dataverse and ((SUBSTRING(LOWER(dv.name),0,(LENGTH(dv.name)-9)) LIKE :pattern1) "
+                + "     or (SUBSTRING(LOWER(dv.name),0,(LENGTH(dv.name)-9)) LIKE :pattern2))) "
+                + "or (LOWER(dv.name) NOT LIKE :dataverse and ((LOWER(dv.name) LIKE :pattern1) "
+                + "     or (LOWER(dv.name) LIKE :pattern2)) "
+                + "or (LOWER(dv.alias)   LIKE :pattern1) "
+                + "     or (LOWER(dv.alias) LIKE :pattern2))) "
+                + "order by dv.alias";
+                
+        List<Dataverse> searchResults = null;
+        
+        try {
+            searchResults = em.createQuery(qstr, Dataverse.class)
+                    .setParameter("dataverse", "%dataverse")
+                    .setParameter("pattern1", pattern1)
+                    .setParameter("pattern2", pattern2)
+                    .getResultList();
+        } catch (Exception ex) {
+            searchResults = null;
+        }
+        
+        return searchResults;
+    }
+    
     /**
      * Used to identify and properly display Harvested objects on the dataverse page.
      * 
diff --git a/src/main/java/edu/harvard/iq/dataverse/PermissionServiceBean.java b/src/main/java/edu/harvard/iq/dataverse/PermissionServiceBean.java
index 6fe5db974eb..a4111963ea2 100644
--- a/src/main/java/edu/harvard/iq/dataverse/PermissionServiceBean.java
+++ b/src/main/java/edu/harvard/iq/dataverse/PermissionServiceBean.java
@@ -157,7 +157,7 @@ AND EXISTS (SELECT id FROM dataverserole WHERE dataverserole.id = roleassignment
                        AND @IPRANGESQL
                      )
                   )
-                ) AND ((LOWER(DATAVERSE.alias) LIKE '%@SEARCHTERM%') OR (LOWER(DATAVERSE.name) LIKE '%@SEARCHTERM%') OR (LOWER(DATAVERSE.affiliation) LIKE '%@SEARCHTERM%')) 
+                ) 
             """;
     /**
      * A request-level permission query (e.g includes IP ras).
@@ -922,15 +922,8 @@ public List<Dataverse> findPermittedCollections(DataverseRequest request, Authen
         return findPermittedCollections(request, user, 1 << permission.ordinal());
     }
     
-    public List<Dataverse> findPermittedCollections(DataverseRequest request, AuthenticatedUser user, Permission permission, String searchTerm) {
-        return findPermittedCollections(request, user, 1 << permission.ordinal(), searchTerm);
-    }
-
-    public List<Dataverse> findPermittedCollections(DataverseRequest request, AuthenticatedUser user, int permissionBit) {
-         return findPermittedCollections(request, user, permissionBit, "");
-    }
     
-    public List<Dataverse> findPermittedCollections(DataverseRequest request, AuthenticatedUser user, int permissionBit, String searchTerm) {
+    public List<Dataverse> findPermittedCollections(DataverseRequest request, AuthenticatedUser user, int permissionBit) {
         if (user != null) {
             // IP Group - Only check IP if a User is calling for themself
             String ipRangeSQL = "FALSE";
@@ -962,8 +955,7 @@ public List<Dataverse> findPermittedCollections(DataverseRequest request, Authen
             String sqlCode = LIST_ALL_DATAVERSES_USER_HAS_PERMISSION
                     .replace("@USERID", String.valueOf(user.getId()))
                     .replace("@PERMISSIONBIT", String.valueOf(permissionBit))
-                    .replace("@IPRANGESQL", ipRangeSQL)
-                    .replace("@SEARCHTERM", searchTerm);
+                    .replace("@IPRANGESQL", ipRangeSQL);
             return em.createNativeQuery(sqlCode, Dataverse.class).getResultList();
         }
         return null;
diff --git a/src/main/java/edu/harvard/iq/dataverse/api/AbstractApiBean.java b/src/main/java/edu/harvard/iq/dataverse/api/AbstractApiBean.java
index f99727b16db..938d7fc9081 100644
--- a/src/main/java/edu/harvard/iq/dataverse/api/AbstractApiBean.java
+++ b/src/main/java/edu/harvard/iq/dataverse/api/AbstractApiBean.java
@@ -601,7 +601,7 @@ protected DvObject findDvo(@NotNull final String id) throws WrappedResponse {
      * @throws WrappedResponse
      */
     @NotNull
-    protected DvObject findDvoByIdAndTypeOrDie(@NotNull final String dvIdtf, String type) throws WrappedResponse {
+    protected DvObject findDvoByIdAndTypeOrDie(@NotNull final String dvIdtf, String type, Boolean testForReleased) throws WrappedResponse {
         try {
             DataverseFeaturedItem.TYPES dvType = DataverseFeaturedItem.getDvType(type);
             DvObject dvObject = null;
@@ -634,7 +634,9 @@ protected DvObject findDvoByIdAndTypeOrDie(@NotNull final String dvIdtf, String
                     }
                 }
             }
-            DataverseFeaturedItem.validateTypeAndDvObject(dvIdtf, dvObject, dvType);
+            if (testForReleased){
+                DataverseFeaturedItem.validateTypeAndDvObject(dvIdtf, dvObject, dvType);
+            }
             return dvObject;
         } catch (IllegalArgumentException e) {
             throw new WrappedResponse(error(Response.Status.BAD_REQUEST, e.getMessage()));
diff --git a/src/main/java/edu/harvard/iq/dataverse/api/DataverseFeaturedItems.java b/src/main/java/edu/harvard/iq/dataverse/api/DataverseFeaturedItems.java
index 00f1aa76e7e..7fbdd79e3c3 100644
--- a/src/main/java/edu/harvard/iq/dataverse/api/DataverseFeaturedItems.java
+++ b/src/main/java/edu/harvard/iq/dataverse/api/DataverseFeaturedItems.java
@@ -63,7 +63,7 @@ public Response updateFeaturedItem(@Context ContainerRequestContext crc,
             if (dataverseFeaturedItem == null) {
                 throw new WrappedResponse(error(Response.Status.NOT_FOUND, MessageFormat.format(BundleUtil.getStringFromBundle("dataverseFeaturedItems.errors.notFound"), id)));
             }
-            DvObject dvObject = (dvObjectIdtf != null) ? findDvoByIdAndTypeOrDie(dvObjectIdtf, type) : null;
+            DvObject dvObject = (dvObjectIdtf != null) ? findDvoByIdAndTypeOrDie(dvObjectIdtf, type, true) : null;
             UpdatedDataverseFeaturedItemDTO updatedDataverseFeaturedItemDTO = UpdatedDataverseFeaturedItemDTO.fromFormData(content, displayOrder, keepFile, imageFileInputStream, contentDispositionHeader, type, dvObject);
             return ok(json(execCommand(new UpdateDataverseFeaturedItemCommand(createDataverseRequest(getRequestUser(crc)), dataverseFeaturedItem, updatedDataverseFeaturedItemDTO))));
         } catch (WrappedResponse e) {
diff --git a/src/main/java/edu/harvard/iq/dataverse/api/Dataverses.java b/src/main/java/edu/harvard/iq/dataverse/api/Dataverses.java
index bf332a5bb3d..f59cfbc3bab 100644
--- a/src/main/java/edu/harvard/iq/dataverse/api/Dataverses.java
+++ b/src/main/java/edu/harvard/iq/dataverse/api/Dataverses.java
@@ -70,6 +70,7 @@
 import jakarta.ws.rs.WebApplicationException;
 import jakarta.ws.rs.core.Context;
 import jakarta.ws.rs.core.StreamingOutput;
+import java.sql.PreparedStatement;
 import org.glassfish.jersey.media.multipart.FormDataBodyPart;
 import org.glassfish.jersey.media.multipart.FormDataContentDisposition;
 import org.glassfish.jersey.media.multipart.FormDataParam;
@@ -120,7 +121,7 @@ public class Dataverses extends AbstractApiBean {
 
     @EJB
     DataverseFeaturedItemServiceBean dataverseFeaturedItemServiceBean;
-
+    
     @POST
     @AuthRequired
     public Response addRoot(@Context ContainerRequestContext crc, String body) {
@@ -1777,37 +1778,41 @@ public Response linkDataverse(@Context ContainerRequestContext crc, @PathParam("
     @AuthRequired
     @Produces(MediaType.APPLICATION_JSON)
     @Path("{identifier}/{type}/linkingDataverses")
-    public Response getLinkingDataverseList(@Context ContainerRequestContext crc, @PathParam("identifier") String dvIdtf, @QueryParam("searchTerm") String searchTerm, @PathParam("type") String type){
+    public Response getLinkingDataverseList(@Context ContainerRequestContext crc, @PathParam("identifier") String dvIdtf, @QueryParam("searchTerm") String searchTerm, @PathParam("type") String type) {
         //first determine what you are linking based on identifier and type
+        
+            AuthenticatedUser requestUser = (AuthenticatedUser) getRequestUser(crc);
+            DataverseRequest dvReq = new DataverseRequest(requestUser, (IpAddress) null);
+            List<Dataverse> dataversesForLinking;
+            dataversesForLinking = permissionService.findPermittedCollections(dvReq, requestUser, Permission.LinkDataset);
 
         try {
-            DvObject dvObject = findDvoByIdAndTypeOrDie(dvIdtf, type);
-           // List<Dataverse> dataversesForLinking = dataverseService.filterDataversesForLinking(searchTerm, createDataverseRequest(getRequestUser(crc)), dvObject);
-           // public List<Dataverse> findPermittedCollections(DataverseRequest request, AuthenticatedUser user, Permission permission, String searchTerm) {
-   
-           AuthenticatedUser requestUser = (AuthenticatedUser)getRequestUser(crc);
-           List<Dataverse> dataversesForLinking = new ArrayList<>();
-  
-           if ((dvObject instanceof Dataset)) {
-               dataversesForLinking = permissionService.findPermittedCollections( new DataverseRequest(requestUser, (IpAddress) null), requestUser, Permission.LinkDataset, searchTerm);
-           } else {
-               dataversesForLinking = permissionService.findPermittedCollections( new DataverseRequest(requestUser, (IpAddress) null), requestUser, Permission.LinkDataverse, searchTerm);
-
-           }
-               
-           dataversesForLinking = dataverseService.removeUnlinkableDataverses(dataversesForLinking, dvObject);
-           JsonArrayBuilder dvBuilder = Json.createArrayBuilder();
-            if (dataversesForLinking != null && !dataversesForLinking.isEmpty()) {
+
+            DvObject dvObject = findDvoByIdAndTypeOrDie(dvIdtf, type, false);
+            List<Dataverse> dataversesForLinkingSearch = new ArrayList();
+            dataversesForLinkingSearch = dataverseService.filterDataversesByNameAliasPattern(searchTerm);
+
+            List<Dataverse> mergedWithSearch = new ArrayList<>();
+            dataversesForLinking = dataverseService.removeUnlinkableDataverses(dataversesForLinking, dvObject);
+            if (!dataversesForLinkingSearch.isEmpty()) {
                 for (Dataverse dv : dataversesForLinking) {
+                    if (dataversesForLinkingSearch.contains(dv)) {
+                        mergedWithSearch.add(dv);
+                    }
+                }
+            }
+            JsonArrayBuilder dvBuilder = Json.createArrayBuilder();
+            if (!mergedWithSearch.isEmpty()) {
+                for (Dataverse dv : mergedWithSearch) {
                     dvBuilder.add(json(dv, true));
                 }
             }
-            return ok(dvBuilder);       
+            return ok(dvBuilder);
         } catch (WrappedResponse wr) {
             return wr.getResponse();
-        } catch (Exception e){
+        } catch (Exception e) {
             return error(Status.BAD_REQUEST, e.getLocalizedMessage());
-            
+
         }
     }
     
@@ -1852,7 +1857,7 @@ public Response createFeaturedItem(@Context ContainerRequestContext crc,
         try {
             dataverse = findDataverseOrDie(dvIdtf);
             if (dvObjectIdtf != null) {
-                dvObject = findDvoByIdAndTypeOrDie(dvObjectIdtf, type);
+                dvObject = findDvoByIdAndTypeOrDie(dvObjectIdtf, type, true);
             }
         } catch (WrappedResponse wr) {
             return wr.getResponse();
@@ -1940,7 +1945,7 @@ public Response updateFeaturedItems(
 
                 // ignore dvObject if the id is missing or an empty string
                 DvObject dvObject = dvObjectIdtf.get(i) != null && !dvObjectIdtf.get(i).isEmpty()
-                        ? findDvoByIdAndTypeOrDie(dvObjectIdtf.get(i), types.get(i)) : null;
+                        ? findDvoByIdAndTypeOrDie(dvObjectIdtf.get(i), types.get(i), true) : null;
                 if (ids.get(i) == 0) {
                     newItems.add(NewDataverseFeaturedItemDTO.fromFormData(
                             contents.get(i), displayOrders.get(i), fileInputStream, contentDisposition, types.get(i), dvObject));

From f570aaaf411b76f6147d37c06a80fceaaa98962b Mon Sep 17 00:00:00 2001
From: Philip Durbin <philip_durbin@harvard.edu>
Date: Wed, 27 Aug 2025 16:24:05 -0400
Subject: [PATCH 117/634] add TODO comments to spi workflow #11766 #11512

---
 .github/workflows/spi_release.yml | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/.github/workflows/spi_release.yml b/.github/workflows/spi_release.yml
index 6398edca412..1d29cdf76c9 100644
--- a/.github/workflows/spi_release.yml
+++ b/.github/workflows/spi_release.yml
@@ -42,6 +42,7 @@ jobs:
               with:
                   java-version: '17'
                   distribution: 'adopt'
+                  # TODO: change this from ossrh to central?
                   server-id: ossrh
                   server-username: MAVEN_USERNAME
                   server-password: MAVEN_PASSWORD
@@ -80,6 +81,7 @@ jobs:
                 with:
                     java-version: '17'
                     distribution: 'adopt'
+                    # TODO: change this from ossrh to central?
                     server-id: ossrh
                     server-username: MAVEN_USERNAME
                     server-password: MAVEN_PASSWORD

From 96c8b25c2efcaf58ebe47e62fb1356eed56bfdc2 Mon Sep 17 00:00:00 2001
From: Stephen Kraffmiller <skraffmiller@hmdc.harvard.edu>
Date: Wed, 27 Aug 2025 16:28:46 -0400
Subject: [PATCH 118/634] #11710 remove unused method

---
 .../iq/dataverse/DataverseServiceBean.java    | 51 -------------------
 .../harvard/iq/dataverse/api/Dataverses.java  | 12 ++---
 2 files changed, 6 insertions(+), 57 deletions(-)

diff --git a/src/main/java/edu/harvard/iq/dataverse/DataverseServiceBean.java b/src/main/java/edu/harvard/iq/dataverse/DataverseServiceBean.java
index d3f96da107e..85d4179a6d9 100644
--- a/src/main/java/edu/harvard/iq/dataverse/DataverseServiceBean.java
+++ b/src/main/java/edu/harvard/iq/dataverse/DataverseServiceBean.java
@@ -687,57 +687,6 @@ public List<Dataverse> filterDataversesByNamePattern(String pattern) {
         return searchResults;
     }
     
-    /* 
-        This method takes a search parameter and expands it into a list of 
-        Dataverses with matching names. 
-        The search is performed on the name with the trailing word "dataverse"
-        stripped (if present). This way the search on "data" (or on "da" pr 
-        "dat") does NOT return almost every dataverse in the database - since
-        most of them have names that end in "... Dataverse". 
-        The query isn't pretty, but it works, and it's still EJB QL (and NOT a 
-        native query). 
-    */
-    public List<Dataverse> filterDataversesByNameAliasPattern(String pattern) {
-
-        pattern = pattern.toLowerCase();
-        
-        String pattern1 = pattern + "%";
-        String pattern2 = "% " + pattern + "%";
-
-        // Adjust the queries for very short, 1 and 2-character patterns:
-        if (pattern.length() == 1) {
-            pattern1 = pattern;
-            pattern2 = pattern + " %";
-        } 
-        /*if (pattern.length() == 2) {
-            pattern2 = pattern + "%";
-        }*/
-        
-        
-        String qstr = "select dv from Dataverse dv "
-                + "where (LOWER(dv.name) LIKE :dataverse and ((SUBSTRING(LOWER(dv.name),0,(LENGTH(dv.name)-9)) LIKE :pattern1) "
-                + "     or (SUBSTRING(LOWER(dv.name),0,(LENGTH(dv.name)-9)) LIKE :pattern2))) "
-                + "or (LOWER(dv.name) NOT LIKE :dataverse and ((LOWER(dv.name) LIKE :pattern1) "
-                + "     or (LOWER(dv.name) LIKE :pattern2)) "
-                + "or (LOWER(dv.alias)   LIKE :pattern1) "
-                + "     or (LOWER(dv.alias) LIKE :pattern2))) "
-                + "order by dv.alias";
-                
-        List<Dataverse> searchResults = null;
-        
-        try {
-            searchResults = em.createQuery(qstr, Dataverse.class)
-                    .setParameter("dataverse", "%dataverse")
-                    .setParameter("pattern1", pattern1)
-                    .setParameter("pattern2", pattern2)
-                    .getResultList();
-        } catch (Exception ex) {
-            searchResults = null;
-        }
-        
-        return searchResults;
-    }
-    
     /**
      * Used to identify and properly display Harvested objects on the dataverse page.
      * 
diff --git a/src/main/java/edu/harvard/iq/dataverse/api/Dataverses.java b/src/main/java/edu/harvard/iq/dataverse/api/Dataverses.java
index f59cfbc3bab..512b7b00fab 100644
--- a/src/main/java/edu/harvard/iq/dataverse/api/Dataverses.java
+++ b/src/main/java/edu/harvard/iq/dataverse/api/Dataverses.java
@@ -1780,17 +1780,17 @@ public Response linkDataverse(@Context ContainerRequestContext crc, @PathParam("
     @Path("{identifier}/{type}/linkingDataverses")
     public Response getLinkingDataverseList(@Context ContainerRequestContext crc, @PathParam("identifier") String dvIdtf, @QueryParam("searchTerm") String searchTerm, @PathParam("type") String type) {
         //first determine what you are linking based on identifier and type
-        
-            AuthenticatedUser requestUser = (AuthenticatedUser) getRequestUser(crc);
-            DataverseRequest dvReq = new DataverseRequest(requestUser, (IpAddress) null);
-            List<Dataverse> dataversesForLinking;
-            dataversesForLinking = permissionService.findPermittedCollections(dvReq, requestUser, Permission.LinkDataset);
 
         try {
 
             DvObject dvObject = findDvoByIdAndTypeOrDie(dvIdtf, type, false);
             List<Dataverse> dataversesForLinkingSearch = new ArrayList();
-            dataversesForLinkingSearch = dataverseService.filterDataversesByNameAliasPattern(searchTerm);
+            dataversesForLinkingSearch = dataverseService.filterDataversesByNamePattern(searchTerm);            
+                    
+            AuthenticatedUser requestUser = (AuthenticatedUser) getRequestUser(crc);
+            DataverseRequest dvReq = new DataverseRequest(requestUser, (IpAddress) null);
+            List<Dataverse> dataversesForLinking;
+            dataversesForLinking = permissionService.findPermittedCollections(dvReq, requestUser, Permission.LinkDataset);
 
             List<Dataverse> mergedWithSearch = new ArrayList<>();
             dataversesForLinking = dataverseService.removeUnlinkableDataverses(dataversesForLinking, dvObject);

From 0500d7e7066dc36c81f640cafcbc63de8682e395 Mon Sep 17 00:00:00 2001
From: Leonid Andreev <leonid@hmdc.harvard.edu>
Date: Wed, 27 Aug 2025 17:13:59 -0400
Subject: [PATCH 119/634] Another experimental approach (#11766)

---
 .../io/gdcc/spi/export/ExportDataOption.java  | 50 +++++++++++++++++++
 .../gdcc/spi/export/ExportDataProvider.java   | 19 +++----
 2 files changed, 57 insertions(+), 12 deletions(-)
 create mode 100644 modules/dataverse-spi/src/main/java/io/gdcc/spi/export/ExportDataOption.java

diff --git a/modules/dataverse-spi/src/main/java/io/gdcc/spi/export/ExportDataOption.java b/modules/dataverse-spi/src/main/java/io/gdcc/spi/export/ExportDataOption.java
new file mode 100644
index 00000000000..1c447cc53e3
--- /dev/null
+++ b/modules/dataverse-spi/src/main/java/io/gdcc/spi/export/ExportDataOption.java
@@ -0,0 +1,50 @@
+package io.gdcc.spi.export;
+
+/**
+ *
+ * @author landreev
+ * Provides a mechanism for defining various data retrieval options for the 
+ * export subsystem in a way that should allow us adding support for more 
+ * options going forward with minimal or no changes to the existing code in 
+ * export plugins. 
+ */
+public class ExportDataOption {
+    
+    public enum SupportedOptions {
+        DatasetMetadataOnly,
+        PublicFilesOnly;
+    }
+    
+    private SupportedOptions optionType; 
+    
+    /*public static ExportDataOption addOption(String option) {
+        ExportDataOption ret = new ExportDataOption(); 
+        
+        for (SupportedOptions supported : SupportedOptions.values()) {
+            if (supported.toString().equals(option)) {
+                ret.optionType = supported;
+            }
+        }
+        return ret; 
+    }*/
+    
+    public static ExportDataOption addDatasetMetadataOnly() {
+        ExportDataOption ret = new ExportDataOption();
+        ret.optionType = SupportedOptions.DatasetMetadataOnly;
+        return ret; 
+    }
+    
+    public static ExportDataOption addPublicFilesOnly() {
+        ExportDataOption ret = new ExportDataOption();
+        ret.optionType = SupportedOptions.PublicFilesOnly;
+        return ret; 
+    }
+    
+    public boolean isDatasetMetadataOnly() {
+        return SupportedOptions.DatasetMetadataOnly.equals(optionType);
+    }
+    
+    public boolean isPublicFilesOnly() {
+        return SupportedOptions.PublicFilesOnly.equals(optionType);
+    }
+}
diff --git a/modules/dataverse-spi/src/main/java/io/gdcc/spi/export/ExportDataProvider.java b/modules/dataverse-spi/src/main/java/io/gdcc/spi/export/ExportDataProvider.java
index eefe0d7d828..54d98511d80 100644
--- a/modules/dataverse-spi/src/main/java/io/gdcc/spi/export/ExportDataProvider.java
+++ b/modules/dataverse-spi/src/main/java/io/gdcc/spi/export/ExportDataProvider.java
@@ -38,7 +38,7 @@ public interface ExportDataProvider {
      *          dataset-level metadata along with basic file metadata for each file
      *          in the dataset.
      */
-    JsonObject getDatasetORE();
+    JsonObject getDatasetORE(ExportDataOption... options);
 
     /**
      * Dataverse is capable of extracting DDI-centric metadata from tabular
@@ -53,7 +53,7 @@ public interface ExportDataProvider {
      *          edu.harvard.iq.dataverse.util.json.JSONPrinter classes where this
      *          output is used/generated (respectively).
      */
-    JsonArray getDatasetFileDetails();
+    JsonArray getDatasetFileDetails(ExportDataOption... options);
 
     /**
      * Similar to the above, but 
@@ -78,7 +78,7 @@ public interface ExportDataProvider {
      *          a starting point for an Exporter if it simplifies your exporter
      *          relative to using the JSON or OAI_ORE exports.
      */
-    JsonObject getDatasetSchemaDotOrg();
+    JsonObject getDatasetSchemaDotOrg(ExportDataOption... options);
 
     /**
      * 
@@ -88,7 +88,7 @@ public interface ExportDataProvider {
      *          a starting point for an Exporter if it simplifies your exporter
      *          relative to using the JSON or OAI_ORE exports.
      */
-    String getDataCiteXml();
+    String getDataCiteXml(ExportDataOption... options);
 
     /**
      * If an Exporter has specified a prerequisite format name via the
@@ -108,13 +108,8 @@ public interface ExportDataProvider {
      *          Exporter is configured to replace the internal ddi Exporter in
      *          Dataverse.
      */
-    default Optional<InputStream> getPrerequisiteInputStream() {
+    default Optional<InputStream> getPrerequisiteInputStream(ExportDataOption... options) {
         return Optional.empty();
     }
-    
-    public enum ExportDataOption {
-        DatasetMetadataOnly,
-        PublicFilesOnly;
-    }
-
-}
+   
+ }

From ec3f8aad2f144e4fb8ecc10680a93a18be3eb1aa Mon Sep 17 00:00:00 2001
From: Stephen Kraffmiller <skraffmiller@hmdc.harvard.edu>
Date: Thu, 28 Aug 2025 09:40:43 -0400
Subject: [PATCH 120/634] #11710 fix release note

---
 doc/release-notes/11710-get-available-dataverses-api.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/doc/release-notes/11710-get-available-dataverses-api.md b/doc/release-notes/11710-get-available-dataverses-api.md
index 6658d1d8fd5..ac33c581848 100644
--- a/doc/release-notes/11710-get-available-dataverses-api.md
+++ b/doc/release-notes/11710-get-available-dataverses-api.md
@@ -1,5 +1,5 @@
 ### New API endpoint for retrieving a list of Dataverse Collections to which a given Dataset or Dataverse Collection may be linked
 
--The end point also takes in a search term which currently must be the start of the collections' names.
+-The end point also takes in a search term which currently must be part of the collections' names.
 -The user calling this API must have Link Dataset or Link Dataverse permission on the Dataverse Collections returned.
 -If the Collection has already been linked to the given Dataset or Collection, it will not be returned.

From 239af1b84408371081140b4f63200ccc486ea686 Mon Sep 17 00:00:00 2001
From: Stephen Kraffmiller <skraffmiller@hmdc.harvard.edu>
Date: Thu, 28 Aug 2025 09:48:37 -0400
Subject: [PATCH 121/634] Update native-api.rst

---
 doc/sphinx-guides/source/api/native-api.rst | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/doc/sphinx-guides/source/api/native-api.rst b/doc/sphinx-guides/source/api/native-api.rst
index 0a208967f07..327e31124f6 100644
--- a/doc/sphinx-guides/source/api/native-api.rst
+++ b/doc/sphinx-guides/source/api/native-api.rst
@@ -735,7 +735,7 @@ Note: you must have "Add Dataset" permission in the given collection to invoke t
 List Dataverse Collections to which a given Dataset or Dataverse Collection may be linked
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
-The user may provide a search term to limit the list of Dataverse Collections returned. The search term will be compared to the name of the Dataverse Collections and must include the beginning of the Dataverse Collections' names.
+The user may provide a search term to limit the list of Dataverse Collections returned. The search term will be compared to the name of the Dataverse Collections.
 The response is a JSON array of the ids, aliases, and names of the Dataverse collections to which a given Dataset or Dataverse Collection may be linked:
 
 For a given Dataverse Collection:

From 85a3dccdc6df01c18dc333a40aac0dbe48b80937 Mon Sep 17 00:00:00 2001
From: Stephen Kraffmiller <skraffmiller@hmdc.harvard.edu>
Date: Thu, 28 Aug 2025 09:54:36 -0400
Subject: [PATCH 122/634] #11710 some code cleanup

---
 .../iq/dataverse/DataverseServiceBean.java    | 47 +++++++++----------
 1 file changed, 23 insertions(+), 24 deletions(-)

diff --git a/src/main/java/edu/harvard/iq/dataverse/DataverseServiceBean.java b/src/main/java/edu/harvard/iq/dataverse/DataverseServiceBean.java
index 85d4179a6d9..bc91cb4e081 100644
--- a/src/main/java/edu/harvard/iq/dataverse/DataverseServiceBean.java
+++ b/src/main/java/edu/harvard/iq/dataverse/DataverseServiceBean.java
@@ -510,15 +510,15 @@ public List<Dataverse> filterDataversesForLinking(String query, DataverseRequest
         List<Dataverse> dataverseList = new ArrayList<>();
 
         List<Dataverse> results = filterDataversesByNamePattern(query);
-        
+
         if (results == null || results.isEmpty()) {
-            return null; 
+            return null;
         }
-        
+
         Dataset linkedDataset = null;
         Dataverse linkedDataverse = null;
         List<Object> alreadyLinkeddv_ids;
-        
+
         if ((dvo instanceof Dataset)) {
             linkedDataset = (Dataset) dvo;
             alreadyLinkeddv_ids = em.createNativeQuery("SELECT linkingdataverse_id   FROM datasetlinkingdataverse WHERE dataset_id = " + linkedDataset.getId()).getResultList();
@@ -527,22 +527,22 @@ public List<Dataverse> filterDataversesForLinking(String query, DataverseRequest
             alreadyLinkeddv_ids = em.createNativeQuery("SELECT linkingdataverse_id   FROM dataverselinkingdataverse WHERE dataverse_id = " + linkedDataverse.getId()).getResultList();
         }
 
-         List<Dataverse> remove = new ArrayList<>();
+        List<Dataverse> remove = new ArrayList<>();
 
         if (alreadyLinkeddv_ids != null && !alreadyLinkeddv_ids.isEmpty()) {
             alreadyLinkeddv_ids.stream().map((testDVId) -> this.find(testDVId)).forEachOrdered((removeIt) -> {
                 remove.add(removeIt);
             });
         }
-        
-        if (dvo instanceof Dataverse dataverse){
+
+        if (dvo instanceof Dataverse dataverse) {
             remove.add(dataverse);
         }
-        
+
         for (Dataverse res : results) {
             if (!remove.contains(res)) {
                 if ((linkedDataset != null && this.permissionService.requestOn(req, res).has(Permission.LinkDataset))
-                       || (linkedDataverse != null && this.permissionService.requestOn(req, res).has(Permission.LinkDataverse))) {
+                        || (linkedDataverse != null && this.permissionService.requestOn(req, res).has(Permission.LinkDataverse))) {
                     dataverseList.add(res);
                 }
             }
@@ -550,44 +550,43 @@ public List<Dataverse> filterDataversesForLinking(String query, DataverseRequest
 
         return dataverseList;
     }
-    
-    
-    public List<Dataverse> removeUnlinkableDataverses (List<Dataverse> allWithPerms, DvObject dvo){
+
+    public List<Dataverse> removeUnlinkableDataverses(List<Dataverse> allWithPerms, DvObject dvo) {
         List<Dataverse> dataverseList = new ArrayList<>();
         Dataset linkedDataset = null;
         Dataverse linkedDataverse = null;
         List<Object> alreadyLinkeddv_ids;
-        
+
         if ((dvo instanceof Dataset)) {
             linkedDataset = (Dataset) dvo;
-            alreadyLinkeddv_ids = em.createNativeQuery("SELECT linkingdataverse_id   FROM datasetlinkingdataverse WHERE dataset_id = " + linkedDataset.getId()).getResultList();
+            alreadyLinkeddv_ids = em.createNativeQuery("SELECT linkingdataverse_id FROM datasetlinkingdataverse WHERE dataset_id = " + linkedDataset.getId()).getResultList();
         } else {
             linkedDataverse = (Dataverse) dvo;
-            alreadyLinkeddv_ids = em.createNativeQuery("SELECT linkingdataverse_id   FROM dataverselinkingdataverse WHERE dataverse_id = " + linkedDataverse.getId()).getResultList();
+            alreadyLinkeddv_ids = em.createNativeQuery("SELECT linkingdataverse_id FROM dataverselinkingdataverse WHERE dataverse_id = " + linkedDataverse.getId()).getResultList();
         }
 
-         List<Dataverse> remove = new ArrayList<>();
+        List<Dataverse> remove = new ArrayList<>();
 
         if (alreadyLinkeddv_ids != null && !alreadyLinkeddv_ids.isEmpty()) {
             alreadyLinkeddv_ids.stream().map((testDVId) -> this.find(testDVId)).forEachOrdered((removeIt) -> {
                 remove.add(removeIt);
             });
         }
-        
-        if (dvo instanceof Dataverse dataverse){
+
+        if (dvo instanceof Dataverse dataverse) {
             remove.add(dataverse);
-        }  else {
+        } else {
             //dataset is always owned by a dataverse
-            remove.add((Dataverse)dvo.getOwner());
+            remove.add((Dataverse) dvo.getOwner());
         }
-        
+
         for (Dataverse res : allWithPerms) {
             if (!remove.contains(res)) {
-                   dataverseList.add(res);
+                dataverseList.add(res);
             }
         }
-        
-       return dataverseList; 
+
+        return dataverseList;
     }
     
   

From 286402f94bc6ebe5b8c7a04b765fd1c905cae787 Mon Sep 17 00:00:00 2001
From: Stephen Kraffmiller <skraffmiller@hmdc.harvard.edu>
Date: Thu, 28 Aug 2025 12:25:24 -0400
Subject: [PATCH 123/634] #11710 skip filter if search term empty

---
 .../harvard/iq/dataverse/api/Dataverses.java  | 20 +++++++++++++------
 .../iq/dataverse/api/DataversesIT.java        |  9 ++++++++-
 2 files changed, 22 insertions(+), 7 deletions(-)

diff --git a/src/main/java/edu/harvard/iq/dataverse/api/Dataverses.java b/src/main/java/edu/harvard/iq/dataverse/api/Dataverses.java
index 512b7b00fab..97bc961c6b2 100644
--- a/src/main/java/edu/harvard/iq/dataverse/api/Dataverses.java
+++ b/src/main/java/edu/harvard/iq/dataverse/api/Dataverses.java
@@ -1785,8 +1785,7 @@ public Response getLinkingDataverseList(@Context ContainerRequestContext crc, @P
 
             DvObject dvObject = findDvoByIdAndTypeOrDie(dvIdtf, type, false);
             List<Dataverse> dataversesForLinkingSearch = new ArrayList();
-            dataversesForLinkingSearch = dataverseService.filterDataversesByNamePattern(searchTerm);            
-                    
+            
             AuthenticatedUser requestUser = (AuthenticatedUser) getRequestUser(crc);
             DataverseRequest dvReq = new DataverseRequest(requestUser, (IpAddress) null);
             List<Dataverse> dataversesForLinking;
@@ -1794,13 +1793,22 @@ public Response getLinkingDataverseList(@Context ContainerRequestContext crc, @P
 
             List<Dataverse> mergedWithSearch = new ArrayList<>();
             dataversesForLinking = dataverseService.removeUnlinkableDataverses(dataversesForLinking, dvObject);
-            if (!dataversesForLinkingSearch.isEmpty()) {
-                for (Dataverse dv : dataversesForLinking) {
-                    if (dataversesForLinkingSearch.contains(dv)) {
-                        mergedWithSearch.add(dv);
+            
+            //Only do search lookup if search term is there. Otherwise just include the collections based on perms
+            if (!searchTerm.isEmpty()) {
+                dataversesForLinkingSearch = dataverseService.filterDataversesByNamePattern(searchTerm);
+                if (!dataversesForLinkingSearch.isEmpty()) {
+                    for (Dataverse dv : dataversesForLinking) {
+                        if (dataversesForLinkingSearch.contains(dv)) {
+                            mergedWithSearch.add(dv);
+                        }
                     }
                 }
+            } else {
+                //search term empty then add all based on perms
+                mergedWithSearch.addAll(dataversesForLinking);
             }
+            
             JsonArrayBuilder dvBuilder = Json.createArrayBuilder();
             if (!mergedWithSearch.isEmpty()) {
                 for (Dataverse dv : mergedWithSearch) {
diff --git a/src/test/java/edu/harvard/iq/dataverse/api/DataversesIT.java b/src/test/java/edu/harvard/iq/dataverse/api/DataversesIT.java
index 64c88197494..5de3fbb6620 100644
--- a/src/test/java/edu/harvard/iq/dataverse/api/DataversesIT.java
+++ b/src/test/java/edu/harvard/iq/dataverse/api/DataversesIT.java
@@ -724,7 +724,14 @@ public void testGetLinkableDataverses(){
         getLinkableDataversesForDataversePartial.prettyPrint();
                 getLinkableDataversesForDataversePartial.then().assertThat()
                 .statusCode(OK.getStatusCode())                
-                .body("data[0].alias", equalTo(dataverseAliasForLinking));  
+                .body("data[0].alias", equalTo(dataverseAliasForLinking));
+        
+        //if I give a blank search term i should get the one that I have perms on        
+        Response getLinkableDataversesForDataverseBlank = UtilIT.getLinkableDataverses("dataverse", dataverseAlias, apiToken, "");
+        getLinkableDataversesForDataverseBlank.prettyPrint();
+                getLinkableDataversesForDataverseBlank.then().assertThat()
+                .statusCode(OK.getStatusCode())                
+                .body("data[0].alias", equalTo(dataverseAliasForLinking));          
                 
                 
         //Try with empty string search term        

From 1ab38bb559b2aaa366cffe881e630610f8cf3510 Mon Sep 17 00:00:00 2001
From: Jim Myers <qqmyers@hotmail.com>
Date: Fri, 15 Aug 2025 13:16:10 -0400
Subject: [PATCH 124/634] base managed executor

---
 .../iq/dataverse/api/MakeDataCountApi.java    | 178 +++++++++++-------
 1 file changed, 107 insertions(+), 71 deletions(-)

diff --git a/src/main/java/edu/harvard/iq/dataverse/api/MakeDataCountApi.java b/src/main/java/edu/harvard/iq/dataverse/api/MakeDataCountApi.java
index 562fd7fcb81..72788f1d8e7 100644
--- a/src/main/java/edu/harvard/iq/dataverse/api/MakeDataCountApi.java
+++ b/src/main/java/edu/harvard/iq/dataverse/api/MakeDataCountApi.java
@@ -27,7 +27,10 @@
 import java.util.List;
 import java.util.logging.Level;
 import java.util.logging.Logger;
+
+import jakarta.annotation.Resource;
 import jakarta.ejb.EJB;
+import jakarta.enterprise.concurrent.ManagedExecutorService;
 import jakarta.json.Json;
 import jakarta.json.JsonArray;
 import jakarta.json.JsonArrayBuilder;
@@ -62,6 +65,10 @@ public class MakeDataCountApi extends AbstractApiBean {
     @EJB
     SystemConfig systemConfig;
 
+    // Inject the managed executor service provided by the container
+    @Resource(name = "concurrent/CitationUpdateExecutor")
+    private ManagedExecutorService executorService;
+    
     /**
      * TODO: For each dataset, send the following:
      *
@@ -141,89 +148,118 @@ public Response addUsageMetricsFromSushiReportAll(@QueryParam("reportOnDisk") St
 
     @POST
     @Path("{id}/updateCitationsForDataset")
-    public Response updateCitationsForDataset(@PathParam("id") String id) throws IOException {
+    public Response updateCitationsForDataset(@PathParam("id") String id) {
         try {
-            Dataset dataset = findDatasetOrDie(id);
-            GlobalId pid = dataset.getGlobalId();
-            PidProvider pidProvider = PidUtil.getPidProvider(pid.getProviderId());
+            // First validate that the dataset exists and has a valid DOI
+            final Dataset dataset = findDatasetOrDie(id);
+            final GlobalId pid = dataset.getGlobalId();
+            final PidProvider pidProvider = PidUtil.getPidProvider(pid.getProviderId());
+            
             // Only supported for DOIs and for DataCite DOI providers
             if(!DataCiteDOIProvider.TYPE.equals(pidProvider.getProviderType())) {
                 return error(Status.BAD_REQUEST, "Only DataCite DOI providers are supported");
             }
-            String persistentId = pid.toString();
-
-            // DataCite wants "doi=", not "doi:".
-            String authorityPlusIdentifier = persistentId.replaceFirst("doi:", "");
-            // Request max page size and then loop to handle multiple pages
-            URL url = null;
-            try {
-                url = new URI(JvmSettings.DATACITE_REST_API_URL.lookup(pidProvider.getId()) +
-                              "/events?doi=" +
-                              authorityPlusIdentifier +
-                              "&source=crossref&page[size]=1000&page[cursor]=1").toURL();
-            } catch (URISyntaxException e) {
-                //Nominally this means a config error/ bad DATACITE_REST_API_URL for this provider
-                logger.warning("Unable to create URL for " + persistentId + ", pidProvider " + pidProvider.getId());
-                return error(Status.INTERNAL_SERVER_ERROR, "Unable to create DataCite URL to retrieve citations.");
-            }
-            logger.fine("Retrieving Citations from " + url.toString());
-            boolean nextPage = true;
-            JsonArrayBuilder dataBuilder = Json.createArrayBuilder();
-            do {
-                HttpURLConnection connection = (HttpURLConnection) url.openConnection();
-                connection.setRequestMethod("GET");
-                int status = connection.getResponseCode();
-                if (status != 200) {
-                    logger.warning("Failed to get citations from " + url.toString());
-                    connection.disconnect();
-                    return error(Status.fromStatusCode(status), "Failed to get citations from " + url.toString());
-                }
-                JsonObject report;
-                try (InputStream inStream = connection.getInputStream()) {
-                    report = JsonUtil.getJsonObject(inStream);
-                } finally {
-                    connection.disconnect();
-                }
-                JsonObject links = report.getJsonObject("links");
-                JsonArray data = report.getJsonArray("data");
-                Iterator<JsonValue> iter = data.iterator();
-                while (iter.hasNext()) {
-                    dataBuilder.add(iter.next());
+            
+            // Submit the task to the managed executor service
+            Future<?> future = executorService.submit(() -> {
+                try {
+                    processCitationUpdate(dataset, pid, pidProvider);
+                } catch (Exception e) {
+                    logger.log(Level.SEVERE, "Error processing citation update for dataset " + id, e);
                 }
-                if (links.containsKey("next")) {
-                    try {
-                        url = new URI(links.getString("next")).toURL();
-                    } catch (URISyntaxException e) {
-                        logger.warning("Unable to create URL from DataCite response: " + links.getString("next"));
-                        return error(Status.INTERNAL_SERVER_ERROR, "Unable to retrieve all results from DataCite");
-                    }
-                } else {
-                    nextPage = false;
-                }
-                logger.fine("body of citation response: " + report.toString());
-            } while (nextPage == true);
-            JsonArray allData = dataBuilder.build();
-            List<DatasetExternalCitations> datasetExternalCitations = datasetExternalCitationsService.parseCitations(allData);
-            /*
-             * ToDo: If this is the only source of citations, we should remove all the existing ones for the dataset and repopulate them.
-             * As is, this call doesn't remove old citations if there are now none (legacy issue if we decide to stop counting certain types of citation
-             * as we've done for 'hasPart').
-             * If there are some, this call individually checks each one and if a matching item exists, it removes it and adds it back. Faster and better to delete all and
-             * add the new ones.
-             */
-            if (!datasetExternalCitations.isEmpty()) {
-                for (DatasetExternalCitations dm : datasetExternalCitations) {
-                    datasetExternalCitationsService.save(dm);
-                }
-            }
-
+            });
+            
             JsonObjectBuilder output = Json.createObjectBuilder();
-            output.add("citationCount", datasetExternalCitations.size());
+            output.add("status", "queued");
+            output.add("message", "Citation update for dataset " + id + " has been queued for processing");
             return ok(output);
         } catch (WrappedResponse wr) {
             return wr.getResponse();
         }
     }
+    
+    /**
+     * Process the citation update for a dataset
+     * This method contains the logic that was previously in updateCitationsForDataset
+     */
+    private void processCitationUpdate(Dataset dataset, GlobalId pid, PidProvider pidProvider) throws IOException {
+        String persistentId = pid.asRawIdentifier();
+        
+        // Request max page size and then loop to handle multiple pages
+        URL url = null;
+        try {
+            url = new URI(JvmSettings.DATACITE_REST_API_URL.lookup(pidProvider.getId()) +
+                          "/events?doi=" +
+                          persistentId +
+                          "&source=crossref&page[size]=1000&page[cursor]=1").toURL();
+        } catch (URISyntaxException e) {
+            //Nominally this means a config error/ bad DATACITE_REST_API_URL for this provider
+            logger.warning("Unable to create URL for " + persistentId + ", pidProvider " + pidProvider.getId());
+            return;
+        }
+        
+        logger.fine("Retrieving Citations from " + url.toString());
+        boolean nextPage = true;
+        JsonArrayBuilder dataBuilder = Json.createArrayBuilder();
+        
+        do {
+            HttpURLConnection connection = (HttpURLConnection) url.openConnection();
+            connection.setRequestMethod("GET");
+            int status = connection.getResponseCode();
+            if (status != 200) {
+                logger.warning("Failed to get citations from " + url.toString());
+                connection.disconnect();
+                return;
+            }
+            
+            JsonObject report;
+            try (InputStream inStream = connection.getInputStream()) {
+                report = JsonUtil.getJsonObject(inStream);
+            } finally {
+                connection.disconnect();
+            }
+            
+            JsonObject links = report.getJsonObject("links");
+            JsonArray data = report.getJsonArray("data");
+            Iterator<JsonValue> iter = data.iterator();
+            while (iter.hasNext()) {
+                dataBuilder.add(iter.next());
+            }
+            
+            if (links.containsKey("next")) {
+                try {
+                    url = new URI(links.getString("next")).toURL();
+                } catch (URISyntaxException e) {
+                    logger.warning("Unable to create URL from DataCite response: " + links.getString("next"));
+                    return;
+                }
+            } else {
+                nextPage = false;
+            }
+            
+            logger.fine("body of citation response: " + report.toString());
+        } while (nextPage == true);
+        
+        JsonArray allData = dataBuilder.build();
+        List<DatasetExternalCitations> datasetExternalCitations = datasetExternalCitationsService.parseCitations(allData);
+        
+        /*
+         * ToDo: If this is the only source of citations, we should remove all the existing ones for the dataset and repopulate them.
+         * As is, this call doesn't remove old citations if there are now none (legacy issue if we decide to stop counting certain types of citation
+         * as we've done for 'hasPart').
+         * If there are some, this call individually checks each one and if a matching item exists, it removes it and adds it back. Faster and better to delete all and
+         * add the new ones.
+         */
+        if (!datasetExternalCitations.isEmpty()) {
+            for (DatasetExternalCitations dm : datasetExternalCitations) {
+                datasetExternalCitationsService.save(dm);
+            }
+        }
+        
+        logger.info("Citation update completed for dataset " + dataset.getId() + 
+                   " with " + datasetExternalCitations.size() + " citations");
+    }
+    
     @GET
     @Path("{yearMonth}/processingState")
     public Response getProcessingState(@PathParam("yearMonth") String yearMonth) {

From 3981933314e8c695f58315455c80f4f83506f01b Mon Sep 17 00:00:00 2001
From: Jim Myers <qqmyers@hotmail.com>
Date: Fri, 15 Aug 2025 13:38:02 -0400
Subject: [PATCH 125/634] add API_MDC_UPDATE_MIN_DELAY_MS

---
 .../iq/dataverse/api/MakeDataCountApi.java    | 37 +++++++++++++++++++
 .../iq/dataverse/settings/JvmSettings.java    |  4 ++
 2 files changed, 41 insertions(+)

diff --git a/src/main/java/edu/harvard/iq/dataverse/api/MakeDataCountApi.java b/src/main/java/edu/harvard/iq/dataverse/api/MakeDataCountApi.java
index 72788f1d8e7..3bed917c789 100644
--- a/src/main/java/edu/harvard/iq/dataverse/api/MakeDataCountApi.java
+++ b/src/main/java/edu/harvard/iq/dataverse/api/MakeDataCountApi.java
@@ -25,6 +25,8 @@
 import java.net.URL;
 import java.util.Iterator;
 import java.util.List;
+import java.util.concurrent.Future;
+import java.util.concurrent.atomic.AtomicLong;
 import java.util.logging.Level;
 import java.util.logging.Logger;
 
@@ -69,6 +71,9 @@ public class MakeDataCountApi extends AbstractApiBean {
     @Resource(name = "concurrent/CitationUpdateExecutor")
     private ManagedExecutorService executorService;
     
+    // Track the last execution time to implement rate limiting during Citation updates
+    private static final AtomicLong lastExecutionTime = new AtomicLong(0);
+    
     /**
      * TODO: For each dataset, send the following:
      *
@@ -163,7 +168,14 @@ public Response updateCitationsForDataset(@PathParam("id") String id) {
             // Submit the task to the managed executor service
             Future<?> future = executorService.submit(() -> {
                 try {
+                    // Apply rate limiting if enabled
+                    applyRateLimit();
+                    
+                    // Process the citation update
                     processCitationUpdate(dataset, pid, pidProvider);
+                    
+                    // Update the last execution time after processing
+                    lastExecutionTime.set(System.currentTimeMillis());
                 } catch (Exception e) {
                     logger.log(Level.SEVERE, "Error processing citation update for dataset " + id, e);
                 }
@@ -178,6 +190,31 @@ public Response updateCitationsForDataset(@PathParam("id") String id) {
         }
     }
     
+    /**
+     * Apply rate limiting by waiting if necessary
+     */
+    private void applyRateLimit() {
+        // Check if rate limiting is enabled
+        long minDelay = JvmSettings.API_MDC_UPDATE_MIN_DELAY_MS.lookupOptional(Long.class).orElse(0l);
+        
+        // Calculate how long to wait
+        long lastExecution = lastExecutionTime.get();
+        long currentTime = System.currentTimeMillis();
+        long elapsedTime = currentTime - lastExecution;
+        
+        // If not enough time has passed since the last execution, wait
+        if (lastExecution > 0 && elapsedTime < minDelay) {
+            long waitTime = minDelay - elapsedTime;
+            logger.fine("Rate limiting: waiting " + waitTime + " ms before processing next citation update");
+            try {
+                Thread.sleep(waitTime);
+            } catch (InterruptedException e) {
+                Thread.currentThread().interrupt();
+                logger.warning("Rate limiting sleep interrupted: " + e.getMessage());
+            }
+        }
+    }
+    
     /**
      * Process the citation update for a dataset
      * This method contains the logic that was previously in updateCitationsForDataset
diff --git a/src/main/java/edu/harvard/iq/dataverse/settings/JvmSettings.java b/src/main/java/edu/harvard/iq/dataverse/settings/JvmSettings.java
index 53dff244ae1..87123801a3e 100644
--- a/src/main/java/edu/harvard/iq/dataverse/settings/JvmSettings.java
+++ b/src/main/java/edu/harvard/iq/dataverse/settings/JvmSettings.java
@@ -93,6 +93,10 @@ public enum JvmSettings {
     API_BLOCKED_ENDPOINTS(SCOPE_API_BLOCKED, "endpoints"),
     API_BLOCKED_POLICY(SCOPE_API_BLOCKED, "policy"),
     API_BLOCKED_KEY(SCOPE_API_BLOCKED, "key"),
+    // API: MDC Citation updates
+    SCOPE_API_MDC(SCOPE_API, "mdc"),
+    API_MDC_UPDATE_MIN_DELAY_MS(SCOPE_API_MDC, "min-delay-ms"),
+    
 
     // SIGNPOSTING SETTINGS
     SCOPE_SIGNPOSTING(PREFIX, "signposting"),

From 973ab872e203085aee6be078eba85706ac0ac601 Mon Sep 17 00:00:00 2001
From: Jim Myers <qqmyers@hotmail.com>
Date: Fri, 15 Aug 2025 13:47:43 -0400
Subject: [PATCH 126/634] filter out hasPart etc earlier

---
 .../iq/dataverse/api/MakeDataCountApi.java    | 22 +++++++++++++++++--
 .../DatasetExternalCitationsServiceBean.java  |  4 ++--
 2 files changed, 22 insertions(+), 4 deletions(-)

diff --git a/src/main/java/edu/harvard/iq/dataverse/api/MakeDataCountApi.java b/src/main/java/edu/harvard/iq/dataverse/api/MakeDataCountApi.java
index 3bed917c789..64309886dd0 100644
--- a/src/main/java/edu/harvard/iq/dataverse/api/MakeDataCountApi.java
+++ b/src/main/java/edu/harvard/iq/dataverse/api/MakeDataCountApi.java
@@ -196,7 +196,9 @@ public Response updateCitationsForDataset(@PathParam("id") String id) {
     private void applyRateLimit() {
         // Check if rate limiting is enabled
         long minDelay = JvmSettings.API_MDC_UPDATE_MIN_DELAY_MS.lookupOptional(Long.class).orElse(0l);
-        
+        if(minDelay ==0) {
+            return;
+        }
         // Calculate how long to wait
         long lastExecution = lastExecutionTime.get();
         long currentTime = System.currentTimeMillis();
@@ -260,12 +262,28 @@ private void processCitationUpdate(Dataset dataset, GlobalId pid, PidProvider pi
             JsonArray data = report.getJsonArray("data");
             Iterator<JsonValue> iter = data.iterator();
             while (iter.hasNext()) {
-                dataBuilder.add(iter.next());
+                JsonValue citationValue = iter.next();
+                JsonObject citation = (JsonObject) citationValue;
+                
+                // Filter out relations we don't use (e.g. hasPart) to lower memory req. with many files
+                if (citation.containsKey("attributes")) {
+                    JsonObject attributes = citation.getJsonObject("attributes");
+                    if (attributes.containsKey("relation-type-id")) {
+                        String relationshipType = attributes.getString("relation-type-id");
+                        
+                        // Only add citations with relationship types we care about
+                        if (DatasetExternalCitationsServiceBean.inboundRelationships.contains(relationshipType)  ||
+                                DatasetExternalCitationsServiceBean.outboundRelationships.contains(relationshipType)) {
+                            dataBuilder.add(citationValue);
+                        }
+                    }
+                }
             }
             
             if (links.containsKey("next")) {
                 try {
                     url = new URI(links.getString("next")).toURL();
+                    applyRateLimit();
                 } catch (URISyntaxException e) {
                     logger.warning("Unable to create URL from DataCite response: " + links.getString("next"));
                     return;
diff --git a/src/main/java/edu/harvard/iq/dataverse/makedatacount/DatasetExternalCitationsServiceBean.java b/src/main/java/edu/harvard/iq/dataverse/makedatacount/DatasetExternalCitationsServiceBean.java
index fa56432cc3c..fa87926210f 100644
--- a/src/main/java/edu/harvard/iq/dataverse/makedatacount/DatasetExternalCitationsServiceBean.java
+++ b/src/main/java/edu/harvard/iq/dataverse/makedatacount/DatasetExternalCitationsServiceBean.java
@@ -39,13 +39,13 @@ public class DatasetExternalCitationsServiceBean implements java.io.Serializable
     DatasetServiceBean datasetService;
 
   //Array of relationship types that are considered to be citations
-  static ArrayList<String> inboundRelationships = new ArrayList<String>( 
+  public static ArrayList<String> inboundRelationships = new ArrayList<String>( 
           Arrays.asList(
           "cites",
           "references",
           "supplements",
           "is-supplement-to"));
-  static ArrayList<String> outboundRelationships = new ArrayList<String>( 
+  public static ArrayList<String> outboundRelationships = new ArrayList<String>( 
           Arrays.asList(
           "is-cited-by",
           "is-referenced-by",

From 5f6b076ab248e69f414b4df0a64508f9598c0417 Mon Sep 17 00:00:00 2001
From: Jim Myers <qqmyers@hotmail.com>
Date: Fri, 15 Aug 2025 15:06:54 -0400
Subject: [PATCH 127/634] cleanup logging/exception handling

---
 .../iq/dataverse/api/MakeDataCountApi.java    | 147 ++++++++++--------
 1 file changed, 80 insertions(+), 67 deletions(-)

diff --git a/src/main/java/edu/harvard/iq/dataverse/api/MakeDataCountApi.java b/src/main/java/edu/harvard/iq/dataverse/api/MakeDataCountApi.java
index 64309886dd0..6de0e86a254 100644
--- a/src/main/java/edu/harvard/iq/dataverse/api/MakeDataCountApi.java
+++ b/src/main/java/edu/harvard/iq/dataverse/api/MakeDataCountApi.java
@@ -172,10 +172,16 @@ public Response updateCitationsForDataset(@PathParam("id") String id) {
                     applyRateLimit();
                     
                     // Process the citation update
-                    processCitationUpdate(dataset, pid, pidProvider);
+                    boolean success = processCitationUpdate(dataset, pid, pidProvider);
                     
                     // Update the last execution time after processing
                     lastExecutionTime.set(System.currentTimeMillis());
+                    
+                    if (success) {
+                        logger.fine("Successfully processed citation update for dataset " + id);
+                    } else {
+                        logger.warning("Failed to process citation update for dataset " + id);
+                    }
                 } catch (Exception e) {
                     logger.log(Level.SEVERE, "Error processing citation update for dataset " + id, e);
                 }
@@ -220,8 +226,9 @@ private void applyRateLimit() {
     /**
      * Process the citation update for a dataset
      * This method contains the logic that was previously in updateCitationsForDataset
+     * @return true if processing was successful, false otherwise
      */
-    private void processCitationUpdate(Dataset dataset, GlobalId pid, PidProvider pidProvider) throws IOException {
+    private boolean processCitationUpdate(Dataset dataset, GlobalId pid, PidProvider pidProvider) {
         String persistentId = pid.asRawIdentifier();
         
         // Request max page size and then loop to handle multiple pages
@@ -231,88 +238,94 @@ private void processCitationUpdate(Dataset dataset, GlobalId pid, PidProvider pi
                           "/events?doi=" +
                           persistentId +
                           "&source=crossref&page[size]=1000&page[cursor]=1").toURL();
-        } catch (URISyntaxException e) {
+        } catch (URISyntaxException | MalformedURLException e) {
             //Nominally this means a config error/ bad DATACITE_REST_API_URL for this provider
             logger.warning("Unable to create URL for " + persistentId + ", pidProvider " + pidProvider.getId());
-            return;
+            return false;
         }
         
         logger.fine("Retrieving Citations from " + url.toString());
         boolean nextPage = true;
         JsonArrayBuilder dataBuilder = Json.createArrayBuilder();
         
-        do {
-            HttpURLConnection connection = (HttpURLConnection) url.openConnection();
-            connection.setRequestMethod("GET");
-            int status = connection.getResponseCode();
-            if (status != 200) {
-                logger.warning("Failed to get citations from " + url.toString());
-                connection.disconnect();
-                return;
-            }
-            
-            JsonObject report;
-            try (InputStream inStream = connection.getInputStream()) {
-                report = JsonUtil.getJsonObject(inStream);
-            } finally {
-                connection.disconnect();
-            }
-            
-            JsonObject links = report.getJsonObject("links");
-            JsonArray data = report.getJsonArray("data");
-            Iterator<JsonValue> iter = data.iterator();
-            while (iter.hasNext()) {
-                JsonValue citationValue = iter.next();
-                JsonObject citation = (JsonObject) citationValue;
+        try {
+            do {
+                HttpURLConnection connection = (HttpURLConnection) url.openConnection();
+                connection.setRequestMethod("GET");
+                int status = connection.getResponseCode();
+                if (status != 200) {
+                    logger.warning("Failed to get citations from " + url.toString());
+                    connection.disconnect();
+                    return false;
+                }
                 
-                // Filter out relations we don't use (e.g. hasPart) to lower memory req. with many files
-                if (citation.containsKey("attributes")) {
-                    JsonObject attributes = citation.getJsonObject("attributes");
-                    if (attributes.containsKey("relation-type-id")) {
-                        String relationshipType = attributes.getString("relation-type-id");
-                        
-                        // Only add citations with relationship types we care about
-                        if (DatasetExternalCitationsServiceBean.inboundRelationships.contains(relationshipType)  ||
-                                DatasetExternalCitationsServiceBean.outboundRelationships.contains(relationshipType)) {
-                            dataBuilder.add(citationValue);
+                JsonObject report;
+                try (InputStream inStream = connection.getInputStream()) {
+                    report = JsonUtil.getJsonObject(inStream);
+                } finally {
+                    connection.disconnect();
+                }
+                
+                JsonObject links = report.getJsonObject("links");
+                JsonArray data = report.getJsonArray("data");
+                Iterator<JsonValue> iter = data.iterator();
+                while (iter.hasNext()) {
+                    JsonValue citationValue = iter.next();
+                    JsonObject citation = (JsonObject) citationValue;
+                    
+                    // Filter out relations we don't use (e.g. hasPart) to lower memory req. with many files
+                    if (citation.containsKey("attributes")) {
+                        JsonObject attributes = citation.getJsonObject("attributes");
+                        if (attributes.containsKey("relation-type-id")) {
+                            String relationshipType = attributes.getString("relation-type-id");
+                            
+                            // Only add citations with relationship types we care about
+                            if (DatasetExternalCitationsServiceBean.inboundRelationships.contains(relationshipType) ||
+                                    DatasetExternalCitationsServiceBean.outboundRelationships.contains(relationshipType)) {
+                                dataBuilder.add(citationValue);
+                            }
                         }
                     }
                 }
-            }
+                
+                if (links.containsKey("next")) {
+                    try {
+                        url = new URI(links.getString("next")).toURL();
+                        applyRateLimit();
+                    } catch (URISyntaxException e) {
+                        logger.warning("Unable to create URL from DataCite response: " + links.getString("next"));
+                        return false;
+                    }
+                } else {
+                    nextPage = false;
+                }
+                
+                logger.fine("body of citation response: " + report.toString());
+            } while (nextPage == true);
             
-            if (links.containsKey("next")) {
-                try {
-                    url = new URI(links.getString("next")).toURL();
-                    applyRateLimit();
-                } catch (URISyntaxException e) {
-                    logger.warning("Unable to create URL from DataCite response: " + links.getString("next"));
-                    return;
+            JsonArray allData = dataBuilder.build();
+            List<DatasetExternalCitations> datasetExternalCitations = datasetExternalCitationsService.parseCitations(allData);
+            
+            /*
+             * ToDo: If this is the only source of citations, we should remove all the existing ones for the dataset and repopulate them.
+             * As is, this call doesn't remove old citations if there are now none (legacy issue if we decide to stop counting certain types of citation
+             * as we've done for 'hasPart').
+             * If there are some, this call individually checks each one and if a matching item exists, it removes it and adds it back. Faster and better to delete all and
+             * add the new ones.
+             */
+            if (!datasetExternalCitations.isEmpty()) {
+                for (DatasetExternalCitations dm : datasetExternalCitations) {
+                    datasetExternalCitationsService.save(dm);
                 }
-            } else {
-                nextPage = false;
             }
             
-            logger.fine("body of citation response: " + report.toString());
-        } while (nextPage == true);
-        
-        JsonArray allData = dataBuilder.build();
-        List<DatasetExternalCitations> datasetExternalCitations = datasetExternalCitationsService.parseCitations(allData);
-        
-        /*
-         * ToDo: If this is the only source of citations, we should remove all the existing ones for the dataset and repopulate them.
-         * As is, this call doesn't remove old citations if there are now none (legacy issue if we decide to stop counting certain types of citation
-         * as we've done for 'hasPart').
-         * If there are some, this call individually checks each one and if a matching item exists, it removes it and adds it back. Faster and better to delete all and
-         * add the new ones.
-         */
-        if (!datasetExternalCitations.isEmpty()) {
-            for (DatasetExternalCitations dm : datasetExternalCitations) {
-                datasetExternalCitationsService.save(dm);
-            }
+            logger.fine("Citation update completed for dataset " + dataset.getId() + 
+                       " with " + datasetExternalCitations.size() + " citations");
+            return true;
+        } catch (IOException e) {
+            logger.log(Level.WARNING, "Error processing citation update for dataset " + dataset.getId(), e);
+            return false;
         }
-        
-        logger.info("Citation update completed for dataset " + dataset.getId() + 
-                   " with " + datasetExternalCitations.size() + " citations");
     }
     
     @GET

From a96dffb0678485601e50324d7cb701e08836d350 Mon Sep 17 00:00:00 2001
From: Jim Myers <qqmyers@hotmail.com>
Date: Fri, 15 Aug 2025 16:05:33 -0400
Subject: [PATCH 128/634] handle queue full error

---
 .../iq/dataverse/api/MakeDataCountApi.java    | 62 +++++++++++--------
 1 file changed, 35 insertions(+), 27 deletions(-)

diff --git a/src/main/java/edu/harvard/iq/dataverse/api/MakeDataCountApi.java b/src/main/java/edu/harvard/iq/dataverse/api/MakeDataCountApi.java
index 6de0e86a254..ca4f55da822 100644
--- a/src/main/java/edu/harvard/iq/dataverse/api/MakeDataCountApi.java
+++ b/src/main/java/edu/harvard/iq/dataverse/api/MakeDataCountApi.java
@@ -26,6 +26,7 @@
 import java.util.Iterator;
 import java.util.List;
 import java.util.concurrent.Future;
+import java.util.concurrent.RejectedExecutionException;
 import java.util.concurrent.atomic.AtomicLong;
 import java.util.logging.Level;
 import java.util.logging.Logger;
@@ -159,38 +160,45 @@ public Response updateCitationsForDataset(@PathParam("id") String id) {
             final Dataset dataset = findDatasetOrDie(id);
             final GlobalId pid = dataset.getGlobalId();
             final PidProvider pidProvider = PidUtil.getPidProvider(pid.getProviderId());
-            
+
             // Only supported for DOIs and for DataCite DOI providers
-            if(!DataCiteDOIProvider.TYPE.equals(pidProvider.getProviderType())) {
+            if (!DataCiteDOIProvider.TYPE.equals(pidProvider.getProviderType())) {
                 return error(Status.BAD_REQUEST, "Only DataCite DOI providers are supported");
             }
-            
+
             // Submit the task to the managed executor service
-            Future<?> future = executorService.submit(() -> {
-                try {
-                    // Apply rate limiting if enabled
-                    applyRateLimit();
-                    
-                    // Process the citation update
-                    boolean success = processCitationUpdate(dataset, pid, pidProvider);
-                    
-                    // Update the last execution time after processing
-                    lastExecutionTime.set(System.currentTimeMillis());
-                    
-                    if (success) {
-                        logger.fine("Successfully processed citation update for dataset " + id);
-                    } else {
-                        logger.warning("Failed to process citation update for dataset " + id);
+            Future<?> future;
+            try {
+                future = executorService.submit(() -> {
+                    try {
+                        // Apply rate limiting if enabled
+                        applyRateLimit();
+
+                        // Process the citation update
+                        boolean success = processCitationUpdate(dataset, pid, pidProvider);
+
+                        // Update the last execution time after processing
+                        lastExecutionTime.set(System.currentTimeMillis());
+
+                        if (success) {
+                            logger.fine("Successfully processed citation update for dataset " + id);
+                        } else {
+                            logger.warning("Failed to process citation update for dataset " + id);
+                        }
+                    } catch (Exception e) {
+                        logger.log(Level.SEVERE, "Error processing citation update for dataset " + id, e);
                     }
-                } catch (Exception e) {
-                    logger.log(Level.SEVERE, "Error processing citation update for dataset " + id, e);
-                }
-            });
-            
-            JsonObjectBuilder output = Json.createObjectBuilder();
-            output.add("status", "queued");
-            output.add("message", "Citation update for dataset " + id + " has been queued for processing");
-            return ok(output);
+                });
+
+                JsonObjectBuilder output = Json.createObjectBuilder();
+                output.add("status", "queued");
+                output.add("message", "Citation update for dataset " + id + " has been queued for processing");
+                return ok(output);
+            } catch (RejectedExecutionException ree) {
+                logger.warning("Citation update for dataset " + id + " was rejected: Queue is full");
+                return error(Status.SERVICE_UNAVAILABLE,
+                        "Citation update service is currently at capacity. Please try again later.");
+            }
         } catch (WrappedResponse wr) {
             return wr.getResponse();
         }

From 5d8095b190e8be29c9bdea4d4797d29123de9d59 Mon Sep 17 00:00:00 2001
From: Jim Myers <qqmyers@hotmail.com>
Date: Fri, 15 Aug 2025 16:05:48 -0400
Subject: [PATCH 129/634] update script for asynch api call

---
 conf/mdc/counter_weekly.sh | 92 ++++++++++++++++++++++++++++++++++++++
 1 file changed, 92 insertions(+)
 create mode 100644 conf/mdc/counter_weekly.sh

diff --git a/conf/mdc/counter_weekly.sh b/conf/mdc/counter_weekly.sh
new file mode 100644
index 00000000000..67cb5df2af2
--- /dev/null
+++ b/conf/mdc/counter_weekly.sh
@@ -0,0 +1,92 @@
+#!/bin/sh
+#counter_weekly.sh
+
+# This script iterates through all published Datasets in all Dataverses and calls the Make Data Count API to update their citations from DataCite
+# Note: Requires curl and jq for parsing JSON responses form curl
+
+# A recursive method to process each Dataverse
+processDV () {
+echo "Processing Dataverse ID#: $1"
+
+#Call the Dataverse API to get the contents of the Dataverse (without credentials, this will only list published datasets and dataverses
+DVCONTENTS=$(curl -s http://localhost:8080/api/dataverses/$1/contents)
+
+# Iterate over all datasets, pulling the value of their DOIs (as part of the persistentUrl) from the json returned
+for subds in $(echo "${DVCONTENTS}" | jq -r '.data[] | select(.type == "dataset") | .persistentUrl'); do
+
+#The authority/identifier are preceded by a protocol/host, i.e. https://doi.org/
+DOI=`expr "$subds" : '.*:\/\/\doi\.org\/\(.*\)'`
+
+# Call the Dataverse API for this dataset and capture both the response and HTTP status code
+HTTP_RESPONSE=$(curl -s -w "\n%{http_code}" -X POST "http://localhost:8080/api/admin/makeDataCount/:persistentId/updateCitationsForDataset?persistentId=doi:$DOI")
+
+# Extract the HTTP status code from the last line
+HTTP_STATUS=$(echo "$HTTP_RESPONSE" | tail -n1)
+# Extract the response body (everything except the last line)
+RESPONSE_BODY=$(echo "$HTTP_RESPONSE" | sed '$d')
+
+# Check the HTTP status code and report accordingly
+case $HTTP_STATUS in
+    200)
+        # Successfully queued
+        # Extract status from the nested data object
+        STATUS=$(echo "$RESPONSE_BODY" | jq -r '.data.status')
+        
+        # Extract message from the nested data object
+        if echo "$RESPONSE_BODY" | jq -e '.data.message' > /dev/null 2>&1 && [ "$(echo "$RESPONSE_BODY" | jq -r '.data.message')" != "null" ]; then
+            MESSAGE=$(echo "$RESPONSE_BODY" | jq -r '.data.message')
+            echo "[SUCCESS] doi:$DOI - $STATUS: $MESSAGE"
+        else
+            # If message is missing or null, just show the status
+            echo "[SUCCESS] doi:$DOI - $STATUS: Citation update queued"
+        fi
+        ;;
+    400)
+        # Bad request
+        if echo "$RESPONSE_BODY" | jq -e '.message' > /dev/null 2>&1; then
+            ERROR=$(echo "$RESPONSE_BODY" | jq -r '.message')
+            echo "[ERROR 400] doi:$DOI - Bad request: $ERROR"
+        else
+            echo "[ERROR 400] doi:$DOI - Bad request"
+        fi
+        ;;
+    404)
+        # Not found
+        if echo "$RESPONSE_BODY" | jq -e '.message' > /dev/null 2>&1; then
+            ERROR=$(echo "$RESPONSE_BODY" | jq -r '.message')
+            echo "[ERROR 404] doi:$DOI - Not found: $ERROR"
+        else
+            echo "[ERROR 404] doi:$DOI - Not found"
+        fi
+        ;;
+    503)
+        # Service unavailable (queue full)
+        if echo "$RESPONSE_BODY" | jq -e '.message' > /dev/null 2>&1; then
+            ERROR=$(echo "$RESPONSE_BODY" | jq -r '.message')
+            echo "[ERROR 503] doi:$DOI - Service unavailable: $ERROR"
+        elif echo "$RESPONSE_BODY" | jq -e '.data.message' > /dev/null 2>&1; then
+            ERROR=$(echo "$RESPONSE_BODY" | jq -r '.data.message')
+            echo "[ERROR 503] doi:$DOI - Service unavailable: $ERROR"
+        else
+            echo "[ERROR 503] doi:$DOI - Service unavailable: Queue is full"
+        fi
+        ;;
+    *)
+        # Other error
+        echo "[ERROR $HTTP_STATUS] doi:$DOI - Unexpected error"
+        echo "Response: $RESPONSE_BODY"
+        ;;
+esac
+
+done
+
+# Now iterate over any child Dataverses and recursively process them
+for subdv in $(echo "${DVCONTENTS}" | jq -r '.data[] | select(.type == "dataverse") | .id'); do
+echo $subdv
+processDV $subdv
+done
+
+}
+
+# Call the function on the root dataverse to start processing 
+processDV 1
\ No newline at end of file

From 75d99d09158c27a7cbf360c52d7a3611cff7809d Mon Sep 17 00:00:00 2001
From: Leonid Andreev <leonid@hmdc.harvard.edu>
Date: Fri, 29 Aug 2025 13:16:54 -0400
Subject: [PATCH 130/634] another experimental iteration of the updated export
 data spi. #11766

---
 .../io/gdcc/spi/export/ExportDataContext.java | 13 +++++++
 .../io/gdcc/spi/export/ExportDataOption.java  |  1 +
 .../gdcc/spi/export/ExportDataProvider.java   | 36 +++++++++++--------
 .../java/io/gdcc/spi/export/Exporter.java     | 14 +++++++-
 4 files changed, 49 insertions(+), 15 deletions(-)
 create mode 100644 modules/dataverse-spi/src/main/java/io/gdcc/spi/export/ExportDataContext.java

diff --git a/modules/dataverse-spi/src/main/java/io/gdcc/spi/export/ExportDataContext.java b/modules/dataverse-spi/src/main/java/io/gdcc/spi/export/ExportDataContext.java
new file mode 100644
index 00000000000..8776f2047ba
--- /dev/null
+++ b/modules/dataverse-spi/src/main/java/io/gdcc/spi/export/ExportDataContext.java
@@ -0,0 +1,13 @@
+/*
+ * Click nbfs://nbhost/SystemFileSystem/Templates/Licenses/license-default.txt to change this license
+ * Click nbfs://nbhost/SystemFileSystem/Templates/Classes/Class.java to edit this template
+ */
+package io.gdcc.spi.export;
+
+/**
+ *
+ * @author landreev
+ */
+public class ExportDataContext {
+    
+}
diff --git a/modules/dataverse-spi/src/main/java/io/gdcc/spi/export/ExportDataOption.java b/modules/dataverse-spi/src/main/java/io/gdcc/spi/export/ExportDataOption.java
index 1c447cc53e3..69f813f83ce 100644
--- a/modules/dataverse-spi/src/main/java/io/gdcc/spi/export/ExportDataOption.java
+++ b/modules/dataverse-spi/src/main/java/io/gdcc/spi/export/ExportDataOption.java
@@ -8,6 +8,7 @@
  * options going forward with minimal or no changes to the existing code in 
  * export plugins. 
  */
+@Deprecated
 public class ExportDataOption {
     
     public enum SupportedOptions {
diff --git a/modules/dataverse-spi/src/main/java/io/gdcc/spi/export/ExportDataProvider.java b/modules/dataverse-spi/src/main/java/io/gdcc/spi/export/ExportDataProvider.java
index 54d98511d80..4197d978e79 100644
--- a/modules/dataverse-spi/src/main/java/io/gdcc/spi/export/ExportDataProvider.java
+++ b/modules/dataverse-spi/src/main/java/io/gdcc/spi/export/ExportDataProvider.java
@@ -21,13 +21,14 @@ public interface ExportDataProvider {
      *          OAI_ORE export are the only two that provide 'complete'
      *          dataset-level metadata along with basic file metadata for each file
      *          in the dataset.
-     * @param options - optional argument(s). needs to support ExportDataOption.DatasetMetadataOnly: 
-     *               in a situation where we need to generate a format like DC,
-     *               that has no use for file-level metadata, it makes sense to
-     *               skip retrieving and formatting it, since there can be quite a few
+     * @param context - supplies optional parameters. Needs to support 
+     *               context.isDatasetMetadataOnly(). In a situation where we 
+     *               need to generate a format like DC that has no use for the 
+     *               file-level metadata, it makes sense to skip retrieving and 
+     *               formatting it, since there can be a very large number of 
      *               files in a dataset.
      */
-    JsonObject getDatasetJson(ExportDataOption... options);    
+    JsonObject getDatasetJson(ExportDataContext... context);    
 
     /**
      * 
@@ -37,8 +38,9 @@ public interface ExportDataProvider {
      * @apiNote - THis, and the JSON format are the only two that provide complete
      *          dataset-level metadata along with basic file metadata for each file
      *          in the dataset.
+     * @param context - supplies optional parameters.
      */
-    JsonObject getDatasetORE(ExportDataOption... options);
+    JsonObject getDatasetORE(ExportDataContext... context);
 
     /**
      * Dataverse is capable of extracting DDI-centric metadata from tabular
@@ -52,8 +54,9 @@ public interface ExportDataProvider {
      *          edu.harvard.iq.dataverse.export.DDIExporter and the @see
      *          edu.harvard.iq.dataverse.util.json.JSONPrinter classes where this
      *          output is used/generated (respectively).
+     * @param context - supplies optional parameters.
      */
-    JsonArray getDatasetFileDetails(ExportDataOption... options);
+    JsonArray getDatasetFileDetails(ExportDataContext... context);
 
     /**
      * Similar to the above, but 
@@ -61,13 +64,15 @@ public interface ExportDataProvider {
      * b) provides an option for retrieving this stuff in batches 
      * c) provides an option for skipping restricted/embargoed etc. files.
      * Intended for datasets with massive numbers of tabular files and datavariables. 
-     * @param offset (can be null)
-     * @param length (can be null)
-     * @param options (optional) current use case is ExportDataOption.PublicFilesOnly;
+     * @param context - supplies optional parameters.
+     * current (2.1.0) known use cases:
+     *    context.isPublicFilesOnly();
+     *    context.getOffset();
+     *    context.getLength();
      * @return json array containing the datafile/filemetadata->datatable->datavariable metadata
      * @throws ExportException
      */
-    JsonArray getTabularDataDetails(Integer offset, Integer length, ExportDataOption ... options) throws ExportException;
+    JsonArray getTabularDataDetails(ExportDataContext ... context) throws ExportException;
     
     /**
      * 
@@ -77,8 +82,9 @@ public interface ExportDataProvider {
      * @apiNote - as this metadata export is not complete, it should only be used as
      *          a starting point for an Exporter if it simplifies your exporter
      *          relative to using the JSON or OAI_ORE exports.
+     * @param context - supplies optional parameters.
      */
-    JsonObject getDatasetSchemaDotOrg(ExportDataOption... options);
+    JsonObject getDatasetSchemaDotOrg(ExportDataContext... context);
 
     /**
      * 
@@ -87,8 +93,9 @@ public interface ExportDataProvider {
      * @apiNote - as this metadata export is not complete, it should only be used as
      *          a starting point for an Exporter if it simplifies your exporter
      *          relative to using the JSON or OAI_ORE exports.
+     * @param context - supplies optional parameters.
      */
-    String getDataCiteXml(ExportDataOption... options);
+    String getDataCiteXml(ExportDataContext... context);
 
     /**
      * If an Exporter has specified a prerequisite format name via the
@@ -107,8 +114,9 @@ public interface ExportDataProvider {
      *          malfunction, e.g. if you depend on format "ddi" and a third party
      *          Exporter is configured to replace the internal ddi Exporter in
      *          Dataverse.
+     * @param context - supplies optional parameters.
      */
-    default Optional<InputStream> getPrerequisiteInputStream(ExportDataOption... options) {
+    default Optional<InputStream> getPrerequisiteInputStream(ExportDataContext... context) {
         return Optional.empty();
     }
    
diff --git a/modules/dataverse-spi/src/main/java/io/gdcc/spi/export/Exporter.java b/modules/dataverse-spi/src/main/java/io/gdcc/spi/export/Exporter.java
index 1338a3c9734..f91a2504f74 100644
--- a/modules/dataverse-spi/src/main/java/io/gdcc/spi/export/Exporter.java
+++ b/modules/dataverse-spi/src/main/java/io/gdcc/spi/export/Exporter.java
@@ -84,7 +84,19 @@ public interface Exporter {
     default Optional<String> getPrerequisiteFormatName() {
         return Optional.empty();
     }
-
+        
+    /**
+     * Most metadata formats do not require tabular metadata to be generated. 
+     * (the 2 known cases that encode variable-level information, as of Dataverse 6.7, 
+     * are rich DDI and Croissant). In order to serve it more efficiently,
+     * the data provider may need to be initialized in a special way (with access
+     * to EJBs that in most cases isn't needed), so it may help to know 
+     * programmatically whether it's required for this format. 
+     * @return Optional<Boolean> 
+     */
+    default Optional<Boolean> isNeedsTabularMetadata() {
+        return Optional.of(false);
+    }
 
     /**
      * Harvestable Exporters will be available as options in Dataverse's Harvesting mechanism.

From cb06d8962863e9d2ffdc279637d92969cc2a1c79 Mon Sep 17 00:00:00 2001
From: Leonid Andreev <leonid@hmdc.harvard.edu>
Date: Fri, 29 Aug 2025 13:42:31 -0400
Subject: [PATCH 131/634] the new context object (was missing from the previous
 commit in error) #11766

---
 .../io/gdcc/spi/export/ExportDataContext.java | 56 +++++++++++++++++--
 1 file changed, 52 insertions(+), 4 deletions(-)

diff --git a/modules/dataverse-spi/src/main/java/io/gdcc/spi/export/ExportDataContext.java b/modules/dataverse-spi/src/main/java/io/gdcc/spi/export/ExportDataContext.java
index 8776f2047ba..9478d39c4c2 100644
--- a/modules/dataverse-spi/src/main/java/io/gdcc/spi/export/ExportDataContext.java
+++ b/modules/dataverse-spi/src/main/java/io/gdcc/spi/export/ExportDataContext.java
@@ -1,13 +1,61 @@
-/*
- * Click nbfs://nbhost/SystemFileSystem/Templates/Licenses/license-default.txt to change this license
- * Click nbfs://nbhost/SystemFileSystem/Templates/Classes/Class.java to edit this template
- */
 package io.gdcc.spi.export;
 
 /**
  *
  * @author landreev
+ * Provides an optional mechanism for defining various data retrieval options 
+ * for the export subsystem in a way that should allow us adding support for 
+ * more options going forward with minimal or no changes to the already 
+ * implemented export plugins. 
  */
 public class ExportDataContext {
+    private boolean datasetMetadataOnly = false; 
+    private boolean publicFilesOnly = false;
+    private Integer offset = null; 
+    private Integer length = null; 
+    
+    private ExportDataContext() {
+        
+    }
+    
+    public static ExportDataContext context() {
+        ExportDataContext context = new ExportDataContext();
+        return context; 
+    }
+    
+    public ExportDataContext withDatasetMetadataOnly() {
+        this.datasetMetadataOnly = true;
+        return this; 
+    }
+    
+    public ExportDataContext withPublicFilesOnly() {
+        this.publicFilesOnly = true;
+        return this; 
+    }
+    
+    public ExportDataContext withOffset(Integer offset) {
+        this.offset = offset; 
+        return this;
+    }
+    
+    public ExportDataContext withLength(Integer length) {
+        this.length = length; 
+        return this;
+    }
+    
+    public boolean isDatasetMetadataOnly() {
+        return datasetMetadataOnly;
+    }
+    
+    public boolean isPublicFilesOnly() {
+        return publicFilesOnly;
+    }
+    
+    public Integer getOffset() {
+        return offset; 
+    }
     
+    public Integer getLength() {
+        return length; 
+    }    
 }

From ba61c09459fdc9e994d30359b81031f001fe8324 Mon Sep 17 00:00:00 2001
From: Jim Myers <qqmyers@hotmail.com>
Date: Fri, 29 Aug 2025 14:35:50 -0400
Subject: [PATCH 132/634] release note

---
 doc/release-notes/11777-MDC-citation-api-improvement.md | 7 +++++++
 1 file changed, 7 insertions(+)
 create mode 100644 doc/release-notes/11777-MDC-citation-api-improvement.md

diff --git a/doc/release-notes/11777-MDC-citation-api-improvement.md b/doc/release-notes/11777-MDC-citation-api-improvement.md
new file mode 100644
index 00000000000..9441e9e0f44
--- /dev/null
+++ b/doc/release-notes/11777-MDC-citation-api-improvement.md
@@ -0,0 +1,7 @@
+The /api/admin/makeDataCount/{id}/updateCitationsForDataset endpoint, which allows citations for a dataset to be retrieved from DataCite, is often called periodically for all datasets. However, allowing calls for many datasets to be processed in parallel can cause performance problems in Dataverse and/or cause calls to DataCite to fail due to rate limiting. The existing implementation was also inefficient w.r.t. memory use when used on datasets with many (>~1K) files. This release configures Dataverse to queue calls to this api, processes them serially, adds optional throttling to avoid hitting DataCite rate limits and improves memory use.
+
+New optional MPConfig setting: 
+ 
+dataverse.api.mdc.min-delay-ms - number of milliseconds to wait between calls to DataCite. A value of ~100 should conservatively address DataCite's current 3000/5 minute limit. A value of 250 may be required for their test service. 
+
+Backward compatibility: This api call is now asynchronous and will return an OK response when the call is queued or a 503 if the queue is full.
\ No newline at end of file

From 71321b995f7667f53c3eb2c8a4aec1e94d3cecd2 Mon Sep 17 00:00:00 2001
From: Jim Myers <qqmyers@hotmail.com>
Date: Fri, 29 Aug 2025 14:36:09 -0400
Subject: [PATCH 133/634] switch to app executor service

---
 src/main/webapp/WEB-INF/glassfish-resources.xml | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/src/main/webapp/WEB-INF/glassfish-resources.xml b/src/main/webapp/WEB-INF/glassfish-resources.xml
index 3fbbf4c3586..74af3be42ce 100644
--- a/src/main/webapp/WEB-INF/glassfish-resources.xml
+++ b/src/main/webapp/WEB-INF/glassfish-resources.xml
@@ -11,4 +11,14 @@
         <property name="keepAliveTime" value="300"/>
         <property name="threadLifeTime" value="3600"/>
     </custom-resource>
+    <!-- Managed Executor Service for Citation Updates -->
+    <custom-resource res-type="javax.enterprise.concurrent.ManagedExecutorService" 
+                     jndi-name="java:app/env/concurrent/CitationUpdateExecutor" 
+                     factory-class="org.glassfish.resources.custom.factory.ManagedExecutorServiceFactory">
+        <property name="corePoolSize" value="1"/>
+        <property name="maximumPoolSize" value="1"/>
+        <property name="keepAliveSeconds" value="60"/>
+        <property name="queueCapacity" value="1000"/>
+        <property name="threadLifeTime" value="300"/>
+    </custom-resource>
 </resources>
\ No newline at end of file

From 867af5e08398f88a0fd211a9e1e1eb3e145ee634 Mon Sep 17 00:00:00 2001
From: Jim Myers <qqmyers@hotmail.com>
Date: Fri, 29 Aug 2025 14:46:05 -0400
Subject: [PATCH 134/634] docs

---
 .../source/admin/make-data-count.rst             |  2 ++
 doc/sphinx-guides/source/api/changelog.rst       |  2 +-
 doc/sphinx-guides/source/installation/config.rst | 16 ++++++++++++++++
 3 files changed, 19 insertions(+), 1 deletion(-)

diff --git a/doc/sphinx-guides/source/admin/make-data-count.rst b/doc/sphinx-guides/source/admin/make-data-count.rst
index 0103a6f9e38..f8ffa7bb084 100644
--- a/doc/sphinx-guides/source/admin/make-data-count.rst
+++ b/doc/sphinx-guides/source/admin/make-data-count.rst
@@ -166,6 +166,8 @@ The example :download:`counter_weekly.sh <../_static/util/counter_weekly.sh>` wi
 
 Citations will be retrieved for each published dataset and recorded in the your Dataverse installation's database.
 
+Note that the :ref:`dataverse.api.mdc.min-delay-ms` setting can be used to avoid getting rate-limit errors from DataCite.
+
 For how to get the citations out of your Dataverse installation, see "Retrieving Citations for a Dataset" under :ref:`Dataset Metrics <dataset-metrics-api>` in the :doc:`/api/native-api` section of the API Guide.
   
 Please note that while the Dataverse Software has a metadata field for "Related Dataset" this information is not currently sent as a citation to Crossref.
diff --git a/doc/sphinx-guides/source/api/changelog.rst b/doc/sphinx-guides/source/api/changelog.rst
index 16157459220..08e8620ba13 100644
--- a/doc/sphinx-guides/source/api/changelog.rst
+++ b/doc/sphinx-guides/source/api/changelog.rst
@@ -13,7 +13,7 @@ v6.8
 - For POST /api/files/{id}/metadata passing an empty string ("description":"")  or array ("categories":[]) will no longer be ignored. Empty fields will now clear out the values in the file's metadata. To ignore the fields simply do not include them in the JSON string.
 - For PUT /api/datasets/{id}/editMetadata the query parameter "sourceInternalVersionNumber" has been removed and replaced with "sourceLastUpdateTime" to verify that the data being edited hasn't been modified and isn't stale.
 - For GET /api/dataverses/$dataverse-alias/links the Json response has changed breaking the backward compatibility of the API.
-
+- The POST /api/admin/makeDataCount/{id}/updateCitationsForDataset processing is now asynchronous and the response no longer includes the number of citations. The response can be OK if the request is queued or 503 if the queue is full (default queue size is 1000).
 v6.7
 ----
 
diff --git a/doc/sphinx-guides/source/installation/config.rst b/doc/sphinx-guides/source/installation/config.rst
index d2eff275392..a8e6129c501 100644
--- a/doc/sphinx-guides/source/installation/config.rst
+++ b/doc/sphinx-guides/source/installation/config.rst
@@ -3729,6 +3729,22 @@ Example:
 
 Can also be set via any `supported MicroProfile Config API source`_, e.g. the environment variable ``DATAVERSE_CORS_HEADERS_EXPOSE``.
 
+
+.. _dataverse.api.mdc.min-delay-ms:
+
+dataverse.api.mdc.min-delay-ms
+++++++++++++++++++++++++++++++
+
+Minimum delay in milliseconds between Make Data Count (MDC) API requests from the /api/admin/makeDataCount/{id}/updateCitationsForDataset api.
+This setting helps prevent overloading the MDC service by enforcing a minimum time interval between consecutive requests.
+If a request arrives before this interval has elapsed since the previous request, it will be rate-limited.
+
+Default: ``0`` (no delay enforced)
+
+Example: ``dataverse.api.mdc.min-delay-ms=100`` (enforces a minimum 100ms delay between MDC API requests)
+
+Can also be set via any `supported MicroProfile Config API source`_, e.g. the environment variable ``DATAVERSE_API_MDC_MIN_DELAY_MS``.
+
 .. _feature-flags:
 
 Feature Flags

From 85fcbac7a05d652360fd9fac3ac5ccd8a06627f5 Mon Sep 17 00:00:00 2001
From: Jim Myers <qqmyers@hotmail.com>
Date: Fri, 29 Aug 2025 15:10:54 -0400
Subject: [PATCH 135/634] missing blank line

---
 doc/sphinx-guides/source/api/changelog.rst | 1 +
 1 file changed, 1 insertion(+)

diff --git a/doc/sphinx-guides/source/api/changelog.rst b/doc/sphinx-guides/source/api/changelog.rst
index 08e8620ba13..4c91a63f86d 100644
--- a/doc/sphinx-guides/source/api/changelog.rst
+++ b/doc/sphinx-guides/source/api/changelog.rst
@@ -14,6 +14,7 @@ v6.8
 - For PUT /api/datasets/{id}/editMetadata the query parameter "sourceInternalVersionNumber" has been removed and replaced with "sourceLastUpdateTime" to verify that the data being edited hasn't been modified and isn't stale.
 - For GET /api/dataverses/$dataverse-alias/links the Json response has changed breaking the backward compatibility of the API.
 - The POST /api/admin/makeDataCount/{id}/updateCitationsForDataset processing is now asynchronous and the response no longer includes the number of citations. The response can be OK if the request is queued or 503 if the queue is full (default queue size is 1000).
+
 v6.7
 ----
 

From fcb8b9d97b6d3eab94f656896bcd65eba5e16a41 Mon Sep 17 00:00:00 2001
From: Jim Myers <qqmyers@hotmail.com>
Date: Fri, 29 Aug 2025 15:22:23 -0400
Subject: [PATCH 136/634] check for string

---
 .../iq/dataverse/pidproviders/doi/XmlMetadataTemplate.java    | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/src/main/java/edu/harvard/iq/dataverse/pidproviders/doi/XmlMetadataTemplate.java b/src/main/java/edu/harvard/iq/dataverse/pidproviders/doi/XmlMetadataTemplate.java
index baf8302437d..1bd0f4a1adc 100644
--- a/src/main/java/edu/harvard/iq/dataverse/pidproviders/doi/XmlMetadataTemplate.java
+++ b/src/main/java/edu/harvard/iq/dataverse/pidproviders/doi/XmlMetadataTemplate.java
@@ -58,6 +58,7 @@
 import edu.harvard.iq.dataverse.util.xml.XmlWriterUtil;
 import jakarta.enterprise.inject.spi.CDI;
 import jakarta.json.JsonObject;
+import jakarta.json.JsonValue.ValueType;
 
 public class XmlMetadataTemplate {
 
@@ -621,7 +622,8 @@ private void writeEntityElements(XMLStreamWriter xmlw, String elementName, Strin
             if (externalIdentifier.isValidIdentifier(orgName)) {
                 isROR = true;
                 JsonObject jo = getExternalVocabularyValue(orgName);
-                if (jo != null) {
+                // Some ext. cvv configs store a JsonArray of multiple objects/values. In such cases, we'll leave orgName blank 
+                if (jo != null && jo.getValueType() == ValueType.STRING) {
                     orgName = jo.getString("termName");
                 }
             }

From 05b68c621bf368ce3363151cbef4f33c4874396c Mon Sep 17 00:00:00 2001
From: Jim Myers <qqmyers@hotmail.com>
Date: Tue, 26 Aug 2025 16:58:03 -0400
Subject: [PATCH 137/634] and another

---
 src/main/java/edu/harvard/iq/dataverse/export/ExportService.java | 1 +
 1 file changed, 1 insertion(+)

diff --git a/src/main/java/edu/harvard/iq/dataverse/export/ExportService.java b/src/main/java/edu/harvard/iq/dataverse/export/ExportService.java
index b98f88e386f..e7bcf17d44b 100644
--- a/src/main/java/edu/harvard/iq/dataverse/export/ExportService.java
+++ b/src/main/java/edu/harvard/iq/dataverse/export/ExportService.java
@@ -312,6 +312,7 @@ public void exportAllFormats(Dataset dataset) throws ExportException {
         } catch (ServiceConfigurationError serviceError) {
             throw new ExportException("Service configuration error during export. " + serviceError.getMessage());
         } catch (RuntimeException e) {
+            e.printStackTrace();
             logger.log(Level.FINE, e.getMessage(), e);
             throw new ExportException(
                     "Unknown runtime exception exporting metadata. " + (e.getMessage() == null ? "" : e.getMessage()));

From 68ad098c5dae9c63107dea70ffcf05316668949d Mon Sep 17 00:00:00 2001
From: Jim Myers <qqmyers@hotmail.com>
Date: Tue, 19 Aug 2025 16:55:14 -0400
Subject: [PATCH 138/634] preserve curation statuses during update-current and
 add blank status

as in finalize publication
---
 .../CuratePublishedDatasetVersionCommand.java | 21 +++++++++++++++++++
 1 file changed, 21 insertions(+)

diff --git a/src/main/java/edu/harvard/iq/dataverse/engine/command/impl/CuratePublishedDatasetVersionCommand.java b/src/main/java/edu/harvard/iq/dataverse/engine/command/impl/CuratePublishedDatasetVersionCommand.java
index 3629432b7e4..21139ac3fbc 100644
--- a/src/main/java/edu/harvard/iq/dataverse/engine/command/impl/CuratePublishedDatasetVersionCommand.java
+++ b/src/main/java/edu/harvard/iq/dataverse/engine/command/impl/CuratePublishedDatasetVersionCommand.java
@@ -15,6 +15,7 @@
 import edu.harvard.iq.dataverse.DatasetField;
 import edu.harvard.iq.dataverse.DatasetVersion;
 import edu.harvard.iq.dataverse.TermsOfUseAndAccess;
+import edu.harvard.iq.dataverse.CurationStatus;
 import edu.harvard.iq.dataverse.DataFile;
 import edu.harvard.iq.dataverse.FileMetadata;
 import edu.harvard.iq.dataverse.RoleAssignment;
@@ -27,6 +28,8 @@
 import java.util.logging.Level;
 import java.util.logging.Logger;
 
+import org.apache.commons.lang3.StringUtils;
+
 /**
  *
  * @author qqmyers
@@ -96,6 +99,24 @@ public Dataset execute(CommandContext ctxt) throws CommandException {
             updateVersion.getWorkflowComments().addAll(newComments);
         }
 
+        // Transfer curation status entries from draft to published version
+        List<CurationStatus> draftCurationStatuses = newVersion.getCurationStatuses();
+        if (draftCurationStatuses != null && !draftCurationStatuses.isEmpty()) {
+            for (CurationStatus cs : draftCurationStatuses) {
+                // Update the dataset version reference
+                //This call sets the version in the curationstatus object as well
+                updateVersion.addCurationStatus(cs);
+            }
+            // Clear the list from the draft version
+            newVersion.getCurationStatuses().clear();
+        }
+
+        // Add a new empty curation status to indicate the curation action
+        CurationStatus status = updateVersion.getCurrentCurationStatus();
+        if (status != null && StringUtils.isNotBlank(status.getLabel())) {
+            updateVersion.addCurationStatus(new CurationStatus(null, updateVersion, getRequest().getAuthenticatedUser()));
+        }
+        
         // we have to merge to update the database but not flush because
         // we don't want to create two draft versions!
         Dataset tempDataset = getDataset();

From 2837168183953505b8eb66a9d90e1374e0d1007f Mon Sep 17 00:00:00 2001
From: Jim Myers <qqmyers@hotmail.com>
Date: Tue, 19 Aug 2025 17:37:24 -0400
Subject: [PATCH 139/634] comment edit

---
 .../command/impl/CuratePublishedDatasetVersionCommand.java      | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/main/java/edu/harvard/iq/dataverse/engine/command/impl/CuratePublishedDatasetVersionCommand.java b/src/main/java/edu/harvard/iq/dataverse/engine/command/impl/CuratePublishedDatasetVersionCommand.java
index 21139ac3fbc..bf2fe78e721 100644
--- a/src/main/java/edu/harvard/iq/dataverse/engine/command/impl/CuratePublishedDatasetVersionCommand.java
+++ b/src/main/java/edu/harvard/iq/dataverse/engine/command/impl/CuratePublishedDatasetVersionCommand.java
@@ -111,7 +111,7 @@ public Dataset execute(CommandContext ctxt) throws CommandException {
             newVersion.getCurationStatuses().clear();
         }
 
-        // Add a new empty curation status to indicate the curation action
+        // Add a new empty curation status to clear the status in the published version (as done in the FinalizeDatasetPublicationCommand)
         CurationStatus status = updateVersion.getCurrentCurationStatus();
         if (status != null && StringUtils.isNotBlank(status.getLabel())) {
             updateVersion.addCurationStatus(new CurationStatus(null, updateVersion, getRequest().getAuthenticatedUser()));

From 4477025b996056659b841b59a1e36581097c0784 Mon Sep 17 00:00:00 2001
From: Jim Myers <qqmyers@hotmail.com>
Date: Tue, 19 Aug 2025 17:37:40 -0400
Subject: [PATCH 140/634] only show change curation status entry for draft
 version

---
 src/main/webapp/dataset.xhtml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/main/webapp/dataset.xhtml b/src/main/webapp/dataset.xhtml
index f1f72b50634..e9112997149 100644
--- a/src/main/webapp/dataset.xhtml
+++ b/src/main/webapp/dataset.xhtml
@@ -525,7 +525,7 @@
                                                     #{bundle['dataset.curationStatusMenu']} <span class="caret"></span>
                                                 </button>
                                                 <ul class="dropdown-menu multi-level pull-right text-left">
-                                                    <ui:fragment rendered="#{(not empty DatasetPage.allowedCurationStatuses) and DatasetPage.canPublishDataset()}">
+                                                    <ui:fragment rendered="#{(not empty DatasetPage.allowedCurationStatuses) and DatasetPage.canPublishDataset() and version.draft}">
                                                     <li class="dropdown-submenu pull-left">
                                                         <a tabindex="0">#{bundle['dataset.changestatus']}</a>
                                                         <ul class="dropdown-menu">

From 56dc0a9f8381ed266785543fed4185f78fe73fff Mon Sep 17 00:00:00 2001
From: Jim Myers <qqmyers@hotmail.com>
Date: Fri, 29 Aug 2025 15:41:32 -0400
Subject: [PATCH 141/634] random comment edits

---
 .../command/impl/CuratePublishedDatasetVersionCommand.java    | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/main/java/edu/harvard/iq/dataverse/engine/command/impl/CuratePublishedDatasetVersionCommand.java b/src/main/java/edu/harvard/iq/dataverse/engine/command/impl/CuratePublishedDatasetVersionCommand.java
index bf2fe78e721..9ebdd28e009 100644
--- a/src/main/java/edu/harvard/iq/dataverse/engine/command/impl/CuratePublishedDatasetVersionCommand.java
+++ b/src/main/java/edu/harvard/iq/dataverse/engine/command/impl/CuratePublishedDatasetVersionCommand.java
@@ -76,7 +76,7 @@ public Dataset execute(CommandContext ctxt) throws CommandException {
         newTerms.setDatasetVersion(updateVersion);
         updateVersion.setTermsOfUseAndAccess(newTerms);
         
-        //Creation Note
+        //Version Note
         updateVersion.setVersionNote(newVersion.getVersionNote());
         
         // Clear unnecessary terms relationships ....
@@ -222,7 +222,7 @@ public Dataset execute(CommandContext ctxt) throws CommandException {
             // This can be corrected by running the update PID API later, but who will look in the log?
             // With the change to not use the DeleteDatasetVersionCommand above and other
             // fixes, this error may now cleanly restore the initial state
-            // with the draft and last published versions unchanged, but this has not yet bee tested.
+            // with the draft and last published versions unchanged, but this has not yet been tested.
             // (Alternately this could move to onSuccess if we intend it to stay non-fatal.)
             logger.log(Level.WARNING, "Curate Published DatasetVersion: exception while updating PID metadata:{0}", ex.getMessage());
         }

From 0d01bbfc407ba7e6d3d3713fa3d628ca0823d359 Mon Sep 17 00:00:00 2001
From: Jim Myers <qqmyers@hotmail.com>
Date: Fri, 29 Aug 2025 16:05:51 -0400
Subject: [PATCH 142/634] add test of publish and update-current behavior

---
 .../harvard/iq/dataverse/api/DatasetsIT.java  | 51 +++++++++++++++++++
 1 file changed, 51 insertions(+)

diff --git a/src/test/java/edu/harvard/iq/dataverse/api/DatasetsIT.java b/src/test/java/edu/harvard/iq/dataverse/api/DatasetsIT.java
index b273502e6ed..4350a55420b 100644
--- a/src/test/java/edu/harvard/iq/dataverse/api/DatasetsIT.java
+++ b/src/test/java/edu/harvard/iq/dataverse/api/DatasetsIT.java
@@ -3944,6 +3944,57 @@ public void testCurationStatusAPIs() {
         Response setInvalidStatus = UtilIT.setDatasetCurationLabel(datasetId, apiToken, "Invalid Status");
         setInvalidStatus.then().assertThat().statusCode(BAD_REQUEST.getStatusCode());
     
+        // Publish the dataset
+        UtilIT.publishDatasetViaNativeApi(datasetId, "major", apiToken).then().assertThat()
+                .statusCode(OK.getStatusCode());
+        
+        // Verify that the current curation label is now empty after publishing
+        Response getStatusAfterPublish = UtilIT.getDatasetCurationStatus(datasetId, apiToken, false);
+        getStatusAfterPublish.then().assertThat().statusCode(OK.getStatusCode());
+        JsonObject statusAfterPublish = Json.createReader(new StringReader(getStatusAfterPublish.body().asString())).readObject();
+        JsonObject dataObject = statusAfterPublish.getJsonObject("data");
+        assertFalse(dataObject.containsKey("label"), "Curation label should be empty after publishing");
+           
+        // Add a new valid curation label
+        Response setNewStatus = UtilIT.setDatasetCurationLabel(datasetId, apiToken, "State 2");
+        setNewStatus.then().assertThat().statusCode(OK.getStatusCode());
+        
+        // Verify the label was set
+        Response getStatusAfterSet = UtilIT.getDatasetCurationStatus(datasetId, apiToken, false);
+        getStatusAfterSet.then().assertThat().statusCode(OK.getStatusCode());
+        JsonObject statusAfterSet = Json.createReader(new StringReader(getStatusAfterSet.body().asString())).readObject();
+        assertEquals("State 2", statusAfterSet.getString("label"), "Curation label should be set to State 2");
+        
+        // Publish the dataset again using updatecurrent as superuser
+        Response updateCurrentResponse = UtilIT.publishDatasetViaNativeApi(datasetId, "updatecurrent", apiToken);
+        updateCurrentResponse.then().assertThat().statusCode(OK.getStatusCode());
+        
+        // Verify that the current curation label is now empty after updatecurrent
+        Response getStatusAfterUpdateCurrent = UtilIT.getDatasetCurationStatus(datasetId, apiToken, false);
+        getStatusAfterUpdateCurrent.then().assertThat().statusCode(OK.getStatusCode());
+        JsonObject statusAfterUpdateCurrent = Json.createReader(new StringReader(getStatusAfterUpdateCurrent.body().asString())).readObject();
+        JsonObject dataAfterUpdateCurrent = statusAfterUpdateCurrent.getJsonObject("data");
+        assertFalse(dataAfterUpdateCurrent.containsKey("label"), "Curation label should be empty after updatecurrent");
+        
+        // Verify that the history contains the previously added label
+        Response getHistoryAfterUpdateCurrent = UtilIT.getDatasetCurationStatus(datasetId, apiToken, true);
+        getHistoryAfterUpdateCurrent.then().assertThat().statusCode(OK.getStatusCode());
+        
+        // Extract the data array from the response
+        JsonObject responseObj = Json.createReader(new StringReader(getHistoryAfterUpdateCurrent.body().asString())).readObject();
+        JsonArray historyAfterUpdateCurrent = responseObj.getJsonArray("data");
+        
+        // Verify history contains the State 2 label
+        boolean foundState2 = false;
+        for (int i = 0; i < historyAfterUpdateCurrent.size(); i++) {
+            JsonObject entry = historyAfterUpdateCurrent.getJsonObject(i);
+            if (entry.containsKey("label") && "State 2".equals(entry.getString("label"))) {
+                foundState2 = true;
+                break;
+            }
+        }
+        assertTrue(foundState2, "History should contain the State 2 label after updatecurrent");        
+       
         // Clean up
         Response deleteDatasetResponse = UtilIT.deleteDatasetViaNativeApi(datasetId, apiToken);
         assertEquals(200, deleteDatasetResponse.getStatusCode());

From 0fc4ba3390409e55e7b6c34bf88cae89fc949c67 Mon Sep 17 00:00:00 2001
From: Jim Myers <qqmyers@hotmail.com>
Date: Fri, 29 Aug 2025 16:15:24 -0400
Subject: [PATCH 143/634] release note

---
 doc/release-notes/11783-Curation-Status-fixes.md | 1 +
 1 file changed, 1 insertion(+)
 create mode 100644 doc/release-notes/11783-Curation-Status-fixes.md

diff --git a/doc/release-notes/11783-Curation-Status-fixes.md b/doc/release-notes/11783-Curation-Status-fixes.md
new file mode 100644
index 00000000000..62b33165d0c
--- /dev/null
+++ b/doc/release-notes/11783-Curation-Status-fixes.md
@@ -0,0 +1 @@
+In prior versions of Dataverse, publishing a dataset via the superuser only update-current-version option would not set the current curation status (if enabled/used) to none/empty and, in v6.7, would not maintain the curation status history. These issues are now resolved and the update current version option works the same as normal publication of a new version w.r.t. curation status.
\ No newline at end of file

From fdf75cd7a0ed96195a205badb31a6e7ed84233d1 Mon Sep 17 00:00:00 2001
From: Leonid Andreev <leonid@hmdc.harvard.edu>
Date: Tue, 2 Sep 2025 10:13:57 -0400
Subject: [PATCH 144/634] removing some experimental lines from the Exporter
 interface #11766

---
 .../src/main/java/io/gdcc/spi/export/Exporter.java  | 13 -------------
 1 file changed, 13 deletions(-)

diff --git a/modules/dataverse-spi/src/main/java/io/gdcc/spi/export/Exporter.java b/modules/dataverse-spi/src/main/java/io/gdcc/spi/export/Exporter.java
index f91a2504f74..7132e74641b 100644
--- a/modules/dataverse-spi/src/main/java/io/gdcc/spi/export/Exporter.java
+++ b/modules/dataverse-spi/src/main/java/io/gdcc/spi/export/Exporter.java
@@ -84,19 +84,6 @@ public interface Exporter {
     default Optional<String> getPrerequisiteFormatName() {
         return Optional.empty();
     }
-        
-    /**
-     * Most metadata formats do not require tabular metadata to be generated. 
-     * (the 2 known cases that encode variable-level information, as of Dataverse 6.7, 
-     * are rich DDI and Croissant). In order to serve it more efficiently,
-     * the data provider may need to be initialized in a special way (with access
-     * to EJBs that in most cases isn't needed), so it may help to know 
-     * programmatically whether it's required for this format. 
-     * @return Optional<Boolean> 
-     */
-    default Optional<Boolean> isNeedsTabularMetadata() {
-        return Optional.of(false);
-    }
 
     /**
      * Harvestable Exporters will be available as options in Dataverse's Harvesting mechanism.

From 4ca3f3348023939c0d35a275fa770eb36fc97d16 Mon Sep 17 00:00:00 2001
From: Steven Winship <39765413+stevenwinship@users.noreply.github.com>
Date: Tue, 2 Sep 2025 10:20:33 -0400
Subject: [PATCH 145/634] change defaultToOwner to getEffective

---
 doc/release-notes/11695-change-api-get-storage-driver.md | 2 +-
 doc/sphinx-guides/source/admin/dataverses-datasets.rst   | 2 +-
 src/main/java/edu/harvard/iq/dataverse/api/Admin.java    | 4 ++--
 src/test/java/edu/harvard/iq/dataverse/api/UtilIT.java   | 4 ++--
 4 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/doc/release-notes/11695-change-api-get-storage-driver.md b/doc/release-notes/11695-change-api-get-storage-driver.md
index cd78c642a2a..aa993232f4d 100644
--- a/doc/release-notes/11695-change-api-get-storage-driver.md
+++ b/doc/release-notes/11695-change-api-get-storage-driver.md
@@ -7,6 +7,6 @@ The API for getting the Storage Driver info has been changed/extended.
 /api/admin/dataverse/{dataverse-alias}/storageDriver
 changed "message" to "name" and added "type" and "label"
 
-Also added query param for /api/admin/dataverse/{dataverse-alias}/storageDriver?defaultToOwner=true to recurse the chain of parents to find the effective storageDriver
+Also added query param for /api/admin/dataverse/{dataverse-alias}/storageDriver?getEffective=true to recurse the chain of parents to find the effective storageDriver
 
 See also [the guides](https://dataverse-guide--11664.org.readthedocs.build/en/11664/api/native-api.html#configure-a-dataset-to-store-all-new-files-in-a-specific-file-store), #11695, and #11664.
diff --git a/doc/sphinx-guides/source/admin/dataverses-datasets.rst b/doc/sphinx-guides/source/admin/dataverses-datasets.rst
index fcfbd0c62f3..0fa5bcf69f1 100644
--- a/doc/sphinx-guides/source/admin/dataverses-datasets.rst
+++ b/doc/sphinx-guides/source/admin/dataverses-datasets.rst
@@ -62,7 +62,7 @@ The current driver can be seen using::
 
 Or to recurse the chain of parents to find the effective storageDriver::
 
-    curl -H "X-Dataverse-key: $API_TOKEN" http://$SERVER/api/admin/dataverse/$dataverse-alias/storageDriver?defaultToOwner=true
+    curl -H "X-Dataverse-key: $API_TOKEN" http://$SERVER/api/admin/dataverse/$dataverse-alias/storageDriver?getEffective=true
 
 (Note that for ``dataverse.files.store1.label=MyLabel``, ``store1`` will be returned.)
 
diff --git a/src/main/java/edu/harvard/iq/dataverse/api/Admin.java b/src/main/java/edu/harvard/iq/dataverse/api/Admin.java
index 48246820bc7..003698a2981 100644
--- a/src/main/java/edu/harvard/iq/dataverse/api/Admin.java
+++ b/src/main/java/edu/harvard/iq/dataverse/api/Admin.java
@@ -2184,7 +2184,7 @@ public Response addRoleAssignementsToChildren(@Context ContainerRequestContext c
     @AuthRequired
     @Path("/dataverse/{alias}/storageDriver")
     public Response getStorageDriver(@Context ContainerRequestContext crc, @PathParam("alias") String alias,
-                                     @QueryParam("defaultToOwner") Boolean defaultToOwner) throws WrappedResponse {
+                                     @QueryParam("getEffective") Boolean getEffective) throws WrappedResponse {
         Dataverse dataverse = dataverseSvc.findByAlias(alias);
         if (dataverse == null) {
             return error(Response.Status.NOT_FOUND, "Could not find dataverse based on alias supplied: " + alias + ".");
@@ -2198,7 +2198,7 @@ public Response getStorageDriver(@Context ContainerRequestContext crc, @PathPara
             return wr.getResponse();
         }
 
-        if (defaultToOwner != null && defaultToOwner) {
+        if (getEffective != null && getEffective) {
             return ok(JsonPrinter.jsonStorageDriver(dataverse.getEffectiveStorageDriverId(), null));
         } else {
             return ok(JsonPrinter.jsonStorageDriver(dataverse.getStorageDriverId(), null));
diff --git a/src/test/java/edu/harvard/iq/dataverse/api/UtilIT.java b/src/test/java/edu/harvard/iq/dataverse/api/UtilIT.java
index 67028d8be06..3949bcd42fd 100644
--- a/src/test/java/edu/harvard/iq/dataverse/api/UtilIT.java
+++ b/src/test/java/edu/harvard/iq/dataverse/api/UtilIT.java
@@ -2913,8 +2913,8 @@ static Response listStorageDrivers(String apiToken) {
     static Response getStorageDriver(String dvAlias, String apiToken) {
         return getStorageDriver(dvAlias, apiToken, null);
     }
-    static Response getStorageDriver(String dvAlias, String apiToken, Boolean defaultToOwner) {
-        String params = defaultToOwner != null ? "?defaultToOwner=" + defaultToOwner : "";
+    static Response getStorageDriver(String dvAlias, String apiToken, Boolean getEffective) {
+        String params = getEffective != null ? "?getEffective=" + getEffective : "";
         return given()
                 .header(API_TOKEN_HTTP_HEADER, apiToken)
                 .get("/api/admin/dataverse/" + dvAlias + "/storageDriver" + params);

From 2aaef06225a3d807cc78b65691bfbf2086090c14 Mon Sep 17 00:00:00 2001
From: Jim Myers <qqmyers@hotmail.com>
Date: Tue, 2 Sep 2025 11:43:42 -0400
Subject: [PATCH 146/634] fix test

---
 src/test/java/edu/harvard/iq/dataverse/api/DatasetsIT.java | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/src/test/java/edu/harvard/iq/dataverse/api/DatasetsIT.java b/src/test/java/edu/harvard/iq/dataverse/api/DatasetsIT.java
index 4350a55420b..f7f42b4b4a6 100644
--- a/src/test/java/edu/harvard/iq/dataverse/api/DatasetsIT.java
+++ b/src/test/java/edu/harvard/iq/dataverse/api/DatasetsIT.java
@@ -3875,6 +3875,8 @@ public void testCurationStatusAPIs() {
         createDataverseResponse.prettyPrint();
         String dataverseAlias = UtilIT.getAliasFromResponse(createDataverseResponse);
 
+        UtilIT.publishDataverseViaNativeApi(dataverseAlias, apiToken).then().assertThat().statusCode(OK.getStatusCode());
+        
         Response setCurationLabelSets = UtilIT.setSetting(SettingsServiceBean.Key.AllowedCurationLabels, "{\"StandardProcess\":[\"Author contacted\", \"Privacy Review\", \"Awaiting paper publication\", \"Final Approval\"],\"AlternateProcess\":[\"State 1\",\"State 2\",\"State 3\"]}");
         setCurationLabelSets.then().assertThat()
                 .statusCode(OK.getStatusCode());
@@ -3885,7 +3887,7 @@ public void testCurationStatusAPIs() {
         Response setDataverseCurationLabelSetResponse = UtilIT.setDataverseCurationLabelSet(dataverseAlias, apiToken, "AlternateProcess");
         setDataverseCurationLabelSetResponse.then().assertThat().statusCode(FORBIDDEN.getStatusCode());
         
-        Response makeSuperUser = UtilIT.makeSuperUser(username);
+        Response makeSuperUser = UtilIT.setSuperuserStatus(username, true);
         assertEquals(200, makeSuperUser.getStatusCode());
 
         //Non-existent option
@@ -3996,7 +3998,7 @@ public void testCurationStatusAPIs() {
         assertTrue(foundState2, "History should contain the State 2 label after updatecurrent");        
        
         // Clean up
-        Response deleteDatasetResponse = UtilIT.deleteDatasetViaNativeApi(datasetId, apiToken);
+        Response deleteDatasetResponse = UtilIT.destroyDataset(datasetId, apiToken);
         assertEquals(200, deleteDatasetResponse.getStatusCode());
     
         Response deleteDataverseResponse = UtilIT.deleteDataverse(dataverseAlias, apiToken);

From 862522eb7cbcc6d70a60d58570760974936fd39d Mon Sep 17 00:00:00 2001
From: Leonid Andreev <leonid@hmdc.harvard.edu>
Date: Tue, 2 Sep 2025 12:46:32 -0400
Subject: [PATCH 147/634] a release note for the dataverse-spi update. #11766

---
 doc/release-notes/11766-new-io.gdcc.dataverse-spi.md | 2 ++
 1 file changed, 2 insertions(+)
 create mode 100644 doc/release-notes/11766-new-io.gdcc.dataverse-spi.md

diff --git a/doc/release-notes/11766-new-io.gdcc.dataverse-spi.md b/doc/release-notes/11766-new-io.gdcc.dataverse-spi.md
new file mode 100644
index 00000000000..ef9e68f5719
--- /dev/null
+++ b/doc/release-notes/11766-new-io.gdcc.dataverse-spi.md
@@ -0,0 +1,2 @@
+The ExportDataProvider framework in the dataverse-spi package has been extended, adding some extra options for developers of metadata exporter plugins. 
+See the [documentation](https://guides.dataverse.org/en/latest/developers/metadataexport.html#building-an-exporter) in the Metadata Export guide for details. 
\ No newline at end of file

From 7a8d8f850a720d6abcddbf4f91f5f09b88e0edb8 Mon Sep 17 00:00:00 2001
From: Jim Myers <qqmyers@hotmail.com>
Date: Tue, 2 Sep 2025 13:42:26 -0400
Subject: [PATCH 148/634] viewing the status/history with no draft is ok

---
 src/main/java/edu/harvard/iq/dataverse/api/Datasets.java | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/main/java/edu/harvard/iq/dataverse/api/Datasets.java b/src/main/java/edu/harvard/iq/dataverse/api/Datasets.java
index 729174dedfc..8628a45574d 100644
--- a/src/main/java/edu/harvard/iq/dataverse/api/Datasets.java
+++ b/src/main/java/edu/harvard/iq/dataverse/api/Datasets.java
@@ -2609,7 +2609,7 @@ public Response getCurationStatus(@Context ContainerRequestContext crc,
                 canSeeStatus = permissionSvc.requestOn(createDataverseRequest(user), ds).has(Permission.PublishDataset);
             }
 
-            if (dsv.isDraft() && (canSeeStatus)) {
+            if (canSeeStatus) {
                 List<CurationStatus> statuses = includeHistory ? dsv.getCurationStatuses() : Collections.singletonList(dsv.getCurrentCurationStatus());
                 if (includeHistory) {
                     JsonArrayBuilder arrayBuilder = Json.createArrayBuilder();

From e902ed4a4e5ff8eb96967160b6d38f4139cf5e5f Mon Sep 17 00:00:00 2001
From: Jim Myers <qqmyers@hotmail.com>
Date: Wed, 3 Sep 2025 06:57:26 -0400
Subject: [PATCH 149/634] cause new draft

---
 .../java/edu/harvard/iq/dataverse/api/DatasetsIT.java     | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/src/test/java/edu/harvard/iq/dataverse/api/DatasetsIT.java b/src/test/java/edu/harvard/iq/dataverse/api/DatasetsIT.java
index f7f42b4b4a6..755de140db8 100644
--- a/src/test/java/edu/harvard/iq/dataverse/api/DatasetsIT.java
+++ b/src/test/java/edu/harvard/iq/dataverse/api/DatasetsIT.java
@@ -3956,7 +3956,13 @@ public void testCurationStatusAPIs() {
         JsonObject statusAfterPublish = Json.createReader(new StringReader(getStatusAfterPublish.body().asString())).readObject();
         JsonObject dataObject = statusAfterPublish.getJsonObject("data");
         assertFalse(dataObject.containsKey("label"), "Curation label should be empty after publishing");
-           
+          
+        //Cause a new draft version
+        String jsonLDTerms = "{\"https://dataverse.org/schema/core#fileTermsOfAccess\":{\"https://dataverse.org/schema/core#dataAccessPlace\":\"Somewhere\"}}";
+        Response updateTerms = UtilIT.updateDatasetJsonLDMetadata(datasetId, apiToken, jsonLDTerms, true);
+        updateTerms.then().assertThat()
+                .statusCode(OK.getStatusCode());
+        
         // Add a new valid curation label
         Response setNewStatus = UtilIT.setDatasetCurationLabel(datasetId, apiToken, "State 2");
         setNewStatus.then().assertThat().statusCode(OK.getStatusCode());

From e63ac43ab62a435de5447b947e843bcc8e72b18c Mon Sep 17 00:00:00 2001
From: Jim Myers <qqmyers@hotmail.com>
Date: Wed, 3 Sep 2025 10:06:29 -0400
Subject: [PATCH 150/634] missed getting data element

---
 src/test/java/edu/harvard/iq/dataverse/api/DatasetsIT.java | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/src/test/java/edu/harvard/iq/dataverse/api/DatasetsIT.java b/src/test/java/edu/harvard/iq/dataverse/api/DatasetsIT.java
index 755de140db8..5dac4b1d05c 100644
--- a/src/test/java/edu/harvard/iq/dataverse/api/DatasetsIT.java
+++ b/src/test/java/edu/harvard/iq/dataverse/api/DatasetsIT.java
@@ -3971,7 +3971,8 @@ public void testCurationStatusAPIs() {
         Response getStatusAfterSet = UtilIT.getDatasetCurationStatus(datasetId, apiToken, false);
         getStatusAfterSet.then().assertThat().statusCode(OK.getStatusCode());
         JsonObject statusAfterSet = Json.createReader(new StringReader(getStatusAfterSet.body().asString())).readObject();
-        assertEquals("State 2", statusAfterSet.getString("label"), "Curation label should be set to State 2");
+        JsonObject dataInSecondDraft = statusAfterSet.getJsonObject("data");
+        assertEquals("State 2", dataInSecondDraft.getString("label"), "Curation label should be set to State 2");
         
         // Publish the dataset again using updatecurrent as superuser
         Response updateCurrentResponse = UtilIT.publishDatasetViaNativeApi(datasetId, "updatecurrent", apiToken);

From 1d5199bc79738ad7c3bf41d959c7b5957f2718c3 Mon Sep 17 00:00:00 2001
From: Stephen Kraffmiller <skraffmiller@hmdc.harvard.edu>
Date: Wed, 3 Sep 2025 10:06:59 -0400
Subject: [PATCH 151/634] Update native-api.rst

---
 doc/sphinx-guides/source/api/native-api.rst | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/doc/sphinx-guides/source/api/native-api.rst b/doc/sphinx-guides/source/api/native-api.rst
index 04aaf59de98..f6b2cfa866b 100644
--- a/doc/sphinx-guides/source/api/native-api.rst
+++ b/doc/sphinx-guides/source/api/native-api.rst
@@ -1106,7 +1106,7 @@ Update Collection Input Levels
 
 Updates the dataset field type input levels in a collection.
 
-Please note that this endpoint overwrites all the input levels of the collection page, so if you want to keep the existing ones, you will need to add them to the JSON request body.
+Please note that this endpoint does not change previously updated input levels of the collection page, so if you want to keep the modify exisitng ones, you will need to include them in the JSON request body.
 
 If one of the input levels corresponds to a dataset field type belonging to a metadata block that does not exist in the collection, the metadata block will be added to the collection.
 

From 35f2dd40c650731cd5715cbba3768542706935e2 Mon Sep 17 00:00:00 2001
From: Stephen Kraffmiller <skraffmiller@hmdc.harvard.edu>
Date: Wed, 3 Sep 2025 10:07:49 -0400
Subject: [PATCH 152/634] #11387 update tests from code review

---
 .../java/edu/harvard/iq/dataverse/api/DataversesIT.java   | 8 ++------
 1 file changed, 2 insertions(+), 6 deletions(-)

diff --git a/src/test/java/edu/harvard/iq/dataverse/api/DataversesIT.java b/src/test/java/edu/harvard/iq/dataverse/api/DataversesIT.java
index 682b2ddc8a3..f6b091f41f5 100644
--- a/src/test/java/edu/harvard/iq/dataverse/api/DataversesIT.java
+++ b/src/test/java/edu/harvard/iq/dataverse/api/DataversesIT.java
@@ -1264,8 +1264,8 @@ public void testUpdateInputLevels() {
         boolean [] testDisplayOnCreate = new boolean[] {true, false};
          updateDataverseInputLevelsResponse = UtilIT.updateDataverseInputLevels(dataverseAlias, testInputLevelNames, testRequiredInputLevels, testIncludedInputLevels, testDisplayOnCreate, apiToken);
          updateDataverseInputLevelsResponse.prettyPrint();
-         int subtitleInputLevelIndex = 0;
-         int relatedMaterialInputLevelIndex = 0;
+         int subtitleInputLevelIndex = -1;
+         int relatedMaterialInputLevelIndex = -1;
          int i = 0;
          
          while (updateDataverseInputLevelsResponse.then().extract().path(String.format("data.inputLevels[%d].datasetFieldTypeName", i)) != null){
@@ -1304,7 +1304,6 @@ public void testUpdateInputLevels() {
         updateDataverseInputLevelsResponse.prettyPrint();
         
         subtitleInputLevelIndex = 0;
-        int otherReferencesInputLevelIndex = 0;
         i = 0;
 
         while (updateDataverseInputLevelsResponse.then().extract().path(String.format("data.inputLevels[%d].datasetFieldTypeName", i)) != null) {
@@ -1312,9 +1311,6 @@ public void testUpdateInputLevels() {
             if (actualInputLevelName.equals("subtitle")) {
                 subtitleInputLevelIndex = i;
             }
-            if (actualInputLevelName.equals("otherReferences")) {
-                otherReferencesInputLevelIndex = i;
-            }
             i++;
         }
          

From a966923eb0ac27ea999fbf9138ff7746036aad83 Mon Sep 17 00:00:00 2001
From: Stephen Kraffmiller <skraffmiller@hmdc.harvard.edu>
Date: Wed, 3 Sep 2025 10:17:50 -0400
Subject: [PATCH 153/634] #11387 add release note.

---
 doc/release-notes/11387-modify-input-level-api.md | 3 +++
 1 file changed, 3 insertions(+)
 create mode 100644 doc/release-notes/11387-modify-input-level-api.md

diff --git a/doc/release-notes/11387-modify-input-level-api.md b/doc/release-notes/11387-modify-input-level-api.md
new file mode 100644
index 00000000000..ca18eabb515
--- /dev/null
+++ b/doc/release-notes/11387-modify-input-level-api.md
@@ -0,0 +1,3 @@
+### Update Collection Input Level API Changed
+
+- This endpoint will no longer delete the custom input levels previously modified for the given collection. In order to update a previously modified custom input level, it must be included in the JSON provided to the api.

From 6db78587f94d04da77b9c8ede37069d978b072f8 Mon Sep 17 00:00:00 2001
From: Philip Durbin <philip_durbin@harvard.edu>
Date: Wed, 3 Sep 2025 15:48:07 -0400
Subject: [PATCH 154/634] improve "making release" doc post 6.7/6.7.1 #11790

---
 .../source/developers/making-releases.rst     | 80 ++++++++++++++++---
 .../source/qa/testing-approach.md             |  2 +-
 2 files changed, 72 insertions(+), 10 deletions(-)

diff --git a/doc/sphinx-guides/source/developers/making-releases.rst b/doc/sphinx-guides/source/developers/making-releases.rst
index 028b80e2892..4c9fd28b678 100755
--- a/doc/sphinx-guides/source/developers/making-releases.rst
+++ b/doc/sphinx-guides/source/developers/making-releases.rst
@@ -8,9 +8,13 @@ Making Releases
 Introduction
 ------------
 
-This document is about releasing the main Dataverse app (https://github.com/IQSS/dataverse). See :doc:`making-library-releases` for how to release our various libraries. Other projects have their own release documentation.
+.. note:: This document is about releasing the main Dataverse app (https://github.com/IQSS/dataverse). See :doc:`making-library-releases` for how to release our various libraries. Other projects have their own release documentation.
 
-Below you'll see branches like "develop" and "master" mentioned. For more on our branching strategy, see :doc:`version-control`.
+.. note:: Below you'll see branches like "develop" and "master" mentioned. For more on our branching strategy, see :doc:`version-control`.
+
+Dataverse releases are time-based as opposed to being feature-based. That is, we announce an approximate release date in advance (e.g. for `6.8 <https://groups.google.com/g/dataverse-community/c/Y0G9mw4raLU/m/om8vjjVAAQAJ>`_) and try to hit that deadline. If features we're working on aren't ready yet, the train will leave the station without them. We release quarterly.
+
+We also announce "last call" dates for both community pull requests and those made by core developers. If you are part of the community and have made a pull request, you have until this date to ask the team to add the upcoming milestone to your pull request. The same goes for core developers. This is not a guarantee that these pull requests will be reviewed, tested, QA'ed and merged before :ref:`code freeze <declare-code-freeze>`, but we'll try.
 
 Regular or Hotfix?
 ------------------
@@ -30,7 +34,9 @@ Early on, make sure it's clear what type of release this is. The steps below des
 Ensure Issues Have Been Created
 -------------------------------
 
-Some of the steps in this document are well-served by having their own dedicated GitHub issue. You'll see a label like this on them:
+We have a "create release issues" script at https://github.com/IQSS/sabo that should be run a week or so before code freeze.
+
+For each issue that is created by the script there is likely a corresponding step in this document that has "dedicated" label on it like this:
 
 |dedicated|
 
@@ -41,20 +47,39 @@ There are a variety of reasons why a step might deserve its own dedicated issue:
 
 Steps don't get their own dedicated issue if it would be confusing to have multiple people involved. Too many cooks in the kitchen, as they say. Also, some steps are so small the overhead of an issue isn't worth it.
 
-Before the release even begins you can coordinate with the project manager about the creation of these issues.
-
 .. |dedicated| raw:: html
 
       <span class="label label-success pull-left">
         Dedicated Issue
       </span>&nbsp;
 
+.. _declare-code-freeze:
+
 Declare a Code Freeze
 ---------------------
 
-The following steps are made more difficult if code is changing in the "develop" branch. Declare a code freeze until the release is out. Do not allow pull requests to be merged.
+When we declare a code freeze, we mean:
+
+- No additional features will be merged until the freeze is lifted.
+- Bug fixes will only be merged if they relate to the upcoming release in some way, such as fixes for regressions or performance problems in that release.
+- Pull requests that directly affect the release, such as bumping the version, will be merged, of course.
+
+The benefits of the code freeze are:
+
+- The team can focus on getting the release out together.
+- Regression and performance testing can happen on code that isn't changing.
+- The release notes can be written without having to worry about new features (and their release note snippets) being merged in.
+
+In short, the steps described below become easier under a code freeze.
 
-For a hotfix, a code freeze (no merging) is necessary not because we want code to stop changing in the branch being hotfix released, but because bumping the version used in Jenkins/Ansible means that API tests will fail in pull requests until the version is bumped in those pull requests.
+Note: for a hotfix, a code freeze is necessary not because we want code to stop changing in the branch being hotfix released, but because bumping the version used in Jenkins/Ansible means that API tests will fail in pull requests until the version is bumped in those pull requests. Basically, we want to get the hotfix merged quickly so we can propogate the version bump into all open pull requests so that API tests can start passing again in those pull requests.
+
+Push Back Milestones on Pull Requests That Missed the Train
+-----------------------------------------------------------
+
+As of this writing, we optimistically add milestones to issues and pull requests, hoping that the work will be complete before code freeze. Inevitably, we're a bit too optimistic.
+
+Hopefully, as the release approached, the team has already decided which pull requests (that aren't related to the release) won't make the cut. If not, go ahead and bump them to the next release.
 
 Conduct Performance Testing
 ---------------------------
@@ -68,6 +93,7 @@ Conduct Regression Testing
 
 |dedicated|
 
+Regression testing should be conducted on production data.
 See :doc:`/qa/testing-approach` for details.
 Refer to the provided regression checklist for the list of items to verify during the testing process: `Regression Checklist <https://docs.google.com/document/d/1OsGJV0sMLDSmfkU9-ee8h_ozbQcUDJ1EOwNPm4dC63Q/edit?usp=sharing>`_.
 
@@ -85,7 +111,7 @@ The task at or near release time is to collect these snippets into a single file
 - Find the issue in GitHub that tracks the work of creating release notes for the upcoming release.
 - Create a branch, add a .md file for the release (ex. 5.10.1 Release Notes) in ``/doc/release-notes`` and write the release notes, making sure to pull content from the release note snippets mentioned above. Snippets may not include any issue number or pull request number in the text so be sure to copy the number from the filename of the snippet into the final release note.
 - Delete (``git rm``) the release note snippets as the content is added to the main release notes file.
-- Include instructions describing the steps required to upgrade the application from the previous version. These must be customized for release numbers and special circumstances such as changes to metadata blocks and infrastructure.
+- Include instructions describing the steps required to upgrade the application from the previous version. These must be customized for release numbers and special circumstances such as changes to metadata blocks and infrastructure. These instructions are required for the next steps (deploying to various environments) so try to prioritize them over finding just the right words in release highlights (which you can do later).
 - Make a pull request. Here's an example: https://github.com/IQSS/dataverse/pull/11613
 - Note that we won't merge the release notes until after we have confirmed that the upgrade instructions are valid by performing a couple upgrades.
 
@@ -110,6 +136,13 @@ ssh into the dataverse-internal server and download the release candidate war fi
 
 Go to /doc/release-notes, open the release-notes.md file for the release we're working on, and perform all the steps under "Upgrade Instructions". Note that for regular releases, we haven't bumped the version yet so you won't be able to follow the steps exactly. (For hotfix releases, the version will be bumped already.)
 
+Deploy Release Candidate to QA
+------------------------------
+
+|dedicated|
+
+Deploy the same war file to https://qa.dataverse.org using the same upgrade instructions as above.
+
 Deploy Release Candidate to Demo
 --------------------------------
 
@@ -117,6 +150,26 @@ Deploy Release Candidate to Demo
 
 Deploy the same war file to https://demo.dataverse.org using the same upgrade instructions as above.
 
+Solicit Feedback from Curation Team
+-----------------------------------
+
+Ask the curation team to test on https://qa.dataverse.org and give them five days to provide feedback.
+
+Build the Guides for the Release Candidate
+------------------------------------------
+
+Go to https://jenkins.dataverse.org/job/guides.dataverse.org/ and make the following adjustments to the config:
+
+- Repository URL: ``https://github.com/IQSS/dataverse.git``
+- Branch Specifier (blank for 'any'): ``*/develop``
+- ``VERSION`` (under "Build Steps"): use the next release version but add "-rc.1" to the end. Don't prepend a "v". Use ``6.8-rc.1`` (for example)
+
+Click "Save" then "Build Now".
+
+Make sure the guides directory appears in the expected location such as https://guides.dataverse.org/en/6.8-rc.1/
+
+When previewing the HTML version of docs from pull requests, we don't usually use this Jenkins job, relying instead on automated ReadTheDocs builds. The reason for doing this step now while we wait for feedback from the Curation Team is that it's an excellent time to fix the Jenkins job, if necessary, to accomodate any changes needed to continue to build the docs. For example, Sphinx might need to be updated or a dependency might need to be installed. Such changes should be listed in the release notes for documentation writers.
+
 Merge Release Notes (Once Ready)
 --------------------------------
 
@@ -171,10 +224,19 @@ Merge "develop" into "master" (non-hotfix only)
 
 If this is a regular (non-hotfix) release, create a pull request to merge the "develop" branch into the "master" branch using this "compare" link: https://github.com/IQSS/dataverse/compare/master...develop
 
-Once important tests have passed (compile, unit tests, etc.), merge the pull request (skipping code review is ok). Don't worry about style tests failing such as for shell scripts. 
+Allow time for important tests (compile, unit tests, etc.) to pass. Don't worry about style tests failing such as for shell scripts. It's ok to skip code review.
+
+When merging the pull request, be sure to choose "create a merge commit" and not "squash and merge" or "rebase and merge". We suspect that choosing squash or rebase may have led to `lots of merge conflicts <https://github.com/IQSS/dataverse/pull/11647#issuecomment-3085289132>`_ when we tried to perform this "merge develop to master" step, forcing us to `re-do <https://docs.google.com/document/d/1oit6LLDUWpNpV_uWveOMvdwDsaUey-74ehvzCZp1f3k/edit?usp=sharing>`_ the previous release before we could proceed with the current release.
 
 If this is a hotfix release, skip this whole "merge develop to master" step (the "develop" branch is not involved until later).
 
+Confirm "master" Mergeability
+-----------------------------
+
+Hopefully, the previous step went ok. As a sanity check, use the "compare" link at https://github.com/IQSS/dataverse/compare/master...develop again to look for merge conflicts without making a pull request.
+
+If the GitHub UI tells you there would be merge conflicts, something has gone horribly wrong (again) with the "merge develop to master" step. Stop and ask for help.
+
 Add Milestone to Pull Requests and Issues
 -----------------------------------------
 
diff --git a/doc/sphinx-guides/source/qa/testing-approach.md b/doc/sphinx-guides/source/qa/testing-approach.md
index 817161d02a0..49b9075cf7f 100644
--- a/doc/sphinx-guides/source/qa/testing-approach.md
+++ b/doc/sphinx-guides/source/qa/testing-approach.md
@@ -34,7 +34,7 @@ Think about risk. Is the feature or function part of a critical area such as per
 
 ## Smoke Test
 
-1. Go to the homepage on <https://dataverse-internal.iq.harvard.edu>. Scroll to the bottom to ensure the build number is the one you intend to test from Jenkins.
+1. Go to the homepage on <https://qa.dataverse.org> (this server has production data). Scroll to the bottom to ensure the build number is the one you intend to test from Jenkins.
 1. Create a new user: It's fine to use a formulaic name with your initials and date and make the username and password the same, eg. kc080622.
 1. Create a dataverse: You can use the same username.
 1. Create a dataset: You can use the same username; fill in the required fields (do not use a template).

From 5b4eab384126e370f4af5c1bab38609c5bf69705 Mon Sep 17 00:00:00 2001
From: Stephen Kraffmiller <skraffmiller@hmdc.harvard.edu>
Date: Thu, 4 Sep 2025 14:13:28 -0400
Subject: [PATCH 155/634] Update changelog.rst

---
 doc/sphinx-guides/source/api/changelog.rst | 1 +
 1 file changed, 1 insertion(+)

diff --git a/doc/sphinx-guides/source/api/changelog.rst b/doc/sphinx-guides/source/api/changelog.rst
index 16157459220..3de91d8d3b2 100644
--- a/doc/sphinx-guides/source/api/changelog.rst
+++ b/doc/sphinx-guides/source/api/changelog.rst
@@ -13,6 +13,7 @@ v6.8
 - For POST /api/files/{id}/metadata passing an empty string ("description":"")  or array ("categories":[]) will no longer be ignored. Empty fields will now clear out the values in the file's metadata. To ignore the fields simply do not include them in the JSON string.
 - For PUT /api/datasets/{id}/editMetadata the query parameter "sourceInternalVersionNumber" has been removed and replaced with "sourceLastUpdateTime" to verify that the data being edited hasn't been modified and isn't stale.
 - For GET /api/dataverses/$dataverse-alias/links the Json response has changed breaking the backward compatibility of the API.
+- For PUT /api/dataverses/$dataverse-alias/inputLevels custom input levels that had been previously set will no longer be deleted.
 
 v6.7
 ----

From f8757b4c34b43522faa91e33325e3cd3aa7a048f Mon Sep 17 00:00:00 2001
From: Jim Myers <qqmyers@hotmail.com>
Date: Thu, 4 Sep 2025 16:24:23 -0400
Subject: [PATCH 156/634] fix termName parsing

---
 .../dataverse/pidproviders/doi/XmlMetadataTemplate.java  | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/src/main/java/edu/harvard/iq/dataverse/pidproviders/doi/XmlMetadataTemplate.java b/src/main/java/edu/harvard/iq/dataverse/pidproviders/doi/XmlMetadataTemplate.java
index 1bd0f4a1adc..9e13728bc73 100644
--- a/src/main/java/edu/harvard/iq/dataverse/pidproviders/doi/XmlMetadataTemplate.java
+++ b/src/main/java/edu/harvard/iq/dataverse/pidproviders/doi/XmlMetadataTemplate.java
@@ -58,6 +58,8 @@
 import edu.harvard.iq.dataverse.util.xml.XmlWriterUtil;
 import jakarta.enterprise.inject.spi.CDI;
 import jakarta.json.JsonObject;
+import jakarta.json.JsonString;
+import jakarta.json.JsonValue;
 import jakarta.json.JsonValue.ValueType;
 
 public class XmlMetadataTemplate {
@@ -623,8 +625,11 @@ private void writeEntityElements(XMLStreamWriter xmlw, String elementName, Strin
                 isROR = true;
                 JsonObject jo = getExternalVocabularyValue(orgName);
                 // Some ext. cvv configs store a JsonArray of multiple objects/values. In such cases, we'll leave orgName blank 
-                if (jo != null && jo.getValueType() == ValueType.STRING) {
-                    orgName = jo.getString("termName");
+                if (jo.containsKey("termName")) {
+                    JsonValue termName = jo.get("termName");
+                    if (termName.getValueType() == ValueType.STRING) {
+                        orgName = ((JsonString) termName).getString();
+                    }
                 }
             }
           

From f7157ef555e56eb475c3168d135f3767fcfa8625 Mon Sep 17 00:00:00 2001
From: Jim Myers <qqmyers@hotmail.com>
Date: Thu, 4 Sep 2025 17:56:15 -0400
Subject: [PATCH 157/634] add null check

---
 .../iq/dataverse/pidproviders/doi/XmlMetadataTemplate.java      | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/main/java/edu/harvard/iq/dataverse/pidproviders/doi/XmlMetadataTemplate.java b/src/main/java/edu/harvard/iq/dataverse/pidproviders/doi/XmlMetadataTemplate.java
index 9e13728bc73..9ebb346baf8 100644
--- a/src/main/java/edu/harvard/iq/dataverse/pidproviders/doi/XmlMetadataTemplate.java
+++ b/src/main/java/edu/harvard/iq/dataverse/pidproviders/doi/XmlMetadataTemplate.java
@@ -625,7 +625,7 @@ private void writeEntityElements(XMLStreamWriter xmlw, String elementName, Strin
                 isROR = true;
                 JsonObject jo = getExternalVocabularyValue(orgName);
                 // Some ext. cvv configs store a JsonArray of multiple objects/values. In such cases, we'll leave orgName blank 
-                if (jo.containsKey("termName")) {
+                if (jo != null && jo.containsKey("termName")) {
                     JsonValue termName = jo.get("termName");
                     if (termName.getValueType() == ValueType.STRING) {
                         orgName = ((JsonString) termName).getString();

From 97e3803388f21bad388f023e8f716d9b79bca5c3 Mon Sep 17 00:00:00 2001
From: Philip Durbin <philip_durbin@harvard.edu>
Date: Thu, 4 Sep 2025 18:57:58 -0400
Subject: [PATCH 158/634] switch from ossrh to central #11766 #11512

---
 .github/workflows/spi_release.yml | 6 ++----
 1 file changed, 2 insertions(+), 4 deletions(-)

diff --git a/.github/workflows/spi_release.yml b/.github/workflows/spi_release.yml
index 1d29cdf76c9..098e094902d 100644
--- a/.github/workflows/spi_release.yml
+++ b/.github/workflows/spi_release.yml
@@ -42,8 +42,7 @@ jobs:
               with:
                   java-version: '17'
                   distribution: 'adopt'
-                  # TODO: change this from ossrh to central?
-                  server-id: ossrh
+                  server-id: central
                   server-username: MAVEN_USERNAME
                   server-password: MAVEN_PASSWORD
             - uses: actions/cache@v4
@@ -81,8 +80,7 @@ jobs:
                 with:
                     java-version: '17'
                     distribution: 'adopt'
-                    # TODO: change this from ossrh to central?
-                    server-id: ossrh
+                    server-id: central
                     server-username: MAVEN_USERNAME
                     server-password: MAVEN_PASSWORD
                     gpg-private-key: ${{ secrets.DATAVERSEBOT_GPG_KEY }}

From b52a791bf227091d2caf890ce9e16aa20cd1034f Mon Sep 17 00:00:00 2001
From: Steven Winship <39765413+stevenwinship@users.noreply.github.com>
Date: Fri, 5 Sep 2025 09:01:24 -0400
Subject: [PATCH 159/634] adding v5 to action.yml

---
 .github/actions/setup-maven/action.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/actions/setup-maven/action.yml b/.github/actions/setup-maven/action.yml
index 4cf09f34231..c3bc94b0d28 100644
--- a/.github/actions/setup-maven/action.yml
+++ b/.github/actions/setup-maven/action.yml
@@ -23,7 +23,7 @@ runs:
         echo "JAVA_VERSION=$(grep '<target.java.version>' ${GITHUB_WORKSPACE}/modules/dataverse-parent/pom.xml | cut -f2 -d'>' | cut -f1 -d'<')" | tee -a ${GITHUB_ENV}
     - name: Set up JDK ${{ env.JAVA_VERSION }}
       id: setup-java
-      uses: actions/setup-java@v4
+      uses: actions/setup-java@v5
       with:
         java-version: ${{ env.JAVA_VERSION }}
         distribution: 'temurin'

From c3a13c893284b4376ee8db5c39364da4492068bb Mon Sep 17 00:00:00 2001
From: Jim Myers <qqmyers@hotmail.com>
Date: Thu, 4 Sep 2025 14:14:26 -0400
Subject: [PATCH 160/634] add support for matching object with a key in an
 array of strings

---
 .../iq/dataverse/DatasetFieldServiceBean.java     | 15 +++++++++++++--
 1 file changed, 13 insertions(+), 2 deletions(-)

diff --git a/src/main/java/edu/harvard/iq/dataverse/DatasetFieldServiceBean.java b/src/main/java/edu/harvard/iq/dataverse/DatasetFieldServiceBean.java
index 0b6b74e6a73..811c67c52d6 100644
--- a/src/main/java/edu/harvard/iq/dataverse/DatasetFieldServiceBean.java
+++ b/src/main/java/edu/harvard/iq/dataverse/DatasetFieldServiceBean.java
@@ -764,13 +764,24 @@ Object processPathSegment(int index, String[] pathParts, JsonValue curPath, Stri
                                 JsonValue val = jo.get(keyVal[0]);
                                 if (val != null) {
                                     if (val.getValueType().equals(ValueType.STRING)) {
+                                        //Match a string value
                                         if (((JsonString) val).getString().equals(expected)) {
                                             logger.fine("Found: " + jo);
                                             curPath = jo;
                                             return processPathSegment(index + 1, pathParts, curPath, termUri);
                                         }
-                                    } else {
-                                        logger.warning("Expected a string value for " + keyVal[0] + " but found: " + val.getValueType());
+                                    } else if (val.getValueType() == JsonValue.ValueType.ARRAY) {
+                                        // Match one string in an array
+                                        JsonArray jsonArray = (JsonArray) val;
+                                        for (JsonValue arrayVal : jsonArray) {
+                                            if (arrayVal.getValueType() == JsonValue.ValueType.STRING) {
+                                                if (((JsonString) arrayVal).getString().equals(expected)) {
+                                                    logger.fine("Found match in array: " + jo.toString());
+                                                    curPath = jo;
+                                                    return processPathSegment(index + 1, pathParts, curPath, termUri);
+                                                }
+                                            }
+                                        }
                                     }
                                 }
                             }

From 5ed86a1cde6f20d6b4fd8b6a2d9a232b66ffea1e Mon Sep 17 00:00:00 2001
From: Stephen Kraffmiller <skraffmiller@hmdc.harvard.edu>
Date: Fri, 5 Sep 2025 13:39:01 -0400
Subject: [PATCH 161/634] Update doc/sphinx-guides/source/api/native-api.rst

Co-authored-by: Philip Durbin <philip_durbin@harvard.edu>
---
 doc/sphinx-guides/source/api/native-api.rst | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/doc/sphinx-guides/source/api/native-api.rst b/doc/sphinx-guides/source/api/native-api.rst
index 327e31124f6..6d6b25b10ef 100644
--- a/doc/sphinx-guides/source/api/native-api.rst
+++ b/doc/sphinx-guides/source/api/native-api.rst
@@ -732,7 +732,7 @@ Note: you must have "Add Dataset" permission in the given collection to invoke t
 
 .. _featured-collections:
 
-List Dataverse Collections to which a given Dataset or Dataverse Collection may be linked
+List Dataverse Collections to Which a Given Dataset or Dataverse Collection May Be Linked
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 The user may provide a search term to limit the list of Dataverse Collections returned. The search term will be compared to the name of the Dataverse Collections.

From a3065927348fd44a637bd0c85c370620e9e2f3ce Mon Sep 17 00:00:00 2001
From: Stephen Kraffmiller <skraffmiller@hmdc.harvard.edu>
Date: Fri, 5 Sep 2025 13:39:52 -0400
Subject: [PATCH 162/634] Update
 src/main/java/edu/harvard/iq/dataverse/PermissionServiceBean.java

Co-authored-by: Guillermo Portas <hey@gportas.me>
---
 .../java/edu/harvard/iq/dataverse/PermissionServiceBean.java    | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/main/java/edu/harvard/iq/dataverse/PermissionServiceBean.java b/src/main/java/edu/harvard/iq/dataverse/PermissionServiceBean.java
index a4111963ea2..303bc87d116 100644
--- a/src/main/java/edu/harvard/iq/dataverse/PermissionServiceBean.java
+++ b/src/main/java/edu/harvard/iq/dataverse/PermissionServiceBean.java
@@ -101,7 +101,7 @@ WITH grouplist AS (
                   WHERE explicitgroup_authenticateduser.containedauthenticatedusers_id = @USERID
                 )
                         
-                SELECT * FROM DATAVERSE WHERE id  IN (
+                SELECT * FROM DATAVERSE WHERE id IN (
                   SELECT definitionpoint_id
                   FROM roleassignment
                   WHERE roleassignment.assigneeidentifier IN (

From 6cc2f6b05eb8835702bb0d9b1ca1776a0bb658d4 Mon Sep 17 00:00:00 2001
From: Stephen Kraffmiller <skraffmiller@hmdc.harvard.edu>
Date: Fri, 5 Sep 2025 13:40:45 -0400
Subject: [PATCH 163/634] Update
 src/main/java/edu/harvard/iq/dataverse/PermissionServiceBean.java

Co-authored-by: Guillermo Portas <hey@gportas.me>
---
 .../java/edu/harvard/iq/dataverse/PermissionServiceBean.java    | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/main/java/edu/harvard/iq/dataverse/PermissionServiceBean.java b/src/main/java/edu/harvard/iq/dataverse/PermissionServiceBean.java
index 303bc87d116..7deae81160a 100644
--- a/src/main/java/edu/harvard/iq/dataverse/PermissionServiceBean.java
+++ b/src/main/java/edu/harvard/iq/dataverse/PermissionServiceBean.java
@@ -157,7 +157,7 @@ AND EXISTS (SELECT id FROM dataverserole WHERE dataverserole.id = roleassignment
                        AND @IPRANGESQL
                      )
                   )
-                ) 
+                )
             """;
     /**
      * A request-level permission query (e.g includes IP ras).

From f7f0d26ace4f0ebc7de0a6b7671452ec71614121 Mon Sep 17 00:00:00 2001
From: Stephen Kraffmiller <skraffmiller@hmdc.harvard.edu>
Date: Fri, 5 Sep 2025 13:41:05 -0400
Subject: [PATCH 164/634] Update
 src/main/java/edu/harvard/iq/dataverse/PermissionServiceBean.java

Co-authored-by: Guillermo Portas <hey@gportas.me>
---
 .../java/edu/harvard/iq/dataverse/PermissionServiceBean.java     | 1 -
 1 file changed, 1 deletion(-)

diff --git a/src/main/java/edu/harvard/iq/dataverse/PermissionServiceBean.java b/src/main/java/edu/harvard/iq/dataverse/PermissionServiceBean.java
index 7deae81160a..742505acdf5 100644
--- a/src/main/java/edu/harvard/iq/dataverse/PermissionServiceBean.java
+++ b/src/main/java/edu/harvard/iq/dataverse/PermissionServiceBean.java
@@ -961,7 +961,6 @@ public List<Dataverse> findPermittedCollections(DataverseRequest request, Authen
         return null;
     }
 
-
     /**
      * Calculates the complete list of role assignments for a given user on a DvObject.
      * This includes roles assigned directly to the user and roles inherited from any groups

From f071e214345e4015fe64d880ae807f57ff633d4b Mon Sep 17 00:00:00 2001
From: Stephen Kraffmiller <skraffmiller@hmdc.harvard.edu>
Date: Fri, 5 Sep 2025 13:41:30 -0400
Subject: [PATCH 165/634] Update
 src/main/java/edu/harvard/iq/dataverse/PermissionServiceBean.java

Co-authored-by: Guillermo Portas <hey@gportas.me>
---
 .../java/edu/harvard/iq/dataverse/PermissionServiceBean.java     | 1 -
 1 file changed, 1 deletion(-)

diff --git a/src/main/java/edu/harvard/iq/dataverse/PermissionServiceBean.java b/src/main/java/edu/harvard/iq/dataverse/PermissionServiceBean.java
index 742505acdf5..7ae24a08c27 100644
--- a/src/main/java/edu/harvard/iq/dataverse/PermissionServiceBean.java
+++ b/src/main/java/edu/harvard/iq/dataverse/PermissionServiceBean.java
@@ -922,7 +922,6 @@ public List<Dataverse> findPermittedCollections(DataverseRequest request, Authen
         return findPermittedCollections(request, user, 1 << permission.ordinal());
     }
     
-    
     public List<Dataverse> findPermittedCollections(DataverseRequest request, AuthenticatedUser user, int permissionBit) {
         if (user != null) {
             // IP Group - Only check IP if a User is calling for themself

From fc68f5677646c0f6384595bea14e51ebc44680de Mon Sep 17 00:00:00 2001
From: Jim Myers <qqmyers@hotmail.com>
Date: Fri, 5 Sep 2025 13:55:24 -0400
Subject: [PATCH 166/634] release note

---
 doc/release-notes/11793 - ext. vocab. improvements.md | 1 +
 1 file changed, 1 insertion(+)
 create mode 100644 doc/release-notes/11793 - ext. vocab. improvements.md

diff --git a/doc/release-notes/11793 - ext. vocab. improvements.md b/doc/release-notes/11793 - ext. vocab. improvements.md
new file mode 100644
index 00000000000..46998e56b60
--- /dev/null
+++ b/doc/release-notes/11793 - ext. vocab. improvements.md	
@@ -0,0 +1 @@
+This version of Dataverse includes extensions of the Dataverse External Vocabulary mechanism (https://guides.dataverse.org/en/latest/admin/metadatacustomization.html#using-external-vocabulary-services) that improve Dataverse's ability to include metadata about vocabulary terms and external identifiers such as ORCID and ROR in it's metadata exports. More information on how to configure external vocabulary scripts to use this functionality can be found at https://github.com/gdcc/dataverse-external-vocab-support/blob/main/docs/readme.md and in the examples in the https://github.com/gdcc/dataverse-external-vocab-support repository.
\ No newline at end of file

From 5d8eabba0813d53c57fe3c627ef615b5b203e4ca Mon Sep 17 00:00:00 2001
From: Stephen Kraffmiller <skraffmiller@hmdc.harvard.edu>
Date: Fri, 5 Sep 2025 14:01:30 -0400
Subject: [PATCH 167/634] Update
 src/main/java/edu/harvard/iq/dataverse/util/json/JsonPrinter.java

Co-authored-by: Guillermo Portas <hey@gportas.me>
---
 .../java/edu/harvard/iq/dataverse/util/json/JsonPrinter.java    | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/main/java/edu/harvard/iq/dataverse/util/json/JsonPrinter.java b/src/main/java/edu/harvard/iq/dataverse/util/json/JsonPrinter.java
index 18896df32ad..cc9d85d0ad8 100644
--- a/src/main/java/edu/harvard/iq/dataverse/util/json/JsonPrinter.java
+++ b/src/main/java/edu/harvard/iq/dataverse/util/json/JsonPrinter.java
@@ -291,7 +291,7 @@ public static JsonObjectBuilder json(Workflow wf){
         return bld;
     }
     
-    public static JsonObjectBuilder json(Dataverse dv, Boolean mini) {
+    public static JsonObjectBuilder json(Dataverse dv, boolean minimal) {
         if (!mini){
             return json(dv, false, false, null);
         } else {

From e975a68289e791ec28694e206128692255eacf72 Mon Sep 17 00:00:00 2001
From: Stephen Kraffmiller <skraffmiller@hmdc.harvard.edu>
Date: Fri, 5 Sep 2025 14:03:30 -0400
Subject: [PATCH 168/634] Update
 src/test/java/edu/harvard/iq/dataverse/api/DataversesIT.java

Co-authored-by: Guillermo Portas <hey@gportas.me>
---
 src/test/java/edu/harvard/iq/dataverse/api/DataversesIT.java | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/test/java/edu/harvard/iq/dataverse/api/DataversesIT.java b/src/test/java/edu/harvard/iq/dataverse/api/DataversesIT.java
index 1e79706b7f7..8b0f5323659 100644
--- a/src/test/java/edu/harvard/iq/dataverse/api/DataversesIT.java
+++ b/src/test/java/edu/harvard/iq/dataverse/api/DataversesIT.java
@@ -797,7 +797,7 @@ public void testGetLinkableDataverses(){
                 .statusCode(OK.getStatusCode())
                 .body("data.size()", equalTo(0));
                 
-    //set user api back to super user for cleanup
+        //set user api back to super user for cleanup
         UtilIT.setSuperuserStatus(username, Boolean.TRUE);
                 
                 

From 70b16d596821ded7bf5a4a12cdc6b2a7b81e1886 Mon Sep 17 00:00:00 2001
From: Stephen Kraffmiller <skraffmiller@hmdc.harvard.edu>
Date: Fri, 5 Sep 2025 14:42:25 -0400
Subject: [PATCH 169/634] #11710 fix typo

---
 .../java/edu/harvard/iq/dataverse/util/json/JsonPrinter.java    | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/main/java/edu/harvard/iq/dataverse/util/json/JsonPrinter.java b/src/main/java/edu/harvard/iq/dataverse/util/json/JsonPrinter.java
index cc9d85d0ad8..779cb84e9cc 100644
--- a/src/main/java/edu/harvard/iq/dataverse/util/json/JsonPrinter.java
+++ b/src/main/java/edu/harvard/iq/dataverse/util/json/JsonPrinter.java
@@ -292,7 +292,7 @@ public static JsonObjectBuilder json(Workflow wf){
     }
     
     public static JsonObjectBuilder json(Dataverse dv, boolean minimal) {
-        if (!mini){
+        if (!minimal){
             return json(dv, false, false, null);
         } else {
             return jsonObjectBuilder()

From e7c344846910f9db40399b273fcfeefee07f2f85 Mon Sep 17 00:00:00 2001
From: Steven Winship <39765413+stevenwinship@users.noreply.github.com>
Date: Fri, 5 Sep 2025 15:48:39 -0400
Subject: [PATCH 170/634] show draft/unpublished in UI

---
 ...18-file-level-permissions-restricted-draft.md |  3 +++
 .../java/edu/harvard/iq/dataverse/DataFile.java  | 16 +++++++++++++++-
 src/main/java/propertyFiles/Bundle.properties    |  1 +
 src/main/webapp/permissions-manage-files.xhtml   |  1 +
 4 files changed, 20 insertions(+), 1 deletion(-)
 create mode 100644 doc/release-notes/7618-file-level-permissions-restricted-draft.md

diff --git a/doc/release-notes/7618-file-level-permissions-restricted-draft.md b/doc/release-notes/7618-file-level-permissions-restricted-draft.md
new file mode 100644
index 00000000000..6b674ee7ec3
--- /dev/null
+++ b/doc/release-notes/7618-file-level-permissions-restricted-draft.md
@@ -0,0 +1,3 @@
+File level permissions: Restricted files in Draft will now show a "Draft/Unpublished" tag in the UI when granting file access
+
+See #7618
diff --git a/src/main/java/edu/harvard/iq/dataverse/DataFile.java b/src/main/java/edu/harvard/iq/dataverse/DataFile.java
index 45604a5472b..bf790d3cc67 100644
--- a/src/main/java/edu/harvard/iq/dataverse/DataFile.java
+++ b/src/main/java/edu/harvard/iq/dataverse/DataFile.java
@@ -303,7 +303,18 @@ public Boolean getDeleted() {
     public void setDeleted(Boolean deleted) {
         this.deleted = deleted;
     }
-    
+
+    @Transient
+    private boolean unpublished;
+
+    public boolean getUnpublished() {
+        return unpublished;
+    }
+
+    public void setUnpublished(boolean unpublished) {
+        this.unpublished = unpublished;
+    }
+
     /*
     For use during file upload so that the user may delete 
     files that have already been uploaded to the current dataset version
@@ -596,7 +607,10 @@ public FileMetadata getLatestFileMetadata() {
         FileMetadata resultFileMetadata = null;
 
         if (fileMetadatas.size() == 1) {
+            setUnpublished(fileMetadatas.get(0).getDatasetVersion() == null || fileMetadatas.get(0).getDatasetVersion().getVersionState().equals(VersionState.DRAFT));
             return fileMetadatas.get(0);
+        } else {
+            setUnpublished(false); // Since only one can be in Draft assume there is a published version
         }
 
         for (FileMetadata fileMetadata : fileMetadatas) {
diff --git a/src/main/java/propertyFiles/Bundle.properties b/src/main/java/propertyFiles/Bundle.properties
index d527ba3eeeb..ed16dea49c2 100644
--- a/src/main/java/propertyFiles/Bundle.properties
+++ b/src/main/java/propertyFiles/Bundle.properties
@@ -1241,6 +1241,7 @@ dataverse.permissionsFiles.files.invalidMsg=There are no restricted files in thi
 dataverse.permissionsFiles.files.requested=Requested Files
 dataverse.permissionsFiles.files.selected=Selecting {0} of {1} {2}
 dataverse.permissionsFiles.files.includeDeleted=Include Deleted Files
+dataverse.permissionsFiles.files.draftUnpublished=Draft/Unpublished
 dataverse.permissionsFiles.viewRemoveDialog.header=File Access
 dataverse.permissionsFiles.viewRemoveDialog.removeBtn=Remove Access
 dataverse.permissionsFiles.viewRemoveDialog.removeBtn.confirmation=Are you sure you want to remove access to this file? Once access has been removed, the user or group will no longer be able to download this file.
diff --git a/src/main/webapp/permissions-manage-files.xhtml b/src/main/webapp/permissions-manage-files.xhtml
index 4e4e56f2051..2c8ff601acd 100644
--- a/src/main/webapp/permissions-manage-files.xhtml
+++ b/src/main/webapp/permissions-manage-files.xhtml
@@ -335,6 +335,7 @@
                                         <h:outputText rendered="#{!empty file.directoryLabel}" value="#{file.directoryLabel}/" styleClass="text-muted"/>
                                         <h:outputText value="#{file.displayName}"/>
                                         <h:outputText value=" (#{bundle['dataverse.permissionsFiles.files.deleted']}) " rendered="#{file.deleted}"/>
+                                        <h:outputText value=" (#{bundle['dataverse.permissionsFiles.files.draftUnpublished']}) "  rendered="#{file.unpublished}"/>
                                     </p:column>
                                 </p:dataTable>
                             </div>

From 1f7324d50f045e2b6895f8ada0499fe35e271870 Mon Sep 17 00:00:00 2001
From: Philip Durbin <philip_durbin@harvard.edu>
Date: Mon, 8 Sep 2025 11:36:57 -0400
Subject: [PATCH 171/634] deploy rc to demo but after the 5 day wait #11790

---
 .../source/developers/making-releases.rst        | 16 +++++++++-------
 1 file changed, 9 insertions(+), 7 deletions(-)

diff --git a/doc/sphinx-guides/source/developers/making-releases.rst b/doc/sphinx-guides/source/developers/making-releases.rst
index 4c9fd28b678..fb0cc630c6b 100755
--- a/doc/sphinx-guides/source/developers/making-releases.rst
+++ b/doc/sphinx-guides/source/developers/making-releases.rst
@@ -143,13 +143,6 @@ Deploy Release Candidate to QA
 
 Deploy the same war file to https://qa.dataverse.org using the same upgrade instructions as above.
 
-Deploy Release Candidate to Demo
---------------------------------
-
-|dedicated|
-
-Deploy the same war file to https://demo.dataverse.org using the same upgrade instructions as above.
-
 Solicit Feedback from Curation Team
 -----------------------------------
 
@@ -170,6 +163,15 @@ Make sure the guides directory appears in the expected location such as https://
 
 When previewing the HTML version of docs from pull requests, we don't usually use this Jenkins job, relying instead on automated ReadTheDocs builds. The reason for doing this step now while we wait for feedback from the Curation Team is that it's an excellent time to fix the Jenkins job, if necessary, to accomodate any changes needed to continue to build the docs. For example, Sphinx might need to be updated or a dependency might need to be installed. Such changes should be listed in the release notes for documentation writers.
 
+Deploy Release Candidate to Demo
+--------------------------------
+
+|dedicated|
+
+Time has passed. The curation team has given feedback. We've finished regression and performance testing. Fixes may have been merged into the "develop" branch. We're ready to actually make the release now, which includes deploying a release candidate to the demo server.
+
+Build a new war file, if necessary, and deploy it to https://demo.dataverse.org using the upgrade instructions in the release notes.
+
 Merge Release Notes (Once Ready)
 --------------------------------
 

From 4c0e6eda810f661395cdc09f1f473fe6a42eff06 Mon Sep 17 00:00:00 2001
From: Philip Durbin <philip_durbin@harvard.edu>
Date: Mon, 8 Sep 2025 11:38:42 -0400
Subject: [PATCH 172/634] typos #11790

---
 doc/sphinx-guides/source/developers/making-releases.rst | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/doc/sphinx-guides/source/developers/making-releases.rst b/doc/sphinx-guides/source/developers/making-releases.rst
index fb0cc630c6b..e7287e12b62 100755
--- a/doc/sphinx-guides/source/developers/making-releases.rst
+++ b/doc/sphinx-guides/source/developers/making-releases.rst
@@ -72,7 +72,7 @@ The benefits of the code freeze are:
 
 In short, the steps described below become easier under a code freeze.
 
-Note: for a hotfix, a code freeze is necessary not because we want code to stop changing in the branch being hotfix released, but because bumping the version used in Jenkins/Ansible means that API tests will fail in pull requests until the version is bumped in those pull requests. Basically, we want to get the hotfix merged quickly so we can propogate the version bump into all open pull requests so that API tests can start passing again in those pull requests.
+Note: for a hotfix, a code freeze is necessary not because we want code to stop changing in the branch being hotfix released, but because bumping the version used in Jenkins/Ansible means that API tests will fail in pull requests until the version is bumped in those pull requests. Basically, we want to get the hotfix merged quickly so we can propagate the version bump into all open pull requests so that API tests can start passing again in those pull requests.
 
 Push Back Milestones on Pull Requests That Missed the Train
 -----------------------------------------------------------
@@ -161,7 +161,7 @@ Click "Save" then "Build Now".
 
 Make sure the guides directory appears in the expected location such as https://guides.dataverse.org/en/6.8-rc.1/
 
-When previewing the HTML version of docs from pull requests, we don't usually use this Jenkins job, relying instead on automated ReadTheDocs builds. The reason for doing this step now while we wait for feedback from the Curation Team is that it's an excellent time to fix the Jenkins job, if necessary, to accomodate any changes needed to continue to build the docs. For example, Sphinx might need to be updated or a dependency might need to be installed. Such changes should be listed in the release notes for documentation writers.
+When previewing the HTML version of docs from pull requests, we don't usually use this Jenkins job, relying instead on automated ReadTheDocs builds. The reason for doing this step now while we wait for feedback from the Curation Team is that it's an excellent time to fix the Jenkins job, if necessary, to accommodate any changes needed to continue to build the docs. For example, Sphinx might need to be updated or a dependency might need to be installed. Such changes should be listed in the release notes for documentation writers.
 
 Deploy Release Candidate to Demo
 --------------------------------

From fb3af17a4bdefdfa92dfe2588e062535eb74144f Mon Sep 17 00:00:00 2001
From: Philip Durbin <philip_durbin@harvard.edu>
Date: Mon, 8 Sep 2025 11:41:38 -0400
Subject: [PATCH 173/634] move perf and reg testing to after rc deploy to qa
 #11790

---
 .../source/developers/making-releases.rst     | 33 ++++++++++---------
 1 file changed, 17 insertions(+), 16 deletions(-)

diff --git a/doc/sphinx-guides/source/developers/making-releases.rst b/doc/sphinx-guides/source/developers/making-releases.rst
index e7287e12b62..0da4d9e0a72 100755
--- a/doc/sphinx-guides/source/developers/making-releases.rst
+++ b/doc/sphinx-guides/source/developers/making-releases.rst
@@ -81,22 +81,6 @@ As of this writing, we optimistically add milestones to issues and pull requests
 
 Hopefully, as the release approached, the team has already decided which pull requests (that aren't related to the release) won't make the cut. If not, go ahead and bump them to the next release.
 
-Conduct Performance Testing
----------------------------
-
-|dedicated|
-
-See :doc:`/qa/performance-tests` for details.
-
-Conduct Regression Testing
----------------------------
-
-|dedicated|
-
-Regression testing should be conducted on production data.
-See :doc:`/qa/testing-approach` for details.
-Refer to the provided regression checklist for the list of items to verify during the testing process: `Regression Checklist <https://docs.google.com/document/d/1OsGJV0sMLDSmfkU9-ee8h_ozbQcUDJ1EOwNPm4dC63Q/edit?usp=sharing>`_.
-
 .. _write-release-notes:
 
 Write Release Notes
@@ -148,6 +132,23 @@ Solicit Feedback from Curation Team
 
 Ask the curation team to test on https://qa.dataverse.org and give them five days to provide feedback.
 
+
+Conduct Performance Testing
+---------------------------
+
+|dedicated|
+
+See :doc:`/qa/performance-tests` for details.
+
+Conduct Regression Testing
+---------------------------
+
+|dedicated|
+
+Regression testing should be conducted on production data.
+See :doc:`/qa/testing-approach` for details.
+Refer to the provided regression checklist for the list of items to verify during the testing process: `Regression Checklist <https://docs.google.com/document/d/1OsGJV0sMLDSmfkU9-ee8h_ozbQcUDJ1EOwNPm4dC63Q/edit?usp=sharing>`_.
+
 Build the Guides for the Release Candidate
 ------------------------------------------
 

From 238db74dca3de4dfd0b6b68c828430bdd5c000ae Mon Sep 17 00:00:00 2001
From: Stephen Kraffmiller <skraffmiller@hmdc.harvard.edu>
Date: Mon, 8 Sep 2025 14:10:38 -0400
Subject: [PATCH 174/634] #11710 move logic in json printer

---
 .../harvard/iq/dataverse/api/Dataverses.java  |  2 +-
 .../iq/dataverse/util/json/JsonPrinter.java   | 90 +++++++++----------
 2 files changed, 46 insertions(+), 46 deletions(-)

diff --git a/src/main/java/edu/harvard/iq/dataverse/api/Dataverses.java b/src/main/java/edu/harvard/iq/dataverse/api/Dataverses.java
index 97bc961c6b2..b522d63bcb0 100644
--- a/src/main/java/edu/harvard/iq/dataverse/api/Dataverses.java
+++ b/src/main/java/edu/harvard/iq/dataverse/api/Dataverses.java
@@ -716,7 +716,7 @@ public Response getDataverse(@Context ContainerRequestContext crc, @PathParam("i
         return response(req -> {
             Dataverse dataverse = execCommand(new GetDataverseCommand(req, findDataverseOrDie(idtf)));
             boolean hideEmail = settingsService.isTrueForKey(SettingsServiceBean.Key.ExcludeEmailFromExport, false);
-            return ok(json(dataverse, hideEmail, returnOwners, returnChildCount ? dataverseService.getChildCount(dataverse) : null));
+            return ok(json(dataverse, hideEmail, returnOwners, false, returnChildCount ? dataverseService.getChildCount(dataverse) : null));
         }, getRequestUser(crc));
     }
 
diff --git a/src/main/java/edu/harvard/iq/dataverse/util/json/JsonPrinter.java b/src/main/java/edu/harvard/iq/dataverse/util/json/JsonPrinter.java
index 779cb84e9cc..ae84ef18ec7 100644
--- a/src/main/java/edu/harvard/iq/dataverse/util/json/JsonPrinter.java
+++ b/src/main/java/edu/harvard/iq/dataverse/util/json/JsonPrinter.java
@@ -293,65 +293,65 @@ public static JsonObjectBuilder json(Workflow wf){
     
     public static JsonObjectBuilder json(Dataverse dv, boolean minimal) {
         if (!minimal){
-            return json(dv, false, false, null);
+            return json(dv, false, false, false, null);
         } else {
-            return jsonObjectBuilder()
-                .add("id", dv.getId())
-                .add("alias", dv.getAlias())
-                .add("name", dv.getName());           
+            return json(dv, false, false, true, null);        
         }
     }
 
     public static JsonObjectBuilder json(Dataverse dv) {
-        return json(dv, false, false, null);
+        return json(dv, false, false, false, null);
     }
 
     //TODO: Once we upgrade to Java EE 8 we can remove objects from the builder, and this email removal can be done in a better place.
-    public static JsonObjectBuilder json(Dataverse dv, Boolean hideEmail, Boolean returnOwners, Long childCount) {
+    public static JsonObjectBuilder json(Dataverse dv, Boolean hideEmail, Boolean returnOwners, Boolean minimal, Long childCount) {
         JsonObjectBuilder bld = jsonObjectBuilder()
                 .add("id", dv.getId())
                 .add("alias", dv.getAlias())
-                .add("name", dv.getName())
-                .add("affiliation", dv.getAffiliation());
-        if(!hideEmail) {
-            bld.add("dataverseContacts", JsonPrinter.json(dv.getDataverseContacts()));
-        }
-        if (returnOwners){
-            bld.add("isPartOf", getOwnersFromDvObject(dv));
-        }
-        bld.add("permissionRoot", dv.isPermissionRoot())
-                .add("description", dv.getDescription())
-                .add("dataverseType", dv.getDataverseType().name())
-                .add("isMetadataBlockRoot", dv.isMetadataBlockRoot())
-                .add("isFacetRoot", dv.isFacetRoot());
-        if (dv.getOwner() != null) {
-            bld.add("ownerId", dv.getOwner().getId());
-        }
-        if (dv.getCreateDate() != null) {
-            bld.add("creationDate", Util.getDateTimeFormat().format(dv.getCreateDate()));
-        }
-        if (dv.getDataverseTheme() != null) {
-            bld.add("theme", JsonPrinter.json(dv.getDataverseTheme()));
-        }
-        if(dv.getStorageDriverId() != null) {
-        	bld.add("storageDriverLabel", DataAccess.getStorageDriverLabelFor(dv.getStorageDriverId()));
-        }
-        if (dv.getFilePIDsEnabled() != null) {
-            bld.add("filePIDsEnabled", dv.getFilePIDsEnabled());
-        }
-        bld.add("effectiveRequiresFilesToPublishDataset", dv.getEffectiveRequiresFilesToPublishDataset());
-        bld.add("isReleased", dv.isReleased());
+                .add("name", dv.getName());
+        //minimal refers to only returning the id alias and name for 
+        //use in selecting collections available for linking
+        if (!minimal) {
+            bld.add("affiliation", dv.getAffiliation());
+            if (!hideEmail) {
+                bld.add("dataverseContacts", JsonPrinter.json(dv.getDataverseContacts()));
+            }
+            if (returnOwners) {
+                bld.add("isPartOf", getOwnersFromDvObject(dv));
+            }
+            bld.add("permissionRoot", dv.isPermissionRoot())
+                    .add("description", dv.getDescription())
+                    .add("dataverseType", dv.getDataverseType().name())
+                    .add("isMetadataBlockRoot", dv.isMetadataBlockRoot())
+                    .add("isFacetRoot", dv.isFacetRoot());
+            if (dv.getOwner() != null) {
+                bld.add("ownerId", dv.getOwner().getId());
+            }
+            if (dv.getCreateDate() != null) {
+                bld.add("creationDate", Util.getDateTimeFormat().format(dv.getCreateDate()));
+            }
+            if (dv.getDataverseTheme() != null) {
+                bld.add("theme", JsonPrinter.json(dv.getDataverseTheme()));
+            }
+            if (dv.getStorageDriverId() != null) {
+                bld.add("storageDriverLabel", DataAccess.getStorageDriverLabelFor(dv.getStorageDriverId()));
+            }
+            if (dv.getFilePIDsEnabled() != null) {
+                bld.add("filePIDsEnabled", dv.getFilePIDsEnabled());
+            }
+            bld.add("effectiveRequiresFilesToPublishDataset", dv.getEffectiveRequiresFilesToPublishDataset());
+            bld.add("isReleased", dv.isReleased());
 
-        List<DataverseFieldTypeInputLevel> inputLevels = dv.getDataverseFieldTypeInputLevels();
-        if(!inputLevels.isEmpty()) {
-            bld.add("inputLevels", JsonPrinter.jsonDataverseFieldTypeInputLevels(inputLevels));
-        }
+            List<DataverseFieldTypeInputLevel> inputLevels = dv.getDataverseFieldTypeInputLevels();
+            if (!inputLevels.isEmpty()) {
+                bld.add("inputLevels", JsonPrinter.jsonDataverseFieldTypeInputLevels(inputLevels));
+            }
 
-        if (childCount != null) {
-            bld.add("childCount", childCount);
+            if (childCount != null) {
+                bld.add("childCount", childCount);
+            }
+            addDatasetFileCountLimit(dv, bld);
         }
-        addDatasetFileCountLimit(dv, bld);
-
         return bld;
     }
 

From 56e91ff33351944ae5c1faff6b486e71dd6887d6 Mon Sep 17 00:00:00 2001
From: Jim Myers <qqmyers@hotmail.com>
Date: Mon, 8 Sep 2025 14:37:59 -0400
Subject: [PATCH 175/634] initial edits

---
 .../source/developers/big-data-support.rst    | 143 ++++++++++++++++--
 1 file changed, 132 insertions(+), 11 deletions(-)

diff --git a/doc/sphinx-guides/source/developers/big-data-support.rst b/doc/sphinx-guides/source/developers/big-data-support.rst
index 75a50e2513d..ab8b92dff0f 100644
--- a/doc/sphinx-guides/source/developers/big-data-support.rst
+++ b/doc/sphinx-guides/source/developers/big-data-support.rst
@@ -1,15 +1,51 @@
-Big Data Support
-================
+Scaling Dataverse with Data Size
+================================
 
-Big data support includes some experimental options. Eventually more of this content will move to the Installation Guide.
+This guide is intended to help administrators configure Dataverse appropriately to handle the amount of data their installation needs to manage.
+
+Scaling is a complex subject and there are many options available in Dataverse that can improve performance with larger scale data, but some of these
+work differently than Dataverse's default configuration, potentially requiring user education, and can require additional expertise to manage.
+
+In general, there are three dimensions in which Dataverse can scale:
+  
+1. **Number of Datasets**
+2. **Number of Files per Dataset**
+3. **Storage size of individual files and aggregate storage size**
+
+This guide will primarily focus on the latter two dimensions.
 
 .. contents:: |toctitle|
         :local:
 
-Various components will need to be installed and/or configured for big data support via the methods described below.
+Choosing the Right Approach
+---------------------------
+
+The table below provides guidance on which storage solution to choose based on your requirements:
+
++------------------------+---------------------------+---------------------------+---------------------------+
+| **Solution**           | **File Size Range**       | **File Volume Support**   | **Key Benefits**          |
++========================+===========================+===========================+===========================+
+| Default Storage        | Up to ~2GB                | Up to thousands           | Simple, no configuration  |
++------------------------+---------------------------+---------------------------+---------------------------+
+| S3 Direct Upload       | Up to several TB          | Up to tens of thousands   | Simple configuration,     |
+|                        |                           |                           | familiar user interface   |
++------------------------+---------------------------+---------------------------+---------------------------+
+| Remote Storage         | Unlimited                 | Unlimited                 | No file transfer needed,  |
+|                        |                           |                           | files remain in place     |
++------------------------+---------------------------+---------------------------+---------------------------+
+| Globus Transfer        | Unlimited                 | Millions+                 | Robust transfer,          |
+|                        |                           |                           | resumable, high-speed     |
++------------------------+---------------------------+---------------------------+---------------------------+
+
+Handling Large Individual Files
+-------------------------------
+
+When individual files exceed typical web upload/download capabilities (generally 1-2GB), you'll need specialized approaches.
 
 S3 Direct Upload and Download
------------------------------
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+**Best for:** Files up to several TB in size with minimal configuration changes
 
 A lightweight option for supporting file sizes beyond a few gigabytes - a size that can cause performance issues when uploaded through a Dataverse installation itself - is to configure an S3 store to provide direct upload and download via 'pre-signed URLs'. When these options are configured, file uploads and downloads are made directly to and from a configured S3 store using secure (https) connections that enforce a Dataverse installation's access controls. (The upload and download URLs are signed with a unique key that only allows access for a short time period and a Dataverse installation will only generate such a URL if the user has permission to upload/download the specific file in question.)
 
@@ -21,7 +57,6 @@ To configure these options, an administrator must set two JVM options for the Da
 
 ``./asadmin create-jvm-options "-Ddataverse.files.<id>.upload-redirect=true"``
 
-
 With multiple stores configured, it is possible to configure one S3 store with direct upload and/or download to support large files (in general or for specific Dataverse collections) while configuring only direct download, or no direct access for another store.
 
 The direct upload option now switches between uploading the file in one piece (up to 1 GB by default) and sending it as multiple parts. The default can be changed by setting:
@@ -39,7 +74,7 @@ At present, one potential drawback for direct-upload is that files are only part
 .. _s3-direct-upload-features-disabled:
 
 Features that are Disabled if S3 Direct Upload is Enabled
-~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
 
 The following features are disabled when S3 direct upload is enabled.
 
@@ -52,7 +87,7 @@ The following features are disabled when S3 direct upload is enabled.
 .. _cors-s3-bucket:
 
 Allow CORS for S3 Buckets
-~~~~~~~~~~~~~~~~~~~~~~~~~
+^^^^^^^^^^^^^^^^^^^^^^^^
 
 **IMPORTANT:** One additional step that is required to enable direct uploads via a Dataverse installation and for direct download to work with previewers and direct upload to work with dvwebloader (:ref:`folder-upload`) is to allow cross site (CORS) requests on your S3 store.
 The example below shows how to enable CORS rules (to support upload and download) on a bucket using the AWS CLI command line tool. Note that you may want to limit the AllowedOrigins and/or AllowedHeaders further.  https://github.com/gdcc/dataverse-previewers/wiki/Using-Previewers-with-download-redirects-from-S3 has some additional information about doing this.
@@ -85,12 +120,14 @@ Alternatively, you can enable CORS using the AWS S3 web interface, using json-en
 .. _s3-tags-and-direct-upload:
 
 S3 Tags and Direct Upload
-~~~~~~~~~~~~~~~~~~~~~~~~~
+^^^^^^^^^^^^^^^^^^^^^^^^
 
 Since the direct upload mechanism creates the final file rather than an intermediate temporary file, user actions, such as neither saving or canceling an upload session before closing the browser page, can leave an abandoned file in the store. The direct upload mechanism attempts to use S3 tags to aid in identifying/removing such files. Upon upload, files are given a "dv-state":"temp" tag which is removed when the dataset changes are saved and new files are added in the Dataverse installation. Note that not all S3 implementations support tags. Minio, for example, does not. With such stores, direct upload may not work and you might need to disable tagging. For details, see :ref:`s3-tagging` in the Installation Guide.
 
 Trusted Remote Storage with the ``remote`` Store Type
------------------------------------------------------
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+**Best for:** Very large files that should remain in their original location
 
 For very large, and/or very sensitive data, it may not make sense to transfer or copy files to Dataverse at all. The experimental ``remote`` store type in the Dataverse software now supports this use case. 
 
@@ -151,7 +188,9 @@ To configure the options mentioned above, an administrator must set two JVM opti
 .. _globus-support:
 
 Globus File Transfer
---------------------
+~~~~~~~~~~~~~~~~~~~
+
+**Best for:** Very large files and high-performance computing environments
 
 Note: Globus file transfer is still experimental but feedback is welcome! See :ref:`support`.
 
@@ -190,3 +229,85 @@ An overview of the control and data transfer interactions between components was
 See also :ref:`Globus settings <:GlobusSettings>`.
 
 An alternative, experimental implementation of Globus polling of ongoing upload transfers has been added in v6.4. This framework does not rely on the instance staying up continuously for the duration of the transfer and saves the state information about Globus upload requests in the database. Due to its experimental nature it is not enabled by default. See the ``globus-use-experimental-async-framework`` feature flag (see :ref:`feature-flags`) and the JVM option :ref:`dataverse.files.globus-monitoring-server`.
+
+Handling High Volume of Files
+----------------------------
+
+When dealing with datasets containing thousands or millions of files, different challenges arise beyond just file size.
+
+Performance Considerations
+~~~~~~~~~~~~~~~~~~~~~~~~~
+
+**Database Impact**
+
+Each file in Dataverse requires database entries for metadata, permissions, and other attributes. When dealing with very large numbers of files:
+
+* Database query performance may degrade
+* Indexing operations take longer
+* Dataset versioning becomes more resource-intensive
+
+**Recommended Approaches**
+
+For datasets with extremely high file counts (10,000+), consider these strategies:
+
+1. **Use hierarchical organization** - Group files into logical directories to improve navigation
+2. **Batch operations** - Use the API for batch uploads rather than the UI
+3. **Consider file bundling** - Where appropriate, bundle related small files into archives
+4. **Use Globus for bulk transfers** - Globus is optimized for handling large numbers of files
+
+API-Based Batch Operations
+~~~~~~~~~~~~~~~~~~~~~~~~~
+
+For programmatically handling large numbers of files, Dataverse provides API endpoints that support batch operations:
+
+* The `/api/datasets/:id/addFiles` endpoint allows adding multiple files in a single request
+* The `/api/datasets/:id/deleteFiles` endpoint allows removing multiple files at once
+
+See the :doc:`/api/native-api` documentation for details on these endpoints.
+
+Monitoring and Maintenance
+~~~~~~~~~~~~~~~~~~~~~~~~~
+
+When working with high file volumes:
+
+* Monitor database performance regularly
+* Consider implementing scheduled maintenance windows for index optimization
+* Use the Dataverse metrics API to track system performance
+
+Storage Strategy Recommendations
+-------------------------------
+
+Based on both file size and volume considerations, here are some general recommendations:
+
+1. **For research projects with moderate data (< 2GB files, < 1000 files):**
+   * Default Dataverse storage is sufficient
+
+2. **For projects with large files but moderate file counts:**
+   * Configure S3 direct upload/download
+   * Set appropriate ingest size limits
+
+3. **For projects with very large files or sensitive data that should remain in place:**
+   * Use the remote storage option
+   * Consider implementing access controls at the remote storage level
+
+4. **For high-performance computing environments or very large datasets:**
+   * Implement Globus transfer
+   * Use batch operations via API
+   * Consider custom workflows for dataset creation and management
+
+5. **For datasets with millions of small files:**
+   * Consider file bundling where appropriate
+   * Use Globus for transfer
+   * Implement hierarchical organization
+
+Performance Tuning
+-----------------
+
+Regardless of which storage solution you choose, consider these performance tuning options:
+
+* Increase JVM heap size for Dataverse application
+* Optimize database indexes for file metadata tables
+* Configure appropriate timeouts for large file transfers
+* Consider dedicated storage nodes for high-volume installations
+
+For detailed performance tuning recommendations, see the :doc:`/installation/config` guide.

From abc1d079d6c3040936f6bf8639eb17086f23be32 Mon Sep 17 00:00:00 2001
From: GPortas <hey@gportas.me>
Date: Tue, 9 Sep 2025 13:40:03 +0100
Subject: [PATCH 176/634] Changed: required permission of
 ListDataverseTemplatesCommand to AddDataset

---
 .../engine/command/impl/ListDataverseTemplatesCommand.java      | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/main/java/edu/harvard/iq/dataverse/engine/command/impl/ListDataverseTemplatesCommand.java b/src/main/java/edu/harvard/iq/dataverse/engine/command/impl/ListDataverseTemplatesCommand.java
index 3e7d4664793..1dbb05e47b5 100644
--- a/src/main/java/edu/harvard/iq/dataverse/engine/command/impl/ListDataverseTemplatesCommand.java
+++ b/src/main/java/edu/harvard/iq/dataverse/engine/command/impl/ListDataverseTemplatesCommand.java
@@ -14,7 +14,7 @@
 /**
  * Lists the templates {@link Template} of a {@link Dataverse}.
  */
-@RequiredPermissions(Permission.EditDataverse)
+@RequiredPermissions(Permission.AddDataset)
 public class ListDataverseTemplatesCommand extends AbstractCommand<List<Template>> {
 
     private final Dataverse dataverse;

From 08761f4524d8513be47cd41b8e282496b6aa9afc Mon Sep 17 00:00:00 2001
From: GPortas <hey@gportas.me>
Date: Tue, 9 Sep 2025 14:13:05 +0100
Subject: [PATCH 177/634] Added: IT test cases for testCreateAndGetTemplates

---
 .../harvard/iq/dataverse/api/DataversesIT.java    | 15 ++++++++++++++-
 1 file changed, 14 insertions(+), 1 deletion(-)

diff --git a/src/test/java/edu/harvard/iq/dataverse/api/DataversesIT.java b/src/test/java/edu/harvard/iq/dataverse/api/DataversesIT.java
index 4f9fbae7ffc..e0eaadb1e82 100644
--- a/src/test/java/edu/harvard/iq/dataverse/api/DataversesIT.java
+++ b/src/test/java/edu/harvard/iq/dataverse/api/DataversesIT.java
@@ -1,5 +1,6 @@
 package edu.harvard.iq.dataverse.api;
 
+import edu.harvard.iq.dataverse.authorization.DataverseRole;
 import edu.harvard.iq.dataverse.util.json.JsonParseException;
 import edu.harvard.iq.dataverse.util.json.JsonParser;
 import edu.harvard.iq.dataverse.util.json.JsonUtil;
@@ -2288,9 +2289,11 @@ public void testUpdateInputLevelDisplayOnCreateOverride() {
     public void testCreateAndGetTemplates() {
         Response createUserResponse = UtilIT.createRandomUser();
         String apiToken = UtilIT.getApiTokenFromResponse(createUserResponse);
+        String username = UtilIT.getUsernameFromResponse(createUserResponse);
 
         Response createSecondUserResponse = UtilIT.createRandomUser();
         String secondApiToken = UtilIT.getApiTokenFromResponse(createSecondUserResponse);
+        String secondUsername = UtilIT.getUsernameFromResponse(createSecondUserResponse);
 
         Response createDataverseResponse = UtilIT.createRandomDataverse(apiToken);
         createDataverseResponse.then().assertThat().statusCode(CREATED.getStatusCode());
@@ -2368,9 +2371,19 @@ public void testCreateAndGetTemplates() {
                 .body("data[0].instructions[0].instructionText", equalTo("The author data"))
                 .body("data[0].dataverseAlias", equalTo(dataverseAlias));
 
-        // Templates retrieval should fail if the user lacks dataverse edit permissions
+        // Templates retrieval should fail if a secondary user lacks dataset creation permissions
+
         getTemplateResponse = UtilIT.getTemplates(dataverseAlias, secondApiToken);
         getTemplateResponse.then().assertThat().statusCode(UNAUTHORIZED.getStatusCode());
+
+        // Template retrieval should succeed if the secondary user has dataset creation permissions
+
+        UtilIT.setSuperuserStatus(username, true);
+        Response grantRoleResponse = UtilIT.grantRoleOnDataverse(dataverseAlias, DataverseRole.DS_CONTRIBUTOR, "@" + secondUsername, apiToken);
+        grantRoleResponse.then().assertThat().statusCode(OK.getStatusCode());
+
+        getTemplateResponse = UtilIT.getTemplates(dataverseAlias, secondApiToken);
+        getTemplateResponse.then().assertThat().statusCode(OK.getStatusCode());
     }
 
     private String getSuperuserToken() {

From 10de15a1008be3e22d528db2b746b91a1a8c6e61 Mon Sep 17 00:00:00 2001
From: GPortas <hey@gportas.me>
Date: Tue, 9 Sep 2025 14:14:42 +0100
Subject: [PATCH 178/634] Fixed: typo in test comment

---
 src/test/java/edu/harvard/iq/dataverse/api/DataversesIT.java | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/test/java/edu/harvard/iq/dataverse/api/DataversesIT.java b/src/test/java/edu/harvard/iq/dataverse/api/DataversesIT.java
index e0eaadb1e82..ffe32c178ab 100644
--- a/src/test/java/edu/harvard/iq/dataverse/api/DataversesIT.java
+++ b/src/test/java/edu/harvard/iq/dataverse/api/DataversesIT.java
@@ -2376,7 +2376,7 @@ public void testCreateAndGetTemplates() {
         getTemplateResponse = UtilIT.getTemplates(dataverseAlias, secondApiToken);
         getTemplateResponse.then().assertThat().statusCode(UNAUTHORIZED.getStatusCode());
 
-        // Template retrieval should succeed if the secondary user has dataset creation permissions
+        // Templates retrieval should succeed if the secondary user has dataset creation permissions
 
         UtilIT.setSuperuserStatus(username, true);
         Response grantRoleResponse = UtilIT.grantRoleOnDataverse(dataverseAlias, DataverseRole.DS_CONTRIBUTOR, "@" + secondUsername, apiToken);

From d03ddcdc2817405414fdf1ed5153b0070070810a Mon Sep 17 00:00:00 2001
From: GPortas <hey@gportas.me>
Date: Tue, 9 Sep 2025 14:18:01 +0100
Subject: [PATCH 179/634] Added: release notes for #11796

---
 ...796-fix-list-dataverse-templates-api-permissions.md | 10 ++++++++++
 1 file changed, 10 insertions(+)
 create mode 100644 doc/release-notes/11796-fix-list-dataverse-templates-api-permissions.md

diff --git a/doc/release-notes/11796-fix-list-dataverse-templates-api-permissions.md b/doc/release-notes/11796-fix-list-dataverse-templates-api-permissions.md
new file mode 100644
index 00000000000..e15f9f4dfa1
--- /dev/null
+++ b/doc/release-notes/11796-fix-list-dataverse-templates-api-permissions.md
@@ -0,0 +1,10 @@
+### Fixed: Permissions for `/{identifier}/templates` endpoint
+
+The `/{identifier}/templates` endpoint previously required **`editDataverse`** permissions to retrieve the list of dataverse templates.
+
+This has been corrected: the endpoint now requires **`addDataset`** permissions instead.
+
+**Impact:**
+- The endpoint now works in scenarios such as the **Create Dataset form** in the SPA UI, without needing unnecessary elevated permissions.  
+
+Related issues: #11796
\ No newline at end of file

From 5791664ad4d69b1573ac09d3ce3492a0bce8c816 Mon Sep 17 00:00:00 2001
From: Stephen Kraffmiller <skraffmiller@hmdc.harvard.edu>
Date: Wed, 10 Sep 2025 09:49:15 -0400
Subject: [PATCH 180/634] #11710 fix comment from copy

---
 src/test/java/edu/harvard/iq/dataverse/api/DataversesIT.java | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/test/java/edu/harvard/iq/dataverse/api/DataversesIT.java b/src/test/java/edu/harvard/iq/dataverse/api/DataversesIT.java
index 8b0f5323659..d0ae3f4d8b9 100644
--- a/src/test/java/edu/harvard/iq/dataverse/api/DataversesIT.java
+++ b/src/test/java/edu/harvard/iq/dataverse/api/DataversesIT.java
@@ -2455,7 +2455,7 @@ public void testCreateAndGetTemplates() throws JsonParseException  {
         String[] newFacetIds = new String[]{"contributorName"};
         String[] newMetadataBlockNames = new String[]{"citation", "geospatial", "biomedical"};
 
-        // Assert that the error is returned for having both MetadataBlockNames and inheritMetadataBlocksFromParent
+       //Giving the new Dataverse updated metadatablocks so that it will not inherit templates 
        Response updateDataverseResponse = UtilIT.updateDataverse(
                 dataverseAlias, dataverseAlias, newName, newAffiliation, newDataverseType, newContactEmails, newInputLevelNames,
                 null, newMetadataBlockNames, apiToken,

From ac8bdc17020bd87193b3d4fe0431a6804fbf2e6d Mon Sep 17 00:00:00 2001
From: Jim Myers <qqmyers@hotmail.com>
Date: Wed, 10 Sep 2025 10:09:44 -0400
Subject: [PATCH 181/634] fix for #11800

hide guestbook when not used, add missing method to FilePage/file.xhtml
---
 src/main/java/edu/harvard/iq/dataverse/FilePage.java | 5 +++++
 src/main/webapp/file.xhtml                           | 2 ++
 src/main/webapp/guestbook-terms-popup-fragment.xhtml | 2 +-
 3 files changed, 8 insertions(+), 1 deletion(-)

diff --git a/src/main/java/edu/harvard/iq/dataverse/FilePage.java b/src/main/java/edu/harvard/iq/dataverse/FilePage.java
index 50ebbc33634..dd1bd56d5bd 100644
--- a/src/main/java/edu/harvard/iq/dataverse/FilePage.java
+++ b/src/main/java/edu/harvard/iq/dataverse/FilePage.java
@@ -420,6 +420,11 @@ public boolean isGuestbookPopupRequiredAtDownload(){
         DatasetVersion workingVersion = fileMetadata.getDatasetVersion();
         return FileUtil.isGuestbookPopupRequired(workingVersion) && !workingVersion.getDataset().getEffectiveGuestbookEntryAtRequest();
     }
+    
+    public boolean isGuestbookPopupRequired(){
+        DatasetVersion workingVersion = fileMetadata.getDatasetVersion();
+        return FileUtil.isGuestbookPopupRequired(workingVersion);
+    }
 
     public void setFileMetadata(FileMetadata fileMetadata) {
         this.fileMetadata = fileMetadata;
diff --git a/src/main/webapp/file.xhtml b/src/main/webapp/file.xhtml
index 8a5c2709e5d..2292ebf4c45 100644
--- a/src/main/webapp/file.xhtml
+++ b/src/main/webapp/file.xhtml
@@ -374,6 +374,7 @@
                                         <ui:param name="fileDownloadService" value="#{FilePage.fileDownloadService}"/>
                                         <ui:param name="lockedFromDownload" value="#{FilePage.lockedFromDownload}"/>
                                         <ui:param name="termsGuestbookPopupAction" value="#{bundle.download}"/>
+                                        <ui:param name="guestbookPopupRequired" value="#{FilePage.guestbookPopupRequired}"/>
                                         <ui:param name="guestbookPopupRequiredAtDownload" value="#{FilePage.guestbookPopupRequiredAtDownload}"/>
                                     </ui:include>
                                 </ui:fragment>
@@ -681,6 +682,7 @@
                             <ui:param name="fileDownloadHelper" value="#{FilePage.fileDownloadHelper}"/>
                             <ui:param name="fileDownloadService" value="#{FilePage.fileDownloadService}"/>
                             <ui:param name="termsGuestbookPopupAction" value="#{FilePage.termsGuestbookPopupAction}"/>
+                            <ui:param name="guestbookPopupRequired" value="#{FilePage.guestbookPopupRequired}"/>
                             <ui:param name="guestbookPopupRequiredAtDownload" value="#{FilePage.guestbookPopupRequiredAtDownload}"/>
 
                         </ui:include>
diff --git a/src/main/webapp/guestbook-terms-popup-fragment.xhtml b/src/main/webapp/guestbook-terms-popup-fragment.xhtml
index 7d157fcb72c..a17145a43ce 100644
--- a/src/main/webapp/guestbook-terms-popup-fragment.xhtml
+++ b/src/main/webapp/guestbook-terms-popup-fragment.xhtml
@@ -142,7 +142,7 @@
                 value="#{MarkupChecker:sanitizeBasicHTML(workingVersion.termsOfUseAndAccess.termsOfAccess)}"
                 escape="false" />
         </div>
-            <p:fragment rendered="#{guestbookAndTermsPopupRequired and guestbookPopupRequired}" id="guestbookUIFragment">
+            <p:fragment rendered="#{guestbookAndTermsPopupRequired and (((termsGuestbookPopupAction != bundle.download) != guestbookPopupRequiredAtDownload) and guestbookPopupRequired)}" id="guestbookUIFragment">
                 <div class="container messagePanel">
                     <iqbs:messages collapsible="true" />
                 </div>

From 811f178c3870dff853b257348058404061cdacbc Mon Sep 17 00:00:00 2001
From: Jim Myers <qqmyers@hotmail.com>
Date: Wed, 10 Sep 2025 10:52:45 -0400
Subject: [PATCH 182/634] release note

---
 doc/release-notes/11800-qb-ra-fixes.md | 2 ++
 1 file changed, 2 insertions(+)
 create mode 100644 doc/release-notes/11800-qb-ra-fixes.md

diff --git a/doc/release-notes/11800-qb-ra-fixes.md b/doc/release-notes/11800-qb-ra-fixes.md
new file mode 100644
index 00000000000..5c7ef82f7f2
--- /dev/null
+++ b/doc/release-notes/11800-qb-ra-fixes.md
@@ -0,0 +1,2 @@
+This release fixes problems with guestbook questions being displayed at download when files are selected from the dataset files table
+when guestbook-at-request is enabled and not displaying when they should when access is requested from the file page. 
\ No newline at end of file

From cfb841cf049b71934f7276e8d96067325f14d745 Mon Sep 17 00:00:00 2001
From: Stephen Kraffmiller <skraffmiller@hmdc.harvard.edu>
Date: Wed, 10 Sep 2025 10:57:28 -0400
Subject: [PATCH 183/634] #11710 handle guest users

---
 .../edu/harvard/iq/dataverse/api/Dataverses.java    | 13 ++++++++++---
 .../edu/harvard/iq/dataverse/api/DataversesIT.java  |  5 +++++
 .../java/edu/harvard/iq/dataverse/api/UtilIT.java   | 12 +++++++++---
 3 files changed, 24 insertions(+), 6 deletions(-)

diff --git a/src/main/java/edu/harvard/iq/dataverse/api/Dataverses.java b/src/main/java/edu/harvard/iq/dataverse/api/Dataverses.java
index b522d63bcb0..16415e0c155 100644
--- a/src/main/java/edu/harvard/iq/dataverse/api/Dataverses.java
+++ b/src/main/java/edu/harvard/iq/dataverse/api/Dataverses.java
@@ -1786,10 +1786,18 @@ public Response getLinkingDataverseList(@Context ContainerRequestContext crc, @P
             DvObject dvObject = findDvoByIdAndTypeOrDie(dvIdtf, type, false);
             List<Dataverse> dataversesForLinkingSearch = new ArrayList();
             
-            AuthenticatedUser requestUser = (AuthenticatedUser) getRequestUser(crc);
+            User requestUser = (User) getRequestUser(crc);
+            AuthenticatedUser authUser;
+            if (!requestUser.isAuthenticated()) {
+                throw new WrappedResponse(error(Response.Status.BAD_REQUEST,
+                        BundleUtil.getStringFromBundle("dataverse.link.user")));
+            } else {
+                authUser = (AuthenticatedUser) requestUser;
+            }
+            
             DataverseRequest dvReq = new DataverseRequest(requestUser, (IpAddress) null);
             List<Dataverse> dataversesForLinking;
-            dataversesForLinking = permissionService.findPermittedCollections(dvReq, requestUser, Permission.LinkDataset);
+            dataversesForLinking = permissionService.findPermittedCollections(dvReq, authUser, Permission.LinkDataset);
 
             List<Dataverse> mergedWithSearch = new ArrayList<>();
             dataversesForLinking = dataverseService.removeUnlinkableDataverses(dataversesForLinking, dvObject);
@@ -1820,7 +1828,6 @@ public Response getLinkingDataverseList(@Context ContainerRequestContext crc, @P
             return wr.getResponse();
         } catch (Exception e) {
             return error(Status.BAD_REQUEST, e.getLocalizedMessage());
-
         }
     }
     
diff --git a/src/test/java/edu/harvard/iq/dataverse/api/DataversesIT.java b/src/test/java/edu/harvard/iq/dataverse/api/DataversesIT.java
index d0ae3f4d8b9..a47672076b3 100644
--- a/src/test/java/edu/harvard/iq/dataverse/api/DataversesIT.java
+++ b/src/test/java/edu/harvard/iq/dataverse/api/DataversesIT.java
@@ -766,6 +766,11 @@ public void testGetLinkableDataverses(){
                 .statusCode(OK.getStatusCode())
                 .body("data.size()", equalTo(0));
                 
+        Response getGuestUnavailableForDataset = UtilIT.getLinkableDataverses("dataset", datasetPersistentId, "", dataverseAliasUnavailableForLinking);
+        getGuestUnavailableForDataset.prettyPrint();
+                getGuestUnavailableForDataset.then().assertThat()
+                .statusCode(BAD_REQUEST.getStatusCode());        
+                
         Response getUnavailableForDataverse = UtilIT.getLinkableDataverses("dataverse", dataverseAlias, apiToken, dataverseAliasUnavailableForLinking);
         getUnavailableForDataverse.prettyPrint();
                 getUnavailableForDataverse.then().assertThat()
diff --git a/src/test/java/edu/harvard/iq/dataverse/api/UtilIT.java b/src/test/java/edu/harvard/iq/dataverse/api/UtilIT.java
index 0eb4a79a3eb..00dbbd7dada 100644
--- a/src/test/java/edu/harvard/iq/dataverse/api/UtilIT.java
+++ b/src/test/java/edu/harvard/iq/dataverse/api/UtilIT.java
@@ -4729,10 +4729,16 @@ static Response getLinkableDataverses (String type, String dvObjectId, String ap
                 optionalQueryParam = "&persistentId=" + dvObjectId;
             }
         }
+        
+        if (!apiToken.isEmpty()) {
+            return given()
+                    .header(API_TOKEN_HTTP_HEADER, apiToken)
+                    .get("/api/dataverses/" + idInPath + "/" + type + "/linkingDataverses?searchTerm=" + searchTerm + optionalQueryParam);
 
-        return given()
-                .header(API_TOKEN_HTTP_HEADER, apiToken)
-                .get("/api/dataverses/" + idInPath + "/" + type + "/linkingDataverses?searchTerm=" + searchTerm + optionalQueryParam);
+        } else {
+            return given()
+                    .get("/api/dataverses/" + idInPath + "/" + type + "/linkingDataverses?searchTerm=" + searchTerm + optionalQueryParam);
+        }
 
     }
     static Response updateDataverseFeaturedItem(long featuredItemId,

From 26661fc17bb2e53bc1aff4dc1e51f1443e2e820c Mon Sep 17 00:00:00 2001
From: Stephen Kraffmiller <skraffmiller@hmdc.harvard.edu>
Date: Wed, 10 Sep 2025 11:50:26 -0400
Subject: [PATCH 184/634] #11710 fix pass bad alias

---
 .../edu/harvard/iq/dataverse/api/AbstractApiBean.java |  3 +++
 .../edu/harvard/iq/dataverse/api/DataversesIT.java    | 11 +++++++++--
 2 files changed, 12 insertions(+), 2 deletions(-)

diff --git a/src/main/java/edu/harvard/iq/dataverse/api/AbstractApiBean.java b/src/main/java/edu/harvard/iq/dataverse/api/AbstractApiBean.java
index 938d7fc9081..12cbe045f8c 100644
--- a/src/main/java/edu/harvard/iq/dataverse/api/AbstractApiBean.java
+++ b/src/main/java/edu/harvard/iq/dataverse/api/AbstractApiBean.java
@@ -637,6 +637,9 @@ protected DvObject findDvoByIdAndTypeOrDie(@NotNull final String dvIdtf, String
             if (testForReleased){
                 DataverseFeaturedItem.validateTypeAndDvObject(dvIdtf, dvObject, dvType);
             }
+            if (dvObject == null) {
+                throw new WrappedResponse(notFound(BundleUtil.getStringFromBundle("find.dvo.error.dvObjectNotFound", Collections.singletonList(dvIdtf))));
+            }
             return dvObject;
         } catch (IllegalArgumentException e) {
             throw new WrappedResponse(error(Response.Status.BAD_REQUEST, e.getMessage()));
diff --git a/src/test/java/edu/harvard/iq/dataverse/api/DataversesIT.java b/src/test/java/edu/harvard/iq/dataverse/api/DataversesIT.java
index a47672076b3..9657ebd8fd9 100644
--- a/src/test/java/edu/harvard/iq/dataverse/api/DataversesIT.java
+++ b/src/test/java/edu/harvard/iq/dataverse/api/DataversesIT.java
@@ -740,8 +740,15 @@ public void testGetLinkableDataverses(){
         getLinkableDataversesForDataversePartial.prettyPrint();
                 getLinkableDataversesForDataversePartial.then().assertThat()
                 .statusCode(OK.getStatusCode())                
-                .body("data[0].alias", equalTo(dataverseAliasForLinking));         
-                                
+                .body("data[0].alias", equalTo(dataverseAliasForLinking));  
+                
+        //Try with bad target alias       
+        searchTerm = "";
+        Response getLinkableDataversesForDataverseBadId = UtilIT.getLinkableDataverses("dataverse", "junque@#", apiToken, searchTerm);
+        getLinkableDataversesForDataverseBadId.prettyPrint();
+                getLinkableDataversesForDataverseBadId.then().assertThat()
+                .statusCode(NOT_FOUND.getStatusCode());                
+                                        
         // create new user and dataverse - the new dataverse should not be available to the first user for linking...
         Response createUserTwo = UtilIT.createRandomUser();
         String apiTokenTwo = UtilIT.getApiTokenFromResponse(createUserTwo);

From 886256c0da2b7f41a3773a572a9684b53fd2c2d9 Mon Sep 17 00:00:00 2001
From: Stephen Kraffmiller <skraffmiller@hmdc.harvard.edu>
Date: Wed, 10 Sep 2025 13:48:16 -0400
Subject: [PATCH 185/634] #11710 remove parents from available linking DV

---
 .../iq/dataverse/DataverseServiceBean.java       | 16 ++++++++++++----
 1 file changed, 12 insertions(+), 4 deletions(-)

diff --git a/src/main/java/edu/harvard/iq/dataverse/DataverseServiceBean.java b/src/main/java/edu/harvard/iq/dataverse/DataverseServiceBean.java
index bc91cb4e081..57bc0bc5450 100644
--- a/src/main/java/edu/harvard/iq/dataverse/DataverseServiceBean.java
+++ b/src/main/java/edu/harvard/iq/dataverse/DataverseServiceBean.java
@@ -572,13 +572,21 @@ public List<Dataverse> removeUnlinkableDataverses(List<Dataverse> allWithPerms,
                 remove.add(removeIt);
             });
         }
+        
 
         if (dvo instanceof Dataverse dataverse) {
             remove.add(dataverse);
-        } else {
-            //dataset is always owned by a dataverse
-            remove.add((Dataverse) dvo.getOwner());
-        }
+        } 
+        
+        DvObject testDVO = dvo;
+        //Remove DVO's parent up to Root
+        while (testDVO != null) {
+            if (testDVO.getOwner() == null) {
+                break; // we are at the root; which by definition is metadata block root, regardless of the value
+            }           
+            remove.add((Dataverse) testDVO.getOwner());
+            testDVO = testDVO.getOwner();
+        }       
 
         for (Dataverse res : allWithPerms) {
             if (!remove.contains(res)) {

From 76333aaf50b1d6964aea321300c8b332ee4037a4 Mon Sep 17 00:00:00 2001
From: Stephen Kraffmiller <skraffmiller@hmdc.harvard.edu>
Date: Wed, 10 Sep 2025 14:34:21 -0400
Subject: [PATCH 186/634] #11710 allow search term to be null

---
 .../harvard/iq/dataverse/api/Dataverses.java  |  2 +-
 .../iq/dataverse/api/DataversesIT.java        |  9 ++++-
 .../edu/harvard/iq/dataverse/api/UtilIT.java  | 38 ++++++++++++++-----
 3 files changed, 37 insertions(+), 12 deletions(-)

diff --git a/src/main/java/edu/harvard/iq/dataverse/api/Dataverses.java b/src/main/java/edu/harvard/iq/dataverse/api/Dataverses.java
index 16415e0c155..9e78f527258 100644
--- a/src/main/java/edu/harvard/iq/dataverse/api/Dataverses.java
+++ b/src/main/java/edu/harvard/iq/dataverse/api/Dataverses.java
@@ -1803,7 +1803,7 @@ public Response getLinkingDataverseList(@Context ContainerRequestContext crc, @P
             dataversesForLinking = dataverseService.removeUnlinkableDataverses(dataversesForLinking, dvObject);
             
             //Only do search lookup if search term is there. Otherwise just include the collections based on perms
-            if (!searchTerm.isEmpty()) {
+            if (searchTerm != null && !searchTerm.isEmpty()) {
                 dataversesForLinkingSearch = dataverseService.filterDataversesByNamePattern(searchTerm);
                 if (!dataversesForLinkingSearch.isEmpty()) {
                     for (Dataverse dv : dataversesForLinking) {
diff --git a/src/test/java/edu/harvard/iq/dataverse/api/DataversesIT.java b/src/test/java/edu/harvard/iq/dataverse/api/DataversesIT.java
index 9657ebd8fd9..2333faccf79 100644
--- a/src/test/java/edu/harvard/iq/dataverse/api/DataversesIT.java
+++ b/src/test/java/edu/harvard/iq/dataverse/api/DataversesIT.java
@@ -740,7 +740,14 @@ public void testGetLinkableDataverses(){
         getLinkableDataversesForDataversePartial.prettyPrint();
                 getLinkableDataversesForDataversePartial.then().assertThat()
                 .statusCode(OK.getStatusCode())                
-                .body("data[0].alias", equalTo(dataverseAliasForLinking));  
+                .body("data[0].alias", equalTo(dataverseAliasForLinking)); 
+                
+        //Should get same result if search term is null        
+        getLinkableDataversesForDataversePartial = UtilIT.getLinkableDataverses("dataverse", dataverseAlias, apiToken, null);
+        getLinkableDataversesForDataversePartial.prettyPrint();
+                getLinkableDataversesForDataversePartial.then().assertThat()
+                .statusCode(OK.getStatusCode())                
+                .body("data[0].alias", equalTo(dataverseAliasForLinking));          
                 
         //Try with bad target alias       
         searchTerm = "";
diff --git a/src/test/java/edu/harvard/iq/dataverse/api/UtilIT.java b/src/test/java/edu/harvard/iq/dataverse/api/UtilIT.java
index 79a71441e26..5f5416e08cc 100644
--- a/src/test/java/edu/harvard/iq/dataverse/api/UtilIT.java
+++ b/src/test/java/edu/harvard/iq/dataverse/api/UtilIT.java
@@ -4729,28 +4729,46 @@ static Response updateDataverseFeaturedItem(long featuredItemId,
         return updateDataverseFeaturedItem(featuredItemId, content, displayOrder, keepFile, pathToFile, null, null, apiToken);
     }
     
-    static Response getLinkableDataverses (String type, String dvObjectId, String apiToken, String searchTerm) {
+    static Response getLinkableDataverses(String type, String dvObjectId, String apiToken, String searchTerm) {
 
         String idInPath = dvObjectId; // Assume it's a number to start.
         String optionalQueryParam = ""; // If idOrPersistentId is a number we'll just put it in the path.
         if (type.equals("dataset")) {
             if (!NumberUtils.isCreatable(idInPath)) {
                 idInPath = ":persistentId";
-                optionalQueryParam = "&persistentId=" + dvObjectId;
+                if (searchTerm == null) {
+                    optionalQueryParam = "?persistentId=" + dvObjectId;
+                } else {
+                    optionalQueryParam = "&persistentId=" + dvObjectId;
+                }
             }
         }
-        
-        if (!apiToken.isEmpty()) {
-            return given()
-                    .header(API_TOKEN_HTTP_HEADER, apiToken)
-                    .get("/api/dataverses/" + idInPath + "/" + type + "/linkingDataverses?searchTerm=" + searchTerm + optionalQueryParam);
+
+        if (searchTerm == null) {
+            if (!apiToken.isEmpty()) {
+                return given()
+                        .header(API_TOKEN_HTTP_HEADER, apiToken)
+                        .get("/api/dataverses/" + idInPath + "/" + type + "/linkingDataverses" + optionalQueryParam);
+
+            } else {
+                return given()
+                        .get("/api/dataverses/" + idInPath + "/" + type + "/linkingDataverses" + optionalQueryParam);
+            }
 
         } else {
-            return given()
-                    .get("/api/dataverses/" + idInPath + "/" + type + "/linkingDataverses?searchTerm=" + searchTerm + optionalQueryParam);
-        }
+            if (!apiToken.isEmpty()) {
+                return given()
+                        .header(API_TOKEN_HTTP_HEADER, apiToken)
+                        .get("/api/dataverses/" + idInPath + "/" + type + "/linkingDataverses?searchTerm=" + searchTerm + optionalQueryParam);
+
+            } else {
+                return given()
+                        .get("/api/dataverses/" + idInPath + "/" + type + "/linkingDataverses?searchTerm=" + searchTerm + optionalQueryParam);
+            }
 
+        }
     }
+    
     static Response updateDataverseFeaturedItem(long featuredItemId,
                                                 String content,
                                                 int displayOrder,

From bafa0d7204ef46938b211de6309de8703b0358a4 Mon Sep 17 00:00:00 2001
From: Stephen Kraffmiller <skraffmiller@hmdc.harvard.edu>
Date: Wed, 10 Sep 2025 15:30:05 -0400
Subject: [PATCH 187/634] #11710 add test for linking child

---
 .../harvard/iq/dataverse/api/DataversesIT.java  | 17 ++++++++++++++++-
 1 file changed, 16 insertions(+), 1 deletion(-)

diff --git a/src/test/java/edu/harvard/iq/dataverse/api/DataversesIT.java b/src/test/java/edu/harvard/iq/dataverse/api/DataversesIT.java
index 2333faccf79..3fbd7cff23f 100644
--- a/src/test/java/edu/harvard/iq/dataverse/api/DataversesIT.java
+++ b/src/test/java/edu/harvard/iq/dataverse/api/DataversesIT.java
@@ -690,6 +690,11 @@ public void testGetLinkableDataverses(){
         //Create dataverse for linking
         Response createDataverseResponseForLinking = UtilIT.createRandomDataverse(apiToken);
         String dataverseAliasForLinking = UtilIT.getAliasFromResponse(createDataverseResponseForLinking);
+        
+        // Create a child of the linking DV
+        Response createLevel1a = UtilIT.createSubDataverse(UtilIT.getRandomDvAlias() + "-level1a", null, apiToken, dataverseAliasForLinking);
+        createLevel1a.prettyPrint();
+        String childLinking = UtilIT.getAliasFromResponse(createLevel1a);
 
         Response publishDataverse = UtilIT.publishDataverseViaNativeApi(dataverseAlias, apiToken);
         assertEquals(200, publishDataverse.getStatusCode());
@@ -747,7 +752,14 @@ public void testGetLinkableDataverses(){
         getLinkableDataversesForDataversePartial.prettyPrint();
                 getLinkableDataversesForDataversePartial.then().assertThat()
                 .statusCode(OK.getStatusCode())                
-                .body("data[0].alias", equalTo(dataverseAliasForLinking));          
+                .body("data[0].alias", equalTo(dataverseAliasForLinking)); 
+                
+        //Try to link the child - should not link to parent - should link to "uncle"      
+        getLinkableDataversesForDataversePartial = UtilIT.getLinkableDataverses("dataverse", childLinking, apiToken, searchTerm);
+        getLinkableDataversesForDataversePartial.prettyPrint();
+                getLinkableDataversesForDataversePartial.then().assertThat()
+                .statusCode(OK.getStatusCode())                
+                .body("data[0].alias", equalTo(dataverseAlias));          
                 
         //Try with bad target alias       
         searchTerm = "";
@@ -827,6 +839,9 @@ public void testGetLinkableDataverses(){
         Response deleteDataverseResponse = UtilIT.deleteDataverse(dataverseAlias, apiToken);
         assertEquals(200, deleteDataverseResponse.getStatusCode());
         
+        deleteDataverseResponse = UtilIT.deleteDataverse(childLinking, apiToken);
+        assertEquals(200, deleteDataverseResponse.getStatusCode());
+        
         deleteDataverseResponse = UtilIT.deleteDataverse(dataverseAliasForLinking, apiToken);
         assertEquals(200, deleteDataverseResponse.getStatusCode());
         

From 5774d950d2de93e778fd5799faff98ea127795d6 Mon Sep 17 00:00:00 2001
From: Stephen Kraffmiller <skraffmiller@hmdc.harvard.edu>
Date: Wed, 10 Sep 2025 15:50:55 -0400
Subject: [PATCH 188/634] #11710 remove generic exception

---
 src/main/java/edu/harvard/iq/dataverse/api/Dataverses.java | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/src/main/java/edu/harvard/iq/dataverse/api/Dataverses.java b/src/main/java/edu/harvard/iq/dataverse/api/Dataverses.java
index 9e78f527258..a8743190114 100644
--- a/src/main/java/edu/harvard/iq/dataverse/api/Dataverses.java
+++ b/src/main/java/edu/harvard/iq/dataverse/api/Dataverses.java
@@ -1826,9 +1826,8 @@ public Response getLinkingDataverseList(@Context ContainerRequestContext crc, @P
             return ok(dvBuilder);
         } catch (WrappedResponse wr) {
             return wr.getResponse();
-        } catch (Exception e) {
-            return error(Status.BAD_REQUEST, e.getLocalizedMessage());
-        }
+        } 
+        
     }
     
     

From ac935e853bd4bf22f1205e783d1bd19a0e25b804 Mon Sep 17 00:00:00 2001
From: Steven Winship <39765413+stevenwinship@users.noreply.github.com>
Date: Wed, 10 Sep 2025 16:01:04 -0400
Subject: [PATCH 189/634] update docs to explain how to delete input levels

---
 doc/sphinx-guides/source/api/changelog.rst  | 2 +-
 doc/sphinx-guides/source/api/native-api.rst | 3 ++-
 2 files changed, 3 insertions(+), 2 deletions(-)

diff --git a/doc/sphinx-guides/source/api/changelog.rst b/doc/sphinx-guides/source/api/changelog.rst
index 96629823673..b793981e761 100644
--- a/doc/sphinx-guides/source/api/changelog.rst
+++ b/doc/sphinx-guides/source/api/changelog.rst
@@ -13,7 +13,7 @@ v6.8
 - For POST /api/files/{id}/metadata passing an empty string ("description":"")  or array ("categories":[]) will no longer be ignored. Empty fields will now clear out the values in the file's metadata. To ignore the fields simply do not include them in the JSON string.
 - For PUT /api/datasets/{id}/editMetadata the query parameter "sourceInternalVersionNumber" has been removed and replaced with "sourceLastUpdateTime" to verify that the data being edited hasn't been modified and isn't stale.
 - For GET /api/dataverses/$dataverse-alias/links the Json response has changed breaking the backward compatibility of the API.
-- For PUT /api/dataverses/$dataverse-alias/inputLevels custom input levels that had been previously set will no longer be deleted.
+- For PUT /api/dataverses/$dataverse-alias/inputLevels custom input levels that had been previously set will no longer be deleted. To delete input levels send an empty list (deletes all), then send the new/modified list.
 - For GET /api/externalTools and /api/externalTools/{id} the responses are now formatted as JSON (previously the toolParameters and allowedApiCalls were a JSON object and array (respectively) that were serialized as JSON strings) and any configured "requirements" are included.
 
 v6.7
diff --git a/doc/sphinx-guides/source/api/native-api.rst b/doc/sphinx-guides/source/api/native-api.rst
index 35cd807ef96..65956904223 100644
--- a/doc/sphinx-guides/source/api/native-api.rst
+++ b/doc/sphinx-guides/source/api/native-api.rst
@@ -1106,7 +1106,8 @@ Update Collection Input Levels
 
 Updates the dataset field type input levels in a collection.
 
-Please note that this endpoint does not change previously updated input levels of the collection page, so if you want to keep the modify exisitng ones, you will need to include them in the JSON request body.
+Please note that this endpoint does not change previously updated input levels of the collection page, so if you want to add new levels or modify existing ones, you will need to include them in the JSON request body.
+In order to delete input levels you must call this API with an empty list to delete all of the input levels, then call this API with the new list of input levels.
 
 If one of the input levels corresponds to a dataset field type belonging to a metadata block that does not exist in the collection, the metadata block will be added to the collection.
 

From 97fae8b8988b7febca885c3c775224aab76719bc Mon Sep 17 00:00:00 2001
From: Stephen Kraffmiller <skraffmiller@hmdc.harvard.edu>
Date: Thu, 11 Sep 2025 08:32:16 -0400
Subject: [PATCH 190/634] #11710 combine search and perms query

---
 .../iq/dataverse/PermissionServiceBean.java   | 56 +++++++++++++++++--
 .../harvard/iq/dataverse/api/Dataverses.java  | 13 ++++-
 2 files changed, 62 insertions(+), 7 deletions(-)

diff --git a/src/main/java/edu/harvard/iq/dataverse/PermissionServiceBean.java b/src/main/java/edu/harvard/iq/dataverse/PermissionServiceBean.java
index 70e8145835b..f6ef9a1d5bf 100644
--- a/src/main/java/edu/harvard/iq/dataverse/PermissionServiceBean.java
+++ b/src/main/java/edu/harvard/iq/dataverse/PermissionServiceBean.java
@@ -105,7 +105,7 @@ WITH grouplist AS (
                   WHERE explicitgroup_authenticateduser.containedauthenticatedusers_id = @USERID
                 )
                         
-                SELECT * FROM DATAVERSE WHERE id IN (
+                SELECT * FROM DATAVERSE dv WHERE id IN (
                   SELECT definitionpoint_id
                   FROM roleassignment
                   WHERE roleassignment.assigneeidentifier IN (
@@ -161,7 +161,7 @@ AND EXISTS (SELECT id FROM dataverserole WHERE dataverserole.id = roleassignment
                        AND @IPRANGESQL
                      )
                   )
-                )
+                ) @SEARCHPREDICATE
             """;
     /**
      * A request-level permission query (e.g includes IP ras).
@@ -921,12 +921,21 @@ private boolean hasUnrestrictedReleasedFiles(DatasetVersion targetDatasetVersion
         Long result = em.createQuery(criteriaQuery).getSingleResult();
         return result > 0;
     }
-
+    
     public List<Dataverse> findPermittedCollections(DataverseRequest request, AuthenticatedUser user, Permission permission) {
-        return findPermittedCollections(request, user, 1 << permission.ordinal());
+        return findPermittedCollections(request, user, 1 << permission.ordinal(), "");
+    }
+
+    public List<Dataverse> findPermittedCollections(DataverseRequest request, AuthenticatedUser user, Permission permission, String searchTerm) {
+        return findPermittedCollections(request, user, 1 << permission.ordinal(), searchTerm);
     }
     
     public List<Dataverse> findPermittedCollections(DataverseRequest request, AuthenticatedUser user, int permissionBit) {
+        return findPermittedCollections(request, user, permissionBit, "");
+    }
+    
+    
+    public List<Dataverse> findPermittedCollections(DataverseRequest request, AuthenticatedUser user, int permissionBit, String searchTerm) {
         if (user != null) {
             // IP Group - Only check IP if a User is calling for themself
             String ipRangeSQL = "FALSE";
@@ -959,15 +968,52 @@ public List<Dataverse> findPermittedCollections(DataverseRequest request, Authen
             if (user.isSuperuser()) {
                 sqlCode = LIST_ALL_DATAVERSES_SUPERUSER_HAS_PERMISSION;
             } else {
+                System.out.print("searchTerm: " + searchTerm);
                 sqlCode = LIST_ALL_DATAVERSES_USER_HAS_PERMISSION
                         .replace("@USERID", String.valueOf(user.getId()))
                         .replace("@PERMISSIONBIT", String.valueOf(permissionBit))
-                        .replace("@IPRANGESQL", ipRangeSQL);
+                        .replace("@IPRANGESQL", ipRangeSQL)
+                        .replace("@SEARCHPREDICATE", getPredicateFromSearchTerm(searchTerm));
             }
+            System.out.print(sqlCode);
             return em.createNativeQuery(sqlCode, Dataverse.class).getResultList();
         }
         return null;
     }
+    
+    private String getPredicateFromSearchTerm(String searchTerm){
+        
+        if (searchTerm == null || searchTerm.isEmpty()){
+            System.out.print("search term null or empty");
+            return "";
+        }
+        
+        String  pattern = searchTerm.toLowerCase();
+        
+        String pattern1 = pattern + "%";
+        String pattern2 = "% " + pattern + "%";
+
+        // Adjust the queries for very short, 1 and 2-character patterns:
+        if (pattern.length() == 1) {
+            pattern1 = pattern;
+            pattern2 = pattern + " %";
+        } 
+        /*if (pattern.length() == 2) {
+            pattern2 = pattern + "%";
+        }*/
+        
+        
+        String qstr =  "and ((LOWER(dv.name) LIKE @DATAVERSE and ((SUBSTRING(LOWER(dv.name),0,(LENGTH(dv.name)-9)) LIKE @PATTERN1) "
+                + "     or (SUBSTRING(LOWER(dv.name),0,(LENGTH(dv.name)-9)) LIKE @PATTERN2))) "
+                + " or (LOWER(dv.name) NOT LIKE @DATAVERSE and ((LOWER(dv.name) LIKE @PATTERN1) "
+                + "     or (LOWER(dv.name) LIKE @PATTERN2)))) ";
+        qstr = qstr.replace("@DATAVERSE", "'%dataverse'")
+                .replace("@PATTERN1", "'" + pattern1 + "'")
+                .replace("@PATTERN2", "'" + pattern2 + "'");
+
+        System.out.print("Query String: " + qstr);
+        return qstr;
+    }
 
     /**
      * Calculates the complete list of role assignments for a given user on a DvObject.
diff --git a/src/main/java/edu/harvard/iq/dataverse/api/Dataverses.java b/src/main/java/edu/harvard/iq/dataverse/api/Dataverses.java
index a8743190114..3078afd7419 100644
--- a/src/main/java/edu/harvard/iq/dataverse/api/Dataverses.java
+++ b/src/main/java/edu/harvard/iq/dataverse/api/Dataverses.java
@@ -1797,12 +1797,19 @@ public Response getLinkingDataverseList(@Context ContainerRequestContext crc, @P
             
             DataverseRequest dvReq = new DataverseRequest(requestUser, (IpAddress) null);
             List<Dataverse> dataversesForLinking;
-            dataversesForLinking = permissionService.findPermittedCollections(dvReq, authUser, Permission.LinkDataset);
+            String searchParam;
+            if(searchTerm != null){
+                searchParam = searchTerm;
+            } else {
+                searchParam = "";
+            }
+            dataversesForLinking = permissionService.findPermittedCollections(dvReq, authUser, Permission.LinkDataset, searchParam);
 
             List<Dataverse> mergedWithSearch = new ArrayList<>();
             dataversesForLinking = dataverseService.removeUnlinkableDataverses(dataversesForLinking, dvObject);
             
             //Only do search lookup if search term is there. Otherwise just include the collections based on perms
+            /*
             if (searchTerm != null && !searchTerm.isEmpty()) {
                 dataversesForLinkingSearch = dataverseService.filterDataversesByNamePattern(searchTerm);
                 if (!dataversesForLinkingSearch.isEmpty()) {
@@ -1816,7 +1823,9 @@ public Response getLinkingDataverseList(@Context ContainerRequestContext crc, @P
                 //search term empty then add all based on perms
                 mergedWithSearch.addAll(dataversesForLinking);
             }
-            
+            */
+             mergedWithSearch.addAll(dataversesForLinking);
+             
             JsonArrayBuilder dvBuilder = Json.createArrayBuilder();
             if (!mergedWithSearch.isEmpty()) {
                 for (Dataverse dv : mergedWithSearch) {

From ce946d02dcd8e73feb3ff8f4f487b1441ee3b8b1 Mon Sep 17 00:00:00 2001
From: Stephen Kraffmiller <skraffmiller@hmdc.harvard.edu>
Date: Thu, 11 Sep 2025 10:41:36 -0400
Subject: [PATCH 191/634] #11710 move dv creation for test

---
 .../edu/harvard/iq/dataverse/api/DataversesIT.java    | 11 ++++++-----
 1 file changed, 6 insertions(+), 5 deletions(-)

diff --git a/src/test/java/edu/harvard/iq/dataverse/api/DataversesIT.java b/src/test/java/edu/harvard/iq/dataverse/api/DataversesIT.java
index 3fbd7cff23f..d11d9158f2a 100644
--- a/src/test/java/edu/harvard/iq/dataverse/api/DataversesIT.java
+++ b/src/test/java/edu/harvard/iq/dataverse/api/DataversesIT.java
@@ -691,10 +691,6 @@ public void testGetLinkableDataverses(){
         Response createDataverseResponseForLinking = UtilIT.createRandomDataverse(apiToken);
         String dataverseAliasForLinking = UtilIT.getAliasFromResponse(createDataverseResponseForLinking);
         
-        // Create a child of the linking DV
-        Response createLevel1a = UtilIT.createSubDataverse(UtilIT.getRandomDvAlias() + "-level1a", null, apiToken, dataverseAliasForLinking);
-        createLevel1a.prettyPrint();
-        String childLinking = UtilIT.getAliasFromResponse(createLevel1a);
 
         Response publishDataverse = UtilIT.publishDataverseViaNativeApi(dataverseAlias, apiToken);
         assertEquals(200, publishDataverse.getStatusCode());
@@ -752,7 +748,12 @@ public void testGetLinkableDataverses(){
         getLinkableDataversesForDataversePartial.prettyPrint();
                 getLinkableDataversesForDataversePartial.then().assertThat()
                 .statusCode(OK.getStatusCode())                
-                .body("data[0].alias", equalTo(dataverseAliasForLinking)); 
+                .body("data[0].alias", equalTo(dataverseAliasForLinking));
+                
+        // Create a child of the linking DV
+        Response createLevel1a = UtilIT.createSubDataverse(UtilIT.getRandomDvAlias() + "-level1a", null, apiToken, dataverseAliasForLinking);
+        createLevel1a.prettyPrint();
+        String childLinking = UtilIT.getAliasFromResponse(createLevel1a);        
                 
         //Try to link the child - should not link to parent - should link to "uncle"      
         getLinkableDataversesForDataversePartial = UtilIT.getLinkableDataverses("dataverse", childLinking, apiToken, searchTerm);

From 3abc4d04d99cae36ff10d723e6018cf7bfc37149 Mon Sep 17 00:00:00 2001
From: Stephen Kraffmiller <skraffmiller@hmdc.harvard.edu>
Date: Thu, 11 Sep 2025 12:23:20 -0400
Subject: [PATCH 192/634] #11710 parametize the query

---
 .../iq/dataverse/PermissionServiceBean.java   | 83 +++++++++----------
 .../harvard/iq/dataverse/api/Dataverses.java  |  1 -
 .../iq/dataverse/api/DataversesIT.java        |  6 ++
 3 files changed, 46 insertions(+), 44 deletions(-)

diff --git a/src/main/java/edu/harvard/iq/dataverse/PermissionServiceBean.java b/src/main/java/edu/harvard/iq/dataverse/PermissionServiceBean.java
index f6ef9a1d5bf..1fb0d52e9fc 100644
--- a/src/main/java/edu/harvard/iq/dataverse/PermissionServiceBean.java
+++ b/src/main/java/edu/harvard/iq/dataverse/PermissionServiceBean.java
@@ -161,8 +161,16 @@ AND EXISTS (SELECT id FROM dataverserole WHERE dataverserole.id = roleassignment
                        AND @IPRANGESQL
                      )
                   )
-                ) @SEARCHPREDICATE
+                ) 
             """;
+        
+        private static final String SEARCH_PARAMS  = """
+                                                             and  ((LOWER(dv.name) LIKE ? and ((SUBSTRING(LOWER(dv.name),0,(LENGTH(dv.name)-9)) LIKE ?)
+                                                                         or (SUBSTRING(LOWER(dv.name),0,(LENGTH(dv.name)-9)) LIKE ?))) 
+                                                                     or (LOWER(dv.name) NOT LIKE ? and ((LOWER(dv.name) LIKE ?)
+                                                                     or (LOWER(dv.name) LIKE ?))))
+                                                     """;
+
     /**
      * A request-level permission query (e.g includes IP ras).
      */
@@ -968,52 +976,41 @@ public List<Dataverse> findPermittedCollections(DataverseRequest request, Authen
             if (user.isSuperuser()) {
                 sqlCode = LIST_ALL_DATAVERSES_SUPERUSER_HAS_PERMISSION;
             } else {
-                System.out.print("searchTerm: " + searchTerm);
-                sqlCode = LIST_ALL_DATAVERSES_USER_HAS_PERMISSION
-                        .replace("@USERID", String.valueOf(user.getId()))
-                        .replace("@PERMISSIONBIT", String.valueOf(permissionBit))
-                        .replace("@IPRANGESQL", ipRangeSQL)
-                        .replace("@SEARCHPREDICATE", getPredicateFromSearchTerm(searchTerm));
+                if (searchTerm == null || searchTerm.isEmpty()) {
+                    sqlCode = LIST_ALL_DATAVERSES_USER_HAS_PERMISSION
+                            .replace("@USERID", String.valueOf(user.getId()))
+                            .replace("@PERMISSIONBIT", String.valueOf(permissionBit))
+                            .replace("@IPRANGESQL", ipRangeSQL);
+                    return em.createNativeQuery(sqlCode, Dataverse.class).getResultList();
+                } else {
+                    String pattern = searchTerm.toLowerCase();
+                    String pattern1 = pattern + "%";
+                    String pattern2 = "% " + pattern + "%";
+
+                    // Adjust the queries for very short, 1 
+                    if (pattern.length() == 1) {
+                        pattern1 = pattern;
+                        pattern2 = pattern + " %";
+                    }
+
+                    sqlCode = LIST_ALL_DATAVERSES_USER_HAS_PERMISSION.concat(SEARCH_PARAMS)
+                            .replace("@USERID", String.valueOf(user.getId()))
+                            .replace("@PERMISSIONBIT", String.valueOf(permissionBit))
+                            .replace("@IPRANGESQL", ipRangeSQL);
+                    
+                    Query query = em.createNativeQuery(sqlCode, Dataverse.class);
+                    query.setParameter(1, "%dataverse");
+                    query.setParameter(2, pattern1);
+                    query.setParameter(3, pattern2);
+                    query.setParameter(4, "%dataverse");
+                    query.setParameter(5, pattern1);
+                    query.setParameter(6, pattern2);
+                    return query.getResultList();
+                }
             }
-            System.out.print(sqlCode);
-            return em.createNativeQuery(sqlCode, Dataverse.class).getResultList();
         }
         return null;
     }
-    
-    private String getPredicateFromSearchTerm(String searchTerm){
-        
-        if (searchTerm == null || searchTerm.isEmpty()){
-            System.out.print("search term null or empty");
-            return "";
-        }
-        
-        String  pattern = searchTerm.toLowerCase();
-        
-        String pattern1 = pattern + "%";
-        String pattern2 = "% " + pattern + "%";
-
-        // Adjust the queries for very short, 1 and 2-character patterns:
-        if (pattern.length() == 1) {
-            pattern1 = pattern;
-            pattern2 = pattern + " %";
-        } 
-        /*if (pattern.length() == 2) {
-            pattern2 = pattern + "%";
-        }*/
-        
-        
-        String qstr =  "and ((LOWER(dv.name) LIKE @DATAVERSE and ((SUBSTRING(LOWER(dv.name),0,(LENGTH(dv.name)-9)) LIKE @PATTERN1) "
-                + "     or (SUBSTRING(LOWER(dv.name),0,(LENGTH(dv.name)-9)) LIKE @PATTERN2))) "
-                + " or (LOWER(dv.name) NOT LIKE @DATAVERSE and ((LOWER(dv.name) LIKE @PATTERN1) "
-                + "     or (LOWER(dv.name) LIKE @PATTERN2)))) ";
-        qstr = qstr.replace("@DATAVERSE", "'%dataverse'")
-                .replace("@PATTERN1", "'" + pattern1 + "'")
-                .replace("@PATTERN2", "'" + pattern2 + "'");
-
-        System.out.print("Query String: " + qstr);
-        return qstr;
-    }
 
     /**
      * Calculates the complete list of role assignments for a given user on a DvObject.
diff --git a/src/main/java/edu/harvard/iq/dataverse/api/Dataverses.java b/src/main/java/edu/harvard/iq/dataverse/api/Dataverses.java
index 3078afd7419..0abfed3d4ba 100644
--- a/src/main/java/edu/harvard/iq/dataverse/api/Dataverses.java
+++ b/src/main/java/edu/harvard/iq/dataverse/api/Dataverses.java
@@ -70,7 +70,6 @@
 import jakarta.ws.rs.WebApplicationException;
 import jakarta.ws.rs.core.Context;
 import jakarta.ws.rs.core.StreamingOutput;
-import java.sql.PreparedStatement;
 import org.glassfish.jersey.media.multipart.FormDataBodyPart;
 import org.glassfish.jersey.media.multipart.FormDataContentDisposition;
 import org.glassfish.jersey.media.multipart.FormDataParam;
diff --git a/src/test/java/edu/harvard/iq/dataverse/api/DataversesIT.java b/src/test/java/edu/harvard/iq/dataverse/api/DataversesIT.java
index d11d9158f2a..e849a32a513 100644
--- a/src/test/java/edu/harvard/iq/dataverse/api/DataversesIT.java
+++ b/src/test/java/edu/harvard/iq/dataverse/api/DataversesIT.java
@@ -787,6 +787,12 @@ public void testGetLinkableDataverses(){
         String apiTokenThree = UtilIT.getApiTokenFromResponse(createUserThree);
         String usernameThree = UtilIT.getUsernameFromResponse(createUserThree);
         
+        Response getUnavailableForDatasetBadSearchTerm = UtilIT.getLinkableDataverses("dataset", datasetPersistentId, apiToken, "xxQQQ-Batman");
+        getUnavailableForDatasetBadSearchTerm.prettyPrint();
+                getUnavailableForDatasetBadSearchTerm.then().assertThat()
+                .statusCode(OK.getStatusCode())
+                .body("data.size()", equalTo(0));
+        
         Response getUnavailableForDataset = UtilIT.getLinkableDataverses("dataset", datasetPersistentId, apiToken, dataverseAliasUnavailableForLinking);
         getUnavailableForDataset.prettyPrint();
                 getUnavailableForDataset.then().assertThat()

From cadf11dd75c6c5e8389d64508bf659629f6c5d83 Mon Sep 17 00:00:00 2001
From: Stephen Kraffmiller <skraffmiller@hmdc.harvard.edu>
Date: Thu, 11 Sep 2025 14:04:18 -0400
Subject: [PATCH 193/634] #11710 Code Cleanup

---
 .../harvard/iq/dataverse/api/Dataverses.java  | 33 ++++++-------------
 1 file changed, 10 insertions(+), 23 deletions(-)

diff --git a/src/main/java/edu/harvard/iq/dataverse/api/Dataverses.java b/src/main/java/edu/harvard/iq/dataverse/api/Dataverses.java
index 0abfed3d4ba..36e92f0f1a1 100644
--- a/src/main/java/edu/harvard/iq/dataverse/api/Dataverses.java
+++ b/src/main/java/edu/harvard/iq/dataverse/api/Dataverses.java
@@ -1783,7 +1783,6 @@ public Response getLinkingDataverseList(@Context ContainerRequestContext crc, @P
         try {
 
             DvObject dvObject = findDvoByIdAndTypeOrDie(dvIdtf, type, false);
-            List<Dataverse> dataversesForLinkingSearch = new ArrayList();
             
             User requestUser = (User) getRequestUser(crc);
             AuthenticatedUser authUser;
@@ -1802,32 +1801,20 @@ public Response getLinkingDataverseList(@Context ContainerRequestContext crc, @P
             } else {
                 searchParam = "";
             }
-            dataversesForLinking = permissionService.findPermittedCollections(dvReq, authUser, Permission.LinkDataset, searchParam);
-
-            List<Dataverse> mergedWithSearch = new ArrayList<>();
-            dataversesForLinking = dataverseService.removeUnlinkableDataverses(dataversesForLinking, dvObject);
-            
-            //Only do search lookup if search term is there. Otherwise just include the collections based on perms
-            /*
-            if (searchTerm != null && !searchTerm.isEmpty()) {
-                dataversesForLinkingSearch = dataverseService.filterDataversesByNamePattern(searchTerm);
-                if (!dataversesForLinkingSearch.isEmpty()) {
-                    for (Dataverse dv : dataversesForLinking) {
-                        if (dataversesForLinkingSearch.contains(dv)) {
-                            mergedWithSearch.add(dv);
-                        }
-                    }
-                }
+            //Find Permitted Collections now takes a Search Term to filter down collections the user may link
+            Permission permToCheck;
+            if (dvObject instanceof Dataset) {
+                permToCheck = Permission.LinkDataset;
             } else {
-                //search term empty then add all based on perms
-                mergedWithSearch.addAll(dataversesForLinking);
+                permToCheck = Permission.LinkDataverse;
             }
-            */
-             mergedWithSearch.addAll(dataversesForLinking);
+
+            dataversesForLinking = permissionService.findPermittedCollections(dvReq, authUser, permToCheck, searchParam);
+            dataversesForLinking = dataverseService.removeUnlinkableDataverses(dataversesForLinking, dvObject);
              
             JsonArrayBuilder dvBuilder = Json.createArrayBuilder();
-            if (!mergedWithSearch.isEmpty()) {
-                for (Dataverse dv : mergedWithSearch) {
+            if (!dataversesForLinking.isEmpty()) {
+                for (Dataverse dv : dataversesForLinking) {
                     dvBuilder.add(json(dv, true));
                 }
             }

From d0c656e759a61393ffb9366365712ddc18d5ac8a Mon Sep 17 00:00:00 2001
From: Jim Myers <qqmyers@hotmail.com>
Date: Thu, 11 Sep 2025 14:46:51 -0400
Subject: [PATCH 194/634] more edits about S3

---
 .../source/developers/big-data-support.rst    | 87 +++++++++++++++++--
 1 file changed, 80 insertions(+), 7 deletions(-)

diff --git a/doc/sphinx-guides/source/developers/big-data-support.rst b/doc/sphinx-guides/source/developers/big-data-support.rst
index ab8b92dff0f..76123827137 100644
--- a/doc/sphinx-guides/source/developers/big-data-support.rst
+++ b/doc/sphinx-guides/source/developers/big-data-support.rst
@@ -3,8 +3,8 @@ Scaling Dataverse with Data Size
 
 This guide is intended to help administrators configure Dataverse appropriately to handle the amount of data their installation needs to manage.
 
-Scaling is a complex subject and there are many options available in Dataverse that can improve performance with larger scale data, but some of these
-work differently than Dataverse's default configuration, potentially requiring user education, and can require additional expertise to manage.
+Scaling is a complex subject: there are many options available in Dataverse that can improve performance with larger scale data, some of which
+work differently than Dataverse's default configuration, potentially requiring user education, and some which can require additional expertise to manage.
 
 In general, there are three dimensions in which Dataverse can scale:
   
@@ -12,15 +12,88 @@ In general, there are three dimensions in which Dataverse can scale:
 2. **Number of Files per Dataset**
 3. **Storage size of individual files and aggregate storage size**
 
-This guide will primarily focus on the latter two dimensions.
+This guide will primarily focus on the latter two dimensions as the main way to scale the number of datasets is to scale the database, server, and storage resources.
 
 .. contents:: |toctitle|
         :local:
 
-Choosing the Right Approach
----------------------------
-
-The table below provides guidance on which storage solution to choose based on your requirements:
+Choosing the Right Storage
+--------------------------
+
+Dataverse provides several options that affect how files are transferred and stored which significantly impact the performance and scalability of your Dataverse installation.
+
+File Storage
+~~~~~~~~~~~~
+
+The default storage option in Dataverse is based on a local file system. When files are transferred to Dataverse, they are first stored in a
+temporary location on the Dataverse server. Any zip files uploaded are unzipped to create multiple individual file entries. Once an upload is completed, 
+Dataverse copies the files to permanent storage. Dataverse also takes advantage of the file being local to inspect it's bytes to determine it
+s MIME type, and, for tabular data, to 'ingest' it - extracting metadata about the variables used in the file and creating a tab-separated value (TSV) version of the file. 
+
+Benefits: This option requires no external services and can potentially handle files into the gigabyte (GB) size range. FOr smaller institutions,
+and in disciplines where datasets do not have more than a few hundred files and files are not too large, this can be the simplest option.
+Further, unzipping of zip archives can be simpler for users than having to upload many individual files and was, at one time, the only way to 
+preserve file path names when uploading.
+
+Challenges: In general file storage is not a good option for larger data sizes - both in terms of file size and number of files. Contributing factors include:
+ 
+- Local file storage must be provisioned in advance based on anticipated demand. It can involve up-front costs (for a local disk), or, when procured from a cloud provider, is likely to be more expensive than object storage (see below) 
+- Because temporary storage is used, transfers will temporarily use several times as much space as the final transfer. Unzipping also increases the final storage size of a dataset.
+- Because all uploads use the same temporary storage, temporary storage must be large enough to handle multiple users uploading data.
+- Each file is uploaded as a single HTTP request, which can cause long transfer times which, in turn, can trigger timeout errors in Dataverse or any proxy or load balancer in front of Dataverse.
+- Uploading many files at once can trigger any rate limiter (i.e. used to throttle use by AI) resulting in failures
+- Because transfers (both uploads and downloads) are handled by the Dataverse server, they add to server processing load which can affect overall performance.
+
+Object Storage via S3
+~~~~~~~~~~~~~~~~~~~~~
+
+A more scalable option for storage is to use an object store with transfers managed using the Simple Storage Service (S3) protocol. S3-compatible storage can 
+easily be bought (rented) from major cloud providers, but may also be available from institutional clouds. It is also possible to run open-source software to provide S3 storage 
+over a local file system (making it possible to enjoy the advantages discussed below while still leveraging local file storage). While Dataverse can be
+configured to handle uploads and downloads as with file storage (with zip files being unzipped, but having many of the same challenges in terms of temporary storage and server load as discussed above) 
+it can also be configured to use 'direct' upload and download. In this configuration, the actual transfer of file bytes is from/to the user's local machine to/from
+the S3 store. In this configuration, Dataverse does not attempt to unzip zip files and they are stored as a single file in the dataset.
+
+Benefits: S3 offers several advantages over file storage which :
+ 
+- Scalability: S3 is designed to handle large amounts of data. It can handle individual files up to several TB in size. 
+Because S3 supports breaking files into pieces, Dataverse can transfer a file in pieces (several in parallel, potentially thousands of pieces per file) making transfers faster
+and more robust (a failure requires only resending the failed piece). It may also be the case that users will have a faster network connection to the S3 store 
+(e.g. in a commercial cloud or High Performance Computing center) than they do to the Dataverse server, reducing transfer time.
+- High Availability: S3 provides redundancy beyond what is available with a single disk (valuable for preservation, potentially reducing the need to perform data integrity checks).
+
+Challenges: 
+- Cost: S3 offers a pricing model that allows you to pay for the storage and transfer of data based on current usage (versus long term demand) but commercial 
+providers charge more per TB than the equivalent cost of a local disk (though commercial S3 storage is cheaper than commercial file storage).
+There can also be egress and other charges. Overall, S3 storage is generally more expensive than local file storage but cheaper than cloud file storage.
+Running a local S3 storage or leveraging an institutional service can further reduce costs.
+- S3 Storage without direct upload/download provides minimal benefits with Dataverse as files still pass through the server, files are still uploaded as a single HTTP/HTTPS stream, and temporary storage is still used.
+
+Other Considerations
+^^^^^^^^^^^^^^^^^^^^
+
+- While not having files unzipped can be confusing to users who are used to it from using Dataverse with file storage, there are ways to minimize the impact. 
+For example, Dataverse can be configured to use a 'Zip File Previewer' that allows users to see the contents of a zip file and even download individual files from within it. 
+For users who still want their data stored as individual files, Dataverse can be configured with the 'DVWebloader' which allows users to select an entire folder tree of files and 
+upload them, with their relative paths intact, to dataverse. (DVWebloader can only be used with S3/direct upload, but it is much more efficient in this case than using the 
+standard upload interface in Dataverse).
+- Using direct upload stops Dataverse from inspecting the file bytes to determine the MIME type (with one exception - Stata files). Dataverse will still look at the file name and extension to determine the MIME type.
+- To perform the 'ingest' processing, Dataverse currently has to copy the file to local storage, somewhat negating the benefit of sending data directly to S3. To manage larger files, one can set a per-store
+Ingest size limit (which can be 0 bytes) to stop ingest or limit it to smaller files. 
+- Dataverse's mechanism for downloading a whole dataset or multiple selected files involves zipping those files together. Even When using S3 with direct upload/download,
+the file bytes are transferred to the Dataverse server as part of the zipping process. There are ways to reduce the performance impact of this:
+  - There is a 'ZipDownloader' app that can be run separate from Dataverse to handle the zipping process.
+  - Dataverse has a :ZipDownloadLimit that can be used to limit the amount of data that can be zipped. If a dataset is larger than this limit, Dataverse will only add some of the files to the zip and list others in the included manifest file.
+  - There are tools such as the Dataverse Dataset Downloader (https://github.com/gdcc/dataverse-recipes/tree/main/shell/download#dataverse-dataset-downloader) that can be used to download all off the files individually. This avoids sending any of the files to/through the Dataverse server when S3 direct download is enabled.  
+- Dataverse leverages S3 features that are not implemented by all servers and has several configuration options geared towards handling variations between servers. Site admins should be sure to test with their preferred S3 implementation.
+
+Remote Storage
+~~~~~~~~~~~~~~
+
+
+
+
+The table below provides basic guidance on Dataverse's which storage solution to choose based on your requirements:
 
 +------------------------+---------------------------+---------------------------+---------------------------+
 | **Solution**           | **File Size Range**       | **File Volume Support**   | **Key Benefits**          |

From d45d0b984e69711061a3d9b83977b77ad6eed6bc Mon Sep 17 00:00:00 2001
From: Stephen Kraffmiller <skraffmiller@hmdc.harvard.edu>
Date: Thu, 11 Sep 2025 14:50:32 -0400
Subject: [PATCH 195/634] #11710 code cleanup

---
 .../java/edu/harvard/iq/dataverse/api/AbstractApiBean.java     | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/src/main/java/edu/harvard/iq/dataverse/api/AbstractApiBean.java b/src/main/java/edu/harvard/iq/dataverse/api/AbstractApiBean.java
index 6b5c4bcf0b2..0ce84844289 100644
--- a/src/main/java/edu/harvard/iq/dataverse/api/AbstractApiBean.java
+++ b/src/main/java/edu/harvard/iq/dataverse/api/AbstractApiBean.java
@@ -615,11 +615,12 @@ protected DvObject findDvo(@NotNull final String id) throws WrappedResponse {
      *
      * @param dvIdtf
      * @param type
+     * @param testForReleased
      * @return DvObject if type matches or throw exception
      * @throws WrappedResponse
      */
     @NotNull
-    protected DvObject findDvoByIdAndTypeOrDie(@NotNull final String dvIdtf, String type, Boolean testForReleased) throws WrappedResponse {
+    protected DvObject findDvoByIdAndTypeOrDie(@NotNull final String dvIdtf, String type, boolean testForReleased) throws WrappedResponse {
         try {
             DataverseFeaturedItem.TYPES dvType = DataverseFeaturedItem.getDvType(type);
             DvObject dvObject = null;

From 8d7c44140327f44d3939103bf00075f3ce54935d Mon Sep 17 00:00:00 2001
From: Stephen Kraffmiller <skraffmiller@hmdc.harvard.edu>
Date: Thu, 11 Sep 2025 15:54:11 -0400
Subject: [PATCH 196/634] #11710 implement command

---
 .../harvard/iq/dataverse/api/Dataverses.java  | 37 ++---------
 .../impl/GetLinkingDataverseListCommand.java  | 66 +++++++++++++++++++
 .../iq/dataverse/api/DataversesIT.java        |  2 +-
 3 files changed, 74 insertions(+), 31 deletions(-)
 create mode 100644 src/main/java/edu/harvard/iq/dataverse/engine/command/impl/GetLinkingDataverseListCommand.java

diff --git a/src/main/java/edu/harvard/iq/dataverse/api/Dataverses.java b/src/main/java/edu/harvard/iq/dataverse/api/Dataverses.java
index 36e92f0f1a1..b65c53b0ded 100644
--- a/src/main/java/edu/harvard/iq/dataverse/api/Dataverses.java
+++ b/src/main/java/edu/harvard/iq/dataverse/api/Dataverses.java
@@ -1783,35 +1783,12 @@ public Response getLinkingDataverseList(@Context ContainerRequestContext crc, @P
         try {
 
             DvObject dvObject = findDvoByIdAndTypeOrDie(dvIdtf, type, false);
-            
-            User requestUser = (User) getRequestUser(crc);
-            AuthenticatedUser authUser;
-            if (!requestUser.isAuthenticated()) {
-                throw new WrappedResponse(error(Response.Status.BAD_REQUEST,
-                        BundleUtil.getStringFromBundle("dataverse.link.user")));
-            } else {
-                authUser = (AuthenticatedUser) requestUser;
-            }
-            
-            DataverseRequest dvReq = new DataverseRequest(requestUser, (IpAddress) null);
-            List<Dataverse> dataversesForLinking;
-            String searchParam;
-            if(searchTerm != null){
-                searchParam = searchTerm;
-            } else {
-                searchParam = "";
-            }
-            //Find Permitted Collections now takes a Search Term to filter down collections the user may link
-            Permission permToCheck;
-            if (dvObject instanceof Dataset) {
-                permToCheck = Permission.LinkDataset;
-            } else {
-                permToCheck = Permission.LinkDataverse;
-            }
+            List<Dataverse> dataversesForLinking = execCommand(new GetLinkingDataverseListCommand(
+                    createDataverseRequest(getRequestUser(crc)),
+                    dvObject,
+                    searchTerm
+            ));
 
-            dataversesForLinking = permissionService.findPermittedCollections(dvReq, authUser, permToCheck, searchParam);
-            dataversesForLinking = dataverseService.removeUnlinkableDataverses(dataversesForLinking, dvObject);
-             
             JsonArrayBuilder dvBuilder = Json.createArrayBuilder();
             if (!dataversesForLinking.isEmpty()) {
                 for (Dataverse dv : dataversesForLinking) {
@@ -1821,8 +1798,8 @@ public Response getLinkingDataverseList(@Context ContainerRequestContext crc, @P
             return ok(dvBuilder);
         } catch (WrappedResponse wr) {
             return wr.getResponse();
-        } 
-        
+        }
+
     }
     
     
diff --git a/src/main/java/edu/harvard/iq/dataverse/engine/command/impl/GetLinkingDataverseListCommand.java b/src/main/java/edu/harvard/iq/dataverse/engine/command/impl/GetLinkingDataverseListCommand.java
new file mode 100644
index 00000000000..2710940c813
--- /dev/null
+++ b/src/main/java/edu/harvard/iq/dataverse/engine/command/impl/GetLinkingDataverseListCommand.java
@@ -0,0 +1,66 @@
+
+package edu.harvard.iq.dataverse.engine.command.impl;
+
+import edu.harvard.iq.dataverse.Dataset;
+import edu.harvard.iq.dataverse.Dataverse;
+import edu.harvard.iq.dataverse.DvObject;
+import edu.harvard.iq.dataverse.authorization.Permission;
+import edu.harvard.iq.dataverse.authorization.users.AuthenticatedUser;
+import edu.harvard.iq.dataverse.authorization.users.User;
+import edu.harvard.iq.dataverse.engine.command.AbstractCommand;
+import edu.harvard.iq.dataverse.engine.command.CommandContext;
+import edu.harvard.iq.dataverse.engine.command.DataverseRequest;
+import edu.harvard.iq.dataverse.engine.command.RequiredPermissions;
+import edu.harvard.iq.dataverse.engine.command.exception.CommandException;
+import edu.harvard.iq.dataverse.engine.command.exception.IllegalCommandException;
+import edu.harvard.iq.dataverse.util.BundleUtil;
+import java.util.List;
+
+/**
+ *
+ * @author stephenkraffmiller
+ */
+@RequiredPermissions({})
+public class GetLinkingDataverseListCommand extends AbstractCommand<List<Dataverse>> {
+
+    private final String searchTerm;
+    private final DvObject dvObject;
+
+    public GetLinkingDataverseListCommand(DataverseRequest aRequest, DvObject dvObject, String searchTerm) {
+        super(aRequest, dvObject);
+        this.searchTerm = searchTerm;
+        this.dvObject = dvObject;
+    }
+
+    @Override
+    public List<Dataverse> execute(CommandContext ctxt) throws CommandException {
+
+        User requestUser = (User) getRequest().getUser();
+        AuthenticatedUser authUser;
+        if (!requestUser.isAuthenticated()) {
+            throw new IllegalCommandException(BundleUtil.getStringFromBundle("dataverse.link.user"), this);
+        } else {
+            authUser = (AuthenticatedUser) requestUser;
+        }
+        List<Dataverse> dataversesForLinking;
+        String searchParam;
+        if (searchTerm != null) {
+            searchParam = searchTerm;
+        } else {
+            searchParam = "";
+        }
+
+        //Find Permitted Collections now takes a Search Term to filter down collections the user may link
+        Permission permToCheck;
+        if (dvObject instanceof Dataset) {
+            permToCheck = Permission.LinkDataset;
+        } else {
+            permToCheck = Permission.LinkDataverse;
+        }
+
+        dataversesForLinking = ctxt.permissions().findPermittedCollections(getRequest(), authUser, permToCheck, searchParam);
+        return ctxt.dataverses().removeUnlinkableDataverses(dataversesForLinking, dvObject);
+
+    }
+
+}
diff --git a/src/test/java/edu/harvard/iq/dataverse/api/DataversesIT.java b/src/test/java/edu/harvard/iq/dataverse/api/DataversesIT.java
index e849a32a513..c72a32a92f2 100644
--- a/src/test/java/edu/harvard/iq/dataverse/api/DataversesIT.java
+++ b/src/test/java/edu/harvard/iq/dataverse/api/DataversesIT.java
@@ -802,7 +802,7 @@ public void testGetLinkableDataverses(){
         Response getGuestUnavailableForDataset = UtilIT.getLinkableDataverses("dataset", datasetPersistentId, "", dataverseAliasUnavailableForLinking);
         getGuestUnavailableForDataset.prettyPrint();
                 getGuestUnavailableForDataset.then().assertThat()
-                .statusCode(BAD_REQUEST.getStatusCode());        
+                .statusCode(FORBIDDEN.getStatusCode());        
                 
         Response getUnavailableForDataverse = UtilIT.getLinkableDataverses("dataverse", dataverseAlias, apiToken, dataverseAliasUnavailableForLinking);
         getUnavailableForDataverse.prettyPrint();

From 3943cb201d9c262f616acb611caf2c03f530b7c4 Mon Sep 17 00:00:00 2001
From: Stephen Kraffmiller <skraffmiller@hmdc.harvard.edu>
Date: Thu, 11 Sep 2025 15:57:14 -0400
Subject: [PATCH 197/634] #11710 remove unused comment

---
 src/main/java/edu/harvard/iq/dataverse/api/Dataverses.java | 2 --
 1 file changed, 2 deletions(-)

diff --git a/src/main/java/edu/harvard/iq/dataverse/api/Dataverses.java b/src/main/java/edu/harvard/iq/dataverse/api/Dataverses.java
index b65c53b0ded..c2cb22bc195 100644
--- a/src/main/java/edu/harvard/iq/dataverse/api/Dataverses.java
+++ b/src/main/java/edu/harvard/iq/dataverse/api/Dataverses.java
@@ -1778,7 +1778,6 @@ public Response linkDataverse(@Context ContainerRequestContext crc, @PathParam("
     @Produces(MediaType.APPLICATION_JSON)
     @Path("{identifier}/{type}/linkingDataverses")
     public Response getLinkingDataverseList(@Context ContainerRequestContext crc, @PathParam("identifier") String dvIdtf, @QueryParam("searchTerm") String searchTerm, @PathParam("type") String type) {
-        //first determine what you are linking based on identifier and type
 
         try {
 
@@ -1799,7 +1798,6 @@ public Response getLinkingDataverseList(@Context ContainerRequestContext crc, @P
         } catch (WrappedResponse wr) {
             return wr.getResponse();
         }
-
     }
     
     

From 46f170b120e1870f0c4d483a7800cf34b381b4cd Mon Sep 17 00:00:00 2001
From: Jim Myers <qqmyers@hotmail.com>
Date: Thu, 11 Sep 2025 17:10:43 -0400
Subject: [PATCH 198/634] remote, globus info

---
 .../source/developers/big-data-support.rst    | 108 +++++++++++++++---
 1 file changed, 90 insertions(+), 18 deletions(-)

diff --git a/doc/sphinx-guides/source/developers/big-data-support.rst b/doc/sphinx-guides/source/developers/big-data-support.rst
index 76123827137..cf156bd12c8 100644
--- a/doc/sphinx-guides/source/developers/big-data-support.rst
+++ b/doc/sphinx-guides/source/developers/big-data-support.rst
@@ -62,7 +62,8 @@ and more robust (a failure requires only resending the failed piece). It may als
 (e.g. in a commercial cloud or High Performance Computing center) than they do to the Dataverse server, reducing transfer time.
 - High Availability: S3 provides redundancy beyond what is available with a single disk (valuable for preservation, potentially reducing the need to perform data integrity checks).
 
-Challenges: 
+Challenges:
+
 - Cost: S3 offers a pricing model that allows you to pay for the storage and transfer of data based on current usage (versus long term demand) but commercial 
 providers charge more per TB than the equivalent cost of a local disk (though commercial S3 storage is cheaper than commercial file storage).
 There can also be egress and other charges. Overall, S3 storage is generally more expensive than local file storage but cheaper than cloud file storage.
@@ -90,25 +91,98 @@ the file bytes are transferred to the Dataverse server as part of the zipping pr
 Remote Storage
 ~~~~~~~~~~~~~~
 
+Note: Remote Storage is still experimental: feedback is welcome! See :ref:`support`.
+
+For very large, and/or very sensitive data, it may not make sense to transfer or copy files to Dataverse at all. The ``remote`` store type in the Dataverse software support these use cases.
+It allows Dataverse to store a URL reference for the file rather than transferring the file bytes to a store managed directly by Dataverse.
+In the most basic configuration a site administrator configures the base URL for the store, e.g. "https://thirdpartystorage.edu/long-term-storage/" and users can then create files referencing
+any URL starting with that base, e.g. "https://thirdpartystorage.edu/long-term-storage/my_file.txt". If the remote site is a public web server, the remote store in Dataverse should be configured to be 'public' which will
+disable the ability to restrict or embargo files (as they are public on the remote site and Dataverse cannot block access.) Conversely, Dataverse can be configured to sign requests to the remote server and,
+and, which the remote server, if it is capable of validating them, can use to reject requests not approved by Dataverse. In this configuration, users can restrict and embargo files and Dataverse and the remote server will cooperate to
+manage access control. Another alternative, with a more advanced remote store, would be, instead of using URLs that directly enable download of the file, to use URLs that point to 
+a landing page at the remote server that may require the user to login, or go through some other authentication/validation process before being able to access the file.
+
+Dataverse considers remote storage to be read-only, or, in cases where the remote service does not provide a way for Dataverse to download the file bytes ((due to access control or because the URL refers to a landing page), inacessible. 
+Depending on whether Dataverse can access the bytes of the file, functionality such as ingest and integrity checking may or may not be possible. If the file bytes are not accessible 
+the remote store in Dataverse should be configured to disable operations that attempt to access the file (see  files-not-accessible-by-dataverse).
+If the file bytes are accessible, Dataverse can still support features such as ingest and thumbnail creation, as well as local storage of other files  and auxilliary files. These are handled by configuring a 'base' store with the remote store
+that is used for these purposes. (This means that while the specified files remain on the remote store, other files in the dataset, and potentially the ingested TSV format of a remote file would be managed by Dataverse in some other store. If ingest is not desired, the ingest size limit for the store can be set to 0 bytes).  
+
+Benefits: 
+
+- This is a relatively simple way to off-load the management of large and/or sensitive data files to other organizations while still providing Dataverse's overall capabilities for dataset curation and publication to users.   
+- If the store has been configured with a remote-store-name or remote-store-url, the dataset file table will include this information for remote files. These provide a visual indicator that the files are not managed directly by Dataverse and are stored/managed by a remote trusted store.
+
+Challenges:
+
+- Currently, remote files can only be added via the API. (This may be addressed in future versions).
+- As Dataverse is relying on the remote service to main the integrity and availability of the files, it is likely that the Dataverse site admin will want to have a formal agreement with the remote service 
+operator about their policies.
+- Site admins need to consider carefully how to configure file size limits, ingest size limits, etc. on the remote store and it's base store, and whether the remote store is public-only, and whether it files there can be read by Dataverse to assure the
+requirements of a specific use case(s) are addressed.
+- The current remote store implementation will not prevent you from providing a relative URL that results in a 404 when resolved. (I.e. if you make a typo). You should check to make sure the file exists at the location you specify - by trying to download in Dataverse, by checking to see that Dataverse was able to get the file size (which it does by doing a HEAD call to that location), or just manually trying the URL in your browser.
+- For large files, direct-download should always be used with a remote store. (Otherwise the Dataverse will be involved in the download.)
+ 
+
+Globus Transfer
+~~~~~~~~~~~~~~~
+
+Note: Globus Transfer is still experimental: feedback is welcome! See :ref:`support`.
+
+`Globus <https://www.globus.org>`_ provides file transfer service that is widely used for the largest datasets (in terms of both file size and number of files). It provides:
+
+- robust file transfer capable of handling delays (e.g. due to the time it takes to mount tapes) and restarting after network or endpoint failures
+- parallel file transfers, potentially between clusters of computers on both ends
+- third-party transfer, which enables a user working with their desktop browser to initiate transfer of files from one remote endpoint (i.e. on a local high-performance computing cluster) to/from another (e.g. one associated with a Dataverse store)
+
+Dataverse can be configured to support Globus transfers in multiple ways:
+
+- A Dataverse-managed Globus File Endpoint: Dataverse controls user access to the endpoint, access is only via Globus
+- A Dataverse-managed Globus S3 Endpoint: Dataverse controls user access to the endpoint, access is available via S3 and via Globus
+- A Globus Endpoint treated as Remote Storage: Dataverse references files on a Globus endpoint managed by a third party
+
+Each of these options has its own advantages and disadvantages:
+Benefits: 
+
+- Globus scales to higher data volumes than any other option. Users working with large data are often familiar with Globus and are interested in transferring data to/from computational clusters rather than their local machine
+- Globus transfers can be initiated by choosing the Globus option in the dataset upload panel. Analogously, "Globus Transfer" is one of the download options in the "Access Dataset" menu.
+- For the non-S3 options, Dataverse support having a base store (e.g. a local file system or an S3-based store), which can be used internally by Dataverse (e.g. for thumbnails, etc.) and can allow users to upload smaller files (e.g. Readmes, documentation) that might not be suited to a given Globus endpoint (e.g. a tape store)
+
+Challenges: 
+- Globus is complex to manage and Dataverse installations will need to develop Globus expertise or partner with another organization (i.e. a institutional high-performance computing center) to manage Globus endpoints.
+- For users not familiar with Globus, managing transfers can be confusing. Globus does provide a free 'Globus Personal Connect' service which can be run on any machine to allow transfers to/from it.
+- Globus transfers are not enabled at dataset-creation time. Once the draft version is created, users can initiate Globus transfers to upload files from remote endpoints.
+- For Dataverse managed endpoints, a a community-developed `dataverse-globus <https://github.com/scholarsportal/dataverse-globus>`_ app must be installed and configured in the Dataverse instance. 
+This app manages granting and revoking access for users to upload/download files from Dataverse and handles the translation between Dataverse's internal file naming/organization to that see by the user.
+- Due to differences between Dataverse's and Globus's access control models, Dataverse cannot enforce per-file-access restrictions - restriction can only be done today at the level of providing access to all files in a dataset.
+Globus stores can be defined as public to disable Dataverse's ability to restrict and embargo files in that store. If the store is configured to support restriction and embargo,
+Dataverse and it's Dataverse-Globus app will limit users to downloading only the files they have been granted access to, but a technically knowledgeable user could access other files in the same dataset if they are give access to one.
+(Data depositors would need to be aware of this limitation and could be guided to restrict all files/only grant access to all dataset files as a work-around).
+- Dataverse-managed endpoints must be Globus 'guest collections' hosted on either a file-system-based endpoint or an S3-based endpoint (the latter requires use of the Globus
+S3 connector which requires a paid Globus subscription at the host institution). In either case, Dataverse is configured with the Globus credentials of a user account that can manage the endpoint.
+Users will need their own Globus account, which can be obtained via their institution or directly from Globus (at no cost).
+- With the file-system endpoint, Dataverse does not currently have access to the file contents. Thus, functionality related to ingest, previews, fixity hash validation, etc. are not available. (Using the S3-based endpoint, Dataverse has access via S3 and all functionality normally associated with direct uploads to S3 is available.)
+- For the reference use case, Dataverse must be configured with a list of allowed endpoint/base paths from which files may be referenced. In this case, since Dataverse is not accessing the remote endpoint itself, it does not need Globus credentials. 
+Users will also need a Globus account in this case, and the remote endpoint must be configured to allow them access (i.e. be publicly readable, or potentially involving some out-of-band mechanism to request access (that could be described in the dataset's Terms of Use and Access).
+- While Globus itself can handle many (millions of) files of any size, Dataverse cannot handle more than thousands of files per dataset (at best) and some Globus endpoints may have limits on file sizes - both maximums and minimums (e.g. for tape storage where small files are inefficient).
+Users will need to be made aware of these limitations and the possibilities for managing them (e.g. by aggregating multiple files in a single larger file).
+
+More details of the setup required to enable Globus is described in the `Community Dataverse-Globus Setup and Configuration document <https://docs.google.com/document/d/1mwY3IVv8_wTspQC0d4ddFrD2deqwr-V5iAGHgOy4Ch8/edit?usp=sharing>`_ and the references therein.
+
+As described in that document, 
+
+An overview of the control and data transfer interactions between components was presented at the 2022 Dataverse Community Meeting and can be viewed in the `Integrations and Tools Session Video <https://youtu.be/3ek7F_Dxcjk?t=5289>`_ around the 1 hr 28 min mark.
+
+See also :ref:`Globus settings <:GlobusSettings>`.
+
+An alternative, experimental implementation of Globus polling of ongoing upload transfers has been added in v6.4. This framework does not rely on the instance staying up continuously for the duration of the transfer and saves the state information about Globus upload requests in the database. Due to its experimental nature it is not enabled by default. See the ``globus-use-experimental-async-framework`` feature flag (see :ref:`feature-flags`) and the JVM option :ref:`dataverse.files.globus-monitoring-server`.
+
+
+
 
 
 
-The table below provides basic guidance on Dataverse's which storage solution to choose based on your requirements:
 
-+------------------------+---------------------------+---------------------------+---------------------------+
-| **Solution**           | **File Size Range**       | **File Volume Support**   | **Key Benefits**          |
-+========================+===========================+===========================+===========================+
-| Default Storage        | Up to ~2GB                | Up to thousands           | Simple, no configuration  |
-+------------------------+---------------------------+---------------------------+---------------------------+
-| S3 Direct Upload       | Up to several TB          | Up to tens of thousands   | Simple configuration,     |
-|                        |                           |                           | familiar user interface   |
-+------------------------+---------------------------+---------------------------+---------------------------+
-| Remote Storage         | Unlimited                 | Unlimited                 | No file transfer needed,  |
-|                        |                           |                           | files remain in place     |
-+------------------------+---------------------------+---------------------------+---------------------------+
-| Globus Transfer        | Unlimited                 | Millions+                 | Robust transfer,          |
-|                        |                           |                           | resumable, high-speed     |
-+------------------------+---------------------------+---------------------------+---------------------------+
 
 Handling Large Individual Files
 -------------------------------
@@ -263,8 +337,6 @@ To configure the options mentioned above, an administrator must set two JVM opti
 Globus File Transfer
 ~~~~~~~~~~~~~~~~~~~
 
-**Best for:** Very large files and high-performance computing environments
-
 Note: Globus file transfer is still experimental but feedback is welcome! See :ref:`support`.
 
 Users can transfer files via `Globus <https://www.globus.org>`_ into and out of datasets, or reference files on a remote Globus endpoint, when their Dataverse installation is configured to use a Globus accessible store(s) 

From c7c7e7015b0d0871c7634e5250ef9c5fa6099f78 Mon Sep 17 00:00:00 2001
From: qqmyers <jim.myers@computer.org>
Date: Thu, 11 Sep 2025 17:20:06 -0400
Subject: [PATCH 199/634] Apply suggestions from code review

Co-authored-by: Philip Durbin <philipdurbin@gmail.com>
---
 doc/sphinx-guides/source/api/native-api.rst                   | 4 ++--
 .../edu/harvard/iq/dataverse/DataverseRoleServiceBean.java    | 2 +-
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/doc/sphinx-guides/source/api/native-api.rst b/doc/sphinx-guides/source/api/native-api.rst
index 083d72d01cf..5d5e057345d 100644
--- a/doc/sphinx-guides/source/api/native-api.rst
+++ b/doc/sphinx-guides/source/api/native-api.rst
@@ -1508,7 +1508,7 @@ The fully expanded example above (without environment variables) looks like this
 
   curl -H "X-Dataverse-key:xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx" -H "Accept: text/csv" "https://demo.dataverse.org/api/dataverses/3/assignments/history"
 
-The CSV response has column headers mirroring the json entries. They are internationalized (when internationalization is configured).
+The CSV response has column headers mirroring the JSON entries. They are internationalized (when internationalization is configured).
 
 Note: This feature requires the "role-assignment-history" feature flag to be enabled (see :ref:`feature-flags`).
 
@@ -4199,7 +4199,7 @@ The fully expanded example above (without environment variables) looks like this
 
   curl -H "X-Dataverse-key:xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx" -H "Accept: text/csv" "https://demo.dataverse.org/api/datasets/3/assignments/history"
 
-The CSV response has column headers mirroring the json entries. They are internationalized (when internationalization is configured).
+The CSV response has column headers mirroring the JSON entries. They are internationalized (when internationalization is configured).
 
 Note: This feature requires the "role-assignment-history" feature flag to be enabled (see :ref:`feature-flags`).
 
diff --git a/src/main/java/edu/harvard/iq/dataverse/DataverseRoleServiceBean.java b/src/main/java/edu/harvard/iq/dataverse/DataverseRoleServiceBean.java
index a341735c0e7..f16726a8fbe 100644
--- a/src/main/java/edu/harvard/iq/dataverse/DataverseRoleServiceBean.java
+++ b/src/main/java/edu/harvard/iq/dataverse/DataverseRoleServiceBean.java
@@ -469,7 +469,7 @@ public static class RoleAssignmentHistoryConsolidatedEntry {
         private Date assignedAt;
         private String revokedBy;
         private Date revokedAt;
-        private List<Long> definitionPointIds;  // New field
+        private List<Long> definitionPointIds;
     
         public RoleAssignmentHistoryConsolidatedEntry(String assigneeIdentifier, String roleName, Long definitionPointId) {
             this.roleName = roleName;

From 62f976e31876afc4805547dad4b722d9344f0a85 Mon Sep 17 00:00:00 2001
From: Jim Myers <qqmyers@hotmail.com>
Date: Thu, 11 Sep 2025 17:36:44 -0400
Subject: [PATCH 200/634] updates per review

---
 doc/release-notes/11612-RAHistory.md                          | 2 +-
 .../edu/harvard/iq/dataverse/ManageFilePermissionsPage.java   | 3 ++-
 .../java/edu/harvard/iq/dataverse/ManagePermissionsPage.java  | 4 ++--
 3 files changed, 5 insertions(+), 4 deletions(-)

diff --git a/doc/release-notes/11612-RAHistory.md b/doc/release-notes/11612-RAHistory.md
index b61fc9d0406..82df91c3913 100644
--- a/doc/release-notes/11612-RAHistory.md
+++ b/doc/release-notes/11612-RAHistory.md
@@ -4,7 +4,7 @@ Dataverse can now track the history of role assignments, allowing administrators
 
 ## Key components of this feature:
 
-- **Feature Flag**: The functionality can be enabled/disabled via the `ROLE_ASSIGNMENT_HISTORY` feature flag 
+- **Feature Flag**: The functionality can be enabled/disabled via the `ROLE_ASSIGNMENT_HISTORY` feature flag (default is `off`)
 - **UI Integration**: New history panels on permission management pages showing the complete history of role assignments/revocations
 - **CSV Export**: Administrators can download the role assignment history for a given collection or dataset (or files in a dataset) as a CSV file directly from the new panels
 - **API Access**: New API endpoints provide access to role assignment history in both JSON and CSV formats:
diff --git a/src/main/java/edu/harvard/iq/dataverse/ManageFilePermissionsPage.java b/src/main/java/edu/harvard/iq/dataverse/ManageFilePermissionsPage.java
index 0c49346fd80..a23b41cb1d1 100644
--- a/src/main/java/edu/harvard/iq/dataverse/ManageFilePermissionsPage.java
+++ b/src/main/java/edu/harvard/iq/dataverse/ManageFilePermissionsPage.java
@@ -584,7 +584,8 @@ public void setRenderFileMessages(boolean renderFileMessages) {
         this.renderFileMessages = renderFileMessages;
     }
 
-    public String getsignedUrlForRAHistoryCsv() {
+    public String getSignedUrlForRAHistoryCsv() {
+        //Including /v1 is required for the signature to validate
         String apiPath = "/api/v1/datasets/" + dataset.getId() + "/files/permissions/history";
         
         try {
diff --git a/src/main/java/edu/harvard/iq/dataverse/ManagePermissionsPage.java b/src/main/java/edu/harvard/iq/dataverse/ManagePermissionsPage.java
index 1f980c877ba..f2a2dfb5df7 100644
--- a/src/main/java/edu/harvard/iq/dataverse/ManagePermissionsPage.java
+++ b/src/main/java/edu/harvard/iq/dataverse/ManagePermissionsPage.java
@@ -696,9 +696,9 @@ public void setRenderRoleMessages(Boolean renderRoleMessages) {
         this.renderRoleMessages = renderRoleMessages;
     }
     
-    public String getsignedUrlForRAHistoryCsv() {
+    public String getSignedUrlForRAHistoryCsv() {
         String apiPath;
-        
+        //Including /v1 in these urls is required for the signature to validate
         if (dvObject instanceof Dataverse dv) {
             // For Dataverses, use the dataverses API endpoint with the alias
             apiPath = "/api/v1/dataverses/" + dv.getAlias() + "/permissions/history";

From 70c7430fb20b56d6cf47ba5c06fafd9c6fd4067f Mon Sep 17 00:00:00 2001
From: Stephen Kraffmiller <skraffmiller@hmdc.harvard.edu>
Date: Fri, 12 Sep 2025 14:45:22 -0400
Subject: [PATCH 201/634] #11710 simplify logic

---
 .../iq/dataverse/util/json/JsonPrinter.java   | 79 ++++++++++---------
 1 file changed, 40 insertions(+), 39 deletions(-)

diff --git a/src/main/java/edu/harvard/iq/dataverse/util/json/JsonPrinter.java b/src/main/java/edu/harvard/iq/dataverse/util/json/JsonPrinter.java
index 9c7c519c1ef..46aa2dfff20 100644
--- a/src/main/java/edu/harvard/iq/dataverse/util/json/JsonPrinter.java
+++ b/src/main/java/edu/harvard/iq/dataverse/util/json/JsonPrinter.java
@@ -310,48 +310,49 @@ public static JsonObjectBuilder json(Dataverse dv, Boolean hideEmail, Boolean re
                 .add("alias", dv.getAlias())
                 .add("name", dv.getName());
         //minimal refers to only returning the id alias and name for 
-        //use in selecting collections available for linking
-        if (!minimal) {
-            bld.add("affiliation", dv.getAffiliation());
-            if (!hideEmail) {
-                bld.add("dataverseContacts", JsonPrinter.json(dv.getDataverseContacts()));
-            }
-            if (returnOwners) {
-                bld.add("isPartOf", getOwnersFromDvObject(dv));
-            }
-            bld.add("permissionRoot", dv.isPermissionRoot())
-                    .add("description", dv.getDescription())
-                    .add("dataverseType", dv.getDataverseType().name())
-                    .add("isMetadataBlockRoot", dv.isMetadataBlockRoot())
-                    .add("isFacetRoot", dv.isFacetRoot());
-            if (dv.getOwner() != null) {
-                bld.add("ownerId", dv.getOwner().getId());
-            }
-            if (dv.getCreateDate() != null) {
-                bld.add("creationDate", Util.getDateTimeFormat().format(dv.getCreateDate()));
-            }
-            if (dv.getDataverseTheme() != null) {
-                bld.add("theme", JsonPrinter.json(dv.getDataverseTheme()));
-            }
-            if (dv.getStorageDriverId() != null) {
-                bld.add("storageDriverLabel", DataAccess.getStorageDriverLabelFor(dv.getStorageDriverId()));
-            }
-            if (dv.getFilePIDsEnabled() != null) {
-                bld.add("filePIDsEnabled", dv.getFilePIDsEnabled());
-            }
-            bld.add("effectiveRequiresFilesToPublishDataset", dv.getEffectiveRequiresFilesToPublishDataset());
-            bld.add("isReleased", dv.isReleased());
+        //used in selecting collections available for linking
+        if (minimal) {
+            return bld;
+        }
+        bld.add("affiliation", dv.getAffiliation());
+        if (!hideEmail) {
+            bld.add("dataverseContacts", JsonPrinter.json(dv.getDataverseContacts()));
+        }
+        if (returnOwners) {
+            bld.add("isPartOf", getOwnersFromDvObject(dv));
+        }
+        bld.add("permissionRoot", dv.isPermissionRoot())
+                .add("description", dv.getDescription())
+                .add("dataverseType", dv.getDataverseType().name())
+                .add("isMetadataBlockRoot", dv.isMetadataBlockRoot())
+                .add("isFacetRoot", dv.isFacetRoot());
+        if (dv.getOwner() != null) {
+            bld.add("ownerId", dv.getOwner().getId());
+        }
+        if (dv.getCreateDate() != null) {
+            bld.add("creationDate", Util.getDateTimeFormat().format(dv.getCreateDate()));
+        }
+        if (dv.getDataverseTheme() != null) {
+            bld.add("theme", JsonPrinter.json(dv.getDataverseTheme()));
+        }
+        if (dv.getStorageDriverId() != null) {
+            bld.add("storageDriverLabel", DataAccess.getStorageDriverLabelFor(dv.getStorageDriverId()));
+        }
+        if (dv.getFilePIDsEnabled() != null) {
+            bld.add("filePIDsEnabled", dv.getFilePIDsEnabled());
+        }
+        bld.add("effectiveRequiresFilesToPublishDataset", dv.getEffectiveRequiresFilesToPublishDataset());
+        bld.add("isReleased", dv.isReleased());
 
-            List<DataverseFieldTypeInputLevel> inputLevels = dv.getDataverseFieldTypeInputLevels();
-            if (!inputLevels.isEmpty()) {
-                bld.add("inputLevels", JsonPrinter.jsonDataverseFieldTypeInputLevels(inputLevels));
-            }
+        List<DataverseFieldTypeInputLevel> inputLevels = dv.getDataverseFieldTypeInputLevels();
+        if (!inputLevels.isEmpty()) {
+            bld.add("inputLevels", JsonPrinter.jsonDataverseFieldTypeInputLevels(inputLevels));
+        }
 
-            if (childCount != null) {
-                bld.add("childCount", childCount);
-            }
-            addDatasetFileCountLimit(dv, bld);
+        if (childCount != null) {
+            bld.add("childCount", childCount);
         }
+        addDatasetFileCountLimit(dv, bld);
         return bld;
     }
 

From 47d7e3dd506234ab7bb133dc0358bd340ac2d4a7 Mon Sep 17 00:00:00 2001
From: GPortas <hey@gportas.me>
Date: Mon, 15 Sep 2025 11:36:19 +0100
Subject: [PATCH 202/634] Added: GetLinkingDataverseListCommand unit test

---
 .../GetLinkingDataverseListCommandTest.java   | 161 ++++++++++++++++++
 1 file changed, 161 insertions(+)
 create mode 100644 src/test/java/edu/harvard/iq/dataverse/engine/command/impl/GetLinkingDataverseListCommandTest.java

diff --git a/src/test/java/edu/harvard/iq/dataverse/engine/command/impl/GetLinkingDataverseListCommandTest.java b/src/test/java/edu/harvard/iq/dataverse/engine/command/impl/GetLinkingDataverseListCommandTest.java
new file mode 100644
index 00000000000..50636474be8
--- /dev/null
+++ b/src/test/java/edu/harvard/iq/dataverse/engine/command/impl/GetLinkingDataverseListCommandTest.java
@@ -0,0 +1,161 @@
+package edu.harvard.iq.dataverse.engine.command.impl;
+
+import edu.harvard.iq.dataverse.*;
+import edu.harvard.iq.dataverse.authorization.Permission;
+import edu.harvard.iq.dataverse.authorization.users.AuthenticatedUser;
+import edu.harvard.iq.dataverse.engine.command.CommandContext;
+import edu.harvard.iq.dataverse.engine.command.DataverseRequest;
+import edu.harvard.iq.dataverse.engine.command.exception.CommandException;
+import edu.harvard.iq.dataverse.engine.command.exception.IllegalCommandException;
+import edu.harvard.iq.dataverse.util.BundleUtil;
+import org.junit.jupiter.api.BeforeEach;
+import org.junit.jupiter.api.Test;
+import org.junit.jupiter.api.extension.ExtendWith;
+import org.mockito.Mock;
+import org.mockito.Mockito;
+import org.mockito.junit.jupiter.MockitoExtension;
+
+import java.util.Arrays;
+import java.util.Collections;
+import java.util.List;
+
+import static org.junit.jupiter.api.Assertions.assertEquals;
+import static org.junit.jupiter.api.Assertions.assertThrows;
+import static org.junit.jupiter.api.Assertions.assertTrue;
+
+@ExtendWith(MockitoExtension.class)
+public class GetLinkingDataverseListCommandTest {
+
+    @Mock
+    private DataverseRequest dataverseRequest;
+    @Mock
+    private CommandContext commandContext;
+    @Mock
+    private PermissionServiceBean permissionService;
+    @Mock
+    private DataverseServiceBean dataverseService;
+    @Mock
+    private AuthenticatedUser authenticatedUser;
+
+    @BeforeEach
+    public void setUp() {
+        Mockito.when(dataverseRequest.getUser()).thenReturn(authenticatedUser);
+    }
+
+    @Test
+    public void execute_shouldThrowException_whenUserIsNotAuthenticated() {
+        // Arrange
+        Mockito.when(authenticatedUser.isAuthenticated()).thenReturn(false);
+        DvObject dvObject = new Dataset();
+        GetLinkingDataverseListCommand sut = new GetLinkingDataverseListCommand(dataverseRequest, dvObject, "");
+
+        // Act & Assert
+        assertThrows(IllegalCommandException.class, () -> {
+            sut.execute(commandContext);
+        }, BundleUtil.getStringFromBundle("dataverse.link.user"));
+    }
+
+    @Test
+    public void execute_shouldReturnPermittedList_forLinkingDataset() throws CommandException {
+        // Arrange
+        String searchTerm = "test";
+        Dataset datasetToLink = new Dataset();
+        List<Dataverse> permittedList = Arrays.asList(new Dataverse(), new Dataverse());
+
+        Mockito.when(commandContext.permissions()).thenReturn(permissionService);
+        Mockito.when(commandContext.dataverses()).thenReturn(dataverseService);
+        Mockito.when(authenticatedUser.isAuthenticated()).thenReturn(true);
+        Mockito.when(permissionService.findPermittedCollections(dataverseRequest, authenticatedUser, Permission.LinkDataset, searchTerm))
+                .thenReturn(permittedList);
+        Mockito.when(dataverseService.removeUnlinkableDataverses(permittedList, datasetToLink))
+                .thenReturn(permittedList); // Assume none are removed for this test
+
+        GetLinkingDataverseListCommand sut = new GetLinkingDataverseListCommand(dataverseRequest, datasetToLink, searchTerm);
+
+        // Act
+        List<Dataverse> result = sut.execute(commandContext);
+
+        // Assert
+        assertEquals(2, result.size());
+        assertEquals(permittedList, result);
+        Mockito.verify(permissionService).findPermittedCollections(dataverseRequest, authenticatedUser, Permission.LinkDataset, searchTerm);
+        Mockito.verify(dataverseService).removeUnlinkableDataverses(permittedList, datasetToLink);
+    }
+
+    @Test
+    public void execute_shouldReturnPermittedList_forLinkingDataverse() throws CommandException {
+        // Arrange
+        String searchTerm = "test";
+        Dataverse dataverseToLink = new Dataverse();
+        List<Dataverse> permittedList = Collections.singletonList(new Dataverse());
+
+        Mockito.when(commandContext.permissions()).thenReturn(permissionService);
+        Mockito.when(commandContext.dataverses()).thenReturn(dataverseService);
+        Mockito.when(authenticatedUser.isAuthenticated()).thenReturn(true);
+        Mockito.when(permissionService.findPermittedCollections(dataverseRequest, authenticatedUser, Permission.LinkDataverse, searchTerm))
+                .thenReturn(permittedList);
+        Mockito.when(dataverseService.removeUnlinkableDataverses(permittedList, dataverseToLink))
+                .thenReturn(permittedList);
+
+        GetLinkingDataverseListCommand sut = new GetLinkingDataverseListCommand(dataverseRequest, dataverseToLink, searchTerm);
+
+        // Act
+        List<Dataverse> result = sut.execute(commandContext);
+
+        // Assert
+        assertEquals(1, result.size());
+        assertEquals(permittedList, result);
+        Mockito.verify(permissionService).findPermittedCollections(dataverseRequest, authenticatedUser, Permission.LinkDataverse, searchTerm);
+        Mockito.verify(dataverseService).removeUnlinkableDataverses(permittedList, dataverseToLink);
+    }
+
+    @Test
+    public void execute_shouldUseEmptyString_whenSearchTermIsNull() throws CommandException {
+        // Arrange
+        String searchTerm = null;
+        Dataset datasetToLink = new Dataset();
+        List<Dataverse> expectedList = Collections.emptyList();
+
+        Mockito.when(commandContext.permissions()).thenReturn(permissionService);
+        Mockito.when(commandContext.dataverses()).thenReturn(dataverseService);
+        Mockito.when(authenticatedUser.isAuthenticated()).thenReturn(true);
+        // Note: verify that an empty string "" is passed instead of null
+        Mockito.when(permissionService.findPermittedCollections(dataverseRequest, authenticatedUser, Permission.LinkDataset, ""))
+                .thenReturn(expectedList);
+        Mockito.when(dataverseService.removeUnlinkableDataverses(expectedList, datasetToLink))
+                .thenReturn(expectedList);
+
+        GetLinkingDataverseListCommand sut = new GetLinkingDataverseListCommand(dataverseRequest, datasetToLink, searchTerm);
+
+        // Act
+        List<Dataverse> result = sut.execute(commandContext);
+
+        // Assert
+        assertTrue(result.isEmpty());
+        Mockito.verify(permissionService).findPermittedCollections(dataverseRequest, authenticatedUser, Permission.LinkDataset, "");
+    }
+
+    @Test
+    public void execute_shouldReturnEmptyList_whenNoPermittedCollectionsFound() throws CommandException {
+        // Arrange
+        String searchTerm = "nonexistent";
+        Dataset datasetToLink = new Dataset();
+        List<Dataverse> emptyList = Collections.emptyList();
+
+        Mockito.when(commandContext.permissions()).thenReturn(permissionService);
+        Mockito.when(commandContext.dataverses()).thenReturn(dataverseService);
+        Mockito.when(authenticatedUser.isAuthenticated()).thenReturn(true);
+        Mockito.when(permissionService.findPermittedCollections(dataverseRequest, authenticatedUser, Permission.LinkDataset, searchTerm))
+                .thenReturn(emptyList);
+        Mockito.when(dataverseService.removeUnlinkableDataverses(emptyList, datasetToLink))
+                .thenReturn(emptyList);
+
+        GetLinkingDataverseListCommand sut = new GetLinkingDataverseListCommand(dataverseRequest, datasetToLink, searchTerm);
+
+        // Act
+        List<Dataverse> result = sut.execute(commandContext);
+
+        // Assert
+        assertTrue(result.isEmpty());
+    }
+}

From 72e78a5f0d6c18f638910abde802061fa7e9a517 Mon Sep 17 00:00:00 2001
From: Stephen Kraffmiller <skraffmiller@hmdc.harvard.edu>
Date: Tue, 16 Sep 2025 09:56:31 -0400
Subject: [PATCH 203/634] #11710 short circuit test for unlinkable

---
 .../engine/command/impl/GetLinkingDataverseListCommand.java   | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/src/main/java/edu/harvard/iq/dataverse/engine/command/impl/GetLinkingDataverseListCommand.java b/src/main/java/edu/harvard/iq/dataverse/engine/command/impl/GetLinkingDataverseListCommand.java
index 2710940c813..c47c6215640 100644
--- a/src/main/java/edu/harvard/iq/dataverse/engine/command/impl/GetLinkingDataverseListCommand.java
+++ b/src/main/java/edu/harvard/iq/dataverse/engine/command/impl/GetLinkingDataverseListCommand.java
@@ -59,6 +59,10 @@ public List<Dataverse> execute(CommandContext ctxt) throws CommandException {
         }
 
         dataversesForLinking = ctxt.permissions().findPermittedCollections(getRequest(), authUser, permToCheck, searchParam);
+        //Don't bother with checking for already linked if there are none to be tested.
+        if(dataversesForLinking == null || dataversesForLinking.isEmpty()) {
+            return dataversesForLinking;
+        }
         return ctxt.dataverses().removeUnlinkableDataverses(dataversesForLinking, dvObject);
 
     }

From 844ca2c9c37706851a06b20281abea434accac02 Mon Sep 17 00:00:00 2001
From: Stephen Kraffmiller <skraffmiller@hmdc.harvard.edu>
Date: Tue, 16 Sep 2025 10:23:37 -0400
Subject: [PATCH 204/634] #11710 comment out unused mocks

---
 .../impl/GetLinkingDataverseListCommandTest.java   | 14 ++++++++------
 1 file changed, 8 insertions(+), 6 deletions(-)

diff --git a/src/test/java/edu/harvard/iq/dataverse/engine/command/impl/GetLinkingDataverseListCommandTest.java b/src/test/java/edu/harvard/iq/dataverse/engine/command/impl/GetLinkingDataverseListCommandTest.java
index 50636474be8..7f167370c63 100644
--- a/src/test/java/edu/harvard/iq/dataverse/engine/command/impl/GetLinkingDataverseListCommandTest.java
+++ b/src/test/java/edu/harvard/iq/dataverse/engine/command/impl/GetLinkingDataverseListCommandTest.java
@@ -117,13 +117,14 @@ public void execute_shouldUseEmptyString_whenSearchTermIsNull() throws CommandEx
         List<Dataverse> expectedList = Collections.emptyList();
 
         Mockito.when(commandContext.permissions()).thenReturn(permissionService);
-        Mockito.when(commandContext.dataverses()).thenReturn(dataverseService);
+        // if there are none found then the remove unlinkable doesn't get run
+        //    Mockito.when(commandContext.dataverses()).thenReturn(dataverseService);
         Mockito.when(authenticatedUser.isAuthenticated()).thenReturn(true);
         // Note: verify that an empty string "" is passed instead of null
         Mockito.when(permissionService.findPermittedCollections(dataverseRequest, authenticatedUser, Permission.LinkDataset, ""))
                 .thenReturn(expectedList);
-        Mockito.when(dataverseService.removeUnlinkableDataverses(expectedList, datasetToLink))
-                .thenReturn(expectedList);
+        // if there are none found then the remove unlinkable doesn't get run
+        //    Mockito.when(dataverseService.removeUnlinkableDataverses(expectedList, datasetToLink)).thenReturn(expectedList);
 
         GetLinkingDataverseListCommand sut = new GetLinkingDataverseListCommand(dataverseRequest, datasetToLink, searchTerm);
 
@@ -143,12 +144,13 @@ public void execute_shouldReturnEmptyList_whenNoPermittedCollectionsFound() thro
         List<Dataverse> emptyList = Collections.emptyList();
 
         Mockito.when(commandContext.permissions()).thenReturn(permissionService);
-        Mockito.when(commandContext.dataverses()).thenReturn(dataverseService);
+        // if there are none found then the remove unlinkable doesn't get run
+        //    Mockito.when(commandContext.dataverses()).thenReturn(dataverseService);
         Mockito.when(authenticatedUser.isAuthenticated()).thenReturn(true);
         Mockito.when(permissionService.findPermittedCollections(dataverseRequest, authenticatedUser, Permission.LinkDataset, searchTerm))
                 .thenReturn(emptyList);
-        Mockito.when(dataverseService.removeUnlinkableDataverses(emptyList, datasetToLink))
-                .thenReturn(emptyList);
+        // if there are none found then the remove unlinkable doesn't get run
+        //    Mockito.when(dataverseService.removeUnlinkableDataverses(emptyList, datasetToLink)).thenReturn(emptyList);
 
         GetLinkingDataverseListCommand sut = new GetLinkingDataverseListCommand(dataverseRequest, datasetToLink, searchTerm);
 

From bd900fb4a1488c68285232056f78ce5ba6b7204e Mon Sep 17 00:00:00 2001
From: Stephen Kraffmiller <skraffmiller@hmdc.harvard.edu>
Date: Tue, 16 Sep 2025 13:12:57 -0400
Subject: [PATCH 205/634] #11710 another null check

---
 src/main/java/edu/harvard/iq/dataverse/api/Dataverses.java | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/main/java/edu/harvard/iq/dataverse/api/Dataverses.java b/src/main/java/edu/harvard/iq/dataverse/api/Dataverses.java
index c2cb22bc195..f5816c36852 100644
--- a/src/main/java/edu/harvard/iq/dataverse/api/Dataverses.java
+++ b/src/main/java/edu/harvard/iq/dataverse/api/Dataverses.java
@@ -1789,7 +1789,7 @@ public Response getLinkingDataverseList(@Context ContainerRequestContext crc, @P
             ));
 
             JsonArrayBuilder dvBuilder = Json.createArrayBuilder();
-            if (!dataversesForLinking.isEmpty()) {
+            if (dataversesForLinking != null && !dataversesForLinking.isEmpty()) {
                 for (Dataverse dv : dataversesForLinking) {
                     dvBuilder.add(json(dv, true));
                 }

From cfa64edc150ef2a29d64b59c0b634dc660873e08 Mon Sep 17 00:00:00 2001
From: Monu Kumari <Monukri4548@gmail.com>
Date: Tue, 16 Sep 2025 23:55:31 +0530
Subject: [PATCH 206/634] =?UTF-8?q?docs:=20fix=20typo=20'orgization'=20?=
 =?UTF-8?q?=E2=86=92=20'organization'=20in=20Installation=20config=20(#118?=
 =?UTF-8?q?20)?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 doc/sphinx-guides/source/installation/config.rst | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/doc/sphinx-guides/source/installation/config.rst b/doc/sphinx-guides/source/installation/config.rst
index 14bf33c9482..7eec578566b 100644
--- a/doc/sphinx-guides/source/installation/config.rst
+++ b/doc/sphinx-guides/source/installation/config.rst
@@ -3189,7 +3189,7 @@ dataverse.person-or-org.org-phrase-array
 Please note that this setting is experimental.
 
 The Schema.org metadata and OpenAIRE exports and the Schema.org metadata included in DatasetPages try to infer whether each entry in the various fields (e.g. Author, Contributor) is a Person or Organization.
-If you have examples where an orgization name is being inferred to belong to a person, you can use this setting to force it to be recognized as an organization.
+If you have examples where an organization name is being inferred to belong to a person, you can use this setting to force it to be recognized as an organization.
 The value is expected to be a comma-separated list of strings. Any name that contains one of the strings is assumed to be an organization. For example, "Project" is a word that is not otherwise associated with being an organization.
 
 Can also be set via *MicroProfile Config API* sources, e.g. the environment variable ``DATAVERSE_PERSON_OR_ORG_ORG_PHRASE_ARRAY``.

From 8756f5c084135f0b8b7044594f93f25374b1c8cd Mon Sep 17 00:00:00 2001
From: Stephen Kraffmiller <skraffmiller@hmdc.harvard.edu>
Date: Tue, 16 Sep 2025 14:50:40 -0400
Subject: [PATCH 207/634] #11710 fix super user query/run

---
 .../iq/dataverse/PermissionServiceBean.java   | 39 +++++++++++++++++--
 .../iq/dataverse/api/DataversesIT.java        | 20 +++++++++-
 2 files changed, 55 insertions(+), 4 deletions(-)

diff --git a/src/main/java/edu/harvard/iq/dataverse/PermissionServiceBean.java b/src/main/java/edu/harvard/iq/dataverse/PermissionServiceBean.java
index 1fb0d52e9fc..d492991bb62 100644
--- a/src/main/java/edu/harvard/iq/dataverse/PermissionServiceBean.java
+++ b/src/main/java/edu/harvard/iq/dataverse/PermissionServiceBean.java
@@ -96,7 +96,7 @@ public class PermissionServiceBean {
     DatasetVersionFilesServiceBean datasetVersionFilesServiceBean;
 
     private static final String LIST_ALL_DATAVERSES_SUPERUSER_HAS_PERMISSION = """
-        SELECT id, name, alias FROM DATAVERSE
+        SELECT id, name, alias FROM DATAVERSE dv
     """;
 
     private static final String LIST_ALL_DATAVERSES_USER_HAS_PERMISSION = """
@@ -163,9 +163,17 @@ AND EXISTS (SELECT id FROM dataverserole WHERE dataverserole.id = roleassignment
                   )
                 ) 
             """;
+    
+        private static final String AND = """
+                                          and
+                                          """;
+        
+        private static final String WHERE = """
+                                          where
+                                          """;
         
         private static final String SEARCH_PARAMS  = """
-                                                             and  ((LOWER(dv.name) LIKE ? and ((SUBSTRING(LOWER(dv.name),0,(LENGTH(dv.name)-9)) LIKE ?)
+                                                             ((LOWER(dv.name) LIKE ? and ((SUBSTRING(LOWER(dv.name),0,(LENGTH(dv.name)-9)) LIKE ?)
                                                                          or (SUBSTRING(LOWER(dv.name),0,(LENGTH(dv.name)-9)) LIKE ?))) 
                                                                      or (LOWER(dv.name) NOT LIKE ? and ((LOWER(dv.name) LIKE ?)
                                                                      or (LOWER(dv.name) LIKE ?))))
@@ -975,6 +983,31 @@ public List<Dataverse> findPermittedCollections(DataverseRequest request, Authen
             String sqlCode;
             if (user.isSuperuser()) {
                 sqlCode = LIST_ALL_DATAVERSES_SUPERUSER_HAS_PERMISSION;
+
+                if (searchTerm == null || searchTerm.isEmpty()) {
+                    return em.createNativeQuery(sqlCode, Dataverse.class).getResultList();
+                } else {
+                    sqlCode = LIST_ALL_DATAVERSES_SUPERUSER_HAS_PERMISSION.concat(WHERE).concat(SEARCH_PARAMS);
+
+                    String pattern = searchTerm.toLowerCase();
+                    String pattern1 = pattern + "%";
+                    String pattern2 = "% " + pattern + "%";
+
+                    // Adjust the queries for very short, 1 
+                    if (pattern.length() == 1) {
+                        pattern1 = pattern;
+                        pattern2 = pattern + " %";
+                    }
+                    Query query = em.createNativeQuery(sqlCode, Dataverse.class);
+                    query.setParameter(1, "%dataverse");
+                    query.setParameter(2, pattern1);
+                    query.setParameter(3, pattern2);
+                    query.setParameter(4, "%dataverse");
+                    query.setParameter(5, pattern1);
+                    query.setParameter(6, pattern2);
+                    return query.getResultList();
+
+                }
             } else {
                 if (searchTerm == null || searchTerm.isEmpty()) {
                     sqlCode = LIST_ALL_DATAVERSES_USER_HAS_PERMISSION
@@ -993,7 +1026,7 @@ public List<Dataverse> findPermittedCollections(DataverseRequest request, Authen
                         pattern2 = pattern + " %";
                     }
 
-                    sqlCode = LIST_ALL_DATAVERSES_USER_HAS_PERMISSION.concat(SEARCH_PARAMS)
+                    sqlCode = LIST_ALL_DATAVERSES_USER_HAS_PERMISSION.concat(AND).concat(SEARCH_PARAMS)
                             .replace("@USERID", String.valueOf(user.getId()))
                             .replace("@PERMISSIONBIT", String.valueOf(permissionBit))
                             .replace("@IPRANGESQL", ipRangeSQL);
diff --git a/src/test/java/edu/harvard/iq/dataverse/api/DataversesIT.java b/src/test/java/edu/harvard/iq/dataverse/api/DataversesIT.java
index c72a32a92f2..bbe1291f90f 100644
--- a/src/test/java/edu/harvard/iq/dataverse/api/DataversesIT.java
+++ b/src/test/java/edu/harvard/iq/dataverse/api/DataversesIT.java
@@ -45,6 +45,7 @@
 import io.restassured.path.json.JsonPath;
 import org.hamcrest.CoreMatchers;
 import org.hamcrest.Matchers;
+import static org.hamcrest.Matchers.greaterThan;
 
 public class DataversesIT {
 
@@ -837,11 +838,28 @@ public void testGetLinkableDataverses(){
                 
         //set user api back to super user for cleanup
         UtilIT.setSuperuserStatus(username, Boolean.TRUE);
-                
+        
+        //Create dataverse that should be available for super user
+        Response createDataverseResponseAvailableForLinkingBySuperUser = UtilIT.createRandomDataverse(apiTokenTwo);
+        createDataverseResponseAvailableForLinkingBySuperUser.prettyPrint();
+        String dataverseAliasAvailableForLinkingBySuperUser = UtilIT.getAliasFromResponse(createDataverseResponseAvailableForLinkingBySuperUser);
+        publishDataverse = UtilIT.publishDataverseViaNativeApi(dataverseAliasAvailableForLinkingBySuperUser, apiToken);
+        publishDataverse.prettyPrint();
+        assertEquals(200, publishDataverse.getStatusCode());
+        
+        //First see that the super user gets dataverses to link to 
+        getLinkableDataverses = UtilIT.getLinkableDataverses("dataset", datasetPersistentId, apiToken, dataverseAliasAvailableForLinkingBySuperUser);
+        getLinkableDataverses.prettyPrint();
+                getLinkableDataverses.then().assertThat()
+                .statusCode(OK.getStatusCode())
+                .body("data.size()", equalTo(1));                       
                 
         // Clean up
         Response destroyDatasetResponse = UtilIT.destroyDataset(datasetId, apiToken);
         assertEquals(200, destroyDatasetResponse.getStatusCode());
+        
+        Response deleteDataverseResponseSuper = UtilIT.deleteDataverse(dataverseAliasAvailableForLinkingBySuperUser, apiToken);
+        assertEquals(200, deleteDataverseResponseSuper.getStatusCode());
 
         Response deleteDataverseResponse = UtilIT.deleteDataverse(dataverseAlias, apiToken);
         assertEquals(200, deleteDataverseResponse.getStatusCode());

From be6ee1a991eda9b6bab998f63fc3143400119c4e Mon Sep 17 00:00:00 2001
From: Jim Myers <qqmyers@hotmail.com>
Date: Tue, 16 Sep 2025 13:57:08 -0400
Subject: [PATCH 208/634] break permission reindex into multiple transactions

---
 .../search/SolrIndexServiceBean.java          | 192 ++++++++++--------
 1 file changed, 106 insertions(+), 86 deletions(-)

diff --git a/src/main/java/edu/harvard/iq/dataverse/search/SolrIndexServiceBean.java b/src/main/java/edu/harvard/iq/dataverse/search/SolrIndexServiceBean.java
index 64679b05beb..01b9960e76b 100644
--- a/src/main/java/edu/harvard/iq/dataverse/search/SolrIndexServiceBean.java
+++ b/src/main/java/edu/harvard/iq/dataverse/search/SolrIndexServiceBean.java
@@ -28,6 +28,8 @@
 
 import jakarta.ejb.EJB;
 import jakarta.ejb.Stateless;
+import jakarta.ejb.TransactionAttribute;
+import jakarta.ejb.TransactionAttributeType;
 import jakarta.inject.Named;
 import jakarta.json.Json;
 import jakarta.json.JsonObjectBuilder;
@@ -43,6 +45,9 @@ public class SolrIndexServiceBean {
 
     private static final Logger logger = Logger.getLogger(SolrIndexServiceBean.class.getCanonicalName());
 
+    @EJB
+    private SolrIndexServiceBean self; // Self-injection to allow calling methods in new transactions (from other methods in this bean)
+    
     @EJB
     DvObjectServiceBean dvObjectService;
     @EJB
@@ -317,7 +322,7 @@ private void persistToSolr(Collection<SolrInputDocument> docs) throws SolrServer
 
     /**
      * We use the database to determine direct children since there is no
-     * inheritance
+     * inheritance. This implementation uses smaller transactions to avoid memory issues.
      */
     public IndexResponse indexPermissionsOnSelfAndChildren(DvObject definitionPoint) {
 
@@ -325,114 +330,129 @@ public IndexResponse indexPermissionsOnSelfAndChildren(DvObject definitionPoint)
             logger.log(Level.WARNING, "Cannot perform indexPermissionsOnSelfAndChildren with a definitionPoint null");
             return null;
         }
-        int fileQueryMin= JvmSettings.MIN_FILES_TO_USE_PROXY.lookupOptional(Integer.class).orElse(Integer.MAX_VALUE);
-        List<DataFileProxy> filesToReindexAsBatch = new ArrayList<>();
-        /**
-         * @todo Re-indexing the definition point itself seems to be necessary
-         * for revoke but not necessarily grant.
-         */
-
-        // We don't create a Solr "primary/content" doc for the root dataverse
-        // so don't create a Solr "permission" doc either.
-        final int[] counter = {0};
+        int fileQueryMin = JvmSettings.MIN_FILES_TO_USE_PROXY.lookupOptional(Integer.class).orElse(Integer.MAX_VALUE);
+        final int[] counter = { 0 };
         int numObjects = 0;
         long globalStartTime = System.currentTimeMillis();
-        if (definitionPoint.isInstanceofDataverse()) {
-            Dataverse selfDataverse = (Dataverse) definitionPoint;
-            if (!selfDataverse.equals(dataverseService.findRootDataverse())) {
+
+        // Handle the definition point itself in its own transaction
+        if (definitionPoint instanceof Dataverse dataverse) {
+            // We don't create a Solr "primary/content" doc for the root dataverse
+            // so don't create a Solr "permission" doc either.
+            if (!dataverse.equals(dataverseService.findRootDataverse())) {
                 indexPermissionsForOneDvObject(definitionPoint);
                 numObjects++;
             }
-            List<Dataset> directChildDatasetsOfDvDefPoint = datasetService.findByOwnerId(selfDataverse.getId());
-            for (Dataset dataset : directChildDatasetsOfDvDefPoint) {
+
+            // Process datasets in batches
+            List<Long> datasetIds = datasetService.findIdsByOwnerId(dataverse.getId());
+            int batchSize = 10; // Process 10 datasets per transaction
+
+            for (int i = 0; i < datasetIds.size(); i += batchSize) {
+                int endIndex = Math.min(i + batchSize, datasetIds.size());
+                List<Long> batchIds = datasetIds.subList(i, endIndex);
+
+                // Process this batch of datasets in a new transaction
+                self.indexDatasetBatchInNewTransaction(batchIds, counter, fileQueryMin);
+                numObjects += batchIds.size();
+
+                logger.info("Processed batch " + (i / batchSize + 1) + " of " +
+                        (int) Math.ceil(datasetIds.size() / (double) batchSize) +
+                        " dataset batches for dataverse " + dataverse.getId());
+            }
+        } else if (definitionPoint instanceof Dataset dataset) {
+            // For a single dataset, process it in its own transaction
+            indexPermissionsForOneDvObject(definitionPoint);
+            numObjects++;
+
+            // Process the dataset's files in a new transaction
+            self.indexDatasetFilesInNewTransaction(dataset.getId(), counter, fileQueryMin);
+        } else {
+            // For other types (like files), just index in a new transaction
+            indexPermissionsForOneDvObject(definitionPoint);
+            numObjects++;
+        }
+
+        logger.info("Reindexed permissions for " + counter[0] + " files and " + numObjects +
+                " datasets/collections in " + (System.currentTimeMillis() - globalStartTime) + " ms");
+
+        return new IndexResponse("Number of dvObject permissions indexed for " + definitionPoint + ": " + numObjects);
+    }
+
+    @TransactionAttribute(TransactionAttributeType.REQUIRES_NEW)
+    public void indexDatasetBatchInNewTransaction(List<Long> datasetIds, final int[] fileCounter, int fileQueryMin) {
+        for (Long datasetId : datasetIds) {
+            Dataset dataset = datasetService.find(datasetId);
+            if (dataset != null) {
                 indexPermissionsForOneDvObject(dataset);
-                numObjects++;
 
+                // Process files for this dataset
                 Map<DatasetVersion.VersionState, Boolean> desiredCards = searchPermissionsService.getDesiredCards(dataset);
-                long startTime = System.currentTimeMillis();
+
                 for (DatasetVersion version : versionsToReIndexPermissionsFor(dataset)) {
                     if (desiredCards.get(version.getVersionState())) {
-                        List<String> cachedPerms = searchPermissionsService.findDatasetVersionPerms(version);
-                        String solrIdEnd = getDatasetOrDataFileSolrEnding(version.getVersionState());
-                        Long versionId = version.getId();
-                        for (FileMetadata fmd : version.getFileMetadatas()) {
-                            DataFileProxy fileProxy = new DataFileProxy(fmd);
-                            // Since reindexFilesInBatches() re-indexes a file in all versions needed, we should not send a file already in the released version twice
-                            filesToReindexAsBatch.add(fileProxy);
-                            counter[0]++;
-                            if (counter[0] % 100 == 0) {
-                                reindexFilesInBatches(filesToReindexAsBatch, cachedPerms, versionId, solrIdEnd);
-                                filesToReindexAsBatch.clear();
-                            }
-                            if (counter[0] % 1000 == 0) {
-                                logger.fine("Progress: " + counter[0] + "files permissions reindexed");
-                            }
-                        }
-
-                        // Re-index any remaining files in the datasetversion (so that verionId, etc. remain constants for all files in the batch)
-                        reindexFilesInBatches(filesToReindexAsBatch, cachedPerms, versionId, solrIdEnd);
-                        logger.info("Progress : dataset " + dataset.getId() + " permissions reindexed in " + (System.currentTimeMillis() - startTime) + " ms");
+                        processDatasetVersionFiles(version, fileCounter, fileQueryMin);
                     }
                 }
             }
-        } else if (definitionPoint.isInstanceofDataset()) {
-            indexPermissionsForOneDvObject(definitionPoint);
-            numObjects++;
-            // index files
-            Dataset dataset = (Dataset) definitionPoint;
+        }
+    }
+
+    @TransactionAttribute(TransactionAttributeType.REQUIRES_NEW)
+    public void indexDatasetFilesInNewTransaction(Long datasetId, final int[] fileCounter, int fileQueryMin) {
+        Dataset dataset = datasetService.find(datasetId);
+        if (dataset != null) {
             Map<DatasetVersion.VersionState, Boolean> desiredCards = searchPermissionsService.getDesiredCards(dataset);
             for (DatasetVersion version : versionsToReIndexPermissionsFor(dataset)) {
                 if (desiredCards.get(version.getVersionState())) {
-                    List<String> cachedPerms = searchPermissionsService.findDatasetVersionPerms(version);
-                    String solrIdEnd = getDatasetOrDataFileSolrEnding(version.getVersionState());
-                    Long versionId = version.getId();
-                    if (version.getFileMetadatas().size() > fileQueryMin) {
-                        // For large datasets, use a more efficient SQL query instead of loading all file metadata objects
-                        getDataFileInfoForPermissionIndexing(version.getId()).forEach(fileInfo -> {
-                            filesToReindexAsBatch.add(fileInfo);
-                            counter[0]++;
-
-                            if (counter[0] % 100 == 0) {
-                                long startTime = System.currentTimeMillis();
-                                reindexFilesInBatches(filesToReindexAsBatch, cachedPerms, versionId, solrIdEnd);
-                                filesToReindexAsBatch.clear();
-                                logger.fine("Progress: 100 file permissions at " + counter[0] + " files reindexed in " + (System.currentTimeMillis() - startTime) + " ms");
-                            }
-                        });
-                    } else {
-                        version.getFileMetadatas().stream()
-                                .forEach(fmd -> {
-                                    DataFileProxy fileProxy = new DataFileProxy(fmd);
-                                    filesToReindexAsBatch.add(fileProxy);
-                                    counter[0]++;
-                                    if (counter[0] % 100 == 0) {
-                                        long startTime = System.currentTimeMillis();
-                                        reindexFilesInBatches(filesToReindexAsBatch, cachedPerms, versionId, solrIdEnd);
-                                        filesToReindexAsBatch.clear();
-                                        logger.fine("Progress: 100 file permissions at  " + counter[0] + "files reindexed in " + (System.currentTimeMillis() - startTime) + " ms");
-                                    }
-                                });
-                    }
-                    // Re-index any remaining files in the dataset version (versionId, etc. remain constants for all files in the batch)
+                    processDatasetVersionFiles(version, fileCounter, fileQueryMin);
+                }
+            }
+        }
+    }
+
+    private void processDatasetVersionFiles(DatasetVersion version,
+            final int[] fileCounter, int fileQueryMin) {
+        List<String> cachedPerms = searchPermissionsService.findDatasetVersionPerms(version);
+        String solrIdEnd = getDatasetOrDataFileSolrEnding(version.getVersionState());
+        Long versionId = version.getId();
+        List<DataFileProxy> filesToReindexAsBatch = new ArrayList<>();
+
+        // Process files in batches of 100
+        int batchSize = 100;
+
+        if (version.getFileMetadatas().size() > fileQueryMin) {
+            // For large datasets, use a more efficient SQL query
+            Stream<DataFileProxy> fileStream = getDataFileInfoForPermissionIndexing(version.getId());
+
+            // Process files in batches to avoid memory issues
+            fileStream.forEach(fileInfo -> {
+                filesToReindexAsBatch.add(fileInfo);
+                fileCounter[0]++;
+
+                if (filesToReindexAsBatch.size() >= batchSize) {
                     reindexFilesInBatches(filesToReindexAsBatch, cachedPerms, versionId, solrIdEnd);
                     filesToReindexAsBatch.clear();
                 }
+            });
+        } else {
+            // For smaller datasets, process files directly
+            for (FileMetadata fmd : version.getFileMetadatas()) {
+                DataFileProxy fileProxy = new DataFileProxy(fmd);
+                filesToReindexAsBatch.add(fileProxy);
+                fileCounter[0]++;
 
+                if (filesToReindexAsBatch.size() >= batchSize) {
+                    reindexFilesInBatches(filesToReindexAsBatch, cachedPerms, versionId, solrIdEnd);
+                    filesToReindexAsBatch.clear();
+                }
             }
-        } else {
-            indexPermissionsForOneDvObject(definitionPoint);
-            numObjects++;
         }
 
-        /**
-         * @todo Error handling? What to do with response?
-         *
-         * @todo Should update timestamps, probably, even thought these are files, see
-         *       https://github.com/IQSS/dataverse/issues/2421
-         */
-        logger.fine("Reindexed permissions for " + counter[0] + " files and " + numObjects + "datasets/collections in " + (System.currentTimeMillis() - globalStartTime) + " ms");
-        return new IndexResponse("Number of dvObject permissions indexed for " + definitionPoint
-                + ": " + numObjects);
+        // Process any remaining files
+        if (!filesToReindexAsBatch.isEmpty()) {
+            reindexFilesInBatches(filesToReindexAsBatch, cachedPerms, versionId, solrIdEnd);
+        }
     }
 
     private String reindexFilesInBatches(List<DataFileProxy> filesToReindexAsBatch, List<String> cachedPerms, Long versionId, String solrIdEnd) {

From 858763ba0c1d9d49522abc13d32e30c689730303 Mon Sep 17 00:00:00 2001
From: Jim Myers <qqmyers@hotmail.com>
Date: Tue, 16 Sep 2025 14:17:55 -0400
Subject: [PATCH 209/634] return void, update logging messages

---
 .../search/SolrIndexServiceBean.java          | 21 ++++++++++---------
 1 file changed, 11 insertions(+), 10 deletions(-)

diff --git a/src/main/java/edu/harvard/iq/dataverse/search/SolrIndexServiceBean.java b/src/main/java/edu/harvard/iq/dataverse/search/SolrIndexServiceBean.java
index 01b9960e76b..ce3c3ecf7db 100644
--- a/src/main/java/edu/harvard/iq/dataverse/search/SolrIndexServiceBean.java
+++ b/src/main/java/edu/harvard/iq/dataverse/search/SolrIndexServiceBean.java
@@ -356,7 +356,7 @@ public IndexResponse indexPermissionsOnSelfAndChildren(DvObject definitionPoint)
                 self.indexDatasetBatchInNewTransaction(batchIds, counter, fileQueryMin);
                 numObjects += batchIds.size();
 
-                logger.info("Processed batch " + (i / batchSize + 1) + " of " +
+                logger.info("Permission reindexing: Processed batch " + (i/batchSize + 1) + " of " + 
                         (int) Math.ceil(datasetIds.size() / (double) batchSize) +
                         " dataset batches for dataverse " + dataverse.getId());
             }
@@ -455,24 +455,25 @@ private void processDatasetVersionFiles(DatasetVersion version,
         }
     }
 
-    private String reindexFilesInBatches(List<DataFileProxy> filesToReindexAsBatch, List<String> cachedPerms, Long versionId, String solrIdEnd) {
+    private void reindexFilesInBatches(List<DataFileProxy> filesToReindexAsBatch, List<String> cachedPerms, Long versionId, String solrIdEnd) {
         List<SolrInputDocument> docs = new ArrayList<>();
         try {
             // Assume all files have the same owner
             if (filesToReindexAsBatch.isEmpty()) {
-                return "No files to reindex";
+                logger.warning("reindexFilesInBatches called incorrectly with an empty file list");
             }
 
-                    for (DataFileProxy file : filesToReindexAsBatch) {
+            for (DataFileProxy file : filesToReindexAsBatch) {
 
-                            DvObjectSolrDoc fileSolrDoc = constructDatafileSolrDoc(file, cachedPerms, versionId, solrIdEnd);
-                            SolrInputDocument solrDoc = SearchUtil.createSolrDoc(fileSolrDoc);
-                            docs.add(solrDoc);
-                    }
+                DvObjectSolrDoc fileSolrDoc = constructDatafileSolrDoc(file, cachedPerms, versionId, solrIdEnd);
+                SolrInputDocument solrDoc = SearchUtil.createSolrDoc(fileSolrDoc);
+                docs.add(solrDoc);
+            }
             persistToSolr(docs);
-            return " " + filesToReindexAsBatch.size() + " files indexed across " + docs.size() + " Solr documents ";
+            logger.fine("Indexed " + filesToReindexAsBatch.size() + " files across " + docs.size() + " Solr documents");
         } catch (SolrServerException | IOException ex) {
-            return " tried to reindex " + filesToReindexAsBatch.size() + " files indexed across " + docs.size() + " Solr documents but caught exception: " + ex;
+            logger.log(Level.WARNING, "Failed to reindex " + filesToReindexAsBatch.size() +
+                    " files across " + docs.size() + " Solr documents", ex);
         }
     }
 

From 113093cce83f049a999a130bfec1e2c7879f873c Mon Sep 17 00:00:00 2001
From: Jim Myers <qqmyers@hotmail.com>
Date: Tue, 16 Sep 2025 15:57:44 -0400
Subject: [PATCH 210/634] lower logging to fine

---
 .../edu/harvard/iq/dataverse/search/SolrIndexServiceBean.java | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/main/java/edu/harvard/iq/dataverse/search/SolrIndexServiceBean.java b/src/main/java/edu/harvard/iq/dataverse/search/SolrIndexServiceBean.java
index ce3c3ecf7db..aec352a615b 100644
--- a/src/main/java/edu/harvard/iq/dataverse/search/SolrIndexServiceBean.java
+++ b/src/main/java/edu/harvard/iq/dataverse/search/SolrIndexServiceBean.java
@@ -356,7 +356,7 @@ public IndexResponse indexPermissionsOnSelfAndChildren(DvObject definitionPoint)
                 self.indexDatasetBatchInNewTransaction(batchIds, counter, fileQueryMin);
                 numObjects += batchIds.size();
 
-                logger.info("Permission reindexing: Processed batch " + (i/batchSize + 1) + " of " + 
+                logger.fine("Permission reindexing: Processed batch " + (i/batchSize + 1) + " of " + 
                         (int) Math.ceil(datasetIds.size() / (double) batchSize) +
                         " dataset batches for dataverse " + dataverse.getId());
             }
@@ -373,7 +373,7 @@ public IndexResponse indexPermissionsOnSelfAndChildren(DvObject definitionPoint)
             numObjects++;
         }
 
-        logger.info("Reindexed permissions for " + counter[0] + " files and " + numObjects +
+        logger.fine("Reindexed permissions for " + counter[0] + " files and " + numObjects +
                 " datasets/collections in " + (System.currentTimeMillis() - globalStartTime) + " ms");
 
         return new IndexResponse("Number of dvObject permissions indexed for " + definitionPoint + ": " + numObjects);

From c15a8f6c31137685bac88eff601227d6f33caf8c Mon Sep 17 00:00:00 2001
From: Jim Myers <qqmyers@hotmail.com>
Date: Tue, 16 Sep 2025 15:57:51 -0400
Subject: [PATCH 211/634] release note

---
 doc/release-notes/11822-faster-permission-indexing.md | 1 +
 1 file changed, 1 insertion(+)
 create mode 100644 doc/release-notes/11822-faster-permission-indexing.md

diff --git a/doc/release-notes/11822-faster-permission-indexing.md b/doc/release-notes/11822-faster-permission-indexing.md
new file mode 100644
index 00000000000..f716655232e
--- /dev/null
+++ b/doc/release-notes/11822-faster-permission-indexing.md
@@ -0,0 +1 @@
+Permission reindexing, which occurs, e.g., after a user has been granted a role on a collection, has been made faster and less memory intensive in this release.
\ No newline at end of file

From 8279e65a2df7f510d0012276acaeef8b38bb2273 Mon Sep 17 00:00:00 2001
From: Oliver Bertuch <o.bertuch@fz-juelich.de>
Date: Tue, 15 Jul 2025 10:56:57 +0200
Subject: [PATCH 212/634] feat: add `parse` method and unit tests for
 `SettingsServiceBean.Key` #11639

Implemented a method to parse strings into `SettingsServiceBean.Key` values, handling null and invalid inputs gracefully. Added corresponding unit tests to verify behavior and maintain consistency.
---
 .../settings/SettingsServiceBean.java         | 32 +++++++++++++
 .../settings/SettingsServiceBeanTest.java     | 48 +++++++++++++++++++
 2 files changed, 80 insertions(+)
 create mode 100644 src/test/java/edu/harvard/iq/dataverse/settings/SettingsServiceBeanTest.java

diff --git a/src/main/java/edu/harvard/iq/dataverse/settings/SettingsServiceBean.java b/src/main/java/edu/harvard/iq/dataverse/settings/SettingsServiceBean.java
index b323a9b7861..60d72785f9b 100644
--- a/src/main/java/edu/harvard/iq/dataverse/settings/SettingsServiceBean.java
+++ b/src/main/java/edu/harvard/iq/dataverse/settings/SettingsServiceBean.java
@@ -694,6 +694,38 @@ Whether Harvesting (OAI) service is enabled
         public String toString() {
             return ":" + name();
         }
+        
+        /**
+         * Parses the input string to match a corresponding {@code SettingsServiceBean.Key}.
+         * The method expects the input string to start with a colon (:) followed by the key name.
+         * If the key name matches one of the existing {@code SettingsServiceBean.Key} enumerations,
+         * the corresponding key is returned. The check is case-sensitive.
+         *
+         * @param key the input string in the format ":KeyName", where "KeyName" corresponds
+         *        to the name of an enumeration in {@code SettingsServiceBean.Key}.
+         *        If {@code key} is null, blank, does not start with a colon (:), or does not
+         *        match any known key, the method returns {@code null}.
+         * @return the corresponding {@code SettingsServiceBean.Key} if the key matches one
+         *         of the predefined keys, or {@code null} if no match is found.
+         */
+        public static SettingsServiceBean.Key parse(String key) {
+            // Null safety and format check
+            if (key == null || key.isBlank() || key.charAt(0) != ':') return null;
+            
+            // Cut off the ":" we verified is present before
+            String normalizedKey = key.substring(1);
+            
+            // Iterate through all the known keys and return on match (case sensitive!)
+            // We are case sensitive here because Dataverse implicitely uses case sensitive keys everywhere!
+            for (SettingsServiceBean.Key k : SettingsServiceBean.Key.values()) {
+                if (k.name().equals(normalizedKey)) {
+                    return k;
+                }
+            }
+            
+            // Fall through on no match
+            return null;
+        }
     }
     
     @PersistenceContext
diff --git a/src/test/java/edu/harvard/iq/dataverse/settings/SettingsServiceBeanTest.java b/src/test/java/edu/harvard/iq/dataverse/settings/SettingsServiceBeanTest.java
new file mode 100644
index 00000000000..8d68f48a5ae
--- /dev/null
+++ b/src/test/java/edu/harvard/iq/dataverse/settings/SettingsServiceBeanTest.java
@@ -0,0 +1,48 @@
+package edu.harvard.iq.dataverse.settings;
+
+import org.junit.jupiter.api.Nested;
+import org.junit.jupiter.api.Test;
+import org.junit.jupiter.params.ParameterizedTest;
+import org.junit.jupiter.params.provider.Arguments;
+import org.junit.jupiter.params.provider.MethodSource;
+
+import java.util.List;
+
+import static org.junit.jupiter.api.Assertions.assertEquals;
+
+class SettingsServiceBeanTest {
+    
+    @Nested
+    class KeyEnumTest {
+        static List<Arguments> parseTestParameters() {
+            return List.of(
+                Arguments.of(null, null),
+                Arguments.of("", null),
+                Arguments.of("    ", null),
+                Arguments.of("foobar", null),
+                Arguments.of("ShowMuteOptions", null),
+                Arguments.of(":FooBar", null),
+                Arguments.of(":ShowMuteOptions", SettingsServiceBean.Key.ShowMuteOptions)
+            );
+        }
+        
+        @MethodSource("parseTestParameters")
+        @ParameterizedTest
+        void testParse(String sut, SettingsServiceBean.Key expected) {
+            assertEquals(expected, SettingsServiceBean.Key.parse(sut));
+        }
+        
+        @Test
+        void testToString() {
+            // Make sure we test the intended behavior so it doesn't change by accident.
+            assertEquals(":ShowMuteOptions", SettingsServiceBean.Key.ShowMuteOptions.toString());
+        }
+        
+        @Test
+        void testRoundtrip() {
+            for (SettingsServiceBean.Key key : SettingsServiceBean.Key.values()) {
+                assertEquals(key, SettingsServiceBean.Key.parse(key.toString()));
+            }
+        }
+    }
+}
\ No newline at end of file

From 0a9575329a749bea856c1a34d2b5ff173680a9bd Mon Sep 17 00:00:00 2001
From: Oliver Bertuch <o.bertuch@fz-juelich.de>
Date: Tue, 15 Jul 2025 11:09:06 +0200
Subject: [PATCH 213/634] feat: add `listAllWithoutLocalizations` method to
 filter settings without language data #11639

Replaced usage of `listAll` with the new `listAllWithoutLocalizations` method in various parts of the codebase for improved clarity and targeted queries. Added the corresponding named query `Setting.findAllWithoutLang`.

Before, listAll was used in context without localization present or dropping the l10n details from outputs.
For example, the Admin API to get all settings neglected to share the localized information, making one setting appear multiple times without the l10n information present.

This is still subject to change, enabling the API endpoints to keep this information around.
---
 .../edu/harvard/iq/dataverse/EditDatafilesPage.java    |  2 +-
 .../java/edu/harvard/iq/dataverse/SettingsWrapper.java |  2 +-
 src/main/java/edu/harvard/iq/dataverse/api/Admin.java  |  2 +-
 .../edu/harvard/iq/dataverse/settings/Setting.java     |  2 ++
 .../iq/dataverse/settings/SettingsServiceBean.java     | 10 ++++++++--
 5 files changed, 13 insertions(+), 5 deletions(-)

diff --git a/src/main/java/edu/harvard/iq/dataverse/EditDatafilesPage.java b/src/main/java/edu/harvard/iq/dataverse/EditDatafilesPage.java
index 3fa1c8b2c10..b7d28ceabfa 100644
--- a/src/main/java/edu/harvard/iq/dataverse/EditDatafilesPage.java
+++ b/src/main/java/edu/harvard/iq/dataverse/EditDatafilesPage.java
@@ -383,7 +383,7 @@ public String getHumanPerFormatTabularLimits() {
     public String populateHumanPerFormatTabularLimits() {
         String keyPrefix = ":TabularIngestSizeLimit:";
         List<String> formatLimits = new ArrayList<>();
-        for (Setting setting : settingsService.listAll()) {
+        for (Setting setting : settingsService.listAllWithoutLocalizations()) {
             String name = setting.getName();
             if (!name.startsWith(keyPrefix)) {
                 continue;
diff --git a/src/main/java/edu/harvard/iq/dataverse/SettingsWrapper.java b/src/main/java/edu/harvard/iq/dataverse/SettingsWrapper.java
index 3ff27699379..41fc605bfb3 100644
--- a/src/main/java/edu/harvard/iq/dataverse/SettingsWrapper.java
+++ b/src/main/java/edu/harvard/iq/dataverse/SettingsWrapper.java
@@ -218,7 +218,7 @@ public Integer getInteger(String settingKey, Integer defaultValue) {
     private void initSettingsMap() {
         // initialize settings map
         settingsMap = new HashMap<>();
-        for (Setting setting : settingsService.listAll()) {
+        for (Setting setting : settingsService.listAllWithoutLocalizations()) {
             settingsMap.put(setting.getName(), setting.getContent());
         }
     }
diff --git a/src/main/java/edu/harvard/iq/dataverse/api/Admin.java b/src/main/java/edu/harvard/iq/dataverse/api/Admin.java
index d55f582ecae..f6e622304d8 100644
--- a/src/main/java/edu/harvard/iq/dataverse/api/Admin.java
+++ b/src/main/java/edu/harvard/iq/dataverse/api/Admin.java
@@ -198,7 +198,7 @@ public class Admin extends AbstractApiBean {
     @GET
     public Response listAllSettings() {
         JsonObjectBuilder bld = jsonObjectBuilder();
-        settingsSvc.listAll().forEach(s -> bld.add(s.getName(), s.getContent()));
+        settingsSvc.listAllWithoutLocalizations().forEach(s -> bld.add(s.getName(), s.getContent()));
         return ok(bld);
     }
 
diff --git a/src/main/java/edu/harvard/iq/dataverse/settings/Setting.java b/src/main/java/edu/harvard/iq/dataverse/settings/Setting.java
index b1910a2fbb5..e429d685c3e 100644
--- a/src/main/java/edu/harvard/iq/dataverse/settings/Setting.java
+++ b/src/main/java/edu/harvard/iq/dataverse/settings/Setting.java
@@ -19,6 +19,8 @@
                 query="DELETE FROM Setting s WHERE s.name=:name AND s.lang IS NULL"),
     @NamedQuery( name="Setting.findAll",
                 query="SELECT s FROM Setting s"),
+    @NamedQuery( name="Setting.findAllWithoutLang",
+                query="SELECT s FROM Setting s WHERE s.lang IS NULL"),
     @NamedQuery( name="Setting.findByName",
             query = "SELECT s FROM Setting s WHERE s.name=:name AND s.lang IS NULL" ),
     @NamedQuery( name="Setting.deleteByNameAndLang",
diff --git a/src/main/java/edu/harvard/iq/dataverse/settings/SettingsServiceBean.java b/src/main/java/edu/harvard/iq/dataverse/settings/SettingsServiceBean.java
index 60d72785f9b..6239c38ad3f 100644
--- a/src/main/java/edu/harvard/iq/dataverse/settings/SettingsServiceBean.java
+++ b/src/main/java/edu/harvard/iq/dataverse/settings/SettingsServiceBean.java
@@ -1009,8 +1009,14 @@ public void delete( String name, String lang ) {
                 .executeUpdate();
     }
     
-    public Set<Setting> listAll() {
-        return new HashSet<>(em.createNamedQuery("Setting.findAll", Setting.class).getResultList());
+    /**
+     * Retrieves all settings that do not have any language localizations.
+     * This method uses a named query to fetch settings where the language field is null.
+     *
+     * @return a set of {@code Setting} objects that do not have language localizations.
+     */
+    public Set<Setting> listAllWithoutLocalizations() {
+        return new HashSet<>(em.createNamedQuery("Setting.findAllWithoutLang", Setting.class).getResultList());
     }
     
     public Map<String, String> getBaseMetadataLanguageMap(Map<String,String> languageMap, boolean refresh) {

From 54c3f6e9b9858ccfa5be09abc92c53b00e314092 Mon Sep 17 00:00:00 2001
From: Oliver Bertuch <o.bertuch@fz-juelich.de>
Date: Tue, 15 Jul 2025 14:54:58 +0200
Subject: [PATCH 214/634] feat: implement `listAllAsJson` for settings
 retrieval with localization support #11639

Replaced `listAllWithoutLocalizations` in the Admin API with the new `listAllAsJson` method, enabling inclusion of localized setting variants in API responses. Added OpenAPI annotations for improved documentation. Introduced comprehensive unit tests to validate behavior of localized and non-localized settings handling.
---
 .../edu/harvard/iq/dataverse/api/Admin.java   | 17 +++-
 .../settings/SettingsServiceBean.java         | 46 +++++++++++
 .../settings/SettingsServiceBeanTest.java     | 80 +++++++++++++++++++
 3 files changed, 139 insertions(+), 4 deletions(-)

diff --git a/src/main/java/edu/harvard/iq/dataverse/api/Admin.java b/src/main/java/edu/harvard/iq/dataverse/api/Admin.java
index f6e622304d8..69ed33f60dc 100644
--- a/src/main/java/edu/harvard/iq/dataverse/api/Admin.java
+++ b/src/main/java/edu/harvard/iq/dataverse/api/Admin.java
@@ -132,6 +132,11 @@
 import jakarta.ws.rs.QueryParam;
 import jakarta.ws.rs.WebApplicationException;
 import jakarta.ws.rs.core.StreamingOutput;
+import org.eclipse.microprofile.openapi.annotations.media.Content;
+import org.eclipse.microprofile.openapi.annotations.media.Schema;
+import org.eclipse.microprofile.openapi.annotations.responses.APIResponse;
+import org.eclipse.microprofile.openapi.annotations.responses.APIResponses;
+
 import java.nio.file.Paths;
 import java.util.TreeMap;
 
@@ -193,13 +198,17 @@ public class Admin extends AbstractApiBean {
 
     public static final String listUsersPartialAPIPath = "list-users";
     public static final String listUsersFullAPIPath = "/api/admin/" + listUsersPartialAPIPath;
-
+    
     @Path("settings")
     @GET
+    @APIResponses({
+        @APIResponse(responseCode = "200",
+            description = "All database options successfully queried",
+            // The schema may be extended later to better describe what the JSON object looks like.
+            content = @Content(schema = @Schema(implementation = JsonObject.class))),
+    })
     public Response listAllSettings() {
-        JsonObjectBuilder bld = jsonObjectBuilder();
-        settingsSvc.listAllWithoutLocalizations().forEach(s -> bld.add(s.getName(), s.getContent()));
-        return ok(bld);
+        return ok(settingsSvc.listAllAsJson());
     }
 
     @Path("settings/{name}")
diff --git a/src/main/java/edu/harvard/iq/dataverse/settings/SettingsServiceBean.java b/src/main/java/edu/harvard/iq/dataverse/settings/SettingsServiceBean.java
index 6239c38ad3f..48c37480e0e 100644
--- a/src/main/java/edu/harvard/iq/dataverse/settings/SettingsServiceBean.java
+++ b/src/main/java/edu/harvard/iq/dataverse/settings/SettingsServiceBean.java
@@ -8,8 +8,10 @@
 import jakarta.ejb.EJB;
 import jakarta.ejb.Stateless;
 import jakarta.inject.Named;
+import jakarta.json.Json;
 import jakarta.json.JsonArray;
 import jakarta.json.JsonObject;
+import jakarta.json.JsonObjectBuilder;
 import jakarta.json.JsonValue;
 import jakarta.persistence.EntityManager;
 import jakarta.persistence.PersistenceContext;
@@ -28,6 +30,7 @@
 import java.util.StringTokenizer;
 import java.util.logging.Level;
 import java.util.logging.Logger;
+import java.util.stream.Collectors;
 
 /**
  * Service bean accessing a persistent hash map, used as settings in the application.
@@ -1019,6 +1022,49 @@ public Set<Setting> listAllWithoutLocalizations() {
         return new HashSet<>(em.createNamedQuery("Setting.findAllWithoutLang", Setting.class).getResultList());
     }
     
+    /**
+     * Retrieves all available application settings as a JSON object.
+     * The method fetches settings from the database, organizes them into localized
+     * and non-localized entries, and builds a JSON representation of the dataset.
+     * Non-localized settings are added directly as key-value pairs, while localized
+     * settings are grouped under their associated keys with language-specific mappings.
+     * Note: settings may exist with both non-localized and localized variant.
+     * The non-localized variant will be added as "base" locale.
+     *
+     * @return a {@code JsonObject} containing all application settings, organized
+     *         as key-value pairs for non-localized settings, or as sub-objects
+     *         for settings with language localizations.
+     */
+    public JsonObject listAllAsJson() {
+        Set<Setting> settings = new HashSet<>(em.createNamedQuery("Setting.findAll", Setting.class).getResultList());
+        
+        Set<String> settingsWithL10n = settings.stream()
+            .filter(s -> s.getLang() != null)
+            .map(Setting::getName)
+            .collect(Collectors.toUnmodifiableSet());
+        Map<String, JsonObjectBuilder> localizedSettings = new HashMap<>();
+        
+        JsonObjectBuilder response = Json.createObjectBuilder();
+        
+        // Iterate over all the settings and add them to the response.
+        settings.forEach(setting -> {
+            // Simple case: This settings is not localized, go ahead and add it.
+            if (!settingsWithL10n.contains(setting.getName())) {
+                response.add(setting.getName(), setting.getContent());
+            // Localized case: We can't just add it, we need to have a sub-object.
+            //                 Also, we don't know the order of the settings or when all localized variants are done.
+            } else {
+                localizedSettings.computeIfAbsent(setting.getName(), name -> Json.createObjectBuilder());
+                localizedSettings.get(setting.getName())
+                    .add(setting.getLang() == null ? "base" : setting.getLang(), setting.getContent());
+            }
+        });
+        
+        // We now know that we processed all settings, so add all the l10n builders at once.
+        localizedSettings.forEach(response::add);
+        return response.build();
+    }
+    
     public Map<String, String> getBaseMetadataLanguageMap(Map<String,String> languageMap, boolean refresh) {
         if (languageMap == null || refresh) {
             languageMap = new HashMap<String, String>();
diff --git a/src/test/java/edu/harvard/iq/dataverse/settings/SettingsServiceBeanTest.java b/src/test/java/edu/harvard/iq/dataverse/settings/SettingsServiceBeanTest.java
index 8d68f48a5ae..a80b4786982 100644
--- a/src/test/java/edu/harvard/iq/dataverse/settings/SettingsServiceBeanTest.java
+++ b/src/test/java/edu/harvard/iq/dataverse/settings/SettingsServiceBeanTest.java
@@ -1,14 +1,22 @@
 package edu.harvard.iq.dataverse.settings;
 
+import jakarta.json.JsonObject;
+import jakarta.persistence.EntityManager;
+import jakarta.persistence.TypedQuery;
+import org.junit.jupiter.api.BeforeAll;
 import org.junit.jupiter.api.Nested;
 import org.junit.jupiter.api.Test;
 import org.junit.jupiter.params.ParameterizedTest;
 import org.junit.jupiter.params.provider.Arguments;
 import org.junit.jupiter.params.provider.MethodSource;
+import org.mockito.ArgumentMatchers;
 
+import java.util.Collections;
 import java.util.List;
 
 import static org.junit.jupiter.api.Assertions.assertEquals;
+import static org.mockito.Mockito.mock;
+import static org.mockito.Mockito.when;
 
 class SettingsServiceBeanTest {
     
@@ -45,4 +53,76 @@ void testRoundtrip() {
             }
         }
     }
+    
+    @Nested
+    class ListAllAsJsonTest {
+        
+        static TypedQuery<Setting> typedQuery = mock(TypedQuery.class);
+        static EntityManager em = mock(EntityManager.class);
+        static SettingsServiceBean settingsServiceBean = new SettingsServiceBean();
+        
+        @BeforeAll
+        static void setup() {
+            settingsServiceBean.em = em;
+            
+            when(em.createNamedQuery(
+                ArgumentMatchers.eq("Setting.findAll"),
+                ArgumentMatchers.eq(Setting.class)))
+                .thenReturn(typedQuery);
+        }
+        
+        @Test
+        void testListAllAsJson_noSettings() {
+            // Given
+            List<Setting> emptyList = Collections.emptyList();
+            when(typedQuery.getResultList()).thenReturn(emptyList);
+            
+            // When
+            JsonObject result = settingsServiceBean.listAllAsJson();
+            
+            // Then
+            assertEquals(0, result.size());
+        }
+        
+        @Test
+        void testListAllAsJson_nonLocalizedSettings() {
+            // Given
+            List<Setting> resultList = List.of(
+                new Setting("testKey1", "testValue1"),
+                new Setting("testKey2", "testValue2")
+            );
+            when(typedQuery.getResultList()).thenReturn(resultList);
+            
+            // When
+            JsonObject result = settingsServiceBean.listAllAsJson();
+            
+            // Then
+            assertEquals(2, result.size());
+            assertEquals("testValue1", result.getString("testKey1"));
+            assertEquals("testValue2", result.getString("testKey2"));
+        }
+        
+        @Test
+        void testListAllAsJson_localizedSettings() {
+            // Given
+            List<Setting> resultList = List.of(
+                new Setting("localizedKey", "value_base"),
+                new Setting("localizedKey", "en", "value_en"),
+                new Setting("localizedKey", "fr", "value_fr")
+            );
+            when(typedQuery.getResultList()).thenReturn(resultList);
+            
+            // When
+            JsonObject result = settingsServiceBean.listAllAsJson();
+            
+            // Then
+            assertEquals(1, result.size());
+            JsonObject localizedSetting = result.getJsonObject("localizedKey");
+            
+            assertEquals(3, localizedSetting.size());
+            assertEquals("value_base", localizedSetting.getString("base"));
+            assertEquals("value_en", localizedSetting.getString("en"));
+            assertEquals("value_fr", localizedSetting.getString("fr"));
+        }
+    }
 }
\ No newline at end of file

From 0ebe683f97435a1350b0c6c1f93db486f8cec6ce Mon Sep 17 00:00:00 2001
From: Oliver Bertuch <o.bertuch@fz-juelich.de>
Date: Tue, 15 Jul 2025 17:14:26 +0200
Subject: [PATCH 215/634] chore: add JaCoCo args placeholders to pom.xml

This is because Intellij IDEA's MavenJUnitPatcher only correctly uses the maven-surefire-plugin <argLine> if all interpolated properties are present.

If a single property is missing, the <argLine> will not be used by IntelliJ's test runner, which is horrible to debug.

See also https://github.com/kreiger/idea-maven-test-profiles-argline
---
 pom.xml | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/pom.xml b/pom.xml
index ceb5ea28d84..822eaaeb79d 100644
--- a/pom.xml
+++ b/pom.xml
@@ -21,6 +21,8 @@
         <skipUnitTests>false</skipUnitTests>
         <skipIntegrationTests>false</skipIntegrationTests>
         <it.groups>integration</it.groups>
+        <surefire.jacoco.args></surefire.jacoco.args>
+        <failsafe.jacoco.args></failsafe.jacoco.args>
         
         <!-- By default, this module will produce a WAR file. -->
         <!-- This will be switched within the container profile! -->

From 684c7d1110b7fb7c760b3f54bca3bcb62eafc532 Mon Sep 17 00:00:00 2001
From: Oliver Bertuch <o.bertuch@fz-juelich.de>
Date: Tue, 15 Jul 2025 17:18:07 +0200
Subject: [PATCH 216/634] feat: replace tabular ingest size limits
 configuration using JSON #11639

Introduced new methods in `SystemConfig` to support tabular ingest size limits as JSON objects or single values. This replaces the old way of using colon-separated format suffixes with the setting name.

Enhanced flexibility with format-specific or universal defaults. Updated `EditDatafilesPage` to populate human-readable format-specific limits. Added comprehensive unit tests to validate behavior, including edge cases for invalid configurations.
---
 .../iq/dataverse/EditDatafilesPage.java       |  20 +--
 .../iq/dataverse/util/SystemConfig.java       | 131 +++++++++++++-----
 .../iq/dataverse/EditDatafilesPageTest.java   |  64 +++++++++
 .../iq/dataverse/util/SystemConfigTest.java   |  88 +++++++++++-
 4 files changed, 253 insertions(+), 50 deletions(-)
 create mode 100644 src/test/java/edu/harvard/iq/dataverse/EditDatafilesPageTest.java

diff --git a/src/main/java/edu/harvard/iq/dataverse/EditDatafilesPage.java b/src/main/java/edu/harvard/iq/dataverse/EditDatafilesPage.java
index b7d28ceabfa..fd0f3be9871 100644
--- a/src/main/java/edu/harvard/iq/dataverse/EditDatafilesPage.java
+++ b/src/main/java/edu/harvard/iq/dataverse/EditDatafilesPage.java
@@ -81,6 +81,8 @@
 import java.util.Collection;
 import java.util.Set;
 import java.util.logging.Level;
+import java.util.stream.Collectors;
+
 import jakarta.faces.event.AjaxBehaviorEvent;
 import jakarta.faces.event.FacesEvent;
 import jakarta.servlet.ServletOutputStream;
@@ -381,19 +383,11 @@ public String getHumanPerFormatTabularLimits() {
     }
 
     public String populateHumanPerFormatTabularLimits() {
-        String keyPrefix = ":TabularIngestSizeLimit:";
-        List<String> formatLimits = new ArrayList<>();
-        for (Setting setting : settingsService.listAllWithoutLocalizations()) {
-            String name = setting.getName();
-            if (!name.startsWith(keyPrefix)) {
-                continue;
-            }
-            String tabularName = setting.getName().substring(keyPrefix.length());
-            String bytes = setting.getContent();
-            String humanReadableSize = FileSizeChecker.bytesToHumanReadable(Long.valueOf(bytes));
-            formatLimits.add(tabularName + ": " + humanReadableSize);
-        }
-        return String.join(", ", formatLimits);
+        return systemConfig.getTabularIngestSizeLimits().entrySet().stream()
+            // The human-readable list shall not contain the setting for non-matching formats
+            .filter(entry -> ! entry.getKey().equals(SystemConfig.TABULAR_INGEST_SIZE_LIMITS_DEFAULT_KEY))
+            .map(entry -> entry.getKey() + ": " + FileSizeChecker.bytesToHumanReadable(entry.getValue()))
+            .collect(Collectors.joining(", "));
     }
 
     public Integer getFileUploadsAvailable() {
diff --git a/src/main/java/edu/harvard/iq/dataverse/util/SystemConfig.java b/src/main/java/edu/harvard/iq/dataverse/util/SystemConfig.java
index 69f9262ab5b..5061a0a70e7 100644
--- a/src/main/java/edu/harvard/iq/dataverse/util/SystemConfig.java
+++ b/src/main/java/edu/harvard/iq/dataverse/util/SystemConfig.java
@@ -11,6 +11,7 @@
 import edu.harvard.iq.dataverse.settings.JvmSettings;
 import edu.harvard.iq.dataverse.settings.SettingsServiceBean;
 import edu.harvard.iq.dataverse.validation.PasswordValidatorUtil;
+import jakarta.json.stream.JsonParsingException;
 import org.passay.CharacterRule;
 
 import jakarta.ejb.EJB;
@@ -27,6 +28,7 @@
 import java.net.UnknownHostException;
 import java.time.Year;
 import java.util.Arrays;
+import java.util.Collections;
 import java.util.HashMap;
 import java.util.Iterator;
 import java.util.List;
@@ -488,49 +490,106 @@ public Integer getSearchHighlightFragmentSize() {
         }
         return null;
     }
-
-    public long getTabularIngestSizeLimit() {
-        // This method will return the blanket ingestable size limit, if 
-        // set on the system. I.e., the universal limit that applies to all 
-        // tabular ingests, regardless of fromat: 
-        
-        String limitEntry = settingsService.getValueForKey(SettingsServiceBean.Key.TabularIngestSizeLimit); 
-        
+    
+    /**
+     * The default key used to identify tabular ingest size limits.
+     * This value represents the standard or fallback configuration.
+     * For any other valid format strings, see implementations of {@code TabularDataFileReader.getFormatName()}.
+     */
+    public static final String TABULAR_INGEST_SIZE_LIMITS_DEFAULT_KEY = "default";
+    
+    /**
+     * Retrieves the tabular ingest size limits based on the system configuration.
+     * The size limits can be defined as a JSON object with format-specific limits, a single numeric value
+     * applied to all formats, or might not exist, in which case the default limit is applied.
+     *
+     * Note that the format names in the configuration will be transformed to lowercase for user convenience
+     * of how people like to write their formats best.
+     *
+     * If the configuration contains invalid data (e.g., unparsable JSON or non-numeric values),
+     * all tabular ingest operations are disabled by setting size limits to 0.
+     *
+     * TODO: At some later point, if and when the DB lookups or JSON parsing takes a toll to heavy to bear,
+     *       we may introduce a caching singleton for these. (With TTL or using events to invalidate on update.)
+     *
+     * @return a map where the keys represent format names or a default key, and the values represent the maximum allowed size for each format.
+     */
+    public Map<String, Long> getTabularIngestSizeLimits() {
+        String limitEntry = settingsService.getValueForKey(SettingsServiceBean.Key.TabularIngestSizeLimit);
         if (limitEntry != null) {
-            try {
-                Long sizeOption = Long.valueOf(limitEntry);
-                return sizeOption;
-            } catch (NumberFormatException nfe) {
-                logger.warning("Invalid value for TabularIngestSizeLimit option? - " + limitEntry);
+            // Case A: the setting is using JSON to support multiple formats
+            if (limitEntry.trim().startsWith("{")) {
+                try {
+                    JsonObject limits = Json.createReader(new StringReader(limitEntry)).readObject();
+                    
+                    Map<String, Long> limitsMap = new HashMap<>();
+                    // We add the default in case the JSON does not contain the default (which is optional).
+                    limitsMap.put(TABULAR_INGEST_SIZE_LIMITS_DEFAULT_KEY, -1L);
+                    
+                    for (String formatName : limits.keySet()) {
+                        // We deliberatly do not validate the formatNames here for backward compatibility.
+                        // But we transform to lowercase here, so the casing doesn't matter for lookups.
+                        String lowercaseFormatName = formatName.toLowerCase();
+                        
+                        try {
+                            Long sizeOption = Long.valueOf(limits.getString(formatName));
+                            limitsMap.put(lowercaseFormatName, sizeOption);
+                        } catch (NumberFormatException nfe) {
+                            logger.warning("Could not convert " + SettingsServiceBean.Key.TabularIngestSizeLimit + " to long: " + nfe);
+                            logger.warning("Disabling all tabular ingest completely until fixed!");
+                            return Map.of(TABULAR_INGEST_SIZE_LIMITS_DEFAULT_KEY, 0L);
+                        }
+                    }
+                    
+                    return Collections.unmodifiableMap(limitsMap);
+                } catch (JsonParsingException e) {
+                    logger.warning("Invalid TabularIngestSizeLimit option found, cannot parse JSON: " + e.getMessage());
+                    logger.warning("Disabling all tabular ingest completely until fixed!");
+                    return Map.of(TABULAR_INGEST_SIZE_LIMITS_DEFAULT_KEY, 0L);
+                }
+            // Case B: It might be just a simple Long, providing a default for all formats.
+            } else {
+                try {
+                    Long limit = Long.valueOf(limitEntry);
+                    return Map.of(TABULAR_INGEST_SIZE_LIMITS_DEFAULT_KEY, limit);
+                } catch (NumberFormatException nfe) {
+                    logger.warning("Could not convert " + SettingsServiceBean.Key.TabularIngestSizeLimit + " to long: " + nfe);
+                    logger.warning("Disabling all tabular ingest completely until fixed!");
+                    return Map.of(TABULAR_INGEST_SIZE_LIMITS_DEFAULT_KEY, 0L);
+                }
             }
         }
-        // -1 means no limit is set; 
-        // 0 on the other hand would mean that ingest is fully disabled for 
-        // tabular data. 
-        return -1; 
+        
+        // Default is not to limit at all
+        return Map.of(TABULAR_INGEST_SIZE_LIMITS_DEFAULT_KEY, -1L);
     }
     
+    /**
+     * This method will return the blanket ingestable size limit, if set on the system.
+     * I.e., the universal limit that applies to all tabular ingests, regardless of fromat.
+     * @return -1 = unlimited if not set, 0 if disabled or invalid, some long number of bytes otherwise
+     */
+    public long getTabularIngestSizeLimit() {
+        return getTabularIngestSizeLimits().get(TABULAR_INGEST_SIZE_LIMITS_DEFAULT_KEY);
+    }
+    
+    /**
+     * Retrieves the size limit for tabular data ingestion based on the provided format name.
+     * The format name will be converted to lowercase, making sure the casing doesn't matter.
+     *
+     * @param formatName The name of the format for which the size limit is requested
+     *                   See also implementations of {@code TabularDataFileReader.getFormatName()} for examples.
+     * @return The size limit in bytes for tabular data ingestion associated with the specified format name,
+     *         or the default size limit if no format-specific limit is found or its name is invalid (null, blank, ...).
+     *         -1 = unlimited if not set, 0 if disabled or invalid, some long number of bytes otherwise
+     */
     public long getTabularIngestSizeLimit(String formatName) {
-        // This method returns the size limit set specifically for this format name,
-        // if available, otherwise - the blanket limit that applies to all tabular 
-        // ingests regardless of a format. 
-        
-        if (formatName == null || formatName.equals("")) {
-            return getTabularIngestSizeLimit(); 
+        if (formatName != null && !formatName.isBlank()) {
+            // We convert to lowercase so it doesn't matter which variant someone uses in the JSON config
+            String convertedFormatName = formatName.toLowerCase();
+            return getTabularIngestSizeLimits().getOrDefault(convertedFormatName, getTabularIngestSizeLimit());
         }
-        
-        String limitEntry = settingsService.get(SettingsServiceBean.Key.TabularIngestSizeLimit.toString() + ":" + formatName); 
-                
-        if (limitEntry != null) {
-            try {
-                Long sizeOption = Long.valueOf(limitEntry);
-                return sizeOption;
-            } catch (NumberFormatException nfe) {
-                logger.warning("Invalid value for TabularIngestSizeLimit:" + formatName + "? - " + limitEntry );
-            }
-        }
-        
-        return getTabularIngestSizeLimit();        
+        return getTabularIngestSizeLimit();
     }
 
     public boolean isOAIServerEnabled() {
diff --git a/src/test/java/edu/harvard/iq/dataverse/EditDatafilesPageTest.java b/src/test/java/edu/harvard/iq/dataverse/EditDatafilesPageTest.java
new file mode 100644
index 00000000000..11578b71f0e
--- /dev/null
+++ b/src/test/java/edu/harvard/iq/dataverse/EditDatafilesPageTest.java
@@ -0,0 +1,64 @@
+package edu.harvard.iq.dataverse;
+
+import edu.harvard.iq.dataverse.util.SystemConfig;
+import org.junit.jupiter.api.Test;
+import org.mockito.InjectMocks;
+import org.mockito.Mock;
+import org.mockito.MockitoAnnotations;
+
+import java.util.HashMap;
+import java.util.Map;
+
+import static org.junit.jupiter.api.Assertions.assertEquals;
+import static org.junit.jupiter.api.Assertions.assertFalse;
+import static org.junit.jupiter.api.Assertions.assertTrue;
+import static org.mockito.Mockito.when;
+
+class EditDatafilesPageTest {
+    
+    @InjectMocks
+    private EditDatafilesPage editDatafilesPage;
+    
+    @Mock
+    private SystemConfig systemConfig;
+    
+    public EditDatafilesPageTest() {
+        MockitoAnnotations.openMocks(this);
+    }
+    
+    @Test
+    void testPopulateHumanPerFormatTabularLimits_WithEmptyLimits() {
+        Map<String, Long> tabularLimits = new HashMap<>();
+        when(systemConfig.getTabularIngestSizeLimits()).thenReturn(tabularLimits);
+        
+        String result = editDatafilesPage.populateHumanPerFormatTabularLimits();
+        
+        assertEquals("", result, "Expected no formatted limits when the map is empty");
+    }
+    
+    @Test
+    void testPopulateHumanPerFormatTabularLimits_WithNonDefaultLimits() {
+        Map<String, Long> tabularLimits = new HashMap<>();
+        tabularLimits.put("csv", 10485760L); // 10MB
+        tabularLimits.put("tsv", 5242880L);  // 5MB
+        when(systemConfig.getTabularIngestSizeLimits()).thenReturn(tabularLimits);
+        
+        String result = editDatafilesPage.populateHumanPerFormatTabularLimits();
+        
+        assertTrue(result.contains("csv: 10.0 MB"), "Expected CSV limit in human-readable format, but got: " + result);
+        assertTrue(result.contains("tsv: 5.0 MB"), "Expected TSV limit in human-readable format, but got: " + result);
+    }
+    
+    @Test
+    void testPopulateHumanPerFormatTabularLimits_WithDefaultKey() {
+        Map<String, Long> tabularLimits = new HashMap<>();
+        tabularLimits.put(SystemConfig.TABULAR_INGEST_SIZE_LIMITS_DEFAULT_KEY, 2097152L); // 2MB
+        tabularLimits.put("csv", 10485760L); // 10MB
+        when(systemConfig.getTabularIngestSizeLimits()).thenReturn(tabularLimits);
+        
+        String result = editDatafilesPage.populateHumanPerFormatTabularLimits();
+        
+        assertTrue(result.contains("csv: 10.0 MB"), "Expected CSV limit in human-readable format, but got: " + result);
+        assertFalse(result.contains("default"), "Default key should be excluded from the output");
+    }
+}
\ No newline at end of file
diff --git a/src/test/java/edu/harvard/iq/dataverse/util/SystemConfigTest.java b/src/test/java/edu/harvard/iq/dataverse/util/SystemConfigTest.java
index 82b89bca678..f50b6023480 100644
--- a/src/test/java/edu/harvard/iq/dataverse/util/SystemConfigTest.java
+++ b/src/test/java/edu/harvard/iq/dataverse/util/SystemConfigTest.java
@@ -12,6 +12,8 @@
 import org.mockito.Mock;
 import org.mockito.junit.jupiter.MockitoExtension;
 
+import java.util.Map;
+
 import static org.junit.jupiter.api.Assertions.assertEquals;
 import static org.junit.jupiter.api.Assertions.assertTrue;
 import static org.mockito.Mockito.doReturn;
@@ -142,5 +144,89 @@ void testGetThumbnailSizeLimit() {
         assertEquals(1000000l, SystemConfig.getThumbnailSizeLimit("PDF"));
         assertEquals(0l, SystemConfig.getThumbnailSizeLimit("NoSuchType"));
     }
-
+    
+    @Test
+    void testGetTabularIngestSizeLimitsWithoutSetting() {
+        // given
+        doReturn(null).when(settingsService).getValueForKey(SettingsServiceBean.Key.TabularIngestSizeLimit);
+        
+        // when
+        Map<String, Long> result = systemConfig.getTabularIngestSizeLimits();
+        
+        // then
+        assertEquals(1, result.size());
+        assertEquals(-1L, (long) result.get(SystemConfig.TABULAR_INGEST_SIZE_LIMITS_DEFAULT_KEY));
+    }
+    
+    @Test
+    void testGetTabularIngestSizeLimitsWithValidJson() {
+        // given
+        String validJson = "{\"csV\": \"5000\", \"tSv\": \"10000\"}";
+        doReturn(validJson).when(settingsService).getValueForKey(SettingsServiceBean.Key.TabularIngestSizeLimit);
+        
+        // when
+        Map<String, Long> result = systemConfig.getTabularIngestSizeLimits();
+        
+        // then
+        assertEquals(3, result.size());
+        assertEquals(-1L, (long) result.get(SystemConfig.TABULAR_INGEST_SIZE_LIMITS_DEFAULT_KEY));
+        assertEquals(5000L, result.get("csv"));
+        assertEquals(10000L, result.get("tsv"));
+    }
+    
+    @Test
+    void testGetTabularIngestSizeLimitsWithSingleValue() {
+        // given
+        String singleValue = "8000";
+        doReturn(singleValue).when(settingsService).getValueForKey(SettingsServiceBean.Key.TabularIngestSizeLimit);
+        
+        // when
+        Map<String, Long> result = systemConfig.getTabularIngestSizeLimits();
+        
+        // then
+        assertEquals(1, result.size());
+        assertEquals(8000L, (long) result.get(SystemConfig.TABULAR_INGEST_SIZE_LIMITS_DEFAULT_KEY));
+    }
+    
+    @Test
+    void testGetTabularIngestSizeLimitsWithSingleInvalidValue() {
+        // given
+        String singleValue = "this-aint-no-number";
+        doReturn(singleValue).when(settingsService).getValueForKey(SettingsServiceBean.Key.TabularIngestSizeLimit);
+        
+        // when
+        Map<String, Long> result = systemConfig.getTabularIngestSizeLimits();
+        
+        // then
+        assertEquals(1, result.size());
+        assertEquals(0L, (long) result.get(SystemConfig.TABULAR_INGEST_SIZE_LIMITS_DEFAULT_KEY));
+    }
+    
+    @Test
+    void testGetTabularIngestSizeLimitsWithInvalidJson() {
+        // given
+        String invalidJson = "{invalid:}";
+        doReturn(invalidJson).when(settingsService).getValueForKey(SettingsServiceBean.Key.TabularIngestSizeLimit);
+        
+        // when
+        Map<String, Long> result = systemConfig.getTabularIngestSizeLimits();
+        
+        // then
+        assertEquals(1, result.size());
+        assertEquals(0L, (long) result.get(SystemConfig.TABULAR_INGEST_SIZE_LIMITS_DEFAULT_KEY));
+    }
+    
+    @Test
+    void testGetTabularIngestSizeLimitsWithInvalidNumberInValidJson() {
+        // given
+        String invalidJson = "{\"csv\": \"this-is-not-a-number\", \"tSv\": \"10000\"}";
+        doReturn(invalidJson).when(settingsService).getValueForKey(SettingsServiceBean.Key.TabularIngestSizeLimit);
+        
+        // when
+        Map<String, Long> result = systemConfig.getTabularIngestSizeLimits();
+        
+        // then
+        assertEquals(1, result.size());
+        assertEquals(0L, (long) result.get(SystemConfig.TABULAR_INGEST_SIZE_LIMITS_DEFAULT_KEY));
+    }
 }

From b11b722ed75f0feb19858a3d2bb264ecf269d62d Mon Sep 17 00:00:00 2001
From: Oliver Bertuch <o.bertuch@fz-juelich.de>
Date: Tue, 15 Jul 2025 17:52:55 +0200
Subject: [PATCH 217/634] feat(db): migrate TabularIngestSizeLimit settings to
 JSON format with Flyway #11639

Implemented migration script to replace old format-specific TabularIngestSizeLimit settings with a unified JSON-based structure. Validates and handles non-numeric values, ensures backward compatibility, and cleans up obsolete settings.
---
 src/main/resources/db/migration/V6.7.0.1.sql | 78 ++++++++++++++++++++
 1 file changed, 78 insertions(+)
 create mode 100644 src/main/resources/db/migration/V6.7.0.1.sql

diff --git a/src/main/resources/db/migration/V6.7.0.1.sql b/src/main/resources/db/migration/V6.7.0.1.sql
new file mode 100644
index 00000000000..733a10d951f
--- /dev/null
+++ b/src/main/resources/db/migration/V6.7.0.1.sql
@@ -0,0 +1,78 @@
+-- This script migrates the old TabularIngestSizeLimit database setting using format suffixes to a JSON based approach.
+
+DO $$
+    DECLARE
+        base_setting_content TEXT;
+        format_settings_cursor CURSOR FOR
+            SELECT name, content
+            FROM Setting
+            WHERE name LIKE ':TabularIngestSizeLimit:%'
+              AND lang IS NULL;
+        format_record RECORD;
+        format_name TEXT;
+        format_value BIGINT;
+        json_object JSONB := '{}';
+        has_format_settings BOOLEAN := FALSE;
+        warning_message TEXT;
+    BEGIN
+        -- Check if there are any format-specific settings
+        SELECT EXISTS(
+            SELECT 1 FROM Setting
+            WHERE name LIKE ':TabularIngestSizeLimit:%'
+              AND lang IS NULL
+        ) INTO has_format_settings;
+
+        -- Only proceed if we have format-specific settings
+        IF NOT has_format_settings THEN
+            RAISE NOTICE 'No format-specific TabularIngestSizeLimit settings found. Skipping migration.';
+            RETURN;
+        END IF;
+
+        -- Get the base setting (without format suffix) if it exists
+        SELECT content INTO base_setting_content
+        FROM Setting
+        WHERE name = ':TabularIngestSizeLimit'
+          AND lang IS NULL;
+
+        -- Add base setting to JSON object if it exists
+        IF base_setting_content IS NOT NULL THEN
+            -- Validate that base setting is numeric
+            BEGIN
+                format_value := base_setting_content::BIGINT;
+                json_object := json_object || jsonb_build_object('default', format_value);
+            EXCEPTION WHEN invalid_text_representation THEN
+                RAISE WARNING 'Base TabularIngestSizeLimit setting contains non-numeric value: %. Setting to 0 (disabling ingest!).', base_setting_content;
+                json_object := json_object || jsonb_build_object('default', 0);
+            END;
+        END IF;
+
+        -- Process format-specific settings
+        FOR format_record IN format_settings_cursor LOOP
+                -- Extract format name (everything after ":TabularIngestSizeLimit:")
+                format_name := substring(format_record.name from ':TabularIngestSizeLimit:(.*)');
+
+                -- Validate and convert the content to numeric
+                BEGIN
+                    format_value := format_record.content::BIGINT;
+                    json_object := json_object || jsonb_build_object(format_name, format_value);
+                EXCEPTION WHEN invalid_text_representation THEN
+                    warning_message := format('Format-specific TabularIngestSizeLimit setting %s contains non-numeric value: %s. Setting to 0 (disabling ingest!).',
+                                              format_record.name, format_record.content);
+                    RAISE WARNING '%', warning_message;
+                    json_object := json_object || jsonb_build_object(format_name, 0);
+                END;
+            END LOOP;
+
+        -- Insert or update the new JSON-based setting
+        INSERT INTO Setting (name, content, lang)
+        VALUES (':TabularIngestSizeLimit', json_object::TEXT, NULL)
+        ON CONFLICT (name) WHERE lang IS NULL
+            DO UPDATE SET content = EXCLUDED.content;
+
+        -- Delete all format-specific settings
+        DELETE FROM Setting
+        WHERE name LIKE ':TabularIngestSizeLimit:%'
+          AND lang IS NULL;
+
+        RAISE NOTICE 'Successfully migrated TabularIngestSizeLimit settings to JSON format: %', json_object::TEXT;
+    END $$;
\ No newline at end of file

From 92adb8ada567a73f67605e4618a8642c18db6329 Mon Sep 17 00:00:00 2001
From: Oliver Bertuch <o.bertuch@fz-juelich.de>
Date: Wed, 16 Jul 2025 11:00:58 +0200
Subject: [PATCH 218/634] docs: improve TabularIngestSizeLimit documentation
 with JSON examples and defaults #11639

Refined the explanation of tabular ingest size limits, introduced examples for JSON configuration, clarified default behavior, and updated guidance on per-format overrides.
---
 .../source/installation/config.rst            | 33 ++++++++++++++-----
 1 file changed, 24 insertions(+), 9 deletions(-)

diff --git a/doc/sphinx-guides/source/installation/config.rst b/doc/sphinx-guides/source/installation/config.rst
index 14bf33c9482..63eb4612f7f 100644
--- a/doc/sphinx-guides/source/installation/config.rst
+++ b/doc/sphinx-guides/source/installation/config.rst
@@ -4373,30 +4373,45 @@ In the UI, users trying to download a zip file larger than the Dataverse install
 :TabularIngestSizeLimit
 +++++++++++++++++++++++
 
-Threshold in bytes for limiting whether or not "ingest" it attempted for tabular files (which can be resource intensive). For example, with the below in place, files greater than 2 GB in size will not go through the ingest process:
+Threshold in bytes for limiting whether or not "ingest" is attempted for an uploaded tabular file (which can be resource intensive).
+For example, with the below in place, files greater than 2 GB in size will not go through the ingest process:
 
 ``curl -X PUT -d 2000000000 http://localhost:8080/api/admin/settings/:TabularIngestSizeLimit``
 
-(You can set this value to 0 to prevent files from being ingested at all.)
+You can set this value to ``0`` to prevent files from being ingested at all.
+The default is ``-1``, meaning no file size limit is applied.
 
-You can override this global setting on a per-format basis for the following formats:
+Using a JSON-based setting, you can override this global setting on a per-format basis for the following formats:
 
 - DTA
 - POR
 - SAV
 - Rdata
 - CSV
-- XLSX (in lower-case)
+- XLSX
 
-For example :
+The JSON follows this form, all fields optional:
 
-* if you want your Dataverse installation to not attempt to ingest Rdata files larger than 1 MB, use this setting:
+.. code:: json
 
-``curl -X PUT -d 1000000 http://localhost:8080/api/admin/settings/:TabularIngestSizeLimit:Rdata``
+  {
+    "default": -1,
+    "formatX": 0,
+    "formatY": 10,
+    "formatZ": 100
+  }
+
+The ``default`` key represents the global default, with it being absent meaning the global default of ``-1`` applies.
+Add a format name (as listed above) to change the limit for this particular format.
+
+Examples:
+
+1. If you want your Dataverse installation to not attempt to ingest Rdata files larger than 1 MB but otherwise unlimited:
 
-* if you want your Dataverse installation to not attempt to ingest XLSX files at all, use this setting:
+   ``curl -X PUT -d '{"Rdata":1000000}' http://localhost:8080/api/admin/settings/:TabularIngestSizeLimit``
+2. If you want your Dataverse installation to not attempt to ingest XLSX files at all and apply a global limit of 512 MiB, use this setting:
 
-``curl -X PUT -d 0 http://localhost:8080/api/admin/settings/:TabularIngestSizeLimit:xlsx``
+   ``curl -X PUT -d '{"default":536870912, "XSLX":0}' http://localhost:8080/api/admin/settings/:TabularIngestSizeLimit``
 
 :ZipUploadFilesLimit
 ++++++++++++++++++++

From b17e52a444f09186cd20ba57c4c22204fb0343c1 Mon Sep 17 00:00:00 2001
From: Oliver Bertuch <o.bertuch@fz-juelich.de>
Date: Wed, 16 Jul 2025 12:06:39 +0200
Subject: [PATCH 219/634] fix: handle unsupported JSON integers in tabular
 ingest size limits #11639

Updated warnings and validation logic to enforce string literals for size limits.
Added a new test to ensure proper handling of JSON configurations with unsupported integer types for tabular ingest size limits.
Improved related documentation for clarity.
---
 doc/sphinx-guides/source/installation/config.rst  | 15 ++++++++-------
 .../harvard/iq/dataverse/util/SystemConfig.java   |  6 +++++-
 .../iq/dataverse/util/SystemConfigTest.java       | 14 ++++++++++++++
 3 files changed, 27 insertions(+), 8 deletions(-)

diff --git a/doc/sphinx-guides/source/installation/config.rst b/doc/sphinx-guides/source/installation/config.rst
index 63eb4612f7f..0541f9f301d 100644
--- a/doc/sphinx-guides/source/installation/config.rst
+++ b/doc/sphinx-guides/source/installation/config.rst
@@ -4395,23 +4395,24 @@ The JSON follows this form, all fields optional:
 .. code:: json
 
   {
-    "default": -1,
-    "formatX": 0,
-    "formatY": 10,
-    "formatZ": 100
+    "default": "-1",
+    "formatX": "0",
+    "formatY": "10",
+    "formatZ": "100"
   }
 
-The ``default`` key represents the global default, with it being absent meaning the global default of ``-1`` applies.
+The ``default`` key represents the global default (with it being absent meaning the implicit global default of ``-1`` applies).
 Add a format name (as listed above) to change the limit for this particular format.
+Any size limits must be provided as string literals (in quotes), not number literals!
 
 Examples:
 
 1. If you want your Dataverse installation to not attempt to ingest Rdata files larger than 1 MB but otherwise unlimited:
 
-   ``curl -X PUT -d '{"Rdata":1000000}' http://localhost:8080/api/admin/settings/:TabularIngestSizeLimit``
+   ``curl -X PUT -d '{"Rdata":"1000000"}' http://localhost:8080/api/admin/settings/:TabularIngestSizeLimit``
 2. If you want your Dataverse installation to not attempt to ingest XLSX files at all and apply a global limit of 512 MiB, use this setting:
 
-   ``curl -X PUT -d '{"default":536870912, "XSLX":0}' http://localhost:8080/api/admin/settings/:TabularIngestSizeLimit``
+   ``curl -X PUT -d '{"default":"536870912", "XSLX":"0"}' http://localhost:8080/api/admin/settings/:TabularIngestSizeLimit``
 
 :ZipUploadFilesLimit
 ++++++++++++++++++++
diff --git a/src/main/java/edu/harvard/iq/dataverse/util/SystemConfig.java b/src/main/java/edu/harvard/iq/dataverse/util/SystemConfig.java
index 5061a0a70e7..71f24b1fe3a 100644
--- a/src/main/java/edu/harvard/iq/dataverse/util/SystemConfig.java
+++ b/src/main/java/edu/harvard/iq/dataverse/util/SystemConfig.java
@@ -534,8 +534,12 @@ public Map<String, Long> getTabularIngestSizeLimits() {
                         try {
                             Long sizeOption = Long.valueOf(limits.getString(formatName));
                             limitsMap.put(lowercaseFormatName, sizeOption);
+                        } catch (ClassCastException cce) {
+                            logger.warning("Could not convert " + SettingsServiceBean.Key.TabularIngestSizeLimit + " to long from JSON integer. You must provide the long number as string (use quotes) for format " + formatName);
+                            logger.warning("Disabling all tabular ingest completely until fixed!");
+                            return Map.of(TABULAR_INGEST_SIZE_LIMITS_DEFAULT_KEY, 0L);
                         } catch (NumberFormatException nfe) {
-                            logger.warning("Could not convert " + SettingsServiceBean.Key.TabularIngestSizeLimit + " to long: " + nfe);
+                            logger.warning("Could not convert " + SettingsServiceBean.Key.TabularIngestSizeLimit + " to long for format " + formatName + " (not a number)");
                             logger.warning("Disabling all tabular ingest completely until fixed!");
                             return Map.of(TABULAR_INGEST_SIZE_LIMITS_DEFAULT_KEY, 0L);
                         }
diff --git a/src/test/java/edu/harvard/iq/dataverse/util/SystemConfigTest.java b/src/test/java/edu/harvard/iq/dataverse/util/SystemConfigTest.java
index f50b6023480..06026962d2c 100644
--- a/src/test/java/edu/harvard/iq/dataverse/util/SystemConfigTest.java
+++ b/src/test/java/edu/harvard/iq/dataverse/util/SystemConfigTest.java
@@ -202,6 +202,20 @@ void testGetTabularIngestSizeLimitsWithSingleInvalidValue() {
         assertEquals(0L, (long) result.get(SystemConfig.TABULAR_INGEST_SIZE_LIMITS_DEFAULT_KEY));
     }
     
+    @Test
+    void testGetTabularIngestSizeLimitsWithJsonButUnsupportedJsonInt() {
+        // given
+        String invalidJson = "{\"default\": 0}";
+        doReturn(invalidJson).when(settingsService).getValueForKey(SettingsServiceBean.Key.TabularIngestSizeLimit);
+        
+        // when
+        Map<String, Long> result = systemConfig.getTabularIngestSizeLimits();
+        
+        // then
+        assertEquals(1, result.size());
+        assertEquals(0L, (long) result.get(SystemConfig.TABULAR_INGEST_SIZE_LIMITS_DEFAULT_KEY));
+    }
+    
     @Test
     void testGetTabularIngestSizeLimitsWithInvalidJson() {
         // given

From 493239652eae37a84ed2237e89234be792601d99 Mon Sep 17 00:00:00 2001
From: Oliver Bertuch <o.bertuch@fz-juelich.de>
Date: Wed, 16 Jul 2025 17:14:41 +0200
Subject: [PATCH 220/634] refactor: simplify `listAllAsJson` method and update
 corresponding test #11639

Streamlined the logic of `listAllAsJson` to use a flattened structure for localized settings, improving maintainability and backward compatibility. Updated test assertions in `SettingsServiceBeanTest` to reflect the new structure. Added enhanced method documentation.
---
 .../settings/SettingsServiceBean.java         | 64 ++++++++++---------
 .../settings/SettingsServiceBeanTest.java     | 11 ++--
 2 files changed, 38 insertions(+), 37 deletions(-)

diff --git a/src/main/java/edu/harvard/iq/dataverse/settings/SettingsServiceBean.java b/src/main/java/edu/harvard/iq/dataverse/settings/SettingsServiceBean.java
index 48c37480e0e..0f3d9557e6b 100644
--- a/src/main/java/edu/harvard/iq/dataverse/settings/SettingsServiceBean.java
+++ b/src/main/java/edu/harvard/iq/dataverse/settings/SettingsServiceBean.java
@@ -1016,52 +1016,56 @@ public void delete( String name, String lang ) {
      * Retrieves all settings that do not have any language localizations.
      * This method uses a named query to fetch settings where the language field is null.
      *
-     * @return a set of {@code Setting} objects that do not have language localizations.
+     * @return a set of {@link Setting} objects that do not have language localizations.
      */
     public Set<Setting> listAllWithoutLocalizations() {
         return new HashSet<>(em.createNamedQuery("Setting.findAllWithoutLang", Setting.class).getResultList());
     }
     
     /**
-     * Retrieves all available application settings as a JSON object.
-     * The method fetches settings from the database, organizes them into localized
-     * and non-localized entries, and builds a JSON representation of the dataset.
-     * Non-localized settings are added directly as key-value pairs, while localized
-     * settings are grouped under their associated keys with language-specific mappings.
-     * Note: settings may exist with both non-localized and localized variant.
-     * The non-localized variant will be added as "base" locale.
+     * Retrieves all settings from the database and converts them into a JSON object.
+     * Each setting is represented as a key-value pair in the JSON object. The key
+     * is the setting name, optionally appended with the language if the setting is
+     * language-specific, while the value corresponds to the setting's content.
      *
-     * @return a {@code JsonObject} containing all application settings, organized
-     *         as key-value pairs for non-localized settings, or as sub-objects
-     *         for settings with language localizations.
+     * @return A {@link JsonObject} containing all settings from the database, structured
+     *         with their names (and languages, if applicable) as keys and their
+     *         respective contents as values.
+     *         Shortened Example:
+     *         <code>
+     *             {
+     *                 ":FilePIDsEnabled": "false",
+     *                 ":ApplicationTermsOfUse": "Non-localized default / fallback terms.",
+     *                 ":ApplicationTermsOfUse/lang/fr": "Il s'agit de termes localisés en français.",
+     *                 ":MaxFileUploadSizeInBytes": {
+     *                      "default": "2147483648",
+     *                      "fileOne": "4000000000",
+     *                      "s3": "8000000000"
+     *                 }
+     *             }
+     *         </code>
+     *
+     * @implNote The reason to use a flattened approach for the localized settings is to stay backward compatible.
+     *           Per good practice, a bulk operation should be a composite of the single operation.
+     *           As you need to provide the language parameter to query or put them single, the localization is not
+     *           part of the content model, but of the {@link Setting} data model. Using a JSON sub-object or using
+     *           a separated approach is possible, but adds additional complexity. In case of the sub-object it even
+     *           violates that the value you retrieve from the bulk operation can be used for a single operation again.
+     *           As long as we do not update our content model, but store the language as part of the data model,
+     *           this flattening seems to be the most balanced compromise.
      */
     public JsonObject listAllAsJson() {
         Set<Setting> settings = new HashSet<>(em.createNamedQuery("Setting.findAll", Setting.class).getResultList());
-        
-        Set<String> settingsWithL10n = settings.stream()
-            .filter(s -> s.getLang() != null)
-            .map(Setting::getName)
-            .collect(Collectors.toUnmodifiableSet());
-        Map<String, JsonObjectBuilder> localizedSettings = new HashMap<>();
-        
         JsonObjectBuilder response = Json.createObjectBuilder();
         
         // Iterate over all the settings and add them to the response.
         settings.forEach(setting -> {
-            // Simple case: This settings is not localized, go ahead and add it.
-            if (!settingsWithL10n.contains(setting.getName())) {
-                response.add(setting.getName(), setting.getContent());
-            // Localized case: We can't just add it, we need to have a sub-object.
-            //                 Also, we don't know the order of the settings or when all localized variants are done.
-            } else {
-                localizedSettings.computeIfAbsent(setting.getName(), name -> Json.createObjectBuilder());
-                localizedSettings.get(setting.getName())
-                    .add(setting.getLang() == null ? "base" : setting.getLang(), setting.getContent());
-            }
+            response.add(
+                setting.getName() + (setting.getLang() == null ? "" : "/lang/"+setting.getLang()),
+                setting.getContent()
+            );
         });
         
-        // We now know that we processed all settings, so add all the l10n builders at once.
-        localizedSettings.forEach(response::add);
         return response.build();
     }
     
diff --git a/src/test/java/edu/harvard/iq/dataverse/settings/SettingsServiceBeanTest.java b/src/test/java/edu/harvard/iq/dataverse/settings/SettingsServiceBeanTest.java
index a80b4786982..47feea5a2fa 100644
--- a/src/test/java/edu/harvard/iq/dataverse/settings/SettingsServiceBeanTest.java
+++ b/src/test/java/edu/harvard/iq/dataverse/settings/SettingsServiceBeanTest.java
@@ -116,13 +116,10 @@ void testListAllAsJson_localizedSettings() {
             JsonObject result = settingsServiceBean.listAllAsJson();
             
             // Then
-            assertEquals(1, result.size());
-            JsonObject localizedSetting = result.getJsonObject("localizedKey");
-            
-            assertEquals(3, localizedSetting.size());
-            assertEquals("value_base", localizedSetting.getString("base"));
-            assertEquals("value_en", localizedSetting.getString("en"));
-            assertEquals("value_fr", localizedSetting.getString("fr"));
+            assertEquals(3, result.size());
+            assertEquals("value_base", result.getString("localizedKey"));
+            assertEquals("value_en", result.getString("localizedKey/lang/en"));
+            assertEquals("value_fr", result.getString("localizedKey/lang/fr"));
         }
     }
 }
\ No newline at end of file

From d153cacbd3dd311fecc55f90fabc206b002982d0 Mon Sep 17 00:00:00 2001
From: Oliver Bertuch <o.bertuch@fz-juelich.de>
Date: Wed, 16 Jul 2025 17:26:31 +0200
Subject: [PATCH 221/634] feat: add validation for settings names and language
 codes in Admin Settings API #11639

Introduced validation logic for setting names and ISO 639-1 language codes across Admin API endpoints. Ensures meaningful error messages for invalid inputs, improving robustness and user feedback. Refactored related methods accordingly. Added missing GET endpoint for localized settings.
---
 .../edu/harvard/iq/dataverse/api/Admin.java   | 86 ++++++++++++++++---
 1 file changed, 74 insertions(+), 12 deletions(-)

diff --git a/src/main/java/edu/harvard/iq/dataverse/api/Admin.java b/src/main/java/edu/harvard/iq/dataverse/api/Admin.java
index 69ed33f60dc..6add116834d 100644
--- a/src/main/java/edu/harvard/iq/dataverse/api/Admin.java
+++ b/src/main/java/edu/harvard/iq/dataverse/api/Admin.java
@@ -70,6 +70,7 @@
 import java.io.StringReader;
 import java.nio.charset.StandardCharsets;
 import java.util.Collections;
+import java.util.Locale;
 import java.util.Map;
 import java.util.Map.Entry;
 import java.util.function.Predicate;
@@ -210,42 +211,103 @@ public class Admin extends AbstractApiBean {
     public Response listAllSettings() {
         return ok(settingsSvc.listAllAsJson());
     }
+    
+    private void validateSettingName(String name) throws IllegalArgumentException {
+        if (SettingsServiceBean.Key.parse(name) == null) {
+            // If there is more than one colon, this may be someone trying to use the old suffix settings.
+            // Change the error message for that slightly.
+            if (name.replace(":","").length() < name.length() - 1) {
+                throw new IllegalArgumentException("The name of the setting may not have a colon separated suffix since Dataverse 6.8. Please update your scripts.");
+            }
+            throw new IllegalArgumentException("The name of the setting is required.");
+        }
+    }
+    
+    private void validateSettingLang(String lang) throws IllegalArgumentException {
+        if (lang == null || lang.length() != 2 || !Arrays.asList(Locale.getISOLanguages()).contains(lang)) {
+            throw new IllegalArgumentException("The language '" + lang + "' is not a valid ISO 639-1 language code.");
+        }
+    }
 
     @Path("settings/{name}")
     @PUT
     public Response putSetting(@PathParam("name") String name, String content) {
-        Setting s = settingsSvc.set(name, content);
-        return ok(jsonObjectBuilder().add(s.getName(), s.getContent()));
+        try {
+            validateSettingName(name);
+            
+            Setting s = settingsSvc.set(name, content);
+            return ok("Setting " + name + " added.");
+        } catch (IllegalArgumentException iae) {
+            return error(Response.Status.BAD_REQUEST, iae.getMessage());
+        }
     }
 
     @Path("settings/{name}/lang/{lang}")
     @PUT
     public Response putSettingLang(@PathParam("name") String name, @PathParam("lang") String lang, String content) {
-        Setting s = settingsSvc.set(name, lang, content);
-        return ok("Setting " + name + " - " + lang + " - added.");
+        try {
+            validateSettingName(name);
+            validateSettingLang(lang);
+            
+            Setting s = settingsSvc.set(name, lang, content);
+            return ok("Setting " + name + " added for language " + lang + ".");
+        } catch (IllegalArgumentException iae) {
+            return error(Response.Status.BAD_REQUEST, iae.getMessage());
+        }
     }
 
     @Path("settings/{name}")
     @GET
     public Response getSetting(@PathParam("name") String name) {
-        String s = settingsSvc.get(name);
-
-        return (s != null) ? ok(s) : notFound("Setting " + name + " not found");
+        try {
+            validateSettingName(name);
+            
+            String content = settingsSvc.get(name);
+            return (content != null) ? ok(content) : notFound("Setting " + name + " not found.");
+        } catch (IllegalArgumentException iae) {
+            return error(Response.Status.BAD_REQUEST, iae.getMessage());
+        }
+    }
+    
+    @Path("settings/{name}/lang/{lang}")
+    @GET
+    public Response getSetting(@PathParam("name") String name, @PathParam("lang") String lang) {
+        try {
+            validateSettingName(name);
+            validateSettingLang(lang);
+            
+            String content = settingsSvc.get(name, lang);
+            return (content != null) ? ok(content) : notFound("Setting " + name + " for language " + lang + " not found.");
+        } catch (IllegalArgumentException iae) {
+            return error(Response.Status.BAD_REQUEST, iae.getMessage());
+        }
     }
 
     @Path("settings/{name}")
     @DELETE
     public Response deleteSetting(@PathParam("name") String name) {
-        settingsSvc.delete(name);
-
-        return ok("Setting " + name + " deleted.");
+        try {
+            validateSettingName(name);
+            
+            settingsSvc.delete(name);
+            return ok("Setting " + name + " deleted.");
+        } catch (IllegalArgumentException iae) {
+            return error(Response.Status.BAD_REQUEST, iae.getMessage());
+        }
     }
 
     @Path("settings/{name}/lang/{lang}")
     @DELETE
     public Response deleteSettingLang(@PathParam("name") String name, @PathParam("lang") String lang) {
-        settingsSvc.delete(name, lang);
-        return ok("Setting " + name + " - " + lang + " deleted.");
+        try {
+            validateSettingName(name);
+            validateSettingLang(lang);
+            
+            settingsSvc.delete(name, lang);
+            return ok("Setting " + name + " for language " + lang + " deleted.");
+        } catch (IllegalArgumentException iae) {
+            return error(Response.Status.BAD_REQUEST, iae.getMessage());
+        }
     }
         
     @Path("template/{id}")

From 3975db076923d8ae9e82337575e61b6e16512ad8 Mon Sep 17 00:00:00 2001
From: Oliver Bertuch <o.bertuch@fz-juelich.de>
Date: Thu, 17 Jul 2025 17:07:54 +0200
Subject: [PATCH 222/634] feat: support JSON objects in `listAllAsJson`
 settings output and update tests #11639

Enhanced `listAllAsJson` to handle settings with JSON content as proper JSON objects in the API response. Introduced a constant for localization key separator. Updated unit tests to cover new behavior with JSON settings.
---
 .../settings/SettingsServiceBean.java         | 16 ++++++++----
 .../settings/SettingsServiceBeanTest.java     | 26 +++++++++++++++++--
 2 files changed, 35 insertions(+), 7 deletions(-)

diff --git a/src/main/java/edu/harvard/iq/dataverse/settings/SettingsServiceBean.java b/src/main/java/edu/harvard/iq/dataverse/settings/SettingsServiceBean.java
index 0f3d9557e6b..365362d577c 100644
--- a/src/main/java/edu/harvard/iq/dataverse/settings/SettingsServiceBean.java
+++ b/src/main/java/edu/harvard/iq/dataverse/settings/SettingsServiceBean.java
@@ -1022,6 +1022,8 @@ public Set<Setting> listAllWithoutLocalizations() {
         return new HashSet<>(em.createNamedQuery("Setting.findAllWithoutLang", Setting.class).getResultList());
     }
     
+    public static final String L10N_KEY_SEPARATOR = "/lang/";
+    
     /**
      * Retrieves all settings from the database and converts them into a JSON object.
      * Each setting is represented as a key-value pair in the JSON object. The key
@@ -1060,11 +1062,15 @@ public JsonObject listAllAsJson() {
         
         // Iterate over all the settings and add them to the response.
         settings.forEach(setting -> {
-            response.add(
-                setting.getName() + (setting.getLang() == null ? "" : "/lang/"+setting.getLang()),
-                setting.getContent()
-            );
-        });
+            String name = setting.getName() + (setting.getLang() == null ? "" : L10N_KEY_SEPARATOR + setting.getLang());
+            
+            // In case the setting is a JSON object, treat it a such in the output (so the API can return valid JSON)
+            if (setting.getContent().trim().startsWith("{"))
+                response.add(name, Json.createObjectBuilder(JsonUtil.getJsonObject(setting.getContent())));
+            else
+                response.add(name, setting.getContent());
+            }
+        );
         
         return response.build();
     }
diff --git a/src/test/java/edu/harvard/iq/dataverse/settings/SettingsServiceBeanTest.java b/src/test/java/edu/harvard/iq/dataverse/settings/SettingsServiceBeanTest.java
index 47feea5a2fa..e52c7ea7887 100644
--- a/src/test/java/edu/harvard/iq/dataverse/settings/SettingsServiceBeanTest.java
+++ b/src/test/java/edu/harvard/iq/dataverse/settings/SettingsServiceBeanTest.java
@@ -89,7 +89,7 @@ void testListAllAsJson_nonLocalizedSettings() {
             // Given
             List<Setting> resultList = List.of(
                 new Setting("testKey1", "testValue1"),
-                new Setting("testKey2", "testValue2")
+                new Setting("testKey2", "12345")
             );
             when(typedQuery.getResultList()).thenReturn(resultList);
             
@@ -99,7 +99,29 @@ void testListAllAsJson_nonLocalizedSettings() {
             // Then
             assertEquals(2, result.size());
             assertEquals("testValue1", result.getString("testKey1"));
-            assertEquals("testValue2", result.getString("testKey2"));
+            assertEquals("12345", result.getString("testKey2"));
+        }
+        
+        @Test
+        void testListAllAsJson_jsonSetting() {
+            // Given
+            JsonObject expected = Json.createObjectBuilder()
+                .add("default", "2147483648")
+                .add("fileOne", "4000000000")
+                .add("s3", "8000000000")
+                .build();
+            
+            List<Setting> resultList = List.of(
+                new Setting(SettingsServiceBean.Key.MaxFileUploadSizeInBytes.toString(), "{\"default\":\"2147483648\",\"fileOne\":\"4000000000\",\"s3\":\"8000000000\"}")
+            );
+            when(typedQuery.getResultList()).thenReturn(resultList);
+            
+            // When
+            JsonObject result = settingsServiceBean.listAllAsJson();
+            
+            // Then
+            assertEquals(1, result.size());
+            assertEquals(expected.toString(), result.getJsonObject(SettingsServiceBean.Key.MaxFileUploadSizeInBytes.toString()).toString());
         }
         
         @Test

From 865ed5cc4dab2a9c283cfdce8b521896f3a5c0be Mon Sep 17 00:00:00 2001
From: Oliver Bertuch <o.bertuch@fz-juelich.de>
Date: Thu, 17 Jul 2025 17:13:03 +0200
Subject: [PATCH 223/634] refactor: centralize validation logic for settings
 names and language codes in `SettingsServiceBean` #11639

Moved `validateSettingName` and `validateSettingLang` from `Admin` to `SettingsServiceBean` to improve reusability and maintain consistency. Updated tests and API endpoints to use the centralized methods. Expanded test coverage for validation scenarios.
---
 .../edu/harvard/iq/dataverse/api/Admin.java   | 36 ++++---------
 .../settings/SettingsServiceBean.java         | 40 +++++++++++++++
 .../settings/SettingsServiceBeanTest.java     | 51 +++++++++++++++++++
 3 files changed, 100 insertions(+), 27 deletions(-)

diff --git a/src/main/java/edu/harvard/iq/dataverse/api/Admin.java b/src/main/java/edu/harvard/iq/dataverse/api/Admin.java
index 6add116834d..fbab4e529b1 100644
--- a/src/main/java/edu/harvard/iq/dataverse/api/Admin.java
+++ b/src/main/java/edu/harvard/iq/dataverse/api/Admin.java
@@ -70,7 +70,6 @@
 import java.io.StringReader;
 import java.nio.charset.StandardCharsets;
 import java.util.Collections;
-import java.util.Locale;
 import java.util.Map;
 import java.util.Map.Entry;
 import java.util.function.Predicate;
@@ -212,28 +211,11 @@ public Response listAllSettings() {
         return ok(settingsSvc.listAllAsJson());
     }
     
-    private void validateSettingName(String name) throws IllegalArgumentException {
-        if (SettingsServiceBean.Key.parse(name) == null) {
-            // If there is more than one colon, this may be someone trying to use the old suffix settings.
-            // Change the error message for that slightly.
-            if (name.replace(":","").length() < name.length() - 1) {
-                throw new IllegalArgumentException("The name of the setting may not have a colon separated suffix since Dataverse 6.8. Please update your scripts.");
-            }
-            throw new IllegalArgumentException("The name of the setting is required.");
-        }
-    }
-    
-    private void validateSettingLang(String lang) throws IllegalArgumentException {
-        if (lang == null || lang.length() != 2 || !Arrays.asList(Locale.getISOLanguages()).contains(lang)) {
-            throw new IllegalArgumentException("The language '" + lang + "' is not a valid ISO 639-1 language code.");
-        }
-    }
-
     @Path("settings/{name}")
     @PUT
     public Response putSetting(@PathParam("name") String name, String content) {
         try {
-            validateSettingName(name);
+            SettingsServiceBean.validateSettingName(name);
             
             Setting s = settingsSvc.set(name, content);
             return ok("Setting " + name + " added.");
@@ -246,8 +228,8 @@ public Response putSetting(@PathParam("name") String name, String content) {
     @PUT
     public Response putSettingLang(@PathParam("name") String name, @PathParam("lang") String lang, String content) {
         try {
-            validateSettingName(name);
-            validateSettingLang(lang);
+            SettingsServiceBean.validateSettingName(name);
+            SettingsServiceBean.validateSettingLang(lang);
             
             Setting s = settingsSvc.set(name, lang, content);
             return ok("Setting " + name + " added for language " + lang + ".");
@@ -260,7 +242,7 @@ public Response putSettingLang(@PathParam("name") String name, @PathParam("lang"
     @GET
     public Response getSetting(@PathParam("name") String name) {
         try {
-            validateSettingName(name);
+            SettingsServiceBean.validateSettingName(name);
             
             String content = settingsSvc.get(name);
             return (content != null) ? ok(content) : notFound("Setting " + name + " not found.");
@@ -273,8 +255,8 @@ public Response getSetting(@PathParam("name") String name) {
     @GET
     public Response getSetting(@PathParam("name") String name, @PathParam("lang") String lang) {
         try {
-            validateSettingName(name);
-            validateSettingLang(lang);
+            SettingsServiceBean.validateSettingName(name);
+            SettingsServiceBean.validateSettingLang(lang);
             
             String content = settingsSvc.get(name, lang);
             return (content != null) ? ok(content) : notFound("Setting " + name + " for language " + lang + " not found.");
@@ -287,7 +269,7 @@ public Response getSetting(@PathParam("name") String name, @PathParam("lang") St
     @DELETE
     public Response deleteSetting(@PathParam("name") String name) {
         try {
-            validateSettingName(name);
+            SettingsServiceBean.validateSettingName(name);
             
             settingsSvc.delete(name);
             return ok("Setting " + name + " deleted.");
@@ -300,8 +282,8 @@ public Response deleteSetting(@PathParam("name") String name) {
     @DELETE
     public Response deleteSettingLang(@PathParam("name") String name, @PathParam("lang") String lang) {
         try {
-            validateSettingName(name);
-            validateSettingLang(lang);
+            SettingsServiceBean.validateSettingName(name);
+            SettingsServiceBean.validateSettingLang(lang);
             
             settingsSvc.delete(name, lang);
             return ok("Setting " + name + " for language " + lang + " deleted.");
diff --git a/src/main/java/edu/harvard/iq/dataverse/settings/SettingsServiceBean.java b/src/main/java/edu/harvard/iq/dataverse/settings/SettingsServiceBean.java
index 365362d577c..732b2ffad49 100644
--- a/src/main/java/edu/harvard/iq/dataverse/settings/SettingsServiceBean.java
+++ b/src/main/java/edu/harvard/iq/dataverse/settings/SettingsServiceBean.java
@@ -20,11 +20,13 @@
 import org.json.JSONException;
 import org.json.JSONObject;
 
+import java.util.Arrays;
 import java.util.Collections;
 import java.util.HashMap;
 import java.util.HashSet;
 import java.util.LinkedHashMap;
 import java.util.List;
+import java.util.Locale;
 import java.util.Map;
 import java.util.Set;
 import java.util.StringTokenizer;
@@ -1123,4 +1125,42 @@ public Set<String> getConfiguredLanguages() {
         return langs;
     }
 
+    
+    /**
+     * Validates the provided setting name to ensure it meets the required format.
+     * Throws an {@code IllegalArgumentException} if the name is invalid, including cases
+     * where it contains a colon-separated suffix that is no longer supported.
+     *
+     * @param name The name of the setting to be validated.
+     *             It must adhere to the allowable setting name format.
+     *             Names with more than one colon, which may indicate deprecated suffix formats, are not allowed.
+     * @throws IllegalArgumentException if the setting name is invalid.
+     */
+    public static void validateSettingName(String name) {
+        if (SettingsServiceBean.Key.parse(name) == null) {
+            // If there is more than one colon, this may be someone trying to use the old suffix settings.
+            // Change the error message for that slightly.
+            if (name.replace(":","").length() < name.length() - 1) {
+                throw new IllegalArgumentException("The name of the setting may not have a colon separated suffix since Dataverse 6.8. Please update your scripts.");
+            }
+            throw new IllegalArgumentException("The name of the setting is invalid.");
+        }
+    }
+    
+    /**
+     * Validates the provided language code to ensure it adheres to the ISO 639-1 format.
+     * This method checks that the language code is not null, has a length of 2 characters,
+     * and exists within the list of valid ISO 639-1 language codes. If the validation
+     * fails, an {@code IllegalArgumentException} is thrown.
+     *
+     * @param lang the language code to be validated. It must be a non-null,
+     *             2-character string representing a valid ISO 639-1 language code.
+     * @throws IllegalArgumentException if the language code is invalid.
+     */
+    public static void validateSettingLang(String lang) {
+        if (lang == null || lang.length() != 2 || !Arrays.asList(Locale.getISOLanguages()).contains(lang)) {
+            throw new IllegalArgumentException("The language '" + lang + "' is not a valid ISO 639-1 language code.");
+        }
+    }
+    
 }
diff --git a/src/test/java/edu/harvard/iq/dataverse/settings/SettingsServiceBeanTest.java b/src/test/java/edu/harvard/iq/dataverse/settings/SettingsServiceBeanTest.java
index e52c7ea7887..3f65e5317a4 100644
--- a/src/test/java/edu/harvard/iq/dataverse/settings/SettingsServiceBeanTest.java
+++ b/src/test/java/edu/harvard/iq/dataverse/settings/SettingsServiceBeanTest.java
@@ -1,5 +1,6 @@
 package edu.harvard.iq.dataverse.settings;
 
+import jakarta.json.Json;
 import jakarta.json.JsonObject;
 import jakarta.persistence.EntityManager;
 import jakarta.persistence.TypedQuery;
@@ -8,13 +9,17 @@
 import org.junit.jupiter.api.Test;
 import org.junit.jupiter.params.ParameterizedTest;
 import org.junit.jupiter.params.provider.Arguments;
+import org.junit.jupiter.params.provider.CsvSource;
 import org.junit.jupiter.params.provider.MethodSource;
+import org.junit.jupiter.params.provider.ValueSource;
 import org.mockito.ArgumentMatchers;
 
 import java.util.Collections;
 import java.util.List;
 
+import static org.junit.jupiter.api.Assertions.assertDoesNotThrow;
 import static org.junit.jupiter.api.Assertions.assertEquals;
+import static org.junit.jupiter.api.Assertions.assertThrows;
 import static org.mockito.Mockito.mock;
 import static org.mockito.Mockito.when;
 
@@ -54,6 +59,52 @@ void testRoundtrip() {
         }
     }
     
+    @Nested
+    class ValidateSettingNameTest {
+        
+        @ValueSource(strings = {":ShowMuteOptions", ":AllowApiTokenLookupViaApi", ":OAuth2CallbackUrl"})
+        @ParameterizedTest
+        void testValidateSettingName_validNames(String name) {
+            assertDoesNotThrow(() -> SettingsServiceBean.validateSettingName(name));
+        }
+        
+        @CsvSource({
+            "invalidName, 'The name of the setting is invalid.'",
+            ":invalid:suffix, 'The name of the setting may not have a colon separated suffix since Dataverse 6.8. Please update your scripts.'",
+            ":NonExistentKey, 'The name of the setting is invalid.'",
+            ":ShowMuteOptions/lang/en, 'The name of the setting is invalid.'"
+        })
+        @ParameterizedTest
+        void testValidateSettingName_invalidNames(String name, String expectedMessage) {
+            IllegalArgumentException exception = assertThrows(IllegalArgumentException.class,
+                () -> SettingsServiceBean.validateSettingName(name));
+            assertEquals(expectedMessage, exception.getMessage());
+        }
+    }
+    
+    @Nested
+    class ValidateSettingLangTest {
+        
+        @ValueSource(strings = {"en", "fr", "de"})
+        @ParameterizedTest
+        void testValidateSettingLang_validLanguage(String language) {
+            assertDoesNotThrow(() -> SettingsServiceBean.validateSettingLang(language));
+        }
+        
+        @CsvSource({
+            ", 'The language ''null'' is not a valid ISO 639-1 language code.'",
+            "e, 'The language ''e'' is not a valid ISO 639-1 language code.'",
+            "xyz, 'The language ''xyz'' is not a valid ISO 639-1 language code.'",
+            "zz, 'The language ''zz'' is not a valid ISO 639-1 language code.'"
+        })
+        @ParameterizedTest
+        void testValidateSettingLang_invalidLanguage(String language, String expectedMessage) {
+            IllegalArgumentException exception = assertThrows(IllegalArgumentException.class,
+                () -> SettingsServiceBean.validateSettingLang(language));
+            assertEquals(expectedMessage, exception.getMessage());
+        }
+    }
+    
     @Nested
     class ListAllAsJsonTest {
         

From 8fe97546e2830fd688ca58ca65d6e21bfb53e6c9 Mon Sep 17 00:00:00 2001
From: Oliver Bertuch <o.bertuch@fz-juelich.de>
Date: Thu, 17 Jul 2025 17:14:25 +0200
Subject: [PATCH 224/634] feat: add `validateKeys` method to validate settings
 keys and update tests #11639

Introduced `validateKeys` method in `SettingsServiceBean` to ensure proper settings key validation, including localized and non-localized cases. Added parameterized test coverage for validation scenarios in `SettingsServiceBeanTest`.
---
 .../settings/SettingsServiceBean.java         | 30 +++++++++++++++-
 .../settings/SettingsServiceBeanTest.java     | 36 +++++++++++++++++++
 2 files changed, 65 insertions(+), 1 deletion(-)

diff --git a/src/main/java/edu/harvard/iq/dataverse/settings/SettingsServiceBean.java b/src/main/java/edu/harvard/iq/dataverse/settings/SettingsServiceBean.java
index 732b2ffad49..4050b6f9e20 100644
--- a/src/main/java/edu/harvard/iq/dataverse/settings/SettingsServiceBean.java
+++ b/src/main/java/edu/harvard/iq/dataverse/settings/SettingsServiceBean.java
@@ -1124,7 +1124,35 @@ public Set<String> getConfiguredLanguages() {
         langs.addAll(configuredLocales.keySet());
         return langs;
     }
-
+    
+    /**
+     * Validates the keys in the provided settings JSON object.
+     * This method checks if each key follows the required format and rules.
+     * If a key is invalid, it is added to the list of invalid keys.
+     *
+     * @param settings the JsonObject containing the keys to be validated
+     * @return a list of invalid keys as an unmodifiable list
+     */
+    public static List<String> validateKeys(JsonObject settings) {
+        List<String> invalidKeys = new ArrayList<>();
+        for (String key : settings.keySet()) {
+            try {
+                // Case A: localized setting, validate setting and language
+                if (key.contains(L10N_KEY_SEPARATOR)) {
+                    String name = key.substring(0, key.indexOf(L10N_KEY_SEPARATOR));
+                    String lang = key.substring(key.indexOf(L10N_KEY_SEPARATOR) + L10N_KEY_SEPARATOR.length());
+                    validateSettingName(name);
+                    validateSettingLang(lang);
+                // Case B: Simple, non-localized setting name
+                } else {
+                    validateSettingName(key);
+                }
+            } catch (IllegalArgumentException iae) {
+                invalidKeys.add(key);
+            }
+        }
+        return Collections.unmodifiableList(invalidKeys);
+    }
     
     /**
      * Validates the provided setting name to ensure it meets the required format.
diff --git a/src/test/java/edu/harvard/iq/dataverse/settings/SettingsServiceBeanTest.java b/src/test/java/edu/harvard/iq/dataverse/settings/SettingsServiceBeanTest.java
index 3f65e5317a4..f504c668dd8 100644
--- a/src/test/java/edu/harvard/iq/dataverse/settings/SettingsServiceBeanTest.java
+++ b/src/test/java/edu/harvard/iq/dataverse/settings/SettingsServiceBeanTest.java
@@ -105,6 +105,42 @@ void testValidateSettingLang_invalidLanguage(String language, String expectedMes
         }
     }
     
+    @Nested
+    class ValidateKeysTest {
+        static List<Arguments> validateKeysTestParameters() {
+            return List.of(
+                Arguments.of(
+                    Json.createObjectBuilder()
+                        .add(":ApplicationTermsOfUse", "validValue1")
+                        .add(":ApplicationTermsOfUse/lang/en", "validValue2")
+                        .build(),
+                    List.of()
+                ),
+                Arguments.of(
+                    Json.createObjectBuilder()
+                        .add(":Invalid:Key", "value1")
+                        .add(":NonExistentKey/lang/fr", "value2")
+                        .build(),
+                    List.of(":Invalid:Key", ":NonExistentKey/lang/fr")
+                ),
+                Arguments.of(
+                    Json.createObjectBuilder()
+                        .add(":ApplicationTermsOfUse", "value3")
+                        .add("NoColonKey", "value4")
+                        .build(),
+                    List.of("NoColonKey")
+                )
+            );
+        }
+        
+        @MethodSource("validateKeysTestParameters")
+        @ParameterizedTest
+        void testValidateKeys(JsonObject input, List<String> expectedInvalidKeys) {
+            List<String> result = SettingsServiceBean.validateKeys(input);
+            assertEquals(expectedInvalidKeys, result);
+        }
+    }
+    
     @Nested
     class ListAllAsJsonTest {
         

From 515472d301c9d32621bcc4e77a8ba73df3c76c06 Mon Sep 17 00:00:00 2001
From: Oliver Bertuch <o.bertuch@fz-juelich.de>
Date: Thu, 17 Jul 2025 17:16:41 +0200
Subject: [PATCH 225/634] feat: add
 `SettingsServiceBean.convertJsonToSettings()` method and unit tests #11639

Introduced `convertJsonToSettings` in `SettingsServiceBean` to transform JSON objects into `Setting` instances, supporting language-specific keys. Added comprehensive unit tests to verify functionality with various JSON structures.
---
 .../settings/SettingsServiceBean.java         | 35 ++++++++
 .../settings/SettingsServiceBeanTest.java     | 79 +++++++++++++++++++
 2 files changed, 114 insertions(+)

diff --git a/src/main/java/edu/harvard/iq/dataverse/settings/SettingsServiceBean.java b/src/main/java/edu/harvard/iq/dataverse/settings/SettingsServiceBean.java
index 4050b6f9e20..9526f1f5b4a 100644
--- a/src/main/java/edu/harvard/iq/dataverse/settings/SettingsServiceBean.java
+++ b/src/main/java/edu/harvard/iq/dataverse/settings/SettingsServiceBean.java
@@ -1077,6 +1077,41 @@ public JsonObject listAllAsJson() {
         return response.build();
     }
     
+    /**
+     * Converts a JSON object representing settings into a list of Setting objects.
+     * Each entry in the JSON object is processed to create a Setting instance.
+     * If the key includes a language (indicated by a separator), the language
+     * information is extracted and included in the Setting object.
+     * Note: This method expects a pre-validated JsonObject and will happily create
+     *       nonsense settings for you otherwise.
+     *
+     * @param settings a (pre-validated) {@link JsonObject} containing key-value pairs where
+     *                 each key represents a setting name (and optionally a language code),
+     *                 and each value represents the associated content.
+     * @return a {@link List} of {@link Setting} objects parsed from the input JSON object.
+     */
+    static List<Setting> convertJsonToSettings(JsonObject settings) {
+        return settings.entrySet().stream()
+            .map(entry -> {
+                String key = entry.getKey();
+                String value = entry.getValue().toString()
+                    // This is necessary to avoid storing the quotes inthe DB when a setting is a simple value.
+                    // JsonValue will escape any JsonString with such quotes.
+                    .replaceFirst("^\"", "")
+                    .replaceFirst("\"$", "");
+                
+                if (key.contains(L10N_KEY_SEPARATOR)) {
+                    // Handle localized settings
+                    String name = key.substring(0, key.indexOf(L10N_KEY_SEPARATOR));
+                    String lang = key.substring(key.indexOf(L10N_KEY_SEPARATOR) + L10N_KEY_SEPARATOR.length());
+                    return new Setting(name, lang, value);
+                } else {
+                    return new Setting(key, value);
+                }
+            })
+            .collect(Collectors.toList());
+    }
+    
     public Map<String, String> getBaseMetadataLanguageMap(Map<String,String> languageMap, boolean refresh) {
         if (languageMap == null || refresh) {
             languageMap = new HashMap<String, String>();
diff --git a/src/test/java/edu/harvard/iq/dataverse/settings/SettingsServiceBeanTest.java b/src/test/java/edu/harvard/iq/dataverse/settings/SettingsServiceBeanTest.java
index f504c668dd8..34d791d8fc3 100644
--- a/src/test/java/edu/harvard/iq/dataverse/settings/SettingsServiceBeanTest.java
+++ b/src/test/java/edu/harvard/iq/dataverse/settings/SettingsServiceBeanTest.java
@@ -231,4 +231,83 @@ void testListAllAsJson_localizedSettings() {
             assertEquals("value_fr", result.getString("localizedKey/lang/fr"));
         }
     }
+    
+    @Nested
+    class ConvertJsonToSettingsTest {
+        
+        @Test
+        void testConvertJsonToSettings_simpleKeyValues() {
+            // Given
+            JsonObject input = Json.createObjectBuilder()
+                .add(":Key1", "Value1")
+                .add(":Key2", "123456")
+                // The REST API endpoint presents a JsonObject, which may have number literals in it.
+                // Check that we can cope with that.
+                .add(":Key3", 123456)
+                .build();
+            
+            // When
+            List<Setting> result = SettingsServiceBean.convertJsonToSettings(input);
+            
+            // Then
+            assertEquals(3, result.size());
+            assertEquals(new Setting(":Key1", "Value1"), result.get(0));
+            assertEquals(new Setting(":Key2", "123456"), result.get(1));
+            assertEquals(new Setting(":Key3", "123456"), result.get(2));
+        }
+        
+        @Test
+        void testConvertJsonToSettings_localizedKeysWithSimpleValues() {
+            // Given
+            JsonObject input = Json.createObjectBuilder()
+                .add(":LocalizedKey/lang/en", "EnglishValue")
+                .add(":LocalizedKey/lang/fr", "FrenchValue")
+                .build();
+            
+            // When
+            List<Setting> result = SettingsServiceBean.convertJsonToSettings(input);
+            
+            // Then
+            assertEquals(2, result.size());
+            assertEquals(new Setting(":LocalizedKey", "en", "EnglishValue"), result.get(0));
+            assertEquals(new Setting(":LocalizedKey", "fr", "FrenchValue"), result.get(1));
+        }
+        
+        @Test
+        void testConvertJsonToSettings_emptyJson() {
+            // Given
+            JsonObject input = Json.createObjectBuilder().build();
+            
+            // When
+            List<Setting> result = SettingsServiceBean.convertJsonToSettings(input);
+            
+            // Then
+            assertEquals(0, result.size());
+        }
+        
+        @Test
+        void testConvertJsonToSettings_complexJsonValue() {
+            // Given
+            JsonObject input = Json.createObjectBuilder()
+                .add(
+                    ":MaxFileUploadSizeInBytes",
+                    Json.createObjectBuilder()
+                        .add("default", "2147483648")
+                        .add("fileOne", "4000000000")
+                        .add("s3", "8000000000")
+                        .build())
+                .build();
+            
+            // When
+            List<Setting> result = SettingsServiceBean.convertJsonToSettings(input);
+            
+            // Then
+            assertEquals(1, result.size());
+            assertEquals(new Setting(":MaxFileUploadSizeInBytes",
+                    "{\"default\":\"2147483648\",\"fileOne\":\"4000000000\",\"s3\":\"8000000000\"}"),
+                result.get(0));
+        }
+        
+        
+    }
 }
\ No newline at end of file

From a1061115726573a610339667c5096854946a5bc3 Mon Sep 17 00:00:00 2001
From: Oliver Bertuch <o.bertuch@fz-juelich.de>
Date: Thu, 17 Jul 2025 17:21:12 +0200
Subject: [PATCH 226/634] feat: add `putAllSettings` endpoint to Admin API for
 bulk settings update #11639

Introduced a new `PUT /api/admin/settings` endpoint to update all settings in bulk with JSON input. Added `setAllFromJson` method and placeholder implementation for `replaceAllSettings` in `SettingsServiceBean`. Validates input structure and ensures atomic updates.
---
 .../edu/harvard/iq/dataverse/api/Admin.java   | 23 ++++++++++
 .../settings/SettingsServiceBean.java         | 42 +++++++++++++++++++
 2 files changed, 65 insertions(+)

diff --git a/src/main/java/edu/harvard/iq/dataverse/api/Admin.java b/src/main/java/edu/harvard/iq/dataverse/api/Admin.java
index fbab4e529b1..e00a93a826f 100644
--- a/src/main/java/edu/harvard/iq/dataverse/api/Admin.java
+++ b/src/main/java/edu/harvard/iq/dataverse/api/Admin.java
@@ -63,6 +63,7 @@
 import jakarta.ws.rs.PathParam;
 import jakarta.ws.rs.container.ContainerRequestContext;
 import jakarta.ws.rs.core.Context;
+import jakarta.ws.rs.core.MediaType;
 import jakarta.ws.rs.core.Response;
 import static edu.harvard.iq.dataverse.util.json.NullSafeJsonBuilder.jsonObjectBuilder;
 
@@ -211,6 +212,28 @@ public Response listAllSettings() {
         return ok(settingsSvc.listAllAsJson());
     }
     
+    @Path("settings")
+    @PUT
+    @Consumes(MediaType.APPLICATION_JSON)
+    @APIResponses({
+        @APIResponse(responseCode = "200", description = "All database options successfully updated")
+    })
+    public Response putAllSettings(JsonObject settings) {
+        try {
+            // Basic JSON structure validation only
+            if (settings == null || settings.isEmpty()) {
+                return error(Response.Status.BAD_REQUEST, "Empty or invalid JSON object");
+            }
+            
+            // Transfer to domain objects and deeper validation to be handled by the service layer.
+            settingsSvc.setAllFromJson(settings);
+            return ok("All database options successfully updated.");
+            
+        } catch (IllegalArgumentException iae) {
+            return error(Response.Status.BAD_REQUEST, iae.getMessage());
+        }
+    }
+    
     @Path("settings/{name}")
     @PUT
     public Response putSetting(@PathParam("name") String name, String content) {
diff --git a/src/main/java/edu/harvard/iq/dataverse/settings/SettingsServiceBean.java b/src/main/java/edu/harvard/iq/dataverse/settings/SettingsServiceBean.java
index 9526f1f5b4a..dbb437810e4 100644
--- a/src/main/java/edu/harvard/iq/dataverse/settings/SettingsServiceBean.java
+++ b/src/main/java/edu/harvard/iq/dataverse/settings/SettingsServiceBean.java
@@ -16,10 +16,12 @@
 import jakarta.persistence.EntityManager;
 import jakarta.persistence.PersistenceContext;
 
+import jakarta.transaction.Transactional;
 import org.json.JSONArray;
 import org.json.JSONException;
 import org.json.JSONObject;
 
+import java.util.ArrayList;
 import java.util.Arrays;
 import java.util.Collections;
 import java.util.HashMap;
@@ -1077,6 +1079,31 @@ public JsonObject listAllAsJson() {
         return response.build();
     }
     
+    /**
+     * Updates all settings by replacing them with the settings provided in the given JSON object.
+     * This method validates the keys and values from the JSON object, converts them into
+     * a list of Setting objects, and performs an atomic update of the internal settings.
+     *
+     * @param settings a JsonObject containing the new settings to apply.
+     *                 Each key corresponds to a setting name, and each value corresponds
+     *                 to its respective value. The keys and values will be validated before
+     *                 applying the updates.
+     * @throws IllegalArgumentException if the JSON object contains invalid keys or invalid settings.
+     */
+    public void setAllFromJson(JsonObject settings) {
+        // Validate the input
+        List<String> invalidKeys = validateKeys(settings);
+        if (!invalidKeys.isEmpty()) {
+            throw new IllegalArgumentException("Invalid key(s): " + String.join(", ", invalidKeys));
+        }
+        
+        // Convert JSON to Setting objects
+        List<Setting> newSettings = convertJsonToSettings(settings);
+        
+        // Perform atomic update (replace all settings)
+        replaceAllSettings(newSettings);
+    }
+    
     /**
      * Converts a JSON object representing settings into a list of Setting objects.
      * Each entry in the JSON object is processed to create a Setting instance.
@@ -1112,6 +1139,21 @@ static List<Setting> convertJsonToSettings(JsonObject settings) {
             .collect(Collectors.toList());
     }
     
+    /**
+     * Replaces all existing settings with a new list of settings within a single transaction.
+     * The operation is atomic, ensuring that either all changes are applied or none in case of a failure.
+     *
+     * @param newSettings the list of new {@link Setting} objects to replace the existing settings.
+     *                     Must not be null; an empty list clears all settings.
+     */
+    @Transactional
+    public void replaceAllSettings(List<Setting> newSettings) {
+        // Implementation for atomic replacement
+        // This would involve clearing existing settings and inserting new ones
+        // within the same transaction
+        throw new IllegalStateException("Not yet implemented");
+    }
+    
     public Map<String, String> getBaseMetadataLanguageMap(Map<String,String> languageMap, boolean refresh) {
         if (languageMap == null || refresh) {
             languageMap = new HashMap<String, String>();

From 11c8f8211ea27755635731ecd97082f89ccf7d60 Mon Sep 17 00:00:00 2001
From: Oliver Bertuch <o.bertuch@fz-juelich.de>
Date: Fri, 18 Jul 2025 13:39:48 +0200
Subject: [PATCH 227/634] style: normalize spacing in `Setting` entity named
 queries #11639

---
 src/main/java/edu/harvard/iq/dataverse/settings/Setting.java | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/src/main/java/edu/harvard/iq/dataverse/settings/Setting.java b/src/main/java/edu/harvard/iq/dataverse/settings/Setting.java
index e429d685c3e..da548195de7 100644
--- a/src/main/java/edu/harvard/iq/dataverse/settings/Setting.java
+++ b/src/main/java/edu/harvard/iq/dataverse/settings/Setting.java
@@ -24,10 +24,9 @@
     @NamedQuery( name="Setting.findByName",
             query = "SELECT s FROM Setting s WHERE s.name=:name AND s.lang IS NULL" ),
     @NamedQuery( name="Setting.deleteByNameAndLang",
-            query="DELETE FROM Setting s WHERE s.name=:name AND s.lang=:lang"),
+                query="DELETE FROM Setting s WHERE s.name=:name AND s.lang=:lang"),
     @NamedQuery( name="Setting.findByNameAndLang",
-                query = "SELECT s FROM Setting s WHERE s.name=:name AND s.lang=:lang" )
-
+                query="SELECT s FROM Setting s WHERE s.name=:name AND s.lang=:lang")
 })
 @Entity
 public class Setting implements Serializable {

From 71a403c749079376d2f7046b33524de0a8414f94 Mon Sep 17 00:00:00 2001
From: Oliver Bertuch <o.bertuch@fz-juelich.de>
Date: Fri, 18 Jul 2025 13:40:46 +0200
Subject: [PATCH 228/634] fix: add unique constraint to `Setting` entity for
 `name` and `lang` fields #11639

---
 src/main/java/edu/harvard/iq/dataverse/settings/Setting.java | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/src/main/java/edu/harvard/iq/dataverse/settings/Setting.java b/src/main/java/edu/harvard/iq/dataverse/settings/Setting.java
index da548195de7..48477b13a3e 100644
--- a/src/main/java/edu/harvard/iq/dataverse/settings/Setting.java
+++ b/src/main/java/edu/harvard/iq/dataverse/settings/Setting.java
@@ -9,6 +9,8 @@
 import jakarta.persistence.NamedQuery;
 import jakarta.persistence.GeneratedValue;
 import jakarta.persistence.GenerationType;
+import jakarta.persistence.Table;
+import jakarta.persistence.UniqueConstraint;
 
 /**
  * A single value in the config of dataverse.
@@ -29,6 +31,9 @@
                 query="SELECT s FROM Setting s WHERE s.name=:name AND s.lang=:lang")
 })
 @Entity
+@Table(uniqueConstraints = {
+    @UniqueConstraint(name = "UC_setting_name_lang", columnNames = {"name", "lang"}),
+})
 public class Setting implements Serializable {
 
     @Id

From a9b19740c1ea86724afa6b60e42b2b51372e6a9c Mon Sep 17 00:00:00 2001
From: Oliver Bertuch <o.bertuch@fz-juelich.de>
Date: Fri, 18 Jul 2025 13:59:24 +0200
Subject: [PATCH 229/634] refactor: update `Setting` entity and queries to
 treat empty string as default for `lang` #11639

Replaced `NULL` with empty string for `lang` field in `Setting` entity to align with SQL standards and ensure unique constraint behavior. Updated queries, methods, and added safeguards to handle empty `lang` consistently. Enhanced documentation for clarity.
---
 .../iq/dataverse/settings/Setting.java        | 52 +++++++++++++++----
 .../settings/SettingsServiceBean.java         | 14 ++++-
 2 files changed, 55 insertions(+), 11 deletions(-)

diff --git a/src/main/java/edu/harvard/iq/dataverse/settings/Setting.java b/src/main/java/edu/harvard/iq/dataverse/settings/Setting.java
index 48477b13a3e..9c6b1a20baf 100644
--- a/src/main/java/edu/harvard/iq/dataverse/settings/Setting.java
+++ b/src/main/java/edu/harvard/iq/dataverse/settings/Setting.java
@@ -18,13 +18,13 @@
  */
 @NamedQueries({
     @NamedQuery( name="Setting.deleteByName",
-                query="DELETE FROM Setting s WHERE s.name=:name AND s.lang IS NULL"),
+                query="DELETE FROM Setting s WHERE s.name=:name AND s.lang=''"),
     @NamedQuery( name="Setting.findAll",
                 query="SELECT s FROM Setting s"),
     @NamedQuery( name="Setting.findAllWithoutLang",
-                query="SELECT s FROM Setting s WHERE s.lang IS NULL"),
+                query="SELECT s FROM Setting s WHERE s.lang=''"),
     @NamedQuery( name="Setting.findByName",
-            query = "SELECT s FROM Setting s WHERE s.name=:name AND s.lang IS NULL" ),
+                query="SELECT s FROM Setting s WHERE s.name=:name AND s.lang=''"),
     @NamedQuery( name="Setting.deleteByNameAndLang",
                 query="DELETE FROM Setting s WHERE s.name=:name AND s.lang=:lang"),
     @NamedQuery( name="Setting.findByNameAndLang",
@@ -42,9 +42,15 @@ public class Setting implements Serializable {
 
     @Column(columnDefinition = "TEXT")
     private String name;
-
-    @Column(columnDefinition = "TEXT")
-    private String lang;
+    
+    /**
+     * The default value is an empty string, which indicates no specific language is set.
+     * Using a NULL value here instead would allow the UNIQUE constraint to fail blocking duplicate settings.
+     * Allowing multiple null within a UNIQUE constraint is part of the SQL standard, which Postgres follows.
+     * As it stores ISO codes, 10 chars is good enough (ISO codes are 2-8 chars by spec)
+     */
+    @Column(length = 10, nullable = false)
+    private String lang = "";
 
     @Column(columnDefinition = "TEXT")
     private String content;
@@ -56,11 +62,21 @@ public Setting(String name, String content) {
        this.name = name;
        this.content = content;
     }
-
+    
+    /**
+     * Constructs a new Setting object with the specified name, language, and content.
+     *
+     * @param name the name of the setting; must not be null
+     * @param lang the language of the setting, represented as an ISO code; must not be null;
+     *             may be empty to represent a non-localized setting.
+     * @param content the content or value associated with this setting
+     * @throws NullPointerException if the name or lang parameters are null
+     */
     public Setting(String name, String lang, String content) {
+        Objects.requireNonNull(lang, "Setting lang cannot be null");
         this.name = name;
-        this.content = content;
         this.lang = lang;
+        this.content = content;
     }
 
     public String getName() {
@@ -78,12 +94,28 @@ public String getContent() {
     public void setContent(String content) {
         this.content = content;
     }
-
+    
+    /**
+     * Retrieves the language associated with this Setting instance.
+     * The language is represented as an ISO code string.
+     * An empty string indicates that no specific localization is set.
+     *
+     * @return the language code of this Setting; never null
+     */
     public String getLang() {
         return lang;
     }
-
+    
+    /**
+     * Sets the language for this Setting instance.
+     * The language is represented as a non-null ISO code string.
+     * An empty string indicates that no specific localization shall be set.
+     *
+     * @param lang the language code to set; must not be null
+     * @throws NullPointerException if the provided lang parameter is null
+     */
     public void setLang(String lang) {
+        Objects.requireNonNull(lang, "Setting lang cannot be null");
         this.lang = lang;
     }
 
diff --git a/src/main/java/edu/harvard/iq/dataverse/settings/SettingsServiceBean.java b/src/main/java/edu/harvard/iq/dataverse/settings/SettingsServiceBean.java
index dbb437810e4..a90561f642c 100644
--- a/src/main/java/edu/harvard/iq/dataverse/settings/SettingsServiceBean.java
+++ b/src/main/java/edu/harvard/iq/dataverse/settings/SettingsServiceBean.java
@@ -896,6 +896,9 @@ public String get( String name, String defaultValue ) {
     }
 
     public String get(String name, String lang, String defaultValue ) {
+        // Database safeguard, as the default is an empty string
+        if (lang == null) lang = "";
+        
         List<Setting> tokens = em.createNamedQuery("Setting.findByNameAndLang", Setting.class)
                 .setParameter("name", name )
                 .setParameter("lang", lang )
@@ -912,6 +915,9 @@ public String getValueForKey( Key key, String defaultValue ) {
     }
 
     public String getValueForKey( Key key, String lang, String defaultValue ) {
+        // Database safeguard, as the default is an empty string
+        if (lang == null) lang = "";
+        
         return get( key.toString(), lang, defaultValue );
     }
      
@@ -939,6 +945,9 @@ public Setting set( String name, String content ) {
     }
 
     public Setting set( String name, String lang, String content ) {
+        // Database safeguard, as the default is an empty string
+        if (lang == null) lang = "";
+        
         Setting s = null; 
         
         List<Setting> tokens = em.createNamedQuery("Setting.findByNameAndLang", Setting.class)
@@ -1008,6 +1017,9 @@ public void delete( String name ) {
     }
 
     public void delete( String name, String lang ) {
+        // Database safeguard, as the default is an empty string
+        if (lang == null) lang = "";
+        
         actionLogSvc.log( new ActionLogRecord(ActionLogRecord.ActionType.Setting, "delete")
                 .setInfo(name));
         em.createNamedQuery("Setting.deleteByNameAndLang")
@@ -1066,7 +1078,7 @@ public JsonObject listAllAsJson() {
         
         // Iterate over all the settings and add them to the response.
         settings.forEach(setting -> {
-            String name = setting.getName() + (setting.getLang() == null ? "" : L10N_KEY_SEPARATOR + setting.getLang());
+            String name = setting.getName() + (setting.getLang().isEmpty() ? "" : L10N_KEY_SEPARATOR + setting.getLang());
             
             // In case the setting is a JSON object, treat it a such in the output (so the API can return valid JSON)
             if (setting.getContent().trim().startsWith("{"))

From 5ae758c601d10e806159c48e5fbe5d1b68302155 Mon Sep 17 00:00:00 2001
From: Oliver Bertuch <o.bertuch@fz-juelich.de>
Date: Fri, 18 Jul 2025 14:01:38 +0200
Subject: [PATCH 230/634] refactor: enforce non-null constraint, VARCHAR type,
 and limit length for `name` in `Setting` entity #11639

Updated `name` field to enforce a maximum length of 200 characters on a VARCHAR field for better performance (replacing the TEXT column type) and mark it as non-nullable (null settings make no sense at all). Added `Objects.requireNonNull` validation for `name` in entity methods and constructors to ensure consistent behavior.
---
 .../java/edu/harvard/iq/dataverse/settings/Setting.java  | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

diff --git a/src/main/java/edu/harvard/iq/dataverse/settings/Setting.java b/src/main/java/edu/harvard/iq/dataverse/settings/Setting.java
index 9c6b1a20baf..aa9f6559e35 100644
--- a/src/main/java/edu/harvard/iq/dataverse/settings/Setting.java
+++ b/src/main/java/edu/harvard/iq/dataverse/settings/Setting.java
@@ -40,7 +40,7 @@ public class Setting implements Serializable {
     @GeneratedValue(strategy = GenerationType.IDENTITY)
     private Long id;
 
-    @Column(columnDefinition = "TEXT")
+    @Column(length = 200, nullable = false)
     private String name;
     
     /**
@@ -59,8 +59,9 @@ public Setting() {
     }
 
     public Setting(String name, String content) {
-       this.name = name;
-       this.content = content;
+        Objects.requireNonNull(name, "Setting name cannot be null");
+        this.name = name;
+        this.content = content;
     }
     
     /**
@@ -73,6 +74,7 @@ public Setting(String name, String content) {
      * @throws NullPointerException if the name or lang parameters are null
      */
     public Setting(String name, String lang, String content) {
+        Objects.requireNonNull(name, "Setting name cannot be null");
         Objects.requireNonNull(lang, "Setting lang cannot be null");
         this.name = name;
         this.lang = lang;
@@ -84,6 +86,7 @@ public String getName() {
     }
 
     public void setName(String name) {
+        Objects.requireNonNull(name, "Setting name cannot be null");
         this.name = name;
     }
 

From 974d6c4c1634dbd6fefb21838b40646ebc913ac0 Mon Sep 17 00:00:00 2001
From: Oliver Bertuch <o.bertuch@fz-juelich.de>
Date: Fri, 18 Jul 2025 14:01:49 +0200
Subject: [PATCH 231/634] chore: update migration script comment for clarity
 #11639

---
 src/main/resources/db/migration/V6.7.0.1.sql | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/main/resources/db/migration/V6.7.0.1.sql b/src/main/resources/db/migration/V6.7.0.1.sql
index 733a10d951f..aa3683873ca 100644
--- a/src/main/resources/db/migration/V6.7.0.1.sql
+++ b/src/main/resources/db/migration/V6.7.0.1.sql
@@ -1,4 +1,4 @@
--- This script migrates the old TabularIngestSizeLimit database setting using format suffixes to a JSON based approach.
+-- Migrates the old TabularIngestSizeLimit database setting using format suffixes to a JSON based approach. See #11639
 
 DO $$
     DECLARE

From c3f1ed7de4b99a79c67cd2840bc1cf1643f3e5bd Mon Sep 17 00:00:00 2001
From: Oliver Bertuch <o.bertuch@fz-juelich.de>
Date: Fri, 18 Jul 2025 14:02:34 +0200
Subject: [PATCH 232/634] chore: add migration script to update `Setting` table
 structure #11639

Introduced SQL migration to optimize `Setting` table by switching `TEXT` columns to `VARCHAR` for better performance, enforcing `NOT NULL` constraints, adding a unique constraint for `name` and `lang`, and setting default empty string for `lang`. Includes logic to handle existing data and conditional checks for schema changes.
---
 src/main/resources/db/migration/V6.7.0.2.sql | 35 ++++++++++++++++++++
 1 file changed, 35 insertions(+)
 create mode 100644 src/main/resources/db/migration/V6.7.0.2.sql

diff --git a/src/main/resources/db/migration/V6.7.0.2.sql b/src/main/resources/db/migration/V6.7.0.2.sql
new file mode 100644
index 00000000000..177f88332b7
--- /dev/null
+++ b/src/main/resources/db/migration/V6.7.0.2.sql
@@ -0,0 +1,35 @@
+-- Update Setting table structure for changes from #11639
+-- 1. Change column types from TEXT to VARCHAR for better performance
+-- 2. Update lang column to use empty string default instead of NULL (avoid non-unique pairs)
+-- 3. Add NOT NULL constraints and unique constraint for name+lang pairs
+
+-- First, update any existing NULL lang values to empty string
+UPDATE Setting SET lang = '' WHERE lang IS NULL;
+
+-- Postgres doesn't support IF NOT EXISTS for ALTER COLUMN or ADD CONSTRAINT, so we need conditional logic
+DO $$
+BEGIN
+    -- Only alter columns if they need to be changed
+    IF EXISTS (SELECT 1 FROM information_schema.columns
+               WHERE table_name = 'Setting' AND column_name = 'name'
+               AND (data_type = 'text' OR is_nullable = 'YES')) THEN
+        ALTER TABLE setting ALTER COLUMN name TYPE VARCHAR(255);
+        ALTER TABLE Setting ALTER COLUMN name SET NOT NULL;
+    END IF;
+
+    IF EXISTS (SELECT 1 FROM information_schema.columns
+               WHERE table_name = 'Setting' AND column_name = 'lang'
+               AND (data_type = 'text' OR is_nullable = 'YES')) THEN
+        ALTER TABLE Setting ALTER COLUMN lang TYPE VARCHAR(10);
+        ALTER TABLE Setting ALTER COLUMN lang SET NOT NULL;
+        ALTER TABLE Setting ALTER COLUMN lang SET DEFAULT '';
+    END IF;
+
+    IF NOT EXISTS (SELECT 1 FROM information_schema.table_constraints
+                   WHERE table_name = 'Setting'
+                     AND constraint_name = 'UC_setting_name_lang'
+                     AND constraint_type = 'UNIQUE') THEN
+        ALTER TABLE Setting ADD CONSTRAINT UC_setting_name_lang UNIQUE (name, lang);
+    END IF;
+
+END $$;

From 782542f7291e25950afeba62496a726eced8327f Mon Sep 17 00:00:00 2001
From: Oliver Bertuch <o.bertuch@fz-juelich.de>
Date: Fri, 18 Jul 2025 14:03:42 +0200
Subject: [PATCH 233/634] refactor: enhance `Setting` entity equality and
 constructor for clarity and robustness #11639

Refined `equals` and `hashCode` methods to base equality comparison on `name` and `lang` fields, improving consistency and alignment with usage patterns. Updated the no-argument constructor to protected, adding explanatory comments for enforced design intent and JPA compatibility.
---
 .../iq/dataverse/settings/Setting.java        | 37 ++++++++++++-------
 1 file changed, 23 insertions(+), 14 deletions(-)

diff --git a/src/main/java/edu/harvard/iq/dataverse/settings/Setting.java b/src/main/java/edu/harvard/iq/dataverse/settings/Setting.java
index aa9f6559e35..0f240302366 100644
--- a/src/main/java/edu/harvard/iq/dataverse/settings/Setting.java
+++ b/src/main/java/edu/harvard/iq/dataverse/settings/Setting.java
@@ -55,7 +55,9 @@ public class Setting implements Serializable {
     @Column(columnDefinition = "TEXT")
     private String content;
 
-    public Setting() {
+    protected Setting() {
+        // Intentionally left blank - no empty settings allowed.
+        // Protected visibility to allow JPA to work.
     }
 
     public Setting(String name, String content) {
@@ -124,26 +126,33 @@ public void setLang(String lang) {
 
     @Override
     public int hashCode() {
-        int hash = 7;
-        hash = 73 * hash + Objects.hashCode(this.name);
-        return hash;
+        return Objects.hash(name, lang);
     }
-
+    
+    /**
+     * Compares this Setting instance to another object for equality. Two Setting
+     * objects are considered equal if their {@code name} and {@code lang} fields are
+     * both equal.
+     * @implNote We do not use the {@code id} and {@code content} fields for the comparison.
+     *           This is due to how these objects usually are used:
+     *           - Mutable content to use for comparison may break collections.
+     *           - Configuration management requires stable identity based on setting's name and localization.
+     *             The content of the settings is irrelevant for lookups.
+     *
+     * @param obj the object to compare this Setting with
+     * @return {@code true} if the specified object is equal to this Setting, {@code false} otherwise
+     */
     @Override
     public boolean equals(Object obj) {
-        if (obj == null) {
-            return false;
-        }
-        if ( !(obj instanceof Setting) ) {
-            return false;
+        if (this == obj) {
+            return true;
         }
-        final Setting other = (Setting) obj;
-        if (!Objects.equals(this.name, other.name)) {
+        if (!(obj instanceof Setting other)) {
             return false;
         }
-        return Objects.equals(this.content, other.content);
+        return Objects.equals(this.name, other.name) && Objects.equals(this.lang, other.lang);
     }
-
+    
     @Override
     public String toString() {
         return "[Setting name:" + getName() + " value:" + getContent() + "]";

From aed9f360987cc4aef0198be61ca7c933f2ed49f4 Mon Sep 17 00:00:00 2001
From: Oliver Bertuch <o.bertuch@fz-juelich.de>
Date: Fri, 18 Jul 2025 15:24:56 +0200
Subject: [PATCH 234/634] refactor: rename `BuiltinUsers.KEY` setting to
 `:BuiltinUsersKey` for alignment and consistency #11639

Updated references, documentation, and added migration script to reflect the renaming and ensure adherence to naming conventions. Marked the setting as deprecated for removal.
---
 doc/sphinx-guides/source/api/native-api.rst        |  4 ++--
 doc/sphinx-guides/source/developers/testing.rst    |  2 +-
 doc/sphinx-guides/source/installation/config.rst   | 12 +++++++-----
 .../scripts/bootstrap/demo/init.sh                 |  2 +-
 scripts/api/post-install-api-block.sh              |  2 +-
 scripts/api/setup-all.sh                           |  4 ++--
 scripts/api/setup-users.sh                         |  2 +-
 scripts/issues/2454/run-test.sh                    |  2 +-
 .../edu/harvard/iq/dataverse/api/BuiltinUsers.java |  4 +---
 .../iq/dataverse/settings/SettingsServiceBean.java |  9 +++++++++
 src/main/resources/db/migration/V6.7.0.1.sql       | 14 ++++++++++++--
 11 files changed, 38 insertions(+), 19 deletions(-)

diff --git a/doc/sphinx-guides/source/api/native-api.rst b/doc/sphinx-guides/source/api/native-api.rst
index fa4b4611559..7dc50e7a532 100644
--- a/doc/sphinx-guides/source/api/native-api.rst
+++ b/doc/sphinx-guides/source/api/native-api.rst
@@ -5485,13 +5485,13 @@ Builtin users are known as "Username/Email and Password" users in the :doc:`/use
 Create a Builtin User
 ~~~~~~~~~~~~~~~~~~~~~
 
-For security reasons, builtin users cannot be created via API unless the team who runs the Dataverse installation has populated a database setting called ``BuiltinUsers.KEY``, which is described under :ref:`securing-your-installation` and :ref:`database-settings` sections of Configuration in the Installation Guide. You will need to know the value of ``BuiltinUsers.KEY`` before you can proceed.
+For security reasons, builtin users cannot be created via API unless the team who runs the Dataverse installation has populated a database setting called ``:BuiltinUsersKey``, which is described under :ref:`securing-your-installation` and :ref:`database-settings` sections of Configuration in the Installation Guide. You will need to know the value of ``:BuiltinUsersKey`` before you can proceed.
 
 To create a builtin user via API, you must first construct a JSON document.  You can download :download:`user-add.json <../_static/api/user-add.json>` or copy the text below as a starting point and edit as necessary.
 
 .. literalinclude:: ../_static/api/user-add.json
 
-Place this ``user-add.json`` file in your current directory and run the following curl command, substituting variables as necessary. Note that both the password of the new user and the value of ``BuiltinUsers.KEY`` are passed as query parameters::
+Place this ``user-add.json`` file in your current directory and run the following curl command, substituting variables as necessary. Note that both the password of the new user and the value of ``:BuiltinUsersKey`` are passed as query parameters::
 
   curl -d @user-add.json -H "Content-type:application/json" "$SERVER_URL/api/builtin-users?password=$NEWUSER_PASSWORD&key=$BUILTIN_USERS_KEY"
 
diff --git a/doc/sphinx-guides/source/developers/testing.rst b/doc/sphinx-guides/source/developers/testing.rst
index 1690864d453..fa279b3dbab 100755
--- a/doc/sphinx-guides/source/developers/testing.rst
+++ b/doc/sphinx-guides/source/developers/testing.rst
@@ -209,7 +209,7 @@ The Burrito Key
 
 For reasons that have been lost to the mists of time, the Dataverse software really wants you to to have a burrito. Specifically, if you're trying to run REST Assured tests and see the error "Dataverse config issue: No API key defined for built in user management", you must run the following curl command (or make an equivalent change to your database):
 
-``curl -X PUT -d 'burrito' http://localhost:8080/api/admin/settings/BuiltinUsers.KEY``
+``curl -X PUT -d 'burrito' http://localhost:8080/api/admin/settings/:BuiltinUsersKey``
 
 Without this "burrito" key in place, REST Assured will not be able to create users. We create users to create objects we want to test, such as collections, datasets, and files.
 
diff --git a/doc/sphinx-guides/source/installation/config.rst b/doc/sphinx-guides/source/installation/config.rst
index 0541f9f301d..8722da19b78 100644
--- a/doc/sphinx-guides/source/installation/config.rst
+++ b/doc/sphinx-guides/source/installation/config.rst
@@ -25,7 +25,7 @@ The default password for the "dataverseAdmin" superuser account is "admin", as m
 Blocking API Endpoints
 ++++++++++++++++++++++
 
-The :doc:`/api/native-api` contains a useful but potentially dangerous set of API endpoints called "admin" that allows you to change system settings, make ordinary users into superusers, and more. The "builtin-users" endpoints let admins do tasks such as creating a local/builtin user account if they know the key defined in :ref:`BuiltinUsers.KEY`.
+The :doc:`/api/native-api` contains a useful but potentially dangerous set of API endpoints called "admin" that allows you to change system settings, make ordinary users into superusers, and more. The "builtin-users" endpoints let admins do tasks such as creating a local/builtin user account if they know the key defined in :ref:`:BuiltinUsersKey`.
 
 By default in the code, most of these API endpoints can be operated on remotely and a number of endpoints do not require authentication. However, the endpoints "admin" and "builtin-users" are limited to localhost out of the box by the installer, using the JvmSettings :ref:`dataverse.api.blocked.endpoints` and :ref:`dataverse.api.blocked.policy`.
 
@@ -781,7 +781,7 @@ Both Local and Remote Auth
 
 The ``authenticationproviderrow`` database table controls which "authentication providers" are available within a Dataverse installation. Out of the box, a single row with an id of "builtin" will be present. For each user in a Dataverse installation, the ``authenticateduserlookup`` table will have a value under ``authenticationproviderid`` that matches this id. For example, the default "dataverseAdmin" user will have the value "builtin" under  ``authenticationproviderid``. Why is this important? Users are tied to a specific authentication provider but conversion mechanisms are available to switch a user from one authentication provider to the other. As explained in the :doc:`/user/account` section of the User Guide, a graphical workflow is provided for end users to convert from the "builtin" authentication provider to a remote provider. Conversion from a remote authentication provider to the builtin provider can be performed by a sysadmin with access to the "admin" API. See the :doc:`/api/native-api` section of the API Guide for how to list users and authentication providers as JSON.
 
-Adding and enabling a second authentication provider (:ref:`native-api-add-auth-provider` and :ref:`api-toggle-auth-provider`) will result in the Log In page showing additional providers for your users to choose from. By default, the Log In page will show the "builtin" provider, but you can adjust this via the :ref:`conf-default-auth-provider` configuration option. Further customization can be achieved by setting :ref:`conf-allow-signup` to "false", thus preventing users from creating local accounts via the web interface. Please note that local accounts can also be created through the API by enabling the ``builtin-users`` endpoint (:ref:`:BlockedApiEndpoints`) and setting the ``BuiltinUsers.KEY`` database setting (:ref:`BuiltinUsers.KEY`).
+Adding and enabling a second authentication provider (:ref:`native-api-add-auth-provider` and :ref:`api-toggle-auth-provider`) will result in the Log In page showing additional providers for your users to choose from. By default, the Log In page will show the "builtin" provider, but you can adjust this via the :ref:`conf-default-auth-provider` configuration option. Further customization can be achieved by setting :ref:`conf-allow-signup` to "false", thus preventing users from creating local accounts via the web interface. Please note that local accounts can also be created through the API by enabling the ``builtin-users`` endpoint (:ref:`:BlockedApiEndpoints`) and setting the ``:BuiltinUsersKey`` database setting (:ref:`:BuiltinUsersKey`).
 
 To configure Shibboleth see the :doc:`shibboleth` section and to configure OAuth see the :doc:`oauth2` section.
 
@@ -3933,14 +3933,16 @@ Now that ``:BlockedApiKey`` has been enabled, blocked APIs can be accessed using
 
 ``curl https://demo.dataverse.org/api/admin/settings?unblock-key=theKeyYouChose``
 
-.. _BuiltinUsers.KEY:
+.. _:BuiltinUsersKey:
 
-BuiltinUsers.KEY
+:BuiltinUsersKey
 ++++++++++++++++
 
 The key required to create users via API as documented at :doc:`/api/native-api`. Unlike other database settings, this one doesn't start with a colon.
 
-``curl -X PUT -d builtInS3kretKey http://localhost:8080/api/admin/settings/BuiltinUsers.KEY``
+``curl -X PUT -d builtInS3kretKey http://localhost:8080/api/admin/settings/:BuiltinUsersKey``
+
+Note: this key used to be named ``BuiltinUsers.KEY`` until Dataverse 6.8.
 
 :SearchApiRequiresToken
 +++++++++++++++++++++++
diff --git a/modules/container-configbaker/scripts/bootstrap/demo/init.sh b/modules/container-configbaker/scripts/bootstrap/demo/init.sh
index aa73cb5edff..b2735b50b28 100644
--- a/modules/container-configbaker/scripts/bootstrap/demo/init.sh
+++ b/modules/container-configbaker/scripts/bootstrap/demo/init.sh
@@ -31,7 +31,7 @@ fi
 
 echo ""
 echo "Revoke the key that allows for creation of builtin users..."
-curl -sS -X DELETE "${DATAVERSE_URL}/api/admin/settings/BuiltinUsers.KEY"
+curl -sS -X DELETE "${DATAVERSE_URL}/api/admin/settings/:BuiltinUsersKey"
 
 # TODO: stop using these deprecated database settings. See https://github.com/IQSS/dataverse/pull/11454
 echo ""
diff --git a/scripts/api/post-install-api-block.sh b/scripts/api/post-install-api-block.sh
index 4cc0ac783f7..f7753665b5b 100755
--- a/scripts/api/post-install-api-block.sh
+++ b/scripts/api/post-install-api-block.sh
@@ -4,7 +4,7 @@
 # the sensitive API endpoints, in order to block it for the general public.
 
 # First, revoke the authentication token from the built-in user: 
-curl -X DELETE $SERVER/admin/settings/BuiltinUsers.KEY
+curl -X DELETE "$SERVER/admin/settings/:BuiltinUsersKey"
 
 # Block the sensitive endpoints:
 # Relevant settings:
diff --git a/scripts/api/setup-all.sh b/scripts/api/setup-all.sh
index b7f962209e4..bd0bd77c52b 100755
--- a/scripts/api/setup-all.sh
+++ b/scripts/api/setup-all.sh
@@ -57,7 +57,7 @@ echo  "- Allow internal signup"
 curl -X PUT -d yes "${DATAVERSE_URL}/api/admin/settings/:AllowSignUp"
 curl -X PUT -d "/dataverseuser.xhtml?editMode=CREATE" "${DATAVERSE_URL}/api/admin/settings/:SignUpUrl"
 
-curl -X PUT -d burrito "${DATAVERSE_URL}/api/admin/settings/BuiltinUsers.KEY"
+curl -X PUT -d burrito "${DATAVERSE_URL}/api/admin/settings/:BuiltinUsersKey"
 curl -X PUT -d localhost-only "${DATAVERSE_URL}/api/admin/settings/:BlockedApiPolicy"
 curl -X PUT -d 'native/http' "${DATAVERSE_URL}/api/admin/settings/:UploadMethods"
 echo
@@ -91,7 +91,7 @@ if [ $SECURESETUP = 1 ]
 then
     # Revoke the "burrito" super-key; 
     # Block sensitive API endpoints;
-    curl -X DELETE "${DATAVERSE_URL}/api/admin/settings/BuiltinUsers.KEY"
+    curl -X DELETE "${DATAVERSE_URL}/api/admin/settings/:BuiltinUsersKey"
     curl -X PUT -d 'admin,builtin-users' "${DATAVERSE_URL}/api/admin/settings/:BlockedApiEndpoints"
     echo "Access to the /api/admin and /api/test is now disabled, except for connections from localhost."
 else 
diff --git a/scripts/api/setup-users.sh b/scripts/api/setup-users.sh
index 141e1b3150f..7df771dc0fe 100755
--- a/scripts/api/setup-users.sh
+++ b/scripts/api/setup-users.sh
@@ -5,7 +5,7 @@ SERVER=http://localhost:8080/api
 echo Setting up users on $SERVER
 echo ==============================================
 
-curl -X PUT -d burrito $SERVER/admin/settings/BuiltinUsers.KEY
+curl -X PUT -d burrito "$SERVER/admin/settings/:BuiltinUsersKey"
 
 
 peteResp=$(curl -s -H "Content-type:application/json" -X POST -d @data/userPete.json "$SERVER/builtin-users?password=pete&key=burrito")
diff --git a/scripts/issues/2454/run-test.sh b/scripts/issues/2454/run-test.sh
index 49eb45a8a5e..5ae0ac33f4d 100755
--- a/scripts/issues/2454/run-test.sh
+++ b/scripts/issues/2454/run-test.sh
@@ -39,7 +39,7 @@ if [ $SETUP_NEEDED == "yes" ]; then
 	echo $ROOT_USER api key is $ROOT_KEY
 
 	# Create @anAuthUser
-	USER_CREATION_KEY=$($DB "SELECT content FROM setting WHERE name='BuiltinUsers.KEY'")
+	USER_CREATION_KEY=$($DB "SELECT content FROM setting WHERE name=':BuiltinUsersKey'")
 	AN_AUTH_USER_KEY=$( curl -s -X POST -d@anAuthUser.json -H"Content-type:application/json" $ENDPOINT/builtin-users?password=XXX\&key=$USER_CREATION_KEY | jq .data.apiToken | tr -d \")
 	ANOTHER_AUTH_USER_KEY=$( curl -s -X POST -d@anotherAuthUser.json -H"Content-type:application/json" $ENDPOINT/builtin-users?password=XXX\&key=$USER_CREATION_KEY | jq .data.apiToken | tr -d \")
 	echo
diff --git a/src/main/java/edu/harvard/iq/dataverse/api/BuiltinUsers.java b/src/main/java/edu/harvard/iq/dataverse/api/BuiltinUsers.java
index 317f7d6c870..79d5682d4f3 100644
--- a/src/main/java/edu/harvard/iq/dataverse/api/BuiltinUsers.java
+++ b/src/main/java/edu/harvard/iq/dataverse/api/BuiltinUsers.java
@@ -40,8 +40,6 @@ public class BuiltinUsers extends AbstractApiBean {
 
     private static final Logger logger = Logger.getLogger(BuiltinUsers.class.getName());
 
-    private static final String API_KEY_IN_SETTINGS = "BuiltinUsers.KEY";
-
     @EJB
     protected BuiltinUserServiceBean builtinUserSvc;
 
@@ -129,7 +127,7 @@ private Response internalSave(BuiltinUser user, String password, String key) {
     }
     
     private Response internalSave(BuiltinUser user, String password, String key, Boolean sendEmailNotification) {
-        String expectedKey = settingsSvc.get(API_KEY_IN_SETTINGS);
+        String expectedKey = settingsSvc.getValueForKey(SettingsServiceBean.Key.BuiltinUsersKey);
         
         if (expectedKey == null) {
             return error(Status.SERVICE_UNAVAILABLE, "Dataverse config issue: No API key defined for built in user management");
diff --git a/src/main/java/edu/harvard/iq/dataverse/settings/SettingsServiceBean.java b/src/main/java/edu/harvard/iq/dataverse/settings/SettingsServiceBean.java
index a90561f642c..e9275792129 100644
--- a/src/main/java/edu/harvard/iq/dataverse/settings/SettingsServiceBean.java
+++ b/src/main/java/edu/harvard/iq/dataverse/settings/SettingsServiceBean.java
@@ -166,6 +166,15 @@ public enum Key {
         @Deprecated(forRemoval = true, since = "2025-04-29")
         BlockedApiPolicy,
         
+        /**
+         * A special secret that, if set, needs to be given when trying to manage internal users.
+         * This key was formerly known as "BuiltinUsers.KEY", which never was a setting name aligning with the others.
+         * At some future point this setting should be moved to JvmSettings (so we consume proper secrets)
+         * or plainly removed with the transition to the SPA frontend requiring an external IdP.
+         */
+        @Deprecated(forRemoval = true, since = "2025-08-01")
+        BuiltinUsersKey,
+        
         /**
          * For development only (see dev guide for details). Backed by an enum
          * of possible account types.
diff --git a/src/main/resources/db/migration/V6.7.0.1.sql b/src/main/resources/db/migration/V6.7.0.1.sql
index aa3683873ca..cfe1e75d0b5 100644
--- a/src/main/resources/db/migration/V6.7.0.1.sql
+++ b/src/main/resources/db/migration/V6.7.0.1.sql
@@ -1,5 +1,6 @@
--- Migrates the old TabularIngestSizeLimit database setting using format suffixes to a JSON based approach. See #11639
-
+-- Migrates the old database setting to their valid and aligned successors. #11639
+-- 1. ":TabularIngestSizeLimit" database setting used format suffixes, move to a JSON-based approach
+-- 2. (see below) "BuiltinUsers.KEY" was never aligned with any of the other settings names.
 DO $$
     DECLARE
         base_setting_content TEXT;
@@ -75,4 +76,13 @@ DO $$
           AND lang IS NULL;
 
         RAISE NOTICE 'Successfully migrated TabularIngestSizeLimit settings to JSON format: %', json_object::TEXT;
+    END $$;
+
+-- 2. Migrate BuiltinUsers.KEY to the new setting name
+DO $$
+    BEGIN
+        IF EXISTS (SELECT 1 FROM Setting WHERE name = 'BuiltinUsers.KEY') THEN
+            INSERT INTO Setting (name, lang, content) VALUES (':BuiltinUsersKey', NULL, (SELECT content FROM Setting WHERE name = 'BuiltinUsers.KEY'));
+            DELETE FROM Setting WHERE name = 'BuiltinUsers.KEY';
+        END IF;
     END $$;
\ No newline at end of file

From 48db4b39dde54e2161ac89a89c4828d4295bd9cd Mon Sep 17 00:00:00 2001
From: Oliver Bertuch <o.bertuch@fz-juelich.de>
Date: Fri, 18 Jul 2025 17:28:32 +0200
Subject: [PATCH 235/634] refactor: extract `convertToJsonKey` method in
 `SettingsServiceBean` for reusability #11639

Moved logic for constructing JSON keys into a dedicated method `convertToJsonKey`, improving code clarity and reducing duplication.
---
 .../harvard/iq/dataverse/settings/SettingsServiceBean.java  | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/src/main/java/edu/harvard/iq/dataverse/settings/SettingsServiceBean.java b/src/main/java/edu/harvard/iq/dataverse/settings/SettingsServiceBean.java
index e9275792129..78ffb92c819 100644
--- a/src/main/java/edu/harvard/iq/dataverse/settings/SettingsServiceBean.java
+++ b/src/main/java/edu/harvard/iq/dataverse/settings/SettingsServiceBean.java
@@ -1087,7 +1087,7 @@ public JsonObject listAllAsJson() {
         
         // Iterate over all the settings and add them to the response.
         settings.forEach(setting -> {
-            String name = setting.getName() + (setting.getLang().isEmpty() ? "" : L10N_KEY_SEPARATOR + setting.getLang());
+            String name = convertToJsonKey(setting);
             
             // In case the setting is a JSON object, treat it a such in the output (so the API can return valid JSON)
             if (setting.getContent().trim().startsWith("{"))
@@ -1223,6 +1223,10 @@ public Set<String> getConfiguredLanguages() {
         return langs;
     }
     
+    public static String convertToJsonKey(Setting setting) {
+        return setting.getName() + (setting.getLang().isEmpty() ? "" : L10N_KEY_SEPARATOR + setting.getLang());
+    }
+    
     /**
      * Validates the keys in the provided settings JSON object.
      * This method checks if each key follows the required format and rules.

From a736052069973f83d7a126bbbafe61940231363f Mon Sep 17 00:00:00 2001
From: Oliver Bertuch <o.bertuch@fz-juelich.de>
Date: Fri, 18 Jul 2025 17:30:21 +0200
Subject: [PATCH 236/634] feat: implement atomic bulk settings replacement with
 detailed operation tracking in `SettingsServiceBean` #11639

Added `replaceAllSettings` method to support atomic replacement of settings with clear distinctions for created, updated, and deleted items. Enhanced clarity by introducing an `Op` enum for operation types and a `convertToJson` helper method to generate JSON representations of changes.
---
 .../settings/SettingsServiceBean.java         | 112 ++++++++++++++++--
 1 file changed, 103 insertions(+), 9 deletions(-)

diff --git a/src/main/java/edu/harvard/iq/dataverse/settings/SettingsServiceBean.java b/src/main/java/edu/harvard/iq/dataverse/settings/SettingsServiceBean.java
index 78ffb92c819..e0bab4dadc9 100644
--- a/src/main/java/edu/harvard/iq/dataverse/settings/SettingsServiceBean.java
+++ b/src/main/java/edu/harvard/iq/dataverse/settings/SettingsServiceBean.java
@@ -10,6 +10,7 @@
 import jakarta.inject.Named;
 import jakarta.json.Json;
 import jakarta.json.JsonArray;
+import jakarta.json.JsonArrayBuilder;
 import jakarta.json.JsonObject;
 import jakarta.json.JsonObjectBuilder;
 import jakarta.json.JsonValue;
@@ -32,6 +33,7 @@
 import java.util.Map;
 import java.util.Set;
 import java.util.StringTokenizer;
+import java.util.function.Function;
 import java.util.logging.Level;
 import java.util.logging.Logger;
 import java.util.stream.Collectors;
@@ -1161,18 +1163,110 @@ static List<Setting> convertJsonToSettings(JsonObject settings) {
     }
     
     /**
-     * Replaces all existing settings with a new list of settings within a single transaction.
-     * The operation is atomic, ensuring that either all changes are applied or none in case of a failure.
+     * Enum representing the types of operations that are performed on a bulk operation with settings.
+     */
+    static enum Op {
+        UPDATED,
+        CREATED,
+        DELETED;
+        
+        static JsonObjectBuilder convertToJson(Map<Setting, Op> operationalDetails) {
+            // Create a nice represenation of what happened as Json
+            JsonObjectBuilder jbo = Json.createObjectBuilder();
+            JsonArrayBuilder created = Json.createArrayBuilder();
+            JsonArrayBuilder updated = Json.createArrayBuilder();
+            JsonArrayBuilder deleted = Json.createArrayBuilder();
+            
+            operationalDetails.forEach((setting, op) -> {
+                String name = convertToJsonKey(setting);
+                switch (op) {
+                    case CREATED -> created.add(name);
+                    case UPDATED -> updated.add(name);
+                    case DELETED -> deleted.add(name);
+                }
+            });
+            
+            return jbo
+                .add("created", created)
+                .add("updated", updated)
+                .add("deleted", deleted);
+        }
+    }
+    
+    /**
+     * Replaces all existing settings in the database with the provided set of new settings.
+     * This method performs the following actions:
+     * - Deletes any existing settings that are not present in the provided new settings.
+     * - Updates the content of existing settings that match the keys in the provided new settings.
+     * - Creates new settings that are not present in the database.
      *
-     * @param newSettings the list of new {@link Setting} objects to replace the existing settings.
-     *                     Must not be null; an empty list clears all settings.
+     * @param newSettings the set of new settings to replace the existing ones.
+     *                    Each setting is uniquely identified by its name and language.
+     *                    Must not be null (it may be empty).
+     * @return a map tracking the operations performed on each setting. The map's keys
+     *         are the settings involved, and the values are the types of operations
+     *         performed (CREATED, UPDATED, DELETED).
      */
     @Transactional
-    public void replaceAllSettings(List<Setting> newSettings) {
-        // Implementation for atomic replacement
-        // This would involve clearing existing settings and inserting new ones
-        // within the same transaction
-        throw new IllegalStateException("Not yet implemented");
+    public Map<Setting, Op> replaceAllSettings(Set<Setting> newSettings) {
+        Objects.requireNonNull(newSettings, "The list of new settings cannot be null (it may be empty).");
+        
+        // Get all existing settings as a map for O(1) lookup
+        List<Setting> existingSettings = em.createNamedQuery("Setting.findAll", Setting.class).getResultList();
+        Map<String, Setting> existingByKey = existingSettings.stream()
+            .collect(Collectors.toMap(
+                setting -> setting.getName() + "|" + setting.getLang(),
+                Function.identity()
+            ));
+        
+        // Create map of new settings for O(1) lookup
+        Map<String, Setting> newByKey = newSettings.stream()
+            .collect(Collectors.toMap(
+                setting -> setting.getName() + "|" + setting.getLang(),
+                Function.identity()
+            ));
+        
+        // Track operations for return value
+        Map<Setting, Op> opsTracking = new HashMap<>();
+        
+        // Process existing settings
+        for (Map.Entry<String, Setting> entry : existingByKey.entrySet()) {
+            String key = entry.getKey();
+            Setting existingSetting = entry.getValue();
+            
+            // Setting exists in DB but not in new set - delete it
+            if (!newByKey.containsKey(key)) {
+                em.remove(existingSetting);
+                opsTracking.put(existingSetting, Op.DELETED);
+                
+            // Setting exists in both - update with new values
+            } else {
+                Setting newSetting = newByKey.get(key);
+                // We use the already managed entity and update it with the content of the new setting.
+                // (This means we don't need to call em.merge(), the ORM will track and execute it for us.)
+                existingSetting.setContent(newSetting.getContent());
+                opsTracking.put(existingSetting, Op.UPDATED);
+            }
+        }
+        
+        // Process new settings - create those not in existing set
+        for (Map.Entry<String, Setting> entry : newByKey.entrySet()) {
+            String key = entry.getKey();
+            Setting newSetting = entry.getValue();
+            
+            if (!existingByKey.containsKey(key)) {
+                // Setting is new - persist it
+                em.persist(newSetting);
+                opsTracking.put(newSetting, Op.CREATED);
+            }
+            // If it exists, it was already handled in the previous loop
+        }
+        
+        // Flush changes to ensure consistency before transaction is committed (will also ensure merge() is called).
+        em.flush();
+        
+        return opsTracking;
+        
     }
     
     public Map<String, String> getBaseMetadataLanguageMap(Map<String,String> languageMap, boolean refresh) {

From c68ac57f9cd0f7ce232e40f154dab54d5d920e0e Mon Sep 17 00:00:00 2001
From: Oliver Bertuch <o.bertuch@fz-juelich.de>
Date: Fri, 18 Jul 2025 17:32:32 +0200
Subject: [PATCH 237/634] refactor: change `List` to `Set` for
 `convertJsonToSettings` #11639

 - enforce unique `Setting` objects
 - enable easier detection of differences between two sets if settings
---
 .../settings/SettingsServiceBean.java         |  9 ++++---
 .../settings/SettingsServiceBeanTest.java     | 25 +++++++++++--------
 2 files changed, 20 insertions(+), 14 deletions(-)

diff --git a/src/main/java/edu/harvard/iq/dataverse/settings/SettingsServiceBean.java b/src/main/java/edu/harvard/iq/dataverse/settings/SettingsServiceBean.java
index e0bab4dadc9..f30814a2a4b 100644
--- a/src/main/java/edu/harvard/iq/dataverse/settings/SettingsServiceBean.java
+++ b/src/main/java/edu/harvard/iq/dataverse/settings/SettingsServiceBean.java
@@ -1121,7 +1121,7 @@ public void setAllFromJson(JsonObject settings) {
         }
         
         // Convert JSON to Setting objects
-        List<Setting> newSettings = convertJsonToSettings(settings);
+        Set<Setting> newSettings = convertJsonToSettings(settings);
         
         // Perform atomic update (replace all settings)
         replaceAllSettings(newSettings);
@@ -1133,14 +1133,15 @@ public void setAllFromJson(JsonObject settings) {
      * If the key includes a language (indicated by a separator), the language
      * information is extracted and included in the Setting object.
      * Note: This method expects a pre-validated JsonObject and will happily create
-     *       nonsense settings for you otherwise.
+     *       nonsense settings for you otherwise. This is a reason for the package visibility.
      *
      * @param settings a (pre-validated) {@link JsonObject} containing key-value pairs where
      *                 each key represents a setting name (and optionally a language code),
      *                 and each value represents the associated content.
      * @return a {@link List} of {@link Setting} objects parsed from the input JSON object.
      */
-    static List<Setting> convertJsonToSettings(JsonObject settings) {
+    static Set<Setting> convertJsonToSettings(JsonObject settings) {
+        Objects.requireNonNull(settings, "The settings object cannot be null.");
         return settings.entrySet().stream()
             .map(entry -> {
                 String key = entry.getKey();
@@ -1159,7 +1160,7 @@ static List<Setting> convertJsonToSettings(JsonObject settings) {
                     return new Setting(key, value);
                 }
             })
-            .collect(Collectors.toList());
+            .collect(Collectors.toSet());
     }
     
     /**
diff --git a/src/test/java/edu/harvard/iq/dataverse/settings/SettingsServiceBeanTest.java b/src/test/java/edu/harvard/iq/dataverse/settings/SettingsServiceBeanTest.java
index 34d791d8fc3..bcc82933226 100644
--- a/src/test/java/edu/harvard/iq/dataverse/settings/SettingsServiceBeanTest.java
+++ b/src/test/java/edu/harvard/iq/dataverse/settings/SettingsServiceBeanTest.java
@@ -16,6 +16,7 @@
 
 import java.util.Collections;
 import java.util.List;
+import java.util.Set;
 
 import static org.junit.jupiter.api.Assertions.assertDoesNotThrow;
 import static org.junit.jupiter.api.Assertions.assertEquals;
@@ -247,13 +248,15 @@ void testConvertJsonToSettings_simpleKeyValues() {
                 .build();
             
             // When
-            List<Setting> result = SettingsServiceBean.convertJsonToSettings(input);
+            Set<Setting> result = SettingsServiceBean.convertJsonToSettings(input);
             
             // Then
             assertEquals(3, result.size());
-            assertEquals(new Setting(":Key1", "Value1"), result.get(0));
-            assertEquals(new Setting(":Key2", "123456"), result.get(1));
-            assertEquals(new Setting(":Key3", "123456"), result.get(2));
+            assertEquals(
+                Set.of(new Setting(":Key1", "Value1"),
+                       new Setting(":Key2", "123456"),
+                       new Setting(":Key3", "123456")
+                ), result);
         }
         
         @Test
@@ -265,12 +268,14 @@ void testConvertJsonToSettings_localizedKeysWithSimpleValues() {
                 .build();
             
             // When
-            List<Setting> result = SettingsServiceBean.convertJsonToSettings(input);
+            Set<Setting> result = SettingsServiceBean.convertJsonToSettings(input);
             
             // Then
             assertEquals(2, result.size());
-            assertEquals(new Setting(":LocalizedKey", "en", "EnglishValue"), result.get(0));
-            assertEquals(new Setting(":LocalizedKey", "fr", "FrenchValue"), result.get(1));
+            assertEquals(
+                Set.of(new Setting(":LocalizedKey", "en", "EnglishValue"),
+                       new Setting(":LocalizedKey", "fr", "FrenchValue")
+                ), result);
         }
         
         @Test
@@ -279,7 +284,7 @@ void testConvertJsonToSettings_emptyJson() {
             JsonObject input = Json.createObjectBuilder().build();
             
             // When
-            List<Setting> result = SettingsServiceBean.convertJsonToSettings(input);
+            Set<Setting> result = SettingsServiceBean.convertJsonToSettings(input);
             
             // Then
             assertEquals(0, result.size());
@@ -299,13 +304,13 @@ void testConvertJsonToSettings_complexJsonValue() {
                 .build();
             
             // When
-            List<Setting> result = SettingsServiceBean.convertJsonToSettings(input);
+            Set<Setting> result = SettingsServiceBean.convertJsonToSettings(input);
             
             // Then
             assertEquals(1, result.size());
             assertEquals(new Setting(":MaxFileUploadSizeInBytes",
                     "{\"default\":\"2147483648\",\"fileOne\":\"4000000000\",\"s3\":\"8000000000\"}"),
-                result.get(0));
+                result.stream().toList().get(0));
         }
         
         

From 6f90535c0bfb03aca7d2290344e701775dbf3304 Mon Sep 17 00:00:00 2001
From: Oliver Bertuch <o.bertuch@fz-juelich.de>
Date: Fri, 18 Jul 2025 17:33:44 +0200
Subject: [PATCH 238/634] fix: add null checks for `settings` in
 `setAllFromJson` and `validateKeys` #11639

---
 .../harvard/iq/dataverse/settings/SettingsServiceBean.java  | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/src/main/java/edu/harvard/iq/dataverse/settings/SettingsServiceBean.java b/src/main/java/edu/harvard/iq/dataverse/settings/SettingsServiceBean.java
index f30814a2a4b..e40165668d6 100644
--- a/src/main/java/edu/harvard/iq/dataverse/settings/SettingsServiceBean.java
+++ b/src/main/java/edu/harvard/iq/dataverse/settings/SettingsServiceBean.java
@@ -31,6 +31,7 @@
 import java.util.List;
 import java.util.Locale;
 import java.util.Map;
+import java.util.Objects;
 import java.util.Set;
 import java.util.StringTokenizer;
 import java.util.function.Function;
@@ -1114,6 +1115,10 @@ public JsonObject listAllAsJson() {
      * @throws IllegalArgumentException if the JSON object contains invalid keys or invalid settings.
      */
     public void setAllFromJson(JsonObject settings) {
+        if (settings == null) {
+            throw new IllegalArgumentException("Settings cannot be null");
+        }
+        
         // Validate the input
         List<String> invalidKeys = validateKeys(settings);
         if (!invalidKeys.isEmpty()) {
@@ -1331,6 +1336,7 @@ public static String convertToJsonKey(Setting setting) {
      * @return a list of invalid keys as an unmodifiable list
      */
     public static List<String> validateKeys(JsonObject settings) {
+        Objects.requireNonNull(settings, "The settings object cannot be null.");
         List<String> invalidKeys = new ArrayList<>();
         for (String key : settings.keySet()) {
             try {

From 1f8a280711bf37c05aa3273c5f6302d1dd8a4b67 Mon Sep 17 00:00:00 2001
From: Oliver Bertuch <o.bertuch@fz-juelich.de>
Date: Fri, 18 Jul 2025 17:38:30 +0200
Subject: [PATCH 239/634] feat: return operation details from `setAllFromJson`
 in `SettingsServiceBean` after bulk operation #11639

---
 .../edu/harvard/iq/dataverse/api/Admin.java   |  4 ++--
 .../settings/SettingsServiceBean.java         | 23 ++++++++++---------
 2 files changed, 14 insertions(+), 13 deletions(-)

diff --git a/src/main/java/edu/harvard/iq/dataverse/api/Admin.java b/src/main/java/edu/harvard/iq/dataverse/api/Admin.java
index e00a93a826f..1dc6e70fa3f 100644
--- a/src/main/java/edu/harvard/iq/dataverse/api/Admin.java
+++ b/src/main/java/edu/harvard/iq/dataverse/api/Admin.java
@@ -226,8 +226,8 @@ public Response putAllSettings(JsonObject settings) {
             }
             
             // Transfer to domain objects and deeper validation to be handled by the service layer.
-            settingsSvc.setAllFromJson(settings);
-            return ok("All database options successfully updated.");
+            JsonObjectBuilder successfullOperations = settingsSvc.setAllFromJson(settings);
+            return ok("All database options successfully updated.", successfullOperations);
             
         } catch (IllegalArgumentException iae) {
             return error(Response.Status.BAD_REQUEST, iae.getMessage());
diff --git a/src/main/java/edu/harvard/iq/dataverse/settings/SettingsServiceBean.java b/src/main/java/edu/harvard/iq/dataverse/settings/SettingsServiceBean.java
index e40165668d6..cd497d91329 100644
--- a/src/main/java/edu/harvard/iq/dataverse/settings/SettingsServiceBean.java
+++ b/src/main/java/edu/harvard/iq/dataverse/settings/SettingsServiceBean.java
@@ -1104,17 +1104,16 @@ public JsonObject listAllAsJson() {
     }
     
     /**
-     * Updates all settings by replacing them with the settings provided in the given JSON object.
-     * This method validates the keys and values from the JSON object, converts them into
-     * a list of Setting objects, and performs an atomic update of the internal settings.
+     * Updates all current settings from the specified JSON object. Validates the input JSON,
+     * converts it to a set of settings, and replaces all existing settings with the new ones
+     * in an atomic operation. If the settings object is null, contains invalid keys, or if the new
+     * set of settings is empty, the method throws an appropriate exception.
      *
-     * @param settings a JsonObject containing the new settings to apply.
-     *                 Each key corresponds to a setting name, and each value corresponds
-     *                 to its respective value. The keys and values will be validated before
-     *                 applying the updates.
-     * @throws IllegalArgumentException if the JSON object contains invalid keys or invalid settings.
+     * @param settings the JSON object containing the new configuration settings to be applied; must not be null
+     * @return a JsonObjectBuilder representing the operational details of the applied updates
+     * @throws IllegalArgumentException if the settings object is null, contains invalid keys, or results in empty settings
      */
-    public void setAllFromJson(JsonObject settings) {
+    public JsonObjectBuilder setAllFromJson(JsonObject settings) {
         if (settings == null) {
             throw new IllegalArgumentException("Settings cannot be null");
         }
@@ -1128,8 +1127,10 @@ public void setAllFromJson(JsonObject settings) {
         // Convert JSON to Setting objects
         Set<Setting> newSettings = convertJsonToSettings(settings);
         
-        // Perform atomic update (replace all settings)
-        replaceAllSettings(newSettings);
+        // Execute the update (in one atomic operation using a transaction)
+        Map<Setting, Op> operationalDetails = replaceAllSettings(newSettings);
+            
+        return Op.convertToJson(operationalDetails);
     }
     
     /**

From 614fc7106f86eca1688bde93fd47750b63db26f5 Mon Sep 17 00:00:00 2001
From: Oliver Bertuch <o.bertuch@fz-juelich.de>
Date: Fri, 18 Jul 2025 17:38:52 +0200
Subject: [PATCH 240/634] fix: prevent accidental removal of all settings in
 `setAllFromJson` by validating non-empty input #11639

---
 .../iq/dataverse/settings/SettingsServiceBean.java   | 12 +++++++++---
 1 file changed, 9 insertions(+), 3 deletions(-)

diff --git a/src/main/java/edu/harvard/iq/dataverse/settings/SettingsServiceBean.java b/src/main/java/edu/harvard/iq/dataverse/settings/SettingsServiceBean.java
index cd497d91329..5ff0effedff 100644
--- a/src/main/java/edu/harvard/iq/dataverse/settings/SettingsServiceBean.java
+++ b/src/main/java/edu/harvard/iq/dataverse/settings/SettingsServiceBean.java
@@ -1127,10 +1127,16 @@ public JsonObjectBuilder setAllFromJson(JsonObject settings) {
         // Convert JSON to Setting objects
         Set<Setting> newSettings = convertJsonToSettings(settings);
         
-        // Execute the update (in one atomic operation using a transaction)
-        Map<Setting, Op> operationalDetails = replaceAllSettings(newSettings);
+        // Perform atomic update (replace all settings)
+        // We don't allow to completely wipe all settings coming from JSON here, so no acciddents happen.
+        // (It's completely unrealistic someone would try to remove all settings and leave it at that.)
+        if (newSettings != null && !newSettings.isEmpty()) {
+            // Execute the update (in one atomic operation using a transaction)
+            Map<Setting, Op> operationalDetails = replaceAllSettings(newSettings);
             
-        return Op.convertToJson(operationalDetails);
+            return Op.convertToJson(operationalDetails);
+        }
+        throw new IllegalArgumentException("Settings cannot be empty - you'd wipe the entire configuration.");
     }
     
     /**

From 580039b39ac083763a0f318eabbb0adb3c052199 Mon Sep 17 00:00:00 2001
From: Oliver Bertuch <o.bertuch@fz-juelich.de>
Date: Mon, 21 Jul 2025 11:27:49 +0200
Subject: [PATCH 241/634] fix: ensure transactional integrity in
 `replaceAllSettings` using self-invocation via EJB reference #11639

Added an `EJB` self-reference in `SettingsServiceBean` to ensure proper handling of transactions, with updates to `replaceAllSettings` to use `@Transactional(REQUIRES_NEW)`. Updated method calls and comments to reflect the required use of self-invocation for EJB functionalities.
---
 .../dataverse/settings/SettingsServiceBean.java | 17 +++++++++++++++--
 1 file changed, 15 insertions(+), 2 deletions(-)

diff --git a/src/main/java/edu/harvard/iq/dataverse/settings/SettingsServiceBean.java b/src/main/java/edu/harvard/iq/dataverse/settings/SettingsServiceBean.java
index 5ff0effedff..05fe56875b3 100644
--- a/src/main/java/edu/harvard/iq/dataverse/settings/SettingsServiceBean.java
+++ b/src/main/java/edu/harvard/iq/dataverse/settings/SettingsServiceBean.java
@@ -750,6 +750,15 @@ public static SettingsServiceBean.Key parse(String key) {
     @PersistenceContext
     EntityManager em;
     
+    /**
+     * A reference to the current instance of the SettingsServiceBean.
+     * Used when self-invocation is required for internal method calls
+     * within the same bean to ensure that all EJB functionalities
+     * such as transactions and security are properly applied.
+     */
+    @EJB
+    private SettingsServiceBean self;
+    
     @EJB
     ActionLogServiceBean actionLogSvc;
     
@@ -1132,7 +1141,8 @@ public JsonObjectBuilder setAllFromJson(JsonObject settings) {
         // (It's completely unrealistic someone would try to remove all settings and leave it at that.)
         if (newSettings != null && !newSettings.isEmpty()) {
             // Execute the update (in one atomic operation using a transaction)
-            Map<Setting, Op> operationalDetails = replaceAllSettings(newSettings);
+            // Note: We need to call via self-reference so the EJB container can create a transaction as intended.
+            Map<Setting, Op> operationalDetails = self.replaceAllSettings(newSettings);
             
             return Op.convertToJson(operationalDetails);
         }
@@ -1213,6 +1223,9 @@ static JsonObjectBuilder convertToJson(Map<Setting, Op> operationalDetails) {
      * - Updates the content of existing settings that match the keys in the provided new settings.
      * - Creates new settings that are not present in the database.
      *
+     * If calling this method from within this class, make sure to use an EJB injected self-reference to it.
+     * Otherwise, the EJB container will not be able to provide a transaction as intended by {@code @Transactional}.
+     *
      * @param newSettings the set of new settings to replace the existing ones.
      *                    Each setting is uniquely identified by its name and language.
      *                    Must not be null (it may be empty).
@@ -1220,7 +1233,7 @@ static JsonObjectBuilder convertToJson(Map<Setting, Op> operationalDetails) {
      *         are the settings involved, and the values are the types of operations
      *         performed (CREATED, UPDATED, DELETED).
      */
-    @Transactional
+    @Transactional(Transactional.TxType.REQUIRES_NEW)
     public Map<Setting, Op> replaceAllSettings(Set<Setting> newSettings) {
         Objects.requireNonNull(newSettings, "The list of new settings cannot be null (it may be empty).");
         

From bd85f7201bfaf26ffb73aee7a69567c5f84750d0 Mon Sep 17 00:00:00 2001
From: Oliver Bertuch <o.bertuch@fz-juelich.de>
Date: Mon, 21 Jul 2025 12:26:55 +0200
Subject: [PATCH 242/634] fix,build: ensure proper late variable binding for
 JaCoCo configuration in `pom.xml` #11639

Updated JaCoCo settings in `pom.xml` to use `@{}` syntax for late variable binding in `argLine` for Maven Surefire and Maven Failsafe, ensuring compatibility with `prepare-agent` steps.

This seems to be compatible with IntelliJ's parser for argLine - tests execute successfully.
---
 pom.xml | 22 ++++++++++++++++++----
 1 file changed, 18 insertions(+), 4 deletions(-)

diff --git a/pom.xml b/pom.xml
index 822eaaeb79d..7a3b16a376b 100644
--- a/pom.xml
+++ b/pom.xml
@@ -21,8 +21,10 @@
         <skipUnitTests>false</skipUnitTests>
         <skipIntegrationTests>false</skipIntegrationTests>
         <it.groups>integration</it.groups>
-        <surefire.jacoco.args></surefire.jacoco.args>
-        <failsafe.jacoco.args></failsafe.jacoco.args>
+        <!-- Provide a fallback value that won't break things if JaCoCo prepare-agent steps don't set it. -->
+        <!-- Note: you must use @{} style late variable binding in argLine, otherwise JaCoCo cannot inject the right settings! -->
+        <surefire.jacoco.args>-Ddummy.jacoco.property=true</surefire.jacoco.args>
+        <failsafe.jacoco.args>-Ddummy.jacoco.property=true</failsafe.jacoco.args>
         
         <!-- By default, this module will produce a WAR file. -->
         <!-- This will be switched within the container profile! -->
@@ -1038,7 +1040,13 @@
                     <!-- testsToExclude come from the profile-->
                     <excludedGroups>${testsToExclude}</excludedGroups>
                     <skip>${skipUnitTests}</skip>
-                    <argLine>${surefire.jacoco.args} ${argLine}</argLine>
+                    <!--
+                        Note: The @{} syntax here is used for late variable binding.
+                              Otherwise we would not be able to override the defaults in <properties> with prepare-agent above.
+                              See also https://www.jacoco.org/jacoco/trunk/doc/prepare-agent-mojo.html
+                              It's ignored by IntelliJ argLine parsing.
+                    -->
+                    <argLine>@{surefire.jacoco.args} ${argLine}</argLine>
                     <excludes>
                         <exclude>**/builtin-users-spi/**</exclude>
                     </excludes>
@@ -1050,7 +1058,13 @@
                 <artifactId>maven-failsafe-plugin</artifactId>
                 <configuration>
                     <groups>${it.groups}</groups>
-                    <argLine>${failsafe.jacoco.args} ${argLine}</argLine>
+                    <!--
+                        Note: The @{} syntax here is used for late variable binding.
+                              Otherwise we would not be able to override the defaults in <properties> with prepare-agent above.
+                              See also https://www.jacoco.org/jacoco/trunk/doc/prepare-agent-mojo.html
+                              It's ignored by IntelliJ argLine parsing.
+                    -->
+                    <argLine>@{failsafe.jacoco.args} ${argLine}</argLine>
                     <skip>${skipIntegrationTests}</skip>
                 </configuration>
                 <executions>

From c91b4fc40ee70130ebfd4d18bc7dc74a6e6328c4 Mon Sep 17 00:00:00 2001
From: Oliver Bertuch <o.bertuch@fz-juelich.de>
Date: Mon, 21 Jul 2025 12:27:09 +0200
Subject: [PATCH 243/634] style: correct typo in `internalError` key in
 `JsonResponseBuilder`

---
 .../edu/harvard/iq/dataverse/api/util/JsonResponseBuilder.java  | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/main/java/edu/harvard/iq/dataverse/api/util/JsonResponseBuilder.java b/src/main/java/edu/harvard/iq/dataverse/api/util/JsonResponseBuilder.java
index a80d54508fd..9095a40c608 100644
--- a/src/main/java/edu/harvard/iq/dataverse/api/util/JsonResponseBuilder.java
+++ b/src/main/java/edu/harvard/iq/dataverse/api/util/JsonResponseBuilder.java
@@ -131,7 +131,7 @@ public JsonResponseBuilder requestContentType(HttpServletRequest request) {
      * @return The enhanced builder
      */
     public JsonResponseBuilder internalError(Throwable ex) {
-        this.entityBuilder.add("interalError", ex.getClass().getSimpleName());
+        this.entityBuilder.add("internalError", ex.getClass().getSimpleName());
         if (ex.getCause() != null) {
             this.entityBuilder.add("internalCause", ex.getCause().getClass().getSimpleName());
         }

From 4b5b6896a124c549c3fef7fd8b3e4f2a56da6e08 Mon Sep 17 00:00:00 2001
From: Oliver Bertuch <o.bertuch@fz-juelich.de>
Date: Tue, 22 Jul 2025 18:33:08 +0200
Subject: [PATCH 244/634] fix,style: update SQL and class definitions to
 standardize lowercase table names and constraint naming conventions #11639

Without converting to this PostgreSQL convention, the checks to avoid adding existing constraints failed, resulting in failing Flyway migrations during startup.
---
 .../iq/dataverse/settings/Setting.java        |  2 +-
 src/main/resources/db/migration/V6.7.0.1.sql  | 20 +++++++++---------
 src/main/resources/db/migration/V6.7.0.2.sql  | 21 +++++++++----------
 3 files changed, 21 insertions(+), 22 deletions(-)

diff --git a/src/main/java/edu/harvard/iq/dataverse/settings/Setting.java b/src/main/java/edu/harvard/iq/dataverse/settings/Setting.java
index 0f240302366..e187d3db1cc 100644
--- a/src/main/java/edu/harvard/iq/dataverse/settings/Setting.java
+++ b/src/main/java/edu/harvard/iq/dataverse/settings/Setting.java
@@ -32,7 +32,7 @@
 })
 @Entity
 @Table(uniqueConstraints = {
-    @UniqueConstraint(name = "UC_setting_name_lang", columnNames = {"name", "lang"}),
+    @UniqueConstraint(name = "uc_setting_name_lang", columnNames = {"name", "lang"}),
 })
 public class Setting implements Serializable {
 
diff --git a/src/main/resources/db/migration/V6.7.0.1.sql b/src/main/resources/db/migration/V6.7.0.1.sql
index cfe1e75d0b5..656ef04d572 100644
--- a/src/main/resources/db/migration/V6.7.0.1.sql
+++ b/src/main/resources/db/migration/V6.7.0.1.sql
@@ -6,7 +6,7 @@ DO $$
         base_setting_content TEXT;
         format_settings_cursor CURSOR FOR
             SELECT name, content
-            FROM Setting
+            FROM setting
             WHERE name LIKE ':TabularIngestSizeLimit:%'
               AND lang IS NULL;
         format_record RECORD;
@@ -18,7 +18,7 @@ DO $$
     BEGIN
         -- Check if there are any format-specific settings
         SELECT EXISTS(
-            SELECT 1 FROM Setting
+            SELECT 1 FROM setting
             WHERE name LIKE ':TabularIngestSizeLimit:%'
               AND lang IS NULL
         ) INTO has_format_settings;
@@ -31,7 +31,7 @@ DO $$
 
         -- Get the base setting (without format suffix) if it exists
         SELECT content INTO base_setting_content
-        FROM Setting
+        FROM setting
         WHERE name = ':TabularIngestSizeLimit'
           AND lang IS NULL;
 
@@ -42,7 +42,7 @@ DO $$
                 format_value := base_setting_content::BIGINT;
                 json_object := json_object || jsonb_build_object('default', format_value);
             EXCEPTION WHEN invalid_text_representation THEN
-                RAISE WARNING 'Base TabularIngestSizeLimit setting contains non-numeric value: %. Setting to 0 (disabling ingest!).', base_setting_content;
+                RAISE WARNING 'Base TabularIngestSizeLimit setting contains non-numeric value: %. Setting it to 0 (disabling ingest!).', base_setting_content;
                 json_object := json_object || jsonb_build_object('default', 0);
             END;
         END IF;
@@ -57,7 +57,7 @@ DO $$
                     format_value := format_record.content::BIGINT;
                     json_object := json_object || jsonb_build_object(format_name, format_value);
                 EXCEPTION WHEN invalid_text_representation THEN
-                    warning_message := format('Format-specific TabularIngestSizeLimit setting %s contains non-numeric value: %s. Setting to 0 (disabling ingest!).',
+                    warning_message := format('Format-specific TabularIngestSizeLimit setting %s contains non-numeric value: %s. Setting it to 0 (disabling ingest!).',
                                               format_record.name, format_record.content);
                     RAISE WARNING '%', warning_message;
                     json_object := json_object || jsonb_build_object(format_name, 0);
@@ -65,13 +65,13 @@ DO $$
             END LOOP;
 
         -- Insert or update the new JSON-based setting
-        INSERT INTO Setting (name, content, lang)
+        INSERT INTO setting (name, content, lang)
         VALUES (':TabularIngestSizeLimit', json_object::TEXT, NULL)
         ON CONFLICT (name) WHERE lang IS NULL
             DO UPDATE SET content = EXCLUDED.content;
 
         -- Delete all format-specific settings
-        DELETE FROM Setting
+        DELETE FROM setting
         WHERE name LIKE ':TabularIngestSizeLimit:%'
           AND lang IS NULL;
 
@@ -81,8 +81,8 @@ DO $$
 -- 2. Migrate BuiltinUsers.KEY to the new setting name
 DO $$
     BEGIN
-        IF EXISTS (SELECT 1 FROM Setting WHERE name = 'BuiltinUsers.KEY') THEN
-            INSERT INTO Setting (name, lang, content) VALUES (':BuiltinUsersKey', NULL, (SELECT content FROM Setting WHERE name = 'BuiltinUsers.KEY'));
-            DELETE FROM Setting WHERE name = 'BuiltinUsers.KEY';
+        IF EXISTS (SELECT 1 FROM setting WHERE name = 'BuiltinUsers.KEY') THEN
+            INSERT INTO setting (name, lang, content) VALUES (':BuiltinUsersKey', NULL, (SELECT content FROM setting WHERE name = 'BuiltinUsers.KEY'));
+            DELETE FROM setting WHERE name = 'BuiltinUsers.KEY';
         END IF;
     END $$;
\ No newline at end of file
diff --git a/src/main/resources/db/migration/V6.7.0.2.sql b/src/main/resources/db/migration/V6.7.0.2.sql
index 177f88332b7..cd4b5018b1d 100644
--- a/src/main/resources/db/migration/V6.7.0.2.sql
+++ b/src/main/resources/db/migration/V6.7.0.2.sql
@@ -4,32 +4,31 @@
 -- 3. Add NOT NULL constraints and unique constraint for name+lang pairs
 
 -- First, update any existing NULL lang values to empty string
-UPDATE Setting SET lang = '' WHERE lang IS NULL;
+UPDATE setting SET lang = '' WHERE lang IS NULL;
 
 -- Postgres doesn't support IF NOT EXISTS for ALTER COLUMN or ADD CONSTRAINT, so we need conditional logic
 DO $$
 BEGIN
     -- Only alter columns if they need to be changed
     IF EXISTS (SELECT 1 FROM information_schema.columns
-               WHERE table_name = 'Setting' AND column_name = 'name'
+               WHERE table_name = 'setting' AND column_name = 'name'
                AND (data_type = 'text' OR is_nullable = 'YES')) THEN
         ALTER TABLE setting ALTER COLUMN name TYPE VARCHAR(255);
-        ALTER TABLE Setting ALTER COLUMN name SET NOT NULL;
+        ALTER TABLE setting ALTER COLUMN name SET NOT NULL;
     END IF;
 
     IF EXISTS (SELECT 1 FROM information_schema.columns
-               WHERE table_name = 'Setting' AND column_name = 'lang'
+               WHERE table_name = 'setting' AND column_name = 'lang'
                AND (data_type = 'text' OR is_nullable = 'YES')) THEN
-        ALTER TABLE Setting ALTER COLUMN lang TYPE VARCHAR(10);
-        ALTER TABLE Setting ALTER COLUMN lang SET NOT NULL;
-        ALTER TABLE Setting ALTER COLUMN lang SET DEFAULT '';
+        ALTER TABLE setting ALTER COLUMN lang TYPE VARCHAR(10);
+        ALTER TABLE setting ALTER COLUMN lang SET NOT NULL;
+        ALTER TABLE setting ALTER COLUMN lang SET DEFAULT '';
     END IF;
 
     IF NOT EXISTS (SELECT 1 FROM information_schema.table_constraints
-                   WHERE table_name = 'Setting'
-                     AND constraint_name = 'UC_setting_name_lang'
+                   WHERE table_name = 'setting'
+                     AND constraint_name = 'uc_setting_name_lang'
                      AND constraint_type = 'UNIQUE') THEN
-        ALTER TABLE Setting ADD CONSTRAINT UC_setting_name_lang UNIQUE (name, lang);
+        ALTER TABLE setting ADD CONSTRAINT uc_setting_name_lang UNIQUE (name, lang);
     END IF;
-
 END $$;

From c7434a5cae652e811cfa97cb8cdbf1cddd51fd3e Mon Sep 17 00:00:00 2001
From: Oliver Bertuch <o.bertuch@fz-juelich.de>
Date: Tue, 22 Jul 2025 18:33:33 +0200
Subject: [PATCH 245/634] fix: update Flyway migration to replace constraints
 and indexes in `setting` table for consistent validation #11639

Added conditional logic to drop outdated constraints and the unique index in the `setting` table. New validation imposes restrictions with an empty `lang` as the default. Revamped design aligns with API validation requirements.
---
 src/main/resources/db/migration/V6.7.0.2.sql | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/src/main/resources/db/migration/V6.7.0.2.sql b/src/main/resources/db/migration/V6.7.0.2.sql
index cd4b5018b1d..07a568f0834 100644
--- a/src/main/resources/db/migration/V6.7.0.2.sql
+++ b/src/main/resources/db/migration/V6.7.0.2.sql
@@ -9,6 +9,13 @@ UPDATE setting SET lang = '' WHERE lang IS NULL;
 -- Postgres doesn't support IF NOT EXISTS for ALTER COLUMN or ADD CONSTRAINT, so we need conditional logic
 DO $$
 BEGIN
+    -- These database constraints were added with Dataverse 4.15, but they had no representation in the code,
+    -- not even a comment about their existence. See also Flyway script V4.16.0.1__5303-addColumn-to-settingTable.sql.
+    -- We are going to replace them with the new design here, using an empty lang as default.
+    -- Before, lang could be more or less anything. Now we do imply restrictions on validation within the API.
+    ALTER TABLE setting DROP CONSTRAINT IF EXISTS non_empty_lang;
+    DROP INDEX IF EXISTS unique_settings;
+
     -- Only alter columns if they need to be changed
     IF EXISTS (SELECT 1 FROM information_schema.columns
                WHERE table_name = 'setting' AND column_name = 'name'

From ff45c8096afc63a3fa5582f37caf3599bec4b5b8 Mon Sep 17 00:00:00 2001
From: Oliver Bertuch <o.bertuch@fz-juelich.de>
Date: Tue, 22 Jul 2025 18:34:28 +0200
Subject: [PATCH 246/634] fix: update `get` method in `Admin` API to handle
 third parameter for settings retrieval #11639

This was wrongly requesting the setting, using the language parameter as the default value if not configured.
---
 src/main/java/edu/harvard/iq/dataverse/api/Admin.java | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/main/java/edu/harvard/iq/dataverse/api/Admin.java b/src/main/java/edu/harvard/iq/dataverse/api/Admin.java
index 1dc6e70fa3f..d81b5115ea1 100644
--- a/src/main/java/edu/harvard/iq/dataverse/api/Admin.java
+++ b/src/main/java/edu/harvard/iq/dataverse/api/Admin.java
@@ -281,7 +281,7 @@ public Response getSetting(@PathParam("name") String name, @PathParam("lang") St
             SettingsServiceBean.validateSettingName(name);
             SettingsServiceBean.validateSettingLang(lang);
             
-            String content = settingsSvc.get(name, lang);
+            String content = settingsSvc.get(name, lang, null);
             return (content != null) ? ok(content) : notFound("Setting " + name + " for language " + lang + " not found.");
         } catch (IllegalArgumentException iae) {
             return error(Response.Status.BAD_REQUEST, iae.getMessage());

From 11890681720d13ca349f3dcab1b8489ea4dd4397 Mon Sep 17 00:00:00 2001
From: Oliver Bertuch <o.bertuch@fz-juelich.de>
Date: Tue, 22 Jul 2025 18:42:57 +0200
Subject: [PATCH 247/634] test: add nested test cases for settings API in
 `AdminIT` #11639

- Introduced new nested test class `SettingsAPI` to `AdminIT` with focused test cases for settings retrieval, updates, and localization handling.
- Added utility methods in `UtilIT` to support language-specific settings operations.
- Ensured thorough cleanup in tests to prevent state leakage.
---
 .../edu/harvard/iq/dataverse/api/AdminIT.java | 187 ++++++++++++++++--
 .../edu/harvard/iq/dataverse/api/UtilIT.java  |   5 +
 2 files changed, 175 insertions(+), 17 deletions(-)

diff --git a/src/test/java/edu/harvard/iq/dataverse/api/AdminIT.java b/src/test/java/edu/harvard/iq/dataverse/api/AdminIT.java
index b48c5507a54..8143796cbf1 100644
--- a/src/test/java/edu/harvard/iq/dataverse/api/AdminIT.java
+++ b/src/test/java/edu/harvard/iq/dataverse/api/AdminIT.java
@@ -1,38 +1,48 @@
 package edu.harvard.iq.dataverse.api;
 
-import io.restassured.RestAssured;
-import io.restassured.path.json.JsonPath;
-import io.restassured.response.Response;
 import edu.harvard.iq.dataverse.DataFile;
 import edu.harvard.iq.dataverse.authorization.providers.builtin.BuiltinAuthenticationProvider;
 import edu.harvard.iq.dataverse.authorization.providers.oauth2.impl.GitHubOAuth2AP;
 import edu.harvard.iq.dataverse.authorization.providers.oauth2.impl.OrcidOAuth2AP;
 import edu.harvard.iq.dataverse.settings.SettingsServiceBean;
-
-import java.io.IOException;
-import java.nio.file.Files;
-import java.nio.file.Paths;
-import java.util.ArrayList;
-import java.util.HashMap;
-import java.util.List;
-
+import io.restassured.RestAssured;
+import io.restassured.path.json.JsonPath;
+import io.restassured.response.Response;
 import jakarta.json.Json;
 import jakarta.json.JsonArray;
+import jakarta.json.JsonObject;
+import org.junit.jupiter.api.AfterAll;
+import org.junit.jupiter.api.Assumptions;
+import org.junit.jupiter.api.BeforeAll;
 import org.junit.jupiter.api.Disabled;
+import org.junit.jupiter.api.Nested;
 import org.junit.jupiter.api.Test;
-import org.junit.jupiter.api.BeforeAll;
 import org.junit.jupiter.params.ParameterizedTest;
 import org.junit.jupiter.params.provider.ValueSource;
 
-
-
+import java.io.IOException;
+import java.nio.file.Files;
+import java.nio.file.Paths;
+import java.util.ArrayList;
+import java.util.HashMap;
+import java.util.List;
 import java.util.Map;
 import java.util.UUID;
 import java.util.logging.Logger;
 
-import static jakarta.ws.rs.core.Response.Status.*;
-import static org.hamcrest.CoreMatchers.*;
+import static io.restassured.RestAssured.given;
+import static jakarta.ws.rs.core.Response.Status.BAD_REQUEST;
+import static jakarta.ws.rs.core.Response.Status.CREATED;
+import static jakarta.ws.rs.core.Response.Status.FORBIDDEN;
+import static jakarta.ws.rs.core.Response.Status.INTERNAL_SERVER_ERROR;
+import static jakarta.ws.rs.core.Response.Status.NOT_FOUND;
+import static jakarta.ws.rs.core.Response.Status.OK;
+import static jakarta.ws.rs.core.Response.Status.UNAUTHORIZED;
+import static org.hamcrest.CoreMatchers.containsString;
+import static org.hamcrest.CoreMatchers.equalTo;
+import static org.hamcrest.CoreMatchers.notNullValue;
 import static org.junit.jupiter.api.Assertions.assertEquals;
+import static org.junit.jupiter.api.Assertions.assertFalse;
 import static org.junit.jupiter.api.Assertions.assertTrue;
 
 public class AdminIT {
@@ -45,7 +55,150 @@ public class AdminIT {
     public static void setUp() {
         RestAssured.baseURI = UtilIT.getRestAssuredBaseUri();
     }
-
+    
+    @Nested
+    class SettingsAPI {
+        
+        static final SettingsServiceBean.Key harmlessSetting = SettingsServiceBean.Key.InstallationName;
+        static final String harmlessValue = "Test Instance Name";
+        static final String language = "fr";
+        static final String harmlessL10nValue = "Nom de l'instance de test";
+        
+        @AfterAll
+        static void destroy() {
+            // No leftover settings after breaking tests!
+            UtilIT.deleteSetting(harmlessSetting);
+            UtilIT.deleteSetting(harmlessSetting, language);
+        }
+        
+        @Test
+        void testSettingsRoundTrip() {
+            Assumptions.assumeTrue(UtilIT.getSetting(harmlessSetting).statusCode() == NOT_FOUND.getStatusCode(), "Harmless setting should not exist yet.");
+            Assumptions.assumeTrue(UtilIT.getSetting(harmlessSetting, language).statusCode() == NOT_FOUND.getStatusCode(), "Harmless localized setting should not exist yet.");
+            
+            // Step 0: Add a localized setting so we can make sure the put all can cope with that, too.
+            UtilIT.setSetting(harmlessSetting, harmlessL10nValue, language);
+            
+            // Step 1: Get current settings state
+            Response getResponse = given()
+                .when()
+                .get("/api/admin/settings");
+            
+            getResponse.then()
+                .assertThat()
+                .statusCode(OK.getStatusCode())
+                .contentType("application/json")
+                .body("status", equalTo("OK"))
+                .body("data.'"+harmlessSetting+"/lang/"+language+"'", equalTo(harmlessL10nValue));
+            
+            // Store original settings as JsonObject for later restoration
+            JsonObject originalSettings = Json.createReader(getResponse.body().asInputStream())
+                .readObject()
+                .getJsonObject("data");
+            
+            // Step 2: Set our harmless test setting using UtilIT
+            Response setResponse = UtilIT.setSetting(harmlessSetting.toString(), harmlessValue);
+            setResponse.then()
+                .assertThat()
+                .statusCode(OK.getStatusCode());
+            
+            // Step 3: Verify the harmless setting was set
+            Response verifySetResponse = UtilIT.getSetting(harmlessSetting);
+            
+            verifySetResponse.then()
+                .assertThat()
+                .statusCode(OK.getStatusCode())
+                .body("data.message", equalTo(harmlessValue));
+            
+            // Step 4: Put back the original settings (this is what we're testing)
+            Response putResponse = given()
+                //.header("X-Dataverse-key", "")
+                .header("Content-Type", "application/json")
+                .body(originalSettings.toString())
+                .when()
+                .put("/api/admin/settings");
+            
+            putResponse.then()
+                .assertThat()
+                .statusCode(OK.getStatusCode())
+                .body("status", equalTo("OK"))
+                .body("message.message", containsString("successfully updated"));
+            
+            // Step 5: Verify the harmless setting is gone (restored to original state)
+            Response verifyRestoredResponse = given()
+                //.header("X-Dataverse-key", "")
+                .when()
+                .get("/api/admin/settings" + harmlessSetting.toString());
+            
+            verifyRestoredResponse.then()
+                .assertThat()
+                .statusCode(NOT_FOUND.getStatusCode()); // Should not exist anymore
+            
+            // Step 6: Verify overall settings state matches original
+            Response finalGetResponse = given()
+                //.header("X-Dataverse-key", "")
+                .when()
+                .get("/api/admin/settings");
+            
+            finalGetResponse.then()
+                .assertThat()
+                .statusCode(OK.getStatusCode());
+            
+            // Store original settings as JsonObject for later restoration
+            JsonObject finalSettings = Json.createReader(getResponse.body().asInputStream())
+                .readObject()
+                .getJsonObject("data");
+            
+            // Verify the settings are back to original state (our test setting should be absent)
+            assertFalse(finalSettings.containsKey(harmlessSetting.toString()), "Harmless setting should not exist in restored settings");
+            
+            // Cleanup: delete the localized setting
+            UtilIT.deleteSetting(harmlessSetting, language);
+        }
+        
+        @Test
+        void testGetAllSettingsWithLocalization() {
+            int statusCode = UtilIT.getSetting(harmlessSetting, language).statusCode();
+            Assumptions.assumeTrue(statusCode == NOT_FOUND.getStatusCode(), "Harmless localized setting should not exist yet. Status Code: " + statusCode);
+            
+            // Given
+            UtilIT.setSetting(harmlessSetting, harmlessL10nValue, language);
+            
+            // When
+            Response getResponse = given()
+                .when()
+                .get("/api/admin/settings");
+            
+            // Then
+            getResponse.then()
+                .assertThat()
+                .statusCode(OK.getStatusCode())
+                .contentType("application/json")
+                .body("status", equalTo("OK"))
+                .body("data.'"+harmlessSetting+"/lang/"+language+"'", equalTo(harmlessL10nValue));
+            
+            // Cleanup
+            UtilIT.deleteSetting(harmlessSetting, language);
+        }
+        
+        @Test
+        void testPutAllSettingsWithEmptyJson() {
+            // Test error handling for empty JSON
+            Response response = given()
+                //.header("X-Dataverse-key", UtilIT.getSuperuserApiToken())
+                .header("Content-Type", "application/json")
+                .body("{}")
+                .when()
+                .put("/api/admin/settings");
+            
+            response.then()
+                .assertThat()
+                .statusCode(BAD_REQUEST.getStatusCode())
+                .body("message", containsString("Empty or invalid JSON object"));
+        }
+    }
+    
+    
     @Test
     public void testListAuthenticatedUsers() throws Exception {
         Response anon = UtilIT.listAuthenticatedUsers(testNonSuperuserApiToken);
diff --git a/src/test/java/edu/harvard/iq/dataverse/api/UtilIT.java b/src/test/java/edu/harvard/iq/dataverse/api/UtilIT.java
index eba8181e566..aa11ceb0d18 100644
--- a/src/test/java/edu/harvard/iq/dataverse/api/UtilIT.java
+++ b/src/test/java/edu/harvard/iq/dataverse/api/UtilIT.java
@@ -2511,6 +2511,11 @@ static Response getSetting(SettingsServiceBean.Key settingKey) {
         Response response = given().when().get("/api/admin/settings/" + settingKey);
         return response;
     }
+    
+    static Response getSetting(SettingsServiceBean.Key settingKey, String language) {
+        Response response = given().when().get("/api/admin/settings/" + settingKey + "/lang/" + language);
+        return response;
+    }
 
     static Response setSetting(SettingsServiceBean.Key settingKey, String value) {
         Response response = given().body(value).when().put("/api/admin/settings/" + settingKey);

From 982e0921524d8d15e9a6101c00e91d14a6f2b759 Mon Sep 17 00:00:00 2001
From: Oliver Bertuch <o.bertuch@fz-juelich.de>
Date: Wed, 23 Jul 2025 17:18:11 +0200
Subject: [PATCH 248/634] docs: add release note and API docs for #11639

---
 .../11639-db-opts-idempotency.md              | 21 ++++++++++
 doc/sphinx-guides/source/api/native-api.rst   | 38 ++++++++++++++++---
 .../source/installation/config.rst            |  2 +
 3 files changed, 56 insertions(+), 5 deletions(-)
 create mode 100644 doc/release-notes/11639-db-opts-idempotency.md

diff --git a/doc/release-notes/11639-db-opts-idempotency.md b/doc/release-notes/11639-db-opts-idempotency.md
new file mode 100644
index 00000000000..2af82f4ffda
--- /dev/null
+++ b/doc/release-notes/11639-db-opts-idempotency.md
@@ -0,0 +1,21 @@
+## Database Settings Cleanup
+
+With this release, we remove some legacy specialties around Database Settings and provide better Admin API endpoints for them.
+
+Most important changes:
+
+1. Setting `BuiltinUsers.KEY` was renamed to `:BuiltinUsersKey`, aligned with our general naming pattern for options.
+2. Setting `:TabularIngestSizeLimit` no longer uses suffixes for formats and becomes a JSON-based setting instead.
+3. If set, both settings will be migrated to their new form automatically for you (Flyway migration).
+4. You can no longer (accidentally) create or use arbitrary setting names or languages.
+   All Admin API endpoints for settings now validate setting names and languages for existence and compliance.
+
+As an administrator of a Dataverse instance, you can now make use of enhanced Bulk Operations on the Settings Admin API:
+
+1. Retrieving all settings as JSON via `GET /api/admin/settings` supports localized options now, too.
+2. You can replace all existing settings in an idempotent way sending JSON to `PUT /api/admin/settings`.
+   This will create, update and remove settings as necessary in one atomic operation.  
+   The new endpoint is especially useful to admins using GitOps or other automations.
+   It allows control over all Database Settings from a single source without risking an undefined state.
+
+Note: Despite the validation of setting names and languages, the content of any database setting is still not being validated when using the Settings Admin API!
diff --git a/doc/sphinx-guides/source/api/native-api.rst b/doc/sphinx-guides/source/api/native-api.rst
index 7dc50e7a532..c55fc424496 100644
--- a/doc/sphinx-guides/source/api/native-api.rst
+++ b/doc/sphinx-guides/source/api/native-api.rst
@@ -6775,7 +6775,11 @@ If the PID is not managed by Dataverse, this call will report if the PID is reco
 Admin
 -----
 
-This is the administrative part of the API. For security reasons, it is absolutely essential that you block it before allowing public access to a Dataverse installation. Blocking can be done using settings. See the ``post-install-api-block.sh`` script in the ``scripts/api`` folder for details. See :ref:`blocking-api-endpoints` in Securing Your Installation section of the Configuration page of the Installation Guide.
+This is the administrative part of the API.
+For security reasons, it is absolutely essential that you block it before allowing public access to a Dataverse installation.
+Blocking can be done using settings.
+See the ``post-install-api-block.sh`` script in the ``scripts/api`` folder for details.
+See :ref:`blocking-api-endpoints` in Securing Your Installation section of the Configuration page of the Installation Guide.
 
 List All Database Settings
 ~~~~~~~~~~~~~~~~~~~~~~~~~~
@@ -6784,13 +6788,29 @@ List all settings::
 
   GET http://$SERVER/api/admin/settings
 
-Configure Database Setting
-~~~~~~~~~~~~~~~~~~~~~~~~~~
+.. _settings_put_bulk:
+
+Configure All Database Settings
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+Replace all settings in a single idempotent and atomic operation::
+
+  PUT http://$SERVER/api/admin/settings
+
+See JSON ``data`` object in output of ``GET /api/admin/settings`` for the JSON input structure for this endpoint.
+The :doc:`../installation/config` page of the Installation Guide has a :ref:`complete list of all the available settings <database-settings>`.
+
+Configure Single Database Setting
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 Sets setting ``name`` to the body of the request::
 
   PUT http://$SERVER/api/admin/settings/$name
 
+Sets a localized setting ``name`` for locale/language ``lang`` to the body of the request::
+
+  PUT http://$SERVER/api/admin/settings/$name/lang/$lang
+
 Get Single Database Setting
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
@@ -6798,13 +6818,21 @@ Get the setting under ``name``::
 
   GET http://$SERVER/api/admin/settings/$name
 
-Delete Database Setting
-~~~~~~~~~~~~~~~~~~~~~~~
+Gets a localized setting under ``name`` for locale/language ``lang``::
+
+  GET http://$SERVER/api/admin/settings/$name/lang/$lang
+
+Delete Single Database Setting
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 Delete the setting under ``name``::
 
   DELETE http://$SERVER/api/admin/settings/$name
 
+Delete a localized setting under ``name`` for locale/language ``lang``::
+
+  DELETE http://$SERVER/api/admin/settings/$name/lang/$lang
+
 .. _list-all-feature-flags:
 
 List All Feature Flags
diff --git a/doc/sphinx-guides/source/installation/config.rst b/doc/sphinx-guides/source/installation/config.rst
index 8722da19b78..f064cc51a06 100644
--- a/doc/sphinx-guides/source/installation/config.rst
+++ b/doc/sphinx-guides/source/installation/config.rst
@@ -3879,6 +3879,8 @@ The most commonly used configuration options are listed first.
 
 The pattern you will observe in curl examples below is that an HTTP ``PUT`` is used to add or modify a setting. If you perform an HTTP ``GET`` (the default when using curl), the output will contain the value of the setting, if it has been set. You can also do a ``GET`` of all settings with ``curl http://localhost:8080/api/admin/settings`` which you may want to pretty-print by piping the output through a tool such as jq by appending ``| jq .``. If you want to remove a setting, use an HTTP ``DELETE`` such as ``curl -X DELETE http://localhost:8080/api/admin/settings/:GuidesBaseUrl`` .
 
+For your convenience, there is also an Admin API endpoint to :ref:`bulk manage database settings in an atomic, idempotent fashion <settings_put_bulk>`.
+
 .. _:BlockedApiPolicy:
 
 :BlockedApiPolicy (Deprecated)

From 1b06dfb868ca84443d3a541b853d478a854cfc1c Mon Sep 17 00:00:00 2001
From: Oliver Bertuch <o.bertuch@fz-juelich.de>
Date: Wed, 23 Jul 2025 18:27:49 +0200
Subject: [PATCH 249/634] feat: add `UNCHANGED` state handling in
 `SettingsServiceBean` operations #11639

- Introduced `UNCHANGED` as a new operation type for settings.
- Updated `convertToJson` method to include unchanged settings in JSON output.
- Enhanced `replaceAllSettings` logic to track unchanged settings when content remains identical.
- The reason for this is idempotency: if nothing changed, nothing should be done. Replacing the present content of an existing setting is unnecessary, wasting CPU cycles, and we also want the admin to be informed about what actually is getting changed. Before, all of these unchanged elements would be counted as "updated".
---
 .../settings/SettingsServiceBean.java         | 20 +++++++++++++------
 1 file changed, 14 insertions(+), 6 deletions(-)

diff --git a/src/main/java/edu/harvard/iq/dataverse/settings/SettingsServiceBean.java b/src/main/java/edu/harvard/iq/dataverse/settings/SettingsServiceBean.java
index 05fe56875b3..5f82030eb75 100644
--- a/src/main/java/edu/harvard/iq/dataverse/settings/SettingsServiceBean.java
+++ b/src/main/java/edu/harvard/iq/dataverse/settings/SettingsServiceBean.java
@@ -1191,7 +1191,8 @@ static Set<Setting> convertJsonToSettings(JsonObject settings) {
     static enum Op {
         UPDATED,
         CREATED,
-        DELETED;
+        DELETED,
+        UNCHANGED;
         
         static JsonObjectBuilder convertToJson(Map<Setting, Op> operationalDetails) {
             // Create a nice represenation of what happened as Json
@@ -1199,6 +1200,7 @@ static JsonObjectBuilder convertToJson(Map<Setting, Op> operationalDetails) {
             JsonArrayBuilder created = Json.createArrayBuilder();
             JsonArrayBuilder updated = Json.createArrayBuilder();
             JsonArrayBuilder deleted = Json.createArrayBuilder();
+            JsonArrayBuilder unchanged = Json.createArrayBuilder();
             
             operationalDetails.forEach((setting, op) -> {
                 String name = convertToJsonKey(setting);
@@ -1206,13 +1208,15 @@ static JsonObjectBuilder convertToJson(Map<Setting, Op> operationalDetails) {
                     case CREATED -> created.add(name);
                     case UPDATED -> updated.add(name);
                     case DELETED -> deleted.add(name);
+                    case UNCHANGED -> unchanged.add(name);
                 }
             });
             
             return jbo
                 .add("created", created)
                 .add("updated", updated)
-                .add("deleted", deleted);
+                .add("deleted", deleted)
+                .add("unchanged", unchanged);
         }
     }
     
@@ -1268,10 +1272,14 @@ public Map<Setting, Op> replaceAllSettings(Set<Setting> newSettings) {
             // Setting exists in both - update with new values
             } else {
                 Setting newSetting = newByKey.get(key);
-                // We use the already managed entity and update it with the content of the new setting.
-                // (This means we don't need to call em.merge(), the ORM will track and execute it for us.)
-                existingSetting.setContent(newSetting.getContent());
-                opsTracking.put(existingSetting, Op.UPDATED);
+                if (existingSetting.getContent().equals(newSetting.getContent())) {
+                    opsTracking.put(existingSetting, Op.UNCHANGED);
+                } else {
+                    // We use the already managed entity and update it with the content of the new setting.
+                    // (This means we don't need to call em.merge(), the ORM will track and execute it for us.)
+                    existingSetting.setContent(newSetting.getContent());
+                    opsTracking.put(existingSetting, Op.UPDATED);
+                }
             }
         }
         

From d500650ceddcd816c3b898dea8311358d9d3941a Mon Sep 17 00:00:00 2001
From: Oliver Bertuch <o.bertuch@fz-juelich.de>
Date: Wed, 23 Jul 2025 18:28:05 +0200
Subject: [PATCH 250/634] test: add unit tests for `replaceAllSettings` in
 `SettingsServiceBean` #11639

- Introduced a nested test class to validate `replaceAllSettings` behavior.
- Added test cases to cover scenarios for null input, updates, deletions, creations, and unchanged settings.
- Ensured proper mock verifications to validate interactions with `EntityManager` and prevent state leakage in tests.
---
 .../settings/SettingsServiceBeanTest.java     | 87 +++++++++++++++++++
 1 file changed, 87 insertions(+)

diff --git a/src/test/java/edu/harvard/iq/dataverse/settings/SettingsServiceBeanTest.java b/src/test/java/edu/harvard/iq/dataverse/settings/SettingsServiceBeanTest.java
index bcc82933226..2b0ba2871f9 100644
--- a/src/test/java/edu/harvard/iq/dataverse/settings/SettingsServiceBeanTest.java
+++ b/src/test/java/edu/harvard/iq/dataverse/settings/SettingsServiceBeanTest.java
@@ -4,6 +4,7 @@
 import jakarta.json.JsonObject;
 import jakarta.persistence.EntityManager;
 import jakarta.persistence.TypedQuery;
+import org.junit.jupiter.api.AfterEach;
 import org.junit.jupiter.api.BeforeAll;
 import org.junit.jupiter.api.Nested;
 import org.junit.jupiter.api.Test;
@@ -16,12 +17,17 @@
 
 import java.util.Collections;
 import java.util.List;
+import java.util.Map;
 import java.util.Set;
 
 import static org.junit.jupiter.api.Assertions.assertDoesNotThrow;
 import static org.junit.jupiter.api.Assertions.assertEquals;
 import static org.junit.jupiter.api.Assertions.assertThrows;
+import static org.mockito.ArgumentMatchers.any;
+import static org.mockito.Mockito.clearInvocations;
 import static org.mockito.Mockito.mock;
+import static org.mockito.Mockito.never;
+import static org.mockito.Mockito.verify;
 import static org.mockito.Mockito.when;
 
 class SettingsServiceBeanTest {
@@ -315,4 +321,85 @@ void testConvertJsonToSettings_complexJsonValue() {
         
         
     }
+    
+    @Nested
+    class ReplaceAllSettingsTest {
+        
+        static TypedQuery<Setting> typedQuery = mock(TypedQuery.class);
+        static EntityManager em = mock(EntityManager.class);
+        static SettingsServiceBean settingsServiceBean = new SettingsServiceBean();
+        
+        @BeforeAll
+        static void setup() {
+            settingsServiceBean.em = em;
+            
+            when(em.createNamedQuery(
+                ArgumentMatchers.eq("Setting.findAll"),
+                ArgumentMatchers.eq(Setting.class)))
+                .thenReturn(typedQuery);
+        }
+        
+        @AfterEach
+        void reset() {
+            // After each test, we need to clear the invocations for test isolation.
+            clearInvocations(em);
+        }
+        
+        @Test
+        void testReplaceAllSettings_null() {
+            // When/Then
+            NullPointerException exception = assertThrows(NullPointerException.class,
+                () -> settingsServiceBean.replaceAllSettings(null));
+            assertEquals("The list of new settings cannot be null (it may be empty).", exception.getMessage());
+        }
+        
+        @Test
+        void testReplaceAllSettings_updateDeleteCreate() {
+            // Given
+            Setting existingSetting1 = new Setting(":Key1", "Value1");
+            Setting existingSetting2 = new Setting(":Key2", "Value2");
+            Setting newSetting1 = new Setting(":Key1", "UpdatedValue1");
+            Setting newSetting3 = new Setting(":Key3", "Value3");
+            
+            when(typedQuery.getResultList()).thenReturn(List.of(existingSetting1, existingSetting2));
+            
+            // When
+            Map<Setting, SettingsServiceBean.Op> result = settingsServiceBean.replaceAllSettings(Set.of(newSetting1, newSetting3));
+            
+            // Then
+            assertEquals(3, result.size());
+            assertEquals(SettingsServiceBean.Op.UPDATED, result.get(existingSetting1));
+            assertEquals(SettingsServiceBean.Op.DELETED, result.get(existingSetting2));
+            assertEquals(SettingsServiceBean.Op.CREATED, result.get(newSetting3));
+            // We cannot track the em.merge() call in this unit-test, as this happens in ORM code, beyond our reach.
+            // Thus check the update to the ORM-tracked entity happened.
+            assertEquals("UpdatedValue1", existingSetting1.getContent());
+            
+            // Verify interactions
+            verify(em).remove(existingSetting2);
+            verify(em).persist(newSetting3);
+            verify(em).flush(); // verify persistence is enforced
+        }
+        
+        @Test
+        void testReplaceAllSettings_noChanges() {
+            // Given
+            Setting existingSetting = new Setting(":Key1", "Value1");
+            Setting newSetting = new Setting(":Key1", "Value1");
+            
+            when(typedQuery.getResultList()).thenReturn(List.of(existingSetting));
+            
+            // When
+            Map<Setting, SettingsServiceBean.Op> result = settingsServiceBean.replaceAllSettings(Set.of(newSetting));
+            
+            // Then
+            assertEquals(1, result.size());
+            assertEquals(SettingsServiceBean.Op.UNCHANGED, result.get(existingSetting));
+            
+            // Verify no interactions causing change
+            verify(em, never()).persist(any(Setting.class));
+            verify(em, never()).remove(any(Setting.class));
+            verify(em, never()).merge(any(Setting.class));
+        }
+    }
 }
\ No newline at end of file

From 4758f86d957f5f3459ef7457157ebed6fa175ae0 Mon Sep 17 00:00:00 2001
From: Oliver Bertuch <o.bertuch@fz-juelich.de>
Date: Thu, 24 Jul 2025 10:50:44 +0200
Subject: [PATCH 251/634] refactor: introduce `SettingsValidationException` for
 enhanced error handling in settings logic #11639

- Replaced `IllegalArgumentException` with a custom `SettingsValidationException` for improved specificity.
- Updated all related methods in `SettingsServiceBean` and `Admin` API to use the new exception.
- Added `SettingsValidationException` class as an application-level exception with rollback support.
- This way we don't see wrapped exceptions (either as EJBException or EJBTransactionRollbackException), as we tell the EJB system this is a known exception.
- It may also make Copilot Review happy, as we are limiting the chances of leaking internal information with this specific exception.
---
 .../edu/harvard/iq/dataverse/api/Admin.java   | 26 +++++++++----------
 .../settings/SettingsServiceBean.java         | 26 +++++++++----------
 .../settings/SettingsValidationException.java | 10 +++++++
 .../settings/SettingsServiceBeanTest.java     |  4 +--
 4 files changed, 38 insertions(+), 28 deletions(-)
 create mode 100644 src/main/java/edu/harvard/iq/dataverse/settings/SettingsValidationException.java

diff --git a/src/main/java/edu/harvard/iq/dataverse/api/Admin.java b/src/main/java/edu/harvard/iq/dataverse/api/Admin.java
index d81b5115ea1..de7890250e9 100644
--- a/src/main/java/edu/harvard/iq/dataverse/api/Admin.java
+++ b/src/main/java/edu/harvard/iq/dataverse/api/Admin.java
@@ -18,6 +18,7 @@
 import edu.harvard.iq.dataverse.FileMetadata;
 import edu.harvard.iq.dataverse.api.auth.AuthRequired;
 import edu.harvard.iq.dataverse.settings.JvmSettings;
+import edu.harvard.iq.dataverse.settings.SettingsValidationException;
 import edu.harvard.iq.dataverse.util.StringUtil;
 import edu.harvard.iq.dataverse.util.cache.CacheFactoryBean;
 import edu.harvard.iq.dataverse.util.json.NullSafeJsonBuilder;
@@ -228,9 +229,8 @@ public Response putAllSettings(JsonObject settings) {
             // Transfer to domain objects and deeper validation to be handled by the service layer.
             JsonObjectBuilder successfullOperations = settingsSvc.setAllFromJson(settings);
             return ok("All database options successfully updated.", successfullOperations);
-            
-        } catch (IllegalArgumentException iae) {
-            return error(Response.Status.BAD_REQUEST, iae.getMessage());
+        } catch (SettingsValidationException sve) {
+            return error(Response.Status.BAD_REQUEST, sve.getMessage());
         }
     }
     
@@ -242,8 +242,8 @@ public Response putSetting(@PathParam("name") String name, String content) {
             
             Setting s = settingsSvc.set(name, content);
             return ok("Setting " + name + " added.");
-        } catch (IllegalArgumentException iae) {
-            return error(Response.Status.BAD_REQUEST, iae.getMessage());
+        } catch (SettingsValidationException sve) {
+            return error(Response.Status.BAD_REQUEST, sve.getMessage());
         }
     }
 
@@ -256,8 +256,8 @@ public Response putSettingLang(@PathParam("name") String name, @PathParam("lang"
             
             Setting s = settingsSvc.set(name, lang, content);
             return ok("Setting " + name + " added for language " + lang + ".");
-        } catch (IllegalArgumentException iae) {
-            return error(Response.Status.BAD_REQUEST, iae.getMessage());
+        } catch (SettingsValidationException sve) {
+            return error(Response.Status.BAD_REQUEST, sve.getMessage());
         }
     }
 
@@ -283,8 +283,8 @@ public Response getSetting(@PathParam("name") String name, @PathParam("lang") St
             
             String content = settingsSvc.get(name, lang, null);
             return (content != null) ? ok(content) : notFound("Setting " + name + " for language " + lang + " not found.");
-        } catch (IllegalArgumentException iae) {
-            return error(Response.Status.BAD_REQUEST, iae.getMessage());
+        } catch (SettingsValidationException sve) {
+            return error(Response.Status.BAD_REQUEST, sve.getMessage());
         }
     }
 
@@ -296,8 +296,8 @@ public Response deleteSetting(@PathParam("name") String name) {
             
             settingsSvc.delete(name);
             return ok("Setting " + name + " deleted.");
-        } catch (IllegalArgumentException iae) {
-            return error(Response.Status.BAD_REQUEST, iae.getMessage());
+        } catch (SettingsValidationException sve) {
+            return error(Response.Status.BAD_REQUEST, sve.getMessage());
         }
     }
 
@@ -310,8 +310,8 @@ public Response deleteSettingLang(@PathParam("name") String name, @PathParam("la
             
             settingsSvc.delete(name, lang);
             return ok("Setting " + name + " for language " + lang + " deleted.");
-        } catch (IllegalArgumentException iae) {
-            return error(Response.Status.BAD_REQUEST, iae.getMessage());
+        } catch (SettingsValidationException sve) {
+            return error(Response.Status.BAD_REQUEST, sve.getMessage());
         }
     }
         
diff --git a/src/main/java/edu/harvard/iq/dataverse/settings/SettingsServiceBean.java b/src/main/java/edu/harvard/iq/dataverse/settings/SettingsServiceBean.java
index 5f82030eb75..4006435bf09 100644
--- a/src/main/java/edu/harvard/iq/dataverse/settings/SettingsServiceBean.java
+++ b/src/main/java/edu/harvard/iq/dataverse/settings/SettingsServiceBean.java
@@ -1114,23 +1114,23 @@ public JsonObject listAllAsJson() {
     
     /**
      * Updates all current settings from the specified JSON object. Validates the input JSON,
-     * converts it to a set of settings, and replaces all existing settings with the new ones
+     * converts it to a set of settings and replaces all existing settings with the new ones
      * in an atomic operation. If the settings object is null, contains invalid keys, or if the new
      * set of settings is empty, the method throws an appropriate exception.
      *
      * @param settings the JSON object containing the new configuration settings to be applied; must not be null
      * @return a JsonObjectBuilder representing the operational details of the applied updates
-     * @throws IllegalArgumentException if the settings object is null, contains invalid keys, or results in empty settings
+     * @throws SettingsValidationException if the settings object is null, contains invalid keys or results in empty settings
      */
     public JsonObjectBuilder setAllFromJson(JsonObject settings) {
         if (settings == null) {
-            throw new IllegalArgumentException("Settings cannot be null");
+            throw new SettingsValidationException("Settings cannot be null");
         }
         
         // Validate the input
         List<String> invalidKeys = validateKeys(settings);
         if (!invalidKeys.isEmpty()) {
-            throw new IllegalArgumentException("Invalid key(s): " + String.join(", ", invalidKeys));
+            throw new SettingsValidationException("Invalid key(s): " + String.join(", ", invalidKeys));
         }
         
         // Convert JSON to Setting objects
@@ -1146,7 +1146,7 @@ public JsonObjectBuilder setAllFromJson(JsonObject settings) {
             
             return Op.convertToJson(operationalDetails);
         }
-        throw new IllegalArgumentException("Settings cannot be empty - you'd wipe the entire configuration.");
+        throw new SettingsValidationException("Settings cannot be empty - you'd wipe the entire configuration.");
     }
     
     /**
@@ -1378,7 +1378,7 @@ public static List<String> validateKeys(JsonObject settings) {
                 } else {
                     validateSettingName(key);
                 }
-            } catch (IllegalArgumentException iae) {
+            } catch (SettingsValidationException sev) {
                 invalidKeys.add(key);
             }
         }
@@ -1387,22 +1387,22 @@ public static List<String> validateKeys(JsonObject settings) {
     
     /**
      * Validates the provided setting name to ensure it meets the required format.
-     * Throws an {@code IllegalArgumentException} if the name is invalid, including cases
+     * Throws an {@code SettingsValidationException} if the name is invalid, including cases
      * where it contains a colon-separated suffix that is no longer supported.
      *
      * @param name The name of the setting to be validated.
      *             It must adhere to the allowable setting name format.
      *             Names with more than one colon, which may indicate deprecated suffix formats, are not allowed.
-     * @throws IllegalArgumentException if the setting name is invalid.
+     * @throws SettingsValidationException if the setting name is invalid.
      */
     public static void validateSettingName(String name) {
         if (SettingsServiceBean.Key.parse(name) == null) {
             // If there is more than one colon, this may be someone trying to use the old suffix settings.
             // Change the error message for that slightly.
             if (name.replace(":","").length() < name.length() - 1) {
-                throw new IllegalArgumentException("The name of the setting may not have a colon separated suffix since Dataverse 6.8. Please update your scripts.");
+                throw new SettingsValidationException("The name of the setting may not have a colon separated suffix since Dataverse 6.8. Please update your scripts.");
             }
-            throw new IllegalArgumentException("The name of the setting is invalid.");
+            throw new SettingsValidationException("The name of the setting is invalid.");
         }
     }
     
@@ -1410,15 +1410,15 @@ public static void validateSettingName(String name) {
      * Validates the provided language code to ensure it adheres to the ISO 639-1 format.
      * This method checks that the language code is not null, has a length of 2 characters,
      * and exists within the list of valid ISO 639-1 language codes. If the validation
-     * fails, an {@code IllegalArgumentException} is thrown.
+     * fails, an {@code SettingsValidationException} is thrown.
      *
      * @param lang the language code to be validated. It must be a non-null,
      *             2-character string representing a valid ISO 639-1 language code.
-     * @throws IllegalArgumentException if the language code is invalid.
+     * @throws SettingsValidationException if the language code is invalid.
      */
     public static void validateSettingLang(String lang) {
         if (lang == null || lang.length() != 2 || !Arrays.asList(Locale.getISOLanguages()).contains(lang)) {
-            throw new IllegalArgumentException("The language '" + lang + "' is not a valid ISO 639-1 language code.");
+            throw new SettingsValidationException("The language '" + lang + "' is not a valid ISO 639-1 language code.");
         }
     }
     
diff --git a/src/main/java/edu/harvard/iq/dataverse/settings/SettingsValidationException.java b/src/main/java/edu/harvard/iq/dataverse/settings/SettingsValidationException.java
new file mode 100644
index 00000000000..e02e3234675
--- /dev/null
+++ b/src/main/java/edu/harvard/iq/dataverse/settings/SettingsValidationException.java
@@ -0,0 +1,10 @@
+package edu.harvard.iq.dataverse.settings;
+
+import jakarta.ejb.ApplicationException;
+
+@ApplicationException(rollback = true)
+public class SettingsValidationException extends RuntimeException {
+    public SettingsValidationException(String message) {
+        super(message);
+    }
+}
diff --git a/src/test/java/edu/harvard/iq/dataverse/settings/SettingsServiceBeanTest.java b/src/test/java/edu/harvard/iq/dataverse/settings/SettingsServiceBeanTest.java
index 2b0ba2871f9..ed6d5417c06 100644
--- a/src/test/java/edu/harvard/iq/dataverse/settings/SettingsServiceBeanTest.java
+++ b/src/test/java/edu/harvard/iq/dataverse/settings/SettingsServiceBeanTest.java
@@ -83,7 +83,7 @@ void testValidateSettingName_validNames(String name) {
         })
         @ParameterizedTest
         void testValidateSettingName_invalidNames(String name, String expectedMessage) {
-            IllegalArgumentException exception = assertThrows(IllegalArgumentException.class,
+            SettingsValidationException exception = assertThrows(SettingsValidationException.class,
                 () -> SettingsServiceBean.validateSettingName(name));
             assertEquals(expectedMessage, exception.getMessage());
         }
@@ -106,7 +106,7 @@ void testValidateSettingLang_validLanguage(String language) {
         })
         @ParameterizedTest
         void testValidateSettingLang_invalidLanguage(String language, String expectedMessage) {
-            IllegalArgumentException exception = assertThrows(IllegalArgumentException.class,
+            SettingsValidationException exception = assertThrows(SettingsValidationException.class,
                 () -> SettingsServiceBean.validateSettingLang(language));
             assertEquals(expectedMessage, exception.getMessage());
         }

From e33b3f7f6808edabc26413341886db98a494daef Mon Sep 17 00:00:00 2001
From: Oliver Bertuch <o.bertuch@fz-juelich.de>
Date: Thu, 24 Jul 2025 10:51:03 +0200
Subject: [PATCH 252/634] test: add validation test for invalid settings in
 `AdminIT` #11639

- Added `testPutAllSettingsWithInvalidSetting` to verify error handling for invalid keys.
- Ensures proper response code and error message for invalid settings payload.
---
 .../edu/harvard/iq/dataverse/api/AdminIT.java    | 16 +++++++++++++++-
 1 file changed, 15 insertions(+), 1 deletion(-)

diff --git a/src/test/java/edu/harvard/iq/dataverse/api/AdminIT.java b/src/test/java/edu/harvard/iq/dataverse/api/AdminIT.java
index 8143796cbf1..83a62d41b9f 100644
--- a/src/test/java/edu/harvard/iq/dataverse/api/AdminIT.java
+++ b/src/test/java/edu/harvard/iq/dataverse/api/AdminIT.java
@@ -185,7 +185,6 @@ void testGetAllSettingsWithLocalization() {
         void testPutAllSettingsWithEmptyJson() {
             // Test error handling for empty JSON
             Response response = given()
-                //.header("X-Dataverse-key", UtilIT.getSuperuserApiToken())
                 .header("Content-Type", "application/json")
                 .body("{}")
                 .when()
@@ -196,6 +195,21 @@ void testPutAllSettingsWithEmptyJson() {
                 .statusCode(BAD_REQUEST.getStatusCode())
                 .body("message", containsString("Empty or invalid JSON object"));
         }
+        
+        @Test
+        void testPutAllSettingsWithInvalidSetting() {
+            // Test error handling for empty JSON
+            Response response = given()
+                .header("Content-Type", "application/json")
+                .body("{\":Test1\": \"Foobar\", \":Test2\": \"Foobar\" }")
+                .when()
+                .put("/api/admin/settings");
+            
+            response.then()
+                .assertThat()
+                .statusCode(BAD_REQUEST.getStatusCode())
+                .body("message", containsString("Invalid key(s): :Test1, :Test2"));
+        }
     }
     
     

From 08a28615671c8a0fb4c8b16c1a994ec3efff866a Mon Sep 17 00:00:00 2001
From: Oliver Bertuch <o.bertuch@fz-juelich.de>
Date: Thu, 24 Jul 2025 10:55:21 +0200
Subject: [PATCH 253/634] fix: replace `@Transactional` with
 `@TransactionAttribute` in `SettingsServiceBean` #11639

As this is an EJBean and not under CDI control, we must use EJB Transaction Annotations. Otherwise, the behavior is undefined, as the container may or may not look after transactions as we want it to.
---
 .../harvard/iq/dataverse/settings/SettingsServiceBean.java   | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/src/main/java/edu/harvard/iq/dataverse/settings/SettingsServiceBean.java b/src/main/java/edu/harvard/iq/dataverse/settings/SettingsServiceBean.java
index 4006435bf09..c29f94e2672 100644
--- a/src/main/java/edu/harvard/iq/dataverse/settings/SettingsServiceBean.java
+++ b/src/main/java/edu/harvard/iq/dataverse/settings/SettingsServiceBean.java
@@ -7,6 +7,8 @@
 import edu.harvard.iq.dataverse.util.json.JsonUtil;
 import jakarta.ejb.EJB;
 import jakarta.ejb.Stateless;
+import jakarta.ejb.TransactionAttribute;
+import jakarta.ejb.TransactionAttributeType;
 import jakarta.inject.Named;
 import jakarta.json.Json;
 import jakarta.json.JsonArray;
@@ -17,7 +19,6 @@
 import jakarta.persistence.EntityManager;
 import jakarta.persistence.PersistenceContext;
 
-import jakarta.transaction.Transactional;
 import org.json.JSONArray;
 import org.json.JSONException;
 import org.json.JSONObject;
@@ -1237,7 +1238,7 @@ static JsonObjectBuilder convertToJson(Map<Setting, Op> operationalDetails) {
      *         are the settings involved, and the values are the types of operations
      *         performed (CREATED, UPDATED, DELETED).
      */
-    @Transactional(Transactional.TxType.REQUIRES_NEW)
+    @TransactionAttribute(TransactionAttributeType.REQUIRES_NEW)
     public Map<Setting, Op> replaceAllSettings(Set<Setting> newSettings) {
         Objects.requireNonNull(newSettings, "The list of new settings cannot be null (it may be empty).");
         

From 5a099efc1866561c977237db7d93e13f3ec1ce8f Mon Sep 17 00:00:00 2001
From: Oliver Bertuch <o.bertuch@fz-juelich.de>
Date: Thu, 24 Jul 2025 13:40:00 +0200
Subject: [PATCH 254/634] feat(ct): add database settings replacement script to
 configbaker image #11639

- Introduced `apply-db-settings.sh` for safely replacing database settings in a Dataverse instance.
- Added logic to validate inputs, ensure dependencies (`yq`, `jq`, `wait4x`) are available, and handle API authentication via unblock keys.
- Updated Dockerfile to include `yq` installation with specified version.
---
 modules/container-configbaker/Dockerfile      |  10 +-
 .../scripts/apply-db-settings.sh              | 129 ++++++++++++++++++
 2 files changed, 137 insertions(+), 2 deletions(-)
 create mode 100755 modules/container-configbaker/scripts/apply-db-settings.sh

diff --git a/modules/container-configbaker/Dockerfile b/modules/container-configbaker/Dockerfile
index 5532cda1a9e..9fc876a283b 100644
--- a/modules/container-configbaker/Dockerfile
+++ b/modules/container-configbaker/Dockerfile
@@ -23,6 +23,8 @@ ENV PATH="${PATH}:${SCRIPT_DIR}" \
 ARG PKGS="bc curl dnsutils dumb-init ed jq netcat-openbsd postgresql-client"
 # renovate: datasource=github-releases depName=wait4x/wait4x
 ARG WAIT4X_VERSION="v3.2.0"
+# renove: datasource=github-releases depName=mikefarah/yq
+ARG YQ_VERSION="v4.47.1"
 # renovate: datasource=pypi depName=awscli
 ARG AWSCLI_VERSION="1.40.15"
 ARG PYTHON_PKGS="awscli==${AWSCLI_VERSION}"
@@ -65,7 +67,11 @@ RUN true && \
   echo "$(cat /tmp/w4x-checksum | cut -f1 -d" ") /usr/bin/wait4x.tar.gz" | sha256sum -c - && \
   tar -xzf /usr/bin/wait4x.tar.gz -C /usr/bin && chmod +x /usr/bin/wait4x && \
 
-  # 2. Python packages
+  # 2. yq-go \
+  curl -sSfL -o /usr/bin/yq "https://github.com/mikefarah/yq/releases/download/${YQ_VERSION}/yq_linux_${ARCH}" && \
+  chmod +x /usr/bin/yq && \
+
+  # 3. Python packages
   pipx install --global ${PYTHON_PKGS}
 
 # Get in the scripts 
@@ -81,7 +87,7 @@ COPY --from=solr /opt/solr/server/solr/configsets/_default ${SOLR_TEMPLATE}/
 COPY maven/solr/*.xml ${SOLR_TEMPLATE}/conf/
 RUN rm ${SOLR_TEMPLATE}/conf/managed-schema.xml
 
-
+WORKDIR ${SCRIPT_DIR}
 # Set the entrypoint to tini (as a process supervisor)
 ENTRYPOINT ["/usr/bin/dumb-init", "--"]
 # By default run a script that will print a help message and terminate
diff --git a/modules/container-configbaker/scripts/apply-db-settings.sh b/modules/container-configbaker/scripts/apply-db-settings.sh
new file mode 100755
index 00000000000..0d0a2ecedbc
--- /dev/null
+++ b/modules/container-configbaker/scripts/apply-db-settings.sh
@@ -0,0 +1,129 @@
+#!/usr/bin/env bash
+
+# [INFO]: Idempotent replacement of all database settings from a file source.
+
+set -euo pipefail
+
+function usage() {
+  echo "Usage: $(basename "$0") [-h] [-u instanceUrl] [-t timeout] [-c configFile] [-b unblockKey]"
+  echo ""
+  echo "Replace all Database Settings in a running Dataverse installation in an idempotent way."
+  echo ""
+  echo "Parameters:"
+  echo "instanceUrl - Location on container network where to reach your instance. Default: 'http://dataverse:8080'"
+  echo "              Can be set as environment variable 'DATAVERSE_URL'."
+  echo "    timeout - Provide how long to wait for the instance to become available (using wait4x). Default: '3m'"
+  echo "              Can be set as environment variable 'TIMEOUT'."
+  echo " configFile - Path to a JSON, YAML, PROPERTIES or TOML file containing your settings. Default: '/dv/db-opts.yml'"
+  echo "              Can be set as environment variable 'CONFIG_FILE'."
+  echo " unblockKey - Either string or path to a file with the Admin API Unblock Key. Optional for localhost. No default."
+  echo "              Can be set as environment variable 'ADMIN_API_UNBLOCK_KEY'."
+  echo ""
+  echo "Note: This script will wait for the Dataverse instance to be available before executing the replacement."
+  echo "      Be careful - this script will not stop you from deleting any vital settings."
+  echo ""
+  exit 1
+}
+
+### Common functions
+function error {
+    echo "ERROR:" "$@" >&2
+    exit 2
+}
+
+function exists {
+  type "$1" >/dev/null 2>&1 && return 0
+  ( IFS=:; for p in $PATH; do [ -x "${p%/}/$1" ] && return 0; done; return 1 )
+}
+
+# Check for (the right) yq, jq, and wait4x being available
+if ! exists yq; then
+  error "No yq executable found on PATH."
+elif ! grep -q "https://github.com/mikefarah/yq" <((yq --version)); then
+  error "You must install yq from https://github.com/mikefarah/yq, not https://github.com/kislyuk/yq"
+fi
+if ! exists jq; then
+  error "No jq executable found on PATH."
+fi
+if ! exists wait4x; then
+  error "No wait4x executable found on PATH."
+fi
+
+# Set some defaults as documented
+DATAVERSE_URL=${DATAVERSE_URL:-"http://dataverse:8080"}
+ADMIN_API_UNBLOCK_KEY=${ADMIN_API_UNBLOCK_KEY:-""}
+TIMEOUT=${TIMEOUT:-"3m"}
+CONFIG_FILE=${CONFIG_FILE:-"/dv/db-opts.yml"}
+
+while getopts "u:t:c:b:h" OPTION
+do
+  case "$OPTION" in
+    u) DATAVERSE_URL="$OPTARG" ;;
+    t) TIMEOUT="$OPTARG" ;;
+    c) CONFIG_FILE="$OPTARG" ;;
+    b) ADMIN_API_UNBLOCK_KEY="$OPTARG" ;;
+    h) usage;;
+    \?) usage;;
+  esac
+done
+shift $((OPTIND-1))
+
+# Define an auth header argument (enabling usage of different ways)
+AUTH_HEADER_ARG=""
+
+# Check for Dataverse Unblock API Key present (option with file/env var)
+# This is only required if the host is not localhost (then there may be no key necessary)
+if ! [[ "${DATAVERSE_URL}" == *"://localhost"* ]] || [ -n "${ADMIN_API_UNBLOCK_KEY}" ]; then
+  # The argument should not be empty
+  if [ -z "${ADMIN_API_UNBLOCK_KEY}" ]; then
+    error "You must provide the Dataverse API Unblock Key to this script."
+  # In case it's not empty, check if it's a file path and read the key from there
+  elif [ -f "${ADMIN_API_UNBLOCK_KEY}" ] && [ -r "${ADMIN_API_UNBLOCK_KEY}" ]; then
+    echo "Reading Dataverse API Unblock Key from ${ADMIN_API_UNBLOCK_KEY}."
+    if ! API_KEY_FILE_CONTENT=$(cat "${ADMIN_API_UNBLOCK_KEY}" 2>/dev/null); then
+      error "Could not read unblock key from file ${ADMIN_API_UNBLOCK_KEY}."
+    fi
+    # Validate the key is not empty
+    if [ -z "${API_KEY_FILE_CONTENT}" ]; then
+      error "API key file ${ADMIN_API_UNBLOCK_KEY} appears empty."
+    fi
+    ADMIN_API_UNBLOCK_KEY="$API_KEY_CONTENT"
+  fi
+  # Very basic error check (as there is no clear format or formal spec for the key)
+  if [ ${#ADMIN_API_UNBLOCK_KEY} -lt 5 ]; then
+    error "API key appears to be too short (<5 chars)."
+  fi
+
+  # Build the header argument for Admin API Authentication via unblock key
+  AUTH_HEADER_ARG="X-Dataverse-unblock-key: ${ADMIN_API_UNBLOCK_KEY}"
+fi
+
+# Check for file with DB options given, file present and readable as well as parseable by yq
+# If parseable, render as JSON to temp file
+CONV_CONF_FILE=$(mktemp)
+if [ -f "${CONFIG_FILE}" ] && [ -r "${CONFIG_FILE}" ]; then
+  yq -M -o json "${CONFIG_FILE}" > "${CONV_CONF_FILE}" || error "Could not parse config file with yq from ${CONFIG_FILE}."
+else
+  error "Could not read a config file at ${CONFIG_FILE}."
+fi
+
+# Check or wait for Dataverse API being responsive
+echo "Waiting for ${DATAVERSE_URL} to become ready in max ${TIMEOUT}."
+wait4x http "${DATAVERSE_URL}/api/info/version" -i 8s -t "$TIMEOUT" --expect-status-code 200 --expect-body-json data.version
+
+# Check for Dataverse Admin API endpoints being reachable by retrieving the current DB options, expect blockades!
+CURRENT_SETTINGS=$(mktemp)
+echo "Retrieving settings from running instance."
+# TODO: Do we need to support pre v6.7 style unblock key query parameter?
+curl -sSL --fail-with-body -o "${CURRENT_SETTINGS}" -H "${AUTH_HEADER_ARG}" "${DATAVERSE_URL}/api/admin/settings" \
+  || error "Failed. Response message: $( cat "${CURRENT_SETTINGS}")" \
+  && echo "Success!"
+  # TODO: while it's nice to have the current settings written out, it may contain sensitive information (so don't).
+  # && ( echo "Success! Current settings: "; jq '.data' < "$CURRENT_SETTINGS" )
+
+# We need to make the settings update atomic.
+echo "Replacing settings."
+RESPONSE=$(mktemp)
+curl -sSL --fail-with-body -o "${RESPONSE}" -X PUT -H "${AUTH_HEADER_ARG}" --json @"${CONV_CONF_FILE}" "${DATAVERSE_URL}/api/admin/settings" \
+  || error "Failed. Response message: $( jq ".message" < "${RESPONSE}" )" \
+  && ( echo -e "Success!\nOperations executed: "; jq '.data' < "$RESPONSE" )

From 558e8f98992d7f8fddafeb8fc975e8305a7b6b23 Mon Sep 17 00:00:00 2001
From: Oliver Bertuch <o.bertuch@fz-juelich.de>
Date: Fri, 25 Jul 2025 12:33:12 +0200
Subject: [PATCH 255/634] refactor(ct): extract common utility functions in
 `apply-db-settings.sh` to `common.sh` #11639

- Moved shared functions (`error`, `exists_on_path`, `require_on_path`) to a new reusable script `common.sh`.
- Simplified `apply-db-settings.sh` by sourcing `common.sh` for dependency validation logic.
---
 .../scripts/apply-db-settings.sh              | 24 ++++---------------
 .../scripts/util/common.sh                    | 17 +++++++++++++
 2 files changed, 22 insertions(+), 19 deletions(-)
 create mode 100644 modules/container-configbaker/scripts/util/common.sh

diff --git a/modules/container-configbaker/scripts/apply-db-settings.sh b/modules/container-configbaker/scripts/apply-db-settings.sh
index 0d0a2ecedbc..65b9639c07e 100755
--- a/modules/container-configbaker/scripts/apply-db-settings.sh
+++ b/modules/container-configbaker/scripts/apply-db-settings.sh
@@ -25,29 +25,15 @@ function usage() {
   exit 1
 }
 
-### Common functions
-function error {
-    echo "ERROR:" "$@" >&2
-    exit 2
-}
-
-function exists {
-  type "$1" >/dev/null 2>&1 && return 0
-  ( IFS=:; for p in $PATH; do [ -x "${p%/}/$1" ] && return 0; done; return 1 )
-}
+source util/common.sh
 
 # Check for (the right) yq, jq, and wait4x being available
-if ! exists yq; then
-  error "No yq executable found on PATH."
-elif ! grep -q "https://github.com/mikefarah/yq" <((yq --version)); then
+require_on_path yq
+if ! grep -q "https://github.com/mikefarah/yq" <((yq --version)); then
   error "You must install yq from https://github.com/mikefarah/yq, not https://github.com/kislyuk/yq"
 fi
-if ! exists jq; then
-  error "No jq executable found on PATH."
-fi
-if ! exists wait4x; then
-  error "No wait4x executable found on PATH."
-fi
+require_on_path jq
+require_on_path wait4x
 
 # Set some defaults as documented
 DATAVERSE_URL=${DATAVERSE_URL:-"http://dataverse:8080"}
diff --git a/modules/container-configbaker/scripts/util/common.sh b/modules/container-configbaker/scripts/util/common.sh
new file mode 100644
index 00000000000..91de5257a5c
--- /dev/null
+++ b/modules/container-configbaker/scripts/util/common.sh
@@ -0,0 +1,17 @@
+#!/usr/bin/env bash
+
+function error {
+    echo "ERROR:" "$@" >&2
+    exit 2
+}
+
+function exists_on_path {
+  type "$1" >/dev/null 2>&1 && return 0
+  ( IFS=:; for p in $PATH; do [ -x "${p%/}/$1" ] && return 0 || echo "${p%/}/$1"; done; return 1 )
+}
+
+function require_on_path {
+  if ! exists_on_path "$1"; then
+    error "No $1 executable found on PATH."
+  fi
+}

From 8e220fb674a0e15852ee9066a72b742ecc597382 Mon Sep 17 00:00:00 2001
From: Oliver Bertuch <o.bertuch@fz-juelich.de>
Date: Fri, 25 Jul 2025 12:34:44 +0200
Subject: [PATCH 256/634] feat(ct): support additional environment variable
 sources in `apply-db-settings.sh` #11639

- Added `-e`/`ENV_SOURCE` option to specify a file or directory as a source for additional environment variables.
- Introduced `read-to-env.sh` utility script to parse environment variables from specified sources.
- Updated usage information and parsing logic in `apply-db-settings.sh` to handle the new option.
---
 .../scripts/apply-db-settings.sh              | 21 ++++++++++--
 .../scripts/util/read-to-env.sh               | 34 +++++++++++++++++++
 2 files changed, 52 insertions(+), 3 deletions(-)
 create mode 100644 modules/container-configbaker/scripts/util/read-to-env.sh

diff --git a/modules/container-configbaker/scripts/apply-db-settings.sh b/modules/container-configbaker/scripts/apply-db-settings.sh
index 65b9639c07e..c7e92ef42b0 100755
--- a/modules/container-configbaker/scripts/apply-db-settings.sh
+++ b/modules/container-configbaker/scripts/apply-db-settings.sh
@@ -5,7 +5,7 @@
 set -euo pipefail
 
 function usage() {
-  echo "Usage: $(basename "$0") [-h] [-u instanceUrl] [-t timeout] [-c configFile] [-b unblockKey]"
+  echo "Usage: $(basename "$0") [-h] [-u instanceUrl] [-t timeout] [-c configFile] [-b unblockKey] [-e envSource]"
   echo ""
   echo "Replace all Database Settings in a running Dataverse installation in an idempotent way."
   echo ""
@@ -15,9 +15,12 @@ function usage() {
   echo "    timeout - Provide how long to wait for the instance to become available (using wait4x). Default: '3m'"
   echo "              Can be set as environment variable 'TIMEOUT'."
   echo " configFile - Path to a JSON, YAML, PROPERTIES or TOML file containing your settings. Default: '/dv/db-opts.yml'"
-  echo "              Can be set as environment variable 'CONFIG_FILE'."
+  echo "              Can be set as environment variable 'CONFIG_FILE'. May contain \${var} references to env. vars."
   echo " unblockKey - Either string or path to a file with the Admin API Unblock Key. Optional for localhost. No default."
   echo "              Can be set as environment variable 'ADMIN_API_UNBLOCK_KEY'."
+  echo "  envSource - Path to a file or directory used as source for additional environment variables."
+  echo "              Optional, no default. Can be set as environment variable 'ENV_SOURCE'."
+  echo "              Environment variables from this file or directory structure will be script-local."
   echo ""
   echo "Note: This script will wait for the Dataverse instance to be available before executing the replacement."
   echo "      Be careful - this script will not stop you from deleting any vital settings."
@@ -26,6 +29,7 @@ function usage() {
 }
 
 source util/common.sh
+source util/read-to-env.sh
 
 # Check for (the right) yq, jq, and wait4x being available
 require_on_path yq
@@ -40,20 +44,31 @@ DATAVERSE_URL=${DATAVERSE_URL:-"http://dataverse:8080"}
 ADMIN_API_UNBLOCK_KEY=${ADMIN_API_UNBLOCK_KEY:-""}
 TIMEOUT=${TIMEOUT:-"3m"}
 CONFIG_FILE=${CONFIG_FILE:-"/dv/db-opts.yml"}
+ENV_SOURCE=${ENV_SOURCE:-""}
 
-while getopts "u:t:c:b:h" OPTION
+while getopts "u:t:c:b:e:h" OPTION
 do
   case "$OPTION" in
     u) DATAVERSE_URL="$OPTARG" ;;
     t) TIMEOUT="$OPTARG" ;;
     c) CONFIG_FILE="$OPTARG" ;;
     b) ADMIN_API_UNBLOCK_KEY="$OPTARG" ;;
+    e) ENV_SOURCE="$OPTARG" ;;
     h) usage;;
     \?) usage;;
   esac
 done
 shift $((OPTIND-1))
 
+#####   #####   #####   #####   #####   #####   #####   #####   #####   #####   #####   #####   #####   #####   #####
+# PARSE CONFIGURATION
+
+# In case the env source was given as cmd arg, parse it
+if [ -n "$ENV_SOURCE" ]; then
+  read_to_env "$ENV_SOURCE"
+fi
+
+
 # Define an auth header argument (enabling usage of different ways)
 AUTH_HEADER_ARG=""
 
diff --git a/modules/container-configbaker/scripts/util/read-to-env.sh b/modules/container-configbaker/scripts/util/read-to-env.sh
new file mode 100644
index 00000000000..344cb6e38bf
--- /dev/null
+++ b/modules/container-configbaker/scripts/util/read-to-env.sh
@@ -0,0 +1,34 @@
+#!/usr/bin/env bash
+
+set -euo pipefail
+
+source "$(dirname "${BASH_SOURCE[0]}")/common.sh"
+
+# Read from a target into environment variables.
+# Parameters: $target
+#             Case A) If $target is a file, simply source it.
+#             Case B) If $target is a directory, parse dirs and files in it as variable names and file content as value
+function read_to_env() {
+  local target="$1"
+
+  if [ -f "$target" ] && [ -r "$target" ]; then
+    set -o allexport
+    # shellcheck disable=SC1090
+    source "$target"
+    set +o allexport
+  elif [ -d "$target" ] && [ -r "$target" ] && [ -x "$target" ]; then
+    # Find all files
+    FILES=$( find "$target" -type f -printf '%P\n' )
+    for FILE in $FILES; do
+      # Same as MPCONFIG does!
+      VARNAME=$( echo "$FILE" | tr '[:lower:]' '[:upper:]' | tr '/' '_' )
+      VARVAL=$( cat "$target/$FILE")
+
+      # Use printf to create the variable in global scope
+      printf -v "$VARNAME" '%s' "$VARVAL"
+      export "${VARNAME?}"
+    done
+  else
+    error "'$target' not a (readable) environment file or directory"
+  fi
+}

From bde0384241c56fca1b153c5ebd0f352d0237024d Mon Sep 17 00:00:00 2001
From: Oliver Bertuch <o.bertuch@fz-juelich.de>
Date: Fri, 25 Jul 2025 12:37:09 +0200
Subject: [PATCH 257/634] feat,refactor(ct): move yq parsing and add envsubst
 #11639

- Enhanced `apply-db-settings.sh` to support environment variable substitution while parsing the configuration file using `yq` feature `envsubst()`.
- Improved wording of error messages for unreadable or unparseable configuration files.
- Moved the conversion logic above all interaction with the instance, as we should be sure all env var substitutions fail early (at least before waiting for the instance to come up).
---
 .../scripts/apply-db-settings.sh              | 22 +++++++++++--------
 1 file changed, 13 insertions(+), 9 deletions(-)

diff --git a/modules/container-configbaker/scripts/apply-db-settings.sh b/modules/container-configbaker/scripts/apply-db-settings.sh
index c7e92ef42b0..0780dd47f1c 100755
--- a/modules/container-configbaker/scripts/apply-db-settings.sh
+++ b/modules/container-configbaker/scripts/apply-db-settings.sh
@@ -68,6 +68,19 @@ if [ -n "$ENV_SOURCE" ]; then
   read_to_env "$ENV_SOURCE"
 fi
 
+# Check for file with DB options given, file present and readable as well as parseable by yq
+# If parseable, render as JSON to temp file
+CONV_CONF_FILE=$(mktemp)
+if [ -f "${CONFIG_FILE}" ] && [ -r "${CONFIG_FILE}" ]; then
+  # See https://mikefarah.gitbook.io/yq/operators/env-variable-operators#tip
+  yq -M -o json '(.. | select(tag == "!!str")) |= envsubst(nu)' "${CONFIG_FILE}" > "${CONV_CONF_FILE}" || error "Could not parse config file with yq from '${CONFIG_FILE}'."
+  cat "$CONV_CONF_FILE"
+else
+  error "Could not read a config file at '${CONFIG_FILE}'."
+fi
+
+#####   #####   #####   #####   #####   #####   #####   #####   #####   #####   #####   #####   #####   #####   #####
+# API INTERACTION
 
 # Define an auth header argument (enabling usage of different ways)
 AUTH_HEADER_ARG=""
@@ -99,15 +112,6 @@ if ! [[ "${DATAVERSE_URL}" == *"://localhost"* ]] || [ -n "${ADMIN_API_UNBLOCK_K
   AUTH_HEADER_ARG="X-Dataverse-unblock-key: ${ADMIN_API_UNBLOCK_KEY}"
 fi
 
-# Check for file with DB options given, file present and readable as well as parseable by yq
-# If parseable, render as JSON to temp file
-CONV_CONF_FILE=$(mktemp)
-if [ -f "${CONFIG_FILE}" ] && [ -r "${CONFIG_FILE}" ]; then
-  yq -M -o json "${CONFIG_FILE}" > "${CONV_CONF_FILE}" || error "Could not parse config file with yq from ${CONFIG_FILE}."
-else
-  error "Could not read a config file at ${CONFIG_FILE}."
-fi
-
 # Check or wait for Dataverse API being responsive
 echo "Waiting for ${DATAVERSE_URL} to become ready in max ${TIMEOUT}."
 wait4x http "${DATAVERSE_URL}/api/info/version" -i 8s -t "$TIMEOUT" --expect-status-code 200 --expect-body-json data.version

From 2368d7eb924c9ccfeafeb94ca97adb07837efe6b Mon Sep 17 00:00:00 2001
From: Oliver Bertuch <o.bertuch@fz-juelich.de>
Date: Fri, 1 Aug 2025 13:31:57 +0200
Subject: [PATCH 258/634] fix(migrate): move `UPDATE` statement post constraint
 drops for NULL handling

Reordered `UPDATE` statement in migration script to occur after dropping constraints, ensuring NULL values in `lang` are handled correctly before setting NOT NULL constraints, but after we remove the initial constraints from v4.15.
---
 src/main/resources/db/migration/V6.7.0.2.sql | 9 +++++----
 1 file changed, 5 insertions(+), 4 deletions(-)

diff --git a/src/main/resources/db/migration/V6.7.0.2.sql b/src/main/resources/db/migration/V6.7.0.2.sql
index 07a568f0834..a7493359ad5 100644
--- a/src/main/resources/db/migration/V6.7.0.2.sql
+++ b/src/main/resources/db/migration/V6.7.0.2.sql
@@ -3,10 +3,6 @@
 -- 2. Update lang column to use empty string default instead of NULL (avoid non-unique pairs)
 -- 3. Add NOT NULL constraints and unique constraint for name+lang pairs
 
--- First, update any existing NULL lang values to empty string
-UPDATE setting SET lang = '' WHERE lang IS NULL;
-
--- Postgres doesn't support IF NOT EXISTS for ALTER COLUMN or ADD CONSTRAINT, so we need conditional logic
 DO $$
 BEGIN
     -- These database constraints were added with Dataverse 4.15, but they had no representation in the code,
@@ -16,7 +12,12 @@ BEGIN
     ALTER TABLE setting DROP CONSTRAINT IF EXISTS non_empty_lang;
     DROP INDEX IF EXISTS unique_settings;
 
+    -- Now, update any existing NULL lang values to empty string (we cannot do this before lifting the restrictions)
+    -- This also needs to be done before we try to alter the table to not allow NULL for setting.lang
+    UPDATE setting SET lang = '' WHERE lang IS NULL;
+
     -- Only alter columns if they need to be changed
+    -- (Note: Postgres doesn't support IF NOT EXISTS for ALTER COLUMN or ADD CONSTRAINT, so we need conditional logic)
     IF EXISTS (SELECT 1 FROM information_schema.columns
                WHERE table_name = 'setting' AND column_name = 'name'
                AND (data_type = 'text' OR is_nullable = 'YES')) THEN

From 21ca0b836c4abe027fe74e9d4e6d7d8c03f2c120 Mon Sep 17 00:00:00 2001
From: Oliver Bertuch <o.bertuch@fz-juelich.de>
Date: Fri, 1 Aug 2025 16:36:02 +0200
Subject: [PATCH 259/634] fix(scripts): exclude hidden mounted files in
 `read-to-env.sh`

Updated `read-to-env.sh` to handle Kubernetes secrets by excluding hidden mounted files and refining file detection logic with `find`.
---
 modules/container-configbaker/scripts/util/read-to-env.sh | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/modules/container-configbaker/scripts/util/read-to-env.sh b/modules/container-configbaker/scripts/util/read-to-env.sh
index 344cb6e38bf..485586521ab 100644
--- a/modules/container-configbaker/scripts/util/read-to-env.sh
+++ b/modules/container-configbaker/scripts/util/read-to-env.sh
@@ -17,8 +17,8 @@ function read_to_env() {
     source "$target"
     set +o allexport
   elif [ -d "$target" ] && [ -r "$target" ] && [ -x "$target" ]; then
-    # Find all files
-    FILES=$( find "$target" -type f -printf '%P\n' )
+    # Find all files (K8s secrets are symlinks, so look for not directory & remove the hidden mounted files.)
+    FILES=$( find "$target" -not -type d -printf '%P\n' | grep -v '^\.\.' )
     for FILE in $FILES; do
       # Same as MPCONFIG does!
       VARNAME=$( echo "$FILE" | tr '[:lower:]' '[:upper:]' | tr '/' '_' )

From 7f8329226cd21c5aa3480f8351fa069fbcec057e Mon Sep 17 00:00:00 2001
From: Oliver Bertuch <o.bertuch@fz-juelich.de>
Date: Fri, 1 Aug 2025 17:35:01 +0200
Subject: [PATCH 260/634] chore(scripts): comment out config file print in
 `apply-db-settings.sh` #11639

Temporarily removed `cat` command for converted config file output. Added a TODO to consider a debug switch for conditional logging in the future.
---
 modules/container-configbaker/scripts/apply-db-settings.sh | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/modules/container-configbaker/scripts/apply-db-settings.sh b/modules/container-configbaker/scripts/apply-db-settings.sh
index 0780dd47f1c..deb897d138c 100755
--- a/modules/container-configbaker/scripts/apply-db-settings.sh
+++ b/modules/container-configbaker/scripts/apply-db-settings.sh
@@ -74,7 +74,8 @@ CONV_CONF_FILE=$(mktemp)
 if [ -f "${CONFIG_FILE}" ] && [ -r "${CONFIG_FILE}" ]; then
   # See https://mikefarah.gitbook.io/yq/operators/env-variable-operators#tip
   yq -M -o json '(.. | select(tag == "!!str")) |= envsubst(nu)' "${CONFIG_FILE}" > "${CONV_CONF_FILE}" || error "Could not parse config file with yq from '${CONFIG_FILE}'."
-  cat "$CONV_CONF_FILE"
+  # TODO: think about adding a debug switch here, not just print
+  # cat "$CONV_CONF_FILE"
 else
   error "Could not read a config file at '${CONFIG_FILE}'."
 fi

From 37015d6fcd55fca787930ca3da6887f87eab6edc Mon Sep 17 00:00:00 2001
From: Oliver Bertuch <o.bertuch@fz-juelich.de>
Date: Fri, 1 Aug 2025 18:17:36 +0200
Subject: [PATCH 261/634] fix(settings): handle JSON string unescaping in
 `SettingsServiceBean` #11639

Updated `SettingsServiceBean` to properly handle unescaping of JSON strings for string-type values. Enhanced tests in `SettingsServiceBeanTest` to validate behavior with new scenarios.
---
 .../settings/SettingsServiceBean.java         | 16 +++++++++++-----
 .../settings/SettingsServiceBeanTest.java     | 19 ++++++++++++-------
 2 files changed, 23 insertions(+), 12 deletions(-)

diff --git a/src/main/java/edu/harvard/iq/dataverse/settings/SettingsServiceBean.java b/src/main/java/edu/harvard/iq/dataverse/settings/SettingsServiceBean.java
index c29f94e2672..c555b059523 100644
--- a/src/main/java/edu/harvard/iq/dataverse/settings/SettingsServiceBean.java
+++ b/src/main/java/edu/harvard/iq/dataverse/settings/SettingsServiceBean.java
@@ -15,6 +15,7 @@
 import jakarta.json.JsonArrayBuilder;
 import jakarta.json.JsonObject;
 import jakarta.json.JsonObjectBuilder;
+import jakarta.json.JsonString;
 import jakarta.json.JsonValue;
 import jakarta.persistence.EntityManager;
 import jakarta.persistence.PersistenceContext;
@@ -1168,11 +1169,16 @@ static Set<Setting> convertJsonToSettings(JsonObject settings) {
         return settings.entrySet().stream()
             .map(entry -> {
                 String key = entry.getKey();
-                String value = entry.getValue().toString()
-                    // This is necessary to avoid storing the quotes inthe DB when a setting is a simple value.
-                    // JsonValue will escape any JsonString with such quotes.
-                    .replaceFirst("^\"", "")
-                    .replaceFirst("\"$", "");
+                
+                String value;
+                JsonValue jsonValue = entry.getValue();
+                if (jsonValue.getValueType() == JsonValue.ValueType.STRING) {
+                    // For string values, get the actual string content (unescaped)
+                    value = ((JsonString) jsonValue).getString();
+                } else {
+                    // For objects, arrays, numbers, booleans, null - use JSON representation
+                    value = jsonValue.toString();
+                }
                 
                 if (key.contains(L10N_KEY_SEPARATOR)) {
                     // Handle localized settings
diff --git a/src/test/java/edu/harvard/iq/dataverse/settings/SettingsServiceBeanTest.java b/src/test/java/edu/harvard/iq/dataverse/settings/SettingsServiceBeanTest.java
index ed6d5417c06..eb4d67d1835 100644
--- a/src/test/java/edu/harvard/iq/dataverse/settings/SettingsServiceBeanTest.java
+++ b/src/test/java/edu/harvard/iq/dataverse/settings/SettingsServiceBeanTest.java
@@ -251,18 +251,23 @@ void testConvertJsonToSettings_simpleKeyValues() {
                 // The REST API endpoint presents a JsonObject, which may have number literals in it.
                 // Check that we can cope with that.
                 .add(":Key3", 123456)
+                // Make sure we deal with quotes
+                .add(":Key4", "&nbsp;<a href=\"https://dataverse.org\">Dataverse</a> &copy; 2014-2025")
                 .build();
             
             // When
             Set<Setting> result = SettingsServiceBean.convertJsonToSettings(input);
             
             // Then
-            assertEquals(3, result.size());
-            assertEquals(
-                Set.of(new Setting(":Key1", "Value1"),
-                       new Setting(":Key2", "123456"),
-                       new Setting(":Key3", "123456")
-                ), result);
+            Map<String, String> expectedResults = Map.of(
+                ":Key1", "Value1",
+                ":Key2", "123456",
+                ":Key3", "123456",
+                ":Key4", "&nbsp;<a href=\"https://dataverse.org\">Dataverse</a> &copy; 2014-2025"
+            );
+            for (Setting setting : result) {
+                assertEquals(expectedResults.get(setting.getName()), setting.getContent());
+            }
         }
         
         @Test
@@ -277,7 +282,7 @@ void testConvertJsonToSettings_localizedKeysWithSimpleValues() {
             Set<Setting> result = SettingsServiceBean.convertJsonToSettings(input);
             
             // Then
-            assertEquals(2, result.size());
+            // Note: we do not verify the content with Setting.equals() - but we are not really interested in it as well.
             assertEquals(
                 Set.of(new Setting(":LocalizedKey", "en", "EnglishValue"),
                        new Setting(":LocalizedKey", "fr", "FrenchValue")

From 292855bb0a9a9445e7628d4426b6a3103305cc14 Mon Sep 17 00:00:00 2001
From: Philip Durbin <philip_durbin@harvard.edu>
Date: Fri, 1 Aug 2025 16:50:06 -0400
Subject: [PATCH 262/634] doc suggestions for settings API #11639

---
 doc/sphinx-guides/source/api/changelog.rst    |  10 +
 doc/sphinx-guides/source/api/native-api.rst   | 186 +++++++++++++++---
 .../source/installation/config.rst            |  26 ++-
 3 files changed, 187 insertions(+), 35 deletions(-)

diff --git a/doc/sphinx-guides/source/api/changelog.rst b/doc/sphinx-guides/source/api/changelog.rst
index 5be6c78adce..7a9bd446fb8 100644
--- a/doc/sphinx-guides/source/api/changelog.rst
+++ b/doc/sphinx-guides/source/api/changelog.rst
@@ -7,6 +7,16 @@ This API changelog is experimental and we would love feedback on its usefulness.
     :local:
     :depth: 1
 
+v6.9
+----
+
+- The way to set per-format size limits for tabular ingest has changed.
+  JSON input is now used.
+  See :ref:`:TabularIngestSizeLimit`.
+- In the past, the settings API would accept any key and value.
+  This is no longer the case because validation has been added.
+  See :ref:`settings_put_single`, for example.
+
 v6.8
 ----
 
diff --git a/doc/sphinx-guides/source/api/native-api.rst b/doc/sphinx-guides/source/api/native-api.rst
index c55fc424496..a972894eb57 100644
--- a/doc/sphinx-guides/source/api/native-api.rst
+++ b/doc/sphinx-guides/source/api/native-api.rst
@@ -6777,61 +6777,191 @@ Admin
 
 This is the administrative part of the API.
 For security reasons, it is absolutely essential that you block it before allowing public access to a Dataverse installation.
-Blocking can be done using settings.
-See the ``post-install-api-block.sh`` script in the ``scripts/api`` folder for details.
-See :ref:`blocking-api-endpoints` in Securing Your Installation section of the Configuration page of the Installation Guide.
+See :ref:`blocking-api-endpoints` in the Installation Guide for details.
+
+.. note:: See :ref:`curl-examples-and-environment-variables` if you are unfamiliar with the use of export below.
+
+.. _admin-api-db-settings:
+
+Manage Database Settings
+~~~~~~~~~~~~~~~~~~~~~~~~
+
+These are the API endpoints for managing the :ref:`database-settings` listed in the Installation Guide.
+
+.. _settings_get_all:
 
 List All Database Settings
-~~~~~~~~~~~~~~~~~~~~~~~~~~
+^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+.. code-block:: bash
 
-List all settings::
+  export SERVER_URL="http://localhost:8080"
+  
+  curl "$SERVER_URL/api/admin/settings"
+
+The fully expanded example above (without environment variables) looks like this:
+
+.. code-block:: bash
+
+  curl http://localhost:8080/api/admin/settings
+
+.. _settings_get_single:
+
+Get Single Database Setting
+^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+.. code-block:: bash
+
+  export SERVER_URL="http://localhost:8080"
+  export NAME=":UploadMethods"
+  
+  curl "$SERVER_URL/api/admin/settings/$NAME"
+
+The fully expanded example above (without environment variables) looks like this:
 
-  GET http://$SERVER/api/admin/settings
+.. code-block:: bash
+
+  curl http://localhost:8080/api/admin/settings/:UploadMethods
+
+.. _settings_get_single_lang:
+
+Get Single Database Setting With Language/Locale
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+A small number of settings, most notably :ref:`:ApplicationTermsOfUse`, can be saved in multiple languages.
+
+Use two character language codes.
+
+.. code-block:: bash
+
+  export SERVER_URL="http://localhost:8080"
+  export NAME=":ApplicationTermsOfUse"
+  export LANG="en"
+  
+  curl "$SERVER_URL/api/admin/settings/$NAME/lang/$LANG"
+
+The fully expanded example above (without environment variables) looks like this:
+
+.. code-block:: bash
+
+  curl http://localhost:8080/api/admin/settings/:ApplicationTermsOfUse/lang/en
+
+.. _settings_put_single:
+
+Configure Single Database Setting
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+.. code-block:: bash
+
+  export SERVER_URL="http://localhost:8080"
+  export NAME=":InstallationName"
+  export VALUE="LibreScholar"
+  
+  curl -X PUT "$SERVER_URL/api/admin/settings/$NAME" -d "$VALUE"
+
+The fully expanded example above (without environment variables) looks like this:
+
+.. code-block:: bash
+
+  curl -X PUT http://localhost:8080/api/admin/settings/:InstallationName -d LibreScholar
+
+Note: ``NAME`` values are validated for existence and compliance.
+
+.. _settings_put_single_lang:
+
+Configure Single Database Setting With Language/Locale
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+A small number of settings, most notably :ref:`:ApplicationTermsOfUse`, can be saved in multiple languages.
+
+Use two character language codes.
+
+.. code-block:: bash
+
+  export SERVER_URL="http://localhost:8080"
+  export NAME=":ApplicationTermsOfUse"
+  export LANG="fr"
+  
+  curl -X PUT "$SERVER_URL/api/admin/settings/$NAME/lang/$LANG" --upload-file /tmp/apptou_fr.html
+
+The fully expanded example above (without environment variables) looks like this:
+
+.. code-block:: bash
+
+  curl -X PUT http://localhost:8080/api/admin/settings/:ApplicationTermsOfUse/lang/fr --upload-file /tmp/apptou_fr.html
+
+Note: ``NAME`` and ``LANG`` values are validated for existence and compliance.
 
 .. _settings_put_bulk:
 
 Configure All Database Settings
-~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+Using a JSON file, replace all settings in a single idempotent and atomic operation and delete any settings not present in that JSON file.
+
+Use the JSON ``data`` object in output of ``GET /api/admin/settings`` (:ref:`settings_get_all`) for the JSON input structure for this endpoint.
+To put this concretely, you can save just the ``data`` object for your existing settings to disk by filtering them through ``.jq`` like this:
 
-Replace all settings in a single idempotent and atomic operation::
+.. code-block:: bash
 
-  PUT http://$SERVER/api/admin/settings
+  curl http://localhost:8080/api/admin/settings | jq '.data' > /tmp/all-settings.json
 
-See JSON ``data`` object in output of ``GET /api/admin/settings`` for the JSON input structure for this endpoint.
+Then you can use this "all-settings.json" file as a starting point for your input file.
 The :doc:`../installation/config` page of the Installation Guide has a :ref:`complete list of all the available settings <database-settings>`.
+Note that settings in the JSON file are validated for existence and compliance.
 
-Configure Single Database Setting
-~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.. code-block:: bash
 
-Sets setting ``name`` to the body of the request::
+  export SERVER_URL="http://localhost:8080"
+  
+  curl -X PUT -H "Content-type:application/json" "$SERVER_URL/api/admin/settings" --upload-file /tmp/all-settings.json
 
-  PUT http://$SERVER/api/admin/settings/$name
+The fully expanded example above (without environment variables) looks like this:
 
-Sets a localized setting ``name`` for locale/language ``lang`` to the body of the request::
+.. code-block:: bash
 
-  PUT http://$SERVER/api/admin/settings/$name/lang/$lang
+  curl -X PUT -H "Content-type:application/json" http://localhost:8080/api/admin/settings --upload-file /tmp/all-settings.json
 
-Get Single Database Setting
-~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.. _settings_delete_single:
 
-Get the setting under ``name``::
+Delete Single Database Setting
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
 
-  GET http://$SERVER/api/admin/settings/$name
+.. code-block:: bash
 
-Gets a localized setting under ``name`` for locale/language ``lang``::
+  export SERVER_URL="http://localhost:8080"
+  export NAME=":InstallationName"
+  
+  curl -X DELETE "$SERVER_URL/api/admin/settings/$NAME"
 
-  GET http://$SERVER/api/admin/settings/$name/lang/$lang
+The fully expanded example above (without environment variables) looks like this:
 
-Delete Single Database Setting
-~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.. code-block:: bash
+
+  curl -X DELETE http://localhost:8080/api/admin/settings/:InstallationName
+
+.. _settings_delete_single_lang:
+
+Delete Single Database Setting With Language/Locale
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+A small number of settings, most notably :ref:`:ApplicationTermsOfUse`, can be saved in multiple languages.
 
-Delete the setting under ``name``::
+Use two character language codes.
 
-  DELETE http://$SERVER/api/admin/settings/$name
+.. code-block:: bash
+
+  export SERVER_URL="http://localhost:8080"
+  export NAME=":ApplicationTermsOfUse"
+  export LANG="fr"
+  
+  curl -X DELETE "$SERVER_URL/api/admin/settings/$NAME/lang/$LANG"
 
-Delete a localized setting under ``name`` for locale/language ``lang``::
+The fully expanded example above (without environment variables) looks like this:
+
+.. code-block:: bash
 
-  DELETE http://$SERVER/api/admin/settings/$name/lang/$lang
+  curl -X DELETE http://localhost:8080/api/admin/settings/:ApplicationTermsOfUse/lang/fr 
 
 .. _list-all-feature-flags:
 
diff --git a/doc/sphinx-guides/source/installation/config.rst b/doc/sphinx-guides/source/installation/config.rst
index f064cc51a06..c7f76c04754 100644
--- a/doc/sphinx-guides/source/installation/config.rst
+++ b/doc/sphinx-guides/source/installation/config.rst
@@ -3873,13 +3873,13 @@ You might also create your own profiles and use these, please refer to the upstr
 Database Settings
 -----------------
 
-These settings are stored in the ``setting`` database table but can be read and modified via the "admin" endpoint of the :doc:`/api/native-api` for easy scripting.
+These settings are stored in the ``setting`` database table but we recommend using the Admin API (:ref:`admin-api-db-settings`) to view and modify them, as shown below.
 
-The most commonly used configuration options are listed first.
+In short:
 
-The pattern you will observe in curl examples below is that an HTTP ``PUT`` is used to add or modify a setting. If you perform an HTTP ``GET`` (the default when using curl), the output will contain the value of the setting, if it has been set. You can also do a ``GET`` of all settings with ``curl http://localhost:8080/api/admin/settings`` which you may want to pretty-print by piping the output through a tool such as jq by appending ``| jq .``. If you want to remove a setting, use an HTTP ``DELETE`` such as ``curl -X DELETE http://localhost:8080/api/admin/settings/:GuidesBaseUrl`` .
-
-For your convenience, there is also an Admin API endpoint to :ref:`bulk manage database settings in an atomic, idempotent fashion <settings_put_bulk>`.
+- HTTP ``GET`` is used to show settings.
+- HTTP ``PUT`` is used to add or modify settings.
+- HTTP ``DELETE`` is used to delete settings.
 
 .. _:BlockedApiPolicy:
 
@@ -4374,10 +4374,14 @@ For performance reasons, your Dataverse installation will only allow creation of
 
 In the UI, users trying to download a zip file larger than the Dataverse installation's :ZipDownloadLimit will receive messaging that the zip file is too large, and the user will be presented with alternate access options. 
 
+.. _:TabularIngestSizeLimit:
+
 :TabularIngestSizeLimit
 +++++++++++++++++++++++
 
 Threshold in bytes for limiting whether or not "ingest" is attempted for an uploaded tabular file (which can be resource intensive).
+For more on the ingest features, see :doc:`/user/tabulardataingest/index` in the User Guide.
+
 For example, with the below in place, files greater than 2 GB in size will not go through the ingest process:
 
 ``curl -X PUT -d 2000000000 http://localhost:8080/api/admin/settings/:TabularIngestSizeLimit``
@@ -4394,6 +4398,8 @@ Using a JSON-based setting, you can override this global setting on a per-format
 - CSV
 - XLSX
 
+(In previous releases of Dataverse, a colon-separated form was used to specify per-format limits, such as ``:TabularIngestSizeLimit:Rdata``, but this is no longer supported. Now JSON is used.)
+
 The JSON follows this form, all fields optional:
 
 .. code:: json
@@ -4405,8 +4411,14 @@ The JSON follows this form, all fields optional:
     "formatZ": "100"
   }
 
-The ``default`` key represents the global default (with it being absent meaning the implicit global default of ``-1`` applies).
-Add a format name (as listed above) to change the limit for this particular format.
+Whatever JSON you send will overwrite existing values. If you have any current settings, you can use the following command to see them in the proper format (and then add the new settings you want):
+
+``curl http://localhost:8080/api/admin/settings/:TabularIngestSizeLimit | jq -r '.data.message'``
+
+The ``default`` key is optional and can be used to give limits to formats that are not specified in the JSON. If you omit the ``default`` key or set it to ``-1``, no limits are applied to formats not specified in the JSON.
+
+Add a format name (DTA, POR, etc., as listed above) to change the limit for this particular format.
+
 Any size limits must be provided as string literals (in quotes), not number literals!
 
 Examples:

From b7e541d5cdfc2a4d0f15e3f7de81ddb565423217 Mon Sep 17 00:00:00 2001
From: Philip Durbin <philip_durbin@harvard.edu>
Date: Mon, 4 Aug 2025 15:56:32 -0400
Subject: [PATCH 263/634] doc tweaks #11639

---
 doc/sphinx-guides/source/api/native-api.rst      | 8 ++++----
 doc/sphinx-guides/source/installation/config.rst | 6 +++---
 2 files changed, 7 insertions(+), 7 deletions(-)

diff --git a/doc/sphinx-guides/source/api/native-api.rst b/doc/sphinx-guides/source/api/native-api.rst
index a972894eb57..30fb4c24d70 100644
--- a/doc/sphinx-guides/source/api/native-api.rst
+++ b/doc/sphinx-guides/source/api/native-api.rst
@@ -6830,7 +6830,7 @@ Get Single Database Setting With Language/Locale
 
 A small number of settings, most notably :ref:`:ApplicationTermsOfUse`, can be saved in multiple languages.
 
-Use two character language codes.
+Use two-character ISO 639-1 language codes.
 
 .. code-block:: bash
 
@@ -6874,7 +6874,7 @@ Configure Single Database Setting With Language/Locale
 
 A small number of settings, most notably :ref:`:ApplicationTermsOfUse`, can be saved in multiple languages.
 
-Use two character language codes.
+Use two-character ISO 639-1 language codes.
 
 .. code-block:: bash
 
@@ -6900,7 +6900,7 @@ Configure All Database Settings
 Using a JSON file, replace all settings in a single idempotent and atomic operation and delete any settings not present in that JSON file.
 
 Use the JSON ``data`` object in output of ``GET /api/admin/settings`` (:ref:`settings_get_all`) for the JSON input structure for this endpoint.
-To put this concretely, you can save just the ``data`` object for your existing settings to disk by filtering them through ``.jq`` like this:
+To put this concretely, you can save just the ``data`` object for your existing settings to disk by filtering them through ``jq`` like this:
 
 .. code-block:: bash
 
@@ -6947,7 +6947,7 @@ Delete Single Database Setting With Language/Locale
 
 A small number of settings, most notably :ref:`:ApplicationTermsOfUse`, can be saved in multiple languages.
 
-Use two character language codes.
+Use two-character ISO 639-1 language codes.
 
 .. code-block:: bash
 
diff --git a/doc/sphinx-guides/source/installation/config.rst b/doc/sphinx-guides/source/installation/config.rst
index c7f76c04754..7e4d85b360f 100644
--- a/doc/sphinx-guides/source/installation/config.rst
+++ b/doc/sphinx-guides/source/installation/config.rst
@@ -4389,7 +4389,7 @@ For example, with the below in place, files greater than 2 GB in size will not g
 You can set this value to ``0`` to prevent files from being ingested at all.
 The default is ``-1``, meaning no file size limit is applied.
 
-Using a JSON-based setting, you can override this global setting on a per-format basis for the following formats:
+Using a JSON-based setting, you can override this global setting on a per-format basis for the following formats (case-insensitive):
 
 - DTA
 - POR
@@ -4417,13 +4417,13 @@ Whatever JSON you send will overwrite existing values. If you have any current s
 
 The ``default`` key is optional and can be used to give limits to formats that are not specified in the JSON. If you omit the ``default`` key or set it to ``-1``, no limits are applied to formats not specified in the JSON.
 
-Add a format name (DTA, POR, etc., as listed above) to change the limit for this particular format.
+Add a format name (DTA, POR, etc., as listed above) to change the limit for that particular format.
 
 Any size limits must be provided as string literals (in quotes), not number literals!
 
 Examples:
 
-1. If you want your Dataverse installation to not attempt to ingest Rdata files larger than 1 MB but otherwise unlimited:
+1. If you want your Dataverse installation to not attempt to ingest Rdata files larger than 1 MB but otherwise be unlimited:
 
    ``curl -X PUT -d '{"Rdata":"1000000"}' http://localhost:8080/api/admin/settings/:TabularIngestSizeLimit``
 2. If you want your Dataverse installation to not attempt to ingest XLSX files at all and apply a global limit of 512 MiB, use this setting:

From 071f695f13b6516aada232cac5e234407798f710 Mon Sep 17 00:00:00 2001
From: Oliver Bertuch <o.bertuch@fz-juelich.de>
Date: Wed, 17 Sep 2025 08:26:26 +0200
Subject: [PATCH 264/634] chore: move migrations to be part of v6.9 instead of
 v6.8 #11639

---
 src/main/resources/db/migration/{V6.7.0.1.sql => V6.8.0.1.sql} | 0
 src/main/resources/db/migration/{V6.7.0.2.sql => V6.8.0.2.sql} | 0
 2 files changed, 0 insertions(+), 0 deletions(-)
 rename src/main/resources/db/migration/{V6.7.0.1.sql => V6.8.0.1.sql} (100%)
 rename src/main/resources/db/migration/{V6.7.0.2.sql => V6.8.0.2.sql} (100%)

diff --git a/src/main/resources/db/migration/V6.7.0.1.sql b/src/main/resources/db/migration/V6.8.0.1.sql
similarity index 100%
rename from src/main/resources/db/migration/V6.7.0.1.sql
rename to src/main/resources/db/migration/V6.8.0.1.sql
diff --git a/src/main/resources/db/migration/V6.7.0.2.sql b/src/main/resources/db/migration/V6.8.0.2.sql
similarity index 100%
rename from src/main/resources/db/migration/V6.7.0.2.sql
rename to src/main/resources/db/migration/V6.8.0.2.sql

From efd7bbfc3096479eb2a02cd32704a719b6385200 Mon Sep 17 00:00:00 2001
From: Philip Durbin <philip_durbin@harvard.edu>
Date: Tue, 5 Aug 2025 16:25:48 -0400
Subject: [PATCH 265/634] create test methods for getting and setting all
 settings (and use them) #11639

---
 .../edu/harvard/iq/dataverse/api/AdminIT.java | 39 ++++---------------
 .../edu/harvard/iq/dataverse/api/UtilIT.java  | 14 +++++++
 2 files changed, 22 insertions(+), 31 deletions(-)

diff --git a/src/test/java/edu/harvard/iq/dataverse/api/AdminIT.java b/src/test/java/edu/harvard/iq/dataverse/api/AdminIT.java
index 83a62d41b9f..6f3ffaa83b8 100644
--- a/src/test/java/edu/harvard/iq/dataverse/api/AdminIT.java
+++ b/src/test/java/edu/harvard/iq/dataverse/api/AdminIT.java
@@ -80,9 +80,7 @@ void testSettingsRoundTrip() {
             UtilIT.setSetting(harmlessSetting, harmlessL10nValue, language);
             
             // Step 1: Get current settings state
-            Response getResponse = given()
-                .when()
-                .get("/api/admin/settings");
+            Response getResponse = UtilIT.getSettings();
             
             getResponse.then()
                 .assertThat()
@@ -111,12 +109,7 @@ void testSettingsRoundTrip() {
                 .body("data.message", equalTo(harmlessValue));
             
             // Step 4: Put back the original settings (this is what we're testing)
-            Response putResponse = given()
-                //.header("X-Dataverse-key", "")
-                .header("Content-Type", "application/json")
-                .body(originalSettings.toString())
-                .when()
-                .put("/api/admin/settings");
+            Response putResponse = UtilIT.setSettings(originalSettings.toString());
             
             putResponse.then()
                 .assertThat()
@@ -125,20 +118,14 @@ void testSettingsRoundTrip() {
                 .body("message.message", containsString("successfully updated"));
             
             // Step 5: Verify the harmless setting is gone (restored to original state)
-            Response verifyRestoredResponse = given()
-                //.header("X-Dataverse-key", "")
-                .when()
-                .get("/api/admin/settings" + harmlessSetting.toString());
+            Response verifyRestoredResponse = UtilIT.getSetting(harmlessSetting);
             
             verifyRestoredResponse.then()
                 .assertThat()
                 .statusCode(NOT_FOUND.getStatusCode()); // Should not exist anymore
             
             // Step 6: Verify overall settings state matches original
-            Response finalGetResponse = given()
-                //.header("X-Dataverse-key", "")
-                .when()
-                .get("/api/admin/settings");
+            Response finalGetResponse = UtilIT.getSettings();
             
             finalGetResponse.then()
                 .assertThat()
@@ -165,9 +152,7 @@ void testGetAllSettingsWithLocalization() {
             UtilIT.setSetting(harmlessSetting, harmlessL10nValue, language);
             
             // When
-            Response getResponse = given()
-                .when()
-                .get("/api/admin/settings");
+            Response getResponse = UtilIT.getSettings();
             
             // Then
             getResponse.then()
@@ -184,11 +169,7 @@ void testGetAllSettingsWithLocalization() {
         @Test
         void testPutAllSettingsWithEmptyJson() {
             // Test error handling for empty JSON
-            Response response = given()
-                .header("Content-Type", "application/json")
-                .body("{}")
-                .when()
-                .put("/api/admin/settings");
+            Response response = UtilIT.setSettings("{}");
             
             response.then()
                 .assertThat()
@@ -199,11 +180,7 @@ void testPutAllSettingsWithEmptyJson() {
         @Test
         void testPutAllSettingsWithInvalidSetting() {
             // Test error handling for empty JSON
-            Response response = given()
-                .header("Content-Type", "application/json")
-                .body("{\":Test1\": \"Foobar\", \":Test2\": \"Foobar\" }")
-                .when()
-                .put("/api/admin/settings");
+            Response response = UtilIT.setSettings("{\":Test1\": \"Foobar\", \":Test2\": \"Foobar\" }");
             
             response.then()
                 .assertThat()
@@ -242,7 +219,7 @@ public void testListAuthenticatedUsers() throws Exception {
 
         Response deleteSuperuser = UtilIT.deleteUser(superuserUsername);
         assertEquals(200, deleteSuperuser.getStatusCode());
-    }
+}
     
     @Test
     public void testFilterAuthenticatedUsersForbidden() throws Exception {
diff --git a/src/test/java/edu/harvard/iq/dataverse/api/UtilIT.java b/src/test/java/edu/harvard/iq/dataverse/api/UtilIT.java
index aa11ceb0d18..548627554d2 100644
--- a/src/test/java/edu/harvard/iq/dataverse/api/UtilIT.java
+++ b/src/test/java/edu/harvard/iq/dataverse/api/UtilIT.java
@@ -2507,6 +2507,11 @@ static Response deleteSetting(String settingKey) {
         return response;
     }
 
+    static Response getSettings() {
+        Response response = given().when().get("/api/admin/settings");
+        return response;
+    }
+
     static Response getSetting(SettingsServiceBean.Key settingKey) {
         Response response = given().when().get("/api/admin/settings/" + settingKey);
         return response;
@@ -2535,6 +2540,15 @@ public static Response setSetting(String settingKey, String value) {
         return response;
     }
 
+    public static Response setSettings(String value) {
+        Response response = given()
+                .header("Content-Type", "application/json")
+                .body(value)
+                .when()
+                .put("/api/admin/settings");
+        return response;
+    }
+
     static Response getFeatureFlags() {
         Response response = given().when().get("/api/admin/featureFlags");
         return response;

From 95533c68486dc8fcb5451c23f7d935c8b268bb7e Mon Sep 17 00:00:00 2001
From: Philip Durbin <philip_durbin@harvard.edu>
Date: Thu, 7 Aug 2025 13:10:27 -0400
Subject: [PATCH 266/634] the "not found" message now ends in a period #11639

Make the test comply with the change.
---
 src/test/java/edu/harvard/iq/dataverse/api/DatasetsIT.java | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/test/java/edu/harvard/iq/dataverse/api/DatasetsIT.java b/src/test/java/edu/harvard/iq/dataverse/api/DatasetsIT.java
index b273502e6ed..6d160c038ff 100644
--- a/src/test/java/edu/harvard/iq/dataverse/api/DatasetsIT.java
+++ b/src/test/java/edu/harvard/iq/dataverse/api/DatasetsIT.java
@@ -2401,7 +2401,7 @@ public void testFileChecksum() {
         Response getDefaultSetting = UtilIT.getSetting(SettingsServiceBean.Key.FileFixityChecksumAlgorithm);
         getDefaultSetting.prettyPrint();
         getDefaultSetting.then().assertThat()
-                .body("message", equalTo("Setting :FileFixityChecksumAlgorithm not found"));
+                .body("message", equalTo("Setting :FileFixityChecksumAlgorithm not found."));
 
         Response uploadMd5File = UtilIT.uploadRandomFile(dataset1PersistentId, apiToken);
         uploadMd5File.prettyPrint();

From 30f4603521154428a22ff55665f99239b284345d Mon Sep 17 00:00:00 2001
From: Philip Durbin <philip_durbin@harvard.edu>
Date: Thu, 7 Aug 2025 15:30:57 -0400
Subject: [PATCH 267/634] add to the enum many archive-related settings #11639

Attempts to set these settings were failing with a 400
and "The name of the setting is invalid." By adding them
to the enum, they pass validation and are able to work again.

These settings are really subsettings of :ArchiverSettings.
(See installation/config.rst.)

The exception is :BagGeneratorThreads, which is not a
subsetting of :ArchiverSettings. Rather, it is a related
setting used by multiple archivers.

:DRSArchiverConfig was added to the enum. DRS is a system
specific to Harvard which is why we don't document the setting
in the guides, but we plan to mention it in the release notes.
See also https://github.com/IQSS/dataverse.harvard.edu/issues/177
---
 .../11639-db-opts-idempotency.md              | 14 ++++++++
 .../impl/DRSSubmitToArchiveCommand.java       |  3 +-
 .../impl/DuraCloudSubmitToArchiveCommand.java |  9 ++++--
 .../GoogleCloudSubmitToArchiveCommand.java    |  6 ++--
 .../impl/LocalSubmitToArchiveCommand.java     |  3 +-
 .../impl/S3SubmitToArchiveCommand.java        |  3 +-
 .../settings/SettingsServiceBean.java         | 32 +++++++++++++++++++
 .../iq/dataverse/util/bagit/BagGenerator.java |  3 +-
 .../edu/harvard/iq/dataverse/api/BagIT.java   |  8 +++--
 9 files changed, 70 insertions(+), 11 deletions(-)

diff --git a/doc/release-notes/11639-db-opts-idempotency.md b/doc/release-notes/11639-db-opts-idempotency.md
index 2af82f4ffda..2a87a81eff8 100644
--- a/doc/release-notes/11639-db-opts-idempotency.md
+++ b/doc/release-notes/11639-db-opts-idempotency.md
@@ -19,3 +19,17 @@ As an administrator of a Dataverse instance, you can now make use of enhanced Bu
    It allows control over all Database Settings from a single source without risking an undefined state.
 
 Note: Despite the validation of setting names and languages, the content of any database setting is still not being validated when using the Settings Admin API!
+
+### Updated Database Settings
+
+The following database settings are were added to the official list within the code (to remain valid with the settings cleanup mentioned above):
+
+- :BagGeneratorThreads
+- :BagItLocalPath
+- :BuiltinUsersKey - formerly BuiltinUsers.KEY
+- :DRSArchiverConfig - a Harvard-specific setting
+- :DuraCloudContext
+- :DuraCloudHost
+- :DuraCloudPort
+- :GoogleCloudBucket
+- :GoogleCloudProject
diff --git a/src/main/java/edu/harvard/iq/dataverse/engine/command/impl/DRSSubmitToArchiveCommand.java b/src/main/java/edu/harvard/iq/dataverse/engine/command/impl/DRSSubmitToArchiveCommand.java
index 594d4fe25ba..78e8454255b 100644
--- a/src/main/java/edu/harvard/iq/dataverse/engine/command/impl/DRSSubmitToArchiveCommand.java
+++ b/src/main/java/edu/harvard/iq/dataverse/engine/command/impl/DRSSubmitToArchiveCommand.java
@@ -56,12 +56,13 @@
 import com.auth0.jwt.JWT;
 import com.auth0.jwt.algorithms.Algorithm;
 import com.auth0.jwt.exceptions.JWTCreationException;
+import static edu.harvard.iq.dataverse.settings.SettingsServiceBean.Key.DRSArchiverConfig;
 
 @RequiredPermissions(Permission.PublishDataset)
 public class DRSSubmitToArchiveCommand extends S3SubmitToArchiveCommand implements Command<DatasetVersion> {
 
     private static final Logger logger = Logger.getLogger(DRSSubmitToArchiveCommand.class.getName());
-    private static final String DRS_CONFIG = ":DRSArchiverConfig";
+    private static final String DRS_CONFIG = DRSArchiverConfig.toString();
     private static final String ADMIN_METADATA = "admin_metadata";
     private static final String S3_BUCKET_NAME = "s3_bucket_name";
     private static final String S3_PATH = "s3_path";
diff --git a/src/main/java/edu/harvard/iq/dataverse/engine/command/impl/DuraCloudSubmitToArchiveCommand.java b/src/main/java/edu/harvard/iq/dataverse/engine/command/impl/DuraCloudSubmitToArchiveCommand.java
index 94f983f0c13..fe4a25091d7 100644
--- a/src/main/java/edu/harvard/iq/dataverse/engine/command/impl/DuraCloudSubmitToArchiveCommand.java
+++ b/src/main/java/edu/harvard/iq/dataverse/engine/command/impl/DuraCloudSubmitToArchiveCommand.java
@@ -7,6 +7,9 @@
 import edu.harvard.iq.dataverse.authorization.users.ApiToken;
 import edu.harvard.iq.dataverse.engine.command.DataverseRequest;
 import edu.harvard.iq.dataverse.engine.command.RequiredPermissions;
+import static edu.harvard.iq.dataverse.settings.SettingsServiceBean.Key.DuraCloudContext;
+import static edu.harvard.iq.dataverse.settings.SettingsServiceBean.Key.DuraCloudHost;
+import static edu.harvard.iq.dataverse.settings.SettingsServiceBean.Key.DuraCloudPort;
 import edu.harvard.iq.dataverse.workflow.step.Failure;
 import edu.harvard.iq.dataverse.workflow.step.WorkflowStepResult;
 
@@ -36,9 +39,9 @@ public class DuraCloudSubmitToArchiveCommand extends AbstractSubmitToArchiveComm
     private static final Logger logger = Logger.getLogger(DuraCloudSubmitToArchiveCommand.class.getName());
     private static final String DEFAULT_PORT = "443";
     private static final String DEFAULT_CONTEXT = "durastore";
-    private static final String DURACLOUD_PORT = ":DuraCloudPort";
-    private static final String DURACLOUD_HOST = ":DuraCloudHost";
-    private static final String DURACLOUD_CONTEXT = ":DuraCloudContext";
+    private static final String DURACLOUD_PORT = DuraCloudPort.toString();
+    private static final String DURACLOUD_HOST = DuraCloudHost.toString();
+    private static final String DURACLOUD_CONTEXT = DuraCloudContext.toString();
 
 
     public DuraCloudSubmitToArchiveCommand(DataverseRequest aRequest, DatasetVersion version) {
diff --git a/src/main/java/edu/harvard/iq/dataverse/engine/command/impl/GoogleCloudSubmitToArchiveCommand.java b/src/main/java/edu/harvard/iq/dataverse/engine/command/impl/GoogleCloudSubmitToArchiveCommand.java
index 7d749262b87..7dfb9f07e19 100644
--- a/src/main/java/edu/harvard/iq/dataverse/engine/command/impl/GoogleCloudSubmitToArchiveCommand.java
+++ b/src/main/java/edu/harvard/iq/dataverse/engine/command/impl/GoogleCloudSubmitToArchiveCommand.java
@@ -14,6 +14,8 @@
 import edu.harvard.iq.dataverse.engine.command.DataverseRequest;
 import edu.harvard.iq.dataverse.engine.command.RequiredPermissions;
 import edu.harvard.iq.dataverse.settings.JvmSettings;
+import static edu.harvard.iq.dataverse.settings.SettingsServiceBean.Key.GoogleCloudBucket;
+import static edu.harvard.iq.dataverse.settings.SettingsServiceBean.Key.GoogleCloudProject;
 import edu.harvard.iq.dataverse.workflow.step.Failure;
 import edu.harvard.iq.dataverse.workflow.step.WorkflowStepResult;
 import org.apache.commons.codec.binary.Hex;
@@ -35,8 +37,8 @@
 public class GoogleCloudSubmitToArchiveCommand extends AbstractSubmitToArchiveCommand {
 
     private static final Logger logger = Logger.getLogger(GoogleCloudSubmitToArchiveCommand.class.getName());
-    private static final String GOOGLECLOUD_BUCKET = ":GoogleCloudBucket";
-    private static final String GOOGLECLOUD_PROJECT = ":GoogleCloudProject";
+    private static final String GOOGLECLOUD_BUCKET = GoogleCloudBucket.toString();
+    private static final String GOOGLECLOUD_PROJECT = GoogleCloudProject.toString();
 
     public GoogleCloudSubmitToArchiveCommand(DataverseRequest aRequest, DatasetVersion version) {
         super(aRequest, version);
diff --git a/src/main/java/edu/harvard/iq/dataverse/engine/command/impl/LocalSubmitToArchiveCommand.java b/src/main/java/edu/harvard/iq/dataverse/engine/command/impl/LocalSubmitToArchiveCommand.java
index d2f061b6e70..462879f2ec9 100644
--- a/src/main/java/edu/harvard/iq/dataverse/engine/command/impl/LocalSubmitToArchiveCommand.java
+++ b/src/main/java/edu/harvard/iq/dataverse/engine/command/impl/LocalSubmitToArchiveCommand.java
@@ -8,6 +8,7 @@
 import edu.harvard.iq.dataverse.engine.command.Command;
 import edu.harvard.iq.dataverse.engine.command.DataverseRequest;
 import edu.harvard.iq.dataverse.engine.command.RequiredPermissions;
+import static edu.harvard.iq.dataverse.settings.SettingsServiceBean.Key.BagItLocalPath;
 import edu.harvard.iq.dataverse.util.bagit.BagGenerator;
 import edu.harvard.iq.dataverse.util.bagit.OREMap;
 import edu.harvard.iq.dataverse.workflow.step.Failure;
@@ -38,7 +39,7 @@ public LocalSubmitToArchiveCommand(DataverseRequest aRequest, DatasetVersion ver
     public WorkflowStepResult performArchiveSubmission(DatasetVersion dv, ApiToken token,
             Map<String, String> requestedSettings) {
         logger.fine("In LocalCloudSubmitToArchive...");
-        String localPath = requestedSettings.get(":BagItLocalPath");
+        String localPath = requestedSettings.get(BagItLocalPath.toString());
         String zipName = null;
         
         //Set a failure status that will be updated if we succeed
diff --git a/src/main/java/edu/harvard/iq/dataverse/engine/command/impl/S3SubmitToArchiveCommand.java b/src/main/java/edu/harvard/iq/dataverse/engine/command/impl/S3SubmitToArchiveCommand.java
index 4f93e88de5e..65531d775c8 100644
--- a/src/main/java/edu/harvard/iq/dataverse/engine/command/impl/S3SubmitToArchiveCommand.java
+++ b/src/main/java/edu/harvard/iq/dataverse/engine/command/impl/S3SubmitToArchiveCommand.java
@@ -7,6 +7,7 @@
 import edu.harvard.iq.dataverse.authorization.users.ApiToken;
 import edu.harvard.iq.dataverse.engine.command.DataverseRequest;
 import edu.harvard.iq.dataverse.engine.command.RequiredPermissions;
+import static edu.harvard.iq.dataverse.settings.SettingsServiceBean.Key.S3ArchiverConfig;
 import edu.harvard.iq.dataverse.util.bagit.BagGenerator;
 import edu.harvard.iq.dataverse.util.bagit.OREMap;
 import edu.harvard.iq.dataverse.util.json.JsonUtil;
@@ -64,7 +65,7 @@ public class S3SubmitToArchiveCommand extends AbstractSubmitToArchiveCommand {
     private ManagedExecutorService executorService;
 
     private static final Logger logger = Logger.getLogger(S3SubmitToArchiveCommand.class.getName());
-    private static final String S3_CONFIG = ":S3ArchiverConfig";
+    private static final String S3_CONFIG = S3ArchiverConfig.toString();
 
     private static final Config config = ConfigProvider.getConfig();
     protected S3AsyncClient s3 = null;
diff --git a/src/main/java/edu/harvard/iq/dataverse/settings/SettingsServiceBean.java b/src/main/java/edu/harvard/iq/dataverse/settings/SettingsServiceBean.java
index c555b059523..b97de383391 100644
--- a/src/main/java/edu/harvard/iq/dataverse/settings/SettingsServiceBean.java
+++ b/src/main/java/edu/harvard/iq/dataverse/settings/SettingsServiceBean.java
@@ -466,7 +466,39 @@ Whether Harvesting (OAI) service is enabled
          */
         
         ArchiverClassName,
+        /**
+         * Custom settings for each archiver. See list below.
+         */
         ArchiverSettings,
+        /**
+         * :ArchiverSettings used by DRSSubmitToArchiveCommand. DRS is a system
+         * specific to Harvard which is why we don't document it in the guides.
+         * See also https://github.com/IQSS/dataverse.harvard.edu/issues/177
+         */
+        DRSArchiverConfig,
+        /**
+         * :ArchiverSettings used by DuraCloudSubmitToArchiveCommand.
+         */
+        DuraCloudPort,
+        DuraCloudHost,
+        DuraCloudContext,
+        /**
+         * :ArchiverSettings used by GoogleCloudSubmitToArchiveCommand.
+         */
+        GoogleCloudBucket,
+        GoogleCloudProject,
+        /**
+         * :ArchiverSettings used by LocalSubmitToArchiveCommand.
+         */
+        BagItLocalPath,
+        /**
+         * :ArchiverSettings used by S3SubmitToArchiveCommand.
+         */
+        S3ArchiverConfig,
+        /**
+         * :ArchiverSettings used by multiple archive commands.
+         */
+        BagGeneratorThreads,
         /**
          * A comma-separated list of roles for which new dataverses should inherit the
          * corresponding role assignments from the parent dataverse. Also affects
diff --git a/src/main/java/edu/harvard/iq/dataverse/util/bagit/BagGenerator.java b/src/main/java/edu/harvard/iq/dataverse/util/bagit/BagGenerator.java
index f6b12d5f904..f24ebdb8655 100644
--- a/src/main/java/edu/harvard/iq/dataverse/util/bagit/BagGenerator.java
+++ b/src/main/java/edu/harvard/iq/dataverse/util/bagit/BagGenerator.java
@@ -75,6 +75,7 @@
 import edu.harvard.iq.dataverse.DataFile.ChecksumType;
 import edu.harvard.iq.dataverse.pidproviders.PidUtil;
 import edu.harvard.iq.dataverse.settings.JvmSettings;
+import static edu.harvard.iq.dataverse.settings.SettingsServiceBean.Key.BagGeneratorThreads;
 import edu.harvard.iq.dataverse.util.json.JsonLDTerm;
 import java.util.Optional;
 
@@ -120,7 +121,7 @@ public class BagGenerator {
     private boolean usetemp = false;
 
     private int numConnections = 8;
-    public static final String BAG_GENERATOR_THREADS = ":BagGeneratorThreads";
+    public static final String BAG_GENERATOR_THREADS = BagGeneratorThreads.toString();
 
     private OREMap oremap;
 
diff --git a/src/test/java/edu/harvard/iq/dataverse/api/BagIT.java b/src/test/java/edu/harvard/iq/dataverse/api/BagIT.java
index c80e321b228..16c44003f35 100644
--- a/src/test/java/edu/harvard/iq/dataverse/api/BagIT.java
+++ b/src/test/java/edu/harvard/iq/dataverse/api/BagIT.java
@@ -2,6 +2,8 @@
 
 import edu.harvard.iq.dataverse.engine.command.impl.LocalSubmitToArchiveCommand;
 import edu.harvard.iq.dataverse.settings.SettingsServiceBean;
+import static edu.harvard.iq.dataverse.settings.SettingsServiceBean.Key.BagGeneratorThreads;
+import static edu.harvard.iq.dataverse.settings.SettingsServiceBean.Key.BagItLocalPath;
 import io.restassured.RestAssured;
 import static io.restassured.RestAssured.given;
 import io.restassured.response.Response;
@@ -36,11 +38,13 @@ public static void setUpClass() {
         setArchiverClassName.then().assertThat()
                 .statusCode(OK.getStatusCode());
 
-        Response setArchiverSettings = UtilIT.setSetting(SettingsServiceBean.Key.ArchiverSettings, ":BagItLocalPath, :BagGeneratorThreads");
+        // BagGeneratorThreads isn't used. Consider setting it or removing it.
+        Response setArchiverSettings = UtilIT.setSetting(SettingsServiceBean.Key.ArchiverSettings,
+                String.join(", ", BagItLocalPath.toString(), BagGeneratorThreads.toString()));
         setArchiverSettings.then().assertThat()
                 .statusCode(OK.getStatusCode());
 
-        Response setBagItLocalPath = UtilIT.setSetting(":BagItLocalPath", bagitExportDir);
+        Response setBagItLocalPath = UtilIT.setSetting(BagItLocalPath.toString(), bagitExportDir);
         setBagItLocalPath.then().assertThat()
                 .statusCode(OK.getStatusCode());
 

From 4d72fcbf32b1e014913d87fed9b9e33c4f228dca Mon Sep 17 00:00:00 2001
From: Philip Durbin <philip_durbin@harvard.edu>
Date: Fri, 8 Aug 2025 10:19:08 -0400
Subject: [PATCH 268/634] add basic test for :TabularIngestSizeLimit #11639

---
 .../edu/harvard/iq/dataverse/api/FilesIT.java | 80 ++++++++++++++++++-
 1 file changed, 79 insertions(+), 1 deletion(-)

diff --git a/src/test/java/edu/harvard/iq/dataverse/api/FilesIT.java b/src/test/java/edu/harvard/iq/dataverse/api/FilesIT.java
index 38d89f782dd..7848314a834 100644
--- a/src/test/java/edu/harvard/iq/dataverse/api/FilesIT.java
+++ b/src/test/java/edu/harvard/iq/dataverse/api/FilesIT.java
@@ -60,6 +60,8 @@ public static void setUpClass() {
         Response removePublicInstall = UtilIT.deleteSetting(SettingsServiceBean.Key.PublicInstall);
         removePublicInstall.then().assertThat().statusCode(200);
 
+        Response removeLimit = UtilIT.deleteSetting(SettingsServiceBean.Key.TabularIngestSizeLimit);
+        removeLimit.then().assertThat().statusCode(OK.getStatusCode());
     }
 
     @AfterAll
@@ -1208,7 +1210,83 @@ public void test_AddFileBadUploadFormat() {
         }
 
     }
-    
+
+    @Test
+    public void testIngestSizeLimits() throws InterruptedException, IOException {
+        Response createUser = UtilIT.createRandomUser();
+        createUser.then().assertThat().statusCode(OK.getStatusCode());
+        String username = UtilIT.getUsernameFromResponse(createUser);
+        String apiToken = UtilIT.getApiTokenFromResponse(createUser);
+        Response makeSuperUser = UtilIT.setSuperuserStatus(username, true);
+        makeSuperUser.then().assertThat().statusCode(OK.getStatusCode());
+
+        Response createDataverseResponse = UtilIT.createRandomDataverse(apiToken);
+        createDataverseResponse.prettyPrint();
+        String dataverseAlias = UtilIT.getAliasFromResponse(createDataverseResponse);
+        Response createDatasetResponse = UtilIT.createRandomDatasetViaNativeApi(dataverseAlias, apiToken);
+        createDatasetResponse.prettyPrint();
+        Integer datasetId = JsonPath.from(createDatasetResponse.body().asString()).getInt("data.id");
+
+        String tinyCsvOnly = """
+{
+  "csv": "50"
+}
+""";
+
+        Response setLimit = UtilIT.setSetting(SettingsServiceBean.Key.TabularIngestSizeLimit, tinyCsvOnly);
+        setLimit.then().assertThat().statusCode(OK.getStatusCode());
+
+        Path pathToDataFile = Paths.get(java.nio.file.Files.createTempDirectory(null) + File.separator + "data.csv");
+        String contentOfCsv = ""
+                + "name,pounds,species,treats\n"
+                + "Midnight,15,dog,milkbones\n"
+                + "Tiger,17,cat,cat grass\n"
+                + "Panther,21,cat,cat nip\n";
+        java.nio.file.Files.write(pathToDataFile, contentOfCsv.getBytes());
+
+        Response uploadFile = UtilIT.uploadFileViaNative(datasetId.toString(), pathToDataFile.toString(), apiToken);
+        uploadFile.prettyPrint();
+        uploadFile.then().assertThat()
+                .statusCode(OK.getStatusCode())
+                .body("data.files[0].label", equalTo("data.csv"));
+
+        String fileId1 = JsonPath.from(uploadFile.body().asString()).getString("data.files[0].dataFile.id");
+
+        Response getFileDataTablesForNonTabularFileResponse = UtilIT.getFileDataTables(fileId1, apiToken);
+        getFileDataTablesForNonTabularFileResponse.prettyPrint();
+        getFileDataTablesForNonTabularFileResponse.then().assertThat()
+                .statusCode(BAD_REQUEST.getStatusCode())
+                .body("message", equalTo(BundleUtil.getStringFromBundle("files.api.only.tabular.supported")));
+
+        String largerCsv = """
+{
+  "csv": "123456"
+}
+""";
+
+        setLimit = UtilIT.setSetting(SettingsServiceBean.Key.TabularIngestSizeLimit, largerCsv);
+        setLimit.then().assertThat().statusCode(OK.getStatusCode());
+
+        uploadFile = UtilIT.uploadFileViaNative(datasetId.toString(), pathToDataFile.toString(), apiToken);
+        uploadFile.prettyPrint();
+        uploadFile.then().assertThat()
+                .statusCode(OK.getStatusCode())
+                .body("data.files[0].label", equalTo("data-1.csv"));
+
+        assertTrue(UtilIT.sleepForLock(datasetId.longValue(), "Ingest", apiToken, UtilIT.MAXIMUM_INGEST_LOCK_DURATION), "Failed test if Ingest Lock exceeds max duration " + pathToDataFile);
+
+        String fileId2 = JsonPath.from(uploadFile.body().asString()).getString("data.files[0].dataFile.id");
+
+        Response getFileDataTablesForTabularFileResponse = UtilIT.getFileDataTables(fileId2, apiToken);
+        getFileDataTablesForTabularFileResponse.prettyPrint();
+        getFileDataTablesForTabularFileResponse.then().assertThat()
+                .statusCode(OK.getStatusCode())
+                .body("data[0].varQuantity", equalTo(4));
+
+        Response removeLimit = UtilIT.deleteSetting(SettingsServiceBean.Key.TabularIngestSizeLimit);
+        removeLimit.then().assertThat().statusCode(OK.getStatusCode());
+    }
+
     @Test
     public void testUningestFileViaApi() throws InterruptedException {
         Response createUser = UtilIT.createRandomUser();

From 159b189b417d38be4930dcbb6662e081c3fd8f0c Mon Sep 17 00:00:00 2001
From: Philip Durbin <philip_durbin@harvard.edu>
Date: Fri, 8 Aug 2025 12:19:47 -0400
Subject: [PATCH 269/634] more ingest size limit tests #11639

---
 .../edu/harvard/iq/dataverse/api/FilesIT.java | 113 +++++++++++++++++-
 1 file changed, 107 insertions(+), 6 deletions(-)

diff --git a/src/test/java/edu/harvard/iq/dataverse/api/FilesIT.java b/src/test/java/edu/harvard/iq/dataverse/api/FilesIT.java
index 7848314a834..c0b8543ff09 100644
--- a/src/test/java/edu/harvard/iq/dataverse/api/FilesIT.java
+++ b/src/test/java/edu/harvard/iq/dataverse/api/FilesIT.java
@@ -67,6 +67,7 @@ public static void setUpClass() {
     @AfterAll
     public static void tearDownClass() {
         UtilIT.deleteSetting(SettingsServiceBean.Key.PublicInstall);
+        UtilIT.deleteSetting(SettingsServiceBean.Key.TabularIngestSizeLimit);
     }
 
     /**
@@ -1252,9 +1253,9 @@ public void testIngestSizeLimits() throws InterruptedException, IOException {
 
         String fileId1 = JsonPath.from(uploadFile.body().asString()).getString("data.files[0].dataFile.id");
 
-        Response getFileDataTablesForNonTabularFileResponse = UtilIT.getFileDataTables(fileId1, apiToken);
-        getFileDataTablesForNonTabularFileResponse.prettyPrint();
-        getFileDataTablesForNonTabularFileResponse.then().assertThat()
+        Response getTabularFails = UtilIT.getFileDataTables(fileId1, apiToken);
+        getTabularFails.prettyPrint();
+        getTabularFails.then().assertThat()
                 .statusCode(BAD_REQUEST.getStatusCode())
                 .body("message", equalTo(BundleUtil.getStringFromBundle("files.api.only.tabular.supported")));
 
@@ -1277,9 +1278,109 @@ public void testIngestSizeLimits() throws InterruptedException, IOException {
 
         String fileId2 = JsonPath.from(uploadFile.body().asString()).getString("data.files[0].dataFile.id");
 
-        Response getFileDataTablesForTabularFileResponse = UtilIT.getFileDataTables(fileId2, apiToken);
-        getFileDataTablesForTabularFileResponse.prettyPrint();
-        getFileDataTablesForTabularFileResponse.then().assertThat()
+        Response getTabularWorks = UtilIT.getFileDataTables(fileId2, apiToken);
+        getTabularWorks.prettyPrint();
+        getTabularWorks.then().assertThat()
+                .statusCode(OK.getStatusCode())
+                .body("data[0].varQuantity", equalTo(4));
+
+        String tinyDefaultSize = """
+{
+  "default": "50"
+}
+""";
+
+        setLimit = UtilIT.setSetting(SettingsServiceBean.Key.TabularIngestSizeLimit, tinyDefaultSize);
+        setLimit.then().assertThat().statusCode(OK.getStatusCode());
+
+        uploadFile = UtilIT.uploadFileViaNative(datasetId.toString(), pathToDataFile.toString(), apiToken);
+        uploadFile.prettyPrint();
+        uploadFile.then().assertThat()
+                .statusCode(OK.getStatusCode())
+                .body("data.files[0].label", equalTo("data-2.csv"));
+
+        String fileId3 = JsonPath.from(uploadFile.body().asString()).getString("data.files[0].dataFile.id");
+
+        getTabularFails = UtilIT.getFileDataTables(fileId3, apiToken);
+        getTabularFails.prettyPrint();
+        getTabularFails.then().assertThat()
+                .statusCode(BAD_REQUEST.getStatusCode())
+                .body("message", equalTo(BundleUtil.getStringFromBundle("files.api.only.tabular.supported")));
+
+        // The behavior of `"default": "-2"` is not documented in the guides
+        // but it acts like `"default": "0"` which disables ingest.
+        String unexpectedNegativeDefault = """
+{
+  "default": "-2"
+}
+""";
+
+        setLimit = UtilIT.setSetting(SettingsServiceBean.Key.TabularIngestSizeLimit, unexpectedNegativeDefault);
+        setLimit.then().assertThat().statusCode(OK.getStatusCode());
+
+        uploadFile = UtilIT.uploadFileViaNative(datasetId.toString(), pathToDataFile.toString(), apiToken);
+        uploadFile.prettyPrint();
+        uploadFile.then().assertThat()
+                .statusCode(OK.getStatusCode())
+                .body("data.files[0].label", equalTo("data-3.csv"));
+
+        String fileId4 = JsonPath.from(uploadFile.body().asString()).getString("data.files[0].dataFile.id");
+
+        getTabularFails = UtilIT.getFileDataTables(fileId4, apiToken);
+        getTabularFails.prettyPrint();
+        getTabularFails.then().assertThat()
+                .statusCode(BAD_REQUEST.getStatusCode())
+                .body("message", equalTo(BundleUtil.getStringFromBundle("files.api.only.tabular.supported")));
+
+        // As the guides say, you MUST provide a string, not a JSON number.
+        // That is, `"123"` in quotes rather than `123` with no quotes.
+        // If you provide a number (no quotes) rather than a string,
+        // all ingest will be disabled and you'll see an error in server.log
+        // about how the system is misconfigured.
+        String invalidNonString = """
+{
+  "default": 987654321
+}
+""";
+
+        setLimit = UtilIT.setSetting(SettingsServiceBean.Key.TabularIngestSizeLimit, invalidNonString);
+        setLimit.then().assertThat().statusCode(OK.getStatusCode());
+
+        uploadFile = UtilIT.uploadFileViaNative(datasetId.toString(), pathToDataFile.toString(), apiToken);
+        uploadFile.prettyPrint();
+        uploadFile.then().assertThat()
+                .statusCode(OK.getStatusCode())
+                .body("data.files[0].label", equalTo("data-4.csv"));
+
+        String fileId5 = JsonPath.from(uploadFile.body().asString()).getString("data.files[0].dataFile.id");
+
+        getTabularFails = UtilIT.getFileDataTables(fileId5, apiToken);
+        getTabularFails.prettyPrint();
+        getTabularFails.then().assertThat()
+                .statusCode(BAD_REQUEST.getStatusCode())
+                .body("message", equalTo(BundleUtil.getStringFromBundle("files.api.only.tabular.supported")));
+
+        String defaultDisabledAndLargeCsvLimit = """
+{
+  "default": "0",
+  "csv": "123456"
+}
+""";
+
+        setLimit = UtilIT.setSetting(SettingsServiceBean.Key.TabularIngestSizeLimit, defaultDisabledAndLargeCsvLimit);
+        setLimit.then().assertThat().statusCode(OK.getStatusCode());
+
+        uploadFile = UtilIT.uploadFileViaNative(datasetId.toString(), pathToDataFile.toString(), apiToken);
+        uploadFile.prettyPrint();
+        uploadFile.then().assertThat()
+                .statusCode(OK.getStatusCode())
+                .body("data.files[0].label", equalTo("data-5.csv"));
+
+        String fileId6 = JsonPath.from(uploadFile.body().asString()).getString("data.files[0].dataFile.id");
+
+        getTabularWorks = UtilIT.getFileDataTables(fileId2, apiToken);
+        getTabularWorks.prettyPrint();
+        getTabularWorks.then().assertThat()
                 .statusCode(OK.getStatusCode())
                 .body("data[0].varQuantity", equalTo(4));
 

From 839dd79fa2a4d390c009ac4e02ffbf5f043419e3 Mon Sep 17 00:00:00 2001
From: Philip Durbin <philip_durbin@harvard.edu>
Date: Fri, 8 Aug 2025 12:20:11 -0400
Subject: [PATCH 270/634] improve docs based on ingest size limit testing
 #11639

---
 .../source/installation/config.rst            | 34 +++++++++++--------
 1 file changed, 19 insertions(+), 15 deletions(-)

diff --git a/doc/sphinx-guides/source/installation/config.rst b/doc/sphinx-guides/source/installation/config.rst
index 7e4d85b360f..f33c04eada8 100644
--- a/doc/sphinx-guides/source/installation/config.rst
+++ b/doc/sphinx-guides/source/installation/config.rst
@@ -4380,46 +4380,47 @@ In the UI, users trying to download a zip file larger than the Dataverse install
 +++++++++++++++++++++++
 
 Threshold in bytes for limiting whether or not "ingest" is attempted for an uploaded tabular file (which can be resource intensive).
-For more on the ingest features, see :doc:`/user/tabulardataingest/index` in the User Guide.
+For more on the ingest feature, see :doc:`/user/tabulardataingest/index` in the User Guide.
 
-For example, with the below in place, files greater than 2 GB in size will not go through the ingest process:
+There are two ways to specify ingest size limits. You can set a global limit for all file types or you can use a JSON file for more granularity. We'll cover the global limit first.
+
+With the following value in place (again, expressed in bytes), files greater than 2 GB in size will not go through the ingest process:
 
 ``curl -X PUT -d 2000000000 http://localhost:8080/api/admin/settings/:TabularIngestSizeLimit``
 
 You can set this value to ``0`` to prevent files from being ingested at all.
-The default is ``-1``, meaning no file size limit is applied.
 
-Using a JSON-based setting, you can override this global setting on a per-format basis for the following formats (case-insensitive):
+Out of the box, the ``:TabularIngestSizeLimit`` setting is absent, which results in ingest being attempted no matter how large the file is. You can specify this "no size limit" default explicitly with the value ``-1``.
+
+Using a JSON-based setting, you can set a global default and per-format limits for the following formats:
 
+- CSV
 - DTA
 - POR
-- SAV
 - Rdata
-- CSV
+- SAV
 - XLSX
 
 (In previous releases of Dataverse, a colon-separated form was used to specify per-format limits, such as ``:TabularIngestSizeLimit:Rdata``, but this is no longer supported. Now JSON is used.)
 
-The JSON follows this form, all fields optional:
+The expected JSON is an object with key/value pairs like the following. Format names are case-insensitive, and all fields are optional. The size limits must be strings with double quotes around them (e.g. ``"10"``) rather than numbers (e.g. ``10``).
 
 .. code:: json
 
   {
     "default": "-1",
-    "formatX": "0",
-    "formatY": "10",
-    "formatZ": "100"
+    "csv": "0",
+    "dta": "10",
+    "por": "100"
   }
 
-Whatever JSON you send will overwrite existing values. If you have any current settings, you can use the following command to see them in the proper format (and then add the new settings you want):
+Whatever JSON you send will overwrite existing values. If you have any exiting ``:TabularIngestSizeLimit`` settings, you can use the following command to see them in the expected input format above (and then add the new settings you want):
 
 ``curl http://localhost:8080/api/admin/settings/:TabularIngestSizeLimit | jq -r '.data.message'``
 
-The ``default`` key is optional and can be used to give limits to formats that are not specified in the JSON. If you omit the ``default`` key or set it to ``-1``, no limits are applied to formats not specified in the JSON.
+The ``default`` key is optional and can be used to give limits to formats that are not specified in the JSON. If you omit the ``default`` key or set it to ``"-1"``, no limits are applied to formats not specified in the JSON. If you set it to ``"0"``, ingest will be disabled (but you can override this per-format).
 
-Add a format name (DTA, POR, etc., as listed above) to change the limit for that particular format.
-
-Any size limits must be provided as string literals (in quotes), not number literals!
+Add a format name (``csv``, ``dta``, etc., as listed above) to change the limit for that particular format.
 
 Examples:
 
@@ -4429,6 +4430,9 @@ Examples:
 2. If you want your Dataverse installation to not attempt to ingest XLSX files at all and apply a global limit of 512 MiB, use this setting:
 
    ``curl -X PUT -d '{"default":"536870912", "XSLX":"0"}' http://localhost:8080/api/admin/settings/:TabularIngestSizeLimit``
+3. If you want your Dataverse installation to not attempt to ingest files at all except for CSV files that are 256 MiB or smaller, use this setting:
+
+   ``curl -X PUT -d '{"default":"0", "CSV":"268435456"}' http://localhost:8080/api/admin/settings/:TabularIngestSizeLimit``
 
 :ZipUploadFilesLimit
 ++++++++++++++++++++

From 2450ecd0345377619de25f0990f564b8b52e23b5 Mon Sep 17 00:00:00 2001
From: Philip Durbin <philip_durbin@harvard.edu>
Date: Fri, 8 Aug 2025 16:15:39 -0400
Subject: [PATCH 271/634] add more settings to enum to pass validation #11639

- :BagItHandlerEnabled
- :BagValidatorJobPoolSize
- :BagValidatorJobWaitInterval
- :BagValidatorMaxErrors
- :CreateDataFilesMaxErrorsToDisplay
- :FileCategories
- :LDNAnnounceRequiredFields
- :LDNTarget

These settings were originally added (not to the enum)
in the following PRs:

- https://github.com/IQSS/dataverse/pull/8478
- https://github.com/IQSS/dataverse/pull/8775
- https://github.com/IQSS/dataverse/pull/8677
---
 doc/release-notes/11639-db-opts-idempotency.md        |  8 ++++++++
 .../iq/dataverse/DataFileCategoryServiceBean.java     |  3 ++-
 .../harvard/iq/dataverse/EditDataFilesPageHelper.java |  3 ++-
 .../iq/dataverse/settings/SettingsServiceBean.java    | 11 +++++++++++
 .../harvard/iq/dataverse/util/bagit/BagValidator.java |  9 ++++++---
 .../dataverse/util/file/BagItFileHandlerFactory.java  |  3 ++-
 .../internalspi/LDNAnnounceDatasetVersionStep.java    |  6 ++++--
 7 files changed, 35 insertions(+), 8 deletions(-)

diff --git a/doc/release-notes/11639-db-opts-idempotency.md b/doc/release-notes/11639-db-opts-idempotency.md
index 2a87a81eff8..55ed07c998c 100644
--- a/doc/release-notes/11639-db-opts-idempotency.md
+++ b/doc/release-notes/11639-db-opts-idempotency.md
@@ -25,11 +25,19 @@ Note: Despite the validation of setting names and languages, the content of any
 The following database settings are were added to the official list within the code (to remain valid with the settings cleanup mentioned above):
 
 - :BagGeneratorThreads
+- :BagItHandlerEnabled
 - :BagItLocalPath
+- :BagValidatorJobPoolSize
+- :BagValidatorJobWaitInterval
+- :BagValidatorMaxErrors
 - :BuiltinUsersKey - formerly BuiltinUsers.KEY
+- :CreateDataFilesMaxErrorsToDisplay
 - :DRSArchiverConfig - a Harvard-specific setting
 - :DuraCloudContext
 - :DuraCloudHost
 - :DuraCloudPort
+- :FileCategories
 - :GoogleCloudBucket
 - :GoogleCloudProject
+- :LDNAnnounceRequiredFields
+- :LDNTarget
diff --git a/src/main/java/edu/harvard/iq/dataverse/DataFileCategoryServiceBean.java b/src/main/java/edu/harvard/iq/dataverse/DataFileCategoryServiceBean.java
index 29dcb22c3ec..d29b5670952 100644
--- a/src/main/java/edu/harvard/iq/dataverse/DataFileCategoryServiceBean.java
+++ b/src/main/java/edu/harvard/iq/dataverse/DataFileCategoryServiceBean.java
@@ -1,6 +1,7 @@
 package edu.harvard.iq.dataverse;
 
 import edu.harvard.iq.dataverse.settings.SettingsServiceBean;
+import static edu.harvard.iq.dataverse.settings.SettingsServiceBean.Key.FileCategories;
 import edu.harvard.iq.dataverse.util.BundleUtil;
 
 import jakarta.ejb.EJB;
@@ -21,7 +22,7 @@
 @Stateless
 public class DataFileCategoryServiceBean {
 
-    public static final String FILE_CATEGORIES_KEY = ":FileCategories";
+    public static final String FILE_CATEGORIES_KEY = FileCategories.toString();
 
     @EJB
     private SettingsServiceBean settingsService;
diff --git a/src/main/java/edu/harvard/iq/dataverse/EditDataFilesPageHelper.java b/src/main/java/edu/harvard/iq/dataverse/EditDataFilesPageHelper.java
index 883baeedef4..7b5c3aa0857 100644
--- a/src/main/java/edu/harvard/iq/dataverse/EditDataFilesPageHelper.java
+++ b/src/main/java/edu/harvard/iq/dataverse/EditDataFilesPageHelper.java
@@ -1,5 +1,6 @@
 package edu.harvard.iq.dataverse;
 
+import static edu.harvard.iq.dataverse.settings.SettingsServiceBean.Key.CreateDataFilesMaxErrorsToDisplay;
 import edu.harvard.iq.dataverse.util.BundleUtil;
 import edu.harvard.iq.dataverse.util.file.CreateDataFileResult;
 import org.apache.commons.text.StringEscapeUtils;
@@ -18,7 +19,7 @@
 @Stateless
 public class EditDataFilesPageHelper {
 
-    public static final String MAX_ERRORS_TO_DISPLAY_SETTING = ":CreateDataFilesMaxErrorsToDisplay";
+    public static final String MAX_ERRORS_TO_DISPLAY_SETTING = CreateDataFilesMaxErrorsToDisplay.toString();
     public static final Integer MAX_ERRORS_TO_DISPLAY = 5;
 
     @Inject
diff --git a/src/main/java/edu/harvard/iq/dataverse/settings/SettingsServiceBean.java b/src/main/java/edu/harvard/iq/dataverse/settings/SettingsServiceBean.java
index b97de383391..7b6580068c0 100644
--- a/src/main/java/edu/harvard/iq/dataverse/settings/SettingsServiceBean.java
+++ b/src/main/java/edu/harvard/iq/dataverse/settings/SettingsServiceBean.java
@@ -499,6 +499,13 @@ Whether Harvesting (OAI) service is enabled
          * :ArchiverSettings used by multiple archive commands.
          */
         BagGeneratorThreads,
+        /**
+         * Various BagIt settings.
+         */
+        BagValidatorJobPoolSize,
+        BagValidatorMaxErrors,
+        BagValidatorJobWaitInterval,
+        BagItHandlerEnabled,
         /**
          * A comma-separated list of roles for which new dataverses should inherit the
          * corresponding role assignments from the parent dataverse. Also affects
@@ -675,6 +682,8 @@ Whether Harvesting (OAI) service is enabled
          * LDN Inbox Allowed Hosts - a comma separated list of IP addresses allowed to submit messages to the inbox
          */
         LDNMessageHosts,
+        LDNAnnounceRequiredFields,
+        LDNTarget,
 
         /*
          * Allow a custom JavaScript to control values of specific fields.
@@ -731,6 +740,8 @@ Whether Harvesting (OAI) service is enabled
          * files *with* the variable names line up top. 
          */
         StoreIngestedTabularFilesWithVarHeaders,
+        FileCategories,
+        CreateDataFilesMaxErrorsToDisplay,
 
         ContactFeedbackMessageSizeLimit,
         //Experimental setting to allow connecting to a GET external search service expecting a GET request with query parameter mirroring the search API query parameters (without search_service) 
diff --git a/src/main/java/edu/harvard/iq/dataverse/util/bagit/BagValidator.java b/src/main/java/edu/harvard/iq/dataverse/util/bagit/BagValidator.java
index a9052bf4c80..85a2f3f09ff 100644
--- a/src/main/java/edu/harvard/iq/dataverse/util/bagit/BagValidator.java
+++ b/src/main/java/edu/harvard/iq/dataverse/util/bagit/BagValidator.java
@@ -1,5 +1,8 @@
 package edu.harvard.iq.dataverse.util.bagit;
 
+import static edu.harvard.iq.dataverse.settings.SettingsServiceBean.Key.BagValidatorJobPoolSize;
+import static edu.harvard.iq.dataverse.settings.SettingsServiceBean.Key.BagValidatorJobWaitInterval;
+import static edu.harvard.iq.dataverse.settings.SettingsServiceBean.Key.BagValidatorMaxErrors;
 import edu.harvard.iq.dataverse.util.BundleUtil;
 import edu.harvard.iq.dataverse.util.bagit.BagValidation.FileValidationResult;
 import edu.harvard.iq.dataverse.util.bagit.ManifestReader.ManifestChecksum;
@@ -27,9 +30,9 @@ public class BagValidator {
     private static final Logger logger = Logger.getLogger(BagValidator.class.getCanonicalName());
 
     public static enum BagValidatorSettings {
-        JOB_POOL_SIZE(":BagValidatorJobPoolSize", 4),
-        MAX_ERRORS(":BagValidatorMaxErrors", 5),
-        JOB_WAIT_INTERVAL(":BagValidatorJobWaitInterval", 10);
+        JOB_POOL_SIZE(BagValidatorJobPoolSize.toString(), 4),
+        MAX_ERRORS(BagValidatorMaxErrors.toString(), 5),
+        JOB_WAIT_INTERVAL(BagValidatorJobWaitInterval.toString(), 10);
 
         private String settingsKey;
         private Integer defaultValue;
diff --git a/src/main/java/edu/harvard/iq/dataverse/util/file/BagItFileHandlerFactory.java b/src/main/java/edu/harvard/iq/dataverse/util/file/BagItFileHandlerFactory.java
index 4b0263030dc..1d1b6b5b7aa 100644
--- a/src/main/java/edu/harvard/iq/dataverse/util/file/BagItFileHandlerFactory.java
+++ b/src/main/java/edu/harvard/iq/dataverse/util/file/BagItFileHandlerFactory.java
@@ -1,6 +1,7 @@
 package edu.harvard.iq.dataverse.util.file;
 
 import edu.harvard.iq.dataverse.settings.SettingsServiceBean;
+import static edu.harvard.iq.dataverse.settings.SettingsServiceBean.Key.BagItHandlerEnabled;
 import edu.harvard.iq.dataverse.util.bagit.BagValidator;
 import edu.harvard.iq.dataverse.util.bagit.BagValidator.BagValidatorSettings;
 import edu.harvard.iq.dataverse.util.bagit.ManifestReader;
@@ -25,7 +26,7 @@ public class BagItFileHandlerFactory implements Serializable {
 
     private static final Logger logger = Logger.getLogger(BagItFileHandlerFactory.class.getCanonicalName());
 
-    public static final String BAGIT_HANDLER_ENABLED_SETTING = ":BagItHandlerEnabled";
+    public static final String BAGIT_HANDLER_ENABLED_SETTING = BagItHandlerEnabled.toString();
 
     @EJB
     private SettingsServiceBean settingsService;
diff --git a/src/main/java/edu/harvard/iq/dataverse/workflow/internalspi/LDNAnnounceDatasetVersionStep.java b/src/main/java/edu/harvard/iq/dataverse/workflow/internalspi/LDNAnnounceDatasetVersionStep.java
index 124eea801d9..d96c4db1305 100644
--- a/src/main/java/edu/harvard/iq/dataverse/workflow/internalspi/LDNAnnounceDatasetVersionStep.java
+++ b/src/main/java/edu/harvard/iq/dataverse/workflow/internalspi/LDNAnnounceDatasetVersionStep.java
@@ -5,6 +5,8 @@
 import edu.harvard.iq.dataverse.DatasetFieldType;
 import edu.harvard.iq.dataverse.DatasetVersion;
 import edu.harvard.iq.dataverse.branding.BrandingUtil;
+import static edu.harvard.iq.dataverse.settings.SettingsServiceBean.Key.LDNAnnounceRequiredFields;
+import static edu.harvard.iq.dataverse.settings.SettingsServiceBean.Key.LDNTarget;
 import edu.harvard.iq.dataverse.util.SystemConfig;
 import edu.harvard.iq.dataverse.util.bagit.OREMap;
 import edu.harvard.iq.dataverse.util.json.JsonLDTerm;
@@ -52,8 +54,8 @@
 
 public class LDNAnnounceDatasetVersionStep implements WorkflowStep {
     private static final Logger logger = Logger.getLogger(LDNAnnounceDatasetVersionStep.class.getName());
-    private static final String REQUIRED_FIELDS = ":LDNAnnounceRequiredFields";
-    private static final String LDN_TARGET = ":LDNTarget";
+    private static final String REQUIRED_FIELDS = LDNAnnounceRequiredFields.toString();
+    private static final String LDN_TARGET = LDNTarget.toString();
     private static final String RELATED_PUBLICATION = "publication";
 
     JsonLDTerm publicationIDType = null;

From 692be46ed6f68d9e8a00e8af7028324bda4b3fec Mon Sep 17 00:00:00 2001
From: Philip Durbin <philip_durbin@harvard.edu>
Date: Fri, 8 Aug 2025 16:58:51 -0400
Subject: [PATCH 272/634] add TODOs for WorkflowsAdmin#IP_WHITELIST_KEY db
 setting #11639

---
 .../harvard/iq/dataverse/api/Workflows.java   |  1 +
 .../iq/dataverse/api/WorkflowsAdmin.java      |  1 +
 .../edu/harvard/iq/dataverse/api/UtilIT.java  | 19 ++++++
 .../harvard/iq/dataverse/api/WorkflowsIT.java | 62 +++++++++++++++++++
 tests/integration-tests.txt                   |  2 +-
 5 files changed, 84 insertions(+), 1 deletion(-)
 create mode 100644 src/test/java/edu/harvard/iq/dataverse/api/WorkflowsIT.java

diff --git a/src/main/java/edu/harvard/iq/dataverse/api/Workflows.java b/src/main/java/edu/harvard/iq/dataverse/api/Workflows.java
index 4eadcedf71a..f4bac8e58cd 100644
--- a/src/main/java/edu/harvard/iq/dataverse/api/Workflows.java
+++ b/src/main/java/edu/harvard/iq/dataverse/api/Workflows.java
@@ -60,6 +60,7 @@ private boolean isAllowed(IpAddress addr) {
     
     private void updateWhitelist() { 
         IpGroup updatedList = new IpGroup();
+        // TODO: Investigate if this still works now that validateSettingName is in place.
         String[] ips = settingsSvc.get(WorkflowsAdmin.IP_WHITELIST_KEY, "127.0.0.1;::1").split(";");
         Arrays.stream(ips)
                 .forEach( str -> updatedList.add(
diff --git a/src/main/java/edu/harvard/iq/dataverse/api/WorkflowsAdmin.java b/src/main/java/edu/harvard/iq/dataverse/api/WorkflowsAdmin.java
index 15478aacff7..bf48ee660ad 100644
--- a/src/main/java/edu/harvard/iq/dataverse/api/WorkflowsAdmin.java
+++ b/src/main/java/edu/harvard/iq/dataverse/api/WorkflowsAdmin.java
@@ -31,6 +31,7 @@
 @Path("admin/workflows")
 public class WorkflowsAdmin extends AbstractApiBean {
       
+    // TODO: To comply with validateSettingName, prepend with a colon?
     public static final String IP_WHITELIST_KEY="WorkflowsAdmin#IP_WHITELIST_KEY";
     
     @EJB
diff --git a/src/test/java/edu/harvard/iq/dataverse/api/UtilIT.java b/src/test/java/edu/harvard/iq/dataverse/api/UtilIT.java
index 548627554d2..b836d62492c 100644
--- a/src/test/java/edu/harvard/iq/dataverse/api/UtilIT.java
+++ b/src/test/java/edu/harvard/iq/dataverse/api/UtilIT.java
@@ -4641,6 +4641,25 @@ static Response updateDatasetTypeAvailableLicense(String idOrName, String jsonAr
                 .put("/api/datasets/datasetTypes/" + idOrName + "/licenses");
     }
 
+    public static Response getWorkflowIpWhitelist() {
+        Response response = given()
+                .get("/api/admin/workflows/ip-whitelist");
+        return response;
+    }
+
+    public static Response setWorkflowIpWhitelist(String iPWhitelist) {
+        Response response = given()
+                .body(iPWhitelist)
+                .put("/api/admin/workflows/ip-whitelist");
+        return response;
+    }
+
+    public static Response deleteWorkflowIpWhitelist() {
+        Response response = given()
+                .delete("/api/admin/workflows/ip-whitelist");
+        return response;
+    }
+
     static Response registerOidcUser(String jsonIn, String bearerToken) {
         return given()
                 .header(HttpHeaders.AUTHORIZATION, bearerToken)
diff --git a/src/test/java/edu/harvard/iq/dataverse/api/WorkflowsIT.java b/src/test/java/edu/harvard/iq/dataverse/api/WorkflowsIT.java
new file mode 100644
index 00000000000..9e8c36b9e18
--- /dev/null
+++ b/src/test/java/edu/harvard/iq/dataverse/api/WorkflowsIT.java
@@ -0,0 +1,62 @@
+package edu.harvard.iq.dataverse.api;
+
+import static edu.harvard.iq.dataverse.api.WorkflowsAdmin.IP_WHITELIST_KEY;
+import io.restassured.RestAssured;
+import static io.restassured.RestAssured.given;
+import io.restassured.response.Response;
+import static jakarta.ws.rs.core.Response.Status.BAD_REQUEST;
+import static jakarta.ws.rs.core.Response.Status.INTERNAL_SERVER_ERROR;
+import static jakarta.ws.rs.core.Response.Status.OK;
+import static org.hamcrest.CoreMatchers.equalTo;
+import org.junit.jupiter.api.AfterAll;
+import org.junit.jupiter.api.BeforeAll;
+import org.junit.jupiter.api.Test;
+
+public class WorkflowsIT {
+
+    @BeforeAll
+    public static void setUpClass() {
+        RestAssured.baseURI = UtilIT.getRestAssuredBaseUri();
+
+        UtilIT.deleteWorkflowIpWhitelist();
+    }
+
+    @AfterAll
+    public static void afterClass() {
+    }
+
+    @Test
+    public void testIpWhitelist() {
+        Response response = null;
+
+        response = UtilIT.getWorkflowIpWhitelist();
+        response.prettyPrint();
+        response.then().assertThat()
+                .statusCode(OK.getStatusCode())
+                .body("data.message", equalTo("127.0.0.1;::1"));
+
+        response = UtilIT.setWorkflowIpWhitelist("junk");
+        response.prettyPrint();
+        response.then().assertThat()
+                .statusCode(BAD_REQUEST.getStatusCode())
+                .body("message", equalTo("Request contains illegal IP addresses."));
+
+        response = UtilIT.setWorkflowIpWhitelist("192.168.0.1;192.168.0.2");
+        response.prettyPrint();
+        response.then().assertThat()
+                .statusCode(OK.getStatusCode());
+
+        response = UtilIT.getWorkflowIpWhitelist();
+        response.prettyPrint();
+        response.then().assertThat()
+                .statusCode(OK.getStatusCode())
+                .body("data.message", equalTo("192.168.0.1;192.168.0.2"));
+
+        // FIXME fix 500 error
+        response = given().when().get("/api/admin/settings/" + IP_WHITELIST_KEY);
+        response.prettyPrint();
+        response.then().assertThat()
+                .statusCode(INTERNAL_SERVER_ERROR.getStatusCode());
+    }
+
+}
diff --git a/tests/integration-tests.txt b/tests/integration-tests.txt
index 2a15ac3ce74..33d137c893a 100644
--- a/tests/integration-tests.txt
+++ b/tests/integration-tests.txt
@@ -1 +1 @@
-DataversesIT,DatasetsIT,SwordIT,AdminIT,BuiltinUsersIT,UsersIT,UtilIT,ConfirmEmailIT,FileMetadataIT,FilesIT,SearchIT,InReviewWorkflowIT,HarvestingServerIT,HarvestingClientsIT,MoveIT,MakeDataCountApiIT,FileTypeDetectionIT,EditDDIIT,ExternalToolsIT,AccessIT,DuplicateFilesIT,DownloadFilesIT,LinkIT,DeleteUsersIT,DeactivateUsersIT,AuxiliaryFilesIT,InvalidCharactersIT,LicensesIT,NotificationsIT,BagIT,MetadataBlocksIT,NetcdfIT,SignpostingIT,FitsIT,LogoutIT,DataRetrieverApiIT,ProvIT,S3AccessIT,OpenApiIT,InfoIT,DatasetFieldsIT,SavedSearchIT,DatasetTypesIT,DataverseFeaturedItemsIT,SendFeedbackApiIT,CustomizationIT,JsonLDExportIT
+DataversesIT,DatasetsIT,SwordIT,AdminIT,BuiltinUsersIT,UsersIT,UtilIT,ConfirmEmailIT,FileMetadataIT,FilesIT,SearchIT,InReviewWorkflowIT,HarvestingServerIT,HarvestingClientsIT,MoveIT,MakeDataCountApiIT,FileTypeDetectionIT,EditDDIIT,ExternalToolsIT,AccessIT,DuplicateFilesIT,DownloadFilesIT,LinkIT,DeleteUsersIT,DeactivateUsersIT,AuxiliaryFilesIT,InvalidCharactersIT,LicensesIT,NotificationsIT,BagIT,MetadataBlocksIT,NetcdfIT,SignpostingIT,FitsIT,LogoutIT,DataRetrieverApiIT,ProvIT,S3AccessIT,OpenApiIT,InfoIT,DatasetFieldsIT,SavedSearchIT,DatasetTypesIT,DataverseFeaturedItemsIT,SendFeedbackApiIT,CustomizationIT,JsonLDExportIT,WorkflowsIT

From a43da296892718fd38ded56ff6f4cfd976a0757b Mon Sep 17 00:00:00 2001
From: Oliver Bertuch <o.bertuch@fz-juelich.de>
Date: Mon, 15 Sep 2025 14:15:56 +0200
Subject: [PATCH 273/634] style(settings): rename
 `WorkflowsAdmin#IP_WHITELIST_KEY` to `:WorkflowsAdminIpWhitelist` #11639

Updated `SettingsServiceBean`, `WorkflowsAdmin API`, and Flyway migration script to reflect the new name, enforcing alignment with the standardized naming pattern. Adjusted default value logic and separator constants.
---
 .../11639-db-opts-idempotency.md              | 42 ++++++++++---------
 .../harvard/iq/dataverse/api/Workflows.java   |  5 ++-
 .../iq/dataverse/api/WorkflowsAdmin.java      | 19 +++++----
 .../settings/SettingsServiceBean.java         |  5 +++
 src/main/resources/db/migration/V6.8.0.1.sql  | 11 ++++-
 .../harvard/iq/dataverse/api/WorkflowsIT.java | 16 +++----
 6 files changed, 59 insertions(+), 39 deletions(-)

diff --git a/doc/release-notes/11639-db-opts-idempotency.md b/doc/release-notes/11639-db-opts-idempotency.md
index 55ed07c998c..f73cbdebf83 100644
--- a/doc/release-notes/11639-db-opts-idempotency.md
+++ b/doc/release-notes/11639-db-opts-idempotency.md
@@ -5,9 +5,10 @@ With this release, we remove some legacy specialties around Database Settings an
 Most important changes:
 
 1. Setting `BuiltinUsers.KEY` was renamed to `:BuiltinUsersKey`, aligned with our general naming pattern for options.
-2. Setting `:TabularIngestSizeLimit` no longer uses suffixes for formats and becomes a JSON-based setting instead.
-3. If set, both settings will be migrated to their new form automatically for you (Flyway migration).
-4. You can no longer (accidentally) create or use arbitrary setting names or languages.
+2. Setting `WorkflowsAdmin#IP_WHITELIST_KEY` was renamed to `:WorkflowsAdminIpWhitelist`, aligned with our general naming pattern for options.
+3. Setting `:TabularIngestSizeLimit` no longer uses suffixes for formats and becomes a JSON-based setting instead.
+4. If set, all three settings will be migrated to their new form automatically for you (Flyway migration).
+5. You can no longer (accidentally) create or use arbitrary setting names or languages.
    All Admin API endpoints for settings now validate setting names and languages for existence and compliance.
 
 As an administrator of a Dataverse instance, you can now make use of enhanced Bulk Operations on the Settings Admin API:
@@ -24,20 +25,21 @@ Note: Despite the validation of setting names and languages, the content of any
 
 The following database settings are were added to the official list within the code (to remain valid with the settings cleanup mentioned above):
 
-- :BagGeneratorThreads
-- :BagItHandlerEnabled
-- :BagItLocalPath
-- :BagValidatorJobPoolSize
-- :BagValidatorJobWaitInterval
-- :BagValidatorMaxErrors
-- :BuiltinUsersKey - formerly BuiltinUsers.KEY
-- :CreateDataFilesMaxErrorsToDisplay
-- :DRSArchiverConfig - a Harvard-specific setting
-- :DuraCloudContext
-- :DuraCloudHost
-- :DuraCloudPort
-- :FileCategories
-- :GoogleCloudBucket
-- :GoogleCloudProject
-- :LDNAnnounceRequiredFields
-- :LDNTarget
+- `:BagGeneratorThreads`
+- `:BagItHandlerEnabled`
+- `:BagItLocalPath`
+- `:BagValidatorJobPoolSize`
+- `:BagValidatorJobWaitInterval`
+- `:BagValidatorMaxErrors`
+- `:BuiltinUsersKey` - formerly `BuiltinUsers.KEY`
+- `:CreateDataFilesMaxErrorsToDisplay`
+- `:DRSArchiverConfig` - a Harvard-specific setting
+- `:DuraCloudContext`
+- `:DuraCloudHost`
+- `:DuraCloudPort`
+- `:FileCategories`
+- `:GoogleCloudBucket`
+- `:GoogleCloudProject`
+- `:LDNAnnounceRequiredFields`
+- `:LDNTarget`
+- `:WorkflowsAdminIpWhitelist` - formerly `WorkflowsAdmin#IP_WHITELIST_KEY`
diff --git a/src/main/java/edu/harvard/iq/dataverse/api/Workflows.java b/src/main/java/edu/harvard/iq/dataverse/api/Workflows.java
index f4bac8e58cd..7bd19b3a403 100644
--- a/src/main/java/edu/harvard/iq/dataverse/api/Workflows.java
+++ b/src/main/java/edu/harvard/iq/dataverse/api/Workflows.java
@@ -3,6 +3,8 @@
 import edu.harvard.iq.dataverse.authorization.groups.impl.ipaddress.IpGroup;
 import edu.harvard.iq.dataverse.authorization.groups.impl.ipaddress.ip.IpAddress;
 import edu.harvard.iq.dataverse.authorization.groups.impl.ipaddress.ip.IpAddressRange;
+import edu.harvard.iq.dataverse.settings.SettingsServiceBean;
+import edu.harvard.iq.dataverse.settings.SettingsServiceBean.Key;
 import edu.harvard.iq.dataverse.workflow.PendingWorkflowInvocation;
 import edu.harvard.iq.dataverse.workflow.WorkflowServiceBean;
 import java.util.Arrays;
@@ -60,8 +62,7 @@ private boolean isAllowed(IpAddress addr) {
     
     private void updateWhitelist() { 
         IpGroup updatedList = new IpGroup();
-        // TODO: Investigate if this still works now that validateSettingName is in place.
-        String[] ips = settingsSvc.get(WorkflowsAdmin.IP_WHITELIST_KEY, "127.0.0.1;::1").split(";");
+        String[] ips = settingsSvc.getValueForKey(Key.WorkflowsAdminIpWhitelist, WorkflowsAdmin.DEFAULT_IP_ALLOWLIST).split(WorkflowsAdmin.IP_SEPARATOR);
         Arrays.stream(ips)
                 .forEach( str -> updatedList.add(
                                       IpAddressRange.makeSingle(
diff --git a/src/main/java/edu/harvard/iq/dataverse/api/WorkflowsAdmin.java b/src/main/java/edu/harvard/iq/dataverse/api/WorkflowsAdmin.java
index bf48ee660ad..ecb7248cae9 100644
--- a/src/main/java/edu/harvard/iq/dataverse/api/WorkflowsAdmin.java
+++ b/src/main/java/edu/harvard/iq/dataverse/api/WorkflowsAdmin.java
@@ -3,6 +3,8 @@
 import edu.harvard.iq.dataverse.authorization.groups.impl.ipaddress.ip.IpAddress;
 import edu.harvard.iq.dataverse.util.json.JsonParseException;
 import edu.harvard.iq.dataverse.util.json.JsonParser;
+
+import static edu.harvard.iq.dataverse.settings.SettingsServiceBean.Key.WorkflowsAdminIpWhitelist;
 import static edu.harvard.iq.dataverse.util.json.JsonPrinter.brief;
 import static edu.harvard.iq.dataverse.util.json.JsonPrinter.json;
 import static edu.harvard.iq.dataverse.util.json.JsonPrinter.toJsonArray;
@@ -30,9 +32,9 @@
  */
 @Path("admin/workflows")
 public class WorkflowsAdmin extends AbstractApiBean {
-      
-    // TODO: To comply with validateSettingName, prepend with a colon?
-    public static final String IP_WHITELIST_KEY="WorkflowsAdmin#IP_WHITELIST_KEY";
+    
+    public static final String IP_SEPARATOR = ";";
+    public static final String DEFAULT_IP_ALLOWLIST = "127.0.0.1" + IP_SEPARATOR + "::1";
     
     @EJB
     WorkflowServiceBean workflows;
@@ -154,14 +156,14 @@ public Response deleteWorkflow(@PathParam("id") String id ) {
     @Path("/ip-whitelist")
     @GET
     public Response getIpWhitelist() {
-        return ok( settingsSvc.get(IP_WHITELIST_KEY, "127.0.0.1;::1") );
+        return ok( settingsSvc.getValueForKey(WorkflowsAdminIpWhitelist, DEFAULT_IP_ALLOWLIST) );
     }
     
     @Path("/ip-whitelist")
     @PUT
     public Response setIpWhitelist(String body) {
         String ipList = body.trim();
-        String[] ips = ipList.split(";");
+        String[] ips = ipList.split(IP_SEPARATOR);
         boolean allIpsOk = Arrays.stream(ips).allMatch(ip->{
             try {
                 IpAddress.valueOf(ip);
@@ -171,18 +173,17 @@ public Response setIpWhitelist(String body) {
             }
         } );
         if (allIpsOk) {
-            settingsSvc.set(IP_WHITELIST_KEY, ipList);
-            return ok( settingsSvc.get(IP_WHITELIST_KEY, "127.0.0.1;::1") );
+            settingsSvc.setValueForKey(WorkflowsAdminIpWhitelist, ipList);
+            return ok( settingsSvc.getValueForKey(WorkflowsAdminIpWhitelist, DEFAULT_IP_ALLOWLIST) );
         } else {
             return badRequest("Request contains illegal IP addresses.");
         }
-                
     }
     
     @Path("/ip-whitelist")
     @DELETE
     public Response deleteIpWhitelist() {
-        settingsSvc.delete(IP_WHITELIST_KEY);
+        settingsSvc.deleteValueForKey(WorkflowsAdminIpWhitelist);
         return ok( "Restored whitelist to default (127.0.0.1;::1)" );
     }
     
diff --git a/src/main/java/edu/harvard/iq/dataverse/settings/SettingsServiceBean.java b/src/main/java/edu/harvard/iq/dataverse/settings/SettingsServiceBean.java
index 7b6580068c0..e23727ed7eb 100644
--- a/src/main/java/edu/harvard/iq/dataverse/settings/SettingsServiceBean.java
+++ b/src/main/java/edu/harvard/iq/dataverse/settings/SettingsServiceBean.java
@@ -171,6 +171,11 @@ public enum Key {
         @Deprecated(forRemoval = true, since = "2025-04-29")
         BlockedApiPolicy,
         
+        /**
+         * Semicolon separated allowlist of IP addresses allowed administrative access to workflows.
+         */
+        WorkflowsAdminIpWhitelist,
+        
         /**
          * A special secret that, if set, needs to be given when trying to manage internal users.
          * This key was formerly known as "BuiltinUsers.KEY", which never was a setting name aligning with the others.
diff --git a/src/main/resources/db/migration/V6.8.0.1.sql b/src/main/resources/db/migration/V6.8.0.1.sql
index 656ef04d572..8e810270b06 100644
--- a/src/main/resources/db/migration/V6.8.0.1.sql
+++ b/src/main/resources/db/migration/V6.8.0.1.sql
@@ -85,4 +85,13 @@ DO $$
             INSERT INTO setting (name, lang, content) VALUES (':BuiltinUsersKey', NULL, (SELECT content FROM setting WHERE name = 'BuiltinUsers.KEY'));
             DELETE FROM setting WHERE name = 'BuiltinUsers.KEY';
         END IF;
-    END $$;
\ No newline at end of file
+    END $$;
+
+-- 3. Migrate WorkflowsAdmin#IP_WHITELIST_KEY to the new setting name
+DO $$
+    BEGIN
+        IF EXISTS (SELECT 1 FROM setting WHERE name = 'WorkflowsAdmin#IP_WHITELIST_KEY') THEN
+            INSERT INTO setting (name, lang, content) VALUES (':WorkflowsAdminIpWhitelist', NULL, (SELECT content FROM setting WHERE name = 'WorkflowsAdmin#IP_WHITELIST_KEY'));
+            DELETE FROM setting WHERE name = 'WorkflowsAdmin#IP_WHITELIST_KEY';
+        END IF;
+    END $$;
diff --git a/src/test/java/edu/harvard/iq/dataverse/api/WorkflowsIT.java b/src/test/java/edu/harvard/iq/dataverse/api/WorkflowsIT.java
index 9e8c36b9e18..4b94fe6ee68 100644
--- a/src/test/java/edu/harvard/iq/dataverse/api/WorkflowsIT.java
+++ b/src/test/java/edu/harvard/iq/dataverse/api/WorkflowsIT.java
@@ -1,6 +1,6 @@
 package edu.harvard.iq.dataverse.api;
 
-import static edu.harvard.iq.dataverse.api.WorkflowsAdmin.IP_WHITELIST_KEY;
+import edu.harvard.iq.dataverse.settings.SettingsServiceBean;
 import io.restassured.RestAssured;
 import static io.restassured.RestAssured.given;
 import io.restassured.response.Response;
@@ -35,13 +35,15 @@ public void testIpWhitelist() {
                 .statusCode(OK.getStatusCode())
                 .body("data.message", equalTo("127.0.0.1;::1"));
 
+        String testIp = "192.168.0.1;192.168.0.2";
+        
         response = UtilIT.setWorkflowIpWhitelist("junk");
         response.prettyPrint();
         response.then().assertThat()
                 .statusCode(BAD_REQUEST.getStatusCode())
                 .body("message", equalTo("Request contains illegal IP addresses."));
 
-        response = UtilIT.setWorkflowIpWhitelist("192.168.0.1;192.168.0.2");
+        response = UtilIT.setWorkflowIpWhitelist(testIp);
         response.prettyPrint();
         response.then().assertThat()
                 .statusCode(OK.getStatusCode());
@@ -50,13 +52,13 @@ public void testIpWhitelist() {
         response.prettyPrint();
         response.then().assertThat()
                 .statusCode(OK.getStatusCode())
-                .body("data.message", equalTo("192.168.0.1;192.168.0.2"));
-
-        // FIXME fix 500 error
-        response = given().when().get("/api/admin/settings/" + IP_WHITELIST_KEY);
+                .body("data.message", equalTo(testIp));
+        
+        response = given().when().get("/api/admin/settings/" + SettingsServiceBean.Key.WorkflowsAdminIpWhitelist);
         response.prettyPrint();
         response.then().assertThat()
-                .statusCode(INTERNAL_SERVER_ERROR.getStatusCode());
+                .statusCode(OK.getStatusCode())
+                .body("data.message", equalTo(testIp));
     }
 
 }

From 2a97dd74e043dce8fc89544aabddecc64a03e5ad Mon Sep 17 00:00:00 2001
From: Oliver Bertuch <o.bertuch@fz-juelich.de>
Date: Mon, 15 Sep 2025 14:22:46 +0200
Subject: [PATCH 274/634] chore(settings): mark `SettingsServiceBean` methods
 using String for lookup as deprecated for removal

In the future, we should entirely remove lookup of arbitrary strings in the database for settings. Instead, we need a discovery mechanism for keys that allow plugins to register and lookup their own database settings.
---
 .../iq/dataverse/settings/SettingsServiceBean.java     | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/src/main/java/edu/harvard/iq/dataverse/settings/SettingsServiceBean.java b/src/main/java/edu/harvard/iq/dataverse/settings/SettingsServiceBean.java
index e23727ed7eb..e5fce1a2349 100644
--- a/src/main/java/edu/harvard/iq/dataverse/settings/SettingsServiceBean.java
+++ b/src/main/java/edu/harvard/iq/dataverse/settings/SettingsServiceBean.java
@@ -817,6 +817,7 @@ public static SettingsServiceBean.Key parse(String key) {
      * @param name of the setting
      * @return the actual setting, or {@code null}.
      */
+    @Deprecated(since = "6.9", forRemoval = true)
     public String get( String name ) {
         List<Setting> tokens = em.createNamedQuery("Setting.findByName", Setting.class)
                 .setParameter("name", name )
@@ -961,11 +962,13 @@ public Boolean getValueForCompoundKeyAsBoolean(Key key, String param) {
      * @param defaultValue The value to return if no setting is found in the DB.
      * @return Either the stored value, or the default value.
      */
+    @Deprecated(since = "6.9", forRemoval = true)
     public String get( String name, String defaultValue ) {
         String val = get(name);
         return (val!=null) ? val : defaultValue;
     }
 
+    @Deprecated(since = "6.9", forRemoval = true)
     public String get(String name, String lang, String defaultValue ) {
         // Database safeguard, as the default is an empty string
         if (lang == null) lang = "";
@@ -991,7 +994,8 @@ public String getValueForKey( Key key, String lang, String defaultValue ) {
         
         return get( key.toString(), lang, defaultValue );
     }
-     
+    
+    @Deprecated(since = "6.9", forRemoval = true)
     public Setting set( String name, String content ) {
         Setting s = null; 
         
@@ -1015,6 +1019,7 @@ public Setting set( String name, String content ) {
         return s;
     }
 
+    @Deprecated(since = "6.9", forRemoval = true)
     public Setting set( String name, String lang, String content ) {
         // Database safeguard, as the default is an empty string
         if (lang == null) lang = "";
@@ -1053,6 +1058,7 @@ public Setting setValueForKey( Key key, String content ) {
      * @param defaultValue logical value of {@code null}.
      * @return boolean value of the setting.
      */
+    @Deprecated(since = "6.9", forRemoval = true)
     public boolean isTrue( String name, boolean defaultValue ) {
         String val = get(name);
         return ( val==null ) ? defaultValue : StringUtil.isTrue(val);
@@ -1079,6 +1085,7 @@ public void deleteValueForKey( Key name ) {
         delete( name.toString() );
     }
     
+    @Deprecated(since = "6.9", forRemoval = true)
     public void delete( String name ) {
         actionLogSvc.log( new ActionLogRecord(ActionLogRecord.ActionType.Setting, "delete")
                             .setInfo(name));
@@ -1087,6 +1094,7 @@ public void delete( String name ) {
                 .executeUpdate();
     }
 
+    @Deprecated(since = "6.9", forRemoval = true)
     public void delete( String name, String lang ) {
         // Database safeguard, as the default is an empty string
         if (lang == null) lang = "";

From c667b18efa01e44b11abb406b108805d859a547f Mon Sep 17 00:00:00 2001
From: Oliver Bertuch <o.bertuch@fz-juelich.de>
Date: Mon, 15 Sep 2025 14:22:58 +0200
Subject: [PATCH 275/634] doc(settings): clarify database changes require app
 reload for ORM

---
 doc/sphinx-guides/source/installation/config.rst | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/doc/sphinx-guides/source/installation/config.rst b/doc/sphinx-guides/source/installation/config.rst
index f33c04eada8..c3f97904ead 100644
--- a/doc/sphinx-guides/source/installation/config.rst
+++ b/doc/sphinx-guides/source/installation/config.rst
@@ -3873,7 +3873,8 @@ You might also create your own profiles and use these, please refer to the upstr
 Database Settings
 -----------------
 
-These settings are stored in the ``setting`` database table but we recommend using the Admin API (:ref:`admin-api-db-settings`) to view and modify them, as shown below.
+These settings are stored in the ``setting`` database table but we recommend using the Settings Admin API (:ref:`admin-api-db-settings`) to view and modify them, as shown below.
+If changed in the database directly, you need to reload the application to make the ORM pickup the changes.
 
 In short:
 

From b3a4c4f76aff872737dcfada9e6cbd31153b294b Mon Sep 17 00:00:00 2001
From: Steven Ferey <steven.ferey@gmail.com>
Date: Wed, 17 Sep 2025 15:59:03 +0200
Subject: [PATCH 276/634] allows carriage return of long strings in dataset
 metadata

---
 src/main/webapp/resources/css/structure.css | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/src/main/webapp/resources/css/structure.css b/src/main/webapp/resources/css/structure.css
index 4d83ddd489d..8d856f74f71 100644
--- a/src/main/webapp/resources/css/structure.css
+++ b/src/main/webapp/resources/css/structure.css
@@ -600,6 +600,11 @@ div[id$='roleDisplay'] span.label, div[id$='roleDetails'] span.label {display:in
 #title {font-size:36px !important;line-height:1.1;font-weight:bold;margin-top:0px;margin-bottom:0px;}
 #author, #contact {display:block; margin-bottom:.5em;}
 
+table.metadata {
+  word-break: normal;
+  overflow-wrap: anywhere;
+}
+
 /* #11053 */
 #publication span {
     margin: 0px 5px 0px 5px;

From 991ed05d4fa35ebcec1f5ff69f91d3081ccbde7f Mon Sep 17 00:00:00 2001
From: Steven Ferey <steven.ferey@gmail.com>
Date: Wed, 17 Sep 2025 16:01:34 +0200
Subject: [PATCH 277/634] add doc

---
 src/main/webapp/resources/css/structure.css | 1 +
 1 file changed, 1 insertion(+)

diff --git a/src/main/webapp/resources/css/structure.css b/src/main/webapp/resources/css/structure.css
index 8d856f74f71..ac42ff44f6b 100644
--- a/src/main/webapp/resources/css/structure.css
+++ b/src/main/webapp/resources/css/structure.css
@@ -600,6 +600,7 @@ div[id$='roleDisplay'] span.label, div[id$='roleDetails'] span.label {display:in
 #title {font-size:36px !important;line-height:1.1;font-weight:bold;margin-top:0px;margin-bottom:0px;}
 #author, #contact {display:block; margin-bottom:.5em;}
 
+/* #11824 */
 table.metadata {
   word-break: normal;
   overflow-wrap: anywhere;

From 2aaf139bcfb4f87fe4f4b1ff4d5b7bfedff15bbd Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 17 Sep 2025 20:25:10 +0000
Subject: [PATCH 278/634] Bump org.keycloak:keycloak-services in
 /conf/keycloak/builtin-users-spi

Bumps [org.keycloak:keycloak-services](https://github.com/keycloak/keycloak) from 26.3.2 to 26.3.3.
- [Release notes](https://github.com/keycloak/keycloak/releases)
- [Commits](https://github.com/keycloak/keycloak/compare/26.3.2...26.3.3)

---
updated-dependencies:
- dependency-name: org.keycloak:keycloak-services
  dependency-version: 26.3.3
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 conf/keycloak/builtin-users-spi/pom.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/conf/keycloak/builtin-users-spi/pom.xml b/conf/keycloak/builtin-users-spi/pom.xml
index 36cf6548d01..8a4c6c5a5ad 100644
--- a/conf/keycloak/builtin-users-spi/pom.xml
+++ b/conf/keycloak/builtin-users-spi/pom.xml
@@ -100,7 +100,7 @@
     </build>
 
     <properties>
-        <keycloak.version>26.3.2</keycloak.version>
+        <keycloak.version>26.3.3</keycloak.version>
         <java.version>17</java.version>
         <jakarta.persistence.version>3.2.0</jakarta.persistence.version>
         <mindrot.jbcrypt.version>0.4</mindrot.jbcrypt.version>

From ff2e890736ff6735e50912b2c539c23bca110bed Mon Sep 17 00:00:00 2001
From: Jim Myers <qqmyers@hotmail.com>
Date: Wed, 17 Sep 2025 17:00:20 -0400
Subject: [PATCH 279/634] Payara 6.2025.9 update

---
 .github/workflows/container_maintenance.yml             | 4 ++--
 doc/sphinx-guides/source/container/base-image.rst       | 2 +-
 doc/sphinx-guides/source/developers/classic-dev-env.rst | 6 +++---
 doc/sphinx-guides/source/installation/prerequisites.rst | 6 +++---
 doc/sphinx-guides/source/qa/test-automation.md          | 2 +-
 modules/dataverse-parent/pom.xml                        | 2 +-
 6 files changed, 11 insertions(+), 11 deletions(-)

diff --git a/.github/workflows/container_maintenance.yml b/.github/workflows/container_maintenance.yml
index 142363cbe1a..744de1c5165 100644
--- a/.github/workflows/container_maintenance.yml
+++ b/.github/workflows/container_maintenance.yml
@@ -63,11 +63,11 @@ jobs:
       - discover
     outputs:
       # This is a JSON map with keys of branch names (supported releases & develop) and values containing an array of known image tags for the branch
-      # Example: {"v6.6": ["latest", "6.6-noble", "6.6-noble-r1"], "v6.5": ["6.5-noble", "6.5-noble-r5"], "v6.4": ["6.4-noble", "6.4-noble-r12"], "develop": ["unstable", "6.7-noble", "6.7-noble-p6.2025.3-j17"]}
+      # Example: {"v6.6": ["latest", "6.6-noble", "6.6-noble-r1"], "v6.5": ["6.5-noble", "6.5-noble-r5"], "v6.4": ["6.4-noble", "6.4-noble-r12"], "develop": ["unstable", "6.7-noble", "6.7-noble-p6.2025.9-j17"]}
       supported_tag_matrix: ${{ steps.execute.outputs.supported_tag_matrix }}
 
       # This is a JSON list containing a flattened map of branch names and the latest non-rolling tag
-      # Example: [ "v6.6=gdcc/base:6.6-noble-r1", "v6.5=gdcc/base:6.5-noble-r5", "v6.4=gdcc/base:6.4-noble-r12", "develop=gdcc/base:6.7-noble-p6.2025.3-j17" ]
+      # Example: [ "v6.6=gdcc/base:6.6-noble-r1", "v6.5=gdcc/base:6.5-noble-r5", "v6.4=gdcc/base:6.4-noble-r12", "develop=gdcc/base:6.7-noble-p6.2025.9-j17" ]
       rebuilt_images: ${{ steps.execute.outputs.rebuilt_images }}
 
     steps:
diff --git a/doc/sphinx-guides/source/container/base-image.rst b/doc/sphinx-guides/source/container/base-image.rst
index 4adc6bb6fb1..0720995deb2 100644
--- a/doc/sphinx-guides/source/container/base-image.rst
+++ b/doc/sphinx-guides/source/container/base-image.rst
@@ -82,7 +82,7 @@ For now, stale images will be kept on Docker Hub indefinitely.
     Will roll over to the rolling production tag after a Dataverse release.
 - | **Flexible Stack**
   | Definition: ``<dv-major>.<dv-minor-next>-<flavor>-p<payara.version>-j<java.version>``
-  | Example: :substitution-code:`|nextVersion|-noble-p6.2025.3-j17`
+  | Example: :substitution-code:`|nextVersion|-noble-p6.2025.9-j17`
   | Summary: Rolling tag during a development cycle of the Dataverse software (`Dockerfile <https://github.com/IQSS/dataverse/tree/develop/modules/container-base/src/main/docker/Dockerfile>`__).
 
 **NOTE**: In these tags for development usage, the version number will always be 1 minor version ahead of existing Dataverse releases.
diff --git a/doc/sphinx-guides/source/developers/classic-dev-env.rst b/doc/sphinx-guides/source/developers/classic-dev-env.rst
index d1f54fd9d5f..1c9e4d5c35d 100755
--- a/doc/sphinx-guides/source/developers/classic-dev-env.rst
+++ b/doc/sphinx-guides/source/developers/classic-dev-env.rst
@@ -93,15 +93,15 @@ On Linux, install ``jq`` from your package manager or download a binary from htt
 Install Payara
 ~~~~~~~~~~~~~~
 
-Payara 6.2025.3 or higher is required.
+Payara 6.2025.9 or higher is required.
 
 To install Payara, run the following commands:
 
 ``cd /usr/local``
 
-``sudo curl -O -L https://nexus.payara.fish/repository/payara-community/fish/payara/distributions/payara/6.2025.3/payara-6.2025.3.zip``
+``sudo curl -O -L https://nexus.payara.fish/repository/payara-community/fish/payara/distributions/payara/6.2025.9/payara-6.2025.9.zip``
 
-``sudo unzip payara-6.2025.3.zip``
+``sudo unzip payara-6.2025.9.zip``
 
 ``sudo chown -R $USER /usr/local/payara6``
 
diff --git a/doc/sphinx-guides/source/installation/prerequisites.rst b/doc/sphinx-guides/source/installation/prerequisites.rst
index a5aacc4701c..2b456f7c0ed 100644
--- a/doc/sphinx-guides/source/installation/prerequisites.rst
+++ b/doc/sphinx-guides/source/installation/prerequisites.rst
@@ -44,7 +44,7 @@ On RHEL/derivative you can make Java 17 the default with the ``alternatives`` co
 Payara
 ------
 
-Payara 6.2025.3 is recommended. Newer versions might work fine. Regular updates are recommended.
+Payara 6.2025.9 is recommended. Newer versions might work fine. Regular updates are recommended.
 
 Installing Payara
 =================
@@ -55,8 +55,8 @@ Installing Payara
 
 - Download and install Payara (installed in ``/usr/local/payara6`` in the example commands below)::
 
-	# wget https://nexus.payara.fish/repository/payara-community/fish/payara/distributions/payara/6.2025.3/payara-6.2025.3.zip
-	# unzip payara-6.2025.3.zip
+	# wget https://nexus.payara.fish/repository/payara-community/fish/payara/distributions/payara/6.2025.9/payara-6.2025.9.zip
+	# unzip payara-6.2025.9.zip
 	# mv payara6 /usr/local
 
 If nexus.payara.fish is ever down for maintenance, Payara distributions are also available from https://repo1.maven.org/maven2/fish/payara/distributions/payara/
diff --git a/doc/sphinx-guides/source/qa/test-automation.md b/doc/sphinx-guides/source/qa/test-automation.md
index fa995bcaafd..7650b41db81 100644
--- a/doc/sphinx-guides/source/qa/test-automation.md
+++ b/doc/sphinx-guides/source/qa/test-automation.md
@@ -52,7 +52,7 @@ Go to the end of the log and then scroll up, looking for the failure. A failed A
 
 ```
 TASK [dataverse : download payara zip] *****************************************
-fatal: [localhost]: FAILED! => {"changed": false, "dest": "/tmp/payara.zip", "elapsed": 10, "msg": "Request failed: <urlopen error timed out>", "url": "https://nexus.payara.fish/repository/payara-community/fish/payara/distributions/payara/6.2025.3/payara-6.2025.3.zip"}
+fatal: [localhost]: FAILED! => {"changed": false, "dest": "/tmp/payara.zip", "elapsed": 10, "msg": "Request failed: <urlopen error timed out>", "url": "https://nexus.payara.fish/repository/payara-community/fish/payara/distributions/payara/6.2025.9/payara-6.2025.9.zip"}
 ```
 
 In the example above, if Payara can't be downloaded, we're obviously going to have problems deploying Dataverse to it!
diff --git a/modules/dataverse-parent/pom.xml b/modules/dataverse-parent/pom.xml
index 0cb83fffc0f..11e761e2a77 100644
--- a/modules/dataverse-parent/pom.xml
+++ b/modules/dataverse-parent/pom.xml
@@ -149,7 +149,7 @@
         <argLine>-Duser.timezone=${project.timezone} -Dfile.encoding=${project.build.sourceEncoding} -Duser.language=${project.language} -Duser.region=${project.region}</argLine>
     
         <!-- Major system components and dependencies -->
-        <payara.version>6.2025.3</payara.version>
+        <payara.version>6.2025.9</payara.version>
         <postgresql.version>42.7.7</postgresql.version>
         <solr.version>9.8.0</solr.version>
         <aws.version>2.33.0</aws.version>

From bc330b73a38166359697eaf1a2abf3bb3d9c7ff4 Mon Sep 17 00:00:00 2001
From: Jim Myers <qqmyers@hotmail.com>
Date: Wed, 17 Sep 2025 17:04:22 -0400
Subject: [PATCH 280/634] release note

---
 doc/release-notes/11827-Payara-6.2025.9.md | 3 +++
 1 file changed, 3 insertions(+)
 create mode 100644 doc/release-notes/11827-Payara-6.2025.9.md

diff --git a/doc/release-notes/11827-Payara-6.2025.9.md b/doc/release-notes/11827-Payara-6.2025.9.md
new file mode 100644
index 00000000000..1a084312358
--- /dev/null
+++ b/doc/release-notes/11827-Payara-6.2025.9.md
@@ -0,0 +1,3 @@
+The recommended Payara version has been updated to Payara-6.2025.9
+
+Standard Payara upgrade instructions - as in the 6.7 release notes should be added.

From 5c8a4eb685bd4927572763da157b161ecc4ec520 Mon Sep 17 00:00:00 2001
From: Stephen Kraffmiller <skraffmiller@hmdc.harvard.edu>
Date: Thu, 18 Sep 2025 15:43:24 -0400
Subject: [PATCH 281/634] #11710 add already linking functionality

---
 .../dataverse/DatasetLinkingServiceBean.java  |  1 -
 .../harvard/iq/dataverse/api/Dataverses.java  |  5 ++-
 .../impl/GetLinkingDataverseListCommand.java  | 43 +++++++++++++++----
 .../iq/dataverse/api/DataversesIT.java        |  8 ++++
 .../edu/harvard/iq/dataverse/api/UtilIT.java  | 14 +++++-
 5 files changed, 58 insertions(+), 13 deletions(-)

diff --git a/src/main/java/edu/harvard/iq/dataverse/DatasetLinkingServiceBean.java b/src/main/java/edu/harvard/iq/dataverse/DatasetLinkingServiceBean.java
index 39c82bfa3f1..514ecb1dc4d 100644
--- a/src/main/java/edu/harvard/iq/dataverse/DatasetLinkingServiceBean.java
+++ b/src/main/java/edu/harvard/iq/dataverse/DatasetLinkingServiceBean.java
@@ -13,7 +13,6 @@
 import jakarta.persistence.EntityManager;
 import jakarta.persistence.NoResultException;
 import jakarta.persistence.PersistenceContext;
-import jakarta.persistence.Query;
 import jakarta.persistence.TypedQuery;
 
 /**
diff --git a/src/main/java/edu/harvard/iq/dataverse/api/Dataverses.java b/src/main/java/edu/harvard/iq/dataverse/api/Dataverses.java
index f5816c36852..7322a8c9341 100644
--- a/src/main/java/edu/harvard/iq/dataverse/api/Dataverses.java
+++ b/src/main/java/edu/harvard/iq/dataverse/api/Dataverses.java
@@ -1777,7 +1777,7 @@ public Response linkDataverse(@Context ContainerRequestContext crc, @PathParam("
     @AuthRequired
     @Produces(MediaType.APPLICATION_JSON)
     @Path("{identifier}/{type}/linkingDataverses")
-    public Response getLinkingDataverseList(@Context ContainerRequestContext crc, @PathParam("identifier") String dvIdtf, @QueryParam("searchTerm") String searchTerm, @PathParam("type") String type) {
+    public Response getLinkingDataverseList(@Context ContainerRequestContext crc, @PathParam("identifier") String dvIdtf, @QueryParam("searchTerm") String searchTerm, @QueryParam("alreadyLinking") boolean alreadyLinking, @PathParam("type") String type) {
 
         try {
 
@@ -1785,7 +1785,8 @@ public Response getLinkingDataverseList(@Context ContainerRequestContext crc, @P
             List<Dataverse> dataversesForLinking = execCommand(new GetLinkingDataverseListCommand(
                     createDataverseRequest(getRequestUser(crc)),
                     dvObject,
-                    searchTerm
+                    searchTerm,
+                    alreadyLinking
             ));
 
             JsonArrayBuilder dvBuilder = Json.createArrayBuilder();
diff --git a/src/main/java/edu/harvard/iq/dataverse/engine/command/impl/GetLinkingDataverseListCommand.java b/src/main/java/edu/harvard/iq/dataverse/engine/command/impl/GetLinkingDataverseListCommand.java
index c47c6215640..de8e5a62938 100644
--- a/src/main/java/edu/harvard/iq/dataverse/engine/command/impl/GetLinkingDataverseListCommand.java
+++ b/src/main/java/edu/harvard/iq/dataverse/engine/command/impl/GetLinkingDataverseListCommand.java
@@ -25,13 +25,31 @@ public class GetLinkingDataverseListCommand extends AbstractCommand<List<Dataver
 
     private final String searchTerm;
     private final DvObject dvObject;
-
+    private final boolean alreadyLinked;
+    
     public GetLinkingDataverseListCommand(DataverseRequest aRequest, DvObject dvObject, String searchTerm) {
         super(aRequest, dvObject);
         this.searchTerm = searchTerm;
         this.dvObject = dvObject;
+        this.alreadyLinked = false;
+    }
+    
+    public GetLinkingDataverseListCommand(DataverseRequest aRequest, DvObject dvObject, boolean alreadyLinked) {
+        super(aRequest, dvObject);
+        this.searchTerm = "";
+        this.dvObject = dvObject;
+        this.alreadyLinked = alreadyLinked;
+    }
+    
+    public GetLinkingDataverseListCommand(DataverseRequest aRequest, DvObject dvObject, String searchTerm, boolean alreadyLinked) {
+        super(aRequest, dvObject);
+        this.searchTerm = searchTerm;
+        this.dvObject = dvObject;
+        this.alreadyLinked = alreadyLinked;
     }
 
+
+
     @Override
     public List<Dataverse> execute(CommandContext ctxt) throws CommandException {
 
@@ -57,14 +75,21 @@ public List<Dataverse> execute(CommandContext ctxt) throws CommandException {
         } else {
             permToCheck = Permission.LinkDataverse;
         }
-
-        dataversesForLinking = ctxt.permissions().findPermittedCollections(getRequest(), authUser, permToCheck, searchParam);
-        //Don't bother with checking for already linked if there are none to be tested.
-        if(dataversesForLinking == null || dataversesForLinking.isEmpty()) {
-            return dataversesForLinking;
+        //dependin on the already linked boolean the command will return a list of Dataverses available for linking
+        // or a list of dataverses to which the object has already been linked - for the unlink function
+        if (!alreadyLinked) {
+            dataversesForLinking = ctxt.permissions().findPermittedCollections(getRequest(), authUser, permToCheck, searchParam);
+            //Don't bother with checking for already linked if there are none to be tested.
+            if (dataversesForLinking == null || dataversesForLinking.isEmpty()) {
+                return dataversesForLinking;
+            }
+            return ctxt.dataverses().removeUnlinkableDataverses(dataversesForLinking, dvObject);
+        } else {
+            if (dvObject instanceof Dataset) {;
+                return ctxt.dsLinking().findLinkingDataverses(dvObject.getId());
+            } else {
+                return ctxt.dvLinking().findLinkingDataverses(dvObject.getId());
+            }
         }
-        return ctxt.dataverses().removeUnlinkableDataverses(dataversesForLinking, dvObject);
-
     }
-
 }
diff --git a/src/test/java/edu/harvard/iq/dataverse/api/DataversesIT.java b/src/test/java/edu/harvard/iq/dataverse/api/DataversesIT.java
index bbe1291f90f..86b082d79ae 100644
--- a/src/test/java/edu/harvard/iq/dataverse/api/DataversesIT.java
+++ b/src/test/java/edu/harvard/iq/dataverse/api/DataversesIT.java
@@ -836,6 +836,14 @@ public void testGetLinkableDataverses(){
                 .statusCode(OK.getStatusCode())
                 .body("data.size()", equalTo(0));
                 
+        //if you ask for already linked you should get one       
+        getLinkableDataverses = UtilIT.getLinkableDataverses("dataset", datasetPersistentId, apiToken, dataverseAliasForLinking, true);
+        
+        getLinkableDataverses.prettyPrint();
+                getLinkableDataverses.then().assertThat()
+                .statusCode(OK.getStatusCode())
+                .body("data.size()", equalTo(1));        
+                
         //set user api back to super user for cleanup
         UtilIT.setSuperuserStatus(username, Boolean.TRUE);
         
diff --git a/src/test/java/edu/harvard/iq/dataverse/api/UtilIT.java b/src/test/java/edu/harvard/iq/dataverse/api/UtilIT.java
index 5f5416e08cc..47b8deaf0e4 100644
--- a/src/test/java/edu/harvard/iq/dataverse/api/UtilIT.java
+++ b/src/test/java/edu/harvard/iq/dataverse/api/UtilIT.java
@@ -4730,19 +4730,31 @@ static Response updateDataverseFeaturedItem(long featuredItemId,
     }
     
     static Response getLinkableDataverses(String type, String dvObjectId, String apiToken, String searchTerm) {
+        return getLinkableDataverses(type, dvObjectId, apiToken, searchTerm, false);
+    }
+   
+    static Response getLinkableDataverses(String type, String dvObjectId, String apiToken, String searchTerm, boolean alreadyLinked) {
 
         String idInPath = dvObjectId; // Assume it's a number to start.
         String optionalQueryParam = ""; // If idOrPersistentId is a number we'll just put it in the path.
         if (type.equals("dataset")) {
             if (!NumberUtils.isCreatable(idInPath)) {
                 idInPath = ":persistentId";
-                if (searchTerm == null) {
+                if (searchTerm == null ||  searchTerm.isEmpty() ) {                    
                     optionalQueryParam = "?persistentId=" + dvObjectId;
                 } else {
                     optionalQueryParam = "&persistentId=" + dvObjectId;
                 }
             }
         }
+        
+        if (alreadyLinked){
+            if (optionalQueryParam.isEmpty()){
+                optionalQueryParam = "?alreadyLinking=true";
+            } else {
+                optionalQueryParam = optionalQueryParam + "&alreadyLinking=true";
+            }           
+        }
 
         if (searchTerm == null) {
             if (!apiToken.isEmpty()) {

From eb4ed35865a9cd7d7555805d4a7da8eb21818090 Mon Sep 17 00:00:00 2001
From: Stephen Kraffmiller <skraffmiller@hmdc.harvard.edu>
Date: Thu, 18 Sep 2025 16:41:47 -0400
Subject: [PATCH 282/634] #11710 typo

---
 .../engine/command/impl/GetLinkingDataverseListCommand.java     | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/main/java/edu/harvard/iq/dataverse/engine/command/impl/GetLinkingDataverseListCommand.java b/src/main/java/edu/harvard/iq/dataverse/engine/command/impl/GetLinkingDataverseListCommand.java
index de8e5a62938..793175d26b7 100644
--- a/src/main/java/edu/harvard/iq/dataverse/engine/command/impl/GetLinkingDataverseListCommand.java
+++ b/src/main/java/edu/harvard/iq/dataverse/engine/command/impl/GetLinkingDataverseListCommand.java
@@ -85,7 +85,7 @@ public List<Dataverse> execute(CommandContext ctxt) throws CommandException {
             }
             return ctxt.dataverses().removeUnlinkableDataverses(dataversesForLinking, dvObject);
         } else {
-            if (dvObject instanceof Dataset) {;
+            if (dvObject instanceof Dataset) {
                 return ctxt.dsLinking().findLinkingDataverses(dvObject.getId());
             } else {
                 return ctxt.dvLinking().findLinkingDataverses(dvObject.getId());

From 1deda57d6d85eda2003c26fff93f3cca6845c713 Mon Sep 17 00:00:00 2001
From: Jim Myers <qqmyers@hotmail.com>
Date: Fri, 18 Jul 2025 11:38:01 -0400
Subject: [PATCH 283/634] add retries to DataCite calls for 429, 503, 504

---
 .../doi/datacite/DataCiteRESTfullClient.java  | 93 ++++++++++++++++---
 1 file changed, 82 insertions(+), 11 deletions(-)

diff --git a/src/main/java/edu/harvard/iq/dataverse/pidproviders/doi/datacite/DataCiteRESTfullClient.java b/src/main/java/edu/harvard/iq/dataverse/pidproviders/doi/datacite/DataCiteRESTfullClient.java
index 465b10ee407..47394f0ad54 100644
--- a/src/main/java/edu/harvard/iq/dataverse/pidproviders/doi/datacite/DataCiteRESTfullClient.java
+++ b/src/main/java/edu/harvard/iq/dataverse/pidproviders/doi/datacite/DataCiteRESTfullClient.java
@@ -41,6 +41,10 @@ public class DataCiteRESTfullClient implements Closeable {
     
     private static final Logger logger = Logger.getLogger(DataCiteRESTfullClient.class.getCanonicalName());
 
+    // Constants for retry mechanism
+    private static final int MAX_RETRIES = 5;
+    private static final long RETRY_DELAY_MS = 10000; // 10 seconds
+    
     private String url;
     private CloseableHttpClient httpClient;
     private HttpClientContext context;
@@ -59,11 +63,78 @@ public DataCiteRESTfullClient(String url, String username, String password) {
     public void close() {
         if (this.httpClient != null) {
             try {
-           httpClient.close();
+                httpClient.close();
             } catch (IOException io) {
-               logger.warning("IOException closing hhtpClient: " + io.getMessage());
-           }
+                logger.warning("IOException closing httpClient: " + io.getMessage());
+            }
+        }
+    }
+    
+    /**
+     * Execute HTTP request with retry mechanism for specific status codes
+     * 
+     * @param request The HTTP request to execute
+     * @param operationName Name of the operation for logging
+     * @return HttpResponse The response from the server
+     * @throws IOException If an error occurs during the request
+     */
+    private HttpResponse executeWithRetry(org.apache.http.client.methods.HttpRequestBase request, String operationName) throws IOException {
+        int attempts = 0;
+        IOException lastException = null;
+        
+        while (attempts < MAX_RETRIES) {
+            try {
+                HttpResponse response = httpClient.execute(request, context);
+                int statusCode = response.getStatusLine().getStatusCode();
+                
+                // If we get a retry status code, try again after delay
+                if (statusCode == 429 || statusCode == 503 || statusCode == 504) {
+                    EntityUtils.consumeQuietly(response.getEntity());
+                    attempts++;
+                    
+                    if (attempts < MAX_RETRIES) {
+                        logger.warning("DataCite API returned status " + statusCode + 
+                                       " for " + operationName + ". Retrying in " + 
+                                       (RETRY_DELAY_MS / 1000) + " seconds (attempt " + attempts + " of " + MAX_RETRIES + ")");
+                        try {
+                            Thread.sleep(RETRY_DELAY_MS);
+                        } catch (InterruptedException ie) {
+                            Thread.currentThread().interrupt();
+                            throw new IOException("Retry interrupted", ie);
+                        }
+                    } else {
+                        logger.severe("DataCite API failed with status " + statusCode + 
+                                      " for " + operationName + " after " + MAX_RETRIES + " attempts");
+                        return response; // Return the last failed response
+                    }
+                } else {
+                    // Success or non-retry error code
+                    return response;
+                }
+            } catch (IOException ioe) {
+                lastException = ioe;
+                attempts++;
+                
+                if (attempts < MAX_RETRIES) {
+                    logger.warning("IOException during " + operationName + ": " + ioe.getMessage() + 
+                                   ". Retrying in " + (RETRY_DELAY_MS / 1000) + " seconds (attempt " + 
+                                   attempts + " of " + MAX_RETRIES + ")");
+                    try {
+                        Thread.sleep(RETRY_DELAY_MS);
+                    } catch (InterruptedException ie) {
+                        Thread.currentThread().interrupt();
+                        throw new IOException("Retry interrupted", ie);
+                    }
+                } else {
+                    logger.severe("DataCite API failed for " + operationName + " after " + 
+                                  MAX_RETRIES + " attempts due to: " + ioe.getMessage());
+                    throw lastException;
+                }
+            }
         }
+        
+        // This should never happen, but just in case
+        throw new IOException("Failed to execute request after " + MAX_RETRIES + " attempts");
     }
 
     /**
@@ -75,7 +146,7 @@ public void close() {
     public String getUrl(String doi) {
         HttpGet httpGet = new HttpGet(this.url + "/doi/" + doi);
         try {
-            HttpResponse response = httpClient.execute(httpGet,context);
+            HttpResponse response = executeWithRetry(httpGet, "getUrl");
             HttpEntity entity = response.getEntity();
             String data = null;
 
@@ -104,7 +175,7 @@ public String postUrl(String doi, String url) throws IOException {
         httpPost.setHeader("Content-Type", "text/plain;charset=UTF-8");
         httpPost.setEntity(new StringEntity("doi=" + doi + "\nurl=" + url, "utf-8"));
 
-        HttpResponse response = httpClient.execute(httpPost, context);
+        HttpResponse response = executeWithRetry(httpPost, "postUrl");
         String data = EntityUtils.toString(response.getEntity(), encoding);
         if (response.getStatusLine().getStatusCode() != 201) {
             String errMsg = "Response from postUrl: " + response.getStatusLine().getStatusCode() + ", " + data;
@@ -124,7 +195,7 @@ public String getMetadata(String doi) {
         HttpGet httpGet = new HttpGet(this.url + "/metadata/" + doi);
         httpGet.setHeader("Accept", "application/xml");
         try {
-            HttpResponse response = httpClient.execute(httpGet,context);
+            HttpResponse response = executeWithRetry(httpGet, "getMetadata");
             String data = EntityUtils.toString(response.getEntity(), encoding);
             if (response.getStatusLine().getStatusCode() != 200) {
                 String errMsg = "Response from getMetadata: " + response.getStatusLine().getStatusCode() + ", " + data;
@@ -133,7 +204,7 @@ public String getMetadata(String doi) {
             }
             return data;
         } catch (IOException ioe) {
-            logger.log(Level.SEVERE, "IOException when get metadata");
+            logger.log(Level.SEVERE, "IOException when get metadata", ioe);
             throw new RuntimeException("IOException when get metadata", ioe);
         }
     }
@@ -147,7 +218,7 @@ public String getMetadata(String doi) {
     public boolean testDOIExists(String doi) throws IOException {
         HttpGet httpGet = new HttpGet(this.url + "/metadata/" + doi);
         httpGet.setHeader("Accept", "application/xml");
-        HttpResponse response = httpClient.execute(httpGet, context);
+        HttpResponse response = executeWithRetry(httpGet, "testDOIExists");
         if (response.getStatusLine().getStatusCode() != 200) {
             EntityUtils.consumeQuietly(response.getEntity());
             return false;
@@ -166,7 +237,7 @@ public String postMetadata(String metadata) throws IOException {
         HttpPost httpPost = new HttpPost(this.url + "/metadata");
         httpPost.setHeader("Content-Type", "application/xml;charset=UTF-8");
         httpPost.setEntity(new StringEntity(metadata, "utf-8"));
-        HttpResponse response = httpClient.execute(httpPost, context);
+        HttpResponse response = executeWithRetry(httpPost, "postMetadata");
         String data = EntityUtils.toString(response.getEntity(), encoding);
         if (response.getStatusLine().getStatusCode() != 201) {
             String errMsg = "Response from postMetadata: " + response.getStatusLine().getStatusCode() + ", " + data;
@@ -185,7 +256,7 @@ public String postMetadata(String metadata) throws IOException {
     public String inactiveDataset(String doi) {
         HttpDelete httpDelete = new HttpDelete(this.url + "/metadata/" + doi);
         try {
-            HttpResponse response = httpClient.execute(httpDelete,context);
+            HttpResponse response = executeWithRetry(httpDelete, "inactiveDataset");
             String data = EntityUtils.toString(response.getEntity(), encoding);
             if (response.getStatusLine().getStatusCode() != 200) {
                 String errMsg = "Response code: " + response.getStatusLine().getStatusCode() + ", " + data;
@@ -194,7 +265,7 @@ public String inactiveDataset(String doi) {
             }
             return data;
         } catch (IOException ioe) {
-            logger.log(Level.SEVERE, "IOException when inactive dataset");
+            logger.log(Level.SEVERE, "IOException when inactive dataset", ioe);
             throw new RuntimeException("IOException when inactive dataset", ioe);
         }
     }

From e16b29ca75160cc96f8e2742b69b208c03e9ed6c Mon Sep 17 00:00:00 2001
From: Jim Myers <qqmyers@hotmail.com>
Date: Fri, 18 Jul 2025 12:38:36 -0400
Subject: [PATCH 284/634] optionally update DataCite DOI when needed during
 publish

---
 .../pidproviders/doi/datacite/DataCiteDOIProvider.java     | 7 ++++++-
 .../edu/harvard/iq/dataverse/settings/FeatureFlags.java    | 7 ++++++-
 2 files changed, 12 insertions(+), 2 deletions(-)

diff --git a/src/main/java/edu/harvard/iq/dataverse/pidproviders/doi/datacite/DataCiteDOIProvider.java b/src/main/java/edu/harvard/iq/dataverse/pidproviders/doi/datacite/DataCiteDOIProvider.java
index dd64a89dfe6..3c21699d45e 100644
--- a/src/main/java/edu/harvard/iq/dataverse/pidproviders/doi/datacite/DataCiteDOIProvider.java
+++ b/src/main/java/edu/harvard/iq/dataverse/pidproviders/doi/datacite/DataCiteDOIProvider.java
@@ -15,6 +15,7 @@
 import edu.harvard.iq.dataverse.FileMetadata;
 import edu.harvard.iq.dataverse.GlobalId;
 import edu.harvard.iq.dataverse.pidproviders.doi.AbstractDOIProvider;
+import edu.harvard.iq.dataverse.settings.FeatureFlags;
 import edu.harvard.iq.dataverse.util.json.JsonUtil;
 import jakarta.json.JsonObject;
 
@@ -217,7 +218,11 @@ public boolean publicizeIdentifier(DvObject dvObject) {
         metadata.put("datacite.publicationyear", generateYear(dvObject));
         metadata.put("_target", getTargetUrl(dvObject));
         try {
-            doiDataCiteRegisterService.registerIdentifier(identifier, metadata, dvObject);
+            if (FeatureFlags.ONLY_UPDATE_DATACITE_WHEN_NEEDED.enabled()) {
+                doiDataCiteRegisterService.reRegisterIdentifier(identifier, metadata, dvObject);
+            } else {
+                doiDataCiteRegisterService.registerIdentifier(identifier, metadata, dvObject);
+            }
             return true;
         } catch (Exception e) {
             logger.log(Level.WARNING, "modifyMetadata failed: " + e.getMessage(), e);
diff --git a/src/main/java/edu/harvard/iq/dataverse/settings/FeatureFlags.java b/src/main/java/edu/harvard/iq/dataverse/settings/FeatureFlags.java
index ae117159b5c..0e4bb510f4b 100644
--- a/src/main/java/edu/harvard/iq/dataverse/settings/FeatureFlags.java
+++ b/src/main/java/edu/harvard/iq/dataverse/settings/FeatureFlags.java
@@ -229,7 +229,12 @@ public enum FeatureFlags {
      * @since Dataverse 6.8
      */
     ENABLE_PID_FAILURE_LOG("enable-pid-failure-log"),
-    
+
+    /**
+     * Only update a DataCite DOI when needed (for efficiency, lighter load on DataCite).
+     */
+    ONLY_UPDATE_DATACITE_WHEN_NEEDED("only-update-datacite-when-needed"),
+
     ;
     
     final String flag;

From 6c086e33479d60c53199ce5ccf3f651353ca84d7 Mon Sep 17 00:00:00 2001
From: Jim Myers <qqmyers@hotmail.com>
Date: Fri, 18 Jul 2025 13:02:42 -0400
Subject: [PATCH 285/634] catch null url for draft DOI

---
 .../doi/datacite/DOIDataCiteRegisterService.java         | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/src/main/java/edu/harvard/iq/dataverse/pidproviders/doi/datacite/DOIDataCiteRegisterService.java b/src/main/java/edu/harvard/iq/dataverse/pidproviders/doi/datacite/DOIDataCiteRegisterService.java
index a4d788de4df..d9ddfe04393 100644
--- a/src/main/java/edu/harvard/iq/dataverse/pidproviders/doi/datacite/DOIDataCiteRegisterService.java
+++ b/src/main/java/edu/harvard/iq/dataverse/pidproviders/doi/datacite/DOIDataCiteRegisterService.java
@@ -95,7 +95,14 @@ public String reRegisterIdentifier(String identifier, Map<String, String> metada
             }
             retString = "metadata:\\r" + client.postMetadata(xmlMetadata) + "\\r";
         }
-        if (!target.equals(client.getUrl(numericIdentifier))) {
+        String currentUrl = null;
+        try {
+            //May get a 204 if the DOI is still draft
+            currentUrl = client.getUrl(numericIdentifier);
+        } catch (RuntimeException ex) {
+            logger.fine("Error getting Url for " + numericIdentifier + ": " + ex.getMessage());
+        }
+        if (!target.equals(currentUrl)) {
             logger.info("Updating target URL to " +  target);
             client.postUrl(numericIdentifier, target);
             retString = retString + "url:\\r" + target;

From eda19fe2a08571465ac039f5398d0c5887249869 Mon Sep 17 00:00:00 2001
From: Jim Myers <qqmyers@hotmail.com>
Date: Fri, 19 Sep 2025 11:54:52 -0400
Subject: [PATCH 286/634] docs, release note

---
 doc/release-notes/11832-DataCite-scaling.md        | 14 ++++++++++++++
 doc/sphinx-guides/source/installation/config.rst   | 10 ++++++++++
 .../iq/dataverse/settings/FeatureFlags.java        | 11 ++++++++++-
 3 files changed, 34 insertions(+), 1 deletion(-)
 create mode 100644 doc/release-notes/11832-DataCite-scaling.md

diff --git a/doc/release-notes/11832-DataCite-scaling.md b/doc/release-notes/11832-DataCite-scaling.md
new file mode 100644
index 00000000000..574ef05f94c
--- /dev/null
+++ b/doc/release-notes/11832-DataCite-scaling.md
@@ -0,0 +1,14 @@
+This release adds functionality to retry calls to DataCite when their server is overloaded or Dataverse has hit their rate limit.
+
+It also introduces an option to only update DataCite metadata after checking to see if the current DataCite information is out of date.
+(This adds a request to get information from DataCite before any potential write of new information which will be more efficient when 
+most DOIs have not changed but will result in an extra call to get info when a DOI has changed.)
+  
+Both of these can help when DataCite is being used heavily, e.g. creating and publishing datasets with many datafiles and using file DOIs,
+or doing bulk operations that involve DataCite with many datasets.
+
+### New Settings
+
+- dataverse.feature.only-update-datacite-when-needed 
+
+The default is false - Dataverse will not check to see if DataCite's information is out of date before sending an update.
diff --git a/doc/sphinx-guides/source/installation/config.rst b/doc/sphinx-guides/source/installation/config.rst
index 14bf33c9482..c96adcec01b 100644
--- a/doc/sphinx-guides/source/installation/config.rst
+++ b/doc/sphinx-guides/source/installation/config.rst
@@ -537,6 +537,8 @@ dataverse.pid.*.datacite.username
 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
 dataverse.pid.*.datacite.password
 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+dataverse.feature.only-update-datacite-when-needed
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
 
 PID Providers of type ``datacite`` require four additional parameters that define how the provider connects to DataCite.
 DataCite has two APIs that are used in Dataverse:
@@ -552,6 +554,11 @@ for `Fabrica <https://doi.datacite.org/>`_ and their APIs. You need to provide
 the same credentials (``username``, ``password``) to Dataverse software to mint and manage DOIs for you.
 As noted above, you should use one of the more secure options for setting the password.
 
+The `only-update-datacite-when-needed feature` flag is a global option that causes Dataverse to GET the latest metadata from DataCite
+for a DOI and compare it with the current metadata in Dataverse and only sending a following POST request if needed. This potentially
+substitutes a read for an unnecessary write at DataCite, but would result in extra reads when all metadata in Dataverse is new. 
+Setting the flag to "true" is recommended when using DataCite file DOIs.
+
 CrossRef-specific Settings
 ^^^^^^^^^^^^^^^^^^^^^^^^^^
 
@@ -3805,6 +3812,9 @@ please find all known feature flags below. Any of these flags can be activated u
     * - enable-pid-failure-log
       - Turns on creation of a monthly log file (logs/PIDFailures_<yyyy-MM>.log) showing failed requests for dataset/file PIDs. Can be used directly or with scripts at https://github.com/gdcc/dataverse-recipes/python/pid_reports to alert admins.
       - ``Off``
+    * - only-update-datacite-when-needed
+      - Only contact DataCite to update a DOI after checking to see if DataCite has outdated information (for efficiency, lighter load on DataCite, especially when using file DOIs).
+      - ``Off``
 
 **Note:** Feature flags can be set via any `supported MicroProfile Config API source`_, e.g. the environment variable
 ``DATAVERSE_FEATURE_XXX`` (e.g. ``DATAVERSE_FEATURE_API_SESSION_AUTH=1``). These environment variables can be set in your shell before starting Payara. If you are using :doc:`Docker for development </container/dev-usage>`, you can set them in the `docker compose <https://docs.docker.com/compose/environment-variables/set-environment-variables/>`_ file.
diff --git a/src/main/java/edu/harvard/iq/dataverse/settings/FeatureFlags.java b/src/main/java/edu/harvard/iq/dataverse/settings/FeatureFlags.java
index 0e4bb510f4b..76ea4941f96 100644
--- a/src/main/java/edu/harvard/iq/dataverse/settings/FeatureFlags.java
+++ b/src/main/java/edu/harvard/iq/dataverse/settings/FeatureFlags.java
@@ -232,7 +232,16 @@ public enum FeatureFlags {
 
     /**
      * Only update a DataCite DOI when needed (for efficiency, lighter load on DataCite).
-     */
+     * This flag causes Dataverse to GET the latest metadata from DataCite for a DOI and 
+     * comparing it with the current metadata in Dataverse and only sending a following POST
+     * request if needed. This potentially substitutes a read for an unnecessary write at DataCite,
+     * but would result in extra reads when all metadata in Dataverse is new. Setting the flag
+     * to "true" is recommended when using DataCite file DOIs.
+     * 
+     * @apiNote Raise flag by setting
+     *          "dataverse.feature.only-update-datacite-when-needed"
+     * @since Dataverse 6.9
+     */ 
     ONLY_UPDATE_DATACITE_WHEN_NEEDED("only-update-datacite-when-needed"),
 
     ;

From d4dbd3a23cec5a82d791d2e5a33ed1e0c50257c6 Mon Sep 17 00:00:00 2001
From: Stephen Kraffmiller <skraffmiller@hmdc.harvard.edu>
Date: Fri, 19 Sep 2025 16:24:51 -0400
Subject: [PATCH 287/634] #11710 add search term to already linked

---
 .../iq/dataverse/DatasetLinkingDataverse.java | 13 ++++++
 .../dataverse/DatasetLinkingServiceBean.java  | 45 ++++++++++++++++---
 .../impl/GetLinkingDataverseListCommand.java  |  2 +-
 .../iq/dataverse/api/DataversesIT.java        | 10 ++++-
 .../edu/harvard/iq/dataverse/api/UtilIT.java  |  2 +-
 5 files changed, 64 insertions(+), 8 deletions(-)

diff --git a/src/main/java/edu/harvard/iq/dataverse/DatasetLinkingDataverse.java b/src/main/java/edu/harvard/iq/dataverse/DatasetLinkingDataverse.java
index dec07a09643..28b061ffa2a 100644
--- a/src/main/java/edu/harvard/iq/dataverse/DatasetLinkingDataverse.java
+++ b/src/main/java/edu/harvard/iq/dataverse/DatasetLinkingDataverse.java
@@ -9,6 +9,7 @@
 import jakarta.persistence.Id;
 import jakarta.persistence.Index;
 import jakarta.persistence.JoinColumn;
+import jakarta.persistence.NamedNativeQuery;
 import jakarta.persistence.NamedQueries;
 import jakarta.persistence.NamedQuery;
 import jakarta.persistence.OneToOne;
@@ -35,6 +36,18 @@
     @NamedQuery(name = "DatasetLinkingDataverse.findIdsByLinkingDataverseId",
                query = "SELECT o.dataset.id FROM DatasetLinkingDataverse AS o WHERE o.linkingDataverse.id = :linkingDataverseId")
 })
+
+    @NamedNativeQuery(
+        name = "DatasetLinkingDataverse.findByDatasetIdAndLinkingDataverseName",
+        query = """
+                select o.linkingDataverse_id  from DatasetLinkingDataverse as o  
+                LEFT JOIN dataverse dv ON dv.id = o.linkingDataverse_id 
+                WHERE o.dataset_id =? AND ((LOWER(dv.name) LIKE ? and ((SUBSTRING(LOWER(dv.name),0,(LENGTH(dv.name)-9)) LIKE ?)
+                or (SUBSTRING(LOWER(dv.name),0,(LENGTH(dv.name)-9)) LIKE ?))) 
+                or (LOWER(dv.name) NOT LIKE ? and ((LOWER(dv.name) LIKE ?)
+                or (LOWER(dv.name) LIKE ?))))""" 
+    )
+
 public class DatasetLinkingDataverse implements Serializable {
     private static final long serialVersionUID = 1L;
     @Id
diff --git a/src/main/java/edu/harvard/iq/dataverse/DatasetLinkingServiceBean.java b/src/main/java/edu/harvard/iq/dataverse/DatasetLinkingServiceBean.java
index 514ecb1dc4d..eb54d239e11 100644
--- a/src/main/java/edu/harvard/iq/dataverse/DatasetLinkingServiceBean.java
+++ b/src/main/java/edu/harvard/iq/dataverse/DatasetLinkingServiceBean.java
@@ -5,6 +5,7 @@
  */
 package edu.harvard.iq.dataverse;
 
+import jakarta.ejb.EJB;
 import java.util.ArrayList;
 import java.util.List;
 import java.util.logging.Logger;
@@ -27,6 +28,9 @@ public class DatasetLinkingServiceBean implements java.io.Serializable {
     @PersistenceContext(unitName = "VDCNet-ejbPU")
     private EntityManager em;
     
+    @EJB
+    DataverseServiceBean dataverseService;
+    
 
 
     public List<Dataset> findLinkedDatasets(Long dataverseId) {
@@ -40,13 +44,44 @@ public List<Dataset> findLinkedDatasets(Long dataverseId) {
     }
 
     public List<Dataverse> findLinkingDataverses(Long datasetId) {
+        return findLinkingDataverses(datasetId, "");
+    }
+    
+    public List<Dataverse> findLinkingDataverses(Long datasetId, String searchTerm) {
         List<Dataverse> retList = new ArrayList<>();
-        TypedQuery<DatasetLinkingDataverse> typedQuery = em.createNamedQuery("DatasetLinkingDataverse.findByDatasetId", DatasetLinkingDataverse.class)
-            .setParameter("datasetId", datasetId);
-        for (DatasetLinkingDataverse datasetLinkingDataverse : typedQuery.getResultList()) {
-            retList.add(datasetLinkingDataverse.getLinkingDataverse());
+        if (searchTerm == null || searchTerm.isEmpty()) {
+            TypedQuery<DatasetLinkingDataverse> typedQuery = em.createNamedQuery("DatasetLinkingDataverse.findByDatasetId", DatasetLinkingDataverse.class)
+                    .setParameter("datasetId", datasetId);
+            for (DatasetLinkingDataverse datasetLinkingDataverse : typedQuery.getResultList()) {
+                retList.add(datasetLinkingDataverse.getLinkingDataverse());
+            }
+            return retList;
+
+        } else {
+
+            String pattern = searchTerm.toLowerCase();
+
+            String pattern1 = pattern + "%";
+            String pattern2 = "% " + pattern + "%";
+
+            // Adjust the queries for very short, 1 and 2-character patterns:
+            if (pattern.length() == 1) {
+                pattern1 = pattern;
+                pattern2 = pattern + " %";
+            }
+            System.out.print("pattern1: " + pattern1);
+            System.out.print("pattern2: " + pattern2);
+            TypedQuery<Long> typedQuery
+                    = em.createNamedQuery("DatasetLinkingDataverse.findByDatasetIdAndLinkingDataverseName", Long.class)
+                            .setParameter(1, datasetId).setParameter(2, "%dataverse").setParameter(3, pattern1)
+                            .setParameter(4, pattern2).setParameter(5, "%dataverse").setParameter(6, pattern1).setParameter(7, pattern2);
+
+            for (Long id : typedQuery.getResultList()) {
+                retList.add(dataverseService.find(id));
+            }
+            return retList;
         }
-        return retList;
+
     }
     
     public void save(DatasetLinkingDataverse datasetLinkingDataverse) {
diff --git a/src/main/java/edu/harvard/iq/dataverse/engine/command/impl/GetLinkingDataverseListCommand.java b/src/main/java/edu/harvard/iq/dataverse/engine/command/impl/GetLinkingDataverseListCommand.java
index 793175d26b7..c20e545982c 100644
--- a/src/main/java/edu/harvard/iq/dataverse/engine/command/impl/GetLinkingDataverseListCommand.java
+++ b/src/main/java/edu/harvard/iq/dataverse/engine/command/impl/GetLinkingDataverseListCommand.java
@@ -86,7 +86,7 @@ public List<Dataverse> execute(CommandContext ctxt) throws CommandException {
             return ctxt.dataverses().removeUnlinkableDataverses(dataversesForLinking, dvObject);
         } else {
             if (dvObject instanceof Dataset) {
-                return ctxt.dsLinking().findLinkingDataverses(dvObject.getId());
+                return ctxt.dsLinking().findLinkingDataverses(dvObject.getId(), searchParam);
             } else {
                 return ctxt.dvLinking().findLinkingDataverses(dvObject.getId());
             }
diff --git a/src/test/java/edu/harvard/iq/dataverse/api/DataversesIT.java b/src/test/java/edu/harvard/iq/dataverse/api/DataversesIT.java
index 86b082d79ae..fe9d9b74de0 100644
--- a/src/test/java/edu/harvard/iq/dataverse/api/DataversesIT.java
+++ b/src/test/java/edu/harvard/iq/dataverse/api/DataversesIT.java
@@ -842,7 +842,15 @@ public void testGetLinkableDataverses(){
         getLinkableDataverses.prettyPrint();
                 getLinkableDataverses.then().assertThat()
                 .statusCode(OK.getStatusCode())
-                .body("data.size()", equalTo(1));        
+                .body("data.size()", equalTo(1));  
+                
+        //if you ask for already linked you should get one unless there's a bad search terms     
+        getLinkableDataverses = UtilIT.getLinkableDataverses("dataset", datasetPersistentId, apiToken, "QQQBatmanSymbol", true);
+        
+        getLinkableDataverses.prettyPrint();
+                getLinkableDataverses.then().assertThat()
+                .statusCode(OK.getStatusCode())
+                .body("data.size()", equalTo(0));          
                 
         //set user api back to super user for cleanup
         UtilIT.setSuperuserStatus(username, Boolean.TRUE);
diff --git a/src/test/java/edu/harvard/iq/dataverse/api/UtilIT.java b/src/test/java/edu/harvard/iq/dataverse/api/UtilIT.java
index 47b8deaf0e4..83c14a84a76 100644
--- a/src/test/java/edu/harvard/iq/dataverse/api/UtilIT.java
+++ b/src/test/java/edu/harvard/iq/dataverse/api/UtilIT.java
@@ -4749,7 +4749,7 @@ static Response getLinkableDataverses(String type, String dvObjectId, String api
         }
         
         if (alreadyLinked){
-            if (optionalQueryParam.isEmpty()){
+            if (optionalQueryParam.isEmpty() && (searchTerm == null ||  searchTerm.isEmpty())){
                 optionalQueryParam = "?alreadyLinking=true";
             } else {
                 optionalQueryParam = optionalQueryParam + "&alreadyLinking=true";

From b63555f0941b9993a722d06d6b1d44602eaf5ca9 Mon Sep 17 00:00:00 2001
From: Stephen Kraffmiller <skraffmiller@hmdc.harvard.edu>
Date: Mon, 22 Sep 2025 10:26:48 -0400
Subject: [PATCH 288/634] #11710 add perms to find already linked

---
 .../dataverse/DatasetLinkingServiceBean.java  |  2 -
 .../dataverse/DataverseLinkingDataverse.java  | 11 ++++++
 .../DataverseLinkingServiceBean.java          | 37 +++++++++++++++++--
 .../impl/GetLinkingDataverseListCommand.java  | 23 +++++++++++-
 .../iq/dataverse/api/DataversesIT.java        |  4 +-
 5 files changed, 67 insertions(+), 10 deletions(-)

diff --git a/src/main/java/edu/harvard/iq/dataverse/DatasetLinkingServiceBean.java b/src/main/java/edu/harvard/iq/dataverse/DatasetLinkingServiceBean.java
index eb54d239e11..6b0f8af6590 100644
--- a/src/main/java/edu/harvard/iq/dataverse/DatasetLinkingServiceBean.java
+++ b/src/main/java/edu/harvard/iq/dataverse/DatasetLinkingServiceBean.java
@@ -69,8 +69,6 @@ public List<Dataverse> findLinkingDataverses(Long datasetId, String searchTerm)
                 pattern1 = pattern;
                 pattern2 = pattern + " %";
             }
-            System.out.print("pattern1: " + pattern1);
-            System.out.print("pattern2: " + pattern2);
             TypedQuery<Long> typedQuery
                     = em.createNamedQuery("DatasetLinkingDataverse.findByDatasetIdAndLinkingDataverseName", Long.class)
                             .setParameter(1, datasetId).setParameter(2, "%dataverse").setParameter(3, pattern1)
diff --git a/src/main/java/edu/harvard/iq/dataverse/DataverseLinkingDataverse.java b/src/main/java/edu/harvard/iq/dataverse/DataverseLinkingDataverse.java
index 3030922ea5e..bf2326f0e06 100644
--- a/src/main/java/edu/harvard/iq/dataverse/DataverseLinkingDataverse.java
+++ b/src/main/java/edu/harvard/iq/dataverse/DataverseLinkingDataverse.java
@@ -13,6 +13,7 @@
 import jakarta.persistence.Id;
 import jakarta.persistence.Index;
 import jakarta.persistence.JoinColumn;
+import jakarta.persistence.NamedNativeQuery;
 import jakarta.persistence.NamedQueries;
 import jakarta.persistence.NamedQuery;
 import jakarta.persistence.OneToOne;
@@ -39,6 +40,16 @@
     @NamedQuery(name = "DataverseLinkingDataverse.findIdsByLinkingDataverseId",
                query = "SELECT o.dataverse.id FROM DataverseLinkingDataverse AS o WHERE o.linkingDataverse.id = :linkingDataverseId")
 })
+    @NamedNativeQuery(
+        name = "DataverseLinkingDataverse.findByDataverseIdAndLinkingDataverseName",
+        query = """
+                select o.linkingDataverse_id  from DataverseLinkingDataverse as o  
+                LEFT JOIN dataverse dv ON dv.id = o.linkingDataverse_id 
+                WHERE o.dataverse_id =? AND ((LOWER(dv.name) LIKE ? and ((SUBSTRING(LOWER(dv.name),0,(LENGTH(dv.name)-9)) LIKE ?)
+                or (SUBSTRING(LOWER(dv.name),0,(LENGTH(dv.name)-9)) LIKE ?))) 
+                or (LOWER(dv.name) NOT LIKE ? and ((LOWER(dv.name) LIKE ?)
+                or (LOWER(dv.name) LIKE ?))))""" 
+    )
 public class DataverseLinkingDataverse implements Serializable {
     private static final long serialVersionUID = 1L;
     @Id
diff --git a/src/main/java/edu/harvard/iq/dataverse/DataverseLinkingServiceBean.java b/src/main/java/edu/harvard/iq/dataverse/DataverseLinkingServiceBean.java
index 834ff96e392..9f1bcde4c0e 100644
--- a/src/main/java/edu/harvard/iq/dataverse/DataverseLinkingServiceBean.java
+++ b/src/main/java/edu/harvard/iq/dataverse/DataverseLinkingServiceBean.java
@@ -43,12 +43,41 @@ public List<Dataverse> findLinkedDataverses(Long linkingDataverseId) {
     }
 
     public List<Dataverse> findLinkingDataverses(Long dataverseId) {
+
+        return findLinkingDataverses(dataverseId, "");
+    }
+    
+    public List<Dataverse> findLinkingDataverses(Long dataverseId, String searchTerm) {
         List<Dataverse> retList = new ArrayList<>();
-        TypedQuery<DataverseLinkingDataverse> typedQuery = em.createNamedQuery("DataverseLinkingDataverse.findByDataverseId", DataverseLinkingDataverse.class)
-            .setParameter("dataverseId", dataverseId);
-        for (DataverseLinkingDataverse dataverseLinkingDataverse : typedQuery.getResultList()) {
-            retList.add(dataverseLinkingDataverse.getLinkingDataverse());
+        if (searchTerm == null || searchTerm.isEmpty()) {
+            TypedQuery<DataverseLinkingDataverse> typedQuery = em.createNamedQuery("DataverseLinkingDataverse.findByDataverseId", DataverseLinkingDataverse.class)
+                    .setParameter("dataverseId", dataverseId);
+            for (DataverseLinkingDataverse dataverseLinkingDataverse : typedQuery.getResultList()) {
+                retList.add(dataverseLinkingDataverse.getLinkingDataverse());
+            }
+
+        } else {
+            
+            String pattern = searchTerm.toLowerCase();
+
+            String pattern1 = pattern + "%";
+            String pattern2 = "% " + pattern + "%";
+
+            // Adjust the queries for very short, 1 and 2-character patterns:
+            if (pattern.length() == 1) {
+                pattern1 = pattern;
+                pattern2 = pattern + " %";
+            }
+            TypedQuery<Long> typedQuery
+                    = em.createNamedQuery("DataverseLinkingDataverse.findByDataverseIdAndLinkingDataverseName", Long.class)
+                            .setParameter(1, dataverseId).setParameter(2, "%dataverse").setParameter(3, pattern1)
+                            .setParameter(4, pattern2).setParameter(5, "%dataverse").setParameter(6, pattern1).setParameter(7, pattern2);
+
+            for (Long id : typedQuery.getResultList()) {
+                retList.add(dataverseService.find(id));
+            }
         }
+
         return retList;
     }
     
diff --git a/src/main/java/edu/harvard/iq/dataverse/engine/command/impl/GetLinkingDataverseListCommand.java b/src/main/java/edu/harvard/iq/dataverse/engine/command/impl/GetLinkingDataverseListCommand.java
index c20e545982c..077c420d669 100644
--- a/src/main/java/edu/harvard/iq/dataverse/engine/command/impl/GetLinkingDataverseListCommand.java
+++ b/src/main/java/edu/harvard/iq/dataverse/engine/command/impl/GetLinkingDataverseListCommand.java
@@ -14,6 +14,8 @@
 import edu.harvard.iq.dataverse.engine.command.exception.CommandException;
 import edu.harvard.iq.dataverse.engine.command.exception.IllegalCommandException;
 import edu.harvard.iq.dataverse.util.BundleUtil;
+import java.util.ArrayList;
+import java.util.EnumSet;
 import java.util.List;
 
 /**
@@ -85,11 +87,28 @@ public List<Dataverse> execute(CommandContext ctxt) throws CommandException {
             }
             return ctxt.dataverses().removeUnlinkableDataverses(dataversesForLinking, dvObject);
         } else {
+            List<Dataverse> dataversesAlreadyLinked;
+            List<Dataverse> dataversesAlreadyLinkedCanUnlink = new ArrayList<>();
+            //new ArrayList<>();
             if (dvObject instanceof Dataset) {
-                return ctxt.dsLinking().findLinkingDataverses(dvObject.getId(), searchParam);
+                dataversesAlreadyLinked = ctxt.dsLinking().findLinkingDataverses(dvObject.getId(), searchParam);
+                for (Dataverse dv : dataversesAlreadyLinked) {
+                    if (ctxt.permissions().hasPermissionsFor(getRequest(), dv, EnumSet.of(Permission.LinkDataset))) {
+                        dataversesAlreadyLinkedCanUnlink.add(dv);
+                    }
+                    return dataversesAlreadyLinkedCanUnlink;
+                }
+                //this.permissionService.requestOn(req, res).has(Permission.LinkDataverse)
             } else {
-                return ctxt.dvLinking().findLinkingDataverses(dvObject.getId());
+                dataversesAlreadyLinked = ctxt.dvLinking().findLinkingDataverses(dvObject.getId(), searchParam);
+                for (Dataverse dv : dataversesAlreadyLinked) {
+                    if (ctxt.permissions().hasPermissionsFor(getRequest(), dv, EnumSet.of(Permission.LinkDataverse))) {
+                        dataversesAlreadyLinkedCanUnlink.add(dv);
+                    }
+                }
+                return dataversesAlreadyLinkedCanUnlink;
             }
+            return null;
         }
     }
 }
diff --git a/src/test/java/edu/harvard/iq/dataverse/api/DataversesIT.java b/src/test/java/edu/harvard/iq/dataverse/api/DataversesIT.java
index fe9d9b74de0..9423c475499 100644
--- a/src/test/java/edu/harvard/iq/dataverse/api/DataversesIT.java
+++ b/src/test/java/edu/harvard/iq/dataverse/api/DataversesIT.java
@@ -850,8 +850,8 @@ public void testGetLinkableDataverses(){
         getLinkableDataverses.prettyPrint();
                 getLinkableDataverses.then().assertThat()
                 .statusCode(OK.getStatusCode())
-                .body("data.size()", equalTo(0));          
-                
+                .body("data.size()", equalTo(0)); 
+                       
         //set user api back to super user for cleanup
         UtilIT.setSuperuserStatus(username, Boolean.TRUE);
         

From 44eec3b74cfca862f56a0fb50c121cb3dc0d5665 Mon Sep 17 00:00:00 2001
From: Stephen Kraffmiller <skraffmiller@hmdc.harvard.edu>
Date: Mon, 22 Sep 2025 10:58:38 -0400
Subject: [PATCH 289/634] #11710 add test for without perms

---
 .../command/impl/GetLinkingDataverseListCommand.java      | 3 +--
 .../java/edu/harvard/iq/dataverse/api/DataversesIT.java   | 8 ++++++++
 2 files changed, 9 insertions(+), 2 deletions(-)

diff --git a/src/main/java/edu/harvard/iq/dataverse/engine/command/impl/GetLinkingDataverseListCommand.java b/src/main/java/edu/harvard/iq/dataverse/engine/command/impl/GetLinkingDataverseListCommand.java
index 077c420d669..466871b88e4 100644
--- a/src/main/java/edu/harvard/iq/dataverse/engine/command/impl/GetLinkingDataverseListCommand.java
+++ b/src/main/java/edu/harvard/iq/dataverse/engine/command/impl/GetLinkingDataverseListCommand.java
@@ -77,7 +77,7 @@ public List<Dataverse> execute(CommandContext ctxt) throws CommandException {
         } else {
             permToCheck = Permission.LinkDataverse;
         }
-        //dependin on the already linked boolean the command will return a list of Dataverses available for linking
+        //depending on the already linked boolean the command will return a list of Dataverses available for linking
         // or a list of dataverses to which the object has already been linked - for the unlink function
         if (!alreadyLinked) {
             dataversesForLinking = ctxt.permissions().findPermittedCollections(getRequest(), authUser, permToCheck, searchParam);
@@ -98,7 +98,6 @@ public List<Dataverse> execute(CommandContext ctxt) throws CommandException {
                     }
                     return dataversesAlreadyLinkedCanUnlink;
                 }
-                //this.permissionService.requestOn(req, res).has(Permission.LinkDataverse)
             } else {
                 dataversesAlreadyLinked = ctxt.dvLinking().findLinkingDataverses(dvObject.getId(), searchParam);
                 for (Dataverse dv : dataversesAlreadyLinked) {
diff --git a/src/test/java/edu/harvard/iq/dataverse/api/DataversesIT.java b/src/test/java/edu/harvard/iq/dataverse/api/DataversesIT.java
index 9423c475499..719c820f1de 100644
--- a/src/test/java/edu/harvard/iq/dataverse/api/DataversesIT.java
+++ b/src/test/java/edu/harvard/iq/dataverse/api/DataversesIT.java
@@ -844,6 +844,14 @@ public void testGetLinkableDataverses(){
                 .statusCode(OK.getStatusCode())
                 .body("data.size()", equalTo(1));  
                 
+        //if you ask for already linked you should get one  unless you don't have perms     
+        getLinkableDataverses = UtilIT.getLinkableDataverses("dataset", datasetPersistentId, apiTokenThree, dataverseAliasForLinking, true);
+        
+        getLinkableDataverses.prettyPrint();
+                getLinkableDataverses.then().assertThat()
+                .statusCode(OK.getStatusCode())
+                .body("data.size()", equalTo(0));          
+                
         //if you ask for already linked you should get one unless there's a bad search terms     
         getLinkableDataverses = UtilIT.getLinkableDataverses("dataset", datasetPersistentId, apiToken, "QQQBatmanSymbol", true);
         

From 3f63e273829ae9b20d210c14403c2b1fbecab5a9 Mon Sep 17 00:00:00 2001
From: Jim Myers <qqmyers@hotmail.com>
Date: Mon, 22 Sep 2025 13:31:33 -0400
Subject: [PATCH 290/634] more changes

---
 .../source/developers/big-data-support.rst    | 260 ++++++++++++++----
 .../source/installation/config.rst            |  28 +-
 2 files changed, 217 insertions(+), 71 deletions(-)

diff --git a/doc/sphinx-guides/source/developers/big-data-support.rst b/doc/sphinx-guides/source/developers/big-data-support.rst
index cf156bd12c8..1c388a7c565 100644
--- a/doc/sphinx-guides/source/developers/big-data-support.rst
+++ b/doc/sphinx-guides/source/developers/big-data-support.rst
@@ -8,11 +8,10 @@ work differently than Dataverse's default configuration, potentially requiring u
 
 In general, there are three dimensions in which Dataverse can scale:
   
-1. **Number of Datasets**
+1. **Storage size of individual files and aggregate storage size**
 2. **Number of Files per Dataset**
-3. **Storage size of individual files and aggregate storage size**
+3. **Number of Datasets**
 
-This guide will primarily focus on the latter two dimensions as the main way to scale the number of datasets is to scale the database, server, and storage resources.
 
 .. contents:: |toctitle|
         :local:
@@ -20,7 +19,8 @@ This guide will primarily focus on the latter two dimensions as the main way to
 Choosing the Right Storage
 --------------------------
 
-Dataverse provides several options that affect how files are transferred and stored which significantly impact the performance and scalability of your Dataverse installation.
+The main issues for handling larger files and larger aggregate data size relate to the performance of the storage used and how involved the Dataverse server is in the data transfer. 
+With appropriate configuration, Dataverse can support file sizes and aggregate dataset sizes into the terabyte scale and beyond.
 
 File Storage
 ~~~~~~~~~~~~
@@ -28,29 +28,33 @@ File Storage
 The default storage option in Dataverse is based on a local file system. When files are transferred to Dataverse, they are first stored in a
 temporary location on the Dataverse server. Any zip files uploaded are unzipped to create multiple individual file entries. Once an upload is completed, 
 Dataverse copies the files to permanent storage. Dataverse also takes advantage of the file being local to inspect it's bytes to determine it
-s MIME type, and, for tabular data, to 'ingest' it - extracting metadata about the variables used in the file and creating a tab-separated value (TSV) version of the file. 
+s MIME type, and, for tabular data, to 'ingest' it - extracting metadata about the variables used in the file and creating a tab-separated value (TSV) version of the file.
 
-Benefits: This option requires no external services and can potentially handle files into the gigabyte (GB) size range. FOr smaller institutions,
+Benefits: 
+
+- This option requires no external services and can potentially handle files into the gigabyte (GB) size range. For smaller institutions,
 and in disciplines where datasets do not have more than a few hundred files and files are not too large, this can be the simplest option.
-Further, unzipping of zip archives can be simpler for users than having to upload many individual files and was, at one time, the only way to 
+- Unzipping of zip archives can be simpler for users than having to upload many individual files and was, at one time, the only way to 
 preserve file path names when uploading.
 
 Challenges: In general file storage is not a good option for larger data sizes - both in terms of file size and number of files. Contributing factors include:
  
-- Local file storage must be provisioned in advance based on anticipated demand. It can involve up-front costs (for a local disk), or, when procured from a cloud provider, is likely to be more expensive than object storage (see below) 
 - Because temporary storage is used, transfers will temporarily use several times as much space as the final transfer. Unzipping also increases the final storage size of a dataset.
 - Because all uploads use the same temporary storage, temporary storage must be large enough to handle multiple users uploading data.
 - Each file is uploaded as a single HTTP request, which can cause long transfer times which, in turn, can trigger timeout errors in Dataverse or any proxy or load balancer in front of Dataverse.
-- Uploading many files at once can trigger any rate limiter (i.e. used to throttle use by AI) resulting in failures
+- Uploading many files at once can trigger any rate limiter in front of the Dataverse server (i.e. used to throttle use by AI) resulting in failures
 - Because transfers (both uploads and downloads) are handled by the Dataverse server, they add to server processing load which can affect overall performance.
+- Cost: local file storage must be provisioned in advance based on anticipated demand. It can involve up-front costs (for a local disk), or, when procured from a cloud provider, is likely to be more expensive than object storage (see below) 
+
 
 Object Storage via S3
 ~~~~~~~~~~~~~~~~~~~~~
 
 A more scalable option for storage is to use an object store with transfers managed using the Simple Storage Service (S3) protocol. S3-compatible storage can 
 easily be bought (rented) from major cloud providers, but may also be available from institutional clouds. It is also possible to run open-source software to provide S3 storage 
-over a local file system (making it possible to enjoy the advantages discussed below while still leveraging local file storage). While Dataverse can be
-configured to handle uploads and downloads as with file storage (with zip files being unzipped, but having many of the same challenges in terms of temporary storage and server load as discussed above) 
+over a local file system (making it possible to enjoy the advantages discussed below while still leveraging local file storage). 
+
+While Dataverse can be configured to handle uploads and downloads as with file storage (with zip files being unzipped, but having many of the same challenges in terms of temporary storage and server load as discussed above) 
 it can also be configured to use 'direct' upload and download. In this configuration, the actual transfer of file bytes is from/to the user's local machine to/from
 the S3 store. In this configuration, Dataverse does not attempt to unzip zip files and they are stored as a single file in the dataset.
 
@@ -80,33 +84,40 @@ upload them, with their relative paths intact, to dataverse. (DVWebloader can on
 standard upload interface in Dataverse).
 - Using direct upload stops Dataverse from inspecting the file bytes to determine the MIME type (with one exception - Stata files). Dataverse will still look at the file name and extension to determine the MIME type.
 - To perform the 'ingest' processing, Dataverse currently has to copy the file to local storage, somewhat negating the benefit of sending data directly to S3. To manage larger files, one can set a per-store
-Ingest size limit (which can be 0 bytes) to stop ingest or limit it to smaller files. 
+ingest size limit (which can be 0 bytes) to stop ingest or limit it to smaller files. 
 - Dataverse's mechanism for downloading a whole dataset or multiple selected files involves zipping those files together. Even When using S3 with direct upload/download,
 the file bytes are transferred to the Dataverse server as part of the zipping process. There are ways to reduce the performance impact of this:
   - There is a 'ZipDownloader' app that can be run separate from Dataverse to handle the zipping process.
   - Dataverse has a :ZipDownloadLimit that can be used to limit the amount of data that can be zipped. If a dataset is larger than this limit, Dataverse will only add some of the files to the zip and list others in the included manifest file.
   - There are tools such as the Dataverse Dataset Downloader (https://github.com/gdcc/dataverse-recipes/tree/main/shell/download#dataverse-dataset-downloader) that can be used to download all off the files individually. This avoids sending any of the files to/through the Dataverse server when S3 direct download is enabled.  
 - Dataverse leverages S3 features that are not implemented by all servers and has several configuration options geared towards handling variations between servers. Site admins should be sure to test with their preferred S3 implementation.
+- The part-size used when directly transferring files to S3 is configurable (at AWS, from 5 MiB to 5GiB). The default in Dataverse is 1 GiB (1024^3). If the primary use case is with smaller files than that, decreasing the part size may improve upload speeds.
 
 Remote Storage
 ~~~~~~~~~~~~~~
 
 Note: Remote Storage is still experimental: feedback is welcome! See :ref:`support`.
 
-For very large, and/or very sensitive data, it may not make sense to transfer or copy files to Dataverse at all. The ``remote`` store type in the Dataverse software support these use cases.
+For very large, and/or very sensitive data, it may not make sense to transfer or copy files to Dataverse at all.
+The ``remote`` store type in the Dataverse software supports these use cases.
 It allows Dataverse to store a URL reference for the file rather than transferring the file bytes to a store managed directly by Dataverse.
-In the most basic configuration a site administrator configures the base URL for the store, e.g. "https://thirdpartystorage.edu/long-term-storage/" and users can then create files referencing
-any URL starting with that base, e.g. "https://thirdpartystorage.edu/long-term-storage/my_file.txt". If the remote site is a public web server, the remote store in Dataverse should be configured to be 'public' which will
-disable the ability to restrict or embargo files (as they are public on the remote site and Dataverse cannot block access.) Conversely, Dataverse can be configured to sign requests to the remote server and,
-and, which the remote server, if it is capable of validating them, can use to reject requests not approved by Dataverse. In this configuration, users can restrict and embargo files and Dataverse and the remote server will cooperate to
-manage access control. Another alternative, with a more advanced remote store, would be, instead of using URLs that directly enable download of the file, to use URLs that point to 
-a landing page at the remote server that may require the user to login, or go through some other authentication/validation process before being able to access the file.
-
-Dataverse considers remote storage to be read-only, or, in cases where the remote service does not provide a way for Dataverse to download the file bytes ((due to access control or because the URL refers to a landing page), inacessible. 
-Depending on whether Dataverse can access the bytes of the file, functionality such as ingest and integrity checking may or may not be possible. If the file bytes are not accessible 
-the remote store in Dataverse should be configured to disable operations that attempt to access the file (see  files-not-accessible-by-dataverse).
-If the file bytes are accessible, Dataverse can still support features such as ingest and thumbnail creation, as well as local storage of other files  and auxilliary files. These are handled by configuring a 'base' store with the remote store
-that is used for these purposes. (This means that while the specified files remain on the remote store, other files in the dataset, and potentially the ingested TSV format of a remote file would be managed by Dataverse in some other store. If ingest is not desired, the ingest size limit for the store can be set to 0 bytes).  
+In the most basic configuration a site administrator configures the base URL for the store, e.g. "https://thirdpartystorage.edu/long-term-storage/" 
+and users can then create files referencing any URL starting with that base, e.g. "https://thirdpartystorage.edu/long-term-storage/my_project_dir/my_file.txt".
+If the remote site is a public web server, the remote store in Dataverse should be configured to be 'public' which will disable the ability to restrict
+or embargo files (as they are public on the remote site and Dataverse cannot block access.) Conversely, Dataverse can be configured to sign requests to the 
+remote server which the remote server can then, if it is capable of validating them, use to reject requests not approved by Dataverse. In this configuration,
+users can restrict and embargo files and Dataverse and the remote server will cooperate to manage access control. Another alternative, with a more advanced
+remote store, would be, instead of using URLs that directly enable download of the file, to use URLs that point to a landing page at the remote server that 
+may require the user to login, or go through some other authentication/validation process before being able to access the file.
+
+Dataverse considers remote storage to be read-only, or, in cases where the remote service does not provide a way for Dataverse to download the file bytes
+(due to access control or because the URL refers to a landing page), inacessible. Depending on whether Dataverse can access the bytes of the file,
+functionality such as ingest and integrity checking may or may not be possible. If the file bytes are not accessible the remote store in Dataverse should be
+configured to disable operations that attempt to access the file (see  files-not-accessible-by-dataverse). If the file bytes are accessible, Dataverse can still
+support features such as ingest and thumbnail creation, as well as local storage of other files  and auxilliary files. These are handled by configuring a 'base' store
+with the remote store that is used for these purposes. (This means that while the specified files remain on the remote store, other files in the dataset, and
+potentially the ingested TSV format of a remote file would be managed by Dataverse in some other store. If ingest is not desired, the ingest size limit for the
+store can be set to 0 bytes).
 
 Benefits: 
 
@@ -116,23 +127,24 @@ Benefits:
 Challenges:
 
 - Currently, remote files can only be added via the API. (This may be addressed in future versions).
+- Since remote files can only be added as the dataset is created in the UI. However, the UI will still allow upload of files to the base store (at dataset creation and when editing)
 - As Dataverse is relying on the remote service to main the integrity and availability of the files, it is likely that the Dataverse site admin will want to have a formal agreement with the remote service 
 operator about their policies.
 - Site admins need to consider carefully how to configure file size limits, ingest size limits, etc. on the remote store and it's base store, and whether the remote store is public-only, and whether it files there can be read by Dataverse to assure the
 requirements of a specific use case(s) are addressed.
 - The current remote store implementation will not prevent you from providing a relative URL that results in a 404 when resolved. (I.e. if you make a typo). You should check to make sure the file exists at the location you specify - by trying to download in Dataverse, by checking to see that Dataverse was able to get the file size (which it does by doing a HEAD call to that location), or just manually trying the URL in your browser.
 - For large files, direct-download should always be used with a remote store. (Otherwise the Dataverse will be involved in the download.)
- 
+- When multiple files are selected for download, Dataverse will try to include remote files in the zip file being created (up to the max zip size limit) which is inefficent, and will not be able to include remote files that are inaccessible (possibly confusing). 
 
 Globus Transfer
 ~~~~~~~~~~~~~~~
 
 Note: Globus Transfer is still experimental: feedback is welcome! See :ref:`support`.
 
-`Globus <https://www.globus.org>`_ provides file transfer service that is widely used for the largest datasets (in terms of both file size and number of files). It provides:
+`Globus <https://www.globus.org>`_ provides file transfer service that is widely used for the world's largest datasets (in terms of both file size and number of files). It provides:
 
 - robust file transfer capable of handling delays (e.g. due to the time it takes to mount tapes) and restarting after network or endpoint failures
-- parallel file transfers, potentially between clusters of computers on both ends
+- rapid parallel file transfers, potentially between clusters of computers on both ends
 - third-party transfer, which enables a user working with their desktop browser to initiate transfer of files from one remote endpoint (i.e. on a local high-performance computing cluster) to/from another (e.g. one associated with a Dataverse store)
 
 Dataverse can be configured to support Globus transfers in multiple ways:
@@ -141,19 +153,20 @@ Dataverse can be configured to support Globus transfers in multiple ways:
 - A Dataverse-managed Globus S3 Endpoint: Dataverse controls user access to the endpoint, access is available via S3 and via Globus
 - A Globus Endpoint treated as Remote Storage: Dataverse references files on a Globus endpoint managed by a third party
 
-Each of these options has its own advantages and disadvantages:
 Benefits: 
 
 - Globus scales to higher data volumes than any other option. Users working with large data are often familiar with Globus and are interested in transferring data to/from computational clusters rather than their local machine
 - Globus transfers can be initiated by choosing the Globus option in the dataset upload panel. Analogously, "Globus Transfer" is one of the download options in the "Access Dataset" menu.
-- For the non-S3 options, Dataverse support having a base store (e.g. a local file system or an S3-based store), which can be used internally by Dataverse (e.g. for thumbnails, etc.) and can allow users to upload smaller files (e.g. Readmes, documentation) that might not be suited to a given Globus endpoint (e.g. a tape store)
+- For the non-S3 options, Dataverse supports having a base store (e.g. a local file system or an S3-based store), which can be used internally by Dataverse (e.g. for thumbnails, etc.) and can allow users to upload smaller files (e.g. Readmes, documentation) that might not be suited to a given Globus endpoint (e.g. a tape store)
 
 Challenges: 
+
 - Globus is complex to manage and Dataverse installations will need to develop Globus expertise or partner with another organization (i.e. a institutional high-performance computing center) to manage Globus endpoints.
-- For users not familiar with Globus, managing transfers can be confusing. Globus does provide a free 'Globus Personal Connect' service which can be run on any machine to allow transfers to/from it.
+- For users not familiar with Globus, managing transfers can be confusing. For the non-S3 options, users cannot just download files - they must have access to a destination Globus endpoint. Globus does provide a free 'Globus Personal Connect' service which installed on any machine to allow transfers to/from it.
 - Globus transfers are not enabled at dataset-creation time. Once the draft version is created, users can initiate Globus transfers to upload files from remote endpoints.
-- For Dataverse managed endpoints, a a community-developed `dataverse-globus <https://github.com/scholarsportal/dataverse-globus>`_ app must be installed and configured in the Dataverse instance. 
+- For Dataverse-managed endpoints, a community-developed `dataverse-globus <https://github.com/scholarsportal/dataverse-globus>`_ app must be installed and configured in the Dataverse instance. 
 This app manages granting and revoking access for users to upload/download files from Dataverse and handles the translation between Dataverse's internal file naming/organization to that see by the user.
+- Users familiar with Globus sometimes expect to be able to find the Dataverse endpoint in Globus' online service and download files from there. Due to the fact that Dataverse is managing permissions and handling file naming, this doesn't work.
 - Due to differences between Dataverse's and Globus's access control models, Dataverse cannot enforce per-file-access restrictions - restriction can only be done today at the level of providing access to all files in a dataset.
 Globus stores can be defined as public to disable Dataverse's ability to restrict and embargo files in that store. If the store is configured to support restriction and embargo,
 Dataverse and it's Dataverse-Globus app will limit users to downloading only the files they have been granted access to, but a technically knowledgeable user could access other files in the same dataset if they are give access to one.
@@ -161,50 +174,181 @@ Dataverse and it's Dataverse-Globus app will limit users to downloading only the
 - Dataverse-managed endpoints must be Globus 'guest collections' hosted on either a file-system-based endpoint or an S3-based endpoint (the latter requires use of the Globus
 S3 connector which requires a paid Globus subscription at the host institution). In either case, Dataverse is configured with the Globus credentials of a user account that can manage the endpoint.
 Users will need their own Globus account, which can be obtained via their institution or directly from Globus (at no cost).
-- With the file-system endpoint, Dataverse does not currently have access to the file contents. Thus, functionality related to ingest, previews, fixity hash validation, etc. are not available. (Using the S3-based endpoint, Dataverse has access via S3 and all functionality normally associated with direct uploads to S3 is available.)
+- With the file-system endpoint, Dataverse does not currently have access to the file contents. Thus, functionality related to ingest, previews, fixity hash validation, etc. are not available. 
+(Using the S3-based endpoint, Dataverse has access via S3 and all functionality normally associated with direct uploads to S3 is available. In this case admins should be sure to set the maximum size for ingest and avoid requiring hash validation at publication, etc.)
 - For the reference use case, Dataverse must be configured with a list of allowed endpoint/base paths from which files may be referenced. In this case, since Dataverse is not accessing the remote endpoint itself, it does not need Globus credentials. 
-Users will also need a Globus account in this case, and the remote endpoint must be configured to allow them access (i.e. be publicly readable, or potentially involving some out-of-band mechanism to request access (that could be described in the dataset's Terms of Use and Access).
+Users will also need a Globus account in this case, and the remote endpoint must be configured to allow them access (i.e. be publicly readable, or potentially involving some out-of-band mechanism to request access (that could be described, for example, in the dataset's Terms of Use and Access).
 - While Globus itself can handle many (millions of) files of any size, Dataverse cannot handle more than thousands of files per dataset (at best) and some Globus endpoints may have limits on file sizes - both maximums and minimums (e.g. for tape storage where small files are inefficient).
-Users will need to be made aware of these limitations and the possibilities for managing them (e.g. by aggregating multiple files in a single larger file).
+Users will need to be made aware of these limitations and the possibilities for managing them (e.g. by aggregating multiple files in a single larger file, or storing smaller files in the base-store via the normal Dataverse upload UI).
+- There is currently (a bug)[https://github.com/gdcc/dataverse-globus/issues/2] that won't allow users to transfer files from/to endpoints where they do not have permission to list the overall file tree (i.e. an institution manages <endpoint>/institution_name but the user only has access to <endpoint>/institution_name/my_dir.)
+Until that is fixed, a work-around is to first transfer data to an endpoint without this restriction.
+- An alternative, experimental implementation of Globus polling of ongoing upload transfers has been added in v6.4. This framework does not rely on the instance staying up continuously for the duration of the transfer and saves the state information about Globus upload requests in the database. While it is now the recommended option, it is not enabled by default. See the ``globus-use-experimental-async-framework`` feature flag (see :ref:`feature-flags`) and the JVM option :ref:`dataverse.files.globus-monitoring-server`.
 
 More details of the setup required to enable Globus is described in the `Community Dataverse-Globus Setup and Configuration document <https://docs.google.com/document/d/1mwY3IVv8_wTspQC0d4ddFrD2deqwr-V5iAGHgOy4Ch8/edit?usp=sharing>`_ and the references therein.
 
-As described in that document, 
-
 An overview of the control and data transfer interactions between components was presented at the 2022 Dataverse Community Meeting and can be viewed in the `Integrations and Tools Session Video <https://youtu.be/3ek7F_Dxcjk?t=5289>`_ around the 1 hr 28 min mark.
 
 See also :ref:`Globus settings <:GlobusSettings>`.
 
-An alternative, experimental implementation of Globus polling of ongoing upload transfers has been added in v6.4. This framework does not rely on the instance staying up continuously for the duration of the transfer and saves the state information about Globus upload requests in the database. Due to its experimental nature it is not enabled by default. See the ``globus-use-experimental-async-framework`` feature flag (see :ref:`feature-flags`) and the JVM option :ref:`dataverse.files.globus-monitoring-server`.
-
-
+Managing more files per dataset and more datasets
+-------------------------------------------------
 
+Dataverse can be configured to handle datasets with hundreds or thousands of files and hundreds of thousands of datasets. However, reaching these levels can require significant effort to appropriately configure the server.
 
+Technically, there are two factors that can limit scaling the number of files per dataset: how much the Dataverse server is involved in data transfer, and constraints based on Dataverse's code and database configuration.
+The former is dramatically affected by the choice for file storage and options such as the S3 direct upload/download settings and ingest size limits. The are fewer ways to affect the latter beyond increasing the amount of memory and CPU resources available
+or rewriting the relevant parts of Dataverse. (There are continuing efforts to improve Dataverse's performance and scaling, so it is also advisable to use the latest version if you are pushing the boundaries on scaling. Progress is being made.)
 
+Scaling to larger numbers of datasets (and to some extent scaling files per dataset) also depends on Dataverse's Solr search engine. There have been very significant improvements in indexing and search performance in recent releases, including some that are not turned on by default.
 
+Avoiding Many Files
+~~~~~~~~~~~~~~~~~~~
 
+Before describing things that can be done to improve scaling, it is important to note that there are configuration options and best practices to suggest to users to help avoid larger datasets and users hitting performance issues by going beyond the file counts you know work in your instance.
+
+        /* zip upload number of files limit */
+        ZipUploadFilesLimit,
+        /* the number of files the GUI user is allowed to upload in one batch, 
+            via drag-and-drop, or through the file select dialog */
+        MultipleUploadFilesLimit,
+                UseStorageQuotas, 
+        /** 
+         * Placeholder storage quota (defines the same quota setting for every user; used to test the concept of a quota.
+         */
+        StorageQuotaSizeInBytes,
+
+Ways to Scale
+~~~~~~~~~~~~~
+
+   
+       /**
+     * For published (public) objects, don't use a join when searching Solr. 
+     * Experimental! Requires a reindex with the following feature flag enabled,
+     * in order to add the boolean publicObject_b:true field to all the public
+     * Solr documents. 
+     *
+     * @apiNote Raise flag by setting
+     * "dataverse.feature.avoid-expensive-solr-join"
+     * @since Dataverse 6.3
+     */
+AVOID_EXPENSIVE_SOLR_JOIN("avoid-expensive-solr-join"),
+    /**
+     * With this flag enabled, the boolean field publicObject_b:true will be 
+     * added to all the indexed Solr documents for publicly-available collections,
+     * datasets and files. This flag makes it possible to rely on it in searches,
+     * instead of the very expensive join (the feature flag above).
+     *
+     * @apiNote Raise flag by setting
+     * "dataverse.feature.add-publicobject-solr-field"
+     * @since Dataverse 6.3
+     */
+    ADD_PUBLICOBJECT_SOLR_FIELD("add-publicobject-solr-field"),
+    /**
+     * Dataverse normally deletes all solr documents related to a dataset's files
+     * when the dataset is reindexed. With this flag enabled, additional logic is
+     * added to the reindex process to delete only the solr documents that are no
+     * longer needed. (Required docs will be updated rather than deleted and 
+     * replaced.) Enabling this feature flag should make the reindex process 
+     * faster without impacting the search results.
+     *
+     * @apiNote Raise flag by setting
+     * "dataverse.feature.reduce-solr-deletes"
+     * @since Dataverse 6.3
+     */
+    REDUCE_SOLR_DELETES("reduce-solr-deletes"),
+    /**
+     * This flag disables the feature that automatically selects one of the 
+     * DataFile thumbnails in the dataset/version as the dedicated thumbnail
+     * for the dataset.
+     * 
+     * @apiNote Raise flag by setting
+     * "dataverse.feature.disable-dataset-thumbnail-autoselect"
+     * @since Dataverse 6.4
+     */
+    DISABLE_DATASET_THUMBNAIL_AUTOSELECT("disable-dataset-thumbnail-autoselect"),
+    /**
+     * Only update a DataCite DOI when needed (for efficiency, lighter load on DataCite).
+     */
+    ONLY_UPDATE_DATACITE_WHEN_NEEDED("only-update-datacite-when-needed"),
+
+
+JvmSettings:
+    MIN_FILES_TO_USE_PROXY(SCOPE_SOLR, "min-files-to-use-proxy"),
+
+    // INDEX CONCURENCY
+    SCOPE_SOLR_CONCURENCY(SCOPE_SOLR, "concurrency"),
+    MAX_ASYNC_INDEXES(SCOPE_SOLR_CONCURENCY, "max-async-indexes"),
+
+    //EXPORTS
+    SCOPE_EXPORTS(PREFIX, "exports"),
+    SCOPE_EXPORTS_SCHEMA_DOT_ORG(SCOPE_EXPORTS, "schema-dot-org"),
+    EXPORTS_SCHEMA_DOT_ORG_MAX_FILES_FOR_DOWNLOAD_ENTRIES(SCOPE_EXPORTS_SCHEMA_DOT_ORG, "max-files-for-download-entries"),
+
+Settings:
+
+        SolrFullTextIndexing, //true or false (default)
+        SolrMaxFileSizeForFullTextIndexing, //long - size in bytes (default unset/no limit)
+        /** Default Key for limiting the number of bytes uploaded via the Data Deposit API, UI (web site and . */
+        MaxFileUploadSizeInBytes,
+        ZipDownloadLimit,
+/* size limit for Tabular data file ingests */
+        /* (can be set separately for specific ingestable formats; in which 
+        case the actual stored option will be TabularIngestSizeLimit:{FORMAT_NAME}
+        where {FORMAT_NAME} is the format identification tag returned by the 
+        getFormatName() method in the format-specific plugin; "sav" for the 
+        SPSS/sav format, "RData" for R, etc.
+        for example: :TabularIngestSizeLimit:RData */
+        TabularIngestSizeLimit,
+        /* Validate physical files in the dataset when publishing, if the dataset size less than the threshold limit */
+        DatasetChecksumValidationSizeLimit,
+        /* Validate physical files in the dataset when publishing, if the datafile size less than the threshold limit */
+        DataFileChecksumValidationSizeLimit,
+        FilePIDsEnabled,
+        /**
+         * If defined, this is the URL of the zipping service outside 
+         * the main Application Service where zip downloads should be directed
+         * instead of /api/access/datafiles/
+         */
+        CustomZipDownloadServiceUrl,
+
+        /**
+         * The URL for the DvWebLoader tool (see github.com/gdcc/dvwebloader for details)
+         */
+        WebloaderUrl, 
+
+
+        /**
+         * A comma-separated list of CategoryName in the desired order for files to be
+         * sorted in the file table display. If not set, files will be sorted
+         * alphabetically by default. If set, files will be sorted by these categories
+         * and alphabetically within each category.
+         */
+        CategoryOrder,
+        /**
+         * True(default)/false option deciding whether ordering by folder should be applied to the 
+         * dataset listing of datafiles.
+         */
+        OrderByFolder,
+        /**
+         * Allows an instance admin to disable Solr search facets on the collection
+         * and dataset pages instantly
+         */
+        DisableSolrFacets,
+        DisableSolrFacetsForGuestUsers,
+        DisableSolrFacetsWithoutJsession,
+        DisableUncheckedTypesFacet,
+
+        /**
+         * When ingesting tabular data files, store the generated tab-delimited 
+         * files *with* the variable names line up top. 
+         */
+        StoreIngestedTabularFilesWithVarHeaders,
+
+ There is no well-defined cut-off - the speed of viewing and editing a large dataset will decrease as files are added, and, at some point, Dataverse may need more memory than is available, resulting in drastically slower response / 
 
-Handling Large Individual Files
--------------------------------
-
-When individual files exceed typical web upload/download capabilities (generally 1-2GB), you'll need specialized approaches.
-
-S3 Direct Upload and Download
-~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-
-**Best for:** Files up to several TB in size with minimal configuration changes
-
-A lightweight option for supporting file sizes beyond a few gigabytes - a size that can cause performance issues when uploaded through a Dataverse installation itself - is to configure an S3 store to provide direct upload and download via 'pre-signed URLs'. When these options are configured, file uploads and downloads are made directly to and from a configured S3 store using secure (https) connections that enforce a Dataverse installation's access controls. (The upload and download URLs are signed with a unique key that only allows access for a short time period and a Dataverse installation will only generate such a URL if the user has permission to upload/download the specific file in question.)
-
-This option can handle files >300GB and could be appropriate for files up to a TB or larger. Other options can scale farther, but this option has the advantages that it is simple to configure and does not require any user training - uploads and downloads are done via the same interface as normal uploads to a Dataverse installation.
-
-To configure these options, an administrator must set two JVM options for the Dataverse installation using the same process as for other configuration options:
 
-``./asadmin create-jvm-options "-Ddataverse.files.<id>.download-redirect=true"``
 
-``./asadmin create-jvm-options "-Ddataverse.files.<id>.upload-redirect=true"``
 
-With multiple stores configured, it is possible to configure one S3 store with direct upload and/or download to support large files (in general or for specific Dataverse collections) while configuring only direct download, or no direct access for another store.
 
 The direct upload option now switches between uploading the file in one piece (up to 1 GB by default) and sending it as multiple parts. The default can be changed by setting:
   
diff --git a/doc/sphinx-guides/source/installation/config.rst b/doc/sphinx-guides/source/installation/config.rst
index a6aa44df974..369a58896aa 100644
--- a/doc/sphinx-guides/source/installation/config.rst
+++ b/doc/sphinx-guides/source/installation/config.rst
@@ -1476,20 +1476,22 @@ Once you have configured a trusted remote store, you can point your users to the
 .. table::
     :align: left
 
-    ===========================================  ==================  ==========================================================================  ===================
-    JVM Option                                   Value               Description                                                                 Default value
-    ===========================================  ==================  ==========================================================================  ===================
-    dataverse.files.<id>.type                    ``remote``          **Required** to mark this storage as remote.                                (none)
-    dataverse.files.<id>.label                   <?>                 **Required** label to be shown in the UI for this storage.                  (none)
-    dataverse.files.<id>.base-url                <?>                 **Required** All files must have URLs of the form <baseUrl>/* .             (none)
-    dataverse.files.<id>.base-store              <?>                 **Required** The id of a base store (of type file, s3, or swift).           (the default store)
-    dataverse.files.<id>.download-redirect       ``true``/``false``  Enable direct download (should usually be true).                            ``false``
-    dataverse.files.<id>.secret-key               <?>                 A key used to sign download requests sent to the remote store. Optional.   (none)
-    dataverse.files.<id>.url-expiration-minutes  <?>                 If direct downloads and using signing: time until links expire. Optional.   60
-    dataverse.files.<id>.remote-store-name       <?>                 A short name used in the UI to indicate where a file is located. Optional.  (none)
-    dataverse.files.<id>.remote-store-url        <?>                 A url to an info page about the remote store used in the UI. Optional.      (none)
+    =======================================================  ==================  ==========================================================================  ===================
+    JVM Option                                               Value               Description                                                                 Default value
+    =======================================================  ==================  ==========================================================================  ===================
+    dataverse.files.<id>.type                                ``remote``          **Required** to mark this storage as remote.                                (none)
+    dataverse.files.<id>.label                               <?>                 **Required** label to be shown in the UI for this storage.                  (none)
+    dataverse.files.<id>.base-url                            <?>                 **Required** All files must have URLs of the form <baseUrl>/* .             (none)
+    dataverse.files.<id>.base-store                          <?>                 **Required** The id of a base store (of type file, s3, or swift).           (the default store)
+    dataverse.files.<id>.upload-out-of-band                  ``true``            **Required to be true** Dataverse does not manage file placement            ``false``
+    dataverse.files.<id>.download-redirect                   ``true``/``false``  Enable direct download (should usually be true).                            ``false``
+    dataverse.files.<id>.secret-key                          <?>                 A key used to sign download requests sent to the remote store. Optional.    (none)
+    dataverse.files.<id>.url-expiration-minutes              <?>                 If direct downloads and using signing: time until links expire. Optional.   60
+    dataverse.files.<id>.remote-store-name                   <?>                 A short name used in the UI to indicate where a file is located. Optional.  (none)
+    dataverse.files.<id>.remote-store-url                    <?>                 A url to an info page about the remote store used in the UI. Optional.      (none)
+    dataverse.files.<id>.files-not-accessible-by-dataverse   ``true``/``false``  True if the file is at the url provided, false if that is a landing page    ``false``
     
-    ===========================================  ==================  ==========================================================================  ===================
+    =======================================================  ==================  ==========================================================================  ===================
 
 .. _globus-storage:
 

From 5cbf6285442f0b83da159368e59d80ef9f97a7ad Mon Sep 17 00:00:00 2001
From: Stephen Kraffmiller <skraffmiller@hmdc.harvard.edu>
Date: Mon, 22 Sep 2025 16:59:03 -0400
Subject: [PATCH 291/634] Update native-api.rst

---
 doc/sphinx-guides/source/api/native-api.rst | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/doc/sphinx-guides/source/api/native-api.rst b/doc/sphinx-guides/source/api/native-api.rst
index 1fba99039b6..f8f84430ac6 100644
--- a/doc/sphinx-guides/source/api/native-api.rst
+++ b/doc/sphinx-guides/source/api/native-api.rst
@@ -774,7 +774,7 @@ The fully expanded example above (without environment variables) looks like this
 
   curl -H "X-Dataverse-key:xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx" -X GET "https://demo.dataverse.org/api/dataverses/:persistentId/dataset/linkingDataverses?searchTerm=searchOn&persistentId=doi:10.5072/FK2/J8SJZB" 
 
-
+You may also add an optional "alreadyLinked=true" parameter to return collections which are already linked to the given Dataset or Dataverse Collection.
 
 List Featured Collections for a Dataverse Collection
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

From b2d8e346f7f7cd8448c8e2eecffc95ad333ee04f Mon Sep 17 00:00:00 2001
From: Philip Durbin <philip_durbin@harvard.edu>
Date: Tue, 23 Sep 2025 11:54:46 -0400
Subject: [PATCH 292/634] bump keycloak version

---
 conf/keycloak/builtin-users-spi/pom.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/conf/keycloak/builtin-users-spi/pom.xml b/conf/keycloak/builtin-users-spi/pom.xml
index 8a4c6c5a5ad..2a730621f85 100644
--- a/conf/keycloak/builtin-users-spi/pom.xml
+++ b/conf/keycloak/builtin-users-spi/pom.xml
@@ -100,7 +100,7 @@
     </build>
 
     <properties>
-        <keycloak.version>26.3.3</keycloak.version>
+        <keycloak.version>26.3.4</keycloak.version>
         <java.version>17</java.version>
         <jakarta.persistence.version>3.2.0</jakarta.persistence.version>
         <mindrot.jbcrypt.version>0.4</mindrot.jbcrypt.version>

From ea2deb96d8fca5f3b0f7347a2b8b20c593d59042 Mon Sep 17 00:00:00 2001
From: Philip Durbin <philip_durbin@harvard.edu>
Date: Thu, 25 Sep 2025 12:51:29 -0400
Subject: [PATCH 293/634] update base image version for post-6.8 release #11680

---
 modules/dataverse-parent/pom.xml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/modules/dataverse-parent/pom.xml b/modules/dataverse-parent/pom.xml
index 013034f14d1..80d4ceaabe6 100644
--- a/modules/dataverse-parent/pom.xml
+++ b/modules/dataverse-parent/pom.xml
@@ -454,8 +454,8 @@
                     Once the release has been made (tag created), change this back to "${parsedVersion.majorVersion}.${parsedVersion.nextMinorVersion}"
                     (These properties are provided by the build-helper plugin below.)
                 -->
-                <!-- <base.image.version>${parsedVersion.majorVersion}.${parsedVersion.nextMinorVersion}</base.image.version> -->
-                <base.image.version>${revision}</base.image.version>
+                <base.image.version>${parsedVersion.majorVersion}.${parsedVersion.nextMinorVersion}</base.image.version>
+                <!-- <base.image.version>${revision}</base.image.version> -->
                 <!-- This is used by the maintenance CI jobs, no need to adapt during releases. -->
                 <app.image.version>${base.image.version}</app.image.version>
             </properties>

From 26818a76ae19ed7493902dbf3adc2625f01dce76 Mon Sep 17 00:00:00 2001
From: Stephen Kraffmiller <skraffmiller@hmdc.harvard.edu>
Date: Thu, 25 Sep 2025 13:29:41 -0400
Subject: [PATCH 294/634] #11772 prelim check in

---
 .../tests/data/update-dataset-terms.json      | 20 +++++++
 .../harvard/iq/dataverse/api/Datasets.java    | 33 +++++++++++
 .../impl/UpdateDatasetTermsOfUseCommand.java  | 59 +++++++++++++++++++
 .../impl/UpdateDatasetVersionCommand.java     |  3 +-
 .../iq/dataverse/util/json/JsonParser.java    | 16 +++++
 .../harvard/iq/dataverse/api/DatasetsIT.java  | 49 +++++++++++++--
 .../edu/harvard/iq/dataverse/api/UtilIT.java  | 29 +++++++++
 .../UpdateDatasetTermsOfUseCommandTest.java   | 55 +++++++++++++++++
 .../json/update-dataset-terms-access.json     | 20 +++++++
 9 files changed, 278 insertions(+), 6 deletions(-)
 create mode 100644 scripts/search/tests/data/update-dataset-terms.json
 create mode 100644 src/main/java/edu/harvard/iq/dataverse/engine/command/impl/UpdateDatasetTermsOfUseCommand.java
 create mode 100644 src/test/java/edu/harvard/iq/dataverse/engine/command/impl/UpdateDatasetTermsOfUseCommandTest.java
 create mode 100644 src/test/resources/json/update-dataset-terms-access.json

diff --git a/scripts/search/tests/data/update-dataset-terms.json b/scripts/search/tests/data/update-dataset-terms.json
new file mode 100644
index 00000000000..dbe6380ca56
--- /dev/null
+++ b/scripts/search/tests/data/update-dataset-terms.json
@@ -0,0 +1,20 @@
+{
+    "termsOfAccess": {
+        "fileAccessRequest": "true",
+        "termsOfAccessForRestrictedFiles": "For access to restriced files please see read me file",
+        "dataAccessPlace": "dataAccessPlace",
+        "originalArchive": "originalArchive",
+        "availabilityStatus": "availabilityStatus",
+        "contactForAccess": "contactForAccess",
+        "sizeOfCollection": "sizeOfCollection",
+        "studyCompletion": "studyCompletion",
+        "termsOfUse": "termsOfUse",
+        "confidentialityDeclaration": "confidentialityDeclaration",
+        "specialPermissions": "specialPermissions",
+        "restrictions": "restrictions",
+        "citationRequirements": "citationRequirements",
+        "depositorRequirements": "depositorRequirements",
+        "conditions": "conditions",
+        "disclaimer": "disclaimer"
+    }
+}
diff --git a/src/main/java/edu/harvard/iq/dataverse/api/Datasets.java b/src/main/java/edu/harvard/iq/dataverse/api/Datasets.java
index fb97c761ef1..355db7c8c60 100644
--- a/src/main/java/edu/harvard/iq/dataverse/api/Datasets.java
+++ b/src/main/java/edu/harvard/iq/dataverse/api/Datasets.java
@@ -1152,6 +1152,39 @@ public Response editVersionMetadata(@Context ContainerRequestContext crc, String
             return ex.getResponse();
         }
     }
+    
+    @PUT
+    @AuthRequired
+    @Path("{id}/editTerms")
+    public Response editVersionTermsOfUse(@Context ContainerRequestContext crc, String jsonBody, @PathParam("id") String id,
+                                        @QueryParam("sourceLastUpdateTime") String sourceLastUpdateTime) {
+        try {
+            Dataset dataset = findDatasetOrDie(id);
+
+            if (sourceLastUpdateTime != null) {
+                validateInternalTimestampIsNotOutdated(dataset, sourceLastUpdateTime);
+            }
+
+            JsonObject json = JsonUtil.getJsonObject(jsonBody);
+            System.out.print(jsonBody);
+            TermsOfUseAndAccess toua = jsonParser().parseTermsOfUseAndAccess(json);
+            
+            
+            toua.setDatasetVersion(dataset.getLatestVersion());
+            
+            
+            DatasetVersion updatedVersion = execCommand(new UpdateDatasetTermsOfUseCommand(dataset, toua, createDataverseRequest(getRequestUser(crc)))).getLatestVersion();
+
+            return ok(json(updatedVersion, true));
+
+        } catch (JsonParseException ex) {
+            logger.log(Level.SEVERE, "Semantic error parsing dataset terms update Json: " + ex.getMessage(), ex);
+            return error(Response.Status.BAD_REQUEST, BundleUtil.getStringFromBundle("datasets.api.editMetadata.error.parseUpdate", List.of(ex.getMessage())));
+        } catch (WrappedResponse ex) {
+            logger.log(Level.SEVERE, "Update terms of use error: " + ex.getMessage(), ex);
+            return ex.getResponse();
+        }
+    }
 
     /**
      * @deprecated This was shipped as a GET but should have been a POST, see https://github.com/IQSS/dataverse/issues/2431
diff --git a/src/main/java/edu/harvard/iq/dataverse/engine/command/impl/UpdateDatasetTermsOfUseCommand.java b/src/main/java/edu/harvard/iq/dataverse/engine/command/impl/UpdateDatasetTermsOfUseCommand.java
new file mode 100644
index 00000000000..6e7a5c29e57
--- /dev/null
+++ b/src/main/java/edu/harvard/iq/dataverse/engine/command/impl/UpdateDatasetTermsOfUseCommand.java
@@ -0,0 +1,59 @@
+/*
+ * Click nbfs://nbhost/SystemFileSystem/Templates/Licenses/license-default.txt to change this license
+ * Click nbfs://nbhost/SystemFileSystem/Templates/Classes/Class.java to edit this template
+ */
+package edu.harvard.iq.dataverse.engine.command.impl;
+
+import edu.harvard.iq.dataverse.Dataset;
+import edu.harvard.iq.dataverse.DatasetVersion;
+import edu.harvard.iq.dataverse.TermsOfUseAndAccess;
+import edu.harvard.iq.dataverse.authorization.Permission;
+import edu.harvard.iq.dataverse.engine.command.CommandContext;
+import edu.harvard.iq.dataverse.engine.command.DataverseRequest;
+import edu.harvard.iq.dataverse.engine.command.RequiredPermissions;
+import edu.harvard.iq.dataverse.engine.command.exception.CommandException;
+import edu.harvard.iq.dataverse.engine.command.exception.InvalidCommandArgumentsException;
+import edu.harvard.iq.dataverse.util.BundleUtil;
+
+/**
+ *
+ * @author stephenkraffmiller
+ */
+@RequiredPermissions(Permission.EditDataset)
+public class UpdateDatasetTermsOfUseCommand  extends AbstractDatasetCommand<Dataset>{
+    
+    
+    private final Dataset dataset;
+    private final TermsOfUseAndAccess termsOfUseAndAccess;
+    private final UpdateDatasetVersionCommand updateDatasetVersionCommand;
+    
+    public UpdateDatasetTermsOfUseCommand(Dataset dataset, TermsOfUseAndAccess termsOfUseAndAccess,  DataverseRequest request) {
+        this(dataset, termsOfUseAndAccess,  request, null);
+    }
+
+    //Command included for testing purposes
+    public UpdateDatasetTermsOfUseCommand( Dataset dataset, TermsOfUseAndAccess termsOfUseAndAccess, DataverseRequest aRequest, UpdateDatasetVersionCommand updateDatasetVersionCommand ) {
+        super(aRequest, dataset);
+        this.dataset = dataset;
+        this.termsOfUseAndAccess = termsOfUseAndAccess;
+        this.updateDatasetVersionCommand = updateDatasetVersionCommand;
+    }
+
+    @Override
+    public Dataset execute(CommandContext ctxt) throws CommandException {
+        DatasetVersion datasetVersion = dataset.getOrCreateEditVersion();
+
+        
+        datasetVersion.setTermsOfUseAndAccess(termsOfUseAndAccess);
+         
+        datasetVersion.setVersionState(DatasetVersion.VersionState.DRAFT);
+        termsOfUseAndAccess.setDatasetVersion(datasetVersion);
+        System.out.print("From input....");
+        System.out.print(termsOfUseAndAccess.getConfidentialityDeclaration());
+        System.out.print("From DatasetVersion....");
+        System.out.print(datasetVersion.getTermsOfUseAndAccess().getConfidentialityDeclaration());
+        System.out.print("$$$$$$$$$$$$$$$$$$$$$$$$");
+        return ctxt.engine().submit(updateDatasetVersionCommand == null ? new UpdateDatasetVersionCommand(this.dataset, getRequest()) : updateDatasetVersionCommand);
+    }
+    
+}
diff --git a/src/main/java/edu/harvard/iq/dataverse/engine/command/impl/UpdateDatasetVersionCommand.java b/src/main/java/edu/harvard/iq/dataverse/engine/command/impl/UpdateDatasetVersionCommand.java
index 209791faafb..1a3a55be4a0 100644
--- a/src/main/java/edu/harvard/iq/dataverse/engine/command/impl/UpdateDatasetVersionCommand.java
+++ b/src/main/java/edu/harvard/iq/dataverse/engine/command/impl/UpdateDatasetVersionCommand.java
@@ -100,7 +100,7 @@ public Dataset execute(CommandContext ctxt) throws CommandException {
         if ( ! (getUser() instanceof AuthenticatedUser) ) {
             throw new IllegalCommandException("Only authenticated users can update datasets", this);
         }
-        
+
         Dataset theDataset = getDataset();        
         ctxt.permissions().checkUpdateDatasetVersionLock(theDataset, getRequest(), this);
         Dataset savedDataset = null;
@@ -136,6 +136,7 @@ public Dataset execute(CommandContext ctxt) throws CommandException {
             }
             
             getDataset().getOrCreateEditVersion(fmVarMet).setDatasetFields(getDataset().getOrCreateEditVersion(fmVarMet).initDatasetFields());
+
             validateOrDie(getDataset().getOrCreateEditVersion(fmVarMet), isValidateLenient());
 
             final DatasetVersion editVersion = getDataset().getOrCreateEditVersion(fmVarMet);
diff --git a/src/main/java/edu/harvard/iq/dataverse/util/json/JsonParser.java b/src/main/java/edu/harvard/iq/dataverse/util/json/JsonParser.java
index bd97bcf4274..fd662b975a6 100644
--- a/src/main/java/edu/harvard/iq/dataverse/util/json/JsonParser.java
+++ b/src/main/java/edu/harvard/iq/dataverse/util/json/JsonParser.java
@@ -377,6 +377,22 @@ public static <E extends Enum<E>> List<E> parseEnumsFromArray(JsonArray enumsArr
         }
         return enums;
     }
+    
+    public TermsOfUseAndAccess parseTermsOfUseAndAccess(JsonObject obj) throws JsonParseException {
+
+        TermsOfUseAndAccess terms = new TermsOfUseAndAccess();
+
+        terms.setTermsOfUse(obj.getString("termsOfUse", null));
+        terms.setConfidentialityDeclaration(obj.getString("confidentialityDeclaration", null));
+        terms.setSpecialPermissions(obj.getString("specialPermissions", null));
+        terms.setRestrictions(obj.getString("restrictions", null));
+        terms.setCitationRequirements(obj.getString("citationRequirements", null));
+        terms.setDepositorRequirements(obj.getString("depositorRequirements", null));
+        terms.setConditions(obj.getString("conditions", null));
+        terms.setDisclaimer(obj.getString("disclaimer", null));
+
+        return terms;
+    }
 
     public DatasetVersion parseDatasetVersion(JsonObject obj) throws JsonParseException {
         return parseDatasetVersion(obj, new DatasetVersion());
diff --git a/src/test/java/edu/harvard/iq/dataverse/api/DatasetsIT.java b/src/test/java/edu/harvard/iq/dataverse/api/DatasetsIT.java
index b273502e6ed..91196b6b9d5 100644
--- a/src/test/java/edu/harvard/iq/dataverse/api/DatasetsIT.java
+++ b/src/test/java/edu/harvard/iq/dataverse/api/DatasetsIT.java
@@ -3969,8 +3969,8 @@ private JsonObject getDataAsJsonObject(String body) {
     private String getData(String body) {
             return getDataAsJsonObject(body).toString();
     }
-
-    @Test
+    
+        @Test
     public void testFilesUnchangedAfterDatasetMetadataUpdate() throws IOException {
         Response createUser = UtilIT.createRandomUser();
         createUser.prettyPrint();
@@ -4016,20 +4016,59 @@ public void testFilesUnchangedAfterDatasetMetadataUpdate() throws IOException {
                 .statusCode(OK.getStatusCode())
                 .body("data.latestVersion.files[0].label", equalTo("run.sh"))
                 .body("data.latestVersion.files[0].directoryLabel", equalTo("code"));
-        
+
         String pathToJsonFile = "doc/sphinx-guides/source/_static/api/dataset-update-metadata.json";
         Response updateTitle = UtilIT.updateDatasetMetadataViaNative(datasetPid, pathToJsonFile, apiToken);
         updateTitle.prettyPrint();
         updateTitle.then().assertThat()
                 .statusCode(OK.getStatusCode());
-        
+
         Response getDatasetJsonAfterUpdate = UtilIT.nativeGet(datasetId, apiToken);
         getDatasetJsonAfterUpdate.prettyPrint();
         getDatasetJsonAfterUpdate.then().assertThat()
                 .statusCode(OK.getStatusCode())
                 .body("data.latestVersion.files[0].label", equalTo("run.sh"))
                 .body("data.latestVersion.files[0].directoryLabel", equalTo("code"));
-        
+
+    }
+
+    @Test
+    public void testUpdateDatasetTerms() throws IOException {
+        Response createUser = UtilIT.createRandomUser();
+        createUser.prettyPrint();
+        createUser.then().assertThat()
+                .statusCode(OK.getStatusCode());
+        String apiToken = UtilIT.getApiTokenFromResponse(createUser);
+
+        Response createDataverse = UtilIT.createRandomDataverse(apiToken);
+        createDataverse.prettyPrint();
+        createDataverse.then().assertThat()
+                .statusCode(CREATED.getStatusCode());
+
+        String dataverseAlias = UtilIT.getAliasFromResponse(createDataverse);
+
+        Response createDataset = UtilIT.createRandomDatasetViaNativeApi(dataverseAlias, apiToken);
+        createDataset.prettyPrint();
+        createDataset.then().assertThat()
+                .statusCode(CREATED.getStatusCode());
+
+        String datasetPid = JsonPath.from(createDataset.asString()).getString("data.persistentId");
+        Integer datasetId = JsonPath.from(createDataset.asString()).getInt("data.id");
+
+        UtilIT.publishDataverseViaNativeApi(dataverseAlias, apiToken).then().assertThat().statusCode(OK.getStatusCode());
+        UtilIT.publishDatasetViaNativeApi(datasetId, "major", apiToken).then().assertThat().statusCode(OK.getStatusCode());
+
+        Response getDatasetJsonBeforeUpdate = UtilIT.nativeGet(datasetId, apiToken);
+        getDatasetJsonBeforeUpdate.prettyPrint();
+        getDatasetJsonBeforeUpdate.then().assertThat()
+                .statusCode(OK.getStatusCode());
+
+        String pathToJsonFile = "src/test/resources/json/update-dataset-terms-access.json";
+        Response updateTerms = UtilIT.updateDatasetTermsAndAccess(datasetPid, apiToken, pathToJsonFile);
+        updateTerms.prettyPrint();
+        updateTerms.then().assertThat()
+                .statusCode(OK.getStatusCode());
+
     }
 
 
diff --git a/src/test/java/edu/harvard/iq/dataverse/api/UtilIT.java b/src/test/java/edu/harvard/iq/dataverse/api/UtilIT.java
index eba8181e566..69096a52a5b 100644
--- a/src/test/java/edu/harvard/iq/dataverse/api/UtilIT.java
+++ b/src/test/java/edu/harvard/iq/dataverse/api/UtilIT.java
@@ -3859,6 +3859,35 @@ static Response updateDatasetJsonLDMetadata(Integer datasetId, String apiToken,
             .put("/api/datasets/" + datasetId + "/metadata?replace=" + replace);
         return response;
     }
+    
+    static Response updateDatasetTermsAndAccess(String idOrPersistentIdOfDataset, String apiToken, String pathToJsonFile) {
+        String idInPath = idOrPersistentIdOfDataset;
+        String optionalQueryParam = "";
+        if (!NumberUtils.isCreatable(idOrPersistentIdOfDataset)) {
+            idInPath = ":persistentId";
+            optionalQueryParam = "?persistentId=" + idOrPersistentIdOfDataset;
+        }
+
+        String jsonIn = getDatasetTerms(pathToJsonFile);
+        Response response = given()
+                .header(API_TOKEN_HTTP_HEADER, apiToken)
+                .contentType("application/json")
+                .body(jsonIn)
+                .put("/api/datasets/" + idInPath + "/editTerms" + optionalQueryParam);
+        return response;
+    }
+    
+    public static String getDatasetTerms(String pathToJsonFile) {
+        File datasetTermsJson = new File(pathToJsonFile);
+        try {
+            String datasetTermsAsJson = new String(Files.readAllBytes(Paths.get(datasetTermsJson.getAbsolutePath())));
+            return datasetTermsAsJson;
+        } catch (IOException ex) {
+            Logger.getLogger(UtilIT.class.getName()).log(Level.SEVERE, null, ex);
+            return null;
+        }
+
+    }
 
     static Response deleteDatasetJsonLDMetadata(Integer datasetId, String apiToken, String jsonLDBody) {
         Response response = given()
diff --git a/src/test/java/edu/harvard/iq/dataverse/engine/command/impl/UpdateDatasetTermsOfUseCommandTest.java b/src/test/java/edu/harvard/iq/dataverse/engine/command/impl/UpdateDatasetTermsOfUseCommandTest.java
new file mode 100644
index 00000000000..e9d357ecbe6
--- /dev/null
+++ b/src/test/java/edu/harvard/iq/dataverse/engine/command/impl/UpdateDatasetTermsOfUseCommandTest.java
@@ -0,0 +1,55 @@
+/*
+ * Click nbfs://nbhost/SystemFileSystem/Templates/Licenses/license-default.txt to change this license
+ * Click nbfs://nbhost/SystemFileSystem/Templates/Classes/Class.java to edit this template
+ */
+package edu.harvard.iq.dataverse.engine.command.impl;
+
+import edu.harvard.iq.dataverse.Dataset;
+import edu.harvard.iq.dataverse.DatasetVersion;
+import edu.harvard.iq.dataverse.TermsOfUseAndAccess;
+import edu.harvard.iq.dataverse.dataset.DatasetFieldsValidator;
+import edu.harvard.iq.dataverse.engine.DataverseEngine;
+import edu.harvard.iq.dataverse.engine.command.CommandContext;
+import edu.harvard.iq.dataverse.engine.command.DataverseRequest;
+import edu.harvard.iq.dataverse.engine.command.exception.CommandException;
+import org.junit.jupiter.api.BeforeEach;
+import org.mockito.Mock;
+import static org.mockito.Mockito.when;
+import org.mockito.MockitoAnnotations;
+
+/**
+ *
+ * @author stephenkraffmiller
+ */
+public class UpdateDatasetTermsOfUseCommandTest {
+    @Mock
+    private UpdateDatasetVersionCommand updateDatasetVersionCommandStub;
+    @Mock
+    private DataverseEngine dataverseEngineMock;
+    @Mock
+    private Dataset datasetMock;
+    @Mock
+    private DataverseRequest dataverseRequestStub;
+    @Mock
+    private TermsOfUseAndAccess termsOfUseAndAccessStub;
+    @Mock
+    private CommandContext commandContextMock;
+    @Mock
+    private DatasetVersion datasetVersionMock;
+    @Mock
+    private DatasetFieldsValidator datasetFieldsValidatorMock;
+
+    private UpdateDatasetFieldsCommand sut;
+    
+    @BeforeEach
+    public void setUp() throws CommandException {
+        MockitoAnnotations.openMocks(this);
+
+        when(dataverseEngineMock.submit(updateDatasetVersionCommandStub)).thenReturn(datasetMock);
+        when(commandContextMock.engine()).thenReturn(dataverseEngineMock);
+        when(commandContextMock.datasetFieldsValidator()).thenReturn(datasetFieldsValidatorMock);
+        when(datasetMock.getOrCreateEditVersion()).thenReturn(datasetVersionMock);
+        when(datasetVersionMock.getTermsOfUseAndAccess()).thenReturn(termsOfUseAndAccessStub);
+    }
+    
+}
diff --git a/src/test/resources/json/update-dataset-terms-access.json b/src/test/resources/json/update-dataset-terms-access.json
new file mode 100644
index 00000000000..dbe6380ca56
--- /dev/null
+++ b/src/test/resources/json/update-dataset-terms-access.json
@@ -0,0 +1,20 @@
+{
+    "termsOfAccess": {
+        "fileAccessRequest": "true",
+        "termsOfAccessForRestrictedFiles": "For access to restriced files please see read me file",
+        "dataAccessPlace": "dataAccessPlace",
+        "originalArchive": "originalArchive",
+        "availabilityStatus": "availabilityStatus",
+        "contactForAccess": "contactForAccess",
+        "sizeOfCollection": "sizeOfCollection",
+        "studyCompletion": "studyCompletion",
+        "termsOfUse": "termsOfUse",
+        "confidentialityDeclaration": "confidentialityDeclaration",
+        "specialPermissions": "specialPermissions",
+        "restrictions": "restrictions",
+        "citationRequirements": "citationRequirements",
+        "depositorRequirements": "depositorRequirements",
+        "conditions": "conditions",
+        "disclaimer": "disclaimer"
+    }
+}

From 9fff5df5d3f198a8c2d3ea9f980a5e780a9cec96 Mon Sep 17 00:00:00 2001
From: Stephen Kraffmiller <skraffmiller@hmdc.harvard.edu>
Date: Thu, 25 Sep 2025 13:56:04 -0400
Subject: [PATCH 295/634] #11772 fix parser

---
 .../iq/dataverse/util/json/JsonParser.java    | 26 +++++++++----------
 1 file changed, 13 insertions(+), 13 deletions(-)

diff --git a/src/main/java/edu/harvard/iq/dataverse/util/json/JsonParser.java b/src/main/java/edu/harvard/iq/dataverse/util/json/JsonParser.java
index fd662b975a6..b74f852202c 100644
--- a/src/main/java/edu/harvard/iq/dataverse/util/json/JsonParser.java
+++ b/src/main/java/edu/harvard/iq/dataverse/util/json/JsonParser.java
@@ -379,19 +379,19 @@ public static <E extends Enum<E>> List<E> parseEnumsFromArray(JsonArray enumsArr
     }
     
     public TermsOfUseAndAccess parseTermsOfUseAndAccess(JsonObject obj) throws JsonParseException {
-
-        TermsOfUseAndAccess terms = new TermsOfUseAndAccess();
-
-        terms.setTermsOfUse(obj.getString("termsOfUse", null));
-        terms.setConfidentialityDeclaration(obj.getString("confidentialityDeclaration", null));
-        terms.setSpecialPermissions(obj.getString("specialPermissions", null));
-        terms.setRestrictions(obj.getString("restrictions", null));
-        terms.setCitationRequirements(obj.getString("citationRequirements", null));
-        terms.setDepositorRequirements(obj.getString("depositorRequirements", null));
-        terms.setConditions(obj.getString("conditions", null));
-        terms.setDisclaimer(obj.getString("disclaimer", null));
-
-        return terms;
+        JsonObject terms = obj.getJsonObject("termsOfAccess");
+        TermsOfUseAndAccess toaa = new TermsOfUseAndAccess();
+
+        toaa.setTermsOfUse(terms.getString("termsOfUse", null));
+        toaa.setConfidentialityDeclaration(terms.getString("confidentialityDeclaration", null));
+        toaa.setSpecialPermissions(terms.getString("specialPermissions", null));
+        toaa.setRestrictions(terms.getString("restrictions", null));
+        toaa.setCitationRequirements(terms.getString("citationRequirements", null));
+        toaa.setDepositorRequirements(terms.getString("depositorRequirements", null));
+        toaa.setConditions(terms.getString("conditions", null));
+        toaa.setDisclaimer(terms.getString("disclaimer", null));
+
+        return toaa;
     }
 
     public DatasetVersion parseDatasetVersion(JsonObject obj) throws JsonParseException {

From 892193c5e76f373c08b953a5f516fa257e84af1a Mon Sep 17 00:00:00 2001
From: Philip Durbin <philip_durbin@harvard.edu>
Date: Thu, 18 Sep 2025 14:16:23 -0400
Subject: [PATCH 296/634] get `make docs-html` working #11829

---
 makefile | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/makefile b/makefile
index 315ff9c508c..1ffdb627275 100644
--- a/makefile
+++ b/makefile
@@ -1,5 +1,5 @@
-
-SPHINX_VERSION = $(shell grep "Sphinx" ./doc/sphinx-guides/requirements.txt | awk -F'==' '{print $$2}')
+# We use "Sphinx=" to avoid packages like Sphinx-Substitution-Extensions
+SPHINX_VERSION = $(shell grep "Sphinx=" ./doc/sphinx-guides/requirements.txt | awk -F'==' '{print $$2}')
 docs-html:
 	docker run -it --rm -v $$(pwd):/docs sphinxdoc/sphinx:$(SPHINX_VERSION) bash -c "cd doc/sphinx-guides && pip3 install -r requirements.txt && make clean && make html"
 
@@ -11,4 +11,4 @@ docs-epub:
 
 docs-all:
 	docker run -it --rm -v $$(pwd):/docs sphinxdoc/sphinx:$(SPHINX_VERSION) bash -c "cd doc/sphinx-guides && pip3 install -r requirements.txt && make clean && make html && make epub"
-	docker run -it --rm -v $$(pwd):/docs sphinxdoc/sphinx-latexpdf:$(SPHINX_VERSION) bash -c "cd doc/sphinx-guides && pip3 install -r requirements.txt && make latexpdf LATEXMKOPTS=\"-interaction=nonstopmode\"; cd ../.. && ls -1 doc/sphinx-guides/build/latex/Dataverse.pdf"
\ No newline at end of file
+	docker run -it --rm -v $$(pwd):/docs sphinxdoc/sphinx-latexpdf:$(SPHINX_VERSION) bash -c "cd doc/sphinx-guides && pip3 install -r requirements.txt && make latexpdf LATEXMKOPTS=\"-interaction=nonstopmode\"; cd ../.. && ls -1 doc/sphinx-guides/build/latex/Dataverse.pdf"

From 92d36c61bc7ffd6675a796af98d582e0bfa8b312 Mon Sep 17 00:00:00 2001
From: Philip Durbin <philip_durbin@harvard.edu>
Date: Thu, 18 Sep 2025 15:20:03 -0400
Subject: [PATCH 297/634] suggest Docker first, require Python 3.10, reorg

---
 .../source/contributor/documentation.md       | 75 ++++++++++---------
 1 file changed, 38 insertions(+), 37 deletions(-)

diff --git a/doc/sphinx-guides/source/contributor/documentation.md b/doc/sphinx-guides/source/contributor/documentation.md
index 2a8d6794921..2585a9f0712 100644
--- a/doc/sphinx-guides/source/contributor/documentation.md
+++ b/doc/sphinx-guides/source/contributor/documentation.md
@@ -50,76 +50,77 @@ If you would like to read more about the Dataverse's use of GitHub, please see t
 
 ## Building the Guides with Sphinx
 
-While the "quick fix" technique shown above should work fine for minor changes, especially for larger changes, we recommend installing Sphinx on your computer or using a Sphinx Docker container to build the guides locally so you can get an accurate preview of your changes.
+While the "quick fix" technique shown above should work fine for minor changes, in many cases, you're going to want to preview changes locally before committing them.
 
-In case you decide to use a Sphinx Docker container to build the guides, you can skip the next two installation sections, but you will need to have Docker installed.
+Before we worry about pushing changes to the code, let's make sure we can build the guides.
 
-### Installing Sphinx
+Go to <https://github.com/IQSS/dataverse> and click "Code" and then follow the instructions to clone the code locally.
 
-First, make a fork of <https://github.com/IQSS/dataverse> and clone your fork locally. Then change to the ``doc/sphinx-guides`` directory.
+### Makefile and Docker
 
-``cd doc/sphinx-guides``
+From a terminal, switch to the "dataverse" directory you just cloned.
 
-Create a Python virtual environment, activate it, then install dependencies:
-
-``python3 -m venv venv``
+`cd dataverse`
 
-``source venv/bin/activate``
+Then try building the HTML version of the guides.
 
-``pip install -r requirements.txt``
+`make docs-html`
 
-### Installing GraphViz
+If all goes well, you should be able open `doc/sphinx-guides/build/html/index.html` to see the guides you just built.
 
-In some parts of the documentation, graphs are rendered as images using the Sphinx GraphViz extension.
+Here is the complete list of commands.
 
-Building the guides requires the ``dot`` executable from GraphViz.
+- `make docs-html`
+- `make docs-pdf`
+- `make docs-epub`
+- `make docs-all`
 
-This requires having [GraphViz](https://graphviz.org) installed and either having ``dot`` on the path or
-[adding options to the `make` call](https://groups.google.com/forum/#!topic/sphinx-users/yXgNey_0M3I).
+### Docker
 
-On a Mac we recommend installing GraphViz through [Homebrew](<https://brew.sh>). Once you have Homebrew installed and configured to work with your shell, you can type `brew install graphviz`.
+Also from the "dataverse" directory (the root of the git repo), you can try this command:
 
-### Editing and Building the Guides
+`docker run -it --rm -v $(pwd):/docs sphinxdoc/sphinx:7.2.6 bash -c "cd doc/sphinx-guides && pip3 install -r requirements.txt && make html"`
 
-To edit the existing documentation:
+### Sphinx Installed Locally
 
-- Create a branch (see {ref}`how-to-make-a-pull-request`).
-- In ``doc/sphinx-guides/source`` you will find the .rst files that correspond to https://guides.dataverse.org.
-- Using your preferred text editor, open and edit the necessary files, or create new ones.
+First, run `python --version` or `python3 --version` to determine the version of Python you have. If you don't have Python 3.10 or higher, you must upgrade.
 
-Once you are done, you can preview the changes by building the guides locally. As explained, you can build the guides with Sphinx locally installed, or with a Docker container.
+Next, change to the `doc/sphinx-guides` directory.
 
-#### Building the Guides with Sphinx Installed Locally
+`cd doc/sphinx-guides`
 
-Open a terminal, change directories to `doc/sphinx-guides`, activate (or reactivate) your Python virtual environment, and build the guides.
+Create a Python virtual environment, activate it, then install dependencies:
 
-`cd doc/sphinx-guides`
+`python3 -m venv venv`
 
 `source venv/bin/activate`
 
-`make clean`
+`pip install -r requirements.txt`
 
-`make html`
+Next, install [GraphViz](https://graphviz.org) because building the guides requires having the `dot` executable from GraphViz either on the path or passed [as an argument](https://groups.google.com/g/sphinx-users/c/yXgNey_0M3I/m/3T2NipFlBgAJ).
 
-#### Building the Guides with a Sphinx Docker Container and a Makefile
+On a Mac we recommend installing GraphViz through [Homebrew](<https://brew.sh>). Once you have Homebrew installed and configured to work with your shell, you can type `brew install graphviz`.
 
-We have added a Makefile to simplify the process of building the guides using a Docker container, you can use the following commands from the repository root:
+Finally, you can try building the guides with the following command.
 
-- `make docs-html`
-- `make docs-pdf`
-- `make docs-epub`
-- `make docs-all`
+`make html`
 
-#### Building the Guides with a Sphinx Docker Container and CLI
+If all goes well, you should be able open `doc/sphinx-guides/build/html/index.html` to see the guides you just built.
 
-If you want to build the guides using a Docker container, execute the following command in the repository root:
+## Editing, Building, and Previewing the Guides
 
-`docker run -it --rm -v $(pwd):/docs sphinxdoc/sphinx:7.2.6 bash -c "cd doc/sphinx-guides && pip3 install -r requirements.txt && make html"`
+To edit the existing documentation:
+
+- Create a branch (see {ref}`how-to-make-a-pull-request`).
+- In `doc/sphinx-guides/source` you will find the .rst or .md files that correspond to https://guides.dataverse.org.
+- Using your preferred text editor, open and edit the necessary files, or create new ones.
 
-#### Previewing the Guides
+Once you are done, you can preview the changes by building the guides using one of the options above.
 
 After Sphinx is done processing the files you should notice that the `html` folder in `doc/sphinx-guides/build` directory has been updated. You can click on the files in the `html` folder to preview the changes.
 
+## Making a Pull Request
+
 Now you can make a commit with the changes to your own fork in GitHub and submit a pull request. See {ref}`how-to-make-a-pull-request`.
 
 ## Writing Guidelines

From 3ea1ef24ff722baacc92f4abefab484e441149ec Mon Sep 17 00:00:00 2001
From: Philip Durbin <philip_durbin@harvard.edu>
Date: Thu, 18 Sep 2025 15:25:16 -0400
Subject: [PATCH 298/634] custom titles in .md

---
 doc/sphinx-guides/source/contributor/documentation.md | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

diff --git a/doc/sphinx-guides/source/contributor/documentation.md b/doc/sphinx-guides/source/contributor/documentation.md
index 2585a9f0712..2bdcbebb340 100644
--- a/doc/sphinx-guides/source/contributor/documentation.md
+++ b/doc/sphinx-guides/source/contributor/documentation.md
@@ -154,16 +154,22 @@ If the page is written in Markdown (.md), use this form:
 
 ### Links
 
-Getting links right with .rst files can be tricky.
+Getting links right can be tricky.
 
 #### Custom Titles
 
-You can use a custom title when linking to a document like this:
+In .rst files you can use a custom title when linking to a document like this:
 
     :doc:`Custom title </api/intro>`
 
 See also <https://docs.readthedocs.io/en/stable/guides/cross-referencing-with-sphinx.html#the-doc-role>
 
+In .md files, the same pattern can be used. Here's an example of using a custom title with a ref:
+
+    {ref}`Log in <account-log-in-options>`
+
+See also <https://myst-parser.readthedocs.io/en/v0.16.1/syntax/syntax.html#targets-and-cross-referencing>
+
 ### Images
 
 A good documentation is just like a website enhanced and upgraded by adding high quality and self-explanatory images.  Often images depict a lot of written text in a simple manner. Within our Sphinx docs, you can add them in two ways: a) add a PNG image directly and include or b) use inline description languages like GraphViz (current only option).

From 84585e12c45feceb1899bdd6a35bb4dfa279e173 Mon Sep 17 00:00:00 2001
From: Philip Durbin <philip_durbin@harvard.edu>
Date: Fri, 26 Sep 2025 10:05:32 -0400
Subject: [PATCH 299/634] try docker before make command that wraps it

---
 .../source/contributor/documentation.md       | 25 ++++++++++---------
 1 file changed, 13 insertions(+), 12 deletions(-)

diff --git a/doc/sphinx-guides/source/contributor/documentation.md b/doc/sphinx-guides/source/contributor/documentation.md
index 2bdcbebb340..7f240d15790 100644
--- a/doc/sphinx-guides/source/contributor/documentation.md
+++ b/doc/sphinx-guides/source/contributor/documentation.md
@@ -56,30 +56,31 @@ Before we worry about pushing changes to the code, let's make sure we can build
 
 Go to <https://github.com/IQSS/dataverse> and click "Code" and then follow the instructions to clone the code locally.
 
-### Makefile and Docker
+### Docker
+
+Install [Docker Desktop](https://www.docker.com/products/docker-desktop/).
 
-From a terminal, switch to the "dataverse" directory you just cloned.
+From a terminal, switch to the "dataverse" directory you just cloned. This is the root of the git repo.
 
 `cd dataverse`
 
-Then try building the HTML version of the guides.
+Then try running this command:
 
-`make docs-html`
+`docker run -it --rm -v $(pwd):/docs sphinxdoc/sphinx:7.2.6 bash -c "cd doc/sphinx-guides && pip3 install -r requirements.txt && make html"`
 
 If all goes well, you should be able open `doc/sphinx-guides/build/html/index.html` to see the guides you just built.
 
-Here is the complete list of commands.
+#### Docker with a Makefile
 
-- `make docs-html`
-- `make docs-pdf`
-- `make docs-epub`
-- `make docs-all`
+Once you've confirmed you have Docker working, if you have [make](https://en.wikipedia.org/wiki/Make_(software)) installed, you can try the following commands:
 
-### Docker
+`make docs-html`
 
-Also from the "dataverse" directory (the root of the git repo), you can try this command:
+`make docs-pdf`
 
-`docker run -it --rm -v $(pwd):/docs sphinxdoc/sphinx:7.2.6 bash -c "cd doc/sphinx-guides && pip3 install -r requirements.txt && make html"`
+`make docs-epub`
+
+`make docs-all`
 
 ### Sphinx Installed Locally
 

From 9b3c06579a82c05ba83820229b30f0b9a8b6e348 Mon Sep 17 00:00:00 2001
From: Maham Maham <116267645+Maham802@users.noreply.github.com>
Date: Fri, 26 Sep 2025 18:31:05 +0200
Subject: [PATCH 300/634] docs: update dataverse-ansible link

---
 doc/sphinx-guides/source/admin/monitoring.rst | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/doc/sphinx-guides/source/admin/monitoring.rst b/doc/sphinx-guides/source/admin/monitoring.rst
index 16bb18b7ad2..ef4e4f4f206 100644
--- a/doc/sphinx-guides/source/admin/monitoring.rst
+++ b/doc/sphinx-guides/source/admin/monitoring.rst
@@ -149,7 +149,7 @@ Tips:
 - Use **Enhanced Monitoring**. Enhanced Monitoring gathers its metrics from an agent on the instance. See `Enhanced Monitoring docs <https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_Monitoring.OS.html>`_.
 - It's possible to view and act on **RDS Events** such as snapshots, parameter changes, etc. See `Working with Amazon RDS events <https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_PerfInsights.access-control.html>`_ for details.
 - RDS monitoring is available via API and the ``aws`` command line tool. For example, see `Retrieving metrics with the Performance Insights API <https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_PerfInsights.API.html>`_.
-- To play with monitoring RDS using a server configured by `dataverse-ansible <https://github.com/GlobalDataverseCommunityConsortium/dataverse-ansible>`_ set ``use_rds`` to true to skip some steps that aren't necessary when using RDS. See also the :doc:`/developers/deployment` section of the Developer Guide.
+- To play with monitoring RDS using a server configured by `dataverse-ansible <https://github.com/gdcc/dataverse-ansible>`_ set ``use_rds`` to true to skip some steps that aren't necessary when using RDS. See also the :doc:`/developers/deployment` section of the Developer Guide.
 
 MicroProfile Metrics endpoint
 -----------------------------

From ee21a115c667def8bf21f58765816b9aba9be04b Mon Sep 17 00:00:00 2001
From: Maham Maham <116267645+Maham802@users.noreply.github.com>
Date: Fri, 26 Sep 2025 18:58:14 +0200
Subject: [PATCH 301/634] docs: update dataverse-ansible link

---
 doc/sphinx-guides/source/installation/prep.rst | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/doc/sphinx-guides/source/installation/prep.rst b/doc/sphinx-guides/source/installation/prep.rst
index abb4349d3ad..33b1aa3c7b5 100644
--- a/doc/sphinx-guides/source/installation/prep.rst
+++ b/doc/sphinx-guides/source/installation/prep.rst
@@ -26,7 +26,7 @@ Advanced Installation
 
 There are some community-lead projects to use configuration management tools such as Ansible and Puppet to automate the installation and configuration of the Dataverse Software, but support for these solutions is limited to what the Dataverse Community can offer as described in each project's webpage:
 
-- https://github.com/GlobalDataverseCommunityConsortium/dataverse-ansible
+- https://github.com/gdcc/dataverse-ansible
 - https://gitlab.com/lip-computing/dataverse
 - https://github.com/IQSS/dataverse-puppet
 

From 05c8dae0ed58fa6e19087fd53fd030792500fc2e Mon Sep 17 00:00:00 2001
From: Maham Maham <116267645+Maham802@users.noreply.github.com>
Date: Fri, 26 Sep 2025 19:05:08 +0200
Subject: [PATCH 302/634] docs: update dataverse-ansible libk

---
 doc/sphinx-guides/source/api/external-tools.rst | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/doc/sphinx-guides/source/api/external-tools.rst b/doc/sphinx-guides/source/api/external-tools.rst
index ae0e44b36aa..389519318db 100644
--- a/doc/sphinx-guides/source/api/external-tools.rst
+++ b/doc/sphinx-guides/source/api/external-tools.rst
@@ -202,7 +202,7 @@ Testing Your External Tool
 
 As the author of an external tool, you are not expected to learn how to install and operate a Dataverse installation. There's a very good chance your tool can be added to a server Dataverse Community developers use for testing if you reach out on any of the channels listed under :ref:`getting-help-developers` in the Developer Guide.
 
-By all means, if you'd like to install a Dataverse installation yourself, a number of developer-centric options are available. For example, there's a script to spin up a Dataverse installation on EC2 at https://github.com/GlobalDataverseCommunityConsortium/dataverse-ansible . The process for using curl to add your external tool to your Dataverse installation is documented under :ref:`managing-external-tools` in the Admin Guide.
+By all means, if you'd like to install a Dataverse installation yourself, a number of developer-centric options are available. For example, there's a script to spin up a Dataverse installation on EC2 at https://github.com/gdcc/dataverse-ansible . The process for using curl to add your external tool to your Dataverse installation is documented under :ref:`managing-external-tools` in the Admin Guide.
 
 Spreading the Word About Your External Tool
 -------------------------------------------
@@ -219,7 +219,7 @@ If you've thought to yourself that there ought to be an app store for Dataverse
 Demoing Your External Tool
 ++++++++++++++++++++++++++
 
-https://demo.dataverse.org is the place to play around with the Dataverse Software and your tool can be included. Please email support@dataverse.org to start the conversation about adding your tool. Additionally, you are welcome to open an issue at https://github.com/GlobalDataverseCommunityConsortium/dataverse-ansible which already includes a number of the tools listed above.
+https://demo.dataverse.org is the place to play around with the Dataverse Software and your tool can be included. Please email support@dataverse.org to start the conversation about adding your tool. Additionally, you are welcome to open an issue at https://github.com/gdcc/dataverse-ansible which already includes a number of the tools listed above.
 
 Announcing Your External Tool
 +++++++++++++++++++++++++++++

From d6616b99d83b2c7efd02627515ce64a0d562501a Mon Sep 17 00:00:00 2001
From: Maham Maham <116267645+Maham802@users.noreply.github.com>
Date: Fri, 26 Sep 2025 19:11:38 +0200
Subject: [PATCH 303/634] docs: update dataverse-ansible link

---
 doc/sphinx-guides/source/developers/testing.rst | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/doc/sphinx-guides/source/developers/testing.rst b/doc/sphinx-guides/source/developers/testing.rst
index 1690864d453..8f9ce645a2e 100755
--- a/doc/sphinx-guides/source/developers/testing.rst
+++ b/doc/sphinx-guides/source/developers/testing.rst
@@ -169,9 +169,9 @@ different people. For our purposes, an integration test can have two flavors:
 Running the Full API Test Suite Using EC2
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
-**Prerequisite:** To run the API test suite in an EC2 instance you should first follow the steps in the :doc:`deployment` section to get set up with the AWS binary to launch EC2 instances. If you're here because you just want to spin up a branch, you'll still want to follow the AWS deployment setup steps, but may find the `ec2-create README.md <https://github.com/GlobalDataverseCommunityConsortium/dataverse-ansible/blob/master/ec2/README.md>`_ Quick Start section helpful.
+**Prerequisite:** To run the API test suite in an EC2 instance you should first follow the steps in the :doc:`deployment` section to get set up with the AWS binary to launch EC2 instances. If you're here because you just want to spin up a branch, you'll still want to follow the AWS deployment setup steps, but may find the `ec2-create README.md <https://github.com/gdcc/dataverse-ansible/blob/master/ec2/README.md>`_ Quick Start section helpful.
 
-You may always retrieve a current copy of the ec2-create-instance.sh script and accompanying group_var.yml file from the `dataverse-ansible repo <https://github.com/GlobalDataverseCommunityConsortium/dataverse-ansible/>`_. Since we want to run the test suite, let's grab the group_vars used by Jenkins:
+You may always retrieve a current copy of the ec2-create-instance.sh script and accompanying group_var.yml file from the `dataverse-ansible repo <https://github.com/gdcc/dataverse-ansible/>`_. Since we want to run the test suite, let's grab the group_vars used by Jenkins:
 
 - `ec2-create-instance.sh <https://raw.githubusercontent.com/GlobalDataverseCommunityConsortium/dataverse-ansible/master/ec2/ec2-create-instance.sh>`_
 - `jenkins.yml <https://raw.githubusercontent.com/GlobalDataverseCommunityConsortium/dataverse-ansible/master/tests/group_vars/jenkins.yml>`_
@@ -184,7 +184,7 @@ Edit ``jenkins.yml`` to set the desired GitHub repo and branch, and to adjust an
 - ``dataverse.unittests.enabled: true``
 - ``dataverse.sampledata.enabled: true``
 
-If you wish, you may pass the script a ``-l`` flag with a local relative path in which the script will `copy various logs <https://github.com/GlobalDataverseCommunityConsortium/dataverse-ansible/blob/master/ec2/ec2-create-instance.sh#L185>`_ at the end of the test suite for your review.
+If you wish, you may pass the script a ``-l`` flag with a local relative path in which the script will `copy various logs <https://github.com/gdcc/dataverse-ansible/blob/master/ec2/ec2-create-instance.sh#L185>`_ at the end of the test suite for your review.
 
 Finally, run the script:
 
@@ -526,7 +526,7 @@ Browser-Based Testing
 Installation Testing
 ~~~~~~~~~~~~~~~~~~~~
 
-- Work with @donsizemore to automate testing of https://github.com/GlobalDataverseCommunityConsortium/dataverse-ansible
+- Work with @donsizemore to automate testing of https://github.com/gdcc/dataverse-ansible
 
 Future Work on Load/Performance Testing
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
@@ -538,4 +538,4 @@ Future Work on Load/Performance Testing
 Future Work on Accessibility Testing
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
-- Using https://github.com/GlobalDataverseCommunityConsortium/dataverse-ansible and hooks available from accessibility testing tools, automate the running of accessibility tools on PRs so that developers will receive quicker feedback on proposed code changes that reduce the accessibility of the application.
+- Using https://github.com/gdcc/dataverse-ansible and hooks available from accessibility testing tools, automate the running of accessibility tools on PRs so that developers will receive quicker feedback on proposed code changes that reduce the accessibility of the application.

From a8e1a6c121edad8531bbfe168c5a83b82a2c0ac3 Mon Sep 17 00:00:00 2001
From: Maham Maham <116267645+Maham802@users.noreply.github.com>
Date: Fri, 26 Sep 2025 19:26:39 +0200
Subject: [PATCH 304/634] docs: update dataverse-ansible link

---
 doc/sphinx-guides/source/developers/deployment.rst | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/doc/sphinx-guides/source/developers/deployment.rst b/doc/sphinx-guides/source/developers/deployment.rst
index 46cf95dae54..d3e0c33a8f2 100755
--- a/doc/sphinx-guides/source/developers/deployment.rst
+++ b/doc/sphinx-guides/source/developers/deployment.rst
@@ -78,7 +78,7 @@ Amazon offers instructions on using an IAM role to grant permissions to applicat
 Configure Ansible File (Optional)
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
-In order to configure Dataverse installation settings such as the password of the dataverseAdmin user, download https://raw.githubusercontent.com/GlobalDataverseCommunityConsortium/dataverse-ansible/master/defaults/main.yml and edit the file to your liking.
+In order to configure Dataverse installation settings such as the password of the dataverseAdmin user, download https://raw.githubusercontent.com/gdcc/dataverse-ansible/master/defaults/main.yml and edit the file to your liking.
 
 You can skip this step if you're fine with the values in the "main.yml" file in the link above.
 
@@ -89,7 +89,7 @@ Once you have done the configuration above, you are ready to try running the "ec
 
 Download `ec2-create-instance.sh`_ and put it somewhere reasonable. For the purpose of these instructions we'll assume it's in the "Downloads" directory in your home directory.
 
-.. _ec2-create-instance.sh: https://raw.githubusercontent.com/GlobalDataverseCommunityConsortium/dataverse-ansible/master/ec2/ec2-create-instance.sh
+.. _ec2-create-instance.sh: https://raw.githubusercontent.com/gdcc/dataverse-ansible/master/ec2/ec2-create-instance.sh
 
 To run the script, you can make it executable (``chmod 755 ec2-create-instance.sh``) or run it with bash, like this with ``-h`` as an argument to print the help:
 

From 67b0fcbe01801739efd7cf37666b241012c92c03 Mon Sep 17 00:00:00 2001
From: Jim Myers <qqmyers@hotmail.com>
Date: Fri, 26 Sep 2025 14:45:50 -0400
Subject: [PATCH 305/634] add a big data admin guide

---
 .../source/admin/big-data-administration.rst  | 305 ++++++++++++++++++
 doc/sphinx-guides/source/admin/index.rst      |   1 +
 2 files changed, 306 insertions(+)
 create mode 100644 doc/sphinx-guides/source/admin/big-data-administration.rst

diff --git a/doc/sphinx-guides/source/admin/big-data-administration.rst b/doc/sphinx-guides/source/admin/big-data-administration.rst
new file mode 100644
index 00000000000..dba872aed5e
--- /dev/null
+++ b/doc/sphinx-guides/source/admin/big-data-administration.rst
@@ -0,0 +1,305 @@
+Scaling Dataverse with Data Size
+================================
+
+This guide is intended to help administrators configure Dataverse appropriately to handle the amount of data their installation needs to manage.
+
+Scaling is a complex subject: there are many options available in Dataverse that can improve performance with larger scale data, some of which
+work differently than Dataverse's default configuration, potentially requiring user education, and some which can require additional expertise to manage.
+
+In general, there are three dimensions in which Dataverse can scale:
+  
+1. **Storage size of individual files and aggregate storage size**
+2. **Number of Files per Dataset**
+3. **Number of Datasets**
+
+
+.. contents:: |toctitle|
+        :local:
+
+Storage: Choosing the Right Store
+---------------------------------
+
+The main issues for handling larger files and larger aggregate data size relate to the performance of the storage used and how involved the Dataverse server is in the data transfer. 
+With appropriate configuration, Dataverse can support file sizes and aggregate dataset sizes into the terabyte scale and beyond.
+
+The primary choice in Dataverse related to storage is which type(s) of "store" (also called "Storage driver") to use:
+
+File Stores
+~~~~~~~~~~~
+
+The default storage option in Dataverse is based on a local file system. When files are transferred to Dataverse, they are first stored in a
+temporary location on the Dataverse server. Any zip files uploaded are unzipped to create multiple individual file entries. Once an upload is completed, 
+Dataverse copies the files to permanent storage. Dataverse also takes advantage of the file being local to inspect it's bytes to determine it's 
+MIME type, and, for tabular data, to 'ingest' it - extracting metadata about the variables used in the file and creating a tab-separated value (TSV)
+version of the file.
+
+Benefits: 
+
+- This option requires no external services and can potentially handle files into the gigabyte (GB) size range. For smaller institutions,
+and in disciplines where datasets do not have more than a few hundred files and files are not too large, this can be the simplest option.
+- Unzipping of zip archives can be simpler for users than having to upload many individual files and was, at one time, the only way to 
+preserve file path names when uploading.
+
+Challenges: In general file storage is not a good option for larger data sizes - both in terms of file size and number of files. Contributing factors include:
+ 
+- Because temporary storage is used, transfers will temporarily use several times as much space as the final transfer. Unzipping also increases the final storage size of a dataset.
+- Because all uploads use the same temporary storage, temporary storage must be large enough to handle multiple users uploading data.
+- Each file is uploaded as a single HTTP request, which can cause long transfer times which, in turn, can trigger timeout errors in Dataverse or any proxy or load balancer in front of Dataverse.
+- Uploading many files at once can trigger any rate limiter in front of the Dataverse server (i.e. used to throttle use by AI) resulting in failures
+- Because transfers (both uploads and downloads) are handled by the Dataverse server, they add to server processing load which can affect overall performance.
+- Cost: local file storage must be provisioned in advance based on anticipated demand. It can involve up-front costs (for a local disk), or, when procured from a 
+  cloud provider, is likely to be more expensive than object storage from that provider (see below) 
+
+
+S3 Stores: Object Storage via S3
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+A more scalable option for storage is to use an object store with transfers managed using the Simple Storage Service (S3) protocol. S3-compatible storage can 
+easily be bought (rented) from major cloud providers, but may also be available from institutional clouds. It is also possible to run open-source software to provide
+S3 storage over a local file system (making it possible to enjoy the advantages discussed below while still leveraging local file storage). 
+
+While S3 Stores can be configured to handle uploads and downloads as with file storage (with zip files being unzipped, but having many of the same challenges in terms of temporary storage and server load as discussed above) 
+they can also be configured to use 'direct' upload and download. In this configuration, the actual transfer of file bytes is from/to the user's local machine to/from
+the S3 store. In this configuration, files are never stored on the Dataverse server, and Dataverse does not attempt to unzip zip files and they are stored as a single file in the dataset.
+
+Benefits: S3 offers several advantages over file storage which :
+ 
+- Scalability: S3 is designed to handle large amounts of data. It can handle individual files up to several TB in size. 
+Because S3 supports breaking files into pieces, Dataverse can transfer a file in pieces (several in parallel, potentially thousands of pieces per file) making transfers faster
+and more robust (a failure requires only resending the failed piece). It may also be the case that users will have a faster network connection to the S3 store 
+(e.g. in a commercial cloud or High Performance Computing center) than they do to the Dataverse server, reducing transfer time.
+- High Availability: S3 provides redundancy beyond what is available with a single disk (valuable for preservation, potentially reducing the need to perform data integrity checks).
+
+Challenges:
+
+- One additional step that is required to enable direct uploads via a Dataverse installation and for direct download to work with previewers and direct upload to work with dvwebloader (:ref:`folder-upload`) is to allow cross site (CORS) requests on your S3 store.
+- Cost: S3 offers a pricing model that allows you to pay for the storage and transfer of data based on current usage (versus long term demand) but commercial 
+providers charge more per TB than the equivalent cost of a local disk (though commercial S3 storage is cheaper than commercial file storage).
+There can also be egress and other charges. Overall, S3 storage is generally more expensive than local file storage but cheaper than cloud file storage.
+Running a local S3 storage or leveraging an institutional service can further reduce costs.
+- Direct upload via S3 is a multi-step process: Dataverse provides URLs for the uploads, the user's browser or other app uses the URLs to transfer files to the S3 store,
+  possibly in many pieces per file, and finally, Dataverse is told that one or more files are in place and should be added to the dataset. If the last step fails, or if
+  all parts of a file cannot be transferred, orphaned files or parts of files can be left on S3. These files are not accessible via Dataverse but do use space (for which there is a monetary cost)
+  until they are deleted. There is currently no automated clean-up mechanism.
+
+Other Considerations
+^^^^^^^^^^^^^^^^^^^^
+
+- S3 Storage without direct upload/download provides minimal benefits with Dataverse as files still pass through the server, files are still uploaded as a single HTTP/HTTPS stream, and temporary storage is still used.
+- While not having files unzipped can be confusing to users who are used to it from using Dataverse with file storage, there are ways to minimize the impact. 
+For example, Dataverse can be configured to use a 'Zip File Previewer' that allows users to see the contents of a zip file and even download individual files from within it. 
+For users who still want their data stored as individual files with their relative folder paths, Dataverse can be configured with the 'DVWebloader' which allows users to select an entire folder tree of files and 
+upload them, with their relative paths intact, to Dataverse. (DVWebloader can only be used with S3/direct upload, but it is much more efficient with many files than using the 
+standard upload interface in Dataverse (which also does not retain path information)).
+- The following features are disabled when S3 direct upload is enabled.
+  - Unzipping of zip files. (See :ref:`compressed-files`.)
+  - Detection of file type based on JHOVE and custom code that reads the first few bytes except for the refinement of Stata file types to include the version. (See :ref:`redetect-file-type`.)
+  - Extraction of metadata from FITS files. (See :ref:`fits`.)
+  - Creation of NcML auxiliary files (See :ref:`netcdf-and-hdf5`.)
+  - Extraction of a geospatial bounding box from NetCDF and HDF5 files (see :ref:`netcdf-and-hdf5`) unless :ref:`dataverse.netcdf.geo-extract-s3-direct-upload` is set to true.
+- Using direct upload stops Dataverse from inspecting the file bytes to determine the MIME type (with one exception - Stata files). Dataverse will still look at the file name and extension to determine the MIME type.
+- To perform the 'ingest' processing, Dataverse currently has to copy the file to local storage, somewhat negating the benefit of sending data directly to S3. To manage larger files, one can set a per-store
+ingest size limit (which can be 0 bytes) to stop ingest or limit it to smaller files. 
+- Dataverse's mechanism for downloading a whole dataset or multiple selected files involves zipping those files together. Even When using S3 with direct upload/download,
+the file bytes are transferred to the Dataverse server as part of the zipping process. There are ways to reduce the performance impact of this:
+  - There is a 'ZipDownloader' app that can be run separate from Dataverse to handle the zipping process.
+  - Dataverse has a :ZipDownloadLimit that can be used to limit the amount of data that can be zipped. If a dataset is larger than this limit, Dataverse will only add some of the files to the zip and list others in the included manifest file.
+  - There are tools such as the Dataverse Dataset Downloader (https://github.com/gdcc/dataverse-recipes/tree/main/shell/download#dataverse-dataset-downloader) that can be used to download all off the files individually. This avoids sending any of the files to/through the Dataverse server when S3 direct download is enabled.  
+- Dataverse leverages S3 features that are not implemented by all servers and has several configuration options geared towards handling variations between servers. Site admins should be sure to test with their preferred S3 implementation.
+- The part-size used when directly transferring files to S3 is configurable (at AWS, from 5 MiB to 5GiB). The default in Dataverse is 1 GiB (1024^3). If the primary use case is with smaller files than that, decreasing the part size may improve upload speeds.
+
+Remote Stores
+~~~~~~~~~~~~~
+
+Note: Remote Storage is still experimental: feedback is welcome! See :ref:`support`.
+
+For very large, and/or very sensitive data, it may not make sense to transfer or copy files to Dataverse at all.
+The ``remote`` store type in the Dataverse software supports these use cases.
+It allows Dataverse to store a URL reference for the file rather than transferring the file bytes to a store managed directly by Dataverse.
+In the most basic configuration a site administrator configures the base URL for the store, e.g. "https://thirdpartystorage.edu/long-term-storage/" 
+and users can then create files referencing any URL starting with that base, e.g. "https://thirdpartystorage.edu/long-term-storage/my_project_dir/my_file.txt".
+
+If the remote site is a public web server, the remote store in Dataverse should be configured to be 'public' which will disable the ability to restrict
+or embargo files (as they are public on the remote site and Dataverse cannot block access.) Conversely, Dataverse can be configured to sign requests to the 
+remote server which the remote server can then, if it is capable of validating them, use to reject requests not approved by Dataverse. In this configuration,
+users can restrict and embargo files and Dataverse and the remote server will cooperate to manage access control. Another alternative, with a more advanced
+remote store, would be, instead of using URLs that directly enable download of the file, to use URLs that point to a landing page at the remote server that 
+may require the user to login, or go through some other authentication/validation process before being able to access the file.
+
+Dataverse considers remote storage to be read-only, or, in cases where the remote service does not provide a way for Dataverse to download the file bytes
+(due to access control or because the URL refers to a landing page), inacessible. Depending on whether Dataverse can access the bytes of the file,
+functionality such as ingest and integrity checking may or may not be possible. If the file bytes are not accessible the remote store in Dataverse should be
+configured to disable operations that attempt to access the file (see  files-not-accessible-by-dataverse). If the file bytes are accessible, Dataverse can still
+support features such as ingest and thumbnail creation in Dataverse-local storage. In either case, local storage of other files and auxiliary files in the same
+dataset is possible. Support for such files is handled by configuring a 'base' store with the remote store that is used for these purposes. (This means that while
+the specified files remain on the remote store, other files in the dataset, and potentially the ingested TSV format of a remote file would be managed by Dataverse
+in some other store. If ingest is not desired, the ingest size limit for the store can be set to 0 bytes).
+
+Benefits: 
+
+- This is a relatively simple way to off-load the management of large and/or sensitive data files to other organizations while still providing Dataverse's overall capabilities for dataset curation and publication to users.   
+- If the store has been configured with a remote-store-name or remote-store-url, the dataset file table will include this information for remote files. These provide a visual indicator that the files are not managed directly by Dataverse and are stored/managed by a remote trusted store.
+
+Challenges:
+
+- Currently, remote files can only be added via the API. (This may be addressed in future versions).
+- Remote files can only be added after the dataset is created in the UI (and therefore has an id and PID for use with the API). However, the UI will still allow upload of files to the base store (at dataset creation and when editing), which could be confusing.
+- As Dataverse is relying on the remote service to main the integrity and availability of the files, it is likely that the Dataverse site admin will want to have a formal agreement with the remote service 
+operator about their policies.
+- Site admins need to consider carefully how to configure file size limits, ingest size limits, etc. on the remote store and it's base store, and whether the remote store is public-only, and whether files there can be read by Dataverse to assure the
+requirements of a specific use case(s) are addressed.
+- The current remote store implementation will not prevent you from providing a relative URL that results in a 404 when resolved. (I.e. if you make a typo). You should check to make sure the file exists at the location you specify - by trying to download in Dataverse, by checking to see that Dataverse was able to get the file size (which it does by doing a HEAD call to that location), or just manually trying the URL in your browser.
+- For large files, direct-download should always be used with a remote store. (Otherwise the Dataverse will be involved in the download.)
+- When multiple files are selected for download, Dataverse will try to include remote files in the zip file being created (up to the max zip size limit) which is inefficient, and will not be able to include remote files that are inaccessible (possibly confusing). 
+
+Globus Stores: Globus Transfer between Large File/Tape Archives
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+Note: Globus Transfer is still experimental: feedback is welcome! See :ref:`support`.
+
+`Globus <https://www.globus.org>`_ provides file transfer service that is widely used for the world's largest datasets (in terms of both file size and number of files). It provides:
+
+- robust file transfer capable of handling delays (e.g. due to the time it takes to mount tapes) and restarting after network or endpoint failures
+- rapid parallel file transfers, potentially between clusters of computers on both ends
+- third-party transfer, which enables a user working with their desktop browser to initiate transfer of files from one remote endpoint (i.e. on a local high-performance computing cluster) to/from another (e.g. one associated with a Dataverse store)
+
+Dataverse can be configured to support Globus transfers in multiple ways:
+
+- A Dataverse-managed Globus File Endpoint: Dataverse controls user access to the endpoint, access is only via Globus
+- A Dataverse-managed Globus S3 Endpoint: Dataverse controls user access to the endpoint, access is available via S3 and via Globus
+- A Globus Endpoint treated as Remote Storage: Dataverse references files on a Globus endpoint managed by a third party
+
+Benefits: 
+
+- Globus scales to higher data volumes than any other option. Users working with large data are often familiar with Globus and are interested in transferring data to/from computational clusters rather than their local machine
+- Globus transfers can be initiated by choosing the Globus option in the dataset upload panel. Analogously, "Globus Transfer" is one of the download options in the "Access Dataset" menu.
+- For the non-S3 options, Dataverse supports having a base store (e.g. a local file system or an S3-based store), which can be used internally by Dataverse (e.g. for thumbnails, etc.) and can allow users to upload smaller files (e.g. Readmes, documentation) that might not be suited to a given Globus endpoint (e.g. a tape store)
+
+Challenges: 
+
+- Globus is complex to manage and Dataverse installations will need to develop Globus expertise or partner with another organization (i.e. a institutional high-performance computing center) to manage Globus endpoints.
+- For users not familiar with Globus, managing transfers can be confusing. For the non-S3 options, users cannot just download files - they must have access to a destination Globus endpoint and have a Globus account. Globus does provide free accounts and a free 'Globus Personal Connect' service which installed on any machine to allow transfers to/from it.
+- Globus transfers are not enabled at dataset-creation time. Once the draft version is created, users can initiate Globus transfers to upload files from remote endpoints.
+- For Dataverse-managed endpoints, a community-developed `dataverse-globus <https://github.com/scholarsportal/dataverse-globus>`_ app must be installed and configured in the Dataverse instance. 
+This app manages granting and revoking access for users to upload/download files from Dataverse and handles the translation between Dataverse's internal file naming/organization to that see by the user.
+- Users familiar with Globus sometimes expect to be able to find the Dataverse endpoint in Globus' online service and download files from there. Due to the fact that Dataverse is managing permissions and handling file naming, this doesn't work.
+- Due to differences between Dataverse's and Globus's access control models, Dataverse cannot enforce per-file-access restrictions - restriction can only be done today at the level of providing access to all files in a dataset.
+Globus stores can be defined as public to disable Dataverse's ability to restrict and embargo files in that store. If the store is configured to support restriction and embargo,
+Dataverse and it's Dataverse-Globus app will limit users to downloading only the files they have been granted access to, but a technically knowledgeable user could access other files in the same dataset if they are give access to one.
+(Data depositors would need to be aware of this limitation and could be guided to restrict all files/only grant access to all dataset files in Globus as a work-around).
+- Dataverse-managed endpoints must be Globus 'guest collections' hosted on either a file-system-based endpoint or an S3-based endpoint (the latter requires use of the Globus
+S3 connector which requires a paid Globus subscription at the host institution). In either case, Dataverse is configured with the Globus credentials of a user account that can manage the endpoint.
+Users will need their own Globus account, which can be obtained via their institution or directly from Globus (at no cost).
+- With the file-system endpoint, Dataverse does not currently have access to the file contents. Thus, functionality related to ingest, previews, fixity hash validation, etc. are not available. 
+(Using the S3-based endpoint, Dataverse has access via S3 and all functionality normally associated with direct uploads to S3 is available. In this case admins should be sure to set the maximum size for ingest and avoid requiring hash validation at publication, etc.)
+- For the reference use case, Dataverse must be configured with a list of allowed endpoint/base paths from which files may be referenced. In this case, since Dataverse is not accessing the remote endpoint itself, it does not need Globus credentials. 
+Users will also need a Globus account in this case, and the remote endpoint must be configured to allow them access (i.e. be publicly readable, or potentially involving some out-of-band mechanism to request access (that could be described, for example, in the dataset's Terms of Use and Access).
+- As with remote stores, files can only be added in the Globus reference case via the Dataverse API.
+- While Globus itself can handle many (millions of) files of any size, Dataverse cannot handle more than thousands of files per dataset (at best) and some Globus endpoints may have limits on file sizes - both maximums and minimums (e.g. for tape storage where small files are inefficient).
+Users will need to be made aware of these limitations and the possibilities for managing them (e.g. by aggregating multiple files in a single larger file, or storing smaller files in the base-store via the normal Dataverse upload UI).
+- There is currently (a bug)[https://github.com/gdcc/dataverse-globus/issues/2] that won't allow users to transfer files from/to endpoints where they do not have permission to list the overall file tree (i.e. an institution manages <endpoint>/institution_name but the user only has access to <endpoint>/institution_name/my_dir.)
+Until that is fixed, a work-around is to first transfer data to an endpoint without this restriction.
+- An alternative, experimental implementation of Globus polling of ongoing upload transfers has been added in v6.4. This framework does not rely on the instance staying up continuously for the duration of the transfer and saves the state information about Globus upload requests in the database. While it is now the recommended option, it is not enabled by default. See the ``globus-use-experimental-async-framework`` feature flag (see :ref:`feature-flags`) and the JVM option :ref:`dataverse.files.globus-monitoring-server`.
+
+More details of the setup required to enable Globus is described in the `Community Dataverse-Globus Setup and Configuration document <https://docs.google.com/document/d/1mwY3IVv8_wTspQC0d4ddFrD2deqwr-V5iAGHgOy4Ch8/edit?usp=sharing>`_ and the references therein.
+
+An overview of the control and data transfer interactions between components was presented at the 2022 Dataverse Community Meeting and can be viewed in the `Integrations and Tools Session Video <https://youtu.be/3ek7F_Dxcjk?t=5289>`_ around the 1 hr 28 min mark.
+
+See also :ref:`Globus settings <:GlobusSettings>`.
+
+
+Storage Strategy Recommendations
+-------------------------------
+
+Based on both file size and volume considerations, here are some general recommendations:
+
+1. **For research projects with moderate data (< 2GB files, < 100s of files/dataset):**
+   * Default File Store is sufficient
+   * Consider setting file count and size limits (see below)
+
+2. **For projects with larger files (GBs to TBs) and/or more files per dataset (100s to 1000s):**
+   * Configure an S3 store witj direct upload/download
+   * Set appropriate ingest size limits
+
+3. **For projects with very large files or sensitive data that should remain in place:**
+   * Use the Remote Store
+
+4. **For high-performance computing environments or very large datasets (TBs+):**
+   * Use a Globus Store
+   * Work with users to size files appropriate to the underlying storage
+   * Consider Globus over S3 when normal upload/download options (via the UI/API) are desired along with Globus transfer
+
+5. **For Petascale datasets, or extreme numbers of files:**
+   * Consider a Remote Store and referencing a single URL/Globus endpoint for the entire dataset
+
+
+Managing more files per dataset and more datasets
+-------------------------------------------------
+
+Dataverse can be configured to handle datasets with hundreds or thousands of files and hundreds of thousands of datasets. However, reaching these levels can require significant effort to appropriately configure the server.
+
+Technically, there are two factors that can limit scaling the number of files per dataset: how much the Dataverse server is involved in data transfer, and constraints based on Dataverse's code and database configuration.
+The former is dramatically affected by the choice for file storage and options such as the S3 direct upload/download settings and ingest size limits. There are fewer ways to affect the latter beyond increasing the amount of memory and CPU resources available
+or rewriting the relevant parts of Dataverse. (There are continuing efforts to improve Dataverse's performance and scaling, so it is also advisable to use the latest version if you are pushing the boundaries on scaling. Progress is being made.)
+
+Scaling to larger numbers of datasets (and to some extent scaling files per dataset) also depends on Dataverse's Solr search engine. There have been very significant improvements in indexing and search performance in recent releases, including some that are not turned on by default.
+
+Avoiding Many Files
+~~~~~~~~~~~~~~~~~~~
+
+Before describing things that can be done to improve scaling, it is important to note that there are configuration options and best practices to suggest to users to help avoid larger datasets and and help them avoid hitting performance issues by going beyond the file counts you know work in your instance.
+
+There are a number of settings to limit how many files can be uploaded:
+
+- ZipUploadFilesLimit - the maximum number of files allowed in an uploaded zip file - only relevant for file stores and S3 when direct upload is not used.
+- MultipleUploadFilesLimit - the number of files the GUI user is allowed to upload in one batch, via drag-and-drop, or through the file select dialog
+- MaxFileUploadSizeInBytes - limit the size of files that can be uploaded
+
+- UseStorageQuotas - once enabled, super users can set per-collection quotas (in bytes) to limit the aggregate size of all files in the collection
+- dataverse.files.default-dataset-file-count-limit - directly limits the number of files per dataset, can be changed per dataset via API (by super users)
+
+Ways to Scale
+~~~~~~~~~~~~~
+
+There are a broad range of options (that are not turned on by default) for improving how well Solr indexing and searching scales. Some of these are useful for all installations while others are related to specific use cases, or are mostly for emergency use (e.g. disabling facets):
+
+- dataverse.feature.add-publicobject-solr-field=true - specifically marks unrestricted content as public in solr
+- dataverse.feature.avoid-expensive-solr-join=true - this tells Dataverse to use the feature above to speed searches
+- dataverse.feature.reduce-solr-deletes=true - when solr entries are being updated, this avoids an unnecessary step (deletion of existing entries) for entries that are being replaced
+- dataverse.feature.disable-dataset-thumbnail-autoselect=true - by default, Dataverse scans through all files in a dataset to find one that can be used as a thumbnail, which is expensive for many files. This disables that behavior to improve performance
+- dataverse.feature.only-update-datacite-when-needed=true - reduces the load on DataCite and reduces Dataverse failures related to that load, which is important when using file PIDs on Datasets with many files
+- v6.9: dataverse.solr.min-files-to-use-proxy=<X> - improve performance/lower memory requirements when indexing datasets with many files, suggested value is in the range 200 to 500
+- dataverse.solr.concurrency.max-async-indexes=<X> - limits the number of index operations running in parallel. The default is 4, larger values may improve performance (if the Solr intance is appropriately sized)
+- v6.9?: dataverse.exports.schema-dot-org.max-files-for-download-entries - reduces the size of the schema.org metadata export wehn there are many files per dataset. By default, this is included in the dataset page header, so the smaller version improves page loading and can avoid issues with Google indexing (datasets with thousands of files+)
+- SolrFullTextIndexing - false improves performance at the expense of not indexing file contents
+- SolrMaxFileSizeForFullTextIndexing - size in bytes (default unset/no limit) above which file contents should not be indexed
+- ZipDownloadLimit - the maximum size in bytes for zipped downloads of files from a dataset. If the size of requested files is larger, some files will be omitted and listedin the zip manifest file as not included.
+- DatasetChecksumValidationSizeLimit - by default, Dataverse checks fixity (assuring the file contents match the recorded checksum) as part of publication. This setting specifies a maximum aggregate dataset size, above which validation will not be done.
+- DataFileChecksumValidationSizeLimit - by default, Dataverse checks fixity (assuring the file contents match the recorded checksum) as part of publication. This setting specifies a maximum file size, above which validation will not be done.
+- FilePIDsEnabled - false is recommended when datasets have many files. Related settings allow file PIDS to be enabled/disabled per collection and per file
+- CustomZipDownloadServiceUrl - allows use of a separate process/machine to handle zipping up multi-file downloads. Requires installation of the separate Zip Download app.
+- WebloaderUrl - enables use of an installed DVWebloader (by specifying it's web location) which is more efficient for uploading many files 
+- CategoryOrder - Pre-sorts the file display by category, e.g. showing all "Documentation" files before "Data" files. Any user selected sorting by name, age, or size is done within these sections  
+- OrderByFolder - pre-sorts files by their directory Label (folder), showing files with no path before others. Any user selected sorting by name, age, or size is done within these sections
+- DisableSolrFacets - disables facets, which are costly to generate, in search results (including the main collection page)
+- DisableSolrFacetsForGuestUsers - only disable facets for guests
+- DisableSolrFacetsWithoutJsession - disables facets for users who have disabled cookies (e.g. for bots)
+- DisableUncheckedTypesFacet -only disables the facet showing the number of collections, datasets, files matching the query (this facet is potentially less useful than others)
+- StoreIngestedTabularFilesWithVarHeaders - by default, Dataverse stores ingested files without headers and dynamically adds them back at download time. Once this setting is enabled, Dataverse will leave the headers in place (for newly ingested files), reducing the cost of downloads
+
+
+Scaling Infrastructure
+----------------------
+
+There is no well-defined cut-off in terms of files per dataset or number of datasets where the Dataverse software will fail. In general the speed of viewing and editing a large dataset will decrease as the volume of datasets and files increases.
+For a given installation, at some point, Dataverse will need more memory than is available, or will max out the CPU or other resources and  performance may decline dramatically.
+
+In such cases:
+
+- Consider increasing the memory available to Dataverse (the Java heap size for the Payara instance)
+- Consider a larger machine (more CPU resources)
+- Verify that performance isn't being limited by Solr or Postgres
+- Investigate performance tuning options for Payara, Solr, and Postgres
+- Coordinate with others in the community - there is a lot of aggregate knowledge
+- Consider contributing to software design changes - Dataverse scaling has improved dramatically over the past several years, but more can be done
+- Watch for the new single page application (SPA) front-end for Dataverse. It includes features such as infinite scrolling through files with much faster initial page load times 
diff --git a/doc/sphinx-guides/source/admin/index.rst b/doc/sphinx-guides/source/admin/index.rst
index a8a543571a7..4d2d5c22fc2 100755
--- a/doc/sphinx-guides/source/admin/index.rst
+++ b/doc/sphinx-guides/source/admin/index.rst
@@ -35,3 +35,4 @@ This guide documents the functionality only available to superusers (such as "da
    maintenance
    backups
    troubleshooting
+   big-data-administration

From 67977c2cd7454db0384e61bab74bf6e4739cdca4 Mon Sep 17 00:00:00 2001
From: Jim Myers <qqmyers@hotmail.com>
Date: Fri, 26 Sep 2025 15:04:25 -0400
Subject: [PATCH 306/634] restore big data dev guide

---
 .../source/developers/big-data-support.rst    | 444 +-----------------
 1 file changed, 17 insertions(+), 427 deletions(-)

diff --git a/doc/sphinx-guides/source/developers/big-data-support.rst b/doc/sphinx-guides/source/developers/big-data-support.rst
index 1c388a7c565..75a50e2513d 100644
--- a/doc/sphinx-guides/source/developers/big-data-support.rst
+++ b/doc/sphinx-guides/source/developers/big-data-support.rst
@@ -1,354 +1,28 @@
-Scaling Dataverse with Data Size
-================================
-
-This guide is intended to help administrators configure Dataverse appropriately to handle the amount of data their installation needs to manage.
-
-Scaling is a complex subject: there are many options available in Dataverse that can improve performance with larger scale data, some of which
-work differently than Dataverse's default configuration, potentially requiring user education, and some which can require additional expertise to manage.
-
-In general, there are three dimensions in which Dataverse can scale:
-  
-1. **Storage size of individual files and aggregate storage size**
-2. **Number of Files per Dataset**
-3. **Number of Datasets**
+Big Data Support
+================
 
+Big data support includes some experimental options. Eventually more of this content will move to the Installation Guide.
 
 .. contents:: |toctitle|
         :local:
 
-Choosing the Right Storage
---------------------------
-
-The main issues for handling larger files and larger aggregate data size relate to the performance of the storage used and how involved the Dataverse server is in the data transfer. 
-With appropriate configuration, Dataverse can support file sizes and aggregate dataset sizes into the terabyte scale and beyond.
-
-File Storage
-~~~~~~~~~~~~
-
-The default storage option in Dataverse is based on a local file system. When files are transferred to Dataverse, they are first stored in a
-temporary location on the Dataverse server. Any zip files uploaded are unzipped to create multiple individual file entries. Once an upload is completed, 
-Dataverse copies the files to permanent storage. Dataverse also takes advantage of the file being local to inspect it's bytes to determine it
-s MIME type, and, for tabular data, to 'ingest' it - extracting metadata about the variables used in the file and creating a tab-separated value (TSV) version of the file.
-
-Benefits: 
-
-- This option requires no external services and can potentially handle files into the gigabyte (GB) size range. For smaller institutions,
-and in disciplines where datasets do not have more than a few hundred files and files are not too large, this can be the simplest option.
-- Unzipping of zip archives can be simpler for users than having to upload many individual files and was, at one time, the only way to 
-preserve file path names when uploading.
-
-Challenges: In general file storage is not a good option for larger data sizes - both in terms of file size and number of files. Contributing factors include:
- 
-- Because temporary storage is used, transfers will temporarily use several times as much space as the final transfer. Unzipping also increases the final storage size of a dataset.
-- Because all uploads use the same temporary storage, temporary storage must be large enough to handle multiple users uploading data.
-- Each file is uploaded as a single HTTP request, which can cause long transfer times which, in turn, can trigger timeout errors in Dataverse or any proxy or load balancer in front of Dataverse.
-- Uploading many files at once can trigger any rate limiter in front of the Dataverse server (i.e. used to throttle use by AI) resulting in failures
-- Because transfers (both uploads and downloads) are handled by the Dataverse server, they add to server processing load which can affect overall performance.
-- Cost: local file storage must be provisioned in advance based on anticipated demand. It can involve up-front costs (for a local disk), or, when procured from a cloud provider, is likely to be more expensive than object storage (see below) 
-
-
-Object Storage via S3
-~~~~~~~~~~~~~~~~~~~~~
-
-A more scalable option for storage is to use an object store with transfers managed using the Simple Storage Service (S3) protocol. S3-compatible storage can 
-easily be bought (rented) from major cloud providers, but may also be available from institutional clouds. It is also possible to run open-source software to provide S3 storage 
-over a local file system (making it possible to enjoy the advantages discussed below while still leveraging local file storage). 
-
-While Dataverse can be configured to handle uploads and downloads as with file storage (with zip files being unzipped, but having many of the same challenges in terms of temporary storage and server load as discussed above) 
-it can also be configured to use 'direct' upload and download. In this configuration, the actual transfer of file bytes is from/to the user's local machine to/from
-the S3 store. In this configuration, Dataverse does not attempt to unzip zip files and they are stored as a single file in the dataset.
-
-Benefits: S3 offers several advantages over file storage which :
- 
-- Scalability: S3 is designed to handle large amounts of data. It can handle individual files up to several TB in size. 
-Because S3 supports breaking files into pieces, Dataverse can transfer a file in pieces (several in parallel, potentially thousands of pieces per file) making transfers faster
-and more robust (a failure requires only resending the failed piece). It may also be the case that users will have a faster network connection to the S3 store 
-(e.g. in a commercial cloud or High Performance Computing center) than they do to the Dataverse server, reducing transfer time.
-- High Availability: S3 provides redundancy beyond what is available with a single disk (valuable for preservation, potentially reducing the need to perform data integrity checks).
-
-Challenges:
-
-- Cost: S3 offers a pricing model that allows you to pay for the storage and transfer of data based on current usage (versus long term demand) but commercial 
-providers charge more per TB than the equivalent cost of a local disk (though commercial S3 storage is cheaper than commercial file storage).
-There can also be egress and other charges. Overall, S3 storage is generally more expensive than local file storage but cheaper than cloud file storage.
-Running a local S3 storage or leveraging an institutional service can further reduce costs.
-- S3 Storage without direct upload/download provides minimal benefits with Dataverse as files still pass through the server, files are still uploaded as a single HTTP/HTTPS stream, and temporary storage is still used.
-
-Other Considerations
-^^^^^^^^^^^^^^^^^^^^
-
-- While not having files unzipped can be confusing to users who are used to it from using Dataverse with file storage, there are ways to minimize the impact. 
-For example, Dataverse can be configured to use a 'Zip File Previewer' that allows users to see the contents of a zip file and even download individual files from within it. 
-For users who still want their data stored as individual files, Dataverse can be configured with the 'DVWebloader' which allows users to select an entire folder tree of files and 
-upload them, with their relative paths intact, to dataverse. (DVWebloader can only be used with S3/direct upload, but it is much more efficient in this case than using the 
-standard upload interface in Dataverse).
-- Using direct upload stops Dataverse from inspecting the file bytes to determine the MIME type (with one exception - Stata files). Dataverse will still look at the file name and extension to determine the MIME type.
-- To perform the 'ingest' processing, Dataverse currently has to copy the file to local storage, somewhat negating the benefit of sending data directly to S3. To manage larger files, one can set a per-store
-ingest size limit (which can be 0 bytes) to stop ingest or limit it to smaller files. 
-- Dataverse's mechanism for downloading a whole dataset or multiple selected files involves zipping those files together. Even When using S3 with direct upload/download,
-the file bytes are transferred to the Dataverse server as part of the zipping process. There are ways to reduce the performance impact of this:
-  - There is a 'ZipDownloader' app that can be run separate from Dataverse to handle the zipping process.
-  - Dataverse has a :ZipDownloadLimit that can be used to limit the amount of data that can be zipped. If a dataset is larger than this limit, Dataverse will only add some of the files to the zip and list others in the included manifest file.
-  - There are tools such as the Dataverse Dataset Downloader (https://github.com/gdcc/dataverse-recipes/tree/main/shell/download#dataverse-dataset-downloader) that can be used to download all off the files individually. This avoids sending any of the files to/through the Dataverse server when S3 direct download is enabled.  
-- Dataverse leverages S3 features that are not implemented by all servers and has several configuration options geared towards handling variations between servers. Site admins should be sure to test with their preferred S3 implementation.
-- The part-size used when directly transferring files to S3 is configurable (at AWS, from 5 MiB to 5GiB). The default in Dataverse is 1 GiB (1024^3). If the primary use case is with smaller files than that, decreasing the part size may improve upload speeds.
-
-Remote Storage
-~~~~~~~~~~~~~~
-
-Note: Remote Storage is still experimental: feedback is welcome! See :ref:`support`.
-
-For very large, and/or very sensitive data, it may not make sense to transfer or copy files to Dataverse at all.
-The ``remote`` store type in the Dataverse software supports these use cases.
-It allows Dataverse to store a URL reference for the file rather than transferring the file bytes to a store managed directly by Dataverse.
-In the most basic configuration a site administrator configures the base URL for the store, e.g. "https://thirdpartystorage.edu/long-term-storage/" 
-and users can then create files referencing any URL starting with that base, e.g. "https://thirdpartystorage.edu/long-term-storage/my_project_dir/my_file.txt".
-If the remote site is a public web server, the remote store in Dataverse should be configured to be 'public' which will disable the ability to restrict
-or embargo files (as they are public on the remote site and Dataverse cannot block access.) Conversely, Dataverse can be configured to sign requests to the 
-remote server which the remote server can then, if it is capable of validating them, use to reject requests not approved by Dataverse. In this configuration,
-users can restrict and embargo files and Dataverse and the remote server will cooperate to manage access control. Another alternative, with a more advanced
-remote store, would be, instead of using URLs that directly enable download of the file, to use URLs that point to a landing page at the remote server that 
-may require the user to login, or go through some other authentication/validation process before being able to access the file.
-
-Dataverse considers remote storage to be read-only, or, in cases where the remote service does not provide a way for Dataverse to download the file bytes
-(due to access control or because the URL refers to a landing page), inacessible. Depending on whether Dataverse can access the bytes of the file,
-functionality such as ingest and integrity checking may or may not be possible. If the file bytes are not accessible the remote store in Dataverse should be
-configured to disable operations that attempt to access the file (see  files-not-accessible-by-dataverse). If the file bytes are accessible, Dataverse can still
-support features such as ingest and thumbnail creation, as well as local storage of other files  and auxilliary files. These are handled by configuring a 'base' store
-with the remote store that is used for these purposes. (This means that while the specified files remain on the remote store, other files in the dataset, and
-potentially the ingested TSV format of a remote file would be managed by Dataverse in some other store. If ingest is not desired, the ingest size limit for the
-store can be set to 0 bytes).
-
-Benefits: 
-
-- This is a relatively simple way to off-load the management of large and/or sensitive data files to other organizations while still providing Dataverse's overall capabilities for dataset curation and publication to users.   
-- If the store has been configured with a remote-store-name or remote-store-url, the dataset file table will include this information for remote files. These provide a visual indicator that the files are not managed directly by Dataverse and are stored/managed by a remote trusted store.
-
-Challenges:
-
-- Currently, remote files can only be added via the API. (This may be addressed in future versions).
-- Since remote files can only be added as the dataset is created in the UI. However, the UI will still allow upload of files to the base store (at dataset creation and when editing)
-- As Dataverse is relying on the remote service to main the integrity and availability of the files, it is likely that the Dataverse site admin will want to have a formal agreement with the remote service 
-operator about their policies.
-- Site admins need to consider carefully how to configure file size limits, ingest size limits, etc. on the remote store and it's base store, and whether the remote store is public-only, and whether it files there can be read by Dataverse to assure the
-requirements of a specific use case(s) are addressed.
-- The current remote store implementation will not prevent you from providing a relative URL that results in a 404 when resolved. (I.e. if you make a typo). You should check to make sure the file exists at the location you specify - by trying to download in Dataverse, by checking to see that Dataverse was able to get the file size (which it does by doing a HEAD call to that location), or just manually trying the URL in your browser.
-- For large files, direct-download should always be used with a remote store. (Otherwise the Dataverse will be involved in the download.)
-- When multiple files are selected for download, Dataverse will try to include remote files in the zip file being created (up to the max zip size limit) which is inefficent, and will not be able to include remote files that are inaccessible (possibly confusing). 
-
-Globus Transfer
-~~~~~~~~~~~~~~~
-
-Note: Globus Transfer is still experimental: feedback is welcome! See :ref:`support`.
-
-`Globus <https://www.globus.org>`_ provides file transfer service that is widely used for the world's largest datasets (in terms of both file size and number of files). It provides:
-
-- robust file transfer capable of handling delays (e.g. due to the time it takes to mount tapes) and restarting after network or endpoint failures
-- rapid parallel file transfers, potentially between clusters of computers on both ends
-- third-party transfer, which enables a user working with their desktop browser to initiate transfer of files from one remote endpoint (i.e. on a local high-performance computing cluster) to/from another (e.g. one associated with a Dataverse store)
-
-Dataverse can be configured to support Globus transfers in multiple ways:
-
-- A Dataverse-managed Globus File Endpoint: Dataverse controls user access to the endpoint, access is only via Globus
-- A Dataverse-managed Globus S3 Endpoint: Dataverse controls user access to the endpoint, access is available via S3 and via Globus
-- A Globus Endpoint treated as Remote Storage: Dataverse references files on a Globus endpoint managed by a third party
-
-Benefits: 
-
-- Globus scales to higher data volumes than any other option. Users working with large data are often familiar with Globus and are interested in transferring data to/from computational clusters rather than their local machine
-- Globus transfers can be initiated by choosing the Globus option in the dataset upload panel. Analogously, "Globus Transfer" is one of the download options in the "Access Dataset" menu.
-- For the non-S3 options, Dataverse supports having a base store (e.g. a local file system or an S3-based store), which can be used internally by Dataverse (e.g. for thumbnails, etc.) and can allow users to upload smaller files (e.g. Readmes, documentation) that might not be suited to a given Globus endpoint (e.g. a tape store)
-
-Challenges: 
-
-- Globus is complex to manage and Dataverse installations will need to develop Globus expertise or partner with another organization (i.e. a institutional high-performance computing center) to manage Globus endpoints.
-- For users not familiar with Globus, managing transfers can be confusing. For the non-S3 options, users cannot just download files - they must have access to a destination Globus endpoint. Globus does provide a free 'Globus Personal Connect' service which installed on any machine to allow transfers to/from it.
-- Globus transfers are not enabled at dataset-creation time. Once the draft version is created, users can initiate Globus transfers to upload files from remote endpoints.
-- For Dataverse-managed endpoints, a community-developed `dataverse-globus <https://github.com/scholarsportal/dataverse-globus>`_ app must be installed and configured in the Dataverse instance. 
-This app manages granting and revoking access for users to upload/download files from Dataverse and handles the translation between Dataverse's internal file naming/organization to that see by the user.
-- Users familiar with Globus sometimes expect to be able to find the Dataverse endpoint in Globus' online service and download files from there. Due to the fact that Dataverse is managing permissions and handling file naming, this doesn't work.
-- Due to differences between Dataverse's and Globus's access control models, Dataverse cannot enforce per-file-access restrictions - restriction can only be done today at the level of providing access to all files in a dataset.
-Globus stores can be defined as public to disable Dataverse's ability to restrict and embargo files in that store. If the store is configured to support restriction and embargo,
-Dataverse and it's Dataverse-Globus app will limit users to downloading only the files they have been granted access to, but a technically knowledgeable user could access other files in the same dataset if they are give access to one.
-(Data depositors would need to be aware of this limitation and could be guided to restrict all files/only grant access to all dataset files as a work-around).
-- Dataverse-managed endpoints must be Globus 'guest collections' hosted on either a file-system-based endpoint or an S3-based endpoint (the latter requires use of the Globus
-S3 connector which requires a paid Globus subscription at the host institution). In either case, Dataverse is configured with the Globus credentials of a user account that can manage the endpoint.
-Users will need their own Globus account, which can be obtained via their institution or directly from Globus (at no cost).
-- With the file-system endpoint, Dataverse does not currently have access to the file contents. Thus, functionality related to ingest, previews, fixity hash validation, etc. are not available. 
-(Using the S3-based endpoint, Dataverse has access via S3 and all functionality normally associated with direct uploads to S3 is available. In this case admins should be sure to set the maximum size for ingest and avoid requiring hash validation at publication, etc.)
-- For the reference use case, Dataverse must be configured with a list of allowed endpoint/base paths from which files may be referenced. In this case, since Dataverse is not accessing the remote endpoint itself, it does not need Globus credentials. 
-Users will also need a Globus account in this case, and the remote endpoint must be configured to allow them access (i.e. be publicly readable, or potentially involving some out-of-band mechanism to request access (that could be described, for example, in the dataset's Terms of Use and Access).
-- While Globus itself can handle many (millions of) files of any size, Dataverse cannot handle more than thousands of files per dataset (at best) and some Globus endpoints may have limits on file sizes - both maximums and minimums (e.g. for tape storage where small files are inefficient).
-Users will need to be made aware of these limitations and the possibilities for managing them (e.g. by aggregating multiple files in a single larger file, or storing smaller files in the base-store via the normal Dataverse upload UI).
-- There is currently (a bug)[https://github.com/gdcc/dataverse-globus/issues/2] that won't allow users to transfer files from/to endpoints where they do not have permission to list the overall file tree (i.e. an institution manages <endpoint>/institution_name but the user only has access to <endpoint>/institution_name/my_dir.)
-Until that is fixed, a work-around is to first transfer data to an endpoint without this restriction.
-- An alternative, experimental implementation of Globus polling of ongoing upload transfers has been added in v6.4. This framework does not rely on the instance staying up continuously for the duration of the transfer and saves the state information about Globus upload requests in the database. While it is now the recommended option, it is not enabled by default. See the ``globus-use-experimental-async-framework`` feature flag (see :ref:`feature-flags`) and the JVM option :ref:`dataverse.files.globus-monitoring-server`.
+Various components will need to be installed and/or configured for big data support via the methods described below.
 
-More details of the setup required to enable Globus is described in the `Community Dataverse-Globus Setup and Configuration document <https://docs.google.com/document/d/1mwY3IVv8_wTspQC0d4ddFrD2deqwr-V5iAGHgOy4Ch8/edit?usp=sharing>`_ and the references therein.
+S3 Direct Upload and Download
+-----------------------------
 
-An overview of the control and data transfer interactions between components was presented at the 2022 Dataverse Community Meeting and can be viewed in the `Integrations and Tools Session Video <https://youtu.be/3ek7F_Dxcjk?t=5289>`_ around the 1 hr 28 min mark.
+A lightweight option for supporting file sizes beyond a few gigabytes - a size that can cause performance issues when uploaded through a Dataverse installation itself - is to configure an S3 store to provide direct upload and download via 'pre-signed URLs'. When these options are configured, file uploads and downloads are made directly to and from a configured S3 store using secure (https) connections that enforce a Dataverse installation's access controls. (The upload and download URLs are signed with a unique key that only allows access for a short time period and a Dataverse installation will only generate such a URL if the user has permission to upload/download the specific file in question.)
 
-See also :ref:`Globus settings <:GlobusSettings>`.
+This option can handle files >300GB and could be appropriate for files up to a TB or larger. Other options can scale farther, but this option has the advantages that it is simple to configure and does not require any user training - uploads and downloads are done via the same interface as normal uploads to a Dataverse installation.
 
-Managing more files per dataset and more datasets
--------------------------------------------------
-
-Dataverse can be configured to handle datasets with hundreds or thousands of files and hundreds of thousands of datasets. However, reaching these levels can require significant effort to appropriately configure the server.
-
-Technically, there are two factors that can limit scaling the number of files per dataset: how much the Dataverse server is involved in data transfer, and constraints based on Dataverse's code and database configuration.
-The former is dramatically affected by the choice for file storage and options such as the S3 direct upload/download settings and ingest size limits. The are fewer ways to affect the latter beyond increasing the amount of memory and CPU resources available
-or rewriting the relevant parts of Dataverse. (There are continuing efforts to improve Dataverse's performance and scaling, so it is also advisable to use the latest version if you are pushing the boundaries on scaling. Progress is being made.)
-
-Scaling to larger numbers of datasets (and to some extent scaling files per dataset) also depends on Dataverse's Solr search engine. There have been very significant improvements in indexing and search performance in recent releases, including some that are not turned on by default.
-
-Avoiding Many Files
-~~~~~~~~~~~~~~~~~~~
-
-Before describing things that can be done to improve scaling, it is important to note that there are configuration options and best practices to suggest to users to help avoid larger datasets and users hitting performance issues by going beyond the file counts you know work in your instance.
-
-        /* zip upload number of files limit */
-        ZipUploadFilesLimit,
-        /* the number of files the GUI user is allowed to upload in one batch, 
-            via drag-and-drop, or through the file select dialog */
-        MultipleUploadFilesLimit,
-                UseStorageQuotas, 
-        /** 
-         * Placeholder storage quota (defines the same quota setting for every user; used to test the concept of a quota.
-         */
-        StorageQuotaSizeInBytes,
-
-Ways to Scale
-~~~~~~~~~~~~~
-
-   
-       /**
-     * For published (public) objects, don't use a join when searching Solr. 
-     * Experimental! Requires a reindex with the following feature flag enabled,
-     * in order to add the boolean publicObject_b:true field to all the public
-     * Solr documents. 
-     *
-     * @apiNote Raise flag by setting
-     * "dataverse.feature.avoid-expensive-solr-join"
-     * @since Dataverse 6.3
-     */
-AVOID_EXPENSIVE_SOLR_JOIN("avoid-expensive-solr-join"),
-    /**
-     * With this flag enabled, the boolean field publicObject_b:true will be 
-     * added to all the indexed Solr documents for publicly-available collections,
-     * datasets and files. This flag makes it possible to rely on it in searches,
-     * instead of the very expensive join (the feature flag above).
-     *
-     * @apiNote Raise flag by setting
-     * "dataverse.feature.add-publicobject-solr-field"
-     * @since Dataverse 6.3
-     */
-    ADD_PUBLICOBJECT_SOLR_FIELD("add-publicobject-solr-field"),
-    /**
-     * Dataverse normally deletes all solr documents related to a dataset's files
-     * when the dataset is reindexed. With this flag enabled, additional logic is
-     * added to the reindex process to delete only the solr documents that are no
-     * longer needed. (Required docs will be updated rather than deleted and 
-     * replaced.) Enabling this feature flag should make the reindex process 
-     * faster without impacting the search results.
-     *
-     * @apiNote Raise flag by setting
-     * "dataverse.feature.reduce-solr-deletes"
-     * @since Dataverse 6.3
-     */
-    REDUCE_SOLR_DELETES("reduce-solr-deletes"),
-    /**
-     * This flag disables the feature that automatically selects one of the 
-     * DataFile thumbnails in the dataset/version as the dedicated thumbnail
-     * for the dataset.
-     * 
-     * @apiNote Raise flag by setting
-     * "dataverse.feature.disable-dataset-thumbnail-autoselect"
-     * @since Dataverse 6.4
-     */
-    DISABLE_DATASET_THUMBNAIL_AUTOSELECT("disable-dataset-thumbnail-autoselect"),
-    /**
-     * Only update a DataCite DOI when needed (for efficiency, lighter load on DataCite).
-     */
-    ONLY_UPDATE_DATACITE_WHEN_NEEDED("only-update-datacite-when-needed"),
-
-
-JvmSettings:
-    MIN_FILES_TO_USE_PROXY(SCOPE_SOLR, "min-files-to-use-proxy"),
-
-    // INDEX CONCURENCY
-    SCOPE_SOLR_CONCURENCY(SCOPE_SOLR, "concurrency"),
-    MAX_ASYNC_INDEXES(SCOPE_SOLR_CONCURENCY, "max-async-indexes"),
-
-    //EXPORTS
-    SCOPE_EXPORTS(PREFIX, "exports"),
-    SCOPE_EXPORTS_SCHEMA_DOT_ORG(SCOPE_EXPORTS, "schema-dot-org"),
-    EXPORTS_SCHEMA_DOT_ORG_MAX_FILES_FOR_DOWNLOAD_ENTRIES(SCOPE_EXPORTS_SCHEMA_DOT_ORG, "max-files-for-download-entries"),
-
-Settings:
-
-        SolrFullTextIndexing, //true or false (default)
-        SolrMaxFileSizeForFullTextIndexing, //long - size in bytes (default unset/no limit)
-        /** Default Key for limiting the number of bytes uploaded via the Data Deposit API, UI (web site and . */
-        MaxFileUploadSizeInBytes,
-        ZipDownloadLimit,
-/* size limit for Tabular data file ingests */
-        /* (can be set separately for specific ingestable formats; in which 
-        case the actual stored option will be TabularIngestSizeLimit:{FORMAT_NAME}
-        where {FORMAT_NAME} is the format identification tag returned by the 
-        getFormatName() method in the format-specific plugin; "sav" for the 
-        SPSS/sav format, "RData" for R, etc.
-        for example: :TabularIngestSizeLimit:RData */
-        TabularIngestSizeLimit,
-        /* Validate physical files in the dataset when publishing, if the dataset size less than the threshold limit */
-        DatasetChecksumValidationSizeLimit,
-        /* Validate physical files in the dataset when publishing, if the datafile size less than the threshold limit */
-        DataFileChecksumValidationSizeLimit,
-        FilePIDsEnabled,
-        /**
-         * If defined, this is the URL of the zipping service outside 
-         * the main Application Service where zip downloads should be directed
-         * instead of /api/access/datafiles/
-         */
-        CustomZipDownloadServiceUrl,
-
-        /**
-         * The URL for the DvWebLoader tool (see github.com/gdcc/dvwebloader for details)
-         */
-        WebloaderUrl, 
-
-
-        /**
-         * A comma-separated list of CategoryName in the desired order for files to be
-         * sorted in the file table display. If not set, files will be sorted
-         * alphabetically by default. If set, files will be sorted by these categories
-         * and alphabetically within each category.
-         */
-        CategoryOrder,
-        /**
-         * True(default)/false option deciding whether ordering by folder should be applied to the 
-         * dataset listing of datafiles.
-         */
-        OrderByFolder,
-        /**
-         * Allows an instance admin to disable Solr search facets on the collection
-         * and dataset pages instantly
-         */
-        DisableSolrFacets,
-        DisableSolrFacetsForGuestUsers,
-        DisableSolrFacetsWithoutJsession,
-        DisableUncheckedTypesFacet,
-
-        /**
-         * When ingesting tabular data files, store the generated tab-delimited 
-         * files *with* the variable names line up top. 
-         */
-        StoreIngestedTabularFilesWithVarHeaders,
-
- There is no well-defined cut-off - the speed of viewing and editing a large dataset will decrease as files are added, and, at some point, Dataverse may need more memory than is available, resulting in drastically slower response / 
+To configure these options, an administrator must set two JVM options for the Dataverse installation using the same process as for other configuration options:
 
+``./asadmin create-jvm-options "-Ddataverse.files.<id>.download-redirect=true"``
 
+``./asadmin create-jvm-options "-Ddataverse.files.<id>.upload-redirect=true"``
 
 
+With multiple stores configured, it is possible to configure one S3 store with direct upload and/or download to support large files (in general or for specific Dataverse collections) while configuring only direct download, or no direct access for another store.
 
 The direct upload option now switches between uploading the file in one piece (up to 1 GB by default) and sending it as multiple parts. The default can be changed by setting:
   
@@ -365,7 +39,7 @@ At present, one potential drawback for direct-upload is that files are only part
 .. _s3-direct-upload-features-disabled:
 
 Features that are Disabled if S3 Direct Upload is Enabled
-^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 The following features are disabled when S3 direct upload is enabled.
 
@@ -378,7 +52,7 @@ The following features are disabled when S3 direct upload is enabled.
 .. _cors-s3-bucket:
 
 Allow CORS for S3 Buckets
-^^^^^^^^^^^^^^^^^^^^^^^^
+~~~~~~~~~~~~~~~~~~~~~~~~~
 
 **IMPORTANT:** One additional step that is required to enable direct uploads via a Dataverse installation and for direct download to work with previewers and direct upload to work with dvwebloader (:ref:`folder-upload`) is to allow cross site (CORS) requests on your S3 store.
 The example below shows how to enable CORS rules (to support upload and download) on a bucket using the AWS CLI command line tool. Note that you may want to limit the AllowedOrigins and/or AllowedHeaders further.  https://github.com/gdcc/dataverse-previewers/wiki/Using-Previewers-with-download-redirects-from-S3 has some additional information about doing this.
@@ -411,14 +85,12 @@ Alternatively, you can enable CORS using the AWS S3 web interface, using json-en
 .. _s3-tags-and-direct-upload:
 
 S3 Tags and Direct Upload
-^^^^^^^^^^^^^^^^^^^^^^^^
+~~~~~~~~~~~~~~~~~~~~~~~~~
 
 Since the direct upload mechanism creates the final file rather than an intermediate temporary file, user actions, such as neither saving or canceling an upload session before closing the browser page, can leave an abandoned file in the store. The direct upload mechanism attempts to use S3 tags to aid in identifying/removing such files. Upon upload, files are given a "dv-state":"temp" tag which is removed when the dataset changes are saved and new files are added in the Dataverse installation. Note that not all S3 implementations support tags. Minio, for example, does not. With such stores, direct upload may not work and you might need to disable tagging. For details, see :ref:`s3-tagging` in the Installation Guide.
 
 Trusted Remote Storage with the ``remote`` Store Type
-~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-
-**Best for:** Very large files that should remain in their original location
+-----------------------------------------------------
 
 For very large, and/or very sensitive data, it may not make sense to transfer or copy files to Dataverse at all. The experimental ``remote`` store type in the Dataverse software now supports this use case. 
 
@@ -479,7 +151,7 @@ To configure the options mentioned above, an administrator must set two JVM opti
 .. _globus-support:
 
 Globus File Transfer
-~~~~~~~~~~~~~~~~~~~
+--------------------
 
 Note: Globus file transfer is still experimental but feedback is welcome! See :ref:`support`.
 
@@ -518,85 +190,3 @@ An overview of the control and data transfer interactions between components was
 See also :ref:`Globus settings <:GlobusSettings>`.
 
 An alternative, experimental implementation of Globus polling of ongoing upload transfers has been added in v6.4. This framework does not rely on the instance staying up continuously for the duration of the transfer and saves the state information about Globus upload requests in the database. Due to its experimental nature it is not enabled by default. See the ``globus-use-experimental-async-framework`` feature flag (see :ref:`feature-flags`) and the JVM option :ref:`dataverse.files.globus-monitoring-server`.
-
-Handling High Volume of Files
-----------------------------
-
-When dealing with datasets containing thousands or millions of files, different challenges arise beyond just file size.
-
-Performance Considerations
-~~~~~~~~~~~~~~~~~~~~~~~~~
-
-**Database Impact**
-
-Each file in Dataverse requires database entries for metadata, permissions, and other attributes. When dealing with very large numbers of files:
-
-* Database query performance may degrade
-* Indexing operations take longer
-* Dataset versioning becomes more resource-intensive
-
-**Recommended Approaches**
-
-For datasets with extremely high file counts (10,000+), consider these strategies:
-
-1. **Use hierarchical organization** - Group files into logical directories to improve navigation
-2. **Batch operations** - Use the API for batch uploads rather than the UI
-3. **Consider file bundling** - Where appropriate, bundle related small files into archives
-4. **Use Globus for bulk transfers** - Globus is optimized for handling large numbers of files
-
-API-Based Batch Operations
-~~~~~~~~~~~~~~~~~~~~~~~~~
-
-For programmatically handling large numbers of files, Dataverse provides API endpoints that support batch operations:
-
-* The `/api/datasets/:id/addFiles` endpoint allows adding multiple files in a single request
-* The `/api/datasets/:id/deleteFiles` endpoint allows removing multiple files at once
-
-See the :doc:`/api/native-api` documentation for details on these endpoints.
-
-Monitoring and Maintenance
-~~~~~~~~~~~~~~~~~~~~~~~~~
-
-When working with high file volumes:
-
-* Monitor database performance regularly
-* Consider implementing scheduled maintenance windows for index optimization
-* Use the Dataverse metrics API to track system performance
-
-Storage Strategy Recommendations
--------------------------------
-
-Based on both file size and volume considerations, here are some general recommendations:
-
-1. **For research projects with moderate data (< 2GB files, < 1000 files):**
-   * Default Dataverse storage is sufficient
-
-2. **For projects with large files but moderate file counts:**
-   * Configure S3 direct upload/download
-   * Set appropriate ingest size limits
-
-3. **For projects with very large files or sensitive data that should remain in place:**
-   * Use the remote storage option
-   * Consider implementing access controls at the remote storage level
-
-4. **For high-performance computing environments or very large datasets:**
-   * Implement Globus transfer
-   * Use batch operations via API
-   * Consider custom workflows for dataset creation and management
-
-5. **For datasets with millions of small files:**
-   * Consider file bundling where appropriate
-   * Use Globus for transfer
-   * Implement hierarchical organization
-
-Performance Tuning
------------------
-
-Regardless of which storage solution you choose, consider these performance tuning options:
-
-* Increase JVM heap size for Dataverse application
-* Optimize database indexes for file metadata tables
-* Configure appropriate timeouts for large file transfers
-* Consider dedicated storage nodes for high-volume installations
-
-For detailed performance tuning recommendations, see the :doc:`/installation/config` guide.

From 158ea2aceadf29c613abf18615a69ad9ef858bdf Mon Sep 17 00:00:00 2001
From: Jim Myers <qqmyers@hotmail.com>
Date: Fri, 26 Sep 2025 15:11:53 -0400
Subject: [PATCH 307/634] fix lists /errs in rst

---
 .../source/admin/big-data-administration.rst  | 57 ++++++++++---------
 1 file changed, 29 insertions(+), 28 deletions(-)

diff --git a/doc/sphinx-guides/source/admin/big-data-administration.rst b/doc/sphinx-guides/source/admin/big-data-administration.rst
index dba872aed5e..c28d9d600b3 100644
--- a/doc/sphinx-guides/source/admin/big-data-administration.rst
+++ b/doc/sphinx-guides/source/admin/big-data-administration.rst
@@ -36,9 +36,9 @@ version of the file.
 Benefits: 
 
 - This option requires no external services and can potentially handle files into the gigabyte (GB) size range. For smaller institutions,
-and in disciplines where datasets do not have more than a few hundred files and files are not too large, this can be the simplest option.
+  and in disciplines where datasets do not have more than a few hundred files and files are not too large, this can be the simplest option.
 - Unzipping of zip archives can be simpler for users than having to upload many individual files and was, at one time, the only way to 
-preserve file path names when uploading.
+  preserve file path names when uploading.
 
 Challenges: In general file storage is not a good option for larger data sizes - both in terms of file size and number of files. Contributing factors include:
  
@@ -65,18 +65,18 @@ the S3 store. In this configuration, files are never stored on the Dataverse ser
 Benefits: S3 offers several advantages over file storage which :
  
 - Scalability: S3 is designed to handle large amounts of data. It can handle individual files up to several TB in size. 
-Because S3 supports breaking files into pieces, Dataverse can transfer a file in pieces (several in parallel, potentially thousands of pieces per file) making transfers faster
-and more robust (a failure requires only resending the failed piece). It may also be the case that users will have a faster network connection to the S3 store 
-(e.g. in a commercial cloud or High Performance Computing center) than they do to the Dataverse server, reducing transfer time.
+  Because S3 supports breaking files into pieces, Dataverse can transfer a file in pieces (several in parallel, potentially thousands of pieces per file) making transfers faster
+  and more robust (a failure requires only resending the failed piece). It may also be the case that users will have a faster network connection to the S3 store 
+  (e.g. in a commercial cloud or High Performance Computing center) than they do to the Dataverse server, reducing transfer time.
 - High Availability: S3 provides redundancy beyond what is available with a single disk (valuable for preservation, potentially reducing the need to perform data integrity checks).
 
 Challenges:
 
 - One additional step that is required to enable direct uploads via a Dataverse installation and for direct download to work with previewers and direct upload to work with dvwebloader (:ref:`folder-upload`) is to allow cross site (CORS) requests on your S3 store.
 - Cost: S3 offers a pricing model that allows you to pay for the storage and transfer of data based on current usage (versus long term demand) but commercial 
-providers charge more per TB than the equivalent cost of a local disk (though commercial S3 storage is cheaper than commercial file storage).
-There can also be egress and other charges. Overall, S3 storage is generally more expensive than local file storage but cheaper than cloud file storage.
-Running a local S3 storage or leveraging an institutional service can further reduce costs.
+  providers charge more per TB than the equivalent cost of a local disk (though commercial S3 storage is cheaper than commercial file storage).
+  There can also be egress and other charges. Overall, S3 storage is generally more expensive than local file storage but cheaper than cloud file storage.
+  Running a local S3 storage or leveraging an institutional service can further reduce costs.
 - Direct upload via S3 is a multi-step process: Dataverse provides URLs for the uploads, the user's browser or other app uses the URLs to transfer files to the S3 store,
   possibly in many pieces per file, and finally, Dataverse is told that one or more files are in place and should be added to the dataset. If the last step fails, or if
   all parts of a file cannot be transferred, orphaned files or parts of files can be left on S3. These files are not accessible via Dataverse but do use space (for which there is a monetary cost)
@@ -87,24 +87,26 @@ Other Considerations
 
 - S3 Storage without direct upload/download provides minimal benefits with Dataverse as files still pass through the server, files are still uploaded as a single HTTP/HTTPS stream, and temporary storage is still used.
 - While not having files unzipped can be confusing to users who are used to it from using Dataverse with file storage, there are ways to minimize the impact. 
-For example, Dataverse can be configured to use a 'Zip File Previewer' that allows users to see the contents of a zip file and even download individual files from within it. 
-For users who still want their data stored as individual files with their relative folder paths, Dataverse can be configured with the 'DVWebloader' which allows users to select an entire folder tree of files and 
-upload them, with their relative paths intact, to Dataverse. (DVWebloader can only be used with S3/direct upload, but it is much more efficient with many files than using the 
-standard upload interface in Dataverse (which also does not retain path information)).
+  For example, Dataverse can be configured to use a 'Zip File Previewer' that allows users to see the contents of a zip file and even download individual files from within it. 
+  For users who still want their data stored as individual files with their relative folder paths, Dataverse can be configured with the 'DVWebloader' which allows users to select an entire folder tree of files and 
+  upload them, with their relative paths intact, to Dataverse. (DVWebloader can only be used with S3/direct upload, but it is much more efficient with many files than using the 
+  standard upload interface in Dataverse (which also does not retain path information)).
 - The following features are disabled when S3 direct upload is enabled.
   - Unzipping of zip files. (See :ref:`compressed-files`.)
   - Detection of file type based on JHOVE and custom code that reads the first few bytes except for the refinement of Stata file types to include the version. (See :ref:`redetect-file-type`.)
   - Extraction of metadata from FITS files. (See :ref:`fits`.)
   - Creation of NcML auxiliary files (See :ref:`netcdf-and-hdf5`.)
   - Extraction of a geospatial bounding box from NetCDF and HDF5 files (see :ref:`netcdf-and-hdf5`) unless :ref:`dataverse.netcdf.geo-extract-s3-direct-upload` is set to true.
+
 - Using direct upload stops Dataverse from inspecting the file bytes to determine the MIME type (with one exception - Stata files). Dataverse will still look at the file name and extension to determine the MIME type.
 - To perform the 'ingest' processing, Dataverse currently has to copy the file to local storage, somewhat negating the benefit of sending data directly to S3. To manage larger files, one can set a per-store
-ingest size limit (which can be 0 bytes) to stop ingest or limit it to smaller files. 
+  ingest size limit (which can be 0 bytes) to stop ingest or limit it to smaller files. 
 - Dataverse's mechanism for downloading a whole dataset or multiple selected files involves zipping those files together. Even When using S3 with direct upload/download,
-the file bytes are transferred to the Dataverse server as part of the zipping process. There are ways to reduce the performance impact of this:
+  the file bytes are transferred to the Dataverse server as part of the zipping process. There are ways to reduce the performance impact of this:
   - There is a 'ZipDownloader' app that can be run separate from Dataverse to handle the zipping process.
   - Dataverse has a :ZipDownloadLimit that can be used to limit the amount of data that can be zipped. If a dataset is larger than this limit, Dataverse will only add some of the files to the zip and list others in the included manifest file.
   - There are tools such as the Dataverse Dataset Downloader (https://github.com/gdcc/dataverse-recipes/tree/main/shell/download#dataverse-dataset-downloader) that can be used to download all off the files individually. This avoids sending any of the files to/through the Dataverse server when S3 direct download is enabled.  
+
 - Dataverse leverages S3 features that are not implemented by all servers and has several configuration options geared towards handling variations between servers. Site admins should be sure to test with their preferred S3 implementation.
 - The part-size used when directly transferring files to S3 is configurable (at AWS, from 5 MiB to 5GiB). The default in Dataverse is 1 GiB (1024^3). If the primary use case is with smaller files than that, decreasing the part size may improve upload speeds.
 
@@ -145,9 +147,9 @@ Challenges:
 - Currently, remote files can only be added via the API. (This may be addressed in future versions).
 - Remote files can only be added after the dataset is created in the UI (and therefore has an id and PID for use with the API). However, the UI will still allow upload of files to the base store (at dataset creation and when editing), which could be confusing.
 - As Dataverse is relying on the remote service to main the integrity and availability of the files, it is likely that the Dataverse site admin will want to have a formal agreement with the remote service 
-operator about their policies.
+  operator about their policies.
 - Site admins need to consider carefully how to configure file size limits, ingest size limits, etc. on the remote store and it's base store, and whether the remote store is public-only, and whether files there can be read by Dataverse to assure the
-requirements of a specific use case(s) are addressed.
+  requirements of a specific use case(s) are addressed.
 - The current remote store implementation will not prevent you from providing a relative URL that results in a 404 when resolved. (I.e. if you make a typo). You should check to make sure the file exists at the location you specify - by trying to download in Dataverse, by checking to see that Dataverse was able to get the file size (which it does by doing a HEAD call to that location), or just manually trying the URL in your browser.
 - For large files, direct-download should always be used with a remote store. (Otherwise the Dataverse will be involved in the download.)
 - When multiple files are selected for download, Dataverse will try to include remote files in the zip file being created (up to the max zip size limit) which is inefficient, and will not be able to include remote files that are inaccessible (possibly confusing). 
@@ -181,24 +183,24 @@ Challenges:
 - For users not familiar with Globus, managing transfers can be confusing. For the non-S3 options, users cannot just download files - they must have access to a destination Globus endpoint and have a Globus account. Globus does provide free accounts and a free 'Globus Personal Connect' service which installed on any machine to allow transfers to/from it.
 - Globus transfers are not enabled at dataset-creation time. Once the draft version is created, users can initiate Globus transfers to upload files from remote endpoints.
 - For Dataverse-managed endpoints, a community-developed `dataverse-globus <https://github.com/scholarsportal/dataverse-globus>`_ app must be installed and configured in the Dataverse instance. 
-This app manages granting and revoking access for users to upload/download files from Dataverse and handles the translation between Dataverse's internal file naming/organization to that see by the user.
+  This app manages granting and revoking access for users to upload/download files from Dataverse and handles the translation between Dataverse's internal file naming/organization to that see by the user.
 - Users familiar with Globus sometimes expect to be able to find the Dataverse endpoint in Globus' online service and download files from there. Due to the fact that Dataverse is managing permissions and handling file naming, this doesn't work.
 - Due to differences between Dataverse's and Globus's access control models, Dataverse cannot enforce per-file-access restrictions - restriction can only be done today at the level of providing access to all files in a dataset.
-Globus stores can be defined as public to disable Dataverse's ability to restrict and embargo files in that store. If the store is configured to support restriction and embargo,
-Dataverse and it's Dataverse-Globus app will limit users to downloading only the files they have been granted access to, but a technically knowledgeable user could access other files in the same dataset if they are give access to one.
-(Data depositors would need to be aware of this limitation and could be guided to restrict all files/only grant access to all dataset files in Globus as a work-around).
+  Globus stores can be defined as public to disable Dataverse's ability to restrict and embargo files in that store. If the store is configured to support restriction and embargo,
+  Dataverse and it's Dataverse-Globus app will limit users to downloading only the files they have been granted access to, but a technically knowledgeable user could access other files in the same dataset if they are give access to one.
+  (Data depositors would need to be aware of this limitation and could be guided to restrict all files/only grant access to all dataset files in Globus as a work-around).
 - Dataverse-managed endpoints must be Globus 'guest collections' hosted on either a file-system-based endpoint or an S3-based endpoint (the latter requires use of the Globus
-S3 connector which requires a paid Globus subscription at the host institution). In either case, Dataverse is configured with the Globus credentials of a user account that can manage the endpoint.
-Users will need their own Globus account, which can be obtained via their institution or directly from Globus (at no cost).
+  S3 connector which requires a paid Globus subscription at the host institution). In either case, Dataverse is configured with the Globus credentials of a user account that can manage the endpoint.
+  Users will need their own Globus account, which can be obtained via their institution or directly from Globus (at no cost).
 - With the file-system endpoint, Dataverse does not currently have access to the file contents. Thus, functionality related to ingest, previews, fixity hash validation, etc. are not available. 
-(Using the S3-based endpoint, Dataverse has access via S3 and all functionality normally associated with direct uploads to S3 is available. In this case admins should be sure to set the maximum size for ingest and avoid requiring hash validation at publication, etc.)
+  (Using the S3-based endpoint, Dataverse has access via S3 and all functionality normally associated with direct uploads to S3 is available. In this case admins should be sure to set the maximum size for ingest and avoid requiring hash validation at publication, etc.)
 - For the reference use case, Dataverse must be configured with a list of allowed endpoint/base paths from which files may be referenced. In this case, since Dataverse is not accessing the remote endpoint itself, it does not need Globus credentials. 
-Users will also need a Globus account in this case, and the remote endpoint must be configured to allow them access (i.e. be publicly readable, or potentially involving some out-of-band mechanism to request access (that could be described, for example, in the dataset's Terms of Use and Access).
+  Users will also need a Globus account in this case, and the remote endpoint must be configured to allow them access (i.e. be publicly readable, or potentially involving some out-of-band mechanism to request access (that could be described, for example, in the dataset's Terms of Use and Access).
 - As with remote stores, files can only be added in the Globus reference case via the Dataverse API.
 - While Globus itself can handle many (millions of) files of any size, Dataverse cannot handle more than thousands of files per dataset (at best) and some Globus endpoints may have limits on file sizes - both maximums and minimums (e.g. for tape storage where small files are inefficient).
-Users will need to be made aware of these limitations and the possibilities for managing them (e.g. by aggregating multiple files in a single larger file, or storing smaller files in the base-store via the normal Dataverse upload UI).
+  Users will need to be made aware of these limitations and the possibilities for managing them (e.g. by aggregating multiple files in a single larger file, or storing smaller files in the base-store via the normal Dataverse upload UI).
 - There is currently (a bug)[https://github.com/gdcc/dataverse-globus/issues/2] that won't allow users to transfer files from/to endpoints where they do not have permission to list the overall file tree (i.e. an institution manages <endpoint>/institution_name but the user only has access to <endpoint>/institution_name/my_dir.)
-Until that is fixed, a work-around is to first transfer data to an endpoint without this restriction.
+  Until that is fixed, a work-around is to first transfer data to an endpoint without this restriction.
 - An alternative, experimental implementation of Globus polling of ongoing upload transfers has been added in v6.4. This framework does not rely on the instance staying up continuously for the duration of the transfer and saves the state information about Globus upload requests in the database. While it is now the recommended option, it is not enabled by default. See the ``globus-use-experimental-async-framework`` feature flag (see :ref:`feature-flags`) and the JVM option :ref:`dataverse.files.globus-monitoring-server`.
 
 More details of the setup required to enable Globus is described in the `Community Dataverse-Globus Setup and Configuration document <https://docs.google.com/document/d/1mwY3IVv8_wTspQC0d4ddFrD2deqwr-V5iAGHgOy4Ch8/edit?usp=sharing>`_ and the references therein.
@@ -209,7 +211,7 @@ See also :ref:`Globus settings <:GlobusSettings>`.
 
 
 Storage Strategy Recommendations
--------------------------------
+--------------------------------
 
 Based on both file size and volume considerations, here are some general recommendations:
 
@@ -254,7 +256,6 @@ There are a number of settings to limit how many files can be uploaded:
 - ZipUploadFilesLimit - the maximum number of files allowed in an uploaded zip file - only relevant for file stores and S3 when direct upload is not used.
 - MultipleUploadFilesLimit - the number of files the GUI user is allowed to upload in one batch, via drag-and-drop, or through the file select dialog
 - MaxFileUploadSizeInBytes - limit the size of files that can be uploaded
-
 - UseStorageQuotas - once enabled, super users can set per-collection quotas (in bytes) to limit the aggregate size of all files in the collection
 - dataverse.files.default-dataset-file-count-limit - directly limits the number of files per dataset, can be changed per dataset via API (by super users)
 

From f3b758927b02babed7c347cd522065eb68dc773f Mon Sep 17 00:00:00 2001
From: Maham Maham <116267645+Maham802@users.noreply.github.com>
Date: Fri, 26 Sep 2025 21:33:41 +0200
Subject: [PATCH 308/634] fix: update dataverse-ansible links in deployment.rst
 to develop branch

---
 doc/sphinx-guides/source/developers/deployment.rst | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/doc/sphinx-guides/source/developers/deployment.rst b/doc/sphinx-guides/source/developers/deployment.rst
index d3e0c33a8f2..ec9929136b7 100755
--- a/doc/sphinx-guides/source/developers/deployment.rst
+++ b/doc/sphinx-guides/source/developers/deployment.rst
@@ -78,7 +78,7 @@ Amazon offers instructions on using an IAM role to grant permissions to applicat
 Configure Ansible File (Optional)
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
-In order to configure Dataverse installation settings such as the password of the dataverseAdmin user, download https://raw.githubusercontent.com/gdcc/dataverse-ansible/master/defaults/main.yml and edit the file to your liking.
+In order to configure Dataverse installation settings such as the password of the dataverseAdmin user, download https://raw.githubusercontent.com/gdcc/dataverse-ansible/develop/defaults/main.yml and edit the file to your liking.
 
 You can skip this step if you're fine with the values in the "main.yml" file in the link above.
 
@@ -89,7 +89,7 @@ Once you have done the configuration above, you are ready to try running the "ec
 
 Download `ec2-create-instance.sh`_ and put it somewhere reasonable. For the purpose of these instructions we'll assume it's in the "Downloads" directory in your home directory.
 
-.. _ec2-create-instance.sh: https://raw.githubusercontent.com/gdcc/dataverse-ansible/master/ec2/ec2-create-instance.sh
+.. _ec2-create-instance.sh: https://raw.githubusercontent.com/gdcc/dataverse-ansible/develop/ec2/ec2-create-instance.sh
 
 To run the script, you can make it executable (``chmod 755 ec2-create-instance.sh``) or run it with bash, like this with ``-h`` as an argument to print the help:
 

From 75de0ea4e3fc0c765b54854e71ba6bf5fa132f67 Mon Sep 17 00:00:00 2001
From: Jim Myers <qqmyers@hotmail.com>
Date: Fri, 26 Sep 2025 15:43:32 -0400
Subject: [PATCH 309/634] fix strategy table

---
 doc/sphinx-guides/source/admin/big-data-administration.rst | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/doc/sphinx-guides/source/admin/big-data-administration.rst b/doc/sphinx-guides/source/admin/big-data-administration.rst
index c28d9d600b3..fd2316525ab 100644
--- a/doc/sphinx-guides/source/admin/big-data-administration.rst
+++ b/doc/sphinx-guides/source/admin/big-data-administration.rst
@@ -216,22 +216,27 @@ Storage Strategy Recommendations
 Based on both file size and volume considerations, here are some general recommendations:
 
 1. **For research projects with moderate data (< 2GB files, < 100s of files/dataset):**
+
    * Default File Store is sufficient
    * Consider setting file count and size limits (see below)
 
 2. **For projects with larger files (GBs to TBs) and/or more files per dataset (100s to 1000s):**
-   * Configure an S3 store witj direct upload/download
+
+   * Configure an S3 store with direct upload/download
    * Set appropriate ingest size limits
 
 3. **For projects with very large files or sensitive data that should remain in place:**
+
    * Use the Remote Store
 
 4. **For high-performance computing environments or very large datasets (TBs+):**
+
    * Use a Globus Store
    * Work with users to size files appropriate to the underlying storage
    * Consider Globus over S3 when normal upload/download options (via the UI/API) are desired along with Globus transfer
 
 5. **For Petascale datasets, or extreme numbers of files:**
+
    * Consider a Remote Store and referencing a single URL/Globus endpoint for the entire dataset
 
 

From 76f4e5260683685289db76491d5e7071659561a9 Mon Sep 17 00:00:00 2001
From: Maham Maham <116267645+Maham802@users.noreply.github.com>
Date: Fri, 26 Sep 2025 21:54:02 +0200
Subject: [PATCH 310/634] fix(docs): update dataverse-ansible links in
 testing.rst to use develop branch

---
 doc/sphinx-guides/source/developers/testing.rst | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/doc/sphinx-guides/source/developers/testing.rst b/doc/sphinx-guides/source/developers/testing.rst
index 8f9ce645a2e..bd91ce27d54 100755
--- a/doc/sphinx-guides/source/developers/testing.rst
+++ b/doc/sphinx-guides/source/developers/testing.rst
@@ -128,7 +128,7 @@ You might find studying the following test classes helpful in writing tests for
 - DeletePrivateUrlCommandTest.java
 - GetPrivateUrlCommandTest.java
 
-In addition, there is a writeup on "The Testable Command" at https://github.com/IQSS/dataverse/blob/develop/doc/theTestableCommand/TheTestableCommand.md .
+In addition, there is a writeup on "The Testable Command" at https://github.com/IQSS/dataverse/blob/master/doc/theTestableCommand/TheTestableCommand.md .
 
 Running Non-Essential (Excluded) Unit Tests
 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
@@ -169,12 +169,12 @@ different people. For our purposes, an integration test can have two flavors:
 Running the Full API Test Suite Using EC2
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
-**Prerequisite:** To run the API test suite in an EC2 instance you should first follow the steps in the :doc:`deployment` section to get set up with the AWS binary to launch EC2 instances. If you're here because you just want to spin up a branch, you'll still want to follow the AWS deployment setup steps, but may find the `ec2-create README.md <https://github.com/gdcc/dataverse-ansible/blob/master/ec2/README.md>`_ Quick Start section helpful.
+**Prerequisite:** To run the API test suite in an EC2 instance you should first follow the steps in the :doc:`deployment` section to get set up with the AWS binary to launch EC2 instances. If you're here because you just want to spin up a branch, you'll still want to follow the AWS deployment setup steps, but may find the `ec2-create README.md <https://github.com/gdcc/dataverse-ansible/blob/develop/ec2/README.md>`_ Quick Start section helpful.
 
 You may always retrieve a current copy of the ec2-create-instance.sh script and accompanying group_var.yml file from the `dataverse-ansible repo <https://github.com/gdcc/dataverse-ansible/>`_. Since we want to run the test suite, let's grab the group_vars used by Jenkins:
 
-- `ec2-create-instance.sh <https://raw.githubusercontent.com/GlobalDataverseCommunityConsortium/dataverse-ansible/master/ec2/ec2-create-instance.sh>`_
-- `jenkins.yml <https://raw.githubusercontent.com/GlobalDataverseCommunityConsortium/dataverse-ansible/master/tests/group_vars/jenkins.yml>`_
+- `ec2-create-instance.sh <https://raw.githubusercontent.com/gdcc/dataverse-ansible/develop/ec2/ec2-create-instance.sh>`_
+- `jenkins.yml <https://raw.githubusercontent.com/gdcc/dataverse-ansible/develop/tests/group_vars/jenkins.yml>`_
 
 Edit ``jenkins.yml`` to set the desired GitHub repo and branch, and to adjust any other options to meet your needs:
 
@@ -184,7 +184,7 @@ Edit ``jenkins.yml`` to set the desired GitHub repo and branch, and to adjust an
 - ``dataverse.unittests.enabled: true``
 - ``dataverse.sampledata.enabled: true``
 
-If you wish, you may pass the script a ``-l`` flag with a local relative path in which the script will `copy various logs <https://github.com/gdcc/dataverse-ansible/blob/master/ec2/ec2-create-instance.sh#L185>`_ at the end of the test suite for your review.
+If you wish, you may pass the script a ``-l`` flag with a local relative path in which the script will `copy various logs <https://github.com/gdcc/dataverse-ansible/blob/develop/ec2/ec2-create-instance.sh#L185>`_ at the end of the test suite for your review.
 
 Finally, run the script:
 

From 82697886a262b088d4c5aa7eba56b819329d3961 Mon Sep 17 00:00:00 2001
From: Maham Maham <116267645+Maham802@users.noreply.github.com>
Date: Fri, 26 Sep 2025 22:00:49 +0200
Subject: [PATCH 311/634] fix: removed line number

---
 doc/sphinx-guides/source/developers/testing.rst | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/doc/sphinx-guides/source/developers/testing.rst b/doc/sphinx-guides/source/developers/testing.rst
index bd91ce27d54..f84a7cf1ac7 100755
--- a/doc/sphinx-guides/source/developers/testing.rst
+++ b/doc/sphinx-guides/source/developers/testing.rst
@@ -184,7 +184,7 @@ Edit ``jenkins.yml`` to set the desired GitHub repo and branch, and to adjust an
 - ``dataverse.unittests.enabled: true``
 - ``dataverse.sampledata.enabled: true``
 
-If you wish, you may pass the script a ``-l`` flag with a local relative path in which the script will `copy various logs <https://github.com/gdcc/dataverse-ansible/blob/develop/ec2/ec2-create-instance.sh#L185>`_ at the end of the test suite for your review.
+If you wish, you may pass the script a ``-l`` flag with a local relative path in which the script will `copy various logs <https://github.com/gdcc/dataverse-ansible/blob/develop/ec2/ec2-create-instance.sh>`_ at the end of the test suite for your review.
 
 Finally, run the script:
 

From 8a51ebc9b02177b89b2014cc52876432edaeb97a Mon Sep 17 00:00:00 2001
From: Stephen Kraffmiller <skraffmiller@hmdc.harvard.edu>
Date: Fri, 26 Sep 2025 16:05:40 -0400
Subject: [PATCH 312/634] #11772 fix parser and tests

---
 .../harvard/iq/dataverse/api/Datasets.java    |  1 -
 .../impl/UpdateDatasetTermsOfUseCommand.java  |  5 ---
 .../iq/dataverse/util/json/JsonParser.java    | 12 +++++--
 .../harvard/iq/dataverse/api/DatasetsIT.java  | 35 +++++++++++++++++++
 .../json/update-dataset-terms-access.json     |  6 ++--
 5 files changed, 48 insertions(+), 11 deletions(-)

diff --git a/src/main/java/edu/harvard/iq/dataverse/api/Datasets.java b/src/main/java/edu/harvard/iq/dataverse/api/Datasets.java
index 355db7c8c60..9a8c4ab4d2a 100644
--- a/src/main/java/edu/harvard/iq/dataverse/api/Datasets.java
+++ b/src/main/java/edu/harvard/iq/dataverse/api/Datasets.java
@@ -1172,7 +1172,6 @@ public Response editVersionTermsOfUse(@Context ContainerRequestContext crc, Stri
             
             toua.setDatasetVersion(dataset.getLatestVersion());
             
-            
             DatasetVersion updatedVersion = execCommand(new UpdateDatasetTermsOfUseCommand(dataset, toua, createDataverseRequest(getRequestUser(crc)))).getLatestVersion();
 
             return ok(json(updatedVersion, true));
diff --git a/src/main/java/edu/harvard/iq/dataverse/engine/command/impl/UpdateDatasetTermsOfUseCommand.java b/src/main/java/edu/harvard/iq/dataverse/engine/command/impl/UpdateDatasetTermsOfUseCommand.java
index 6e7a5c29e57..74aa2ac0138 100644
--- a/src/main/java/edu/harvard/iq/dataverse/engine/command/impl/UpdateDatasetTermsOfUseCommand.java
+++ b/src/main/java/edu/harvard/iq/dataverse/engine/command/impl/UpdateDatasetTermsOfUseCommand.java
@@ -48,11 +48,6 @@ public Dataset execute(CommandContext ctxt) throws CommandException {
          
         datasetVersion.setVersionState(DatasetVersion.VersionState.DRAFT);
         termsOfUseAndAccess.setDatasetVersion(datasetVersion);
-        System.out.print("From input....");
-        System.out.print(termsOfUseAndAccess.getConfidentialityDeclaration());
-        System.out.print("From DatasetVersion....");
-        System.out.print(datasetVersion.getTermsOfUseAndAccess().getConfidentialityDeclaration());
-        System.out.print("$$$$$$$$$$$$$$$$$$$$$$$$");
         return ctxt.engine().submit(updateDatasetVersionCommand == null ? new UpdateDatasetVersionCommand(this.dataset, getRequest()) : updateDatasetVersionCommand);
     }
     
diff --git a/src/main/java/edu/harvard/iq/dataverse/util/json/JsonParser.java b/src/main/java/edu/harvard/iq/dataverse/util/json/JsonParser.java
index b74f852202c..a080241777e 100644
--- a/src/main/java/edu/harvard/iq/dataverse/util/json/JsonParser.java
+++ b/src/main/java/edu/harvard/iq/dataverse/util/json/JsonParser.java
@@ -379,9 +379,10 @@ public static <E extends Enum<E>> List<E> parseEnumsFromArray(JsonArray enumsArr
     }
     
     public TermsOfUseAndAccess parseTermsOfUseAndAccess(JsonObject obj) throws JsonParseException {
-        JsonObject terms = obj.getJsonObject("termsOfAccess");
+        JsonObject terms = obj.getJsonObject("termsOfUseAndAccess");
         TermsOfUseAndAccess toaa = new TermsOfUseAndAccess();
-
+        toaa.setFileAccessRequest(terms.getBoolean("fileAccessRequest", false));
+        toaa.setTermsOfAccess(terms.getString("termsOfAccess", null));
         toaa.setTermsOfUse(terms.getString("termsOfUse", null));
         toaa.setConfidentialityDeclaration(terms.getString("confidentialityDeclaration", null));
         toaa.setSpecialPermissions(terms.getString("specialPermissions", null));
@@ -390,6 +391,13 @@ public TermsOfUseAndAccess parseTermsOfUseAndAccess(JsonObject obj) throws JsonP
         toaa.setDepositorRequirements(terms.getString("depositorRequirements", null));
         toaa.setConditions(terms.getString("conditions", null));
         toaa.setDisclaimer(terms.getString("disclaimer", null));
+        toaa.setDataAccessPlace(terms.getString("dataAccessPlace", null));
+        toaa.setOriginalArchive(terms.getString("originalArchive", null));
+        toaa.setAvailabilityStatus(terms.getString("availabilityStatus", null)); 
+        toaa.setContactForAccess(terms.getString("contactForAccess", null));
+        toaa.setSizeOfCollection(terms.getString("sizeOfCollection", null));
+        toaa.setStudyCompletion(terms.getString("studyCompletion", null));
+        toaa.setConfidentialityDeclaration(terms.getString("confidentialityDeclaration", null));
 
         return toaa;
     }
diff --git a/src/test/java/edu/harvard/iq/dataverse/api/DatasetsIT.java b/src/test/java/edu/harvard/iq/dataverse/api/DatasetsIT.java
index 91196b6b9d5..bb4793961f8 100644
--- a/src/test/java/edu/harvard/iq/dataverse/api/DatasetsIT.java
+++ b/src/test/java/edu/harvard/iq/dataverse/api/DatasetsIT.java
@@ -4069,6 +4069,41 @@ public void testUpdateDatasetTerms() throws IOException {
         updateTerms.then().assertThat()
                 .statusCode(OK.getStatusCode());
 
+        //Add another dataset with restricted files in order to get the access info to show up
+        
+        
+         Response createDatasetResponse = UtilIT.createRandomDatasetViaNativeApi(dataverseAlias, apiToken);
+        createDatasetResponse.then().assertThat().statusCode(CREATED.getStatusCode());
+        int datasetId2 = JsonPath.from(createDatasetResponse.body().asString()).getInt("data.id");
+        String datasetPersistentId = JsonPath.from(createDatasetResponse.body().asString()).getString("data.persistentId");
+
+        updateTerms = UtilIT.updateDatasetTermsAndAccess(datasetPersistentId, apiToken, pathToJsonFile);
+        updateTerms.prettyPrint();
+        updateTerms.then().assertThat()
+                .statusCode(OK.getStatusCode());
+        
+        // Upload file
+        String pathToTestFile = "src/test/resources/images/coffeeshop.png";
+        Response uploadResponse = UtilIT.uploadFileViaNative(Integer.toString(datasetId2), pathToTestFile, Json.createObjectBuilder().build(), apiToken);
+        uploadResponse.then().assertThat().statusCode(OK.getStatusCode());
+
+        String fileId = JsonPath.from(uploadResponse.body().asString()).getString("data.files[0].dataFile.id");
+        
+        updateTerms = UtilIT.updateDatasetTermsAndAccess(datasetPersistentId, apiToken, pathToJsonFile);
+        updateTerms.prettyPrint();
+        updateTerms.then().assertThat()
+                .statusCode(OK.getStatusCode());
+
+       // Restrict file
+        Response restrictFileResponse = UtilIT.restrictFile(fileId, true, apiToken);
+        restrictFileResponse.then().assertThat().statusCode(OK.getStatusCode());
+
+        // Publish dataset version
+        Response publishDatasetResponse = UtilIT.publishDatasetViaNativeApi(datasetPersistentId, "major", apiToken);
+        publishDatasetResponse.prettyPrint();
+        publishDatasetResponse.then().assertThat().statusCode(OK.getStatusCode());
+
+
     }
 
 
diff --git a/src/test/resources/json/update-dataset-terms-access.json b/src/test/resources/json/update-dataset-terms-access.json
index dbe6380ca56..29749cd21dd 100644
--- a/src/test/resources/json/update-dataset-terms-access.json
+++ b/src/test/resources/json/update-dataset-terms-access.json
@@ -1,7 +1,7 @@
 {
-    "termsOfAccess": {
-        "fileAccessRequest": "true",
-        "termsOfAccessForRestrictedFiles": "For access to restriced files please see read me file",
+    "termsOfUseAndAccess": {
+        "fileAccessRequest": "false",
+        "termsOfAccess": "For access to restriced files please see read me file",
         "dataAccessPlace": "dataAccessPlace",
         "originalArchive": "originalArchive",
         "availabilityStatus": "availabilityStatus",

From 509e640790c77e00d1617a749e0c64301cc25e3a Mon Sep 17 00:00:00 2001
From: GPortas <hey@gportas.me>
Date: Mon, 29 Sep 2025 13:56:54 +0100
Subject: [PATCH 313/634] Added: dataset display name and identifier to InApp
 file notifications

---
 .../json/InAppNotificationsJsonPrinter.java   |  2 ++
 .../InAppNotificationsJsonPrinterTest.java    | 21 +++++++++++++++++++
 2 files changed, 23 insertions(+)

diff --git a/src/main/java/edu/harvard/iq/dataverse/util/json/InAppNotificationsJsonPrinter.java b/src/main/java/edu/harvard/iq/dataverse/util/json/InAppNotificationsJsonPrinter.java
index f3c3a0383e0..241b2d44bad 100644
--- a/src/main/java/edu/harvard/iq/dataverse/util/json/InAppNotificationsJsonPrinter.java
+++ b/src/main/java/edu/harvard/iq/dataverse/util/json/InAppNotificationsJsonPrinter.java
@@ -184,6 +184,8 @@ private void addDataFileFields(final NullSafeJsonBuilder notificationJson, final
         if (dataFile != null) {
             notificationJson.add(KEY_DATAFILE_ID, dataFile.getId());
             notificationJson.add(KEY_DATAFILE_DISPLAY_NAME, dataFile.getDisplayName());
+            notificationJson.add(KEY_DATASET_DISPLAY_NAME, dataFile.getOwner().getDisplayName());
+            notificationJson.add(KEY_DATASET_PERSISTENT_ID, dataFile.getOwner().getIdentifier());
         } else {
             notificationJson.add(KEY_OBJECT_DELETED, true);
         }
diff --git a/src/test/java/edu/harvard/iq/dataverse/util/json/InAppNotificationsJsonPrinterTest.java b/src/test/java/edu/harvard/iq/dataverse/util/json/InAppNotificationsJsonPrinterTest.java
index 82c6125f6c1..2d55f488889 100644
--- a/src/test/java/edu/harvard/iq/dataverse/util/json/InAppNotificationsJsonPrinterTest.java
+++ b/src/test/java/edu/harvard/iq/dataverse/util/json/InAppNotificationsJsonPrinterTest.java
@@ -215,9 +215,14 @@ public void testAddFieldsByType_requestFileAccess() {
         when(requestor.getLastName()).thenReturn("Doe");
         when(requestor.getEmail()).thenReturn("johndoe@example.com");
 
+        Dataset dataset = mock(Dataset.class);
+        when(dataset.getDisplayName()).thenReturn("Test Dataset");
+        when(dataset.getIdentifier()).thenReturn("Test Identifier");
+
         DataFile dataFile = mock(DataFile.class);
         when(dataFile.getId()).thenReturn(1L);
         when(dataFile.getDisplayName()).thenReturn("Test File");
+        when(dataFile.getOwner()).thenReturn(dataset);
         when(dataFileService.find(1L)).thenReturn(dataFile);
 
         sut.addFieldsByType(notificationJson, authenticatedUser, userNotification);
@@ -227,6 +232,8 @@ public void testAddFieldsByType_requestFileAccess() {
         verify(notificationJson).add(KEY_REQUESTOR_EMAIL, "johndoe@example.com");
         verify(notificationJson).add(KEY_DATAFILE_ID, Long.valueOf("1"));
         verify(notificationJson).add(KEY_DATAFILE_DISPLAY_NAME, "Test File");
+        verify(notificationJson).add(KEY_DATASET_DISPLAY_NAME, "Test Dataset");
+        verify(notificationJson).add(KEY_DATASET_PERSISTENT_ID, "Test Identifier");
     }
 
     @Test
@@ -235,9 +242,14 @@ public void testAddFieldsByType_requestFileAccess_nullRequestor() {
         userNotification.setObjectId(1L);
         userNotification.setRequestor(null);
 
+        Dataset dataset = mock(Dataset.class);
+        when(dataset.getDisplayName()).thenReturn("Test Dataset");
+        when(dataset.getIdentifier()).thenReturn("Test Identifier");
+
         DataFile dataFile = mock(DataFile.class);
         when(dataFile.getId()).thenReturn(1L);
         when(dataFile.getDisplayName()).thenReturn("Test File");
+        when(dataFile.getOwner()).thenReturn(dataset);
         when(dataFileService.find(1L)).thenReturn(dataFile);
 
         sut.addFieldsByType(notificationJson, authenticatedUser, userNotification);
@@ -247,6 +259,8 @@ public void testAddFieldsByType_requestFileAccess_nullRequestor() {
         verify(notificationJson, never()).add(eq(KEY_REQUESTOR_EMAIL), anyString());
         verify(notificationJson).add(KEY_DATAFILE_ID, Long.valueOf("1"));
         verify(notificationJson).add(KEY_DATAFILE_DISPLAY_NAME, "Test File");
+        verify(notificationJson).add(KEY_DATASET_DISPLAY_NAME, "Test Dataset");
+        verify(notificationJson).add(KEY_DATASET_PERSISTENT_ID, "Test Identifier");
     }
 
     @Test
@@ -254,9 +268,14 @@ public void testAddFieldsByType_grantFileAccess() {
         userNotification.setType(UserNotification.Type.GRANTFILEACCESS);
         userNotification.setObjectId(1L);
 
+        Dataset dataset = mock(Dataset.class);
+        when(dataset.getDisplayName()).thenReturn("Test Dataset");
+        when(dataset.getIdentifier()).thenReturn("Test Identifier");
+
         DataFile dataFile = mock(DataFile.class);
         when(dataFile.getId()).thenReturn(1L);
         when(dataFile.getDisplayName()).thenReturn("Granted File");
+        when(dataFile.getOwner()).thenReturn(dataset);
         when(dataFileService.find(1L)).thenReturn(dataFile);
 
         sut.addFieldsByType(notificationJson, authenticatedUser, userNotification);
@@ -264,6 +283,8 @@ public void testAddFieldsByType_grantFileAccess() {
         verify(notificationJson).add(KEY_DATAFILE_ID, Long.valueOf("1"));
         verify(notificationJson).add(KEY_DATAFILE_DISPLAY_NAME, "Granted File");
         verify(notificationJson, never()).add(eq(KEY_REQUESTOR_FIRST_NAME), anyString());
+        verify(notificationJson).add(KEY_DATASET_DISPLAY_NAME, "Test Dataset");
+        verify(notificationJson).add(KEY_DATASET_PERSISTENT_ID, "Test Identifier");
     }
 
     @Test

From 7c6567ba8a68f24cfcb0001abc5b3bdcea4836fb Mon Sep 17 00:00:00 2001
From: GPortas <hey@gportas.me>
Date: Mon, 29 Sep 2025 14:28:18 +0100
Subject: [PATCH 314/634] Changed: DATASETMENTIONED InApp notification
 producing json if additional info is a json string

---
 .../json/InAppNotificationsJsonPrinter.java   |  27 +++-
 .../InAppNotificationsJsonPrinterTest.java    | 121 +++++++++++++++++-
 2 files changed, 144 insertions(+), 4 deletions(-)

diff --git a/src/main/java/edu/harvard/iq/dataverse/util/json/InAppNotificationsJsonPrinter.java b/src/main/java/edu/harvard/iq/dataverse/util/json/InAppNotificationsJsonPrinter.java
index 241b2d44bad..7ae7ec8533d 100644
--- a/src/main/java/edu/harvard/iq/dataverse/util/json/InAppNotificationsJsonPrinter.java
+++ b/src/main/java/edu/harvard/iq/dataverse/util/json/InAppNotificationsJsonPrinter.java
@@ -4,8 +4,15 @@
 import edu.harvard.iq.dataverse.authorization.users.AuthenticatedUser;
 import edu.harvard.iq.dataverse.branding.BrandingUtil;
 import edu.harvard.iq.dataverse.util.SystemConfig;
+
 import jakarta.ejb.EJB;
 import jakarta.ejb.Stateless;
+import jakarta.json.Json;
+import jakarta.json.JsonException;
+import jakarta.json.JsonReader;
+import jakarta.json.JsonValue;
+
+import java.io.StringReader;
 
 import static edu.harvard.iq.dataverse.dataset.DatasetUtil.getLocaleCurationStatusLabel;
 import static edu.harvard.iq.dataverse.util.json.JsonPrinter.jsonRoleAssignments;
@@ -262,6 +269,24 @@ private void addIngestFields(final NullSafeJsonBuilder notificationJson, final U
 
     private void addDatasetMentionedFields(final NullSafeJsonBuilder notificationJson, final UserNotification userNotification) {
         addDatasetFields(notificationJson, userNotification);
-        notificationJson.add(KEY_ADDITIONAL_INFO, userNotification.getAdditionalInfo());
+
+        final String additionalInfo = userNotification.getAdditionalInfo();
+
+        if (additionalInfo != null && !additionalInfo.isEmpty()) {
+            try (StringReader stringReader = new StringReader(additionalInfo);
+                 JsonReader jsonReader = Json.createReader(stringReader)) {
+
+                // Try to parse the string into a JSON value
+                JsonValue additionalInfoJson = jsonReader.readValue();
+
+                // If successful, add the parsed JSON value.
+                notificationJson.add(KEY_ADDITIONAL_INFO, additionalInfoJson);
+
+            } catch (JsonException e) {
+                // If parsing fails, it's not a valid JSON string.
+                // Fall back to adding it as a simple string.
+                notificationJson.add(KEY_ADDITIONAL_INFO, additionalInfo);
+            }
+        }
     }
 }
diff --git a/src/test/java/edu/harvard/iq/dataverse/util/json/InAppNotificationsJsonPrinterTest.java b/src/test/java/edu/harvard/iq/dataverse/util/json/InAppNotificationsJsonPrinterTest.java
index 2d55f488889..054b61b3209 100644
--- a/src/test/java/edu/harvard/iq/dataverse/util/json/InAppNotificationsJsonPrinterTest.java
+++ b/src/test/java/edu/harvard/iq/dataverse/util/json/InAppNotificationsJsonPrinterTest.java
@@ -5,18 +5,23 @@
 import edu.harvard.iq.dataverse.branding.BrandingUtil;
 import edu.harvard.iq.dataverse.pidproviders.doi.AbstractDOIProvider;
 import edu.harvard.iq.dataverse.util.SystemConfig;
+
 import jakarta.json.JsonArrayBuilder;
+import jakarta.json.JsonObject;
+import jakarta.json.JsonValue;
+
 import org.junit.jupiter.api.BeforeEach;
 import org.junit.jupiter.api.Test;
 import org.junit.jupiter.api.extension.ExtendWith;
-import org.mockito.InjectMocks;
-import org.mockito.Mock;
-import org.mockito.MockedStatic;
+
+import org.mockito.*;
 import org.mockito.junit.jupiter.MockitoExtension;
 
 import java.util.Collections;
 
+import static org.junit.jupiter.api.Assertions.assertEquals;
 import static edu.harvard.iq.dataverse.util.json.InAppNotificationsJsonPrinter.*;
+import static org.junit.jupiter.api.Assertions.assertInstanceOf;
 import static org.mockito.ArgumentMatchers.any;
 import static org.mockito.ArgumentMatchers.eq;
 import static org.mockito.Mockito.*;
@@ -47,6 +52,9 @@ public class InAppNotificationsJsonPrinterTest {
     @Mock
     private AuthenticatedUser requestor;
 
+    @Captor
+    private ArgumentCaptor<JsonValue> jsonValueCaptor;
+
     private UserNotification userNotification;
 
     private final GlobalId testGlobalId = new GlobalId(AbstractDOIProvider.DOI_PROTOCOL, "10.5072", "FK2/BYM3IW", "/", AbstractDOIProvider.DOI_RESOLVER_URL, null);
@@ -505,6 +513,113 @@ public void testAddFieldsByType_ingestCompleted_objectDeleted() {
         verify(notificationJson).add(KEY_GUIDES_SECTION_PATH, GUIDES_SECTION_PATH_DATASET_MANAGEMENT_TABULAR_FILES_HTML);
     }
 
+    @Test
+    public void testAddFieldsByType_datasetMentioned_withJsonString() {
+        // Arrange
+        userNotification.setType(UserNotification.Type.DATASETMENTIONED);
+        userNotification.setObjectId(1L);
+        String jsonInfo = "{\"key\":\"value\", \"number\":123}";
+        userNotification.setAdditionalInfo(jsonInfo);
+
+        Dataset dataset = mock(Dataset.class);
+        Dataverse owner = mock(Dataverse.class);
+
+        when(dataset.getGlobalId()).thenReturn(testGlobalId);
+        when(dataset.getDisplayName()).thenReturn("Mentioned Dataset");
+        when(dataset.getOwner()).thenReturn(owner);
+        when(datasetService.find(1L)).thenReturn(dataset);
+
+        when(owner.getAlias()).thenReturn("ownerDv");
+        when(owner.getDisplayName()).thenReturn("Owner Dataverse");
+
+        // Act
+        sut.addFieldsByType(notificationJson, authenticatedUser, userNotification);
+
+        // Assert
+        // Verify standard fields are still added
+        verify(notificationJson).add(KEY_DATASET_PERSISTENT_ID, testGlobalId.toString());
+        verify(notificationJson).add(KEY_DATASET_DISPLAY_NAME, "Mentioned Dataset");
+        verify(notificationJson).add(KEY_OWNER_ALIAS, "ownerDv");
+        verify(notificationJson).add(KEY_OWNER_DISPLAY_NAME, "Owner Dataverse");
+
+        // Capture the JsonValue passed for the additional info
+        verify(notificationJson).add(eq(KEY_ADDITIONAL_INFO), jsonValueCaptor.capture());
+        JsonValue capturedValue = jsonValueCaptor.getValue();
+
+        // Assert that the parsed object is a JsonObject with the correct properties
+        assertInstanceOf(JsonObject.class, capturedValue, "The parsed value should be a JsonObject.");
+        JsonObject capturedObject = (JsonObject) capturedValue;
+        assertEquals("value", capturedObject.getString("key"));
+        assertEquals(123, capturedObject.getInt("number"));
+
+        // Explicitly verify it was NOT added as a plain string
+        verify(notificationJson, never()).add(KEY_ADDITIONAL_INFO, jsonInfo);
+    }
+
+    @Test
+    public void testAddFieldsByType_datasetMentioned_withRegularString() {
+        // Arrange
+        userNotification.setType(UserNotification.Type.DATASETMENTIONED);
+        userNotification.setObjectId(1L);
+        String regularStringInfo = "This is just a regular string, not JSON.";
+        userNotification.setAdditionalInfo(regularStringInfo);
+
+        Dataset dataset = mock(Dataset.class);
+        Dataverse owner = mock(Dataverse.class);
+
+        when(dataset.getGlobalId()).thenReturn(testGlobalId);
+        when(dataset.getDisplayName()).thenReturn("Mentioned Dataset");
+        when(dataset.getOwner()).thenReturn(owner);
+        when(datasetService.find(1L)).thenReturn(dataset);
+
+        when(owner.getAlias()).thenReturn("ownerDv");
+        when(owner.getDisplayName()).thenReturn("Owner Dataverse");
+
+        // Act
+        sut.addFieldsByType(notificationJson, authenticatedUser, userNotification);
+
+        // Assert
+        verify(notificationJson).add(KEY_DATASET_PERSISTENT_ID, testGlobalId.toString());
+        verify(notificationJson).add(KEY_DATASET_DISPLAY_NAME, "Mentioned Dataset");
+        verify(notificationJson).add(KEY_OWNER_ALIAS, "ownerDv");
+        verify(notificationJson).add(KEY_OWNER_DISPLAY_NAME, "Owner Dataverse");
+
+        // Verify it falls back to adding a plain String
+        verify(notificationJson).add(KEY_ADDITIONAL_INFO, regularStringInfo);
+    }
+
+    @Test
+    public void testAddFieldsByType_datasetMentioned_withNullInfo() {
+        // Arrange
+        userNotification.setType(UserNotification.Type.DATASETMENTIONED);
+        userNotification.setObjectId(1L);
+        userNotification.setAdditionalInfo(null); // Set additionalInfo to null
+
+        Dataset dataset = mock(Dataset.class);
+        Dataverse owner = mock(Dataverse.class);
+
+        when(dataset.getGlobalId()).thenReturn(testGlobalId);
+        when(dataset.getDisplayName()).thenReturn("Mentioned Dataset");
+        when(dataset.getOwner()).thenReturn(owner);
+        when(datasetService.find(1L)).thenReturn(dataset);
+
+        when(owner.getAlias()).thenReturn("ownerDv");
+        when(owner.getDisplayName()).thenReturn("Owner Dataverse");
+
+        // Act
+        sut.addFieldsByType(notificationJson, authenticatedUser, userNotification);
+
+        // Assert
+        verify(notificationJson).add(KEY_DATASET_PERSISTENT_ID, testGlobalId.toString());
+        verify(notificationJson).add(KEY_DATASET_DISPLAY_NAME, "Mentioned Dataset");
+        verify(notificationJson).add(KEY_OWNER_ALIAS, "ownerDv");
+        verify(notificationJson).add(KEY_OWNER_DISPLAY_NAME, "Owner Dataverse");
+
+        // Verify that the additional info key is never added
+        verify(notificationJson, never()).add(eq(KEY_ADDITIONAL_INFO), (JsonValue) any());
+        verify(notificationJson, never()).add(eq(KEY_ADDITIONAL_INFO), (String) any());
+    }
+
     @Test
     public void testAddFieldsByType_datasetMentioned() {
         userNotification.setType(UserNotification.Type.DATASETMENTIONED);

From a4baae04c7e1381f4293f7a8ca3f71cea3074f99 Mon Sep 17 00:00:00 2001
From: GPortas <hey@gportas.me>
Date: Mon, 29 Sep 2025 15:47:07 +0100
Subject: [PATCH 315/634] Added: release notes for #11804

---
 .../11804-notifications-api-updates.md         | 18 ++++++++++++++++++
 1 file changed, 18 insertions(+)
 create mode 100644 doc/release-notes/11804-notifications-api-updates.md

diff --git a/doc/release-notes/11804-notifications-api-updates.md b/doc/release-notes/11804-notifications-api-updates.md
new file mode 100644
index 00000000000..480f7e99863
--- /dev/null
+++ b/doc/release-notes/11804-notifications-api-updates.md
@@ -0,0 +1,18 @@
+## Notifications API Update
+
+**Endpoint:** `notifications/all`
+
+**Enhancements:**
+
+* When the query parameter `inAppNotificationFormat=true` is set:
+
+    * Notifications of types:
+
+        * `REQUESTFILEACCESS`
+        * `REQUESTEDFILEACCESS`
+        * `GRANTFILEACCESS`
+        * `REJECTFILEACCESS`
+
+  now return both the **dataset display name** and **dataset persistent identifier**.
+
+    * Notifications of type `DATASETMENTIONED` now return a **formatted JSON** in the `additionalInfo` field when this field contains a valid persisted JSON string, instead of a raw JSON string.

From 0c1a9799f81c029dd21d010e7d79899eb3985686 Mon Sep 17 00:00:00 2001
From: GPortas <hey@gportas.me>
Date: Mon, 29 Sep 2025 16:06:18 +0100
Subject: [PATCH 316/634] Added: PR and issue numbers to release notes

---
 doc/release-notes/11804-notifications-api-updates.md | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/doc/release-notes/11804-notifications-api-updates.md b/doc/release-notes/11804-notifications-api-updates.md
index 480f7e99863..deba3336269 100644
--- a/doc/release-notes/11804-notifications-api-updates.md
+++ b/doc/release-notes/11804-notifications-api-updates.md
@@ -16,3 +16,6 @@
   now return both the **dataset display name** and **dataset persistent identifier**.
 
     * Notifications of type `DATASETMENTIONED` now return a **formatted JSON** in the `additionalInfo` field when this field contains a valid persisted JSON string, instead of a raw JSON string.
+
+Related issue: #11809
+Related PR: #11851

From 2d0d062167d0d32fa15e7b141ada164ec8902deb Mon Sep 17 00:00:00 2001
From: GPortas <hey@gportas.me>
Date: Mon, 29 Sep 2025 16:08:40 +0100
Subject: [PATCH 317/634] Fixed: release notes wrong issue number

---
 doc/release-notes/11804-notifications-api-updates.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/doc/release-notes/11804-notifications-api-updates.md b/doc/release-notes/11804-notifications-api-updates.md
index deba3336269..a704442464c 100644
--- a/doc/release-notes/11804-notifications-api-updates.md
+++ b/doc/release-notes/11804-notifications-api-updates.md
@@ -17,5 +17,5 @@
 
     * Notifications of type `DATASETMENTIONED` now return a **formatted JSON** in the `additionalInfo` field when this field contains a valid persisted JSON string, instead of a raw JSON string.
 
-Related issue: #11809
+Related issue: #11804
 Related PR: #11851

From 1d7e11f6fb2c2c5517677b18f32a1a71139c3784 Mon Sep 17 00:00:00 2001
From: Philip Durbin <philip_durbin@harvard.edu>
Date: Mon, 29 Sep 2025 13:26:14 -0400
Subject: [PATCH 318/634] Update
 doc/sphinx-guides/source/developers/making-releases.rst

---
 doc/sphinx-guides/source/developers/making-releases.rst | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/doc/sphinx-guides/source/developers/making-releases.rst b/doc/sphinx-guides/source/developers/making-releases.rst
index 0da4d9e0a72..1672cf179e6 100755
--- a/doc/sphinx-guides/source/developers/making-releases.rst
+++ b/doc/sphinx-guides/source/developers/making-releases.rst
@@ -34,7 +34,7 @@ Early on, make sure it's clear what type of release this is. The steps below des
 Ensure Issues Have Been Created
 -------------------------------
 
-We have a "create release issues" script at https://github.com/IQSS/sabo that should be run a week or so before code freeze.
+We have a "create release issues" script at https://github.com/IQSS/dv-project-metrics that should be run a week or so before code freeze.
 
 For each issue that is created by the script there is likely a corresponding step in this document that has "dedicated" label on it like this:
 

From d58ac0880b43035ee0ff7b309d7309d02e5eea95 Mon Sep 17 00:00:00 2001
From: Philip Durbin <philip_durbin@harvard.edu>
Date: Mon, 29 Sep 2025 13:33:42 -0400
Subject: [PATCH 319/634] typo

---
 doc/sphinx-guides/source/container/app-image.rst | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/doc/sphinx-guides/source/container/app-image.rst b/doc/sphinx-guides/source/container/app-image.rst
index afffeae1c0b..12f5984a66b 100644
--- a/doc/sphinx-guides/source/container/app-image.rst
+++ b/doc/sphinx-guides/source/container/app-image.rst
@@ -81,7 +81,7 @@ For now, stale images will be kept on Docker Hub indefinitely.
   | Example: :substitution-code:`|nextVersion|-noble`
   | Summary: Rolling tag, equivalent to ``unstable`` for current development cycle.
     Will roll over to the rolling production tag after a Dataverse release.
-  | Discussion: Perhaps you are eager to starting testing features of an upcoming version (e.g. |nextVersion|) in a staging environment. You select the :substitution-code:`|nextVersion|-noble` tag (as opposed to ``unstable``) because you want to stay on |nextVersion| rather switching to the version **after that** when a release is made (which would happen if you had selected the ``unstable`` tag). Also, when the next release comes out (|nextVersion| in this example), you would stay on the :substitution-code:`|nextVersion|-noble` tag, which is the same tag that someone would use who wants the final release of |nextVersion|. (See "Rolling Production", above.)
+  | Discussion: Perhaps you are eager to starting testing features of an upcoming version (e.g. |nextVersion|) in a staging environment. You select the :substitution-code:`|nextVersion|-noble` tag (as opposed to ``unstable``) because you want to stay on |nextVersion| rather than switching to the version **after that** when a release is made (which would happen if you had selected the ``unstable`` tag). Also, when the next release comes out (|nextVersion| in this example), you would stay on the :substitution-code:`|nextVersion|-noble` tag, which is the same tag that someone would use who wants the final release of |nextVersion|. (See "Rolling Production", above.)
 
 **NOTE**: In these tags for development usage, the version number will always be 1 minor version ahead of existing Dataverse releases.
 Example: Assume Dataverse ``6.x`` is released, ``6.(x+1)`` is underway.

From f72e10dd83daf5158d5769c4a2250c2cf38f0f98 Mon Sep 17 00:00:00 2001
From: Philip Durbin <philip_durbin@harvard.edu>
Date: Mon, 29 Sep 2025 13:33:51 -0400
Subject: [PATCH 320/634] we now use Zulip rather than Matrix

---
 modules/container-base/README.md        | 2 +-
 modules/container-configbaker/README.md | 2 +-
 src/main/docker/README.md               | 2 +-
 3 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/modules/container-base/README.md b/modules/container-base/README.md
index f6854482073..7a39457b766 100644
--- a/modules/container-base/README.md
+++ b/modules/container-base/README.md
@@ -25,7 +25,7 @@ provides in-depth information about content, building, tuning and so on for this
 **Where to get help and ask questions:**
 
 IQSS will not offer support on how to deploy or run it. Please reach out to the community for help on using it.
-You can join the Community Chat on Matrix at https://chat.dataverse.org and https://groups.google.com/g/dataverse-community
+You can join the Community Chat at https://chat.dataverse.org and https://groups.google.com/g/dataverse-community
 to ask for help and guidance.
 
 ## Supported Image Tags
diff --git a/modules/container-configbaker/README.md b/modules/container-configbaker/README.md
index 75862ee0809..8b68e3db692 100644
--- a/modules/container-configbaker/README.md
+++ b/modules/container-configbaker/README.md
@@ -19,7 +19,7 @@ provides information about this image.
 **Where to get help and ask questions:**
 
 IQSS will not offer support on how to deploy or run it. Please reach out to the community for help on using it.
-You can join the Community Chat on Matrix at https://chat.dataverse.org and https://groups.google.com/g/dataverse-community
+You can join the Community Chat at https://chat.dataverse.org and https://groups.google.com/g/dataverse-community
 to ask for help and guidance.
 
 ## Supported Image Tags
diff --git a/src/main/docker/README.md b/src/main/docker/README.md
index 48416c196ca..a32c91a810e 100644
--- a/src/main/docker/README.md
+++ b/src/main/docker/README.md
@@ -24,7 +24,7 @@ for more details on tunable settings, locations, etc.
 **Where to get help and ask questions:**
 
 IQSS will not offer support on how to deploy or run it. Please reach out to the community for help on using it.
-You can join the Community Chat on Matrix at https://chat.dataverse.org and https://groups.google.com/g/dataverse-community
+You can join the Community Chat at https://chat.dataverse.org and https://groups.google.com/g/dataverse-community
 to ask for help and guidance.
 
 ## Supported Image Tags

From d4d1bfe3290ac12e84414779dd8bd21e0f63fbaf Mon Sep 17 00:00:00 2001
From: Philip Durbin <philip_durbin@harvard.edu>
Date: Mon, 29 Sep 2025 14:54:07 -0400
Subject: [PATCH 321/634] clarify milestones

---
 doc/sphinx-guides/source/developers/making-releases.rst | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/doc/sphinx-guides/source/developers/making-releases.rst b/doc/sphinx-guides/source/developers/making-releases.rst
index 1672cf179e6..fbbc2e5d3ae 100755
--- a/doc/sphinx-guides/source/developers/making-releases.rst
+++ b/doc/sphinx-guides/source/developers/making-releases.rst
@@ -245,7 +245,7 @@ Add Milestone to Pull Requests and Issues
 
 Often someone is making sure that the proper milestone (e.g. 5.10.1) is being applied to pull requests and issues, but sometimes this falls between the cracks.
 
-Check for merged pull requests that have no milestone by going to https://github.com/IQSS/dataverse/pulls and entering `is:pr is:merged no:milestone <https://github.com/IQSS/dataverse/pulls?q=is%3Apr+is%3Amerged+no%3Amilestone>`_ as a query. If you find any, add the milestone to the pull request and any issues it closes. This includes the "merge develop into master" pull request above.
+Check for merged pull requests that have no milestone by going to https://github.com/IQSS/dataverse/pulls and entering `is:pr is:merged no:milestone <https://github.com/IQSS/dataverse/pulls?q=is%3Apr+is%3Amerged+no%3Amilestone>`_ as a query. If you find any, first check if those pull requests are against open pull requests. If so, do nothing. Otherwise, add the milestone to the pull request and any issues it closes. This includes the "merge develop into master" pull request above.
 
 (Optional) Test Docker Images
 -----------------------------

From bb2f6cde23f8dbff9a162e7bc59845afd00a7019 Mon Sep 17 00:00:00 2001
From: GPortas <hey@gportas.me>
Date: Tue, 30 Sep 2025 11:10:22 +0100
Subject: [PATCH 322/634] Added: onlyUnread optional query parameter to
 getAllNotificationsForUser API endpoint

---
 .../dataverse/UserNotificationServiceBean.java  | 17 ++++++++++++++---
 .../harvard/iq/dataverse/api/Notifications.java |  6 ++++--
 .../iq/dataverse/api/NotificationsIT.java       | 11 ++++++++++-
 .../edu/harvard/iq/dataverse/api/UtilIT.java    |  6 +++---
 4 files changed, 31 insertions(+), 9 deletions(-)

diff --git a/src/main/java/edu/harvard/iq/dataverse/UserNotificationServiceBean.java b/src/main/java/edu/harvard/iq/dataverse/UserNotificationServiceBean.java
index 2fb5ea35c45..167b66fb971 100644
--- a/src/main/java/edu/harvard/iq/dataverse/UserNotificationServiceBean.java
+++ b/src/main/java/edu/harvard/iq/dataverse/UserNotificationServiceBean.java
@@ -18,7 +18,6 @@
 import jakarta.ejb.Stateless;
 import jakarta.ejb.TransactionAttribute;
 import jakarta.ejb.TransactionAttributeType;
-import jakarta.inject.Inject;
 import jakarta.inject.Named;
 import jakarta.persistence.EntityManager;
 import jakarta.persistence.PersistenceContext;
@@ -44,11 +43,23 @@ public class UserNotificationServiceBean {
     SettingsServiceBean settingsService;
     
     public List<UserNotification> findByUser(Long userId) {
-        TypedQuery<UserNotification> query = em.createQuery("select un from UserNotification un where un.user.id =:userId order by un.sendDate desc", UserNotification.class);
+        return findByUser(userId, false);
+    }
+
+    public List<UserNotification> findByUser(Long userId, boolean onlyUnread) {
+        TypedQuery<UserNotification> query = em.createQuery(
+                "select un from UserNotification un " +
+                        "where un.user.id = :userId and (:onlyUnread = false or un.readNotification = false) " +
+                        "order by un.sendDate desc",
+                UserNotification.class
+        );
+
         query.setParameter("userId", userId);
+        query.setParameter("onlyUnread", onlyUnread);
+
         return query.getResultList();
     }
-    
+
     public List<UserNotification> findByRequestor(Long userId) {
         TypedQuery<UserNotification> query = em.createQuery("select un from UserNotification un where un.requestor.id =:userId order by un.sendDate desc", UserNotification.class);
         query.setParameter("userId", userId);
diff --git a/src/main/java/edu/harvard/iq/dataverse/api/Notifications.java b/src/main/java/edu/harvard/iq/dataverse/api/Notifications.java
index eebdce5e509..c14c2edc19d 100644
--- a/src/main/java/edu/harvard/iq/dataverse/api/Notifications.java
+++ b/src/main/java/edu/harvard/iq/dataverse/api/Notifications.java
@@ -27,10 +27,12 @@ public class Notifications extends AbstractApiBean {
     @GET
     @AuthRequired
     @Path("/all")
-    public Response getAllNotificationsForUser(@Context ContainerRequestContext crc, @QueryParam("inAppNotificationFormat") boolean inAppNotificationFormat) {
+    public Response getAllNotificationsForUser(@Context ContainerRequestContext crc,
+                                               @QueryParam("onlyUnread") boolean onlyUnread,
+                                               @QueryParam("inAppNotificationFormat") boolean inAppNotificationFormat) {
         try {
             AuthenticatedUser authenticatedUser = getRequestAuthenticatedUserOrDie(crc);
-            List<UserNotification> userNotifications = userNotificationSvc.findByUser(authenticatedUser.getId());
+            List<UserNotification> userNotifications = userNotificationSvc.findByUser(authenticatedUser.getId(), onlyUnread);
             return ok(Json.createObjectBuilder().add("notifications", json(userNotifications, authenticatedUser, inAppNotificationFormat)));
         } catch (WrappedResponse wr) {
             return wr.getResponse();
diff --git a/src/test/java/edu/harvard/iq/dataverse/api/NotificationsIT.java b/src/test/java/edu/harvard/iq/dataverse/api/NotificationsIT.java
index 2ccb1365d71..c34ab70bef6 100644
--- a/src/test/java/edu/harvard/iq/dataverse/api/NotificationsIT.java
+++ b/src/test/java/edu/harvard/iq/dataverse/api/NotificationsIT.java
@@ -87,6 +87,15 @@ public void testNotifications() {
         Response markRead = UtilIT.markNotificationAsRead(createAccountId, authorApiToken);
         markRead.then().assertThat().statusCode(OK.getStatusCode());
 
+        // Retrieve only unread notifications
+        getNotifications = UtilIT.getNotifications(authorApiToken, false, true);
+        getNotifications.then().assertThat()
+                .body("data.notifications[0].type", equalTo(CREATEDV.toString()))
+                .body("data.notifications[0].displayAsRead", equalTo(false))
+                .body("data.notifications.size()", equalTo(1))
+                .statusCode(OK.getStatusCode());
+
+        // Retrieve all notifications
         Response getNotifications2 = UtilIT.getNotifications(authorApiToken);
         getNotifications2.then().assertThat()
                 .body("data.notifications.size()", equalTo(2))
@@ -184,7 +193,7 @@ public void testNotifications() {
                 .statusCode(OK.getStatusCode());
         authorApiToken = UtilIT.getApiTokenFromResponse(createAuthor);
 
-        getNotifications = UtilIT.getNotifications(authorApiToken, true);
+        getNotifications = UtilIT.getNotifications(authorApiToken, true, false);
         getNotifications.then().assertThat()
                 .body("data.notifications[0].displayAsRead", equalTo(false))
                 .body("data.notifications.size()", equalTo(1))
diff --git a/src/test/java/edu/harvard/iq/dataverse/api/UtilIT.java b/src/test/java/edu/harvard/iq/dataverse/api/UtilIT.java
index eba8181e566..4ba8a017f3d 100644
--- a/src/test/java/edu/harvard/iq/dataverse/api/UtilIT.java
+++ b/src/test/java/edu/harvard/iq/dataverse/api/UtilIT.java
@@ -1700,16 +1700,16 @@ static Response returnDatasetToAuthor(String datasetPersistentId, JsonObject jso
     }
 
     static Response getNotifications(String apiToken) {
-        return getNotifications(apiToken, false);
+        return getNotifications(apiToken, false, false);
     }
 
-    static Response getNotifications(String apiToken, boolean inAppNotificationFormat) {
+    static Response getNotifications(String apiToken, boolean inAppNotificationFormat, boolean onlyUnread) {
         RequestSpecification requestSpecification = given();
         if (apiToken != null) {
             requestSpecification = given()
                     .header(UtilIT.API_TOKEN_HTTP_HEADER, apiToken);
         }
-        return requestSpecification.get("/api/notifications/all?inAppNotificationFormat=" + inAppNotificationFormat);
+        return requestSpecification.get("/api/notifications/all?inAppNotificationFormat=" + inAppNotificationFormat + "&onlyUnread=" + onlyUnread);
     }
 
     static Response getUnreadNotificationsCount(String apiToken) {

From 4185dc23a5028d8c6f16f13428f1e12d4802e601 Mon Sep 17 00:00:00 2001
From: GPortas <hey@gportas.me>
Date: Tue, 30 Sep 2025 11:44:14 +0100
Subject: [PATCH 323/634] Added: pagination optional params to
 getAllNotificationsForUser API endpoint

---
 .../UserNotificationServiceBean.java          | 11 +++-
 .../iq/dataverse/api/Notifications.java       |  6 +-
 .../iq/dataverse/api/NotificationsIT.java     | 63 ++++++++++++++++++-
 .../edu/harvard/iq/dataverse/api/UtilIT.java  | 24 +++++--
 4 files changed, 92 insertions(+), 12 deletions(-)

diff --git a/src/main/java/edu/harvard/iq/dataverse/UserNotificationServiceBean.java b/src/main/java/edu/harvard/iq/dataverse/UserNotificationServiceBean.java
index 167b66fb971..b0cc4120800 100644
--- a/src/main/java/edu/harvard/iq/dataverse/UserNotificationServiceBean.java
+++ b/src/main/java/edu/harvard/iq/dataverse/UserNotificationServiceBean.java
@@ -43,10 +43,10 @@ public class UserNotificationServiceBean {
     SettingsServiceBean settingsService;
     
     public List<UserNotification> findByUser(Long userId) {
-        return findByUser(userId, false);
+        return findByUser(userId, false, null, null);
     }
 
-    public List<UserNotification> findByUser(Long userId, boolean onlyUnread) {
+    public List<UserNotification> findByUser(Long userId, boolean onlyUnread, Integer limit, Integer offset) {
         TypedQuery<UserNotification> query = em.createQuery(
                 "select un from UserNotification un " +
                         "where un.user.id = :userId and (:onlyUnread = false or un.readNotification = false) " +
@@ -57,6 +57,13 @@ public List<UserNotification> findByUser(Long userId, boolean onlyUnread) {
         query.setParameter("userId", userId);
         query.setParameter("onlyUnread", onlyUnread);
 
+        if (offset != null) {
+            query.setFirstResult(offset);
+        }
+        if (limit != null) {
+            query.setMaxResults(limit);
+        }
+
         return query.getResultList();
     }
 
diff --git a/src/main/java/edu/harvard/iq/dataverse/api/Notifications.java b/src/main/java/edu/harvard/iq/dataverse/api/Notifications.java
index c14c2edc19d..a2f692e0710 100644
--- a/src/main/java/edu/harvard/iq/dataverse/api/Notifications.java
+++ b/src/main/java/edu/harvard/iq/dataverse/api/Notifications.java
@@ -29,10 +29,12 @@ public class Notifications extends AbstractApiBean {
     @Path("/all")
     public Response getAllNotificationsForUser(@Context ContainerRequestContext crc,
                                                @QueryParam("onlyUnread") boolean onlyUnread,
-                                               @QueryParam("inAppNotificationFormat") boolean inAppNotificationFormat) {
+                                               @QueryParam("inAppNotificationFormat") boolean inAppNotificationFormat,
+                                               @QueryParam("limit") Integer limit,
+                                               @QueryParam("offset") Integer offset) {
         try {
             AuthenticatedUser authenticatedUser = getRequestAuthenticatedUserOrDie(crc);
-            List<UserNotification> userNotifications = userNotificationSvc.findByUser(authenticatedUser.getId(), onlyUnread);
+            List<UserNotification> userNotifications = userNotificationSvc.findByUser(authenticatedUser.getId(), onlyUnread, limit, offset);
             return ok(Json.createObjectBuilder().add("notifications", json(userNotifications, authenticatedUser, inAppNotificationFormat)));
         } catch (WrappedResponse wr) {
             return wr.getResponse();
diff --git a/src/test/java/edu/harvard/iq/dataverse/api/NotificationsIT.java b/src/test/java/edu/harvard/iq/dataverse/api/NotificationsIT.java
index c34ab70bef6..1b8c8b61fdb 100644
--- a/src/test/java/edu/harvard/iq/dataverse/api/NotificationsIT.java
+++ b/src/test/java/edu/harvard/iq/dataverse/api/NotificationsIT.java
@@ -88,7 +88,7 @@ public void testNotifications() {
         markRead.then().assertThat().statusCode(OK.getStatusCode());
 
         // Retrieve only unread notifications
-        getNotifications = UtilIT.getNotifications(authorApiToken, false, true);
+        getNotifications = UtilIT.getNotifications(authorApiToken, false, true, null, null);
         getNotifications.then().assertThat()
                 .body("data.notifications[0].type", equalTo(CREATEDV.toString()))
                 .body("data.notifications[0].displayAsRead", equalTo(false))
@@ -193,7 +193,7 @@ public void testNotifications() {
                 .statusCode(OK.getStatusCode());
         authorApiToken = UtilIT.getApiTokenFromResponse(createAuthor);
 
-        getNotifications = UtilIT.getNotifications(authorApiToken, true, false);
+        getNotifications = UtilIT.getNotifications(authorApiToken, true, false, null, null);
         getNotifications.then().assertThat()
                 .body("data.notifications[0].displayAsRead", equalTo(false))
                 .body("data.notifications.size()", equalTo(1))
@@ -206,6 +206,65 @@ public void testNotifications() {
                 .body("data.notifications[0].subjectText", equalTo(null))
                 .body("data.notifications[0].messageText", equalTo(null))
                 .statusCode(OK.getStatusCode());
+
+        // Test pagination
+
+        Response authorForPagination = UtilIT.createRandomUser();
+        authorForPagination.then().assertThat().statusCode(OK.getStatusCode());
+        String paginationApiToken = UtilIT.getApiTokenFromResponse(authorForPagination);
+
+        // Create 4 more notifications to have a total of 5 (1 from CREATEACC, 4 from CREATEDV)
+        for (int i = 0; i < 4; i++) {
+            Response dvResponse = UtilIT.createRandomDataverse(paginationApiToken);
+            dvResponse.then().assertThat().statusCode(CREATED.getStatusCode());
+        }
+
+        // Case 1: Test limit
+        // Get first 2 notifications out of 5
+        Response limitedNotifications = UtilIT.getNotifications(paginationApiToken, false, false, 2, 0);
+        limitedNotifications.then().assertThat()
+                .statusCode(OK.getStatusCode())
+                .body("data.notifications[0].type", equalTo(CREATEDV.toString()))
+                .body("data.notifications[1].type", equalTo(CREATEDV.toString()))
+                .body("data.notifications.size()", equalTo(2));
+
+        // Case 2: Test offset
+        // Skip first 3 notifications and get the remaining 2
+        Response offsetNotifications = UtilIT.getNotifications(paginationApiToken, false, false, null, 3);
+        offsetNotifications.then().assertThat()
+                .statusCode(OK.getStatusCode())
+                .body("data.notifications[0].type", equalTo(CREATEDV.toString()))
+                .body("data.notifications[1].type", equalTo(CREATEACC.toString()))
+                .body("data.notifications.size()", equalTo(2));
+
+        // Case 3: Test limit and offset together
+        // Get 2 notifications, starting from the 2nd one (index 1)
+        Response limitedAndOffsetNotifications = UtilIT.getNotifications(paginationApiToken, false, false, 2, 1);
+        limitedAndOffsetNotifications.then().assertThat()
+                .statusCode(OK.getStatusCode())
+                .body("data.notifications[0].type", equalTo(CREATEDV.toString()))
+                .body("data.notifications[1].type", equalTo(CREATEDV.toString()))
+                .body("data.notifications.size()", equalTo(2));
+
+        long firstId = JsonPath.from(limitedAndOffsetNotifications.body().asString()).getLong("data.notifications[0].id");
+        long secondId = JsonPath.from(limitedAndOffsetNotifications.body().asString()).getLong("data.notifications[1].id");
+
+        // Verify we got the correct slice of data
+        Response allNotifications = UtilIT.getNotifications(paginationApiToken);
+        allNotifications.then().assertThat().statusCode(OK.getStatusCode());
+
+        long secondNotificationInAll = JsonPath.from(allNotifications.body().asString()).getLong("data.notifications[1].id");
+        long thirdNotificationInAll = JsonPath.from(allNotifications.body().asString()).getLong("data.notifications[2].id");
+
+        assertEquals(secondNotificationInAll, firstId);
+        assertEquals(thirdNotificationInAll, secondId);
+
+        // Case 4: Test limit larger than available notifications
+        // Ask for 10, but should only get the 5 that exist
+        Response excessiveLimitNotifications = UtilIT.getNotifications(paginationApiToken, false, false, 10, 0);
+        excessiveLimitNotifications.then().assertThat()
+                .statusCode(OK.getStatusCode())
+                .body("data.notifications.size()", equalTo(5));
     }
 
     private static void disableSendNotificationOnDatasetCreationSetting() {
diff --git a/src/test/java/edu/harvard/iq/dataverse/api/UtilIT.java b/src/test/java/edu/harvard/iq/dataverse/api/UtilIT.java
index 4ba8a017f3d..d8b96e496ba 100644
--- a/src/test/java/edu/harvard/iq/dataverse/api/UtilIT.java
+++ b/src/test/java/edu/harvard/iq/dataverse/api/UtilIT.java
@@ -1700,16 +1700,28 @@ static Response returnDatasetToAuthor(String datasetPersistentId, JsonObject jso
     }
 
     static Response getNotifications(String apiToken) {
-        return getNotifications(apiToken, false, false);
+        return getNotifications(apiToken, false, false, null, null);
     }
 
-    static Response getNotifications(String apiToken, boolean inAppNotificationFormat, boolean onlyUnread) {
-        RequestSpecification requestSpecification = given();
+    static Response getNotifications(String apiToken, boolean inAppNotificationFormat, boolean onlyUnread, Integer limit, Integer offset) {
+        RequestSpecification request = given();
         if (apiToken != null) {
-            requestSpecification = given()
-                    .header(UtilIT.API_TOKEN_HTTP_HEADER, apiToken);
+            request.header(UtilIT.API_TOKEN_HTTP_HEADER, apiToken);
+        }
+
+        // Add the standard query parameters
+        request.queryParam("inAppNotificationFormat", inAppNotificationFormat)
+                .queryParam("onlyUnread", onlyUnread);
+
+        // Conditionally add pagination parameters only if they are not null
+        if (limit != null) {
+            request.queryParam("limit", limit);
         }
-        return requestSpecification.get("/api/notifications/all?inAppNotificationFormat=" + inAppNotificationFormat + "&onlyUnread=" + onlyUnread);
+        if (offset != null) {
+            request.queryParam("offset", offset);
+        }
+
+        return request.get("/api/notifications/all");
     }
 
     static Response getUnreadNotificationsCount(String apiToken) {

From 17ade92cd4e036daf7911829fde9d9768df97c10 Mon Sep 17 00:00:00 2001
From: GPortas <hey@gportas.me>
Date: Tue, 30 Sep 2025 11:56:12 +0100
Subject: [PATCH 324/634] Added: UserNotificationServiceBeanTest

---
 .../UserNotificationServiceBeanTest.java      | 123 ++++++++++++++++++
 1 file changed, 123 insertions(+)
 create mode 100644 src/test/java/edu/harvard/iq/dataverse/UserNotificationServiceBeanTest.java

diff --git a/src/test/java/edu/harvard/iq/dataverse/UserNotificationServiceBeanTest.java b/src/test/java/edu/harvard/iq/dataverse/UserNotificationServiceBeanTest.java
new file mode 100644
index 00000000000..15d3edb95c4
--- /dev/null
+++ b/src/test/java/edu/harvard/iq/dataverse/UserNotificationServiceBeanTest.java
@@ -0,0 +1,123 @@
+package edu.harvard.iq.dataverse;
+
+import org.junit.jupiter.api.BeforeEach;
+import org.junit.jupiter.api.Test;
+import org.junit.jupiter.api.extension.ExtendWith;
+import org.mockito.InjectMocks;
+import org.mockito.Mock;
+import org.mockito.junit.jupiter.MockitoExtension;
+
+import jakarta.persistence.EntityManager;
+import jakarta.persistence.TypedQuery;
+
+import java.util.Arrays;
+import java.util.Collections;
+import java.util.List;
+
+import static org.junit.jupiter.api.Assertions.assertEquals;
+import static org.mockito.ArgumentMatchers.anyInt;
+import static org.mockito.ArgumentMatchers.anyString;
+import static org.mockito.ArgumentMatchers.eq;
+import static org.mockito.Mockito.never;
+import static org.mockito.Mockito.verify;
+import static org.mockito.Mockito.when;
+
+@ExtendWith(MockitoExtension.class)
+public class UserNotificationServiceBeanTest {
+
+    @Mock
+    private EntityManager em;
+
+    @Mock
+    private TypedQuery<UserNotification> query;
+
+    @InjectMocks
+    private UserNotificationServiceBean userNotificationService;
+
+    @BeforeEach
+    void setUp() {
+        when(em.createQuery(anyString(), eq(UserNotification.class))).thenReturn(query);
+    }
+
+    @Test
+    void testFindByUser_withoutPagination() {
+        // Arrange
+        Long userId = 1L;
+        List<UserNotification> expectedNotifications = Arrays.asList(new UserNotification(), new UserNotification());
+        when(query.getResultList()).thenReturn(expectedNotifications);
+
+        // Act
+        List<UserNotification> actualNotifications = userNotificationService.findByUser(userId, false, null, null);
+
+        // Assert
+        assertEquals(2, actualNotifications.size());
+        verify(query).setParameter("userId", userId);
+        verify(query).setParameter("onlyUnread", false);
+        // Verify that pagination methods were never called
+        verify(query, never()).setFirstResult(anyInt());
+        verify(query, never()).setMaxResults(anyInt());
+    }
+
+    @Test
+    void testFindByUser_withOnlyUnread() {
+        // Arrange
+        Long userId = 1L;
+        when(query.getResultList()).thenReturn(Collections.emptyList());
+
+        // Act
+        userNotificationService.findByUser(userId, true, null, null);
+
+        // Assert
+        verify(query).setParameter("userId", userId);
+        verify(query).setParameter("onlyUnread", true);
+    }
+
+    @Test
+    void testFindByUser_withPagination() {
+        // Arrange
+        Long userId = 1L;
+        int limit = 10;
+        int offset = 20;
+        when(query.getResultList()).thenReturn(Collections.emptyList());
+
+        // Act
+        userNotificationService.findByUser(userId, false, limit, offset);
+
+        // Assert
+        verify(query).setParameter("userId", userId);
+        verify(query).setParameter("onlyUnread", false);
+        // Verify that pagination methods were called with the correct values
+        verify(query).setFirstResult(offset);
+        verify(query).setMaxResults(limit);
+    }
+
+    @Test
+    void testFindByUser_withOnlyLimit() {
+        // Arrange
+        Long userId = 1L;
+        int limit = 5;
+        when(query.getResultList()).thenReturn(Collections.emptyList());
+
+        // Act
+        userNotificationService.findByUser(userId, false, limit, null);
+
+        // Assert
+        verify(query).setMaxResults(limit);
+        verify(query, never()).setFirstResult(anyInt());
+    }
+
+    @Test
+    void testFindByUser_withOnlyOffset() {
+        // Arrange
+        Long userId = 1L;
+        int offset = 15;
+        when(query.getResultList()).thenReturn(Collections.emptyList());
+
+        // Act
+        userNotificationService.findByUser(userId, false, null, offset);
+
+        // Assert
+        verify(query).setFirstResult(offset);
+        verify(query, never()).setMaxResults(anyInt());
+    }
+}

From 710822cf77599f4bed666cb24d04bf28326879c4 Mon Sep 17 00:00:00 2001
From: GPortas <hey@gportas.me>
Date: Tue, 30 Sep 2025 12:01:17 +0100
Subject: [PATCH 325/634] Changed: docs for Get All Notifications by User

---
 doc/sphinx-guides/source/api/native-api.rst | 24 +++++++++++++++++++--
 1 file changed, 22 insertions(+), 2 deletions(-)

diff --git a/doc/sphinx-guides/source/api/native-api.rst b/doc/sphinx-guides/source/api/native-api.rst
index fa4b4611559..03166c87f4f 100644
--- a/doc/sphinx-guides/source/api/native-api.rst
+++ b/doc/sphinx-guides/source/api/native-api.rst
@@ -6129,13 +6129,33 @@ The expected OK (200) response looks something like this:
               }
   ...
 
-This endpoint supports an optional query parameter ``inAppNotificationFormat`` which, if sent as ``true``, retrieves the fields needed to build the in-app notifications for the Notifications section of the Dataverse UI, omitting fields related to email notifications.
+This endpoint supports several optional query parameters to filter and paginate the results.
+
+The ``inAppNotificationFormat`` parameter, if sent as ``true``, retrieves the fields needed to build the in-app notifications for the Notifications section of the Dataverse UI, omitting fields related to email notifications.
 
 .. code-block:: bash
 
   curl -H "X-Dataverse-key:$API_TOKEN" "$SERVER_URL/api/notifications/all?inAppNotificationFormat=true"
 
-The expected OK (200) response looks something like this:
+The ``onlyUnread`` parameter, if sent as ``true``, filters the results to include only notifications that have not been marked as read.
+
+.. code-block:: bash
+
+  curl -H "X-Dataverse-key:$API_TOKEN" "$SERVER_URL/api/notifications/all?onlyUnread=true"
+
+The ``limit`` and ``offset`` parameters can be used for pagination. ``limit`` specifies the maximum number of notifications to return, and ``offset`` specifies the number of notifications to skip from the beginning of the list. For example, to retrieve notifications 11 through 15:
+
+.. code-block:: bash
+
+  curl -H "X-Dataverse-key:$API_TOKEN" "$SERVER_URL/api/notifications/all?limit=5&offset=10"
+
+All parameters can be combined. For instance, to get the first page of 10 unread notifications in the in-app format:
+
+.. code-block:: bash
+
+  curl -H "X-Dataverse-key:$API_TOKEN" "$SERVER_URL/api/notifications/all?inAppNotificationFormat=true&onlyUnread=true&limit=10&offset=0"
+
+The expected OK (200) response for an in-app format request looks something like this:
 
 .. code-block:: text
 

From e68eda0f7c7b7ff8a82f7dfd579d573b4374c901 Mon Sep 17 00:00:00 2001
From: GPortas <hey@gportas.me>
Date: Tue, 30 Sep 2025 12:09:29 +0100
Subject: [PATCH 326/634] Added: release notes for #11852

---
 ...ications-api-pagination-and-only-unread.md | 37 +++++++++++++++++++
 1 file changed, 37 insertions(+)
 create mode 100644 doc/release-notes/11852-notifications-api-pagination-and-only-unread.md

diff --git a/doc/release-notes/11852-notifications-api-pagination-and-only-unread.md b/doc/release-notes/11852-notifications-api-pagination-and-only-unread.md
new file mode 100644
index 00000000000..014e22c7739
--- /dev/null
+++ b/doc/release-notes/11852-notifications-api-pagination-and-only-unread.md
@@ -0,0 +1,37 @@
+## Notifications API Update
+
+**Endpoint:** `notifications/all`
+
+The user notifications endpoint has been enhanced with new optional query parameters to allow for more specific and
+efficient data retrieval.
+
+**1. Filter by Unread Status**
+
+You can now fetch only unread notifications by using the `onlyUnread` boolean parameter.
+
+* **`onlyUnread`**: (Optional, boolean) When set to `true`, the API will only return notifications that the user has not
+  yet marked as read.
+
+**Example:**
+
+```bash
+curl -H "X-Dataverse-key:$API_TOKEN" "$SERVER_URL/api/notifications/all?onlyUnread=true"
+```
+
+**2. Pagination Support**
+
+Pagination is now supported through the limit and offset parameters, allowing you to retrieve notifications in smaller,
+manageable chunks.
+
+- **`limit`**: (Optional, integer) Specifies the maximum number of notifications to return.
+
+- **`offset`**: (Optional, integer) Specifies the number of notifications to skip before starting to return results.
+
+Example (Retrieve notifications 11 through 20):
+
+```bash
+curl -H "X-Dataverse-key:$API_TOKEN" "$SERVER_URL/api/notifications/all?limit=10&offset=10"
+```
+
+Related issue: #11852
+Related PR: #11854
\ No newline at end of file

From ef1803b6701add59f6d5d3b12d408d10cab91442 Mon Sep 17 00:00:00 2001
From: Akos Kukucska <a0sf3c@inf.elte.hu>
Date: Tue, 30 Sep 2025 16:54:08 +0200
Subject: [PATCH 327/634] Create a new API endpoint for querying metadata
 language.

---
 .../harvard/iq/dataverse/api/Dataverses.java    | 17 +++++++++++++++++
 .../iq/dataverse/util/json/JsonPrinter.java     | 10 ++++++++++
 2 files changed, 27 insertions(+)

diff --git a/src/main/java/edu/harvard/iq/dataverse/api/Dataverses.java b/src/main/java/edu/harvard/iq/dataverse/api/Dataverses.java
index ae82ff46522..79fb95daff4 100644
--- a/src/main/java/edu/harvard/iq/dataverse/api/Dataverses.java
+++ b/src/main/java/edu/harvard/iq/dataverse/api/Dataverses.java
@@ -1969,4 +1969,21 @@ public Response createTemplate(@Context ContainerRequestContext crc, String body
             return e.getResponse();
         }
     }
+
+    @GET
+    @AuthRequired
+    @Path("{identifier}/metadataLanguage")
+    public Response getMetadataLanguage(@Context ContainerRequestContext crc, @PathParam("identifier") String dvIdtf) {
+        try {
+            Map<String, String> langMap = settingsService.getBaseMetadataLanguageMap(null, true);
+            Dataverse dataverse = findDataverseOrDie(dvIdtf);
+            String dvMetadataLanguage = dataverse.getMetadataLanguage();
+            if (!dvMetadataLanguage.equals(DvObjectContainer.UNDEFINED_CODE)) {
+                return ok(Json.createArrayBuilder().add(jsonLanguage(dvMetadataLanguage, langMap.get(dvMetadataLanguage))));
+            }
+            return ok(jsonLanguage(langMap));
+        } catch (WrappedResponse e) {
+            return e.getResponse();
+        }
+    }
 }
diff --git a/src/main/java/edu/harvard/iq/dataverse/util/json/JsonPrinter.java b/src/main/java/edu/harvard/iq/dataverse/util/json/JsonPrinter.java
index bbc834e0cc4..577cc08dc57 100644
--- a/src/main/java/edu/harvard/iq/dataverse/util/json/JsonPrinter.java
+++ b/src/main/java/edu/harvard/iq/dataverse/util/json/JsonPrinter.java
@@ -1685,4 +1685,14 @@ public static JsonArrayBuilder json(List<UserNotification> notifications, Authen
 
         return notificationsArray;
     }
+    
+    public static JsonObjectBuilder jsonLanguage(String locale, String title) {
+        // returns a single metadata language entry
+        return jsonObjectBuilder().add("locale", locale).add("title", title);
+    }
+
+    public static JsonArrayBuilder jsonLanguage(Map<String, String> langMap) {
+        // returns an array of metadatalanguages
+        return Json.createArrayBuilder(langMap.entrySet().stream().map(entry -> jsonLanguage(entry.getKey(), entry.getValue())).toList());
+    }
 }

From 3c033623422ba263503fc78e6bac6ea65fbf4e12 Mon Sep 17 00:00:00 2001
From: Akos Kukucska <a0sf3c@inf.elte.hu>
Date: Tue, 30 Sep 2025 18:06:31 +0200
Subject: [PATCH 328/634] Move logic to a command for authentication

---
 .../harvard/iq/dataverse/api/Dataverses.java  | 14 ++-----
 .../GetDataverseMetadataLanguageCommand.java  | 41 +++++++++++++++++++
 2 files changed, 45 insertions(+), 10 deletions(-)
 create mode 100644 src/main/java/edu/harvard/iq/dataverse/engine/command/impl/GetDataverseMetadataLanguageCommand.java

diff --git a/src/main/java/edu/harvard/iq/dataverse/api/Dataverses.java b/src/main/java/edu/harvard/iq/dataverse/api/Dataverses.java
index 79fb95daff4..46cdf9d670d 100644
--- a/src/main/java/edu/harvard/iq/dataverse/api/Dataverses.java
+++ b/src/main/java/edu/harvard/iq/dataverse/api/Dataverses.java
@@ -1974,16 +1974,10 @@ public Response createTemplate(@Context ContainerRequestContext crc, String body
     @AuthRequired
     @Path("{identifier}/metadataLanguage")
     public Response getMetadataLanguage(@Context ContainerRequestContext crc, @PathParam("identifier") String dvIdtf) {
-        try {
-            Map<String, String> langMap = settingsService.getBaseMetadataLanguageMap(null, true);
+        return response(req -> {
             Dataverse dataverse = findDataverseOrDie(dvIdtf);
-            String dvMetadataLanguage = dataverse.getMetadataLanguage();
-            if (!dvMetadataLanguage.equals(DvObjectContainer.UNDEFINED_CODE)) {
-                return ok(Json.createArrayBuilder().add(jsonLanguage(dvMetadataLanguage, langMap.get(dvMetadataLanguage))));
-            }
-            return ok(jsonLanguage(langMap));
-        } catch (WrappedResponse e) {
-            return e.getResponse();
-        }
+            return ok(jsonLanguage(execCommand(
+                    new GetDataverseMetadataLanguageCommand(req, dataverse))));
+        }, getRequestUser(crc));
     }
 }
diff --git a/src/main/java/edu/harvard/iq/dataverse/engine/command/impl/GetDataverseMetadataLanguageCommand.java b/src/main/java/edu/harvard/iq/dataverse/engine/command/impl/GetDataverseMetadataLanguageCommand.java
new file mode 100644
index 00000000000..82b5527048b
--- /dev/null
+++ b/src/main/java/edu/harvard/iq/dataverse/engine/command/impl/GetDataverseMetadataLanguageCommand.java
@@ -0,0 +1,41 @@
+package edu.harvard.iq.dataverse.engine.command.impl;
+
+import java.util.Collections;
+import java.util.Map;
+import java.util.Set;
+
+import edu.harvard.iq.dataverse.Dataverse;
+import edu.harvard.iq.dataverse.DvObjectContainer;
+import edu.harvard.iq.dataverse.authorization.Permission;
+import edu.harvard.iq.dataverse.engine.command.AbstractCommand;
+import edu.harvard.iq.dataverse.engine.command.CommandContext;
+import edu.harvard.iq.dataverse.engine.command.DataverseRequest;
+import edu.harvard.iq.dataverse.engine.command.exception.CommandException;
+
+public class GetDataverseMetadataLanguageCommand extends AbstractCommand<Map<String, String>> {
+
+    private final Dataverse dv;
+    
+    public GetDataverseMetadataLanguageCommand(DataverseRequest aRequest, Dataverse dv) {
+        super(aRequest, dv);
+        this.dv = dv;
+    }
+
+    @Override
+    public Map<String, String> execute(CommandContext ctxt) throws CommandException {
+        Map<String, String> langMap = ctxt.settings().getBaseMetadataLanguageMap(null, true);
+        String dvMetadataLanguage = dv.getMetadataLanguage();
+        if (!dvMetadataLanguage.equals(DvObjectContainer.UNDEFINED_CODE)) {
+            return Collections.singletonMap(dvMetadataLanguage, langMap.get(dvMetadataLanguage));
+        }
+        return langMap;
+
+    }
+    
+    @Override
+    public Map<String, Set<Permission>> getRequiredPermissions() {
+        return Collections.singletonMap("",
+                dv.isReleased() ? Collections.<Permission>emptySet()
+                : Collections.singleton(Permission.ViewUnpublishedDataverse));
+    }  
+}

From 94eca41d70283c09591443e3912cc530cf7f7add Mon Sep 17 00:00:00 2001
From: Omer Fahim <mfahim11427@gmail.com>
Date: Tue, 30 Sep 2025 14:03:57 -0400
Subject: [PATCH 329/634] Update
 doc/sphinx-guides/source/container/app-image.rst

typos fix
---
 doc/sphinx-guides/source/container/app-image.rst | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/doc/sphinx-guides/source/container/app-image.rst b/doc/sphinx-guides/source/container/app-image.rst
index 12f5984a66b..47055bd3786 100644
--- a/doc/sphinx-guides/source/container/app-image.rst
+++ b/doc/sphinx-guides/source/container/app-image.rst
@@ -81,7 +81,7 @@ For now, stale images will be kept on Docker Hub indefinitely.
   | Example: :substitution-code:`|nextVersion|-noble`
   | Summary: Rolling tag, equivalent to ``unstable`` for current development cycle.
     Will roll over to the rolling production tag after a Dataverse release.
-  | Discussion: Perhaps you are eager to starting testing features of an upcoming version (e.g. |nextVersion|) in a staging environment. You select the :substitution-code:`|nextVersion|-noble` tag (as opposed to ``unstable``) because you want to stay on |nextVersion| rather than switching to the version **after that** when a release is made (which would happen if you had selected the ``unstable`` tag). Also, when the next release comes out (|nextVersion| in this example), you would stay on the :substitution-code:`|nextVersion|-noble` tag, which is the same tag that someone would use who wants the final release of |nextVersion|. (See "Rolling Production", above.)
+  | Discussion: Perhaps you are eager to start testing features of an upcoming version (e.g. |nextVersion|) in a staging environment. You select the :substitution-code:`|nextVersion|-noble` tag (as opposed to ``unstable``) because you want to stay on |nextVersion| rather than switching to the version **after that** when a release is made (which would happen if you had selected the ``unstable`` tag). Also, when the next release comes out (|nextVersion| in this example), you would stay on the :substitution-code:`|nextVersion|-noble` tag, which is the same tag that someone would use who wants the final release of |nextVersion|. (See "Rolling Production", above.)
 
 **NOTE**: In these tags for development usage, the version number will always be 1 minor version ahead of existing Dataverse releases.
 Example: Assume Dataverse ``6.x`` is released, ``6.(x+1)`` is underway.

From 9933f1678b8b4a1410b7a409f0ae65d1ab3481cf Mon Sep 17 00:00:00 2001
From: Stephen Kraffmiller <skraffmiller@hmdc.harvard.edu>
Date: Tue, 30 Sep 2025 16:00:13 -0400
Subject: [PATCH 330/634] #11772 add content test

---
 src/test/java/edu/harvard/iq/dataverse/api/DatasetsIT.java | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/src/test/java/edu/harvard/iq/dataverse/api/DatasetsIT.java b/src/test/java/edu/harvard/iq/dataverse/api/DatasetsIT.java
index bb4793961f8..9fe30cd451e 100644
--- a/src/test/java/edu/harvard/iq/dataverse/api/DatasetsIT.java
+++ b/src/test/java/edu/harvard/iq/dataverse/api/DatasetsIT.java
@@ -4092,7 +4092,8 @@ public void testUpdateDatasetTerms() throws IOException {
         updateTerms = UtilIT.updateDatasetTermsAndAccess(datasetPersistentId, apiToken, pathToJsonFile);
         updateTerms.prettyPrint();
         updateTerms.then().assertThat()
-                .statusCode(OK.getStatusCode());
+                .statusCode(OK.getStatusCode())
+                .body("data.termsOfAccess", equalTo("For access to restriced files please see read me file"));
 
        // Restrict file
         Response restrictFileResponse = UtilIT.restrictFile(fileId, true, apiToken);

From 3649cd4d8ff43ad2e300bcb17f83da5d9c32b337 Mon Sep 17 00:00:00 2001
From: Stephen Kraffmiller <skraffmiller@hmdc.harvard.edu>
Date: Tue, 30 Sep 2025 16:00:47 -0400
Subject: [PATCH 331/634] #11772 fix typo

---
 .../java/edu/harvard/iq/dataverse/util/json/JsonPrinter.java    | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/main/java/edu/harvard/iq/dataverse/util/json/JsonPrinter.java b/src/main/java/edu/harvard/iq/dataverse/util/json/JsonPrinter.java
index bbc834e0cc4..0b11a5d1fd8 100644
--- a/src/main/java/edu/harvard/iq/dataverse/util/json/JsonPrinter.java
+++ b/src/main/java/edu/harvard/iq/dataverse/util/json/JsonPrinter.java
@@ -495,7 +495,7 @@ public static JsonObjectBuilder json(FileDetailsHolder ds) {
     }
 
     public static JsonObjectBuilder json(DatasetVersion dsv, boolean includeFiles) {
-        return json(dsv, null, includeFiles, false,true);
+        return json(dsv, null, includeFiles, false, true);
     }
     public static JsonObjectBuilder json(DatasetVersion dsv, boolean includeFiles, boolean includeMetadataBlocks) {
         return json(dsv, null, includeFiles, false, includeMetadataBlocks);

From d901f651556272a8e7a441291c3d23668d2a4c7c Mon Sep 17 00:00:00 2001
From: Akos Kukucska <a0sf3c@inf.elte.hu>
Date: Wed, 1 Oct 2025 11:32:42 +0200
Subject: [PATCH 332/634] Test the dataverse metadataLanguage API endpoint

---
 .../iq/dataverse/api/DataversesIT.java        | 31 +++++++++++++++++++
 .../edu/harvard/iq/dataverse/api/UtilIT.java  |  8 +++++
 2 files changed, 39 insertions(+)

diff --git a/src/test/java/edu/harvard/iq/dataverse/api/DataversesIT.java b/src/test/java/edu/harvard/iq/dataverse/api/DataversesIT.java
index 155166a386d..cc764e48286 100644
--- a/src/test/java/edu/harvard/iq/dataverse/api/DataversesIT.java
+++ b/src/test/java/edu/harvard/iq/dataverse/api/DataversesIT.java
@@ -2457,4 +2457,35 @@ private String getSuperuserToken() {
         UtilIT.makeSuperUser(username);
         return adminApiToken;
     }
+    
+    @Test
+    public void testGetDataverseMetadataLanguage() {
+        Response createUser = UtilIT.createRandomUser();
+        createUser.prettyPrint();
+        String username = UtilIT.getUsernameFromResponse(createUser);
+        String apiToken = UtilIT.getApiTokenFromResponse(createUser);
+        UtilIT.deleteSetting(":MetadataLanguages");
+        Response createDataverse1Response = UtilIT.createRandomDataverse(apiToken);
+
+        createDataverse1Response.prettyPrint();
+        createDataverse1Response.then().assertThat().statusCode(CREATED.getStatusCode());
+
+        String alias = UtilIT.getAliasFromResponse(createDataverse1Response);
+
+        Response noLang = UtilIT.getDataverseMetadataLanguage(alias, apiToken);
+        noLang.prettyPrint();
+
+        noLang.then().assertThat().body("data", equalTo(List.of()));
+
+        UtilIT.setSetting(":MetadataLanguages",
+                        "[{\"locale\":\"en\",\"title\":\"English\"},{\"locale\":\"hu\",\"title\":\"magyar\"}]");
+        Response allLangs = UtilIT.getDataverseMetadataLanguage(alias, apiToken);
+        allLangs.prettyPrint();
+        allLangs.then().assertThat()
+                        .body("data.size()", equalTo(2))
+                        .and().body("data[0].locale", equalTo("en"))
+                        .and().body("data[1].locale", equalTo("hu"));
+
+    }
+
 }
diff --git a/src/test/java/edu/harvard/iq/dataverse/api/UtilIT.java b/src/test/java/edu/harvard/iq/dataverse/api/UtilIT.java
index e5d3f908349..c5c38aa7e98 100644
--- a/src/test/java/edu/harvard/iq/dataverse/api/UtilIT.java
+++ b/src/test/java/edu/harvard/iq/dataverse/api/UtilIT.java
@@ -5001,4 +5001,12 @@ public static Response callCallbackUrl(String callbackUrl) {
                 .when()
                 .get(callbackUrl);
     }
+
+    public static Response getDataverseMetadataLanguage(String alias, String apiToken) {
+        return given()
+                .header(API_TOKEN_HTTP_HEADER, apiToken)
+                .get("/api/dataverses/"
+                        + alias
+                        + "/metadataLanguage");
+    }
 }

From 2304ac4392edee977df10417632873b349adbcea Mon Sep 17 00:00:00 2001
From: Akos Kukucska <a0sf3c@inf.elte.hu>
Date: Wed, 1 Oct 2025 16:48:40 +0200
Subject: [PATCH 333/634] Add release note

---
 doc/release-notes/metadataLanguage-API-call.md | 5 +++++
 1 file changed, 5 insertions(+)
 create mode 100644 doc/release-notes/metadataLanguage-API-call.md

diff --git a/doc/release-notes/metadataLanguage-API-call.md b/doc/release-notes/metadataLanguage-API-call.md
new file mode 100644
index 00000000000..a0b68f7ad13
--- /dev/null
+++ b/doc/release-notes/metadataLanguage-API-call.md
@@ -0,0 +1,5 @@
+A new API endpoint has been implemented for getting the metadata language of a Dataverse Collection:
+
+`GET /dataverses/{alias}/metadataLanguage`: Returns the specified metadata language(s) in the collection if any.
+
+For more information, see #11856 and #11856.
\ No newline at end of file

From 50a321f96682193bf554a8c14266cfb5cf773a1b Mon Sep 17 00:00:00 2001
From: GPortas <hey@gportas.me>
Date: Wed, 1 Oct 2025 17:15:06 +0100
Subject: [PATCH 334/634] Stash: refactoring getCompareVersionsSummary endpoint
 WIP

---
 .../harvard/iq/dataverse/api/Datasets.java    | 13 +++-
 .../DatasetVersionSummary.java                | 72 +++++++++++++++++++
 .../DatasetVersionSummaryContent.java         |  4 ++
 ...setVersionSummaryContentDeaccessioned.java | 20 ++++++
 ...tasetVersionSummaryContentDifferences.java |  4 ++
 .../DatasetVersionSummaryContentSimple.java   | 16 +++++
 .../GetDatasetVersionSummariesCommand.java    | 39 ++++++++++
 .../iq/dataverse/util/json/JsonPrinter.java   |  6 ++
 8 files changed, 171 insertions(+), 3 deletions(-)
 create mode 100644 src/main/java/edu/harvard/iq/dataverse/datasetversionsummaries/DatasetVersionSummary.java
 create mode 100644 src/main/java/edu/harvard/iq/dataverse/datasetversionsummaries/DatasetVersionSummaryContent.java
 create mode 100644 src/main/java/edu/harvard/iq/dataverse/datasetversionsummaries/DatasetVersionSummaryContentDeaccessioned.java
 create mode 100644 src/main/java/edu/harvard/iq/dataverse/datasetversionsummaries/DatasetVersionSummaryContentDifferences.java
 create mode 100644 src/main/java/edu/harvard/iq/dataverse/datasetversionsummaries/DatasetVersionSummaryContentSimple.java
 create mode 100644 src/main/java/edu/harvard/iq/dataverse/engine/command/impl/GetDatasetVersionSummariesCommand.java

diff --git a/src/main/java/edu/harvard/iq/dataverse/api/Datasets.java b/src/main/java/edu/harvard/iq/dataverse/api/Datasets.java
index 3334f2ec8bb..b2a93f7b2b0 100644
--- a/src/main/java/edu/harvard/iq/dataverse/api/Datasets.java
+++ b/src/main/java/edu/harvard/iq/dataverse/api/Datasets.java
@@ -3138,8 +3138,15 @@ public Response getCompareVersions(@Context ContainerRequestContext crc, @PathPa
     @GET
     @AuthRequired
     @Path("{id}/versions/compareSummary")
-    public Response getCompareVersionsSummary(@Context ContainerRequestContext crc, @PathParam("id") String id,
-                                      @Context UriInfo uriInfo, @Context HttpHeaders headers) {
+    public Response getCompareVersionsSummary(@Context ContainerRequestContext crc, @PathParam("id") String id) {
+        return response(req -> {
+            try {
+                return ok(json(execCommand(new GetDatasetVersionSummariesCommand(req, findDatasetOrDie(id)))));
+            } catch (WrappedResponse wr) {
+                return wr.getResponse();
+            }
+        }, getRequestUser(crc));
+        /*
         try {
             Dataset dataset = findDatasetOrDie(id);
             User user = getRequestUser(crc);
@@ -3188,7 +3195,7 @@ public Response getCompareVersionsSummary(@Context ContainerRequestContext crc,
             return ok(differenceSummaries);
         } catch (WrappedResponse wr) {
             return wr.getResponse();
-        }
+        }*/
     }
 
     private JsonObject getDeaccessionJson(DatasetVersion dv) {
diff --git a/src/main/java/edu/harvard/iq/dataverse/datasetversionsummaries/DatasetVersionSummary.java b/src/main/java/edu/harvard/iq/dataverse/datasetversionsummaries/DatasetVersionSummary.java
new file mode 100644
index 00000000000..4a34e406398
--- /dev/null
+++ b/src/main/java/edu/harvard/iq/dataverse/datasetversionsummaries/DatasetVersionSummary.java
@@ -0,0 +1,72 @@
+package edu.harvard.iq.dataverse.datasetversionsummaries;
+
+import edu.harvard.iq.dataverse.DatasetVersion;
+import edu.harvard.iq.dataverse.DatasetVersion.VersionState;
+import edu.harvard.iq.dataverse.datasetversionsummaries.DatasetVersionSummaryContentSimple.Content;
+
+import java.util.Optional;
+
+/**
+ * An immutable data carrier representing a summary of a DatasetVersion.
+ */
+public record DatasetVersionSummary(
+        String versionId,
+        String versionNote,
+        String contributorNames,
+        String publicationDate,
+        DatasetVersionSummaryContent content
+) {
+
+    /**
+     * Creates a DatasetVersionSummary from a DatasetVersion entity.
+     * <p>
+     * This factory method is the preferred way to create summaries, as it encapsulates
+     * all the logic for determining the correct summary content.
+     *
+     * @param datasetVersion The entity to convert.
+     * @return An {@link Optional} containing the summary, or an empty Optional if the input is null.
+     */
+    public static Optional<DatasetVersionSummary> from(DatasetVersion datasetVersion) {
+        return Optional.ofNullable(datasetVersion).map(version -> new DatasetVersionSummary(
+                version.getFriendlyVersionNumber(),
+                version.getVersionNote(),
+                version.getContributorNames(),
+                version.getPublicationDateAsString(),
+                determineContent(version)
+        ));
+    }
+
+    /**
+     * Determines the appropriate summary content based on the version's state.
+     * The logic is prioritized to handle the most specific cases first.
+     *
+     * @return The determined {@link DatasetVersionSummaryContent}, or {@code null} if the version
+     * state does not match any known summary condition.
+     */
+    private static DatasetVersionSummaryContent determineContent(DatasetVersion version) {
+        // Priority 1: The version has explicit differences calculated.
+        if (version.getDefaultVersionDifference() != null) {
+            // TODO
+            return new DatasetVersionSummaryContentDifferences();
+        }
+
+        // Priority 2: Deaccessioned status is a critical override.
+        if (version.isDeaccessioned()) {
+            return new DatasetVersionSummaryContentDeaccessioned(version.getDeaccessionNote(), version.getDeaccessionLink());
+        }
+
+        // Priority 3: Standard draft or released versions.
+        if (version.isReleased() || version.isDraft()) {
+            boolean isFirstVersion = version.getPriorVersionState() == null;
+            if (isFirstVersion) {
+                return new DatasetVersionSummaryContentSimple(version.isReleased() ? Content.firstPublished : Content.firstDraft);
+            }
+
+            if (version.getPriorVersionState() == VersionState.DEACCESSIONED) {
+                return new DatasetVersionSummaryContentSimple(Content.previousVersionDeaccessioned);
+            }
+        }
+
+        return null;
+    }
+}
diff --git a/src/main/java/edu/harvard/iq/dataverse/datasetversionsummaries/DatasetVersionSummaryContent.java b/src/main/java/edu/harvard/iq/dataverse/datasetversionsummaries/DatasetVersionSummaryContent.java
new file mode 100644
index 00000000000..653c13aa970
--- /dev/null
+++ b/src/main/java/edu/harvard/iq/dataverse/datasetversionsummaries/DatasetVersionSummaryContent.java
@@ -0,0 +1,4 @@
+package edu.harvard.iq.dataverse.datasetversionsummaries;
+
+public abstract class DatasetVersionSummaryContent {
+}
diff --git a/src/main/java/edu/harvard/iq/dataverse/datasetversionsummaries/DatasetVersionSummaryContentDeaccessioned.java b/src/main/java/edu/harvard/iq/dataverse/datasetversionsummaries/DatasetVersionSummaryContentDeaccessioned.java
new file mode 100644
index 00000000000..6a6ea3fc496
--- /dev/null
+++ b/src/main/java/edu/harvard/iq/dataverse/datasetversionsummaries/DatasetVersionSummaryContentDeaccessioned.java
@@ -0,0 +1,20 @@
+package edu.harvard.iq.dataverse.datasetversionsummaries;
+
+public class DatasetVersionSummaryContentDeaccessioned extends DatasetVersionSummaryContent {
+
+    private final String deaccessionNote;
+    private final String deaccessionLink;
+
+    public DatasetVersionSummaryContentDeaccessioned(String deaccessionNote, String deaccessionLink) {
+        this.deaccessionNote = deaccessionNote;
+        this.deaccessionLink = deaccessionLink;
+    }
+
+    public String getDeaccessionNote() {
+        return deaccessionNote;
+    }
+
+    public String getDeaccessionLink() {
+        return deaccessionLink;
+    }
+}
diff --git a/src/main/java/edu/harvard/iq/dataverse/datasetversionsummaries/DatasetVersionSummaryContentDifferences.java b/src/main/java/edu/harvard/iq/dataverse/datasetversionsummaries/DatasetVersionSummaryContentDifferences.java
new file mode 100644
index 00000000000..c20eebfc400
--- /dev/null
+++ b/src/main/java/edu/harvard/iq/dataverse/datasetversionsummaries/DatasetVersionSummaryContentDifferences.java
@@ -0,0 +1,4 @@
+package edu.harvard.iq.dataverse.datasetversionsummaries;
+
+public class DatasetVersionSummaryContentDifferences extends DatasetVersionSummaryContent {
+}
diff --git a/src/main/java/edu/harvard/iq/dataverse/datasetversionsummaries/DatasetVersionSummaryContentSimple.java b/src/main/java/edu/harvard/iq/dataverse/datasetversionsummaries/DatasetVersionSummaryContentSimple.java
new file mode 100644
index 00000000000..db0172349f6
--- /dev/null
+++ b/src/main/java/edu/harvard/iq/dataverse/datasetversionsummaries/DatasetVersionSummaryContentSimple.java
@@ -0,0 +1,16 @@
+package edu.harvard.iq.dataverse.datasetversionsummaries;
+
+public class DatasetVersionSummaryContentSimple extends DatasetVersionSummaryContent {
+
+    private Content value;
+
+    public DatasetVersionSummaryContentSimple(Content value) {
+        this.value = value;
+    }
+
+    public enum Content {
+        firstPublished,
+        previousVersionDeaccessioned,
+        firstDraft
+    }
+}
diff --git a/src/main/java/edu/harvard/iq/dataverse/engine/command/impl/GetDatasetVersionSummariesCommand.java b/src/main/java/edu/harvard/iq/dataverse/engine/command/impl/GetDatasetVersionSummariesCommand.java
new file mode 100644
index 00000000000..23ea0658f0a
--- /dev/null
+++ b/src/main/java/edu/harvard/iq/dataverse/engine/command/impl/GetDatasetVersionSummariesCommand.java
@@ -0,0 +1,39 @@
+package edu.harvard.iq.dataverse.engine.command.impl;
+
+import edu.harvard.iq.dataverse.Dataset;
+import edu.harvard.iq.dataverse.DatasetVersion;
+import edu.harvard.iq.dataverse.authorization.Permission;
+import edu.harvard.iq.dataverse.datasetversionsummaries.DatasetVersionSummary;
+import edu.harvard.iq.dataverse.engine.command.AbstractCommand;
+import edu.harvard.iq.dataverse.engine.command.CommandContext;
+import edu.harvard.iq.dataverse.engine.command.DataverseRequest;
+import edu.harvard.iq.dataverse.engine.command.exception.CommandException;
+
+import java.util.EnumSet;
+import java.util.List;
+import java.util.Optional;
+
+public class GetDatasetVersionSummariesCommand extends AbstractCommand<List<DatasetVersionSummary>> {
+
+    private final Dataset dataset;
+
+    public GetDatasetVersionSummariesCommand(DataverseRequest request, Dataset dataset) {
+        super(request, dataset);
+        this.dataset = dataset;
+    }
+
+    @Override
+    public List<DatasetVersionSummary> execute(CommandContext ctxt) throws CommandException {
+        return dataset.getVersions().stream()
+                .filter(dv -> versionRequiresSummary(ctxt, dv))
+                .map(DatasetVersionSummary::from)
+                .flatMap(Optional::stream)
+                .toList();
+    }
+
+    private boolean versionRequiresSummary(CommandContext ctxt, DatasetVersion dv) {
+        return dv.isPublished()
+                || dv.isDeaccessioned()
+                || ctxt.permissions().hasPermissionsFor(getRequest().getUser(), dv.getDataset(), EnumSet.of(Permission.ViewUnpublishedDataset));
+    }
+}
diff --git a/src/main/java/edu/harvard/iq/dataverse/util/json/JsonPrinter.java b/src/main/java/edu/harvard/iq/dataverse/util/json/JsonPrinter.java
index bbc834e0cc4..c6d3a18be87 100644
--- a/src/main/java/edu/harvard/iq/dataverse/util/json/JsonPrinter.java
+++ b/src/main/java/edu/harvard/iq/dataverse/util/json/JsonPrinter.java
@@ -19,6 +19,7 @@
 import edu.harvard.iq.dataverse.dataaccess.DataAccess;
 import edu.harvard.iq.dataverse.dataset.DatasetType;
 import edu.harvard.iq.dataverse.dataset.DatasetUtil;
+import edu.harvard.iq.dataverse.datasetversionsummaries.DatasetVersionSummary;
 import edu.harvard.iq.dataverse.datavariable.CategoryMetadata;
 import edu.harvard.iq.dataverse.datavariable.DataVariable;
 import edu.harvard.iq.dataverse.datavariable.SummaryStatistic;
@@ -1685,4 +1686,9 @@ public static JsonArrayBuilder json(List<UserNotification> notifications, Authen
 
         return notificationsArray;
     }
+
+    public static JsonArrayBuilder json(List<DatasetVersionSummary> datasetVersionSummaries) {
+        // TODO
+        return Json.createArrayBuilder();
+    }
 }

From e98a4f5af37b8dfeb59d65c8f9362202643fd22e Mon Sep 17 00:00:00 2001
From: "@suraj05" <wadikarsuraj02@gmail.com>
Date: Wed, 1 Oct 2025 22:38:45 +0530
Subject: [PATCH 335/634] Fix typo in demo.rst: change "collection" to
 "collections" in User Guide reference

---
 doc/sphinx-guides/source/container/running/demo.rst | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/doc/sphinx-guides/source/container/running/demo.rst b/doc/sphinx-guides/source/container/running/demo.rst
index d4afee8a18a..32de0ea48bf 100644
--- a/doc/sphinx-guides/source/container/running/demo.rst
+++ b/doc/sphinx-guides/source/container/running/demo.rst
@@ -261,7 +261,7 @@ You should be able to see the new fields from the metadata block you added in th
 
 ``curl http://localhost:8983/solr/collection1/schema/fields``
 
-At this point you can proceed with testing the metadata block in the Dataverse UI. First you'll need to enable it for a collection (see :ref:`general-information` in the User Guide section about collection). Afterwards, create a new dataset, save it, and then edit the metadata for that dataset. Your metadata block should appear.
+At this point you can proceed with testing the metadata block in the Dataverse UI. First you'll need to enable it for a collection (see :ref:`general-information` in the User Guide section about collections). Afterwards, create a new dataset, save it, and then edit the metadata for that dataset. Your metadata block should appear.
 
 Next Steps
 ----------

From c0c1f86aa1b806851820b756bc017e128e8f80d7 Mon Sep 17 00:00:00 2001
From: Stephen Kraffmiller <skraffmiller@hmdc.harvard.edu>
Date: Wed, 1 Oct 2025 16:04:55 -0400
Subject: [PATCH 336/634] #11772 public install update/test

---
 .../harvard/iq/dataverse/api/Datasets.java    |  9 +++++-
 .../harvard/iq/dataverse/api/DatasetsIT.java  | 29 ++++++++++++++++++-
 2 files changed, 36 insertions(+), 2 deletions(-)

diff --git a/src/main/java/edu/harvard/iq/dataverse/api/Datasets.java b/src/main/java/edu/harvard/iq/dataverse/api/Datasets.java
index 823b5674c32..72ed1158788 100644
--- a/src/main/java/edu/harvard/iq/dataverse/api/Datasets.java
+++ b/src/main/java/edu/harvard/iq/dataverse/api/Datasets.java
@@ -1159,6 +1159,9 @@ public Response editVersionMetadata(@Context ContainerRequestContext crc, String
     public Response editVersionTermsOfUse(@Context ContainerRequestContext crc, String jsonBody, @PathParam("id") String id,
                                         @QueryParam("sourceLastUpdateTime") String sourceLastUpdateTime) {
         try {
+            
+            boolean publicInstall = settingsSvc.isTrueForKey(SettingsServiceBean.Key.PublicInstall, false);
+            
             Dataset dataset = findDatasetOrDie(id);
 
             if (sourceLastUpdateTime != null) {
@@ -1166,9 +1169,13 @@ public Response editVersionTermsOfUse(@Context ContainerRequestContext crc, Stri
             }
 
             JsonObject json = JsonUtil.getJsonObject(jsonBody);
-            System.out.print(jsonBody);
+
             TermsOfUseAndAccess toua = jsonParser().parseTermsOfUseAndAccess(json);
             
+            if (publicInstall && (toua.isFileAccessRequest() || !toua.getTermsOfAccess().isEmpty())){
+                return error(BAD_REQUEST, "Setting File Access Request or Terms of Access is not permitted on a public installation.");
+            }
+            
             
             toua.setDatasetVersion(dataset.getLatestVersion());
             
diff --git a/src/test/java/edu/harvard/iq/dataverse/api/DatasetsIT.java b/src/test/java/edu/harvard/iq/dataverse/api/DatasetsIT.java
index abd37d1b830..1a128c14bee 100644
--- a/src/test/java/edu/harvard/iq/dataverse/api/DatasetsIT.java
+++ b/src/test/java/edu/harvard/iq/dataverse/api/DatasetsIT.java
@@ -4094,6 +4094,15 @@ public void testFilesUnchangedAfterDatasetMetadataUpdate() throws IOException {
 
     @Test
     public void testUpdateDatasetTerms() throws IOException {
+        
+        //get publicInstall setting so we can change it back
+        Response publicInstallResponse = UtilIT.getSetting(SettingsServiceBean.Key.PublicInstall);
+        //TODO: fix this its a little hacky
+        String publicInstall = String.valueOf(publicInstallResponse.getBody().asString().contains("true"));
+
+        // make sure this is not a public installation
+        UtilIT.setSetting(SettingsServiceBean.Key.PublicInstall, "false");
+        
         Response createUser = UtilIT.createRandomUser();
         createUser.prettyPrint();
         createUser.then().assertThat()
@@ -4163,7 +4172,25 @@ public void testUpdateDatasetTerms() throws IOException {
         Response publishDatasetResponse = UtilIT.publishDatasetViaNativeApi(datasetPersistentId, "major", apiToken);
         publishDatasetResponse.prettyPrint();
         publishDatasetResponse.then().assertThat().statusCode(OK.getStatusCode());
-
+        
+        //Make installation "public install" to see that terms of access may not be set
+        UtilIT.setSetting(SettingsServiceBean.Key.PublicInstall, "true");
+        
+        createDataset = UtilIT.createRandomDatasetViaNativeApi(dataverseAlias, apiToken);
+        createDataset.prettyPrint();
+        createDataset.then().assertThat()
+                .statusCode(CREATED.getStatusCode());
+        
+        updateTerms = UtilIT.updateDatasetTermsAndAccess(datasetPid, apiToken, pathToJsonFile);
+        updateTerms.prettyPrint();
+        // should fail because its now a public install
+        updateTerms.then().assertThat()
+                .statusCode(BAD_REQUEST.getStatusCode())
+                .body("message", equalTo("Setting File Access Request or Terms of Access is not permitted on a public installation."));
+        //Setting File Access Request or Terms of Access is not permitted on a public installation.
+        
+        //reset public install
+        UtilIT.setSetting(SettingsServiceBean.Key.PublicInstall, publicInstall);
 
     }
 

From dfe334c6ffafc7a243e249ddf216e8460cb86d2a Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 1 Oct 2025 23:14:36 +0000
Subject: [PATCH 337/634] Bump peter-evans/dockerhub-description from 4 to 5

Bumps [peter-evans/dockerhub-description](https://github.com/peter-evans/dockerhub-description) from 4 to 5.
- [Release notes](https://github.com/peter-evans/dockerhub-description/releases)
- [Commits](https://github.com/peter-evans/dockerhub-description/compare/v4...v5)

---
updated-dependencies:
- dependency-name: peter-evans/dockerhub-description
  dependency-version: '5'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 .github/workflows/container_maintenance.yml | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/.github/workflows/container_maintenance.yml b/.github/workflows/container_maintenance.yml
index 142363cbe1a..d863f838881 100644
--- a/.github/workflows/container_maintenance.yml
+++ b/.github/workflows/container_maintenance.yml
@@ -218,7 +218,7 @@ jobs:
           cat "./modules/container-base/README.md"
       - name: Push description to DockerHub for base image
         if: ${{ ! inputs.dry_run && ! inputs.damp_run && toJSON(needs.base-image.outputs.rebuilt_images) != '[]' }}
-        uses: peter-evans/dockerhub-description@v4
+        uses: peter-evans/dockerhub-description@v5
         with:
           username: ${{ secrets.DOCKERHUB_USERNAME }}
           password: ${{ secrets.DOCKERHUB_TOKEN }}
@@ -243,7 +243,7 @@ jobs:
           cat "./src/main/docker/README.md"
       - name: Push description to DockerHub for application image
         if: ${{ ! inputs.dry_run && ! inputs.damp_run && toJSON(needs.application-image.outputs.rebuilt_images) != '[]' }}
-        uses: peter-evans/dockerhub-description@v4
+        uses: peter-evans/dockerhub-description@v5
         with:
           username: ${{ secrets.DOCKERHUB_USERNAME }}
           password: ${{ secrets.DOCKERHUB_TOKEN }}
@@ -268,7 +268,7 @@ jobs:
           cat "./modules/container-configbaker/README.md"
       - name: Push description to DockerHub for config baker image
         if: ${{ ! inputs.dry_run && ! inputs.damp_run && toJSON(needs.configbaker-image.outputs.rebuilt_images) != '[]' }}
-        uses: peter-evans/dockerhub-description@v4
+        uses: peter-evans/dockerhub-description@v5
         with:
           username: ${{ secrets.DOCKERHUB_USERNAME }}
           password: ${{ secrets.DOCKERHUB_TOKEN }}

From c6982988ded89e0b0364b59a863e5829a9bd03a3 Mon Sep 17 00:00:00 2001
From: Akos Kukucska <a0sf3c@inf.elte.hu>
Date: Thu, 2 Oct 2025 11:38:44 +0200
Subject: [PATCH 338/634] Implement an API endpoint for setting a Dataverse
 collection metadata language.

---
 .../metadataLanguage-API-call.md              |  3 +-
 doc/sphinx-guides/source/api/native-api.rst   | 45 +++++++++++++++++++
 .../harvard/iq/dataverse/api/Dataverses.java  | 20 ++++++++-
 .../SetDataverseMetadataLanguageCommand.java  | 33 ++++++++++++++
 .../iq/dataverse/api/DataversesIT.java        | 14 ++++--
 .../edu/harvard/iq/dataverse/api/UtilIT.java  | 11 ++++-
 6 files changed, 120 insertions(+), 6 deletions(-)
 create mode 100644 src/main/java/edu/harvard/iq/dataverse/engine/command/impl/SetDataverseMetadataLanguageCommand.java

diff --git a/doc/release-notes/metadataLanguage-API-call.md b/doc/release-notes/metadataLanguage-API-call.md
index a0b68f7ad13..9e2598cf159 100644
--- a/doc/release-notes/metadataLanguage-API-call.md
+++ b/doc/release-notes/metadataLanguage-API-call.md
@@ -1,5 +1,6 @@
 A new API endpoint has been implemented for getting the metadata language of a Dataverse Collection:
 
-`GET /dataverses/{alias}/metadataLanguage`: Returns the specified metadata language(s) in the collection if any.
+`GET /dataverses/{alias}/allowedMetadataLanguages`: Returns the specified metadata language(s) in the collection if any.
+`PUT /dataverses/{alias}/allowedMetadataLanguages{metadataLanguage}`: Sets a metadata language in the collection.
 
 For more information, see #11856 and #11856.
\ No newline at end of file
diff --git a/doc/sphinx-guides/source/api/native-api.rst b/doc/sphinx-guides/source/api/native-api.rst
index 19a4d79c5ae..1cef814040e 100644
--- a/doc/sphinx-guides/source/api/native-api.rst
+++ b/doc/sphinx-guides/source/api/native-api.rst
@@ -287,6 +287,51 @@ The fully expanded example above (without environment variables) looks like this
 
   curl -H "X-Dataverse-key:xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx" "https://demo.dataverse.org/api/dataverses/root/roles"
 
+List the Allowed Metadata Languages of a Dataverse Collection
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+Shows the allowed metadata languages of the Dataverse collection ``id``:
+
+.. code-block:: bash
+  
+  export API_TOKEN=xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
+  export SERVER_URL=https://demo.dataverse.org
+  export ID=root
+
+  curl -H "X-Dataverse-key:$API_TOKEN" "$SERVER_URL/api/dataverses/$ID/allowedMetadataLanguages"
+
+The fully expanded example above (without environment variables) looks like this:
+
+.. code-block:: bash
+
+  curl -H "X-Dataverse-key:xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx" "https://demo.dataverse.org/api/dataverses/root/allowedMetadataLanguages"
+
+If there are no metadata languages configured on the server, this call returns an empty array. If the Dataverse collection has a mandatory metadata language, the return value is an array of that single language,
+otherwise it's an array of all available metadata languages on the server.
+
+Set the Allowed Metadata Language of a Dataverse Collection
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+Sets the allowed metadata language of the Dataverse collection ``id`` to ``langCode`` if it's available on the server:
+
+.. code-block:: bash
+  
+  export API_TOKEN=xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
+  export SERVER_URL=https://demo.dataverse.org
+  export ID=root
+  export LANGCODE=en
+
+  curl -H "X-Dataverse-key:$API_TOKEN" -X PUT "$SERVER_URL/api/dataverses/$ID/allowedMetadataLanguages/$LANGCODE"
+
+The fully expanded example above (without environment variables) looks like this:
+
+.. code-block:: bash
+
+  curl -H "X-Dataverse-key:xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx" -X PUT "https://demo.dataverse.org/api/dataverses/root/allowedMetadataLanguages/en"
+
+Returns an array of the set metadata language.
+If the metadata language is not available on the server, this call responds with a 400 BAD REQUEST.
+
 List Facets Configured for a Dataverse Collection
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
diff --git a/src/main/java/edu/harvard/iq/dataverse/api/Dataverses.java b/src/main/java/edu/harvard/iq/dataverse/api/Dataverses.java
index 46cdf9d670d..a2e087a4a9a 100644
--- a/src/main/java/edu/harvard/iq/dataverse/api/Dataverses.java
+++ b/src/main/java/edu/harvard/iq/dataverse/api/Dataverses.java
@@ -72,6 +72,7 @@
 import org.glassfish.jersey.media.multipart.FormDataBodyPart;
 import org.glassfish.jersey.media.multipart.FormDataContentDisposition;
 import org.glassfish.jersey.media.multipart.FormDataParam;
+import org.springframework.security.access.method.P;
 
 import javax.xml.stream.XMLStreamException;
 
@@ -1972,7 +1973,7 @@ public Response createTemplate(@Context ContainerRequestContext crc, String body
 
     @GET
     @AuthRequired
-    @Path("{identifier}/metadataLanguage")
+    @Path("{identifier}/allowedMetadataLanguages")
     public Response getMetadataLanguage(@Context ContainerRequestContext crc, @PathParam("identifier") String dvIdtf) {
         return response(req -> {
             Dataverse dataverse = findDataverseOrDie(dvIdtf);
@@ -1980,4 +1981,21 @@ public Response getMetadataLanguage(@Context ContainerRequestContext crc, @PathP
                     new GetDataverseMetadataLanguageCommand(req, dataverse))));
         }, getRequestUser(crc));
     }
+
+    @PUT
+    @AuthRequired
+    @Path("{identifier}/allowedMetadataLanguages/{metadataLanguage}")
+    public Response setMetadataLanguage(@Context ContainerRequestContext crc, @PathParam("identifier") String dvIdtf, @PathParam("metadataLanguage") String lang) {
+        return response(req -> {
+            Map<String, String> langMap = settingsService.getBaseMetadataLanguageMap(null, true);
+            if (langMap.isEmpty()) {
+                return badRequest("There are no metadata languages configured on this server");
+            }
+            if (!langMap.containsKey(lang)) {
+                return badRequest("The specified metadata language " + lang + " is not allowed on this server!");
+            }
+            Dataverse dataverse = findDataverseOrDie(dvIdtf);
+            return ok(jsonLanguage(execCommand(new SetDataverseMetadataLanguageCommand(req, dataverse, lang))));
+        }, getRequestUser(crc));
+    }
 }
diff --git a/src/main/java/edu/harvard/iq/dataverse/engine/command/impl/SetDataverseMetadataLanguageCommand.java b/src/main/java/edu/harvard/iq/dataverse/engine/command/impl/SetDataverseMetadataLanguageCommand.java
new file mode 100644
index 00000000000..438c332436a
--- /dev/null
+++ b/src/main/java/edu/harvard/iq/dataverse/engine/command/impl/SetDataverseMetadataLanguageCommand.java
@@ -0,0 +1,33 @@
+package edu.harvard.iq.dataverse.engine.command.impl;
+
+import java.util.Collections;
+import java.util.Map;
+
+import edu.harvard.iq.dataverse.Dataverse;
+import edu.harvard.iq.dataverse.DvObject;
+import edu.harvard.iq.dataverse.authorization.Permission;
+import edu.harvard.iq.dataverse.engine.command.AbstractCommand;
+import edu.harvard.iq.dataverse.engine.command.CommandContext;
+import edu.harvard.iq.dataverse.engine.command.DataverseRequest;
+import edu.harvard.iq.dataverse.engine.command.RequiredPermissions;
+import edu.harvard.iq.dataverse.engine.command.exception.CommandException;
+
+@RequiredPermissions(Permission.EditDataverse)
+public class SetDataverseMetadataLanguageCommand extends AbstractCommand<Map<String,String>> {
+
+    private Dataverse dv;
+    private String lang;
+
+    public SetDataverseMetadataLanguageCommand(DataverseRequest aRequest, Dataverse dv, String lang) {
+        super(aRequest, dv);
+        this.dv = dv;
+        this.lang = lang;
+    }
+
+    @Override
+    public Map<String, String> execute(CommandContext ctxt) throws CommandException {
+        dv.setMetadataLanguage(lang);
+        return Collections.singletonMap(lang, ctxt.settings().getBaseMetadataLanguageMap(null, true).get(lang));
+    }
+    
+}
diff --git a/src/test/java/edu/harvard/iq/dataverse/api/DataversesIT.java b/src/test/java/edu/harvard/iq/dataverse/api/DataversesIT.java
index cc764e48286..2540ddc2fca 100644
--- a/src/test/java/edu/harvard/iq/dataverse/api/DataversesIT.java
+++ b/src/test/java/edu/harvard/iq/dataverse/api/DataversesIT.java
@@ -20,6 +20,7 @@
 import java.text.MessageFormat;
 import java.util.Arrays;
 import java.util.List;
+import java.util.Map;
 import java.util.logging.Logger;
 
 import jakarta.json.Json;
@@ -30,6 +31,8 @@
 import org.junit.jupiter.api.AfterAll;
 import org.junit.jupiter.api.BeforeAll;
 import org.junit.jupiter.api.Test;
+import org.junit.jupiter.api.parallel.Isolated;
+import org.junit.jupiter.api.parallel.ResourceLock;
 
 import static jakarta.ws.rs.core.Response.Status.*;
 import static org.hamcrest.CoreMatchers.*;
@@ -2459,10 +2462,10 @@ private String getSuperuserToken() {
     }
     
     @Test
-    public void testGetDataverseMetadataLanguage() {
+    @ResourceLock(value = "")
+    public void testDataverseMetadataLanguage() {
         Response createUser = UtilIT.createRandomUser();
         createUser.prettyPrint();
-        String username = UtilIT.getUsernameFromResponse(createUser);
         String apiToken = UtilIT.getApiTokenFromResponse(createUser);
         UtilIT.deleteSetting(":MetadataLanguages");
         Response createDataverse1Response = UtilIT.createRandomDataverse(apiToken);
@@ -2485,7 +2488,12 @@ public void testGetDataverseMetadataLanguage() {
                         .body("data.size()", equalTo(2))
                         .and().body("data[0].locale", equalTo("en"))
                         .and().body("data[1].locale", equalTo("hu"));
-
+        
+        Response english = UtilIT.setDataverseMetadataLanguage(alias, apiToken, "en");
+        english.then().assertThat().body("data", equalTo(List.of(Map.of("locale", "en", "title", "English"))));
+        Response singleLang = UtilIT.getDataverseMetadataLanguage(alias, apiToken);
+        singleLang.then().assertThat().body("data", equalTo(List.of(Map.of("locale", "en", "title", "English"))));
+        UtilIT.deleteSetting(":MetadataLanguages");
     }
 
 }
diff --git a/src/test/java/edu/harvard/iq/dataverse/api/UtilIT.java b/src/test/java/edu/harvard/iq/dataverse/api/UtilIT.java
index c5c38aa7e98..3888381bbc4 100644
--- a/src/test/java/edu/harvard/iq/dataverse/api/UtilIT.java
+++ b/src/test/java/edu/harvard/iq/dataverse/api/UtilIT.java
@@ -5007,6 +5007,15 @@ public static Response getDataverseMetadataLanguage(String alias, String apiToke
                 .header(API_TOKEN_HTTP_HEADER, apiToken)
                 .get("/api/dataverses/"
                         + alias
-                        + "/metadataLanguage");
+                        + "/allowedMetadataLanguages");
+    }
+
+    public static Response setDataverseMetadataLanguage(String alias, String apiToken, String lang) {
+        return given()
+                .header(API_TOKEN_HTTP_HEADER, apiToken)
+                .put("/api/dataverses/"
+                        + alias
+                        + "/allowedMetadataLanguages/"
+                        + lang);
     }
 }

From 7d1652239773e87f55f572cd9306a15428407e1a Mon Sep 17 00:00:00 2001
From: Stephen Kraffmiller <skraffmiller@hmdc.harvard.edu>
Date: Thu, 2 Oct 2025 09:17:39 -0400
Subject: [PATCH 339/634] #11772 more tests for public install

---
 .../tests/data/update-dataset-terms.json      |  4 ++--
 .../harvard/iq/dataverse/api/DatasetsIT.java  |  9 +++++++++
 .../json/update-dataset-terms-access.json     |  2 +-
 .../json/update-dataset-terms-no-access.json  | 20 +++++++++++++++++++
 4 files changed, 32 insertions(+), 3 deletions(-)
 create mode 100644 src/test/resources/json/update-dataset-terms-no-access.json

diff --git a/scripts/search/tests/data/update-dataset-terms.json b/scripts/search/tests/data/update-dataset-terms.json
index dbe6380ca56..b8b366f5927 100644
--- a/scripts/search/tests/data/update-dataset-terms.json
+++ b/scripts/search/tests/data/update-dataset-terms.json
@@ -1,7 +1,7 @@
 {
     "termsOfAccess": {
-        "fileAccessRequest": "true",
-        "termsOfAccessForRestrictedFiles": "For access to restriced files please see read me file",
+        "fileAccessRequest": "false",
+        "termsOfAccess": "",
         "dataAccessPlace": "dataAccessPlace",
         "originalArchive": "originalArchive",
         "availabilityStatus": "availabilityStatus",
diff --git a/src/test/java/edu/harvard/iq/dataverse/api/DatasetsIT.java b/src/test/java/edu/harvard/iq/dataverse/api/DatasetsIT.java
index 1a128c14bee..242c2de4aae 100644
--- a/src/test/java/edu/harvard/iq/dataverse/api/DatasetsIT.java
+++ b/src/test/java/edu/harvard/iq/dataverse/api/DatasetsIT.java
@@ -4189,6 +4189,15 @@ public void testUpdateDatasetTerms() throws IOException {
                 .body("message", equalTo("Setting File Access Request or Terms of Access is not permitted on a public installation."));
         //Setting File Access Request or Terms of Access is not permitted on a public installation.
         
+        
+       pathToJsonFile = "src/test/resources/json/update-dataset-terms-no-access.json"; 
+        
+        updateTerms = UtilIT.updateDatasetTermsAndAccess(datasetPid, apiToken, pathToJsonFile);
+        updateTerms.prettyPrint();
+        // should be ok because it doesn't update request or terms of access
+        updateTerms.then().assertThat()
+                .statusCode(OK.getStatusCode());        
+                
         //reset public install
         UtilIT.setSetting(SettingsServiceBean.Key.PublicInstall, publicInstall);
 
diff --git a/src/test/resources/json/update-dataset-terms-access.json b/src/test/resources/json/update-dataset-terms-access.json
index 29749cd21dd..84fe4e1f46f 100644
--- a/src/test/resources/json/update-dataset-terms-access.json
+++ b/src/test/resources/json/update-dataset-terms-access.json
@@ -1,6 +1,6 @@
 {
     "termsOfUseAndAccess": {
-        "fileAccessRequest": "false",
+        "fileAccessRequest": "true",
         "termsOfAccess": "For access to restriced files please see read me file",
         "dataAccessPlace": "dataAccessPlace",
         "originalArchive": "originalArchive",
diff --git a/src/test/resources/json/update-dataset-terms-no-access.json b/src/test/resources/json/update-dataset-terms-no-access.json
new file mode 100644
index 00000000000..8cf8d7cb554
--- /dev/null
+++ b/src/test/resources/json/update-dataset-terms-no-access.json
@@ -0,0 +1,20 @@
+{
+    "termsOfUseAndAccess": {
+        "fileAccessRequest": "false",
+        "termsOfAccess": "",
+        "dataAccessPlace": "dataAccessPlace",
+        "originalArchive": "originalArchive",
+        "availabilityStatus": "availabilityStatus",
+        "contactForAccess": "contactForAccess",
+        "sizeOfCollection": "sizeOfCollection",
+        "studyCompletion": "studyCompletion",
+        "termsOfUse": "termsOfUse",
+        "confidentialityDeclaration": "confidentialityDeclaration",
+        "specialPermissions": "specialPermissions",
+        "restrictions": "restrictions",
+        "citationRequirements": "citationRequirements",
+        "depositorRequirements": "depositorRequirements",
+        "conditions": "conditions",
+        "disclaimer": "disclaimer"
+    }
+}

From eeb6e33bb893a92f6c3876ce050cd4c5d499649b Mon Sep 17 00:00:00 2001
From: GPortas <hey@gportas.me>
Date: Thu, 2 Oct 2025 14:41:07 +0100
Subject: [PATCH 340/634] Refactor: getCompareVersionsSummary and related
 layers

---
 .../harvard/iq/dataverse/api/Datasets.java    | 72 +------------------
 .../DatasetVersionSummary.java                |  7 +-
 ...tasetVersionSummaryContentDifferences.java | 12 ++++
 .../DatasetVersionSummaryContentSimple.java   |  6 +-
 .../GetDatasetVersionSummariesCommand.java    |  2 +
 .../iq/dataverse/util/json/JsonPrinter.java   | 45 ++++++++++--
 6 files changed, 65 insertions(+), 79 deletions(-)

diff --git a/src/main/java/edu/harvard/iq/dataverse/api/Datasets.java b/src/main/java/edu/harvard/iq/dataverse/api/Datasets.java
index b2a93f7b2b0..db09768e879 100644
--- a/src/main/java/edu/harvard/iq/dataverse/api/Datasets.java
+++ b/src/main/java/edu/harvard/iq/dataverse/api/Datasets.java
@@ -2,7 +2,6 @@
 
 import edu.harvard.iq.dataverse.*;
 import edu.harvard.iq.dataverse.DatasetLock.Reason;
-import edu.harvard.iq.dataverse.DatasetVersion.VersionState;
 import edu.harvard.iq.dataverse.actionlogging.ActionLogRecord;
 import edu.harvard.iq.dataverse.api.auth.AuthRequired;
 import edu.harvard.iq.dataverse.api.dto.RoleAssignmentDTO;
@@ -3141,80 +3140,11 @@ public Response getCompareVersions(@Context ContainerRequestContext crc, @PathPa
     public Response getCompareVersionsSummary(@Context ContainerRequestContext crc, @PathParam("id") String id) {
         return response(req -> {
             try {
-                return ok(json(execCommand(new GetDatasetVersionSummariesCommand(req, findDatasetOrDie(id)))));
+                return ok(jsonDatasetVersionSummaries(execCommand(new GetDatasetVersionSummariesCommand(req, findDatasetOrDie(id)))));
             } catch (WrappedResponse wr) {
                 return wr.getResponse();
             }
         }, getRequestUser(crc));
-        /*
-        try {
-            Dataset dataset = findDatasetOrDie(id);
-            User user = getRequestUser(crc);
-            JsonArrayBuilder differenceSummaries = Json.createArrayBuilder();
-
-            for (DatasetVersion dv : dataset.getVersions()) {
-                //only get summaries of draft is user may view unpublished
-
-                if (dv.isPublished() ||dv.isDeaccessioned() || permissionService.hasPermissionsFor(user, dv.getDataset(),
-                        EnumSet.of(Permission.ViewUnpublishedDataset))) {
-
-                    JsonObjectBuilder versionBuilder = new NullSafeJsonBuilder();
-                    versionBuilder.add("id", dv.getId());
-                    versionBuilder.add("versionNumber", dv.getFriendlyVersionNumber());
-                    DatasetVersionDifference dvdiff = dv.getDefaultVersionDifference();
-                    if (dvdiff == null) {
-                        if (dv.isReleased()) {
-                            if (dv.getPriorVersionState() == null) {
-                                versionBuilder.add("summary", "firstPublished");
-                            }
-                            if (dv.getPriorVersionState() != null && dv.getPriorVersionState().equals(VersionState.DEACCESSIONED)) {
-                                versionBuilder.add("summary", "previousVersionDeaccessioned");
-                            }
-                        }
-                        if (dv.isDraft()) {
-                            if (dv.getPriorVersionState() == null) {
-                                versionBuilder.add("summary", "firstDraft");
-                            }
-                            if (dv.getPriorVersionState() != null && dv.getPriorVersionState().equals(VersionState.DEACCESSIONED)) {
-                                versionBuilder.add("summary", "previousVersionDeaccessioned");
-                            }
-                        }
-                        if (dv.isDeaccessioned()) {
-                            versionBuilder.add("summary", getDeaccessionJson(dv));
-                        }
-
-                    } else {
-                        versionBuilder.add("summary", dvdiff.getSummaryDifferenceAsJson());
-                    }
-                    versionBuilder.add("versionNote", dv.getVersionNote());
-                    versionBuilder.add("contributors", datasetversionService.getContributorsNames(dv));
-                    versionBuilder.add("publishedOn", !dv.isDraft() ? dv.getPublicationDateAsString() : "");
-                    differenceSummaries.add(versionBuilder);
-                }
-            }
-            return ok(differenceSummaries);
-        } catch (WrappedResponse wr) {
-            return wr.getResponse();
-        }*/
-    }
-
-    private JsonObject getDeaccessionJson(DatasetVersion dv) {
-
-        JsonObjectBuilder compositionBuilder = Json.createObjectBuilder();
-
-        if (dv.getDeaccessionNote() != null && !dv.getDeaccessionNote().isEmpty()) {
-            compositionBuilder.add("reason", dv.getDeaccessionNote());
-        }
-
-        if (dv.getDeaccessionLink() != null && !dv.getDeaccessionLink().isEmpty()) {
-            compositionBuilder.add("url", dv.getDeaccessionLink());
-        }
-
-        JsonObject json = Json.createObjectBuilder()
-                .add("deaccessioned", compositionBuilder)
-                .build();
-
-        return json;
     }
 
     private static Set<String> getDatasetFilenames(Dataset dataset) {
diff --git a/src/main/java/edu/harvard/iq/dataverse/datasetversionsummaries/DatasetVersionSummary.java b/src/main/java/edu/harvard/iq/dataverse/datasetversionsummaries/DatasetVersionSummary.java
index 4a34e406398..06da005166f 100644
--- a/src/main/java/edu/harvard/iq/dataverse/datasetversionsummaries/DatasetVersionSummary.java
+++ b/src/main/java/edu/harvard/iq/dataverse/datasetversionsummaries/DatasetVersionSummary.java
@@ -10,7 +10,8 @@
  * An immutable data carrier representing a summary of a DatasetVersion.
  */
 public record DatasetVersionSummary(
-        String versionId,
+        Long id,
+        String versionNumber,
         String versionNote,
         String contributorNames,
         String publicationDate,
@@ -28,6 +29,7 @@ public record DatasetVersionSummary(
      */
     public static Optional<DatasetVersionSummary> from(DatasetVersion datasetVersion) {
         return Optional.ofNullable(datasetVersion).map(version -> new DatasetVersionSummary(
+                version.getId(),
                 version.getFriendlyVersionNumber(),
                 version.getVersionNote(),
                 version.getContributorNames(),
@@ -46,8 +48,7 @@ public static Optional<DatasetVersionSummary> from(DatasetVersion datasetVersion
     private static DatasetVersionSummaryContent determineContent(DatasetVersion version) {
         // Priority 1: The version has explicit differences calculated.
         if (version.getDefaultVersionDifference() != null) {
-            // TODO
-            return new DatasetVersionSummaryContentDifferences();
+            return new DatasetVersionSummaryContentDifferences(version.getDefaultVersionDifference());
         }
 
         // Priority 2: Deaccessioned status is a critical override.
diff --git a/src/main/java/edu/harvard/iq/dataverse/datasetversionsummaries/DatasetVersionSummaryContentDifferences.java b/src/main/java/edu/harvard/iq/dataverse/datasetversionsummaries/DatasetVersionSummaryContentDifferences.java
index c20eebfc400..57add5511da 100644
--- a/src/main/java/edu/harvard/iq/dataverse/datasetversionsummaries/DatasetVersionSummaryContentDifferences.java
+++ b/src/main/java/edu/harvard/iq/dataverse/datasetversionsummaries/DatasetVersionSummaryContentDifferences.java
@@ -1,4 +1,16 @@
 package edu.harvard.iq.dataverse.datasetversionsummaries;
 
+import edu.harvard.iq.dataverse.DatasetVersionDifference;
+
 public class DatasetVersionSummaryContentDifferences extends DatasetVersionSummaryContent {
+
+    private final DatasetVersionDifference datasetVersionDifference;
+
+    public DatasetVersionSummaryContentDifferences(DatasetVersionDifference datasetVersionDifference) {
+        this.datasetVersionDifference = datasetVersionDifference;
+    }
+
+    public DatasetVersionDifference getDatasetVersionDifference() {
+        return datasetVersionDifference;
+    }
 }
diff --git a/src/main/java/edu/harvard/iq/dataverse/datasetversionsummaries/DatasetVersionSummaryContentSimple.java b/src/main/java/edu/harvard/iq/dataverse/datasetversionsummaries/DatasetVersionSummaryContentSimple.java
index db0172349f6..5d1075b41e6 100644
--- a/src/main/java/edu/harvard/iq/dataverse/datasetversionsummaries/DatasetVersionSummaryContentSimple.java
+++ b/src/main/java/edu/harvard/iq/dataverse/datasetversionsummaries/DatasetVersionSummaryContentSimple.java
@@ -2,12 +2,16 @@
 
 public class DatasetVersionSummaryContentSimple extends DatasetVersionSummaryContent {
 
-    private Content value;
+    private final Content value;
 
     public DatasetVersionSummaryContentSimple(Content value) {
         this.value = value;
     }
 
+    public Content getValue() {
+        return value;
+    }
+
     public enum Content {
         firstPublished,
         previousVersionDeaccessioned,
diff --git a/src/main/java/edu/harvard/iq/dataverse/engine/command/impl/GetDatasetVersionSummariesCommand.java b/src/main/java/edu/harvard/iq/dataverse/engine/command/impl/GetDatasetVersionSummariesCommand.java
index 23ea0658f0a..156d5b4cabd 100644
--- a/src/main/java/edu/harvard/iq/dataverse/engine/command/impl/GetDatasetVersionSummariesCommand.java
+++ b/src/main/java/edu/harvard/iq/dataverse/engine/command/impl/GetDatasetVersionSummariesCommand.java
@@ -7,12 +7,14 @@
 import edu.harvard.iq.dataverse.engine.command.AbstractCommand;
 import edu.harvard.iq.dataverse.engine.command.CommandContext;
 import edu.harvard.iq.dataverse.engine.command.DataverseRequest;
+import edu.harvard.iq.dataverse.engine.command.RequiredPermissions;
 import edu.harvard.iq.dataverse.engine.command.exception.CommandException;
 
 import java.util.EnumSet;
 import java.util.List;
 import java.util.Optional;
 
+@RequiredPermissions({})
 public class GetDatasetVersionSummariesCommand extends AbstractCommand<List<DatasetVersionSummary>> {
 
     private final Dataset dataset;
diff --git a/src/main/java/edu/harvard/iq/dataverse/util/json/JsonPrinter.java b/src/main/java/edu/harvard/iq/dataverse/util/json/JsonPrinter.java
index c6d3a18be87..49d887cf27d 100644
--- a/src/main/java/edu/harvard/iq/dataverse/util/json/JsonPrinter.java
+++ b/src/main/java/edu/harvard/iq/dataverse/util/json/JsonPrinter.java
@@ -19,7 +19,7 @@
 import edu.harvard.iq.dataverse.dataaccess.DataAccess;
 import edu.harvard.iq.dataverse.dataset.DatasetType;
 import edu.harvard.iq.dataverse.dataset.DatasetUtil;
-import edu.harvard.iq.dataverse.datasetversionsummaries.DatasetVersionSummary;
+import edu.harvard.iq.dataverse.datasetversionsummaries.*;
 import edu.harvard.iq.dataverse.datavariable.CategoryMetadata;
 import edu.harvard.iq.dataverse.datavariable.DataVariable;
 import edu.harvard.iq.dataverse.datavariable.SummaryStatistic;
@@ -1687,8 +1687,45 @@ public static JsonArrayBuilder json(List<UserNotification> notifications, Authen
         return notificationsArray;
     }
 
-    public static JsonArrayBuilder json(List<DatasetVersionSummary> datasetVersionSummaries) {
-        // TODO
-        return Json.createArrayBuilder();
+    public static JsonArray jsonDatasetVersionSummaries(List<DatasetVersionSummary> summaries) {
+        JsonArrayBuilder arrayBuilder = Json.createArrayBuilder();
+        summaries.stream()
+                .filter(Objects::nonNull)
+                .map(JsonPrinter::json)
+                .forEach(arrayBuilder::add);
+
+        return arrayBuilder.build();
+    }
+
+    private static JsonObjectBuilder json(DatasetVersionSummary summary) {
+        JsonObjectBuilder jsonObjectBuilder = jsonObjectBuilder()
+                .add("id", summary.id())
+                .add("versionNumber", summary.versionNumber())
+                .add("versionNote", summary.versionNote())
+                .add("contributors", summary.contributorNames())
+                .add("publishedOn", summary.publicationDate());
+
+        DatasetVersionSummaryContent content = summary.content();
+        if (content instanceof DatasetVersionSummaryContentDeaccessioned deaccessioned) {
+            JsonObject deaccessionedDetailsJsonObject = jsonObjectBuilder()
+                    .add("reason", deaccessioned.getDeaccessionNote())
+                    .add("url", deaccessioned.getDeaccessionLink())
+                    .build();
+            JsonObject deaccessionedJsonObject = jsonObjectBuilder()
+                    .add("deaccessioned", deaccessionedDetailsJsonObject)
+                    .build();
+            jsonObjectBuilder.add("summary", deaccessionedJsonObject
+            );
+        } else if (content instanceof DatasetVersionSummaryContentSimple simple) {
+            jsonObjectBuilder.add("summary", simple.getValue().name());
+
+        } else if (content instanceof DatasetVersionSummaryContentDifferences differences) {
+            jsonObjectBuilder.add("summary", differences
+                    .getDatasetVersionDifference()
+                    .getSummaryDifferenceAsJson()
+                    .build());
+        }
+
+        return jsonObjectBuilder;
     }
 }

From fb5f9115fc588ab74f2df44b13f6ce702dae751b Mon Sep 17 00:00:00 2001
From: Stephen Kraffmiller <skraffmiller@hmdc.harvard.edu>
Date: Thu, 2 Oct 2025 09:51:48 -0400
Subject: [PATCH 341/634] #11772 remove unused file

---
 .../tests/data/update-dataset-terms.json      | 20 -------------------
 1 file changed, 20 deletions(-)
 delete mode 100644 scripts/search/tests/data/update-dataset-terms.json

diff --git a/scripts/search/tests/data/update-dataset-terms.json b/scripts/search/tests/data/update-dataset-terms.json
deleted file mode 100644
index b8b366f5927..00000000000
--- a/scripts/search/tests/data/update-dataset-terms.json
+++ /dev/null
@@ -1,20 +0,0 @@
-{
-    "termsOfAccess": {
-        "fileAccessRequest": "false",
-        "termsOfAccess": "",
-        "dataAccessPlace": "dataAccessPlace",
-        "originalArchive": "originalArchive",
-        "availabilityStatus": "availabilityStatus",
-        "contactForAccess": "contactForAccess",
-        "sizeOfCollection": "sizeOfCollection",
-        "studyCompletion": "studyCompletion",
-        "termsOfUse": "termsOfUse",
-        "confidentialityDeclaration": "confidentialityDeclaration",
-        "specialPermissions": "specialPermissions",
-        "restrictions": "restrictions",
-        "citationRequirements": "citationRequirements",
-        "depositorRequirements": "depositorRequirements",
-        "conditions": "conditions",
-        "disclaimer": "disclaimer"
-    }
-}

From dda50b8731edebdf02a44e5990f57a507bcf15d9 Mon Sep 17 00:00:00 2001
From: Stephen Kraffmiller <skraffmiller@hmdc.harvard.edu>
Date: Thu, 2 Oct 2025 10:37:35 -0400
Subject: [PATCH 342/634] #11772 fix json/tests

---
 .../harvard/iq/dataverse/api/DatasetsIT.java  | 39 +++++++++----------
 .../json/update-dataset-terms-access.json     |  4 +-
 .../json/update-dataset-terms-no-access.json  |  2 +-
 3 files changed, 22 insertions(+), 23 deletions(-)

diff --git a/src/test/java/edu/harvard/iq/dataverse/api/DatasetsIT.java b/src/test/java/edu/harvard/iq/dataverse/api/DatasetsIT.java
index 242c2de4aae..1faec141512 100644
--- a/src/test/java/edu/harvard/iq/dataverse/api/DatasetsIT.java
+++ b/src/test/java/edu/harvard/iq/dataverse/api/DatasetsIT.java
@@ -4094,7 +4094,7 @@ public void testFilesUnchangedAfterDatasetMetadataUpdate() throws IOException {
 
     @Test
     public void testUpdateDatasetTerms() throws IOException {
-        
+
         //get publicInstall setting so we can change it back
         Response publicInstallResponse = UtilIT.getSetting(SettingsServiceBean.Key.PublicInstall);
         //TODO: fix this its a little hacky
@@ -4102,7 +4102,7 @@ public void testUpdateDatasetTerms() throws IOException {
 
         // make sure this is not a public installation
         UtilIT.setSetting(SettingsServiceBean.Key.PublicInstall, "false");
-        
+
         Response createUser = UtilIT.createRandomUser();
         createUser.prettyPrint();
         createUser.then().assertThat()
@@ -4139,9 +4139,7 @@ public void testUpdateDatasetTerms() throws IOException {
                 .statusCode(OK.getStatusCode());
 
         //Add another dataset with restricted files in order to get the access info to show up
-        
-        
-         Response createDatasetResponse = UtilIT.createRandomDatasetViaNativeApi(dataverseAlias, apiToken);
+        Response createDatasetResponse = UtilIT.createRandomDatasetViaNativeApi(dataverseAlias, apiToken);
         createDatasetResponse.then().assertThat().statusCode(CREATED.getStatusCode());
         int datasetId2 = JsonPath.from(createDatasetResponse.body().asString()).getInt("data.id");
         String datasetPersistentId = JsonPath.from(createDatasetResponse.body().asString()).getString("data.persistentId");
@@ -4149,22 +4147,23 @@ public void testUpdateDatasetTerms() throws IOException {
         updateTerms = UtilIT.updateDatasetTermsAndAccess(datasetPersistentId, apiToken, pathToJsonFile);
         updateTerms.prettyPrint();
         updateTerms.then().assertThat()
-                .statusCode(OK.getStatusCode());
-        
-        // Upload file
+                .statusCode(OK.getStatusCode())
+                .body("data.fileAccessRequest", equalTo(true));
+
         String pathToTestFile = "src/test/resources/images/coffeeshop.png";
         Response uploadResponse = UtilIT.uploadFileViaNative(Integer.toString(datasetId2), pathToTestFile, Json.createObjectBuilder().build(), apiToken);
         uploadResponse.then().assertThat().statusCode(OK.getStatusCode());
 
         String fileId = JsonPath.from(uploadResponse.body().asString()).getString("data.files[0].dataFile.id");
-        
+
         updateTerms = UtilIT.updateDatasetTermsAndAccess(datasetPersistentId, apiToken, pathToJsonFile);
         updateTerms.prettyPrint();
         updateTerms.then().assertThat()
                 .statusCode(OK.getStatusCode())
-                .body("data.termsOfAccess", equalTo("For access to restriced files please see read me file"));
+                .body("data.fileAccessRequest", equalTo(true))
+                .body("data.termsOfAccess", equalTo("For access to restricted files please see read me file"));
 
-       // Restrict file
+        // Restrict file
         Response restrictFileResponse = UtilIT.restrictFile(fileId, true, apiToken);
         restrictFileResponse.then().assertThat().statusCode(OK.getStatusCode());
 
@@ -4172,15 +4171,15 @@ public void testUpdateDatasetTerms() throws IOException {
         Response publishDatasetResponse = UtilIT.publishDatasetViaNativeApi(datasetPersistentId, "major", apiToken);
         publishDatasetResponse.prettyPrint();
         publishDatasetResponse.then().assertThat().statusCode(OK.getStatusCode());
-        
+
         //Make installation "public install" to see that terms of access may not be set
         UtilIT.setSetting(SettingsServiceBean.Key.PublicInstall, "true");
-        
+
         createDataset = UtilIT.createRandomDatasetViaNativeApi(dataverseAlias, apiToken);
         createDataset.prettyPrint();
         createDataset.then().assertThat()
                 .statusCode(CREATED.getStatusCode());
-        
+
         updateTerms = UtilIT.updateDatasetTermsAndAccess(datasetPid, apiToken, pathToJsonFile);
         updateTerms.prettyPrint();
         // should fail because its now a public install
@@ -4188,16 +4187,16 @@ public void testUpdateDatasetTerms() throws IOException {
                 .statusCode(BAD_REQUEST.getStatusCode())
                 .body("message", equalTo("Setting File Access Request or Terms of Access is not permitted on a public installation."));
         //Setting File Access Request or Terms of Access is not permitted on a public installation.
-        
-        
-       pathToJsonFile = "src/test/resources/json/update-dataset-terms-no-access.json"; 
-        
+
+        pathToJsonFile = "src/test/resources/json/update-dataset-terms-no-access.json";
+
         updateTerms = UtilIT.updateDatasetTermsAndAccess(datasetPid, apiToken, pathToJsonFile);
         updateTerms.prettyPrint();
         // should be ok because it doesn't update request or terms of access
         updateTerms.then().assertThat()
-                .statusCode(OK.getStatusCode());        
-                
+                .statusCode(OK.getStatusCode())
+                .body("data.fileAccessRequest", equalTo(false));
+
         //reset public install
         UtilIT.setSetting(SettingsServiceBean.Key.PublicInstall, publicInstall);
 
diff --git a/src/test/resources/json/update-dataset-terms-access.json b/src/test/resources/json/update-dataset-terms-access.json
index 84fe4e1f46f..fbbd45a313f 100644
--- a/src/test/resources/json/update-dataset-terms-access.json
+++ b/src/test/resources/json/update-dataset-terms-access.json
@@ -1,7 +1,7 @@
 {
     "termsOfUseAndAccess": {
-        "fileAccessRequest": "true",
-        "termsOfAccess": "For access to restriced files please see read me file",
+        "fileAccessRequest": true,
+        "termsOfAccess": "For access to restricted files please see read me file",
         "dataAccessPlace": "dataAccessPlace",
         "originalArchive": "originalArchive",
         "availabilityStatus": "availabilityStatus",
diff --git a/src/test/resources/json/update-dataset-terms-no-access.json b/src/test/resources/json/update-dataset-terms-no-access.json
index 8cf8d7cb554..9c53330b7c5 100644
--- a/src/test/resources/json/update-dataset-terms-no-access.json
+++ b/src/test/resources/json/update-dataset-terms-no-access.json
@@ -1,6 +1,6 @@
 {
     "termsOfUseAndAccess": {
-        "fileAccessRequest": "false",
+        "fileAccessRequest": false,
         "termsOfAccess": "",
         "dataAccessPlace": "dataAccessPlace",
         "originalArchive": "originalArchive",

From 98c72cbfbe67ebe13d25b6ec65b49f05924eba54 Mon Sep 17 00:00:00 2001
From: GPortas <hey@gportas.me>
Date: Thu, 2 Oct 2025 18:51:23 +0100
Subject: [PATCH 343/634] Changed: GetDatasetVersionSummariesCommand using
 DatasetVersionServiceBean.findVersions

---
 .../harvard/iq/dataverse/DatasetVersion.java  |  6 +-
 .../dataverse/DatasetVersionServiceBean.java  | 67 +++++++++++++------
 .../GetDatasetVersionSummariesCommand.java    | 23 ++++---
 3 files changed, 66 insertions(+), 30 deletions(-)

diff --git a/src/main/java/edu/harvard/iq/dataverse/DatasetVersion.java b/src/main/java/edu/harvard/iq/dataverse/DatasetVersion.java
index 14ddf65a833..cfd4c886bf3 100644
--- a/src/main/java/edu/harvard/iq/dataverse/DatasetVersion.java
+++ b/src/main/java/edu/harvard/iq/dataverse/DatasetVersion.java
@@ -73,7 +73,11 @@
     @NamedQuery(name = "DatasetVersion.findById", 
                 query = "SELECT o FROM DatasetVersion o LEFT JOIN FETCH o.fileMetadatas WHERE o.id=:id"), 
     @NamedQuery(name = "DatasetVersion.findByDataset",
-                query = "SELECT o FROM DatasetVersion o WHERE o.dataset.id=:datasetId ORDER BY o.versionNumber DESC, o.minorVersionNumber DESC"), 
+                query = "SELECT o FROM DatasetVersion o WHERE o.dataset.id=:datasetId ORDER BY o.versionNumber DESC, o.minorVersionNumber DESC"),
+    @NamedQuery(name = "DatasetVersion.findByDesiredStatesAndDataset",
+            query = "SELECT o FROM DatasetVersion o " +
+                    "WHERE o.dataset.id = :datasetId AND o.versionState IN :states " +
+                    "ORDER BY o.versionNumber DESC, o.minorVersionNumber DESC"),
     @NamedQuery(name = "DatasetVersion.findReleasedByDataset",
                 query = "SELECT o FROM DatasetVersion o WHERE o.dataset.id=:datasetId AND o.versionState=edu.harvard.iq.dataverse.DatasetVersion.VersionState.RELEASED ORDER BY o.versionNumber DESC, o.minorVersionNumber DESC")/*,
     @NamedQuery(name = "DatasetVersion.findVersionElements",
diff --git a/src/main/java/edu/harvard/iq/dataverse/DatasetVersionServiceBean.java b/src/main/java/edu/harvard/iq/dataverse/DatasetVersionServiceBean.java
index 7e9b778c6f3..0a60051ea10 100644
--- a/src/main/java/edu/harvard/iq/dataverse/DatasetVersionServiceBean.java
+++ b/src/main/java/edu/harvard/iq/dataverse/DatasetVersionServiceBean.java
@@ -171,41 +171,66 @@ public DatasetVersion findDeep(Object pk) {
             .setHint("eclipselink.left-join-fetch", "o.fileMetadatas.dataFile.dataFileTags")
             .getSingleResult();
     }
-    
+
     /**
-     * Performs the same database lookup as the one behind Dataset.getVersions().
-     * Additionally, provides the arguments for selecting a partial list of 
-     * (length-offset) versions for pagination, plus the ability to pre-select 
-     * only the publicly-viewable versions. 
-     * It is recommended that individual software components utilize the 
-     * ListVersionsCommand, instead of calling this service method directly.
-     * @param datasetId
-     * @param offset for pagination through long lists of versions
-     * @param length for pagination through long lists of versions
-     * @param includeUnpublished retrieves all the versions, including drafts and deaccessioned. 
-     * @return (partial) list of versions
+     * Performs the same database lookup as the one behind {@code Dataset.getVersions()}.
+     * <p>
+     * Additionally, supports:
+     * <ul>
+     *   <li>Pagination via {@code offset} and {@code length}</li>
+     *   <li>Filtering by visibility (all, released only, or released + deaccessioned)</li>
+     * </ul>
+     * <p>
+     * It is recommended that individual software components utilize
+     * {@link edu.harvard.iq.dataverse.engine.command.impl.ListVersionsCommand},
+     * instead of calling this service method directly.
+     *
+     * @param datasetId the dataset identifier
+     * @param offset    pagination offset (nullable)
+     * @param length    pagination length (nullable)
+     * @param includeAllVersions if {@code true}, retrieves all versions (drafts, released, and deaccessioned)
+     * @param includeDeaccessioned if {@code true}, includes deaccessioned versions
+     *                             when {@code includeAll} is {@code false}
+     * @return a (possibly partial) list of dataset versions
      */
-    public List<DatasetVersion> findVersions(Long datasetId, Integer offset, Integer length, boolean includeUnpublished) {
-        TypedQuery<DatasetVersion> query;  
-        if (includeUnpublished) {
+    public List<DatasetVersion> findVersions(Long datasetId,
+                                             Integer offset,
+                                             Integer length,
+                                             boolean includeAllVersions,
+                                             boolean includeDeaccessioned) {
+        TypedQuery<DatasetVersion> query;
+
+        if (includeAllVersions) {
             query = em.createNamedQuery("DatasetVersion.findByDataset", DatasetVersion.class);
+        } else if (includeDeaccessioned) {
+            query = em.createNamedQuery("DatasetVersion.findByDesiredStatesAndDataset", DatasetVersion.class);
+            query.setParameter("states", List.of(
+                    VersionState.RELEASED,
+                    VersionState.DEACCESSIONED
+            ));
         } else {
-            query = em.createNamedQuery("DatasetVersion.findReleasedByDataset", DatasetVersion.class)
-                    .setParameter("datasetId", datasetId);
+            query = em.createNamedQuery("DatasetVersion.findReleasedByDataset", DatasetVersion.class);
         }
-        
+
         query.setParameter("datasetId", datasetId);
-        
+
         if (offset != null) {
             query.setFirstResult(offset);
         }
         if (length != null) {
             query.setMaxResults(length);
         }
-        
+
         return query.getResultList();
     }
-    
+
+    public List<DatasetVersion> findVersions(Long datasetId,
+                                             Integer offset,
+                                             Integer length,
+                                             boolean includeAllVersions) {
+        return findVersions(datasetId, offset, length, includeAllVersions, false);
+    }
+
     public DatasetVersion findByFriendlyVersionNumber(Long datasetId, String friendlyVersionNumber) {
         Long majorVersionNumber = null;
         Long minorVersionNumber = null;
diff --git a/src/main/java/edu/harvard/iq/dataverse/engine/command/impl/GetDatasetVersionSummariesCommand.java b/src/main/java/edu/harvard/iq/dataverse/engine/command/impl/GetDatasetVersionSummariesCommand.java
index 156d5b4cabd..baa0da172f4 100644
--- a/src/main/java/edu/harvard/iq/dataverse/engine/command/impl/GetDatasetVersionSummariesCommand.java
+++ b/src/main/java/edu/harvard/iq/dataverse/engine/command/impl/GetDatasetVersionSummariesCommand.java
@@ -26,16 +26,23 @@ public GetDatasetVersionSummariesCommand(DataverseRequest request, Dataset datas
 
     @Override
     public List<DatasetVersionSummary> execute(CommandContext ctxt) throws CommandException {
-        return dataset.getVersions().stream()
-                .filter(dv -> versionRequiresSummary(ctxt, dv))
+        boolean canViewUnpublished = ctxt.permissions().hasPermissionsFor(
+                getRequest().getUser(),
+                dataset,
+                EnumSet.of(Permission.ViewUnpublishedDataset)
+        );
+
+        List<DatasetVersion> versions = ctxt.datasetVersion().findVersions(
+                dataset.getId(),
+                null,
+                null,
+                canViewUnpublished,
+                true
+        );
+
+        return versions.stream()
                 .map(DatasetVersionSummary::from)
                 .flatMap(Optional::stream)
                 .toList();
     }
-
-    private boolean versionRequiresSummary(CommandContext ctxt, DatasetVersion dv) {
-        return dv.isPublished()
-                || dv.isDeaccessioned()
-                || ctxt.permissions().hasPermissionsFor(getRequest().getUser(), dv.getDataset(), EnumSet.of(Permission.ViewUnpublishedDataset));
-    }
 }

From 5919cf479272c62684dc27ada15ab375c09ca866 Mon Sep 17 00:00:00 2001
From: GPortas <hey@gportas.me>
Date: Thu, 2 Oct 2025 19:01:28 +0100
Subject: [PATCH 344/634] Added: handling pagination optional params on
 getCompareVersionsSummary API endpoint

---
 .../java/edu/harvard/iq/dataverse/api/Datasets.java |  7 +++++--
 .../impl/GetDatasetVersionSummariesCommand.java     | 13 ++++++++++---
 2 files changed, 15 insertions(+), 5 deletions(-)

diff --git a/src/main/java/edu/harvard/iq/dataverse/api/Datasets.java b/src/main/java/edu/harvard/iq/dataverse/api/Datasets.java
index db09768e879..c2888aa0f65 100644
--- a/src/main/java/edu/harvard/iq/dataverse/api/Datasets.java
+++ b/src/main/java/edu/harvard/iq/dataverse/api/Datasets.java
@@ -3137,10 +3137,13 @@ public Response getCompareVersions(@Context ContainerRequestContext crc, @PathPa
     @GET
     @AuthRequired
     @Path("{id}/versions/compareSummary")
-    public Response getCompareVersionsSummary(@Context ContainerRequestContext crc, @PathParam("id") String id) {
+    public Response getCompareVersionsSummary(@Context ContainerRequestContext crc,
+                                              @PathParam("id") String id,
+                                              @QueryParam("limit") Integer limit,
+                                              @QueryParam("offset") Integer offset) {
         return response(req -> {
             try {
-                return ok(jsonDatasetVersionSummaries(execCommand(new GetDatasetVersionSummariesCommand(req, findDatasetOrDie(id)))));
+                return ok(jsonDatasetVersionSummaries(execCommand(new GetDatasetVersionSummariesCommand(req, findDatasetOrDie(id), limit, offset))));
             } catch (WrappedResponse wr) {
                 return wr.getResponse();
             }
diff --git a/src/main/java/edu/harvard/iq/dataverse/engine/command/impl/GetDatasetVersionSummariesCommand.java b/src/main/java/edu/harvard/iq/dataverse/engine/command/impl/GetDatasetVersionSummariesCommand.java
index baa0da172f4..d820dd7de6a 100644
--- a/src/main/java/edu/harvard/iq/dataverse/engine/command/impl/GetDatasetVersionSummariesCommand.java
+++ b/src/main/java/edu/harvard/iq/dataverse/engine/command/impl/GetDatasetVersionSummariesCommand.java
@@ -14,14 +14,21 @@
 import java.util.List;
 import java.util.Optional;
 
+/**
+ * A command that retrieves a paginated list of {@link DatasetVersionSummary} for the versions of a given {@link Dataset}.
+ **/
 @RequiredPermissions({})
 public class GetDatasetVersionSummariesCommand extends AbstractCommand<List<DatasetVersionSummary>> {
 
     private final Dataset dataset;
+    private final Integer limit;
+    private final Integer offset;
 
-    public GetDatasetVersionSummariesCommand(DataverseRequest request, Dataset dataset) {
+    public GetDatasetVersionSummariesCommand(DataverseRequest request, Dataset dataset, Integer limit, Integer offset) {
         super(request, dataset);
         this.dataset = dataset;
+        this.limit = limit;
+        this.offset = offset;
     }
 
     @Override
@@ -34,8 +41,8 @@ public List<DatasetVersionSummary> execute(CommandContext ctxt) throws CommandEx
 
         List<DatasetVersion> versions = ctxt.datasetVersion().findVersions(
                 dataset.getId(),
-                null,
-                null,
+                offset,
+                limit,
                 canViewUnpublished,
                 true
         );

From ea5642e33d545f3829660aeaf05578bd05b9e1c9 Mon Sep 17 00:00:00 2001
From: GPortas <hey@gportas.me>
Date: Thu, 2 Oct 2025 19:14:50 +0100
Subject: [PATCH 345/634] Added: DatasetVersionSummaryTest

---
 .../DatasetVersionSummaryTest.java            | 195 ++++++++++++++++++
 1 file changed, 195 insertions(+)
 create mode 100644 src/test/java/edu/harvard/iq/dataverse/datasetversionsummaries/DatasetVersionSummaryTest.java

diff --git a/src/test/java/edu/harvard/iq/dataverse/datasetversionsummaries/DatasetVersionSummaryTest.java b/src/test/java/edu/harvard/iq/dataverse/datasetversionsummaries/DatasetVersionSummaryTest.java
new file mode 100644
index 00000000000..ba85ff640f4
--- /dev/null
+++ b/src/test/java/edu/harvard/iq/dataverse/datasetversionsummaries/DatasetVersionSummaryTest.java
@@ -0,0 +1,195 @@
+package edu.harvard.iq.dataverse.datasetversionsummaries;
+
+import edu.harvard.iq.dataverse.DatasetVersion;
+import edu.harvard.iq.dataverse.DatasetVersion.VersionState;
+import edu.harvard.iq.dataverse.DatasetVersionDifference;
+import org.junit.jupiter.api.DisplayName;
+import org.junit.jupiter.api.Test;
+import org.junit.jupiter.api.extension.ExtendWith;
+import org.mockito.Mock;
+import org.mockito.junit.jupiter.MockitoExtension;
+
+import java.util.Optional;
+
+import static org.assertj.core.api.Assertions.assertThat;
+import static org.mockito.Mockito.when;
+
+/**
+ * Unit tests for the {@link DatasetVersionSummary} record and its factory methods.
+ */
+@ExtendWith(MockitoExtension.class)
+class DatasetVersionSummaryTest {
+
+    @Mock
+    private DatasetVersion versionMock;
+
+    @Mock
+    private DatasetVersionDifference differenceMock;
+
+    @Test
+    @DisplayName("from() should return an empty Optional when the input DatasetVersion is null")
+    void from_whenVersionIsNull_shouldReturnEmptyOptional() {
+        // Act
+        Optional<DatasetVersionSummary> result = DatasetVersionSummary.from(null);
+
+        // Assert
+        assertThat(result).isNotPresent();
+    }
+
+    @Test
+    @DisplayName("from() should map all basic properties from the DatasetVersion correctly")
+    void from_whenVersionIsNotNull_shouldMapPropertiesCorrectly() {
+        // Arrange
+        when(versionMock.getId()).thenReturn(42L);
+        when(versionMock.getFriendlyVersionNumber()).thenReturn("V1.0");
+        when(versionMock.getVersionNote()).thenReturn("Initial version note.");
+        when(versionMock.getContributorNames()).thenReturn("Contributor One, Contributor Two");
+        when(versionMock.getPublicationDateAsString()).thenReturn("2025-10-02");
+        when(versionMock.isReleased()).thenReturn(true);
+        when(versionMock.getPriorVersionState()).thenReturn(null);
+
+        // Act
+        Optional<DatasetVersionSummary> summaryOpt = DatasetVersionSummary.from(versionMock);
+
+        // Assert
+        assertThat(summaryOpt).isPresent();
+        DatasetVersionSummary summary = summaryOpt.get();
+
+        assertThat(summary.id()).isEqualTo(42L);
+        assertThat(summary.versionNumber()).isEqualTo("V1.0");
+        assertThat(summary.versionNote()).isEqualTo("Initial version note.");
+        assertThat(summary.contributorNames()).isEqualTo("Contributor One, Contributor Two");
+        assertThat(summary.publicationDate()).isEqualTo("2025-10-02");
+    }
+
+    @Test
+    @DisplayName("Content should be 'Differences' if a version difference is present (highest priority)")
+    void from_whenVersionHasDifferences_shouldCreateDifferencesContent() {
+        // Arrange
+        when(versionMock.getDefaultVersionDifference()).thenReturn(differenceMock);
+
+        // Act
+        Optional<DatasetVersionSummary> summaryOpt = DatasetVersionSummary.from(versionMock);
+
+        // Assert
+        assertThat(summaryOpt).isPresent();
+        assertThat(summaryOpt.get().content()).isInstanceOf(DatasetVersionSummaryContentDifferences.class);
+        DatasetVersionSummaryContentDifferences content = (DatasetVersionSummaryContentDifferences) summaryOpt.get().content();
+        assertThat(content.getDatasetVersionDifference()).isSameAs(differenceMock);
+    }
+
+    @Test
+    @DisplayName("Content should be 'Deaccessioned' if the version is deaccessioned")
+    void from_whenVersionIsDeaccessioned_shouldCreateDeaccessionedContent() {
+        // Arrange
+        when(versionMock.getDefaultVersionDifference()).thenReturn(null); // No differences
+        when(versionMock.isDeaccessioned()).thenReturn(true);
+        when(versionMock.getDeaccessionNote()).thenReturn("Reason for deaccession.");
+        when(versionMock.getDeaccessionLink()).thenReturn("http://example.com/deaccession");
+
+        // Act
+        Optional<DatasetVersionSummary> summaryOpt = DatasetVersionSummary.from(versionMock);
+
+        // Assert
+        assertThat(summaryOpt).isPresent();
+        DatasetVersionSummaryContentDeaccessioned content = (DatasetVersionSummaryContentDeaccessioned) summaryOpt.get().content();
+
+        assertThat(content.getDeaccessionNote()).isEqualTo("Reason for deaccession.");
+        assertThat(content.getDeaccessionLink()).isEqualTo("http://example.com/deaccession");
+    }
+
+    @Test
+    @DisplayName("Content should be 'firstPublished' for the first released version")
+    void from_whenIsFirstPublishedVersion_shouldCreateFirstPublishedContent() {
+        // Arrange
+        when(versionMock.getDefaultVersionDifference()).thenReturn(null);
+        when(versionMock.isDeaccessioned()).thenReturn(false);
+        when(versionMock.isReleased()).thenReturn(true);
+        when(versionMock.getPriorVersionState()).thenReturn(null); // This makes it the "first" version
+
+        // Act
+        Optional<DatasetVersionSummary> summaryOpt = DatasetVersionSummary.from(versionMock);
+
+        // Assert
+        assertThat(summaryOpt).isPresent();
+        assertThat(summaryOpt.get().content())
+                .isInstanceOf(DatasetVersionSummaryContentSimple.class)
+                .extracting("value")
+                .isEqualTo(DatasetVersionSummaryContentSimple.Content.firstPublished);
+    }
+
+    @Test
+    @DisplayName("Content should be 'firstDraft' for the first draft version")
+    void from_whenIsFirstDraftVersion_shouldCreateFirstDraftContent() {
+        // Arrange
+        when(versionMock.getDefaultVersionDifference()).thenReturn(null);
+        when(versionMock.isDeaccessioned()).thenReturn(false);
+        when(versionMock.isDraft()).thenReturn(true);
+        when(versionMock.getPriorVersionState()).thenReturn(null); // This makes it the "first" version
+
+        // Act
+        Optional<DatasetVersionSummary> summaryOpt = DatasetVersionSummary.from(versionMock);
+
+        // Assert
+        assertThat(summaryOpt).isPresent();
+        assertThat(summaryOpt.get().content())
+                .isInstanceOf(DatasetVersionSummaryContentSimple.class)
+                .extracting("value")
+                .isEqualTo(DatasetVersionSummaryContentSimple.Content.firstDraft);
+    }
+
+    @Test
+    @DisplayName("Content should be 'previousVersionDeaccessioned' if the prior version was deaccessioned")
+    void from_whenPriorVersionWasDeaccessioned_shouldCreateAppropriateContent() {
+        // Arrange
+        when(versionMock.getDefaultVersionDifference()).thenReturn(null);
+        when(versionMock.isDeaccessioned()).thenReturn(false);
+        when(versionMock.isReleased()).thenReturn(true);
+        when(versionMock.getPriorVersionState()).thenReturn(VersionState.DEACCESSIONED);
+
+        // Act
+        Optional<DatasetVersionSummary> summaryOpt = DatasetVersionSummary.from(versionMock);
+
+        // Assert
+        assertThat(summaryOpt).isPresent();
+        assertThat(summaryOpt.get().content())
+                .isInstanceOf(DatasetVersionSummaryContentSimple.class)
+                .extracting("value")
+                .isEqualTo(DatasetVersionSummaryContentSimple.Content.previousVersionDeaccessioned);
+    }
+
+    @Test
+    @DisplayName("Content should be null for a standard released version that is not the first")
+    void from_whenIsStandardUpdate_shouldHaveNullContent() {
+        // Arrange
+        when(versionMock.getDefaultVersionDifference()).thenReturn(null);
+        when(versionMock.isDeaccessioned()).thenReturn(false);
+        when(versionMock.isReleased()).thenReturn(true);
+        when(versionMock.getPriorVersionState()).thenReturn(VersionState.RELEASED); // Prior version exists
+
+        // Act
+        Optional<DatasetVersionSummary> summaryOpt = DatasetVersionSummary.from(versionMock);
+
+        // Assert
+        assertThat(summaryOpt).isPresent();
+        assertThat(summaryOpt.get().content()).isNull();
+    }
+
+    @Test
+    @DisplayName("Content should be null for an unhandled version state like ARCHIVED")
+    void from_whenStateIsUnhandled_shouldHaveNullContent() {
+        // Arrange
+        when(versionMock.getDefaultVersionDifference()).thenReturn(null);
+        when(versionMock.isDeaccessioned()).thenReturn(false);
+        when(versionMock.isReleased()).thenReturn(false);
+        when(versionMock.isDraft()).thenReturn(false);
+        // Assuming VersionState is ARCHIVED, isArchived() would be true but the logic doesn't check for it.
+
+        // Act
+        Optional<DatasetVersionSummary> summaryOpt = DatasetVersionSummary.from(versionMock);
+
+        // Assert
+        assertThat(summaryOpt).isPresent();
+        assertThat(summaryOpt.get().content()).isNull();
+    }
+}
\ No newline at end of file

From b3c4fbdb19c4780b05f5c63f8f8306608c270a69 Mon Sep 17 00:00:00 2001
From: GPortas <hey@gportas.me>
Date: Thu, 2 Oct 2025 19:21:05 +0100
Subject: [PATCH 346/634] Added: GetDatasetVersionSummariesCommandTest

---
 .../DatasetVersionSummaryTest.java            |   2 +-
 ...GetDatasetVersionSummariesCommandTest.java | 172 ++++++++++++++++++
 2 files changed, 173 insertions(+), 1 deletion(-)
 create mode 100644 src/test/java/edu/harvard/iq/dataverse/engine/command/impl/GetDatasetVersionSummariesCommandTest.java

diff --git a/src/test/java/edu/harvard/iq/dataverse/datasetversionsummaries/DatasetVersionSummaryTest.java b/src/test/java/edu/harvard/iq/dataverse/datasetversionsummaries/DatasetVersionSummaryTest.java
index ba85ff640f4..430c945591c 100644
--- a/src/test/java/edu/harvard/iq/dataverse/datasetversionsummaries/DatasetVersionSummaryTest.java
+++ b/src/test/java/edu/harvard/iq/dataverse/datasetversionsummaries/DatasetVersionSummaryTest.java
@@ -192,4 +192,4 @@ void from_whenStateIsUnhandled_shouldHaveNullContent() {
         assertThat(summaryOpt).isPresent();
         assertThat(summaryOpt.get().content()).isNull();
     }
-}
\ No newline at end of file
+}
diff --git a/src/test/java/edu/harvard/iq/dataverse/engine/command/impl/GetDatasetVersionSummariesCommandTest.java b/src/test/java/edu/harvard/iq/dataverse/engine/command/impl/GetDatasetVersionSummariesCommandTest.java
new file mode 100644
index 00000000000..0161bdbfbf2
--- /dev/null
+++ b/src/test/java/edu/harvard/iq/dataverse/engine/command/impl/GetDatasetVersionSummariesCommandTest.java
@@ -0,0 +1,172 @@
+package edu.harvard.iq.dataverse.engine.command.impl;
+
+import edu.harvard.iq.dataverse.Dataset;
+import edu.harvard.iq.dataverse.DatasetVersion;
+import edu.harvard.iq.dataverse.DatasetVersionServiceBean;
+import edu.harvard.iq.dataverse.PermissionServiceBean;
+import edu.harvard.iq.dataverse.authorization.Permission;
+import edu.harvard.iq.dataverse.authorization.users.AuthenticatedUser;
+import edu.harvard.iq.dataverse.datasetversionsummaries.DatasetVersionSummary;
+import edu.harvard.iq.dataverse.engine.command.CommandContext;
+import edu.harvard.iq.dataverse.engine.command.DataverseRequest;
+import edu.harvard.iq.dataverse.engine.command.exception.CommandException;
+import org.junit.jupiter.api.BeforeEach;
+import org.junit.jupiter.api.DisplayName;
+import org.junit.jupiter.api.Test;
+import org.junit.jupiter.api.extension.ExtendWith;
+import org.mockito.ArgumentCaptor;
+import org.mockito.Mock;
+import org.mockito.MockedStatic;
+import org.mockito.Mockito;
+import org.mockito.junit.jupiter.MockitoExtension;
+
+import java.util.Collections;
+import java.util.EnumSet;
+import java.util.List;
+import java.util.Optional;
+
+import static org.assertj.core.api.Assertions.assertThat;
+import static org.mockito.ArgumentMatchers.any;
+import static org.mockito.ArgumentMatchers.anyBoolean;
+import static org.mockito.ArgumentMatchers.anyLong;
+import static org.mockito.ArgumentMatchers.eq;
+import static org.mockito.Mockito.verify;
+import static org.mockito.Mockito.when;
+
+@ExtendWith(MockitoExtension.class)
+class GetDatasetVersionSummariesCommandTest {
+
+    @Mock
+    private CommandContext contextMock;
+    @Mock
+    private DataverseRequest requestMock;
+    @Mock
+    private Dataset datasetMock;
+    @Mock
+    private PermissionServiceBean permissionsMock;
+    @Mock
+    private DatasetVersionServiceBean versionServiceMock;
+    @Mock
+    private AuthenticatedUser userMock;
+    @Mock
+    private DatasetVersion versionMock;
+
+    private static final Long DATASET_ID = 42L;
+
+    @BeforeEach
+    void setUp() {
+        // Mock the context to return our mock services
+        when(contextMock.permissions()).thenReturn(permissionsMock);
+        when(contextMock.datasetVersion()).thenReturn(versionServiceMock);
+
+        // Mock the request to return a user
+        when(requestMock.getUser()).thenReturn(userMock);
+
+        // Mock the dataset to have a specific ID
+        when(datasetMock.getId()).thenReturn(DATASET_ID);
+    }
+
+    @Test
+    @DisplayName("execute should call findVersions with 'canViewUnpublished' as TRUE when user has permission")
+    void execute_should_call_findVersions_with_true_when_user_has_permission() throws CommandException {
+        // Arrange
+        when(permissionsMock.hasPermissionsFor(requestMock.getUser(), datasetMock, EnumSet.of(Permission.ViewUnpublishedDataset)))
+                .thenReturn(true);
+        when(versionServiceMock.findVersions(anyLong(), any(), any(), anyBoolean(), anyBoolean()))
+                .thenReturn(Collections.emptyList());
+
+        GetDatasetVersionSummariesCommand command = new GetDatasetVersionSummariesCommand(requestMock, datasetMock, null, null);
+
+        // Act
+        command.execute(contextMock);
+
+        // Assert
+        ArgumentCaptor<Boolean> canViewUnpublishedCaptor = ArgumentCaptor.forClass(Boolean.class);
+        verify(versionServiceMock).findVersions(
+                eq(DATASET_ID),
+                eq(null),
+                eq(null),
+                canViewUnpublishedCaptor.capture(),
+                eq(true)
+        );
+        assertThat(canViewUnpublishedCaptor.getValue()).isTrue();
+    }
+
+    @Test
+    @DisplayName("execute should call findVersions with 'canViewUnpublished' as FALSE when user lacks permission")
+    void execute_should_call_findVersions_with_false_when_user_lacks_permission() throws CommandException {
+        // Arrange
+        when(permissionsMock.hasPermissionsFor(requestMock.getUser(), datasetMock, EnumSet.of(Permission.ViewUnpublishedDataset)))
+                .thenReturn(false);
+        when(versionServiceMock.findVersions(anyLong(), any(), any(), anyBoolean(), anyBoolean()))
+                .thenReturn(Collections.emptyList());
+
+        GetDatasetVersionSummariesCommand command = new GetDatasetVersionSummariesCommand(requestMock, datasetMock, null, null);
+
+        // Act
+        command.execute(contextMock);
+
+        // Assert
+        ArgumentCaptor<Boolean> canViewUnpublishedCaptor = ArgumentCaptor.forClass(Boolean.class);
+        verify(versionServiceMock).findVersions(
+                eq(DATASET_ID),
+                eq(null),
+                eq(null),
+                canViewUnpublishedCaptor.capture(),
+                eq(true)
+        );
+        assertThat(canViewUnpublishedCaptor.getValue()).isFalse();
+    }
+
+    @Test
+    @DisplayName("execute should pass pagination parameters correctly to findVersions")
+    void execute_should_pass_pagination_parameters_correctly() throws CommandException {
+        // Arrange
+        Integer expectedLimit = 10;
+        Integer expectedOffset = 20;
+        when(versionServiceMock.findVersions(anyLong(), any(), any(), anyBoolean(), anyBoolean()))
+                .thenReturn(Collections.emptyList());
+
+        GetDatasetVersionSummariesCommand command = new GetDatasetVersionSummariesCommand(requestMock, datasetMock, expectedLimit, expectedOffset);
+
+        // Act
+        command.execute(contextMock);
+
+        // Assert
+        verify(versionServiceMock).findVersions(
+                eq(DATASET_ID),
+                eq(expectedOffset),
+                eq(expectedLimit),
+                anyBoolean(),
+                eq(true)
+        );
+    }
+
+    @Test
+    @DisplayName("execute should correctly convert DatasetVersion list to DatasetVersionSummary list")
+    void execute_should_convert_versions_to_summaries() throws CommandException {
+        // Arrange: Mock the service to return a list with one version
+        when(versionServiceMock.findVersions(anyLong(), any(), any(), anyBoolean(), anyBoolean()))
+                .thenReturn(List.of(versionMock));
+
+        // Arrange: Prepare a dummy summary object
+        DatasetVersionSummary dummySummary = new DatasetVersionSummary(1L, "V1", null, null, null, null);
+
+        // Arrange: Mock the static 'from' method to return our dummy summary
+        try (MockedStatic<DatasetVersionSummary> mockedStatic = Mockito.mockStatic(DatasetVersionSummary.class)) {
+            mockedStatic.when(() -> DatasetVersionSummary.from(versionMock))
+                    .thenReturn(Optional.of(dummySummary));
+
+            GetDatasetVersionSummariesCommand command = new GetDatasetVersionSummariesCommand(requestMock, datasetMock, null, null);
+
+            // Act
+            List<DatasetVersionSummary> result = command.execute(contextMock);
+
+            // Assert
+            assertThat(result)
+                    .isNotNull()
+                    .hasSize(1)
+                    .containsExactly(dummySummary);
+        }
+    }
+}

From 7bb99f9ade1bb9d3639a257c21668cd2b0fa9b75 Mon Sep 17 00:00:00 2001
From: Stephen Kraffmiller <skraffmiller@hmdc.harvard.edu>
Date: Thu, 2 Oct 2025 14:30:20 -0400
Subject: [PATCH 347/634] #11772 add cleanup to tests

---
 .../harvard/iq/dataverse/api/DatasetsIT.java  | 41 ++++++++++++++-----
 1 file changed, 30 insertions(+), 11 deletions(-)

diff --git a/src/test/java/edu/harvard/iq/dataverse/api/DatasetsIT.java b/src/test/java/edu/harvard/iq/dataverse/api/DatasetsIT.java
index 1faec141512..dbd685d6718 100644
--- a/src/test/java/edu/harvard/iq/dataverse/api/DatasetsIT.java
+++ b/src/test/java/edu/harvard/iq/dataverse/api/DatasetsIT.java
@@ -4127,11 +4127,6 @@ public void testUpdateDatasetTerms() throws IOException {
         UtilIT.publishDataverseViaNativeApi(dataverseAlias, apiToken).then().assertThat().statusCode(OK.getStatusCode());
         UtilIT.publishDatasetViaNativeApi(datasetId, "major", apiToken).then().assertThat().statusCode(OK.getStatusCode());
 
-        Response getDatasetJsonBeforeUpdate = UtilIT.nativeGet(datasetId, apiToken);
-        getDatasetJsonBeforeUpdate.prettyPrint();
-        getDatasetJsonBeforeUpdate.then().assertThat()
-                .statusCode(OK.getStatusCode());
-
         String pathToJsonFile = "src/test/resources/json/update-dataset-terms-access.json";
         Response updateTerms = UtilIT.updateDatasetTermsAndAccess(datasetPid, apiToken, pathToJsonFile);
         updateTerms.prettyPrint();
@@ -4175,18 +4170,12 @@ public void testUpdateDatasetTerms() throws IOException {
         //Make installation "public install" to see that terms of access may not be set
         UtilIT.setSetting(SettingsServiceBean.Key.PublicInstall, "true");
 
-        createDataset = UtilIT.createRandomDatasetViaNativeApi(dataverseAlias, apiToken);
-        createDataset.prettyPrint();
-        createDataset.then().assertThat()
-                .statusCode(CREATED.getStatusCode());
-
         updateTerms = UtilIT.updateDatasetTermsAndAccess(datasetPid, apiToken, pathToJsonFile);
         updateTerms.prettyPrint();
         // should fail because its now a public install
         updateTerms.then().assertThat()
                 .statusCode(BAD_REQUEST.getStatusCode())
                 .body("message", equalTo("Setting File Access Request or Terms of Access is not permitted on a public installation."));
-        //Setting File Access Request or Terms of Access is not permitted on a public installation.
 
         pathToJsonFile = "src/test/resources/json/update-dataset-terms-no-access.json";
 
@@ -4196,9 +4185,39 @@ public void testUpdateDatasetTerms() throws IOException {
         updateTerms.then().assertThat()
                 .statusCode(OK.getStatusCode())
                 .body("data.fileAccessRequest", equalTo(false));
+        
+        String badPID = "QQQAndABatmanSymbol";
+        updateTerms = UtilIT.updateDatasetTermsAndAccess(badPID, apiToken, pathToJsonFile);
+        updateTerms.prettyPrint();
+        // should get bad Request Dataset not found....
+        updateTerms.then().assertThat()
+                .statusCode(BAD_REQUEST.getStatusCode())
+                 .body("message", containsString("QQQ"));;
 
         //reset public install
         UtilIT.setSetting(SettingsServiceBean.Key.PublicInstall, publicInstall);
+        
+        String username = UtilIT.getUsernameFromResponse(createUser);
+        //for cleanup
+        Response makeSuperUser = UtilIT.setSuperuserStatus(username, true);
+        
+        // Clean up
+        
+        Response destroyDatasetResponse = UtilIT.destroyDataset(datasetId, apiToken);
+        destroyDatasetResponse.prettyPrint();
+        assertEquals(200, destroyDatasetResponse.getStatusCode());
+        
+        destroyDatasetResponse = UtilIT.destroyDataset(datasetId2, apiToken);
+        destroyDatasetResponse.prettyPrint();
+        assertEquals(200, destroyDatasetResponse.getStatusCode());
+        
+
+        Response deleteDataverseResponse = UtilIT.deleteDataverse(dataverseAlias, apiToken);
+        deleteDataverseResponse.prettyPrint();
+        assertEquals(200, deleteDataverseResponse.getStatusCode());
+        
+        Response deleteUserResponse = UtilIT.deleteUser(username);
+        assertEquals(200, deleteUserResponse.getStatusCode());
 
     }
 

From 653b93cfdd052beef09123083ee696ce03f98e70 Mon Sep 17 00:00:00 2001
From: Stephen Kraffmiller <skraffmiller@hmdc.harvard.edu>
Date: Thu, 2 Oct 2025 16:18:21 -0400
Subject: [PATCH 348/634] #11772 update command test

---
 .../impl/UpdateDatasetTermsOfUseCommand.java  |  8 ++---
 .../UpdateDatasetTermsOfUseCommandTest.java   | 34 ++++++++++++++++---
 2 files changed, 31 insertions(+), 11 deletions(-)

diff --git a/src/main/java/edu/harvard/iq/dataverse/engine/command/impl/UpdateDatasetTermsOfUseCommand.java b/src/main/java/edu/harvard/iq/dataverse/engine/command/impl/UpdateDatasetTermsOfUseCommand.java
index 74aa2ac0138..c5f767a886c 100644
--- a/src/main/java/edu/harvard/iq/dataverse/engine/command/impl/UpdateDatasetTermsOfUseCommand.java
+++ b/src/main/java/edu/harvard/iq/dataverse/engine/command/impl/UpdateDatasetTermsOfUseCommand.java
@@ -1,7 +1,4 @@
-/*
- * Click nbfs://nbhost/SystemFileSystem/Templates/Licenses/license-default.txt to change this license
- * Click nbfs://nbhost/SystemFileSystem/Templates/Classes/Class.java to edit this template
- */
+
 package edu.harvard.iq.dataverse.engine.command.impl;
 
 import edu.harvard.iq.dataverse.Dataset;
@@ -12,8 +9,7 @@
 import edu.harvard.iq.dataverse.engine.command.DataverseRequest;
 import edu.harvard.iq.dataverse.engine.command.RequiredPermissions;
 import edu.harvard.iq.dataverse.engine.command.exception.CommandException;
-import edu.harvard.iq.dataverse.engine.command.exception.InvalidCommandArgumentsException;
-import edu.harvard.iq.dataverse.util.BundleUtil;
+
 
 /**
  *
diff --git a/src/test/java/edu/harvard/iq/dataverse/engine/command/impl/UpdateDatasetTermsOfUseCommandTest.java b/src/test/java/edu/harvard/iq/dataverse/engine/command/impl/UpdateDatasetTermsOfUseCommandTest.java
index e9d357ecbe6..e49b81fe7d7 100644
--- a/src/test/java/edu/harvard/iq/dataverse/engine/command/impl/UpdateDatasetTermsOfUseCommandTest.java
+++ b/src/test/java/edu/harvard/iq/dataverse/engine/command/impl/UpdateDatasetTermsOfUseCommandTest.java
@@ -1,19 +1,26 @@
-/*
- * Click nbfs://nbhost/SystemFileSystem/Templates/Licenses/license-default.txt to change this license
- * Click nbfs://nbhost/SystemFileSystem/Templates/Classes/Class.java to edit this template
- */
+
 package edu.harvard.iq.dataverse.engine.command.impl;
 
 import edu.harvard.iq.dataverse.Dataset;
 import edu.harvard.iq.dataverse.DatasetVersion;
 import edu.harvard.iq.dataverse.TermsOfUseAndAccess;
+import edu.harvard.iq.dataverse.authorization.users.AuthenticatedUser;
 import edu.harvard.iq.dataverse.dataset.DatasetFieldsValidator;
 import edu.harvard.iq.dataverse.engine.DataverseEngine;
 import edu.harvard.iq.dataverse.engine.command.CommandContext;
 import edu.harvard.iq.dataverse.engine.command.DataverseRequest;
 import edu.harvard.iq.dataverse.engine.command.exception.CommandException;
+import edu.harvard.iq.dataverse.engine.command.exception.IllegalCommandException;
+import edu.harvard.iq.dataverse.engine.command.exception.InvalidCommandArgumentsException;
+import edu.harvard.iq.dataverse.util.BundleUtil;
+import java.util.ArrayList;
+import java.util.List;
+import static org.junit.jupiter.api.Assertions.assertEquals;
+import static org.junit.jupiter.api.Assertions.assertThrows;
 import org.junit.jupiter.api.BeforeEach;
+import org.junit.jupiter.api.Test;
 import org.mockito.Mock;
+import org.mockito.Mockito;
 import static org.mockito.Mockito.when;
 import org.mockito.MockitoAnnotations;
 
@@ -38,8 +45,9 @@ public class UpdateDatasetTermsOfUseCommandTest {
     private DatasetVersion datasetVersionMock;
     @Mock
     private DatasetFieldsValidator datasetFieldsValidatorMock;
+    @Mock
+    private AuthenticatedUser authenticatedUser;
 
-    private UpdateDatasetFieldsCommand sut;
     
     @BeforeEach
     public void setUp() throws CommandException {
@@ -50,6 +58,22 @@ public void setUp() throws CommandException {
         when(commandContextMock.datasetFieldsValidator()).thenReturn(datasetFieldsValidatorMock);
         when(datasetMock.getOrCreateEditVersion()).thenReturn(datasetVersionMock);
         when(datasetVersionMock.getTermsOfUseAndAccess()).thenReturn(termsOfUseAndAccessStub);
+        Mockito.when(dataverseRequestStub.getUser()).thenReturn(authenticatedUser);
     }
     
+    @Test
+    public void execute_shouldThrowException_whenUserIsNotAuthenticated() {
+        // Arrange
+        Mockito.when(authenticatedUser.isAuthenticated()).thenReturn(false);
+        Dataset dataset = new Dataset();
+        TermsOfUseAndAccess toua = new TermsOfUseAndAccess();
+        UpdateDatasetTermsOfUseCommand sut = new UpdateDatasetTermsOfUseCommand(dataset, toua,  dataverseRequestStub);
+
+        // Act & Assert
+        assertThrows(CommandException.class, () -> {
+            sut.execute(commandContextMock);
+        }, BundleUtil.getStringFromBundle("dataverse.link.user"));
+    }
+    
+
 }

From b5fa671da6380c7524a8e9b703caf266011ad3e9 Mon Sep 17 00:00:00 2001
From: Stephen Kraffmiller <skraffmiller@hmdc.harvard.edu>
Date: Thu, 2 Oct 2025 16:58:17 -0400
Subject: [PATCH 349/634] #11772 update command test

---
 .../UpdateDatasetTermsOfUseCommandTest.java    | 18 ++++++++++++------
 1 file changed, 12 insertions(+), 6 deletions(-)

diff --git a/src/test/java/edu/harvard/iq/dataverse/engine/command/impl/UpdateDatasetTermsOfUseCommandTest.java b/src/test/java/edu/harvard/iq/dataverse/engine/command/impl/UpdateDatasetTermsOfUseCommandTest.java
index e49b81fe7d7..e83211ff290 100644
--- a/src/test/java/edu/harvard/iq/dataverse/engine/command/impl/UpdateDatasetTermsOfUseCommandTest.java
+++ b/src/test/java/edu/harvard/iq/dataverse/engine/command/impl/UpdateDatasetTermsOfUseCommandTest.java
@@ -21,6 +21,7 @@
 import org.junit.jupiter.api.Test;
 import org.mockito.Mock;
 import org.mockito.Mockito;
+import static org.mockito.Mockito.verify;
 import static org.mockito.Mockito.when;
 import org.mockito.MockitoAnnotations;
 
@@ -58,21 +59,26 @@ public void setUp() throws CommandException {
         when(commandContextMock.datasetFieldsValidator()).thenReturn(datasetFieldsValidatorMock);
         when(datasetMock.getOrCreateEditVersion()).thenReturn(datasetVersionMock);
         when(datasetVersionMock.getTermsOfUseAndAccess()).thenReturn(termsOfUseAndAccessStub);
-        Mockito.when(dataverseRequestStub.getUser()).thenReturn(authenticatedUser);
+
     }
     
     @Test
-    public void execute_shouldThrowException_whenUserIsNotAuthenticated() {
+    public void latestVersionShouldBeDraft() {
         // Arrange
-        Mockito.when(authenticatedUser.isAuthenticated()).thenReturn(false);
+
         Dataset dataset = new Dataset();
         TermsOfUseAndAccess toua = new TermsOfUseAndAccess();
         UpdateDatasetTermsOfUseCommand sut = new UpdateDatasetTermsOfUseCommand(dataset, toua,  dataverseRequestStub);
+        try {
+                    dataset = sut.execute(commandContextMock);
+                   verify(commandContextMock).engine();
+        } catch (CommandException ce){
+            
+        }
 
         // Act & Assert
-        assertThrows(CommandException.class, () -> {
-            sut.execute(commandContextMock);
-        }, BundleUtil.getStringFromBundle("dataverse.link.user"));
+        DatasetVersion retVal = dataset.getLatestVersion();
+
     }
     
 

From 39626a5e74b893ba30e6756ecb6bb4d54903e97e Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 2 Oct 2025 23:12:52 +0000
Subject: [PATCH 350/634] Bump peter-evans/create-or-update-comment from 4 to 5

Bumps [peter-evans/create-or-update-comment](https://github.com/peter-evans/create-or-update-comment) from 4 to 5.
- [Release notes](https://github.com/peter-evans/create-or-update-comment/releases)
- [Commits](https://github.com/peter-evans/create-or-update-comment/compare/v4...v5)

---
updated-dependencies:
- dependency-name: peter-evans/create-or-update-comment
  dependency-version: '5'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 .github/workflows/container_app_pr.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/container_app_pr.yml b/.github/workflows/container_app_pr.yml
index a5dddc755d1..9ebf3249261 100644
--- a/.github/workflows/container_app_pr.yml
+++ b/.github/workflows/container_app_pr.yml
@@ -86,7 +86,7 @@ jobs:
                       :ship: [See on GHCR](https://github.com/orgs/gdcc/packages/container). Use by referencing with full name as printed above, mind the registry name.
 
             # Leave a note when things have gone sideways
-            - uses: peter-evans/create-or-update-comment@v4
+            - uses: peter-evans/create-or-update-comment@v5
               if: ${{ failure() }}
               with:
                   issue-number: ${{ github.event.client_payload.pull_request.number }}

From f612afb22b34db8f8148da499954ef892b413f74 Mon Sep 17 00:00:00 2001
From: Stephen Kraffmiller <skraffmiller@hmdc.harvard.edu>
Date: Fri, 3 Oct 2025 10:42:06 -0400
Subject: [PATCH 351/634] #11772 update test

---
 .../impl/UpdateDatasetTermsOfUseCommandTest.java     | 12 +++++++-----
 1 file changed, 7 insertions(+), 5 deletions(-)

diff --git a/src/test/java/edu/harvard/iq/dataverse/engine/command/impl/UpdateDatasetTermsOfUseCommandTest.java b/src/test/java/edu/harvard/iq/dataverse/engine/command/impl/UpdateDatasetTermsOfUseCommandTest.java
index e83211ff290..51077b368c3 100644
--- a/src/test/java/edu/harvard/iq/dataverse/engine/command/impl/UpdateDatasetTermsOfUseCommandTest.java
+++ b/src/test/java/edu/harvard/iq/dataverse/engine/command/impl/UpdateDatasetTermsOfUseCommandTest.java
@@ -16,6 +16,7 @@
 import java.util.ArrayList;
 import java.util.List;
 import static org.junit.jupiter.api.Assertions.assertEquals;
+import static org.junit.jupiter.api.Assertions.assertNotNull;
 import static org.junit.jupiter.api.Assertions.assertThrows;
 import org.junit.jupiter.api.BeforeEach;
 import org.junit.jupiter.api.Test;
@@ -68,12 +69,13 @@ public void latestVersionShouldBeDraft() {
 
         Dataset dataset = new Dataset();
         TermsOfUseAndAccess toua = new TermsOfUseAndAccess();
-        UpdateDatasetTermsOfUseCommand sut = new UpdateDatasetTermsOfUseCommand(dataset, toua,  dataverseRequestStub);
+        UpdateDatasetTermsOfUseCommand sut = new UpdateDatasetTermsOfUseCommand(dataset, toua, dataverseRequestStub);
         try {
-                    dataset = sut.execute(commandContextMock);
-                   verify(commandContextMock).engine();
-        } catch (CommandException ce){
-            
+           Dataset updatedDataset = sut.execute(commandContextMock);
+            verify(commandContextMock).engine();
+            assertNotNull(datasetMock);
+        } catch (CommandException ce) {
+
         }
 
         // Act & Assert

From 89b88b5c7d02a203d15ec877b5d8c3b71571e11d Mon Sep 17 00:00:00 2001
From: GPortas <hey@gportas.me>
Date: Mon, 6 Oct 2025 09:33:30 +0100
Subject: [PATCH 352/634] Added: pagination test cases to
 testSummaryDatasetVersionsDifferencesAPI IT

---
 .../harvard/iq/dataverse/api/DatasetsIT.java  | 60 ++++++++++++++-----
 .../edu/harvard/iq/dataverse/api/UtilIT.java  |  9 ++-
 2 files changed, 53 insertions(+), 16 deletions(-)

diff --git a/src/test/java/edu/harvard/iq/dataverse/api/DatasetsIT.java b/src/test/java/edu/harvard/iq/dataverse/api/DatasetsIT.java
index 5dac4b1d05c..b94f9276a51 100644
--- a/src/test/java/edu/harvard/iq/dataverse/api/DatasetsIT.java
+++ b/src/test/java/edu/harvard/iq/dataverse/api/DatasetsIT.java
@@ -6374,11 +6374,8 @@ public void testCompareDatasetVersionsAPI() throws InterruptedException {
         compareResponse = UtilIT.compareDatasetVersions(datasetPersistentId,  ":latest-published", ":draft", apiToken, true);
         compareResponse.prettyPrint();
         compareResponse.then().assertThat().statusCode(OK.getStatusCode());
-
-        
-        
     }
-    
+
     @Test
     public void testSummaryDatasetVersionsDifferencesAPI() throws InterruptedException {
 
@@ -6477,11 +6474,10 @@ public void testSummaryDatasetVersionsDifferencesAPI() throws InterruptedExcepti
         Response updateTerms = UtilIT.updateDatasetJsonLDMetadata(datasetId, apiToken, jsonLDTerms, true);
         updateTerms.then().assertThat()
                 .statusCode(OK.getStatusCode());
-        
-        
+
 
         Response compareResponse = UtilIT.summaryDatasetVersionDifferences(datasetPersistentId, apiToken);
-        compareResponse.prettyPrint(); 
+        compareResponse.prettyPrint();
 
         compareResponse.then().assertThat()
                 .body("data[1].versionNumber", equalTo("1.0"))
@@ -6498,32 +6494,66 @@ public void testSummaryDatasetVersionsDifferencesAPI() throws InterruptedExcepti
                 .statusCode(OK.getStatusCode());
 
         //user with no privileges will only see the published version
-        
+
         Response createUsernoPriv = UtilIT.createRandomUser();
         assertEquals(200, createUsernoPriv.getStatusCode());
         String apiTokenNoPriv = UtilIT.getApiTokenFromResponse(createUsernoPriv);
-        
+
         Response compareResponse2 = UtilIT.summaryDatasetVersionDifferences(datasetPersistentId, apiTokenNoPriv);
         compareResponse2.prettyPrint();
         compareResponse2.then().assertThat()
                 .body("data[0].versionNumber", CoreMatchers.equalTo("1.0"))
                 .body("data[0].summary", CoreMatchers.equalTo("firstPublished"))
                 .statusCode(OK.getStatusCode());
-        
+
         Response deaccessionDatasetResponse = UtilIT.deaccessionDataset(datasetId, DS_VERSION_LATEST_PUBLISHED, "Test deaccession reason.", null, apiToken);
         deaccessionDatasetResponse.then().assertThat().statusCode(OK.getStatusCode());
-        
+
         compareResponse = UtilIT.summaryDatasetVersionDifferences(datasetPersistentId, apiToken);
-        compareResponse.prettyPrint(); 
-        
+        compareResponse.prettyPrint();
+
         compareResponse.then().assertThat()
                 .body("data[1].versionNumber", equalTo("1.0"))
                 .body("data[1].summary.deaccessioned.reason", equalTo("Test deaccession reason."))
                 .body("data[0].versionNumber", equalTo("DRAFT"))
                 .body("data[0].summary.", equalTo("previousVersionDeaccessioned"))
                 .statusCode(OK.getStatusCode());
-        
-        
+
+        // Pagination tests
+
+        // Publish the current DRAFT as a minor version to create version 2.0
+        // This will give us more versions to test pagination against.
+
+        publishDataset = UtilIT.publishDatasetViaNativeApi(datasetPersistentId, "major", apiToken);
+        publishDataset.then().assertThat().statusCode(OK.getStatusCode());
+
+        // Make one file change to create a new DRAFT on top of version 2.0
+        pathToJsonFilePostPub = "doc/sphinx-guides/source/_static/api/dataset-add-metadata-after-pub.json";
+        addDataToPublishedVersion = UtilIT.addDatasetMetadataViaNative(datasetPersistentId, pathToJsonFilePostPub, apiToken);
+        addDataToPublishedVersion.then().assertThat().statusCode(OK.getStatusCode());
+
+        // TEST 1: No pagination. Should return all 3 version differences (DRAFT, 2.0, 1.0).
+        Response compareAllResponse = UtilIT.summaryDatasetVersionDifferences(datasetPersistentId, apiToken);
+        compareAllResponse.then().assertThat()
+                .statusCode(OK.getStatusCode())
+                .body("data.size()", is(3))
+                .body("data[0].versionNumber", equalTo("DRAFT"))
+                .body("data[1].versionNumber", equalTo("2.0"))
+                .body("data[2].versionNumber", equalTo("1.0"));
+
+        // TEST 2: Use limit=1. Should return only the latest difference (DRAFT).
+        Response compareLimitResponse = UtilIT.summaryDatasetVersionDifferences(datasetPersistentId, 1, null, apiToken);
+        compareLimitResponse.then().assertThat()
+                .statusCode(OK.getStatusCode())
+                .body("data.size()", is(1))
+                .body("data[0].versionNumber", equalTo("DRAFT"));
+
+        // TEST 3: Use limit=1 and offset=1. Should skip the first result and return the second (2.0).
+        Response compareOffsetResponse = UtilIT.summaryDatasetVersionDifferences(datasetPersistentId, 1, 1, apiToken);
+        compareOffsetResponse.then().assertThat()
+                .statusCode(OK.getStatusCode())
+                .body("data.size()", is(1))
+                .body("data[0].versionNumber", equalTo("2.0"));
     }
     
     @Test
diff --git a/src/test/java/edu/harvard/iq/dataverse/api/UtilIT.java b/src/test/java/edu/harvard/iq/dataverse/api/UtilIT.java
index e5d3f908349..20c1a016450 100644
--- a/src/test/java/edu/harvard/iq/dataverse/api/UtilIT.java
+++ b/src/test/java/edu/harvard/iq/dataverse/api/UtilIT.java
@@ -1787,14 +1787,21 @@ static Response compareDatasetVersions(String persistentId, String versionNumber
                         + "&includeDeaccessioned="
                         + includeDeaccessioned);
     }
+
+    static Response summaryDatasetVersionDifferences(String persistentId, String apiToken) {
+        return summaryDatasetVersionDifferences(persistentId, null, null, apiToken);
+    }
     
-    static Response summaryDatasetVersionDifferences(String persistentId,  String apiToken) {
+    static Response summaryDatasetVersionDifferences(String persistentId, Integer limit, Integer offset, String apiToken) {
         return given()
                 .header(API_TOKEN_HTTP_HEADER, apiToken)
+                .queryParam("limit", limit)
+                .queryParam("offset", offset)
                 .get("/api/datasets/:persistentId/versions/compareSummary"
                         + "?persistentId="
                         + persistentId);
     }
+
     static Response getDatasetWithOwners(String persistentId,  String apiToken, boolean returnOwners) {
         return given()
                 .header(API_TOKEN_HTTP_HEADER, apiToken)

From 93823a7b40dcfab8ddca6dd44860cd3305fbabf5 Mon Sep 17 00:00:00 2001
From: GPortas <hey@gportas.me>
Date: Mon, 6 Oct 2025 09:38:30 +0100
Subject: [PATCH 353/634] Added: pagination explanation docs to compareSummary
 datasets endpoint

---
 doc/sphinx-guides/source/api/native-api.rst | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/doc/sphinx-guides/source/api/native-api.rst b/doc/sphinx-guides/source/api/native-api.rst
index 19a4d79c5ae..6fe0147a683 100644
--- a/doc/sphinx-guides/source/api/native-api.rst
+++ b/doc/sphinx-guides/source/api/native-api.rst
@@ -2107,6 +2107,16 @@ The fully expanded example above (without environment variables) looks like this
 
   curl -H "X-Dataverse-key: xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx" -X PUT "https://demo.dataverse.org/api/datasets/:persistentId/versions/compareSummary?persistentId=doi:10.5072/FK2/BCCP9Z"
 
+You can control pagination of the results using the following optional query parameters.
+
+* ``limit``: The maximum number of version differences to return.
+* ``offset``: The number of version differences to skip from the beginning of the list. Used for retrieving subsequent pages of results.
+
+For example, to get the second page of results, with 2 items per page, you would use ``limit=2`` and ``offset=2`` (skipping the first two results).
+
+.. code-block:: bash
+
+  curl -H "X-Dataverse-key: xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx" -X PUT "https://demo.dataverse.org/api/datasets/:persistentId/versions/compareSummary?persistentId=doi:10.5072/FK2/BCCP9Z&limit=2&offset=2"
 
 Update Metadata For a Dataset
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

From e043bf16f5c04f7a672e5b8f39c77ae1bdebd508 Mon Sep 17 00:00:00 2001
From: jo-pol <jo-pol@users.noreply.github.com>
Date: Mon, 6 Oct 2025 15:32:16 +0200
Subject: [PATCH 354/634] restored suppressing dataverse field with
 getDatasetCount rather than findAll

---
 .../edu/harvard/iq/dataverse/DatasetPage.java   |  8 ++++++++
 .../iq/dataverse/DataverseConverter.java        | 17 ++++++++++++++++-
 src/main/webapp/dataset.xhtml                   |  2 +-
 3 files changed, 25 insertions(+), 2 deletions(-)

diff --git a/src/main/java/edu/harvard/iq/dataverse/DatasetPage.java b/src/main/java/edu/harvard/iq/dataverse/DatasetPage.java
index b41e8d4ac35..da1345123b3 100644
--- a/src/main/java/edu/harvard/iq/dataverse/DatasetPage.java
+++ b/src/main/java/edu/harvard/iq/dataverse/DatasetPage.java
@@ -105,6 +105,8 @@
 import jakarta.persistence.OptimisticLockException;
 
 import org.apache.commons.lang3.StringUtils;
+import org.joda.time.DateTime;
+import org.joda.time.Duration;
 import org.primefaces.event.FileUploadEvent;
 import org.primefaces.model.file.UploadedFile;
 
@@ -332,6 +334,7 @@ public enum DisplayMode {
     private List<SelectItem> linkingDVSelectItems;
     private Dataverse linkingDataverse;
     private Dataverse selectedHostDataverse;
+    private boolean hasDataversesToChoose;
 
     public Dataverse getSelectedHostDataverse() {
         return selectedHostDataverse;
@@ -1781,6 +1784,11 @@ public void setDataverseTemplates(List<Template> dataverseTemplates) {
         this.dataverseTemplates = dataverseTemplates;
     }
 
+    public boolean isHasDataversesToChoose() {
+        this.hasDataversesToChoose = dataverseService.getDataverseCount() > 1;
+        return this.hasDataversesToChoose;
+    }
+
     public Template getDefaultTemplate() {
         return defaultTemplate;
     }
diff --git a/src/main/java/edu/harvard/iq/dataverse/DataverseConverter.java b/src/main/java/edu/harvard/iq/dataverse/DataverseConverter.java
index 2b40894a595..58e89b0a867 100644
--- a/src/main/java/edu/harvard/iq/dataverse/DataverseConverter.java
+++ b/src/main/java/edu/harvard/iq/dataverse/DataverseConverter.java
@@ -13,19 +13,34 @@
 import jakarta.faces.convert.Converter;
 import jakarta.faces.convert.FacesConverter;
 
+import java.util.logging.Logger;
+
 /**
  *
  * @author skraffmiller
  */
 @FacesConverter("dataverseConverter")
 public class DataverseConverter implements Converter {
+    private static final Logger logger = Logger.getLogger(DatasetPage.class.getCanonicalName());
+
     
     //@EJB
     DataverseServiceBean dataverseService = CDI.current().select(DataverseServiceBean.class).get();
 
     @Override
     public Object getAsObject(FacesContext facesContext, UIComponent component, String submittedValue) {
-        return dataverseService.find(new Long(submittedValue));
+        if (submittedValue == null || !submittedValue.matches("[0-9]+")) {
+            logger.fine("Submitted value is not a host dataverse number but: " + submittedValue);
+            return CDI.current().select(DatasetPage.class).get().getSelectedHostDataverse();
+        }
+        else {
+            try {
+                return dataverseService.find(Long.parseLong(submittedValue));
+            } catch (NumberFormatException e) {
+                logger.warning("Submitted value is out of range for a Long: " + submittedValue);
+                return CDI.current().select(DatasetPage.class).get().getSelectedHostDataverse();
+            }
+        }
         //return dataverseService.findByAlias(submittedValue);
     }
 
diff --git a/src/main/webapp/dataset.xhtml b/src/main/webapp/dataset.xhtml
index 7729b6da442..0b16e63ac94 100644
--- a/src/main/webapp/dataset.xhtml
+++ b/src/main/webapp/dataset.xhtml
@@ -777,7 +777,7 @@
                     <!-- Create/Edit editMode -->
                     <ui:fragment rendered="#{DatasetPage.editMode == 'METADATA' or DatasetPage.editMode == 'CREATE'}">
                         <p:focus context="datasetForm"/>
-                        <div class="form-group">
+                        <div class="form-group" jsf:rendered="#{DatasetPage.hasDataversesToChoose and DatasetPage.editMode == 'CREATE'}">
                             <label jsf:for="#{DatasetPage.editMode == 'CREATE' ? 'selectHostDataverse_input' : 'select_HostDataverse_Static'}" class="col-md-3 control-label">
                                 #{bundle.hostDataverse}
                                 <span class="glyphicon glyphicon-question-sign tooltip-icon"

From 32dd076502783eea77a31b0302b240aaecc48949 Mon Sep 17 00:00:00 2001
From: jo-pol <jo-pol@users.noreply.github.com>
Date: Mon, 6 Oct 2025 15:49:01 +0200
Subject: [PATCH 355/634] copilot review

---
 src/main/java/edu/harvard/iq/dataverse/DataverseConverter.java | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/main/java/edu/harvard/iq/dataverse/DataverseConverter.java b/src/main/java/edu/harvard/iq/dataverse/DataverseConverter.java
index 58e89b0a867..ad847626879 100644
--- a/src/main/java/edu/harvard/iq/dataverse/DataverseConverter.java
+++ b/src/main/java/edu/harvard/iq/dataverse/DataverseConverter.java
@@ -21,7 +21,7 @@
  */
 @FacesConverter("dataverseConverter")
 public class DataverseConverter implements Converter {
-    private static final Logger logger = Logger.getLogger(DatasetPage.class.getCanonicalName());
+    private static final Logger logger = Logger.getLogger(DataverseConverter.class.getCanonicalName());
 
     
     //@EJB

From ca1536686566ba433d23b1221b3eafcdd39a5e5a Mon Sep 17 00:00:00 2001
From: Stephen Kraffmiller <skraffmiller@hmdc.harvard.edu>
Date: Mon, 6 Oct 2025 15:15:13 -0400
Subject: [PATCH 356/634] #11772 fix unit test

---
 .../UpdateDatasetTermsOfUseCommandTest.java   | 76 +++++++++----------
 1 file changed, 36 insertions(+), 40 deletions(-)

diff --git a/src/test/java/edu/harvard/iq/dataverse/engine/command/impl/UpdateDatasetTermsOfUseCommandTest.java b/src/test/java/edu/harvard/iq/dataverse/engine/command/impl/UpdateDatasetTermsOfUseCommandTest.java
index 51077b368c3..ed6a7012a39 100644
--- a/src/test/java/edu/harvard/iq/dataverse/engine/command/impl/UpdateDatasetTermsOfUseCommandTest.java
+++ b/src/test/java/edu/harvard/iq/dataverse/engine/command/impl/UpdateDatasetTermsOfUseCommandTest.java
@@ -1,27 +1,18 @@
-
 package edu.harvard.iq.dataverse.engine.command.impl;
 
 import edu.harvard.iq.dataverse.Dataset;
 import edu.harvard.iq.dataverse.DatasetVersion;
 import edu.harvard.iq.dataverse.TermsOfUseAndAccess;
-import edu.harvard.iq.dataverse.authorization.users.AuthenticatedUser;
-import edu.harvard.iq.dataverse.dataset.DatasetFieldsValidator;
 import edu.harvard.iq.dataverse.engine.DataverseEngine;
 import edu.harvard.iq.dataverse.engine.command.CommandContext;
 import edu.harvard.iq.dataverse.engine.command.DataverseRequest;
 import edu.harvard.iq.dataverse.engine.command.exception.CommandException;
-import edu.harvard.iq.dataverse.engine.command.exception.IllegalCommandException;
-import edu.harvard.iq.dataverse.engine.command.exception.InvalidCommandArgumentsException;
-import edu.harvard.iq.dataverse.util.BundleUtil;
-import java.util.ArrayList;
-import java.util.List;
 import static org.junit.jupiter.api.Assertions.assertEquals;
-import static org.junit.jupiter.api.Assertions.assertNotNull;
-import static org.junit.jupiter.api.Assertions.assertThrows;
+
+import static org.junit.jupiter.api.Assertions.assertSame;
 import org.junit.jupiter.api.BeforeEach;
 import org.junit.jupiter.api.Test;
 import org.mockito.Mock;
-import org.mockito.Mockito;
 import static org.mockito.Mockito.verify;
 import static org.mockito.Mockito.when;
 import org.mockito.MockitoAnnotations;
@@ -31,57 +22,62 @@
  * @author stephenkraffmiller
  */
 public class UpdateDatasetTermsOfUseCommandTest {
+
     @Mock
-    private UpdateDatasetVersionCommand updateDatasetVersionCommandStub;
+    private CommandContext ctxt;
+
     @Mock
     private DataverseEngine dataverseEngineMock;
+
     @Mock
-    private Dataset datasetMock;
+    private UpdateDatasetVersionCommand updateDatasetVersionCommand;
+
     @Mock
-    private DataverseRequest dataverseRequestStub;
+    private Dataset datasetMock;
+
     @Mock
-    private TermsOfUseAndAccess termsOfUseAndAccessStub;
+    private DataverseRequest request;
+
     @Mock
     private CommandContext commandContextMock;
+
     @Mock
     private DatasetVersion datasetVersionMock;
-    @Mock
-    private DatasetFieldsValidator datasetFieldsValidatorMock;
-    @Mock
-    private AuthenticatedUser authenticatedUser;
 
-    
+    private Dataset dataset = new Dataset();
+    private TermsOfUseAndAccess terms = new TermsOfUseAndAccess();
+
+    private UpdateDatasetTermsOfUseCommand command;
+
     @BeforeEach
     public void setUp() throws CommandException {
         MockitoAnnotations.openMocks(this);
-
-        when(dataverseEngineMock.submit(updateDatasetVersionCommandStub)).thenReturn(datasetMock);
+        when(dataverseEngineMock.submit(updateDatasetVersionCommand)).thenReturn(datasetMock);
         when(commandContextMock.engine()).thenReturn(dataverseEngineMock);
-        when(commandContextMock.datasetFieldsValidator()).thenReturn(datasetFieldsValidatorMock);
         when(datasetMock.getOrCreateEditVersion()).thenReturn(datasetVersionMock);
-        when(datasetVersionMock.getTermsOfUseAndAccess()).thenReturn(termsOfUseAndAccessStub);
+        dataset.getOrCreateEditVersion();
+        dataset = new Dataset();
+        dataset.getOrCreateEditVersion();
+        terms = new TermsOfUseAndAccess();
 
+        command = new UpdateDatasetTermsOfUseCommand(dataset, terms, request, updateDatasetVersionCommand);
     }
-    
-    @Test
-    public void latestVersionShouldBeDraft() {
-        // Arrange
 
-        Dataset dataset = new Dataset();
-        TermsOfUseAndAccess toua = new TermsOfUseAndAccess();
-        UpdateDatasetTermsOfUseCommand sut = new UpdateDatasetTermsOfUseCommand(dataset, toua, dataverseRequestStub);
-        try {
-           Dataset updatedDataset = sut.execute(commandContextMock);
-            verify(commandContextMock).engine();
-            assertNotNull(datasetMock);
-        } catch (CommandException ce) {
+    @Test
+    public void testExecute_SubmitsUpdateCommandAndUpdatesTerms() throws Exception {
+        when(ctxt.engine()).thenReturn(dataverseEngineMock);
+        Dataset expectedDataset = new Dataset();
+        when(dataverseEngineMock.submit(updateDatasetVersionCommand)).thenReturn(expectedDataset);
 
-        }
+        Dataset result = command.execute(ctxt);
 
-        // Act & Assert
-        DatasetVersion retVal = dataset.getLatestVersion();
+        DatasetVersion version = dataset.getOrCreateEditVersion();
+        assertEquals(terms, version.getTermsOfUseAndAccess());
+        assertEquals(DatasetVersion.VersionState.DRAFT, version.getVersionState());
+        assertSame(version, terms.getDatasetVersion());
 
+        verify(dataverseEngineMock).submit(updateDatasetVersionCommand);
+        assertSame(expectedDataset, result);
     }
-    
 
 }

From 84149b3ce9d52f4116525688137f0e90cc8d60ac Mon Sep 17 00:00:00 2001
From: jo-pol <jo-pol@users.noreply.github.com>
Date: Tue, 7 Oct 2025 10:19:59 +0200
Subject: [PATCH 357/634] cash hasDataversesToChoose

---
 src/main/java/edu/harvard/iq/dataverse/DatasetPage.java | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/src/main/java/edu/harvard/iq/dataverse/DatasetPage.java b/src/main/java/edu/harvard/iq/dataverse/DatasetPage.java
index da1345123b3..4a03cc322d8 100644
--- a/src/main/java/edu/harvard/iq/dataverse/DatasetPage.java
+++ b/src/main/java/edu/harvard/iq/dataverse/DatasetPage.java
@@ -334,7 +334,7 @@ public enum DisplayMode {
     private List<SelectItem> linkingDVSelectItems;
     private Dataverse linkingDataverse;
     private Dataverse selectedHostDataverse;
-    private boolean hasDataversesToChoose;
+    private Boolean hasDataversesToChoose;
 
     public Dataverse getSelectedHostDataverse() {
         return selectedHostDataverse;
@@ -1785,7 +1785,10 @@ public void setDataverseTemplates(List<Template> dataverseTemplates) {
     }
 
     public boolean isHasDataversesToChoose() {
-        this.hasDataversesToChoose = dataverseService.getDataverseCount() > 1;
+        // TODO we actually need to look for dataverses where a user has permission to add a dataset
+        if (this.hasDataversesToChoose == null) {
+            this.hasDataversesToChoose = dataverseService.getDataverseCount() > 1;
+        }
         return this.hasDataversesToChoose;
     }
 

From db03fffbd33577b9634dddcfaa9b971f15742936 Mon Sep 17 00:00:00 2001
From: jo-pol <jo-pol@users.noreply.github.com>
Date: Tue, 7 Oct 2025 10:22:04 +0200
Subject: [PATCH 358/634] unised imports

---
 src/main/java/edu/harvard/iq/dataverse/DatasetPage.java | 2 --
 1 file changed, 2 deletions(-)

diff --git a/src/main/java/edu/harvard/iq/dataverse/DatasetPage.java b/src/main/java/edu/harvard/iq/dataverse/DatasetPage.java
index 4a03cc322d8..0ecde12b09a 100644
--- a/src/main/java/edu/harvard/iq/dataverse/DatasetPage.java
+++ b/src/main/java/edu/harvard/iq/dataverse/DatasetPage.java
@@ -105,8 +105,6 @@
 import jakarta.persistence.OptimisticLockException;
 
 import org.apache.commons.lang3.StringUtils;
-import org.joda.time.DateTime;
-import org.joda.time.Duration;
 import org.primefaces.event.FileUploadEvent;
 import org.primefaces.model.file.UploadedFile;
 

From d641b7165b875d8f14926f4301b06dc528cbb43f Mon Sep 17 00:00:00 2001
From: jo-pol <jo-pol@users.noreply.github.com>
Date: Tue, 7 Oct 2025 14:26:49 +0200
Subject: [PATCH 359/634] release note

---
 .../11865-restored-suppress-dataverse-field              | 9 +++++++++
 1 file changed, 9 insertions(+)
 create mode 100644 doc/release-notes/11865-restored-suppress-dataverse-field

diff --git a/doc/release-notes/11865-restored-suppress-dataverse-field b/doc/release-notes/11865-restored-suppress-dataverse-field
new file mode 100644
index 00000000000..7d35cf8ba63
--- /dev/null
+++ b/doc/release-notes/11865-restored-suppress-dataverse-field
@@ -0,0 +1,9 @@
+### Restored suppression of the host dataverse field
+
+When creating/editing a dataset, the _host dataverse_ field is not shown when there is no other dataverse than the root dataverse.
+
+This was introduced in 6.7 with PR #11301 and reverted in 6.7.1 with PR #11700.
+A performance penalty was observed in instances with a large number of dataverses.
+The worst performance degradation is remedied by reusing a query that returns the total number of dataverses.
+
+The number be more than a user is authorized to add datasets to so a user might still see the field even if there is no dataverse to select.
\ No newline at end of file

From 3cf657f55a31fbc08961ff7822dbe1d4949a9e03 Mon Sep 17 00:00:00 2001
From: Florian Fritze <florian.fritze@ub.uni-stuttgart.de>
Date: Tue, 7 Oct 2025 14:49:02 +0200
Subject: [PATCH 360/634] @qqmyers additional suggestion

---
 .../edu/harvard/iq/dataverse/DatasetFieldServiceBean.java     | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/main/java/edu/harvard/iq/dataverse/DatasetFieldServiceBean.java b/src/main/java/edu/harvard/iq/dataverse/DatasetFieldServiceBean.java
index 793a98e811c..695a8828224 100644
--- a/src/main/java/edu/harvard/iq/dataverse/DatasetFieldServiceBean.java
+++ b/src/main/java/edu/harvard/iq/dataverse/DatasetFieldServiceBean.java
@@ -794,7 +794,7 @@ Object processPathSegment(int index, String[] pathParts, JsonValue curPath, Stri
                 }
 
             } else {
-                if (NumberUtils.isCreatable(pathParts[index])) {
+                if ((curPath instanceof JsonArray) && NumberUtils.isCreatable(pathParts[index])) {
                     try {
                         int indexNumber = Integer.parseInt(pathParts[index]);
                         curPath = ((JsonArray) curPath).get(indexNumber);
@@ -805,7 +805,7 @@ Object processPathSegment(int index, String[] pathParts, JsonValue curPath, Stri
                     curPath = ((JsonObject) curPath).get(pathParts[index]);
                 }
                 // curPath = ((JsonObject) curPath).get(pathParts[index]);
-                logger.fine("Found next Path object " + curPath.toString());
+                logger.fine("Found next Path object " + ((curPath == null) ? "null" : curPath.toString()));
                 return processPathSegment(index + 1, pathParts, curPath, termUri);
             }
         } else {

From 393c7d4bf91f78fd93097bc20fadf649533befb6 Mon Sep 17 00:00:00 2001
From: GPortas <hey@gportas.me>
Date: Tue, 7 Oct 2025 23:12:51 +0100
Subject: [PATCH 361/634] Added: findFileMetadataHistory JPACriteria-based
 method to DataFileServiceBean

---
 .../iq/dataverse/DataFileServiceBean.java     | 71 +++++++++++++++++++
 1 file changed, 71 insertions(+)

diff --git a/src/main/java/edu/harvard/iq/dataverse/DataFileServiceBean.java b/src/main/java/edu/harvard/iq/dataverse/DataFileServiceBean.java
index 937f5693511..4b7f8351d55 100644
--- a/src/main/java/edu/harvard/iq/dataverse/DataFileServiceBean.java
+++ b/src/main/java/edu/harvard/iq/dataverse/DataFileServiceBean.java
@@ -30,6 +30,8 @@
 import java.util.UUID;
 import java.util.logging.Level;
 import java.util.logging.Logger;
+import java.util.stream.Collectors;
+
 import jakarta.ejb.EJB;
 import jakarta.ejb.Stateless;
 import jakarta.ejb.TransactionAttribute;
@@ -40,6 +42,7 @@
 import jakarta.persistence.PersistenceContext;
 import jakarta.persistence.Query;
 import jakarta.persistence.TypedQuery;
+import jakarta.persistence.criteria.*;
 
 /**
  *
@@ -376,6 +379,74 @@ public FileMetadata findFileMetadataByDatasetVersionIdAndDataFileId(Long dataset
         }
     }
 
+    /**
+     * Finds the concise history of a file, returning an entry only for each
+     * version where the file's metadata was created or changed.
+     * <p>
+     * This method correctly handles file replacements by searching for all files
+     * sharing the same {@code rootDataFileId}.
+     *
+     * @param datasetId     The ID of the parent dataset.
+     * @param dataFile      The DataFile entity to find the history for.
+     * @param canViewUnpublishedVersions A boolean indicating if the user has permission to view non-released versions.
+     * @return A chronologically sorted list of the file's version history. Returns an empty list if the dataFile is null.
+     */
+    public List<VersionedFileMetadata> findFileMetadataHistory(Long datasetId, DataFile dataFile, boolean canViewUnpublishedVersions) {
+        // Guard clause: Return early if there's no file to search for.
+        if (dataFile == null) {
+            return Collections.emptyList();
+        }
+
+        CriteriaBuilder cb = em.getCriteriaBuilder();
+        CriteriaQuery<FileMetadata> criteriaQuery = cb.createQuery(FileMetadata.class);
+        Root<FileMetadata> fileMetadata = criteriaQuery.from(FileMetadata.class);
+
+        // --- Joins ---
+        // Define relationships for filtering and ordering.
+        Join<FileMetadata, DatasetVersion> version = fileMetadata.join("datasetVersion");
+        Join<DatasetVersion, Dataset> dataset = version.join("dataset");
+        Join<FileMetadata, DataFile> file = fileMetadata.join("dataFile");
+
+        // --- Predicates (WHERE clause) ---
+        // Build a list of conditions for the query.
+        List<Predicate> predicates = new ArrayList<>();
+
+        // Filter by the parent dataset.
+        predicates.add(cb.equal(dataset.get("id"), datasetId));
+
+        // Filter by the file's lineage, handling both new and replaced files.
+        if (dataFile.getRootDataFileId() < 0) {
+            // For a new file, match by its specific ID.
+            predicates.add(cb.equal(file.get("id"), dataFile.getId()));
+        } else {
+            // For a replaced file, match the entire history via its root ID.
+            predicates.add(cb.equal(file.get("rootDataFileId"), dataFile.getRootDataFileId()));
+        }
+
+        // Add permission-based filter for version states.
+        if (!canViewUnpublishedVersions) {
+            predicates.add(version.get("versionState").in(
+                    VersionState.RELEASED, VersionState.DEACCESSIONED));
+        }
+
+        criteriaQuery.where(predicates.toArray(new Predicate[0]));
+
+        // --- Ordering ---
+        // Order results from newest to oldest version.
+        criteriaQuery.orderBy(
+                cb.desc(version.get("versionNumber")),
+                cb.desc(version.get("minorVersionNumber"))
+        );
+
+        // --- Execution & Transformation ---
+        // Execute the query and map the results to the VersionedFileMetadata list.
+        List<FileMetadata> results = em.createQuery(criteriaQuery).getResultList();
+
+        return results.stream()
+                .map(metadata -> new VersionedFileMetadata(metadata.getDatasetVersion(), metadata))
+                .collect(Collectors.toList());
+    }
+
     public FileMetadata findMostRecentVersionFileIsIn(DataFile file) {
         if (file == null) {
             return null;

From 7ac4588cbd7cc6701946d6f8d22624bfb220f785 Mon Sep 17 00:00:00 2001
From: GPortas <hey@gportas.me>
Date: Tue, 7 Oct 2025 23:14:00 +0100
Subject: [PATCH 362/634] Added: GetFileVersionDifferencesCommand, pending to
 be refactored and test-covered

---
 .../GetFileVersionDifferencesCommand.java     | 55 +++++++++++++++++++
 1 file changed, 55 insertions(+)
 create mode 100644 src/main/java/edu/harvard/iq/dataverse/engine/command/impl/GetFileVersionDifferencesCommand.java

diff --git a/src/main/java/edu/harvard/iq/dataverse/engine/command/impl/GetFileVersionDifferencesCommand.java b/src/main/java/edu/harvard/iq/dataverse/engine/command/impl/GetFileVersionDifferencesCommand.java
new file mode 100644
index 00000000000..48e98021150
--- /dev/null
+++ b/src/main/java/edu/harvard/iq/dataverse/engine/command/impl/GetFileVersionDifferencesCommand.java
@@ -0,0 +1,55 @@
+package edu.harvard.iq.dataverse.engine.command.impl;
+
+import edu.harvard.iq.dataverse.*;
+import edu.harvard.iq.dataverse.authorization.Permission;
+import edu.harvard.iq.dataverse.datasetversionsummaries.DatasetVersionSummary;
+import edu.harvard.iq.dataverse.engine.command.AbstractCommand;
+import edu.harvard.iq.dataverse.engine.command.CommandContext;
+import edu.harvard.iq.dataverse.engine.command.DataverseRequest;
+import edu.harvard.iq.dataverse.engine.command.RequiredPermissions;
+import edu.harvard.iq.dataverse.engine.command.exception.CommandException;
+
+import java.util.ArrayList;
+import java.util.List;
+
+/**
+ * A command that retrieves a paginated list of {@link DatasetVersionSummary} for the versions of a given {@link Dataset}.
+ **/
+@RequiredPermissions({})
+public class GetFileVersionDifferencesCommand extends AbstractCommand<List<FileVersionDifference>> {
+    private final FileMetadata fileMetadata;
+    private final Integer limit;
+    private final Integer offset;
+    private final FileMetadataVersionsHelper fileMetadataVersionsHelper;
+
+    public GetFileVersionDifferencesCommand(DataverseRequest request, FileMetadata fileMetadata, Integer limit, Integer offset, FileMetadataVersionsHelper fileMetadataVersionsHelper) {
+        super(request, fileMetadata.getDataFile());
+        this.fileMetadata = fileMetadata;
+        this.limit = limit;
+        this.offset = offset;
+        this.fileMetadataVersionsHelper = fileMetadataVersionsHelper;
+    }
+
+    @Override
+    // TODO
+    public List<FileVersionDifference> execute(CommandContext ctxt) throws CommandException {
+        Dataset dataset = fileMetadata.getDatasetVersion().getDataset();
+        boolean hasPermission = ctxt.permissions().requestOn(getRequest(), dataset).has(Permission.ViewUnpublishedDataset);
+        List<VersionedFileMetadata> versionedFileMetadataList = ctxt.files().findFileMetadataHistory(dataset.getId(), fileMetadata.getDataFile(), hasPermission);
+        List<FileVersionDifference> differences = new ArrayList<>();
+        for (VersionedFileMetadata versionedFileMetadata : versionedFileMetadataList) {
+            DatasetVersion datasetVersion = versionedFileMetadata.getDatasetVersion();
+            if (versionedFileMetadata.getFileMetadata() == null) {
+                FileMetadata dummy = new FileMetadata();
+                dummy.setDatasetVersion(datasetVersion);
+                dummy.setDataFile(null);
+                FileVersionDifference fvd = new FileVersionDifference(dummy, fileMetadataVersionsHelper.getPreviousFileMetadata(fileMetadata, datasetVersion), true);
+                dummy.setFileVersionDifference(fvd);
+                differences.add(fvd);
+            } else {
+                differences.add(new FileVersionDifference(versionedFileMetadata.getFileMetadata(), fileMetadataVersionsHelper.getPreviousFileMetadata(fileMetadata, datasetVersion), true));
+            }
+        }
+        return differences;
+    }
+}

From bda189f2917fc1c8a884e52901e3d61a6379d23f Mon Sep 17 00:00:00 2001
From: GPortas <hey@gportas.me>
Date: Tue, 7 Oct 2025 23:15:22 +0100
Subject: [PATCH 363/634] Changed: Files API versionDifferences endpoint now
 using GetFileVersionDifferencesCommand

---
 .../harvard/iq/dataverse/FileMetadataVersionsHelper.java | 9 +++++----
 src/main/java/edu/harvard/iq/dataverse/api/Files.java    | 6 +++---
 2 files changed, 8 insertions(+), 7 deletions(-)

diff --git a/src/main/java/edu/harvard/iq/dataverse/FileMetadataVersionsHelper.java b/src/main/java/edu/harvard/iq/dataverse/FileMetadataVersionsHelper.java
index 6778794dea6..21bb8ea51e4 100644
--- a/src/main/java/edu/harvard/iq/dataverse/FileMetadataVersionsHelper.java
+++ b/src/main/java/edu/harvard/iq/dataverse/FileMetadataVersionsHelper.java
@@ -61,8 +61,9 @@ public List<FileMetadata> loadFileVersionList(DataverseRequest req, FileMetadata
         return retList;
     }
 
-    public JsonObjectBuilder jsonDataFileVersions(FileMetadata fileMetadata) {
+    public JsonObjectBuilder jsonDataFileVersions(FileVersionDifference fileVersionDifference) {
         JsonObjectBuilder job = jsonObjectBuilder();
+        FileMetadata fileMetadata = fileVersionDifference.getNewFileMetadata();
         if (fileMetadata.getDatasetVersion() != null) {
             job.add("datasetVersion", fileMetadata.getDatasetVersion().getFriendlyVersionNumber());
             if (fileMetadata.getDatasetVersion().getVersionNumber() != null) {
@@ -78,14 +79,14 @@ public JsonObjectBuilder jsonDataFileVersions(FileMetadata fileMetadata) {
                 .add("versionState", fileMetadata.getDatasetVersion().getVersionState().name())
                 .add("summary", fileMetadata.getDatasetVersion().getVersionNote())
                 .add("contributors", fileMetadata.getContributorNames())
-                .add("publishedDate", fileMetadata.getDataFile().getPublicationDate() != null ? fileMetadata.getDataFile().getPublicationDate().toString() : null)
+                .add("publishedDate", fileMetadata.getDataFile() != null ? (fileMetadata.getDataFile().getPublicationDate() != null ? fileMetadata.getDataFile().getPublicationDate().toString() : null) : null)
             ;
         }
         if (fileMetadata.getDataFile() != null) {
             job.add("datafileId", fileMetadata.getDataFile().getId());
             job.add("persistentId", (fileMetadata.getDataFile().getGlobalId() != null ? fileMetadata.getDataFile().getGlobalId().asString() : ""));
         }
-        FileVersionDifference fvd = fileMetadata.getFileVersionDifference();
+        FileVersionDifference fvd = fileVersionDifference;
         if (fvd != null) {
             List<FileVersionDifference.FileDifferenceSummaryGroup> groups = fvd.getDifferenceSummaryGroups();
             JsonObjectBuilder fileDifferenceSummary = jsonObjectBuilder()
@@ -191,7 +192,7 @@ private FileMetadata getPreviousFileMetadata(FileMetadata fileMetadata, FileMeta
     }
 
     //TODO: this could use some refactoring to cut down on the number of for loops!
-    private FileMetadata getPreviousFileMetadata(FileMetadata fileMetadata, DatasetVersion currentversion) {
+    public FileMetadata getPreviousFileMetadata(FileMetadata fileMetadata, DatasetVersion currentversion) {
         List<DataFile> allfiles = allRelatedFiles(fileMetadata);
         boolean foundCurrent = false;
         DatasetVersion priorVersion = null;
diff --git a/src/main/java/edu/harvard/iq/dataverse/api/Files.java b/src/main/java/edu/harvard/iq/dataverse/api/Files.java
index 4ea9087b325..4810510c8a4 100644
--- a/src/main/java/edu/harvard/iq/dataverse/api/Files.java
+++ b/src/main/java/edu/harvard/iq/dataverse/api/Files.java
@@ -1182,10 +1182,10 @@ public Response getFileVersionsList(@Context ContainerRequestContext crc, @PathP
             if (fm == null) {
                 return notFound(BundleUtil.getStringFromBundle("files.api.fileNotFound"));
             }
-            List<FileMetadata> fileMetadataList = fileMetadataVersionsHelper.loadFileVersionList(req, fm);
+            List<FileVersionDifference> fileVersionDifferences = execCommand(new GetFileVersionDifferencesCommand(req, fm, null, null, fileMetadataVersionsHelper));
             JsonArrayBuilder jab = Json.createArrayBuilder();
-            for (FileMetadata fileMetadata : fileMetadataList) {
-                jab.add(fileMetadataVersionsHelper.jsonDataFileVersions(fileMetadata).build());
+            for (FileVersionDifference fileVersionDifference : fileVersionDifferences) {
+                jab.add(fileMetadataVersionsHelper.jsonDataFileVersions(fileVersionDifference).build());
             }
             return Response.ok()
                     .entity(Json.createObjectBuilder()

From 797315330a49e9aa91a3af8b63049224b669e277 Mon Sep 17 00:00:00 2001
From: GPortas <hey@gportas.me>
Date: Tue, 7 Oct 2025 23:15:49 +0100
Subject: [PATCH 364/634] Added: VersionedFileMetadata class

---
 .../iq/dataverse/VersionedFileMetadata.java   | 25 +++++++++++++++++++
 1 file changed, 25 insertions(+)
 create mode 100644 src/main/java/edu/harvard/iq/dataverse/VersionedFileMetadata.java

diff --git a/src/main/java/edu/harvard/iq/dataverse/VersionedFileMetadata.java b/src/main/java/edu/harvard/iq/dataverse/VersionedFileMetadata.java
new file mode 100644
index 00000000000..91478d536f6
--- /dev/null
+++ b/src/main/java/edu/harvard/iq/dataverse/VersionedFileMetadata.java
@@ -0,0 +1,25 @@
+package edu.harvard.iq.dataverse;
+
+/**
+ * A Data Transfer Object (DTO) to hold a DatasetVersion and its
+ * corresponding FileMetadata for a specific file. The fileMetadata
+ * field can be null if the file does not exist in that version.
+ */
+public class VersionedFileMetadata {
+    private final DatasetVersion datasetVersion;
+    private final FileMetadata fileMetadata; // This can be null
+
+    public VersionedFileMetadata(DatasetVersion datasetVersion, FileMetadata fileMetadata) {
+        this.datasetVersion = datasetVersion;
+        this.fileMetadata = fileMetadata;
+    }
+
+    // Add getters for both fields
+    public DatasetVersion getDatasetVersion() {
+        return datasetVersion;
+    }
+
+    public FileMetadata getFileMetadata() {
+        return fileMetadata;
+    }
+}

From a3b753bd1b6356c530fdb739497423cde5365473 Mon Sep 17 00:00:00 2001
From: GPortas <hey@gportas.me>
Date: Tue, 7 Oct 2025 23:36:35 +0100
Subject: [PATCH 365/634] Added: handling optional pagination in
 findFileMetadataHistory and GetFileVersionDifferencesCommand refactored

---
 .../iq/dataverse/DataFileServiceBean.java     | 28 +++++--
 .../GetFileVersionDifferencesCommand.java     | 84 +++++++++++++------
 .../GetFileVersionDifferencesCommandTest.java |  2 +
 3 files changed, 84 insertions(+), 30 deletions(-)
 create mode 100644 src/test/java/edu/harvard/iq/dataverse/engine/command/impl/GetFileVersionDifferencesCommandTest.java

diff --git a/src/main/java/edu/harvard/iq/dataverse/DataFileServiceBean.java b/src/main/java/edu/harvard/iq/dataverse/DataFileServiceBean.java
index 4b7f8351d55..67f64ac47c1 100644
--- a/src/main/java/edu/harvard/iq/dataverse/DataFileServiceBean.java
+++ b/src/main/java/edu/harvard/iq/dataverse/DataFileServiceBean.java
@@ -386,12 +386,18 @@ public FileMetadata findFileMetadataByDatasetVersionIdAndDataFileId(Long dataset
      * This method correctly handles file replacements by searching for all files
      * sharing the same {@code rootDataFileId}.
      *
-     * @param datasetId     The ID of the parent dataset.
-     * @param dataFile      The DataFile entity to find the history for.
+     * @param datasetId                  The ID of the parent dataset.
+     * @param dataFile                   The DataFile entity to find the history for.
      * @param canViewUnpublishedVersions A boolean indicating if the user has permission to view non-released versions.
-     * @return A chronologically sorted list of the file's version history. Returns an empty list if the dataFile is null.
+     * @param limit                      (Optional) The maximum number of results to return.
+     * @param offset                     (Optional) The starting point of the result list.
+     * @return A chronologically sorted, paginated list of the file's version history.
      */
-    public List<VersionedFileMetadata> findFileMetadataHistory(Long datasetId, DataFile dataFile, boolean canViewUnpublishedVersions) {
+    public List<VersionedFileMetadata> findFileMetadataHistory(Long datasetId,
+                                                               DataFile dataFile,
+                                                               boolean canViewUnpublishedVersions,
+                                                               Integer limit,
+                                                               Integer offset) {
         // Guard clause: Return early if there's no file to search for.
         if (dataFile == null) {
             return Collections.emptyList();
@@ -439,8 +445,20 @@ public List<VersionedFileMetadata> findFileMetadataHistory(Long datasetId, DataF
         );
 
         // --- Execution & Transformation ---
+        // Create the query object from the criteria definition.
+        TypedQuery<FileMetadata> typedQuery = em.createQuery(criteriaQuery);
+
+        // --- Pagination ---
+        // Apply pagination if limit and/or offset are provided.
+        if (limit != null) {
+            typedQuery.setMaxResults(limit);
+        }
+        if (offset != null) {
+            typedQuery.setFirstResult(offset);
+        }
+
         // Execute the query and map the results to the VersionedFileMetadata list.
-        List<FileMetadata> results = em.createQuery(criteriaQuery).getResultList();
+        List<FileMetadata> results = typedQuery.getResultList();
 
         return results.stream()
                 .map(metadata -> new VersionedFileMetadata(metadata.getDatasetVersion(), metadata))
diff --git a/src/main/java/edu/harvard/iq/dataverse/engine/command/impl/GetFileVersionDifferencesCommand.java b/src/main/java/edu/harvard/iq/dataverse/engine/command/impl/GetFileVersionDifferencesCommand.java
index 48e98021150..f6d22fd3707 100644
--- a/src/main/java/edu/harvard/iq/dataverse/engine/command/impl/GetFileVersionDifferencesCommand.java
+++ b/src/main/java/edu/harvard/iq/dataverse/engine/command/impl/GetFileVersionDifferencesCommand.java
@@ -2,54 +2,88 @@
 
 import edu.harvard.iq.dataverse.*;
 import edu.harvard.iq.dataverse.authorization.Permission;
-import edu.harvard.iq.dataverse.datasetversionsummaries.DatasetVersionSummary;
 import edu.harvard.iq.dataverse.engine.command.AbstractCommand;
 import edu.harvard.iq.dataverse.engine.command.CommandContext;
 import edu.harvard.iq.dataverse.engine.command.DataverseRequest;
 import edu.harvard.iq.dataverse.engine.command.RequiredPermissions;
 import edu.harvard.iq.dataverse.engine.command.exception.CommandException;
 
-import java.util.ArrayList;
 import java.util.List;
+import java.util.Objects;
+import java.util.stream.Collectors;
 
 /**
- * A command that retrieves a paginated list of {@link DatasetVersionSummary} for the versions of a given {@link Dataset}.
- **/
+ * A command that retrieves the version history for a single file,
+ * highlighting the differences between each version.
+ */
 @RequiredPermissions({})
 public class GetFileVersionDifferencesCommand extends AbstractCommand<List<FileVersionDifference>> {
+
     private final FileMetadata fileMetadata;
     private final Integer limit;
     private final Integer offset;
-    private final FileMetadataVersionsHelper fileMetadataVersionsHelper;
+    private final FileMetadataVersionsHelper versionsHelper;
 
     public GetFileVersionDifferencesCommand(DataverseRequest request, FileMetadata fileMetadata, Integer limit, Integer offset, FileMetadataVersionsHelper fileMetadataVersionsHelper) {
         super(request, fileMetadata.getDataFile());
-        this.fileMetadata = fileMetadata;
+        this.fileMetadata = Objects.requireNonNull(fileMetadata);
+        this.versionsHelper = Objects.requireNonNull(fileMetadataVersionsHelper);
         this.limit = limit;
         this.offset = offset;
-        this.fileMetadataVersionsHelper = fileMetadataVersionsHelper;
     }
 
     @Override
-    // TODO
     public List<FileVersionDifference> execute(CommandContext ctxt) throws CommandException {
+        List<VersionedFileMetadata> fileHistory = findFileHistory(ctxt);
+
+        return fileHistory.stream()
+                .map(this::createDifferenceFromHistory)
+                .collect(Collectors.toList());
+    }
+
+    /**
+     * Fetches the file's version history from the database, respecting user permissions.
+     */
+    private List<VersionedFileMetadata> findFileHistory(CommandContext ctxt) {
         Dataset dataset = fileMetadata.getDatasetVersion().getDataset();
-        boolean hasPermission = ctxt.permissions().requestOn(getRequest(), dataset).has(Permission.ViewUnpublishedDataset);
-        List<VersionedFileMetadata> versionedFileMetadataList = ctxt.files().findFileMetadataHistory(dataset.getId(), fileMetadata.getDataFile(), hasPermission);
-        List<FileVersionDifference> differences = new ArrayList<>();
-        for (VersionedFileMetadata versionedFileMetadata : versionedFileMetadataList) {
-            DatasetVersion datasetVersion = versionedFileMetadata.getDatasetVersion();
-            if (versionedFileMetadata.getFileMetadata() == null) {
-                FileMetadata dummy = new FileMetadata();
-                dummy.setDatasetVersion(datasetVersion);
-                dummy.setDataFile(null);
-                FileVersionDifference fvd = new FileVersionDifference(dummy, fileMetadataVersionsHelper.getPreviousFileMetadata(fileMetadata, datasetVersion), true);
-                dummy.setFileVersionDifference(fvd);
-                differences.add(fvd);
-            } else {
-                differences.add(new FileVersionDifference(versionedFileMetadata.getFileMetadata(), fileMetadataVersionsHelper.getPreviousFileMetadata(fileMetadata, datasetVersion), true));
-            }
-        }
-        return differences;
+        boolean canViewUnpublished = canViewUnpublishedVersions(ctxt, dataset);
+
+        return ctxt.files().findFileMetadataHistory(dataset.getId(), fileMetadata.getDataFile(), canViewUnpublished, limit, offset);
+    }
+
+    /**
+     * Determines if the user has permission to view non-released versions of the dataset.
+     */
+    private boolean canViewUnpublishedVersions(CommandContext ctxt, Dataset dataset) {
+        return ctxt.permissions().requestOn(getRequest(), dataset).has(Permission.ViewUnpublishedDataset);
+    }
+
+    /**
+     * Transforms a single historical entry into a FileVersionDifference object.
+     */
+    private FileVersionDifference createDifferenceFromHistory(VersionedFileMetadata versionedFileMetadata) {
+        FileMetadata current = versionedFileMetadata.getFileMetadata();
+        DatasetVersion version = versionedFileMetadata.getDatasetVersion();
+
+        FileMetadata previous = versionsHelper.getPreviousFileMetadata(this.fileMetadata, version);
+
+        return (current != null)
+                ? new FileVersionDifference(current, previous, false)
+                : createDifferenceForNonexistentFile(version, previous);
+    }
+
+    /**
+     * Creates a special FileVersionDifference for versions where the file does not exist.
+     */
+    private FileVersionDifference createDifferenceForNonexistentFile(DatasetVersion version, FileMetadata previous) {
+        FileMetadata placeholder = new FileMetadata();
+        placeholder.setDatasetVersion(version);
+        // Explicitly null DataFile indicates the file does not exist.
+        placeholder.setDataFile(null);
+
+        FileVersionDifference difference = new FileVersionDifference(placeholder, previous, true);
+        placeholder.setFileVersionDifference(difference);
+
+        return difference;
     }
 }
diff --git a/src/test/java/edu/harvard/iq/dataverse/engine/command/impl/GetFileVersionDifferencesCommandTest.java b/src/test/java/edu/harvard/iq/dataverse/engine/command/impl/GetFileVersionDifferencesCommandTest.java
new file mode 100644
index 00000000000..55ceb149997
--- /dev/null
+++ b/src/test/java/edu/harvard/iq/dataverse/engine/command/impl/GetFileVersionDifferencesCommandTest.java
@@ -0,0 +1,2 @@
+package edu.harvard.iq.dataverse.engine.command.impl;public class GetFileVersionDifferencesCommandTest {
+}

From 05e190be8e065e81f3340fcd2c27c88e16ee2366 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 7 Oct 2025 23:22:10 +0000
Subject: [PATCH 366/634] Bump github/codeql-action from 3 to 4

Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3 to 4.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](https://github.com/github/codeql-action/compare/v3...v4)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-version: '4'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 .github/workflows/codeql.yml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml
index 105469139ec..907452f4614 100644
--- a/.github/workflows/codeql.yml
+++ b/.github/workflows/codeql.yml
@@ -71,7 +71,7 @@ jobs:
 
     # Initializes the CodeQL tools for scanning.
     - name: Initialize CodeQL
-      uses: github/codeql-action/init@v3
+      uses: github/codeql-action/init@v4
       with:
         languages: ${{ matrix.language }}
         build-mode: ${{ matrix.build-mode }}
@@ -99,6 +99,6 @@ jobs:
         exit 1
 
     - name: Perform CodeQL Analysis
-      uses: github/codeql-action/analyze@v3
+      uses: github/codeql-action/analyze@v4
       with:
         category: "/language:${{matrix.language}}"

From a3b89bf772487b0b016ca1bfcea05d6dec448f9c Mon Sep 17 00:00:00 2001
From: Stephen Kraffmiller <skraffmiller@hmdc.harvard.edu>
Date: Wed, 8 Oct 2025 09:33:21 -0400
Subject: [PATCH 367/634] #11772 add another test

---
 .../harvard/iq/dataverse/api/DatasetsIT.java  | 19 ++++++++++++++++---
 .../json/update-dataset-access-only.json      | 12 ++++++++++++
 2 files changed, 28 insertions(+), 3 deletions(-)
 create mode 100644 src/test/resources/json/update-dataset-access-only.json

diff --git a/src/test/java/edu/harvard/iq/dataverse/api/DatasetsIT.java b/src/test/java/edu/harvard/iq/dataverse/api/DatasetsIT.java
index dbd685d6718..fa038c75468 100644
--- a/src/test/java/edu/harvard/iq/dataverse/api/DatasetsIT.java
+++ b/src/test/java/edu/harvard/iq/dataverse/api/DatasetsIT.java
@@ -4192,7 +4192,20 @@ public void testUpdateDatasetTerms() throws IOException {
         // should get bad Request Dataset not found....
         updateTerms.then().assertThat()
                 .statusCode(BAD_REQUEST.getStatusCode())
-                 .body("message", containsString("QQQ"));;
+                 .body("message", containsString("QQQ"));
+        
+        createDataset = UtilIT.createRandomDatasetViaNativeApi(dataverseAlias, apiToken);
+        createDataset.prettyPrint();
+        createDataset.then().assertThat()
+                .statusCode(CREATED.getStatusCode());
+        datasetPersistentId = JsonPath.from(createDataset.body().asString()).getString("data.persistentId");
+        
+        pathToJsonFile = "src/test/resources/json/update-dataset-access-only.json";
+        updateTerms = UtilIT.updateDatasetTermsAndAccess(datasetPersistentId, apiToken, pathToJsonFile);
+        updateTerms.prettyPrint();
+        updateTerms.then().assertThat()
+                .statusCode(OK.getStatusCode())
+                .body("data.fileAccessRequest", equalTo(true));
 
         //reset public install
         UtilIT.setSetting(SettingsServiceBean.Key.PublicInstall, publicInstall);
@@ -4202,7 +4215,7 @@ public void testUpdateDatasetTerms() throws IOException {
         Response makeSuperUser = UtilIT.setSuperuserStatus(username, true);
         
         // Clean up
-        
+
         Response destroyDatasetResponse = UtilIT.destroyDataset(datasetId, apiToken);
         destroyDatasetResponse.prettyPrint();
         assertEquals(200, destroyDatasetResponse.getStatusCode());
@@ -4218,7 +4231,7 @@ public void testUpdateDatasetTerms() throws IOException {
         
         Response deleteUserResponse = UtilIT.deleteUser(username);
         assertEquals(200, deleteUserResponse.getStatusCode());
-
+        
     }
 
 
diff --git a/src/test/resources/json/update-dataset-access-only.json b/src/test/resources/json/update-dataset-access-only.json
new file mode 100644
index 00000000000..57f4570457a
--- /dev/null
+++ b/src/test/resources/json/update-dataset-access-only.json
@@ -0,0 +1,12 @@
+{
+    "termsOfUseAndAccess": {
+        "fileAccessRequest": true,
+        "termsOfAccess": "For access to restricted files please see read me file",
+        "dataAccessPlace": "dataAccessPlace",
+        "originalArchive": "originalArchive",
+        "availabilityStatus": "availabilityStatus",
+        "contactForAccess": "contactForAccess",
+        "sizeOfCollection": "sizeOfCollection",
+        "studyCompletion": "studyCompletion"
+    }
+}

From 327242b9e0676d27fc357d2508628121f5e0239e Mon Sep 17 00:00:00 2001
From: Stephen Kraffmiller <skraffmiller@hmdc.harvard.edu>
Date: Wed, 8 Oct 2025 09:43:53 -0400
Subject: [PATCH 368/634] #11772 fix test clean up

---
 src/test/java/edu/harvard/iq/dataverse/api/DatasetsIT.java | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/src/test/java/edu/harvard/iq/dataverse/api/DatasetsIT.java b/src/test/java/edu/harvard/iq/dataverse/api/DatasetsIT.java
index fa038c75468..ffc7b78f27d 100644
--- a/src/test/java/edu/harvard/iq/dataverse/api/DatasetsIT.java
+++ b/src/test/java/edu/harvard/iq/dataverse/api/DatasetsIT.java
@@ -4193,12 +4193,16 @@ public void testUpdateDatasetTerms() throws IOException {
         updateTerms.then().assertThat()
                 .statusCode(BAD_REQUEST.getStatusCode())
                  .body("message", containsString("QQQ"));
+ 
+        //Make installation "public install"  tp false to see that terms of access can be set
+        UtilIT.setSetting(SettingsServiceBean.Key.PublicInstall, "false");
         
         createDataset = UtilIT.createRandomDatasetViaNativeApi(dataverseAlias, apiToken);
         createDataset.prettyPrint();
         createDataset.then().assertThat()
                 .statusCode(CREATED.getStatusCode());
         datasetPersistentId = JsonPath.from(createDataset.body().asString()).getString("data.persistentId");
+        int datasetId3 = JsonPath.from(createDataset.body().asString()).getInt("data.id");
         
         pathToJsonFile = "src/test/resources/json/update-dataset-access-only.json";
         updateTerms = UtilIT.updateDatasetTermsAndAccess(datasetPersistentId, apiToken, pathToJsonFile);
@@ -4224,6 +4228,9 @@ public void testUpdateDatasetTerms() throws IOException {
         destroyDatasetResponse.prettyPrint();
         assertEquals(200, destroyDatasetResponse.getStatusCode());
         
+        destroyDatasetResponse = UtilIT.destroyDataset(datasetId3, apiToken);
+        destroyDatasetResponse.prettyPrint();
+        assertEquals(200, destroyDatasetResponse.getStatusCode());
 
         Response deleteDataverseResponse = UtilIT.deleteDataverse(dataverseAlias, apiToken);
         deleteDataverseResponse.prettyPrint();

From d0af69f945b5c477685541eb4092a304297a15ab Mon Sep 17 00:00:00 2001
From: Stephen Kraffmiller <skraffmiller@hmdc.harvard.edu>
Date: Wed, 8 Oct 2025 11:54:50 -0400
Subject: [PATCH 369/634] #11772 split access update from terms

---
 .../harvard/iq/dataverse/api/Datasets.java    |  8 +++---
 ...=> UpdateDatasetTermsOfAccessCommand.java} | 27 ++++++++++++++-----
 .../harvard/iq/dataverse/api/DatasetsIT.java  |  5 ++--
 .../edu/harvard/iq/dataverse/api/UtilIT.java  |  2 +-
 ...pdateDatasetTermsOfAccessCommandTest.java} | 16 ++++++-----
 5 files changed, 37 insertions(+), 21 deletions(-)
 rename src/main/java/edu/harvard/iq/dataverse/engine/command/impl/{UpdateDatasetTermsOfUseCommand.java => UpdateDatasetTermsOfAccessCommand.java} (53%)
 rename src/test/java/edu/harvard/iq/dataverse/engine/command/impl/{UpdateDatasetTermsOfUseCommandTest.java => UpdateDatasetTermsOfAccessCommandTest.java} (79%)

diff --git a/src/main/java/edu/harvard/iq/dataverse/api/Datasets.java b/src/main/java/edu/harvard/iq/dataverse/api/Datasets.java
index 72ed1158788..3745899d16b 100644
--- a/src/main/java/edu/harvard/iq/dataverse/api/Datasets.java
+++ b/src/main/java/edu/harvard/iq/dataverse/api/Datasets.java
@@ -1155,8 +1155,8 @@ public Response editVersionMetadata(@Context ContainerRequestContext crc, String
     
     @PUT
     @AuthRequired
-    @Path("{id}/editTerms")
-    public Response editVersionTermsOfUse(@Context ContainerRequestContext crc, String jsonBody, @PathParam("id") String id,
+    @Path("{id}/access")
+    public Response editVersionTermsOfAccess(@Context ContainerRequestContext crc, String jsonBody, @PathParam("id") String id,
                                         @QueryParam("sourceLastUpdateTime") String sourceLastUpdateTime) {
         try {
             
@@ -1177,9 +1177,7 @@ public Response editVersionTermsOfUse(@Context ContainerRequestContext crc, Stri
             }
             
             
-            toua.setDatasetVersion(dataset.getLatestVersion());
-            
-            DatasetVersion updatedVersion = execCommand(new UpdateDatasetTermsOfUseCommand(dataset, toua, createDataverseRequest(getRequestUser(crc)))).getLatestVersion();
+            DatasetVersion updatedVersion = execCommand(new UpdateDatasetTermsOfAccessCommand(dataset, toua, createDataverseRequest(getRequestUser(crc)))).getLatestVersion();
 
             return ok(json(updatedVersion, true));
 
diff --git a/src/main/java/edu/harvard/iq/dataverse/engine/command/impl/UpdateDatasetTermsOfUseCommand.java b/src/main/java/edu/harvard/iq/dataverse/engine/command/impl/UpdateDatasetTermsOfAccessCommand.java
similarity index 53%
rename from src/main/java/edu/harvard/iq/dataverse/engine/command/impl/UpdateDatasetTermsOfUseCommand.java
rename to src/main/java/edu/harvard/iq/dataverse/engine/command/impl/UpdateDatasetTermsOfAccessCommand.java
index c5f767a886c..ddbdefca4a1 100644
--- a/src/main/java/edu/harvard/iq/dataverse/engine/command/impl/UpdateDatasetTermsOfUseCommand.java
+++ b/src/main/java/edu/harvard/iq/dataverse/engine/command/impl/UpdateDatasetTermsOfAccessCommand.java
@@ -16,19 +16,19 @@
  * @author stephenkraffmiller
  */
 @RequiredPermissions(Permission.EditDataset)
-public class UpdateDatasetTermsOfUseCommand  extends AbstractDatasetCommand<Dataset>{
+public class UpdateDatasetTermsOfAccessCommand  extends AbstractDatasetCommand<Dataset>{
     
     
     private final Dataset dataset;
     private final TermsOfUseAndAccess termsOfUseAndAccess;
     private final UpdateDatasetVersionCommand updateDatasetVersionCommand;
     
-    public UpdateDatasetTermsOfUseCommand(Dataset dataset, TermsOfUseAndAccess termsOfUseAndAccess,  DataverseRequest request) {
+    public UpdateDatasetTermsOfAccessCommand(Dataset dataset, TermsOfUseAndAccess termsOfUseAndAccess,  DataverseRequest request) {
         this(dataset, termsOfUseAndAccess,  request, null);
     }
 
     //Command included for testing purposes
-    public UpdateDatasetTermsOfUseCommand( Dataset dataset, TermsOfUseAndAccess termsOfUseAndAccess, DataverseRequest aRequest, UpdateDatasetVersionCommand updateDatasetVersionCommand ) {
+    public UpdateDatasetTermsOfAccessCommand( Dataset dataset, TermsOfUseAndAccess termsOfUseAndAccess, DataverseRequest aRequest, UpdateDatasetVersionCommand updateDatasetVersionCommand ) {
         super(aRequest, dataset);
         this.dataset = dataset;
         this.termsOfUseAndAccess = termsOfUseAndAccess;
@@ -38,13 +38,26 @@ public UpdateDatasetTermsOfUseCommand( Dataset dataset, TermsOfUseAndAccess term
     @Override
     public Dataset execute(CommandContext ctxt) throws CommandException {
         DatasetVersion datasetVersion = dataset.getOrCreateEditVersion();
-
-        
-        datasetVersion.setTermsOfUseAndAccess(termsOfUseAndAccess);
+   
+        datasetVersion.setTermsOfUseAndAccess(merge(datasetVersion,termsOfUseAndAccess));
          
         datasetVersion.setVersionState(DatasetVersion.VersionState.DRAFT);
-        termsOfUseAndAccess.setDatasetVersion(datasetVersion);
         return ctxt.engine().submit(updateDatasetVersionCommand == null ? new UpdateDatasetVersionCommand(this.dataset, getRequest()) : updateDatasetVersionCommand);
     }
     
+    private TermsOfUseAndAccess merge(DatasetVersion editVersion, TermsOfUseAndAccess incoming) {
+        //only update the access parts
+        TermsOfUseAndAccess original = editVersion.getTermsOfUseAndAccess();
+        original.setFileAccessRequest(incoming.isFileAccessRequest());
+        original.setTermsOfAccess(incoming.getTermsOfAccess());
+        original.setDataAccessPlace(incoming.getDataAccessPlace());
+        original.setOriginalArchive(incoming.getOriginalArchive());
+        original.setAvailabilityStatus(incoming.getAvailabilityStatus());
+        original.setContactForAccess(incoming.getContactForAccess());
+        original.setSizeOfCollection(incoming.getSizeOfCollection());
+        original.setStudyCompletion(incoming.getStudyCompletion());
+        return original;
+    }
+    
+    
 }
diff --git a/src/test/java/edu/harvard/iq/dataverse/api/DatasetsIT.java b/src/test/java/edu/harvard/iq/dataverse/api/DatasetsIT.java
index ffc7b78f27d..c61fb1a1d44 100644
--- a/src/test/java/edu/harvard/iq/dataverse/api/DatasetsIT.java
+++ b/src/test/java/edu/harvard/iq/dataverse/api/DatasetsIT.java
@@ -4093,7 +4093,7 @@ public void testFilesUnchangedAfterDatasetMetadataUpdate() throws IOException {
     }
 
     @Test
-    public void testUpdateDatasetTerms() throws IOException {
+    public void testUpdateDatasetTermsOfAccess() throws IOException {
 
         //get publicInstall setting so we can change it back
         Response publicInstallResponse = UtilIT.getSetting(SettingsServiceBean.Key.PublicInstall);
@@ -4156,7 +4156,8 @@ public void testUpdateDatasetTerms() throws IOException {
         updateTerms.then().assertThat()
                 .statusCode(OK.getStatusCode())
                 .body("data.fileAccessRequest", equalTo(true))
-                .body("data.termsOfAccess", equalTo("For access to restricted files please see read me file"));
+                .body("data.termsOfAccess", equalTo("For access to restricted files please see read me file"))
+                .body("data.dataAccessPlace", equalTo("dataAccessPlace"));
 
         // Restrict file
         Response restrictFileResponse = UtilIT.restrictFile(fileId, true, apiToken);
diff --git a/src/test/java/edu/harvard/iq/dataverse/api/UtilIT.java b/src/test/java/edu/harvard/iq/dataverse/api/UtilIT.java
index 36cc9a1550c..4f6b27d1a84 100644
--- a/src/test/java/edu/harvard/iq/dataverse/api/UtilIT.java
+++ b/src/test/java/edu/harvard/iq/dataverse/api/UtilIT.java
@@ -3873,7 +3873,7 @@ static Response updateDatasetTermsAndAccess(String idOrPersistentIdOfDataset, St
                 .header(API_TOKEN_HTTP_HEADER, apiToken)
                 .contentType("application/json")
                 .body(jsonIn)
-                .put("/api/datasets/" + idInPath + "/editTerms" + optionalQueryParam);
+                .put("/api/datasets/" + idInPath + "/access" + optionalQueryParam);
         return response;
     }
     
diff --git a/src/test/java/edu/harvard/iq/dataverse/engine/command/impl/UpdateDatasetTermsOfUseCommandTest.java b/src/test/java/edu/harvard/iq/dataverse/engine/command/impl/UpdateDatasetTermsOfAccessCommandTest.java
similarity index 79%
rename from src/test/java/edu/harvard/iq/dataverse/engine/command/impl/UpdateDatasetTermsOfUseCommandTest.java
rename to src/test/java/edu/harvard/iq/dataverse/engine/command/impl/UpdateDatasetTermsOfAccessCommandTest.java
index ed6a7012a39..0bdb4be521c 100644
--- a/src/test/java/edu/harvard/iq/dataverse/engine/command/impl/UpdateDatasetTermsOfUseCommandTest.java
+++ b/src/test/java/edu/harvard/iq/dataverse/engine/command/impl/UpdateDatasetTermsOfAccessCommandTest.java
@@ -21,7 +21,7 @@
  *
  * @author stephenkraffmiller
  */
-public class UpdateDatasetTermsOfUseCommandTest {
+public class UpdateDatasetTermsOfAccessCommandTest {
 
     @Mock
     private CommandContext ctxt;
@@ -40,6 +40,9 @@ public class UpdateDatasetTermsOfUseCommandTest {
 
     @Mock
     private CommandContext commandContextMock;
+    
+    @Mock
+    private TermsOfUseAndAccess termsOfUseAndAccessMock;
 
     @Mock
     private DatasetVersion datasetVersionMock;
@@ -47,7 +50,7 @@ public class UpdateDatasetTermsOfUseCommandTest {
     private Dataset dataset = new Dataset();
     private TermsOfUseAndAccess terms = new TermsOfUseAndAccess();
 
-    private UpdateDatasetTermsOfUseCommand command;
+    private UpdateDatasetTermsOfAccessCommand command;
 
     @BeforeEach
     public void setUp() throws CommandException {
@@ -55,12 +58,12 @@ public void setUp() throws CommandException {
         when(dataverseEngineMock.submit(updateDatasetVersionCommand)).thenReturn(datasetMock);
         when(commandContextMock.engine()).thenReturn(dataverseEngineMock);
         when(datasetMock.getOrCreateEditVersion()).thenReturn(datasetVersionMock);
-        dataset.getOrCreateEditVersion();
+        when(datasetVersionMock.getTermsOfUseAndAccess()).thenReturn(termsOfUseAndAccessMock);
         dataset = new Dataset();
-        dataset.getOrCreateEditVersion();
+        dataset.getOrCreateEditVersion().setTermsOfUseAndAccess(new TermsOfUseAndAccess());
         terms = new TermsOfUseAndAccess();
 
-        command = new UpdateDatasetTermsOfUseCommand(dataset, terms, request, updateDatasetVersionCommand);
+        command = new UpdateDatasetTermsOfAccessCommand(dataset, terms, request, updateDatasetVersionCommand);
     }
 
     @Test
@@ -68,13 +71,14 @@ public void testExecute_SubmitsUpdateCommandAndUpdatesTerms() throws Exception {
         when(ctxt.engine()).thenReturn(dataverseEngineMock);
         Dataset expectedDataset = new Dataset();
         when(dataverseEngineMock.submit(updateDatasetVersionCommand)).thenReturn(expectedDataset);
+        when(datasetMock.getOrCreateEditVersion()).thenReturn(datasetVersionMock);
+        when(datasetVersionMock.getTermsOfUseAndAccess()).thenReturn(termsOfUseAndAccessMock);
 
         Dataset result = command.execute(ctxt);
 
         DatasetVersion version = dataset.getOrCreateEditVersion();
         assertEquals(terms, version.getTermsOfUseAndAccess());
         assertEquals(DatasetVersion.VersionState.DRAFT, version.getVersionState());
-        assertSame(version, terms.getDatasetVersion());
 
         verify(dataverseEngineMock).submit(updateDatasetVersionCommand);
         assertSame(expectedDataset, result);

From 55b78ebdb92668c1f7ebde3f26068e66454f4b3a Mon Sep 17 00:00:00 2001
From: GPortas <hey@gportas.me>
Date: Wed, 8 Oct 2025 17:12:07 +0100
Subject: [PATCH 370/634] Added: GetFileVersionDifferencesCommandTest

---
 .../GetFileVersionDifferencesCommand.java     |   7 +-
 .../GetFileVersionDifferencesCommandTest.java | 211 +++++++++++++++++-
 2 files changed, 216 insertions(+), 2 deletions(-)

diff --git a/src/main/java/edu/harvard/iq/dataverse/engine/command/impl/GetFileVersionDifferencesCommand.java b/src/main/java/edu/harvard/iq/dataverse/engine/command/impl/GetFileVersionDifferencesCommand.java
index f6d22fd3707..f6d53a39348 100644
--- a/src/main/java/edu/harvard/iq/dataverse/engine/command/impl/GetFileVersionDifferencesCommand.java
+++ b/src/main/java/edu/harvard/iq/dataverse/engine/command/impl/GetFileVersionDifferencesCommand.java
@@ -8,6 +8,7 @@
 import edu.harvard.iq.dataverse.engine.command.RequiredPermissions;
 import edu.harvard.iq.dataverse.engine.command.exception.CommandException;
 
+import java.util.EnumSet;
 import java.util.List;
 import java.util.Objects;
 import java.util.stream.Collectors;
@@ -55,7 +56,11 @@ private List<VersionedFileMetadata> findFileHistory(CommandContext ctxt) {
      * Determines if the user has permission to view non-released versions of the dataset.
      */
     private boolean canViewUnpublishedVersions(CommandContext ctxt, Dataset dataset) {
-        return ctxt.permissions().requestOn(getRequest(), dataset).has(Permission.ViewUnpublishedDataset);
+        return ctxt.permissions().hasPermissionsFor(
+                getRequest().getUser(),
+                dataset,
+                EnumSet.of(Permission.ViewUnpublishedDataset)
+        );
     }
 
     /**
diff --git a/src/test/java/edu/harvard/iq/dataverse/engine/command/impl/GetFileVersionDifferencesCommandTest.java b/src/test/java/edu/harvard/iq/dataverse/engine/command/impl/GetFileVersionDifferencesCommandTest.java
index 55ceb149997..ae75b0e47b2 100644
--- a/src/test/java/edu/harvard/iq/dataverse/engine/command/impl/GetFileVersionDifferencesCommandTest.java
+++ b/src/test/java/edu/harvard/iq/dataverse/engine/command/impl/GetFileVersionDifferencesCommandTest.java
@@ -1,2 +1,211 @@
-package edu.harvard.iq.dataverse.engine.command.impl;public class GetFileVersionDifferencesCommandTest {
+package edu.harvard.iq.dataverse.engine.command.impl;
+
+import edu.harvard.iq.dataverse.*;
+import edu.harvard.iq.dataverse.authorization.Permission;
+import edu.harvard.iq.dataverse.engine.command.CommandContext;
+import edu.harvard.iq.dataverse.engine.command.DataverseRequest;
+import edu.harvard.iq.dataverse.engine.command.exception.CommandException;
+import org.junit.jupiter.api.BeforeEach;
+import org.junit.jupiter.api.DisplayName;
+import org.junit.jupiter.api.Test;
+import org.junit.jupiter.api.extension.ExtendWith;
+import org.mockito.ArgumentCaptor;
+import org.mockito.Mock;
+import org.mockito.junit.jupiter.MockitoExtension;
+
+import java.util.Collections;
+import java.util.EnumSet;
+import java.util.List;
+
+import static org.assertj.core.api.Assertions.assertThat;
+import static org.mockito.ArgumentMatchers.any;
+import static org.mockito.ArgumentMatchers.anyBoolean;
+import static org.mockito.ArgumentMatchers.eq;
+import static org.mockito.Mockito.verify;
+import static org.mockito.Mockito.when;
+
+@ExtendWith(MockitoExtension.class)
+class GetFileVersionDifferencesCommandTest {
+
+    @Mock
+    private CommandContext contextMock;
+    @Mock
+    private DataverseRequest requestMock;
+    @Mock
+    private FileMetadata fileMetadataMock;
+    @Mock
+    private FileMetadataVersionsHelper versionsHelperMock;
+    @Mock
+    private PermissionServiceBean permissionsMock;
+    @Mock
+    private DataFileServiceBean fileServiceMock;
+    @Mock
+    private Dataset datasetMock;
+    @Mock
+    private DatasetVersion datasetVersionMock;
+    @Mock
+    private DataFile dataFileMock;
+
+    private static final Long DATASET_ID = 1L;
+
+    @BeforeEach
+    void setUp() {
+        // Mock the context to return our mock services
+        when(contextMock.permissions()).thenReturn(permissionsMock);
+        when(contextMock.files()).thenReturn(fileServiceMock);
+
+        // Mock the chain of objects from FileMetadata -> Dataset
+        when(fileMetadataMock.getDatasetVersion()).thenReturn(datasetVersionMock);
+        when(datasetVersionMock.getDataset()).thenReturn(datasetMock);
+        when(datasetMock.getId()).thenReturn(DATASET_ID);
+        when(fileMetadataMock.getDataFile()).thenReturn(dataFileMock);
+    }
+
+    @Test
+    @DisplayName("execute should call findFileMetadataHistory with 'canViewUnpublished' as TRUE when user has permission")
+    void execute_should_call_history_with_true_when_user_has_permission() throws CommandException {
+        // Arrange
+        when(permissionsMock.hasPermissionsFor(requestMock.getUser(), datasetMock, EnumSet.of(Permission.ViewUnpublishedDataset)))
+                .thenReturn(true);
+        when(fileServiceMock.findFileMetadataHistory(any(), any(), anyBoolean(), any(), any()))
+                .thenReturn(Collections.emptyList());
+
+        GetFileVersionDifferencesCommand command = new GetFileVersionDifferencesCommand(requestMock, fileMetadataMock, null, null, versionsHelperMock);
+
+        // Act
+        command.execute(contextMock);
+
+        // Assert
+        ArgumentCaptor<Boolean> canViewUnpublishedCaptor = ArgumentCaptor.forClass(Boolean.class);
+        verify(fileServiceMock).findFileMetadataHistory(
+                eq(DATASET_ID),
+                eq(dataFileMock),
+                canViewUnpublishedCaptor.capture(),
+                eq(null),
+                eq(null)
+        );
+        assertThat(canViewUnpublishedCaptor.getValue()).isTrue();
+    }
+
+    @Test
+    @DisplayName("execute should call findFileMetadataHistory with 'canViewUnpublished' as FALSE when user lacks permission")
+    void execute_should_call_history_with_false_when_user_lacks_permission() throws CommandException {
+        // Arrange
+        when(permissionsMock.hasPermissionsFor(requestMock.getUser(), datasetMock, EnumSet.of(Permission.ViewUnpublishedDataset)))
+                .thenReturn(false);
+        when(fileServiceMock.findFileMetadataHistory(any(), any(), anyBoolean(), any(), any()))
+                .thenReturn(Collections.emptyList());
+
+        GetFileVersionDifferencesCommand command = new GetFileVersionDifferencesCommand(requestMock, fileMetadataMock, null, null, versionsHelperMock);
+
+        // Act
+        command.execute(contextMock);
+
+        // Assert
+        ArgumentCaptor<Boolean> canViewUnpublishedCaptor = ArgumentCaptor.forClass(Boolean.class);
+        verify(fileServiceMock).findFileMetadataHistory(
+                eq(DATASET_ID),
+                eq(dataFileMock),
+                canViewUnpublishedCaptor.capture(),
+                eq(null),
+                eq(null)
+        );
+        assertThat(canViewUnpublishedCaptor.getValue()).isFalse();
+    }
+
+    @Test
+    @DisplayName("execute should pass pagination parameters correctly to findFileMetadataHistory")
+    void execute_should_pass_pagination_parameters_correctly() throws CommandException {
+        // Arrange
+        Integer expectedLimit = 10;
+        Integer expectedOffset = 20;
+        when(fileServiceMock.findFileMetadataHistory(any(), any(), anyBoolean(), any(), any()))
+                .thenReturn(Collections.emptyList());
+
+        GetFileVersionDifferencesCommand command = new GetFileVersionDifferencesCommand(requestMock, fileMetadataMock, expectedLimit, expectedOffset, versionsHelperMock);
+
+        // Act
+        command.execute(contextMock);
+
+        // Assert
+        verify(fileServiceMock).findFileMetadataHistory(
+                eq(DATASET_ID),
+                eq(dataFileMock),
+                anyBoolean(),
+                eq(expectedLimit),
+                eq(expectedOffset)
+        );
+    }
+
+    @Test
+    @DisplayName("execute should correctly convert file history to FileVersionDifference list")
+    void execute_should_convert_history_to_differences(
+            // Mocks for a version with METADATA CHANGES
+            @Mock VersionedFileMetadata vfm_changed, @Mock FileMetadata currentFm_changed,
+            @Mock FileMetadata previousFm_changed, @Mock DatasetVersion version_changed,
+            // Mocks for a version with NO METADATA CHANGES
+            @Mock VersionedFileMetadata vfm_same, @Mock FileMetadata currentFm_same,
+            @Mock FileMetadata previousFm_same, @Mock DatasetVersion version_same,
+            // Mocks for underlying file objects
+            @Mock DataFile dataFile1, @Mock DataFile dataFile2
+    ) throws CommandException {
+
+        // Arrange: Prepare a history list with two entries.
+
+        // --- Scenario 1: A version where file metadata (e.g., the label) has changed. ---
+        when(vfm_changed.getFileMetadata()).thenReturn(currentFm_changed);
+        when(vfm_changed.getDatasetVersion()).thenReturn(version_changed);
+        when(versionsHelperMock.getPreviousFileMetadata(fileMetadataMock, version_changed)).thenReturn(previousFm_changed);
+        // Mock the underlying data to trigger a difference in compareMetadata()
+        when(currentFm_changed.getLabel()).thenReturn("new_name.txt");
+        when(previousFm_changed.getLabel()).thenReturn("old_name.txt");
+        when(currentFm_changed.getDataFile()).thenReturn(dataFile1);
+        when(previousFm_changed.getDataFile()).thenReturn(dataFile1);
+
+        // --- Scenario 2: A version where the file exists but its metadata is identical to the previous version. ---
+        when(vfm_same.getFileMetadata()).thenReturn(currentFm_same);
+        when(vfm_same.getDatasetVersion()).thenReturn(version_same);
+        when(versionsHelperMock.getPreviousFileMetadata(fileMetadataMock, version_same)).thenReturn(previousFm_same);
+        // Mock the underlying data to be identical in compareMetadata()
+        when(currentFm_same.isRestricted()).thenReturn(false);
+        when(previousFm_same.isRestricted()).thenReturn(false);
+        when(currentFm_same.getLabel()).thenReturn("file.txt");
+        when(previousFm_same.getLabel()).thenReturn("file.txt");
+        when(currentFm_same.getDescription()).thenReturn("description");
+        when(previousFm_same.getDescription()).thenReturn("description");
+        when(currentFm_same.getProvFreeForm()).thenReturn(null);
+        when(previousFm_same.getProvFreeForm()).thenReturn(null);
+        when(currentFm_same.getCategoriesByName()).thenReturn(Collections.emptyList());
+        when(previousFm_same.getCategoriesByName()).thenReturn(Collections.emptyList());
+        when(currentFm_same.getDataFile()).thenReturn(dataFile2);
+        when(previousFm_same.getDataFile()).thenReturn(dataFile2);
+
+        // Mock the service to return our prepared history list.
+        when(fileServiceMock.findFileMetadataHistory(any(), any(), anyBoolean(), any(), any()))
+                .thenReturn(List.of(vfm_changed, vfm_same));
+
+        GetFileVersionDifferencesCommand command = new GetFileVersionDifferencesCommand(requestMock, fileMetadataMock, null, null, versionsHelperMock);
+
+        // Act
+        List<FileVersionDifference> result = command.execute(contextMock);
+
+        // Assert
+        assertThat(result).hasSize(2);
+
+        // --- Verify the first difference object (METADATA HAS CHANGED) ---
+        FileVersionDifference diff1 = result.get(0);
+        // Assert the correct FileMetadata objects were passed to the constructor.
+        assertThat(diff1.getNewFileMetadata()).isEqualTo(currentFm_changed);
+        assertThat(diff1.getOriginalFileMetadata()).isEqualTo(previousFm_changed);
+        // Assert that compareMetadata() correctly identified a difference.
+        assertThat(diff1.isSame()).isFalse();
+
+        // --- Verify the second difference object (METADATA IS THE SAME) ---
+        FileVersionDifference diff2 = result.get(1);
+        // Assert the correct FileMetadata objects were passed to the constructor.
+        assertThat(diff2.getNewFileMetadata()).isEqualTo(currentFm_same);
+        assertThat(diff2.getOriginalFileMetadata()).isEqualTo(previousFm_same);
+        // Assert that compareMetadata() correctly identified the metadata as identical.
+        assertThat(diff2.isSame()).isTrue();
+    }
 }

From 4f6e277c27c1dd63e73304bfed0fd681f99369e5 Mon Sep 17 00:00:00 2001
From: Stephen Kraffmiller <skraffmiller@hmdc.harvard.edu>
Date: Wed, 8 Oct 2025 13:46:52 -0400
Subject: [PATCH 371/634] #11772 separate parser for just access

---
 .../edu/harvard/iq/dataverse/api/Datasets.java |  5 ++---
 .../iq/dataverse/util/json/JsonParser.java     | 18 ++++++++++++++++++
 .../harvard/iq/dataverse/api/DatasetsIT.java   |  5 ++++-
 3 files changed, 24 insertions(+), 4 deletions(-)

diff --git a/src/main/java/edu/harvard/iq/dataverse/api/Datasets.java b/src/main/java/edu/harvard/iq/dataverse/api/Datasets.java
index 3745899d16b..c596f77cb8b 100644
--- a/src/main/java/edu/harvard/iq/dataverse/api/Datasets.java
+++ b/src/main/java/edu/harvard/iq/dataverse/api/Datasets.java
@@ -1170,13 +1170,12 @@ public Response editVersionTermsOfAccess(@Context ContainerRequestContext crc, S
 
             JsonObject json = JsonUtil.getJsonObject(jsonBody);
 
-            TermsOfUseAndAccess toua = jsonParser().parseTermsOfUseAndAccess(json);
+            TermsOfUseAndAccess toua = jsonParser().parseTermsOfAccess(json);
             
             if (publicInstall && (toua.isFileAccessRequest() || !toua.getTermsOfAccess().isEmpty())){
                 return error(BAD_REQUEST, "Setting File Access Request or Terms of Access is not permitted on a public installation.");
             }
-            
-            
+                       
             DatasetVersion updatedVersion = execCommand(new UpdateDatasetTermsOfAccessCommand(dataset, toua, createDataverseRequest(getRequestUser(crc)))).getLatestVersion();
 
             return ok(json(updatedVersion, true));
diff --git a/src/main/java/edu/harvard/iq/dataverse/util/json/JsonParser.java b/src/main/java/edu/harvard/iq/dataverse/util/json/JsonParser.java
index a080241777e..066375d8222 100644
--- a/src/main/java/edu/harvard/iq/dataverse/util/json/JsonParser.java
+++ b/src/main/java/edu/harvard/iq/dataverse/util/json/JsonParser.java
@@ -398,6 +398,24 @@ public TermsOfUseAndAccess parseTermsOfUseAndAccess(JsonObject obj) throws JsonP
         toaa.setSizeOfCollection(terms.getString("sizeOfCollection", null));
         toaa.setStudyCompletion(terms.getString("studyCompletion", null));
         toaa.setConfidentialityDeclaration(terms.getString("confidentialityDeclaration", null));
+        return toaa;
+    }
+    
+    public TermsOfUseAndAccess parseTermsOfAccess(JsonObject obj) throws JsonParseException {
+        //This only gets values associated with the terms of access for restricted files
+        // the return of this partial terms of use and access is merged with the existing 
+        // terms of use in the dataset's most recent version
+        JsonObject terms = obj.getJsonObject("termsOfUseAndAccess");
+        TermsOfUseAndAccess toaa = new TermsOfUseAndAccess();
+        toaa.setFileAccessRequest(terms.getBoolean("fileAccessRequest", false));
+        toaa.setTermsOfAccess(terms.getString("termsOfAccess", null));
+        toaa.setDataAccessPlace(terms.getString("dataAccessPlace", null));
+        toaa.setOriginalArchive(terms.getString("originalArchive", null));
+        toaa.setAvailabilityStatus(terms.getString("availabilityStatus", null)); 
+        toaa.setContactForAccess(terms.getString("contactForAccess", null));
+        toaa.setSizeOfCollection(terms.getString("sizeOfCollection", null));
+        toaa.setStudyCompletion(terms.getString("studyCompletion", null));
+        toaa.setConfidentialityDeclaration(terms.getString("confidentialityDeclaration", null));
 
         return toaa;
     }
diff --git a/src/test/java/edu/harvard/iq/dataverse/api/DatasetsIT.java b/src/test/java/edu/harvard/iq/dataverse/api/DatasetsIT.java
index c61fb1a1d44..996fe031fb7 100644
--- a/src/test/java/edu/harvard/iq/dataverse/api/DatasetsIT.java
+++ b/src/test/java/edu/harvard/iq/dataverse/api/DatasetsIT.java
@@ -4151,13 +4151,16 @@ public void testUpdateDatasetTermsOfAccess() throws IOException {
 
         String fileId = JsonPath.from(uploadResponse.body().asString()).getString("data.files[0].dataFile.id");
 
+        //verify that terms of access have been updated but license remains unchanged
         updateTerms = UtilIT.updateDatasetTermsAndAccess(datasetPersistentId, apiToken, pathToJsonFile);
         updateTerms.prettyPrint();
         updateTerms.then().assertThat()
                 .statusCode(OK.getStatusCode())
                 .body("data.fileAccessRequest", equalTo(true))
                 .body("data.termsOfAccess", equalTo("For access to restricted files please see read me file"))
-                .body("data.dataAccessPlace", equalTo("dataAccessPlace"));
+                .body("data.dataAccessPlace", equalTo("dataAccessPlace"))
+                .body("data.license.name", equalTo("CC0 1.0"));
+        
 
         // Restrict file
         Response restrictFileResponse = UtilIT.restrictFile(fileId, true, apiToken);

From c0a64cc195b47e6b58e6059236bbbec20f29c9f0 Mon Sep 17 00:00:00 2001
From: Stephen Kraffmiller <skraffmiller@hmdc.harvard.edu>
Date: Wed, 8 Oct 2025 14:38:35 -0400
Subject: [PATCH 372/634] Update native-api.rst

---
 doc/sphinx-guides/source/api/native-api.rst | 36 +++++++++++++++++++++
 1 file changed, 36 insertions(+)

diff --git a/doc/sphinx-guides/source/api/native-api.rst b/doc/sphinx-guides/source/api/native-api.rst
index 19a4d79c5ae..149544161ac 100644
--- a/doc/sphinx-guides/source/api/native-api.rst
+++ b/doc/sphinx-guides/source/api/native-api.rst
@@ -2242,6 +2242,42 @@ For these deletes your JSON file must include an exact match of those dataset fi
 
 .. _publish-dataset-api:
 
+Update Dataset Terms of Access
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+Updates the terms of access for the restricted files of a dataset by applying it to the draft version, or by creating a draft if none exists.
+
+
+To define custom terms of access, provide a JSON body with the following properties. All fields within ``customTermsOfAccess`` are optional, except if there are restricted files in your dataset then ``fileAccessRequest`` must be set to true or ``termsOfAccess`` must be provided:
+
+  {
+    "customTermsOfAccess": {
+        "fileAccessRequest": true,
+        "termsOfAccess": "Your terms of access for restricted files",
+        "dataAccessPlace": "Your data access place",
+        "originalArchive": "Your original archive",
+        "availabilityStatus": "Your availability status",
+        "contactForAccess": "Your contact for access",
+        "sizeOfCollection": "Your size of collection",
+        "studyCompletion": "Your study completion"
+    }
+  }
+
+.. code-block:: bash
+
+  export API_TOKEN=xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
+  export SERVER_URL=https://demo.dataverse.org
+  export ID=3
+  export FILE_PATH=access.json
+
+  curl -H "X-Dataverse-key:$API_TOKEN" -X PUT "$SERVER_URL/api/datasets/$ID/license" -H "Content-type:application/json" --upload-file $FILE_PATH
+
+The fully expanded example above (without environment variables) looks like this:
+
+.. code-block:: bash
+
+  curl -H "X-Dataverse-key:xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx" -X PUT "https://demo.dataverse.org/api/datasets/3/access" -H "Content-type:application/json" --upload-file access.json
+
 Publish a Dataset
 ~~~~~~~~~~~~~~~~~
 

From aaf42aec353783a99f5bbf2ebe7865997c4d4b0a Mon Sep 17 00:00:00 2001
From: Stephen Kraffmiller <skraffmiller@hmdc.harvard.edu>
Date: Wed, 8 Oct 2025 14:50:54 -0400
Subject: [PATCH 373/634] #11772 update json parser to match doc

---
 .../java/edu/harvard/iq/dataverse/util/json/JsonParser.java     | 2 +-
 src/test/resources/json/update-dataset-access-only.json         | 2 +-
 src/test/resources/json/update-dataset-terms-access.json        | 2 +-
 src/test/resources/json/update-dataset-terms-no-access.json     | 2 +-
 4 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/src/main/java/edu/harvard/iq/dataverse/util/json/JsonParser.java b/src/main/java/edu/harvard/iq/dataverse/util/json/JsonParser.java
index 066375d8222..d68fe09f9a1 100644
--- a/src/main/java/edu/harvard/iq/dataverse/util/json/JsonParser.java
+++ b/src/main/java/edu/harvard/iq/dataverse/util/json/JsonParser.java
@@ -405,7 +405,7 @@ public TermsOfUseAndAccess parseTermsOfAccess(JsonObject obj) throws JsonParseEx
         //This only gets values associated with the terms of access for restricted files
         // the return of this partial terms of use and access is merged with the existing 
         // terms of use in the dataset's most recent version
-        JsonObject terms = obj.getJsonObject("termsOfUseAndAccess");
+        JsonObject terms = obj.getJsonObject("customTermsOfAccess");
         TermsOfUseAndAccess toaa = new TermsOfUseAndAccess();
         toaa.setFileAccessRequest(terms.getBoolean("fileAccessRequest", false));
         toaa.setTermsOfAccess(terms.getString("termsOfAccess", null));
diff --git a/src/test/resources/json/update-dataset-access-only.json b/src/test/resources/json/update-dataset-access-only.json
index 57f4570457a..e0348f471f3 100644
--- a/src/test/resources/json/update-dataset-access-only.json
+++ b/src/test/resources/json/update-dataset-access-only.json
@@ -1,5 +1,5 @@
 {
-    "termsOfUseAndAccess": {
+    "customTermsOfAccess": {
         "fileAccessRequest": true,
         "termsOfAccess": "For access to restricted files please see read me file",
         "dataAccessPlace": "dataAccessPlace",
diff --git a/src/test/resources/json/update-dataset-terms-access.json b/src/test/resources/json/update-dataset-terms-access.json
index fbbd45a313f..bbea9c4dd0e 100644
--- a/src/test/resources/json/update-dataset-terms-access.json
+++ b/src/test/resources/json/update-dataset-terms-access.json
@@ -1,5 +1,5 @@
 {
-    "termsOfUseAndAccess": {
+    "customTermsOfAccess": {
         "fileAccessRequest": true,
         "termsOfAccess": "For access to restricted files please see read me file",
         "dataAccessPlace": "dataAccessPlace",
diff --git a/src/test/resources/json/update-dataset-terms-no-access.json b/src/test/resources/json/update-dataset-terms-no-access.json
index 9c53330b7c5..87bcac3032f 100644
--- a/src/test/resources/json/update-dataset-terms-no-access.json
+++ b/src/test/resources/json/update-dataset-terms-no-access.json
@@ -1,5 +1,5 @@
 {
-    "termsOfUseAndAccess": {
+    "customTermsOfAccess": {
         "fileAccessRequest": false,
         "termsOfAccess": "",
         "dataAccessPlace": "dataAccessPlace",

From 1a92c4c3b2307b81f5b3893030c195dee939bcdc Mon Sep 17 00:00:00 2001
From: Stephen Kraffmiller <skraffmiller@hmdc.harvard.edu>
Date: Thu, 9 Oct 2025 09:38:23 -0400
Subject: [PATCH 374/634] #11772 clean up unit test

---
 ...UpdateDatasetTermsOfAccessCommandTest.java | 27 +++++++++----------
 1 file changed, 13 insertions(+), 14 deletions(-)

diff --git a/src/test/java/edu/harvard/iq/dataverse/engine/command/impl/UpdateDatasetTermsOfAccessCommandTest.java b/src/test/java/edu/harvard/iq/dataverse/engine/command/impl/UpdateDatasetTermsOfAccessCommandTest.java
index 0bdb4be521c..a4983dd3689 100644
--- a/src/test/java/edu/harvard/iq/dataverse/engine/command/impl/UpdateDatasetTermsOfAccessCommandTest.java
+++ b/src/test/java/edu/harvard/iq/dataverse/engine/command/impl/UpdateDatasetTermsOfAccessCommandTest.java
@@ -54,6 +54,7 @@ public class UpdateDatasetTermsOfAccessCommandTest {
 
     @BeforeEach
     public void setUp() throws CommandException {
+        
         MockitoAnnotations.openMocks(this);
         when(dataverseEngineMock.submit(updateDatasetVersionCommand)).thenReturn(datasetMock);
         when(commandContextMock.engine()).thenReturn(dataverseEngineMock);
@@ -63,25 +64,23 @@ public void setUp() throws CommandException {
         dataset.getOrCreateEditVersion().setTermsOfUseAndAccess(new TermsOfUseAndAccess());
         terms = new TermsOfUseAndAccess();
 
-        command = new UpdateDatasetTermsOfAccessCommand(dataset, terms, request, updateDatasetVersionCommand);
+        command = new UpdateDatasetTermsOfAccessCommand(datasetMock, terms, request, updateDatasetVersionCommand);
     }
-
+    
     @Test
-    public void testExecute_SubmitsUpdateCommandAndUpdatesTerms() throws Exception {
-        when(ctxt.engine()).thenReturn(dataverseEngineMock);
-        Dataset expectedDataset = new Dataset();
-        when(dataverseEngineMock.submit(updateDatasetVersionCommand)).thenReturn(expectedDataset);
-        when(datasetMock.getOrCreateEditVersion()).thenReturn(datasetVersionMock);
-        when(datasetVersionMock.getTermsOfUseAndAccess()).thenReturn(termsOfUseAndAccessMock);
-
-        Dataset result = command.execute(ctxt);
+    public void execute_shouldUpdateRequestAndSetVersionStateToDraft() throws CommandException {
+        // Arrange
+        UpdateDatasetTermsOfAccessCommand sut = new UpdateDatasetTermsOfAccessCommand(datasetMock, terms, request, updateDatasetVersionCommand);
 
-        DatasetVersion version = dataset.getOrCreateEditVersion();
-        assertEquals(terms, version.getTermsOfUseAndAccess());
-        assertEquals(DatasetVersion.VersionState.DRAFT, version.getVersionState());
+        // Act
+        sut.execute(commandContextMock);
 
+        // Assert
+        assertEquals(terms, datasetVersionMock.getTermsOfUseAndAccess());
         verify(dataverseEngineMock).submit(updateDatasetVersionCommand);
-        assertSame(expectedDataset, result);
+        verify(datasetVersionMock).setVersionState(DatasetVersion.VersionState.DRAFT);
+        verify(commandContextMock).engine();
     }
 
+
 }

From 3d9376c9da063b47967a3cc17d68e02dd253a7d3 Mon Sep 17 00:00:00 2001
From: Stephen Kraffmiller <skraffmiller@hmdc.harvard.edu>
Date: Thu, 9 Oct 2025 10:11:09 -0400
Subject: [PATCH 375/634] #11771 add release notes

---
 .../11771-update-dataset-terms-of-access-api.md      | 12 ++++++++++++
 1 file changed, 12 insertions(+)
 create mode 100644 doc/release-notes/11771-update-dataset-terms-of-access-api.md

diff --git a/doc/release-notes/11771-update-dataset-terms-of-access-api.md b/doc/release-notes/11771-update-dataset-terms-of-access-api.md
new file mode 100644
index 00000000000..9e7b3c523e7
--- /dev/null
+++ b/doc/release-notes/11771-update-dataset-terms-of-access-api.md
@@ -0,0 +1,12 @@
+## New Endpoint: `/datasets/{id}/access`
+
+A new endpoint has been implemented to manage dataset terms of access for restricted files.
+
+### Functionality
+- Updates the terms of access of a dataset by applying it to the draft version.
+- If no draft exists, a new one is automatically created.
+
+### Usage
+
+**Custom Terms of Access** – Provide a JSON body with the `customTermsOfAccess` object.
+    - All fields are optional **except** if there are restricted files in which case `fileAccessRequest` must be set to true or  `termsOfAccess` must be provided.

From 9cf870b801bf43fe27720c2344f8b11b5c5c9dcf Mon Sep 17 00:00:00 2001
From: Stephen Kraffmiller <skraffmiller@hmdc.harvard.edu>
Date: Thu, 9 Oct 2025 10:15:19 -0400
Subject: [PATCH 376/634] #11772 rename release notes

oops
---
 ...-access-api.md => 11772-update-dataset-terms-of-access-api.md} | 0
 1 file changed, 0 insertions(+), 0 deletions(-)
 rename doc/release-notes/{11771-update-dataset-terms-of-access-api.md => 11772-update-dataset-terms-of-access-api.md} (100%)

diff --git a/doc/release-notes/11771-update-dataset-terms-of-access-api.md b/doc/release-notes/11772-update-dataset-terms-of-access-api.md
similarity index 100%
rename from doc/release-notes/11771-update-dataset-terms-of-access-api.md
rename to doc/release-notes/11772-update-dataset-terms-of-access-api.md

From 5390790c6c80d4bc8527ac3fd74cd2b9fab62a5c Mon Sep 17 00:00:00 2001
From: Stephen Kraffmiller <skraffmiller@hmdc.harvard.edu>
Date: Thu, 9 Oct 2025 10:45:56 -0400
Subject: [PATCH 377/634] Update native-api.rst

---
 doc/sphinx-guides/source/api/native-api.rst | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/doc/sphinx-guides/source/api/native-api.rst b/doc/sphinx-guides/source/api/native-api.rst
index 149544161ac..6b12cff3cc3 100644
--- a/doc/sphinx-guides/source/api/native-api.rst
+++ b/doc/sphinx-guides/source/api/native-api.rst
@@ -2270,7 +2270,7 @@ To define custom terms of access, provide a JSON body with the following propert
   export ID=3
   export FILE_PATH=access.json
 
-  curl -H "X-Dataverse-key:$API_TOKEN" -X PUT "$SERVER_URL/api/datasets/$ID/license" -H "Content-type:application/json" --upload-file $FILE_PATH
+  curl -H "X-Dataverse-key:$API_TOKEN" -X PUT "$SERVER_URL/api/datasets/$ID/access" -H "Content-type:application/json" --upload-file $FILE_PATH
 
 The fully expanded example above (without environment variables) looks like this:
 

From 0bc91040f96b45ed67ece6d16da5d67428dce57a Mon Sep 17 00:00:00 2001
From: GPortas <hey@gportas.me>
Date: Thu, 9 Oct 2025 17:02:46 +0100
Subject: [PATCH 378/634] Changed: using JPACriteria-based method instead of
 javacode for filtering previous file metadata version in
 GetFileVersionDifferencesCommand

---
 .../iq/dataverse/DataFileServiceBean.java     |  40 +++++-
 .../edu/harvard/iq/dataverse/api/Files.java   |   2 +-
 .../GetFileVersionDifferencesCommand.java     |  16 +--
 .../GetFileVersionDifferencesCommandTest.java | 114 +++++++-----------
 4 files changed, 89 insertions(+), 83 deletions(-)

diff --git a/src/main/java/edu/harvard/iq/dataverse/DataFileServiceBean.java b/src/main/java/edu/harvard/iq/dataverse/DataFileServiceBean.java
index 67f64ac47c1..0014cce282c 100644
--- a/src/main/java/edu/harvard/iq/dataverse/DataFileServiceBean.java
+++ b/src/main/java/edu/harvard/iq/dataverse/DataFileServiceBean.java
@@ -398,7 +398,6 @@ public List<VersionedFileMetadata> findFileMetadataHistory(Long datasetId,
                                                                boolean canViewUnpublishedVersions,
                                                                Integer limit,
                                                                Integer offset) {
-        // Guard clause: Return early if there's no file to search for.
         if (dataFile == null) {
             return Collections.emptyList();
         }
@@ -465,6 +464,45 @@ public List<VersionedFileMetadata> findFileMetadataHistory(Long datasetId,
                 .collect(Collectors.toList());
     }
 
+    /**
+     * Finds the FileMetadata for a given file in the version immediately preceding a specified version.
+     *
+     * @param fileMetadata   The FileMetadata instance from the current version, used to identify the file's lineage.
+     * @return The FileMetadata from the immediately prior version, or {@code null} if this is the first version of the file.
+     */
+    public FileMetadata getPreviousFileMetadata(FileMetadata fileMetadata) {
+        if (fileMetadata == null || fileMetadata.getDataFile() == null) {
+            return null;
+        }
+
+        // 1. Get the ID of the file that was replaced.
+        Long previousId = fileMetadata.getDataFile().getPreviousDataFileId();
+
+        // If there's no previous ID, this is the first version of the file.
+        if (previousId == null) {
+            return null;
+        }
+
+        CriteriaBuilder cb = em.getCriteriaBuilder();
+        CriteriaQuery<FileMetadata> cq = cb.createQuery(FileMetadata.class);
+        Root<FileMetadata> fileMetadataRoot = cq.from(FileMetadata.class);
+
+        // 2. Join FileMetadata to DataFile to access the ID.
+        Join<FileMetadata, DataFile> dataFileJoin = fileMetadataRoot.join("dataFile");
+
+        // 3. Find the FileMetadata whose DataFile ID matches the previousId.
+        cq.where(cb.equal(dataFileJoin.get("id"), previousId));
+
+        // --- Execution ---
+        TypedQuery<FileMetadata> query = em.createQuery(cq);
+        try {
+            return query.getSingleResult();
+        } catch (NoResultException e) {
+            // If no result is found, return null.
+            return null;
+        }
+    }
+
     public FileMetadata findMostRecentVersionFileIsIn(DataFile file) {
         if (file == null) {
             return null;
diff --git a/src/main/java/edu/harvard/iq/dataverse/api/Files.java b/src/main/java/edu/harvard/iq/dataverse/api/Files.java
index 4810510c8a4..7cd0ef3dd25 100644
--- a/src/main/java/edu/harvard/iq/dataverse/api/Files.java
+++ b/src/main/java/edu/harvard/iq/dataverse/api/Files.java
@@ -1182,7 +1182,7 @@ public Response getFileVersionsList(@Context ContainerRequestContext crc, @PathP
             if (fm == null) {
                 return notFound(BundleUtil.getStringFromBundle("files.api.fileNotFound"));
             }
-            List<FileVersionDifference> fileVersionDifferences = execCommand(new GetFileVersionDifferencesCommand(req, fm, null, null, fileMetadataVersionsHelper));
+            List<FileVersionDifference> fileVersionDifferences = execCommand(new GetFileVersionDifferencesCommand(req, fm, null, null));
             JsonArrayBuilder jab = Json.createArrayBuilder();
             for (FileVersionDifference fileVersionDifference : fileVersionDifferences) {
                 jab.add(fileMetadataVersionsHelper.jsonDataFileVersions(fileVersionDifference).build());
diff --git a/src/main/java/edu/harvard/iq/dataverse/engine/command/impl/GetFileVersionDifferencesCommand.java b/src/main/java/edu/harvard/iq/dataverse/engine/command/impl/GetFileVersionDifferencesCommand.java
index f6d53a39348..674f6c6c42c 100644
--- a/src/main/java/edu/harvard/iq/dataverse/engine/command/impl/GetFileVersionDifferencesCommand.java
+++ b/src/main/java/edu/harvard/iq/dataverse/engine/command/impl/GetFileVersionDifferencesCommand.java
@@ -23,12 +23,10 @@ public class GetFileVersionDifferencesCommand extends AbstractCommand<List<FileV
     private final FileMetadata fileMetadata;
     private final Integer limit;
     private final Integer offset;
-    private final FileMetadataVersionsHelper versionsHelper;
 
-    public GetFileVersionDifferencesCommand(DataverseRequest request, FileMetadata fileMetadata, Integer limit, Integer offset, FileMetadataVersionsHelper fileMetadataVersionsHelper) {
+    public GetFileVersionDifferencesCommand(DataverseRequest request, FileMetadata fileMetadata, Integer limit, Integer offset) {
         super(request, fileMetadata.getDataFile());
         this.fileMetadata = Objects.requireNonNull(fileMetadata);
-        this.versionsHelper = Objects.requireNonNull(fileMetadataVersionsHelper);
         this.limit = limit;
         this.offset = offset;
     }
@@ -38,12 +36,12 @@ public List<FileVersionDifference> execute(CommandContext ctxt) throws CommandEx
         List<VersionedFileMetadata> fileHistory = findFileHistory(ctxt);
 
         return fileHistory.stream()
-                .map(this::createDifferenceFromHistory)
+                .map(versionedFileMetadata -> createDifferenceFromHistory(ctxt, versionedFileMetadata))
                 .collect(Collectors.toList());
     }
 
     /**
-     * Fetches the file's version history from the database, respecting user permissions.
+     * Fetches the file's version history, respecting user permissions.
      */
     private List<VersionedFileMetadata> findFileHistory(CommandContext ctxt) {
         Dataset dataset = fileMetadata.getDatasetVersion().getDataset();
@@ -66,15 +64,13 @@ private boolean canViewUnpublishedVersions(CommandContext ctxt, Dataset dataset)
     /**
      * Transforms a single historical entry into a FileVersionDifference object.
      */
-    private FileVersionDifference createDifferenceFromHistory(VersionedFileMetadata versionedFileMetadata) {
+    private FileVersionDifference createDifferenceFromHistory(CommandContext ctxt, VersionedFileMetadata versionedFileMetadata) {
         FileMetadata current = versionedFileMetadata.getFileMetadata();
-        DatasetVersion version = versionedFileMetadata.getDatasetVersion();
-
-        FileMetadata previous = versionsHelper.getPreviousFileMetadata(this.fileMetadata, version);
+        FileMetadata previous = ctxt.files().getPreviousFileMetadata(current);
 
         return (current != null)
                 ? new FileVersionDifference(current, previous, false)
-                : createDifferenceForNonexistentFile(version, previous);
+                : createDifferenceForNonexistentFile(versionedFileMetadata.getDatasetVersion(), previous);
     }
 
     /**
diff --git a/src/test/java/edu/harvard/iq/dataverse/engine/command/impl/GetFileVersionDifferencesCommandTest.java b/src/test/java/edu/harvard/iq/dataverse/engine/command/impl/GetFileVersionDifferencesCommandTest.java
index ae75b0e47b2..b931fa0d8ae 100644
--- a/src/test/java/edu/harvard/iq/dataverse/engine/command/impl/GetFileVersionDifferencesCommandTest.java
+++ b/src/test/java/edu/harvard/iq/dataverse/engine/command/impl/GetFileVersionDifferencesCommandTest.java
@@ -21,8 +21,7 @@
 import static org.mockito.ArgumentMatchers.any;
 import static org.mockito.ArgumentMatchers.anyBoolean;
 import static org.mockito.ArgumentMatchers.eq;
-import static org.mockito.Mockito.verify;
-import static org.mockito.Mockito.when;
+import static org.mockito.Mockito.*;
 
 @ExtendWith(MockitoExtension.class)
 class GetFileVersionDifferencesCommandTest {
@@ -34,8 +33,6 @@ class GetFileVersionDifferencesCommandTest {
     @Mock
     private FileMetadata fileMetadataMock;
     @Mock
-    private FileMetadataVersionsHelper versionsHelperMock;
-    @Mock
     private PermissionServiceBean permissionsMock;
     @Mock
     private DataFileServiceBean fileServiceMock;
@@ -50,11 +47,9 @@ class GetFileVersionDifferencesCommandTest {
 
     @BeforeEach
     void setUp() {
-        // Mock the context to return our mock services
         when(contextMock.permissions()).thenReturn(permissionsMock);
         when(contextMock.files()).thenReturn(fileServiceMock);
 
-        // Mock the chain of objects from FileMetadata -> Dataset
         when(fileMetadataMock.getDatasetVersion()).thenReturn(datasetVersionMock);
         when(datasetVersionMock.getDataset()).thenReturn(datasetMock);
         when(datasetMock.getId()).thenReturn(DATASET_ID);
@@ -70,7 +65,7 @@ void execute_should_call_history_with_true_when_user_has_permission() throws Com
         when(fileServiceMock.findFileMetadataHistory(any(), any(), anyBoolean(), any(), any()))
                 .thenReturn(Collections.emptyList());
 
-        GetFileVersionDifferencesCommand command = new GetFileVersionDifferencesCommand(requestMock, fileMetadataMock, null, null, versionsHelperMock);
+        GetFileVersionDifferencesCommand command = new GetFileVersionDifferencesCommand(requestMock, fileMetadataMock, null, null);
 
         // Act
         command.execute(contextMock);
@@ -96,7 +91,7 @@ void execute_should_call_history_with_false_when_user_lacks_permission() throws
         when(fileServiceMock.findFileMetadataHistory(any(), any(), anyBoolean(), any(), any()))
                 .thenReturn(Collections.emptyList());
 
-        GetFileVersionDifferencesCommand command = new GetFileVersionDifferencesCommand(requestMock, fileMetadataMock, null, null, versionsHelperMock);
+        GetFileVersionDifferencesCommand command = new GetFileVersionDifferencesCommand(requestMock, fileMetadataMock, null, null);
 
         // Act
         command.execute(contextMock);
@@ -122,7 +117,7 @@ void execute_should_pass_pagination_parameters_correctly() throws CommandExcepti
         when(fileServiceMock.findFileMetadataHistory(any(), any(), anyBoolean(), any(), any()))
                 .thenReturn(Collections.emptyList());
 
-        GetFileVersionDifferencesCommand command = new GetFileVersionDifferencesCommand(requestMock, fileMetadataMock, expectedLimit, expectedOffset, versionsHelperMock);
+        GetFileVersionDifferencesCommand command = new GetFileVersionDifferencesCommand(requestMock, fileMetadataMock, expectedLimit, expectedOffset);
 
         // Act
         command.execute(contextMock);
@@ -139,73 +134,50 @@ void execute_should_pass_pagination_parameters_correctly() throws CommandExcepti
 
     @Test
     @DisplayName("execute should correctly convert file history to FileVersionDifference list")
-    void execute_should_convert_history_to_differences(
-            // Mocks for a version with METADATA CHANGES
-            @Mock VersionedFileMetadata vfm_changed, @Mock FileMetadata currentFm_changed,
-            @Mock FileMetadata previousFm_changed, @Mock DatasetVersion version_changed,
-            // Mocks for a version with NO METADATA CHANGES
-            @Mock VersionedFileMetadata vfm_same, @Mock FileMetadata currentFm_same,
-            @Mock FileMetadata previousFm_same, @Mock DatasetVersion version_same,
-            // Mocks for underlying file objects
-            @Mock DataFile dataFile1, @Mock DataFile dataFile2
-    ) throws CommandException {
-
-        // Arrange: Prepare a history list with two entries.
-
-        // --- Scenario 1: A version where file metadata (e.g., the label) has changed. ---
-        when(vfm_changed.getFileMetadata()).thenReturn(currentFm_changed);
-        when(vfm_changed.getDatasetVersion()).thenReturn(version_changed);
-        when(versionsHelperMock.getPreviousFileMetadata(fileMetadataMock, version_changed)).thenReturn(previousFm_changed);
-        // Mock the underlying data to trigger a difference in compareMetadata()
-        when(currentFm_changed.getLabel()).thenReturn("new_name.txt");
-        when(previousFm_changed.getLabel()).thenReturn("old_name.txt");
-        when(currentFm_changed.getDataFile()).thenReturn(dataFile1);
-        when(previousFm_changed.getDataFile()).thenReturn(dataFile1);
-
-        // --- Scenario 2: A version where the file exists but its metadata is identical to the previous version. ---
-        when(vfm_same.getFileMetadata()).thenReturn(currentFm_same);
-        when(vfm_same.getDatasetVersion()).thenReturn(version_same);
-        when(versionsHelperMock.getPreviousFileMetadata(fileMetadataMock, version_same)).thenReturn(previousFm_same);
-        // Mock the underlying data to be identical in compareMetadata()
-        when(currentFm_same.isRestricted()).thenReturn(false);
-        when(previousFm_same.isRestricted()).thenReturn(false);
-        when(currentFm_same.getLabel()).thenReturn("file.txt");
-        when(previousFm_same.getLabel()).thenReturn("file.txt");
-        when(currentFm_same.getDescription()).thenReturn("description");
-        when(previousFm_same.getDescription()).thenReturn("description");
-        when(currentFm_same.getProvFreeForm()).thenReturn(null);
-        when(previousFm_same.getProvFreeForm()).thenReturn(null);
-        when(currentFm_same.getCategoriesByName()).thenReturn(Collections.emptyList());
-        when(previousFm_same.getCategoriesByName()).thenReturn(Collections.emptyList());
-        when(currentFm_same.getDataFile()).thenReturn(dataFile2);
-        when(previousFm_same.getDataFile()).thenReturn(dataFile2);
-
-        // Mock the service to return our prepared history list.
+    void execute_should_convert_history_to_differences() throws CommandException {
+        // Arrange
+        // Create mock history: 3 versions of a file's metadata
+        FileMetadata fm3 = new FileMetadata(); // Newest
+        fm3.setId(3L);
+        FileMetadata fm2 = new FileMetadata(); // Middle
+        fm2.setId(2L);
+        FileMetadata fm1 = new FileMetadata(); // Oldest
+        fm1.setId(1L);
+
+        VersionedFileMetadata vfm3 = mock(VersionedFileMetadata.class);
+        VersionedFileMetadata vfm2 = mock(VersionedFileMetadata.class);
+        VersionedFileMetadata vfm1 = mock(VersionedFileMetadata.class);
+        when(vfm3.getFileMetadata()).thenReturn(fm3);
+        when(vfm2.getFileMetadata()).thenReturn(fm2);
+        when(vfm1.getFileMetadata()).thenReturn(fm1);
+
+        List<VersionedFileMetadata> history = List.of(vfm3, vfm2, vfm1);
         when(fileServiceMock.findFileMetadataHistory(any(), any(), anyBoolean(), any(), any()))
-                .thenReturn(List.of(vfm_changed, vfm_same));
+                .thenReturn(history);
+
+        // Mock the logic to find the direct predecessor of each version
+        when(fileServiceMock.getPreviousFileMetadata(fm3)).thenReturn(fm2);
+        when(fileServiceMock.getPreviousFileMetadata(fm2)).thenReturn(fm1);
+        when(fileServiceMock.getPreviousFileMetadata(fm1)).thenReturn(null); // The oldest has no predecessor
 
-        GetFileVersionDifferencesCommand command = new GetFileVersionDifferencesCommand(requestMock, fileMetadataMock, null, null, versionsHelperMock);
+        GetFileVersionDifferencesCommand command = new GetFileVersionDifferencesCommand(requestMock, fileMetadataMock, null, null);
 
         // Act
-        List<FileVersionDifference> result = command.execute(contextMock);
+        List<FileVersionDifference> differences = command.execute(contextMock);
 
         // Assert
-        assertThat(result).hasSize(2);
-
-        // --- Verify the first difference object (METADATA HAS CHANGED) ---
-        FileVersionDifference diff1 = result.get(0);
-        // Assert the correct FileMetadata objects were passed to the constructor.
-        assertThat(diff1.getNewFileMetadata()).isEqualTo(currentFm_changed);
-        assertThat(diff1.getOriginalFileMetadata()).isEqualTo(previousFm_changed);
-        // Assert that compareMetadata() correctly identified a difference.
-        assertThat(diff1.isSame()).isFalse();
-
-        // --- Verify the second difference object (METADATA IS THE SAME) ---
-        FileVersionDifference diff2 = result.get(1);
-        // Assert the correct FileMetadata objects were passed to the constructor.
-        assertThat(diff2.getNewFileMetadata()).isEqualTo(currentFm_same);
-        assertThat(diff2.getOriginalFileMetadata()).isEqualTo(previousFm_same);
-        // Assert that compareMetadata() correctly identified the metadata as identical.
-        assertThat(diff2.isSame()).isTrue();
+        assertThat(differences).hasSize(3);
+
+        // Check the difference for the newest version (v3 vs v2)
+        assertThat(differences.get(0).getNewFileMetadata()).isEqualTo(fm3);
+        assertThat(differences.get(0).getOriginalFileMetadata()).isEqualTo(fm2);
+
+        // Check the difference for the middle version (v2 vs v1)
+        assertThat(differences.get(1).getNewFileMetadata()).isEqualTo(fm2);
+        assertThat(differences.get(1).getOriginalFileMetadata()).isEqualTo(fm1);
+
+        // Check the difference for the oldest version (v1 vs null)
+        assertThat(differences.get(2).getNewFileMetadata()).isEqualTo(fm1);
+        assertThat(differences.get(2).getOriginalFileMetadata()).isNull();
     }
 }

From 1252f389cacb9a520d07180559492bb96245cafd Mon Sep 17 00:00:00 2001
From: Stephen Kraffmiller <skraffmiller@hmdc.harvard.edu>
Date: Thu, 9 Oct 2025 14:15:23 -0400
Subject: [PATCH 379/634] Update native-api.rst

---
 doc/sphinx-guides/source/api/native-api.rst | 10 +++++++---
 1 file changed, 7 insertions(+), 3 deletions(-)

diff --git a/doc/sphinx-guides/source/api/native-api.rst b/doc/sphinx-guides/source/api/native-api.rst
index 6b12cff3cc3..0c33f9f4502 100644
--- a/doc/sphinx-guides/source/api/native-api.rst
+++ b/doc/sphinx-guides/source/api/native-api.rst
@@ -2250,8 +2250,11 @@ Updates the terms of access for the restricted files of a dataset by applying it
 
 To define custom terms of access, provide a JSON body with the following properties. All fields within ``customTermsOfAccess`` are optional, except if there are restricted files in your dataset then ``fileAccessRequest`` must be set to true or ``termsOfAccess`` must be provided:
 
-  {
-    "customTermsOfAccess": {
+.. code-block:: json
+
+  [
+    {
+      "customTermsOfAccess": {
         "fileAccessRequest": true,
         "termsOfAccess": "Your terms of access for restricted files",
         "dataAccessPlace": "Your data access place",
@@ -2260,8 +2263,9 @@ To define custom terms of access, provide a JSON body with the following propert
         "contactForAccess": "Your contact for access",
         "sizeOfCollection": "Your size of collection",
         "studyCompletion": "Your study completion"
+      }
     }
-  }
+  ]
 
 .. code-block:: bash
 

From c7da46ed8cfda919dc2102b40b01a56757e27895 Mon Sep 17 00:00:00 2001
From: GPortas <hey@gportas.me>
Date: Sun, 12 Oct 2025 11:58:39 +0100
Subject: [PATCH 380/634] Stash: refactoring Files {id}/versionDifferences JSON
 printing logic

---
 .../dataverse/FileMetadataVersionsHelper.java | 136 -----------------
 .../edu/harvard/iq/dataverse/api/Files.java   |  17 +--
 .../iq/dataverse/util/json/JsonPrinter.java   | 142 ++++++++++++++++++
 3 files changed, 145 insertions(+), 150 deletions(-)

diff --git a/src/main/java/edu/harvard/iq/dataverse/FileMetadataVersionsHelper.java b/src/main/java/edu/harvard/iq/dataverse/FileMetadataVersionsHelper.java
index 21bb8ea51e4..368bc1b0628 100644
--- a/src/main/java/edu/harvard/iq/dataverse/FileMetadataVersionsHelper.java
+++ b/src/main/java/edu/harvard/iq/dataverse/FileMetadataVersionsHelper.java
@@ -2,21 +2,13 @@
 
 import edu.harvard.iq.dataverse.authorization.Permission;
 import edu.harvard.iq.dataverse.engine.command.DataverseRequest;
-import edu.harvard.iq.dataverse.util.StringUtil;
 import jakarta.ejb.EJB;
 import jakarta.ejb.Stateless;
-import jakarta.json.*;
 
 import java.util.*;
-import java.util.logging.Logger;
-import java.util.stream.Collectors;
-
-import static edu.harvard.iq.dataverse.util.json.NullSafeJsonBuilder.jsonObjectBuilder;
 
 @Stateless
 public class FileMetadataVersionsHelper {
-    private static final Logger logger = Logger.getLogger(FileMetadataVersionsHelper.class.getCanonicalName());
-
     @EJB
     DataFileServiceBean datafileService;
     @EJB
@@ -24,9 +16,6 @@ public class FileMetadataVersionsHelper {
     @EJB
     PermissionServiceBean permissionService;
 
-    // Groups that are single element groups and therefore not arrays.
-    private static final List<String> SINGLE_ELEMENT_GROUPS = List.of("File Access");
-
     public List<FileMetadata> loadFileVersionList(DataverseRequest req, FileMetadata fileMetadata) {
         List<DataFile> allfiles = allRelatedFiles(fileMetadata);
         List<FileMetadata> retList = new ArrayList<>();
@@ -61,94 +50,6 @@ public List<FileMetadata> loadFileVersionList(DataverseRequest req, FileMetadata
         return retList;
     }
 
-    public JsonObjectBuilder jsonDataFileVersions(FileVersionDifference fileVersionDifference) {
-        JsonObjectBuilder job = jsonObjectBuilder();
-        FileMetadata fileMetadata = fileVersionDifference.getNewFileMetadata();
-        if (fileMetadata.getDatasetVersion() != null) {
-            job.add("datasetVersion", fileMetadata.getDatasetVersion().getFriendlyVersionNumber());
-            if (fileMetadata.getDatasetVersion().getVersionNumber() != null) {
-                job
-                    .add("versionNumber", fileMetadata.getDatasetVersion().getVersionNumber())
-                    .add("versionMinorNumber", fileMetadata.getDatasetVersion().getMinorVersionNumber());
-            }
-
-            job
-                .add("isDraft", fileMetadata.getDatasetVersion().isDraft())
-                .add("isReleased", fileMetadata.getDatasetVersion().isReleased())
-                .add("isDeaccessioned", fileMetadata.getDatasetVersion().isDeaccessioned())
-                .add("versionState", fileMetadata.getDatasetVersion().getVersionState().name())
-                .add("summary", fileMetadata.getDatasetVersion().getVersionNote())
-                .add("contributors", fileMetadata.getContributorNames())
-                .add("publishedDate", fileMetadata.getDataFile() != null ? (fileMetadata.getDataFile().getPublicationDate() != null ? fileMetadata.getDataFile().getPublicationDate().toString() : null) : null)
-            ;
-        }
-        if (fileMetadata.getDataFile() != null) {
-            job.add("datafileId", fileMetadata.getDataFile().getId());
-            job.add("persistentId", (fileMetadata.getDataFile().getGlobalId() != null ? fileMetadata.getDataFile().getGlobalId().asString() : ""));
-        }
-        FileVersionDifference fvd = fileVersionDifference;
-        if (fvd != null) {
-            List<FileVersionDifference.FileDifferenceSummaryGroup> groups = fvd.getDifferenceSummaryGroups();
-            JsonObjectBuilder fileDifferenceSummary = jsonObjectBuilder()
-                .add("versionNote", fileMetadata.getDatasetVersion().getVersionNote())
-                .add("deaccessionedReason", fileMetadata.getDatasetVersion().getDeaccessionNote())
-                .add("file", getFileAction(fvd.getOriginalFileMetadata(), fvd.getNewFileMetadata()));
-
-            if (groups != null && !groups.isEmpty()) {
-                List<FileVersionDifference.FileDifferenceSummaryGroup> sortedGroups = groups.stream()
-                        .sorted(Comparator.comparing(FileVersionDifference.FileDifferenceSummaryGroup::getName))
-                        .collect(Collectors.toList());
-                String groupName = null;
-                final JsonArrayBuilder groupsArrayBuilder = Json.createArrayBuilder();
-                final JsonObjectBuilder groupsObjectBuilder = jsonObjectBuilder();
-                Map<String, Integer> itemCounts = new HashMap<>();
-
-                for (FileVersionDifference.FileDifferenceSummaryGroup group : sortedGroups) {
-                    if (!StringUtil.isEmpty(group.getName())) {
-                        // if the group name changed then add its data to the fileDifferenceSummary and reset list for next group
-                        if (groupName != null && groupName.compareTo(group.getName()) != 0) {
-                            addJsonGroupObject(fileDifferenceSummary, groupName, groupsObjectBuilder.build(), groupsArrayBuilder.build(), itemCounts);
-                            // Note: groupsArrayBuilder.build() also clears the data within it
-                            itemCounts.clear();
-                        }
-                        groupName = group.getName();
-
-                        group.getFileDifferenceSummaryItems().forEach(item -> {
-                            JsonObjectBuilder itemObjectBuilder = jsonObjectBuilder();
-                            if (item.getName().isEmpty()) {
-                                // 'groupName': {'Added'=#, 'Changed'=#, ...}
-                                // accumulate the counts since we can't make a separate array item
-                                itemCounts.merge("Added", item.getAdded(), Integer::sum);
-                                itemCounts.merge("Changed", item.getChanged(), Integer::sum);
-                                itemCounts.merge("Deleted", item.getDeleted(), Integer::sum);
-                                itemCounts.merge("Replaced", item.getReplaced(), Integer::sum);
-                            } else if (SINGLE_ELEMENT_GROUPS.contains(group.getName())) {
-                                // 'groupName': 'getNameValue'
-                                groupsObjectBuilder.add(group.getName(), group.getFileDifferenceSummaryItems().get(0).getName());
-                            } else {
-                                // 'groupName': [{name='', action=''}, {name='', action=''}]
-                                String action = item.getAdded() > 0 ? "Added" : item.getChanged() > 0 ? "Changed" :
-                                        item.getDeleted() > 0 ? "Deleted" : item.getReplaced() > 0 ? "Replaced" : "";
-                                itemObjectBuilder.add("name", item.getName());
-                                if (!action.isEmpty()) {
-                                    itemObjectBuilder.add("action", action);
-                                }
-                                groupsArrayBuilder.add(itemObjectBuilder.build());
-                            }
-                        });
-                    }
-                }
-                // process last group
-                addJsonGroupObject(fileDifferenceSummary, groupName, groupsObjectBuilder.build(), groupsArrayBuilder.build(), itemCounts);
-            }
-            JsonObject fileDifferenceSummaryObject = fileDifferenceSummary.build();
-            if (!fileDifferenceSummaryObject.isEmpty()) {
-                job.add("fileDifferenceSummary", fileDifferenceSummaryObject);
-            }
-        }
-        return job;
-    }
-
     //TODO: this could use some refactoring to cut down on the number of for loops!
     private FileMetadata getPreviousFileMetadata(FileMetadata fileMetadata, FileMetadata fmdIn){
 
@@ -228,41 +129,4 @@ private List<DataFile> allRelatedFiles(FileMetadata fileMetadata) {
         }
         return dataFiles;
     }
-
-    private String getFileAction(FileMetadata originalFileMetadata, FileMetadata newFileMetadata) {
-        if (newFileMetadata.getDataFile() != null && originalFileMetadata == null) {
-            return "Added";
-        } else if (newFileMetadata.getDataFile() == null && originalFileMetadata != null) {
-            return "Deleted";
-        } else if (originalFileMetadata != null &&
-                newFileMetadata.getDataFile() != null && originalFileMetadata.getDataFile() != null &&!originalFileMetadata.getDataFile().equals(newFileMetadata.getDataFile())) {
-            return "Replaced";
-        } else {
-            return null;
-        }
-    }
-
-    private void addJsonGroupObject(JsonObjectBuilder jsonObjectBuilder, String key, JsonObject jsonObjectValue, JsonArray jsonArrayValue, Map<String, Integer> itemCounts) {
-        if (key != null && !key.isEmpty()) {
-            String sanitizedKey = key.replaceAll("\\s+", "");
-            if (itemCounts.isEmpty()) {
-                if (jsonArrayValue.isEmpty()) {
-                    // add the object
-                    jsonObjectBuilder.add(sanitizedKey, jsonObjectValue.getValue("/"+key));
-                } else {
-                    // add the array
-                    jsonObjectBuilder.add(sanitizedKey, jsonArrayValue);
-                }
-            } else {
-                // add the accumulated totals
-                JsonObjectBuilder accumulatedTotalsObjectBuilder = jsonObjectBuilder();
-                itemCounts.forEach((k, v) -> {
-                    if (v != 0) {
-                        accumulatedTotalsObjectBuilder.add(k, v);
-                    }
-                });
-                jsonObjectBuilder.add(sanitizedKey, accumulatedTotalsObjectBuilder.build());
-            }
-        }
-    }
 }
diff --git a/src/main/java/edu/harvard/iq/dataverse/api/Files.java b/src/main/java/edu/harvard/iq/dataverse/api/Files.java
index 7cd0ef3dd25..42e23656808 100644
--- a/src/main/java/edu/harvard/iq/dataverse/api/Files.java
+++ b/src/main/java/edu/harvard/iq/dataverse/api/Files.java
@@ -35,7 +35,7 @@
 
 import static edu.harvard.iq.dataverse.api.ApiConstants.*;
 import static edu.harvard.iq.dataverse.api.Datasets.handleVersion;
-import static edu.harvard.iq.dataverse.util.json.JsonPrinter.json;
+
 import edu.harvard.iq.dataverse.util.json.JsonUtil;
 import edu.harvard.iq.dataverse.util.json.NullSafeJsonBuilder;
 
@@ -61,7 +61,7 @@
 import jakarta.ws.rs.core.MediaType;
 import jakarta.ws.rs.core.Response;
 
-import static edu.harvard.iq.dataverse.util.json.JsonPrinter.jsonDT;
+import static edu.harvard.iq.dataverse.util.json.JsonPrinter.*;
 import static jakarta.ws.rs.core.Response.Status.BAD_REQUEST;
 import static jakarta.ws.rs.core.Response.Status.FORBIDDEN;
 
@@ -104,8 +104,6 @@ public class Files extends AbstractApiBean {
     GuestbookResponseServiceBean guestbookResponseService;
     @Inject
     DataFileServiceBean dataFileServiceBean;
-    @Inject
-    FileMetadataVersionsHelper fileMetadataVersionsHelper;
 
     private static final Logger logger = Logger.getLogger(Files.class.getName());
     
@@ -1182,16 +1180,7 @@ public Response getFileVersionsList(@Context ContainerRequestContext crc, @PathP
             if (fm == null) {
                 return notFound(BundleUtil.getStringFromBundle("files.api.fileNotFound"));
             }
-            List<FileVersionDifference> fileVersionDifferences = execCommand(new GetFileVersionDifferencesCommand(req, fm, null, null));
-            JsonArrayBuilder jab = Json.createArrayBuilder();
-            for (FileVersionDifference fileVersionDifference : fileVersionDifferences) {
-                jab.add(fileMetadataVersionsHelper.jsonDataFileVersions(fileVersionDifference).build());
-            }
-            return Response.ok()
-                    .entity(Json.createObjectBuilder()
-                            .add("status", STATUS_OK)
-                            .add("data", jab.build()).build()
-                    ).build();
+            return ok(jsonFileVersionSummaries(execCommand(new GetFileVersionDifferencesCommand(req, fm, null, null))));
         } catch (WrappedResponse ex) {
             return ex.getResponse();
         }
diff --git a/src/main/java/edu/harvard/iq/dataverse/util/json/JsonPrinter.java b/src/main/java/edu/harvard/iq/dataverse/util/json/JsonPrinter.java
index 49d887cf27d..c451aaf92a3 100644
--- a/src/main/java/edu/harvard/iq/dataverse/util/json/JsonPrinter.java
+++ b/src/main/java/edu/harvard/iq/dataverse/util/json/JsonPrinter.java
@@ -38,10 +38,13 @@
 import static edu.harvard.iq.dataverse.util.json.NullSafeJsonBuilder.jsonObjectBuilder;
 
 import edu.harvard.iq.dataverse.util.MailUtil;
+import edu.harvard.iq.dataverse.util.StringUtil;
 import edu.harvard.iq.dataverse.workflow.Workflow;
 import edu.harvard.iq.dataverse.workflow.step.WorkflowStepData;
 
 import java.util.*;
+
+import jakarta.inject.Inject;
 import jakarta.json.Json;
 import jakarta.json.JsonArrayBuilder;
 import jakarta.json.JsonObjectBuilder;
@@ -84,6 +87,9 @@ public class JsonPrinter {
 
     @EJB
     static InAppNotificationsJsonPrinter inAppNotificationsJsonPrinter;
+
+    @EJB
+    static FileMetadataVersionsHelper fileMetadataVersionsHelper;
     
     public static void injectSettingsService(SettingsServiceBean ssb,
                                              DatasetFieldServiceBean dfsb,
@@ -1728,4 +1734,140 @@ private static JsonObjectBuilder json(DatasetVersionSummary summary) {
 
         return jsonObjectBuilder;
     }
+
+    public static JsonArray jsonFileVersionSummaries(List<FileVersionDifference> differences) {
+        JsonArrayBuilder arrayBuilder = Json.createArrayBuilder();
+        differences.stream()
+                .filter(Objects::nonNull)
+                .map(diff -> jsonDataFileVersions(diff).build())
+                .forEach(arrayBuilder::add);
+
+        return arrayBuilder.build();
+    }
+
+    private static JsonObjectBuilder jsonDataFileVersions(FileVersionDifference fileVersionDifference) {
+        JsonObjectBuilder job = jsonObjectBuilder();
+        FileMetadata fileMetadata = fileVersionDifference.getNewFileMetadata();
+        if (fileMetadata.getDatasetVersion() != null) {
+            job.add("datasetVersion", fileMetadata.getDatasetVersion().getFriendlyVersionNumber());
+            if (fileMetadata.getDatasetVersion().getVersionNumber() != null) {
+                job
+                        .add("versionNumber", fileMetadata.getDatasetVersion().getVersionNumber())
+                        .add("versionMinorNumber", fileMetadata.getDatasetVersion().getMinorVersionNumber());
+            }
+
+            job
+                    .add("isDraft", fileMetadata.getDatasetVersion().isDraft())
+                    .add("isReleased", fileMetadata.getDatasetVersion().isReleased())
+                    .add("isDeaccessioned", fileMetadata.getDatasetVersion().isDeaccessioned())
+                    .add("versionState", fileMetadata.getDatasetVersion().getVersionState().name())
+                    .add("summary", fileMetadata.getDatasetVersion().getVersionNote())
+                    .add("contributors", fileMetadata.getContributorNames())
+                    .add("publishedDate", fileMetadata.getDataFile() != null ? (fileMetadata.getDataFile().getPublicationDate() != null ? fileMetadata.getDataFile().getPublicationDate().toString() : null) : null)
+            ;
+        }
+        if (fileMetadata.getDataFile() != null) {
+            job.add("datafileId", fileMetadata.getDataFile().getId());
+            job.add("persistentId", (fileMetadata.getDataFile().getGlobalId() != null ? fileMetadata.getDataFile().getGlobalId().asString() : ""));
+        }
+        FileVersionDifference fvd = fileVersionDifference;
+        if (fvd != null) {
+            List<FileVersionDifference.FileDifferenceSummaryGroup> groups = fvd.getDifferenceSummaryGroups();
+            JsonObjectBuilder fileDifferenceSummary = jsonObjectBuilder()
+                    .add("versionNote", fileMetadata.getDatasetVersion().getVersionNote())
+                    .add("deaccessionedReason", fileMetadata.getDatasetVersion().getDeaccessionNote())
+                    .add("file", getFileAction(fvd.getOriginalFileMetadata(), fvd.getNewFileMetadata()));
+
+            if (groups != null && !groups.isEmpty()) {
+                List<FileVersionDifference.FileDifferenceSummaryGroup> sortedGroups = groups.stream()
+                        .sorted(Comparator.comparing(FileVersionDifference.FileDifferenceSummaryGroup::getName))
+                        .collect(Collectors.toList());
+                String groupName = null;
+                final JsonArrayBuilder groupsArrayBuilder = Json.createArrayBuilder();
+                final JsonObjectBuilder groupsObjectBuilder = jsonObjectBuilder();
+                Map<String, Integer> itemCounts = new HashMap<>();
+
+                for (FileVersionDifference.FileDifferenceSummaryGroup group : sortedGroups) {
+                    if (!StringUtil.isEmpty(group.getName())) {
+                        // if the group name changed then add its data to the fileDifferenceSummary and reset list for next group
+                        if (groupName != null && groupName.compareTo(group.getName()) != 0) {
+                            addJsonGroupObject(fileDifferenceSummary, groupName, groupsObjectBuilder.build(), groupsArrayBuilder.build(), itemCounts);
+                            // Note: groupsArrayBuilder.build() also clears the data within it
+                            itemCounts.clear();
+                        }
+                        groupName = group.getName();
+
+                        group.getFileDifferenceSummaryItems().forEach(item -> {
+                            JsonObjectBuilder itemObjectBuilder = jsonObjectBuilder();
+                            if (item.getName().isEmpty()) {
+                                // 'groupName': {'Added'=#, 'Changed'=#, ...}
+                                // accumulate the counts since we can't make a separate array item
+                                itemCounts.merge("Added", item.getAdded(), Integer::sum);
+                                itemCounts.merge("Changed", item.getChanged(), Integer::sum);
+                                itemCounts.merge("Deleted", item.getDeleted(), Integer::sum);
+                                itemCounts.merge("Replaced", item.getReplaced(), Integer::sum);
+                            } else if (List.of("File Access").contains(group.getName())) {
+                                // 'groupName': 'getNameValue'
+                                groupsObjectBuilder.add(group.getName(), group.getFileDifferenceSummaryItems().get(0).getName());
+                            } else {
+                                // 'groupName': [{name='', action=''}, {name='', action=''}]
+                                String action = item.getAdded() > 0 ? "Added" : item.getChanged() > 0 ? "Changed" :
+                                        item.getDeleted() > 0 ? "Deleted" : item.getReplaced() > 0 ? "Replaced" : "";
+                                itemObjectBuilder.add("name", item.getName());
+                                if (!action.isEmpty()) {
+                                    itemObjectBuilder.add("action", action);
+                                }
+                                groupsArrayBuilder.add(itemObjectBuilder.build());
+                            }
+                        });
+                    }
+                }
+                // process last group
+                addJsonGroupObject(fileDifferenceSummary, groupName, groupsObjectBuilder.build(), groupsArrayBuilder.build(), itemCounts);
+            }
+            JsonObject fileDifferenceSummaryObject = fileDifferenceSummary.build();
+            if (!fileDifferenceSummaryObject.isEmpty()) {
+                job.add("fileDifferenceSummary", fileDifferenceSummaryObject);
+            }
+        }
+        return job;
+    }
+
+    private static String getFileAction(FileMetadata originalFileMetadata, FileMetadata newFileMetadata) {
+        if (newFileMetadata.getDataFile() != null && originalFileMetadata == null) {
+            return "Added";
+        } else if (newFileMetadata.getDataFile() == null && originalFileMetadata != null) {
+            return "Deleted";
+        } else if (originalFileMetadata != null &&
+                newFileMetadata.getDataFile() != null && originalFileMetadata.getDataFile() != null &&!originalFileMetadata.getDataFile().equals(newFileMetadata.getDataFile())) {
+            return "Replaced";
+        } else {
+            return null;
+        }
+    }
+
+    private static void addJsonGroupObject(JsonObjectBuilder jsonObjectBuilder, String key, JsonObject jsonObjectValue, JsonArray jsonArrayValue, Map<String, Integer> itemCounts) {
+        if (key != null && !key.isEmpty()) {
+            String sanitizedKey = key.replaceAll("\\s+", "");
+            if (itemCounts.isEmpty()) {
+                if (jsonArrayValue.isEmpty()) {
+                    // add the object
+                    jsonObjectBuilder.add(sanitizedKey, jsonObjectValue.getValue("/"+key));
+                } else {
+                    // add the array
+                    jsonObjectBuilder.add(sanitizedKey, jsonArrayValue);
+                }
+            } else {
+                // add the accumulated totals
+                JsonObjectBuilder accumulatedTotalsObjectBuilder = jsonObjectBuilder();
+                itemCounts.forEach((k, v) -> {
+                    if (v != 0) {
+                        accumulatedTotalsObjectBuilder.add(k, v);
+                    }
+                });
+                jsonObjectBuilder.add(sanitizedKey, accumulatedTotalsObjectBuilder.build());
+            }
+        }
+    }
+
 }

From 755eb80f840d6758559f868e8b849c853d37c4a5 Mon Sep 17 00:00:00 2001
From: GPortas <hey@gportas.me>
Date: Sun, 12 Oct 2025 19:07:56 +0100
Subject: [PATCH 381/634] Refactor: extracted FileVersionDifferenceJsonPrinter

---
 .../FileVersionDifferenceJsonPrinter.java     | 141 ++++++++++++++++++
 .../iq/dataverse/util/json/JsonPrinter.java   | 135 +----------------
 2 files changed, 144 insertions(+), 132 deletions(-)
 create mode 100644 src/main/java/edu/harvard/iq/dataverse/util/json/FileVersionDifferenceJsonPrinter.java

diff --git a/src/main/java/edu/harvard/iq/dataverse/util/json/FileVersionDifferenceJsonPrinter.java b/src/main/java/edu/harvard/iq/dataverse/util/json/FileVersionDifferenceJsonPrinter.java
new file mode 100644
index 00000000000..3fe3a4540be
--- /dev/null
+++ b/src/main/java/edu/harvard/iq/dataverse/util/json/FileVersionDifferenceJsonPrinter.java
@@ -0,0 +1,141 @@
+package edu.harvard.iq.dataverse.util.json;
+
+import edu.harvard.iq.dataverse.FileMetadata;
+import edu.harvard.iq.dataverse.FileVersionDifference;
+import edu.harvard.iq.dataverse.util.StringUtil;
+import jakarta.json.*;
+
+import java.util.*;
+
+import static edu.harvard.iq.dataverse.util.json.NullSafeJsonBuilder.jsonObjectBuilder;
+
+public class FileVersionDifferenceJsonPrinter {
+
+    private static final String ACTION_ADDED = "Added";
+    private static final String ACTION_CHANGED = "Changed";
+    private static final String ACTION_DELETED = "Deleted";
+    private static final String ACTION_REPLACED = "Replaced";
+    private static final String GROUP_FILE_ACCESS = "File Access";
+
+    public static JsonObjectBuilder jsonFileVersionDifference(FileVersionDifference fileVersionDifference) {
+        JsonObjectBuilder job = jsonObjectBuilder();
+        FileMetadata fileMetadata = fileVersionDifference.getNewFileMetadata();
+        if (fileMetadata.getDatasetVersion() != null) {
+            job.add("datasetVersion", fileMetadata.getDatasetVersion().getFriendlyVersionNumber());
+            if (fileMetadata.getDatasetVersion().getVersionNumber() != null) {
+                job
+                        .add("versionNumber", fileMetadata.getDatasetVersion().getVersionNumber())
+                        .add("versionMinorNumber", fileMetadata.getDatasetVersion().getMinorVersionNumber());
+            }
+
+            job
+                    .add("isDraft", fileMetadata.getDatasetVersion().isDraft())
+                    .add("isReleased", fileMetadata.getDatasetVersion().isReleased())
+                    .add("isDeaccessioned", fileMetadata.getDatasetVersion().isDeaccessioned())
+                    .add("versionState", fileMetadata.getDatasetVersion().getVersionState().name())
+                    .add("summary", fileMetadata.getDatasetVersion().getVersionNote())
+                    .add("contributors", fileMetadata.getContributorNames())
+                    .add("publishedDate", fileMetadata.getDataFile() != null ? (fileMetadata.getDataFile().getPublicationDate() != null ? fileMetadata.getDataFile().getPublicationDate().toString() : null) : null)
+            ;
+        }
+        if (fileMetadata.getDataFile() != null) {
+            job.add("datafileId", fileMetadata.getDataFile().getId());
+            job.add("persistentId", (fileMetadata.getDataFile().getGlobalId() != null ? fileMetadata.getDataFile().getGlobalId().asString() : ""));
+        }
+        List<FileVersionDifference.FileDifferenceSummaryGroup> groups = fileVersionDifference.getDifferenceSummaryGroups();
+        JsonObjectBuilder fileDifferenceSummary = jsonObjectBuilder()
+                .add("versionNote", fileMetadata.getDatasetVersion().getVersionNote())
+                .add("deaccessionedReason", fileMetadata.getDatasetVersion().getDeaccessionNote())
+                .add("file", getFileAction(fileVersionDifference.getOriginalFileMetadata(), fileVersionDifference.getNewFileMetadata()));
+
+        if (groups != null && !groups.isEmpty()) {
+            List<FileVersionDifference.FileDifferenceSummaryGroup> sortedGroups = groups.stream()
+                    .sorted(Comparator.comparing(FileVersionDifference.FileDifferenceSummaryGroup::getName))
+                    .toList();
+            String groupName = null;
+            final JsonArrayBuilder groupsArrayBuilder = Json.createArrayBuilder();
+            final JsonObjectBuilder groupsObjectBuilder = jsonObjectBuilder();
+            Map<String, Integer> itemCounts = new HashMap<>();
+
+            for (FileVersionDifference.FileDifferenceSummaryGroup group : sortedGroups) {
+                if (!StringUtil.isEmpty(group.getName())) {
+                    // if the group name changed then add its data to the fileDifferenceSummary and reset list for next group
+                    if (groupName != null && groupName.compareTo(group.getName()) != 0) {
+                        addJsonGroupObject(fileDifferenceSummary, groupName, groupsObjectBuilder.build(), groupsArrayBuilder.build(), itemCounts);
+                        // Note: groupsArrayBuilder.build() also clears the data within it
+                        itemCounts.clear();
+                    }
+                    groupName = group.getName();
+
+                    group.getFileDifferenceSummaryItems().forEach(item -> {
+                        JsonObjectBuilder itemObjectBuilder = jsonObjectBuilder();
+                        if (item.getName().isEmpty()) {
+                            // 'groupName': {'Added'=#, 'Changed'=#, ...}
+                            // accumulate the counts since we can't make a separate array item
+                            itemCounts.merge(ACTION_ADDED, item.getAdded(), Integer::sum);
+                            itemCounts.merge(ACTION_CHANGED, item.getChanged(), Integer::sum);
+                            itemCounts.merge(ACTION_DELETED, item.getDeleted(), Integer::sum);
+                            itemCounts.merge(ACTION_REPLACED, item.getReplaced(), Integer::sum);
+                        } else if (GROUP_FILE_ACCESS.equals(group.getName())) {
+                            // 'groupName': 'getNameValue'
+                            groupsObjectBuilder.add(group.getName(), group.getFileDifferenceSummaryItems().get(0).getName());
+                        } else {
+                            // 'groupName': [{name='', action=''}, {name='', action=''}]
+                            String action = item.getAdded() > 0 ? ACTION_ADDED : item.getChanged() > 0 ? ACTION_CHANGED :
+                                    item.getDeleted() > 0 ? ACTION_DELETED : item.getReplaced() > 0 ? ACTION_REPLACED : "";
+                            itemObjectBuilder.add("name", item.getName());
+                            if (!action.isEmpty()) {
+                                itemObjectBuilder.add("action", action);
+                            }
+                            groupsArrayBuilder.add(itemObjectBuilder.build());
+                        }
+                    });
+                }
+            }
+            // process last group
+            addJsonGroupObject(fileDifferenceSummary, groupName, groupsObjectBuilder.build(), groupsArrayBuilder.build(), itemCounts);
+        }
+        JsonObject fileDifferenceSummaryObject = fileDifferenceSummary.build();
+        if (!fileDifferenceSummaryObject.isEmpty()) {
+            job.add("fileDifferenceSummary", fileDifferenceSummaryObject);
+        }
+        return job;
+    }
+
+    private static String getFileAction(FileMetadata originalFileMetadata, FileMetadata newFileMetadata) {
+        if (newFileMetadata.getDataFile() != null && originalFileMetadata == null) {
+            return ACTION_ADDED;
+        } else if (newFileMetadata.getDataFile() == null && originalFileMetadata != null) {
+            return ACTION_DELETED;
+        } else if (originalFileMetadata != null &&
+                newFileMetadata.getDataFile() != null && originalFileMetadata.getDataFile() != null && !originalFileMetadata.getDataFile().equals(newFileMetadata.getDataFile())) {
+            return ACTION_REPLACED;
+        } else {
+            return null;
+        }
+    }
+
+    private static void addJsonGroupObject(JsonObjectBuilder jsonObjectBuilder, String key, JsonObject jsonObjectValue, JsonArray jsonArrayValue, Map<String, Integer> itemCounts) {
+        if (key != null && !key.isEmpty()) {
+            String sanitizedKey = key.replaceAll("\\s+", "");
+            if (itemCounts.isEmpty()) {
+                if (jsonArrayValue.isEmpty()) {
+                    // add the object
+                    jsonObjectBuilder.add(sanitizedKey, jsonObjectValue.getValue("/" + key));
+                } else {
+                    // add the array
+                    jsonObjectBuilder.add(sanitizedKey, jsonArrayValue);
+                }
+            } else {
+                // add the accumulated totals
+                JsonObjectBuilder accumulatedTotalsObjectBuilder = jsonObjectBuilder();
+                itemCounts.forEach((k, v) -> {
+                    if (v != 0) {
+                        accumulatedTotalsObjectBuilder.add(k, v);
+                    }
+                });
+                jsonObjectBuilder.add(sanitizedKey, accumulatedTotalsObjectBuilder.build());
+            }
+        }
+    }
+}
diff --git a/src/main/java/edu/harvard/iq/dataverse/util/json/JsonPrinter.java b/src/main/java/edu/harvard/iq/dataverse/util/json/JsonPrinter.java
index c451aaf92a3..61ac9978153 100644
--- a/src/main/java/edu/harvard/iq/dataverse/util/json/JsonPrinter.java
+++ b/src/main/java/edu/harvard/iq/dataverse/util/json/JsonPrinter.java
@@ -35,16 +35,16 @@
 import edu.harvard.iq.dataverse.settings.SettingsServiceBean;
 import edu.harvard.iq.dataverse.util.BundleUtil;
 import edu.harvard.iq.dataverse.util.DatasetFieldWalker;
+
+import static edu.harvard.iq.dataverse.util.json.FileVersionDifferenceJsonPrinter.jsonFileVersionDifference;
 import static edu.harvard.iq.dataverse.util.json.NullSafeJsonBuilder.jsonObjectBuilder;
 
 import edu.harvard.iq.dataverse.util.MailUtil;
-import edu.harvard.iq.dataverse.util.StringUtil;
 import edu.harvard.iq.dataverse.workflow.Workflow;
 import edu.harvard.iq.dataverse.workflow.step.WorkflowStepData;
 
 import java.util.*;
 
-import jakarta.inject.Inject;
 import jakarta.json.Json;
 import jakarta.json.JsonArrayBuilder;
 import jakarta.json.JsonObjectBuilder;
@@ -88,9 +88,6 @@ public class JsonPrinter {
     @EJB
     static InAppNotificationsJsonPrinter inAppNotificationsJsonPrinter;
 
-    @EJB
-    static FileMetadataVersionsHelper fileMetadataVersionsHelper;
-    
     public static void injectSettingsService(SettingsServiceBean ssb,
                                              DatasetFieldServiceBean dfsb,
                                              DataverseFieldTypeInputLevelServiceBean dfils,
@@ -1739,135 +1736,9 @@ public static JsonArray jsonFileVersionSummaries(List<FileVersionDifference> dif
         JsonArrayBuilder arrayBuilder = Json.createArrayBuilder();
         differences.stream()
                 .filter(Objects::nonNull)
-                .map(diff -> jsonDataFileVersions(diff).build())
+                .map(diff -> jsonFileVersionDifference(diff).build())
                 .forEach(arrayBuilder::add);
 
         return arrayBuilder.build();
     }
-
-    private static JsonObjectBuilder jsonDataFileVersions(FileVersionDifference fileVersionDifference) {
-        JsonObjectBuilder job = jsonObjectBuilder();
-        FileMetadata fileMetadata = fileVersionDifference.getNewFileMetadata();
-        if (fileMetadata.getDatasetVersion() != null) {
-            job.add("datasetVersion", fileMetadata.getDatasetVersion().getFriendlyVersionNumber());
-            if (fileMetadata.getDatasetVersion().getVersionNumber() != null) {
-                job
-                        .add("versionNumber", fileMetadata.getDatasetVersion().getVersionNumber())
-                        .add("versionMinorNumber", fileMetadata.getDatasetVersion().getMinorVersionNumber());
-            }
-
-            job
-                    .add("isDraft", fileMetadata.getDatasetVersion().isDraft())
-                    .add("isReleased", fileMetadata.getDatasetVersion().isReleased())
-                    .add("isDeaccessioned", fileMetadata.getDatasetVersion().isDeaccessioned())
-                    .add("versionState", fileMetadata.getDatasetVersion().getVersionState().name())
-                    .add("summary", fileMetadata.getDatasetVersion().getVersionNote())
-                    .add("contributors", fileMetadata.getContributorNames())
-                    .add("publishedDate", fileMetadata.getDataFile() != null ? (fileMetadata.getDataFile().getPublicationDate() != null ? fileMetadata.getDataFile().getPublicationDate().toString() : null) : null)
-            ;
-        }
-        if (fileMetadata.getDataFile() != null) {
-            job.add("datafileId", fileMetadata.getDataFile().getId());
-            job.add("persistentId", (fileMetadata.getDataFile().getGlobalId() != null ? fileMetadata.getDataFile().getGlobalId().asString() : ""));
-        }
-        FileVersionDifference fvd = fileVersionDifference;
-        if (fvd != null) {
-            List<FileVersionDifference.FileDifferenceSummaryGroup> groups = fvd.getDifferenceSummaryGroups();
-            JsonObjectBuilder fileDifferenceSummary = jsonObjectBuilder()
-                    .add("versionNote", fileMetadata.getDatasetVersion().getVersionNote())
-                    .add("deaccessionedReason", fileMetadata.getDatasetVersion().getDeaccessionNote())
-                    .add("file", getFileAction(fvd.getOriginalFileMetadata(), fvd.getNewFileMetadata()));
-
-            if (groups != null && !groups.isEmpty()) {
-                List<FileVersionDifference.FileDifferenceSummaryGroup> sortedGroups = groups.stream()
-                        .sorted(Comparator.comparing(FileVersionDifference.FileDifferenceSummaryGroup::getName))
-                        .collect(Collectors.toList());
-                String groupName = null;
-                final JsonArrayBuilder groupsArrayBuilder = Json.createArrayBuilder();
-                final JsonObjectBuilder groupsObjectBuilder = jsonObjectBuilder();
-                Map<String, Integer> itemCounts = new HashMap<>();
-
-                for (FileVersionDifference.FileDifferenceSummaryGroup group : sortedGroups) {
-                    if (!StringUtil.isEmpty(group.getName())) {
-                        // if the group name changed then add its data to the fileDifferenceSummary and reset list for next group
-                        if (groupName != null && groupName.compareTo(group.getName()) != 0) {
-                            addJsonGroupObject(fileDifferenceSummary, groupName, groupsObjectBuilder.build(), groupsArrayBuilder.build(), itemCounts);
-                            // Note: groupsArrayBuilder.build() also clears the data within it
-                            itemCounts.clear();
-                        }
-                        groupName = group.getName();
-
-                        group.getFileDifferenceSummaryItems().forEach(item -> {
-                            JsonObjectBuilder itemObjectBuilder = jsonObjectBuilder();
-                            if (item.getName().isEmpty()) {
-                                // 'groupName': {'Added'=#, 'Changed'=#, ...}
-                                // accumulate the counts since we can't make a separate array item
-                                itemCounts.merge("Added", item.getAdded(), Integer::sum);
-                                itemCounts.merge("Changed", item.getChanged(), Integer::sum);
-                                itemCounts.merge("Deleted", item.getDeleted(), Integer::sum);
-                                itemCounts.merge("Replaced", item.getReplaced(), Integer::sum);
-                            } else if (List.of("File Access").contains(group.getName())) {
-                                // 'groupName': 'getNameValue'
-                                groupsObjectBuilder.add(group.getName(), group.getFileDifferenceSummaryItems().get(0).getName());
-                            } else {
-                                // 'groupName': [{name='', action=''}, {name='', action=''}]
-                                String action = item.getAdded() > 0 ? "Added" : item.getChanged() > 0 ? "Changed" :
-                                        item.getDeleted() > 0 ? "Deleted" : item.getReplaced() > 0 ? "Replaced" : "";
-                                itemObjectBuilder.add("name", item.getName());
-                                if (!action.isEmpty()) {
-                                    itemObjectBuilder.add("action", action);
-                                }
-                                groupsArrayBuilder.add(itemObjectBuilder.build());
-                            }
-                        });
-                    }
-                }
-                // process last group
-                addJsonGroupObject(fileDifferenceSummary, groupName, groupsObjectBuilder.build(), groupsArrayBuilder.build(), itemCounts);
-            }
-            JsonObject fileDifferenceSummaryObject = fileDifferenceSummary.build();
-            if (!fileDifferenceSummaryObject.isEmpty()) {
-                job.add("fileDifferenceSummary", fileDifferenceSummaryObject);
-            }
-        }
-        return job;
-    }
-
-    private static String getFileAction(FileMetadata originalFileMetadata, FileMetadata newFileMetadata) {
-        if (newFileMetadata.getDataFile() != null && originalFileMetadata == null) {
-            return "Added";
-        } else if (newFileMetadata.getDataFile() == null && originalFileMetadata != null) {
-            return "Deleted";
-        } else if (originalFileMetadata != null &&
-                newFileMetadata.getDataFile() != null && originalFileMetadata.getDataFile() != null &&!originalFileMetadata.getDataFile().equals(newFileMetadata.getDataFile())) {
-            return "Replaced";
-        } else {
-            return null;
-        }
-    }
-
-    private static void addJsonGroupObject(JsonObjectBuilder jsonObjectBuilder, String key, JsonObject jsonObjectValue, JsonArray jsonArrayValue, Map<String, Integer> itemCounts) {
-        if (key != null && !key.isEmpty()) {
-            String sanitizedKey = key.replaceAll("\\s+", "");
-            if (itemCounts.isEmpty()) {
-                if (jsonArrayValue.isEmpty()) {
-                    // add the object
-                    jsonObjectBuilder.add(sanitizedKey, jsonObjectValue.getValue("/"+key));
-                } else {
-                    // add the array
-                    jsonObjectBuilder.add(sanitizedKey, jsonArrayValue);
-                }
-            } else {
-                // add the accumulated totals
-                JsonObjectBuilder accumulatedTotalsObjectBuilder = jsonObjectBuilder();
-                itemCounts.forEach((k, v) -> {
-                    if (v != 0) {
-                        accumulatedTotalsObjectBuilder.add(k, v);
-                    }
-                });
-                jsonObjectBuilder.add(sanitizedKey, accumulatedTotalsObjectBuilder.build());
-            }
-        }
-    }
-
 }

From 79094a7815c88e09abc6f0ecd944e6f5a0c158e9 Mon Sep 17 00:00:00 2001
From: GPortas <hey@gportas.me>
Date: Sun, 12 Oct 2025 19:19:46 +0100
Subject: [PATCH 382/634] Added: simple javadoc with TODO to
 FileVersionDifferenceJsonPrinter

---
 .../dataverse/util/json/FileVersionDifferenceJsonPrinter.java | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/src/main/java/edu/harvard/iq/dataverse/util/json/FileVersionDifferenceJsonPrinter.java b/src/main/java/edu/harvard/iq/dataverse/util/json/FileVersionDifferenceJsonPrinter.java
index 3fe3a4540be..e0e561fc0f8 100644
--- a/src/main/java/edu/harvard/iq/dataverse/util/json/FileVersionDifferenceJsonPrinter.java
+++ b/src/main/java/edu/harvard/iq/dataverse/util/json/FileVersionDifferenceJsonPrinter.java
@@ -9,6 +9,10 @@
 
 import static edu.harvard.iq.dataverse.util.json.NullSafeJsonBuilder.jsonObjectBuilder;
 
+/**
+ * Utility class responsible for producing JSON representations of {@link edu.harvard.iq.dataverse.FileVersionDifference} objects.
+ * TODO: The logic in this class was originally extracted from {@code FileMetadataVersionHelper}. Further refactoring and testing is required.
+ */
 public class FileVersionDifferenceJsonPrinter {
 
     private static final String ACTION_ADDED = "Added";

From 34cf465ad006b393766ceac58de4ac748a151633 Mon Sep 17 00:00:00 2001
From: jo-pol <jo-pol@users.noreply.github.com>
Date: Thu, 9 Oct 2025 13:58:19 +0200
Subject: [PATCH 383/634] hasDataversesToChoose with existing logic of
 permission service

---
 .../edu/harvard/iq/dataverse/DatasetPage.java | 15 +++-
 .../iq/dataverse/DataverseServiceBean.java    | 10 +++
 .../iq/dataverse/PermissionServiceBean.java   | 84 +++++++++++--------
 3 files changed, 72 insertions(+), 37 deletions(-)

diff --git a/src/main/java/edu/harvard/iq/dataverse/DatasetPage.java b/src/main/java/edu/harvard/iq/dataverse/DatasetPage.java
index 0ecde12b09a..7394984c443 100644
--- a/src/main/java/edu/harvard/iq/dataverse/DatasetPage.java
+++ b/src/main/java/edu/harvard/iq/dataverse/DatasetPage.java
@@ -1,5 +1,8 @@
 package edu.harvard.iq.dataverse;
 
+import edu.harvard.iq.dataverse.authorization.DataverseRole;
+import edu.harvard.iq.dataverse.engine.command.DataverseRequest;
+import edu.harvard.iq.dataverse.globus.Permissions;
 import edu.harvard.iq.dataverse.provenance.ProvPopupFragmentBean;
 import edu.harvard.iq.dataverse.api.AbstractApiBean;
 import edu.harvard.iq.dataverse.authorization.AuthenticationServiceBean;
@@ -1783,9 +1786,17 @@ public void setDataverseTemplates(List<Template> dataverseTemplates) {
     }
 
     public boolean isHasDataversesToChoose() {
-        // TODO we actually need to look for dataverses where a user has permission to add a dataset
+
         if (this.hasDataversesToChoose == null) {
-            this.hasDataversesToChoose = dataverseService.getDataverseCount() > 1;
+            var user = this.session.getUser();
+            if (!user.isAuthenticated()) {
+                this.hasDataversesToChoose = false;
+            } else {
+                var req = dvRequestService.getDataverseRequest();
+                var permissionBit = 1 << Permission.AddDataset.ordinal();
+                var authenticatedUser = (AuthenticatedUser) user;
+                this.hasDataversesToChoose = permissionService.hasMultiplePermittedCollections(req, authenticatedUser, permissionBit);
+            }
         }
         return this.hasDataversesToChoose;
     }
diff --git a/src/main/java/edu/harvard/iq/dataverse/DataverseServiceBean.java b/src/main/java/edu/harvard/iq/dataverse/DataverseServiceBean.java
index c14711060af..45ac4c27cf9 100644
--- a/src/main/java/edu/harvard/iq/dataverse/DataverseServiceBean.java
+++ b/src/main/java/edu/harvard/iq/dataverse/DataverseServiceBean.java
@@ -1276,6 +1276,16 @@ public long getDataverseCount() {
         return em.createNamedQuery("Dataverse.countAll", Long.class).getSingleResult();
     }
 
+    public boolean getHasRolesOnMultipleDataverses(String assignee) {
+        return em.createQuery("SELECT dv "
+                              + "FROM roleassignment ra "
+                              + "JOIN dataverse      dv "
+                              + "  ON dv.id = ra.definitionpoint_id "
+                              + "WHERE ra.assigneeidentifier = '@user001' OR ra.assigneeidentifier = ':authenticated-users' limit 2", Dataverse.class)
+                   .setParameter("assignee", assignee)
+                   .getResultList().size() > 1;
+    }
+
     /**
      * Returns the total number of published datasets within a Dataverse collection. The number includes harvested and
      * linked datasets. Datasets in subcollections are also counted.
diff --git a/src/main/java/edu/harvard/iq/dataverse/PermissionServiceBean.java b/src/main/java/edu/harvard/iq/dataverse/PermissionServiceBean.java
index e00e303356e..a2d69c546a9 100644
--- a/src/main/java/edu/harvard/iq/dataverse/PermissionServiceBean.java
+++ b/src/main/java/edu/harvard/iq/dataverse/PermissionServiceBean.java
@@ -928,45 +928,59 @@ public List<Dataverse> findPermittedCollections(DataverseRequest request, Authen
 
     public List<Dataverse> findPermittedCollections(DataverseRequest request, AuthenticatedUser user, int permissionBit) {
         if (user != null) {
-            // IP Group - Only check IP if a User is calling for themself
-            String ipRangeSQL = "FALSE";
-            if (request != null
-                    && request.getAuthenticatedUser() != null
-                    && !request.getAuthenticatedUser().isSuperuser()
-                    && request.getSourceAddress() != null
-                    && request.getAuthenticatedUser().getUserIdentifier().equalsIgnoreCase(user.getUserIdentifier())) {
-                IpAddress ip = request.getSourceAddress();
-                if (ip instanceof IPv4Address) {
-                    IPv4Address ipv4 = (IPv4Address) ip;
-                    ipRangeSQL = ipv4.toBigInteger() + " BETWEEN ipv4range.bottomaslong AND ipv4range.topaslong";
-                } else if (ip instanceof IPv6Address) {
-                    IPv6Address ipv6 = (IPv6Address) ip;
-                    long[] vals = ipv6.toLongArray();
-                    if (vals.length == 4) {
-                        ipRangeSQL = """
-                                (@0 BETWEEN ipv6range.bottoma AND ipv6range.topa
-                                AND @1 BETWEEN ipv6range.bottomb AND ipv6range.topb
-                                AND @2 BETWEEN ipv6range.bottomc AND ipv6range.topc
-                                AND @3 BETWEEN ipv6range.bottomd AND ipv6range.topd)
-                                """;
-                        for (int i = 0; i < vals.length; i++) {
-                            ipRangeSQL = ipRangeSQL.replace("@" + i, String.valueOf(vals[i]));
-                        }
+            var sqlCode = getSqlCode(request, user, permissionBit);
+            return em.createNativeQuery(sqlCode, Dataverse.class).getResultList();
+        }
+        return null;
+    }
+
+    public boolean hasMultiplePermittedCollections(DataverseRequest request, AuthenticatedUser user, int permissionBit) {
+        if (user != null) {
+            var sqlCode = getSqlCode(request, user, permissionBit) + " LIMIT 2";
+            var resultList = em.createNativeQuery(sqlCode, Dataverse.class).getResultList();
+            return resultList.size() > 1;
+        }
+        return false;
+    }
+
+    private String getSqlCode(DataverseRequest request, AuthenticatedUser user, int permissionBit) {
+        // IP Group - Only check IP if a User is calling for themself
+        String ipRangeSQL = "FALSE";
+        if (request != null
+            && request.getAuthenticatedUser() != null
+            && !request.getAuthenticatedUser().isSuperuser()
+            && request.getSourceAddress() != null
+            && request.getAuthenticatedUser().getUserIdentifier().equalsIgnoreCase(user.getUserIdentifier())) {
+            IpAddress ip = request.getSourceAddress();
+            if (ip instanceof IPv4Address) {
+                IPv4Address ipv4 = (IPv4Address) ip;
+                ipRangeSQL = ipv4.toBigInteger() + " BETWEEN ipv4range.bottomaslong AND ipv4range.topaslong";
+            } else if (ip instanceof IPv6Address) {
+                IPv6Address ipv6 = (IPv6Address) ip;
+                long[] vals = ipv6.toLongArray();
+                if (vals.length == 4) {
+                    ipRangeSQL = """
+                            (@0 BETWEEN ipv6range.bottoma AND ipv6range.topa
+                            AND @1 BETWEEN ipv6range.bottomb AND ipv6range.topb
+                            AND @2 BETWEEN ipv6range.bottomc AND ipv6range.topc
+                            AND @3 BETWEEN ipv6range.bottomd AND ipv6range.topd)
+                            """;
+                    for (int i = 0; i < vals.length; i++) {
+                        ipRangeSQL = ipRangeSQL.replace("@" + i, String.valueOf(vals[i]));
                     }
                 }
             }
-            String sqlCode;
-            if (user.isSuperuser()) {
-                sqlCode = LIST_ALL_DATAVERSES_SUPERUSER_HAS_PERMISSION;
-            } else {
-                sqlCode = LIST_ALL_DATAVERSES_USER_HAS_PERMISSION
-                        .replace("@USERID", String.valueOf(user.getId()))
-                        .replace("@PERMISSIONBIT", String.valueOf(permissionBit))
-                        .replace("@IPRANGESQL", ipRangeSQL);
-            }
-            return em.createNativeQuery(sqlCode, Dataverse.class).getResultList();
         }
-        return null;
+        String sqlCode;
+        if (user.isSuperuser()) {
+            sqlCode = LIST_ALL_DATAVERSES_SUPERUSER_HAS_PERMISSION;
+        } else {
+            sqlCode = LIST_ALL_DATAVERSES_USER_HAS_PERMISSION
+                    .replace("@USERID", String.valueOf(user.getId()))
+                    .replace("@PERMISSIONBIT", String.valueOf(permissionBit))
+                    .replace("@IPRANGESQL", ipRangeSQL);
+        }
+        return sqlCode;
     }
 
     /**

From df30271759a56a414edb6476df5616fed4bee18e Mon Sep 17 00:00:00 2001
From: Steven Ferey <steven.ferey@gmail.com>
Date: Mon, 13 Oct 2025 11:47:53 +0200
Subject: [PATCH 384/634] Adaptation to support the entire page

---
 src/main/webapp/resources/css/structure.css | 9 +++------
 1 file changed, 3 insertions(+), 6 deletions(-)

diff --git a/src/main/webapp/resources/css/structure.css b/src/main/webapp/resources/css/structure.css
index ac42ff44f6b..39e96390dc7 100644
--- a/src/main/webapp/resources/css/structure.css
+++ b/src/main/webapp/resources/css/structure.css
@@ -7,6 +7,9 @@ html {
 body {
   /* Sticky footer Margin bottom by footer height */
   margin-bottom:160px;
+  /* #11824 */
+  word-break: normal;
+  overflow-wrap: anywhere;
 }
 body.widget-view {margin-bottom:44px;}
 body .ui-widget {font-size: inherit;}
@@ -600,12 +603,6 @@ div[id$='roleDisplay'] span.label, div[id$='roleDetails'] span.label {display:in
 #title {font-size:36px !important;line-height:1.1;font-weight:bold;margin-top:0px;margin-bottom:0px;}
 #author, #contact {display:block; margin-bottom:.5em;}
 
-/* #11824 */
-table.metadata {
-  word-break: normal;
-  overflow-wrap: anywhere;
-}
-
 /* #11053 */
 #publication span {
     margin: 0px 5px 0px 5px;

From 0f71d6babdc94542eb2b1017b1e95d84084fce98 Mon Sep 17 00:00:00 2001
From: GPortas <hey@gportas.me>
Date: Mon, 13 Oct 2025 12:48:44 +0100
Subject: [PATCH 385/634] Added: pagination params to getFileVersionsList API
 endpoint

---
 .../edu/harvard/iq/dataverse/api/Files.java   |  7 ++-
 .../GetFileVersionDifferencesCommand.java     | 24 +++++++-
 src/main/java/propertyFiles/Bundle.properties |  3 +
 .../edu/harvard/iq/dataverse/api/FilesIT.java | 55 ++++++++++++++++++-
 .../edu/harvard/iq/dataverse/api/UtilIT.java  | 18 +++++-
 5 files changed, 99 insertions(+), 8 deletions(-)

diff --git a/src/main/java/edu/harvard/iq/dataverse/api/Files.java b/src/main/java/edu/harvard/iq/dataverse/api/Files.java
index 42e23656808..0b5e5b02b85 100644
--- a/src/main/java/edu/harvard/iq/dataverse/api/Files.java
+++ b/src/main/java/edu/harvard/iq/dataverse/api/Files.java
@@ -1172,7 +1172,10 @@ public Response getFileCitationByVersion(@Context ContainerRequestContext crc, @
     @AuthRequired
     @Path("{id}/versionDifferences")
     @Produces(MediaType.APPLICATION_JSON)
-    public Response getFileVersionsList(@Context ContainerRequestContext crc, @PathParam("id") String fileIdOrPersistentId) {
+    public Response getFileVersionsList(@Context ContainerRequestContext crc,
+                                        @PathParam("id") String fileIdOrPersistentId,
+                                        @QueryParam("limit") Integer limit,
+                                        @QueryParam("offset") Integer offset) {
         try {
             DataverseRequest req = createDataverseRequest(getRequestUser(crc));
             final DataFile df = execCommand(new GetDataFileCommand(req, findDataFileOrDie(fileIdOrPersistentId)));
@@ -1180,7 +1183,7 @@ public Response getFileVersionsList(@Context ContainerRequestContext crc, @PathP
             if (fm == null) {
                 return notFound(BundleUtil.getStringFromBundle("files.api.fileNotFound"));
             }
-            return ok(jsonFileVersionSummaries(execCommand(new GetFileVersionDifferencesCommand(req, fm, null, null))));
+            return ok(jsonFileVersionSummaries(execCommand(new GetFileVersionDifferencesCommand(req, fm, limit, offset))));
         } catch (WrappedResponse ex) {
             return ex.getResponse();
         }
diff --git a/src/main/java/edu/harvard/iq/dataverse/engine/command/impl/GetFileVersionDifferencesCommand.java b/src/main/java/edu/harvard/iq/dataverse/engine/command/impl/GetFileVersionDifferencesCommand.java
index 674f6c6c42c..f53af2cee1d 100644
--- a/src/main/java/edu/harvard/iq/dataverse/engine/command/impl/GetFileVersionDifferencesCommand.java
+++ b/src/main/java/edu/harvard/iq/dataverse/engine/command/impl/GetFileVersionDifferencesCommand.java
@@ -6,7 +6,8 @@
 import edu.harvard.iq.dataverse.engine.command.CommandContext;
 import edu.harvard.iq.dataverse.engine.command.DataverseRequest;
 import edu.harvard.iq.dataverse.engine.command.RequiredPermissions;
-import edu.harvard.iq.dataverse.engine.command.exception.CommandException;
+import edu.harvard.iq.dataverse.engine.command.exception.InvalidCommandArgumentsException;
+import edu.harvard.iq.dataverse.util.BundleUtil;
 
 import java.util.EnumSet;
 import java.util.List;
@@ -32,7 +33,10 @@ public GetFileVersionDifferencesCommand(DataverseRequest request, FileMetadata f
     }
 
     @Override
-    public List<FileVersionDifference> execute(CommandContext ctxt) throws CommandException {
+    public List<FileVersionDifference> execute(CommandContext ctxt) throws InvalidCommandArgumentsException {
+        validatePaginationParameter(limit, "limit");
+        validatePaginationParameter(offset, "offset");
+
         List<VersionedFileMetadata> fileHistory = findFileHistory(ctxt);
 
         return fileHistory.stream()
@@ -40,6 +44,22 @@ public List<FileVersionDifference> execute(CommandContext ctxt) throws CommandEx
                 .collect(Collectors.toList());
     }
 
+    /**
+     * Validates that a given pagination parameter is not negative.
+     *
+     * @param value The parameter's value.
+     * @param name  The parameter's name, used for the error message.
+     * @throws InvalidCommandArgumentsException if the value is negative.
+     */
+    private void validatePaginationParameter(Integer value, String name) throws InvalidCommandArgumentsException {
+        if (value != null && value < 0) {
+            throw new InvalidCommandArgumentsException(
+                    BundleUtil.getStringFromBundle("getFileVersionDifferencesCommand.errors.negativePaginationParam", List.of(name)),
+                    this
+            );
+        }
+    }
+
     /**
      * Fetches the file's version history, respecting user permissions.
      */
diff --git a/src/main/java/propertyFiles/Bundle.properties b/src/main/java/propertyFiles/Bundle.properties
index a07546284e0..928348275ad 100644
--- a/src/main/java/propertyFiles/Bundle.properties
+++ b/src/main/java/propertyFiles/Bundle.properties
@@ -3236,3 +3236,6 @@ roleAssigneeServiceBean.error.dataverseRequestCannotBeNull=DataverseRequest cann
 #GetUserPermittedCollectionsCommand.java
 getUserPermittedCollectionsCommand.errors.userNotFound=User not found.
 getUserPermittedCollectionsCommand.errors.permissionNotValid=Permission not valid.
+
+#GetFileVersionDifferencesCommand.java
+getFileVersionDifferencesCommand.errors.negativePaginationParam=The {0} parameter cannot be negative.
diff --git a/src/test/java/edu/harvard/iq/dataverse/api/FilesIT.java b/src/test/java/edu/harvard/iq/dataverse/api/FilesIT.java
index 38d89f782dd..ec24fb1124c 100644
--- a/src/test/java/edu/harvard/iq/dataverse/api/FilesIT.java
+++ b/src/test/java/edu/harvard/iq/dataverse/api/FilesIT.java
@@ -1448,7 +1448,7 @@ public void testDataSizeInDataverse() throws InterruptedException {
     }
 
     @Test
-    public void GetFileVersionDifferences() {
+    public void getFileVersionDifferences() {
         // Create superuser and regular user
         Response createUser = UtilIT.createRandomUser();
         String superUserUsername = UtilIT.getUsernameFromResponse(createUser);
@@ -1525,6 +1525,58 @@ public void GetFileVersionDifferences() {
                 .body("data[1].fileDifferenceSummary.file", equalTo("Added"))
                 .statusCode(OK.getStatusCode());
 
+        // Test pagination: limit=1, offset=0 (should get the first item: DRAFT)
+        Response paginatedResponse = UtilIT.getFileVersionDifferences(dataFileId, regularApiToken, 1, 0);
+        paginatedResponse.prettyPrint();
+        paginatedResponse.then().assertThat()
+                .statusCode(OK.getStatusCode())
+                .body("status", equalTo("OK"))
+                .body("data.size()", is(1))
+                .body("data[0].datasetVersion", equalTo("DRAFT"));
+
+        // Test pagination: limit=1, offset=1 (should skip 1 and get the second item: 1.0)
+        paginatedResponse = UtilIT.getFileVersionDifferences(dataFileId, regularApiToken, 1, 1);
+        paginatedResponse.prettyPrint();
+        paginatedResponse.then().assertThat()
+                .statusCode(OK.getStatusCode())
+                .body("status", equalTo("OK"))
+                .body("data.size()", is(1))
+                .body("data[0].datasetVersion", equalTo("1.0"));
+
+        // Test pagination: limit=1, offset=2 (out of bounds, should get an empty list)
+        paginatedResponse = UtilIT.getFileVersionDifferences(dataFileId, regularApiToken, 1, 2);
+        paginatedResponse.prettyPrint();
+        paginatedResponse.then().assertThat()
+                .statusCode(OK.getStatusCode())
+                .body("status", equalTo("OK"))
+                .body("data.size()", is(0));
+
+        // Test pagination: limit=2, offset=0 (should get both items)
+        paginatedResponse = UtilIT.getFileVersionDifferences(dataFileId, regularApiToken, 2, 0);
+        paginatedResponse.prettyPrint();
+        paginatedResponse.then().assertThat()
+                .statusCode(OK.getStatusCode())
+                .body("status", equalTo("OK"))
+                .body("data.size()", is(2))
+                .body("data[0].datasetVersion", equalTo("DRAFT"))
+                .body("data[1].datasetVersion", equalTo("1.0"));
+
+        // Test invalid pagination: limit=-1 (should return a bad request error)
+        paginatedResponse = UtilIT.getFileVersionDifferences(dataFileId, regularApiToken, -1, 0);
+        paginatedResponse.prettyPrint();
+        paginatedResponse.then().assertThat()
+                .statusCode(BAD_REQUEST.getStatusCode())
+                .body("status", equalTo("ERROR"))
+                .body("message", containsString("The limit parameter cannot be negative."));
+
+        // Test invalid pagination: offset=-1 (should return a bad request error)
+        paginatedResponse = UtilIT.getFileVersionDifferences(dataFileId, regularApiToken, 1, -1);
+        paginatedResponse.prettyPrint();
+        paginatedResponse.then().assertThat()
+                .statusCode(BAD_REQUEST.getStatusCode())
+                .body("status", equalTo("ERROR"))
+                .body("message", containsString("The offset parameter cannot be negative."));
+
         // test replace file
         pathToFile = "src/test/resources/images/coffeeshop.png";
         Response replaceFileResponse = UtilIT.replaceFile(dataFileId, pathToFile, superUserApiToken);
@@ -1567,6 +1619,7 @@ public void GetFileVersionDifferences() {
                 .body("data[1].fileDifferenceSummary.file", equalTo("Added"))
                 .statusCode(OK.getStatusCode());
     }
+
     @Test
     public void testGetFileInfo() {
         Response createUser = UtilIT.createRandomUser();
diff --git a/src/test/java/edu/harvard/iq/dataverse/api/UtilIT.java b/src/test/java/edu/harvard/iq/dataverse/api/UtilIT.java
index f9d11a46917..7ebebe0148c 100644
--- a/src/test/java/edu/harvard/iq/dataverse/api/UtilIT.java
+++ b/src/test/java/edu/harvard/iq/dataverse/api/UtilIT.java
@@ -1339,9 +1339,21 @@ static Response getFileData(String fileId, String apiToken, String datasetVersio
     }
 
     static Response getFileVersionDifferences(String fileId, String apiToken) {
-        return given()
-                .header(API_TOKEN_HTTP_HEADER, apiToken)
-                .get("/api/files/" + fileId + "/versionDifferences");
+        return getFileVersionDifferences(fileId, apiToken, null, null);
+    }
+
+    static Response getFileVersionDifferences(String fileId, String apiToken, Integer limit, Integer offset) {
+        RequestSpecification request = given()
+                .header(API_TOKEN_HTTP_HEADER, apiToken);
+
+        if (limit != null) {
+            request.queryParam("limit", limit);
+        }
+        if (offset != null) {
+            request.queryParam("offset", offset);
+        }
+
+        return request.get("/api/files/" + fileId + "/versionDifferences");
     }
 
     static Response testIngest(String fileName, String fileType) {

From 6c1da739e572dfb15a157f8fed1dea3e4e2aba7c Mon Sep 17 00:00:00 2001
From: GPortas <hey@gportas.me>
Date: Mon, 13 Oct 2025 12:54:45 +0100
Subject: [PATCH 386/634] Added: test cases producing
 InvalidCommandArgumentsException to GetFileVersionDifferencesCommandTest

---
 .../GetFileVersionDifferencesCommandTest.java | 37 ++++++++++++++++++-
 1 file changed, 35 insertions(+), 2 deletions(-)

diff --git a/src/test/java/edu/harvard/iq/dataverse/engine/command/impl/GetFileVersionDifferencesCommandTest.java b/src/test/java/edu/harvard/iq/dataverse/engine/command/impl/GetFileVersionDifferencesCommandTest.java
index b931fa0d8ae..861fa55a5c0 100644
--- a/src/test/java/edu/harvard/iq/dataverse/engine/command/impl/GetFileVersionDifferencesCommandTest.java
+++ b/src/test/java/edu/harvard/iq/dataverse/engine/command/impl/GetFileVersionDifferencesCommandTest.java
@@ -5,6 +5,7 @@
 import edu.harvard.iq.dataverse.engine.command.CommandContext;
 import edu.harvard.iq.dataverse.engine.command.DataverseRequest;
 import edu.harvard.iq.dataverse.engine.command.exception.CommandException;
+import edu.harvard.iq.dataverse.engine.command.exception.InvalidCommandArgumentsException;
 import org.junit.jupiter.api.BeforeEach;
 import org.junit.jupiter.api.DisplayName;
 import org.junit.jupiter.api.Test;
@@ -18,6 +19,7 @@
 import java.util.List;
 
 import static org.assertj.core.api.Assertions.assertThat;
+import static org.junit.jupiter.api.Assertions.assertThrows;
 import static org.mockito.ArgumentMatchers.any;
 import static org.mockito.ArgumentMatchers.anyBoolean;
 import static org.mockito.ArgumentMatchers.eq;
@@ -47,19 +49,25 @@ class GetFileVersionDifferencesCommandTest {
 
     @BeforeEach
     void setUp() {
+        when(fileMetadataMock.getDataFile()).thenReturn(dataFileMock);
+    }
+
+    /**
+     * Helper method to set up mocks required for tests that execute the full command logic,
+     */
+    private void setupMocksForSuccessfulExecution() {
         when(contextMock.permissions()).thenReturn(permissionsMock);
         when(contextMock.files()).thenReturn(fileServiceMock);
-
         when(fileMetadataMock.getDatasetVersion()).thenReturn(datasetVersionMock);
         when(datasetVersionMock.getDataset()).thenReturn(datasetMock);
         when(datasetMock.getId()).thenReturn(DATASET_ID);
-        when(fileMetadataMock.getDataFile()).thenReturn(dataFileMock);
     }
 
     @Test
     @DisplayName("execute should call findFileMetadataHistory with 'canViewUnpublished' as TRUE when user has permission")
     void execute_should_call_history_with_true_when_user_has_permission() throws CommandException {
         // Arrange
+        setupMocksForSuccessfulExecution();
         when(permissionsMock.hasPermissionsFor(requestMock.getUser(), datasetMock, EnumSet.of(Permission.ViewUnpublishedDataset)))
                 .thenReturn(true);
         when(fileServiceMock.findFileMetadataHistory(any(), any(), anyBoolean(), any(), any()))
@@ -86,6 +94,7 @@ void execute_should_call_history_with_true_when_user_has_permission() throws Com
     @DisplayName("execute should call findFileMetadataHistory with 'canViewUnpublished' as FALSE when user lacks permission")
     void execute_should_call_history_with_false_when_user_lacks_permission() throws CommandException {
         // Arrange
+        setupMocksForSuccessfulExecution();
         when(permissionsMock.hasPermissionsFor(requestMock.getUser(), datasetMock, EnumSet.of(Permission.ViewUnpublishedDataset)))
                 .thenReturn(false);
         when(fileServiceMock.findFileMetadataHistory(any(), any(), anyBoolean(), any(), any()))
@@ -112,6 +121,7 @@ void execute_should_call_history_with_false_when_user_lacks_permission() throws
     @DisplayName("execute should pass pagination parameters correctly to findFileMetadataHistory")
     void execute_should_pass_pagination_parameters_correctly() throws CommandException {
         // Arrange
+        setupMocksForSuccessfulExecution();
         Integer expectedLimit = 10;
         Integer expectedOffset = 20;
         when(fileServiceMock.findFileMetadataHistory(any(), any(), anyBoolean(), any(), any()))
@@ -136,6 +146,7 @@ void execute_should_pass_pagination_parameters_correctly() throws CommandExcepti
     @DisplayName("execute should correctly convert file history to FileVersionDifference list")
     void execute_should_convert_history_to_differences() throws CommandException {
         // Arrange
+        setupMocksForSuccessfulExecution();
         // Create mock history: 3 versions of a file's metadata
         FileMetadata fm3 = new FileMetadata(); // Newest
         fm3.setId(3L);
@@ -180,4 +191,26 @@ void execute_should_convert_history_to_differences() throws CommandException {
         assertThat(differences.get(2).getNewFileMetadata()).isEqualTo(fm1);
         assertThat(differences.get(2).getOriginalFileMetadata()).isNull();
     }
+
+    @Test
+    @DisplayName("execute should throw InvalidCommandArgumentsException for negative limit")
+    void execute_should_throw_exception_for_negative_limit() {
+        // Arrange
+        Integer invalidLimit = -1;
+        GetFileVersionDifferencesCommand command = new GetFileVersionDifferencesCommand(requestMock, fileMetadataMock, invalidLimit, 0);
+
+        // Act & Assert
+        assertThrows(InvalidCommandArgumentsException.class, () -> command.execute(contextMock));
+    }
+
+    @Test
+    @DisplayName("execute should throw InvalidCommandArgumentsException for negative offset")
+    void execute_should_throw_exception_for_negative_offset() {
+        // Arrange
+        Integer invalidOffset = -1;
+        GetFileVersionDifferencesCommand command = new GetFileVersionDifferencesCommand(requestMock, fileMetadataMock, 10, invalidOffset);
+
+        // Act & Assert
+        assertThrows(InvalidCommandArgumentsException.class, () -> command.execute(contextMock));
+    }
 }

From a3fe9c509a026dbeb3845dc1329272b8837b34dc Mon Sep 17 00:00:00 2001
From: GPortas <hey@gportas.me>
Date: Mon, 13 Oct 2025 12:58:01 +0100
Subject: [PATCH 387/634] Added: pagination params validation to
 GetDatasetVersionSummariesCommand

---
 .../GetDatasetVersionSummariesCommand.java    | 21 ++++++++++
 ...GetDatasetVersionSummariesCommandTest.java | 40 ++++++++++++++-----
 .../GetFileVersionDifferencesCommandTest.java |  2 +-
 3 files changed, 53 insertions(+), 10 deletions(-)

diff --git a/src/main/java/edu/harvard/iq/dataverse/engine/command/impl/GetDatasetVersionSummariesCommand.java b/src/main/java/edu/harvard/iq/dataverse/engine/command/impl/GetDatasetVersionSummariesCommand.java
index d820dd7de6a..09220d9c80a 100644
--- a/src/main/java/edu/harvard/iq/dataverse/engine/command/impl/GetDatasetVersionSummariesCommand.java
+++ b/src/main/java/edu/harvard/iq/dataverse/engine/command/impl/GetDatasetVersionSummariesCommand.java
@@ -9,6 +9,8 @@
 import edu.harvard.iq.dataverse.engine.command.DataverseRequest;
 import edu.harvard.iq.dataverse.engine.command.RequiredPermissions;
 import edu.harvard.iq.dataverse.engine.command.exception.CommandException;
+import edu.harvard.iq.dataverse.engine.command.exception.InvalidCommandArgumentsException;
+import edu.harvard.iq.dataverse.util.BundleUtil;
 
 import java.util.EnumSet;
 import java.util.List;
@@ -33,6 +35,9 @@ public GetDatasetVersionSummariesCommand(DataverseRequest request, Dataset datas
 
     @Override
     public List<DatasetVersionSummary> execute(CommandContext ctxt) throws CommandException {
+        validatePaginationParameter(limit, "limit");
+        validatePaginationParameter(offset, "offset");
+
         boolean canViewUnpublished = ctxt.permissions().hasPermissionsFor(
                 getRequest().getUser(),
                 dataset,
@@ -52,4 +57,20 @@ public List<DatasetVersionSummary> execute(CommandContext ctxt) throws CommandEx
                 .flatMap(Optional::stream)
                 .toList();
     }
+
+    /**
+     * Validates that a given pagination parameter is not negative.
+     *
+     * @param value The parameter's value.
+     * @param name  The parameter's name, used for the error message.
+     * @throws InvalidCommandArgumentsException if the value is negative.
+     */
+    private void validatePaginationParameter(Integer value, String name) throws InvalidCommandArgumentsException {
+        if (value != null && value < 0) {
+            throw new InvalidCommandArgumentsException(
+                    BundleUtil.getStringFromBundle("getFileVersionDifferencesCommand.errors.negativePaginationParam", List.of(name)),
+                    this
+            );
+        }
+    }
 }
diff --git a/src/test/java/edu/harvard/iq/dataverse/engine/command/impl/GetDatasetVersionSummariesCommandTest.java b/src/test/java/edu/harvard/iq/dataverse/engine/command/impl/GetDatasetVersionSummariesCommandTest.java
index 0161bdbfbf2..e47deb86c8f 100644
--- a/src/test/java/edu/harvard/iq/dataverse/engine/command/impl/GetDatasetVersionSummariesCommandTest.java
+++ b/src/test/java/edu/harvard/iq/dataverse/engine/command/impl/GetDatasetVersionSummariesCommandTest.java
@@ -10,7 +10,7 @@
 import edu.harvard.iq.dataverse.engine.command.CommandContext;
 import edu.harvard.iq.dataverse.engine.command.DataverseRequest;
 import edu.harvard.iq.dataverse.engine.command.exception.CommandException;
-import org.junit.jupiter.api.BeforeEach;
+import edu.harvard.iq.dataverse.engine.command.exception.InvalidCommandArgumentsException;
 import org.junit.jupiter.api.DisplayName;
 import org.junit.jupiter.api.Test;
 import org.junit.jupiter.api.extension.ExtendWith;
@@ -26,6 +26,7 @@
 import java.util.Optional;
 
 import static org.assertj.core.api.Assertions.assertThat;
+import static org.junit.jupiter.api.Assertions.assertThrows;
 import static org.mockito.ArgumentMatchers.any;
 import static org.mockito.ArgumentMatchers.anyBoolean;
 import static org.mockito.ArgumentMatchers.anyLong;
@@ -53,16 +54,13 @@ class GetDatasetVersionSummariesCommandTest {
 
     private static final Long DATASET_ID = 42L;
 
-    @BeforeEach
-    void setUp() {
-        // Mock the context to return our mock services
+    /**
+     * Helper method to set up mocks required for tests that execute the full command logic.
+     */
+    private void setupMocksForSuccessfulExecution() {
         when(contextMock.permissions()).thenReturn(permissionsMock);
         when(contextMock.datasetVersion()).thenReturn(versionServiceMock);
-
-        // Mock the request to return a user
         when(requestMock.getUser()).thenReturn(userMock);
-
-        // Mock the dataset to have a specific ID
         when(datasetMock.getId()).thenReturn(DATASET_ID);
     }
 
@@ -70,6 +68,7 @@ void setUp() {
     @DisplayName("execute should call findVersions with 'canViewUnpublished' as TRUE when user has permission")
     void execute_should_call_findVersions_with_true_when_user_has_permission() throws CommandException {
         // Arrange
+        setupMocksForSuccessfulExecution();
         when(permissionsMock.hasPermissionsFor(requestMock.getUser(), datasetMock, EnumSet.of(Permission.ViewUnpublishedDataset)))
                 .thenReturn(true);
         when(versionServiceMock.findVersions(anyLong(), any(), any(), anyBoolean(), anyBoolean()))
@@ -96,6 +95,7 @@ void execute_should_call_findVersions_with_true_when_user_has_permission() throw
     @DisplayName("execute should call findVersions with 'canViewUnpublished' as FALSE when user lacks permission")
     void execute_should_call_findVersions_with_false_when_user_lacks_permission() throws CommandException {
         // Arrange
+        setupMocksForSuccessfulExecution();
         when(permissionsMock.hasPermissionsFor(requestMock.getUser(), datasetMock, EnumSet.of(Permission.ViewUnpublishedDataset)))
                 .thenReturn(false);
         when(versionServiceMock.findVersions(anyLong(), any(), any(), anyBoolean(), anyBoolean()))
@@ -122,6 +122,7 @@ void execute_should_call_findVersions_with_false_when_user_lacks_permission() th
     @DisplayName("execute should pass pagination parameters correctly to findVersions")
     void execute_should_pass_pagination_parameters_correctly() throws CommandException {
         // Arrange
+        setupMocksForSuccessfulExecution();
         Integer expectedLimit = 10;
         Integer expectedOffset = 20;
         when(versionServiceMock.findVersions(anyLong(), any(), any(), anyBoolean(), anyBoolean()))
@@ -145,7 +146,8 @@ void execute_should_pass_pagination_parameters_correctly() throws CommandExcepti
     @Test
     @DisplayName("execute should correctly convert DatasetVersion list to DatasetVersionSummary list")
     void execute_should_convert_versions_to_summaries() throws CommandException {
-        // Arrange: Mock the service to return a list with one version
+        // Arrange
+        setupMocksForSuccessfulExecution();
         when(versionServiceMock.findVersions(anyLong(), any(), any(), anyBoolean(), anyBoolean()))
                 .thenReturn(List.of(versionMock));
 
@@ -169,4 +171,24 @@ void execute_should_convert_versions_to_summaries() throws CommandException {
                     .containsExactly(dummySummary);
         }
     }
+
+    @Test
+    @DisplayName("execute should throw InvalidCommandArgumentsException for negative limit")
+    void execute_should_throw_exception_for_negative_limit() {
+        // Arrange
+        GetDatasetVersionSummariesCommand command = new GetDatasetVersionSummariesCommand(requestMock, datasetMock, -1, 0);
+
+        // Act & Assert
+        assertThrows(InvalidCommandArgumentsException.class, () -> command.execute(contextMock));
+    }
+
+    @Test
+    @DisplayName("execute should throw InvalidCommandArgumentsException for negative offset")
+    void execute_should_throw_exception_for_negative_offset() {
+        // Arrange
+        GetDatasetVersionSummariesCommand command = new GetDatasetVersionSummariesCommand(requestMock, datasetMock, 10, -1);
+
+        // Act & Assert
+        assertThrows(InvalidCommandArgumentsException.class, () -> command.execute(contextMock));
+    }
 }
diff --git a/src/test/java/edu/harvard/iq/dataverse/engine/command/impl/GetFileVersionDifferencesCommandTest.java b/src/test/java/edu/harvard/iq/dataverse/engine/command/impl/GetFileVersionDifferencesCommandTest.java
index 861fa55a5c0..9b672fd2ca5 100644
--- a/src/test/java/edu/harvard/iq/dataverse/engine/command/impl/GetFileVersionDifferencesCommandTest.java
+++ b/src/test/java/edu/harvard/iq/dataverse/engine/command/impl/GetFileVersionDifferencesCommandTest.java
@@ -53,7 +53,7 @@ void setUp() {
     }
 
     /**
-     * Helper method to set up mocks required for tests that execute the full command logic,
+     * Helper method to set up mocks required for tests that execute the full command logic.
      */
     private void setupMocksForSuccessfulExecution() {
         when(contextMock.permissions()).thenReturn(permissionsMock);

From 6cecbf4342cfb32a9228a837814899a26e385d74 Mon Sep 17 00:00:00 2001
From: GPortas <hey@gportas.me>
Date: Mon, 13 Oct 2025 13:03:06 +0100
Subject: [PATCH 388/634] Refactor: AbstractPaginatedCommand

---
 .../impl/AbstractPaginatedCommand.java        | 64 +++++++++++++++++++
 .../GetDatasetVersionSummariesCommand.java    | 32 +---------
 .../GetFileVersionDifferencesCommand.java     | 32 +---------
 3 files changed, 70 insertions(+), 58 deletions(-)
 create mode 100644 src/main/java/edu/harvard/iq/dataverse/engine/command/impl/AbstractPaginatedCommand.java

diff --git a/src/main/java/edu/harvard/iq/dataverse/engine/command/impl/AbstractPaginatedCommand.java b/src/main/java/edu/harvard/iq/dataverse/engine/command/impl/AbstractPaginatedCommand.java
new file mode 100644
index 00000000000..ef32c5b613e
--- /dev/null
+++ b/src/main/java/edu/harvard/iq/dataverse/engine/command/impl/AbstractPaginatedCommand.java
@@ -0,0 +1,64 @@
+package edu.harvard.iq.dataverse.engine.command.impl;
+
+import edu.harvard.iq.dataverse.DvObject;
+import edu.harvard.iq.dataverse.engine.command.AbstractCommand;
+import edu.harvard.iq.dataverse.engine.command.CommandContext;
+import edu.harvard.iq.dataverse.engine.command.DataverseRequest;
+import edu.harvard.iq.dataverse.engine.command.exception.CommandException;
+import edu.harvard.iq.dataverse.engine.command.exception.InvalidCommandArgumentsException;
+import edu.harvard.iq.dataverse.util.BundleUtil;
+
+import java.util.List;
+
+/**
+ * An abstract command for operations that support pagination.
+ * It handles the common logic for 'limit' and 'offset' parameters,
+ * including validation.
+ *
+ * @param <T> The return type of the command's result.
+ */
+public abstract class AbstractPaginatedCommand<T> extends AbstractCommand<T> {
+
+    protected final Integer limit;
+    protected final Integer offset;
+
+    public AbstractPaginatedCommand(DataverseRequest request, DvObject dvObject, Integer limit, Integer offset) {
+        super(request, dvObject);
+        this.limit = limit;
+        this.offset = offset;
+    }
+
+    @Override
+    public T execute(CommandContext ctxt) throws CommandException {
+        validatePaginationParameter(limit, "limit");
+        validatePaginationParameter(offset, "offset");
+        return executeCommand(ctxt);
+    }
+
+    /**
+     * The core logic of the command, executed after pagination parameters have been validated.
+     * Subclasses must implement this method.
+     *
+     * @param ctxt The command context.
+     * @return The result of the command.
+     * @throws CommandException if an error occurs during command execution.
+     */
+    public abstract T executeCommand(CommandContext ctxt) throws CommandException;
+
+    /**
+     * Validates that a given pagination parameter is not negative.
+     *
+     * @param value The parameter's value.
+     * @param name  The parameter's name, used for the error message.
+     * @throws InvalidCommandArgumentsException if the value is negative.
+     */
+    private void validatePaginationParameter(Integer value, String name) throws InvalidCommandArgumentsException {
+        if (value != null && value < 0) {
+            // Both original commands used this specific bundle key. A more generic one could be introduced later.
+            throw new InvalidCommandArgumentsException(
+                    BundleUtil.getStringFromBundle("getFileVersionDifferencesCommand.errors.negativePaginationParam", List.of(name)),
+                    this
+            );
+        }
+    }
+}
diff --git a/src/main/java/edu/harvard/iq/dataverse/engine/command/impl/GetDatasetVersionSummariesCommand.java b/src/main/java/edu/harvard/iq/dataverse/engine/command/impl/GetDatasetVersionSummariesCommand.java
index 09220d9c80a..802c4189e45 100644
--- a/src/main/java/edu/harvard/iq/dataverse/engine/command/impl/GetDatasetVersionSummariesCommand.java
+++ b/src/main/java/edu/harvard/iq/dataverse/engine/command/impl/GetDatasetVersionSummariesCommand.java
@@ -4,13 +4,10 @@
 import edu.harvard.iq.dataverse.DatasetVersion;
 import edu.harvard.iq.dataverse.authorization.Permission;
 import edu.harvard.iq.dataverse.datasetversionsummaries.DatasetVersionSummary;
-import edu.harvard.iq.dataverse.engine.command.AbstractCommand;
 import edu.harvard.iq.dataverse.engine.command.CommandContext;
 import edu.harvard.iq.dataverse.engine.command.DataverseRequest;
 import edu.harvard.iq.dataverse.engine.command.RequiredPermissions;
 import edu.harvard.iq.dataverse.engine.command.exception.CommandException;
-import edu.harvard.iq.dataverse.engine.command.exception.InvalidCommandArgumentsException;
-import edu.harvard.iq.dataverse.util.BundleUtil;
 
 import java.util.EnumSet;
 import java.util.List;
@@ -20,24 +17,17 @@
  * A command that retrieves a paginated list of {@link DatasetVersionSummary} for the versions of a given {@link Dataset}.
  **/
 @RequiredPermissions({})
-public class GetDatasetVersionSummariesCommand extends AbstractCommand<List<DatasetVersionSummary>> {
+public class GetDatasetVersionSummariesCommand extends AbstractPaginatedCommand<List<DatasetVersionSummary>> {
 
     private final Dataset dataset;
-    private final Integer limit;
-    private final Integer offset;
 
     public GetDatasetVersionSummariesCommand(DataverseRequest request, Dataset dataset, Integer limit, Integer offset) {
-        super(request, dataset);
+        super(request, dataset, limit, offset);
         this.dataset = dataset;
-        this.limit = limit;
-        this.offset = offset;
     }
 
     @Override
-    public List<DatasetVersionSummary> execute(CommandContext ctxt) throws CommandException {
-        validatePaginationParameter(limit, "limit");
-        validatePaginationParameter(offset, "offset");
-
+    public List<DatasetVersionSummary> executeCommand(CommandContext ctxt) throws CommandException {
         boolean canViewUnpublished = ctxt.permissions().hasPermissionsFor(
                 getRequest().getUser(),
                 dataset,
@@ -57,20 +47,4 @@ public List<DatasetVersionSummary> execute(CommandContext ctxt) throws CommandEx
                 .flatMap(Optional::stream)
                 .toList();
     }
-
-    /**
-     * Validates that a given pagination parameter is not negative.
-     *
-     * @param value The parameter's value.
-     * @param name  The parameter's name, used for the error message.
-     * @throws InvalidCommandArgumentsException if the value is negative.
-     */
-    private void validatePaginationParameter(Integer value, String name) throws InvalidCommandArgumentsException {
-        if (value != null && value < 0) {
-            throw new InvalidCommandArgumentsException(
-                    BundleUtil.getStringFromBundle("getFileVersionDifferencesCommand.errors.negativePaginationParam", List.of(name)),
-                    this
-            );
-        }
-    }
 }
diff --git a/src/main/java/edu/harvard/iq/dataverse/engine/command/impl/GetFileVersionDifferencesCommand.java b/src/main/java/edu/harvard/iq/dataverse/engine/command/impl/GetFileVersionDifferencesCommand.java
index f53af2cee1d..62bfb24b801 100644
--- a/src/main/java/edu/harvard/iq/dataverse/engine/command/impl/GetFileVersionDifferencesCommand.java
+++ b/src/main/java/edu/harvard/iq/dataverse/engine/command/impl/GetFileVersionDifferencesCommand.java
@@ -2,12 +2,9 @@
 
 import edu.harvard.iq.dataverse.*;
 import edu.harvard.iq.dataverse.authorization.Permission;
-import edu.harvard.iq.dataverse.engine.command.AbstractCommand;
 import edu.harvard.iq.dataverse.engine.command.CommandContext;
 import edu.harvard.iq.dataverse.engine.command.DataverseRequest;
 import edu.harvard.iq.dataverse.engine.command.RequiredPermissions;
-import edu.harvard.iq.dataverse.engine.command.exception.InvalidCommandArgumentsException;
-import edu.harvard.iq.dataverse.util.BundleUtil;
 
 import java.util.EnumSet;
 import java.util.List;
@@ -19,24 +16,17 @@
  * highlighting the differences between each version.
  */
 @RequiredPermissions({})
-public class GetFileVersionDifferencesCommand extends AbstractCommand<List<FileVersionDifference>> {
+public class GetFileVersionDifferencesCommand extends AbstractPaginatedCommand<List<FileVersionDifference>> {
 
     private final FileMetadata fileMetadata;
-    private final Integer limit;
-    private final Integer offset;
 
     public GetFileVersionDifferencesCommand(DataverseRequest request, FileMetadata fileMetadata, Integer limit, Integer offset) {
-        super(request, fileMetadata.getDataFile());
+        super(request, fileMetadata.getDataFile(), limit, offset);
         this.fileMetadata = Objects.requireNonNull(fileMetadata);
-        this.limit = limit;
-        this.offset = offset;
     }
 
     @Override
-    public List<FileVersionDifference> execute(CommandContext ctxt) throws InvalidCommandArgumentsException {
-        validatePaginationParameter(limit, "limit");
-        validatePaginationParameter(offset, "offset");
-
+    public List<FileVersionDifference> executeCommand(CommandContext ctxt) {
         List<VersionedFileMetadata> fileHistory = findFileHistory(ctxt);
 
         return fileHistory.stream()
@@ -44,22 +34,6 @@ public List<FileVersionDifference> execute(CommandContext ctxt) throws InvalidCo
                 .collect(Collectors.toList());
     }
 
-    /**
-     * Validates that a given pagination parameter is not negative.
-     *
-     * @param value The parameter's value.
-     * @param name  The parameter's name, used for the error message.
-     * @throws InvalidCommandArgumentsException if the value is negative.
-     */
-    private void validatePaginationParameter(Integer value, String name) throws InvalidCommandArgumentsException {
-        if (value != null && value < 0) {
-            throw new InvalidCommandArgumentsException(
-                    BundleUtil.getStringFromBundle("getFileVersionDifferencesCommand.errors.negativePaginationParam", List.of(name)),
-                    this
-            );
-        }
-    }
-
     /**
      * Fetches the file's version history, respecting user permissions.
      */

From 98a03c3b3c6bcd77ec283da523f0e51ab2d4877e Mon Sep 17 00:00:00 2001
From: GPortas <hey@gportas.me>
Date: Mon, 13 Oct 2025 13:16:32 +0100
Subject: [PATCH 389/634] Added: invalid pagination params test cases to
 testSummaryDatasetVersionsDifferencesAPI IT

---
 .../impl/AbstractPaginatedCommand.java        |  3 +--
 src/main/java/propertyFiles/Bundle.properties |  4 ++--
 .../harvard/iq/dataverse/api/DatasetsIT.java  | 20 ++++++++++++++++---
 3 files changed, 20 insertions(+), 7 deletions(-)

diff --git a/src/main/java/edu/harvard/iq/dataverse/engine/command/impl/AbstractPaginatedCommand.java b/src/main/java/edu/harvard/iq/dataverse/engine/command/impl/AbstractPaginatedCommand.java
index ef32c5b613e..0a9f40d7ec2 100644
--- a/src/main/java/edu/harvard/iq/dataverse/engine/command/impl/AbstractPaginatedCommand.java
+++ b/src/main/java/edu/harvard/iq/dataverse/engine/command/impl/AbstractPaginatedCommand.java
@@ -54,9 +54,8 @@ public T execute(CommandContext ctxt) throws CommandException {
      */
     private void validatePaginationParameter(Integer value, String name) throws InvalidCommandArgumentsException {
         if (value != null && value < 0) {
-            // Both original commands used this specific bundle key. A more generic one could be introduced later.
             throw new InvalidCommandArgumentsException(
-                    BundleUtil.getStringFromBundle("getFileVersionDifferencesCommand.errors.negativePaginationParam", List.of(name)),
+                    BundleUtil.getStringFromBundle("abstractPaginatedCommand.errors.negativePaginationParam", List.of(name)),
                     this
             );
         }
diff --git a/src/main/java/propertyFiles/Bundle.properties b/src/main/java/propertyFiles/Bundle.properties
index 928348275ad..1016bb96788 100644
--- a/src/main/java/propertyFiles/Bundle.properties
+++ b/src/main/java/propertyFiles/Bundle.properties
@@ -3237,5 +3237,5 @@ roleAssigneeServiceBean.error.dataverseRequestCannotBeNull=DataverseRequest cann
 getUserPermittedCollectionsCommand.errors.userNotFound=User not found.
 getUserPermittedCollectionsCommand.errors.permissionNotValid=Permission not valid.
 
-#GetFileVersionDifferencesCommand.java
-getFileVersionDifferencesCommand.errors.negativePaginationParam=The {0} parameter cannot be negative.
+#AbstractPaginatedCommand.java
+abstractPaginatedCommand.errors.negativePaginationParam=The {0} parameter cannot be negative.
diff --git a/src/test/java/edu/harvard/iq/dataverse/api/DatasetsIT.java b/src/test/java/edu/harvard/iq/dataverse/api/DatasetsIT.java
index fcd604db8d8..31f4669cd42 100644
--- a/src/test/java/edu/harvard/iq/dataverse/api/DatasetsIT.java
+++ b/src/test/java/edu/harvard/iq/dataverse/api/DatasetsIT.java
@@ -6586,7 +6586,7 @@ public void testSummaryDatasetVersionsDifferencesAPI() throws InterruptedExcepti
         addDataToPublishedVersion = UtilIT.addDatasetMetadataViaNative(datasetPersistentId, pathToJsonFilePostPub, apiToken);
         addDataToPublishedVersion.then().assertThat().statusCode(OK.getStatusCode());
 
-        // TEST 1: No pagination. Should return all 3 version differences (DRAFT, 2.0, 1.0).
+        // Test pagination: No pagination. Should return all 3 version differences (DRAFT, 2.0, 1.0).
         Response compareAllResponse = UtilIT.summaryDatasetVersionDifferences(datasetPersistentId, apiToken);
         compareAllResponse.then().assertThat()
                 .statusCode(OK.getStatusCode())
@@ -6595,19 +6595,33 @@ public void testSummaryDatasetVersionsDifferencesAPI() throws InterruptedExcepti
                 .body("data[1].versionNumber", equalTo("2.0"))
                 .body("data[2].versionNumber", equalTo("1.0"));
 
-        // TEST 2: Use limit=1. Should return only the latest difference (DRAFT).
+        // Test pagination: Use limit=1. Should return only the latest difference (DRAFT).
         Response compareLimitResponse = UtilIT.summaryDatasetVersionDifferences(datasetPersistentId, 1, null, apiToken);
         compareLimitResponse.then().assertThat()
                 .statusCode(OK.getStatusCode())
                 .body("data.size()", is(1))
                 .body("data[0].versionNumber", equalTo("DRAFT"));
 
-        // TEST 3: Use limit=1 and offset=1. Should skip the first result and return the second (2.0).
+        // Test pagination: Use limit=1 and offset=1. Should skip the first result and return the second (2.0).
         Response compareOffsetResponse = UtilIT.summaryDatasetVersionDifferences(datasetPersistentId, 1, 1, apiToken);
         compareOffsetResponse.then().assertThat()
                 .statusCode(OK.getStatusCode())
                 .body("data.size()", is(1))
                 .body("data[0].versionNumber", equalTo("2.0"));
+
+        // Test invalid pagination: limit=-1 (should return a bad request error)
+        compareAllResponse = UtilIT.summaryDatasetVersionDifferences(datasetPersistentId, -1, 1, apiToken);
+        compareAllResponse.then().assertThat()
+                .statusCode(BAD_REQUEST.getStatusCode())
+                .body("status", equalTo("ERROR"))
+                .body("message", containsString("The limit parameter cannot be negative."));
+
+        // Test invalid pagination: offset=-1 (should return a bad request error)
+        compareAllResponse = UtilIT.summaryDatasetVersionDifferences(datasetPersistentId, 1, -1, apiToken);
+        compareAllResponse.then().assertThat()
+                .statusCode(BAD_REQUEST.getStatusCode())
+                .body("status", equalTo("ERROR"))
+                .body("message", containsString("The offset parameter cannot be negative."));
     }
     
     @Test

From 354627912c2277872593375cf5fd8026ca1f4b2c Mon Sep 17 00:00:00 2001
From: GPortas <hey@gportas.me>
Date: Mon, 13 Oct 2025 13:31:09 +0100
Subject: [PATCH 390/634] Added: docs for pagination in versionDifferences
 Files API endpoint

---
 doc/sphinx-guides/source/api/native-api.rst | 15 +++++++++++++--
 1 file changed, 13 insertions(+), 2 deletions(-)

diff --git a/doc/sphinx-guides/source/api/native-api.rst b/doc/sphinx-guides/source/api/native-api.rst
index 6fe0147a683..91b0fbd9b44 100644
--- a/doc/sphinx-guides/source/api/native-api.rst
+++ b/doc/sphinx-guides/source/api/native-api.rst
@@ -4288,8 +4288,19 @@ The fully expanded example above (without environment variables) looks like this
 
 .. code-block:: bash
 
-  curl  -X GET "https://demo.dataverse.org/api/files/1234/versionDifferences"
-  curl  -X GET "https://demo.dataverse.org/api/files/:persistentId/versionDifferences?persistentId=doi:10.5072/FK2/J8SJZB"
+  curl -H "X-Dataverse-key: xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx" -X GET "https://demo.dataverse.org/api/files/1234/versionDifferences"
+  curl -H "X-Dataverse-key: xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx" -X GET "https://demo.dataverse.org/api/files/:persistentId/versionDifferences?persistentId=doi:10.5072/FK2/J8SJZB"
+
+You can control pagination of the results using the following optional query parameters.
+
+* ``limit``: The maximum number of version differences to return.
+* ``offset``: The number of version differences to skip from the beginning of the list. Used for retrieving subsequent pages of results.
+
+For example, to get the second page of results, with 2 items per page, you would use ``limit=2`` and ``offset=2`` (skipping the first two results).
+
+.. code-block:: bash
+
+  curl -H "X-Dataverse-key: xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx" -X GET "https://demo.dataverse.org/api/files/1234/versionDifferences?limit=2&offset=2"
 
 Adding Files
 ~~~~~~~~~~~~

From ddfefd4c3249ee5be26aaebc0d8cdfdff63cc7e7 Mon Sep 17 00:00:00 2001
From: GPortas <hey@gportas.me>
Date: Mon, 13 Oct 2025 13:31:59 +0100
Subject: [PATCH 391/634] Fixed: typo in docs for versions/compareSummary

---
 doc/sphinx-guides/source/api/native-api.rst | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/doc/sphinx-guides/source/api/native-api.rst b/doc/sphinx-guides/source/api/native-api.rst
index 91b0fbd9b44..5d005d983d7 100644
--- a/doc/sphinx-guides/source/api/native-api.rst
+++ b/doc/sphinx-guides/source/api/native-api.rst
@@ -2099,13 +2099,13 @@ be available to users who have permission to view unpublished drafts. The api to
   export SERVER_URL=https://demo.dataverse.org
   export PERSISTENT_IDENTIFIER=doi:10.5072/FK2/BCCP9Z
 
-  curl -H "X-Dataverse-key: $API_TOKEN" -X PUT "$SERVER_URL/api/datasets/:persistentId/versions/compareSummary?persistentId=$PERSISTENT_IDENTIFIER"
+  curl -H "X-Dataverse-key: $API_TOKEN" -X GET "$SERVER_URL/api/datasets/:persistentId/versions/compareSummary?persistentId=$PERSISTENT_IDENTIFIER"
 
 The fully expanded example above (without environment variables) looks like this:
 
 .. code-block:: bash
 
-  curl -H "X-Dataverse-key: xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx" -X PUT "https://demo.dataverse.org/api/datasets/:persistentId/versions/compareSummary?persistentId=doi:10.5072/FK2/BCCP9Z"
+  curl -H "X-Dataverse-key: xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx" -X GET "https://demo.dataverse.org/api/datasets/:persistentId/versions/compareSummary?persistentId=doi:10.5072/FK2/BCCP9Z"
 
 You can control pagination of the results using the following optional query parameters.
 
@@ -2116,7 +2116,7 @@ For example, to get the second page of results, with 2 items per page, you would
 
 .. code-block:: bash
 
-  curl -H "X-Dataverse-key: xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx" -X PUT "https://demo.dataverse.org/api/datasets/:persistentId/versions/compareSummary?persistentId=doi:10.5072/FK2/BCCP9Z&limit=2&offset=2"
+  curl -H "X-Dataverse-key: xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx" -X GET "https://demo.dataverse.org/api/datasets/:persistentId/versions/compareSummary?persistentId=doi:10.5072/FK2/BCCP9Z&limit=2&offset=2"
 
 Update Metadata For a Dataset
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

From 80eae81a498b4f426633dc54cd8ba092664be2b1 Mon Sep 17 00:00:00 2001
From: GPortas <hey@gportas.me>
Date: Mon, 13 Oct 2025 13:43:33 +0100
Subject: [PATCH 392/634] Added: release notes for #11855

---
 ...ion-summaries-pagination-and-perfomance.md | 24 +++++++++++++++++++
 1 file changed, 24 insertions(+)
 create mode 100644 doc/release-notes/11855-version-summaries-pagination-and-perfomance.md

diff --git a/doc/release-notes/11855-version-summaries-pagination-and-perfomance.md b/doc/release-notes/11855-version-summaries-pagination-and-perfomance.md
new file mode 100644
index 00000000000..b71ad4826a8
--- /dev/null
+++ b/doc/release-notes/11855-version-summaries-pagination-and-perfomance.md
@@ -0,0 +1,24 @@
+### Pagination for API Version Summaries
+
+We've added pagination support to the following API endpoints:
+
+- File Version Differences: api/files/{id}/versionDifferences
+
+- Dataset Version Summaries: api/datasets/:persistentId/versions/compareSummary
+
+You can now use two new query parameters to control the results:
+
+- **limit**: An integer specifying the maximum number of results to return per page.
+
+- **offset**: An integer specifying the number of results to skip before starting to return items. This is used to navigate to different pages.
+
+### Performance enhancements for API Version Summaries
+
+In addition to adding pagination, we've significantly improved the performance of these endpoints by implementing more efficient database queries.
+
+These changes address performance bottlenecks that were previously encountered, especially with datasets or files containing a large number of versions.
+
+### Related issues and PRs
+
+- https://github.com/IQSS/dataverse/issues/11855
+- https://github.com/IQSS/dataverse/pull/11859

From 44e8647d2c28fb59d08eb31a24bcbdbedffc9064 Mon Sep 17 00:00:00 2001
From: jo-pol <jo-pol@users.noreply.github.com>
Date: Mon, 13 Oct 2025 15:51:31 +0200
Subject: [PATCH 393/634] review issues

---
 .../11865-restored-suppress-dataverse-field            |  2 +-
 .../edu/harvard/iq/dataverse/DataverseServiceBean.java | 10 ----------
 2 files changed, 1 insertion(+), 11 deletions(-)

diff --git a/doc/release-notes/11865-restored-suppress-dataverse-field b/doc/release-notes/11865-restored-suppress-dataverse-field
index 7d35cf8ba63..56309705533 100644
--- a/doc/release-notes/11865-restored-suppress-dataverse-field
+++ b/doc/release-notes/11865-restored-suppress-dataverse-field
@@ -1,6 +1,6 @@
 ### Restored suppression of the host dataverse field
 
-When creating/editing a dataset, the _host dataverse_ field is not shown when there is no other dataverse than the root dataverse.
+When creating/editing a dataset, the _host dataverse_ field is not shown when the user can only add datasets to one collection.
 
 This was introduced in 6.7 with PR #11301 and reverted in 6.7.1 with PR #11700.
 A performance penalty was observed in instances with a large number of dataverses.
diff --git a/src/main/java/edu/harvard/iq/dataverse/DataverseServiceBean.java b/src/main/java/edu/harvard/iq/dataverse/DataverseServiceBean.java
index 45ac4c27cf9..c14711060af 100644
--- a/src/main/java/edu/harvard/iq/dataverse/DataverseServiceBean.java
+++ b/src/main/java/edu/harvard/iq/dataverse/DataverseServiceBean.java
@@ -1276,16 +1276,6 @@ public long getDataverseCount() {
         return em.createNamedQuery("Dataverse.countAll", Long.class).getSingleResult();
     }
 
-    public boolean getHasRolesOnMultipleDataverses(String assignee) {
-        return em.createQuery("SELECT dv "
-                              + "FROM roleassignment ra "
-                              + "JOIN dataverse      dv "
-                              + "  ON dv.id = ra.definitionpoint_id "
-                              + "WHERE ra.assigneeidentifier = '@user001' OR ra.assigneeidentifier = ':authenticated-users' limit 2", Dataverse.class)
-                   .setParameter("assignee", assignee)
-                   .getResultList().size() > 1;
-    }
-
     /**
      * Returns the total number of published datasets within a Dataverse collection. The number includes harvested and
      * linked datasets. Datasets in subcollections are also counted.

From 5217e68fbfb2478478140503e9f9d3521538017b Mon Sep 17 00:00:00 2001
From: GPortas <hey@gportas.me>
Date: Mon, 13 Oct 2025 16:44:28 +0100
Subject: [PATCH 394/634] Refactor: FileVersionDifferenceJsonPrinter with unit
 tests

---
 .../FileVersionDifferenceJsonPrinter.java     | 328 ++++++++++++------
 .../FileVersionDifferenceJsonPrinterTest.java | 229 ++++++++++++
 2 files changed, 456 insertions(+), 101 deletions(-)
 create mode 100644 src/test/java/edu/harvard/iq/dataverse/util/json/FileVersionDifferenceJsonPrinterTest.java

diff --git a/src/main/java/edu/harvard/iq/dataverse/util/json/FileVersionDifferenceJsonPrinter.java b/src/main/java/edu/harvard/iq/dataverse/util/json/FileVersionDifferenceJsonPrinter.java
index e0e561fc0f8..712b31325f7 100644
--- a/src/main/java/edu/harvard/iq/dataverse/util/json/FileVersionDifferenceJsonPrinter.java
+++ b/src/main/java/edu/harvard/iq/dataverse/util/json/FileVersionDifferenceJsonPrinter.java
@@ -1,17 +1,22 @@
 package edu.harvard.iq.dataverse.util.json;
 
+import edu.harvard.iq.dataverse.DataFile;
+import edu.harvard.iq.dataverse.DatasetVersion;
 import edu.harvard.iq.dataverse.FileMetadata;
 import edu.harvard.iq.dataverse.FileVersionDifference;
 import edu.harvard.iq.dataverse.util.StringUtil;
 import jakarta.json.*;
 
-import java.util.*;
+import java.util.Comparator;
+import java.util.HashMap;
+import java.util.List;
+import java.util.Map;
+import java.util.Objects;
 
 import static edu.harvard.iq.dataverse.util.json.NullSafeJsonBuilder.jsonObjectBuilder;
 
 /**
  * Utility class responsible for producing JSON representations of {@link edu.harvard.iq.dataverse.FileVersionDifference} objects.
- * TODO: The logic in this class was originally extracted from {@code FileMetadataVersionHelper}. Further refactoring and testing is required.
  */
 public class FileVersionDifferenceJsonPrinter {
 
@@ -21,125 +26,246 @@ public class FileVersionDifferenceJsonPrinter {
     private static final String ACTION_REPLACED = "Replaced";
     private static final String GROUP_FILE_ACCESS = "File Access";
 
+    /**
+     * Creates a JSON representation of a FileVersionDifference.
+     *
+     * @param fileVersionDifference The object to serialize.
+     * @return A JsonObjectBuilder containing the serialized data.
+     */
     public static JsonObjectBuilder jsonFileVersionDifference(FileVersionDifference fileVersionDifference) {
-        JsonObjectBuilder job = jsonObjectBuilder();
-        FileMetadata fileMetadata = fileVersionDifference.getNewFileMetadata();
-        if (fileMetadata.getDatasetVersion() != null) {
-            job.add("datasetVersion", fileMetadata.getDatasetVersion().getFriendlyVersionNumber());
-            if (fileMetadata.getDatasetVersion().getVersionNumber() != null) {
-                job
-                        .add("versionNumber", fileMetadata.getDatasetVersion().getVersionNumber())
-                        .add("versionMinorNumber", fileMetadata.getDatasetVersion().getMinorVersionNumber());
-            }
+        JsonObjectBuilder jsonBuilder = jsonObjectBuilder();
+        FileMetadata newFileMetadata = fileVersionDifference.getNewFileMetadata();
+
+        addDatasetVersionDetails(jsonBuilder, newFileMetadata);
+        addDataFileDetails(jsonBuilder, newFileMetadata);
+        addFileDifferenceSummary(jsonBuilder, fileVersionDifference);
+
+        return jsonBuilder;
+    }
 
-            job
-                    .add("isDraft", fileMetadata.getDatasetVersion().isDraft())
-                    .add("isReleased", fileMetadata.getDatasetVersion().isReleased())
-                    .add("isDeaccessioned", fileMetadata.getDatasetVersion().isDeaccessioned())
-                    .add("versionState", fileMetadata.getDatasetVersion().getVersionState().name())
-                    .add("summary", fileMetadata.getDatasetVersion().getVersionNote())
-                    .add("contributors", fileMetadata.getContributorNames())
-                    .add("publishedDate", fileMetadata.getDataFile() != null ? (fileMetadata.getDataFile().getPublicationDate() != null ? fileMetadata.getDataFile().getPublicationDate().toString() : null) : null)
-            ;
+    /**
+     * Adds details from the DatasetVersion to the JSON object.
+     */
+    private static void addDatasetVersionDetails(JsonObjectBuilder jsonBuilder, FileMetadata fileMetadata) {
+        DatasetVersion datasetVersion = fileMetadata.getDatasetVersion();
+        if (datasetVersion == null) {
+            return;
         }
-        if (fileMetadata.getDataFile() != null) {
-            job.add("datafileId", fileMetadata.getDataFile().getId());
-            job.add("persistentId", (fileMetadata.getDataFile().getGlobalId() != null ? fileMetadata.getDataFile().getGlobalId().asString() : ""));
+        jsonBuilder.add("datasetVersion", datasetVersion.getFriendlyVersionNumber());
+
+        Long versionNumber = datasetVersion.getVersionNumber();
+        if (versionNumber != null) {
+            jsonBuilder
+                    .add("versionNumber", versionNumber)
+                    .add("versionMinorNumber", datasetVersion.getMinorVersionNumber());
+        }
+
+        DatasetVersion.VersionState versionState = datasetVersion.getVersionState();
+        if (versionState != null) {
+            jsonBuilder.add("versionState", datasetVersion.getVersionState().name());
         }
+
+        jsonBuilder
+                .add("isDraft", datasetVersion.isDraft())
+                .add("isReleased", datasetVersion.isReleased())
+                .add("isDeaccessioned", datasetVersion.isDeaccessioned())
+                .add("summary", datasetVersion.getVersionNote())
+                .add("contributors", fileMetadata.getContributorNames());
+
+        if (fileMetadata.getDataFile() != null && fileMetadata.getDataFile().getPublicationDate() != null) {
+            jsonBuilder.add("publishedDate", fileMetadata.getDataFile().getPublicationDate().toString());
+        }
+    }
+
+    /**
+     * Adds details from the DataFile to the JSON object.
+     */
+    private static void addDataFileDetails(JsonObjectBuilder jsonBuilder, FileMetadata fileMetadata) {
+        DataFile dataFile = fileMetadata.getDataFile();
+        if (dataFile == null) {
+            return;
+        }
+        jsonBuilder.add("datafileId", dataFile.getId());
+        jsonBuilder.add("persistentId", dataFile.getGlobalId() != null ? dataFile.getGlobalId().asString() : "");
+    }
+
+    /**
+     * Adds the file difference summary, which contains the core change details.
+     */
+    private static void addFileDifferenceSummary(JsonObjectBuilder jsonBuilder, FileVersionDifference fileVersionDifference) {
+        FileMetadata newFileMetadata = fileVersionDifference.getNewFileMetadata();
         List<FileVersionDifference.FileDifferenceSummaryGroup> groups = fileVersionDifference.getDifferenceSummaryGroups();
-        JsonObjectBuilder fileDifferenceSummary = jsonObjectBuilder()
-                .add("versionNote", fileMetadata.getDatasetVersion().getVersionNote())
-                .add("deaccessionedReason", fileMetadata.getDatasetVersion().getDeaccessionNote())
-                .add("file", getFileAction(fileVersionDifference.getOriginalFileMetadata(), fileVersionDifference.getNewFileMetadata()));
+
+        JsonObjectBuilder summaryBuilder = jsonObjectBuilder()
+                .add("versionNote", newFileMetadata.getDatasetVersion().getVersionNote())
+                .add("deaccessionedReason", newFileMetadata.getDatasetVersion().getDeaccessionNote())
+                .add("file", getFileAction(fileVersionDifference.getOriginalFileMetadata(), newFileMetadata));
 
         if (groups != null && !groups.isEmpty()) {
-            List<FileVersionDifference.FileDifferenceSummaryGroup> sortedGroups = groups.stream()
-                    .sorted(Comparator.comparing(FileVersionDifference.FileDifferenceSummaryGroup::getName))
-                    .toList();
-            String groupName = null;
-            final JsonArrayBuilder groupsArrayBuilder = Json.createArrayBuilder();
-            final JsonObjectBuilder groupsObjectBuilder = jsonObjectBuilder();
-            Map<String, Integer> itemCounts = new HashMap<>();
-
-            for (FileVersionDifference.FileDifferenceSummaryGroup group : sortedGroups) {
-                if (!StringUtil.isEmpty(group.getName())) {
-                    // if the group name changed then add its data to the fileDifferenceSummary and reset list for next group
-                    if (groupName != null && groupName.compareTo(group.getName()) != 0) {
-                        addJsonGroupObject(fileDifferenceSummary, groupName, groupsObjectBuilder.build(), groupsArrayBuilder.build(), itemCounts);
-                        // Note: groupsArrayBuilder.build() also clears the data within it
-                        itemCounts.clear();
-                    }
-                    groupName = group.getName();
-
-                    group.getFileDifferenceSummaryItems().forEach(item -> {
-                        JsonObjectBuilder itemObjectBuilder = jsonObjectBuilder();
-                        if (item.getName().isEmpty()) {
-                            // 'groupName': {'Added'=#, 'Changed'=#, ...}
-                            // accumulate the counts since we can't make a separate array item
-                            itemCounts.merge(ACTION_ADDED, item.getAdded(), Integer::sum);
-                            itemCounts.merge(ACTION_CHANGED, item.getChanged(), Integer::sum);
-                            itemCounts.merge(ACTION_DELETED, item.getDeleted(), Integer::sum);
-                            itemCounts.merge(ACTION_REPLACED, item.getReplaced(), Integer::sum);
-                        } else if (GROUP_FILE_ACCESS.equals(group.getName())) {
-                            // 'groupName': 'getNameValue'
-                            groupsObjectBuilder.add(group.getName(), group.getFileDifferenceSummaryItems().get(0).getName());
-                        } else {
-                            // 'groupName': [{name='', action=''}, {name='', action=''}]
-                            String action = item.getAdded() > 0 ? ACTION_ADDED : item.getChanged() > 0 ? ACTION_CHANGED :
-                                    item.getDeleted() > 0 ? ACTION_DELETED : item.getReplaced() > 0 ? ACTION_REPLACED : "";
-                            itemObjectBuilder.add("name", item.getName());
-                            if (!action.isEmpty()) {
-                                itemObjectBuilder.add("action", action);
-                            }
-                            groupsArrayBuilder.add(itemObjectBuilder.build());
-                        }
-                    });
-                }
+            processDifferenceGroups(summaryBuilder, groups);
+        }
+
+        JsonObject summaryObject = summaryBuilder.build();
+        if (!summaryObject.isEmpty()) {
+            jsonBuilder.add("fileDifferenceSummary", summaryObject);
+        }
+    }
+
+    /**
+     * Processes and adds the categorized difference groups to the summary.
+     */
+    private static void processDifferenceGroups(JsonObjectBuilder summaryBuilder, List<FileVersionDifference.FileDifferenceSummaryGroup> groups) {
+        List<FileVersionDifference.FileDifferenceSummaryGroup> sortedGroups = groups.stream()
+                .filter(g -> !StringUtil.isEmpty(g.getName()))
+                .sorted(Comparator.comparing(FileVersionDifference.FileDifferenceSummaryGroup::getName))
+                .toList();
+
+        if (sortedGroups.isEmpty()) {
+            return;
+        }
+
+        String currentGroupName = sortedGroups.get(0).getName();
+        GroupDataAccumulator accumulator = new GroupDataAccumulator();
+
+        for (FileVersionDifference.FileDifferenceSummaryGroup group : sortedGroups) {
+            // When the group name changes, build and add the JSON for the previous group.
+            if (!Objects.equals(currentGroupName, group.getName())) {
+                addGroupDataToJson(summaryBuilder, currentGroupName, accumulator);
+                accumulator.reset();
+                currentGroupName = group.getName();
             }
-            // process last group
-            addJsonGroupObject(fileDifferenceSummary, groupName, groupsObjectBuilder.build(), groupsArrayBuilder.build(), itemCounts);
+
+            // Accumulate data for the current group.
+            group.getFileDifferenceSummaryItems().forEach(item -> processSummaryItem(group, item, accumulator));
+        }
+        // Add the last processed group.
+        addGroupDataToJson(summaryBuilder, currentGroupName, accumulator);
+    }
+
+    /**
+     * Determines how to process a summary item based on its structure and content.
+     */
+    private static void processSummaryItem(FileVersionDifference.FileDifferenceSummaryGroup group, FileVersionDifference.FileDifferenceSummaryItem item, GroupDataAccumulator accumulator) {
+        if (item.getName().isEmpty()) {
+            // Case 1: The item represents simple counts (Added, Changed, etc.) for the group.
+            accumulator.mergeCounts(item);
+        } else if (GROUP_FILE_ACCESS.equals(group.getName())) {
+            // Case 2: Special handling for "File Access", which is a single name/value pair.
+            accumulator.setNameValue(group.getName(), item.getName());
+        } else {
+            // Case 3: The item is a named entity with an associated action.
+            accumulator.addListItem(item);
+        }
+    }
+
+    /**
+     * Builds the final JSON structure for a completed group and adds it to the parent builder.
+     */
+    /**
+     * Builds the final JSON structure for a completed group and adds it to the parent builder.
+     */
+    private static void addGroupDataToJson(JsonObjectBuilder parentBuilder, String groupName, GroupDataAccumulator accumulator) {
+        if (groupName == null || groupName.isEmpty()) {
+            return;
         }
-        JsonObject fileDifferenceSummaryObject = fileDifferenceSummary.build();
-        if (!fileDifferenceSummaryObject.isEmpty()) {
-            job.add("fileDifferenceSummary", fileDifferenceSummaryObject);
+        String sanitizedKey = groupName.replaceAll("\\s+", "");
+
+        if (!accumulator.getItemCounts().isEmpty()) {
+            parentBuilder.add(sanitizedKey, buildCountsObject(accumulator.getItemCounts()));
+        } else {
+            JsonArray listItemsArray = accumulator.getListItems().build();
+            if (!listItemsArray.isEmpty()) {
+                parentBuilder.add(sanitizedKey, listItemsArray);
+            } else if (accumulator.getNameValue() != null) {
+                parentBuilder.add(sanitizedKey, accumulator.getNameValue().getValue("/" + groupName));
+            }
         }
-        return job;
     }
 
+    /**
+     * Builds a JSON object from the accumulated action counts.
+     */
+    private static JsonObject buildCountsObject(Map<String, Integer> itemCounts) {
+        JsonObjectBuilder countsBuilder = jsonObjectBuilder();
+        itemCounts.forEach((action, count) -> {
+            if (count != 0) {
+                countsBuilder.add(action, count);
+            }
+        });
+        return countsBuilder.build();
+    }
+
+    /**
+     * Determines the overall action performed on the file itself (Added, Deleted, Replaced).
+     */
     private static String getFileAction(FileMetadata originalFileMetadata, FileMetadata newFileMetadata) {
-        if (newFileMetadata.getDataFile() != null && originalFileMetadata == null) {
+        boolean newFileExists = newFileMetadata.getDataFile() != null;
+        boolean originalFileExists = originalFileMetadata != null;
+
+        if (newFileExists && !originalFileExists) {
             return ACTION_ADDED;
-        } else if (newFileMetadata.getDataFile() == null && originalFileMetadata != null) {
+        }
+        if (!newFileExists && originalFileExists) {
             return ACTION_DELETED;
-        } else if (originalFileMetadata != null &&
-                newFileMetadata.getDataFile() != null && originalFileMetadata.getDataFile() != null && !originalFileMetadata.getDataFile().equals(newFileMetadata.getDataFile())) {
+        }
+        if (originalFileExists && !originalFileMetadata.getDataFile().equals(newFileMetadata.getDataFile())) {
             return ACTION_REPLACED;
-        } else {
-            return null;
         }
+        return null;
     }
 
-    private static void addJsonGroupObject(JsonObjectBuilder jsonObjectBuilder, String key, JsonObject jsonObjectValue, JsonArray jsonArrayValue, Map<String, Integer> itemCounts) {
-        if (key != null && !key.isEmpty()) {
-            String sanitizedKey = key.replaceAll("\\s+", "");
-            if (itemCounts.isEmpty()) {
-                if (jsonArrayValue.isEmpty()) {
-                    // add the object
-                    jsonObjectBuilder.add(sanitizedKey, jsonObjectValue.getValue("/" + key));
-                } else {
-                    // add the array
-                    jsonObjectBuilder.add(sanitizedKey, jsonArrayValue);
-                }
-            } else {
-                // add the accumulated totals
-                JsonObjectBuilder accumulatedTotalsObjectBuilder = jsonObjectBuilder();
-                itemCounts.forEach((k, v) -> {
-                    if (v != 0) {
-                        accumulatedTotalsObjectBuilder.add(k, v);
-                    }
-                });
-                jsonObjectBuilder.add(sanitizedKey, accumulatedTotalsObjectBuilder.build());
+    /**
+     * An inner helper class to hold the state of the JSON builders and counters for a single group while iterating.
+     */
+    private static class GroupDataAccumulator {
+        private JsonObject nameValue;
+        private JsonArrayBuilder listItems = Json.createArrayBuilder();
+        private Map<String, Integer> itemCounts = new HashMap<>();
+
+        void mergeCounts(FileVersionDifference.FileDifferenceSummaryItem item) {
+            itemCounts.merge(ACTION_ADDED, item.getAdded(), Integer::sum);
+            itemCounts.merge(ACTION_CHANGED, item.getChanged(), Integer::sum);
+            itemCounts.merge(ACTION_DELETED, item.getDeleted(), Integer::sum);
+            itemCounts.merge(ACTION_REPLACED, item.getReplaced(), Integer::sum);
+        }
+
+        void setNameValue(String groupName, String value) {
+            this.nameValue = jsonObjectBuilder().add(groupName, value).build();
+        }
+
+        void addListItem(FileVersionDifference.FileDifferenceSummaryItem item) {
+            String action = getActionFromItem(item);
+            JsonObjectBuilder itemObjectBuilder = jsonObjectBuilder().add("name", item.getName());
+            if (!action.isEmpty()) {
+                itemObjectBuilder.add("action", action);
             }
+            listItems.add(itemObjectBuilder.build());
+        }
+
+        private String getActionFromItem(FileVersionDifference.FileDifferenceSummaryItem item) {
+            if (item.getAdded() > 0) return ACTION_ADDED;
+            if (item.getChanged() > 0) return ACTION_CHANGED;
+            if (item.getDeleted() > 0) return ACTION_DELETED;
+            if (item.getReplaced() > 0) return ACTION_REPLACED;
+            return "";
+        }
+
+        void reset() {
+            nameValue = null;
+            listItems = Json.createArrayBuilder();
+            itemCounts.clear();
+        }
+
+        JsonObject getNameValue() {
+            return nameValue;
+        }
+
+        JsonArrayBuilder getListItems() {
+            return listItems;
+        }
+
+        Map<String, Integer> getItemCounts() {
+            return itemCounts;
         }
     }
 }
diff --git a/src/test/java/edu/harvard/iq/dataverse/util/json/FileVersionDifferenceJsonPrinterTest.java b/src/test/java/edu/harvard/iq/dataverse/util/json/FileVersionDifferenceJsonPrinterTest.java
new file mode 100644
index 00000000000..7eca3928750
--- /dev/null
+++ b/src/test/java/edu/harvard/iq/dataverse/util/json/FileVersionDifferenceJsonPrinterTest.java
@@ -0,0 +1,229 @@
+package edu.harvard.iq.dataverse.util.json;
+
+import edu.harvard.iq.dataverse.DataFile;
+import edu.harvard.iq.dataverse.DatasetVersion;
+import edu.harvard.iq.dataverse.FileMetadata;
+import edu.harvard.iq.dataverse.FileVersionDifference;
+import jakarta.json.JsonObject;
+import org.junit.jupiter.api.BeforeEach;
+import org.junit.jupiter.api.DisplayName;
+import org.junit.jupiter.api.Test;
+import org.junit.jupiter.api.extension.ExtendWith;
+import org.mockito.Mock;
+import org.mockito.junit.jupiter.MockitoExtension;
+
+import java.util.ArrayList;
+import java.util.Arrays;
+import java.util.Collections;
+import java.util.List;
+
+import static org.junit.jupiter.api.Assertions.*;
+import static org.mockito.Mockito.when;
+
+@ExtendWith(MockitoExtension.class)
+class FileVersionDifferenceJsonPrinterTest {
+    @Mock
+    private FileVersionDifference fileVersionDifference;
+    @Mock
+    private FileMetadata newFileMetadata;
+    @Mock
+    private FileMetadata originalFileMetadata;
+    @Mock
+    private DatasetVersion datasetVersion;
+    @Mock
+    private DataFile dataFile;
+
+    @BeforeEach
+    void setUp() {
+        when(fileVersionDifference.getNewFileMetadata()).thenReturn(newFileMetadata);
+        when(newFileMetadata.getDatasetVersion()).thenReturn(datasetVersion);
+        when(datasetVersion.getVersionNote()).thenReturn("Test Version Note");
+    }
+
+    @Test
+    @DisplayName("should correctly serialize basic dataset and file details")
+    void jsonFileVersionDifference_with_basic_dataset_and_file_details() {
+        // Arrange
+        when(newFileMetadata.getDataFile()).thenReturn(dataFile);
+        when(dataFile.getId()).thenReturn(42L);
+        when(datasetVersion.getFriendlyVersionNumber()).thenReturn("V1");
+        when(datasetVersion.getVersionState()).thenReturn(DatasetVersion.VersionState.RELEASED);
+        when(fileVersionDifference.getDifferenceSummaryGroups()).thenReturn(Collections.emptyList());
+
+        // Act
+        JsonObject result = FileVersionDifferenceJsonPrinter.jsonFileVersionDifference(fileVersionDifference).build();
+
+        // Assert
+        assertEquals("V1", result.getString("datasetVersion"));
+        assertEquals("RELEASED", result.getString("versionState"));
+        assertEquals(42, result.getInt("datafileId"));
+        assertNotNull(result.getJsonObject("fileDifferenceSummary"));
+        assertEquals("Test Version Note", result.getJsonObject("fileDifferenceSummary").getString("versionNote"));
+    }
+
+    @Test
+    @DisplayName("should report file action as 'Added' for a new file")
+    void jsonFileVersionDifference_file_added() {
+        // Arrange
+        when(fileVersionDifference.getOriginalFileMetadata()).thenReturn(null);
+        when(newFileMetadata.getDataFile()).thenReturn(dataFile);
+
+        // Act
+        JsonObject result = FileVersionDifferenceJsonPrinter.jsonFileVersionDifference(fileVersionDifference).build();
+
+        // Assert
+        assertEquals("Added", result.getJsonObject("fileDifferenceSummary").getString("file"));
+    }
+
+    @Test
+    @DisplayName("should report file action as 'Deleted' for a removed file")
+    void jsonFileVersionDifference_file_deleted() {
+        // Arrange
+        when(fileVersionDifference.getOriginalFileMetadata()).thenReturn(originalFileMetadata);
+        when(newFileMetadata.getDataFile()).thenReturn(null); // Key condition for deleted
+
+        // Act
+        JsonObject result = FileVersionDifferenceJsonPrinter.jsonFileVersionDifference(fileVersionDifference).build();
+
+        // Assert
+        assertEquals("Deleted", result.getJsonObject("fileDifferenceSummary").getString("file"));
+    }
+
+    @Test
+    @DisplayName("should report file action as 'Replaced' for a replaced file")
+    void jsonFileVersionDifference_file_replaced() {
+        // Arrange
+        DataFile originalDataFile = new DataFile();
+        originalDataFile.setId(100L);
+        DataFile newDataFile = new DataFile();
+        newDataFile.setId(101L); // Different file object
+
+        when(fileVersionDifference.getOriginalFileMetadata()).thenReturn(originalFileMetadata);
+        when(originalFileMetadata.getDataFile()).thenReturn(originalDataFile);
+        when(newFileMetadata.getDataFile()).thenReturn(newDataFile);
+
+        // Act
+        JsonObject result = FileVersionDifferenceJsonPrinter.jsonFileVersionDifference(fileVersionDifference).build();
+
+        // Assert
+        assertEquals("Replaced", result.getJsonObject("fileDifferenceSummary").getString("file"));
+    }
+
+    @Test
+    @DisplayName("should correctly serialize count-based summary groups")
+    void jsonFileVersionDifference_as_count_based_summary() {
+        // Arrange
+        FileVersionDifference fvd = new FileVersionDifference(newFileMetadata, originalFileMetadata, true);
+        FileVersionDifference.FileDifferenceSummaryItem item = fvd.new FileDifferenceSummaryItem("", 2, 1, 0, 0, true);
+        FileVersionDifference.FileDifferenceSummaryGroup group = fvd.new FileDifferenceSummaryGroup("Tags");
+        group.getFileDifferenceSummaryItems().add(item);
+
+        when(fileVersionDifference.getDifferenceSummaryGroups()).thenReturn(Collections.singletonList(group));
+
+        // Act
+        JsonObject result = FileVersionDifferenceJsonPrinter.jsonFileVersionDifference(fileVersionDifference).build();
+
+        // Assert
+        JsonObject summary = result.getJsonObject("fileDifferenceSummary");
+        assertNotNull(summary);
+        JsonObject tags = summary.getJsonObject("Tags");
+        assertNotNull(tags);
+        assertEquals(2, tags.getInt("Added"));
+        assertEquals(1, tags.getInt("Changed"));
+        assertFalse(tags.containsKey("Deleted"), "Zero-count fields should not be present");
+    }
+
+    @Test
+    @DisplayName("should correctly serialize the 'File Access' group as a name-value pair")
+    void jsonFileVersionDifference_as_name_value_for_file_access() {
+        // Arrange
+        FileVersionDifference fvd = new FileVersionDifference(newFileMetadata, originalFileMetadata, true);
+        FileVersionDifference.FileDifferenceSummaryItem item = fvd.new FileDifferenceSummaryItem("Public", 0, 1, 0, 0, false);
+        FileVersionDifference.FileDifferenceSummaryGroup group = fvd.new FileDifferenceSummaryGroup("File Access");
+        group.getFileDifferenceSummaryItems().add(item);
+        when(fileVersionDifference.getDifferenceSummaryGroups()).thenReturn(Collections.singletonList(group));
+
+        // Act
+        JsonObject result = FileVersionDifferenceJsonPrinter.jsonFileVersionDifference(fileVersionDifference).build();
+
+        // Assert
+        JsonObject summary = result.getJsonObject("fileDifferenceSummary");
+        assertEquals("Public", summary.getString("FileAccess"));
+    }
+
+
+    @Test
+    @DisplayName("should correctly serialize list-item-based summary groups")
+    void jsonFileVersionDifference_as_list_item_based_summary() {
+        // Arrange
+        FileVersionDifference fvd = new FileVersionDifference(newFileMetadata, originalFileMetadata, true);
+
+        FileVersionDifference.FileDifferenceSummaryItem itemA = fvd.new FileDifferenceSummaryItem("Category A", 1, 0, 0, 0, false);
+        FileVersionDifference.FileDifferenceSummaryItem itemB = fvd.new FileDifferenceSummaryItem("Category B", 0, 0, 1, 0, false);
+
+        FileVersionDifference.FileDifferenceSummaryGroup group = fvd.new FileDifferenceSummaryGroup("Categories");
+        group.getFileDifferenceSummaryItems().addAll(Arrays.asList(itemA, itemB));
+
+        when(fileVersionDifference.getDifferenceSummaryGroups()).thenReturn(Collections.singletonList(group));
+
+        // Act
+        JsonObject result = FileVersionDifferenceJsonPrinter.jsonFileVersionDifference(fileVersionDifference).build();
+
+        // Assert
+        JsonObject summary = result.getJsonObject("fileDifferenceSummary");
+        assertNotNull(summary);
+        jakarta.json.JsonArray categories = summary.getJsonArray("Categories");
+        assertNotNull(categories);
+        assertEquals(2, categories.size());
+        assertEquals("Category A", categories.getJsonObject(0).getString("name"));
+        assertEquals("Added", categories.getJsonObject(0).getString("action"));
+        assertEquals("Category B", categories.getJsonObject(1).getString("name"));
+        assertEquals("Deleted", categories.getJsonObject(1).getString("action"));
+    }
+
+    @Test
+    @DisplayName("should correctly serialize a mix of all summary group types")
+    void jsonFileVersionDifference_with_multiple_and_mixed_types() {
+        // Arrange
+        FileVersionDifference fvd = new FileVersionDifference(newFileMetadata, originalFileMetadata, true);
+
+        List<FileVersionDifference.FileDifferenceSummaryGroup> groups = new ArrayList<>();
+
+        // Group 1: Tags (counts)
+        FileVersionDifference.FileDifferenceSummaryItem tagsItem = fvd.new FileDifferenceSummaryItem("", 2, 0, 1, 0, true);
+        FileVersionDifference.FileDifferenceSummaryGroup tagsGroup = fvd.new FileDifferenceSummaryGroup("Tags");
+        tagsGroup.getFileDifferenceSummaryItems().add(tagsItem);
+        groups.add(tagsGroup);
+
+        // Group 2: Categories (list items)
+        FileVersionDifference.FileDifferenceSummaryItem categoriesItem = fvd.new FileDifferenceSummaryItem("Science", 1, 0, 0, 0, false);
+        FileVersionDifference.FileDifferenceSummaryGroup categoriesGroup = fvd.new FileDifferenceSummaryGroup("Categories");
+        categoriesGroup.getFileDifferenceSummaryItems().add(categoriesItem);
+        groups.add(categoriesGroup);
+
+        // Group 3: File Access (name/value)
+        FileVersionDifference.FileDifferenceSummaryItem accessItem = fvd.new FileDifferenceSummaryItem("Restricted", 0, 1, 0, 0, false);
+        FileVersionDifference.FileDifferenceSummaryGroup accessGroup = fvd.new FileDifferenceSummaryGroup("File Access");
+        accessGroup.getFileDifferenceSummaryItems().add(accessItem);
+        groups.add(accessGroup);
+
+        when(fileVersionDifference.getDifferenceSummaryGroups()).thenReturn(groups);
+
+        // Act
+        JsonObject result = FileVersionDifferenceJsonPrinter.jsonFileVersionDifference(fileVersionDifference).build();
+
+        // Assert
+        JsonObject summary = result.getJsonObject("fileDifferenceSummary");
+
+        // Check Categories (should be first alphabetically)
+        assertEquals(1, summary.getJsonArray("Categories").size());
+        assertEquals("Science", summary.getJsonArray("Categories").getJsonObject(0).getString("name"));
+
+        // Check File Access
+        assertEquals("Restricted", summary.getString("FileAccess"));
+
+        // Check Tags
+        assertEquals(2, summary.getJsonObject("Tags").getInt("Added"));
+        assertEquals(1, summary.getJsonObject("Tags").getInt("Deleted"));
+    }
+}

From 0f54454ff77c0a6c20727dabbacbb55bcdb5439f Mon Sep 17 00:00:00 2001
From: GPortas <hey@gportas.me>
Date: Mon, 13 Oct 2025 16:52:17 +0100
Subject: [PATCH 395/634] Fixed: typo in javadoc

---
 .../dataverse/util/json/FileVersionDifferenceJsonPrinter.java  | 3 ---
 1 file changed, 3 deletions(-)

diff --git a/src/main/java/edu/harvard/iq/dataverse/util/json/FileVersionDifferenceJsonPrinter.java b/src/main/java/edu/harvard/iq/dataverse/util/json/FileVersionDifferenceJsonPrinter.java
index 712b31325f7..d9761bd580b 100644
--- a/src/main/java/edu/harvard/iq/dataverse/util/json/FileVersionDifferenceJsonPrinter.java
+++ b/src/main/java/edu/harvard/iq/dataverse/util/json/FileVersionDifferenceJsonPrinter.java
@@ -158,9 +158,6 @@ private static void processSummaryItem(FileVersionDifference.FileDifferenceSumma
         }
     }
 
-    /**
-     * Builds the final JSON structure for a completed group and adds it to the parent builder.
-     */
     /**
      * Builds the final JSON structure for a completed group and adds it to the parent builder.
      */

From 5505026b7eaf7feb9307f44d6229859f48ab17ed Mon Sep 17 00:00:00 2001
From: Philip Durbin <philip_durbin@harvard.edu>
Date: Tue, 14 Oct 2025 09:31:22 -0400
Subject: [PATCH 396/634] restricted files can be downloaded from preview URL

---
 doc/sphinx-guides/source/user/dataset-management.rst | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/doc/sphinx-guides/source/user/dataset-management.rst b/doc/sphinx-guides/source/user/dataset-management.rst
index d73459969ce..16d7509f780 100755
--- a/doc/sphinx-guides/source/user/dataset-management.rst
+++ b/doc/sphinx-guides/source/user/dataset-management.rst
@@ -704,7 +704,7 @@ If you have a Contributor role (can edit metadata, upload files, and edit files,
 Preview URL to Review Unpublished Dataset
 =========================================
 
-Creating a Preview URL for a draft version of your dataset allows you to share your dataset (for viewing and downloading of files) before it is published to a wide group of individuals who may not have a user account on the Dataverse installation. Anyone you send the Preview URL to will not have to log into the Dataverse installation to view the unpublished dataset. Once a dataset has been published you may create new General Preview URLs for subsequent draft versions, but the Anonymous Preview URL will no longer be available.
+Creating a Preview URL for a draft version of your dataset allows you to share your dataset (for viewing and downloading of files, including restricted files) before it is published to a wide group of individuals who may not have a user account on the Dataverse installation. Anyone you send the Preview URL to will not have to log into the Dataverse installation to view the unpublished dataset. Once a dataset has been published you may create new General Preview URLs for subsequent draft versions, but the Anonymous Preview URL will no longer be available.
 
 **Note:** To create a Preview URL, you must have the *ManageDatasetPermissions* permission for your draft dataset, usually given by the :ref:`roles <permissions>` *Curator* or *Administrator*.
 

From f18dbadfcdc51f1c19976d94054b9696e9151f90 Mon Sep 17 00:00:00 2001
From: Steven Winship <39765413+stevenwinship@users.noreply.github.com>
Date: Tue, 14 Oct 2025 09:58:02 -0400
Subject: [PATCH 397/634] adding index and other sql

---
 src/main/resources/db/migration/V6.7.1.3.sql | 10 ++++++++++
 1 file changed, 10 insertions(+)
 create mode 100644 src/main/resources/db/migration/V6.7.1.3.sql

diff --git a/src/main/resources/db/migration/V6.7.1.3.sql b/src/main/resources/db/migration/V6.7.1.3.sql
new file mode 100644
index 00000000000..ac1175b66f2
--- /dev/null
+++ b/src/main/resources/db/migration/V6.7.1.3.sql
@@ -0,0 +1,10 @@
+CREATE INDEX IF NOT EXISTS  INDEX_GUESTBOOKRESPONSE_datasetversion_id ON GUESTBOOKRESPONSE (datasetversion_id);
+
+DO $$
+BEGIN
+    IF EXISTS (SELECT 1 FROM information_schema.columns WHERE table_name = 'datasetversion' AND column_name = 'versionstate') THEN
+UPDATE datasetversion SET versionstate = 'DRAFT' where versionstate IS NULL;
+ALTER TABLE datasetversion ALTER COLUMN versionstate SET NOT NULL;
+END IF;
+END
+$$;

From 9107eed4e9aba650149c9b456c9e4b0fa79bc93b Mon Sep 17 00:00:00 2001
From: Steven Winship <39765413+stevenwinship@users.noreply.github.com>
Date: Tue, 14 Oct 2025 10:09:36 -0400
Subject: [PATCH 398/634] adding index and other sql

---
 src/main/java/edu/harvard/iq/dataverse/DatasetVersion.java | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/main/java/edu/harvard/iq/dataverse/DatasetVersion.java b/src/main/java/edu/harvard/iq/dataverse/DatasetVersion.java
index 14ddf65a833..082208a88f3 100644
--- a/src/main/java/edu/harvard/iq/dataverse/DatasetVersion.java
+++ b/src/main/java/edu/harvard/iq/dataverse/DatasetVersion.java
@@ -155,7 +155,7 @@ public enum VersionState {
      * @todo versionState should never be null so when we are ready, uncomment
      * the `nullable = false` below.
      */
-//    @Column(nullable = false)
+    @Column(nullable = false)
     @Enumerated(EnumType.STRING)
     private VersionState versionState;
 

From f0f46301543b1c1b43edd2fd7c18d8d8329d19fb Mon Sep 17 00:00:00 2001
From: Steven Winship <39765413+stevenwinship@users.noreply.github.com>
Date: Tue, 14 Oct 2025 10:12:43 -0400
Subject: [PATCH 399/634] adding index and other sql

---
 src/main/resources/db/migration/V6.7.1.3.sql | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/src/main/resources/db/migration/V6.7.1.3.sql b/src/main/resources/db/migration/V6.7.1.3.sql
index ac1175b66f2..7757f01551f 100644
--- a/src/main/resources/db/migration/V6.7.1.3.sql
+++ b/src/main/resources/db/migration/V6.7.1.3.sql
@@ -3,8 +3,8 @@ CREATE INDEX IF NOT EXISTS  INDEX_GUESTBOOKRESPONSE_datasetversion_id ON GUESTBO
 DO $$
 BEGIN
     IF EXISTS (SELECT 1 FROM information_schema.columns WHERE table_name = 'datasetversion' AND column_name = 'versionstate') THEN
-UPDATE datasetversion SET versionstate = 'DRAFT' where versionstate IS NULL;
-ALTER TABLE datasetversion ALTER COLUMN versionstate SET NOT NULL;
-END IF;
+        UPDATE datasetversion SET versionstate = 'DRAFT' where versionstate IS NULL;
+        ALTER TABLE datasetversion ALTER COLUMN versionstate SET NOT NULL;
+    END IF;
 END
 $$;

From ee4e9a41a8da5b37aa4b2dbbff5b3d0e76b5cfae Mon Sep 17 00:00:00 2001
From: Steven Winship <39765413+stevenwinship@users.noreply.github.com>
Date: Tue, 14 Oct 2025 10:16:01 -0400
Subject: [PATCH 400/634] adding index and other sql

---
 src/main/resources/db/migration/{V6.7.1.3.sql => V6.8.0.1.sql} | 0
 1 file changed, 0 insertions(+), 0 deletions(-)
 rename src/main/resources/db/migration/{V6.7.1.3.sql => V6.8.0.1.sql} (100%)

diff --git a/src/main/resources/db/migration/V6.7.1.3.sql b/src/main/resources/db/migration/V6.8.0.1.sql
similarity index 100%
rename from src/main/resources/db/migration/V6.7.1.3.sql
rename to src/main/resources/db/migration/V6.8.0.1.sql

From 543a317ac57c9c203ec498915134ef17cf1ef0e4 Mon Sep 17 00:00:00 2001
From: Steven Winship <39765413+stevenwinship@users.noreply.github.com>
Date: Tue, 14 Oct 2025 14:39:14 -0400
Subject: [PATCH 401/634] add release note

---
 .../11828-unacceptable-performance-deleting-datasets.md          | 1 +
 1 file changed, 1 insertion(+)
 create mode 100644 doc/release-notes/11828-unacceptable-performance-deleting-datasets.md

diff --git a/doc/release-notes/11828-unacceptable-performance-deleting-datasets.md b/doc/release-notes/11828-unacceptable-performance-deleting-datasets.md
new file mode 100644
index 00000000000..7dbc3dfe863
--- /dev/null
+++ b/doc/release-notes/11828-unacceptable-performance-deleting-datasets.md
@@ -0,0 +1 @@
+This release adds indexing with guestbook and prevents nulls in dataset version state to speed up Dataset deletes.

From 7c7e42d620f8710924db41398027361026c70687 Mon Sep 17 00:00:00 2001
From: Steven Winship <39765413+stevenwinship@users.noreply.github.com>
Date: Tue, 14 Oct 2025 14:40:05 -0400
Subject: [PATCH 402/634] add release note

---
 .../11828-unacceptable-performance-deleting-datasets.md         | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/doc/release-notes/11828-unacceptable-performance-deleting-datasets.md b/doc/release-notes/11828-unacceptable-performance-deleting-datasets.md
index 7dbc3dfe863..6edc42860a9 100644
--- a/doc/release-notes/11828-unacceptable-performance-deleting-datasets.md
+++ b/doc/release-notes/11828-unacceptable-performance-deleting-datasets.md
@@ -1 +1 @@
-This release adds indexing with guestbook and prevents nulls in dataset version state to speed up Dataset deletes.
+This release adds indexing of guestbook response and prevents nulls in dataset version state to speed up Dataset deletes.

From 0b21a9a21b0aa6bba0795eac7aa5f870c70fb790 Mon Sep 17 00:00:00 2001
From: GPortas <hey@gportas.me>
Date: Tue, 14 Oct 2025 20:03:33 +0100
Subject: [PATCH 403/634] Fixed: DataFileServiceBean.findFileMetadataHistory
 behavior

---
 .../iq/dataverse/DataFileServiceBean.java     | 112 +++++++++---------
 1 file changed, 56 insertions(+), 56 deletions(-)

diff --git a/src/main/java/edu/harvard/iq/dataverse/DataFileServiceBean.java b/src/main/java/edu/harvard/iq/dataverse/DataFileServiceBean.java
index 0014cce282c..271cdcafd11 100644
--- a/src/main/java/edu/harvard/iq/dataverse/DataFileServiceBean.java
+++ b/src/main/java/edu/harvard/iq/dataverse/DataFileServiceBean.java
@@ -28,6 +28,7 @@
 import java.util.Map;
 import java.util.Set;
 import java.util.UUID;
+import java.util.function.Function;
 import java.util.logging.Level;
 import java.util.logging.Logger;
 import java.util.stream.Collectors;
@@ -37,11 +38,7 @@
 import jakarta.ejb.TransactionAttribute;
 import jakarta.ejb.TransactionAttributeType;
 import jakarta.inject.Named;
-import jakarta.persistence.EntityManager;
-import jakarta.persistence.NoResultException;
-import jakarta.persistence.PersistenceContext;
-import jakarta.persistence.Query;
-import jakarta.persistence.TypedQuery;
+import jakarta.persistence.*;
 import jakarta.persistence.criteria.*;
 
 /**
@@ -380,18 +377,20 @@ public FileMetadata findFileMetadataByDatasetVersionIdAndDataFileId(Long dataset
     }
 
     /**
-     * Finds the concise history of a file, returning an entry only for each
-     * version where the file's metadata was created or changed.
+     * Finds the complete history of a file's presence across all dataset versions.
      * <p>
-     * This method correctly handles file replacements by searching for all files
-     * sharing the same {@code rootDataFileId}.
+     * This method returns a {@link VersionedFileMetadata} entry for every version
+     * of the specified dataset. If a version does not contain the file, the
+     * {@code fileMetadata} field in the corresponding DTO will be {@code null}.
+     * It correctly handles file replacements by searching for all files sharing the
+     * same {@code rootDataFileId}.
      *
      * @param datasetId                  The ID of the parent dataset.
      * @param dataFile                   The DataFile entity to find the history for.
      * @param canViewUnpublishedVersions A boolean indicating if the user has permission to view non-released versions.
      * @param limit                      (Optional) The maximum number of results to return.
      * @param offset                     (Optional) The starting point of the result list.
-     * @return A chronologically sorted, paginated list of the file's version history.
+     * @return A chronologically sorted, paginated list of the file's version history, including versions where the file is absent.
      */
     public List<VersionedFileMetadata> findFileMetadataHistory(Long datasetId,
                                                                DataFile dataFile,
@@ -402,65 +401,66 @@ public List<VersionedFileMetadata> findFileMetadataHistory(Long datasetId,
             return Collections.emptyList();
         }
 
+        // Query 1: Get the paginated list of relevant DatasetVersions
         CriteriaBuilder cb = em.getCriteriaBuilder();
-        CriteriaQuery<FileMetadata> criteriaQuery = cb.createQuery(FileMetadata.class);
-        Root<FileMetadata> fileMetadata = criteriaQuery.from(FileMetadata.class);
+        CriteriaQuery<DatasetVersion> versionQuery = cb.createQuery(DatasetVersion.class);
+        Root<DatasetVersion> versionRoot = versionQuery.from(DatasetVersion.class);
 
-        // --- Joins ---
-        // Define relationships for filtering and ordering.
-        Join<FileMetadata, DatasetVersion> version = fileMetadata.join("datasetVersion");
-        Join<DatasetVersion, Dataset> dataset = version.join("dataset");
-        Join<FileMetadata, DataFile> file = fileMetadata.join("dataFile");
-
-        // --- Predicates (WHERE clause) ---
-        // Build a list of conditions for the query.
-        List<Predicate> predicates = new ArrayList<>();
-
-        // Filter by the parent dataset.
-        predicates.add(cb.equal(dataset.get("id"), datasetId));
-
-        // Filter by the file's lineage, handling both new and replaced files.
-        if (dataFile.getRootDataFileId() < 0) {
-            // For a new file, match by its specific ID.
-            predicates.add(cb.equal(file.get("id"), dataFile.getId()));
-        } else {
-            // For a replaced file, match the entire history via its root ID.
-            predicates.add(cb.equal(file.get("rootDataFileId"), dataFile.getRootDataFileId()));
-        }
-
-        // Add permission-based filter for version states.
+        List<Predicate> versionPredicates = new ArrayList<>();
+        versionPredicates.add(cb.equal(versionRoot.join("dataset").get("id"), datasetId));
         if (!canViewUnpublishedVersions) {
-            predicates.add(version.get("versionState").in(
+            versionPredicates.add(versionRoot.get("versionState").in(
                     VersionState.RELEASED, VersionState.DEACCESSIONED));
         }
-
-        criteriaQuery.where(predicates.toArray(new Predicate[0]));
-
-        // --- Ordering ---
-        // Order results from newest to oldest version.
-        criteriaQuery.orderBy(
-                cb.desc(version.get("versionNumber")),
-                cb.desc(version.get("minorVersionNumber"))
+        versionQuery.where(versionPredicates.toArray(new Predicate[0]));
+        versionQuery.orderBy(
+                cb.desc(versionRoot.get("versionNumber")),
+                cb.desc(versionRoot.get("minorVersionNumber"))
         );
 
-        // --- Execution & Transformation ---
-        // Create the query object from the criteria definition.
-        TypedQuery<FileMetadata> typedQuery = em.createQuery(criteriaQuery);
-
-        // --- Pagination ---
-        // Apply pagination if limit and/or offset are provided.
+        TypedQuery<DatasetVersion> typedVersionQuery = em.createQuery(versionQuery);
         if (limit != null) {
-            typedQuery.setMaxResults(limit);
+            typedVersionQuery.setMaxResults(limit);
         }
         if (offset != null) {
-            typedQuery.setFirstResult(offset);
+            typedVersionQuery.setFirstResult(offset);
         }
+        List<DatasetVersion> datasetVersions = typedVersionQuery.getResultList();
+
+        if (datasetVersions.isEmpty()) {
+            return Collections.emptyList();
+        }
+
+        // Query 2: Get all FileMetadata for this file's history in this dataset
+        CriteriaQuery<FileMetadata> fmQuery = cb.createQuery(FileMetadata.class);
+        Root<FileMetadata> fmRoot = fmQuery.from(FileMetadata.class);
+
+        List<Predicate> fmPredicates = new ArrayList<>();
+        fmPredicates.add(cb.equal(fmRoot.get("datasetVersion").get("dataset").get("id"), datasetId));
+
+        // Find the file by its entire lineage
+        if (dataFile.getRootDataFileId() < 0) {
+            fmPredicates.add(cb.equal(fmRoot.get("dataFile").get("id"), dataFile.getId()));
+        } else {
+            fmPredicates.add(cb.equal(fmRoot.get("dataFile").get("rootDataFileId"), dataFile.getRootDataFileId()));
+        }
+        fmQuery.where(fmPredicates.toArray(new Predicate[0]));
+
+        List<FileMetadata> fileHistory = em.createQuery(fmQuery).getResultList();
 
-        // Execute the query and map the results to the VersionedFileMetadata list.
-        List<FileMetadata> results = typedQuery.getResultList();
+        // Combine results
+        Map<Long, FileMetadata> fmMap = fileHistory.stream()
+                .collect(Collectors.toMap(
+                        fm -> fm.getDatasetVersion().getId(),
+                        Function.identity()
+                ));
 
-        return results.stream()
-                .map(metadata -> new VersionedFileMetadata(metadata.getDatasetVersion(), metadata))
+        // Create the final list, looking up the FileMetadata for each version
+        return datasetVersions.stream()
+                .map(version -> new VersionedFileMetadata(
+                        version,
+                        fmMap.get(version.getId()) // This will be null if no entry exists for that version ID
+                ))
                 .collect(Collectors.toList());
     }
 

From 4557600bfbc1bec2adb4cbd50b644b25a92a0374 Mon Sep 17 00:00:00 2001
From: GPortas <hey@gportas.me>
Date: Tue, 14 Oct 2025 23:12:13 +0100
Subject: [PATCH 404/634] Fixed: added missing contributor names to file
 metadata in GetFileVersionDifferencesCommand

---
 .../impl/GetFileVersionDifferencesCommand.java     | 13 ++++++++-----
 .../impl/GetFileVersionDifferencesCommandTest.java | 14 ++++++++++++++
 2 files changed, 22 insertions(+), 5 deletions(-)

diff --git a/src/main/java/edu/harvard/iq/dataverse/engine/command/impl/GetFileVersionDifferencesCommand.java b/src/main/java/edu/harvard/iq/dataverse/engine/command/impl/GetFileVersionDifferencesCommand.java
index 62bfb24b801..d676b61d67c 100644
--- a/src/main/java/edu/harvard/iq/dataverse/engine/command/impl/GetFileVersionDifferencesCommand.java
+++ b/src/main/java/edu/harvard/iq/dataverse/engine/command/impl/GetFileVersionDifferencesCommand.java
@@ -59,12 +59,15 @@ private boolean canViewUnpublishedVersions(CommandContext ctxt, Dataset dataset)
      * Transforms a single historical entry into a FileVersionDifference object.
      */
     private FileVersionDifference createDifferenceFromHistory(CommandContext ctxt, VersionedFileMetadata versionedFileMetadata) {
-        FileMetadata current = versionedFileMetadata.getFileMetadata();
-        FileMetadata previous = ctxt.files().getPreviousFileMetadata(current);
+        FileMetadata fileMetadata = versionedFileMetadata.getFileMetadata();
+        FileMetadata previous = ctxt.files().getPreviousFileMetadata(fileMetadata);
 
-        return (current != null)
-                ? new FileVersionDifference(current, previous, false)
-                : createDifferenceForNonexistentFile(versionedFileMetadata.getDatasetVersion(), previous);
+        if (fileMetadata != null) {
+            fileMetadata.setContributorNames(ctxt.datasetVersion().getContributorsNames(fileMetadata.getDatasetVersion()));
+            return new FileVersionDifference(fileMetadata, previous, false);
+        }
+
+        return createDifferenceForNonexistentFile(versionedFileMetadata.getDatasetVersion(), previous);
     }
 
     /**
diff --git a/src/test/java/edu/harvard/iq/dataverse/engine/command/impl/GetFileVersionDifferencesCommandTest.java b/src/test/java/edu/harvard/iq/dataverse/engine/command/impl/GetFileVersionDifferencesCommandTest.java
index 9b672fd2ca5..ad6ad495eeb 100644
--- a/src/test/java/edu/harvard/iq/dataverse/engine/command/impl/GetFileVersionDifferencesCommandTest.java
+++ b/src/test/java/edu/harvard/iq/dataverse/engine/command/impl/GetFileVersionDifferencesCommandTest.java
@@ -39,6 +39,8 @@ class GetFileVersionDifferencesCommandTest {
     @Mock
     private DataFileServiceBean fileServiceMock;
     @Mock
+    private DatasetVersionServiceBean datasetVersionServiceMock;
+    @Mock
     private Dataset datasetMock;
     @Mock
     private DatasetVersion datasetVersionMock;
@@ -147,13 +149,19 @@ void execute_should_pass_pagination_parameters_correctly() throws CommandExcepti
     void execute_should_convert_history_to_differences() throws CommandException {
         // Arrange
         setupMocksForSuccessfulExecution();
+        // This test needs an extra mock because it processes items from the history list
+        when(contextMock.datasetVersion()).thenReturn(datasetVersionServiceMock);
+
         // Create mock history: 3 versions of a file's metadata
         FileMetadata fm3 = new FileMetadata(); // Newest
         fm3.setId(3L);
+        fm3.setDatasetVersion(datasetVersionMock);
         FileMetadata fm2 = new FileMetadata(); // Middle
         fm2.setId(2L);
+        fm2.setDatasetVersion(datasetVersionMock);
         FileMetadata fm1 = new FileMetadata(); // Oldest
         fm1.setId(1L);
+        fm1.setDatasetVersion(datasetVersionMock);
 
         VersionedFileMetadata vfm3 = mock(VersionedFileMetadata.class);
         VersionedFileMetadata vfm2 = mock(VersionedFileMetadata.class);
@@ -171,6 +179,9 @@ void execute_should_convert_history_to_differences() throws CommandException {
         when(fileServiceMock.getPreviousFileMetadata(fm2)).thenReturn(fm1);
         when(fileServiceMock.getPreviousFileMetadata(fm1)).thenReturn(null); // The oldest has no predecessor
 
+        // Mock the logic to retrieve contributor names
+        when(datasetVersionServiceMock.getContributorsNames(any(DatasetVersion.class))).thenReturn(Collections.emptyList().toString());
+
         GetFileVersionDifferencesCommand command = new GetFileVersionDifferencesCommand(requestMock, fileMetadataMock, null, null);
 
         // Act
@@ -190,6 +201,9 @@ void execute_should_convert_history_to_differences() throws CommandException {
         // Check the difference for the oldest version (v1 vs null)
         assertThat(differences.get(2).getNewFileMetadata()).isEqualTo(fm1);
         assertThat(differences.get(2).getOriginalFileMetadata()).isNull();
+
+        // Verify setting contributor for each file metadata
+        verify(datasetVersionServiceMock, times(3)).getContributorsNames(datasetVersionMock);
     }
 
     @Test

From ef42d87f5a80659315ae7544998740afc4638e52 Mon Sep 17 00:00:00 2001
From: GPortas <hey@gportas.me>
Date: Tue, 14 Oct 2025 23:17:36 +0100
Subject: [PATCH 405/634] Added: explanatory comment to
 GetFileVersionDifferencesCommand

---
 .../engine/command/impl/GetFileVersionDifferencesCommand.java    | 1 +
 1 file changed, 1 insertion(+)

diff --git a/src/main/java/edu/harvard/iq/dataverse/engine/command/impl/GetFileVersionDifferencesCommand.java b/src/main/java/edu/harvard/iq/dataverse/engine/command/impl/GetFileVersionDifferencesCommand.java
index d676b61d67c..7f9541e6e73 100644
--- a/src/main/java/edu/harvard/iq/dataverse/engine/command/impl/GetFileVersionDifferencesCommand.java
+++ b/src/main/java/edu/harvard/iq/dataverse/engine/command/impl/GetFileVersionDifferencesCommand.java
@@ -57,6 +57,7 @@ private boolean canViewUnpublishedVersions(CommandContext ctxt, Dataset dataset)
 
     /**
      * Transforms a single historical entry into a FileVersionDifference object.
+     * As part of this process, it also enriches the file metadata with contributor names from that version.
      */
     private FileVersionDifference createDifferenceFromHistory(CommandContext ctxt, VersionedFileMetadata versionedFileMetadata) {
         FileMetadata fileMetadata = versionedFileMetadata.getFileMetadata();

From 664c90b5f9ebb0c01e1feb42761c6045d0d5d222 Mon Sep 17 00:00:00 2001
From: GPortas <hey@gportas.me>
Date: Thu, 16 Oct 2025 12:18:01 +0100
Subject: [PATCH 406/634] Fixed: FileVersionDifferenceJsonPrinter to show
 dataset version release date

---
 .../util/json/FileVersionDifferenceJsonPrinter.java        | 7 ++-----
 .../util/json/FileVersionDifferenceJsonPrinterTest.java    | 2 ++
 2 files changed, 4 insertions(+), 5 deletions(-)

diff --git a/src/main/java/edu/harvard/iq/dataverse/util/json/FileVersionDifferenceJsonPrinter.java b/src/main/java/edu/harvard/iq/dataverse/util/json/FileVersionDifferenceJsonPrinter.java
index d9761bd580b..44941203fc6 100644
--- a/src/main/java/edu/harvard/iq/dataverse/util/json/FileVersionDifferenceJsonPrinter.java
+++ b/src/main/java/edu/harvard/iq/dataverse/util/json/FileVersionDifferenceJsonPrinter.java
@@ -70,11 +70,8 @@ private static void addDatasetVersionDetails(JsonObjectBuilder jsonBuilder, File
                 .add("isReleased", datasetVersion.isReleased())
                 .add("isDeaccessioned", datasetVersion.isDeaccessioned())
                 .add("summary", datasetVersion.getVersionNote())
-                .add("contributors", fileMetadata.getContributorNames());
-
-        if (fileMetadata.getDataFile() != null && fileMetadata.getDataFile().getPublicationDate() != null) {
-            jsonBuilder.add("publishedDate", fileMetadata.getDataFile().getPublicationDate().toString());
-        }
+                .add("contributors", fileMetadata.getContributorNames())
+                .add("publishedDate", fileMetadata.getDatasetVersion().getPublicationDateAsString());
     }
 
     /**
diff --git a/src/test/java/edu/harvard/iq/dataverse/util/json/FileVersionDifferenceJsonPrinterTest.java b/src/test/java/edu/harvard/iq/dataverse/util/json/FileVersionDifferenceJsonPrinterTest.java
index 7eca3928750..fff0cebcd3e 100644
--- a/src/test/java/edu/harvard/iq/dataverse/util/json/FileVersionDifferenceJsonPrinterTest.java
+++ b/src/test/java/edu/harvard/iq/dataverse/util/json/FileVersionDifferenceJsonPrinterTest.java
@@ -48,6 +48,7 @@ void jsonFileVersionDifference_with_basic_dataset_and_file_details() {
         when(dataFile.getId()).thenReturn(42L);
         when(datasetVersion.getFriendlyVersionNumber()).thenReturn("V1");
         when(datasetVersion.getVersionState()).thenReturn(DatasetVersion.VersionState.RELEASED);
+        when(datasetVersion.getPublicationDateAsString()).thenReturn("2025-10-16");
         when(fileVersionDifference.getDifferenceSummaryGroups()).thenReturn(Collections.emptyList());
 
         // Act
@@ -56,6 +57,7 @@ void jsonFileVersionDifference_with_basic_dataset_and_file_details() {
         // Assert
         assertEquals("V1", result.getString("datasetVersion"));
         assertEquals("RELEASED", result.getString("versionState"));
+        assertEquals("2025-10-16", result.getString("publishedDate"));
         assertEquals(42, result.getInt("datafileId"));
         assertNotNull(result.getJsonObject("fileDifferenceSummary"));
         assertEquals("Test Version Note", result.getJsonObject("fileDifferenceSummary").getString("versionNote"));

From 272e50ec17bd5519b7ae83584307226b0b6e8d04 Mon Sep 17 00:00:00 2001
From: GPortas <hey@gportas.me>
Date: Thu, 16 Oct 2025 12:19:06 +0100
Subject: [PATCH 407/634] Fixed: GetFileVersionDifferencesCommand to display
 correct results

---
 .../GetFileVersionDifferencesCommand.java     | 120 ++++++++++++------
 .../GetFileVersionDifferencesCommandTest.java |  16 ++-
 2 files changed, 96 insertions(+), 40 deletions(-)

diff --git a/src/main/java/edu/harvard/iq/dataverse/engine/command/impl/GetFileVersionDifferencesCommand.java b/src/main/java/edu/harvard/iq/dataverse/engine/command/impl/GetFileVersionDifferencesCommand.java
index 7f9541e6e73..d822fa9455b 100644
--- a/src/main/java/edu/harvard/iq/dataverse/engine/command/impl/GetFileVersionDifferencesCommand.java
+++ b/src/main/java/edu/harvard/iq/dataverse/engine/command/impl/GetFileVersionDifferencesCommand.java
@@ -1,19 +1,24 @@
 package edu.harvard.iq.dataverse.engine.command.impl;
 
-import edu.harvard.iq.dataverse.*;
+import edu.harvard.iq.dataverse.Dataset;
+import edu.harvard.iq.dataverse.DatasetVersion;
+import edu.harvard.iq.dataverse.FileMetadata;
+import edu.harvard.iq.dataverse.FileVersionDifference;
+import edu.harvard.iq.dataverse.VersionedFileMetadata;
 import edu.harvard.iq.dataverse.authorization.Permission;
 import edu.harvard.iq.dataverse.engine.command.CommandContext;
 import edu.harvard.iq.dataverse.engine.command.DataverseRequest;
 import edu.harvard.iq.dataverse.engine.command.RequiredPermissions;
 
+import java.util.ArrayList;
+import java.util.Collections;
 import java.util.EnumSet;
 import java.util.List;
 import java.util.Objects;
-import java.util.stream.Collectors;
 
 /**
- * A command that retrieves the version history for a single file,
- * highlighting the differences between each version.
+ * Retrieves the version history for a single file, highlighting the
+ * differences between each version. This command is pagination-aware.
  */
 @RequiredPermissions({})
 public class GetFileVersionDifferencesCommand extends AbstractPaginatedCommand<List<FileVersionDifference>> {
@@ -25,13 +30,80 @@ public GetFileVersionDifferencesCommand(DataverseRequest request, FileMetadata f
         this.fileMetadata = Objects.requireNonNull(fileMetadata);
     }
 
+    /**
+     * Executes the command to generate a list of file version differences.
+     * <p>
+     * This method processes a paginated list of file history.
+     * It pairs each version with its successor from the list.
+     * For the last item on the page, it performs a single query to find its true predecessor, handling the pagination case.
+     *
+     * @param ctxt The command context.
+     * @return A list of {@link FileVersionDifference} objects.
+     */
     @Override
     public List<FileVersionDifference> executeCommand(CommandContext ctxt) {
         List<VersionedFileMetadata> fileHistory = findFileHistory(ctxt);
+        if (fileHistory.isEmpty()) {
+            return Collections.emptyList();
+        }
+
+        List<FileVersionDifference> differences = new ArrayList<>();
+
+        // Process all but the last item, using the next item in the list as the predecessor.
+        for (int i = 0; i < fileHistory.size() - 1; i++) {
+            VersionedFileMetadata current = fileHistory.get(i);
+            FileMetadata previous = fileHistory.get(i + 1).getFileMetadata();
+            differences.add(buildDifference(ctxt, current, previous));
+        }
+
+        // Handle the last item on the page separately. Its predecessor may not be in the current
+        // list, so we must query the database for it.
+        VersionedFileMetadata lastItemOnPage = fileHistory.get(fileHistory.size() - 1);
+        FileMetadata predecessor = findPredecessorFor(ctxt, lastItemOnPage);
+        differences.add(buildDifference(ctxt, lastItemOnPage, predecessor));
+
+        return differences;
+    }
+
+    /**
+     * Constructs a {@link FileVersionDifference} from a version's metadata and its predecessor.
+     *
+     * @param ctxt                   The command context.
+     * @param currentVersionMetadata The metadata for the current version in history.
+     * @param previousFileMetadata   The metadata for the preceding version (can be null).
+     * @return A new {@link FileVersionDifference} object.
+     */
+    private FileVersionDifference buildDifference(CommandContext ctxt, VersionedFileMetadata currentVersionMetadata, FileMetadata previousFileMetadata) {
+        FileMetadata currentFileMetadata = currentVersionMetadata.getFileMetadata();
+
+        if (currentFileMetadata != null) {
+            return createDifferenceForExistingFile(ctxt, currentFileMetadata, previousFileMetadata);
+        } else {
+            return createDifferenceForMissingFile(currentVersionMetadata.getDatasetVersion(), previousFileMetadata);
+        }
+    }
 
-        return fileHistory.stream()
-                .map(versionedFileMetadata -> createDifferenceFromHistory(ctxt, versionedFileMetadata))
-                .collect(Collectors.toList());
+    /**
+     * Creates a difference object for a version where the file exists.
+     * As a side effect, this method also enriches the metadata with contributor names.
+     */
+    private FileVersionDifference createDifferenceForExistingFile(CommandContext ctxt, FileMetadata current, FileMetadata previous) {
+        current.setContributorNames(ctxt.datasetVersion().getContributorsNames(current.getDatasetVersion()));
+        return new FileVersionDifference(current, previous, false);
+    }
+
+    /**
+     * Creates a placeholder difference object for a version where the file was absent.
+     */
+    private FileVersionDifference createDifferenceForMissingFile(DatasetVersion version, FileMetadata previous) {
+        FileMetadata placeholder = new FileMetadata();
+        placeholder.setDatasetVersion(version);
+        placeholder.setDataFile(null); // Explicitly null to indicate absence.
+
+        FileVersionDifference difference = new FileVersionDifference(placeholder, previous, true);
+        placeholder.setFileVersionDifference(difference);
+
+        return difference;
     }
 
     /**
@@ -40,12 +112,11 @@ public List<FileVersionDifference> executeCommand(CommandContext ctxt) {
     private List<VersionedFileMetadata> findFileHistory(CommandContext ctxt) {
         Dataset dataset = fileMetadata.getDatasetVersion().getDataset();
         boolean canViewUnpublished = canViewUnpublishedVersions(ctxt, dataset);
-
         return ctxt.files().findFileMetadataHistory(dataset.getId(), fileMetadata.getDataFile(), canViewUnpublished, limit, offset);
     }
 
     /**
-     * Determines if the user has permission to view non-released versions of the dataset.
+     * Determines if the user can view non-released versions of the dataset.
      */
     private boolean canViewUnpublishedVersions(CommandContext ctxt, Dataset dataset) {
         return ctxt.permissions().hasPermissionsFor(
@@ -56,33 +127,10 @@ private boolean canViewUnpublishedVersions(CommandContext ctxt, Dataset dataset)
     }
 
     /**
-     * Transforms a single historical entry into a FileVersionDifference object.
-     * As part of this process, it also enriches the file metadata with contributor names from that version.
+     * Finds the chronological predecessor for a given {@link VersionedFileMetadata}.
      */
-    private FileVersionDifference createDifferenceFromHistory(CommandContext ctxt, VersionedFileMetadata versionedFileMetadata) {
-        FileMetadata fileMetadata = versionedFileMetadata.getFileMetadata();
-        FileMetadata previous = ctxt.files().getPreviousFileMetadata(fileMetadata);
-
-        if (fileMetadata != null) {
-            fileMetadata.setContributorNames(ctxt.datasetVersion().getContributorsNames(fileMetadata.getDatasetVersion()));
-            return new FileVersionDifference(fileMetadata, previous, false);
-        }
-
-        return createDifferenceForNonexistentFile(versionedFileMetadata.getDatasetVersion(), previous);
-    }
-
-    /**
-     * Creates a special FileVersionDifference for versions where the file does not exist.
-     */
-    private FileVersionDifference createDifferenceForNonexistentFile(DatasetVersion version, FileMetadata previous) {
-        FileMetadata placeholder = new FileMetadata();
-        placeholder.setDatasetVersion(version);
-        // Explicitly null DataFile indicates the file does not exist.
-        placeholder.setDataFile(null);
-
-        FileVersionDifference difference = new FileVersionDifference(placeholder, previous, true);
-        placeholder.setFileVersionDifference(difference);
-
-        return difference;
+    private FileMetadata findPredecessorFor(CommandContext ctxt, VersionedFileMetadata versionedMetadata) {
+        FileMetadata current = versionedMetadata.getFileMetadata();
+        return (current != null) ? ctxt.files().getPreviousFileMetadata(current) : null;
     }
 }
diff --git a/src/test/java/edu/harvard/iq/dataverse/engine/command/impl/GetFileVersionDifferencesCommandTest.java b/src/test/java/edu/harvard/iq/dataverse/engine/command/impl/GetFileVersionDifferencesCommandTest.java
index ad6ad495eeb..f131f81cdff 100644
--- a/src/test/java/edu/harvard/iq/dataverse/engine/command/impl/GetFileVersionDifferencesCommandTest.java
+++ b/src/test/java/edu/harvard/iq/dataverse/engine/command/impl/GetFileVersionDifferencesCommandTest.java
@@ -174,10 +174,18 @@ void execute_should_convert_history_to_differences() throws CommandException {
         when(fileServiceMock.findFileMetadataHistory(any(), any(), anyBoolean(), any(), any()))
                 .thenReturn(history);
 
-        // Mock the logic to find the direct predecessor of each version
-        when(fileServiceMock.getPreviousFileMetadata(fm3)).thenReturn(fm2);
-        when(fileServiceMock.getPreviousFileMetadata(fm2)).thenReturn(fm1);
-        when(fileServiceMock.getPreviousFileMetadata(fm1)).thenReturn(null); // The oldest has no predecessor
+        when(fileServiceMock.getPreviousFileMetadata(any(FileMetadata.class))).thenAnswer(
+                invocation -> {
+                    FileMetadata current = invocation.getArgument(0);
+                    if (current != null && current.getId().equals(3L)) {
+                        return fm2;
+                    }
+                    if (current != null && current.getId().equals(2L)) {
+                        return fm1;
+                    }
+                    return null;
+                }
+        );
 
         // Mock the logic to retrieve contributor names
         when(datasetVersionServiceMock.getContributorsNames(any(DatasetVersion.class))).thenReturn(Collections.emptyList().toString());

From cc6517c7739f61e5dddd199d3b66154bb0c36334 Mon Sep 17 00:00:00 2001
From: Philip Durbin <philip_durbin@harvard.edu>
Date: Thu, 16 Oct 2025 10:15:50 -0400
Subject: [PATCH 408/634] embargoed files are also downloadable from a preview
 URL

Also, add links to where it's defined (and for restricted).
---
 doc/sphinx-guides/source/user/dataset-management.rst | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/doc/sphinx-guides/source/user/dataset-management.rst b/doc/sphinx-guides/source/user/dataset-management.rst
index 16d7509f780..5335931a89b 100755
--- a/doc/sphinx-guides/source/user/dataset-management.rst
+++ b/doc/sphinx-guides/source/user/dataset-management.rst
@@ -704,7 +704,7 @@ If you have a Contributor role (can edit metadata, upload files, and edit files,
 Preview URL to Review Unpublished Dataset
 =========================================
 
-Creating a Preview URL for a draft version of your dataset allows you to share your dataset (for viewing and downloading of files, including restricted files) before it is published to a wide group of individuals who may not have a user account on the Dataverse installation. Anyone you send the Preview URL to will not have to log into the Dataverse installation to view the unpublished dataset. Once a dataset has been published you may create new General Preview URLs for subsequent draft versions, but the Anonymous Preview URL will no longer be available.
+Creating a Preview URL for a draft version of your dataset allows you to share your dataset (for viewing and downloading of files, including :ref:`restricted <restricted-files>` and :ref:`embargoed <embargoes>` files) before it is published to a wide group of individuals who may not have a user account on the Dataverse installation. Anyone you send the Preview URL to will not have to log into the Dataverse installation to view the unpublished dataset. Once a dataset has been published you may create new General Preview URLs for subsequent draft versions, but the Anonymous Preview URL will no longer be available.
 
 **Note:** To create a Preview URL, you must have the *ManageDatasetPermissions* permission for your draft dataset, usually given by the :ref:`roles <permissions>` *Curator* or *Administrator*.
 
@@ -726,6 +726,8 @@ To disable a Preview URL and to revoke access, follow the same steps as above un
 
 Note that only one Preview URL (normal or with anonymized access) can be configured per dataset at a time. 
 
+.. _embargoes:
+
 Embargoes
 =========
 

From 54c0b724d1bcd2daff992013c2b632866e4e8577 Mon Sep 17 00:00:00 2001
From: Philip Durbin <philip_durbin@harvard.edu>
Date: Thu, 16 Oct 2025 10:32:53 -0400
Subject: [PATCH 409/634] typo #11831

---
 doc/sphinx-guides/source/contributor/documentation.md | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/doc/sphinx-guides/source/contributor/documentation.md b/doc/sphinx-guides/source/contributor/documentation.md
index 7f240d15790..614dba1d6a0 100644
--- a/doc/sphinx-guides/source/contributor/documentation.md
+++ b/doc/sphinx-guides/source/contributor/documentation.md
@@ -68,7 +68,7 @@ Then try running this command:
 
 `docker run -it --rm -v $(pwd):/docs sphinxdoc/sphinx:7.2.6 bash -c "cd doc/sphinx-guides && pip3 install -r requirements.txt && make html"`
 
-If all goes well, you should be able open `doc/sphinx-guides/build/html/index.html` to see the guides you just built.
+If all goes well, you should be able to open `doc/sphinx-guides/build/html/index.html` to see the guides you just built.
 
 #### Docker with a Makefile
 
@@ -106,7 +106,7 @@ Finally, you can try building the guides with the following command.
 
 `make html`
 
-If all goes well, you should be able open `doc/sphinx-guides/build/html/index.html` to see the guides you just built.
+If all goes well, you should be able to open `doc/sphinx-guides/build/html/index.html` to see the guides you just built.
 
 ## Editing, Building, and Previewing the Guides
 

From 49764d8d38fd2c26bd2cdaa5bd19976b3d632fd9 Mon Sep 17 00:00:00 2001
From: Jim Myers <qqmyers@hotmail.com>
Date: Thu, 16 Oct 2025 10:51:20 -0400
Subject: [PATCH 410/634] up to 6.2025.10, revert examples in docs to 6.2025.3

---
 .github/workflows/container_maintenance.yml                 | 4 ++--
 .../{11827-Payara-6.2025.9.md => 11827-Payara-6.2025.10.md} | 2 +-
 doc/sphinx-guides/source/container/base-image.rst           | 2 +-
 doc/sphinx-guides/source/developers/classic-dev-env.rst     | 6 +++---
 doc/sphinx-guides/source/installation/prerequisites.rst     | 6 +++---
 doc/sphinx-guides/source/qa/test-automation.md              | 2 +-
 modules/dataverse-parent/pom.xml                            | 2 +-
 7 files changed, 12 insertions(+), 12 deletions(-)
 rename doc/release-notes/{11827-Payara-6.2025.9.md => 11827-Payara-6.2025.10.md} (97%)

diff --git a/.github/workflows/container_maintenance.yml b/.github/workflows/container_maintenance.yml
index 744de1c5165..142363cbe1a 100644
--- a/.github/workflows/container_maintenance.yml
+++ b/.github/workflows/container_maintenance.yml
@@ -63,11 +63,11 @@ jobs:
       - discover
     outputs:
       # This is a JSON map with keys of branch names (supported releases & develop) and values containing an array of known image tags for the branch
-      # Example: {"v6.6": ["latest", "6.6-noble", "6.6-noble-r1"], "v6.5": ["6.5-noble", "6.5-noble-r5"], "v6.4": ["6.4-noble", "6.4-noble-r12"], "develop": ["unstable", "6.7-noble", "6.7-noble-p6.2025.9-j17"]}
+      # Example: {"v6.6": ["latest", "6.6-noble", "6.6-noble-r1"], "v6.5": ["6.5-noble", "6.5-noble-r5"], "v6.4": ["6.4-noble", "6.4-noble-r12"], "develop": ["unstable", "6.7-noble", "6.7-noble-p6.2025.3-j17"]}
       supported_tag_matrix: ${{ steps.execute.outputs.supported_tag_matrix }}
 
       # This is a JSON list containing a flattened map of branch names and the latest non-rolling tag
-      # Example: [ "v6.6=gdcc/base:6.6-noble-r1", "v6.5=gdcc/base:6.5-noble-r5", "v6.4=gdcc/base:6.4-noble-r12", "develop=gdcc/base:6.7-noble-p6.2025.9-j17" ]
+      # Example: [ "v6.6=gdcc/base:6.6-noble-r1", "v6.5=gdcc/base:6.5-noble-r5", "v6.4=gdcc/base:6.4-noble-r12", "develop=gdcc/base:6.7-noble-p6.2025.3-j17" ]
       rebuilt_images: ${{ steps.execute.outputs.rebuilt_images }}
 
     steps:
diff --git a/doc/release-notes/11827-Payara-6.2025.9.md b/doc/release-notes/11827-Payara-6.2025.10.md
similarity index 97%
rename from doc/release-notes/11827-Payara-6.2025.9.md
rename to doc/release-notes/11827-Payara-6.2025.10.md
index 1a084312358..c79ec04e696 100644
--- a/doc/release-notes/11827-Payara-6.2025.9.md
+++ b/doc/release-notes/11827-Payara-6.2025.10.md
@@ -1,3 +1,3 @@
-The recommended Payara version has been updated to Payara-6.2025.9
+The recommended Payara version has been updated to Payara-6.2025.10
 
 Standard Payara upgrade instructions - as in the 6.7 release notes should be added.
diff --git a/doc/sphinx-guides/source/container/base-image.rst b/doc/sphinx-guides/source/container/base-image.rst
index 0720995deb2..4adc6bb6fb1 100644
--- a/doc/sphinx-guides/source/container/base-image.rst
+++ b/doc/sphinx-guides/source/container/base-image.rst
@@ -82,7 +82,7 @@ For now, stale images will be kept on Docker Hub indefinitely.
     Will roll over to the rolling production tag after a Dataverse release.
 - | **Flexible Stack**
   | Definition: ``<dv-major>.<dv-minor-next>-<flavor>-p<payara.version>-j<java.version>``
-  | Example: :substitution-code:`|nextVersion|-noble-p6.2025.9-j17`
+  | Example: :substitution-code:`|nextVersion|-noble-p6.2025.3-j17`
   | Summary: Rolling tag during a development cycle of the Dataverse software (`Dockerfile <https://github.com/IQSS/dataverse/tree/develop/modules/container-base/src/main/docker/Dockerfile>`__).
 
 **NOTE**: In these tags for development usage, the version number will always be 1 minor version ahead of existing Dataverse releases.
diff --git a/doc/sphinx-guides/source/developers/classic-dev-env.rst b/doc/sphinx-guides/source/developers/classic-dev-env.rst
index 1c9e4d5c35d..5dc68325767 100755
--- a/doc/sphinx-guides/source/developers/classic-dev-env.rst
+++ b/doc/sphinx-guides/source/developers/classic-dev-env.rst
@@ -93,15 +93,15 @@ On Linux, install ``jq`` from your package manager or download a binary from htt
 Install Payara
 ~~~~~~~~~~~~~~
 
-Payara 6.2025.9 or higher is required.
+Payara 6.2025.10 or higher is required.
 
 To install Payara, run the following commands:
 
 ``cd /usr/local``
 
-``sudo curl -O -L https://nexus.payara.fish/repository/payara-community/fish/payara/distributions/payara/6.2025.9/payara-6.2025.9.zip``
+``sudo curl -O -L https://nexus.payara.fish/repository/payara-community/fish/payara/distributions/payara/6.2025.10/payara-6.2025.10.zip``
 
-``sudo unzip payara-6.2025.9.zip``
+``sudo unzip payara-6.2025.10.zip``
 
 ``sudo chown -R $USER /usr/local/payara6``
 
diff --git a/doc/sphinx-guides/source/installation/prerequisites.rst b/doc/sphinx-guides/source/installation/prerequisites.rst
index 2b456f7c0ed..70a1c618fe5 100644
--- a/doc/sphinx-guides/source/installation/prerequisites.rst
+++ b/doc/sphinx-guides/source/installation/prerequisites.rst
@@ -44,7 +44,7 @@ On RHEL/derivative you can make Java 17 the default with the ``alternatives`` co
 Payara
 ------
 
-Payara 6.2025.9 is recommended. Newer versions might work fine. Regular updates are recommended.
+Payara 6.2025.10 is recommended. Newer versions might work fine. Regular updates are recommended.
 
 Installing Payara
 =================
@@ -55,8 +55,8 @@ Installing Payara
 
 - Download and install Payara (installed in ``/usr/local/payara6`` in the example commands below)::
 
-	# wget https://nexus.payara.fish/repository/payara-community/fish/payara/distributions/payara/6.2025.9/payara-6.2025.9.zip
-	# unzip payara-6.2025.9.zip
+	# wget https://nexus.payara.fish/repository/payara-community/fish/payara/distributions/payara/6.2025.10/payara-6.2025.10.zip
+	# unzip payara-6.2025.10.zip
 	# mv payara6 /usr/local
 
 If nexus.payara.fish is ever down for maintenance, Payara distributions are also available from https://repo1.maven.org/maven2/fish/payara/distributions/payara/
diff --git a/doc/sphinx-guides/source/qa/test-automation.md b/doc/sphinx-guides/source/qa/test-automation.md
index 7650b41db81..a9f40a7dab2 100644
--- a/doc/sphinx-guides/source/qa/test-automation.md
+++ b/doc/sphinx-guides/source/qa/test-automation.md
@@ -52,7 +52,7 @@ Go to the end of the log and then scroll up, looking for the failure. A failed A
 
 ```
 TASK [dataverse : download payara zip] *****************************************
-fatal: [localhost]: FAILED! => {"changed": false, "dest": "/tmp/payara.zip", "elapsed": 10, "msg": "Request failed: <urlopen error timed out>", "url": "https://nexus.payara.fish/repository/payara-community/fish/payara/distributions/payara/6.2025.9/payara-6.2025.9.zip"}
+fatal: [localhost]: FAILED! => {"changed": false, "dest": "/tmp/payara.zip", "elapsed": 10, "msg": "Request failed: <urlopen error timed out>", "url": "https://nexus.payara.fish/repository/payara-community/fish/payara/distributions/payara/6.2025.10/payara-6.2025.10.zip"}
 ```
 
 In the example above, if Payara can't be downloaded, we're obviously going to have problems deploying Dataverse to it!
diff --git a/modules/dataverse-parent/pom.xml b/modules/dataverse-parent/pom.xml
index 33491630848..c2cca5f98e0 100644
--- a/modules/dataverse-parent/pom.xml
+++ b/modules/dataverse-parent/pom.xml
@@ -149,7 +149,7 @@
         <argLine>-Duser.timezone=${project.timezone} -Dfile.encoding=${project.build.sourceEncoding} -Duser.language=${project.language} -Duser.region=${project.region}</argLine>
     
         <!-- Major system components and dependencies -->
-        <payara.version>6.2025.9</payara.version>
+        <payara.version>6.2025.10</payara.version>
         <postgresql.version>42.7.7</postgresql.version>
         <solr.version>9.8.0</solr.version>
         <aws.version>2.33.0</aws.version>

From 8d4d14d8715f8daaf20bb143a71339916ddb6f38 Mon Sep 17 00:00:00 2001
From: Jim Myers <qqmyers@hotmail.com>
Date: Thu, 16 Oct 2025 11:47:21 -0400
Subject: [PATCH 411/634] storedprocedure fix

---
 src/main/java/edu/harvard/iq/dataverse/GuestbookResponse.java | 4 +---
 .../harvard/iq/dataverse/GuestbookResponseServiceBean.java    | 2 +-
 2 files changed, 2 insertions(+), 4 deletions(-)

diff --git a/src/main/java/edu/harvard/iq/dataverse/GuestbookResponse.java b/src/main/java/edu/harvard/iq/dataverse/GuestbookResponse.java
index 830c7740e34..ed89ae2a858 100644
--- a/src/main/java/edu/harvard/iq/dataverse/GuestbookResponse.java
+++ b/src/main/java/edu/harvard/iq/dataverse/GuestbookResponse.java
@@ -29,9 +29,7 @@
 @NamedStoredProcedureQuery(
         name = "GuestbookResponse.estimateGuestBookResponseTableSize",
         procedureName = "estimateGuestBookResponseTableSize",
-        parameters = {
-            @StoredProcedureParameter(mode = ParameterMode.OUT, type = Long.class)
-        }
+        resultClasses = Long.class
 )
 @Entity
 @Table(indexes = {
diff --git a/src/main/java/edu/harvard/iq/dataverse/GuestbookResponseServiceBean.java b/src/main/java/edu/harvard/iq/dataverse/GuestbookResponseServiceBean.java
index 6c043b78941..1fece900244 100644
--- a/src/main/java/edu/harvard/iq/dataverse/GuestbookResponseServiceBean.java
+++ b/src/main/java/edu/harvard/iq/dataverse/GuestbookResponseServiceBean.java
@@ -954,7 +954,7 @@ public Long getTotalDownloadCount() {
         try {        
             StoredProcedureQuery query = this.em.createNamedStoredProcedureQuery("GuestbookResponse.estimateGuestBookResponseTableSize");
             query.execute();
-            Long totalCount = (Long) query.getOutputParameterValue(1);
+            Long totalCount = (Long) query.getSingleResult();
         
             if (totalCount != null) {
                 return totalCount;

From 603ae73bb519206e9fbf9d284c4ebe7c13e5af67 Mon Sep 17 00:00:00 2001
From: Jim Myers <qqmyers@hotmail.com>
Date: Thu, 16 Oct 2025 12:13:46 -0400
Subject: [PATCH 412/634] switch to native query

---
 .../harvard/iq/dataverse/GuestbookResponse.java  |  5 -----
 .../dataverse/GuestbookResponseServiceBean.java  | 16 ++++++----------
 2 files changed, 6 insertions(+), 15 deletions(-)

diff --git a/src/main/java/edu/harvard/iq/dataverse/GuestbookResponse.java b/src/main/java/edu/harvard/iq/dataverse/GuestbookResponse.java
index ed89ae2a858..ee444198654 100644
--- a/src/main/java/edu/harvard/iq/dataverse/GuestbookResponse.java
+++ b/src/main/java/edu/harvard/iq/dataverse/GuestbookResponse.java
@@ -26,11 +26,6 @@
  *
  * @author skraffmiller
  */
-@NamedStoredProcedureQuery(
-        name = "GuestbookResponse.estimateGuestBookResponseTableSize",
-        procedureName = "estimateGuestBookResponseTableSize",
-        resultClasses = Long.class
-)
 @Entity
 @Table(indexes = {
         @Index(columnList = "guestbook_id"),
diff --git a/src/main/java/edu/harvard/iq/dataverse/GuestbookResponseServiceBean.java b/src/main/java/edu/harvard/iq/dataverse/GuestbookResponseServiceBean.java
index 1fece900244..a49845ce834 100644
--- a/src/main/java/edu/harvard/iq/dataverse/GuestbookResponseServiceBean.java
+++ b/src/main/java/edu/harvard/iq/dataverse/GuestbookResponseServiceBean.java
@@ -951,16 +951,12 @@ public Long getTotalDownloadCount() {
         // somehow. -- L.A. 5.6
         
         
-        try {        
-            StoredProcedureQuery query = this.em.createNamedStoredProcedureQuery("GuestbookResponse.estimateGuestBookResponseTableSize");
-            query.execute();
-            Long totalCount = (Long) query.getSingleResult();
-        
-            if (totalCount != null) {
-                return totalCount;
-            }
-        } catch (IllegalArgumentException iae) {
-            // Don't do anything, we'll fall back to using "SELECT COUNT()"
+     // In GuestbookResponseServiceBean.java
+        try {
+            Query query = em.createNativeQuery("SELECT estimateGuestBookResponseTableSize()");
+            return ((Number) query.getSingleResult()).longValue();
+        } catch (Exception e) {
+            // Fall back to using "SELECT COUNT()"
         }
         Query query = em.createNativeQuery("select count(o.id) from GuestbookResponse  o where eventtype != '" + GuestbookResponse.ACCESS_REQUEST +"';");
         return (Long) query.getSingleResult();

From 81aa56b30a059a1302f5d814f3757c9d5f03742b Mon Sep 17 00:00:00 2001
From: Jim Myers <qqmyers@hotmail.com>
Date: Thu, 16 Oct 2025 18:42:27 -0400
Subject: [PATCH 413/634] test per review

---
 .../DatasetFieldServiceBeanTest.java          | 57 +++++++++++++++++++
 1 file changed, 57 insertions(+)

diff --git a/src/test/java/edu/harvard/iq/dataverse/DatasetFieldServiceBeanTest.java b/src/test/java/edu/harvard/iq/dataverse/DatasetFieldServiceBeanTest.java
index 873d417131d..8e6fc76c134 100644
--- a/src/test/java/edu/harvard/iq/dataverse/DatasetFieldServiceBeanTest.java
+++ b/src/test/java/edu/harvard/iq/dataverse/DatasetFieldServiceBeanTest.java
@@ -1,6 +1,9 @@
 package edu.harvard.iq.dataverse;
 
 import static org.junit.jupiter.api.Assertions.assertEquals;
+import static org.junit.jupiter.api.Assertions.assertNotNull;
+import static org.junit.jupiter.api.Assertions.assertNull;
+import static org.junit.jupiter.api.Assertions.assertTrue;
 
 import java.io.File;
 import java.io.IOException;
@@ -17,7 +20,10 @@
 
 import edu.harvard.iq.dataverse.settings.SettingsServiceBean;
 import jakarta.json.Json;
+import jakarta.json.JsonArray;
+import jakarta.json.JsonArrayBuilder;
 import jakarta.json.JsonObject;
+import jakarta.json.JsonObjectBuilder;
 
 public class DatasetFieldServiceBeanTest {
 
@@ -152,6 +158,57 @@ void getIndexableStringsByTermUriOrcid() throws IOException {
         assertEquals(Collections.emptySet(), result);
     }
 
+    @Test
+    public void testProcessPathSegmentWithArrayStringMatching() {
+        // Create a DatasetFieldServiceBean instance
+        DatasetFieldServiceBean bean = new DatasetFieldServiceBean();
+
+        String termUri = "http://example.org/term/123";
+
+        // Create a JSON structure with an array containing string values
+        JsonArrayBuilder tagsArrayBuilder = Json.createArrayBuilder();
+        JsonObject testObject = Json.createObjectBuilder().add("tag", Json.createArrayBuilder().add("research").add("science")).add("name", "one").build();
+        tagsArrayBuilder.add(testObject);
+        JsonObject testObject2 = Json.createObjectBuilder().add("tag", "art").add("name", "two").build();
+        tagsArrayBuilder.add(testObject2);
+        JsonObject testObject3 = Json.createObjectBuilder().add("tag", termUri).add("name", "three").build();
+        tagsArrayBuilder.add(testObject3);
+        JsonArray tags = tagsArrayBuilder.build();
+
+        // Test case 1: Match a string in an array of strings
+        String[] pathParts = { "tag=research", "name" };
+        Object result = bean.processPathSegment(0, pathParts, tags, termUri);
+
+        // The method should return the test object when a match is found
+        // Result should not be null when a match is found
+        assertNotNull(result);
+        assertEquals("one", result, "Result should be the original test object");
+
+        // Test case 2: Match a string
+        pathParts[0] = "tag=art";
+        result = bean.processPathSegment(0, pathParts, tags, termUri);
+
+        // The method should return the test object when a match is found
+        // Result should not be null when a match is found
+        assertNotNull(result);
+        assertEquals("two", result, "Result should be the original test object");
+
+        // Test case 3: No match in the array
+        String[] noMatchPathParts = { "tags=nonexistent" };
+        Object noMatchResult = bean.processPathSegment(0, noMatchPathParts, testObject, termUri);
+
+        // The method should return null when no match is found
+        assertNull(noMatchResult, "Result should be null when no match is found");
+
+        // Test case 4: Match with @id substitution
+
+        String[] idPathParts = { "tag=@id", "name" };
+        Object idResult = bean.processPathSegment(0, idPathParts, tags, termUri);
+
+        assertNotNull(idResult, "Result should not be null when matching with @id");
+        assertEquals("three", idResult, "Result should be the original test object");
+    }
+
     /**
      * Prepare unit tests with mock methods.
      *

From 4f9edceab0be9eb5dffe495ec6f4c07e8874cbdf Mon Sep 17 00:00:00 2001
From: GPortas <hey@gportas.me>
Date: Fri, 17 Oct 2025 10:45:56 +0100
Subject: [PATCH 414/634] Added: getDatasetVersionCount JPA-Criteria based
 method to DatasetVersionServiceBean

---
 .../dataverse/DatasetVersionServiceBean.java  | 52 ++++++++++++++++++-
 1 file changed, 50 insertions(+), 2 deletions(-)

diff --git a/src/main/java/edu/harvard/iq/dataverse/DatasetVersionServiceBean.java b/src/main/java/edu/harvard/iq/dataverse/DatasetVersionServiceBean.java
index 0a60051ea10..60df1fd3dfd 100644
--- a/src/main/java/edu/harvard/iq/dataverse/DatasetVersionServiceBean.java
+++ b/src/main/java/edu/harvard/iq/dataverse/DatasetVersionServiceBean.java
@@ -36,6 +36,10 @@
 import jakarta.persistence.PersistenceContext;
 import jakarta.persistence.Query;
 import jakarta.persistence.TypedQuery;
+import jakarta.persistence.criteria.CriteriaBuilder;
+import jakarta.persistence.criteria.CriteriaQuery;
+import jakarta.persistence.criteria.Predicate;
+import jakarta.persistence.criteria.Root;
 import org.apache.commons.lang3.StringUtils;
 
 /**
@@ -1284,5 +1288,49 @@ public List<DatasetVersion> getUnarchivedDatasetVersions(){
             logger.log(Level.WARNING, "EJBException exception: {0}", e.getMessage());
             return null;
         }
-    } // end getUnarchivedDatasetVersions
-} // end class
+    }
+
+    /**
+     * Calculates the total number of versions for a specified dataset.
+     * <p>
+     * This method provides a flexible way to count dataset versions. It can either
+     * return a total count of all versions or restrict the count to only those
+     * that are publicly visible (i.e., {@code RELEASED} or {@code DEACCESSIONED}).
+     * This is particularly useful for displaying different counts to users with
+     * different permission levels.
+     *
+     * @param datasetId The unique identifier of the dataset for which to count versions.
+     * Must not be {@code null}.
+     * @param canViewUnpublishedVersions A boolean flag that controls the scope of the count:
+     * <ul>
+     * <li>{@code true} - All versions of the dataset are counted,
+     * regardless of their {@link VersionState}.</li>
+     * <li>{@code false} - Only versions with a state of
+     * {@link VersionState#RELEASED} or
+     * {@link VersionState#DEACCESSIONED} are counted.</li>
+     * </ul>
+     * @return A {@code Long} representing the total count of matching dataset versions.
+     * This will be {@code 0L} if the dataset has no versions or does not exist.
+     */
+    public Long getDatasetVersionCount(Long datasetId, boolean canViewUnpublishedVersions) {
+        CriteriaBuilder cb = em.getCriteriaBuilder();
+        CriteriaQuery<Long> cq = cb.createQuery(Long.class);
+        Root<DatasetVersion> versionRoot = cq.from(DatasetVersion.class);
+
+        List<Predicate> predicates = new ArrayList<>();
+
+        // Add the primary predicate to filter by the dataset's ID.
+        predicates.add(cb.equal(versionRoot.join("dataset").get("id"), datasetId));
+
+        // Conditionally add a predicate to filter for public versions only.
+        if (!canViewUnpublishedVersions) {
+            predicates.add(versionRoot.get("versionState").in(
+                    VersionState.RELEASED, VersionState.DEACCESSIONED));
+        }
+
+        cq.select(cb.count(versionRoot))
+                .where(predicates.toArray(new Predicate[0]));
+
+        return em.createQuery(cq).getSingleResult();
+    }
+}

From ea27c82cc786c51e8def31a8c1a502237d040f39 Mon Sep 17 00:00:00 2001
From: GPortas <hey@gportas.me>
Date: Fri, 17 Oct 2025 10:50:58 +0100
Subject: [PATCH 415/634] Added: GetDatasetVersionCountCommand

---
 .../impl/GetDatasetVersionCountCommand.java   |  42 +++++++
 .../GetDatasetVersionCountCommandTest.java    | 118 ++++++++++++++++++
 2 files changed, 160 insertions(+)
 create mode 100644 src/main/java/edu/harvard/iq/dataverse/engine/command/impl/GetDatasetVersionCountCommand.java
 create mode 100644 src/test/java/edu/harvard/iq/dataverse/engine/command/impl/GetDatasetVersionCountCommandTest.java

diff --git a/src/main/java/edu/harvard/iq/dataverse/engine/command/impl/GetDatasetVersionCountCommand.java b/src/main/java/edu/harvard/iq/dataverse/engine/command/impl/GetDatasetVersionCountCommand.java
new file mode 100644
index 00000000000..752f316783e
--- /dev/null
+++ b/src/main/java/edu/harvard/iq/dataverse/engine/command/impl/GetDatasetVersionCountCommand.java
@@ -0,0 +1,42 @@
+package edu.harvard.iq.dataverse.engine.command.impl;
+
+import edu.harvard.iq.dataverse.Dataset;
+import edu.harvard.iq.dataverse.authorization.Permission;
+import edu.harvard.iq.dataverse.engine.command.AbstractCommand;
+import edu.harvard.iq.dataverse.engine.command.CommandContext;
+import edu.harvard.iq.dataverse.engine.command.DataverseRequest;
+import edu.harvard.iq.dataverse.engine.command.RequiredPermissions;
+import edu.harvard.iq.dataverse.engine.command.exception.CommandException;
+
+import java.util.EnumSet;
+
+/**
+ * Retrieves the version count for a single dataset.
+ * Depending on user permissions, unpublished versions will be counted or not.
+ */
+@RequiredPermissions({})
+public class GetDatasetVersionCountCommand extends AbstractCommand<Long> {
+
+    private final Dataset dataset;
+
+    public GetDatasetVersionCountCommand(DataverseRequest request, Dataset dataset) {
+        super(request, dataset);
+        this.dataset = dataset;
+    }
+
+    @Override
+    public Long execute(CommandContext ctxt) throws CommandException {
+        return ctxt.datasetVersion().getDatasetVersionCount(dataset.getId(), canViewUnpublishedVersions(ctxt, dataset));
+    }
+
+    /**
+     * Determines if the user can view non-released versions of the dataset.
+     */
+    private boolean canViewUnpublishedVersions(CommandContext ctxt, Dataset dataset) {
+        return ctxt.permissions().hasPermissionsFor(
+                getRequest().getUser(),
+                dataset,
+                EnumSet.of(Permission.ViewUnpublishedDataset)
+        );
+    }
+}
diff --git a/src/test/java/edu/harvard/iq/dataverse/engine/command/impl/GetDatasetVersionCountCommandTest.java b/src/test/java/edu/harvard/iq/dataverse/engine/command/impl/GetDatasetVersionCountCommandTest.java
new file mode 100644
index 00000000000..a02ffa4b50f
--- /dev/null
+++ b/src/test/java/edu/harvard/iq/dataverse/engine/command/impl/GetDatasetVersionCountCommandTest.java
@@ -0,0 +1,118 @@
+package edu.harvard.iq.dataverse.engine.command.impl;
+
+import edu.harvard.iq.dataverse.Dataset;
+import edu.harvard.iq.dataverse.DatasetVersionServiceBean;
+import edu.harvard.iq.dataverse.PermissionServiceBean;
+import edu.harvard.iq.dataverse.authorization.Permission;
+import edu.harvard.iq.dataverse.authorization.users.AuthenticatedUser;
+import edu.harvard.iq.dataverse.engine.command.CommandContext;
+import edu.harvard.iq.dataverse.engine.command.DataverseRequest;
+import edu.harvard.iq.dataverse.engine.command.exception.CommandException;
+import org.junit.jupiter.api.BeforeEach;
+import org.junit.jupiter.api.DisplayName;
+import org.junit.jupiter.api.Test;
+import org.junit.jupiter.api.extension.ExtendWith;
+import org.mockito.Mock;
+import org.mockito.junit.jupiter.MockitoExtension;
+
+import java.util.EnumSet;
+
+import static org.junit.jupiter.api.Assertions.assertEquals;
+import static org.mockito.ArgumentMatchers.eq;
+import static org.mockito.Mockito.verify;
+import static org.mockito.Mockito.when;
+
+@ExtendWith(MockitoExtension.class)
+class GetDatasetVersionCountCommandTest {
+
+    @Mock
+    private CommandContext commandContextMock;
+    @Mock
+    private DataverseRequest dataverseRequestMock;
+    @Mock
+    private DatasetVersionServiceBean datasetVersionServiceMock;
+    @Mock
+    private PermissionServiceBean permissionServiceMock;
+    @Mock
+    private Dataset datasetMock;
+    @Mock
+    private AuthenticatedUser userMock;
+
+    private static final Long TEST_DATASET_ID = 42L;
+
+    @BeforeEach
+    void setUp() {
+        when(commandContextMock.datasetVersion()).thenReturn(datasetVersionServiceMock);
+        when(commandContextMock.permissions()).thenReturn(permissionServiceMock);
+        when(datasetMock.getId()).thenReturn(TEST_DATASET_ID);
+        when(dataverseRequestMock.getUser()).thenReturn(userMock);
+    }
+
+    @Test
+    @DisplayName("Should count ALL versions when user has ViewUnpublishedDataset permission")
+    void execute_whenUserCanViewUnpublished_countsAllVersions() throws CommandException {
+        // Arrange
+        // Simulate that the user has the required permission
+        when(permissionServiceMock.hasPermissionsFor(
+                eq(userMock),
+                eq(datasetMock),
+                eq(EnumSet.of(Permission.ViewUnpublishedDataset))
+        )).thenReturn(true);
+
+        // Define the expected count when all versions are included
+        Long expectedTotalCount = 10L;
+        when(datasetVersionServiceMock.getDatasetVersionCount(TEST_DATASET_ID, true)).thenReturn(expectedTotalCount);
+
+        GetDatasetVersionCountCommand command = new GetDatasetVersionCountCommand(dataverseRequestMock, datasetMock);
+
+        // Act
+        Long actualCount = command.execute(commandContextMock);
+
+        // Assert
+        assertEquals(expectedTotalCount, actualCount, "The count should include all versions (published and unpublished).");
+
+        // Verify that the permission check was performed
+        verify(permissionServiceMock).hasPermissionsFor(
+                eq(userMock),
+                eq(datasetMock),
+                eq(EnumSet.of(Permission.ViewUnpublishedDataset))
+        );
+
+        // Verify the service was called with 'true' to indicate unpublished versions should be counted
+        verify(datasetVersionServiceMock).getDatasetVersionCount(TEST_DATASET_ID, true);
+    }
+
+    @Test
+    @DisplayName("Should count ONLY published versions when user lacks ViewUnpublishedDataset permission")
+    void execute_whenUserCannotViewUnpublished_countsOnlyPublishedVersions() throws CommandException {
+        // Arrange
+        // Simulate that the user does NOT have the required permission
+        when(permissionServiceMock.hasPermissionsFor(
+                eq(userMock),
+                eq(datasetMock),
+                eq(EnumSet.of(Permission.ViewUnpublishedDataset))
+        )).thenReturn(false);
+
+        // Define the expected count when only published versions are included
+        Long expectedPublishedCount = 5L;
+        when(datasetVersionServiceMock.getDatasetVersionCount(TEST_DATASET_ID, false)).thenReturn(expectedPublishedCount);
+
+        GetDatasetVersionCountCommand command = new GetDatasetVersionCountCommand(dataverseRequestMock, datasetMock);
+
+        // Act
+        Long actualCount = command.execute(commandContextMock);
+
+        // Assert
+        assertEquals(expectedPublishedCount, actualCount, "The count should only include published versions.");
+
+        // Verify that the permission check was performed
+        verify(permissionServiceMock).hasPermissionsFor(
+                eq(userMock),
+                eq(datasetMock),
+                eq(EnumSet.of(Permission.ViewUnpublishedDataset))
+        );
+
+        // Verify the service was called with 'false' to indicate only published versions should be counted
+        verify(datasetVersionServiceMock).getDatasetVersionCount(TEST_DATASET_ID, false);
+    }
+}

From 5cd3811dd6be75cdeeffd6731566c3fda6dae1a9 Mon Sep 17 00:00:00 2001
From: GPortas <hey@gportas.me>
Date: Fri, 17 Oct 2025 10:53:38 +0100
Subject: [PATCH 416/634] Added: totalCount to response in dataset version
 differences API

---
 src/main/java/edu/harvard/iq/dataverse/api/Datasets.java | 7 ++++++-
 .../edu/harvard/iq/dataverse/util/json/JsonPrinter.java  | 8 ++++----
 .../java/edu/harvard/iq/dataverse/api/DatasetsIT.java    | 9 +++++++++
 3 files changed, 19 insertions(+), 5 deletions(-)

diff --git a/src/main/java/edu/harvard/iq/dataverse/api/Datasets.java b/src/main/java/edu/harvard/iq/dataverse/api/Datasets.java
index e418d7e79b7..3fd490c38bc 100644
--- a/src/main/java/edu/harvard/iq/dataverse/api/Datasets.java
+++ b/src/main/java/edu/harvard/iq/dataverse/api/Datasets.java
@@ -16,6 +16,7 @@
 import edu.harvard.iq.dataverse.batch.jobs.importer.ImportMode;
 import edu.harvard.iq.dataverse.dataaccess.*;
 import edu.harvard.iq.dataverse.datacapturemodule.DataCaptureModuleUtil;
+import edu.harvard.iq.dataverse.datasetversionsummaries.DatasetVersionSummary;
 import software.amazon.awssdk.services.s3.model.CompletedPart;
 import edu.harvard.iq.dataverse.datacapturemodule.ScriptRequestResponse;
 import edu.harvard.iq.dataverse.dataset.*;
@@ -3143,7 +3144,11 @@ public Response getCompareVersionsSummary(@Context ContainerRequestContext crc,
                                               @QueryParam("offset") Integer offset) {
         return response(req -> {
             try {
-                return ok(jsonDatasetVersionSummaries(execCommand(new GetDatasetVersionSummariesCommand(req, findDatasetOrDie(id), limit, offset))));
+                Dataset dataset = findDatasetOrDie(id);
+                List<DatasetVersionSummary> versionSummaries = execCommand(new GetDatasetVersionSummariesCommand(req, dataset, limit, offset));
+                JsonArrayBuilder versionSummariesArrayBuilder = jsonDatasetVersionSummaries(versionSummaries);
+                long datasetVersionTotalCount = execCommand(new GetDatasetVersionCountCommand(req, dataset));
+                return ok(versionSummariesArrayBuilder, datasetVersionTotalCount);
             } catch (WrappedResponse wr) {
                 return wr.getResponse();
             }
diff --git a/src/main/java/edu/harvard/iq/dataverse/util/json/JsonPrinter.java b/src/main/java/edu/harvard/iq/dataverse/util/json/JsonPrinter.java
index 0e34ed975e3..4cc392ac976 100644
--- a/src/main/java/edu/harvard/iq/dataverse/util/json/JsonPrinter.java
+++ b/src/main/java/edu/harvard/iq/dataverse/util/json/JsonPrinter.java
@@ -1720,14 +1720,14 @@ public static JsonArrayBuilder json(List<UserNotification> notifications, Authen
         return notificationsArray;
     }
 
-    public static JsonArray jsonDatasetVersionSummaries(List<DatasetVersionSummary> summaries) {
+    public static JsonArrayBuilder jsonDatasetVersionSummaries(List<DatasetVersionSummary> summaries) {
         JsonArrayBuilder arrayBuilder = Json.createArrayBuilder();
         summaries.stream()
                 .filter(Objects::nonNull)
                 .map(JsonPrinter::json)
                 .forEach(arrayBuilder::add);
 
-        return arrayBuilder.build();
+        return arrayBuilder;
     }
 
     private static JsonObjectBuilder json(DatasetVersionSummary summary) {
@@ -1762,13 +1762,13 @@ private static JsonObjectBuilder json(DatasetVersionSummary summary) {
         return jsonObjectBuilder;
     }
 
-    public static JsonArray jsonFileVersionSummaries(List<FileVersionDifference> differences) {
+    public static JsonArrayBuilder jsonFileVersionSummaries(List<FileVersionDifference> differences) {
         JsonArrayBuilder arrayBuilder = Json.createArrayBuilder();
         differences.stream()
                 .filter(Objects::nonNull)
                 .map(diff -> jsonFileVersionDifference(diff).build())
                 .forEach(arrayBuilder::add);
 
-        return arrayBuilder.build();
+        return arrayBuilder;
     }
 }
diff --git a/src/test/java/edu/harvard/iq/dataverse/api/DatasetsIT.java b/src/test/java/edu/harvard/iq/dataverse/api/DatasetsIT.java
index 31f4669cd42..c648326e598 100644
--- a/src/test/java/edu/harvard/iq/dataverse/api/DatasetsIT.java
+++ b/src/test/java/edu/harvard/iq/dataverse/api/DatasetsIT.java
@@ -6534,6 +6534,8 @@ public void testSummaryDatasetVersionsDifferencesAPI() throws InterruptedExcepti
         compareResponse.prettyPrint();
 
         compareResponse.then().assertThat()
+                .body("totalCount", is(2))
+                .body("data.size()", is(2))
                 .body("data[1].versionNumber", equalTo("1.0"))
                 .body("data[1].summary", equalTo("firstPublished"))
                 .body("data[0].versionNumber", equalTo("DRAFT"))
@@ -6556,6 +6558,8 @@ public void testSummaryDatasetVersionsDifferencesAPI() throws InterruptedExcepti
         Response compareResponse2 = UtilIT.summaryDatasetVersionDifferences(datasetPersistentId, apiTokenNoPriv);
         compareResponse2.prettyPrint();
         compareResponse2.then().assertThat()
+                .body("totalCount", is(1))
+                .body("data.size()", is(1))
                 .body("data[0].versionNumber", CoreMatchers.equalTo("1.0"))
                 .body("data[0].summary", CoreMatchers.equalTo("firstPublished"))
                 .statusCode(OK.getStatusCode());
@@ -6567,6 +6571,8 @@ public void testSummaryDatasetVersionsDifferencesAPI() throws InterruptedExcepti
         compareResponse.prettyPrint();
 
         compareResponse.then().assertThat()
+                .body("totalCount", is(2))
+                .body("data.size()", is(2))
                 .body("data[1].versionNumber", equalTo("1.0"))
                 .body("data[1].summary.deaccessioned.reason", equalTo("Test deaccession reason."))
                 .body("data[0].versionNumber", equalTo("DRAFT"))
@@ -6591,6 +6597,7 @@ public void testSummaryDatasetVersionsDifferencesAPI() throws InterruptedExcepti
         compareAllResponse.then().assertThat()
                 .statusCode(OK.getStatusCode())
                 .body("data.size()", is(3))
+                .body("totalCount", is(3))
                 .body("data[0].versionNumber", equalTo("DRAFT"))
                 .body("data[1].versionNumber", equalTo("2.0"))
                 .body("data[2].versionNumber", equalTo("1.0"));
@@ -6600,6 +6607,7 @@ public void testSummaryDatasetVersionsDifferencesAPI() throws InterruptedExcepti
         compareLimitResponse.then().assertThat()
                 .statusCode(OK.getStatusCode())
                 .body("data.size()", is(1))
+                .body("totalCount", is(3))
                 .body("data[0].versionNumber", equalTo("DRAFT"));
 
         // Test pagination: Use limit=1 and offset=1. Should skip the first result and return the second (2.0).
@@ -6607,6 +6615,7 @@ public void testSummaryDatasetVersionsDifferencesAPI() throws InterruptedExcepti
         compareOffsetResponse.then().assertThat()
                 .statusCode(OK.getStatusCode())
                 .body("data.size()", is(1))
+                .body("totalCount", is(3))
                 .body("data[0].versionNumber", equalTo("2.0"));
 
         // Test invalid pagination: limit=-1 (should return a bad request error)

From c0e100897408297b6d5baa276ff00f0b6d1bd083 Mon Sep 17 00:00:00 2001
From: GPortas <hey@gportas.me>
Date: Fri, 17 Oct 2025 11:02:03 +0100
Subject: [PATCH 417/634] Added: total count to file version differences API

---
 .../edu/harvard/iq/dataverse/api/Files.java     |  5 ++++-
 .../edu/harvard/iq/dataverse/api/FilesIT.java   | 17 +++++++++++++++++
 2 files changed, 21 insertions(+), 1 deletion(-)

diff --git a/src/main/java/edu/harvard/iq/dataverse/api/Files.java b/src/main/java/edu/harvard/iq/dataverse/api/Files.java
index 0b5e5b02b85..ea3035333b9 100644
--- a/src/main/java/edu/harvard/iq/dataverse/api/Files.java
+++ b/src/main/java/edu/harvard/iq/dataverse/api/Files.java
@@ -1183,7 +1183,10 @@ public Response getFileVersionsList(@Context ContainerRequestContext crc,
             if (fm == null) {
                 return notFound(BundleUtil.getStringFromBundle("files.api.fileNotFound"));
             }
-            return ok(jsonFileVersionSummaries(execCommand(new GetFileVersionDifferencesCommand(req, fm, limit, offset))));
+            List<FileVersionDifference> versionDifferences = execCommand(new GetFileVersionDifferencesCommand(req, fm, limit, offset));
+            JsonArrayBuilder versionDifferencesArrayBuilder = jsonFileVersionSummaries(versionDifferences);
+            long datasetVersionTotalCount = execCommand(new GetDatasetVersionCountCommand(req, fm.getDatasetVersion().getDataset()));
+            return ok(versionDifferencesArrayBuilder, datasetVersionTotalCount);
         } catch (WrappedResponse ex) {
             return ex.getResponse();
         }
diff --git a/src/test/java/edu/harvard/iq/dataverse/api/FilesIT.java b/src/test/java/edu/harvard/iq/dataverse/api/FilesIT.java
index ec24fb1124c..285f2a87223 100644
--- a/src/test/java/edu/harvard/iq/dataverse/api/FilesIT.java
+++ b/src/test/java/edu/harvard/iq/dataverse/api/FilesIT.java
@@ -1472,6 +1472,8 @@ public void getFileVersionDifferences() {
         getFileDataResponse.prettyPrint();
         getFileDataResponse.then().assertThat()
                 .body("status", equalTo("OK"))
+                .body("totalCount", is(1))
+                .body("data.size()", is(1))
                 .body("data[0].datasetVersion", equalTo("DRAFT"))
                 .body("data[0].fileDifferenceSummary.file", equalTo("Added"))
                 .statusCode(OK.getStatusCode());
@@ -1492,6 +1494,8 @@ public void getFileVersionDifferences() {
         getFileDataResponse.prettyPrint();
         getFileDataResponse.then().assertThat()
                 .body("status", equalTo("OK"))
+                .body("totalCount", is(1))
+                .body("data.size()", is(1))
                 .body("data[0].datasetVersion", equalTo("1.0"))
                 .body("data[0].fileDifferenceSummary.file", equalTo("Added"))
                 .statusCode(OK.getStatusCode());
@@ -1506,6 +1510,8 @@ public void getFileVersionDifferences() {
         getFileDataResponse.prettyPrint();
         getFileDataResponse.then().assertThat()
                 .body("status", equalTo("OK"))
+                .body("totalCount", is(1))
+                .body("data.size()", is(1))
                 .body("data[0].datasetVersion", equalTo("1.0"))
                 .body("data[0].fileDifferenceSummary.file", equalTo("Added"))
                 .statusCode(OK.getStatusCode());
@@ -1520,7 +1526,10 @@ public void getFileVersionDifferences() {
         getFileDataResponse.prettyPrint();
         getFileDataResponse.then().assertThat()
                 .body("status", equalTo("OK"))
+                .body("totalCount", is(2))
+                .body("data.size()", is(2))
                 .body("data[0].datasetVersion", equalTo("DRAFT"))
+                .body("data[0].fileDifferenceSummary.file", equalTo(null))
                 .body("data[1].datasetVersion", equalTo("1.0"))
                 .body("data[1].fileDifferenceSummary.file", equalTo("Added"))
                 .statusCode(OK.getStatusCode());
@@ -1531,6 +1540,7 @@ public void getFileVersionDifferences() {
         paginatedResponse.then().assertThat()
                 .statusCode(OK.getStatusCode())
                 .body("status", equalTo("OK"))
+                .body("totalCount", is(2))
                 .body("data.size()", is(1))
                 .body("data[0].datasetVersion", equalTo("DRAFT"));
 
@@ -1540,6 +1550,7 @@ public void getFileVersionDifferences() {
         paginatedResponse.then().assertThat()
                 .statusCode(OK.getStatusCode())
                 .body("status", equalTo("OK"))
+                .body("totalCount", is(2))
                 .body("data.size()", is(1))
                 .body("data[0].datasetVersion", equalTo("1.0"));
 
@@ -1549,6 +1560,7 @@ public void getFileVersionDifferences() {
         paginatedResponse.then().assertThat()
                 .statusCode(OK.getStatusCode())
                 .body("status", equalTo("OK"))
+                .body("totalCount", is(2))
                 .body("data.size()", is(0));
 
         // Test pagination: limit=2, offset=0 (should get both items)
@@ -1557,6 +1569,7 @@ public void getFileVersionDifferences() {
         paginatedResponse.then().assertThat()
                 .statusCode(OK.getStatusCode())
                 .body("status", equalTo("OK"))
+                .body("totalCount", is(2))
                 .body("data.size()", is(2))
                 .body("data[0].datasetVersion", equalTo("DRAFT"))
                 .body("data[1].datasetVersion", equalTo("1.0"));
@@ -1588,6 +1601,8 @@ public void getFileVersionDifferences() {
         getFileDataResponse.prettyPrint();
         getFileDataResponse.then().assertThat()
                 .body("status", equalTo("OK"))
+                .body("totalCount", is(2))
+                .body("data.size()", is(2))
                 .body("data[0].datasetVersion", equalTo("DRAFT"))
                 .body("data[0].fileDifferenceSummary.file", equalTo("Replaced"))
                 .body("data[0].datafileId", equalTo(Integer.parseInt(replacedDataFileId)))
@@ -1614,6 +1629,8 @@ public void getFileVersionDifferences() {
         getFileDataResponse.prettyPrint();
         getFileDataResponse.then().assertThat()
                 .body("status", equalTo("OK"))
+                .body("totalCount", is(2))
+                .body("data.size()", is(2))
                 .body("data[1].datasetVersion", equalTo("1.0"))
                 .body("data[1].fileDifferenceSummary.deaccessionedReason", equalTo("Test reason"))
                 .body("data[1].fileDifferenceSummary.file", equalTo("Added"))

From 9bb5fca4b696df2b8146368b1399f5c910604644 Mon Sep 17 00:00:00 2001
From: GPortas <hey@gportas.me>
Date: Fri, 17 Oct 2025 11:09:07 +0100
Subject: [PATCH 418/634] Added: release note tweaks

---
 ...version-summaries-pagination-and-perfomance.md | 15 ++++++++++++---
 1 file changed, 12 insertions(+), 3 deletions(-)

diff --git a/doc/release-notes/11855-version-summaries-pagination-and-perfomance.md b/doc/release-notes/11855-version-summaries-pagination-and-perfomance.md
index b71ad4826a8..ca867ba9697 100644
--- a/doc/release-notes/11855-version-summaries-pagination-and-perfomance.md
+++ b/doc/release-notes/11855-version-summaries-pagination-and-perfomance.md
@@ -10,15 +10,24 @@ You can now use two new query parameters to control the results:
 
 - **limit**: An integer specifying the maximum number of results to return per page.
 
-- **offset**: An integer specifying the number of results to skip before starting to return items. This is used to navigate to different pages.
+- **offset**: An integer specifying the number of results to skip before starting to return items. This is used to
+  navigate to different pages.
 
 ### Performance enhancements for API Version Summaries
 
-In addition to adding pagination, we've significantly improved the performance of these endpoints by implementing more efficient database queries.
+In addition to adding pagination, we've significantly improved the performance of these endpoints by implementing more
+efficient database queries.
 
-These changes address performance bottlenecks that were previously encountered, especially with datasets or files containing a large number of versions.
+These changes address performance bottlenecks that were previously encountered, especially with datasets or files
+containing a large number of versions.
+
+### Fixes for File Version Summaries API
+
+The implementation for file version summaries was unreliable, leading to exceptions and functional inconsistencies, as
+documented in issue #11561. This functionality has been reviewed and fixed to ensure correctness and stability.
 
 ### Related issues and PRs
 
 - https://github.com/IQSS/dataverse/issues/11855
 - https://github.com/IQSS/dataverse/pull/11859
+- https://github.com/IQSS/dataverse/issues/11561
\ No newline at end of file

From d264183b84b07d3df75991126626a47a38290ccc Mon Sep 17 00:00:00 2001
From: GPortas <hey@gportas.me>
Date: Fri, 17 Oct 2025 13:00:08 +0100
Subject: [PATCH 419/634] Added: extended IT cases for
 getFileVersionDifferences

---
 .../edu/harvard/iq/dataverse/api/FilesIT.java | 72 ++++++++++++++++++-
 1 file changed, 71 insertions(+), 1 deletion(-)

diff --git a/src/test/java/edu/harvard/iq/dataverse/api/FilesIT.java b/src/test/java/edu/harvard/iq/dataverse/api/FilesIT.java
index 285f2a87223..5ebe0475adb 100644
--- a/src/test/java/edu/harvard/iq/dataverse/api/FilesIT.java
+++ b/src/test/java/edu/harvard/iq/dataverse/api/FilesIT.java
@@ -1461,7 +1461,8 @@ public void getFileVersionDifferences() {
         // Create dataverse and dataset. Upload 1 file
         String dataverseAlias = createDataverseGetAlias(superUserApiToken);
         UtilIT.publishDataverseViaNativeApi(dataverseAlias, superUserApiToken);
-        Integer datasetId = createDatasetGetId(dataverseAlias, superUserApiToken);
+        Response createDatasetResponse = UtilIT.createRandomDatasetViaNativeApi(dataverseAlias, superUserApiToken);
+        Integer datasetId = UtilIT.getDatasetIdFromResponse(createDatasetResponse);
         String pathToFile = "scripts/search/data/binary/trees.png";
         Response addResponse = UtilIT.uploadFileViaNative(datasetId.toString(), pathToFile, superUserApiToken);
         addResponse.prettyPrint();
@@ -1635,6 +1636,75 @@ public void getFileVersionDifferences() {
                 .body("data[1].fileDifferenceSummary.deaccessionedReason", equalTo("Test reason"))
                 .body("data[1].fileDifferenceSummary.file", equalTo("Added"))
                 .statusCode(OK.getStatusCode());
+
+        // Test when the file was not present on previous versions
+
+        pathToFile = "src/test/resources/images/coffeeshop.png";
+        addResponse = UtilIT.uploadFileViaNative(datasetId.toString(), pathToFile, superUserApiToken);
+        addResponse.then().assertThat().statusCode(OK.getStatusCode());
+        dataFileId = addResponse.getBody().jsonPath().getString("data.files[0].dataFile.id");
+
+        getFileDataResponse = UtilIT.getFileVersionDifferences(dataFileId, superUserApiToken);
+        getFileDataResponse.then().assertThat()
+                .body("status", equalTo("OK"))
+                .body("totalCount", is(2))
+                .body("data.size()", is(2))
+                .body("data[0].datafileId", equalTo(Integer.parseInt(dataFileId)))
+                .body("data[0].datasetVersion", equalTo("DRAFT"))
+                .body("data[0].versionState", equalTo("DRAFT"))
+                .body("data[0].fileDifferenceSummary.file", equalTo("Added"))
+                .body("data[0].isDraft", equalTo(true))
+                .body("data[0].isDeaccessioned", equalTo(false))
+                .body("data[0].publishedDate", equalTo(""))
+                // Since the file was not present on the previous version, datafileId should be null
+                .body("data[1].datafileId", equalTo(null))
+                .body("data[1].datasetVersion", equalTo("1.0"))
+                .body("data[1].versionState", equalTo("DEACCESSIONED"))
+                .body("data[1].fileDifferenceSummary.deaccessionedReason", equalTo("Test reason"))
+                // No differences to report at this stage since we are requesting differences for a newly added file
+                .body("data[1].fileDifferenceSummary.file", equalTo(null))
+                .body("data[1].isDraft", equalTo(false))
+                .body("data[1].isDeaccessioned", equalTo(true))
+                .body("data[1].publishedDate", not(equalTo("")));
+
+        // Test when no changes were made to the file in a new version
+
+        // First, publish the current DRAFT version
+        UtilIT.publishDatasetViaNativeApi(datasetId, "major", superUserApiToken).then().assertThat().statusCode(OK.getStatusCode());
+
+        // Second, generate a new version by updating the dataset title, and publish it
+        String newTitle = "I am changing the title";
+        String datasetPersistentId = UtilIT.getDatasetPersistentIdFromResponse(createDatasetResponse);
+        UtilIT.updateDatasetTitleViaSword(datasetPersistentId, newTitle, superUserApiToken).then().assertThat().statusCode(OK.getStatusCode());
+        UtilIT.publishDatasetViaNativeApi(datasetId, "major", superUserApiToken).then().assertThat().statusCode(OK.getStatusCode());
+
+        getFileDataResponse = UtilIT.getFileVersionDifferences(dataFileId, superUserApiToken);
+        getFileDataResponse.prettyPrint();
+        getFileDataResponse.then().assertThat()
+                .body("status", equalTo("OK"))
+                .body("totalCount", is(3))
+                .body("data.size()", is(3))
+                .body("data[0].datafileId", equalTo(Integer.parseInt(dataFileId)))
+                .body("data[0].datasetVersion", equalTo("3.0"))
+                .body("data[0].versionState", equalTo("RELEASED"))
+                .body("data[0].fileDifferenceSummary", equalTo(null))
+                .body("data[0].isDraft", equalTo(false))
+                .body("data[0].isDeaccessioned", equalTo(false))
+                .body("data[0].publishedDate", not(equalTo("")))
+                // Since the file was already present in the previous version, datafileId should be present
+                .body("data[1].datafileId", equalTo(Integer.parseInt(dataFileId)))
+                .body("data[1].datasetVersion", equalTo("2.0"))
+                .body("data[1].versionState", equalTo("RELEASED"))
+                .body("data[1].fileDifferenceSummary.file", equalTo("Added"))
+                .body("data[1].isDraft", equalTo(false))
+                .body("data[1].isDeaccessioned", equalTo(false))
+                .body("data[1].publishedDate", not(equalTo("")))
+                .body("data[2].fileDifferenceSummary.file", equalTo(null))
+                .body("data[2].isDraft", equalTo(false))
+                // Since the file was not present in this version, datafileId should be null
+                .body("data[2].datafileId", equalTo(null))
+                .body("data[2].isDeaccessioned", equalTo(true))
+                .body("data[2].publishedDate", not(equalTo("")));
     }
 
     @Test

From 175f8229f72630955bdf3f31a6e886ab581b99b9 Mon Sep 17 00:00:00 2001
From: GPortas <hey@gportas.me>
Date: Fri, 17 Oct 2025 13:01:18 +0100
Subject: [PATCH 420/634] Added: minor tweaks to native API docs about
 totalCount response field in version differences endpoints

---
 doc/sphinx-guides/source/api/native-api.rst | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/doc/sphinx-guides/source/api/native-api.rst b/doc/sphinx-guides/source/api/native-api.rst
index 3999d34c54e..ada3ae5a8af 100644
--- a/doc/sphinx-guides/source/api/native-api.rst
+++ b/doc/sphinx-guides/source/api/native-api.rst
@@ -2156,6 +2156,8 @@ You can control pagination of the results using the following optional query par
 * ``limit``: The maximum number of version differences to return.
 * ``offset``: The number of version differences to skip from the beginning of the list. Used for retrieving subsequent pages of results.
 
+To aid in pagination the JSON response also includes the total number of rows (totalCount) available.
+
 For example, to get the second page of results, with 2 items per page, you would use ``limit=2`` and ``offset=2`` (skipping the first two results).
 
 .. code-block:: bash
@@ -4340,6 +4342,8 @@ You can control pagination of the results using the following optional query par
 * ``limit``: The maximum number of version differences to return.
 * ``offset``: The number of version differences to skip from the beginning of the list. Used for retrieving subsequent pages of results.
 
+To aid in pagination the JSON response also includes the total number of rows (totalCount) available.
+
 For example, to get the second page of results, with 2 items per page, you would use ``limit=2`` and ``offset=2`` (skipping the first two results).
 
 .. code-block:: bash

From be9607beaea441a8ce1efc7d8a672c44fddf2bb7 Mon Sep 17 00:00:00 2001
From: Philip Durbin <philip_durbin@harvard.edu>
Date: Fri, 17 Oct 2025 09:41:40 -0400
Subject: [PATCH 421/634] add release note about Croissant restricted file fix
 #11752

---
 doc/release-notes/11752-croissant-restricted.md | 13 +++++++++++++
 1 file changed, 13 insertions(+)
 create mode 100644 doc/release-notes/11752-croissant-restricted.md

diff --git a/doc/release-notes/11752-croissant-restricted.md b/doc/release-notes/11752-croissant-restricted.md
new file mode 100644
index 00000000000..7a6f2b3c9ea
--- /dev/null
+++ b/doc/release-notes/11752-croissant-restricted.md
@@ -0,0 +1,13 @@
+- The optional Croissant exporter has been updated to 0.1.6 to prevent variable names, variable descriptions, and variable types from being exposed for restricted files. See https://github.com/gdcc/exporter-croissant/pull/20 and #11752.
+
+## Upgrade Instructions
+
+### Update Croissant exporter, if enabled, and reexport metadata
+
+If you have enabled the Croissant dataset metadata exporter, you should upgrade to version 0.1.6.
+
+- Stop Payara.
+- Delete the old Croissant exporter jar file. It will be located in the directory defined by the `dataverse.spi.exporters.directory` setting.
+- Download the updated Croissant jar from https://repo1.maven.org/maven2/io/gdcc/export/croissant/ and place it the same directory.
+- Restart Payara.
+- Run reExportAll.

From 6e01560d795b3220cab54e6deda6447bd0cd8b31 Mon Sep 17 00:00:00 2001
From: qqmyers <qqmyers@hotmail.com>
Date: Fri, 17 Oct 2025 11:12:04 -0400
Subject: [PATCH 422/634] Adapt to LC's change to use doi array

---
 .../iq/dataverse/api/LocalContexts.java       | 28 +++++++++++--------
 1 file changed, 16 insertions(+), 12 deletions(-)

diff --git a/src/main/java/edu/harvard/iq/dataverse/api/LocalContexts.java b/src/main/java/edu/harvard/iq/dataverse/api/LocalContexts.java
index a15460c9bd2..d847adaf116 100644
--- a/src/main/java/edu/harvard/iq/dataverse/api/LocalContexts.java
+++ b/src/main/java/edu/harvard/iq/dataverse/api/LocalContexts.java
@@ -11,6 +11,7 @@
 import edu.harvard.iq.dataverse.Dataset;
 import edu.harvard.iq.dataverse.DatasetServiceBean;
 import edu.harvard.iq.dataverse.DataverseRequestServiceBean;
+import edu.harvard.iq.dataverse.GlobalId;
 import edu.harvard.iq.dataverse.PermissionServiceBean;
 import edu.harvard.iq.dataverse.api.auth.AuthRequired;
 import edu.harvard.iq.dataverse.authorization.Permission;
@@ -21,6 +22,7 @@
 import edu.harvard.iq.dataverse.util.SystemConfig;
 import jakarta.ejb.EJB;
 import jakarta.inject.Inject;
+import jakarta.json.JsonArray;
 import jakarta.json.JsonObject;
 import jakarta.ws.rs.*;
 import jakarta.ws.rs.core.Context;
@@ -68,8 +70,8 @@ public Response getDatasetLocalContexts(@Context ContainerRequestContext crc, @P
                 return error(Response.Status.NOT_FOUND, "LocalContexts API configuration is missing.");
             }
 
-            String datasetDoi = dataset.getGlobalId().asString();
-            String apiUrl = localContextsUrl + "api/v2/projects/?publication_doi=" + datasetDoi;
+            String datasetDoi = dataset.getGlobalId().asRawIdentifier();
+            String apiUrl = localContextsUrl + "api/v2/projects/?doi=" + datasetDoi;
             logger.fine("URL used: " + apiUrl);
             try {
                 HttpClient client = HttpClient.newHttpClient();
@@ -141,18 +143,20 @@ public Response searchLocalContexts(@PathParam("id") String datasetId, @PathPara
                     // Check if the response contains a "publication_doi" key
                     if (jsonResponse.containsKey("external_ids")) {
                         JsonObject externalIds = jsonResponse.getJsonObject("external_ids");
-                        if (externalIds.containsKey("publication_doi")) {
-                            String responseDoi = externalIds.getString("publication_doi");
-                            String datasetDoi = dataset.getGlobalId().asString();
+                        if (externalIds.containsKey("doi")) {
+                            JsonArray responseDois = externalIds.getJsonArray("doi");
+                            GlobalId datasetPid = dataset.getGlobalId();
                             // Compare the DOI from the response with the dataset's DOI
-                            if (responseDoi.equals(datasetDoi)) {
-                                // Return the JSON response as-is
-                                return ok(jsonResponse);
-                            } else {
-                                // DOI mismatch, return 404
-                                return error(Response.Status.NOT_FOUND,
-                                        "LocalContexts information not found for this dataset.");
+                            for (int i = 0; i < responseDois.size(); i++) {
+                                String doiValue = responseDois.getString(i);
+                                if (doiValue.equals(datasetPid.asString()) || doiValue.equals(datasetPid.asURL())) {
+                                    // Return the JSON response as-is
+                                    return ok(jsonResponse);
+                                }
                             }
+                            // DOI mismatch, return 404
+                            return error(Response.Status.NOT_FOUND,
+                                    "LocalContexts information not found for this dataset.");
                         } else {
                             // "publication_doi" key not found in the response, return 404
                             return error(Response.Status.NOT_FOUND, "Invalid response from Local Contexts API.");

From b3153338ec3b709cacc9aae9d83df6276be9f822 Mon Sep 17 00:00:00 2001
From: qqmyers <qqmyers@hotmail.com>
Date: Fri, 17 Oct 2025 11:23:31 -0400
Subject: [PATCH 423/634] release note

---
 doc/release-notes/11904-LocalContexts-api-updates.md | 3 +++
 1 file changed, 3 insertions(+)
 create mode 100644 doc/release-notes/11904-LocalContexts-api-updates.md

diff --git a/doc/release-notes/11904-LocalContexts-api-updates.md b/doc/release-notes/11904-LocalContexts-api-updates.md
new file mode 100644
index 00000000000..0e89fd8b4a1
--- /dev/null
+++ b/doc/release-notes/11904-LocalContexts-api-updates.md
@@ -0,0 +1,3 @@
+### Updates to Local Contexts integration
+
+- Integration with Local Contexts (https://guides.dataverse.org/en/latest/installation/localcontexts.html) has been updated to support the change in their API w.r.t. how DOIs entered as "Optional Project Information" are represented.

From 371ef93cbc10a387c9325771279701208cc372ab Mon Sep 17 00:00:00 2001
From: Leonid Andreev <leonid@hmdc.harvard.edu>
Date: Fri, 17 Oct 2025 20:01:27 -0400
Subject: [PATCH 424/634] Adding an index on DATASETMETRICS/dataset_id. #11828

---
 src/main/resources/db/migration/V6.8.0.1.sql | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/src/main/resources/db/migration/V6.8.0.1.sql b/src/main/resources/db/migration/V6.8.0.1.sql
index 7757f01551f..04175e941b3 100644
--- a/src/main/resources/db/migration/V6.8.0.1.sql
+++ b/src/main/resources/db/migration/V6.8.0.1.sql
@@ -1,5 +1,7 @@
 CREATE INDEX IF NOT EXISTS  INDEX_GUESTBOOKRESPONSE_datasetversion_id ON GUESTBOOKRESPONSE (datasetversion_id);
 
+CREATE INDEX IF NOT EXISTS INDEX_DATASETMETRICS_dataset_id ON DATASETMETRICS (dataset_id);
+
 DO $$
 BEGIN
     IF EXISTS (SELECT 1 FROM information_schema.columns WHERE table_name = 'datasetversion' AND column_name = 'versionstate') THEN

From 984eb5a1bbdd537bf412c064ada70c1268be7cdd Mon Sep 17 00:00:00 2001
From: Leonid Andreev <leonid@hmdc.harvard.edu>
Date: Sat, 18 Oct 2025 10:58:15 -0400
Subject: [PATCH 425/634] A quick fix for the botched copy-and-paste that
 blanked the name of the attribute used to populate affiliations in
 ShibServiceBean. #11907

---
 .../authorization/providers/shib/ShibServiceBean.java         | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/main/java/edu/harvard/iq/dataverse/authorization/providers/shib/ShibServiceBean.java b/src/main/java/edu/harvard/iq/dataverse/authorization/providers/shib/ShibServiceBean.java
index 22a3d825cfb..0a0d154a64e 100644
--- a/src/main/java/edu/harvard/iq/dataverse/authorization/providers/shib/ShibServiceBean.java
+++ b/src/main/java/edu/harvard/iq/dataverse/authorization/providers/shib/ShibServiceBean.java
@@ -52,7 +52,7 @@ public class ShibServiceBean {
     private static final String INCOMMON_MDQ_API_BASE = "https://mdq.incommon.org";
     private static final String INCOMMON_MDQ_API_ENTITIES_URL = INCOMMON_MDQ_API_BASE + "/entities/";
     private static final String INCOMMON_WAYFINDER_URL = "https://wayfinder.incommon.org";
-    
+    private static final String INCOMMON_ORGANIZATION_ATTRIBUTE = "OrganizationDisplayName";
     /**
      * "Production" means "don't mess with the HTTP request".
      */
@@ -233,7 +233,7 @@ public String getAffiliationViaMDQ(String shibIdp) {
                 if (event == XMLStreamConstants.START_ELEMENT) {
                     String currentElement = xmlr.getLocalName();
                     
-                    if ("".equals(currentElement)) {
+                    if (INCOMMON_ORGANIZATION_ATTRIBUTE.equals(currentElement)) {
                         int eventType = xmlr.next();
                         if (eventType == XMLStreamConstants.CHARACTERS) {
                             String affiliation = xmlr.getText();

From 42c3608b7b9d4e208fae419211abbe06b46bbfbe Mon Sep 17 00:00:00 2001
From: Leonid Andreev <leonid@hmdc.harvard.edu>
Date: Sun, 19 Oct 2025 11:12:59 -0400
Subject: [PATCH 426/634] added a few words to the release note. #11828

---
 .../11828-unacceptable-performance-deleting-datasets.md         | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/doc/release-notes/11828-unacceptable-performance-deleting-datasets.md b/doc/release-notes/11828-unacceptable-performance-deleting-datasets.md
index 6edc42860a9..dd970617a01 100644
--- a/doc/release-notes/11828-unacceptable-performance-deleting-datasets.md
+++ b/doc/release-notes/11828-unacceptable-performance-deleting-datasets.md
@@ -1 +1 @@
-This release adds indexing of guestbook response and prevents nulls in dataset version state to speed up Dataset deletes.
+This release adds database indexes on GuestbookResponse and DatasetMetrtics, speeding up Dataset deletes. It also adds a constraint preventing null VersionState, as a matter of good housekeeping practice. 

From 9646cf62d88af35254f556202ce645fa47f48b96 Mon Sep 17 00:00:00 2001
From: Leonid Andreev <leonid@hmdc.harvard.edu>
Date: Sun, 19 Oct 2025 22:30:53 -0400
Subject: [PATCH 427/634] Specifying the column name like this appears to solve
 the intermittent issue that's been haunting us, on and off, for at least a
 year (#10765). #11828

---
 src/main/java/edu/harvard/iq/dataverse/FileAccessRequest.java | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/main/java/edu/harvard/iq/dataverse/FileAccessRequest.java b/src/main/java/edu/harvard/iq/dataverse/FileAccessRequest.java
index 51c67a37a09..43463e0cb91 100644
--- a/src/main/java/edu/harvard/iq/dataverse/FileAccessRequest.java
+++ b/src/main/java/edu/harvard/iq/dataverse/FileAccessRequest.java
@@ -55,7 +55,7 @@ public class FileAccessRequest implements Serializable{
     private Long id;
 
     @ManyToOne
-    @JoinColumn(nullable=false)
+    @JoinColumn(name="datafile_id", nullable=false)
     private DataFile dataFile;
     
     @ManyToOne

From 2e841e7a7d16df3ea5e184dfd9c14a766818f33e Mon Sep 17 00:00:00 2001
From: jo-pol <jo-pol@users.noreply.github.com>
Date: Mon, 20 Oct 2025 09:22:29 +0200
Subject: [PATCH 428/634] fixed outdated release notes

---
 .../11865-restored-suppress-dataverse-field              | 9 ---------
 doc/release-notes/11865-suppress-host-dataverse-field.md | 9 +++++++++
 2 files changed, 9 insertions(+), 9 deletions(-)
 delete mode 100644 doc/release-notes/11865-restored-suppress-dataverse-field
 create mode 100644 doc/release-notes/11865-suppress-host-dataverse-field.md

diff --git a/doc/release-notes/11865-restored-suppress-dataverse-field b/doc/release-notes/11865-restored-suppress-dataverse-field
deleted file mode 100644
index 56309705533..00000000000
--- a/doc/release-notes/11865-restored-suppress-dataverse-field
+++ /dev/null
@@ -1,9 +0,0 @@
-### Restored suppression of the host dataverse field
-
-When creating/editing a dataset, the _host dataverse_ field is not shown when the user can only add datasets to one collection.
-
-This was introduced in 6.7 with PR #11301 and reverted in 6.7.1 with PR #11700.
-A performance penalty was observed in instances with a large number of dataverses.
-The worst performance degradation is remedied by reusing a query that returns the total number of dataverses.
-
-The number be more than a user is authorized to add datasets to so a user might still see the field even if there is no dataverse to select.
\ No newline at end of file
diff --git a/doc/release-notes/11865-suppress-host-dataverse-field.md b/doc/release-notes/11865-suppress-host-dataverse-field.md
new file mode 100644
index 00000000000..482516cbf97
--- /dev/null
+++ b/doc/release-notes/11865-suppress-host-dataverse-field.md
@@ -0,0 +1,9 @@
+### Suppression of the Host Dataverse field
+
+When creating a dataset, the _host dataverse_ field is not shown when the user can only add datasets to one collection.
+
+This was introduced in 6.7 with PR #11301 and reverted in 6.7.1 with PR #11700.
+A performance penalty was observed in instances with a large number of dataverses.
+The performance degradation is remedied by reusing the query for the API command [allowedCollections] but return at most two rows.
+
+allowedCollections: https://guides.dataverse.org/en/latest/api/native-api.html#list-dataverse-collections-a-user-can-act-on-based-on-their-permissions
\ No newline at end of file

From eb56cf8b1cada3ea9fea7ba76acce53e6fd14d36 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=C3=81kos=20Kukucska?= <kukucska.akos@sztaki.hu>
Date: Mon, 20 Oct 2025 11:24:20 +0200
Subject: [PATCH 429/634] Changes as requested by @stevenwinship

---
 .../edu/harvard/iq/dataverse/api/Dataverses.java |  1 -
 .../harvard/iq/dataverse/api/DataversesIT.java   | 16 ++++++++++++----
 2 files changed, 12 insertions(+), 5 deletions(-)

diff --git a/src/main/java/edu/harvard/iq/dataverse/api/Dataverses.java b/src/main/java/edu/harvard/iq/dataverse/api/Dataverses.java
index 37f109033a3..b29057db5c7 100644
--- a/src/main/java/edu/harvard/iq/dataverse/api/Dataverses.java
+++ b/src/main/java/edu/harvard/iq/dataverse/api/Dataverses.java
@@ -73,7 +73,6 @@
 import org.glassfish.jersey.media.multipart.FormDataBodyPart;
 import org.glassfish.jersey.media.multipart.FormDataContentDisposition;
 import org.glassfish.jersey.media.multipart.FormDataParam;
-import org.springframework.security.access.method.P;
 
 import javax.xml.stream.XMLStreamException;
 
diff --git a/src/test/java/edu/harvard/iq/dataverse/api/DataversesIT.java b/src/test/java/edu/harvard/iq/dataverse/api/DataversesIT.java
index d2c63c0241f..33d65ec5dd7 100644
--- a/src/test/java/edu/harvard/iq/dataverse/api/DataversesIT.java
+++ b/src/test/java/edu/harvard/iq/dataverse/api/DataversesIT.java
@@ -30,9 +30,11 @@
 import jakarta.ws.rs.core.Response.Status;
 
 import org.junit.jupiter.api.AfterAll;
+import org.junit.jupiter.api.AfterEach;
 import org.junit.jupiter.api.BeforeAll;
 import org.junit.jupiter.api.Test;
 import org.junit.jupiter.api.parallel.Isolated;
+import org.junit.jupiter.api.parallel.ResourceAccessMode;
 import org.junit.jupiter.api.parallel.ResourceLock;
 
 import static jakarta.ws.rs.core.Response.Status.*;
@@ -51,6 +53,8 @@
 import org.hamcrest.Matchers;
 import static org.hamcrest.Matchers.greaterThan;
 
+@ResourceLock(value = "MetadataLanguages", mode = ResourceAccessMode.READ_WRITE)
+@Isolated
 public class DataversesIT {
 
     private static final Logger logger = Logger.getLogger(DataversesIT.class.getCanonicalName());
@@ -58,11 +62,18 @@ public class DataversesIT {
     @BeforeAll
     public static void setUpClass() {
         RestAssured.baseURI = UtilIT.getRestAssuredBaseUri();
+        UtilIT.deleteSetting(SettingsServiceBean.Key.MetadataLanguages);
     }
 
     @AfterAll
     public static void afterClass() {
         Response removeExcludeEmail = UtilIT.deleteSetting(SettingsServiceBean.Key.ExcludeEmailFromExport);
+        UtilIT.deleteSetting(SettingsServiceBean.Key.MetadataLanguages);
+    }
+
+    @AfterEach
+    public static void afterEach() {
+        UtilIT.deleteSetting(SettingsServiceBean.Key.MetadataLanguages);
     }
 
     @Test
@@ -2736,12 +2747,10 @@ private String getSuperuserToken() {
     }
     
     @Test
-    @ResourceLock(value = "")
     public void testDataverseMetadataLanguage() {
         Response createUser = UtilIT.createRandomUser();
         createUser.prettyPrint();
         String apiToken = UtilIT.getApiTokenFromResponse(createUser);
-        UtilIT.deleteSetting(":MetadataLanguages");
         Response createDataverse1Response = UtilIT.createRandomDataverse(apiToken);
 
         createDataverse1Response.prettyPrint();
@@ -2754,7 +2763,7 @@ public void testDataverseMetadataLanguage() {
 
         noLang.then().assertThat().body("data", equalTo(List.of()));
 
-        UtilIT.setSetting(":MetadataLanguages",
+        UtilIT.setSetting(SettingsServiceBean.Key.MetadataLanguages,
                         "[{\"locale\":\"en\",\"title\":\"English\"},{\"locale\":\"hu\",\"title\":\"magyar\"}]");
         Response allLangs = UtilIT.getDataverseMetadataLanguage(alias, apiToken);
         allLangs.prettyPrint();
@@ -2767,7 +2776,6 @@ public void testDataverseMetadataLanguage() {
         english.then().assertThat().body("data", equalTo(List.of(Map.of("locale", "en", "title", "English"))));
         Response singleLang = UtilIT.getDataverseMetadataLanguage(alias, apiToken);
         singleLang.then().assertThat().body("data", equalTo(List.of(Map.of("locale", "en", "title", "English"))));
-        UtilIT.deleteSetting(":MetadataLanguages");
     }
 
 }

From 1687097416ff0d5758cdb27f06fa91d1e8fcbd2d Mon Sep 17 00:00:00 2001
From: jo-pol <jo-pol@users.noreply.github.com>
Date: Mon, 20 Oct 2025 15:47:30 +0200
Subject: [PATCH 430/634] (re)extracted methods to solve merge conflict

---
 .../iq/dataverse/PermissionServiceBean.java   | 158 +++++++++---------
 1 file changed, 76 insertions(+), 82 deletions(-)

diff --git a/src/main/java/edu/harvard/iq/dataverse/PermissionServiceBean.java b/src/main/java/edu/harvard/iq/dataverse/PermissionServiceBean.java
index d492991bb62..402a1b06e3c 100644
--- a/src/main/java/edu/harvard/iq/dataverse/PermissionServiceBean.java
+++ b/src/main/java/edu/harvard/iq/dataverse/PermissionServiceBean.java
@@ -953,96 +953,90 @@ public List<Dataverse> findPermittedCollections(DataverseRequest request, Authen
     
     public List<Dataverse> findPermittedCollections(DataverseRequest request, AuthenticatedUser user, int permissionBit, String searchTerm) {
         if (user != null) {
-            // IP Group - Only check IP if a User is calling for themself
-            String ipRangeSQL = "FALSE";
-            if (request != null
-                    && request.getAuthenticatedUser() != null
-                    && !request.getAuthenticatedUser().isSuperuser()
-                    && request.getSourceAddress() != null
-                    && request.getAuthenticatedUser().getUserIdentifier().equalsIgnoreCase(user.getUserIdentifier())) {
-                IpAddress ip = request.getSourceAddress();
-                if (ip instanceof IPv4Address) {
-                    IPv4Address ipv4 = (IPv4Address) ip;
-                    ipRangeSQL = ipv4.toBigInteger() + " BETWEEN ipv4range.bottomaslong AND ipv4range.topaslong";
-                } else if (ip instanceof IPv6Address) {
-                    IPv6Address ipv6 = (IPv6Address) ip;
-                    long[] vals = ipv6.toLongArray();
-                    if (vals.length == 4) {
-                        ipRangeSQL = """
-                                (@0 BETWEEN ipv6range.bottoma AND ipv6range.topa
-                                AND @1 BETWEEN ipv6range.bottomb AND ipv6range.topb
-                                AND @2 BETWEEN ipv6range.bottomc AND ipv6range.topc
-                                AND @3 BETWEEN ipv6range.bottomd AND ipv6range.topd)
-                                """;
-                        for (int i = 0; i < vals.length; i++) {
-                            ipRangeSQL = ipRangeSQL.replace("@" + i, String.valueOf(vals[i]));
-                        }
-                    }
-                }
+            var sqlCode = getBaseQueryForAllPermittedDataverses(request, user, permissionBit);
+            if (searchTerm == null || searchTerm.isEmpty()) {
+                return em.createNativeQuery(sqlCode, Dataverse.class).getResultList();
+            } else if (user.isSuperuser()) {
+                Query query = em.createNativeQuery(sqlCode.concat(WHERE).concat(SEARCH_PARAMS), Dataverse.class);
+                setSearchParamValues(searchTerm, query);
+                return query.getResultList();
             }
-            String sqlCode;
-            if (user.isSuperuser()) {
-                sqlCode = LIST_ALL_DATAVERSES_SUPERUSER_HAS_PERMISSION;
-
-                if (searchTerm == null || searchTerm.isEmpty()) {
-                    return em.createNativeQuery(sqlCode, Dataverse.class).getResultList();
-                } else {
-                    sqlCode = LIST_ALL_DATAVERSES_SUPERUSER_HAS_PERMISSION.concat(WHERE).concat(SEARCH_PARAMS);
+            else {
+                Query query = em.createNativeQuery(sqlCode.concat(AND).concat(SEARCH_PARAMS), Dataverse.class);
+                setSearchParamValues(searchTerm, query);
+                return query.getResultList();
+            }
+        }
+        return null;
+    }
 
-                    String pattern = searchTerm.toLowerCase();
-                    String pattern1 = pattern + "%";
-                    String pattern2 = "% " + pattern + "%";
+    public boolean hasMultiplePermittedCollections(DataverseRequest request, AuthenticatedUser user, int permissionBit) {
+        if (user != null) {
+            var sqlCode = getBaseQueryForAllPermittedDataverses(request, user, permissionBit) + " LIMIT 2";
+            var resultList = em.createNativeQuery(sqlCode, Dataverse.class).getResultList();
+            return resultList.size() > 1;
+        }
+        return false;
+    }
 
-                    // Adjust the queries for very short, 1 
-                    if (pattern.length() == 1) {
-                        pattern1 = pattern;
-                        pattern2 = pattern + " %";
-                    }
-                    Query query = em.createNativeQuery(sqlCode, Dataverse.class);
-                    query.setParameter(1, "%dataverse");
-                    query.setParameter(2, pattern1);
-                    query.setParameter(3, pattern2);
-                    query.setParameter(4, "%dataverse");
-                    query.setParameter(5, pattern1);
-                    query.setParameter(6, pattern2);
-                    return query.getResultList();
+    private String getBaseQueryForAllPermittedDataverses(DataverseRequest request, AuthenticatedUser user, int permissionBit) {
+        if (user.isSuperuser()) {
+            return LIST_ALL_DATAVERSES_SUPERUSER_HAS_PERMISSION;
+        } else {
+            return LIST_ALL_DATAVERSES_USER_HAS_PERMISSION
+                .replace("@USERID", String.valueOf(user.getId()))
+                .replace("@PERMISSIONBIT", String.valueOf(permissionBit))
+                .replace("@IPRANGESQL", getIpRange(request, user));
+        }
+    }
 
-                }
-            } else {
-                if (searchTerm == null || searchTerm.isEmpty()) {
-                    sqlCode = LIST_ALL_DATAVERSES_USER_HAS_PERMISSION
-                            .replace("@USERID", String.valueOf(user.getId()))
-                            .replace("@PERMISSIONBIT", String.valueOf(permissionBit))
-                            .replace("@IPRANGESQL", ipRangeSQL);
-                    return em.createNativeQuery(sqlCode, Dataverse.class).getResultList();
-                } else {
-                    String pattern = searchTerm.toLowerCase();
-                    String pattern1 = pattern + "%";
-                    String pattern2 = "% " + pattern + "%";
-
-                    // Adjust the queries for very short, 1 
-                    if (pattern.length() == 1) {
-                        pattern1 = pattern;
-                        pattern2 = pattern + " %";
+    private String getIpRange(DataverseRequest request, AuthenticatedUser user) {
+        // IP Group - Only check IP if a User is calling for themself
+        String ipRangeSQL = "FALSE";
+        if (request != null
+            && request.getAuthenticatedUser() != null
+            && !request.getAuthenticatedUser().isSuperuser()
+            && request.getSourceAddress() != null
+            && request.getAuthenticatedUser().getUserIdentifier().equalsIgnoreCase(user.getUserIdentifier())) {
+            IpAddress ip = request.getSourceAddress();
+            if (ip instanceof IPv4Address) {
+                IPv4Address ipv4 = (IPv4Address) ip;
+                ipRangeSQL = ipv4.toBigInteger() + " BETWEEN ipv4range.bottomaslong AND ipv4range.topaslong";
+            } else if (ip instanceof IPv6Address) {
+                IPv6Address ipv6 = (IPv6Address) ip;
+                long[] vals = ipv6.toLongArray();
+                if (vals.length == 4) {
+                    ipRangeSQL = """
+                            (@0 BETWEEN ipv6range.bottoma AND ipv6range.topa
+                            AND @1 BETWEEN ipv6range.bottomb AND ipv6range.topb
+                            AND @2 BETWEEN ipv6range.bottomc AND ipv6range.topc
+                            AND @3 BETWEEN ipv6range.bottomd AND ipv6range.topd)
+                            """;
+                    for (int i = 0; i < vals.length; i++) {
+                        ipRangeSQL = ipRangeSQL.replace("@" + i, String.valueOf(vals[i]));
                     }
-
-                    sqlCode = LIST_ALL_DATAVERSES_USER_HAS_PERMISSION.concat(AND).concat(SEARCH_PARAMS)
-                            .replace("@USERID", String.valueOf(user.getId()))
-                            .replace("@PERMISSIONBIT", String.valueOf(permissionBit))
-                            .replace("@IPRANGESQL", ipRangeSQL);
-                    
-                    Query query = em.createNativeQuery(sqlCode, Dataverse.class);
-                    query.setParameter(1, "%dataverse");
-                    query.setParameter(2, pattern1);
-                    query.setParameter(3, pattern2);
-                    query.setParameter(4, "%dataverse");
-                    query.setParameter(5, pattern1);
-                    query.setParameter(6, pattern2);
-                    return query.getResultList();
                 }
             }
         }
-        return null;
+        return ipRangeSQL;
+    }
+
+    private void setSearchParamValues(String searchTerm, Query query) {
+        String pattern = searchTerm.toLowerCase();
+        String pattern1 = pattern + "%";
+        String pattern2 = "% " + pattern + "%";
+
+        // Adjust the queries for very short, 1
+        if (pattern.length() == 1) {
+            pattern1 = pattern;
+            pattern2 = pattern + " %";
+        }
+        query.setParameter(1, "%dataverse");
+        query.setParameter(2, pattern1);
+        query.setParameter(3, pattern2);
+        query.setParameter(4, "%dataverse");
+        query.setParameter(5, pattern1);
+        query.setParameter(6, pattern2);
     }
 
     /**

From 91347cafd250f1be9660c52a8a7a370413aa18a5 Mon Sep 17 00:00:00 2001
From: Leonid Andreev <leonid@hmdc.harvard.edu>
Date: Mon, 20 Oct 2025 10:23:02 -0400
Subject: [PATCH 431/634] Simplified the flyway script. #11828

---
 src/main/resources/db/migration/V6.8.0.1.sql | 10 ++--------
 1 file changed, 2 insertions(+), 8 deletions(-)

diff --git a/src/main/resources/db/migration/V6.8.0.1.sql b/src/main/resources/db/migration/V6.8.0.1.sql
index 04175e941b3..675ab62c2b4 100644
--- a/src/main/resources/db/migration/V6.8.0.1.sql
+++ b/src/main/resources/db/migration/V6.8.0.1.sql
@@ -2,11 +2,5 @@ CREATE INDEX IF NOT EXISTS  INDEX_GUESTBOOKRESPONSE_datasetversion_id ON GUESTBO
 
 CREATE INDEX IF NOT EXISTS INDEX_DATASETMETRICS_dataset_id ON DATASETMETRICS (dataset_id);
 
-DO $$
-BEGIN
-    IF EXISTS (SELECT 1 FROM information_schema.columns WHERE table_name = 'datasetversion' AND column_name = 'versionstate') THEN
-        UPDATE datasetversion SET versionstate = 'DRAFT' where versionstate IS NULL;
-        ALTER TABLE datasetversion ALTER COLUMN versionstate SET NOT NULL;
-    END IF;
-END
-$$;
+UPDATE datasetversion SET versionstate = 'DRAFT' where versionstate IS NULL;
+ALTER TABLE datasetversion ALTER COLUMN versionstate SET NOT NULL;

From 54e86141875d23971bb86111024f99233fc910f0 Mon Sep 17 00:00:00 2001
From: GPortas <hey@gportas.me>
Date: Mon, 20 Oct 2025 15:46:49 +0100
Subject: [PATCH 432/634] Added: pagination totalCount and new response format
 to getAllNotificationsForUser API endpoint

---
 .../UserNotificationServiceBean.java          |  32 +++++
 .../iq/dataverse/api/Notifications.java       |   3 +-
 .../UserNotificationServiceBeanTest.java      |  63 +++++++++-
 .../iq/dataverse/api/NotificationsIT.java     | 119 ++++++++++--------
 4 files changed, 158 insertions(+), 59 deletions(-)

diff --git a/src/main/java/edu/harvard/iq/dataverse/UserNotificationServiceBean.java b/src/main/java/edu/harvard/iq/dataverse/UserNotificationServiceBean.java
index b0cc4120800..c5807ce93fe 100644
--- a/src/main/java/edu/harvard/iq/dataverse/UserNotificationServiceBean.java
+++ b/src/main/java/edu/harvard/iq/dataverse/UserNotificationServiceBean.java
@@ -46,6 +46,15 @@ public List<UserNotification> findByUser(Long userId) {
         return findByUser(userId, false, null, null);
     }
 
+    /**
+     * Finds notifications for a user, with options for pagination and filtering by read status.
+     *
+     * @param userId The ID of the user.
+     * @param onlyUnread If true, returns only unread notifications. If false, returns all.
+     * @param limit The maximum number of notifications to return (for pagination). Can be null.
+     * @param offset The starting position for the results (for pagination). Can be null.
+     * @return A list of UserNotification objects, ordered by send date descending.
+     */
     public List<UserNotification> findByUser(Long userId, boolean onlyUnread, Integer limit, Integer offset) {
         TypedQuery<UserNotification> query = em.createQuery(
                 "select un from UserNotification un " +
@@ -67,6 +76,29 @@ public List<UserNotification> findByUser(Long userId, boolean onlyUnread, Intege
         return query.getResultList();
     }
 
+    /**
+     * Finds the total count of notifications for a user, with an option to count only unread notifications.
+     * @param userId The ID of the user.
+     * @param onlyUnread If true, counts only unread notifications. If false, counts all notifications.
+     * @return The total count as a Long.
+     */
+    public Long findTotalCountByUser(Long userId, boolean onlyUnread) {
+        if (userId == null) {
+            return 0L;
+        }
+
+        TypedQuery<Long> query = em.createQuery(
+                "select count(un) from UserNotification un " +
+                        "where un.user.id = :userId and (:onlyUnread = false or un.readNotification = false)",
+                Long.class
+        );
+
+        query.setParameter("userId", userId);
+        query.setParameter("onlyUnread", onlyUnread);
+
+        return query.getSingleResult();
+    }
+
     public List<UserNotification> findByRequestor(Long userId) {
         TypedQuery<UserNotification> query = em.createQuery("select un from UserNotification un where un.requestor.id =:userId order by un.sendDate desc", UserNotification.class);
         query.setParameter("userId", userId);
diff --git a/src/main/java/edu/harvard/iq/dataverse/api/Notifications.java b/src/main/java/edu/harvard/iq/dataverse/api/Notifications.java
index a2f692e0710..ccb53d3a95a 100644
--- a/src/main/java/edu/harvard/iq/dataverse/api/Notifications.java
+++ b/src/main/java/edu/harvard/iq/dataverse/api/Notifications.java
@@ -35,7 +35,8 @@ public Response getAllNotificationsForUser(@Context ContainerRequestContext crc,
         try {
             AuthenticatedUser authenticatedUser = getRequestAuthenticatedUserOrDie(crc);
             List<UserNotification> userNotifications = userNotificationSvc.findByUser(authenticatedUser.getId(), onlyUnread, limit, offset);
-            return ok(Json.createObjectBuilder().add("notifications", json(userNotifications, authenticatedUser, inAppNotificationFormat)));
+            long userNotificationTotalCount = userNotificationSvc.findTotalCountByUser(authenticatedUser.getId(), onlyUnread);
+            return ok(json(userNotifications, authenticatedUser, inAppNotificationFormat), userNotificationTotalCount);
         } catch (WrappedResponse wr) {
             return wr.getResponse();
         }
diff --git a/src/test/java/edu/harvard/iq/dataverse/UserNotificationServiceBeanTest.java b/src/test/java/edu/harvard/iq/dataverse/UserNotificationServiceBeanTest.java
index 15d3edb95c4..e63280cb206 100644
--- a/src/test/java/edu/harvard/iq/dataverse/UserNotificationServiceBeanTest.java
+++ b/src/test/java/edu/harvard/iq/dataverse/UserNotificationServiceBeanTest.java
@@ -1,6 +1,5 @@
 package edu.harvard.iq.dataverse;
 
-import org.junit.jupiter.api.BeforeEach;
 import org.junit.jupiter.api.Test;
 import org.junit.jupiter.api.extension.ExtendWith;
 import org.mockito.InjectMocks;
@@ -17,6 +16,7 @@
 import static org.junit.jupiter.api.Assertions.assertEquals;
 import static org.mockito.ArgumentMatchers.anyInt;
 import static org.mockito.ArgumentMatchers.anyString;
+import static org.mockito.ArgumentMatchers.contains;
 import static org.mockito.ArgumentMatchers.eq;
 import static org.mockito.Mockito.never;
 import static org.mockito.Mockito.verify;
@@ -31,17 +31,21 @@ public class UserNotificationServiceBeanTest {
     @Mock
     private TypedQuery<UserNotification> query;
 
+    @Mock
+    private TypedQuery<Long> countQuery;
+
     @InjectMocks
     private UserNotificationServiceBean userNotificationService;
 
-    @BeforeEach
-    void setUp() {
+
+    private void setupFindByUserMock() {
         when(em.createQuery(anyString(), eq(UserNotification.class))).thenReturn(query);
     }
 
     @Test
     void testFindByUser_withoutPagination() {
         // Arrange
+        setupFindByUserMock();
         Long userId = 1L;
         List<UserNotification> expectedNotifications = Arrays.asList(new UserNotification(), new UserNotification());
         when(query.getResultList()).thenReturn(expectedNotifications);
@@ -53,7 +57,6 @@ void testFindByUser_withoutPagination() {
         assertEquals(2, actualNotifications.size());
         verify(query).setParameter("userId", userId);
         verify(query).setParameter("onlyUnread", false);
-        // Verify that pagination methods were never called
         verify(query, never()).setFirstResult(anyInt());
         verify(query, never()).setMaxResults(anyInt());
     }
@@ -61,6 +64,7 @@ void testFindByUser_withoutPagination() {
     @Test
     void testFindByUser_withOnlyUnread() {
         // Arrange
+        setupFindByUserMock();
         Long userId = 1L;
         when(query.getResultList()).thenReturn(Collections.emptyList());
 
@@ -75,6 +79,7 @@ void testFindByUser_withOnlyUnread() {
     @Test
     void testFindByUser_withPagination() {
         // Arrange
+        setupFindByUserMock();
         Long userId = 1L;
         int limit = 10;
         int offset = 20;
@@ -94,6 +99,7 @@ void testFindByUser_withPagination() {
     @Test
     void testFindByUser_withOnlyLimit() {
         // Arrange
+        setupFindByUserMock();
         Long userId = 1L;
         int limit = 5;
         when(query.getResultList()).thenReturn(Collections.emptyList());
@@ -109,6 +115,7 @@ void testFindByUser_withOnlyLimit() {
     @Test
     void testFindByUser_withOnlyOffset() {
         // Arrange
+        setupFindByUserMock();
         Long userId = 1L;
         int offset = 15;
         when(query.getResultList()).thenReturn(Collections.emptyList());
@@ -120,4 +127,52 @@ void testFindByUser_withOnlyOffset() {
         verify(query).setFirstResult(offset);
         verify(query, never()).setMaxResults(anyInt());
     }
+
+    @Test
+    void testFindTotalCountByUser_nullUserId() {
+        // Act
+        Long count = userNotificationService.findTotalCountByUser(null, false);
+
+        // Assert
+        assertEquals(0L, count);
+        verify(em, never()).createQuery(anyString(), eq(Long.class));
+    }
+
+    @Test
+    void testFindTotalCountByUser_countAll() {
+        // Arrange
+        Long userId = 1L;
+        Long expectedCount = 15L;
+        when(em.createQuery(contains("count(un)"), eq(Long.class))).thenReturn(countQuery);
+        when(countQuery.getSingleResult()).thenReturn(expectedCount);
+
+        // Act
+        Long actualCount = userNotificationService.findTotalCountByUser(userId, false);
+
+        // Assert
+        assertEquals(expectedCount, actualCount);
+        verify(em).createQuery(contains("count(un)"), eq(Long.class));
+        verify(countQuery).setParameter("userId", userId);
+        verify(countQuery).setParameter("onlyUnread", false);
+        verify(countQuery).getSingleResult();
+    }
+
+    @Test
+    void testFindTotalCountByUser_countOnlyUnread() {
+        // Arrange
+        Long userId = 1L;
+        Long expectedCount = 7L;
+        when(em.createQuery(contains("count(un)"), eq(Long.class))).thenReturn(countQuery);
+        when(countQuery.getSingleResult()).thenReturn(expectedCount);
+
+        // Act
+        Long actualCount = userNotificationService.findTotalCountByUser(userId, true);
+
+        // Assert
+        assertEquals(expectedCount, actualCount);
+        verify(em).createQuery(contains("count(un)"), eq(Long.class));
+        verify(countQuery).setParameter("userId", userId);
+        verify(countQuery).setParameter("onlyUnread", true);
+        verify(countQuery).getSingleResult();
+    }
 }
diff --git a/src/test/java/edu/harvard/iq/dataverse/api/NotificationsIT.java b/src/test/java/edu/harvard/iq/dataverse/api/NotificationsIT.java
index 1b8c8b61fdb..54d8a92731e 100644
--- a/src/test/java/edu/harvard/iq/dataverse/api/NotificationsIT.java
+++ b/src/test/java/edu/harvard/iq/dataverse/api/NotificationsIT.java
@@ -58,20 +58,21 @@ public void testNotifications() {
 
         Response getNotifications = UtilIT.getNotifications(authorApiToken);
         getNotifications.then().assertThat()
-                .body("data.notifications[0].displayAsRead", equalTo(false))
-                .body("data.notifications[1].displayAsRead", equalTo(false))
-                .body("data.notifications.size()", equalTo(2))
+                .body("data[0].displayAsRead", equalTo(false))
+                .body("data[1].displayAsRead", equalTo(false))
+                .body("totalCount", equalTo(2))
+                .body("data.size()", equalTo(2))
                 .statusCode(OK.getStatusCode());
 
-        String firstNotificationType = JsonPath.from(getNotifications.body().asString()).getString("data.notifications[0].type");
-        String secondNotificationType = JsonPath.from(getNotifications.body().asString()).getString("data.notifications[1].type");
+        String firstNotificationType = JsonPath.from(getNotifications.body().asString()).getString("data[0].type");
+        String secondNotificationType = JsonPath.from(getNotifications.body().asString()).getString("data[1].type");
         long createAccountId = 0L;
         if (firstNotificationType.equals(CREATEDV.toString())) {
             assertEquals(CREATEACC.toString(), secondNotificationType);
-            createAccountId = JsonPath.from(getNotifications.getBody().asString()).getLong("data.notifications[1].id");
+            createAccountId = JsonPath.from(getNotifications.getBody().asString()).getLong("data[1].id");
         } else if (firstNotificationType.equals(CREATEACC.toString())) {
             assertEquals(CREATEDV.toString(), secondNotificationType);
-            createAccountId = JsonPath.from(getNotifications.getBody().asString()).getLong("data.notifications[0].id");
+            createAccountId = JsonPath.from(getNotifications.getBody().asString()).getLong("data[0].id");
         } else {
             fail("Unexpected notification type: " + firstNotificationType);
         }
@@ -90,27 +91,29 @@ public void testNotifications() {
         // Retrieve only unread notifications
         getNotifications = UtilIT.getNotifications(authorApiToken, false, true, null, null);
         getNotifications.then().assertThat()
-                .body("data.notifications[0].type", equalTo(CREATEDV.toString()))
-                .body("data.notifications[0].displayAsRead", equalTo(false))
-                .body("data.notifications.size()", equalTo(1))
+                .body("data[0].type", equalTo(CREATEDV.toString()))
+                .body("data[0].displayAsRead", equalTo(false))
+                .body("totalCount", equalTo(1))
+                .body("data.size()", equalTo(1))
                 .statusCode(OK.getStatusCode());
 
         // Retrieve all notifications
         Response getNotifications2 = UtilIT.getNotifications(authorApiToken);
         getNotifications2.then().assertThat()
-                .body("data.notifications.size()", equalTo(2))
+                .body("totalCount", equalTo(2))
+                .body("data.size()", equalTo(2))
                 .statusCode(OK.getStatusCode());
 
-        firstNotificationType = JsonPath.from(getNotifications2.body().asString()).getString("data.notifications[0].type");
-        secondNotificationType = JsonPath.from(getNotifications2.body().asString()).getString("data.notifications[1].type");
+        firstNotificationType = JsonPath.from(getNotifications2.body().asString()).getString("data[0].type");
+        secondNotificationType = JsonPath.from(getNotifications2.body().asString()).getString("data[1].type");
         if (firstNotificationType.equals(CREATEDV.toString())) {
             assertEquals(CREATEACC.toString(), secondNotificationType);
-            assertTrue(JsonPath.from(getNotifications2.body().asString()).getBoolean("data.notifications[1].displayAsRead"));
-            assertFalse(JsonPath.from(getNotifications2.body().asString()).getBoolean("data.notifications[0].displayAsRead"));
+            assertTrue(JsonPath.from(getNotifications2.body().asString()).getBoolean("data[1].displayAsRead"));
+            assertFalse(JsonPath.from(getNotifications2.body().asString()).getBoolean("data[0].displayAsRead"));
         } else if (firstNotificationType.equals(CREATEACC.toString())) {
             assertEquals(CREATEDV.toString(), secondNotificationType);
-            assertTrue(JsonPath.from(getNotifications2.body().asString()).getBoolean("data.notifications[0].displayAsRead"));
-            assertFalse(JsonPath.from(getNotifications2.body().asString()).getBoolean("data.notifications[1].displayAsRead"));
+            assertTrue(JsonPath.from(getNotifications2.body().asString()).getBoolean("data[0].displayAsRead"));
+            assertFalse(JsonPath.from(getNotifications2.body().asString()).getBoolean("data[1].displayAsRead"));
         } else {
             fail("Unexpected notification type: " + firstNotificationType);
         }
@@ -123,8 +126,9 @@ public void testNotifications() {
 
         Response getNotifications3 = UtilIT.getNotifications(authorApiToken);
         getNotifications3.then().assertThat()
-                .body("data.notifications[0].type", equalTo(CREATEDV.toString()))
-                .body("data.notifications.size()", equalTo(1))
+                .body("data[0].type", equalTo(CREATEDV.toString()))
+                .body("totalCount", equalTo(1))
+                .body("data.size()", equalTo(1))
                 .statusCode(OK.getStatusCode());
 
         // SendNotificationOnDatasetCreation setting is true
@@ -149,13 +153,14 @@ public void testNotifications() {
 
         getNotifications = UtilIT.getNotifications(authorApiToken);
         getNotifications.then().assertThat()
-                .body("data.notifications[0].displayAsRead", equalTo(false))
-                .body("data.notifications[1].displayAsRead", equalTo(false))
-                .body("data.notifications[2].displayAsRead", equalTo(false))
-                .body("data.notifications.size()", equalTo(3))
+                .body("data[0].displayAsRead", equalTo(false))
+                .body("data[1].displayAsRead", equalTo(false))
+                .body("data[2].displayAsRead", equalTo(false))
+                .body("totalCount", equalTo(3))
+                .body("data.size()", equalTo(3))
                 .statusCode(OK.getStatusCode());
 
-        List<String> notificationTypes = JsonPath.from(getNotifications.body().asString()).getList("data.notifications.type");
+        List<String> notificationTypes = JsonPath.from(getNotifications.body().asString()).getList("data.type");
 
         List<String> expectedTypes = Arrays.asList(CREATEACC.toString(), CREATEDV.toString(), DATASETCREATED.toString());
 
@@ -174,16 +179,17 @@ public void testNotifications() {
 
         getNotifications = UtilIT.getNotifications(authorApiToken);
         getNotifications.then().assertThat()
-                .body("data.notifications[0].displayAsRead", equalTo(false))
-                .body("data.notifications.size()", equalTo(1))
+                .body("data[0].displayAsRead", equalTo(false))
+                .body("totalCount", equalTo(1))
+                .body("data.size()", equalTo(1))
                 // In-App fields should be null
-                .body("data.notifications[0].installationBrandName", equalTo(null))
-                .body("data.notifications[0].userGuidesBaseUrl", equalTo(null))
-                .body("data.notifications[0].userGuidesVersion", equalTo(null))
-                .body("data.notifications[0].userGuidesSectionPath", equalTo(null))
+                .body("data[0].installationBrandName", equalTo(null))
+                .body("data[0].userGuidesBaseUrl", equalTo(null))
+                .body("data[0].userGuidesVersion", equalTo(null))
+                .body("data[0].userGuidesSectionPath", equalTo(null))
                 // Email-related fields should be present
-                .body("data.notifications[0].subjectText", equalTo("Root: Your account has been created"))
-                .body("data.notifications[0].messageText", containsString("Hello,"))
+                .body("data[0].subjectText", equalTo("Root: Your account has been created"))
+                .body("data[0].messageText", containsString("Hello,"))
                 .statusCode(OK.getStatusCode());
 
         // inAppNotificationFormat = true
@@ -195,16 +201,17 @@ public void testNotifications() {
 
         getNotifications = UtilIT.getNotifications(authorApiToken, true, false, null, null);
         getNotifications.then().assertThat()
-                .body("data.notifications[0].displayAsRead", equalTo(false))
-                .body("data.notifications.size()", equalTo(1))
+                .body("data[0].displayAsRead", equalTo(false))
+                .body("totalCount", equalTo(1))
+                .body("data.size()", equalTo(1))
                 // In-App fields should be present
-                .body("data.notifications[0].installationBrandName", equalTo("Root"))
-                .body("data.notifications[0].userGuidesBaseUrl", equalTo("https://guides.dataverse.org"))
-                .body("data.notifications[0].userGuidesSectionPath", equalTo("user/index.html"))
-                .body("data.notifications[0].userGuidesVersion", not(equalTo(null)))
+                .body("data[0].installationBrandName", equalTo("Root"))
+                .body("data[0].userGuidesBaseUrl", equalTo("https://guides.dataverse.org"))
+                .body("data[0].userGuidesSectionPath", equalTo("user/index.html"))
+                .body("data[0].userGuidesVersion", not(equalTo(null)))
                 // Email-related fields should be null
-                .body("data.notifications[0].subjectText", equalTo(null))
-                .body("data.notifications[0].messageText", equalTo(null))
+                .body("data[0].subjectText", equalTo(null))
+                .body("data[0].messageText", equalTo(null))
                 .statusCode(OK.getStatusCode());
 
         // Test pagination
@@ -224,37 +231,40 @@ public void testNotifications() {
         Response limitedNotifications = UtilIT.getNotifications(paginationApiToken, false, false, 2, 0);
         limitedNotifications.then().assertThat()
                 .statusCode(OK.getStatusCode())
-                .body("data.notifications[0].type", equalTo(CREATEDV.toString()))
-                .body("data.notifications[1].type", equalTo(CREATEDV.toString()))
-                .body("data.notifications.size()", equalTo(2));
+                .body("data[0].type", equalTo(CREATEDV.toString()))
+                .body("data[1].type", equalTo(CREATEDV.toString()))
+                .body("totalCount", equalTo(5))
+                .body("data.size()", equalTo(2));
 
         // Case 2: Test offset
         // Skip first 3 notifications and get the remaining 2
         Response offsetNotifications = UtilIT.getNotifications(paginationApiToken, false, false, null, 3);
         offsetNotifications.then().assertThat()
                 .statusCode(OK.getStatusCode())
-                .body("data.notifications[0].type", equalTo(CREATEDV.toString()))
-                .body("data.notifications[1].type", equalTo(CREATEACC.toString()))
-                .body("data.notifications.size()", equalTo(2));
+                .body("data[0].type", equalTo(CREATEDV.toString()))
+                .body("data[1].type", equalTo(CREATEACC.toString()))
+                .body("totalCount", equalTo(5))
+                .body("data.size()", equalTo(2));
 
         // Case 3: Test limit and offset together
         // Get 2 notifications, starting from the 2nd one (index 1)
         Response limitedAndOffsetNotifications = UtilIT.getNotifications(paginationApiToken, false, false, 2, 1);
         limitedAndOffsetNotifications.then().assertThat()
                 .statusCode(OK.getStatusCode())
-                .body("data.notifications[0].type", equalTo(CREATEDV.toString()))
-                .body("data.notifications[1].type", equalTo(CREATEDV.toString()))
-                .body("data.notifications.size()", equalTo(2));
+                .body("data[0].type", equalTo(CREATEDV.toString()))
+                .body("data[1].type", equalTo(CREATEDV.toString()))
+                .body("totalCount", equalTo(5))
+                .body("data.size()", equalTo(2));
 
-        long firstId = JsonPath.from(limitedAndOffsetNotifications.body().asString()).getLong("data.notifications[0].id");
-        long secondId = JsonPath.from(limitedAndOffsetNotifications.body().asString()).getLong("data.notifications[1].id");
+        long firstId = JsonPath.from(limitedAndOffsetNotifications.body().asString()).getLong("data[0].id");
+        long secondId = JsonPath.from(limitedAndOffsetNotifications.body().asString()).getLong("data[1].id");
 
         // Verify we got the correct slice of data
         Response allNotifications = UtilIT.getNotifications(paginationApiToken);
         allNotifications.then().assertThat().statusCode(OK.getStatusCode());
 
-        long secondNotificationInAll = JsonPath.from(allNotifications.body().asString()).getLong("data.notifications[1].id");
-        long thirdNotificationInAll = JsonPath.from(allNotifications.body().asString()).getLong("data.notifications[2].id");
+        long secondNotificationInAll = JsonPath.from(allNotifications.body().asString()).getLong("data[1].id");
+        long thirdNotificationInAll = JsonPath.from(allNotifications.body().asString()).getLong("data[2].id");
 
         assertEquals(secondNotificationInAll, firstId);
         assertEquals(thirdNotificationInAll, secondId);
@@ -264,7 +274,8 @@ public void testNotifications() {
         Response excessiveLimitNotifications = UtilIT.getNotifications(paginationApiToken, false, false, 10, 0);
         excessiveLimitNotifications.then().assertThat()
                 .statusCode(OK.getStatusCode())
-                .body("data.notifications.size()", equalTo(5));
+                .body("totalCount", equalTo(5))
+                .body("data.size()", equalTo(5));
     }
 
     private static void disableSendNotificationOnDatasetCreationSetting() {

From 5a7f4c232a9787bb62a99b30a0f6f2911111215c Mon Sep 17 00:00:00 2001
From: GPortas <hey@gportas.me>
Date: Mon, 20 Oct 2025 15:47:47 +0100
Subject: [PATCH 433/634] Changed: javadoc format tweak

---
 .../edu/harvard/iq/dataverse/UserNotificationServiceBean.java    | 1 +
 1 file changed, 1 insertion(+)

diff --git a/src/main/java/edu/harvard/iq/dataverse/UserNotificationServiceBean.java b/src/main/java/edu/harvard/iq/dataverse/UserNotificationServiceBean.java
index c5807ce93fe..bc9e3df977d 100644
--- a/src/main/java/edu/harvard/iq/dataverse/UserNotificationServiceBean.java
+++ b/src/main/java/edu/harvard/iq/dataverse/UserNotificationServiceBean.java
@@ -78,6 +78,7 @@ public List<UserNotification> findByUser(Long userId, boolean onlyUnread, Intege
 
     /**
      * Finds the total count of notifications for a user, with an option to count only unread notifications.
+     *
      * @param userId The ID of the user.
      * @param onlyUnread If true, counts only unread notifications. If false, counts all notifications.
      * @return The total count as a Long.

From 60c4f307f6f0503cdc7d40c2272ad58108c37f0b Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=C3=81kos=20Kukucska?= <kukucska.akos@sztaki.hu>
Date: Mon, 20 Oct 2025 17:04:13 +0200
Subject: [PATCH 434/634] Remove static from afterEach

---
 src/test/java/edu/harvard/iq/dataverse/api/DataversesIT.java | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/test/java/edu/harvard/iq/dataverse/api/DataversesIT.java b/src/test/java/edu/harvard/iq/dataverse/api/DataversesIT.java
index 33d65ec5dd7..747b827888d 100644
--- a/src/test/java/edu/harvard/iq/dataverse/api/DataversesIT.java
+++ b/src/test/java/edu/harvard/iq/dataverse/api/DataversesIT.java
@@ -72,7 +72,7 @@ public static void afterClass() {
     }
 
     @AfterEach
-    public static void afterEach() {
+    public void afterEach() {
         UtilIT.deleteSetting(SettingsServiceBean.Key.MetadataLanguages);
     }
 

From af1f1c8ff2278f3c14ea0c6b24c1ac1e579ced7b Mon Sep 17 00:00:00 2001
From: GPortas <hey@gportas.me>
Date: Mon, 20 Oct 2025 16:10:51 +0100
Subject: [PATCH 435/634] Changed: native-api docs to reflect new notifications
 API response format

---
 doc/sphinx-guides/source/api/native-api.rst | 51 +++++++++++----------
 1 file changed, 26 insertions(+), 25 deletions(-)

diff --git a/doc/sphinx-guides/source/api/native-api.rst b/doc/sphinx-guides/source/api/native-api.rst
index 9a0296d2307..2c7c86429ca 100644
--- a/doc/sphinx-guides/source/api/native-api.rst
+++ b/doc/sphinx-guides/source/api/native-api.rst
@@ -6118,16 +6118,16 @@ The expected OK (200) response looks something like this:
 
   {
       "status": "OK",
-      "data": {
-          "notifications": [
-              {
-                  "id": 38,
-                  "type": "CREATEACC",
-                  "displayAsRead": true,
-                  "subjectText": "Root: Your account has been created",
-                  "messageText": "Hello, \nWelcome to...",
-                  "sentTimestamp": "2025-07-21T19:15:37Z"
-              }
+      "totalCount": 15,
+      "data": [
+        {
+            "id": 38,
+            "type": "CREATEACC",
+            "displayAsRead": true,
+            "subjectText": "Root: Your account has been created",
+            "messageText": "Hello, \nWelcome to...",
+            "sentTimestamp": "2025-07-21T19:15:37Z"
+        }
   ...
 
 This endpoint supports several optional query parameters to filter and paginate the results.
@@ -6146,6 +6146,8 @@ The ``onlyUnread`` parameter, if sent as ``true``, filters the results to includ
 
 The ``limit`` and ``offset`` parameters can be used for pagination. ``limit`` specifies the maximum number of notifications to return, and ``offset`` specifies the number of notifications to skip from the beginning of the list. For example, to retrieve notifications 11 through 15:
 
+To aid in pagination the JSON response also includes the total number of rows (totalCount) available.
+
 .. code-block:: bash
 
   curl -H "X-Dataverse-key:$API_TOKEN" "$SERVER_URL/api/notifications/all?limit=5&offset=10"
@@ -6154,7 +6156,7 @@ All parameters can be combined. For instance, to get the first page of 10 unread
 
 .. code-block:: bash
 
-  curl -H "X-Dataverse-key:$API_TOKEN" "$SERVER_URL/api/notifications/all?inAppNotificationFormat=true&onlyUnread=true&limit=10&offset=0"
+  curl -H "X-Dataverse-key:$API_TOKEN" "$SERVER_URL/api/notifications/all?inAppNotificationFormat=true&onlyUnread=true&limit=1&offset=0"
 
 The expected OK (200) response for an in-app format request looks something like this:
 
@@ -6162,20 +6164,19 @@ The expected OK (200) response for an in-app format request looks something like
 
   {
       "status": "OK",
-      "data": {
-          "notifications": [
-              {
-                  "id": 79,
-                  "type": "CREATEACC",
-                  "displayAsRead": false,
-                  "sentTimestamp": "2025-08-08T08:00:16Z",
-                  "installationBrandName": "Your Installation Name",
-                  "userGuidesBaseUrl": "https://guides.dataverse.org",
-                  "userGuidesVersion": "6.7.1",
-                  "userGuidesSectionPath": "user/index.html"
-              }
-          ]
-      }
+      "totalCount": 15,
+      "data": [
+        {
+            "id": 79,
+            "type": "CREATEACC",
+            "displayAsRead": false,
+            "sentTimestamp": "2025-08-08T08:00:16Z",
+            "installationBrandName": "Your Installation Name",
+            "userGuidesBaseUrl": "https://guides.dataverse.org",
+            "userGuidesVersion": "6.7.1",
+            "userGuidesSectionPath": "user/index.html"
+        }
+      ]
   }
   ...
 

From 7806c27a938cf22cbb41bcbfecb378d5136ebe78 Mon Sep 17 00:00:00 2001
From: qqmyers <qqmyers@hotmail.com>
Date: Mon, 20 Oct 2025 11:11:36 -0400
Subject: [PATCH 436/634] update netcdl lib, fix use of odd Strings class

---
 pom.xml                                                      | 2 +-
 .../iq/dataverse/pidproviders/AbstractPidProvider.java       | 5 ++---
 2 files changed, 3 insertions(+), 4 deletions(-)

diff --git a/pom.xml b/pom.xml
index ceb5ea28d84..1969fd1f245 100644
--- a/pom.xml
+++ b/pom.xml
@@ -32,7 +32,7 @@
         <jhove.version>1.20.1</jhove.version>
         <poi.version>5.4.0</poi.version>
         <tika.version>3.2.2</tika.version>
-        <netcdf.version>5.5.3</netcdf.version>
+        <netcdf.version>5.9.1</netcdf.version>
         
         <openapi.infoTitle>Dataverse API</openapi.infoTitle>
         <openapi.infoVersion>${project.version}</openapi.infoVersion>
diff --git a/src/main/java/edu/harvard/iq/dataverse/pidproviders/AbstractPidProvider.java b/src/main/java/edu/harvard/iq/dataverse/pidproviders/AbstractPidProvider.java
index d7da92f5dd7..0b5b49fc52d 100644
--- a/src/main/java/edu/harvard/iq/dataverse/pidproviders/AbstractPidProvider.java
+++ b/src/main/java/edu/harvard/iq/dataverse/pidproviders/AbstractPidProvider.java
@@ -17,7 +17,6 @@
 import java.util.logging.Logger;
 
 import org.apache.commons.lang3.RandomStringUtils;
-import com.beust.jcommander.Strings;
 
 public abstract class AbstractPidProvider implements PidProvider {
 
@@ -577,8 +576,8 @@ public JsonObject getProviderSpecification() {
         providerSpecification.add("shoulder", shoulder);
         providerSpecification.add("identifierGenerationStyle", identifierGenerationStyle);
         providerSpecification.add("datafilePidFormat", datafilePidFormat);
-        providerSpecification.add("managedSet", Strings.join(",", managedSet.toArray()));
-        providerSpecification.add("excludedSet", Strings.join(",", excludedSet.toArray()));
+        providerSpecification.add("managedSet", String.join(",", managedSet));
+        providerSpecification.add("excludedSet", String.join(",", excludedSet));
         return providerSpecification.build();
     }
     

From 36097bbb3d685ca84abf2d66e16aa706f8b6721f Mon Sep 17 00:00:00 2001
From: GPortas <hey@gportas.me>
Date: Mon, 20 Oct 2025 16:19:21 +0100
Subject: [PATCH 437/634] Changed: updated release notes for #11852

---
 ...ications-api-pagination-and-only-unread.md | 35 +++++++++++++++++++
 1 file changed, 35 insertions(+)

diff --git a/doc/release-notes/11852-notifications-api-pagination-and-only-unread.md b/doc/release-notes/11852-notifications-api-pagination-and-only-unread.md
index 014e22c7739..c8c4aadff73 100644
--- a/doc/release-notes/11852-notifications-api-pagination-and-only-unread.md
+++ b/doc/release-notes/11852-notifications-api-pagination-and-only-unread.md
@@ -33,5 +33,40 @@ Example (Retrieve notifications 11 through 20):
 curl -H "X-Dataverse-key:$API_TOKEN" "$SERVER_URL/api/notifications/all?limit=10&offset=10"
 ```
 
+**3 Breaking Change: API Response Format Updated**
+
+To support pagination and improve consistency across the API, the JSON response format for this endpoint has been
+changed. This is a breaking change and will require updates to any client code currently using this endpoint.
+
+**Old Format:**
+
+Previously, the response nested the notification list inside a notifications object within the data field.
+
+```
+{
+  "status": "OK",
+  "data": {
+    "notifications": [
+      / ... /
+    ]
+  }
+}
+```
+
+**New Format:**
+
+The response now includes a top-level totalCount field (required for pagination) and places the notification list
+directly in the data field. This flattens the structure and makes it consistent with other paginated endpoints.
+
+```
+{
+  "status": "OK",
+  "totalCount": 2,
+  "data": [
+    / ... /  
+  ]
+}
+```
+
 Related issue: #11852
 Related PR: #11854
\ No newline at end of file

From fb3b405016bad62fe721603a320a13bbb688f118 Mon Sep 17 00:00:00 2001
From: Leonid Andreev <leonid@hmdc.harvard.edu>
Date: Mon, 20 Oct 2025 11:48:14 -0400
Subject: [PATCH 438/634] Adding index annotations to GuestbookResponse and
 DatasetMetrics. #11828

---
 .../java/edu/harvard/iq/dataverse/GuestbookResponse.java     | 1 +
 .../harvard/iq/dataverse/makedatacount/DatasetMetrics.java   | 5 +++++
 2 files changed, 6 insertions(+)

diff --git a/src/main/java/edu/harvard/iq/dataverse/GuestbookResponse.java b/src/main/java/edu/harvard/iq/dataverse/GuestbookResponse.java
index 830c7740e34..6dfdca13ac5 100644
--- a/src/main/java/edu/harvard/iq/dataverse/GuestbookResponse.java
+++ b/src/main/java/edu/harvard/iq/dataverse/GuestbookResponse.java
@@ -37,6 +37,7 @@
 @Table(indexes = {
         @Index(columnList = "guestbook_id"),
         @Index(columnList = "datafile_id"),
+        @Index(columnList = "datasetversion_id"),
         @Index(columnList = "dataset_id")
 })
 
diff --git a/src/main/java/edu/harvard/iq/dataverse/makedatacount/DatasetMetrics.java b/src/main/java/edu/harvard/iq/dataverse/makedatacount/DatasetMetrics.java
index 15ee35c6404..41758192de0 100644
--- a/src/main/java/edu/harvard/iq/dataverse/makedatacount/DatasetMetrics.java
+++ b/src/main/java/edu/harvard/iq/dataverse/makedatacount/DatasetMetrics.java
@@ -8,8 +8,10 @@
 import jakarta.persistence.GeneratedValue;
 import jakarta.persistence.GenerationType;
 import jakarta.persistence.Id;
+import jakarta.persistence.Index;
 import jakarta.persistence.JoinColumn;
 import jakarta.persistence.ManyToOne;
+import jakarta.persistence.Table;
 import jakarta.persistence.Transient;
 import jakarta.validation.constraints.NotNull;
 
@@ -27,6 +29,9 @@
  * downloads for a given month.
  */
 @Entity
+@Table(indexes = {
+    @Index(columnList = "dataset_id")
+})
 public class DatasetMetrics implements Serializable {
 
     @Id

From c007631170353fc0fa22d89795e866b4c0191ae0 Mon Sep 17 00:00:00 2001
From: Leonid Andreev <leonid@hmdc.harvard.edu>
Date: Mon, 20 Oct 2025 13:04:33 -0400
Subject: [PATCH 439/634] Using the opportunity to add an index on
 authenticateduser_id to guestbookresponse as well. Lookups by user id were
 just as slow there. #11828

---
 src/main/java/edu/harvard/iq/dataverse/GuestbookResponse.java | 1 +
 src/main/resources/db/migration/V6.8.0.1.sql                  | 2 ++
 2 files changed, 3 insertions(+)

diff --git a/src/main/java/edu/harvard/iq/dataverse/GuestbookResponse.java b/src/main/java/edu/harvard/iq/dataverse/GuestbookResponse.java
index 6dfdca13ac5..22a620b45cb 100644
--- a/src/main/java/edu/harvard/iq/dataverse/GuestbookResponse.java
+++ b/src/main/java/edu/harvard/iq/dataverse/GuestbookResponse.java
@@ -38,6 +38,7 @@
         @Index(columnList = "guestbook_id"),
         @Index(columnList = "datafile_id"),
         @Index(columnList = "datasetversion_id"),
+        @Index(columnList = "authenticateduser_id"),
         @Index(columnList = "dataset_id")
 })
 
diff --git a/src/main/resources/db/migration/V6.8.0.1.sql b/src/main/resources/db/migration/V6.8.0.1.sql
index 675ab62c2b4..8feb7b22bda 100644
--- a/src/main/resources/db/migration/V6.8.0.1.sql
+++ b/src/main/resources/db/migration/V6.8.0.1.sql
@@ -2,5 +2,7 @@ CREATE INDEX IF NOT EXISTS  INDEX_GUESTBOOKRESPONSE_datasetversion_id ON GUESTBO
 
 CREATE INDEX IF NOT EXISTS INDEX_DATASETMETRICS_dataset_id ON DATASETMETRICS (dataset_id);
 
+CREATE INDEX IF NOT EXISTS INDEX_GUESTBOOKRESPONSE_authenticateduser_id ON GUESTBOOKRESPONSE (authenticateduser_id);
+
 UPDATE datasetversion SET versionstate = 'DRAFT' where versionstate IS NULL;
 ALTER TABLE datasetversion ALTER COLUMN versionstate SET NOT NULL;

From 737659031a78dde963405404eebaf5f576ad624e Mon Sep 17 00:00:00 2001
From: jo-pol <jo-pol@users.noreply.github.com>
Date: Tue, 21 Oct 2025 10:27:02 +0200
Subject: [PATCH 440/634] overlooked review details

---
 doc/release-notes/11865-suppress-host-dataverse-field.md | 8 +-------
 1 file changed, 1 insertion(+), 7 deletions(-)

diff --git a/doc/release-notes/11865-suppress-host-dataverse-field.md b/doc/release-notes/11865-suppress-host-dataverse-field.md
index 482516cbf97..0160831885d 100644
--- a/doc/release-notes/11865-suppress-host-dataverse-field.md
+++ b/doc/release-notes/11865-suppress-host-dataverse-field.md
@@ -1,9 +1,3 @@
 ### Suppression of the Host Dataverse field
 
-When creating a dataset, the _host dataverse_ field is not shown when the user can only add datasets to one collection.
-
-This was introduced in 6.7 with PR #11301 and reverted in 6.7.1 with PR #11700.
-A performance penalty was observed in instances with a large number of dataverses.
-The performance degradation is remedied by reusing the query for the API command [allowedCollections] but return at most two rows.
-
-allowedCollections: https://guides.dataverse.org/en/latest/api/native-api.html#list-dataverse-collections-a-user-can-act-on-based-on-their-permissions
\ No newline at end of file
+When creating a dataset, the _host dataverse_ field is not shown when the user can only add datasets to one collection.
\ No newline at end of file

From 621fe0a95b3b85b8e28e52ba0006a7e1717d8e2f Mon Sep 17 00:00:00 2001
From: Stephen Kraffmiller <skraffmiller@hmdc.harvard.edu>
Date: Tue, 21 Oct 2025 14:14:58 -0400
Subject: [PATCH 441/634] #11772 updates from review/clarify

---
 .../UpdateDatasetTermsOfAccessCommand.java    | 20 +++++++++----------
 .../edu/harvard/iq/dataverse/api/UtilIT.java  |  4 ++--
 ...UpdateDatasetTermsOfAccessCommandTest.java |  3 ---
 3 files changed, 12 insertions(+), 15 deletions(-)

diff --git a/src/main/java/edu/harvard/iq/dataverse/engine/command/impl/UpdateDatasetTermsOfAccessCommand.java b/src/main/java/edu/harvard/iq/dataverse/engine/command/impl/UpdateDatasetTermsOfAccessCommand.java
index ddbdefca4a1..62833edfa46 100644
--- a/src/main/java/edu/harvard/iq/dataverse/engine/command/impl/UpdateDatasetTermsOfAccessCommand.java
+++ b/src/main/java/edu/harvard/iq/dataverse/engine/command/impl/UpdateDatasetTermsOfAccessCommand.java
@@ -47,16 +47,16 @@ public Dataset execute(CommandContext ctxt) throws CommandException {
     
     private TermsOfUseAndAccess merge(DatasetVersion editVersion, TermsOfUseAndAccess incoming) {
         //only update the access parts
-        TermsOfUseAndAccess original = editVersion.getTermsOfUseAndAccess();
-        original.setFileAccessRequest(incoming.isFileAccessRequest());
-        original.setTermsOfAccess(incoming.getTermsOfAccess());
-        original.setDataAccessPlace(incoming.getDataAccessPlace());
-        original.setOriginalArchive(incoming.getOriginalArchive());
-        original.setAvailabilityStatus(incoming.getAvailabilityStatus());
-        original.setContactForAccess(incoming.getContactForAccess());
-        original.setSizeOfCollection(incoming.getSizeOfCollection());
-        original.setStudyCompletion(incoming.getStudyCompletion());
-        return original;
+        TermsOfUseAndAccess termsToUpdate = editVersion.getTermsOfUseAndAccess();
+        termsToUpdate.setFileAccessRequest(incoming.isFileAccessRequest());
+        termsToUpdate.setTermsOfAccess(incoming.getTermsOfAccess());
+        termsToUpdate.setDataAccessPlace(incoming.getDataAccessPlace());
+        termsToUpdate.setOriginalArchive(incoming.getOriginalArchive());
+        termsToUpdate.setAvailabilityStatus(incoming.getAvailabilityStatus());
+        termsToUpdate.setContactForAccess(incoming.getContactForAccess());
+        termsToUpdate.setSizeOfCollection(incoming.getSizeOfCollection());
+        termsToUpdate.setStudyCompletion(incoming.getStudyCompletion());
+        return termsToUpdate;
     }
     
     
diff --git a/src/test/java/edu/harvard/iq/dataverse/api/UtilIT.java b/src/test/java/edu/harvard/iq/dataverse/api/UtilIT.java
index f26e209ee28..b6f7f56ec49 100644
--- a/src/test/java/edu/harvard/iq/dataverse/api/UtilIT.java
+++ b/src/test/java/edu/harvard/iq/dataverse/api/UtilIT.java
@@ -3872,7 +3872,7 @@ static Response updateDatasetTermsAndAccess(String idOrPersistentIdOfDataset, St
             optionalQueryParam = "?persistentId=" + idOrPersistentIdOfDataset;
         }
 
-        String jsonIn = getDatasetTerms(pathToJsonFile);
+        String jsonIn = getDatasetTermsFromFile(pathToJsonFile);
         Response response = given()
                 .header(API_TOKEN_HTTP_HEADER, apiToken)
                 .contentType("application/json")
@@ -3881,7 +3881,7 @@ static Response updateDatasetTermsAndAccess(String idOrPersistentIdOfDataset, St
         return response;
     }
     
-    public static String getDatasetTerms(String pathToJsonFile) {
+    public static String getDatasetTermsFromFile(String pathToJsonFile) {
         File datasetTermsJson = new File(pathToJsonFile);
         try {
             String datasetTermsAsJson = new String(Files.readAllBytes(Paths.get(datasetTermsJson.getAbsolutePath())));
diff --git a/src/test/java/edu/harvard/iq/dataverse/engine/command/impl/UpdateDatasetTermsOfAccessCommandTest.java b/src/test/java/edu/harvard/iq/dataverse/engine/command/impl/UpdateDatasetTermsOfAccessCommandTest.java
index a4983dd3689..ed81285e374 100644
--- a/src/test/java/edu/harvard/iq/dataverse/engine/command/impl/UpdateDatasetTermsOfAccessCommandTest.java
+++ b/src/test/java/edu/harvard/iq/dataverse/engine/command/impl/UpdateDatasetTermsOfAccessCommandTest.java
@@ -9,7 +9,6 @@
 import edu.harvard.iq.dataverse.engine.command.exception.CommandException;
 import static org.junit.jupiter.api.Assertions.assertEquals;
 
-import static org.junit.jupiter.api.Assertions.assertSame;
 import org.junit.jupiter.api.BeforeEach;
 import org.junit.jupiter.api.Test;
 import org.mockito.Mock;
@@ -23,8 +22,6 @@
  */
 public class UpdateDatasetTermsOfAccessCommandTest {
 
-    @Mock
-    private CommandContext ctxt;
 
     @Mock
     private DataverseEngine dataverseEngineMock;

From 1e594d7908d0c291185b669681803a32bc3a4ad2 Mon Sep 17 00:00:00 2001
From: Stephen Kraffmiller <skraffmiller@hmdc.harvard.edu>
Date: Tue, 21 Oct 2025 14:49:34 -0400
Subject: [PATCH 442/634] #11772 changes suggested in CR

---
 .../iq/dataverse/util/json/JsonParser.java    | 37 ++++++++++---------
 1 file changed, 20 insertions(+), 17 deletions(-)

diff --git a/src/main/java/edu/harvard/iq/dataverse/util/json/JsonParser.java b/src/main/java/edu/harvard/iq/dataverse/util/json/JsonParser.java
index d68fe09f9a1..15cb5d7febf 100644
--- a/src/main/java/edu/harvard/iq/dataverse/util/json/JsonParser.java
+++ b/src/main/java/edu/harvard/iq/dataverse/util/json/JsonParser.java
@@ -381,8 +381,6 @@ public static <E extends Enum<E>> List<E> parseEnumsFromArray(JsonArray enumsArr
     public TermsOfUseAndAccess parseTermsOfUseAndAccess(JsonObject obj) throws JsonParseException {
         JsonObject terms = obj.getJsonObject("termsOfUseAndAccess");
         TermsOfUseAndAccess toaa = new TermsOfUseAndAccess();
-        toaa.setFileAccessRequest(terms.getBoolean("fileAccessRequest", false));
-        toaa.setTermsOfAccess(terms.getString("termsOfAccess", null));
         toaa.setTermsOfUse(terms.getString("termsOfUse", null));
         toaa.setConfidentialityDeclaration(terms.getString("confidentialityDeclaration", null));
         toaa.setSpecialPermissions(terms.getString("specialPermissions", null));
@@ -391,27 +389,32 @@ public TermsOfUseAndAccess parseTermsOfUseAndAccess(JsonObject obj) throws JsonP
         toaa.setDepositorRequirements(terms.getString("depositorRequirements", null));
         toaa.setConditions(terms.getString("conditions", null));
         toaa.setDisclaimer(terms.getString("disclaimer", null));
-        toaa.setDataAccessPlace(terms.getString("dataAccessPlace", null));
-        toaa.setOriginalArchive(terms.getString("originalArchive", null));
-        toaa.setAvailabilityStatus(terms.getString("availabilityStatus", null)); 
-        toaa.setContactForAccess(terms.getString("contactForAccess", null));
-        toaa.setSizeOfCollection(terms.getString("sizeOfCollection", null));
-        toaa.setStudyCompletion(terms.getString("studyCompletion", null));
-        toaa.setConfidentialityDeclaration(terms.getString("confidentialityDeclaration", null));
-        return toaa;
+        return parseTermsOfAccess(obj, toaa);
     }
-    
+
     public TermsOfUseAndAccess parseTermsOfAccess(JsonObject obj) throws JsonParseException {
-        //This only gets values associated with the terms of access for restricted files
-        // the return of this partial terms of use and access is merged with the existing 
-        // terms of use in the dataset's most recent version
-        JsonObject terms = obj.getJsonObject("customTermsOfAccess");
-        TermsOfUseAndAccess toaa = new TermsOfUseAndAccess();
+        return parseTermsOfAccess(obj, null);
+    }
+
+    public TermsOfUseAndAccess parseTermsOfAccess(JsonObject obj, TermsOfUseAndAccess touaIn) throws JsonParseException {
+        //This only gets values associated with the terms of access for restricted files when no TermsOfUseAndAccess object provided
+        // or added to an existing object when provided
+
+        JsonObject terms;
+        TermsOfUseAndAccess toaa;
+        if (touaIn == null) {
+            terms = obj.getJsonObject("customTermsOfAccess");
+            toaa = new TermsOfUseAndAccess();
+        } else {
+            terms = obj.getJsonObject("termsOfUseAndAccess");
+            toaa = touaIn;
+        }
+
         toaa.setFileAccessRequest(terms.getBoolean("fileAccessRequest", false));
         toaa.setTermsOfAccess(terms.getString("termsOfAccess", null));
         toaa.setDataAccessPlace(terms.getString("dataAccessPlace", null));
         toaa.setOriginalArchive(terms.getString("originalArchive", null));
-        toaa.setAvailabilityStatus(terms.getString("availabilityStatus", null)); 
+        toaa.setAvailabilityStatus(terms.getString("availabilityStatus", null));
         toaa.setContactForAccess(terms.getString("contactForAccess", null));
         toaa.setSizeOfCollection(terms.getString("sizeOfCollection", null));
         toaa.setStudyCompletion(terms.getString("studyCompletion", null));

From b26a14d5182e2dfe5e77c1e092bacb786f65c27f Mon Sep 17 00:00:00 2001
From: GPortas <hey@gportas.me>
Date: Wed, 22 Oct 2025 16:29:45 +0100
Subject: [PATCH 443/634] Refactor: GetDatasetVersionSummariesCommand to
 include explanatory method doc and removed unused exception throws

---
 .../impl/GetDatasetVersionSummariesCommand.java    | 14 ++++++++++++--
 1 file changed, 12 insertions(+), 2 deletions(-)

diff --git a/src/main/java/edu/harvard/iq/dataverse/engine/command/impl/GetDatasetVersionSummariesCommand.java b/src/main/java/edu/harvard/iq/dataverse/engine/command/impl/GetDatasetVersionSummariesCommand.java
index 802c4189e45..0cc0e20b8a5 100644
--- a/src/main/java/edu/harvard/iq/dataverse/engine/command/impl/GetDatasetVersionSummariesCommand.java
+++ b/src/main/java/edu/harvard/iq/dataverse/engine/command/impl/GetDatasetVersionSummariesCommand.java
@@ -7,7 +7,6 @@
 import edu.harvard.iq.dataverse.engine.command.CommandContext;
 import edu.harvard.iq.dataverse.engine.command.DataverseRequest;
 import edu.harvard.iq.dataverse.engine.command.RequiredPermissions;
-import edu.harvard.iq.dataverse.engine.command.exception.CommandException;
 
 import java.util.EnumSet;
 import java.util.List;
@@ -26,8 +25,19 @@ public GetDatasetVersionSummariesCommand(DataverseRequest request, Dataset datas
         this.dataset = dataset;
     }
 
+    /**
+     * Executes the command to retrieve a paginated list of dataset version summaries.
+     * <p>
+     * This method first checks if the user has permission to view unpublished
+     * versions of the dataset. It then fetches the appropriate {@link DatasetVersion}s,
+     * respecting pagination parameters (limit and offset), and converts each
+     * version into a {@link DatasetVersionSummary}.
+     *
+     * @param ctxt The command context.
+     * @return A list of {@link DatasetVersionSummary} objects.
+     */
     @Override
-    public List<DatasetVersionSummary> executeCommand(CommandContext ctxt) throws CommandException {
+    public List<DatasetVersionSummary> executeCommand(CommandContext ctxt) {
         boolean canViewUnpublished = ctxt.permissions().hasPermissionsFor(
                 getRequest().getUser(),
                 dataset,

From 71edb4731e8e42e601bdc2308664ecdec466ca8e Mon Sep 17 00:00:00 2001
From: GPortas <hey@gportas.me>
Date: Wed, 22 Oct 2025 16:46:59 +0100
Subject: [PATCH 444/634] Fixed: contributor names retrieved in dataset version
 summaries

---
 .../impl/GetDatasetVersionSummariesCommand.java      |  9 +++++++--
 .../edu/harvard/iq/dataverse/api/DatasetsIT.java     |  2 ++
 .../impl/GetDatasetVersionSummariesCommandTest.java  | 12 ++++++++++--
 3 files changed, 19 insertions(+), 4 deletions(-)

diff --git a/src/main/java/edu/harvard/iq/dataverse/engine/command/impl/GetDatasetVersionSummariesCommand.java b/src/main/java/edu/harvard/iq/dataverse/engine/command/impl/GetDatasetVersionSummariesCommand.java
index 0cc0e20b8a5..ab716658eff 100644
--- a/src/main/java/edu/harvard/iq/dataverse/engine/command/impl/GetDatasetVersionSummariesCommand.java
+++ b/src/main/java/edu/harvard/iq/dataverse/engine/command/impl/GetDatasetVersionSummariesCommand.java
@@ -30,8 +30,9 @@ public GetDatasetVersionSummariesCommand(DataverseRequest request, Dataset datas
      * <p>
      * This method first checks if the user has permission to view unpublished
      * versions of the dataset. It then fetches the appropriate {@link DatasetVersion}s,
-     * respecting pagination parameters (limit and offset), and converts each
-     * version into a {@link DatasetVersionSummary}.
+     * respecting pagination parameters (limit and offset). Each version is then
+     * enriched with its contributor names before being converted into a
+     * {@link DatasetVersionSummary}.
      *
      * @param ctxt The command context.
      * @return A list of {@link DatasetVersionSummary} objects.
@@ -52,6 +53,10 @@ public List<DatasetVersionSummary> executeCommand(CommandContext ctxt) {
                 true
         );
 
+        for (DatasetVersion version : versions) {
+            version.setContributorNames(ctxt.datasetVersion().getContributorsNames(version));
+        }
+
         return versions.stream()
                 .map(DatasetVersionSummary::from)
                 .flatMap(Optional::stream)
diff --git a/src/test/java/edu/harvard/iq/dataverse/api/DatasetsIT.java b/src/test/java/edu/harvard/iq/dataverse/api/DatasetsIT.java
index c648326e598..62e8dfdc59e 100644
--- a/src/test/java/edu/harvard/iq/dataverse/api/DatasetsIT.java
+++ b/src/test/java/edu/harvard/iq/dataverse/api/DatasetsIT.java
@@ -6537,8 +6537,10 @@ public void testSummaryDatasetVersionsDifferencesAPI() throws InterruptedExcepti
                 .body("totalCount", is(2))
                 .body("data.size()", is(2))
                 .body("data[1].versionNumber", equalTo("1.0"))
+                .body("data[1].contributors", notNullValue())
                 .body("data[1].summary", equalTo("firstPublished"))
                 .body("data[0].versionNumber", equalTo("DRAFT"))
+                .body("data[0].contributors", notNullValue())
                 .body("data[0].summary.'Citation Metadata'.Author.added", equalTo(2))
                 .body("data[0].summary.'Citation Metadata'.Subject.added", equalTo(2))
                 .body("data[0].summary.'Additional Citation Metadata'.changed", equalTo(0))
diff --git a/src/test/java/edu/harvard/iq/dataverse/engine/command/impl/GetDatasetVersionSummariesCommandTest.java b/src/test/java/edu/harvard/iq/dataverse/engine/command/impl/GetDatasetVersionSummariesCommandTest.java
index e47deb86c8f..b86188f440e 100644
--- a/src/test/java/edu/harvard/iq/dataverse/engine/command/impl/GetDatasetVersionSummariesCommandTest.java
+++ b/src/test/java/edu/harvard/iq/dataverse/engine/command/impl/GetDatasetVersionSummariesCommandTest.java
@@ -144,13 +144,17 @@ void execute_should_pass_pagination_parameters_correctly() throws CommandExcepti
     }
 
     @Test
-    @DisplayName("execute should correctly convert DatasetVersion list to DatasetVersionSummary list")
-    void execute_should_convert_versions_to_summaries() throws CommandException {
+    @DisplayName("execute should enrich contributors and convert versions to summaries")
+    void execute_should_enrich_contributors_and_convert_to_summaries() throws CommandException {
         // Arrange
         setupMocksForSuccessfulExecution();
         when(versionServiceMock.findVersions(anyLong(), any(), any(), anyBoolean(), anyBoolean()))
                 .thenReturn(List.of(versionMock));
 
+        // Arrange: Mock contributor names retrieval
+        String expectedContributors = "Contributor";
+        when(versionServiceMock.getContributorsNames(versionMock)).thenReturn(expectedContributors);
+
         // Arrange: Prepare a dummy summary object
         DatasetVersionSummary dummySummary = new DatasetVersionSummary(1L, "V1", null, null, null, null);
 
@@ -165,6 +169,10 @@ void execute_should_convert_versions_to_summaries() throws CommandException {
             List<DatasetVersionSummary> result = command.execute(contextMock);
 
             // Assert
+            verify(versionServiceMock).getContributorsNames(versionMock);
+            verify(versionMock).setContributorNames(expectedContributors);
+
+            // Verify final conversion
             assertThat(result)
                     .isNotNull()
                     .hasSize(1)

From 2515f786e19551488bd9c243e4804a1b7011d72b Mon Sep 17 00:00:00 2001
From: GPortas <hey@gportas.me>
Date: Wed, 22 Oct 2025 19:00:39 +0100
Subject: [PATCH 445/634] Fixed: correctly sending
 fileDifferenceSummary.FileAccess in file version summaries

---
 .../GetFileVersionDifferencesCommand.java     |  2 +-
 .../edu/harvard/iq/dataverse/api/FilesIT.java | 35 +++++++++++++++++++
 2 files changed, 36 insertions(+), 1 deletion(-)

diff --git a/src/main/java/edu/harvard/iq/dataverse/engine/command/impl/GetFileVersionDifferencesCommand.java b/src/main/java/edu/harvard/iq/dataverse/engine/command/impl/GetFileVersionDifferencesCommand.java
index d822fa9455b..459ab1095e0 100644
--- a/src/main/java/edu/harvard/iq/dataverse/engine/command/impl/GetFileVersionDifferencesCommand.java
+++ b/src/main/java/edu/harvard/iq/dataverse/engine/command/impl/GetFileVersionDifferencesCommand.java
@@ -89,7 +89,7 @@ private FileVersionDifference buildDifference(CommandContext ctxt, VersionedFile
      */
     private FileVersionDifference createDifferenceForExistingFile(CommandContext ctxt, FileMetadata current, FileMetadata previous) {
         current.setContributorNames(ctxt.datasetVersion().getContributorsNames(current.getDatasetVersion()));
-        return new FileVersionDifference(current, previous, false);
+        return new FileVersionDifference(current, previous, true);
     }
 
     /**
diff --git a/src/test/java/edu/harvard/iq/dataverse/api/FilesIT.java b/src/test/java/edu/harvard/iq/dataverse/api/FilesIT.java
index 5ebe0475adb..32f6e2a6381 100644
--- a/src/test/java/edu/harvard/iq/dataverse/api/FilesIT.java
+++ b/src/test/java/edu/harvard/iq/dataverse/api/FilesIT.java
@@ -1705,6 +1705,41 @@ public void getFileVersionDifferences() {
                 .body("data[2].datafileId", equalTo(null))
                 .body("data[2].isDeaccessioned", equalTo(true))
                 .body("data[2].publishedDate", not(equalTo("")));
+
+        // Test FileAccess restricted
+
+        UtilIT.allowAccessRequests(datasetPersistentId, true, superUserApiToken).then().assertThat().statusCode(OK.getStatusCode());
+        UtilIT.restrictFile(dataFileId, true, superUserApiToken).then().assertThat().statusCode(OK.getStatusCode());
+        getFileDataResponse = UtilIT.getFileVersionDifferences(dataFileId, superUserApiToken);
+        getFileDataResponse.then().assertThat()
+                .body("status", equalTo("OK"))
+                .body("totalCount", is(4))
+                .body("data.size()", is(4))
+                .body("data[0].datafileId", equalTo(Integer.parseInt(dataFileId)))
+                .body("data[0].datasetVersion", equalTo("DRAFT"))
+                .body("data[0].versionState", equalTo("DRAFT"))
+                .body("data[0].fileDifferenceSummary.FileAccess", equalTo("Restricted"))
+                .body("data[0].isDraft", equalTo(true))
+                .body("data[0].isDeaccessioned", equalTo(false))
+                .body("data[0].publishedDate", equalTo(""));
+
+        // Test FileAccess unrestricted
+
+        UtilIT.publishDatasetViaNativeApi(datasetId, "major", superUserApiToken).then().assertThat().statusCode(OK.getStatusCode());
+
+        UtilIT.restrictFile(dataFileId, false, superUserApiToken).then().assertThat().statusCode(OK.getStatusCode());
+        getFileDataResponse = UtilIT.getFileVersionDifferences(dataFileId, superUserApiToken);
+        getFileDataResponse.then().assertThat()
+                .body("status", equalTo("OK"))
+                .body("totalCount", is(5))
+                .body("data.size()", is(5))
+                .body("data[0].datafileId", equalTo(Integer.parseInt(dataFileId)))
+                .body("data[0].datasetVersion", equalTo("DRAFT"))
+                .body("data[0].versionState", equalTo("DRAFT"))
+                .body("data[0].fileDifferenceSummary.FileAccess", equalTo("Unrestricted"))
+                .body("data[0].isDraft", equalTo(true))
+                .body("data[0].isDeaccessioned", equalTo(false))
+                .body("data[0].publishedDate", equalTo(""));
     }
 
     @Test

From b37941f1fe69ed4129d4ae11d2a2e75414b7528e Mon Sep 17 00:00:00 2001
From: GPortas <hey@gportas.me>
Date: Wed, 22 Oct 2025 19:25:11 +0100
Subject: [PATCH 446/634] Added: IT test cases for FileTags and FileMetadata
 updates in file version summaries

---
 .../edu/harvard/iq/dataverse/api/FilesIT.java | 43 +++++++++++++++++++
 1 file changed, 43 insertions(+)

diff --git a/src/test/java/edu/harvard/iq/dataverse/api/FilesIT.java b/src/test/java/edu/harvard/iq/dataverse/api/FilesIT.java
index 32f6e2a6381..175d93b57a6 100644
--- a/src/test/java/edu/harvard/iq/dataverse/api/FilesIT.java
+++ b/src/test/java/edu/harvard/iq/dataverse/api/FilesIT.java
@@ -1709,6 +1709,7 @@ public void getFileVersionDifferences() {
         // Test FileAccess restricted
 
         UtilIT.allowAccessRequests(datasetPersistentId, true, superUserApiToken).then().assertThat().statusCode(OK.getStatusCode());
+
         UtilIT.restrictFile(dataFileId, true, superUserApiToken).then().assertThat().statusCode(OK.getStatusCode());
         getFileDataResponse = UtilIT.getFileVersionDifferences(dataFileId, superUserApiToken);
         getFileDataResponse.then().assertThat()
@@ -1740,6 +1741,48 @@ public void getFileVersionDifferences() {
                 .body("data[0].isDraft", equalTo(true))
                 .body("data[0].isDeaccessioned", equalTo(false))
                 .body("data[0].publishedDate", equalTo(""));
+
+        // Test FileMetadata update
+
+        JsonObjectBuilder updateFileMetadata = Json.createObjectBuilder()
+                .add("label", "new_name.png");
+        UtilIT.updateFileMetadata(dataFileId, updateFileMetadata.build().toString(), superUserApiToken).then().statusCode(OK.getStatusCode());
+
+        getFileDataResponse = UtilIT.getFileVersionDifferences(dataFileId, superUserApiToken);
+        getFileDataResponse.then().assertThat()
+                .body("status", equalTo("OK"))
+                .body("totalCount", is(5))
+                .body("data.size()", is(5))
+                .body("data[0].datafileId", equalTo(Integer.parseInt(dataFileId)))
+                .body("data[0].datasetVersion", equalTo("DRAFT"))
+                .body("data[0].versionState", equalTo("DRAFT"))
+                .body("data[0].fileDifferenceSummary.FileAccess", equalTo("Unrestricted"))
+                .body("data[0].fileDifferenceSummary.FileMetadata[0].name", equalTo("File Name"))
+                .body("data[0].fileDifferenceSummary.FileMetadata[0].action", equalTo("Changed"))
+                .body("data[0].isDraft", equalTo(true))
+                .body("data[0].isDeaccessioned", equalTo(false))
+                .body("data[0].publishedDate", equalTo(""));
+
+        // Test FileTags update
+
+        Response setFileCategoriesResponse = UtilIT.setFileCategories(dataFileId, superUserApiToken, List.of("Category"));
+        setFileCategoriesResponse.then().assertThat().statusCode(OK.getStatusCode());
+
+        getFileDataResponse = UtilIT.getFileVersionDifferences(dataFileId, superUserApiToken);
+        getFileDataResponse.then().assertThat()
+                .body("status", equalTo("OK"))
+                .body("totalCount", is(5))
+                .body("data.size()", is(5))
+                .body("data[0].datafileId", equalTo(Integer.parseInt(dataFileId)))
+                .body("data[0].datasetVersion", equalTo("DRAFT"))
+                .body("data[0].versionState", equalTo("DRAFT"))
+                .body("data[0].fileDifferenceSummary.FileAccess", equalTo("Unrestricted"))
+                .body("data[0].fileDifferenceSummary.FileMetadata[0].name", equalTo("File Name"))
+                .body("data[0].fileDifferenceSummary.FileMetadata[0].action", equalTo("Changed"))
+                .body("data[0].fileDifferenceSummary.FileTags.Added", equalTo(1))
+                .body("data[0].isDraft", equalTo(true))
+                .body("data[0].isDeaccessioned", equalTo(false))
+                .body("data[0].publishedDate", equalTo(""));
     }
 
     @Test

From 06f35070518d730962c87e745b4b4224bcab0aad Mon Sep 17 00:00:00 2001
From: GPortas <hey@gportas.me>
Date: Thu, 23 Oct 2025 09:32:29 +0100
Subject: [PATCH 447/634] Fixed: reverted method from public to private

---
 .../edu/harvard/iq/dataverse/FileMetadataVersionsHelper.java    | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/main/java/edu/harvard/iq/dataverse/FileMetadataVersionsHelper.java b/src/main/java/edu/harvard/iq/dataverse/FileMetadataVersionsHelper.java
index 368bc1b0628..4d408a72c8c 100644
--- a/src/main/java/edu/harvard/iq/dataverse/FileMetadataVersionsHelper.java
+++ b/src/main/java/edu/harvard/iq/dataverse/FileMetadataVersionsHelper.java
@@ -93,7 +93,7 @@ private FileMetadata getPreviousFileMetadata(FileMetadata fileMetadata, FileMeta
     }
 
     //TODO: this could use some refactoring to cut down on the number of for loops!
-    public FileMetadata getPreviousFileMetadata(FileMetadata fileMetadata, DatasetVersion currentversion) {
+    private FileMetadata getPreviousFileMetadata(FileMetadata fileMetadata, DatasetVersion currentversion) {
         List<DataFile> allfiles = allRelatedFiles(fileMetadata);
         boolean foundCurrent = false;
         DatasetVersion priorVersion = null;

From 389124b51b42bf1cc545d7a648cde91a4b3f316a Mon Sep 17 00:00:00 2001
From: Omer Fahim <mfahim11427@gmail.com>
Date: Thu, 23 Oct 2025 10:23:42 -0400
Subject: [PATCH 448/634] Update
 doc/release-notes/11752-croissant-restricted.md

typo fix
---
 doc/release-notes/11752-croissant-restricted.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/doc/release-notes/11752-croissant-restricted.md b/doc/release-notes/11752-croissant-restricted.md
index 7a6f2b3c9ea..ced0ef4eaa7 100644
--- a/doc/release-notes/11752-croissant-restricted.md
+++ b/doc/release-notes/11752-croissant-restricted.md
@@ -8,6 +8,6 @@ If you have enabled the Croissant dataset metadata exporter, you should upgrade
 
 - Stop Payara.
 - Delete the old Croissant exporter jar file. It will be located in the directory defined by the `dataverse.spi.exporters.directory` setting.
-- Download the updated Croissant jar from https://repo1.maven.org/maven2/io/gdcc/export/croissant/ and place it the same directory.
+- Download the updated Croissant jar from https://repo1.maven.org/maven2/io/gdcc/export/croissant/ and place it in the same directory.
 - Restart Payara.
 - Run reExportAll.

From 113a468d56383d005db57ac490b8a1c04d11d6df Mon Sep 17 00:00:00 2001
From: qqmyers <qqmyers@hotmail.com>
Date: Thu, 23 Oct 2025 14:29:07 -0400
Subject: [PATCH 449/634] doc updates

---
 .../source/installation/config.rst            |  4 +--
 .../source/installation/localcontexts.rst     | 26 +++++++++----------
 2 files changed, 14 insertions(+), 16 deletions(-)

diff --git a/doc/sphinx-guides/source/installation/config.rst b/doc/sphinx-guides/source/installation/config.rst
index 7eec578566b..9aa6f2f0cc3 100644
--- a/doc/sphinx-guides/source/installation/config.rst
+++ b/doc/sphinx-guides/source/installation/config.rst
@@ -3633,7 +3633,7 @@ The default value when not set is "chicago-author-date, ieee".
 
 .. _localcontexts:
 
-localcontexts.url
+dataverse.localcontexts.url
 +++++++++++++++++
 
 .. note::
@@ -3646,7 +3646,7 @@ The URL for the Local Contexts Hub API.
 
 Can also be set via *MicroProfile Config API* sources, e.g. the environment variable ``DATAVERSE_LOCALCONTEXTS_URL``.
 
-localcontexts.api-key
+dataverse.localcontexts.api-key
 +++++++++++++++++++++
 
 The API key for accessing the Local Contexts Hub.
diff --git a/doc/sphinx-guides/source/installation/localcontexts.rst b/doc/sphinx-guides/source/installation/localcontexts.rst
index 174b2d0ac94..2bafc2524d9 100644
--- a/doc/sphinx-guides/source/installation/localcontexts.rst
+++ b/doc/sphinx-guides/source/installation/localcontexts.rst
@@ -18,18 +18,16 @@ Configuration
 
 There are several steps to LocalContexts integration.
 
-First, you need to configure the LOCALCONTEXTS_URL and LOCALCONTEXTS_API_KEY as described in the :ref:`localcontexts` section of the Configuration Guide.
-API Keys are available to Local Contexts Integration Partners - see https://localcontexts.org/hub-agreements/integration-partners/ for details.
-
-Next, you should add the Local Contexts metadatablock and configure the associated external vocabulary script.
-The metadatablock contains one field allowing Dataverse to store the URL of an associated Local Contexts Hub project.
-The external vocabulary script interacts with the Local Contexts Hub (via the Dataverse server) to display the Labels and Notices associated with the proect and provide a link to it.
-The script also supports adding/removing such a link from the dataset's metadata. Note that only a project that references the dataset in its `publication_doi` field can be linked to a dataset. 
-See https://github.com/gdcc/dataverse-external-vocab-support/blob/main/packages/local_contexts/README.md for details on these steps.
-
-Lastly, if you wish the Local Contexts information to be shown in the summary section of the dataset page, as shown in the image above, you should add `LCProjectUrl` to list of custom summary fields via use of the :ref:`:CustomDatasetSummaryFields` setting.
-
-Optionally, one could also set the dataverse.feature.add-local-contexts-permission-check FeatureFlag to true. This assures that only users editing datasets can use the LocalContexts search functionality.
-However, as this currently would also require setting the dataverse.feature.api-session-auth, the security implications of which haven't been fully explored, it is not recommended unless problematic use is seen.
-(When API access via OpenIdConnect is available, use of api-session-auth would not be required.)
+- A Local Contexts Hub Institutional or Integration Partner account is required. See https://localcontexts.org/hub-agreements for more information and the associated costs.
+  (Institutions may wish to connect their Institutional accounts with `The Dataverse Project Integration Partner <https://localcontexts.org/integration-partners/view/12>`_ rather than having their own Integration Partner account.)
+  (Free accounts for testing can be created at https://sandbox.localcontextshub.org/.)
+- Create an API key in your Local Contexts account.
+- Configure the DATAVERSE_LOCALCONTEXTS_URL and DATAVERSE_LOCALCONTEXTS_API_KEY as described in the :ref:`localcontexts` section of the Configuration Guide.
+- Add the Local Contexts metadatablock and configure the associated external vocabulary script. Both are available, along with installation instructions, in the `Dataverse External Vocabulary GitHub Repository <https://github.com/gdcc/dataverse-external-vocab-support/blob/main/packages/local_contexts/README.md>`_.
+  The metadatablock contains one field allowing Dataverse to store the URL of an associated Local Contexts Hub project. Be sure to update the Solr schema after installing the metadatablock (see :ref:`update-solr-schema`).
+  The external vocabulary script interacts with the Local Contexts Hub (via the Dataverse server) to display the Labels and Notices associated with the proect and provide a link to it.
+  The script also supports adding/removing such a link from the dataset's metadata. Note that only a project that references the dataset's PID in its `Optional Project Information` field can be linked to a dataset.
+- Lastly, to show Local Contexts information in the summary section of the dataset page, as shown in the image above, you should add `LCProjectUrl` to list of custom summary fields via use of the :ref:`:CustomDatasetSummaryFields` setting.
+- Optionally, one can also set the dataverse.feature.add-local-contexts-permission-check FeatureFlag to true. This assures that only users editing datasets can use the LocalContexts search functionality (e.g. via API).
+  This is not recommended unless problematic use is seen.
 

From 491dff5172d4844f24b61de1c158f10c53ef5d40 Mon Sep 17 00:00:00 2001
From: qqmyers <qqmyers@hotmail.com>
Date: Thu, 23 Oct 2025 14:32:38 -0400
Subject: [PATCH 450/634] fix underlines

---
 doc/sphinx-guides/source/installation/config.rst | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/doc/sphinx-guides/source/installation/config.rst b/doc/sphinx-guides/source/installation/config.rst
index 20907ec9210..a38c985eb79 100644
--- a/doc/sphinx-guides/source/installation/config.rst
+++ b/doc/sphinx-guides/source/installation/config.rst
@@ -3634,7 +3634,7 @@ The default value when not set is "chicago-author-date, ieee".
 .. _localcontexts:
 
 dataverse.localcontexts.url
-+++++++++++++++++
++++++++++++++++++++++++++++
 
 .. note::
    For more information about LocalContexts integration, see :doc:`/installation/localcontexts`.
@@ -3647,7 +3647,7 @@ The URL for the Local Contexts Hub API.
 Can also be set via *MicroProfile Config API* sources, e.g. the environment variable ``DATAVERSE_LOCALCONTEXTS_URL``.
 
 dataverse.localcontexts.api-key
-+++++++++++++++++++++
++++++++++++++++++++++++++++++++
 
 The API key for accessing the Local Contexts Hub.
 

From c31c90faf238da33b7553bb12086bb902c881283 Mon Sep 17 00:00:00 2001
From: Steven Winship <39765413+stevenwinship@users.noreply.github.com>
Date: Thu, 23 Oct 2025 15:09:39 -0400
Subject: [PATCH 451/634] address comments

---
 .../java/edu/harvard/iq/dataverse/DataFile.java    | 14 ++------------
 1 file changed, 2 insertions(+), 12 deletions(-)

diff --git a/src/main/java/edu/harvard/iq/dataverse/DataFile.java b/src/main/java/edu/harvard/iq/dataverse/DataFile.java
index bf790d3cc67..611d151e5d9 100644
--- a/src/main/java/edu/harvard/iq/dataverse/DataFile.java
+++ b/src/main/java/edu/harvard/iq/dataverse/DataFile.java
@@ -304,15 +304,8 @@ public void setDeleted(Boolean deleted) {
         this.deleted = deleted;
     }
 
-    @Transient
-    private boolean unpublished;
-
     public boolean getUnpublished() {
-        return unpublished;
-    }
-
-    public void setUnpublished(boolean unpublished) {
-        this.unpublished = unpublished;
+        return !isReleased();
     }
 
     /*
@@ -607,14 +600,11 @@ public FileMetadata getLatestFileMetadata() {
         FileMetadata resultFileMetadata = null;
 
         if (fileMetadatas.size() == 1) {
-            setUnpublished(fileMetadatas.get(0).getDatasetVersion() == null || fileMetadatas.get(0).getDatasetVersion().getVersionState().equals(VersionState.DRAFT));
             return fileMetadatas.get(0);
-        } else {
-            setUnpublished(false); // Since only one can be in Draft assume there is a published version
         }
 
         for (FileMetadata fileMetadata : fileMetadatas) {
-            if (fileMetadata.getDatasetVersion().getVersionState().equals(VersionState.DRAFT)) {
+            if (fileMetadata.getDatasetVersion() != null && VersionState.DRAFT.equals(fileMetadata.getDatasetVersion().getVersionState())) {
                 return fileMetadata;
             }
             resultFileMetadata = getTheNewerFileMetadata(resultFileMetadata, fileMetadata);

From ec9033a0ee64c9711937bc427cf964196995de1c Mon Sep 17 00:00:00 2001
From: Omer Fahim <mfahim11427@gmail.com>
Date: Fri, 24 Oct 2025 09:23:20 -0400
Subject: [PATCH 452/634] Update
 doc/release-notes/11772-update-dataset-terms-of-access-api.md

update text
---
 doc/release-notes/11772-update-dataset-terms-of-access-api.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/doc/release-notes/11772-update-dataset-terms-of-access-api.md b/doc/release-notes/11772-update-dataset-terms-of-access-api.md
index 9e7b3c523e7..04b85d81ca9 100644
--- a/doc/release-notes/11772-update-dataset-terms-of-access-api.md
+++ b/doc/release-notes/11772-update-dataset-terms-of-access-api.md
@@ -3,7 +3,7 @@
 A new endpoint has been implemented to manage dataset terms of access for restricted files.
 
 ### Functionality
-- Updates the terms of access of a dataset by applying it to the draft version.
+- Updates the terms of access for a dataset by applying it to the draft version.
 - If no draft exists, a new one is automatically created.
 
 ### Usage

From 0c9926613d84795774acb3002f6ad40a264ceedb Mon Sep 17 00:00:00 2001
From: Jim Myers <qqmyers@hotmail.com>
Date: Fri, 24 Oct 2025 17:12:40 -0400
Subject: [PATCH 453/634] update release note

---
 doc/release-notes/11827-Payara-6.2025.10.md | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/doc/release-notes/11827-Payara-6.2025.10.md b/doc/release-notes/11827-Payara-6.2025.10.md
index c79ec04e696..3737c05be27 100644
--- a/doc/release-notes/11827-Payara-6.2025.10.md
+++ b/doc/release-notes/11827-Payara-6.2025.10.md
@@ -1,3 +1,7 @@
 The recommended Payara version has been updated to Payara-6.2025.10
 
-Standard Payara upgrade instructions - as in the 6.7 release notes should be added.
+Payara 6.2025.10 cannot be used with earlier versions of Dataverse, e.g. v6.8.
+
+Standard Payara upgrade instructions - as in the 6.7 release notes should be added, 
+but we should assure the instructions don't have you trying to run 6.8 with the latest Payara 
+and perhaps should explicitly note that you can't. 

From d0f1c9f5918b1dea85f19f757aceb09bc7f94b1d Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Fri, 24 Oct 2025 23:10:38 +0000
Subject: [PATCH 454/634] Bump actions/download-artifact from 5 to 6

Bumps [actions/download-artifact](https://github.com/actions/download-artifact) from 5 to 6.
- [Release notes](https://github.com/actions/download-artifact/releases)
- [Commits](https://github.com/actions/download-artifact/compare/v5...v6)

---
updated-dependencies:
- dependency-name: actions/download-artifact
  dependency-version: '6'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 .github/workflows/deploy_beta_testing.yml | 2 +-
 .github/workflows/maven_unit_test.yml     | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/.github/workflows/deploy_beta_testing.yml b/.github/workflows/deploy_beta_testing.yml
index bf4a90d7fb4..bcf20b8bcfe 100644
--- a/.github/workflows/deploy_beta_testing.yml
+++ b/.github/workflows/deploy_beta_testing.yml
@@ -50,7 +50,7 @@ jobs:
       - uses: actions/checkout@v5
 
       - name: Download war artifact
-        uses: actions/download-artifact@v5
+        uses: actions/download-artifact@v6
         with:
           name: built-app
           path: ./
diff --git a/.github/workflows/maven_unit_test.yml b/.github/workflows/maven_unit_test.yml
index 5857b4489db..9b70aabdb5e 100644
--- a/.github/workflows/maven_unit_test.yml
+++ b/.github/workflows/maven_unit_test.yml
@@ -112,7 +112,7 @@ jobs:
                   cache: maven
 
             # Get the build output from the unit test job
-            - uses: actions/download-artifact@v5
+            - uses: actions/download-artifact@v6
               with:
                   name: java-artifacts
             - run: |
@@ -145,7 +145,7 @@ jobs:
                 cache: maven
 
           # Get the build output from the integration test job
-          - uses: actions/download-artifact@v5
+          - uses: actions/download-artifact@v6
             with:
                 name: java-reportdir
           - run: tar -xvf java-reportdir.tar

From 84f49d059e060480cbc323de439c99f0663b99b4 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Fri, 24 Oct 2025 23:10:42 +0000
Subject: [PATCH 455/634] Bump actions/upload-artifact from 4 to 5

Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 4 to 5.
- [Release notes](https://github.com/actions/upload-artifact/releases)
- [Commits](https://github.com/actions/upload-artifact/compare/v4...v5)

---
updated-dependencies:
- dependency-name: actions/upload-artifact
  dependency-version: '5'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 .github/workflows/deploy_beta_testing.yml | 2 +-
 .github/workflows/maven_unit_test.yml     | 6 +++---
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/.github/workflows/deploy_beta_testing.yml b/.github/workflows/deploy_beta_testing.yml
index bf4a90d7fb4..aaa3a1d3351 100644
--- a/.github/workflows/deploy_beta_testing.yml
+++ b/.github/workflows/deploy_beta_testing.yml
@@ -36,7 +36,7 @@ jobs:
         run: echo "war_file=$(ls *.war | head -1)">> $GITHUB_ENV
 
       - name: Upload war artifact
-        uses: actions/upload-artifact@v4
+        uses: actions/upload-artifact@v5
         with:
           name: built-app
           path: ./target/${{ env.war_file }}
diff --git a/.github/workflows/maven_unit_test.yml b/.github/workflows/maven_unit_test.yml
index 5857b4489db..c43e4aa9fd7 100644
--- a/.github/workflows/maven_unit_test.yml
+++ b/.github/workflows/maven_unit_test.yml
@@ -62,7 +62,7 @@ jobs:
 
           # Upload the built war file. For download, it will be wrapped in a ZIP by GitHub.
           # See also https://github.com/actions/upload-artifact#zipped-artifact-downloads
-          - uses: actions/upload-artifact@v4
+          - uses: actions/upload-artifact@v5
             with:
                 name: dataverse-java${{ matrix.jdk }}.war
                 path: target/dataverse*.war
@@ -72,7 +72,7 @@ jobs:
           - run: |
                 tar -cvf java-builddir.tar target
                 tar -cvf java-m2-selection.tar ~/.m2/repository/io/gdcc/dataverse-*
-          - uses: actions/upload-artifact@v4
+          - uses: actions/upload-artifact@v5
             with:
                 name: java-artifacts
                 path: |
@@ -124,7 +124,7 @@ jobs:
 
             # Wrap up and send to coverage job
             - run: tar -cvf java-reportdir.tar target/site
-            - uses: actions/upload-artifact@v4
+            - uses: actions/upload-artifact@v5
               with:
                   name: java-reportdir
                   path: java-reportdir.tar

From 85a6942dd19bdc10608103ecb35005ac0766718a Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=C3=81kos=20Kukucska?= <kukucska.akos@sztaki.hu>
Date: Sat, 25 Oct 2025 23:13:08 +0200
Subject: [PATCH 456/634] Fix faulty merge resolution

---
 src/main/java/edu/harvard/iq/dataverse/api/Dataverses.java     | 2 ++
 .../java/edu/harvard/iq/dataverse/util/json/JsonPrinter.java   | 3 ++-
 src/test/java/edu/harvard/iq/dataverse/api/UtilIT.java         | 2 +-
 3 files changed, 5 insertions(+), 2 deletions(-)

diff --git a/src/main/java/edu/harvard/iq/dataverse/api/Dataverses.java b/src/main/java/edu/harvard/iq/dataverse/api/Dataverses.java
index 1e0086e4ae7..29bac86e658 100644
--- a/src/main/java/edu/harvard/iq/dataverse/api/Dataverses.java
+++ b/src/main/java/edu/harvard/iq/dataverse/api/Dataverses.java
@@ -2027,6 +2027,8 @@ public Response setMetadataLanguage(@Context ContainerRequestContext crc, @PathP
             }
             Dataverse dataverse = findDataverseOrDie(dvIdtf);
             return ok(jsonLanguage(execCommand(new SetDataverseMetadataLanguageCommand(req, dataverse, lang))));
+        }, getRequestUser(crc));
+    }
     
     @GET
     @AuthRequired
diff --git a/src/main/java/edu/harvard/iq/dataverse/util/json/JsonPrinter.java b/src/main/java/edu/harvard/iq/dataverse/util/json/JsonPrinter.java
index a0d2122fb10..654154c5b64 100644
--- a/src/main/java/edu/harvard/iq/dataverse/util/json/JsonPrinter.java
+++ b/src/main/java/edu/harvard/iq/dataverse/util/json/JsonPrinter.java
@@ -1728,7 +1728,8 @@ public static JsonObjectBuilder jsonLanguage(String locale, String title) {
     public static JsonArrayBuilder jsonLanguage(Map<String, String> langMap) {
         // returns an array of metadatalanguages
         return Json.createArrayBuilder(langMap.entrySet().stream().map(entry -> jsonLanguage(entry.getKey(), entry.getValue())).toList());
-
+    }
+    
     public static JsonArrayBuilder jsonDatasetVersionSummaries(List<DatasetVersionSummary> summaries) {
         JsonArrayBuilder arrayBuilder = Json.createArrayBuilder();
         summaries.stream()
diff --git a/src/test/java/edu/harvard/iq/dataverse/api/UtilIT.java b/src/test/java/edu/harvard/iq/dataverse/api/UtilIT.java
index 6ed4273b655..36364198f4a 100644
--- a/src/test/java/edu/harvard/iq/dataverse/api/UtilIT.java
+++ b/src/test/java/edu/harvard/iq/dataverse/api/UtilIT.java
@@ -5128,7 +5128,7 @@ public static Response setDataverseMetadataLanguage(String alias, String apiToke
                         + alias
                         + "/allowedMetadataLanguages/"
                         + lang);
-    
+    }
 
     public static Response getDataverseRoleAssignmentHistory(String dataverseAlias, boolean downloadAsCsv, String apiToken) {
         RequestSpecification requestSpecification = given()

From 61db77ebf0d4b2e494e32d14edc9159797eccbb1 Mon Sep 17 00:00:00 2001
From: Steven Winship <39765413+stevenwinship@users.noreply.github.com>
Date: Mon, 27 Oct 2025 09:38:36 -0400
Subject: [PATCH 457/634] address review comment

---
 src/main/java/edu/harvard/iq/dataverse/DataFile.java | 4 ----
 src/main/webapp/permissions-manage-files.xhtml       | 2 +-
 2 files changed, 1 insertion(+), 5 deletions(-)

diff --git a/src/main/java/edu/harvard/iq/dataverse/DataFile.java b/src/main/java/edu/harvard/iq/dataverse/DataFile.java
index 611d151e5d9..d5d748bab72 100644
--- a/src/main/java/edu/harvard/iq/dataverse/DataFile.java
+++ b/src/main/java/edu/harvard/iq/dataverse/DataFile.java
@@ -304,10 +304,6 @@ public void setDeleted(Boolean deleted) {
         this.deleted = deleted;
     }
 
-    public boolean getUnpublished() {
-        return !isReleased();
-    }
-
     /*
     For use during file upload so that the user may delete 
     files that have already been uploaded to the current dataset version
diff --git a/src/main/webapp/permissions-manage-files.xhtml b/src/main/webapp/permissions-manage-files.xhtml
index 370d8be7e60..cc04af6c022 100644
--- a/src/main/webapp/permissions-manage-files.xhtml
+++ b/src/main/webapp/permissions-manage-files.xhtml
@@ -387,7 +387,7 @@
                                         <h:outputText rendered="#{!empty file.directoryLabel}" value="#{file.directoryLabel}/" styleClass="text-muted"/>
                                         <h:outputText value="#{file.displayName}"/>
                                         <h:outputText value=" (#{bundle['dataverse.permissionsFiles.files.deleted']}) " rendered="#{file.deleted}"/>
-                                        <h:outputText value=" (#{bundle['dataverse.permissionsFiles.files.draftUnpublished']}) "  rendered="#{file.unpublished}"/>
+                                        <h:outputText value=" (#{bundle['dataverse.permissionsFiles.files.draftUnpublished']}) "  rendered="#{!file.released}"/>
                                     </p:column>
                                 </p:dataTable>
                             </div>

From bc0011c08f3f1f1538a6f6f347f0973b78dd73cd Mon Sep 17 00:00:00 2001
From: Steven Winship <39765413+stevenwinship@users.noreply.github.com>
Date: Mon, 27 Oct 2025 09:53:15 -0400
Subject: [PATCH 458/634] address review comment

---
 src/main/java/edu/harvard/iq/dataverse/DataFile.java | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/main/java/edu/harvard/iq/dataverse/DataFile.java b/src/main/java/edu/harvard/iq/dataverse/DataFile.java
index d5d748bab72..af2e61090ac 100644
--- a/src/main/java/edu/harvard/iq/dataverse/DataFile.java
+++ b/src/main/java/edu/harvard/iq/dataverse/DataFile.java
@@ -600,7 +600,7 @@ public FileMetadata getLatestFileMetadata() {
         }
 
         for (FileMetadata fileMetadata : fileMetadatas) {
-            if (fileMetadata.getDatasetVersion() != null && VersionState.DRAFT.equals(fileMetadata.getDatasetVersion().getVersionState())) {
+            if (fileMetadata.getDatasetVersion().getVersionState().equals(VersionState.DRAFT)) {
                 return fileMetadata;
             }
             resultFileMetadata = getTheNewerFileMetadata(resultFileMetadata, fileMetadata);

From 30d62fff0f2b314594d77043772c48541801cb6e Mon Sep 17 00:00:00 2001
From: Steven Winship <39765413+stevenwinship@users.noreply.github.com>
Date: Mon, 27 Oct 2025 09:57:10 -0400
Subject: [PATCH 459/634] undo changes to DataFile.java

---
 src/main/java/edu/harvard/iq/dataverse/DataFile.java | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/main/java/edu/harvard/iq/dataverse/DataFile.java b/src/main/java/edu/harvard/iq/dataverse/DataFile.java
index af2e61090ac..45604a5472b 100644
--- a/src/main/java/edu/harvard/iq/dataverse/DataFile.java
+++ b/src/main/java/edu/harvard/iq/dataverse/DataFile.java
@@ -303,7 +303,7 @@ public Boolean getDeleted() {
     public void setDeleted(Boolean deleted) {
         this.deleted = deleted;
     }
-
+    
     /*
     For use during file upload so that the user may delete 
     files that have already been uploaded to the current dataset version

From 2a0569b7b71224f81102803be1e32455adf4279e Mon Sep 17 00:00:00 2001
From: GPortas <hey@gportas.me>
Date: Tue, 28 Oct 2025 13:55:35 +0000
Subject: [PATCH 460/634] Fixed: InAppNotificationsJsonPrinter wrong returned
 attributes

---
 .../json/InAppNotificationsJsonPrinter.java   |  6 +--
 .../InAppNotificationsJsonPrinterTest.java    | 38 ++++++++++---------
 2 files changed, 24 insertions(+), 20 deletions(-)

diff --git a/src/main/java/edu/harvard/iq/dataverse/util/json/InAppNotificationsJsonPrinter.java b/src/main/java/edu/harvard/iq/dataverse/util/json/InAppNotificationsJsonPrinter.java
index 7ae7ec8533d..3b2a6baff29 100644
--- a/src/main/java/edu/harvard/iq/dataverse/util/json/InAppNotificationsJsonPrinter.java
+++ b/src/main/java/edu/harvard/iq/dataverse/util/json/InAppNotificationsJsonPrinter.java
@@ -87,8 +87,6 @@ public void addFieldsByType(final NullSafeJsonBuilder notificationJson, final Au
                 addRequestFileAccessFields(notificationJson, userNotification, requestor);
                 break;
             case REQUESTEDFILEACCESS:
-            case GRANTFILEACCESS:
-            case REJECTFILEACCESS:
                 addDataFileFields(notificationJson, userNotification);
                 break;
             case DATASETCREATED:
@@ -123,6 +121,8 @@ public void addFieldsByType(final NullSafeJsonBuilder notificationJson, final Au
             case GLOBUSUPLOADLOCALFAILURE:
             case GLOBUSDOWNLOADCOMPLETEDWITHERRORS:
             case CHECKSUMFAIL:
+            case GRANTFILEACCESS:
+            case REJECTFILEACCESS:
                 addDatasetFields(notificationJson, userNotification);
                 break;
             case INGESTCOMPLETED:
@@ -192,7 +192,7 @@ private void addDataFileFields(final NullSafeJsonBuilder notificationJson, final
             notificationJson.add(KEY_DATAFILE_ID, dataFile.getId());
             notificationJson.add(KEY_DATAFILE_DISPLAY_NAME, dataFile.getDisplayName());
             notificationJson.add(KEY_DATASET_DISPLAY_NAME, dataFile.getOwner().getDisplayName());
-            notificationJson.add(KEY_DATASET_PERSISTENT_ID, dataFile.getOwner().getIdentifier());
+            notificationJson.add(KEY_DATASET_PERSISTENT_ID, dataFile.getOwner().getGlobalId().asString());
         } else {
             notificationJson.add(KEY_OBJECT_DELETED, true);
         }
diff --git a/src/test/java/edu/harvard/iq/dataverse/util/json/InAppNotificationsJsonPrinterTest.java b/src/test/java/edu/harvard/iq/dataverse/util/json/InAppNotificationsJsonPrinterTest.java
index 054b61b3209..c3e5d860818 100644
--- a/src/test/java/edu/harvard/iq/dataverse/util/json/InAppNotificationsJsonPrinterTest.java
+++ b/src/test/java/edu/harvard/iq/dataverse/util/json/InAppNotificationsJsonPrinterTest.java
@@ -225,7 +225,7 @@ public void testAddFieldsByType_requestFileAccess() {
 
         Dataset dataset = mock(Dataset.class);
         when(dataset.getDisplayName()).thenReturn("Test Dataset");
-        when(dataset.getIdentifier()).thenReturn("Test Identifier");
+        when(dataset.getGlobalId()).thenReturn(testGlobalId);
 
         DataFile dataFile = mock(DataFile.class);
         when(dataFile.getId()).thenReturn(1L);
@@ -241,7 +241,7 @@ public void testAddFieldsByType_requestFileAccess() {
         verify(notificationJson).add(KEY_DATAFILE_ID, Long.valueOf("1"));
         verify(notificationJson).add(KEY_DATAFILE_DISPLAY_NAME, "Test File");
         verify(notificationJson).add(KEY_DATASET_DISPLAY_NAME, "Test Dataset");
-        verify(notificationJson).add(KEY_DATASET_PERSISTENT_ID, "Test Identifier");
+        verify(notificationJson).add(KEY_DATASET_PERSISTENT_ID, testGlobalId.toString());
     }
 
     @Test
@@ -252,7 +252,7 @@ public void testAddFieldsByType_requestFileAccess_nullRequestor() {
 
         Dataset dataset = mock(Dataset.class);
         when(dataset.getDisplayName()).thenReturn("Test Dataset");
-        when(dataset.getIdentifier()).thenReturn("Test Identifier");
+        when(dataset.getGlobalId()).thenReturn(testGlobalId);
 
         DataFile dataFile = mock(DataFile.class);
         when(dataFile.getId()).thenReturn(1L);
@@ -268,7 +268,7 @@ public void testAddFieldsByType_requestFileAccess_nullRequestor() {
         verify(notificationJson).add(KEY_DATAFILE_ID, Long.valueOf("1"));
         verify(notificationJson).add(KEY_DATAFILE_DISPLAY_NAME, "Test File");
         verify(notificationJson).add(KEY_DATASET_DISPLAY_NAME, "Test Dataset");
-        verify(notificationJson).add(KEY_DATASET_PERSISTENT_ID, "Test Identifier");
+        verify(notificationJson).add(KEY_DATASET_PERSISTENT_ID, testGlobalId.toString());
     }
 
     @Test
@@ -276,23 +276,26 @@ public void testAddFieldsByType_grantFileAccess() {
         userNotification.setType(UserNotification.Type.GRANTFILEACCESS);
         userNotification.setObjectId(1L);
 
-        Dataset dataset = mock(Dataset.class);
-        when(dataset.getDisplayName()).thenReturn("Test Dataset");
-        when(dataset.getIdentifier()).thenReturn("Test Identifier");
+        Dataverse owner = mock(Dataverse.class);
+        when(owner.getAlias()).thenReturn("ownerDv");
+        when(owner.getDisplayName()).thenReturn("Owner Dataverse");
 
-        DataFile dataFile = mock(DataFile.class);
-        when(dataFile.getId()).thenReturn(1L);
-        when(dataFile.getDisplayName()).thenReturn("Granted File");
-        when(dataFile.getOwner()).thenReturn(dataset);
-        when(dataFileService.find(1L)).thenReturn(dataFile);
+        Dataset dataset = mock(Dataset.class);
+        when(dataset.getGlobalId()).thenReturn(testGlobalId);
+        when(dataset.getDisplayName()).thenReturn("Granted Dataset");
+        when(dataset.getOwner()).thenReturn(owner);
+        when(datasetService.find(1L)).thenReturn(dataset);
 
         sut.addFieldsByType(notificationJson, authenticatedUser, userNotification);
 
-        verify(notificationJson).add(KEY_DATAFILE_ID, Long.valueOf("1"));
-        verify(notificationJson).add(KEY_DATAFILE_DISPLAY_NAME, "Granted File");
+        verify(notificationJson).add(KEY_DATASET_PERSISTENT_ID, testGlobalId.toString());
+        verify(notificationJson).add(KEY_DATASET_DISPLAY_NAME, "Granted Dataset");
+        verify(notificationJson).add(KEY_OWNER_ALIAS, "ownerDv");
+        verify(notificationJson).add(KEY_OWNER_DISPLAY_NAME, "Owner Dataverse");
+        verify(notificationJson, never()).add(eq(KEY_DATAFILE_ID), anyString());
+        verify(notificationJson, never()).add(eq(KEY_DATAFILE_DISPLAY_NAME), anyString());
         verify(notificationJson, never()).add(eq(KEY_REQUESTOR_FIRST_NAME), anyString());
-        verify(notificationJson).add(KEY_DATASET_DISPLAY_NAME, "Test Dataset");
-        verify(notificationJson).add(KEY_DATASET_PERSISTENT_ID, "Test Identifier");
+        verifyNoInteractions(dataFileService);
     }
 
     @Test
@@ -300,11 +303,12 @@ public void testAddFieldsByType_grantFileAccess_objectDeleted() {
         userNotification.setType(UserNotification.Type.GRANTFILEACCESS);
         userNotification.setObjectId(1L);
 
-        when(dataFileService.find(1L)).thenReturn(null);
+        when(datasetService.find(1L)).thenReturn(null);
 
         sut.addFieldsByType(notificationJson, authenticatedUser, userNotification);
 
         verify(notificationJson).add(KEY_OBJECT_DELETED, true);
+        verifyNoInteractions(dataFileService);
     }
 
     @Test

From 8553f2f9ef36dc1e5b07c8dbb1504c9ef1653c62 Mon Sep 17 00:00:00 2001
From: GPortas <hey@gportas.me>
Date: Tue, 28 Oct 2025 13:58:27 +0000
Subject: [PATCH 461/634] Refactor: InAppNotificationsJsonPrinterTest

---
 .../InAppNotificationsJsonPrinterTest.java    | 88 +++++++++++++++++++
 1 file changed, 88 insertions(+)

diff --git a/src/test/java/edu/harvard/iq/dataverse/util/json/InAppNotificationsJsonPrinterTest.java b/src/test/java/edu/harvard/iq/dataverse/util/json/InAppNotificationsJsonPrinterTest.java
index c3e5d860818..a58b21ea561 100644
--- a/src/test/java/edu/harvard/iq/dataverse/util/json/InAppNotificationsJsonPrinterTest.java
+++ b/src/test/java/edu/harvard/iq/dataverse/util/json/InAppNotificationsJsonPrinterTest.java
@@ -11,6 +11,7 @@
 import jakarta.json.JsonValue;
 
 import org.junit.jupiter.api.BeforeEach;
+import org.junit.jupiter.api.DisplayName;
 import org.junit.jupiter.api.Test;
 import org.junit.jupiter.api.extension.ExtendWith;
 
@@ -65,7 +66,9 @@ public void setUp() {
     }
 
     @Test
+    @DisplayName("ASSIGNROLE: should add dataverse role fields")
     public void testAddFieldsByType_assignRole_dataverse() {
+        // Arrange
         userNotification.setType(UserNotification.Type.ASSIGNROLE);
         userNotification.setObjectId(1L);
 
@@ -75,8 +78,10 @@ public void testAddFieldsByType_assignRole_dataverse() {
         when(dataverseService.find(1L)).thenReturn(dataverse);
         when(permissionService.getEffectiveRoleAssignments(authenticatedUser, dataverse)).thenReturn(Collections.emptyList());
 
+        // Act
         sut.addFieldsByType(notificationJson, authenticatedUser, userNotification);
 
+        // Assert
         verify(notificationJson).add(eq(KEY_ROLE_ASSIGNMENTS), any(JsonArrayBuilder.class));
         verify(notificationJson).add(KEY_DATAVERSE_ALIAS, "testdv");
         verify(notificationJson).add(KEY_DATAVERSE_DISPLAY_NAME, "Test Dataverse");
@@ -84,7 +89,9 @@ public void testAddFieldsByType_assignRole_dataverse() {
     }
 
     @Test
+    @DisplayName("ASSIGNROLE: should add dataset role fields")
     public void testAddFieldsByType_assignRole_dataset() {
+        // Arrange
         userNotification.setType(UserNotification.Type.ASSIGNROLE);
         userNotification.setObjectId(1L);
 
@@ -96,8 +103,10 @@ public void testAddFieldsByType_assignRole_dataset() {
         when(datasetService.find(1L)).thenReturn(dataset);
         when(permissionService.getEffectiveRoleAssignments(authenticatedUser, dataset)).thenReturn(Collections.emptyList());
 
+        // Act
         sut.addFieldsByType(notificationJson, authenticatedUser, userNotification);
 
+        // Assert
         verify(notificationJson).add(eq(KEY_ROLE_ASSIGNMENTS), any(JsonArrayBuilder.class));
         verify(notificationJson).add(KEY_DATASET_PERSISTENT_ID, testGlobalId.toString());
         verify(notificationJson).add(KEY_DATASET_DISPLAY_NAME, "Test Dataset");
@@ -105,7 +114,9 @@ public void testAddFieldsByType_assignRole_dataset() {
     }
 
     @Test
+    @DisplayName("REVOKEROLE: should add data file role fields")
     public void testAddFieldsByType_revokeRole_dataFile() {
+        // Arrange
         userNotification.setType(UserNotification.Type.REVOKEROLE);
         userNotification.setObjectId(1L);
 
@@ -121,15 +132,19 @@ public void testAddFieldsByType_revokeRole_dataFile() {
         when(dataFileService.find(1L)).thenReturn(dataFile);
         when(permissionService.getEffectiveRoleAssignments(authenticatedUser, dataFile)).thenReturn(Collections.emptyList());
 
+        // Act
         sut.addFieldsByType(notificationJson, authenticatedUser, userNotification);
 
+        // Assert
         verify(notificationJson).add(eq(KEY_ROLE_ASSIGNMENTS), any(JsonArrayBuilder.class));
         verify(notificationJson).add(KEY_OWNER_PERSISTENT_ID, testGlobalId.toString());
         verify(notificationJson).add(KEY_OWNER_DISPLAY_NAME, "Owner Dataset");
     }
 
     @Test
+    @DisplayName("REVOKEROLE: should add object deleted flag when object is not found")
     public void testAddFieldsByType_revokeRole_objectDeleted() {
+        // Arrange
         userNotification.setType(UserNotification.Type.REVOKEROLE);
         userNotification.setObjectId(1L);
 
@@ -137,13 +152,17 @@ public void testAddFieldsByType_revokeRole_objectDeleted() {
         when(datasetService.find(1L)).thenReturn(null);
         when(dataFileService.find(1L)).thenReturn(null);
 
+        // Act
         sut.addFieldsByType(notificationJson, authenticatedUser, userNotification);
 
+        // Assert
         verify(notificationJson).add(KEY_OBJECT_DELETED, true);
     }
 
     @Test
+    @DisplayName("CREATEDV: should add dataverse and owner fields")
     public void testAddFieldsByType_createDv_dvHasOwner() {
+        // Arrange
         userNotification.setType(UserNotification.Type.CREATEDV);
         userNotification.setObjectId(1L);
 
@@ -161,8 +180,10 @@ public void testAddFieldsByType_createDv_dvHasOwner() {
         when(systemConfig.getGuidesBaseUrl(false)).thenReturn("http://guides.dataverse.org");
         when(systemConfig.getGuidesVersion()).thenReturn("1.0");
 
+        // Act
         sut.addFieldsByType(notificationJson, authenticatedUser, userNotification);
 
+        // Assert
         verify(notificationJson).add(KEY_DATAVERSE_ALIAS, "childDv");
         verify(notificationJson).add(KEY_DATAVERSE_DISPLAY_NAME, "Child Dataverse");
         verify(notificationJson).add(KEY_OWNER_ALIAS, "parentDv");
@@ -173,7 +194,9 @@ public void testAddFieldsByType_createDv_dvHasOwner() {
     }
 
     @Test
+    @DisplayName("CREATEDV: should add dataverse fields when it has no owner")
     public void testAddFieldsByType_createDv_dvHasNoOwner() {
+        // Arrange
         userNotification.setType(UserNotification.Type.CREATEDV);
         userNotification.setObjectId(1L);
 
@@ -187,8 +210,10 @@ public void testAddFieldsByType_createDv_dvHasNoOwner() {
         when(systemConfig.getGuidesBaseUrl(false)).thenReturn("http://guides.dataverse.org");
         when(systemConfig.getGuidesVersion()).thenReturn("1.0");
 
+        // Act
         sut.addFieldsByType(notificationJson, authenticatedUser, userNotification);
 
+        // Assert
         verify(notificationJson).add(KEY_DATAVERSE_ALIAS, "dv");
         verify(notificationJson).add(KEY_DATAVERSE_DISPLAY_NAME, "Dataverse");
         verify(notificationJson).add(KEY_GUIDES_BASE_URL, "http://guides.dataverse.org");
@@ -197,7 +222,9 @@ public void testAddFieldsByType_createDv_dvHasNoOwner() {
     }
 
     @Test
+    @DisplayName("CREATEDV: should add object deleted flag when dataverse is not found")
     public void testAddFieldsByType_createDv_objectDeleted() {
+        // Arrange
         userNotification.setType(UserNotification.Type.CREATEDV);
         userNotification.setObjectId(1L);
 
@@ -205,8 +232,10 @@ public void testAddFieldsByType_createDv_objectDeleted() {
         when(systemConfig.getGuidesBaseUrl(false)).thenReturn("http://guides.dataverse.org");
         when(systemConfig.getGuidesVersion()).thenReturn("1.0");
 
+        // Act
         sut.addFieldsByType(notificationJson, authenticatedUser, userNotification);
 
+        // Assert
         verify(notificationJson).add(KEY_GUIDES_BASE_URL, "http://guides.dataverse.org");
         verify(notificationJson).add(KEY_GUIDES_VERSION, "1.0");
         verify(notificationJson).add(KEY_GUIDES_SECTION_PATH, GUIDES_SECTION_PATH_DATAVERSE_MANAGEMENT_HTML);
@@ -214,7 +243,9 @@ public void testAddFieldsByType_createDv_objectDeleted() {
     }
 
     @Test
+    @DisplayName("REQUESTFILEACCESS: should add requestor and data file fields")
     public void testAddFieldsByType_requestFileAccess() {
+        // Arrange
         userNotification.setType(UserNotification.Type.REQUESTFILEACCESS);
         userNotification.setObjectId(1L);
         userNotification.setRequestor(requestor);
@@ -233,8 +264,10 @@ public void testAddFieldsByType_requestFileAccess() {
         when(dataFile.getOwner()).thenReturn(dataset);
         when(dataFileService.find(1L)).thenReturn(dataFile);
 
+        // Act
         sut.addFieldsByType(notificationJson, authenticatedUser, userNotification);
 
+        // Assert
         verify(notificationJson).add(KEY_REQUESTOR_FIRST_NAME, "John");
         verify(notificationJson).add(KEY_REQUESTOR_LAST_NAME, "Doe");
         verify(notificationJson).add(KEY_REQUESTOR_EMAIL, "johndoe@example.com");
@@ -245,7 +278,9 @@ public void testAddFieldsByType_requestFileAccess() {
     }
 
     @Test
+    @DisplayName("REQUESTFILEACCESS: should add data file fields even when requestor is null")
     public void testAddFieldsByType_requestFileAccess_nullRequestor() {
+        // Arrange
         userNotification.setType(UserNotification.Type.REQUESTFILEACCESS);
         userNotification.setObjectId(1L);
         userNotification.setRequestor(null);
@@ -260,8 +295,10 @@ public void testAddFieldsByType_requestFileAccess_nullRequestor() {
         when(dataFile.getOwner()).thenReturn(dataset);
         when(dataFileService.find(1L)).thenReturn(dataFile);
 
+        // Act
         sut.addFieldsByType(notificationJson, authenticatedUser, userNotification);
 
+        // Assert
         verify(notificationJson, never()).add(eq(KEY_REQUESTOR_FIRST_NAME), anyString());
         verify(notificationJson, never()).add(eq(KEY_REQUESTOR_LAST_NAME), anyString());
         verify(notificationJson, never()).add(eq(KEY_REQUESTOR_EMAIL), anyString());
@@ -272,7 +309,9 @@ public void testAddFieldsByType_requestFileAccess_nullRequestor() {
     }
 
     @Test
+    @DisplayName("GRANTFILEACCESS: should add dataset fields")
     public void testAddFieldsByType_grantFileAccess() {
+        // Arrange
         userNotification.setType(UserNotification.Type.GRANTFILEACCESS);
         userNotification.setObjectId(1L);
 
@@ -286,8 +325,10 @@ public void testAddFieldsByType_grantFileAccess() {
         when(dataset.getOwner()).thenReturn(owner);
         when(datasetService.find(1L)).thenReturn(dataset);
 
+        // Act
         sut.addFieldsByType(notificationJson, authenticatedUser, userNotification);
 
+        // Assert
         verify(notificationJson).add(KEY_DATASET_PERSISTENT_ID, testGlobalId.toString());
         verify(notificationJson).add(KEY_DATASET_DISPLAY_NAME, "Granted Dataset");
         verify(notificationJson).add(KEY_OWNER_ALIAS, "ownerDv");
@@ -299,20 +340,26 @@ public void testAddFieldsByType_grantFileAccess() {
     }
 
     @Test
+    @DisplayName("GRANTFILEACCESS: should add object deleted flag when dataset is not found")
     public void testAddFieldsByType_grantFileAccess_objectDeleted() {
+        // Arrange
         userNotification.setType(UserNotification.Type.GRANTFILEACCESS);
         userNotification.setObjectId(1L);
 
         when(datasetService.find(1L)).thenReturn(null);
 
+        // Act
         sut.addFieldsByType(notificationJson, authenticatedUser, userNotification);
 
+        // Assert
         verify(notificationJson).add(KEY_OBJECT_DELETED, true);
         verifyNoInteractions(dataFileService);
     }
 
     @Test
+    @DisplayName("CREATEDS: should add dataset version and guides fields")
     public void testAddFieldsByType_createDs() {
+        // Arrange
         userNotification.setType(UserNotification.Type.CREATEDS);
         userNotification.setObjectId(1L);
 
@@ -334,8 +381,10 @@ public void testAddFieldsByType_createDs() {
         when(systemConfig.getGuidesBaseUrl(false)).thenReturn("http://guides.dataverse.org");
         when(systemConfig.getGuidesVersion()).thenReturn("1.0");
 
+        // Act
         sut.addFieldsByType(notificationJson, authenticatedUser, userNotification);
 
+        // Assert
         verify(notificationJson).add(KEY_GUIDES_BASE_URL, "http://guides.dataverse.org");
         verify(notificationJson).add(KEY_GUIDES_VERSION, "1.0");
         verify(notificationJson).add(KEY_GUIDES_SECTION_PATH, GUIDES_SECTION_PATH_DATASET_MANAGEMENT_HTML);
@@ -346,7 +395,9 @@ public void testAddFieldsByType_createDs() {
     }
 
     @Test
+    @DisplayName("SUBMITTEDDS: should add dataset and requestor fields")
     public void testAddFieldsByType_submittedDs() {
+        // Arrange
         userNotification.setType(UserNotification.Type.SUBMITTEDDS);
         userNotification.setObjectId(1L);
         userNotification.setRequestor(requestor);
@@ -366,8 +417,10 @@ public void testAddFieldsByType_submittedDs() {
         when(requestor.getLastName()).thenReturn("Submitter");
         when(requestor.getEmail()).thenReturn("j.submitter@example.com");
 
+        // Act
         sut.addFieldsByType(notificationJson, authenticatedUser, userNotification);
 
+        // Assert
         verify(notificationJson).add(KEY_DATASET_PERSISTENT_ID, testGlobalId.toString());
         verify(notificationJson).add(KEY_DATASET_DISPLAY_NAME, "Submitted Dataset");
         verify(notificationJson).add(KEY_OWNER_ALIAS, "reviewDv");
@@ -378,7 +431,9 @@ public void testAddFieldsByType_submittedDs() {
     }
 
     @Test
+    @DisplayName("PUBLISHEDDS: should add dataset version fields")
     public void testAddFieldsByType_publishedDs() {
+        // Arrange
         userNotification.setType(UserNotification.Type.PUBLISHEDDS);
         userNotification.setObjectId(1L);
 
@@ -397,8 +452,10 @@ public void testAddFieldsByType_publishedDs() {
 
         when(datasetVersionService.find(1L)).thenReturn(datasetVersion);
 
+        // Act
         sut.addFieldsByType(notificationJson, authenticatedUser, userNotification);
 
+        // Assert
         verify(notificationJson).add(KEY_DATASET_PERSISTENT_ID, testGlobalId.toString());
         verify(notificationJson).add(KEY_DATASET_DISPLAY_NAME, "Published Dataset");
         verify(notificationJson, never()).add(eq(KEY_CURATION_STATUS), anyString());
@@ -407,7 +464,9 @@ public void testAddFieldsByType_publishedDs() {
     }
 
     @Test
+    @DisplayName("STATUSUPDATED: should add dataset version fields including curation status")
     public void testAddFieldsByType_statusUpdated() {
+        // Arrange
         userNotification.setType(UserNotification.Type.STATUSUPDATED);
         userNotification.setObjectId(1L);
 
@@ -429,8 +488,10 @@ public void testAddFieldsByType_statusUpdated() {
         when(dataset.getGlobalId()).thenReturn(testGlobalId);
         when(dataset.getDisplayName()).thenReturn("Status Update Dataset");
 
+        // Act
         sut.addFieldsByType(notificationJson, authenticatedUser, userNotification);
 
+        // Assert
         verify(notificationJson).add(KEY_DATASET_PERSISTENT_ID, testGlobalId.toString());
         verify(notificationJson).add(KEY_DATASET_DISPLAY_NAME, "Status Update Dataset");
         verify(notificationJson).add(eq(KEY_CURATION_STATUS), any(String.class));
@@ -439,19 +500,25 @@ public void testAddFieldsByType_statusUpdated() {
     }
 
     @Test
+    @DisplayName("STATUSUPDATED: should add object deleted flag when dataset version is not found")
     public void testAddFieldsByType_statusUpdated_objectDeleted() {
+        // Arrange
         userNotification.setType(UserNotification.Type.STATUSUPDATED);
         userNotification.setObjectId(1L);
 
         when(datasetVersionService.find(1L)).thenReturn(null);
 
+        // Act
         sut.addFieldsByType(notificationJson, authenticatedUser, userNotification);
 
+        // Assert
         verify(notificationJson).add(KEY_OBJECT_DELETED, true);
     }
 
     @Test
+    @DisplayName("CREATEACC: should add installation brand and user guides fields")
     public void testAddFieldsByType_createAcc() {
+        // Arrange
         userNotification.setType(UserNotification.Type.CREATEACC);
         try (MockedStatic<BrandingUtil> mockedBrandingUtil = mockStatic(BrandingUtil.class)) {
             mockedBrandingUtil.when(BrandingUtil::getInstallationBrandName).thenReturn("My Test Brand Name");
@@ -459,8 +526,10 @@ public void testAddFieldsByType_createAcc() {
             when(systemConfig.getGuidesBaseUrl(false)).thenReturn("http://guides.dataverse.org");
             when(systemConfig.getGuidesVersion()).thenReturn("1.0");
 
+            // Act
             sut.addFieldsByType(notificationJson, authenticatedUser, userNotification);
 
+            // Assert
             verify(notificationJson).add(KEY_INSTALLATION_BRAND_NAME, "My Test Brand Name");
             verify(notificationJson).add(KEY_GUIDES_BASE_URL, "http://guides.dataverse.org");
             verify(notificationJson).add(KEY_GUIDES_VERSION, "1.0");
@@ -469,7 +538,9 @@ public void testAddFieldsByType_createAcc() {
     }
 
     @Test
+    @DisplayName("INGESTCOMPLETED: should add dataset and tabular guides fields")
     public void testAddFieldsByType_ingestCompleted() {
+        // Arrange
         userNotification.setType(UserNotification.Type.INGESTCOMPLETED);
         userNotification.setObjectId(1L);
 
@@ -488,8 +559,10 @@ public void testAddFieldsByType_ingestCompleted() {
         when(systemConfig.getGuidesBaseUrl(false)).thenReturn("http://guides.dataverse.org");
         when(systemConfig.getGuidesVersion()).thenReturn("1.0");
 
+        // Act
         sut.addFieldsByType(notificationJson, authenticatedUser, userNotification);
 
+        // Assert
         verify(notificationJson).add(KEY_DATASET_PERSISTENT_ID, testGlobalId.toString());
         verify(notificationJson).add(KEY_DATASET_DISPLAY_NAME, "Ingested Dataset");
         verify(notificationJson).add(KEY_OWNER_ALIAS, "ownerDv");
@@ -500,7 +573,9 @@ public void testAddFieldsByType_ingestCompleted() {
     }
 
     @Test
+    @DisplayName("INGESTCOMPLETED: should add object deleted flag when dataset is not found")
     public void testAddFieldsByType_ingestCompleted_objectDeleted() {
+        // Arrange
         userNotification.setType(UserNotification.Type.INGESTCOMPLETED);
         userNotification.setObjectId(1L);
 
@@ -509,8 +584,10 @@ public void testAddFieldsByType_ingestCompleted_objectDeleted() {
         when(systemConfig.getGuidesBaseUrl(false)).thenReturn("http://guides.dataverse.org");
         when(systemConfig.getGuidesVersion()).thenReturn("1.0");
 
+        // Act
         sut.addFieldsByType(notificationJson, authenticatedUser, userNotification);
 
+        // Assert
         verify(notificationJson).add(KEY_OBJECT_DELETED, true);
         verify(notificationJson).add(KEY_GUIDES_BASE_URL, "http://guides.dataverse.org");
         verify(notificationJson).add(KEY_GUIDES_VERSION, "1.0");
@@ -518,6 +595,7 @@ public void testAddFieldsByType_ingestCompleted_objectDeleted() {
     }
 
     @Test
+    @DisplayName("DATASETMENTIONED: should parse and add additional info as JSON object")
     public void testAddFieldsByType_datasetMentioned_withJsonString() {
         // Arrange
         userNotification.setType(UserNotification.Type.DATASETMENTIONED);
@@ -561,6 +639,7 @@ public void testAddFieldsByType_datasetMentioned_withJsonString() {
     }
 
     @Test
+    @DisplayName("DATASETMENTIONED: should add additional info as plain string if not valid JSON")
     public void testAddFieldsByType_datasetMentioned_withRegularString() {
         // Arrange
         userNotification.setType(UserNotification.Type.DATASETMENTIONED);
@@ -593,6 +672,7 @@ public void testAddFieldsByType_datasetMentioned_withRegularString() {
     }
 
     @Test
+    @DisplayName("DATASETMENTIONED: should not add additional info key if info is null")
     public void testAddFieldsByType_datasetMentioned_withNullInfo() {
         // Arrange
         userNotification.setType(UserNotification.Type.DATASETMENTIONED);
@@ -625,7 +705,9 @@ public void testAddFieldsByType_datasetMentioned_withNullInfo() {
     }
 
     @Test
+    @DisplayName("DATASETMENTIONED: should add dataset fields and additional info string")
     public void testAddFieldsByType_datasetMentioned() {
+        // Arrange
         userNotification.setType(UserNotification.Type.DATASETMENTIONED);
         userNotification.setObjectId(1L);
         userNotification.setAdditionalInfo("Mentioned in another dataset.");
@@ -641,8 +723,10 @@ public void testAddFieldsByType_datasetMentioned() {
         when(owner.getAlias()).thenReturn("ownerDv");
         when(owner.getDisplayName()).thenReturn("Owner Dataverse");
 
+        // Act
         sut.addFieldsByType(notificationJson, authenticatedUser, userNotification);
 
+        // Assert
         verify(notificationJson).add(KEY_DATASET_PERSISTENT_ID, testGlobalId.toString());
         verify(notificationJson).add(KEY_DATASET_DISPLAY_NAME, "Mentioned Dataset");
         verify(notificationJson).add(KEY_OWNER_ALIAS, "ownerDv");
@@ -651,13 +735,17 @@ public void testAddFieldsByType_datasetMentioned() {
     }
 
     @Test
+    @DisplayName("Unhandled Type: should add no fields for unhandled notification types")
     public void testAddFieldsByType_noOpType() {
+        // Arrange
         // APIGENERATED is a valid type but is not handled by the switch statement,
         // so no fields should be added.
         userNotification.setType(UserNotification.Type.APIGENERATED);
 
+        // Act
         sut.addFieldsByType(notificationJson, authenticatedUser, userNotification);
 
+        // Assert
         verifyNoInteractions(notificationJson);
     }
 }

From 5f51d9287003f077873640fe3195d9cc62bc5a12 Mon Sep 17 00:00:00 2001
From: Jim Myers <qqmyers@hotmail.com>
Date: Tue, 28 Oct 2025 14:20:47 -0400
Subject: [PATCH 462/634] missed merge issue

---
 doc/sphinx-guides/source/installation/config.rst | 8 +++-----
 1 file changed, 3 insertions(+), 5 deletions(-)

diff --git a/doc/sphinx-guides/source/installation/config.rst b/doc/sphinx-guides/source/installation/config.rst
index 7185ad1caf1..91dc63c36cb 100644
--- a/doc/sphinx-guides/source/installation/config.rst
+++ b/doc/sphinx-guides/source/installation/config.rst
@@ -3828,13 +3828,11 @@ please find all known feature flags below. Any of these flags can be activated u
     * - enable-pid-failure-log
       - Turns on creation of a monthly log file (logs/PIDFailures_<yyyy-MM>.log) showing failed requests for dataset/file PIDs. Can be used directly or with scripts at https://github.com/gdcc/dataverse-recipes/python/pid_reports to alert admins.
       - ``Off``
-<<<<<<< HEAD
-    * - only-update-datacite-when-needed
-      - Only contact DataCite to update a DOI after checking to see if DataCite has outdated information (for efficiency, lighter load on DataCite, especially when using file DOIs).
-=======
     * - role-assignment-history
       - Turns on tracking/display of role assignments and revocations for collections, datasets, and files
->>>>>>> refs/remotes/IQSS/develop
+      - ``Off``
+    * - only-update-datacite-when-needed
+      - Only contact DataCite to update a DOI after checking to see if DataCite has outdated information (for efficiency, lighter load on DataCite, especially when using file DOIs).
       - ``Off``
 
 **Note:** Feature flags can be set via any `supported MicroProfile Config API source`_, e.g. the environment variable

From 910a390e865f562f98c9510d2d9c30bb78a59691 Mon Sep 17 00:00:00 2001
From: qqmyers <qqmyers@hotmail.com>
Date: Wed, 29 Oct 2025 18:57:56 -0400
Subject: [PATCH 463/634] fix error, cleanup, add out-of-band key, add test

---
 .../edu/harvard/iq/dataverse/api/Admin.java   |  4 +-
 .../harvard/iq/dataverse/api/Datasets.java    |  2 +-
 .../iq/dataverse/dataaccess/StorageIO.java    | 14 ++--
 .../iq/dataverse/util/json/JsonPrinter.java   | 18 ++---
 .../dataverse/util/json/JsonPrinterTest.java  | 70 +++++++++++++++++++
 5 files changed, 88 insertions(+), 20 deletions(-)

diff --git a/src/main/java/edu/harvard/iq/dataverse/api/Admin.java b/src/main/java/edu/harvard/iq/dataverse/api/Admin.java
index 3df78648433..e5e40cb8ac8 100644
--- a/src/main/java/edu/harvard/iq/dataverse/api/Admin.java
+++ b/src/main/java/edu/harvard/iq/dataverse/api/Admin.java
@@ -2198,9 +2198,9 @@ public Response getStorageDriver(@Context ContainerRequestContext crc, @PathPara
         }
 
         if (getEffective != null && getEffective) {
-            return ok(JsonPrinter.jsonStorageDriver(dataverse.getEffectiveStorageDriverId(), null));
+            return ok(JsonPrinter.jsonStorageDriver(dataverse.getEffectiveStorageDriverId()));
         } else {
-            return ok(JsonPrinter.jsonStorageDriver(dataverse.getStorageDriverId(), null));
+            return ok(JsonPrinter.jsonStorageDriver(dataverse.getStorageDriverId()));
         }
     }
     
diff --git a/src/main/java/edu/harvard/iq/dataverse/api/Datasets.java b/src/main/java/edu/harvard/iq/dataverse/api/Datasets.java
index 12715d31e77..ea515756915 100644
--- a/src/main/java/edu/harvard/iq/dataverse/api/Datasets.java
+++ b/src/main/java/edu/harvard/iq/dataverse/api/Datasets.java
@@ -3674,7 +3674,7 @@ public Response getFileStore(@Context ContainerRequestContext crc, @PathParam("i
             return error(Response.Status.NOT_FOUND, "No such dataset");
         }
 
-        return ok(JsonPrinter.jsonStorageDriver(dataset.getEffectiveStorageDriverId(), dataset));
+        return ok(JsonPrinter.jsonStorageDriver(dataset.getEffectiveStorageDriverId()));
     }
 
     @PUT
diff --git a/src/main/java/edu/harvard/iq/dataverse/dataaccess/StorageIO.java b/src/main/java/edu/harvard/iq/dataverse/dataaccess/StorageIO.java
index bd59c11c5b1..b009c4e86ec 100644
--- a/src/main/java/edu/harvard/iq/dataverse/dataaccess/StorageIO.java
+++ b/src/main/java/edu/harvard/iq/dataverse/dataaccess/StorageIO.java
@@ -53,10 +53,11 @@ public abstract class StorageIO<T extends DvObject> {
 
     static final String INGEST_SIZE_LIMIT = "ingestsizelimit";
     static final String PUBLIC = "public";
-    static final String TYPE = "type";
-    static final String UPLOAD_REDIRECT = "upload-redirect";
-    static final String UPLOAD_OUT_OF_BAND = "upload-out-of-band";
-    protected static final String DOWNLOAD_REDIRECT = "download-redirect";
+    public static final String TYPE = "type";
+    public static final String UPLOAD_REDIRECT = "upload-redirect";
+    public static final String UPLOAD_OUT_OF_BAND = "upload-out-of-band";
+    public static final String DOWNLOAD_REDIRECT = "download-redirect";
+    public static final String LABEL = "label";
 
 
     public StorageIO() {
@@ -675,10 +676,11 @@ public boolean isDataverseAccessible() {
         return true;
     }
     
-    protected static String getConfigParamForDriver(String driverId, String parameterName) {
+    public static String getConfigParamForDriver(String driverId, String parameterName) {
         return getConfigParamForDriver(driverId, parameterName, null);
     }
-    protected static String getConfigParamForDriver(String driverId, String parameterName, String defaultValue) {
+    
+    public static String getConfigParamForDriver(String driverId, String parameterName, String defaultValue) {
         return System.getProperty("dataverse.files." + driverId + "." + parameterName, defaultValue);
     }
     
diff --git a/src/main/java/edu/harvard/iq/dataverse/util/json/JsonPrinter.java b/src/main/java/edu/harvard/iq/dataverse/util/json/JsonPrinter.java
index 46a05fc93f2..92a37807e2a 100644
--- a/src/main/java/edu/harvard/iq/dataverse/util/json/JsonPrinter.java
+++ b/src/main/java/edu/harvard/iq/dataverse/util/json/JsonPrinter.java
@@ -17,6 +17,7 @@
 import edu.harvard.iq.dataverse.authorization.users.User;
 import edu.harvard.iq.dataverse.branding.BrandingUtil;
 import edu.harvard.iq.dataverse.dataaccess.DataAccess;
+import edu.harvard.iq.dataverse.dataaccess.StorageIO;
 import edu.harvard.iq.dataverse.dataset.DatasetType;
 import edu.harvard.iq.dataverse.dataset.DatasetUtil;
 import edu.harvard.iq.dataverse.datasetversionsummaries.*;
@@ -1670,19 +1671,14 @@ public static JsonArrayBuilder jsonTemplateInstructions(Map<String, String> temp
         return jsonArrayBuilder;
     }
 
-    public static JsonObjectBuilder jsonStorageDriver(String storageDriverId, Dataset dataset) {
+    public static JsonObjectBuilder jsonStorageDriver(String storageDriverId) {
         JsonObjectBuilder jsonObjectBuilder = new NullSafeJsonBuilder();
         jsonObjectBuilder.add("name", storageDriverId);
-        jsonObjectBuilder.add("type", DataAccess.getDriverType(storageDriverId));
-        jsonObjectBuilder.add("label", DataAccess.getStorageDriverLabelFor(storageDriverId));
-        if (dataset != null) {
-            jsonObjectBuilder.add("directUpload", DataAccess.uploadToDatasetAllowed(dataset, storageDriverId));
-            try {
-                jsonObjectBuilder.add("directDownload", DataAccess.getStorageIO(dataset).downloadRedirectEnabled());
-            } catch (IOException ex) {
-                logger.fine("Failed to get Storage IO for dataset " + ex.getMessage());
-            }
-        }
+        jsonObjectBuilder.add("type", StorageIO.getConfigParamForDriver(storageDriverId, StorageIO.TYPE));
+        jsonObjectBuilder.add("label", StorageIO.getConfigParamForDriver(storageDriverId, StorageIO.LABEL));
+        jsonObjectBuilder.add("directUpload", Boolean.parseBoolean(StorageIO.getConfigParamForDriver(storageDriverId, StorageIO.UPLOAD_REDIRECT)));
+        jsonObjectBuilder.add("directDownload", Boolean.parseBoolean(StorageIO.getConfigParamForDriver(storageDriverId, StorageIO.DOWNLOAD_REDIRECT)));
+        jsonObjectBuilder.add("uploadOutOfBand", Boolean.parseBoolean(StorageIO.getConfigParamForDriver(storageDriverId, StorageIO.UPLOAD_OUT_OF_BAND)));
 
         return jsonObjectBuilder;
     }
diff --git a/src/test/java/edu/harvard/iq/dataverse/util/json/JsonPrinterTest.java b/src/test/java/edu/harvard/iq/dataverse/util/json/JsonPrinterTest.java
index c17529fb6ac..94f16553dff 100644
--- a/src/test/java/edu/harvard/iq/dataverse/util/json/JsonPrinterTest.java
+++ b/src/test/java/edu/harvard/iq/dataverse/util/json/JsonPrinterTest.java
@@ -664,4 +664,74 @@ private DataFile createDatafile(long id) {
 
         return datafile;
     }
+    
+
+    @Test
+    public void testJsonStorageDriver() {
+        // Test with directDownload enabled (true-like values)
+        System.setProperty("dataverse.files.test-driver.type", "s3");
+        System.setProperty("dataverse.files.test-driver.label", "Test Storage Driver");
+        System.setProperty("dataverse.files.test-driver.download-redirect", "true");
+        System.setProperty("dataverse.files.test-driver.upload-redirect", "true");
+
+        JsonObject result = JsonPrinter.jsonStorageDriver("test-driver").build();
+
+        assertEquals("test-driver", result.getString("name"));
+        assertEquals("s3", result.getString("type"));
+        assertEquals("Test Storage Driver", result.getString("label"));
+        assertTrue(result.getBoolean("directUpload"));
+        assertTrue(result.getBoolean("directDownload"));
+        assertFalse(result.getBoolean("uploadOutOfBand"));
+        
+        // Test with directDownload disabled (false values)
+        System.setProperty("dataverse.files.test-driver2.type", "file");
+        System.setProperty("dataverse.files.test-driver2.label", "Local Storage");
+        System.setProperty("dataverse.files.test-driver2.download-redirect", "false");
+        System.setProperty("dataverse.files.test-driver2.upload-redirect", "false");
+
+        JsonObject result2 = JsonPrinter.jsonStorageDriver("test-driver2").build();
+
+        assertEquals("test-driver2", result2.getString("name"));
+        assertEquals("file", result2.getString("type"));
+        assertEquals("Local Storage", result2.getString("label"));
+        assertFalse(result2.getBoolean("directUpload"));
+        assertFalse(result2.getBoolean("directDownload"));
+        assertFalse(result2.getBoolean("uploadOutOfBand"));
+
+        // Test with all caps TRUE and out-of-band
+        System.setProperty("dataverse.files.test-driver3.type", "swift");
+        System.setProperty("dataverse.files.test-driver3.label", "Swift Storage");
+        System.setProperty("dataverse.files.test-driver3.download-redirect", "TRUE");
+        System.setProperty("dataverse.files.test-driver3.upload-out-of-band", "true");
+
+        JsonObject result3 = JsonPrinter.jsonStorageDriver("test-driver3").build();
+        assertTrue(result3.getBoolean("directDownload"));
+        assertTrue(result3.getBoolean("uploadOutOfBand"));
+
+        // Test with null/missing properties
+        System.setProperty("dataverse.files.test-driver4.type", "s3");
+        System.setProperty("dataverse.files.test-driver4.label", "Minimal Storage");
+        // Not setting download-redirect property
+
+        JsonObject result4 = JsonPrinter.jsonStorageDriver("test-driver4").build();
+        assertFalse(result4.getBoolean("directDownload"));
+        assertFalse(result.getBoolean("directUpload"));
+        assertFalse(result.getBoolean("uploadOutOfBand"));
+
+        // Clean up system properties
+        System.clearProperty("dataverse.files.test-driver.type");
+        System.clearProperty("dataverse.files.test-driver.label");
+        System.clearProperty("dataverse.files.test-driver.download-redirect");
+        System.clearProperty("dataverse.files.test-driver.upload-redirect");
+        System.clearProperty("dataverse.files.test-driver2.type");
+        System.clearProperty("dataverse.files.test-driver2.label");
+        System.clearProperty("dataverse.files.test-driver2.download-redirect");
+        System.clearProperty("dataverse.files.test-driver2.upload-redirect");
+        System.clearProperty("dataverse.files.test-driver3.type");
+        System.clearProperty("dataverse.files.test-driver3.label");
+        System.clearProperty("dataverse.files.test-driver3.download-redirect");
+        System.clearProperty("dataverse.files.test-driver3.upload-out-of-band");
+        System.clearProperty("dataverse.files.test-driver4.type");
+        System.clearProperty("dataverse.files.test-driver4.label");
+    }
 }

From f0635e3ee356d82a820391a2307ab4b221e5cf00 Mon Sep 17 00:00:00 2001
From: qqmyers <qqmyers@hotmail.com>
Date: Wed, 29 Oct 2025 19:00:59 -0400
Subject: [PATCH 464/634] typos

---
 .../edu/harvard/iq/dataverse/util/json/JsonPrinterTest.java   | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/test/java/edu/harvard/iq/dataverse/util/json/JsonPrinterTest.java b/src/test/java/edu/harvard/iq/dataverse/util/json/JsonPrinterTest.java
index 94f16553dff..2f4fda068d4 100644
--- a/src/test/java/edu/harvard/iq/dataverse/util/json/JsonPrinterTest.java
+++ b/src/test/java/edu/harvard/iq/dataverse/util/json/JsonPrinterTest.java
@@ -715,8 +715,8 @@ public void testJsonStorageDriver() {
 
         JsonObject result4 = JsonPrinter.jsonStorageDriver("test-driver4").build();
         assertFalse(result4.getBoolean("directDownload"));
-        assertFalse(result.getBoolean("directUpload"));
-        assertFalse(result.getBoolean("uploadOutOfBand"));
+        assertFalse(result4.getBoolean("directUpload"));
+        assertFalse(result4.getBoolean("uploadOutOfBand"));
 
         // Clean up system properties
         System.clearProperty("dataverse.files.test-driver.type");

From c4d2f4ad44307991eb813d0ad04aa6504c65cad8 Mon Sep 17 00:00:00 2001
From: Oliver Bertuch <o.bertuch@fz-juelich.de>
Date: Thu, 30 Oct 2025 14:24:35 +0100
Subject: [PATCH 465/634] chore(settings): add deprecation notices for
 String-based methods in `SettingsServiceBean` #11654

Requested by @qqmyers via review comment.
Expanded deprecation tags across String-based methods, encouraging migration to key-based alternatives for future removal in v6.9.
---
 .../settings/SettingsServiceBean.java         | 33 +++++++++++++++++--
 1 file changed, 31 insertions(+), 2 deletions(-)

diff --git a/src/main/java/edu/harvard/iq/dataverse/settings/SettingsServiceBean.java b/src/main/java/edu/harvard/iq/dataverse/settings/SettingsServiceBean.java
index e5fce1a2349..2811b4e10c4 100644
--- a/src/main/java/edu/harvard/iq/dataverse/settings/SettingsServiceBean.java
+++ b/src/main/java/edu/harvard/iq/dataverse/settings/SettingsServiceBean.java
@@ -816,6 +816,9 @@ public static SettingsServiceBean.Key parse(String key) {
      * Basic functionality - get the name, return the setting, or {@code null}.
      * @param name of the setting
      * @return the actual setting, or {@code null}.
+     *
+     * @deprecated This will be removed in a future version of Dataverse. Please refrain from using it and migrate
+     *             any code doing so to use a {@link Key} and the {@link #getValueForKey(Key)} variants instead.
      */
     @Deprecated(since = "6.9", forRemoval = true)
     public String get( String name ) {
@@ -961,6 +964,9 @@ public Boolean getValueForCompoundKeyAsBoolean(Key key, String param) {
      * @param name Name of the setting.
      * @param defaultValue The value to return if no setting is found in the DB.
      * @return Either the stored value, or the default value.
+     *
+     * @deprecated This will be removed in a future version of Dataverse. Please refrain from using it and migrate
+     *             any code doing so to use a {@link Key} and the {@link #getValueForKey(Key)} variants instead.
      */
     @Deprecated(since = "6.9", forRemoval = true)
     public String get( String name, String defaultValue ) {
@@ -968,6 +974,10 @@ public String get( String name, String defaultValue ) {
         return (val!=null) ? val : defaultValue;
     }
 
+    /**
+     * @deprecated This will be removed in a future version of Dataverse. Please refrain from using it and migrate
+     *             any code doing so to use a {@link Key} and the {@link #getValueForKey(Key)} variants instead.
+     */
     @Deprecated(since = "6.9", forRemoval = true)
     public String get(String name, String lang, String defaultValue ) {
         // Database safeguard, as the default is an empty string
@@ -995,6 +1005,10 @@ public String getValueForKey( Key key, String lang, String defaultValue ) {
         return get( key.toString(), lang, defaultValue );
     }
     
+    /**
+     * @deprecated This will be removed in a future version of Dataverse. Please refrain from using it and migrate
+     *             any code doing so to use a {@link Key} and the {@link #setValueForKey(Key, String)} variants instead.
+     */
     @Deprecated(since = "6.9", forRemoval = true)
     public Setting set( String name, String content ) {
         Setting s = null; 
@@ -1018,7 +1032,11 @@ public Setting set( String name, String content ) {
                             .setInfo(name + ": " + content));
         return s;
     }
-
+    
+    /**
+     * @deprecated This will be removed in a future version of Dataverse. Please refrain from using it and migrate
+     *             any code doing so to use a {@link Key} and the {@link #setValueForKey(Key, String)} variants instead.
+     */
     @Deprecated(since = "6.9", forRemoval = true)
     public Setting set( String name, String lang, String content ) {
         // Database safeguard, as the default is an empty string
@@ -1057,6 +1075,9 @@ public Setting setValueForKey( Key key, String content ) {
      * @param name name of the setting.
      * @param defaultValue logical value of {@code null}.
      * @return boolean value of the setting.
+     *
+     * @deprecated This will be removed in a future version of Dataverse. Please refrain from using it and migrate
+     *             any code doing so to use a {@link Key} and {@link #isTrueForKey(Key, boolean)} instead.
      */
     @Deprecated(since = "6.9", forRemoval = true)
     public boolean isTrue( String name, boolean defaultValue ) {
@@ -1085,6 +1106,10 @@ public void deleteValueForKey( Key name ) {
         delete( name.toString() );
     }
     
+    /**
+     * @deprecated This will be removed in a future version of Dataverse. Please refrain from using it and migrate
+     *             any code doing so to use a {@link Key} and {@link #deleteValueForKey(Key)} instead.
+     */
     @Deprecated(since = "6.9", forRemoval = true)
     public void delete( String name ) {
         actionLogSvc.log( new ActionLogRecord(ActionLogRecord.ActionType.Setting, "delete")
@@ -1093,7 +1118,11 @@ public void delete( String name ) {
                 .setParameter("name", name)
                 .executeUpdate();
     }
-
+    
+    /**
+     * @deprecated This will be removed in a future version of Dataverse. Please refrain from using it and migrate
+     *             any code doing so to use a {@link Key} and {@link #deleteValueForKey(Key)} instead.
+     */
     @Deprecated(since = "6.9", forRemoval = true)
     public void delete( String name, String lang ) {
         // Database safeguard, as the default is an empty string

From 3ce58754d523745ab4ae49c19de6072c865593ae Mon Sep 17 00:00:00 2001
From: Oliver Bertuch <o.bertuch@fz-juelich.de>
Date: Thu, 30 Oct 2025 14:34:59 +0100
Subject: [PATCH 466/634] style(settings): make `Op` enum public to resolve IDE
 warnings #11654

Addressed visibility concerns by changing the `Op` enum to public, aligning it with a public method that leverages it. Added `@implNote` for clarification.
Requested by @pdurbin in review comment
---
 .../harvard/iq/dataverse/settings/SettingsServiceBean.java  | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/src/main/java/edu/harvard/iq/dataverse/settings/SettingsServiceBean.java b/src/main/java/edu/harvard/iq/dataverse/settings/SettingsServiceBean.java
index 2811b4e10c4..adfd6bc99d6 100644
--- a/src/main/java/edu/harvard/iq/dataverse/settings/SettingsServiceBean.java
+++ b/src/main/java/edu/harvard/iq/dataverse/settings/SettingsServiceBean.java
@@ -1279,8 +1279,10 @@ static Set<Setting> convertJsonToSettings(JsonObject settings) {
     
     /**
      * Enum representing the types of operations that are performed on a bulk operation with settings.
+     * @implNote Although this is only meant for internal use, we use it in a public method (which needs to stay public).
+     *           To avoid IDE warning about exposure, let's make it public, too.
      */
-    static enum Op {
+    public enum Op {
         UPDATED,
         CREATED,
         DELETED,
@@ -1328,6 +1330,8 @@ static JsonObjectBuilder convertToJson(Map<Setting, Op> operationalDetails) {
      * @return a map tracking the operations performed on each setting. The map's keys
      *         are the settings involved, and the values are the types of operations
      *         performed (CREATED, UPDATED, DELETED).
+     *
+     * @implNote Must be a public method to ensure proper transaction management.
      */
     @TransactionAttribute(TransactionAttributeType.REQUIRES_NEW)
     public Map<Setting, Op> replaceAllSettings(Set<Setting> newSettings) {

From 49ecc36cf21c3b1547e2f00f9fe1f0499a0f79a1 Mon Sep 17 00:00:00 2001
From: GPortas <hey@gportas.me>
Date: Thu, 30 Oct 2025 14:10:38 +0000
Subject: [PATCH 467/634] Fixed: changedFileMetaData count value in dataset
 summaries API response

---
 .../dataverse/DatasetVersionDifference.java   | 29 ++++++++++++++----
 .../harvard/iq/dataverse/api/DatasetsIT.java  | 30 +++++++++++++++----
 2 files changed, 47 insertions(+), 12 deletions(-)

diff --git a/src/main/java/edu/harvard/iq/dataverse/DatasetVersionDifference.java b/src/main/java/edu/harvard/iq/dataverse/DatasetVersionDifference.java
index 81d4fdf81f2..e9f7d8c92d0 100644
--- a/src/main/java/edu/harvard/iq/dataverse/DatasetVersionDifference.java
+++ b/src/main/java/edu/harvard/iq/dataverse/DatasetVersionDifference.java
@@ -1760,12 +1760,7 @@ private JsonObjectBuilder getFileSummaryAsJson(){
             job.add("replaced", 0);
         }
         
-        if (!changedFileMetadata.isEmpty()) {
-            job.add("changedFileMetaData", changedFileMetadata.size());
-           
-        } else{
-            job.add("changedFileMetaData", 0);
-        }
+        job.add("changedFileMetaData", getTotalFileMetadataChangesCount());
         
         if (!changedVariableMetadata.isEmpty()) {
             job.add("changedVariableMetadata", changedVariableMetadata.size());
@@ -1907,4 +1902,26 @@ private JsonObjectBuilder filesDiffJson(FileMetadata fileMetadata) {
         }
         return job;
     }
+
+    /**
+     * Calculates the total number of individual file metadata field changes
+     * across all files tracked in the {@code changedFileMetadataDiff} map.
+     *
+     * @return The total count of all file metadata field changes.
+     */
+    private int getTotalFileMetadataChangesCount() {
+        int totalChanges = 0;
+
+        if (this.changedFileMetadataDiff == null) {
+            return 0;
+        }
+
+        for (Map<String, List<String>> fileSpecificDiffs : this.changedFileMetadataDiff.values()) {
+            if (fileSpecificDiffs != null) {
+                totalChanges += fileSpecificDiffs.size();
+            }
+        }
+
+        return totalChanges;
+    }
 }
diff --git a/src/test/java/edu/harvard/iq/dataverse/api/DatasetsIT.java b/src/test/java/edu/harvard/iq/dataverse/api/DatasetsIT.java
index 3a34c3607cd..11f627530ab 100644
--- a/src/test/java/edu/harvard/iq/dataverse/api/DatasetsIT.java
+++ b/src/test/java/edu/harvard/iq/dataverse/api/DatasetsIT.java
@@ -6612,12 +6612,21 @@ public void testSummaryDatasetVersionsDifferencesAPI() throws InterruptedExcepti
                         .add("Data")
                 );
         JsonObject jsonObj = json.build();
+
         String pathToFile = "src/main/webapp/resources/images/dataverse-icon-1200.png";
         Response uploadResponse = UtilIT.uploadFileViaNative(String.valueOf(datasetId), pathToFile, jsonObj, apiToken);
         uploadResponse.prettyPrint();
         uploadResponse.then().assertThat()
                 .statusCode(OK.getStatusCode());
-        Integer modifyFileId = UtilIT.getDataFileIdFromResponse(uploadResponse);
+        Integer firstFileToModify = UtilIT.getDataFileIdFromResponse(uploadResponse);
+
+        pathToFile = "src/test/resources/images/coffeeshop.png";
+        uploadResponse = UtilIT.uploadFileViaNative(String.valueOf(datasetId), pathToFile, jsonObj, apiToken);
+        uploadResponse.prettyPrint();
+        uploadResponse.then().assertThat()
+                .statusCode(OK.getStatusCode());
+        Integer secondFileToModify = UtilIT.getDataFileIdFromResponse(uploadResponse);
+
         pathToFile = "src/main/webapp/resources/images/dataverseproject_logo.jpg";
         uploadResponse = UtilIT.uploadFileViaNative(String.valueOf(datasetId), pathToFile, jsonObj, apiToken);
         uploadResponse.then().assertThat()
@@ -6670,9 +6679,18 @@ public void testSummaryDatasetVersionsDifferencesAPI() throws InterruptedExcepti
         replaceResponse.then().assertThat()
                 .statusCode(OK.getStatusCode());
 
-        // Test modify by restricting the file
-        Response restrictResponse = UtilIT.restrictFile(modifyFileId.toString(), true, apiToken);
-        restrictResponse.prettyPrint();
+        // Test modify first file by adding a new category
+        Response setFileCategoriesResponse = UtilIT.setFileCategories(firstFileToModify.toString(), apiToken, List.of("Category"));
+        setFileCategoriesResponse.then().assertThat()
+                .statusCode(OK.getStatusCode());
+
+        // Test modify first file by restricting it
+        Response restrictResponse = UtilIT.restrictFile(firstFileToModify.toString(), true, apiToken);
+        restrictResponse.then().assertThat()
+                .statusCode(OK.getStatusCode());
+
+        // Test modify second file by restricting it
+        restrictResponse = UtilIT.restrictFile(secondFileToModify.toString(), true, apiToken);
         restrictResponse.then().assertThat()
                 .statusCode(OK.getStatusCode());
 
@@ -6682,7 +6700,6 @@ public void testSummaryDatasetVersionsDifferencesAPI() throws InterruptedExcepti
         updateTerms.then().assertThat()
                 .statusCode(OK.getStatusCode());
 
-
         Response compareResponse = UtilIT.summaryDatasetVersionDifferences(datasetPersistentId, apiToken);
         compareResponse.prettyPrint();
 
@@ -6701,7 +6718,8 @@ public void testSummaryDatasetVersionsDifferencesAPI() throws InterruptedExcepti
                 .body("data[0].summary.'Life Sciences Metadata'.added", equalTo(2))
                 .body("data[0].summary.'Life Sciences Metadata'.deleted", equalTo(0))
                 .body("data[0].summary.files.added", equalTo(1))
-                .body("data[0].summary.files.changedFileMetaData", equalTo(2))
+                // Expected total file metadata field changes: 3 (File 1 has 2 modifications + File 2 has 1 modification)
+                .body("data[0].summary.files.changedFileMetaData", equalTo(3))
                 .statusCode(OK.getStatusCode());
 
         //user with no privileges will only see the published version

From 17200a4034aeeeade7b8e1ad4b500e16ee829410 Mon Sep 17 00:00:00 2001
From: GPortas <hey@gportas.me>
Date: Thu, 30 Oct 2025 14:21:06 +0000
Subject: [PATCH 468/634] Fixed: DatasetVersionDifferenceTest

---
 .../edu/harvard/iq/dataverse/DatasetVersionDifferenceTest.java  | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/test/java/edu/harvard/iq/dataverse/DatasetVersionDifferenceTest.java b/src/test/java/edu/harvard/iq/dataverse/DatasetVersionDifferenceTest.java
index ed4c0e565b5..601d0c2d748 100644
--- a/src/test/java/edu/harvard/iq/dataverse/DatasetVersionDifferenceTest.java
+++ b/src/test/java/edu/harvard/iq/dataverse/DatasetVersionDifferenceTest.java
@@ -447,7 +447,7 @@ public void testGetSummaryAsJson(){
         JsonPath dataFile = JsonPath.from(JsonUtil.prettyPrint(obj));
                 
         assertTrue("true".equalsIgnoreCase(dataFile.getString("termsAccessChanged")));
-        assertEquals(2,(Long.parseLong(dataFile.getString("files.changedFileMetaData"))));
+        assertEquals(1,(Long.parseLong(dataFile.getString("files.changedFileMetaData"))));
         assertEquals(0,(Long.parseLong(dataFile.getString("testMetadataBlock.deleted"))));
         assertEquals(1, (int) (Long.parseLong(dataFile.getString("testMetadataBlock.added"))));
         assertEquals(1,(Long.parseLong(dataFile.getString("files.added"))));

From 7468e59b56bd779584ab7ebb5d72ee0edf923d2c Mon Sep 17 00:00:00 2001
From: Philip Durbin <philip_durbin@harvard.edu>
Date: Thu, 30 Oct 2025 12:02:43 -0400
Subject: [PATCH 469/634] Update
 doc/sphinx-guides/source/user/dataset-management.rst

Co-authored-by: Omer Fahim <mfahim11427@gmail.com>
---
 doc/sphinx-guides/source/user/dataset-management.rst | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/doc/sphinx-guides/source/user/dataset-management.rst b/doc/sphinx-guides/source/user/dataset-management.rst
index 5335931a89b..0802d1255b6 100755
--- a/doc/sphinx-guides/source/user/dataset-management.rst
+++ b/doc/sphinx-guides/source/user/dataset-management.rst
@@ -704,7 +704,7 @@ If you have a Contributor role (can edit metadata, upload files, and edit files,
 Preview URL to Review Unpublished Dataset
 =========================================
 
-Creating a Preview URL for a draft version of your dataset allows you to share your dataset (for viewing and downloading of files, including :ref:`restricted <restricted-files>` and :ref:`embargoed <embargoes>` files) before it is published to a wide group of individuals who may not have a user account on the Dataverse installation. Anyone you send the Preview URL to will not have to log into the Dataverse installation to view the unpublished dataset. Once a dataset has been published you may create new General Preview URLs for subsequent draft versions, but the Anonymous Preview URL will no longer be available.
+Creating a Preview URL for a draft version of your dataset allows you to share your dataset (for viewing and downloading files, including :ref:`restricted <restricted-files>` and :ref:`embargoed <embargoes>` files) before it is published to a wide group of people who might not have a user account on the Dataverse installation. Anyone you send the Preview URL to will not have to log in to the Dataverse installation to view the unpublished dataset. Once a dataset has been published, you may create new General Preview URLs for subsequent draft versions, but the Anonymous Preview URL will no longer be available.
 
 **Note:** To create a Preview URL, you must have the *ManageDatasetPermissions* permission for your draft dataset, usually given by the :ref:`roles <permissions>` *Curator* or *Administrator*.
 

From e66421f9cbd53e396771e8cf4fdb69fd98470255 Mon Sep 17 00:00:00 2001
From: qqmyers <qqmyers@hotmail.com>
Date: Thu, 30 Oct 2025 13:32:57 -0400
Subject: [PATCH 470/634] doc updates

---
 .../11695-11940-change-api-get-storage-driver.md | 12 ++++++++++++
 .../11695-change-api-get-storage-driver.md       | 12 ------------
 .../source/admin/dataverses-datasets.rst         | 16 +++++++++-------
 doc/sphinx-guides/source/api/changelog.rst       |  2 +-
 4 files changed, 22 insertions(+), 20 deletions(-)
 create mode 100644 doc/release-notes/11695-11940-change-api-get-storage-driver.md
 delete mode 100644 doc/release-notes/11695-change-api-get-storage-driver.md

diff --git a/doc/release-notes/11695-11940-change-api-get-storage-driver.md b/doc/release-notes/11695-11940-change-api-get-storage-driver.md
new file mode 100644
index 00000000000..5b1c8e383be
--- /dev/null
+++ b/doc/release-notes/11695-11940-change-api-get-storage-driver.md
@@ -0,0 +1,12 @@
+## Get Dataset/Dataverse Storage Driver API
+
+### Changed Json response - breaking change!
+
+The API for getting the Storage Driver info has been changed/extended.
+/api/datasets/{identifier}/storageDriver
+/api/admin/dataverse/{dataverse-alias}/storageDriver
+Rather tha returning just the name/id of the driver (with the key "message"), the api call now returns a JSONObject with the driver's "name", "type" and "label", and booleas indicating whether the driver has "directUpload", "directDownload", and/or "uploadOutOfBand" enabled.
+
+This change also affects the /api/admin/dataverse/{dataverse-alias}/storageDriver api call. In addition, this call now supports an optional ?getEffective=true to find the effective storageDriver (the driver that will be used for new datasets in the collection)
+
+See also [the guides](https://dataverse-guide--11664.org.readthedocs.build/en/11664/api/native-api.html#configure-a-dataset-to-store-all-new-files-in-a-specific-file-store), #11695, and #11664.
diff --git a/doc/release-notes/11695-change-api-get-storage-driver.md b/doc/release-notes/11695-change-api-get-storage-driver.md
deleted file mode 100644
index aa993232f4d..00000000000
--- a/doc/release-notes/11695-change-api-get-storage-driver.md
+++ /dev/null
@@ -1,12 +0,0 @@
-## Get Dataset/Dataverse Storage Driver API
-
-### Changed Json response - breaking change!
-
-The API for getting the Storage Driver info has been changed/extended.
-/api/datasets/{identifier}/storageDriver
-/api/admin/dataverse/{dataverse-alias}/storageDriver
-changed "message" to "name" and added "type" and "label"
-
-Also added query param for /api/admin/dataverse/{dataverse-alias}/storageDriver?getEffective=true to recurse the chain of parents to find the effective storageDriver
-
-See also [the guides](https://dataverse-guide--11664.org.readthedocs.build/en/11664/api/native-api.html#configure-a-dataset-to-store-all-new-files-in-a-specific-file-store), #11695, and #11664.
diff --git a/doc/sphinx-guides/source/admin/dataverses-datasets.rst b/doc/sphinx-guides/source/admin/dataverses-datasets.rst
index 0fa5bcf69f1..1d97155317d 100644
--- a/doc/sphinx-guides/source/admin/dataverses-datasets.rst
+++ b/doc/sphinx-guides/source/admin/dataverses-datasets.rst
@@ -56,17 +56,19 @@ To direct new files (uploaded when datasets are created or edited) for all datas
 
 (Note that for ``dataverse.files.store1.label=MyLabel``, you should pass ``MyLabel``.)
     
-The current driver can be seen using::
+A store assigned directly to a collection can be seen using::
 
     curl -H "X-Dataverse-key: $API_TOKEN" http://$SERVER/api/admin/dataverse/$dataverse-alias/storageDriver
 
-Or to recurse the chain of parents to find the effective storageDriver::
+This may be null. To get the effective storageDriver for a collection, which may be inherited from a parent collection or be the installation default, you can use:: 
 
     curl -H "X-Dataverse-key: $API_TOKEN" http://$SERVER/api/admin/dataverse/$dataverse-alias/storageDriver?getEffective=true
+    
+This will never be null.
 
-(Note that for ``dataverse.files.store1.label=MyLabel``, ``store1`` will be returned.)
+(Note that for ``dataverse.files.store1.label=MyLabel``, the JSON response will include "name":"store1" and "label":"MyLabel".)
 
-and can be reset to the default store with::
+To delete a store assigned directly to a collection (so that the colllection's effective store is inherted from it's parent or is the global default), use::
 
     curl -H "X-Dataverse-key: $API_TOKEN" -X DELETE http://$SERVER/api/admin/dataverse/$dataverse-alias/storageDriver
     
@@ -261,15 +263,15 @@ To identify invalid data values in specific datasets (if, for example, an attemp
 Configure a Dataset to Store All New Files in a Specific File Store
 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
 
-Configure a dataset to use a specific file store (this API can only be used by a superuser) ::
+Configure an individual dataset to use a specific file store (this API can only be used by a superuser) ::
  
     curl -H "X-Dataverse-key: $API_TOKEN" -X PUT -d $storageDriverLabel http://$SERVER/api/datasets/$dataset-id/storageDriver
     
-The current driver can be seen using::
+The effective store can be seen using::
 
     curl http://$SERVER/api/datasets/$dataset-id/storageDriver
 
-It can be reset to the default store as follows (only a superuser can do this) ::
+To remove an assigned store, and allow the dataset to inherit the store from it's parent collection, use the following (only a superuser can do this) ::
 
     curl -H "X-Dataverse-key: $API_TOKEN" -X DELETE http://$SERVER/api/datasets/$dataset-id/storageDriver
     
diff --git a/doc/sphinx-guides/source/api/changelog.rst b/doc/sphinx-guides/source/api/changelog.rst
index d6523bfbdbc..41633414fbb 100644
--- a/doc/sphinx-guides/source/api/changelog.rst
+++ b/doc/sphinx-guides/source/api/changelog.rst
@@ -10,6 +10,7 @@ This API changelog is experimental and we would love feedback on its usefulness.
 v6.9
 ----
 - The POST /api/admin/makeDataCount/{id}/updateCitationsForDataset processing is now asynchronous and the response no longer includes the number of citations. The response can be OK if the request is queued or 503 if the queue is full (default queue size is 1000).
+- For GET /api/admin/dataverse/{dataverse-alias}/storageDriver and /api/datasets/{identifier}/storageDriver the driver name is no longer returned in data.message. Instead, it is returned as data.name (along with other information about the storageDriver).
 
 v6.8
 ----
@@ -17,7 +18,6 @@ v6.8
 - For POST /api/files/{id}/metadata passing an empty string ("description":"")  or array ("categories":[]) will no longer be ignored. Empty fields will now clear out the values in the file's metadata. To ignore the fields simply do not include them in the JSON string.
 - For PUT /api/datasets/{id}/editMetadata the query parameter "sourceInternalVersionNumber" has been removed and replaced with "sourceLastUpdateTime" to verify that the data being edited hasn't been modified and isn't stale.
 - For GET /api/dataverses/$dataverse-alias/links the Json response has changed breaking the backward compatibility of the API.
-- For GET /api/admin/dataverse/{dataverse-alias}/storageDriver and /api/datasets/{identifier}/storageDriver the driver name is no longer returned in data.message. This value is now returned in data.name.
 - For PUT /api/dataverses/$dataverse-alias/inputLevels custom input levels that had been previously set will no longer be deleted. To delete input levels send an empty list (deletes all), then send the new/modified list.
 - For GET /api/externalTools and /api/externalTools/{id} the responses are now formatted as JSON (previously the toolParameters and allowedApiCalls were a JSON object and array (respectively) that were serialized as JSON strings) and any configured "requirements" are included.
 

From 68e1e26cdfbf50b4c74511521ceaeea76c66ce87 Mon Sep 17 00:00:00 2001
From: GPortas <hey@gportas.me>
Date: Thu, 30 Oct 2025 17:40:37 +0000
Subject: [PATCH 471/634] Added: release notes for #11921

---
 ...1921-dataset-version-summaries-metadatacount-fix.md | 10 ++++++++++
 1 file changed, 10 insertions(+)
 create mode 100644 doc/release-notes/11921-dataset-version-summaries-metadatacount-fix.md

diff --git a/doc/release-notes/11921-dataset-version-summaries-metadatacount-fix.md b/doc/release-notes/11921-dataset-version-summaries-metadatacount-fix.md
new file mode 100644
index 00000000000..df4e0e7c7aa
--- /dev/null
+++ b/doc/release-notes/11921-dataset-version-summaries-metadatacount-fix.md
@@ -0,0 +1,10 @@
+### Dataset version summaries API changedFileMetaData count fix
+
+The endpoint ``{id}/versions/compareSummary`` was previously returning an incorrect count for
+the ``changedFileMetaData`` field.
+The logic for calculating this count has been fixed to accurately reflect the total number of file metadata changes
+across all files in the dataset version.
+
+### Related issues
+
+- https://github.com/IQSS/dataverse/issues/11921

From 5eea9d5fb945dd35dfde2fc29c611c09a62d8c75 Mon Sep 17 00:00:00 2001
From: Oliver Bertuch <o.bertuch@fz-juelich.de>
Date: Fri, 31 Oct 2025 09:16:50 +0100
Subject: [PATCH 472/634] feat(util): add `getJsonValue` method for robust JSON
 parsing #11654

Introduced `getJsonValue` to parse serialized JSON strings into `JsonValue`, supporting `JsonObject`, `JsonArray`, and primitives. Includes comprehensive unit tests for valid and invalid JSON scenarios.

Note: a primitive (number, string, ...) is not a valid JSON document on its own. The exception thrown is intended to be used to handle this situation.

As this is related to the Settings Service, this may be used to return the raw value instead of some JSON object/array.
---
 .../iq/dataverse/util/json/JsonUtil.java      | 32 ++++++++++++++++
 .../iq/dataverse/util/json/JsonUtilTest.java  | 37 ++++++++++++++++++-
 2 files changed, 68 insertions(+), 1 deletion(-)

diff --git a/src/main/java/edu/harvard/iq/dataverse/util/json/JsonUtil.java b/src/main/java/edu/harvard/iq/dataverse/util/json/JsonUtil.java
index 72a1cd2e1eb..737d67d8245 100644
--- a/src/main/java/edu/harvard/iq/dataverse/util/json/JsonUtil.java
+++ b/src/main/java/edu/harvard/iq/dataverse/util/json/JsonUtil.java
@@ -8,12 +8,14 @@
 import java.io.StringWriter;
 import java.util.HashMap;
 import java.util.Map;
+import java.util.Objects;
 import java.util.logging.Logger;
 import jakarta.json.Json;
 import jakarta.json.JsonArray;
 import jakarta.json.JsonException;
 import jakarta.json.JsonObject;
 import jakarta.json.JsonReader;
+import jakarta.json.JsonValue;
 import jakarta.json.JsonWriter;
 import jakarta.json.JsonWriterFactory;
 import jakarta.json.stream.JsonGenerator;
@@ -131,4 +133,34 @@ public static JsonArray getJsonArray(String serializedJson) {
             }
         }
     }
+    
+    
+    /**
+     * Parses a serialized JSON string and returns it as a JsonValue.
+     * The returned JsonValue can be a JsonObject, JsonArray, or another type
+     * based on the structure of the provided serialized JSON string.
+     * This method closes its resources but does not catch any exceptions.
+     *
+     * @param serializedJson The JSON content serialized as a String
+     * @return The parsed content as a JsonValue which could be a JsonObject, JsonArray, or another JsonValue type
+     * @throws JsonException If an error occurs during parsing (null, invalid JSON, not trimmed, etc.)
+     */
+    public static JsonValue getJsonValue(String serializedJson) {
+        if (serializedJson == null) {
+            throw new JsonException("The serialized JSON string cannot be null.");
+        }
+        
+        try (StringReader rdr = new StringReader(serializedJson)) {
+            try (JsonReader jsonReader = Json.createReader(rdr)) {
+                JsonValue jsonValue = jsonReader.read();
+                if (jsonValue.getValueType() == JsonValue.ValueType.OBJECT) {
+                    return jsonValue.asJsonObject();
+                } else if (jsonValue.getValueType() == JsonValue.ValueType.ARRAY) {
+                    return jsonValue.asJsonArray();
+                } else {
+                    return jsonValue;
+                }
+            }
+        }
+    }
 }
diff --git a/src/test/java/edu/harvard/iq/dataverse/util/json/JsonUtilTest.java b/src/test/java/edu/harvard/iq/dataverse/util/json/JsonUtilTest.java
index 3e4f9a690d2..b703597a91c 100644
--- a/src/test/java/edu/harvard/iq/dataverse/util/json/JsonUtilTest.java
+++ b/src/test/java/edu/harvard/iq/dataverse/util/json/JsonUtilTest.java
@@ -1,7 +1,15 @@
 package edu.harvard.iq.dataverse.util.json;
 
 import static org.junit.jupiter.api.Assertions.assertEquals;
+import static org.junit.jupiter.api.Assertions.assertThrows;
+
+import jakarta.json.JsonException;
+import jakarta.json.JsonValue;
+import org.junit.jupiter.api.Nested;
 import org.junit.jupiter.api.Test;
+import org.junit.jupiter.params.ParameterizedTest;
+import org.junit.jupiter.params.provider.NullAndEmptySource;
+import org.junit.jupiter.params.provider.ValueSource;
 
 class JsonUtilTest {
 
@@ -15,5 +23,32 @@ void testPrettyPrint() {
         assertEquals("[\n    \"junk\"\n]", JsonUtil.prettyPrint("[\"junk\"]"));
         assertEquals("{\n" + "    \"foo\": \"bar\"\n" + "}", JsonUtil.prettyPrint("{\"foo\": \"bar\"}"));
     }
-
+    
+    @Nested
+    class JsonValues {
+        @Test
+        void testGetJsonValueWithJsonObject() {
+            String jsonObject = "{\"key\": \"value\"}";
+            JsonValue result = JsonUtil.getJsonValue(jsonObject);
+            assertEquals(JsonValue.ValueType.OBJECT, result.getValueType());
+            assertEquals("value", result.asJsonObject().getString("key"));
+        }
+        
+        @Test
+        void testGetJsonValueWithJsonArray() {
+            String jsonArray = "[\"element1\", \"element2\"]";
+            JsonValue result = JsonUtil.getJsonValue(jsonArray);
+            assertEquals(JsonValue.ValueType.ARRAY, result.getValueType());
+            assertEquals("element1", result.asJsonArray().getString(0));
+            assertEquals("element2", result.asJsonArray().getString(1));
+        }
+        
+        @ParameterizedTest
+        @NullAndEmptySource
+        @ValueSource(strings = {"   ", "  \"\"", "\"primitive\"", "{invalid}", "[invalid]", "[1234, invalid]"})
+        void testGetJsonValueWithInvalidJson(String sut) {
+            assertThrows(JsonException.class, () -> JsonUtil.getJsonValue(sut));
+        }
+    }
+    
 }

From 9497acd19dfbe2cb8f4e6c058a4724a6b310f849 Mon Sep 17 00:00:00 2001
From: Oliver Bertuch <o.bertuch@fz-juelich.de>
Date: Fri, 31 Oct 2025 09:19:02 +0100
Subject: [PATCH 473/634] fix(settings): improve JSON handling in
 `SettingsServiceBean` and add tests for arrays #11654

Enhanced `listAllAsJson` to robustly handle JSON parsing with proper fallback for invalid JSON, which means it is some primitive setting.

Added new unit tests to ensure accurate processing of JSON arrays and objects in settings.
---
 .../settings/SettingsServiceBean.java         | 12 +++++----
 .../settings/SettingsServiceBeanTest.java     | 25 ++++++++++++++++++-
 2 files changed, 31 insertions(+), 6 deletions(-)

diff --git a/src/main/java/edu/harvard/iq/dataverse/settings/SettingsServiceBean.java b/src/main/java/edu/harvard/iq/dataverse/settings/SettingsServiceBean.java
index adfd6bc99d6..1cdac02a013 100644
--- a/src/main/java/edu/harvard/iq/dataverse/settings/SettingsServiceBean.java
+++ b/src/main/java/edu/harvard/iq/dataverse/settings/SettingsServiceBean.java
@@ -13,6 +13,7 @@
 import jakarta.json.Json;
 import jakarta.json.JsonArray;
 import jakarta.json.JsonArrayBuilder;
+import jakarta.json.JsonException;
 import jakarta.json.JsonObject;
 import jakarta.json.JsonObjectBuilder;
 import jakarta.json.JsonString;
@@ -1188,13 +1189,14 @@ public JsonObject listAllAsJson() {
         settings.forEach(setting -> {
             String name = convertToJsonKey(setting);
             
-            // In case the setting is a JSON object, treat it a such in the output (so the API can return valid JSON)
-            if (setting.getContent().trim().startsWith("{"))
-                response.add(name, Json.createObjectBuilder(JsonUtil.getJsonObject(setting.getContent())));
-            else
+            try {
+                // In case the setting is JSON, treat it as such in the output (so the API can return valid JSON)
+                response.add(name, JsonUtil.getJsonValue(setting.getContent()));
+            } catch (JsonException e) {
+                // This wasn't valid JSON, so we just add it as a string
                 response.add(name, setting.getContent());
             }
-        );
+        });
         
         return response.build();
     }
diff --git a/src/test/java/edu/harvard/iq/dataverse/settings/SettingsServiceBeanTest.java b/src/test/java/edu/harvard/iq/dataverse/settings/SettingsServiceBeanTest.java
index eb4d67d1835..c4881257374 100644
--- a/src/test/java/edu/harvard/iq/dataverse/settings/SettingsServiceBeanTest.java
+++ b/src/test/java/edu/harvard/iq/dataverse/settings/SettingsServiceBeanTest.java
@@ -1,6 +1,7 @@
 package edu.harvard.iq.dataverse.settings;
 
 import jakarta.json.Json;
+import jakarta.json.JsonArray;
 import jakarta.json.JsonObject;
 import jakarta.persistence.EntityManager;
 import jakarta.persistence.TypedQuery;
@@ -197,7 +198,7 @@ void testListAllAsJson_nonLocalizedSettings() {
         }
         
         @Test
-        void testListAllAsJson_jsonSetting() {
+        void testListAllAsJson_jsonObjectSetting() {
             // Given
             JsonObject expected = Json.createObjectBuilder()
                 .add("default", "2147483648")
@@ -218,6 +219,28 @@ void testListAllAsJson_jsonSetting() {
             assertEquals(expected.toString(), result.getJsonObject(SettingsServiceBean.Key.MaxFileUploadSizeInBytes.toString()).toString());
         }
         
+        @Test
+        void testListAllAsJson_jsonArraySetting() {
+            // Given
+            JsonArray expected = Json.createArrayBuilder()
+                .add(2147483648L)
+                .add("4000000000")
+                .add("8000000000")
+                .build();
+            
+            List<Setting> resultList = List.of(
+                new Setting(SettingsServiceBean.Key.MaxFileUploadSizeInBytes.toString(), "[2147483648, \"4000000000\", \"8000000000\"]")
+            );
+            when(typedQuery.getResultList()).thenReturn(resultList);
+            
+            // When
+            JsonObject result = settingsServiceBean.listAllAsJson();
+            
+            // Then
+            assertEquals(1, result.size());
+            assertEquals(expected.toString(), result.getJsonArray(SettingsServiceBean.Key.MaxFileUploadSizeInBytes.toString()).toString());
+        }
+        
         @Test
         void testListAllAsJson_localizedSettings() {
             // Given

From e763e1de5f6c5d46cdb2dff6b45b92858e580a3b Mon Sep 17 00:00:00 2001
From: qqmyers <qqmyers@hotmail.com>
Date: Mon, 3 Nov 2025 16:36:39 -0500
Subject: [PATCH 474/634] enable managed-field for TEXTBOX type

---
 src/main/webapp/datasetFieldForEditFragment.xhtml | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/src/main/webapp/datasetFieldForEditFragment.xhtml b/src/main/webapp/datasetFieldForEditFragment.xhtml
index d09a247c7a8..b51ad08e835 100644
--- a/src/main/webapp/datasetFieldForEditFragment.xhtml
+++ b/src/main/webapp/datasetFieldForEditFragment.xhtml
@@ -77,7 +77,8 @@
         <c:if test="#{dsfvIndex!=0}">
             <f:passThroughAttribute name="aria-label" value="#{bundle['dataset.additionalEntry']}" />
         </c:if>
-        </p:inputTextarea>
+        <f:passThroughAttribute rendered="#{cvoc!=null and !cvoc.getString('term-uri-field').equals(dsfv.datasetField.datasetFieldType.name)}" name="data-cvoc-managed-field" value="#{dsfv.datasetField.datasetFieldType.name}"/>
+    </p:inputTextarea>
     <p:watermark for="description" value="#{dsfv.datasetField.datasetFieldType.localeWatermark}"></p:watermark>
 
     <div class="ui-message ui-message-error ui-widget ui-corner-all" aria-live="polite" jsf:rendered="#{dsfvIndex eq 0 and !empty dsfv.datasetField.validationMessage}">

From 5625360b297c3646fd1fe3af688d814e50ff8e50 Mon Sep 17 00:00:00 2001
From: Steven Winship <39765413+stevenwinship@users.noreply.github.com>
Date: Tue, 4 Nov 2025 11:36:38 -0500
Subject: [PATCH 475/634] fixes per comments

---
 doc/sphinx-guides/source/api/changelog.rst        |  3 ++-
 .../harvard/iq/dataverse/api/NotificationsIT.java | 11 ++++++-----
 .../java/edu/harvard/iq/dataverse/api/UtilIT.java | 15 +++++++++------
 3 files changed, 17 insertions(+), 12 deletions(-)

diff --git a/doc/sphinx-guides/source/api/changelog.rst b/doc/sphinx-guides/source/api/changelog.rst
index d6523bfbdbc..e828131ce09 100644
--- a/doc/sphinx-guides/source/api/changelog.rst
+++ b/doc/sphinx-guides/source/api/changelog.rst
@@ -10,13 +10,14 @@ This API changelog is experimental and we would love feedback on its usefulness.
 v6.9
 ----
 - The POST /api/admin/makeDataCount/{id}/updateCitationsForDataset processing is now asynchronous and the response no longer includes the number of citations. The response can be OK if the request is queued or 503 if the queue is full (default queue size is 1000).
+- The GET /api/notifications/ the JSON response has changed breaking the backward compatibility of the API.
 
 v6.8
 ----
 
 - For POST /api/files/{id}/metadata passing an empty string ("description":"")  or array ("categories":[]) will no longer be ignored. Empty fields will now clear out the values in the file's metadata. To ignore the fields simply do not include them in the JSON string.
 - For PUT /api/datasets/{id}/editMetadata the query parameter "sourceInternalVersionNumber" has been removed and replaced with "sourceLastUpdateTime" to verify that the data being edited hasn't been modified and isn't stale.
-- For GET /api/dataverses/$dataverse-alias/links the Json response has changed breaking the backward compatibility of the API.
+- For GET /api/dataverses/$dataverse-alias/links the JSON response has changed breaking the backward compatibility of the API.
 - For GET /api/admin/dataverse/{dataverse-alias}/storageDriver and /api/datasets/{identifier}/storageDriver the driver name is no longer returned in data.message. This value is now returned in data.name.
 - For PUT /api/dataverses/$dataverse-alias/inputLevels custom input levels that had been previously set will no longer be deleted. To delete input levels send an empty list (deletes all), then send the new/modified list.
 - For GET /api/externalTools and /api/externalTools/{id} the responses are now formatted as JSON (previously the toolParameters and allowedApiCalls were a JSON object and array (respectively) that were serialized as JSON strings) and any configured "requirements" are included.
diff --git a/src/test/java/edu/harvard/iq/dataverse/api/NotificationsIT.java b/src/test/java/edu/harvard/iq/dataverse/api/NotificationsIT.java
index 54d8a92731e..b64b55e40ed 100644
--- a/src/test/java/edu/harvard/iq/dataverse/api/NotificationsIT.java
+++ b/src/test/java/edu/harvard/iq/dataverse/api/NotificationsIT.java
@@ -89,7 +89,7 @@ public void testNotifications() {
         markRead.then().assertThat().statusCode(OK.getStatusCode());
 
         // Retrieve only unread notifications
-        getNotifications = UtilIT.getNotifications(authorApiToken, false, true, null, null);
+        getNotifications = UtilIT.getNotifications(authorApiToken, null, true, null, null);
         getNotifications.then().assertThat()
                 .body("data[0].type", equalTo(CREATEDV.toString()))
                 .body("data[0].displayAsRead", equalTo(false))
@@ -199,7 +199,7 @@ public void testNotifications() {
                 .statusCode(OK.getStatusCode());
         authorApiToken = UtilIT.getApiTokenFromResponse(createAuthor);
 
-        getNotifications = UtilIT.getNotifications(authorApiToken, true, false, null, null);
+        getNotifications = UtilIT.getNotifications(authorApiToken, true, null, null, null);
         getNotifications.then().assertThat()
                 .body("data[0].displayAsRead", equalTo(false))
                 .body("totalCount", equalTo(1))
@@ -228,7 +228,7 @@ public void testNotifications() {
 
         // Case 1: Test limit
         // Get first 2 notifications out of 5
-        Response limitedNotifications = UtilIT.getNotifications(paginationApiToken, false, false, 2, 0);
+        Response limitedNotifications = UtilIT.getNotifications(paginationApiToken, null, null, 2, 0);
         limitedNotifications.then().assertThat()
                 .statusCode(OK.getStatusCode())
                 .body("data[0].type", equalTo(CREATEDV.toString()))
@@ -238,7 +238,7 @@ public void testNotifications() {
 
         // Case 2: Test offset
         // Skip first 3 notifications and get the remaining 2
-        Response offsetNotifications = UtilIT.getNotifications(paginationApiToken, false, false, null, 3);
+        Response offsetNotifications = UtilIT.getNotifications(paginationApiToken, null, null, null, 3);
         offsetNotifications.then().assertThat()
                 .statusCode(OK.getStatusCode())
                 .body("data[0].type", equalTo(CREATEDV.toString()))
@@ -248,7 +248,7 @@ public void testNotifications() {
 
         // Case 3: Test limit and offset together
         // Get 2 notifications, starting from the 2nd one (index 1)
-        Response limitedAndOffsetNotifications = UtilIT.getNotifications(paginationApiToken, false, false, 2, 1);
+        Response limitedAndOffsetNotifications = UtilIT.getNotifications(paginationApiToken, null, null, 2, 1);
         limitedAndOffsetNotifications.then().assertThat()
                 .statusCode(OK.getStatusCode())
                 .body("data[0].type", equalTo(CREATEDV.toString()))
@@ -271,6 +271,7 @@ public void testNotifications() {
 
         // Case 4: Test limit larger than available notifications
         // Ask for 10, but should only get the 5 that exist
+        // Also testing inAppNotificationFormat and onlyUnread set to false
         Response excessiveLimitNotifications = UtilIT.getNotifications(paginationApiToken, false, false, 10, 0);
         excessiveLimitNotifications.then().assertThat()
                 .statusCode(OK.getStatusCode())
diff --git a/src/test/java/edu/harvard/iq/dataverse/api/UtilIT.java b/src/test/java/edu/harvard/iq/dataverse/api/UtilIT.java
index 2e7bb5a1281..8a807b8abaf 100644
--- a/src/test/java/edu/harvard/iq/dataverse/api/UtilIT.java
+++ b/src/test/java/edu/harvard/iq/dataverse/api/UtilIT.java
@@ -1712,19 +1712,22 @@ static Response returnDatasetToAuthor(String datasetPersistentId, JsonObject jso
     }
 
     static Response getNotifications(String apiToken) {
-        return getNotifications(apiToken, false, false, null, null);
+        return getNotifications(apiToken, null, null, null, null);
     }
 
-    static Response getNotifications(String apiToken, boolean inAppNotificationFormat, boolean onlyUnread, Integer limit, Integer offset) {
+    static Response getNotifications(String apiToken, Boolean inAppNotificationFormat, Boolean onlyUnread, Integer limit, Integer offset) {
         RequestSpecification request = given();
         if (apiToken != null) {
             request.header(UtilIT.API_TOKEN_HTTP_HEADER, apiToken);
         }
 
-        // Add the standard query parameters
-        request.queryParam("inAppNotificationFormat", inAppNotificationFormat)
-                .queryParam("onlyUnread", onlyUnread);
-
+        // Add Optional parameters
+        if (inAppNotificationFormat != null) {
+            request.queryParam("inAppNotificationFormat", inAppNotificationFormat);
+        }
+        if (onlyUnread != null) {
+            request.queryParam("onlyUnread", onlyUnread);
+        }
         // Conditionally add pagination parameters only if they are not null
         if (limit != null) {
             request.queryParam("limit", limit);

From 6ffb01d424900c696c2ecf2468b6532a09524332 Mon Sep 17 00:00:00 2001
From: Steven Winship <39765413+stevenwinship@users.noreply.github.com>
Date: Tue, 4 Nov 2025 11:43:31 -0500
Subject: [PATCH 476/634] fixes per comments

---
 doc/sphinx-guides/source/api/changelog.rst | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/doc/sphinx-guides/source/api/changelog.rst b/doc/sphinx-guides/source/api/changelog.rst
index e828131ce09..c879171d004 100644
--- a/doc/sphinx-guides/source/api/changelog.rst
+++ b/doc/sphinx-guides/source/api/changelog.rst
@@ -10,7 +10,7 @@ This API changelog is experimental and we would love feedback on its usefulness.
 v6.9
 ----
 - The POST /api/admin/makeDataCount/{id}/updateCitationsForDataset processing is now asynchronous and the response no longer includes the number of citations. The response can be OK if the request is queued or 503 if the queue is full (default queue size is 1000).
-- The GET /api/notifications/ the JSON response has changed breaking the backward compatibility of the API.
+- For GET /api/notifications/ the JSON response has changed breaking the backward compatibility of the API.
 
 v6.8
 ----

From 35fcfc6fb2fefde2c637388064fdbb24651d6a50 Mon Sep 17 00:00:00 2001
From: Steven Winship <39765413+stevenwinship@users.noreply.github.com>
Date: Tue, 4 Nov 2025 11:51:56 -0500
Subject: [PATCH 477/634] fixes per comments

---
 doc/sphinx-guides/source/api/changelog.rst | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/doc/sphinx-guides/source/api/changelog.rst b/doc/sphinx-guides/source/api/changelog.rst
index c879171d004..8bf534b4140 100644
--- a/doc/sphinx-guides/source/api/changelog.rst
+++ b/doc/sphinx-guides/source/api/changelog.rst
@@ -10,7 +10,7 @@ This API changelog is experimental and we would love feedback on its usefulness.
 v6.9
 ----
 - The POST /api/admin/makeDataCount/{id}/updateCitationsForDataset processing is now asynchronous and the response no longer includes the number of citations. The response can be OK if the request is queued or 503 if the queue is full (default queue size is 1000).
-- For GET /api/notifications/ the JSON response has changed breaking the backward compatibility of the API.
+- For GET /api/notifications/all the JSON response has changed breaking the backward compatibility of the API.
 
 v6.8
 ----

From f0f4d241db3652f37d8f07cbd57f2db2b96babb0 Mon Sep 17 00:00:00 2001
From: Steven Winship <39765413+stevenwinship@users.noreply.github.com>
Date: Tue, 4 Nov 2025 14:07:52 -0500
Subject: [PATCH 478/634] fixes tests

---
 .../harvard/iq/dataverse/api/DatasetsIT.java  |   2 +-
 .../iq/dataverse/api/InReviewWorkflowIT.java  | 100 +++++++++---------
 2 files changed, 51 insertions(+), 51 deletions(-)

diff --git a/src/test/java/edu/harvard/iq/dataverse/api/DatasetsIT.java b/src/test/java/edu/harvard/iq/dataverse/api/DatasetsIT.java
index 3a34c3607cd..5f0014ed597 100644
--- a/src/test/java/edu/harvard/iq/dataverse/api/DatasetsIT.java
+++ b/src/test/java/edu/harvard/iq/dataverse/api/DatasetsIT.java
@@ -2814,7 +2814,7 @@ public void testDcmChecksumValidationMessages() throws IOException, InterruptedE
         Response authorsGetsBadNews = UtilIT.getNotifications(apiToken);
         authorsGetsBadNews.prettyPrint();
         authorsGetsBadNews.then().assertThat()
-                .body("data.notifications[0].type", equalTo("CHECKSUMFAIL"))
+                .body("data[0].type", equalTo("CHECKSUMFAIL"))
                 .statusCode(OK.getStatusCode());
 
         Response removeUploadMethods = UtilIT.deleteSetting(SettingsServiceBean.Key.UploadMethods);
diff --git a/src/test/java/edu/harvard/iq/dataverse/api/InReviewWorkflowIT.java b/src/test/java/edu/harvard/iq/dataverse/api/InReviewWorkflowIT.java
index b327ed41349..a2bef649c72 100644
--- a/src/test/java/edu/harvard/iq/dataverse/api/InReviewWorkflowIT.java
+++ b/src/test/java/edu/harvard/iq/dataverse/api/InReviewWorkflowIT.java
@@ -123,9 +123,9 @@ public void testCuratorSendsCommentsToAuthor() {
         Response authorsChecksForCommentsPrematurely = UtilIT.getNotifications(authorApiToken);
         authorsChecksForCommentsPrematurely.prettyPrint();
         authorsChecksForCommentsPrematurely.then().assertThat()
-                .body("data.notifications[0].type", equalTo(CREATEACC.toString()))
+                .body("data[0].type", equalTo(CREATEACC.toString()))
                 // The author thinks, "What's taking the curator so long to review my data?!?"
-                .body("data.notifications[1]", equalTo(null))
+                .body("data[1]", equalTo(null))
                 .statusCode(OK.getStatusCode());
 
         String joeRandomComments = "Joe Random says you'll never graduate.";
@@ -135,12 +135,12 @@ public void testCuratorSendsCommentsToAuthor() {
         Response curatorChecksNotificationsAndFindsWorkToDo = UtilIT.getNotifications(curatorApiToken);
         curatorChecksNotificationsAndFindsWorkToDo.prettyPrint();
         curatorChecksNotificationsAndFindsWorkToDo.then().assertThat()
-                .body("data.notifications[0].type", equalTo(SUBMITTEDDS.toString()))
-                .body("data.notifications[0].reasonForReturn", equalTo(null))
-                .body("data.notifications[1].type", equalTo(CREATEDV.toString()))
-                .body("data.notifications[1].reasonForReturn", equalTo(null))
-                .body("data.notifications[2].type", equalTo(CREATEACC.toString()))
-                .body("data.notifications[2].reasonForReturn", equalTo(null))
+                .body("data[0].type", equalTo(SUBMITTEDDS.toString()))
+                .body("data[0].reasonForReturn", equalTo(null))
+                .body("data[1].type", equalTo(CREATEDV.toString()))
+                .body("data[1].reasonForReturn", equalTo(null))
+                .body("data[2].type", equalTo(CREATEACC.toString()))
+                .body("data[2].reasonForReturn", equalTo(null))
                 .statusCode(OK.getStatusCode());
 
         // Joe Random, a user with no perms on dataset, tries returning the dataset as if he's a curator and fails.
@@ -305,11 +305,11 @@ public void testCuratorSendsCommentsToAuthor() {
         Response authorChecksForCommentsAgain = UtilIT.getNotifications(authorApiToken);
         authorChecksForCommentsAgain.prettyPrint();
         authorChecksForCommentsAgain.then().assertThat()
-                .body("data.notifications[0].type", equalTo(RETURNEDDS.toString()))
+                .body("data[0].type", equalTo(RETURNEDDS.toString()))
                 // The author thinks, "This why we have curators!"
-                //.body("data.notifications[0].reasonsForReturn[0].message", equalTo("You forgot to upload any files."))
-                .body("data.notifications[1].type", equalTo(CREATEACC.toString()))
-                //.body("data.notifications[1].reasonsForReturn", equalTo(null))
+                //.body("data[0].reasonsForReturn[0].message", equalTo("You forgot to upload any files."))
+                .body("data[1].type", equalTo(CREATEACC.toString()))
+                //.body("data[1].reasonsForReturn", equalTo(null))
                 .statusCode(OK.getStatusCode());
 
         // The author upload the file she forgot.
@@ -333,15 +333,15 @@ public void testCuratorSendsCommentsToAuthor() {
         curatorChecksNotifications.prettyPrint();
         curatorChecksNotifications.then().assertThat()
                 // TODO: Test this issue from the UI as well: https://github.com/IQSS/dataverse/issues/2526
-                .body("data.notifications[0].type", equalTo(SUBMITTEDDS.toString()))
-                //.body("data.notifications[0].reasonsForReturn[0].message", equalTo("You forgot to upload any files."))
-                .body("data.notifications[1].type", equalTo(INGESTCOMPLETED.toString()))
-                .body("data.notifications[2].type", equalTo(SUBMITTEDDS.toString()))
+                .body("data[0].type", equalTo(SUBMITTEDDS.toString()))
+                //.body("data[0].reasonsForReturn[0].message", equalTo("You forgot to upload any files."))
+                .body("data[1].type", equalTo(INGESTCOMPLETED.toString()))
+                .body("data[2].type", equalTo(SUBMITTEDDS.toString()))
                 // Yes, it's a little weird that the first "SUBMITTEDDS" notification now shows the return reason when it showed nothing before. For now we are simply always showing all the reasons for return. They start to stack up. That way you can see the history.
-                //.body("data.notifications[1].reasonsForReturn[0].message", equalTo("You forgot to upload any files."))
-                .body("data.notifications[3].type", equalTo(CREATEDV.toString()))
-                .body("data.notifications[4].type", equalTo(CREATEACC.toString()))
-                //.body("data.notifications[2].reasonsForReturn", equalTo(null))
+                //.body("data[1].reasonsForReturn[0].message", equalTo("You forgot to upload any files."))
+                .body("data[3].type", equalTo(CREATEDV.toString()))
+                .body("data[4].type", equalTo(CREATEACC.toString()))
+                //.body("data[2].reasonsForReturn", equalTo(null))
                 .statusCode(OK.getStatusCode());
 
         String reasonForReturn2 = "A README is required.";
@@ -355,15 +355,15 @@ public void testCuratorSendsCommentsToAuthor() {
         Response authorChecksForComments3 = UtilIT.getNotifications(authorApiToken);
         authorChecksForComments3.prettyPrint();
         authorChecksForComments3.then().assertThat()
-                .body("data.notifications[0].type", equalTo(RETURNEDDS.toString()))
-                // .body("data.notifications[0].reasonsForReturn[0].message", equalTo("You forgot to upload any files."))
-                //.body("data.notifications[0].reasonsForReturn[1].message", equalTo("A README is required."))
-                .body("data.notifications[1].type", equalTo(RETURNEDDS.toString()))
+                .body("data[0].type", equalTo(RETURNEDDS.toString()))
+                // .body("data[0].reasonsForReturn[0].message", equalTo("You forgot to upload any files."))
+                //.body("data[0].reasonsForReturn[1].message", equalTo("A README is required."))
+                .body("data[1].type", equalTo(RETURNEDDS.toString()))
                 // Yes, it's a little weird that the reason for return on the first "RETURNEDDS" changed. We're showing the history.
-                // .body("data.notifications[1].reasonsForReturn[0].message", equalTo("You forgot to upload any files."))
-                // .body("data.notifications[1].reasonsForReturn[1].message", equalTo("A README is required."))
-                .body("data.notifications[2].type", equalTo(CREATEACC.toString()))
-                // .body("data.notifications[2].reasonsForReturn", equalTo(null))
+                // .body("data[1].reasonsForReturn[0].message", equalTo("You forgot to upload any files."))
+                // .body("data[1].reasonsForReturn[1].message", equalTo("A README is required."))
+                .body("data[2].type", equalTo(CREATEACC.toString()))
+                // .body("data[2].reasonsForReturn", equalTo(null))
                 .statusCode(OK.getStatusCode());
 
         String pathToReadme = "README.md";
@@ -386,20 +386,20 @@ public void testCuratorSendsCommentsToAuthor() {
         curatorHopesTheReadmeIsThereNow.prettyPrint();
         curatorHopesTheReadmeIsThereNow.then().assertThat()
                 // TODO: Test this issue from the UI as well: https://github.com/IQSS/dataverse/issues/2526
-                .body("data.notifications[0].type", equalTo(SUBMITTEDDS.toString()))
-                // .body("data.notifications[0].reasonsForReturn[0].message", equalTo("You forgot to upload any files."))
-                // .body("data.notifications[0].reasonsForReturn[1].message", equalTo("A README is required."))
-                .body("data.notifications[1].type", equalTo(SUBMITTEDDS.toString()))
-                //  .body("data.notifications[1].reasonsForReturn[0].message", equalTo("You forgot to upload any files."))
-                //   .body("data.notifications[1].reasonsForReturn[1].message", equalTo("A README is required."))
-                .body("data.notifications[2].type", equalTo(INGESTCOMPLETED.toString()))
-                .body("data.notifications[3].type", equalTo(SUBMITTEDDS.toString()))
+                .body("data[0].type", equalTo(SUBMITTEDDS.toString()))
+                // .body("data[0].reasonsForReturn[0].message", equalTo("You forgot to upload any files."))
+                // .body("data[0].reasonsForReturn[1].message", equalTo("A README is required."))
+                .body("data[1].type", equalTo(SUBMITTEDDS.toString()))
+                //  .body("data[1].reasonsForReturn[0].message", equalTo("You forgot to upload any files."))
+                //   .body("data[1].reasonsForReturn[1].message", equalTo("A README is required."))
+                .body("data[2].type", equalTo(INGESTCOMPLETED.toString()))
+                .body("data[3].type", equalTo(SUBMITTEDDS.toString()))
                 // Yes, it's a little weird that the first "SUBMITTEDDS" notification now shows the return reason when it showed nothing before. We're showing the history.
-                //   .body("data.notifications[2].reasonsForReturn[0].message", equalTo("You forgot to upload any files."))
-                //   .body("data.notifications[2].reasonsForReturn[1].message", equalTo("A README is required."))
-                .body("data.notifications[4].type", equalTo(CREATEDV.toString()))
-                .body("data.notifications[5].type", equalTo(CREATEACC.toString()))
-                //   .body("data.notifications[3].reasonsForReturn", equalTo(null))
+                //   .body("data[2].reasonsForReturn[0].message", equalTo("You forgot to upload any files."))
+                //   .body("data[2].reasonsForReturn[1].message", equalTo("A README is required."))
+                .body("data[4].type", equalTo(CREATEDV.toString()))
+                .body("data[5].type", equalTo(CREATEACC.toString()))
+                //   .body("data[3].reasonsForReturn", equalTo(null))
                 .statusCode(OK.getStatusCode());
 
         // The curator publishes the dataverse.
@@ -417,16 +417,16 @@ public void testCuratorSendsCommentsToAuthor() {
         Response authorsChecksForCommentsPostPublication = UtilIT.getNotifications(authorApiToken);
         authorsChecksForCommentsPostPublication.prettyPrint();
         authorsChecksForCommentsPostPublication.then().assertThat()
-                .body("data.notifications[0].type", equalTo(PUBLISHEDDS.toString()))
-                .body("data.notifications[1].type", equalTo(RETURNEDDS.toString()))
-                // .body("data.notifications[1].reasonsForReturn[0].message", equalTo("You forgot to upload any files."))
-                //  .body("data.notifications[1].reasonsForReturn[1].message", equalTo("A README is required."))
-                .body("data.notifications[2].type", equalTo(RETURNEDDS.toString()))
+                .body("data[0].type", equalTo(PUBLISHEDDS.toString()))
+                .body("data[1].type", equalTo(RETURNEDDS.toString()))
+                // .body("data[1].reasonsForReturn[0].message", equalTo("You forgot to upload any files."))
+                //  .body("data[1].reasonsForReturn[1].message", equalTo("A README is required."))
+                .body("data[2].type", equalTo(RETURNEDDS.toString()))
                 // Yes, it's a little weird that the reason for return on the first "RETURNEDDS" changed. For now we are always showing the most recent reason for return.
-                //  .body("data.notifications[2].reasonsForReturn[0].message", equalTo("You forgot to upload any files."))
-                //.body("data.notifications[2].reasonsForReturn[1].message", equalTo("A README is required."))
-                .body("data.notifications[3].type", equalTo(CREATEACC.toString()))
-                //   .body("data.notifications[3].reasonsForReturn", equalTo(null))
+                //  .body("data[2].reasonsForReturn[0].message", equalTo("You forgot to upload any files."))
+                //.body("data[2].reasonsForReturn[1].message", equalTo("A README is required."))
+                .body("data[3].type", equalTo(CREATEACC.toString()))
+                //   .body("data[3].reasonsForReturn", equalTo(null))
                 .statusCode(OK.getStatusCode());
 
         // These println's are here in case you want to log into the GUI to see what notifications look like.

From 29e46926fda52ba14ba4c0fb343aa7f46495b116 Mon Sep 17 00:00:00 2001
From: qqmyers <qqmyers@hotmail.com>
Date: Tue, 4 Nov 2025 14:59:44 -0500
Subject: [PATCH 479/634] fix typos per review

---
 doc/release-notes/11695-11940-change-api-get-storage-driver.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/doc/release-notes/11695-11940-change-api-get-storage-driver.md b/doc/release-notes/11695-11940-change-api-get-storage-driver.md
index 5b1c8e383be..8fb05879871 100644
--- a/doc/release-notes/11695-11940-change-api-get-storage-driver.md
+++ b/doc/release-notes/11695-11940-change-api-get-storage-driver.md
@@ -5,7 +5,7 @@
 The API for getting the Storage Driver info has been changed/extended.
 /api/datasets/{identifier}/storageDriver
 /api/admin/dataverse/{dataverse-alias}/storageDriver
-Rather tha returning just the name/id of the driver (with the key "message"), the api call now returns a JSONObject with the driver's "name", "type" and "label", and booleas indicating whether the driver has "directUpload", "directDownload", and/or "uploadOutOfBand" enabled.
+Rather than returning just the name/id of the driver (with the key "message"), the api call now returns a JSONObject with the driver's "name", "type" and "label", and booleans indicating whether the driver has "directUpload", "directDownload", and/or "uploadOutOfBand" enabled.
 
 This change also affects the /api/admin/dataverse/{dataverse-alias}/storageDriver api call. In addition, this call now supports an optional ?getEffective=true to find the effective storageDriver (the driver that will be used for new datasets in the collection)
 

From e8e58755c464ca96939ad32ed9bec7edb02321c1 Mon Sep 17 00:00:00 2001
From: qqmyers <qqmyers@hotmail.com>
Date: Tue, 4 Nov 2025 15:05:19 -0500
Subject: [PATCH 480/634] update tests - direct up/down now included for
 dataverse api call

---
 src/test/java/edu/harvard/iq/dataverse/api/DataversesIT.java | 4 ++--
 src/test/java/edu/harvard/iq/dataverse/api/S3AccessIT.java   | 2 +-
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/src/test/java/edu/harvard/iq/dataverse/api/DataversesIT.java b/src/test/java/edu/harvard/iq/dataverse/api/DataversesIT.java
index 307af623120..e7a56cb339c 100644
--- a/src/test/java/edu/harvard/iq/dataverse/api/DataversesIT.java
+++ b/src/test/java/edu/harvard/iq/dataverse/api/DataversesIT.java
@@ -2726,8 +2726,8 @@ public void testGetStorageDriver() {
                 .body("data.name", CoreMatchers.notNullValue())
                 .body("data.type", CoreMatchers.notNullValue())
                 .body("data.label", CoreMatchers.notNullValue())
-                .body("data.directUpload", CoreMatchers.nullValue())
-                .body("data.directDownload", CoreMatchers.nullValue())
+                .body("data.directUpload", CoreMatchers.notNullValue())
+                .body("data.directDownload", CoreMatchers.notNullValue())
                 .statusCode(200);
 
         // Root without default is undefined
diff --git a/src/test/java/edu/harvard/iq/dataverse/api/S3AccessIT.java b/src/test/java/edu/harvard/iq/dataverse/api/S3AccessIT.java
index 24625c87ce2..60e83f9f2ba 100644
--- a/src/test/java/edu/harvard/iq/dataverse/api/S3AccessIT.java
+++ b/src/test/java/edu/harvard/iq/dataverse/api/S3AccessIT.java
@@ -156,7 +156,7 @@ public void testNonDirectUpload() {
         updatedStorageDriver.then().assertThat()
                 .body("data.type", CoreMatchers.notNullValue())
                 .body("data.label", CoreMatchers.notNullValue())
-                .body("data.directUpload", CoreMatchers.nullValue())
+                .body("data.directUpload", CoreMatchers.notNullValue())
                 .statusCode(200);
 
         Response createDatasetResponse = UtilIT.createRandomDatasetViaNativeApi(dataverseAlias, apiToken);

From 74429f660dbef2ab13605da8839bdc6111b5753b Mon Sep 17 00:00:00 2001
From: qqmyers <qqmyers@hotmail.com>
Date: Tue, 4 Nov 2025 15:28:21 -0500
Subject: [PATCH 481/634] release note

---
 doc/release-notes/11954-CVoC-for-textarea-inputs.md | 5 +++++
 1 file changed, 5 insertions(+)
 create mode 100644 doc/release-notes/11954-CVoC-for-textarea-inputs.md

diff --git a/doc/release-notes/11954-CVoC-for-textarea-inputs.md b/doc/release-notes/11954-CVoC-for-textarea-inputs.md
new file mode 100644
index 00000000000..1102975332d
--- /dev/null
+++ b/doc/release-notes/11954-CVoC-for-textarea-inputs.md
@@ -0,0 +1,5 @@
+### External Vocabulary Mechanism enhancement
+
+- The external vocabulary mechanism (see https://github.com/gdcc/dataverse-external-vocab-support/) now supports 
+  assigning metadatablock dataset field types of fieldType textbox (multiline inputs) as managed fields. This new functionality is
+  being leveraged to support automated generation of citation text for Related Publications entries. (a url could be added once the work in the external vocabulary repo is done).

From 43e122f90104b33209bcd5d9fc35ff217544d56c Mon Sep 17 00:00:00 2001
From: Philip Durbin <philip_durbin@harvard.edu>
Date: Tue, 4 Nov 2025 15:50:20 -0500
Subject: [PATCH 482/634] Guides: remove SHARE (defunct) from integrations list
 #11951 (#11952)

---
 doc/sphinx-guides/source/admin/integrations.rst | 5 -----
 1 file changed, 5 deletions(-)

diff --git a/doc/sphinx-guides/source/admin/integrations.rst b/doc/sphinx-guides/source/admin/integrations.rst
index 8c627609af2..bb981c75ace 100644
--- a/doc/sphinx-guides/source/admin/integrations.rst
+++ b/doc/sphinx-guides/source/admin/integrations.rst
@@ -240,11 +240,6 @@ Discoverability
 
 A number of builtin features related to data discovery are listed under :doc:`discoverability` but you can further increase the discoverability of your data by setting up integrations.
 
-SHARE
-+++++
-
-`SHARE <http://www.share-research.org>`_ is building a free, open, data set about research and scholarly activities across their life cycle. It's possible to add a Dataverse installation as one of the `sources <https://share.osf.io/sources>`_ they include if you contact the SHARE team.
-
 Geodisy
 +++++++
 

From cc5504e3e5074e7f80c725d3ed4e76228dc6fe3b Mon Sep 17 00:00:00 2001
From: Philip Durbin <philip_durbin@harvard.edu>
Date: Tue, 4 Nov 2025 16:04:22 -0500
Subject: [PATCH 483/634] remove outdated ossrh references #11512 (#11917)

Also add additional namespaces we use and rewrite
"adding new library" section, pointing at examples.

Co-authored-by: Steven Winship <39765413+stevenwinship@users.noreply.github.com>
---
 .../developers/making-library-releases.rst    | 60 ++++---------------
 1 file changed, 10 insertions(+), 50 deletions(-)

diff --git a/doc/sphinx-guides/source/developers/making-library-releases.rst b/doc/sphinx-guides/source/developers/making-library-releases.rst
index 0daa7fb89db..e63c998b837 100755
--- a/doc/sphinx-guides/source/developers/making-library-releases.rst
+++ b/doc/sphinx-guides/source/developers/making-library-releases.rst
@@ -13,7 +13,9 @@ Note: See :doc:`making-releases` for Dataverse itself.
 We release Java libraries to Maven Central that are used by Dataverse (and perhaps `other <https://github.com/gdcc/xoai/issues/141>`_ `software <https://github.com/gdcc/xoai/issues/170>`_!):
 
 - https://central.sonatype.com/namespace/org.dataverse
+- https://central.sonatype.com/namespace/org.dataverse.test
 - https://central.sonatype.com/namespace/io.gdcc
+- https://central.sonatype.com/namespace/io.gdcc.export
 
 We release JavaScript/TypeScript libraries to npm:
 
@@ -109,60 +111,18 @@ Releasing a New Library to Maven Central
 At a high level:
 
 - Start with a snapshot release.
-- Use an existing pom.xml as a starting point.
-- Use existing GitHub Actions workflows as a starting point.
-- Create secrets in the new library's GitHub repo used by the workflow.
-- If you need an entire new namespace, look at previous issues such as https://issues.sonatype.org/browse/OSSRH-94575 and https://issues.sonatype.org/browse/OSSRH-94577
-
-Updating pom.xml for a Snapshot Release
-~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-
-Before publishing a final version to Maven Central, you should publish a snapshot release or two. For each snapshot release you publish, the jar name will be unique each time (e.g. ``foobar-0.0.1-20240430.175110-3.jar``), so you can safely publish over and over with the same version number.
-
-We use the `Nexus Staging Maven Plugin <https://github.com/sonatype/nexus-maven-plugins/blob/main/staging/maven-plugin/README.md>`_ to push snapshot releases to https://s01.oss.sonatype.org/content/groups/staging/io/gdcc/ and https://s01.oss.sonatype.org/content/groups/staging/org/dataverse/
-
-Add the following to your pom.xml:
-
-.. code-block:: xml
+- Use an existing pom.xml as a starting point, such as from `Croissant <https://github.com/gdcc/exporter-croissant>`_, that inherits from the common Maven parent (https://github.com/gdcc/maven-parent). You can also play around with the "hello" project (https://github.com/gdcc/hello) and even make releases from it since it is designed to be a sandbox for publishing to Maven Central.
+- Use existing GitHub Actions workflows as a starting point, such as from `Croissant <https://github.com/gdcc/exporter-croissant>`_. As of this writing we have separate actions for ``maven-snapshot.yml`` and ``maven-release.yml``.
+- For repos under https://github.com/IQSS, create secrets in the new library's GitHub repo used by the workflow. This is necessary for the IQSS org because "organization secrets are not available for organizations on legacy per-repository billing plans." For repos under https://github.com/gdcc you can make use of shared secrets at the org level. These are the environment variables we use:
 
-    <version>0.0.1-SNAPSHOT</version>
+  - DATAVERSEBOT_GPG_KEY
 
-    <distributionManagement>
-        <snapshotRepository>
-            <id>ossrh</id>
-            <url>https://s01.oss.sonatype.org/content/repositories/snapshots</url>
-        </snapshotRepository>
-        <repository>
-            <id>ossrh</id>
-            <url>https://s01.oss.sonatype.org/service/local/staging/deploy/maven2/</url>
-        </repository>
-    </distributionManagement>
+  - DATAVERSEBOT_GPG_PASSWORD
 
-   <plugin>
-       <groupId>org.sonatype.plugins</groupId>
-       <artifactId>nexus-staging-maven-plugin</artifactId>
-       <version>${nexus-staging.version}</version>
-       <extensions>true</extensions>
-       <configuration>
-           <serverId>ossrh</serverId>
-           <nexusUrl>https://s01.oss.sonatype.org</nexusUrl>
-           <autoReleaseAfterClose>true</autoReleaseAfterClose>
-       </configuration>
-   </plugin>
+  - DATAVERSEBOT_SONATYPE_TOKEN
 
-Configuring Secrets
-~~~~~~~~~~~~~~~~~~~
-
-In GitHub, you will likely need to configure the following secrets:
-
-- DATAVERSEBOT_GPG_KEY
-- DATAVERSEBOT_GPG_PASSWORD
-- DATAVERSEBOT_SONATYPE_TOKEN
-- DATAVERSEBOT_SONATYPE_USERNAME
-
-Note that some of these secrets might be configured at the org level (e.g. gdcc or IQSS).
-
-Many of the automated tasks are performed by the dataversebot account on GitHub: https://github.com/dataversebot
+  - DATAVERSEBOT_SONATYPE_USERNAME
+- If you need an entire new namespace, look at previous issues such as https://issues.sonatype.org/browse/OSSRH-94575 and https://issues.sonatype.org/browse/OSSRH-94577
 
 npm (JavaScript/TypeScript)
 ---------------------------

From 1fd4edb2e5ad07b9cc317e9756593918336e22c6 Mon Sep 17 00:00:00 2001
From: Guillermo Portas <hey@gportas.me>
Date: Wed, 5 Nov 2025 15:08:37 +0000
Subject: [PATCH 484/634] Update Dataset License API (#11815)

* Stash: updateVersionLicense endpoint WIP

* Stash: updateVersionLicense endpoint WIP. Endpoint logic implemented, pending command impl

* Refactor: removed unused injected services in Datasets.java

* Refactor: pending TODO refactor implemented. datasetMetricsService moved to AbstractApiBean

* Changed: license update implementation with unit tests

* Refactor: renamed UpdateDatasetVersionLicenseCommand to UpdateDatasetLicenseCommand

* Changed: renamed bundle string

* Added: handling license updates where custom terms are sent

* Changed: naming and tweaks

* Added: integration tests, tweaks and improved error handling

* Added: DatasetsIT test case for updating license with insufficient permissions

* Added: docs for new datasets updateLicense endpoint

* Added: release notes for #11771

* Fixed: missing import statement

* Fixed: UpdateDatasetLicenseCommand by not overwriting dataset TermsOfUseAndAccess but merging new fields into the existing one

* Fixed: native api rst format
---
 .../11771-update-dataset-license-api.md       |  13 ++
 doc/sphinx-guides/source/api/native-api.rst   |  47 ++++++
 .../iq/dataverse/api/AbstractApiBean.java     |   4 +
 .../harvard/iq/dataverse/api/Datasets.java    |  62 ++++---
 .../iq/dataverse/api/MakeDataCountApi.java    |  15 +-
 .../iq/dataverse/api/dto/CustomTermsDTO.java  |  91 +++++++++++
 .../api/dto/LicenseUpdateRequest.java         |  28 ++++
 .../impl/UpdateDatasetLicenseCommand.java     |  76 +++++++++
 src/main/java/propertyFiles/Bundle.properties |   7 +
 .../harvard/iq/dataverse/api/DatasetsIT.java  | 122 ++++++++++++++
 .../edu/harvard/iq/dataverse/api/UtilIT.java  |  32 ++--
 .../impl/UpdateDatasetLicenseCommandTest.java | 151 ++++++++++++++++++
 12 files changed, 598 insertions(+), 50 deletions(-)
 create mode 100644 doc/release-notes/11771-update-dataset-license-api.md
 create mode 100644 src/main/java/edu/harvard/iq/dataverse/api/dto/CustomTermsDTO.java
 create mode 100644 src/main/java/edu/harvard/iq/dataverse/api/dto/LicenseUpdateRequest.java
 create mode 100644 src/main/java/edu/harvard/iq/dataverse/engine/command/impl/UpdateDatasetLicenseCommand.java
 create mode 100644 src/test/java/edu/harvard/iq/dataverse/engine/command/impl/UpdateDatasetLicenseCommandTest.java

diff --git a/doc/release-notes/11771-update-dataset-license-api.md b/doc/release-notes/11771-update-dataset-license-api.md
new file mode 100644
index 00000000000..e87f7e0f93f
--- /dev/null
+++ b/doc/release-notes/11771-update-dataset-license-api.md
@@ -0,0 +1,13 @@
+## New Endpoint: `/datasets/{id}/license`
+
+A new endpoint has been implemented to manage dataset licenses.
+
+### Functionality
+- Updates the license of a dataset by applying it to the draft version.
+- If no draft exists, a new one is automatically created.
+
+### Usage
+This endpoint supports two ways of defining a license:
+1. **Predefined License** – Provide the license name (e.g., `CC BY 4.0`).
+2. **Custom Terms of Use and Access** – Provide a JSON body with the `customTerms` object.
+    - All fields are optional **except** `termsOfUse`, which is required.
diff --git a/doc/sphinx-guides/source/api/native-api.rst b/doc/sphinx-guides/source/api/native-api.rst
index b2eee36aeb4..ddfc73b3c4f 100644
--- a/doc/sphinx-guides/source/api/native-api.rst
+++ b/doc/sphinx-guides/source/api/native-api.rst
@@ -4357,6 +4357,53 @@ The CSV response for this call is the same as for the /api/datasets/{id}/assignm
 
 Note: This feature requires the "role-assignment-history" feature flag to be enabled (see :ref:`feature-flags`).
 
+Update Dataset License
+~~~~~~~~~~~~~~~~~~~~~~
+
+Updates the license of a dataset by applying it to the draft version, or by creating a draft if none exists.
+
+The JSON representation of a license can take two forms, depending on whether you want to specify a predefined license or define custom terms of use and access.
+
+To set a predefined license (e.g., CC BY 4.0), provide a JSON body with the license name:
+
+.. code-block:: json
+
+  {
+    "name": "CC BY 4.0"
+  }
+
+To define custom terms of use and access, provide a JSON body with the following properties. All fields within ``customTerms`` are optional, except for the ``termsOfUse`` field, which is required:
+
+.. code-block:: json
+
+  {
+    "customTerms": {
+        "termsOfUse": "Your terms of use",
+        "confidentialityDeclaration": "Your confidentiality declaration",
+        "specialPermissions": "Your special permissions",
+        "restrictions": "Your restrictions",
+        "citationRequirements": "Your citation requirements",
+        "depositorRequirements": "Your depositor requirements",
+        "conditions": "Your conditions",
+        "disclaimer": "Your disclaimer"
+    }
+  }
+
+.. code-block:: bash
+
+  export API_TOKEN=xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
+  export SERVER_URL=https://demo.dataverse.org
+  export ID=3
+  export FILE_PATH=license.json
+
+  curl -H "X-Dataverse-key:$API_TOKEN" -X PUT "$SERVER_URL/api/datasets/$ID/license" -H "Content-type:application/json" --upload-file $FILE_PATH
+
+The fully expanded example above (without environment variables) looks like this:
+
+.. code-block:: bash
+
+  curl -H "X-Dataverse-key:xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx" -X PUT "https://demo.dataverse.org/api/datasets/3/license" -H "Content-type:application/json" --upload-file license.json
+
 Files
 -----
 
diff --git a/src/main/java/edu/harvard/iq/dataverse/api/AbstractApiBean.java b/src/main/java/edu/harvard/iq/dataverse/api/AbstractApiBean.java
index 14b0ab6d2c0..4cb3466ab4c 100644
--- a/src/main/java/edu/harvard/iq/dataverse/api/AbstractApiBean.java
+++ b/src/main/java/edu/harvard/iq/dataverse/api/AbstractApiBean.java
@@ -24,6 +24,7 @@
 import edu.harvard.iq.dataverse.engine.command.impl.GetSpecificPublishedDatasetVersionCommand;
 import edu.harvard.iq.dataverse.externaltools.ExternalToolServiceBean;
 import edu.harvard.iq.dataverse.license.LicenseServiceBean;
+import edu.harvard.iq.dataverse.makedatacount.DatasetMetricsServiceBean;
 import edu.harvard.iq.dataverse.pidproviders.FailedPIDResolutionLoggingServiceBean;
 import edu.harvard.iq.dataverse.pidproviders.PidUtil;
 import edu.harvard.iq.dataverse.pidproviders.FailedPIDResolutionLoggingServiceBean.FailedPIDResolutionEntry;
@@ -224,6 +225,9 @@ String getWrappedMessageWhenJson() {
     @EJB
     protected ExternalToolServiceBean externalToolService;
 
+    @EJB
+    protected DatasetMetricsServiceBean datasetMetricsService;
+
     @EJB
     DataFileServiceBean fileSvc;
 
diff --git a/src/main/java/edu/harvard/iq/dataverse/api/Datasets.java b/src/main/java/edu/harvard/iq/dataverse/api/Datasets.java
index 12715d31e77..51f4ec607ef 100644
--- a/src/main/java/edu/harvard/iq/dataverse/api/Datasets.java
+++ b/src/main/java/edu/harvard/iq/dataverse/api/Datasets.java
@@ -2,11 +2,10 @@
 
 import edu.harvard.iq.dataverse.*;
 import edu.harvard.iq.dataverse.DatasetLock.Reason;
-import edu.harvard.iq.dataverse.DatasetVersion.VersionState;
-import edu.harvard.iq.dataverse.DataverseRoleServiceBean.RoleAssignmentHistoryConsolidatedEntry;
 import edu.harvard.iq.dataverse.actionlogging.ActionLogRecord;
-import edu.harvard.iq.dataverse.api.AbstractApiBean.WrappedResponse;
 import edu.harvard.iq.dataverse.api.auth.AuthRequired;
+import edu.harvard.iq.dataverse.api.dto.CustomTermsDTO;
+import edu.harvard.iq.dataverse.api.dto.LicenseUpdateRequest;
 import edu.harvard.iq.dataverse.api.dto.RoleAssignmentDTO;
 import edu.harvard.iq.dataverse.authorization.AuthenticationServiceBean;
 import edu.harvard.iq.dataverse.authorization.DataverseRole;
@@ -31,7 +30,6 @@
 import edu.harvard.iq.dataverse.engine.command.DataverseRequest;
 import edu.harvard.iq.dataverse.engine.command.exception.*;
 import edu.harvard.iq.dataverse.engine.command.impl.*;
-import edu.harvard.iq.dataverse.export.DDIExportServiceBean;
 import edu.harvard.iq.dataverse.export.ExportService;
 import edu.harvard.iq.dataverse.externaltools.ExternalTool;
 import edu.harvard.iq.dataverse.externaltools.ExternalToolHandler;
@@ -142,9 +140,6 @@ public class Datasets extends AbstractApiBean {
     @EJB
     AuthenticationServiceBean authenticationServiceBean;
 
-    @EJB
-    DDIExportServiceBean ddiExportService;
-
     @EJB
     MetadataBlockServiceBean metadataBlockService;
 
@@ -166,10 +161,6 @@ public class Datasets extends AbstractApiBean {
     @EJB
     SettingsServiceBean settingsService;
 
-    // TODO: Move to AbstractApiBean
-    @EJB
-    DatasetMetricsServiceBean datasetMetricsSvc;
-
     @EJB
     DatasetExternalCitationsServiceBean datasetExternalCitationsService;
 
@@ -203,9 +194,6 @@ public class Datasets extends AbstractApiBean {
     @Inject
     DatasetTypeServiceBean datasetTypeSvc;
 
-    @Inject
-    DatasetFieldsValidator datasetFieldsValidator;
-
     @Inject
     DataFileCategoryServiceBean dataFileCategoryService;
 
@@ -1155,16 +1143,16 @@ public Response editVersionMetadata(@Context ContainerRequestContext crc, String
             return ex.getResponse();
         }
     }
-    
+
     @PUT
     @AuthRequired
     @Path("{id}/access")
     public Response editVersionTermsOfAccess(@Context ContainerRequestContext crc, String jsonBody, @PathParam("id") String id,
                                         @QueryParam("sourceLastUpdateTime") String sourceLastUpdateTime) {
         try {
-            
+
             boolean publicInstall = settingsSvc.isTrueForKey(SettingsServiceBean.Key.PublicInstall, false);
-            
+
             Dataset dataset = findDatasetOrDie(id);
 
             if (sourceLastUpdateTime != null) {
@@ -1174,11 +1162,11 @@ public Response editVersionTermsOfAccess(@Context ContainerRequestContext crc, S
             JsonObject json = JsonUtil.getJsonObject(jsonBody);
 
             TermsOfUseAndAccess toua = jsonParser().parseTermsOfAccess(json);
-            
+
             if (publicInstall && (toua.isFileAccessRequest() || !toua.getTermsOfAccess().isEmpty())){
                 return error(BAD_REQUEST, "Setting File Access Request or Terms of Access is not permitted on a public installation.");
             }
-                       
+
             DatasetVersion updatedVersion = execCommand(new UpdateDatasetTermsOfAccessCommand(dataset, toua, createDataverseRequest(getRequestUser(crc)))).getLatestVersion();
 
             return ok(json(updatedVersion, true));
@@ -3575,7 +3563,7 @@ public Response getMakeDataCountMetric(@PathParam("id") String idSupplied, @Path
                     return error(Response.Status.BAD_REQUEST, "Country must be one of the ISO 1366 Country Codes");
                 }
             }
-            DatasetMetrics datasetMetrics = datasetMetricsSvc.getDatasetMetricsByDatasetForDisplay(dataset, monthYear, country);
+            DatasetMetrics datasetMetrics = datasetMetricsService.getDatasetMetricsByDatasetForDisplay(dataset, monthYear, country);
             if (datasetMetrics == null) {
                 return ok("No metrics available for dataset " + dataset.getId() + " for " + yyyymm + " for country code " + country + ".");
             } else if (datasetMetrics.getDownloadsTotal() + datasetMetrics.getViewsTotal() == 0) {
@@ -6041,7 +6029,7 @@ public Response deleteDatasetFiles(@Context ContainerRequestContext crc, @PathPa
         }, getRequestUser(crc));
     }
 
-@GET
+    @GET
     @AuthRequired
     @Path("{id}/versions/{versionId}/versionNote")
     public Response getVersionCreationNote(@Context ContainerRequestContext crc, @PathParam("id") String datasetId, @PathParam("versionId") String versionId, @Context UriInfo uriInfo, @Context HttpHeaders headers) throws WrappedResponse {
@@ -6110,7 +6098,7 @@ public Response deleteVersionNote(@Context ContainerRequestContext crc, @PathPar
             return ok("Note deleted");
         }, getRequestUser(crc));
     }
-    
+
     @GET
     @AuthRequired
     @Path("{identifier}/assignments/history")
@@ -6118,7 +6106,7 @@ public Response deleteVersionNote(@Context ContainerRequestContext crc, @PathPar
     public Response getRoleAssignmentHistory(@Context ContainerRequestContext crc, @PathParam("identifier") String id, @Context HttpHeaders headers) {
         return response(req -> {
             Dataset dataset = findDatasetOrDie(id);
-            
+
             // user is authenticated
             AuthenticatedUser authenticatedUser = getRequestAuthenticatedUserOrDie(crc);
 
@@ -6135,11 +6123,37 @@ public Response getFilesRoleAssignmentHistory(@Context ContainerRequestContext c
             @Context HttpHeaders headers) {
         return response(req -> {
             Dataset dataset = findDatasetOrDie(id);
-            
+
             // user is authenticated
             AuthenticatedUser authenticatedUser = getRequestAuthenticatedUserOrDie(crc);
 
             return getRoleAssignmentHistoryResponse(dataset, authenticatedUser, true, headers);
         }, getRequestUser(crc));
     }
+
+    @PUT
+    @AuthRequired
+    @Path("{id}/license")
+    public Response updateLicense(@Context ContainerRequestContext crc,
+                                  @PathParam("id") String datasetId,
+                                  LicenseUpdateRequest requestBody) {
+        return response(req -> {
+            Dataset dataset = findDatasetOrDie(datasetId);
+            if (requestBody.getName() != null && !requestBody.getName().isEmpty()) {
+                String licenseName = requestBody.getName();
+                License license = licenseSvc.getByNameOrUri(licenseName);
+                if (license == null) {
+                    return notFound(BundleUtil.getStringFromBundle("datasets.api.updateLicense.licenseNotFound", List.of(licenseName)));
+                }
+                execCommand(new UpdateDatasetLicenseCommand(req, dataset, license));
+                return ok(BundleUtil.getStringFromBundle("datasets.api.updateLicense.success"));
+            } else if (requestBody.getCustomTerms() != null) {
+                CustomTermsDTO customTerms = requestBody.getCustomTerms();
+                execCommand(new UpdateDatasetLicenseCommand(req, dataset, customTerms.toTermsOfUseAndAccess()));
+                return ok(BundleUtil.getStringFromBundle("datasets.api.updateLicense.success"));
+            } else {
+                return badRequest(BundleUtil.getStringFromBundle("datasets.api.updateLicense.licenseNameIsEmpty"));
+            }
+        }, getRequestUser(crc));
+    }
 }
diff --git a/src/main/java/edu/harvard/iq/dataverse/api/MakeDataCountApi.java b/src/main/java/edu/harvard/iq/dataverse/api/MakeDataCountApi.java
index ca4f55da822..07e87a9b86a 100644
--- a/src/main/java/edu/harvard/iq/dataverse/api/MakeDataCountApi.java
+++ b/src/main/java/edu/harvard/iq/dataverse/api/MakeDataCountApi.java
@@ -1,28 +1,21 @@
 package edu.harvard.iq.dataverse.api;
 
 import edu.harvard.iq.dataverse.Dataset;
-import edu.harvard.iq.dataverse.DatasetServiceBean;
 import edu.harvard.iq.dataverse.GlobalId;
 import edu.harvard.iq.dataverse.makedatacount.DatasetExternalCitations;
 import edu.harvard.iq.dataverse.makedatacount.DatasetExternalCitationsServiceBean;
 import edu.harvard.iq.dataverse.makedatacount.DatasetMetrics;
-import edu.harvard.iq.dataverse.makedatacount.DatasetMetricsServiceBean;
 import edu.harvard.iq.dataverse.makedatacount.MakeDataCountProcessState;
 import edu.harvard.iq.dataverse.makedatacount.MakeDataCountProcessStateServiceBean;
 import edu.harvard.iq.dataverse.pidproviders.PidProvider;
 import edu.harvard.iq.dataverse.pidproviders.PidUtil;
 import edu.harvard.iq.dataverse.pidproviders.doi.datacite.DataCiteDOIProvider;
 import edu.harvard.iq.dataverse.settings.JvmSettings;
-import edu.harvard.iq.dataverse.util.SystemConfig;
 import edu.harvard.iq.dataverse.util.json.JsonUtil;
 
 import java.io.IOException;
 import java.io.InputStream;
-import java.net.HttpURLConnection;
-import java.net.MalformedURLException;
-import java.net.URI;
-import java.net.URISyntaxException;
-import java.net.URL;
+import java.net.*;
 import java.util.Iterator;
 import java.util.List;
 import java.util.concurrent.Future;
@@ -57,16 +50,10 @@ public class MakeDataCountApi extends AbstractApiBean {
 
     private static final Logger logger = Logger.getLogger(MakeDataCountApi.class.getCanonicalName());
 
-    @EJB
-    DatasetMetricsServiceBean datasetMetricsService;
     @EJB
     MakeDataCountProcessStateServiceBean makeDataCountProcessStateService;
     @EJB
     DatasetExternalCitationsServiceBean datasetExternalCitationsService;
-    @EJB
-    DatasetServiceBean datasetService;
-    @EJB
-    SystemConfig systemConfig;
 
     // Inject the managed executor service provided by the container
     @Resource(name = "concurrent/CitationUpdateExecutor")
diff --git a/src/main/java/edu/harvard/iq/dataverse/api/dto/CustomTermsDTO.java b/src/main/java/edu/harvard/iq/dataverse/api/dto/CustomTermsDTO.java
new file mode 100644
index 00000000000..b2d00e01ef5
--- /dev/null
+++ b/src/main/java/edu/harvard/iq/dataverse/api/dto/CustomTermsDTO.java
@@ -0,0 +1,91 @@
+package edu.harvard.iq.dataverse.api.dto;
+
+import edu.harvard.iq.dataverse.TermsOfUseAndAccess;
+
+public class CustomTermsDTO {
+    private String termsOfUse;
+    private String confidentialityDeclaration;
+    private String specialPermissions;
+    private String restrictions;
+    private String citationRequirements;
+    private String depositorRequirements;
+    private String conditions;
+    private String disclaimer;
+
+    public String getTermsOfUse() {
+        return termsOfUse;
+    }
+
+    public void setTermsOfUse(String termsOfUse) {
+        this.termsOfUse = termsOfUse;
+    }
+
+    public String getConfidentialityDeclaration() {
+        return confidentialityDeclaration;
+    }
+
+    public void setConfidentialityDeclaration(String confidentialityDeclaration) {
+        this.confidentialityDeclaration = confidentialityDeclaration;
+    }
+
+    public String getSpecialPermissions() {
+        return specialPermissions;
+    }
+
+    public void setSpecialPermissions(String specialPermissions) {
+        this.specialPermissions = specialPermissions;
+    }
+
+    public String getRestrictions() {
+        return restrictions;
+    }
+
+    public void setRestrictions(String restrictions) {
+        this.restrictions = restrictions;
+    }
+
+    public String getCitationRequirements() {
+        return citationRequirements;
+    }
+
+    public void setCitationRequirements(String citationRequirements) {
+        this.citationRequirements = citationRequirements;
+    }
+
+    public String getDepositorRequirements() {
+        return depositorRequirements;
+    }
+
+    public void setDepositorRequirements(String depositorRequirements) {
+        this.depositorRequirements = depositorRequirements;
+    }
+
+    public String getConditions() {
+        return conditions;
+    }
+
+    public void setConditions(String conditions) {
+        this.conditions = conditions;
+    }
+
+    public String getDisclaimer() {
+        return disclaimer;
+    }
+
+    public void setDisclaimer(String disclaimer) {
+        this.disclaimer = disclaimer;
+    }
+
+    public TermsOfUseAndAccess toTermsOfUseAndAccess() {
+        TermsOfUseAndAccess termsOfUseAndAccess = new TermsOfUseAndAccess();
+        termsOfUseAndAccess.setTermsOfUse(termsOfUse);
+        termsOfUseAndAccess.setConfidentialityDeclaration(confidentialityDeclaration);
+        termsOfUseAndAccess.setSpecialPermissions(specialPermissions);
+        termsOfUseAndAccess.setRestrictions(restrictions);
+        termsOfUseAndAccess.setCitationRequirements(citationRequirements);
+        termsOfUseAndAccess.setDepositorRequirements(depositorRequirements);
+        termsOfUseAndAccess.setConditions(conditions);
+        termsOfUseAndAccess.setDisclaimer(disclaimer);
+        return termsOfUseAndAccess;
+    }
+}
diff --git a/src/main/java/edu/harvard/iq/dataverse/api/dto/LicenseUpdateRequest.java b/src/main/java/edu/harvard/iq/dataverse/api/dto/LicenseUpdateRequest.java
new file mode 100644
index 00000000000..bba9dab7a25
--- /dev/null
+++ b/src/main/java/edu/harvard/iq/dataverse/api/dto/LicenseUpdateRequest.java
@@ -0,0 +1,28 @@
+package edu.harvard.iq.dataverse.api.dto;
+
+import com.fasterxml.jackson.annotation.JsonInclude;
+
+// This DTO acts as a wrapper for the request body.
+// It can accept EITHER a 'name' or a 'customTerms' object.
+@JsonInclude(JsonInclude.Include.NON_NULL)
+public class LicenseUpdateRequest {
+
+    private String name;
+    private CustomTermsDTO customTerms;
+
+    public String getName() {
+        return name;
+    }
+
+    public void setName(String name) {
+        this.name = name;
+    }
+
+    public CustomTermsDTO getCustomTerms() {
+        return customTerms;
+    }
+
+    public void setCustomTerms(CustomTermsDTO customTerms) {
+        this.customTerms = customTerms;
+    }
+}
diff --git a/src/main/java/edu/harvard/iq/dataverse/engine/command/impl/UpdateDatasetLicenseCommand.java b/src/main/java/edu/harvard/iq/dataverse/engine/command/impl/UpdateDatasetLicenseCommand.java
new file mode 100644
index 00000000000..37f97bf0db1
--- /dev/null
+++ b/src/main/java/edu/harvard/iq/dataverse/engine/command/impl/UpdateDatasetLicenseCommand.java
@@ -0,0 +1,76 @@
+package edu.harvard.iq.dataverse.engine.command.impl;
+
+import edu.harvard.iq.dataverse.Dataset;
+import edu.harvard.iq.dataverse.DatasetVersion;
+import edu.harvard.iq.dataverse.TermsOfUseAndAccess;
+import edu.harvard.iq.dataverse.authorization.Permission;
+import edu.harvard.iq.dataverse.engine.command.*;
+import edu.harvard.iq.dataverse.engine.command.exception.CommandException;
+import edu.harvard.iq.dataverse.engine.command.exception.InvalidCommandArgumentsException;
+import edu.harvard.iq.dataverse.license.License;
+import edu.harvard.iq.dataverse.util.BundleUtil;
+
+import java.util.List;
+
+@RequiredPermissions(Permission.EditDataset)
+public class UpdateDatasetLicenseCommand extends AbstractVoidCommand {
+    private final Dataset dataset;
+    private License license = null;
+    private TermsOfUseAndAccess customTermsOfUseAndAccess = null;
+
+    public UpdateDatasetLicenseCommand(DataverseRequest aRequest, Dataset dataset, License license) {
+        super(aRequest, dataset);
+        this.dataset = dataset;
+        this.license = license;
+    }
+
+    public UpdateDatasetLicenseCommand(DataverseRequest aRequest, Dataset dataset, TermsOfUseAndAccess customTermsOfUseAndAccess) {
+        super(aRequest, dataset);
+        this.dataset = dataset;
+        this.customTermsOfUseAndAccess = customTermsOfUseAndAccess;
+    }
+
+
+    @Override
+    protected void executeImpl(CommandContext ctxt) throws CommandException {
+        DatasetVersion datasetVersion = dataset.getOrCreateEditVersion();
+        datasetVersion.setVersionState(DatasetVersion.VersionState.DRAFT);
+
+        if (license != null) {
+            if (!license.isActive()) {
+                throw new InvalidCommandArgumentsException(BundleUtil.getStringFromBundle("updateDatasetLicenseCommand.errors.licenseNotActive", List.of(license.getName())), this);
+            }
+            TermsOfUseAndAccess termsOfUseAndAccess = datasetVersion.getTermsOfUseAndAccess();
+            termsOfUseAndAccess.setLicense(license);
+
+            ctxt.engine().submit(new UpdateDatasetVersionCommand(this.dataset, getRequest()));
+        } else if (customTermsOfUseAndAccess != null) {
+            if (customTermsOfUseAndAccess.getTermsOfUse() == null || customTermsOfUseAndAccess.getTermsOfUse().isBlank()) {
+                throw new InvalidCommandArgumentsException(BundleUtil.getStringFromBundle("updateDatasetLicenseCommand.errors.customTermsOfUseNotProvided"), this);
+            }
+            TermsOfUseAndAccess termsToUpdate = datasetVersion.getTermsOfUseAndAccess();
+            applyCustomTerms(termsToUpdate, customTermsOfUseAndAccess);
+            termsToUpdate.setLicense(null);
+            datasetVersion.setTermsOfUseAndAccess(termsToUpdate);
+            ctxt.engine().submit(new UpdateDatasetVersionCommand(this.dataset, getRequest()));
+        }
+    }
+
+    /**
+     * Copies all custom term-related fields from the 'source' object
+     * to the 'target' object.
+     *
+     * @param target The TermsOfUseAndAccess object to be modified
+     * @param source The TermsOfUseAndAccess object containing the new data
+     */
+    private void applyCustomTerms(TermsOfUseAndAccess target, TermsOfUseAndAccess source) {
+        target.setTermsOfUse(source.getTermsOfUse());
+        target.setConfidentialityDeclaration(source.getConfidentialityDeclaration());
+        target.setSpecialPermissions(source.getSpecialPermissions());
+        target.setRestrictions(source.getRestrictions());
+        target.setCitationRequirements(source.getCitationRequirements());
+        target.setDepositorRequirements(source.getDepositorRequirements());
+        target.setConditions(source.getConditions());
+        target.setDisclaimer(source.getDisclaimer());
+    }
+}
diff --git a/src/main/java/propertyFiles/Bundle.properties b/src/main/java/propertyFiles/Bundle.properties
index f6ca8a9d4f0..3254c26ed22 100644
--- a/src/main/java/propertyFiles/Bundle.properties
+++ b/src/main/java/propertyFiles/Bundle.properties
@@ -2866,6 +2866,9 @@ datasets.api.thumbnail.fileNotSupplied=A file was not selected to be the new dat
 datasets.api.thumbnail.noChange=No changes to save.
 datasets.api.editMetadata.error.parseUpdate=Error parsing dataset update: {0}
 datasets.api.citation.invalidFormat=Invalid Format Requested.
+datasets.api.updateLicense.success=Dataset license updated.
+datasets.api.updateLicense.licenseNotFound=License with name {0} not found.
+datasets.api.updateLicense.licenseNameIsEmpty=License name cannot be empty.
 
 #Dataverses.java
 dataverses.api.update.default.contributor.role.failure.role.not.found=Role {0} not found.
@@ -3249,3 +3252,7 @@ getUserPermittedCollectionsCommand.errors.permissionNotValid=Permission not vali
 
 #AbstractPaginatedCommand.java
 abstractPaginatedCommand.errors.negativePaginationParam=The {0} parameter cannot be negative.
+
+#UpdateDatasetLicenseCommand.java
+updateDatasetLicenseCommand.errors.licenseNotActive=License {0} cannot be set because it is not active.
+updateDatasetLicenseCommand.errors.customTermsOfUseNotProvided=Terms of use text should be provided in custom terms.
diff --git a/src/test/java/edu/harvard/iq/dataverse/api/DatasetsIT.java b/src/test/java/edu/harvard/iq/dataverse/api/DatasetsIT.java
index 3a34c3607cd..97e17c67a5d 100644
--- a/src/test/java/edu/harvard/iq/dataverse/api/DatasetsIT.java
+++ b/src/test/java/edu/harvard/iq/dataverse/api/DatasetsIT.java
@@ -7227,6 +7227,128 @@ public void testUpdateMultipleFileMetadata() {
                 .statusCode(OK.getStatusCode());
     }
 
+    @Test
+    public void testUpdateLicense() {
+        Response createUser = UtilIT.createRandomUser();
+        String apiToken = UtilIT.getApiTokenFromResponse(createUser);
+
+        // Test setup: Create a user and a published dataverse to host the dataset.
+        Response createDataverseResponse = UtilIT.createRandomDataverse(apiToken);
+        String ownerAlias = UtilIT.getAliasFromResponse(createDataverseResponse);
+        UtilIT.publishDataverseViaNativeApi(ownerAlias, apiToken);
+
+        // Test setup: Create and publish a dataset within the new dataverse.
+        Response createDatasetResponse = UtilIT.createRandomDatasetViaNativeApi(ownerAlias, apiToken);
+        Integer datasetId = UtilIT.getDatasetIdFromResponse(createDatasetResponse);
+        String datasetPersistentId = UtilIT.getDatasetPersistentIdFromResponse(createDatasetResponse);
+        UtilIT.publishDatasetViaNativeApi(datasetId, "major", apiToken);
+
+        // Verify the dataset's initial state, ensuring it has the default CC0 1.0 license.
+        Response getDatasetVersion = UtilIT.getDatasetVersion(datasetPersistentId, DS_VERSION_LATEST, apiToken);
+        getDatasetVersion.then().assertThat()
+                .statusCode(OK.getStatusCode())
+                .body("data.license.name", equalTo("CC0 1.0"));
+
+        // Test case 1: Update to a valid, predefined license (CC BY 4.0).
+        Response updateLicenseResponse = UtilIT.updateLicense(datasetId.toString(), "{ \"name\": \"CC BY 4.0\" }", apiToken);
+        updateLicenseResponse.then().assertThat()
+                .statusCode(OK.getStatusCode())
+                .body("data.message", equalTo(BundleUtil.getStringFromBundle("datasets.api.updateLicense.success")));
+
+        getDatasetVersion = UtilIT.getDatasetVersion(datasetPersistentId, DS_VERSION_LATEST, apiToken);
+        getDatasetVersion.then().assertThat()
+                .statusCode(OK.getStatusCode())
+                .body("data.license.name", equalTo("CC BY 4.0"));
+
+        // Test case 2: Attempt to update with an invalid license name and verify the expected error.
+        String testInvalidLicenseName = "INVALID LICENSE 4.0";
+        updateLicenseResponse = UtilIT.updateLicense(datasetId.toString(), "{ \"name\": \"" + testInvalidLicenseName + "\" }", apiToken);
+        updateLicenseResponse.then().assertThat()
+                .statusCode(NOT_FOUND.getStatusCode())
+                .body("message", equalTo(BundleUtil.getStringFromBundle("datasets.api.updateLicense.licenseNotFound", List.of(testInvalidLicenseName))));
+
+        // Test case 3: Update with custom terms, providing only the required 'termsOfUse' field.
+        String jsonString = """
+            {
+               "customTerms": {
+                 "termsOfUse": "testTermsOfUse"
+                }
+            }
+            """;
+
+        updateLicenseResponse = UtilIT.updateLicense(datasetId.toString(), jsonString, apiToken);
+        updateLicenseResponse.then().assertThat()
+                .statusCode(OK.getStatusCode())
+                .body("data.message", equalTo(BundleUtil.getStringFromBundle("datasets.api.updateLicense.success")));
+
+        getDatasetVersion = UtilIT.getDatasetVersion(datasetPersistentId, DS_VERSION_LATEST, apiToken);
+        getDatasetVersion.then().assertThat()
+                .statusCode(OK.getStatusCode())
+                .body("data.license", equalTo(null))
+                .body("data.termsOfUse", equalTo("testTermsOfUse"))
+                .body("data.confidentialityDeclaration", equalTo(null))
+                .body("data.specialPermissions", equalTo(null))
+                .body("data.restrictions", equalTo(null))
+                .body("data.citationRequirements", equalTo(null))
+                .body("data.depositorRequirements", equalTo(null))
+                .body("data.conditions", equalTo(null))
+                .body("data.disclaimer", equalTo(null));
+
+        // Test case 4: Update with a complete set of custom terms, including all optional fields.
+        jsonString = """
+            {
+               "customTerms": {
+                 "termsOfUse": "testTermsOfUse",
+                 "confidentialityDeclaration": "testConfidentialityDeclaration",
+                 "specialPermissions": "testSpecialPermissions",
+                 "restrictions": "testRestrictions",
+                 "citationRequirements": "testCitationRequirements",
+                 "depositorRequirements": "testDepositorRequirements",
+                 "conditions": "testConditions",
+                 "disclaimer": "testDisclaimer"
+               }
+             }
+            """;
+
+        updateLicenseResponse = UtilIT.updateLicense(datasetId.toString(), jsonString, apiToken);
+        updateLicenseResponse.then().assertThat()
+                .statusCode(OK.getStatusCode())
+                .body("data.message", equalTo(BundleUtil.getStringFromBundle("datasets.api.updateLicense.success")));
+
+        getDatasetVersion = UtilIT.getDatasetVersion(datasetPersistentId, DS_VERSION_LATEST, apiToken);
+        getDatasetVersion.then().assertThat()
+                .statusCode(OK.getStatusCode())
+                .body("data.license", equalTo(null))
+                .body("data.termsOfUse", equalTo("testTermsOfUse"))
+                .body("data.confidentialityDeclaration", equalTo("testConfidentialityDeclaration"))
+                .body("data.specialPermissions", equalTo("testSpecialPermissions"))
+                .body("data.restrictions", equalTo("testRestrictions"))
+                .body("data.citationRequirements", equalTo("testCitationRequirements"))
+                .body("data.depositorRequirements", equalTo("testDepositorRequirements"))
+                .body("data.conditions", equalTo("testConditions"))
+                .body("data.disclaimer", equalTo("testDisclaimer"));
+
+        // Test case 5: Ensure that providing an empty 'customTerms' object results in a validation error.
+        jsonString = """
+            {
+               "customTerms": {}
+             }
+            """;
+
+        updateLicenseResponse = UtilIT.updateLicense(datasetId.toString(), jsonString, apiToken);
+        updateLicenseResponse.then().assertThat()
+                .statusCode(BAD_REQUEST.getStatusCode())
+                .body("message", equalTo(BundleUtil.getStringFromBundle("updateDatasetLicenseCommand.errors.customTermsOfUseNotProvided")));
+
+        // Test case 6: The operation should return a permissions error when invoked by a user with insufficient permissions.
+        createUser = UtilIT.createRandomUser();
+        apiToken = UtilIT.getApiTokenFromResponse(createUser);
+
+        updateLicenseResponse = UtilIT.updateLicense(datasetId.toString(), "{ \"name\": \"CC BY 4.0\" }", apiToken);
+        updateLicenseResponse.then().assertThat()
+                .statusCode(UNAUTHORIZED.getStatusCode());
+    }
+
     private String getSuperuserToken() {
         Response createResponse = UtilIT.createRandomUser();
         String adminApiToken = UtilIT.getApiTokenFromResponse(createResponse);
diff --git a/src/test/java/edu/harvard/iq/dataverse/api/UtilIT.java b/src/test/java/edu/harvard/iq/dataverse/api/UtilIT.java
index 9724efb2d32..5a07769b313 100644
--- a/src/test/java/edu/harvard/iq/dataverse/api/UtilIT.java
+++ b/src/test/java/edu/harvard/iq/dataverse/api/UtilIT.java
@@ -1803,7 +1803,7 @@ static Response compareDatasetVersions(String persistentId, String versionNumber
     static Response summaryDatasetVersionDifferences(String persistentId, String apiToken) {
         return summaryDatasetVersionDifferences(persistentId, null, null, apiToken);
     }
-    
+
     static Response summaryDatasetVersionDifferences(String persistentId, Integer limit, Integer offset, String apiToken) {
         return given()
                 .header(API_TOKEN_HTTP_HEADER, apiToken)
@@ -3882,7 +3882,7 @@ static Response updateDatasetJsonLDMetadata(Integer datasetId, String apiToken,
             .put("/api/datasets/" + datasetId + "/metadata?replace=" + replace);
         return response;
     }
-    
+
     static Response updateDatasetTermsAndAccess(String idOrPersistentIdOfDataset, String apiToken, String pathToJsonFile) {
         String idInPath = idOrPersistentIdOfDataset;
         String optionalQueryParam = "";
@@ -3899,7 +3899,7 @@ static Response updateDatasetTermsAndAccess(String idOrPersistentIdOfDataset, St
                 .put("/api/datasets/" + idInPath + "/access" + optionalQueryParam);
         return response;
     }
-    
+
     public static String getDatasetTermsFromFile(String pathToJsonFile) {
         File datasetTermsJson = new File(pathToJsonFile);
         try {
@@ -5112,35 +5112,43 @@ public static Response callCallbackUrl(String callbackUrl) {
                 .when()
                 .get(callbackUrl);
     }
-    
+
 
     public static Response getDataverseRoleAssignmentHistory(String dataverseAlias, boolean downloadAsCsv, String apiToken) {
         RequestSpecification requestSpecification = given()
                 .header(API_TOKEN_HTTP_HEADER, apiToken);
-        
+
         requestSpecification = requestSpecification.header("Accept", downloadAsCsv ? "text/csv" : "application/json");
-        
+
         return requestSpecification
                 .get("/api/v1/dataverses/" + dataverseAlias + "/assignments/history");
     }
-    
+
     public static Response getDatasetRoleAssignmentHistory(Integer datasetId, boolean downloadAsCsv, String apiToken) {
         RequestSpecification requestSpecification = given()
                 .header(API_TOKEN_HTTP_HEADER, apiToken);
-        
+
         requestSpecification = requestSpecification.header("Accept", downloadAsCsv ? "text/csv" : "application/json");
-        
+
         return requestSpecification
                 .get("/api/v1/datasets/" + datasetId + "/assignments/history");
     }
-    
+
     public static Response getDatasetFilesRoleAssignmentHistory(Integer datasetId, boolean downloadAsCsv, String apiToken) {
         RequestSpecification requestSpecification = given()
                 .header(API_TOKEN_HTTP_HEADER, apiToken);
-        
+
         requestSpecification = requestSpecification.header("Accept", downloadAsCsv ? "text/csv" : "application/json");
-        
+
         return requestSpecification
                 .get("/api/v1/datasets/" + datasetId + "/files/assignments/history");
     }
+
+    public static Response updateLicense(String datasetId, String licenseOrCustomTerms, String apiToken) {
+        return given()
+                .body(licenseOrCustomTerms)
+                .contentType(ContentType.JSON)
+                .header(API_TOKEN_HTTP_HEADER, apiToken)
+                .put("/api/datasets/" + datasetId + "/license");
+    }
 }
diff --git a/src/test/java/edu/harvard/iq/dataverse/engine/command/impl/UpdateDatasetLicenseCommandTest.java b/src/test/java/edu/harvard/iq/dataverse/engine/command/impl/UpdateDatasetLicenseCommandTest.java
new file mode 100644
index 00000000000..78d5e99546c
--- /dev/null
+++ b/src/test/java/edu/harvard/iq/dataverse/engine/command/impl/UpdateDatasetLicenseCommandTest.java
@@ -0,0 +1,151 @@
+package edu.harvard.iq.dataverse.engine.command.impl;
+
+import edu.harvard.iq.dataverse.Dataset;
+import edu.harvard.iq.dataverse.DatasetVersion;
+import edu.harvard.iq.dataverse.TermsOfUseAndAccess;
+import edu.harvard.iq.dataverse.engine.DataverseEngine;
+import edu.harvard.iq.dataverse.engine.command.CommandContext;
+import edu.harvard.iq.dataverse.engine.command.DataverseRequest;
+import edu.harvard.iq.dataverse.engine.command.exception.CommandException;
+import edu.harvard.iq.dataverse.engine.command.exception.InvalidCommandArgumentsException;
+import edu.harvard.iq.dataverse.license.License;
+import edu.harvard.iq.dataverse.util.BundleUtil;
+import org.junit.jupiter.api.BeforeEach;
+import org.junit.jupiter.api.Test;
+import org.junit.jupiter.params.ParameterizedTest;
+import org.junit.jupiter.params.provider.NullSource;
+import org.junit.jupiter.params.provider.ValueSource;
+import org.mockito.Mock;
+import org.mockito.MockitoAnnotations;
+import org.mockito.Spy;
+
+import java.util.List;
+
+import static org.junit.jupiter.api.Assertions.assertEquals;
+import static org.junit.jupiter.api.Assertions.assertThrows;
+import static org.mockito.Mockito.verify;
+import static org.mockito.Mockito.when;
+
+public class UpdateDatasetLicenseCommandTest {
+
+    @Mock
+    private DataverseRequest dataverseRequestStub;
+    @Mock
+    private UpdateDatasetVersionCommand updateDatasetVersionCommandStub;
+    @Mock
+    private Dataset datasetMock;
+    @Mock
+    private DatasetVersion datasetVersionMock;
+    @Spy
+    private TermsOfUseAndAccess termsOfUseAndAccessSpy = new TermsOfUseAndAccess();
+    @Mock
+    private TermsOfUseAndAccess customTermsOfUseAndAccessMock;
+    @Mock
+    private DataverseEngine dataverseEngineMock;
+    @Mock
+    private CommandContext commandContextMock;
+
+    private License activeLicense;
+    private License inactiveLicense;
+
+    @BeforeEach
+    public void setUp() throws CommandException {
+        MockitoAnnotations.openMocks(this);
+
+        when(datasetMock.getOrCreateEditVersion()).thenReturn(datasetVersionMock);
+        when(datasetVersionMock.getTermsOfUseAndAccess()).thenReturn(termsOfUseAndAccessSpy);
+        when(dataverseEngineMock.submit(updateDatasetVersionCommandStub)).thenReturn(datasetMock);
+        when(commandContextMock.engine()).thenReturn(dataverseEngineMock);
+
+        activeLicense = new License();
+        activeLicense.setActive(true);
+        activeLicense.setName("activeLicense");
+
+        inactiveLicense = new License();
+        inactiveLicense.setActive(false);
+        inactiveLicense.setName("inactiveLicense");
+    }
+
+    @Test
+    public void execute_shouldUpdateLicenseAndSetVersionStateToDraft() throws CommandException {
+        // Arrange
+        UpdateDatasetLicenseCommand sut = new UpdateDatasetLicenseCommand(dataverseRequestStub, datasetMock, activeLicense);
+
+        // Act
+        sut.execute(commandContextMock);
+
+        // Assert
+        assertEquals(activeLicense, termsOfUseAndAccessSpy.getLicense());
+        verify(datasetVersionMock).setVersionState(DatasetVersion.VersionState.DRAFT);
+        verify(commandContextMock).engine();
+    }
+
+    @Test
+    public void execute_shouldThrowException_whenLicenseIsNotActive() {
+        // Arrange
+        UpdateDatasetLicenseCommand sut = new UpdateDatasetLicenseCommand(dataverseRequestStub, datasetMock, inactiveLicense);
+        String expectedMessage = BundleUtil.getStringFromBundle("updateDatasetLicenseCommand.errors.licenseNotActive", List.of(inactiveLicense.getName()));
+
+        // Act & Assert
+        InvalidCommandArgumentsException exception = assertThrows(InvalidCommandArgumentsException.class, () -> sut.execute(commandContextMock));
+        assertEquals(expectedMessage, exception.getMessage());
+    }
+
+    @Test
+    public void execute_shouldUpdateCustomTermsAndSetVersionStateToDraft() throws CommandException {
+        // Arrange
+        String termsOfUse = "custom terms";
+        String confidentialityDeclaration = "confidentiality";
+        String specialPermissions = "special permissions";
+        String restrictions = "restrictions";
+        String citationRequirements = "citation";
+        String depositorRequirements = "depositor";
+        String conditions = "conditions";
+        String disclaimer = "disclaimer";
+
+        when(customTermsOfUseAndAccessMock.getTermsOfUse()).thenReturn(termsOfUse);
+        when(customTermsOfUseAndAccessMock.getConfidentialityDeclaration()).thenReturn(confidentialityDeclaration);
+        when(customTermsOfUseAndAccessMock.getSpecialPermissions()).thenReturn(specialPermissions);
+        when(customTermsOfUseAndAccessMock.getRestrictions()).thenReturn(restrictions);
+        when(customTermsOfUseAndAccessMock.getCitationRequirements()).thenReturn(citationRequirements);
+        when(customTermsOfUseAndAccessMock.getDepositorRequirements()).thenReturn(depositorRequirements);
+        when(customTermsOfUseAndAccessMock.getConditions()).thenReturn(conditions);
+        when(customTermsOfUseAndAccessMock.getDisclaimer()).thenReturn(disclaimer);
+
+        termsOfUseAndAccessSpy.setLicense(activeLicense);
+        UpdateDatasetLicenseCommand sut = new UpdateDatasetLicenseCommand(dataverseRequestStub, datasetMock, customTermsOfUseAndAccessMock);
+
+        // Act
+        sut.execute(commandContextMock);
+
+        // Assert
+        verify(datasetVersionMock).setVersionState(DatasetVersion.VersionState.DRAFT);
+
+        assertEquals(termsOfUse, termsOfUseAndAccessSpy.getTermsOfUse());
+        assertEquals(confidentialityDeclaration, termsOfUseAndAccessSpy.getConfidentialityDeclaration());
+        assertEquals(specialPermissions, termsOfUseAndAccessSpy.getSpecialPermissions());
+        assertEquals(restrictions, termsOfUseAndAccessSpy.getRestrictions());
+        assertEquals(citationRequirements, termsOfUseAndAccessSpy.getCitationRequirements());
+        assertEquals(depositorRequirements, termsOfUseAndAccessSpy.getDepositorRequirements());
+        assertEquals(conditions, termsOfUseAndAccessSpy.getConditions());
+        assertEquals(disclaimer, termsOfUseAndAccessSpy.getDisclaimer());
+        assertEquals(null, termsOfUseAndAccessSpy.getLicense());
+
+        verify(datasetVersionMock).setTermsOfUseAndAccess(termsOfUseAndAccessSpy);
+        verify(commandContextMock).engine();
+    }
+
+    @ParameterizedTest
+    @NullSource
+    @ValueSource(strings = {"", " "})
+    public void execute_shouldThrowException_whenCustomTermsOfUseAreNullOrBlank(String invalidTerms) {
+        // Arrange
+        when(customTermsOfUseAndAccessMock.getTermsOfUse()).thenReturn(invalidTerms);
+        UpdateDatasetLicenseCommand sut = new UpdateDatasetLicenseCommand(dataverseRequestStub, datasetMock, customTermsOfUseAndAccessMock);
+        String expectedMessage = BundleUtil.getStringFromBundle("updateDatasetLicenseCommand.errors.customTermsOfUseNotProvided");
+
+        // Act & Assert
+        InvalidCommandArgumentsException exception = assertThrows(InvalidCommandArgumentsException.class, () -> sut.execute(commandContextMock));
+        assertEquals(expectedMessage, exception.getMessage());
+    }
+}

From 78e82414473e59c339a1b5d727c543e6dc553bf9 Mon Sep 17 00:00:00 2001
From: Juri <hoesselbarth@uni-muenster.de>
Date: Wed, 5 Nov 2025 16:51:02 +0100
Subject: [PATCH 485/634] docs: fix JSON payload format in `deleteFiles` API
 example (fixes #11896) (#11946)

Updated the API documentation to correct the format of the `deleteFiles` payload.

Co-authored-by: Steven Winship <39765413+stevenwinship@users.noreply.github.com>
---
 doc/sphinx-guides/source/api/native-api.rst | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/doc/sphinx-guides/source/api/native-api.rst b/doc/sphinx-guides/source/api/native-api.rst
index ddfc73b3c4f..c3870372614 100644
--- a/doc/sphinx-guides/source/api/native-api.rst
+++ b/doc/sphinx-guides/source/api/native-api.rst
@@ -4208,7 +4208,7 @@ Delete files from a dataset. This API call allows you to delete multiple files f
 
   curl -H "X-Dataverse-key:$API_TOKEN" -X PUT "$SERVER_URL/api/datasets/:persistentId/deleteFiles?persistentId=$PERSISTENT_IDENTIFIER" \
   -H "Content-Type: application/json" \
-  -d '{"fileIds": [1, 2, 3]}'
+  -d '[1, 2, 3]'
 
 The fully expanded example above (without environment variables) looks like this:
 
@@ -4216,16 +4216,16 @@ The fully expanded example above (without environment variables) looks like this
 
   curl -H "X-Dataverse-key:xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx" -X PUT "https://demo.dataverse.org/api/datasets/:persistentId/deleteFiles?persistentId=doi:10.5072/FK2ABCDEF" \
   -H "Content-Type: application/json" \
-  -d '{"fileIds": [1, 2, 3]}'
+  -d '[1, 2, 3]'
 
-The ``fileIds`` in the JSON payload should be an array of file IDs that you want to delete from the dataset.
+The JSON payload should be an array of file IDs that you want to delete from the dataset.
 
 You must have the appropriate permissions to delete files from the dataset.
 
 Upon success, the API will return a JSON response with a success message and the number of files deleted.
 
 The API call will report a 400 (BAD REQUEST) error if any of the files specified do not exist or are not in the latest version of the specified dataset.
-The ``fileIds`` in the JSON payload should be an array of file IDs that you want to delete from the dataset.
+The JSON payload should be an array of file IDs that you want to delete from the dataset.
 
 .. _api-dataset-role-assignment-history:
 

From 9d47bb2d675075ef36db1339a5ffe8e9762bb12b Mon Sep 17 00:00:00 2001
From: landreev <leonid@hmdc.harvard.edu>
Date: Wed, 5 Nov 2025 11:17:29 -0500
Subject: [PATCH 486/634] removing an unused class. (#11906)

Co-authored-by: Omer Fahim <mfahim11427@gmail.com>
Co-authored-by: Steven Winship <39765413+stevenwinship@users.noreply.github.com>
---
 .../io/gdcc/spi/export/ExportDataOption.java  | 51 -------------------
 1 file changed, 51 deletions(-)
 delete mode 100644 modules/dataverse-spi/src/main/java/io/gdcc/spi/export/ExportDataOption.java

diff --git a/modules/dataverse-spi/src/main/java/io/gdcc/spi/export/ExportDataOption.java b/modules/dataverse-spi/src/main/java/io/gdcc/spi/export/ExportDataOption.java
deleted file mode 100644
index 69f813f83ce..00000000000
--- a/modules/dataverse-spi/src/main/java/io/gdcc/spi/export/ExportDataOption.java
+++ /dev/null
@@ -1,51 +0,0 @@
-package io.gdcc.spi.export;
-
-/**
- *
- * @author landreev
- * Provides a mechanism for defining various data retrieval options for the 
- * export subsystem in a way that should allow us adding support for more 
- * options going forward with minimal or no changes to the existing code in 
- * export plugins. 
- */
-@Deprecated
-public class ExportDataOption {
-    
-    public enum SupportedOptions {
-        DatasetMetadataOnly,
-        PublicFilesOnly;
-    }
-    
-    private SupportedOptions optionType; 
-    
-    /*public static ExportDataOption addOption(String option) {
-        ExportDataOption ret = new ExportDataOption(); 
-        
-        for (SupportedOptions supported : SupportedOptions.values()) {
-            if (supported.toString().equals(option)) {
-                ret.optionType = supported;
-            }
-        }
-        return ret; 
-    }*/
-    
-    public static ExportDataOption addDatasetMetadataOnly() {
-        ExportDataOption ret = new ExportDataOption();
-        ret.optionType = SupportedOptions.DatasetMetadataOnly;
-        return ret; 
-    }
-    
-    public static ExportDataOption addPublicFilesOnly() {
-        ExportDataOption ret = new ExportDataOption();
-        ret.optionType = SupportedOptions.PublicFilesOnly;
-        return ret; 
-    }
-    
-    public boolean isDatasetMetadataOnly() {
-        return SupportedOptions.DatasetMetadataOnly.equals(optionType);
-    }
-    
-    public boolean isPublicFilesOnly() {
-        return SupportedOptions.PublicFilesOnly.equals(optionType);
-    }
-}

From cafee376f5bad6b6f369eb25a599312519fd153a Mon Sep 17 00:00:00 2001
From: Steven Winship <39765413+stevenwinship@users.noreply.github.com>
Date: Wed, 5 Nov 2025 15:50:28 -0500
Subject: [PATCH 487/634] refactor base command

---
 .../command/impl/UpdateDatasetLicenseCommand.java | 15 +++++++--------
 1 file changed, 7 insertions(+), 8 deletions(-)

diff --git a/src/main/java/edu/harvard/iq/dataverse/engine/command/impl/UpdateDatasetLicenseCommand.java b/src/main/java/edu/harvard/iq/dataverse/engine/command/impl/UpdateDatasetLicenseCommand.java
index 37f97bf0db1..0d85dbb6f37 100644
--- a/src/main/java/edu/harvard/iq/dataverse/engine/command/impl/UpdateDatasetLicenseCommand.java
+++ b/src/main/java/edu/harvard/iq/dataverse/engine/command/impl/UpdateDatasetLicenseCommand.java
@@ -13,28 +13,26 @@
 import java.util.List;
 
 @RequiredPermissions(Permission.EditDataset)
-public class UpdateDatasetLicenseCommand extends AbstractVoidCommand {
-    private final Dataset dataset;
+public class UpdateDatasetLicenseCommand extends AbstractDatasetCommand<Dataset> {
     private License license = null;
     private TermsOfUseAndAccess customTermsOfUseAndAccess = null;
 
     public UpdateDatasetLicenseCommand(DataverseRequest aRequest, Dataset dataset, License license) {
         super(aRequest, dataset);
-        this.dataset = dataset;
         this.license = license;
     }
 
     public UpdateDatasetLicenseCommand(DataverseRequest aRequest, Dataset dataset, TermsOfUseAndAccess customTermsOfUseAndAccess) {
         super(aRequest, dataset);
-        this.dataset = dataset;
         this.customTermsOfUseAndAccess = customTermsOfUseAndAccess;
     }
 
 
     @Override
-    protected void executeImpl(CommandContext ctxt) throws CommandException {
-        DatasetVersion datasetVersion = dataset.getOrCreateEditVersion();
+    public Dataset execute(CommandContext ctxt) throws CommandException {
+        DatasetVersion datasetVersion = getDataset().getOrCreateEditVersion();
         datasetVersion.setVersionState(DatasetVersion.VersionState.DRAFT);
+        Dataset savedDataset = null;
 
         if (license != null) {
             if (!license.isActive()) {
@@ -43,7 +41,7 @@ protected void executeImpl(CommandContext ctxt) throws CommandException {
             TermsOfUseAndAccess termsOfUseAndAccess = datasetVersion.getTermsOfUseAndAccess();
             termsOfUseAndAccess.setLicense(license);
 
-            ctxt.engine().submit(new UpdateDatasetVersionCommand(this.dataset, getRequest()));
+            savedDataset = ctxt.engine().submit(new UpdateDatasetVersionCommand(getDataset(), getRequest()));
         } else if (customTermsOfUseAndAccess != null) {
             if (customTermsOfUseAndAccess.getTermsOfUse() == null || customTermsOfUseAndAccess.getTermsOfUse().isBlank()) {
                 throw new InvalidCommandArgumentsException(BundleUtil.getStringFromBundle("updateDatasetLicenseCommand.errors.customTermsOfUseNotProvided"), this);
@@ -52,8 +50,9 @@ protected void executeImpl(CommandContext ctxt) throws CommandException {
             applyCustomTerms(termsToUpdate, customTermsOfUseAndAccess);
             termsToUpdate.setLicense(null);
             datasetVersion.setTermsOfUseAndAccess(termsToUpdate);
-            ctxt.engine().submit(new UpdateDatasetVersionCommand(this.dataset, getRequest()));
+            savedDataset = ctxt.engine().submit(new UpdateDatasetVersionCommand(getDataset(), getRequest()));
         }
+        return savedDataset;
     }
 
     /**

From e71a546bdaaf62e84f7b1f4cf56674dface75fc4 Mon Sep 17 00:00:00 2001
From: Omer Fahim <mfahim11427@gmail.com>
Date: Thu, 6 Nov 2025 14:20:13 -0500
Subject: [PATCH 488/634] have paraya listen only on localhost (#11756)

Co-authored-by: Philip Durbin <philip_durbin@harvard.edu>
---
 .../source/installation/config.rst            | 19 +++++++++++++++++++
 1 file changed, 19 insertions(+)

diff --git a/doc/sphinx-guides/source/installation/config.rst b/doc/sphinx-guides/source/installation/config.rst
index bbf0a0d2449..9067a64356c 100644
--- a/doc/sphinx-guides/source/installation/config.rst
+++ b/doc/sphinx-guides/source/installation/config.rst
@@ -115,6 +115,23 @@ See the :ref:`payara` section of :doc:`prerequisites` for details and init scrip
 
 Related to this is that you should remove ``/root/.payara/pass`` to ensure that Payara isn't ever accidentally started as root. Without the password, Payara won't be able to start as root, which is a good thing.
 
+.. _payara-ports-localhost-only:
+
+Restricting Payara's Ports to localhost
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+In the recommended setup of Dataverse, you do not expose Payara's ports directly to the Internet. Rather, you front Payara with a proxy such as Apache.
+
+If you are running Payara and your proxy on the same server, we recommend having Payara listen only to localhost, which is how your proxy talks to it, with the following command:
+
+``./asadmin set server-config.network-config.network-listeners.network-listener.http-listener-1.address=127.0.0.1``
+
+(You should **NOT** use the configuration option above if you are running in a load-balanced environment, or otherwise have your proxy on a different host than Payara.)
+
+To test that Payara is now only listening on localhost, try hitting port 8080 from the Internet. Payara should not respond.
+
+See also :ref:`network-ports`.
+
 .. _secure-password-storage:
 
 Secure Password Storage
@@ -246,6 +263,8 @@ If you are running an installation with Apache and Payara on the same server, an
 
 You should **NOT** use the configuration option above if you are running in a load-balanced environment, or otherwise have the web server on a different host than the application server.
 
+This security tip is also mentioned at :ref:`payara-ports-localhost-only`.
+
 .. _root-collection-permissions:
 
 Root Dataverse Collection Permissions

From 62e1f6f17b1d37dd309fafba9974917edaadd371 Mon Sep 17 00:00:00 2001
From: Philip Durbin <philip_durbin@harvard.edu>
Date: Thu, 6 Nov 2025 16:00:49 -0500
Subject: [PATCH 489/634] tweak IntelliJ instructions for setting up fast
 redeploy (#11925)

Co-authored-by: Steven Winship <39765413+stevenwinship@users.noreply.github.com>
---
 doc/sphinx-guides/source/container/dev-usage.rst | 16 ++++++++++++++--
 1 file changed, 14 insertions(+), 2 deletions(-)

diff --git a/doc/sphinx-guides/source/container/dev-usage.rst b/doc/sphinx-guides/source/container/dev-usage.rst
index c02c1d4010f..a2a49b28259 100644
--- a/doc/sphinx-guides/source/container/dev-usage.rst
+++ b/doc/sphinx-guides/source/container/dev-usage.rst
@@ -233,6 +233,13 @@ Hotswapping methods requires using JDWP (Debug Mode), but does not allow switchi
        **Requires IntelliJ Ultimate!**
        (Note that `free educational licenses <https://www.jetbrains.com/community/education/>`_ are available)
 
+       Go to settings, then plugins. Install "Payara Ultimate Tools". For more information:
+
+       - `plugin homepage <https://plugins.jetbrains.com/plugin/15114-payara-ultimate-tools>`_
+       - `docs <https://docs.payara.fish/community/docs/Technical%20Documentation/Ecosystem/IDE%20Integration/IntelliJ%20Plugin/Overview.html>`_
+       - `source <https://github.com/payara/ecosystem-intellij-plugin>`_
+       - `issues <https://github.com/payara/ecosystem-support>`_
+
        .. image:: img/intellij-payara-plugin-install.png
 
 #. Configure a connection to Payara:
@@ -284,6 +291,7 @@ Hotswapping methods requires using JDWP (Debug Mode), but does not allow switchi
 
         You might want to tweak the hot deploy behavior in the "Server" tab now.
         "Update action" can be found in the run window (see below).
+        By default it is "Hot Swap classes", which works fine, but as the screenshot shows you can also change it to "Redeploy".
         "Frame deactivation" means switching from IntelliJ window to something else, e.g. your browser.
         *Note: static resources like properties, XHTML etc will only update when redeploying!*
 
@@ -305,7 +313,11 @@ Hotswapping methods requires using JDWP (Debug Mode), but does not allow switchi
         See cheat sheet above for more options.
         Note that this command either assumes you built the :doc:`app-image` first or will download it from Docker Hub.
      .. group-tab:: IntelliJ
-        You can create a service configuration to automatically start services for you.
+        Note that you can skip this step if you're ok running the command under the "Maven" tab, which is this:
+
+        ``mvn -Pct docker:run -Dapp.skipDeploy``
+
+        In IntelliJ you can create a service configuration to automatically start services for you.
 
         **IMPORTANT**: This requires installation of the `Docker plugin <https://plugins.jetbrains.com/plugin/7724-docker>`_.
 
@@ -362,7 +374,7 @@ Hotswapping methods requires using JDWP (Debug Mode), but does not allow switchi
 
         .. image:: img/intellij-payara-run-output.png
 
-        Manually hotswap classes in "Debug" mode via "Run" > "Debugging Actions" > "Reload Changed Classes".
+        Manually hotswap classes in "Debug" mode via "Run" > "Debugging Actions" > "Compile and Reload Modified Files".
 
         .. image:: img/intellij-payara-run-menu-reload.png
 

From c6ccf8719d70664367bd6e65f6418017fdaaabfc Mon Sep 17 00:00:00 2001
From: Jo Pol <jo-pol@users.noreply.github.com>
Date: Fri, 7 Nov 2025 16:50:45 +0100
Subject: [PATCH 490/634] split on comma between optional whitespace (#11811)

---
 .../edu/harvard/iq/dataverse/SettingsWrapper.java    | 12 ++++++------
 .../java/edu/harvard/iq/dataverse/api/Datasets.java  |  4 ++--
 2 files changed, 8 insertions(+), 8 deletions(-)

diff --git a/src/main/java/edu/harvard/iq/dataverse/SettingsWrapper.java b/src/main/java/edu/harvard/iq/dataverse/SettingsWrapper.java
index 3ff27699379..69f3123e7e1 100644
--- a/src/main/java/edu/harvard/iq/dataverse/SettingsWrapper.java
+++ b/src/main/java/edu/harvard/iq/dataverse/SettingsWrapper.java
@@ -14,7 +14,6 @@
 import edu.harvard.iq.dataverse.settings.SettingsServiceBean;
 import edu.harvard.iq.dataverse.settings.SettingsServiceBean.Key;
 import edu.harvard.iq.dataverse.util.BundleUtil;
-import edu.harvard.iq.dataverse.util.MailUtil;
 import edu.harvard.iq.dataverse.util.StringUtil;
 import edu.harvard.iq.dataverse.util.SystemConfig;
 import edu.harvard.iq.dataverse.UserNotification.Type;
@@ -51,7 +50,8 @@
 public class SettingsWrapper implements java.io.Serializable {
 
     static final Logger logger = Logger.getLogger(SettingsWrapper.class.getCanonicalName());
-    
+    public static final String COMMA_BETWEEN_OPTIONAL_WHITE_SPACE = "\\s*,\\s*";
+
     @EJB
     SettingsServiceBean settingsService;
 
@@ -396,7 +396,7 @@ public boolean isRsyncOnly() {
                 if (uploadMethods==null){
                     rsyncOnly = false;
                 } else {
-                    rsyncOnly = Arrays.asList(uploadMethods.toLowerCase().split("\\s*,\\s*")).size() == 1 && uploadMethods.toLowerCase().equals(SystemConfig.FileUploadMethods.RSYNC.toString());
+                    rsyncOnly = Arrays.asList(uploadMethods.toLowerCase().split(COMMA_BETWEEN_OPTIONAL_WHITE_SPACE)).size() == 1 && uploadMethods.toLowerCase().equals(SystemConfig.FileUploadMethods.RSYNC.toString());
                 }
             }
         }
@@ -428,7 +428,7 @@ public Integer getUploadMethodsCount() {
             if (uploadMethods==null){
                 uploadMethodsCount = 0;
             } else {
-                uploadMethodsCount = Arrays.asList(uploadMethods.toLowerCase().split("\\s*,\\s*")).size();
+                uploadMethodsCount = Arrays.asList(uploadMethods.toLowerCase().split(COMMA_BETWEEN_OPTIONAL_WHITE_SPACE)).size();
             } 
         }
         return uploadMethodsCount;
@@ -502,7 +502,7 @@ public boolean shouldBeAnonymized(DatasetField df) {
         if (anonymizedFieldTypes == null) {
             anonymizedFieldTypes = new ArrayList<String>();
             String names = get(SettingsServiceBean.Key.AnonymizedFieldTypeNames.toString(), "");
-            anonymizedFieldTypes.addAll(Arrays.asList(names.split(",\\s")));
+            anonymizedFieldTypes.addAll(Arrays.asList(names.split(COMMA_BETWEEN_OPTIONAL_WHITE_SPACE)));
         }
         return anonymizedFieldTypes.contains(df.getDatasetFieldType().getName());
     }
@@ -830,7 +830,7 @@ private Boolean getUploadMethodAvailable(String method){
         if (uploadMethods==null){
             return false;
         } else {
-           return  Arrays.asList(uploadMethods.toLowerCase().split("\\s*,\\s*")).contains(method);
+           return  Arrays.asList(uploadMethods.toLowerCase().split(COMMA_BETWEEN_OPTIONAL_WHITE_SPACE)).contains(method);
         }
     }
 
diff --git a/src/main/java/edu/harvard/iq/dataverse/api/Datasets.java b/src/main/java/edu/harvard/iq/dataverse/api/Datasets.java
index 51f4ec607ef..df292762353 100644
--- a/src/main/java/edu/harvard/iq/dataverse/api/Datasets.java
+++ b/src/main/java/edu/harvard/iq/dataverse/api/Datasets.java
@@ -5317,7 +5317,7 @@ public Response getPrivateUrlDatasetVersion(@PathParam("privateUrlToken") String
         }
         JsonObjectBuilder responseJson;
         if (isAnonymizedAccess) {
-            List<String> anonymizedFieldTypeNamesList = new ArrayList<>(Arrays.asList(anonymizedFieldTypeNames.split(",\\s")));
+            List<String> anonymizedFieldTypeNamesList = new ArrayList<>(Arrays.asList(anonymizedFieldTypeNames.split(SettingsWrapper.COMMA_BETWEEN_OPTIONAL_WHITE_SPACE)));
             responseJson = json(dsv, anonymizedFieldTypeNamesList, true, returnOwners);
         } else {
             responseJson = json(dsv, null, true, returnOwners);
@@ -5343,7 +5343,7 @@ public Response getPreviewUrlDatasetVersion(@PathParam("previewUrlToken") String
         }
         JsonObjectBuilder responseJson;
         if (isAnonymizedAccess) {
-            List<String> anonymizedFieldTypeNamesList = new ArrayList<>(Arrays.asList(anonymizedFieldTypeNames.split(",\\s")));
+            List<String> anonymizedFieldTypeNamesList = new ArrayList<>(Arrays.asList(anonymizedFieldTypeNames.split(SettingsWrapper.COMMA_BETWEEN_OPTIONAL_WHITE_SPACE)));
             responseJson = json(dsv, anonymizedFieldTypeNamesList, true, returnOwners);
         } else {
             responseJson = json(dsv, null, true, returnOwners);

From c325662359aae641589295c4634519add37446d9 Mon Sep 17 00:00:00 2001
From: landreev <leonid@hmdc.harvard.edu>
Date: Fri, 7 Nov 2025 11:12:32 -0500
Subject: [PATCH 491/634] A one-line workaround/improvement for the annoying
 "draft not found" condition after the successful completion of async.
 publishing. #8136 #7653 #8548 (#11947)

Co-authored-by: Steven Winship <39765413+stevenwinship@users.noreply.github.com>
---
 src/main/java/edu/harvard/iq/dataverse/DatasetPage.java | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/src/main/java/edu/harvard/iq/dataverse/DatasetPage.java b/src/main/java/edu/harvard/iq/dataverse/DatasetPage.java
index 7394984c443..20617160a1c 100644
--- a/src/main/java/edu/harvard/iq/dataverse/DatasetPage.java
+++ b/src/main/java/edu/harvard/iq/dataverse/DatasetPage.java
@@ -2138,6 +2138,10 @@ private String init(boolean initFull) {
 
             if (retrieveDatasetVersionResponse != null && !retrieveDatasetVersionResponse.wasRequestedVersionRetrieved()) {
                 //msg("checkit " + retrieveDatasetVersionResponse.getDifferentVersionMessage());
+                if ("DRAFT".equals(version)) {
+                    // redirect to the latest published instead:
+                    return "/dataset.xhtml?persistentId=" + dataset.getGlobalId().asString() + "&faces-redirect=true";
+                }
                 JsfHelper.addWarningMessage(retrieveDatasetVersionResponse.getDifferentVersionMessage());//BundleUtil.getStringFromBundle("dataset.message.metadataSuccess"));
             }
 

From ad031a9174f4bb905ed078f93960948e1c33193d Mon Sep 17 00:00:00 2001
From: beep <pataki@gmail.com>
Date: Fri, 7 Nov 2025 19:39:05 +0100
Subject: [PATCH 492/634] Container naming fix (#11936)

* Use same container names for both mvn/docker compose run dev installations

Make sure that running dev containers either via `mvn -Pct docker:run` or
`docker compose -f docker-compose-dev.yml up` will result in the same,
predictable container names. Before this fix, mvn started containers had
names like dataverse-1, while docker compose started containers had
dev_dataverse. After this fix, in all cases, we will have dev_dataverse, or
more precisely the name used in docker-compose-dev.yml

* update container names to dev_ in guides #11936

---------

Co-authored-by: Oliver Bertuch <poikilotherm@users.noreply.github.com>
Co-authored-by: Philip Durbin <philip_durbin@harvard.edu>
Co-authored-by: Steven Winship <39765413+stevenwinship@users.noreply.github.com>
---
 doc/sphinx-guides/source/container/dev-usage.rst | 6 +++---
 doc/sphinx-guides/source/developers/tips.rst     | 2 +-
 pom.xml                                          | 1 +
 3 files changed, 5 insertions(+), 4 deletions(-)

diff --git a/doc/sphinx-guides/source/container/dev-usage.rst b/doc/sphinx-guides/source/container/dev-usage.rst
index a2a49b28259..aa9061af88a 100644
--- a/doc/sphinx-guides/source/container/dev-usage.rst
+++ b/doc/sphinx-guides/source/container/dev-usage.rst
@@ -145,13 +145,13 @@ Accessing Harvesting Log Files
 
 \1. Open a terminal and access the Dataverse container.
 
-Run the following command to access the Dataverse container (assuming your container is named dataverse-1):
+Run the following command to access the Dataverse container:
 
 .. code-block::
 
-  docker exec -it dataverse-1 bash
+  docker exec -it dev_dataverse bash
 
-This command opens an interactive shell within the dataverse-1 container.
+This command opens an interactive shell within the dev_dataverse container.
 
 \2. Navigate to the log files directory.
 
diff --git a/doc/sphinx-guides/source/developers/tips.rst b/doc/sphinx-guides/source/developers/tips.rst
index 9295f3a8d12..f3046c9018c 100755
--- a/doc/sphinx-guides/source/developers/tips.rst
+++ b/doc/sphinx-guides/source/developers/tips.rst
@@ -124,7 +124,7 @@ Here's an example of using these credentials from within the PostgreSQL containe
 
 .. code-block:: bash
 
-    pdurbin@beamish dataverse % docker exec -it postgres-1 bash
+    pdurbin@beamish dataverse % docker exec -it dev_postgres bash
     root@postgres:/# export PGPASSWORD=secret
     root@postgres:/# psql -h localhost -U dataverse dataverse
     psql (16.3 (Debian 16.3-1.pgdg120+1))
diff --git a/pom.xml b/pom.xml
index 1969fd1f245..a9d0bb0b26b 100644
--- a/pom.xml
+++ b/pom.xml
@@ -1266,6 +1266,7 @@
                                 </image>
                             </images>
                             <autoCreateCustomNetworks>true</autoCreateCustomNetworks>
+                            <containerNamePattern>%a</containerNamePattern>
                         </configuration>
                     </plugin>
                     <plugin>

From 6e9067b9bf5a53c40dc70892233c8ccea5739cd7 Mon Sep 17 00:00:00 2001
From: beep <pataki@gmail.com>
Date: Mon, 10 Nov 2025 15:31:26 +0100
Subject: [PATCH 493/634] Fix cpwebapp.sh on macOS (#11935)

macOS doesn't support -P for grep, use awk instead.

Co-authored-by: Oliver Bertuch <poikilotherm@users.noreply.github.com>
Co-authored-by: Steven Winship <39765413+stevenwinship@users.noreply.github.com>
---
 docker/util/intellij/cpwebapp.sh | 27 +++++++++++++++++++--------
 1 file changed, 19 insertions(+), 8 deletions(-)

diff --git a/docker/util/intellij/cpwebapp.sh b/docker/util/intellij/cpwebapp.sh
index 2d08fb1a873..9ba0ca6d1a5 100755
--- a/docker/util/intellij/cpwebapp.sh
+++ b/docker/util/intellij/cpwebapp.sh
@@ -9,15 +9,26 @@ PROJECT_DIR="$1"
 FILE_TO_COPY="$2"
 RELATIVE_PATH="${FILE_TO_COPY#"${PROJECT_DIR}/"}"
 
-# Check if RELATIVE_PATH starts with 'src/main/webapp', otherwise ignore
+# Only act on files under src/main/webapp
 if [[ "$RELATIVE_PATH" == "src/main/webapp"* ]]; then
-    # Extract version from POM, so we don't need to have Maven on the PATH
-    VERSION=$(grep -oPm1 "(?<=<revision>)[^<]+" "$PROJECT_DIR/modules/dataverse-parent/pom.xml")
+  POM="$PROJECT_DIR/modules/dataverse-parent/pom.xml"
 
-    # Construct the target path by cutting off the local prefix and prepend with in-container path
-    RELATIVE_PATH_WITHOUT_WEBAPP="${RELATIVE_PATH#src/main/webapp/}"
-    TARGET_PATH="/opt/payara/appserver/glassfish/domains/domain1/applications/dataverse-$VERSION/${RELATIVE_PATH_WITHOUT_WEBAPP}"
+  # Extract <revision> in a portable way
+  VERSION="$(awk -F'[<>]' '/<revision>/{print $3; exit}' "$POM")"
 
-    # Copy file to container
-    docker cp "$FILE_TO_COPY" "dev_dataverse:$TARGET_PATH"
+  if [[ -z "${VERSION:-}" ]]; then
+    echo "Error: Could not extract <revision> from $POM" >&2
+    exit 1
+  fi
+
+  CONTAINER="dev_dataverse"
+
+  # Build target path
+  RELATIVE_PATH_WITHOUT_WEBAPP="${RELATIVE_PATH#src/main/webapp/}"
+  TARGET_PATH="/opt/payara/appserver/glassfish/domains/domain1/applications/dataverse-$VERSION/${RELATIVE_PATH_WITHOUT_WEBAPP}"
+
+  # Copy file into container
+  docker cp "$FILE_TO_COPY" "$CONTAINER:$TARGET_PATH"
+
+  echo "Copied $FILE_TO_COPY → $CONTAINER:$TARGET_PATH"
 fi

From 0b7e41c489f813fb4deff1f72a3869f596c1f72b Mon Sep 17 00:00:00 2001
From: landreev <leonid@hmdc.harvard.edu>
Date: Mon, 10 Nov 2025 09:51:47 -0500
Subject: [PATCH 494/634] Switching back to using published xoai libraries,
 deleting the jars supplied in local_lib. (#11810)

* Switching to the published snapshot release of the xoai dependencies #11807

* Deleting the checked-in jars of the locally-built xoai dependencies in the local_lib. #11807

* chore: update to XOAI 5.3.0

* switching to the released version 5.3.0 #11807

* commented out the snapshot repo again. #11807

* cosmetic/indentation #11807

* replace tab with spaces #11807

---------

Co-authored-by: Oliver Bertuch <poikilotherm@users.noreply.github.com>
Co-authored-by: Philip Durbin <philip_durbin@harvard.edu>
---
 .../xoai-common-5.3.2.1-local.jar             | Bin 76513 -> 0 bytes
 .../xoai-common-5.3.2.1-local.pom             |  82 ------
 .../xoai-data-provider-5.3.2.1-local.jar      | Bin 73169 -> 0 bytes
 .../xoai-data-provider-5.3.2.1-local.pom      |  72 ------
 .../xoai-service-provider-5.3.2.1-local.jar   | Bin 65917 -> 0 bytes
 .../xoai-service-provider-5.3.2.1-local.pom   |  65 -----
 .../xoai-xmlio-5.3.2.1-local.jar              | Bin 26425 -> 0 bytes
 .../xoai-xmlio-5.3.2.1-local.pom              |  63 -----
 .../xoai/5.3.2.1-local/xoai-5.3.2.1-local.pom | 235 ------------------
 modules/dataverse-parent/pom.xml              |  20 +-
 10 files changed, 13 insertions(+), 524 deletions(-)
 delete mode 100644 local_lib/io/gdcc/xoai-common/5.3.2.1-local/xoai-common-5.3.2.1-local.jar
 delete mode 100644 local_lib/io/gdcc/xoai-common/5.3.2.1-local/xoai-common-5.3.2.1-local.pom
 delete mode 100644 local_lib/io/gdcc/xoai-data-provider/5.3.2.1-local/xoai-data-provider-5.3.2.1-local.jar
 delete mode 100644 local_lib/io/gdcc/xoai-data-provider/5.3.2.1-local/xoai-data-provider-5.3.2.1-local.pom
 delete mode 100644 local_lib/io/gdcc/xoai-service-provider/5.3.2.1-local/xoai-service-provider-5.3.2.1-local.jar
 delete mode 100644 local_lib/io/gdcc/xoai-service-provider/5.3.2.1-local/xoai-service-provider-5.3.2.1-local.pom
 delete mode 100644 local_lib/io/gdcc/xoai-xmlio/5.3.2.1-local/xoai-xmlio-5.3.2.1-local.jar
 delete mode 100644 local_lib/io/gdcc/xoai-xmlio/5.3.2.1-local/xoai-xmlio-5.3.2.1-local.pom
 delete mode 100644 local_lib/io/gdcc/xoai/5.3.2.1-local/xoai-5.3.2.1-local.pom

diff --git a/local_lib/io/gdcc/xoai-common/5.3.2.1-local/xoai-common-5.3.2.1-local.jar b/local_lib/io/gdcc/xoai-common/5.3.2.1-local/xoai-common-5.3.2.1-local.jar
deleted file mode 100644
index 3154ddbcb1fd7c6578aad487e59d95e07034a722..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 76513
zcmb5V1CXW5vNqgyPun)8ZQHhO+qUhVwr$(CZTGZ2)B5_HeRbxZyW{^?L`AGvEAy?)
ztgL*pGV7I-1O|Zu0Du4h$PK&F0Qest$gl6x!b<$q;xZz%a$jV~Ut|#fBn!3NXjJ(6
zTmEZ&{rcZz()=>wBEpJFG}0pX(vuTXlGHSFu#(i2(~~m|3UrH%yGIT*64F%S(sRz`
zjS4r?RFYGQHx4ig5Tg{*Gn0yR%Zzi3`$rCxQ<LIzj}l|cury-QU=~a#NBc)W0RNET
zFHy&x|5a4rFB!~j|0(3ZC-_qD9|WdGhK7Gb1^Yj!+-&vD{|D)x#zFd%)XCk>*zs=|
z5dUOwb~3m68+!CV>5bhCjqRMwZEgN;7KA^!+^qlSB!AlNe`#TDYh?UC8U9oo^Uvr1
z#qeb-J8QGQ(T4DE`5cTLovobyPA`i8Py7zXhPDnye<KF|-#*60*umiMg!o@e@|W^|
zc*>tPM*VY6M`H&UbHl%N7Oel1$K2ZP|JVBb*JS#3f9K9{Ulab<UbohFF}C>|E28~x
zVsl%XKlaw2o<sD1GyTJW)P}a!*0z7m`rmOz6sqns_lxoLYv6y4|J=g=H2GgUPQcmR
z%E;J(#?VUN(UJ4fc7+EF49pP>*9DAJ1gvb*>-{0=(C9tlZBXhxVLV{bz`JCAGBatB
z&;<-t1kAs3uwLjrbFkCN`?Iie@eol2Y?(NYizqNGq!_Nfl9>qD)Xv01$3Wa%o>HzX
z#6%22PHKR35K6HMhvibM?^luVSeZ>aJKsB(T*;|Fay>l*9RnSs9{|y;aV3lu9}j2T
z$Y3wvAUrA=Fk0F%*gqrKe`}Wtd@I)n2mp}z6}|}my>?3GHttGak>xM-yyc~B*X7_d
z!B_nb_yp*!6N+`o1dCqOD1^n73p3>$!iMr%LJj9q6*_>Bm_N&tF_q8rcyoCv&tKM>
z?7|#wuckNFvTi@RUf;ocIXmm+_?u#WzycTdPA7M!Y-@=yUVC|<fQ9?9E5%EQ04cZd
zn&<nQ;G{%TuL6NnKAEKQ?|MfT-6dqy?9JaRI~_10(N!OL4XtAA<owpjb<Z=2mr{Xd
zQS#0ayCm*5n!~Li=hE~}4}sQ|Ir)JH?!XfdoxIGhCdpG))VueB0ExZ+-4XKmjWre_
z6q$)|!=AP1nG9LV^o@~bW4@jqI#K+%>E{!kgJrAtWnCQ=$5x(i=NgAcn6>s`g)n?}
zxzfv%Z@j2Ena({S%C^GIL<XHrLwRm6rXz0h4of_vLBJg5TL5~P=Av(Hxk2a-DiPCw
zNTPjea+Y&JAX(HF;{K^Om`7&%^v7hHg&A4{xUD2K2R5w9T7Y)-=_yH9R0^$lLy3oU
z%fm6UZB_p^qlxG045*i0as(q7ul%P@B{TDB<u7`cH}qctRu_PEC&4wbZM65<IFbdP
zhgUUgbkJBPKH)ZJQxx0F)=GC5@U%`|zu^8AMWeO8MfiXK0DycU?f>%bf5L;Bw3PA}
zOgR3v{L#vqiW@5MA2D^*hR|X#t!$gvh`q;%sSgRu#gJ(sAarpc0`_Ml{XFOh>JB9A
zy@sYgMy4M~di+<4v+6jFHMW1x`X;3oe;@PXmWMWsoi=vu;eNfmV)y;Lf6W27>V@bJ
zL<Q7A;CaEQz7VG^EF>%&Iy`^EoymatFjr5W>VToX9SrdU5bUWUwj7(x8#8s*=FqB2
zJBnyCIoF~DB~S|^2<dixKwSiDVrhgvg|`P)&A?97Qi+7|CuF6T4D7>_wK5KX$Y0<v
zMGK_uP8PRnBn)^4c?b*J#~fgGP^LP(9|M+7NJLRoNywO3D`7$mswFy-mgY4IGo{uA
z9}7%KU~(2`c46vD(&Ejs_uih90-p=@0R$!lLoh^d%ft}u7=Olk!mt@cLi;5Jjc$N$
zx8N|Uy&oz9z)FEvud!Q>(F;*@7^et!AO?YsL>~hg(g%%Auf^PYrpGhi#IPdGaaSrR
zVF)yTeWmuRM|j+Z28OdjoUBc@RbGA)pY*mnxt1ctYzwfcv`)=x6pjYCtyuYi3vQo<
zryifz<di+ss`R@+Bl<6)!4fh0#_T@&!Y#&Y{1R<r8GM#wCLSa^)j{qGSq^P3Mdf3Z
zsa+rwSrn_gWmjiw-F21I8^$!GTlOo)M)BZ&jUuh(HvOA^ce*Lm<^%AQgHRZ48xSZp
zD+iZP{F#a3$}*sO7{QYOP~kmc@${w0WW?l|bRB^2Fm>!z`N#(4Cc~ArB#bIax^~PW
zmq>|K5P@p_M3K)UFovJH-={*K^`r+mvK2Tp*3C^_mtONA`_G$cg{%li;Pby}$iXTq
z+;2L#>Az++Q)#0(YWQ1m)Yp%zQWjZP*Jy_7Lzp&o7Fvn5TUGtc&~a2Pp2(wp-BAVC
z|Ba(?3S|emMS={~Yjx536U~M9*X*T&p<V1!Q5O}_K=qa+#?nM)A5jI&R(01v?@M}R
zTejG;jyw*bl+G#@1!@sZUW*w@1mXVnmC}o4aguL0Rq{^^2&t3g-@r&tF>JJ&uhu1R
zJN15cS=AnJ-0F)I%f_+|s6Q4mgm-AolMCbLPO&QdyNbiXH6I=~GPYhKy7LSCYHnep
zt6orNunnKUJ0HvdYhnlvEzG83Xz_^Buqp&92|Dkf+bd3`-3zvFqHpX_3P#c<qgUdj
ze#O{xvZ@b+Qur=nJ&JlOZ>CogdIx1Et)z!h;Dw9Dg?q@7eh66QNBklZQZ>VMIVPBo
z_7FF`JA}YF^q@e~$u8A@H0q2X<6Vd+ax$lyyR3^ES(IXYfae)-#GIh3lQjg`IRK}E
zCsUcl@KE5V0-c4fs31HY0eBY)AEJOEh|UONl?v+$Vw4i=GUAnh7;p<mcnb=WUKJ!X
z_FG154$q}<B8&yfB9%V0zkqK;pvn)^zI#O^7+q~}e29QY!32ImASo597pag2*-4PB
z@nZpmyZB^E^Gk0jJhj{`;?{(B1D?sRg12CBEbPasjq(eIPfwjW*PE4Lz<&#g)}4D_
zr%At;2%CN8?BICt1^n08)wEa-@B4*ac|ZUF|0}usXY5i|kP@~r{K_Z)1Dm}Qq-Fd0
z;6rxgb3rTcU*4lhh1gdIBS|rd2s|tn0UVem*LoAyNsHipQ#|I}Zopp(q80=KB0N^p
zrw`N9U7KG&ZhwRA!gEqc=_v?K@?k>?6chdKcM95IsKLZB2M-zycTl#INZZ`1Aj=~v
zBQVy30wciNtG<)!pnj`{nY6&)EWXJ&;@>10w6#EM5e-7IguxXUp_s(4A~4iLRTr=U
zV6aoHo7Ud2l*n-&J&m+$wv1L%0oHA+I_UAdjvl}~hOnG${?Tl`?J1Dn#mBx=Oj2>O
zQY2C4qD){kq6uF-k-c$b9N2E>p)kVW4;7@wKA+Z{^qtnz74~dJXdqr6X$DnB`-L(p
zbWCkl#Y-4#+1J2LZ7((1S3Qch1FxK*uv}-R<tP}cq)@c$X#n#u{$S@Dd<uOm=u;%N
zv|cz|Fr5D-l&RFyAdik07`MnM<%UpF<`AZ)A%GqZ)<t6G7B(uL&=f$|3&<tt0vzx8
zNzdZXRRfH?TrVMOU!Z?ozE9fEm)bArVfi{P;r*F<{B!vf^lgl6t^WggvQ*R^kwoD?
zh7-C(bPk3xd0MUGT8*yY*RWOa!@`Kd*!tSgYlfe8m#WpO#6~^0@5mIA%R3JVh?V8y
z%9XMee@T~lHB^lDr}!W8Gjek;Z0SDxFjnz?`uyVbyMLh!#4V&Mw0_8!?R6)|o9HBa
zFM7KS4jqpM`CZ&pQxFMMW@Tf8^t*0MV0ak7${zveFtxlo<C7zfV<)OHwdec0g`6eC
zD(n%9U~(ns@I>8DwXy=TUlJoW1c6iN^}DO90s8)P(Xmj4O?Y$f-Bx8ul3v61Sn{Pt
z)Vg;C5>zN5>ANgg8+Cy!@fLK+W6Ug((mT;kyI2*RdF2+WBIR^`+URw37KShfp8;o>
zfkWzxI)wuMl54ELy{R>joMNN9R>@|6p8X)*>{`RJ9hKYliw;cN9Z^@P6JB|sobuRO
zpez)I`?kgwMU^MHqWsuOsU7|Dj!};O5^X}wBE1(z&rMm|(=k+Olf!a`-C_^q4mbhJ
zMO&;;U>U!Dx(zgh)!(e=eAA-0SJ*qP%xqcmUbI&HR8Bdm2UTL7*{AORK`!<L(rnC$
zL$aP$K%r2Eu9Vy>r~Z1b($JjS@9EH2VA6`+I-il4$MQ3U0f*W$!MU<?PnhCnKDf?p
zsDgF^6vbRs&$D?E6o~f+UMMm=$u^xVwMYa1Le2P1c&}b*Y6|D_0JC<LNBP@$URC(r
zRfQ-x5=e^_g7gc5>@sS(g8_AIIEBD23FXl-B>zG!qPXi(ab?ThWsXbNvSWN1$keRz
zO5@x{m6dE-X4<V4ywG7o<&M&vgPb+Y<DLpwi~UG{D9cs8fJsep&HG4S#CWQqTw`41
zd^8ZSSMGA#@9&yArb!^J(>K``Qb~b&Me4Mbw3i|w&)JJhpBqvF-P<fJJ}u<jHTl1^
z*j~ck2;h#@Gh-RO+<5EkQC6@gYmChz&jsIKCh0hicA*`rp~E#BORm9zIO~6ECpkC@
zcB#?nXkjU%7f*O-|56rw<pkW(;W^qGZ9D&gX6EWL;4NaucZ_|7=-ovc(qORb#$s_Z
z)qpa9z_xXk+e$SM;jyUH{c54S5>Nr1xrM$Ng4M?E(0cevN##*LCkG4NxtwS_!~!kt
z&t1bi-kC74Is>;gusk$u=s{JaGj27FJ>!^sLKXEi>KImn>~ZsLq+2K)8v8QkjRq={
zRUea)`hYjC7?*f1+598}!}KGcXr{>5pP41w=LROQqoqXG;QI{_rzhR-OXv%kJrV-@
zG$z4mD;&v%nMKCT-)%VWAbCK7RtVqXt@J1LVd@`k2EH{nYO@6)<YNp`X`U;e!;UjT
zB5DniOj97+rz1l5{emjO^+?YfBDsQ{&ljVR-txS(>OSBY`jy1Ue5sYDE`7j@&)e$&
zjP$@bHmWW%j_@i^$TM6Sb3p72cG*p=fMwks{iGJKJeD@GCct9*p=|FmEb7bm`Lg<4
zJI_m)^_!wu`(3Al!;90tI;_axVnghDB)Jt=vyh=|!plJ3B5_Yo3Po?1)vEgw`@|>s
zk?DBa0wQwScJR!{kKu%fYF+yLN<W5|Xltb8g)5~yXwZO)`hWn4YyTHaS5VjuI??AJ
z=d5EqvfAn|tOEWzXEFR4?EXhtML^$(-@(+`+StZP_&<v+e`Vgu3KKFLe8}9aL9HP7
z<N<uSTmf<@>y$e60C^#CDrH)65JCpZu+yVb#<6p&{9!c~Yxs4$z%P+L{GYk|>wrPO
z<@D*Fr@0+x(%Bgu?|+_S_F|@l#trxdcSiFgLwu)nc&k2PH;tE*L3cLZy}2Ofa``bV
zWKz@z-?v?E>sxm1&GoXmxklFMk|Ur=yAK*dg=`Ho@ZnACems^aB+TLB^0VsLTbSI6
zyedJuUuo%`QYIJ);*#@nko>Zy#)T>har<4;LelBy@O7{PSuF90p?MMn$NZocUSl)l
zLpa^Mo&=%OJOaP$H{51lmhuxv-qmW_#7WT|@22+OOann)IrPVr)UF<T@l3D#<a$Q^
z(Of+KyN-6=;KzxEC`cApju$sH!1@;@3BFozd8;uV!-;rG<+>kOJt_68hLV=%nEqjg
z7@DQ<sGkQ2C{Z_&KtbwJ`kD8V)edR9{Aq*8BZx%I(}V23fWK3mr5ve@R+&uL*593z
z)G3y*rsI-2#<toTU#B)C)pqb!hhVC1YP6@3CElw!gPmAHRV(8MyoS|#4TdG+Ns_ix
zZU4wr_6!RBKfhLA?hEeN|9<rqzUolc|E#eo*;*Rg{NV&y30pP`eDJ|D$1_am3SXHD
z1rtTkesO6xUsz;*L^B8lp|qT#ho*Iw@)zbLU-IEWw}uab!u1Lgm{<eLi{<vGJehiR
zGajtHKfO<=0?6u9;RiQ{M8!}!z%ZYszh_%#q~fL?&;EoQDO?(|(_``4xwjNWHc(^d
za<g}tKka7sv1aDHWURO^pEFst&<5R^IKV_@I&{_w<;haiTHhy3%En5|3N$%5i6MBF
zYG>Fq6~o#n8Q(A7hlUX@cueUzDIVDBUW4^MdwMn)qApT1D4mg$5~}pS_TD{-5vxTB
zM!~SbaumW;!N8sQ{u=izBSeQOqB-G7wi(_t`$`z4fxtRX*IcvA7$PNwtTB&rId`M=
zl0q4(Uv{*%$$r$W^h%rt3C^JBHvc=8k|Lc2nZNfn{uQsvaCF@Zd3I!f5{&+^V|%n^
zNU}_#?1N;fdcW+u^a{#H{6HWd2qrFr(#IT%RlbmDQ8v|SX|0H1x=RNW;}6E1KA!o^
zevari^5!s3rt@3Z%^|QUDee9sW+WC(Ji%8cP+HmEHOSVu-q%7I3TJQAD6F0{FJx+j
z22A!O1Lgf(6%?g{K_^wD8q)a(APw)6IrPW{6XSqoq6Q19SL0$56N{#B&q9^vA$1ZO
z*$x}I@MLxpN?MV*R|Lg@z%Ye)>ZF{S_dj9^N|7aK*OyoEeZ>@-zxOJYud?DFt`r?V
z^AA@V?wR6kDU*~SNNVJxfJ{azyowi;7fuAD7zGMP&54^GR&R^M?$F>Ywe7bANQL^w
z1z_7RiEqNnFT@|FW#Ym!bG?!N_?)BL1LzhNT0x$BntPZZ1tln1#Dy75&?6PRf8a!H
zC{q%7%YJQ{b*>Ui9Flx>JGPPgSw2yFO&f@<QWu~Mu8d}BhjtyGn%6n1{KM$&=r;GW
z!=RK)K72eDJwk_*4s``a*Ra&{gY#DBMvWMOcdAJuf52sTmm~0*_GdLZr~=%{1uH{Y
za+vs3sSh`szTOPRvgcxUBr%*2SNzfYaVj1jrLCC-YeL(W`ERJ~6&)M*kolz2UzG8*
zqz8G6rUvMV^=Bmn()ecI%1sR@cvUe3M|53K+Vj|^2@RiD8t9Z{7s9_CF&cONjJ)tC
zFl*sY5Zj6rP8plzkJNwW?a+tAdXNMNv9{U=JIYW(krR!d)@+ro;~xh!7HNCHxG1<>
zEmo^rM|B}@U$|}!>{zy)q6|4=Y~E}OxHkvfP7j=Lw6g}olXvZNa>dowe}~g<vPeuz
zac*V4{K1~Kz<rS*3iwRj5DK2cAb}KJ60Q5Mne>cbwTAtd1NeUp%D-_0JAFe-eN$s<
za~l)eKZ}(vB4Ek?QmI^wI9v=!n0)Ircn=snycm2?+M4Wa^l||c`8PF77cdhMFn%Lv
z4}6j+nEx(HmKngnNWoCS!1s>!4g>5r{MA4C@9HD;q&c+Hm-iBZ|GnU{{NjIlud=k_
zh6uXPGJ0gGggCaCz&hzHy1}8}Ixz`_%z_^@WH`>c|Gc1V<XRny(HK#9(pxkx$7Ruq
z&IWY)-mKxbuBU6Kb)N4NdST*e@lRW^&+gl?-mcFzzR#Z^c4#|kqk6r3%l-HcK%lI4
zn3|964On6;@*U1gF<ZT{nM=XRMOR|I7Nu?!FoCs*RuujQ_U#@ZtNV>7wJSEvSweNW
z%oC&`cEf(=d)#UxRapRtbQ+WqMuA-jm>x8`Vk3z@1L~22E4E4ZQHS2p18ih=Wh5=i
zBsV`9KBl8HE`;kI4#f1zUr6iW*5L1eX4Nt3=*qL0Ff6MM_;4F@skKpCS3<9qP^Gl`
zz`=MLZxE`XwAhqR#qF-Te|Fpg`}^-dgos30K0^A>`RL0XaEQPl$IMo-4(x)rol!*R
z%)ej(J#B39^u{UeY848odSFpToi4R}*M$rt12XL}--_Fg!F=;Hxkr0FtKo%$ah=Ft
z-m0}S1rM#LuF1Y^WKnLdUIV>b%9Sw@_la2;v)XieR8f{y3^x8<($4IrNB3#s=Hy15
z@_6~fip&LOljNZlQ*kR|Rfi@!EhcLH2<$=IB)t-pQ(v39gCp*~D`wgPfSLx3AA2az
zYDH-ira6BP8~2A=Z@zy74W&to-RR|S+5qchj+L@gWA)g;o1)&CE}r5DocWRYojWC^
zQn0=!nGRY0Y!EHqH5Kp0p6hgtEwAeH+xP?-3d;HW<xREQ2P(!`10OGl*mPO~H|5Hg
zZm93sQG_TMZj^SHI3?SB(t3AFfS771t-oEAaf@RdTmnjdL(xL_HHVo?WE8+ij2Z`b
ze<n0xs9Bk=eTG|NjAMAh8Ni7&Jz%Ps<C*&J(53OtoI%&<Tf|2_+atVW`2n(7-H+CH
zO@FsVOr;CXNXoH0HV8$|*+(tX>5ArL`lX(q^$uPDc8vP6^71(n9F^D8RyfB{VH>k3
z8k&HH3U;ZA{z?QXx-m_X=wdK)PG0!L<VFa}D+WBdR;1eM62_9ara8EIb<38@aJt<!
zXgKxgKHfB1+LU6R`gBA8i!}CrY7a&?Q;_H0Z)T8doMI<B$u`&vI4MNCeJ#`~TP6vq
z{x)VEFukwkNCvS!e)i6L;2q>06!=)NZ#z{>S7Ke1sj!7|AlfZpE!41dAESGC_48kY
z&SSsoBG(uCG=2^IKZDLcT7GJZ;);f5#@70Og&JqM2^k=IWbWjW&Y>3j0~x8pQfMS*
z(jYzo27LXbTE-$K!7(~!LHieKRZ^Na0N(LcjHq_|IY-ZF?yjz9AFu8%;MPGMFw3wa
z_!$C!Vt(`SYz*i0li7|rB|GW3&iL%b7LdAwar|JWK7XY}3`d#N2=VsJHYc+dYaRqf
zlZ!5&h9z9Yq^cc_=BJ_)Eu=%N@eIr3GeAc)!st$lj!enK(`8QS4pmzwJiOnROcEf;
z;mfkBNnrePur%f4uBYx*E+U~gmXB*?Q5N?6@V2FOkiwE4`5kG|LB2C0)es$WnQg$w
z6LG$g_T2G~0fIk2`K4+wG^xF4G#I=TUdEIL>g<A&*03knMmQMoM@6Vi-S*&Ue_%nn
zTG|beGwt*3AEF$R)F;7`646IW2eu^xYOb=x>ybHJ`uveib{!j;vVK|p_G|pFy4OD~
zZ*8UOVD4n>KurIa?Y-q@B!T#mKSWqpnx&;*DG(5F8U+JOz6qmIKuvxNcE)if!@)4s
zbA|b=lHm{i@cSq|Z3~B&2fpuq?tXst{)g?^___JMx#Q`CkszZ}65Ud@qMG#Dz7k=u
zhxDg2jAt<(Vohbo5)M??d%=q$<Y?r*I92{SP~#;YA3Ll)BGOxZMY+AS(L6Xzitw<;
zk_>SW#aPRVdSz%s^OlxsG9=3LB$Q|Ll<}}BRVZKoRdY)rXlF_$PE5N*Rn~ZeGn0~U
zf<`*eqHJPEv^6`-vy5@>n+j7GPF;>PK}J7kL;uQO@XIp}?{$uRs9I_(S(<{UlO;q;
zqp(b>4lYM#x>oAh^x^Cx=zF1ke-yh1s3!qQXq*uNk)|36#<ZdYIg&@Ik-TN8i3%*%
z>U0{W3j}b)Q+(Gy+mHVZRurn6HH=>gJkM7n|KFQkQA*C-&e+P_=0AF6|J5v^9bJV&
z6C8yVgCKc{m@k(8kyhB()`)CRQ4AvJflzNCWHdoEhI6lY2Yol2>QuZdo__XF#rQ7l
zeVTL?A4T1Z!~s0dUctTN^P08wsQdZx#Odc*Dulo%$0sI)&J6?HF)kZnM7~tt*x6N4
z_Dyi6QfDbk6sAweL7Oi~f7H30vz=f{J*A%PXERc;pB}9NJg64@SJxs$ek*C5L^&C=
zIA1b4g1{R25T&aa!$a8+9!Iily+*1cU!5g5g|il$eq;_zc#wV&exahNUD1w8x{OZi
zK?~BS+tB5mHUhnmB&1b+E-PC2S6MM;L=juNy0Kmcy;h$x;EGU`K~&zgk&uKuMKS~r
zK~4%ms?&@PnmsTQ48qnN#8M-=2%<RN?XMJWv;krsL^_gv)Z*|Nbu=)2(Yn;ekOPU1
zF<D~a!Z;HMW$pVL`sSQ)KdJ#|8=KZ2&B{s393D_{=)*C}<JaszJQXLLOR7|n8Q+e1
z_0g}vj@xL=JY7I?5K(B%Qnc!eVhRy9Nv=FG+q|aXOMl24-S7#0Yk&!CK6b<Zo}#`$
zWg4r$UPCoETXD3h4o%Bg-g0KsXqDP=SR_aHGo@Vk7CzSfeVSfN#)%p>=H>7czuLlO
zE7xH907KMk+O8<@R5cdgy<RswZDa+e%bF`B({<koJJzcDCo65Gq+)S5yQ6Kl)=Lw0
zxY{t3bFg8vcBvWSSd|wtwA#@kG|b+h3QwENA(Tg3Ih%9jkE`i2nvBcw5moUv(KaN)
z7vrtN(>yYhaKBe$i}NB6W6g%;B<nyb`!yvLL+v`JZd(k&=@^+Q9vWXW7P-M%g$j(M
zMJ-qQcaX#r{YPf20ari$eJ!aFXi!mkU0TW}RQo)W^l}rVXUP$5cL~@ZX2mrErQ%0$
zEP64zxjn`cWXCltFfenbu*wy;E)Ad;48+rW+b$&qI#b*$?m)mi@+NFxq-J_xr>6K~
zj45C&=*wnky)BI;6zA3EzuR%0h}23>pw};FdBm<O%1G7D;RWi#x4nfF&%9v@MV{&3
zB0XIKvx%I(wT8g&JuWQb45LrY*&~m63<&m-HUqd070|m59e|s?BknZicNcP-awdHs
z?JagJ)`S)B95?{bDqL$taA{=%0kWR4hvQ1=#|_)g746|#hhp|Wzxez4J|z6iD+;i7
z$QPp$$z+#GA90Jd2TLd1GI9%4)*wdz;4`^}XH0s&ERuTr_6xR$pZH@<Gw9&?n;oxX
zSg3IQH>TSmg1aFrBw4r{67wdxNnE|Ua9gqR7ExZuoNuq1r$wd_#1cr)Fo>i3G+oz<
zGc|mK!!6;5Bi6UYHvp6pjhF@DMRTs%#%;+YGne!NpZJt|cM#%1AcJNU_(bq}z1}?>
z`HQkX5FU7^*S7n0g5(5ub7!ATo>jxX|BA62c~TuD&|i`M>(0x+$Jqaj^nb<qDz!*o
z<Rz33(lw)mDR_KHe^|g}lHTJZmN0TiIlyo*S0sG;POD2JM&j=oS<bF3u{>T&%j?S#
zRn|l6uE`o3lvQByDvfZ~m#^<Hvg^9OO*>tToUfzAgUuhKlNVjjnfF<a-Hy{yw(qaW
zs(_n*J+Jcq5-2>d%B3o^33NnA2e)oU%Zo_yYh^}<FG_c6r1}^bppOT`=G>``-_j^1
z(wdNi`Y-1|fu77yq;h6;3-VBXK$%n6t&9=NAVEb3ph0mYf2+-(cKld>I@SK&h%0_x
z79LjBARAn)7pPTy^T9r`nmTssD9HXjtHEt}w&bl;uqz~4tti*Sl`y&XiLw-?B^D|P
z)}TPXuiB2OrcmwaJWk|iE!Y(0vV~fxU%+w^my#Sa(IASI1{bnO@yu|uj$j3VHj3;I
zb-^JK(CA=*C@GUkjJ(BISO|+&Fapr;54X2_S{zyQ_3DONeeHIOf&%BZ10E=v$V~3P
zsth!@(OtnpzD*BDHzw05Qm&&2jpyCB#Ph~GzuN`BK@=#0a2$%VRx2YQY`UceD1+Jw
z8oFZG*H=(nq#s>M3N4Q|KEBKadhk|{$e^%7D6&$no&qKk0-I#7`wJ&*^Jq-mJX@R&
z*bF-rvmHPMs2&L6Jne5$+RWF&y>ja%;hF|Zqc2lqa3@QiZ>A~E>gebz9=FCv-B55d
zV^DBND6$^pM)<(C?5cojN*30Om~bGl)+2Cdg>6=94(~;=XQ88ItLCsUDsouEaS+rZ
zDvB84CpSGLEwxA;;D#eMau@Eg2%%Ia*>lpBnLe;>O;M^L>5$LylpDzPnbgsLFGx%l
z55tZXzH~yKD+LN=#zq)dl{^|q$*%iG8cjiD9KNLwOO$V5wE(VoAnaLy8MD_4G_~Ep
zifnb?dl;-x%2u|QBqvX+e9_R#n$n==circyyjiyAJ&VF5c9xkeCK5ty!(Eok63;!E
zpG3OmDFc<>8e(6Iro`}hG}toXKbS*ahKLn|2PrS?N^z>grMMtsLWPBK)MTw|LP*xB
z%uif_cBt8!f>@mn)gKvB5JW(TyK+$2ihV}}T|RA|hI%E68tSw-dR%NICNjw=Qf{pz
zdwkmSV-)xBF0(X49oEr}7Yof$!KHI2@51?LNxt7vmSA}d{FVUaIgF#N1^Zy>2n8F4
zRvtOq$30mT_DXdYZ{Z|>Vgai7(Tb%MTwQi-_fTtn6ohfuoXD_nUu2dcaJdkHiw7GA
zvY3%{&bSOeP4A7dtyLSA-b>A?-3*pTK&IZQy<u5vepCiCWT}_`GcF`{Pao8><be^a
zLt3jPhNM!QXN<TWzr_QkP*qtsR@UsLaMvgD@IxPMo)0iSLUvA#-$Qqr0WNILIJWyz
zHT?rO1m)!$-7M9q8KE)Eaq)1}WLQ-dfyMCSAvtIK%O%zFWNV<y!Td1t%T{+kpVAB)
zQJ!;IT_s=MF|&MZ+bB14w(V)MNz97L^<KY!e=`a%(!#<wiyY>3cyuZEs7INr)aWpc
zaM=gD^GA!d%L1roq0~7cVX2X#Y!NtSsHZntV1N8`(g?D(W@8D3=~~XaTpp5!pM9WH
z?E8(;KRY#+=3$7s^NyHXU3cqfNeEP>H)?;Uo+IN*uhr==&=zio1Rwaptl-eI)VZ34
z_7`);{^+cPnodzd$w(NO8;?h@0p}`oaWtiUwg^Q+qSzWYcGKA5p6`Hv-~JRdva%%P
zY7z%rDvq3~POz+A)+cX1=rKD){^>rV@T(<Gzl99xgqV{{bEY<ZVlet6D9oyBL$?~`
zsvZ$6x)Oy^sK!uLt!ameTBRX724lI9JzHBnn)Uq!!>4+mdT!S@FSiQ*T*%@FI<~<E
zcTY}@u1UzyixB-|R$%kI=Hnt8f3vXky%f#m?MFjeu3p&4ts->dPPg0;Aa^=;@d0*Z
z&;DRbsimx#5d%YpbVvZ9il+cnk42-uQp6P9n7g@=@>>cnZKxQr*WT0#oL7~O3zYg4
zLpbHfWOI9EZrRKC(CK;6wS&unH?@jgDdii8Ps~A6un}jZo^Xp>a@Xm*6_;(4ZA%WF
zkUNG&v==S^5x1(8pFeNSb(mjacmhY<KdC;ww8F)ueKZpt;8v8bHoY;N$!H9OD=lvr
zC}o_Sbq3FMbVYkzA*E3uUXJG+aQ(L_PsD##eNzH0KdGaTb1r&?wYth4Ilec$e7qGc
zco#$}0ao6Rx*m70%-z2UzluC<oo9}%Mw1(|J%C;9@3B4=2y*4kx;){I7(hSn0&_Kh
z(Uhmq-jE6P!&epLYD=HDR`7xLeZF0vdCgj69zJ0!N_fje)?X!{wjMgUap%A)xtHC=
zcAhsUW7<Cx4@uA5ow!H4K@PkZu0Fr%kv3MQTrOR$$d~>wJXN-G%kU_lU}>d#w)pUm
z5WI_0q0wTi)g4-1PpDKHyU0qGQ4v#PPMsU5)FQj9Kt5^-RrML-utML}&eWajtGt9y
za)a!kX-z6k?cU~lWJR2z!ALaG1kg2*!q4fJs!1kf>*p&l+zor-73f@918e76ye|ID
zEj6K2#$$%(y0pT6K9soYC>)+w)9NGYhE`I}p)*+Rpm6=2&^ft4qfhmg8T<&CiE`5B
z{1kaVwN|umf{iW~FoBkIbcJNpm7h{=Dk6e?(4v?lj;8`+jMN9Xvaf12Ot6~FlGwPL
zMzDG8(HyDUzobkOKDZ4}9^rc-BUL>20lsIPgjZ+H<>`e30?K%wh?3-r1OlwXC4_2d
zTK0ezCnbWj+!7Rcyq#-Rq*+y<7+2N^D-I%(rV}8G&jrUSu48SJi_^4WX<!liEPZSN
zF2GNWT&~{edh;m6V|vnewr3gpXON90ah4oTtz1}PK27c1DmT=f1P;wx>>RCJQ7%89
z4Zz<?z)Xun--!BLoJWrvAvQ@x2;f);`@wj7y{XPLSi+R8fTh!RA%TC|{lIaZ5ALjn
za2O57b|45fTBs#h$*ni<0YAQGON+IiGDVY7ZJGRP#`oV!3Xr(xI7FwSN^cuwNm&JZ
zA%<5`F`9B5+noIHo4RpIPU!_|FfTs7%Ga=Vnqp};!NO@68kT7r#<ll?rlE7`C&GfQ
z%vW$ZX=RyMGXKcdXP#=~H=`Nnn;k+Kbj8u)2Tv9Jv4KXso0Q=<(n=cD)C!5;n%u?X
zPqX{I_r9S}VsC4p>9x&+_I1}AqPFAEbWGw3!ma-oDw<9tbPebX=bD9m{SiPkf|)kP
zELtnIpN`9FS0bp}2>Zhg3(M*|hfI!OApWb-vn3n#9INBwBzxs#O?LXoB4}9yz()bo
zGyEX59t2$EwIgdY<~rncK-8rS+MA3Q+)nDQ>%MTO(9L~qXpr|uzT<~5>1vE84&_I1
zT*Q?xLv*l-kNErr%9%#@Koo~}TTHO#1ecbO#%>jr!9hW1j<%75mP_QWdyBG?z-?+&
z+{Vkao@U1sM##rB>x;*ryR&Os-3Y;|LRx^&N*W$-+%Ps$6A9_^UT92snxQ}eq;JVq
z(0DW#f9FX=lvy=`^b_2Q7zM%dp7O}3I+=xjG5bC756%nB4Eb4iNIZDRJ4{PzufEay
z)?h~@rh<7V=#n|GZ+p?$%^Pg=_j%iDOzZtLgLH!4L;j<vEA_QQUB|<onHoV4zo%L2
z_8APwFt0koz^k2@xK@8bxr?29b;4(Wjop^GdxsDmsP}tRlZ*V+2KagFVNZA-iMTiL
z)lBq>%3-tQekmI)+lBpjN9+kPo9C(C_$0Z(db=tHsDI)97?t=y`UvPDxWW6^6kEVm
zJ1PSV000c;|2WkP+S<7bTN(eOBl{o46ctNXWM$MXRwq{y>3B5vSz^6_Z-tzY)cIlJ
z_z4ga7fy=+;xIgvOUZ?`?G;tkq<yN3_Fnt1+#HNCktBFdRq70ku#%wNQ=z{|?$NMQ
zhrKH}q~k#nnywBqJ!jaPW_V7Xe0^W{p!_;+pUKN>`T50!(GmQAE3TVUo13?_9j;DN
z2)crPWr@>Ha8OpK5jkP`n9NZ5lq>=$W;Zct+6$C;v=ECN!wbR-^z$w>+Kp8HS=wbw
zDz68Y!px<@Spgm>ux7|+te1ycA}fiJ%_gL14Jr<+(>d%`80thLr4|(IKPJ$&>{sX;
zEBP91<6D6CKP;Fa@gq<hDOd9eL#lu@SJJX4HIQP?Fk|?(0<>UeEMtlld*Lj;4a;_z
z*i`Eh&IP!jY!F-QsaL3_#ohti$j|x9_*=|CO+jtWC%4z}Vk+2G^j6Ie<d=MRizg!!
zRs3MZ)>(}1v|MKg^@U&6`ZZqXXOPP0(1dgqos1M5F*066?m|e@kPW|z_||WDAJdgP
zr51vw8Oyg3F_E`_QMren4$v#_WZ2S}&}m|<3`MN8wOX+M?E(eDnE8Z4MqAYTmp0|o
zo{c~GjLE#9sa9ZEXjv9+g4=dMKHNLdM*VtzNhaOaFMZC87MK+_pNmnSbn@%r2f4RW
zCO5tzep<2^c{(l7XB|-sUT<df{@Q?7CG24Ye;L^v!_D?alUA<cBZeP|7*EghfLYvi
zIh*2D>{>jFctiNOacbDf;yJkOw_`7m;!ohpg>>hNzjy>&M%mKQ{ngGj)Y*qK>(ac$
z9K}<xwWIb3K;bIfKn{SaSlP&OjhIz)QoXjZCaYldGLOs;oeYb>fLBD{C7m3xC*Ol2
z#HFeZOq_;V&(Yl_7ov%Z741}&e@hfqqKwU_tJovP)@>fcxK^HmLAgt+cJ>$K4i7v-
zqR0vudf#fKQ*CtE05uxL$3y`M4pAM0{8(n3dhmGEIF1*UQXHa)E0bTDa{#^jNSm5;
zs>0Lo64DtfA9Y_`pzhEkAFWCH`RI%i3@a+kud+=_orpnud{1oIH!37Aq|$e$mkw@e
zjbMt*Rj{wlCAzM~NFAR`y~30IJ<X9_J+HcwK1GOGC)Z^65MO+`j+5Ta;U<@OE|OBG
zf8sEFT7!Xl`>M<SYMCHEKy}%2?udq{C*dRX5~id*DV=eC=mLh|0VSG3bEOjLhvB%l
zI=aJ&box}&6vOQE8f1|C*`rQra)^kwQQqd@hV8OLIQUOZUkjxP&u)}XSM7XC)bzLU
z_T8rHAtqowcj)teMxM{|;!rm`6&1cV4CZQKg<Rv}O>Qz(ZmkUk*0UOr-$?C@zpOvJ
z6@2+x#%Ud#HfcEOe-ryX0%p2=Rg8@i%L01w*jdI@lVv|t)*RVFDNI+6U&yY8-SQ(G
zwf6~yo=M1&!moS{7oL%o_mpFzA?%|ZrE)`*YJ}l*3JQmMLRN0UcB=}pL?$hM7Rq3L
z!eG6?Ik~Xf(B!ps1T}+%UOL$0W{CI>PM2jzp0@w)GPPoiz9OG#xy^U#3FPJU>ww>r
zO(E9};=s=R(8*>CQ)v$VhJDw6w);y3?1gmu&dON@=;xq%=Tz<Xo(4Zk$3_RUTTTXi
zFekf9<=}UpJ(;{?hkacgr!7SXdxWmD5csEH4=jQFpbhrCAkNqRx*HUlp8hAb7sRLQ
zNG8$NcTDFl5|{@T(N0EQ13OC8Za+aZdtco{AQ6M45)$l@--LsEbLhdL5^kMA={jw+
z`aTI@mG`UjXm@Co+Q9~Uh}kj0)lYBWINT(yCkT>`Tc<UwcUDw`NL_;rgGy8g+!^SZ
zLmim|FF-qXAE=+bpwm3f=7f+eZ*-(?2l56U2|X6LWaOB?^6uSP!tSthq>zY4@5F1{
z9PNHgS%e={biRU~*s^^Ffzrak!S{L}Zi2tWv0Ls<#kNAt9V7D$lRYqpYriBdhRvR2
zykPr2kvp^{)J*t$WeH3%Xp15*Qku!jDa}$Na||*3Mu3XoZ|jn34hmEl=MsLLDaE|~
zX4QH1qej`MxCcdIQv~%kRkV$#n@Z75c7L2NpE_yH6B7DS@}xHKC-9~9Qo5s=bfcs>
zaCNp|>wAZ4dCCm!XU!$24wS+R##Oc;w+=p=q?sYowy-reE#i3t3KXmSJqchU@^)Yk
zJe|353wS=<n26O&GOxAp!e_WK^M?fXyBH_?M9+`m6I%VV9Q1f*s!j;P>~o(O-~035
z6+3_Q3F@^!s`0+Mt399q0L1^UL!;>AU~Xgjui&Pnskp$0{DG=5Ka4L&j!zgAIorsG
zth7i-iGpms=O4+&#YPa#lvXU2An`8T9Z_H`V!As8?wfS5_Fz!gFX%GE{+eYwV}1Yg
z`B@R*UJY$7Km`yGlE0DO3D*pdX=(n#+u8fNca}S(8FYcAOE_dXtsX}NLLV?c=zAP`
z$Yel!&XRMJ(yUZdQp+Oj4E^Q1@x&+=3w!983O&8hyzkieW+Mny4E%f~Z6HF#_PGJN
zS)umC79GxFQ#KeJQ7y3}CeeklT?Qe;sm^hhlZ)ipkwmEOh6tM&&1!M<UT1?f*3QR#
zSG9-HzS%pNclsg$!Bp04;(=Cw0>A-8qbRzl7yJx4j-g#lT<x+o^{KI9N)BP<&2=qz
z&m2T?R{x6J!Z7+M=vE4Spv04LoeGsO0j=Ms7=x_H9cf}~+K74hH24JiPzx~JpOS$A
zchI7qR<7b}sJRSL_C{khwLc3Mv!vPsbZO3p^Gs2#09!EHEt4vK!h$=(ocB}_Zj};j
zdhDFb5SrMh#;$Yg+=g^pA7}Q*H=ANCw!@dYNJunX29UkVPavmW{Ajir)tQdd?h&d#
z8+VzjXFCy`UL(@;*T2a>+q;1AS0a$q6kTtOZZhzhv19oT9`D4zQfWO!-=@P1)|n{|
z8@G@;<DS4#+NSwLa4p`v+?TyB#w<fRU{{%5#j~5l16+_%09*Zd7w@_u|40C%Gu%Hb
zV_4QRV;1T|3Z%2t?v@?TUpbLf+A2@Z(Ozfp8-+df0OolZqU#ftj`%F{#uwmSSVO${
zeBpOkBMOIYo_17@-w@IcK6c`AfUrglBI+Rueh=OHZCc|t6sGJA@(szfgm5pSg0jrg
ziof35_n;Z)c9xyhvjs5}zT}WOMK=-hD=&%EJ4>{-d)d-(F;5JfaEAPcN5=y+m=t;q
zkti(QJlcEU2HRp8yOSvB_+Lm|Y@DPl{<swZ>E}L?YVOGPP#9qe%Ed_{bHVl+WL{AL
z;vBL1-ykE5*JG7Pd)SJ4E>a`*%S*b$PTctGY7(#oDkyf1*`k=t0qdvdQ*Rx0UxEKM
zcN|Y4+>idcy)66ne%-(A2nidS+5XG+%2I=L(^5wHuw@v_kkZMR4e2igoCh6U_e)Yp
zfX6qNP@G5pL28Ye+bN}!Xij=9z0+x~h+IoaPDxpfJft01YUWQGL<u@nPF~td+q&0%
zEkIrM>E2*etd9A9JmLAg<#^S0l6{|ZbX;~2%LBHHsEp0`&4KyF>5xD-&#k0xqcjqI
znQv>jJIiELdDIq0Q@=%=pe4UvGf+2g&@iH7Pi!kW#_&Sh@G2q$&}@{NkH87`-f2=a
zUO;`d8tW7;_*}$_NQ;#LyUY?6cD)M0akY`Wt#t=R7-r<6XPDkKNOUr--~2MMp1Tf~
z@Qw)wx>hdFkB~!~%nFvA$}C5Tnf|0MyV?+8S}sj?ndLjCt2kq{e((a)+akGPJ3%iA
zKTeTaWn9Y$WJhuTc*GNhhb>Nw6+-y}T@^b0q&k;v#B%2fGxvfK9m+0tlBHU{Aw>!W
z)vX&fLns(5nMpfWu>K>KjIZQ=#`5UT^-h;pi{SYuib-)&++D5Al07dRl+wvN-Ep}O
zzy%a<^6QI;bWr6d7I3)`3qS$bmg-aM6vZmJQqDEZHx^L=lSSAK6)Ni=%Zo{PXyi;y
z=qbh>N7>R7EjDJfJB(%;M=93nN5Feq*eVZeS9<P~4btqgG=h{`HbX@5;{X=74Dv^W
z9@Pfr6~axCC4lHXWizA;r>t23D*K4>{LtCz^np7;Wjdn3m?(|>M9cayt+<OVkVWDn
zN38+94QyNO8-ka25fZY?Vc=0gAI`<IW|6R$xT=B#Kj!lFqhnO!wS3A!L9EzB0N898
zIGD7C%+g>&oJFi^7o33AA~yvpN0u<xovrvn1?I#F3U(uh4FkzAXb`5k>PlUrV=U{!
zGceUND3vB1TBT%g?HJpcoPMqbR56Wfq0aRW8idkIq0Ef0kM3(xSp-eCTLw!h*$UQ#
z{B+Wa#X=5XbeLyGP9MdSk`m8TmqSozJ*N|jlR0+bG!m-LQxSkTJ4F+aSD=@5S}AS@
zaM9x%$c>?MVE{0dfp|y=y}bz3;ea(cVIcCO5)vArqY4%l@%7cHXvWDn-J)A45_m6D
zTzm*YdA1c%8ljQ9cTX=d@li{v&jBxH8E4Si$g9y_v<zcBlPQ9-kBvdNAi1KV^{C&9
z1IZ3aB}?3Pq7%2256ghRJ3s{;tyRrzlnrnzA^)(zsS&5}DUwWl97<nh+T@8mWzr?E
z5lrQ}n*BOQwi^xG5D_+6f^U}|$aIDi?71^`iS3<#E+j9os~TKWb6h24=7t(psrVw&
zBhK3{+`7~m*eu3Gh+Hq;(v*z}XN#nFPOa7)WEaAV?}~(Nhe7Ufb6gF1iqkPbK%Gn>
zt|WRrJiOil!s0F7641}iE7FP&K774zCUg{g`chhW5j38tl^}V&a7)iFqeE^mA_a@5
zs>WuXKNT3$HF6p`i}rkw$bs8ia%!^Q!-yNrVM0Y(%geZca)zQai{0yui7OR8DRYmB
ztD?qoL^at3>Cx_Bj;`3cn{-4Yufw3iozQkY93}8V?x<REuqxB`^CEfwcs&tC-eS`f
zWIac@^aqYnx+zL2_VR7(pg(VBlmKi_K^tj7VvzwLRwtRW7oaHeG&)PjB<cnf##Kr!
z=cs(tR7fLw#YxbW`Md=|c5kYa7ly2SbewgY$ZEutoMW?i>YXx<tfw*ywk4^v*v%a?
zj_wGn0)MIu5Y)+xH1!Pn&f+aK?W>TqquAo_n3(GbjkciJkZakMP}0Prv?P*3MlL-J
zo6SA9r7>7DL(ddttP+d4K|EL6y4SYuQf{ksoZCH~g|*DM?%wZgTOmj(*N25OI53ie
zEX>iSPNPX4)0N@f^%<AHvW+k(GollB_57h=t?BZ`VS&ukh6{VrncnL$kc8KH9kc>5
z99WK>z(^W&(~yolZmEXEp~6NALmS2w#+-!54t`VuPJTDZkJs=xzlu_E>_pF=22Q6Y
zW=~G<=5&*h&5)i(X;xT?6kgNW#*%jbJ#U_5n;94ms`$CFE*{BRxBfx)y{ov16c;v9
zrKnH}3C*~mli+A=&0ZGSdEK7Os2X-cK9aGvLtvGC$!ddUi76jT%60ZC7Uig7)9<c~
zOZteBoq~Felax5LYU?R3eG@;vX1P9K_1nPf)nrnfkragX$cErx6t!*3WuBYUlR{>b
z+$IyO=QR_BRe2aH5#pJV9rKH_zd($FkWq$lx{TzYUR#8@gese>45g(7Pdppvclr#y
zVMG@ZcDWZ^2Y2dY;fw=3y0w$t(6?jZ^aD@_=wr@UCY}73H-sLW-3aV%$%^5;@^Ab<
zF+}_LLCVYF@>?ZvgvJ16ryad$_Bn3K&j;2v^)V!BvH6Q{@jRJip?m^zfVRb4l(%&%
zPHI)dFO<FRbWX^g%Xf8>H!Cbcx(<!%RVjQ#eq1=C-EmhJmxszbfCwuuF`y5m7nB~A
zzCetB&5~Cs%7Z(&W~jy!LmA6+4R7Izx)^=XKaek5T_Q_y1o%BSFXp7(ZwGBY1Z|I@
za(uRoqDm3TC+4JVj+QI(godjGpyzOQq)eke#lT)*Zj+Ou9$v0x(FwbMJo|@zW%)Cx
zw_&SOj|SEC#QA-IJ5sBHK5uqWv%jF4<UmyhpXRrqdU<`ItWLl~Rq*?fS)$m>yHl({
z^`j}+qF+{b=KR(`^zkhMA{{84p&94z2C>%M{GT8?eMxo=FgD8QBj4M69tIiB5o+=w
zdgQnfq8aXlHdS=tsnU8a#fv2a0cq~Dx$jOBM_lrHWb|Qd(YbG5$W<aIStFAW*;hff
z%WI1~V6M@J)CJl##h@#UUu@QXdDlM-6pZAcbwtGwiY*X}czFBJ$;$i=*W2D(CsI@4
z43Uk^uiPGq4GxFXZVhzrKj7qw$p1DogVc1uCM0S(s~oKn{<=iDl>1}V;kfj%JaVVY
zqT~F4HL1vDFYoYG?~Yq02Z|3@2sY>O!2;Nc39&YHZX}hFtGai{;qk<ldO0`o+NSXi
zwd0$hnPBGSIFD8|r<-F>=(XouU(Bn9OGm~HL|e`w&WX8GUCx;abVG33nnc|5u4*Uf
zd$yym0PRP_Pdn_D@4TE3gjTBjo28U<B^L1e;pa;p-5oE@dI|?|4zo2jCN(6zUE%9j
zf*42dm_Ao3!8^Mx<h$9DH=I}Sx!rKPaM(wRI~%v6SEcsFpuWeWu|pO-9|Ev<W<8{D
zu)d+OchI+RZ;5$=S|tJj1wvw@r@An!*l(N|Y>;iVg-6|DZHR0gwKpWcPWAv{zsDYc
z!A@Z|o7<`44sdnr@Hxty$%8mn&)a=Mo@dU;&DRcS;#;!84uyUSA67oQt!kRyOEJhj
z&GlE}9|d!!OUvAlC&XTWNZ~1-mP+q`=C2dK<;2xi5p4cic_!z91A2;Ne>m&Jq($zj
z$Lj_zAj>Y7xsBRO4{9~-IwGTfclp+geUs!qE!pnF<H~^XjebuktU`Z(ytv6lp9q^0
z^S)F4h-9*eEhLpKzyB=AsHAcx-i=Y;JBtzW<KPf2BemBR22kTUZS^|5pjZB`c=8S&
z)?OfisiA80?tZAh;El4k20%2}0+$~B?T_nCbE)0lA73}hF1}8T|Ms-_*Of9sTN@{1
zxBn=GMk`3$BGJQp%ghInO0FZ5QwJ;XNFW6n5QAU`#FY!Qflx9l!*{WFsO;BU*0^+$
zypeqi1BQru0emALWD~MRQYQcIZo-}Ie!soi^ZE7yx=Vq1KT4o0&^Le`0h2L)<Fotf
zWfrs_4{0=dMjHe6rcCIB8X>e63o{h+5d96kd7V+YQKGf?#)yzLd93cvcw8AdwDX{H
zGu0e*NCm@NZ(Fj<GC^#WL4w?~w6|b*CQ0RqU9fxmR7Gw`05THSLd`%e#}7}0z*n-%
zxZbcaS#Uz`Qj(LPK;Cw8bjQB+Vh<_>1C@uIGp(1sat4BN>B<O%P~}bQlBpFXWQfR~
z%8lG9=lU_GP*wwqb1|^BF*(JyzLYExcn+GPevzdcqGNI9a-=T+r!+~w;QbS!30=iZ
z<b*-rjfuMo<CL+o?4hZV5MISfGow_;#Q3)Yr%vA~CLG2%tx=|!t{R%g)=Z;v{6)Ev
z{CxBBFx3B}>@9=pTAOX*;I;@33wL*S2=4Cg?(Pt5;qLD4t|7R)yK4weAXxY~uhe(<
zKKH(L&X1>Rt@&?O&3?Lj^cbVVWWZB5%96Nh3K(1}<^|xU1nmXLx?{&s4K6F^zEF^H
z;D7pdPgC3P=f(8sJz6_oE0vqT=nM8DD-dR58dao;ZDaZ^;G{hk_wa0P@3_5HZ0)l8
z0j<PihbiElmx0B1sKhG&2X_8C+$^*`3O3BWp)5(-JDXaEe<=%RZ8v|SQ<!?_zK4}v
zX}g5IO|t4c!e5&quMJ4JvJaHu;p6;Yn<34Aa#f6sZU04&`@2&{#$Wj7k(+pL;hWjl
zg_DVc#o4O=Pp=H;{2*0vXfH%U-F20yYW4vjcDpWZq6&gE%iUe%8a5X;_Wj%v#8ZVM
zx#N_h-WRl>JDI3Nl`R&RubA*e-110=3>@On;?U;M$cB)eDJg-7qZTl?nqS#qkX^vm
zWC5Fh6J2nPbo1nYgvi0i%z*aqpvqsIXe6AC?A>gQK8ToJ{~R2|sOo8;X`pYVWtb)!
z#dA>s;jO8cO{wH>ifDx3p;Xt2YD}8cZ4DR(fWy-;IkLLX+ke7)9!lyW>Fa+~{_6NX
zK)9E5(UF8a-z(CnewpKP$?cQZG?Vjm@|ITzrW;n0AGa5To7p0_!I1~rWPfv9xRLc<
ze`uTJMM1(Lh}-<Fg$ZZ`q0a;6SptR~8#YyprA*D)OvTLCoqsZ|qSyK(W;#-vQ99-j
zVfLWmKqrvyn3^@bUPKNl{;rk4#NYv;AF^flTY-`<LIVdJD;4Pkj}_X_Zt~4*9r)aT
zrW;E*iVNuvPzew%4}49@-$Q#tyJXM)B>`B0$6u2ns9TZ2|4bXZnXmrC6!}xg3{&kM
z-L%pOoO(_l6}rz==$;57+VAk>r~wK&4@P=t46N&hpeP)8Dwe}eh;s0g5$MPApoP#P
zWpqNCbmMd`KFwczWy9Zw%9pRL=x7z}EO^}qzJvx^A*LCk9%kdV-}qu32I659Tt&lv
zn`H8p9kgyBDfLquVD}Y&mY8-wT#SfDAc20fl!mSV*t3+YJ<HYA$T2b^q(}#u#nz5F
z(T${}3ULI_NKJ@j!|3QV^$6<J2~K`N%QvvpL@iRGKr*LfoGS-HPuTBn+Wf|qzyIps
zc}R`F5)h|?=?CI?q%nnW#w^Bj%;R`dLVtej3OTF8KV}7JGPeb29&Es5+@#73nbWsn
zUbmwp(6U<i)F?@X8i($guju8RH>`TmXteZ;oAS2l38kKMeIsMSGMDT`d9E$SyxnI7
zo6WVm$Xq=`Eb)TqP`XJ?s+r~fMwZ+ry9{};Uv_C|h()>cB|si?0KVqz&^CTw!l?@*
z0K+drV=1E{ZjaNDq~|K&#=~+cQ>mS{9nPpF=9-nP5<PuwMAPfXFM2C~-=7-M3NZ$`
zDR;LF)3{yfuTW>*udkF5Zx2@+8cdbL1OiW4iNzt3VY25;pz>dE>j<Ni#RICN$Qak;
zDI_H3nKcKr&v{?(3ACViOf0sQ!2I?<FVIML%CwW{vz87&Tvsr^!PItJwuxml=aNsl
zoQ^zkBw03QOVZ^+CWW++O%$u2@y=UoY6?du-|*JDR<W-Ys8_<JsSIV!%BP|QCEObr
zs#(D#s-<}3Yc4H*-ij$27~dsW)*0KO6o%l`SE}{bn|JtW^gv!b*iC+Z7g0fW48BLL
zYPhfb*zg+_f^q#+ZpbAhATb$8Vg^$YW8P+PkY)P){cnRo-FO1)2k?&|{|I#Q{}||E
z&dv`1G8l+aUHgYfGYN`vm=4j1KAHZ@{-?{H&_?t?QH)avs*<?a2GoyItySa}|1F{i
zvjVCjWxY+{zNm5=JFC9+n#JWR$7g!W{P;1?LGTmbfDJZr2)QV_=-lw^w>rWf+G2Gn
z&22+|3)jGP%<9Y|dX|ud3}HOxLGn@f^#Z17?N;@5RzQu_d8&HL<7A}xyiiMZ4R`DX
zlPJ<J=`B;q!<qCp{*lTQ=j<vKA*@bp5@;jr(mPJ%QuVRqr~(;rq(oG2jQfH-VmDko
zk;$gFUBH;@v9&Y{G&9*=ZIDqk6F|?<PMvn$zU6khfiH>X+}6=(h}5*<66HzunPyK-
zrnEOWng%$)C6Y#@MSmV^k6bk|>w_p$N@SF1lt{=XMo@c_?ya`5HR*t0Rb!P7lWVp@
zCd+J@c1N+r_sda7toaLza{3-8(G-)Tz#sXw23+q3<4AN>&|ZLB2=5&5jl<)pCbL7W
z4pYuzL{Re3PNWXqb!6Y$Fxt~BiiY63)hRc0g>`4GK1sYT%eN^NF_Iyqj8doVAD6S_
zmYVu&5_ZK7Fr5immPN+N_Y@3H`t2Nx642uMDo;9qB+U(+J~!MygtQ_ft!21`9KV9|
z+nl39c<3B9+(wvI=-)#q`DO-Kn;kM3T9OnZUz20Br(D%(JI^y2hR^&!z3~O?eLK8w
zK;l2TR&j~^(gXml`Q<T!LOpeb-o>99k`nzMsmt;qR&pdk`h#Z;(+SHbJ|+Y>M8z+I
z@-cl7_b}O+v($;tQ1d64dRa`L;c<pMU@d_J`*ZBOu@k!qHhpn7WS<zJmL$6qKmP(S
zAlz{UQcR~1w~WV^OKp+dsyu6p1pOpUnZeD!mGv*+&1xSgF(Hd(jz4O_KiH;pwe^?y
z@%9t0G=Lyt5X3C4)K7AWO#ZpJB7$b^<djV2`v@JPx&9%uxWCEb=7}dUi?R-Og=Ylb
z4ShVG2-lN%zbIavWK=x6Si6|g7HTSl4wAZPiEbou7vFEJzZL>e<HBAg9~lz;L)1n8
z9|K3!%+}1+%vAXwmTCXakp?;o>cICL3cGn=zBrT+5B9(sH1ojOCLI%Sd9DUi!aA=(
zFBI8EH?yAY*A2u^b3&uGuC<zdXuju3uWvIANDZ`Yk0FW;_l17Bxh~s}uiHB>kB3*B
zjQU{h5ih99fV8b%OZ$!18?t)cA`DyJT%od@Ws!r{1MY;TZ+ojk?Kx1v<s>lxk;>L-
z#p=(NTKlDqk#wADmnoc+ky?x^KXm=1L&ulao`<EUs>#-kFi1z4C0S!qe!Mk~<p&7X
zb3)-vOO94>MY#a1HV}Nn_G}9@{Y?2=0W-H*!_Uj4BeAf&pgYuIHQ8P8CqD$LmmEx}
z>(yJH>1PNKZm7v}Rqm2~S}gS>mFt`NSv!pUmsfxn#?>B)2*t5At1dM<%nT^)zz<{L
z_gCczY+!RzE{1M@7%Ibu@^Uo(94g-DWF+<|;l(91$&JdN(kRvF`9f^yF1z%oCS*!}
z;-=^pZDTEBvsWYEM1DvODB7|6Y~Q>n;-wk|&3MTdrf&kg2rhSo9dOItirI!H2Vz@c
z=gkj3fsJhMyOM*11v~wjM@Pr=VN>uaZM!Z$bg2d7ngt0_!V?Z%#e0)gH1>B4Qmhho
zs2UZt08+IT59^%eRJ7$9`Z%_zw?_Q-f^NS+J1<09S8fAgnrHQ>)}O&lmh7K5CT&5)
ztc^bjFSU6k>Q4(~8qDO{&UBP0$x`s3B=}RYY#FU06sb6X()<t|OpfU?=;g-HIkWDU
z?VC*x({F0iU3?0mxJ3?9-d@=Oz)$N<W3{(Axg>H7@mae_nWjHr0uW6#D6BHw|ERb#
zH-|0M74VZs?0v4u_<f1KM|o`)^gUL!T8*ug(D0reI8wIVS2tHlP^h@q6R}stFffBm
zrEK`;Q_|9!MpVDD|E<QM#oda1#KHbm`uro)9Rkb2{z4w)!$!b+cSujg)xo%dDcNAG
zxJl3gm&ll2v0LUe)O_ub2lagPt_{4zq5bCtiIhJB$lFA;LMA_7zYiwt7s=8h*~GMS
z>n~YQKHek<Ji?Ubx~Y)LXfq<8kddcfdGAMT$4pErY$koxwl!1iyf05I?ifT!T&C{Z
zj+Dc%(&Q;H(Y!M04vX`NVa#EhrhX-Miy7kTY?#b5%<5-=bWzz1HMKAGu<Dj~*BR#b
zO#%ksVr6#zNwjTIfV?;s5b*g-jEN;`$BbE``N~&AKT_!Yl`+@kR4Yx3myV9zES$mt
z=yFJ&l57QG-o5e;^VfLaWhQmF|Io!Ce=ukm|6{!WP22v@h)+@1`LC+@&*wB*Sct(-
zG~r(`*s&%Sg})I;LaJJRO`ZLurX4nh0!_hsHVIk(z4$%9uBA#it#+yBX4YWVU}4Em
zzLYt{aF5t!`e)N)+jl?Sr0;*c9$~)nUXxgUDGH*%n1W>%ZM(<UYjX7w(b3%52hAXR
z8?KkW#}_c?j<yg*V?v=|)F@)3mKNC^B8qIdxT?@{dD&Yv(_(V8h+U?@i|x4nB)7=g
z08H_As_g^XSjsqX#^I8fp)LUH*fk`UB1QQ=@?wA-z=dy}WoM^i*1R9dd`3dwvw5Hm
zYwO8*s~`oSQ!RT0YCLogJreWLYxw@P`iV3{l$G!{$?0cI1FZLK)ox;>fG!20L>x9c
z_I*F?EoPqFqBep91Pyd(TfCAp{|F-Ka!?ge*->uDZPT#b-Fa6*Z;L^z)8@Gjj%WgL
zWSVvJw`5QiUAPap6cjZE=ZAvo3Z?2>P)QAXwb}e315_(5N1Wdd`-%*S7s5@YVIx_o
z<B!9;WL4A-rs<J#Qb83bggjPVs?!a=i&fAiW7Z#v3$ol1CiJ=~<9#kPl=brPa|G#;
z2-zy~puT*juBv^4OO>wiaBT4di^~;J`926xRsUG-WbsLtE~6!_OGfpk+!eNNCbg&L
z#(J^B)vF+4oiZp=3GyHv8R8{<&)CgXCaboos!qoY-U`%{WKEL{%$!FDh)4`KKlxVF
zPj8jn3eg<^J5!4G!ymt_9y(;IeqB7fV;)A{-u18L`%QW?n4vP}82hQzhN6u(w|v1y
z)F;imMBR%-U*ZuU3)_~&RUD@W-SE31(EM~g<wCoPm#*}kj$w^XB+8N20SXj8h^P;3
z?R`61uY56<?W;eLT?jU&X2}V>?TIU3X*ToQTFqUE5)u@pAzH*ps8(@C{4<D7smFc;
zKp+9s+-=^Sw4bsnfWg`4HQ-aol%`<G7A3_VsK|Od#lB?8Z=b^w6M~J<LgDViuN6n_
zi`dEfgnbE8V%(uoa2@c_?c@lkB*_2L0C<*dyTg10vBWm%(JXhc%CqQt>m9l+=2=(^
z)=JdYej=&SQBP$Nz#PV0N?<N$ZJpX`F7Y8KljVdtC{`~M4HSVAR3n1-H#~iBr(qY<
z%238G4S)qCSr*Pv`Q4u-+9MOHcFcPy*9JSs#Ot$OF1SQ)=f-ynNhZM<jxFj?ITT;A
z@o&sY&Jgtf6hmN0V1SjeKA_G8bEfQOj=+Xzq8y8z!%0cMnrrp`8p|`92G>D|4~!qR
zUZeP8p5ABswM@!4pZf_n*?@+Kn7UipY*Ux{4{8R_@SOI+xm(N$6CqF#zOg8LQZ$Kh
zl2kdHtVmT&J6T#AU0SB>zWZz452mw9v%)2_TXxJU=XI)cwrgI79<dc>7ShEJbZnW5
zHivPEe8E8G*j|riCtI@g9hd<lYW^B9x+xMn4Y|Fu2n+5Yw|I&?r}`7E;RQqE0R?M~
zN0bf&7qiP_5bp(u(p+-ix~e9XBGOzs*crzwSY&s}Kdj+EusfIMV9JGnJ_zK_N<E62
zWtAJs6vmPg4Wo=Wg;dhZ$J8z+m{i8<$u~zW03_<Aen?qpS;||a6>T(!+Ctv5A8KIT
z+&tP8Xz~MM86{^$VGizflenKh?@aJ<&I<0NX_on=Pa{5Otd_RvJI{-=L_uGX*Fb68
zq3;!*82t4D1u7$X4SjSP1|OXU>wmmJ|7}t$YUX0%Z1oS9kbhmG$yy2<Uyw)MvnB@H
z<3Uv+T}Pu}KxrL<a&0yAV(9`tMJGNS3$fI7r$eq@&Qpmq8`>5z8f8MS)38dO^LF{<
zqM$HOi*KyopJpa`KA^Z)C_}U?coG0@|J;mpX@vndXx6T5kUponQg2yLze-16E?~l@
zl(sV0k%k6njI%GvM5Z4Zd9BZU*f_+1yu-I0aAzOqBR+N=U9(vbDL{r%o;W)b&%?<8
z*kYlvc>Z(7&B+h4<nTx@CPQKa7{&`Fr3XNQhPuoWL&9+8fyUtmK=mBf;;1QGm|R*K
z3mqD9rb<KE0n%vJ$(>NSUKtHf$ZRXxm+{tnlMSB4G6sw)!yu!^0kaW0US7;LuOXF$
zzT}@nYy*<5DtWe=;xyUk(D2UKWtb6XjO<~9j;<>at}f^NZ}d2SIG&gQm|~&d>o&?Z
z-)52H8F)&K@NsJ6Uv|y%@ZIT;Q^aC~zIzNOpRKAH-6*?&ua{hpPhGgTEpL5ikq<UX
zzr?ei7#wBXi`yxQcy)Mn4MyS{cx|^(4c0H`)u4DxTKZtY$u~<Z<c2X2(?pZ>2da3;
z_0W<rEEW2zrN(i0-uvBWi9s@ZJ)Y6Vjn;*$LrL)sqw(aFZ9x~Bf{o$UC%v*48u+e2
zc~iUw6VuJB*l-z*NiaQ4L4V3o_rfeQJhIWb_LOnN(>e^=6-Dlr*+$V;!_H>(4O=Dy
z#IqO%-76^XQ|Ga*Uw@XIPh@A#<KBwOu(p^+c1cZl;ZOIX(Plv~O4Em#1P%K(NmRaj
z=gu=W_a-BkhJYhzUP8;b^*TdNJbtBz8b1|`oF@B;rbcE%bNF4TYv`*kydcvnHkxUv
zJ+p7{WCU9sb4Q!31ZyL{lAsX?nwYZOFot1_M<{Rp1yTBa6N~BmW$44}!{EbdL^;2l
z9ko&39guJj6qAlpVk@%LnveSa*Qj7=OlOb(hzj_RsNnb?MTMN1tC6XZtC6^avz^hu
z5b7LN85J}k<UbU3h(-`&x5}c5ic+wRR6<pdzYP1R^VJ$=&rMk=qPo@=%^^CT(wfI5
zQeff;UX@b$laPfQCC`k?e0t7CIJfv;J_t>Op9l_=;88@`2VDmf3`g<q(Cm4-l~@hb
zV?!~R$lNbL_<Sbe$F~wDlE$(k(j#21Ah``z8?^}*UV=8cl`8lVvYNAHIfLeP`B@eu
z(cUV)-Iv@eXL!!Nhp!qvo)#X!=y|Vc=iQB%_1H<40u$v@$>!=#$BvLj9sr!#j4+<F
zMswySs#J6tQ}Bm2iKljtXW$je9Djv*r*j&2=X1zRex9`13`(sfa>>#rRj3kKK=Pm|
zDhQMXKu8Nc!H{4Y)K{biQpmWA;I(c=UK@BIMJHM~orJ%%Za(&EDz@nWkYwJqr|>Jq
z<RD>0Fmk4kB+gVWRd~yhHZH?9`QHUa_bE567R-jj6}4KTiOE@W?Mh+NA8<#QSVyft
z#Z?h7(;Z2twIyZ>qdBkJocHh0Vb33Z)wx3QY|?mG)E_~e>V3eWN7Mlv*K=No?GzJM
zUWuWM>u<CT_RtT=>CugW=xFU1R>i+8B8$oPV0*hUbFWI{NK>3;6A;!!HM2^wB;K?*
z80JYv7)C6IfS))<seiNi(w8R1QoTDJerI7x7?zDCl5@4MKl8+`B_U~T6Ux|}-BpI(
zEh|q;GibX~jU{YdMMEdTkSyh$K4wjo<ja+G51RzeU1QK^N}nuco<3$yl_boSGzptT
z!fp5Q5dZN^7W(CjNPf4ehd+rPQ)%%7#zLbce0rKT)+p63Xc0C(30W-z5eIJ<u5q<M
zw`;Y30StObAee+>af@?lsc=me8fkHHE)UdG*g5|2H;jqrq7~ooqgBTFXqEZ?N8k9r
z?8PO`j6O^)$y8j8T;2ZVk65BA=dz%V&d=CLuY)4xDBMd-%?3%s`!(}AMnqB)@Y$^&
zAV2kGJ%i?U0M?XRl4StNa6sX-HOv0VQmRxoko|j+U?J_e-wa8yJO?DbYsup!|H<Z^
zz;?jzbHuMM<>jZwT<5>di|jX!O?I3oOAStHr3`GQe9U_XQgK7k?F7rS%<PxEnABsc
z%Q4J*<7X2@BZYDp)ubm%yg+v;TLl<Uy4n)ZIDIio=Cp#Tl>jVt_oy<V5dw_NSb}>N
zGP{*Wu7R%!b(?JjTBSB#h<C$3{Ol!?yRft{-guzv;|fk(gvV^yrDjMc>~3&9u&04K
zl_$EifG8d4N~K-Tn0<9<Fru5sbFQy=BG%(K*_N3`v#a_Y@pW*7pML;{Vd3C@<FJqM
zTaVrFgML1s#@r&EaYZ}8>HGj-M~eTUjphwv#*lEs8}I=5<wT1P5Vq2#Sw3KIe4E@+
zO0WRF@ipvrb{lmx2^B3Bt4qh(^-!$O85-)gJ9k5zCB?L`C0eB)3R<0@)J5r2iVl$l
zHzfJ-28Msw3{S%bFE%KACO;lU25m<k+?1%hq`*upSIUs4<Rt%GmT55VvFl)`b%gYt
zOt`Ktg`MLMD>ki^A1J#23QANqIN^vfLtfwNb=dy7ie90Z$o!L7{iUz41#_Xe%$9T8
zHZq}(S@&u+U8U>7CbQX6?K{TmYb9xU=f)i+lmH6j4HM0aQL%Ag->Wbxv|rzyCsACQ
zW|eA|n|YABGozmFxU9S`?|ll!3FIj*>Lc`975W*O;<nZ^ZV45^1=OO(sXxpc_8W8O
z?=MTn_6fHzjsnwyF$~<5W?DuNA2d!;|CRS!##tQ)i@n0#Qm^&6drVj}D#`HZ{@>R;
z&<K=&250Z&q6spg>`~P*wlq^UgV`vNqZ$cs$a$2R$g5(}7RY5so@FD0xV3&mh~&)M
z+a;t%@3FLZuWhP;%PD8C_Hw4&aHb`nCG71mu?VnuF(=3%8}4C<2Z+(6c|M35eSd$P
zu>rOroKtmU#L5&3!PN)(zlMnX&Un=;Abp)MCww~{0-zwkP^{Aiuet9K#w!)Dy6+m0
zy|6g}O|&FTIc9Ty<Nj>D1($YvAt`Z!a&hV_Mi&aHqZafL9?R7od1NfG-CdL^pW(D&
zxB7`HrA-#unsY}r=83UlN_WsXiQbxeGa!3O`q$J&tfUw(_CdN8`dH?``M(M4e`m0N
z7IitPb{c3B=p*k*kjo)o!;xnTh1Fz(8pWhrg49LJsgTs!zWV8MK+xH{FKor^OEeht
za{3v~R0vOS^Iv2=Wc!!rZfEEvhT7Wh4VhCmc?3NEx!UY#`f%DlclcD>CqoQs4-&<Z
zvoyEdS<JPmtk63D(f@;Dg&%b6G{DlW1GurRjUQwt!ziA&6v{MOtzY_8SX-sjYF<v>
zH7b`Pel!pI;n-&E&9LRRL0##xxe%FI#$3!c;}X3TIid$TXqq<~VwH81r;UU2*TET?
zo6dJkN^2J*&d%97v8XbwoFI1@W9GA4Iy8aj0eYXymfj=!j7t<dg69YuV~J?Ew^BGK
z2sbQ`I72~gDMd?ly*7@I?j{>%o1ek~O$AL-XbFtk)k$O{_pdO-Er8EWzl_2@OyBUH
z(eKM{h^JYz?TZt60dkCkM4349pm^tmJ>kLe(Y@RL!O3l7s&>(_nt>;&igAK33^9Dr
z6+CQ@5o*hLX;^-^plRD$fgJc+CcvV)dK>+>eJ;@=$e)N;R+rH9UhruJk<osG@uSm+
z@bvAGC{ToD%#jK}?MDn)HR6)2J#SBxH);H;ys;&P5=Z<zn)ZZY;BW=d`d(^-ZLGhZ
zUMUSD%Gtaco1|>s!QkOb#qsA?g*{9G6-V9}xJ{$ea(+E3gi3Rk!Jq6PThX6JtGOLy
z+j1uG3(c?Hst@`sri}@u@RwpK4&_Y1#HiuU5-*If;i8vd!a9S2=L{VaKnKLqN`8Gg
zycIj;S;6W)Xy}BtMD3FA0pcvZ#chhtGIr9QDdU<0ApI(d{{BWE+HdV$n}HDoc>R7V
z3hQ=T*rxu$tW`p(p|VA_Lf*ayoRD_^+;Ey#*a^T^GNzx7x)d2%?l>QxlEi<ezDO5S
zSjd~JgwC*A7<+FvNqc1&a{Mmz$fNutYwPPe2Amn!O1qJhgteVN%6<Fxqt^Twb4!Vf
z)=e!qYAHc;>3g@evR}(HW{GW%&xENiZ%pHw<eC!u!gK#M2gSo@Mo>z4FxkE(x3W4~
zsyYc)MOU{h5_=pLwmg5OX0Fmc)BwAs5hdNkLvy}?nQ*MlRd|k2N&y<R0FNkQYs$Ss
zNbF9>s6C5+@iEc5i1l187f&9C=vK?+88+(jX;~37G-&3mO(gsJ9xM?#4~30W<N$a%
z;e<vodqp=zH>(?cIdZpQ==Fdp?SD<L9gsNea=#(;37Jdi#4>SumLq$FZ_4y_1@;;_
zzKHQUJRf`;qZi>mwSIhYw~MQRr9CDIMSuZX0Q&SzhL|v;G7j*h3Gn3;$o{JPX(s7w
z9|$}b@|ra)*Z^)<1X2UH9|6qw%<+2flYh!CDdOG)YEMuZn6LC7nDslsqF+d+{$CS4
zV?<viGNWX?n|%FMP#1dazPu*ZQVg!!FL;6KuHC+N3nk6lVvVS~CukM4`?TKlWm)$M
zIGYpR;`+*Xh^O4)Yr##6=JRq>8T*7au@6x{8Rk}c5*M>+sbz+M)Pl|$Yq29;YmE3|
zuZ8kE7FK-sFti6xJ#;+>wpHC;1PGMeu|xvhLCqt5JeG+9BjDG*pDrKzAnIn1gJHIb
zb!PMn!Sz2kbUii=U9Nr=66s?|if>;v5>@?EXuLXflrqQx66K#=+&wa2!W&WUIWCdw
z>2*qM&LjQRuabvUVO~j?<y;k>u*%lJe?@sCi<9o!5-$|NFcB)(#!^b1u7zE}*e)S@
zT}JmYv0HI>ykpPwVA6^js#8LOr%4_-DPBULzJjCHKtAs-nmtLq+HsKBkr>(=mAL#{
zQ-KyG5f1;+R5X7SU2OlGn_0-%!R=oyMT)YH1L}vF5@-WlSf@jEc72&wap7hv3<u5R
z6m1Cx@Z+FS*6@e^Xrross@x()=I_&B!SUZyjeQ8igSO@;+1w|-J5SS-ZC80cpFG3m
zQK*aQO{GUkDC^y<^Va5D-Wq%b_|)Xd;(dz!@cA(%+t!1@Z>cn?QXS#Q14ZyhZ$_OC
zN$OkfgA$y{YbrPs3Noj*EQhz?`V)Lv0LPFMxoelYaH`&d5zk8HZ#M~{h=DmfpRjUi
zyQaxbJI7W0RYkFNO6MlPe=YL}`xvrRk}oP!E^R1E6tCO-TK;0-bt!{}sAaM@zT=sM
z?sJMtdY3#8$>FoEF>}1F7|NI$D9z|->tPtS{(H=bBJ(t(H+cJ9?nIJE;keIP_^BZh
zwQ1S9E{Z&6UlY=O<>-xt_4sICC<OhfP6#&nCE=o*yP+&1+Sp^S+^QHNz<e+F>uXbH
zk9J9QzPg&|Da_rh(g+VIN{j%9xV_IJIjEOIV~CGjV3^HLpZ*=udnCH79g7zWIVTvY
ze)_Cr_Ans0;|m71zAKoUZb{p>$zk@NpBmh9%7b<o9#CbmU%s^75iECM=rRb{4l<RP
z34@bP${43oyGvPHW|jV?wa!!Wx0^(;&D|9I9sZ$M@B5^_iaqL(&?Wr<{R`*XZ@3C_
zr_7<#uC~)|pTa)j^1=Bt;$}g@UY}mA`li*(-*E71S)%s;!ohn#3|rX$H{aGji}`=$
ze6=-YTnTjk7)a7$lwp=EX3(l(5tPr*L0aTV3P3BQlqgetylMQpu^}4?D=AT4BI7PO
zl6wlGm~P4;HPTZg-w~;D1zDQ}X+eytY=!iK-^;ek%vNW>%gadKC%(ZzLb+?n>v2nQ
z1d*54&N7-#YtxjHDZAWOZ0%uoktRwY-`;2>B;f$LM1`SECyQC;4-dGh#<%!gE3r?F
zA^Fi9x`v9)-HB7h3*$oiOUb$d18$+}T^;m8hw4IY^v|Vt=HeMA)*lV0K-5NsUT$l+
z)c#_WBNIh0<2dXdYOukC<G`}Mbw5=y7kN&j+|(#fXAVo}?9^<glAZmUwS8JTmYN;?
zND5SNh&ak)W3;|*fu@ux*62&oppP@5G<T{An6B9O5HM`QT^tb|H{@hd_9UZI0Hrk=
zKc?1W!AczQX1t@yFjGGOX?i56z)N8XA-jMSuVN;aP-&1XdbB-s1Mp2v{<CvuW9EWE
zdM171Mk^zx3Wt_GrmZmE=M{)$84_B7kdVAC76Ej5Qy9wHJ3Nf(Fa{@ggKU07*gQBb
zwer!(Jn3JO!zR%zkd2EpNA_?j`+OHzN)b-jgu&V?ltD@td{B#OB^|rtQa-3EsHJ9;
zhN;&-)PTkGOWKDpt*r3p{l@acDwC|9h!VOvc5St&xoT5t%wGsmAx~SoLc~Bq1<t#N
zJB@O+$H_~kBuCZzFjhS_HeMqAlr1J=&&?;~h*i4XjR}M@zhx&qA`8k`mL_z}{SCGj
zpVEOpXRx2Ae?S(9CMC}|LjOvWIxom{jax}`G>%4P72%(7Brd@AZHV7EJa$H*O&%>%
z^AlrdZ}14!_mL?w-uBzsBb5-c4hxNxDX=qWYNLU=ftJJM4kOLLo66m$$|*_IXrZ}5
z`9phu+#kd9jQ7W3+3gv-!T|$fUmvDu@6lbYbM~|mqaZonz5fJ?N1+~U#LY>PiexJD
zh^LKvD_=-h?uu+lugxtp=OxrAA7rrPChj-gD|s%y9{|98a#-`I>+5+JE<sO;p%VL}
z+GAMyluh9Y71^+f`Ny(N@-6<*__L&vJ`=!x`n1x_X}uL4E!4(!f<4d(TmN~^M}o0M
zquXpcO<$cyr@#$Oe>QiUUK>VI9Et0#Zr&c8KpX60&ZPd7SJGz0(huR?X2d$?&rlPR
zFlPICb7Iu<Z*YV8G$RNjESZ8jE}PgMp_eL_FHxjFYnbdAa05c?^bRPC>G7oIR&|W;
zDu)9Eu@SkD^~Bh*gsVXjIoGd<i_o$>))@c})5Zu_QVM)GS<o1jFGZ652rECYtNO&C
z!GvisSdwuE3)z9^8c}wxc04cQz?gBB5*NSQ-X>|$iv`GK=%zZQ3f-eGh$MRz?zz0_
z2N9u4T#Wh`=!tkCvQ2F}ljYEC_h7Vm{_n!K1pVhvfsnb8M3gi^bbS|GV4P4Cq2FS&
zvu<|AW@UC_Nc4T^T=lABnLI-z>59XT`TBD-Pf6$SB-*j~`v=fwEh!}AuS52HTo*{D
zuMsdYO$tuhBww!c1V5w5_6*Fgk1`9qJ+%yk5Xg|}<*w`%y=%ED#y&Gk(BCFc=OqmD
zDQgl9&*T6LMH%EfFe0vJrDy?%Ic#>x3(bLgzA^-&Ay{*pH(0gO>91&h3#f@TOgU%f
zkXM06huh+PDTp79O0XtWy`b0A-_Y=R_IextkLxq><M94(uF?PQZYvkb`?;S98EWUY
zNfZjP?Q0E*{TG=&xYQQr&+>TOaQn9Ccwa?`QRkSZvM8rs?tH;k2aqG<S9R3<$>4O!
z&q<J$RW+t-FHBZGS5fQOi#qIYaV(~pehE>d_SmCpIXUQXUB{M%JAb$5qzE~p{-w1=
zEZPP}k-i6G6nHc9x5^_(o-oGi<8`7w&i}0P`0wxY{}U!Z+<L$Lg)O=Hn!JeTM^r_`
zDe|4FrJb#;So1p(GdC|YzZxeiBYj>@U_ycr5p4sVk{~5Bqu!1nH7$EbNKRlzf)KJ+
z4uK>bDTIcjzm<}6rH;9LB@hAv4FUlIl8L3B`RniMzfmAdS$#%?K2X`)&;J+S>Az4Q
z|2?nxKN%i58fzc(Uf{bPk!)&&G$gI{&{jNAk(ds9d;VY~q;3$^Vu=U~MUj>x3(Bea
zqu<U&PtHLw<FD*UO7Hb`teJ|QhmL^ovYNNcDP+lTjx&f1UXPxu$G4t~?Kqux-501{
z(%*d%IE&KdNk$_41KkThxYeY}E7BVS4x2HVv48OXO18JRDF4;^na40pBuE8>z!I#X
zK-*wRRv2BTrYBWeq%B;qWXVzs)TYQ{VjU-@Pvj_sL|a)bH)pbieQQf3PEP(NOx_za
zoxqHB2mC2DrCL;3!Q!g=dC`Izip&#uj6m5`nyc6e5Xpf(!(NDhUUU|bW5L`7+pmf(
zZZZc6qh?~BB!XdOHc0jxW6N9<4P@`npi{C-|KacwDQN&Sf8N-0HpWhs(Ihq@S7)Z9
zaW>}5P>iKOlK^ZTHdq4>qUtMf%$W+vTavZF@i-9qF%X(R^E5!)kb9an_mAYOVw*r`
zF%8Y`BW`6SFf{}0Se9?BGiY6dD$2#CV>{%lN1)-5#!h?1rQMgPjU7kWnkL9b#2ZV+
z;WT&cauR~xib`|kD<VEo-qy>qcV{?@(s+To7N}Kl%b042YP4d}#}rB0f@lg=hB*}d
z7{7hz8ZhQ(9dgbzU@D0vYc98pGoo}al<8-{?&2=A;IM-Z%jN#kqtf2)syIx*C%t|M
zCUTHm#abmUj09zdQ>lROX2j@i7BVY=FC;lEnqI|;E*9B3I`qaxw3i<(0*h4u3&s1W
zz`h`EmF!dP2hJ5O1SesNM}JdZmQORZBr7NuKJj_NGx|j(tq>7zB&stey$;^Fl>u)+
z3Omka%=@-mBP*Us+4c31HVZ-A%u;t&J}B6lr0QmJ#B{Jg<uL-4t~l7pF5`h}hv~dw
zSqd>P{sXwY?Vp(b;iaI&1h1!%z&A0g?<9x7#S1%2A&*8W?v<2lqB%A<B9>q#E25G#
zKG&nDSsiqMB8MIoax*VZ;pM$jO2!g8O-IGe45IvP^oMMqKcfH`j(f(eUwPOSQih$n
zSvA#x97<X}qFkB5ZuzZ>449LW*G&Q$cmY-!zC|W(Aug$4^|p2xZVou4_Yyt}&jhL>
z=6u)r!0mL)+Mj6ZlfN5*KLO<NE$~Y&4Ep#7cJUUbexnaMIV{1ZtkTW4<Qxo5?vku8
zl<kyShhtr`LuaVufw;Axp1`Hm?(sMCB^d`AXsVBB3wcyj_oOBkpRMVcU1xqAzpM3f
zIL*#O;nBDh-s~$`=xWCt)zU$WKk4IF=08cb`cGzpr*2+}mnL<!2T+KYc~dFIT3V2g
zkb1PWMZ@F_g<}{yv2h|YC$JWqIJsc*l^AjloK>UDJ)FKq(dIq4e-<^{N|K(#$W~;<
zCQ#412AeqBtOXlTDHp>h6thaNIe;kioPQPH$t`e0oK7M;Xrg};kl}@q44!jIxS~mq
z(+eC7*z7sC1a?L~Y0P?Ro$^b3C+G*)KK0<n(+uSPXde}Loe97gcg4I}x<k_FT|;wU
zv!))=iU|?E{4#c#0+{ItJz;cPQ(qCC;do062$r$eT%vCXDBmK4LwPYH1l8%I)dT7d
zVpwE1OJtK9Ww!@)j?&vLn9qnxVjfLd6g2&DuQUyX5GLhhao)J;s{0bO;<KnDbj-hW
zBE;KwM?FH4ZOz};EOrblpR}epF&H3REfC0!cp*RVss+V7INa%Oi6-qdxuVj)4hcpq
z-JhHkbVW4zEBO2g_Cb{<^jl3Hzyu+j+GP#KBAk{=JR<&_G9ncD{04YCcLwgF)-(f+
z+XGE>&R?h8xU+W|X$-^$tx?Muw%>wH&@QcvTv08YC0XxVw20{KFh?!F@0cK`xRF^n
zuSI#hcf)$@xJ4tj=nW0lrG+jCCRwINriL9twt!m#Q)cB70EH2yQ|9-xpIYL6+z_o>
zF#w37KaTjph8IBjH>f-wL>)Tf6oJfeKt^Gu-UXdf&n_Id%PH!FP$pX5rm}0I8IE*K
ztYt?z7I)1I^@Pf93Ubzvng8q?q#$PQfW_jI<@*v146rxjkGl~AJCIp_iR_^d{`TZx
zn^3RPzsGC&9b(1cHBV8yZk?R?ymzJW0y{>4{kM4WvyLyNbyO_{PRjQ>kJrD+4j9}-
zHvW8c^HLuR4F5A9|KG_-#q8g+K{Y!KTrqTi5F|$ky<uh$Nvjytt+FO<t7@7swW3&>
zs2n0=&*v;|qx0h<TaM5_=x-4IcZ)8z+^a5p{<k6lk^vzjMcZq7BHNZlgozzKC)0kp
zUY9u;WdU!uv|q)-sh*LQk=5toz(8|8uL3K!`V7`<Z$AC5*wCrfjYkZuA*f^BL9hc}
zjOCZwt*t+}UIUFj#&+l-(9Do(ecTuWK%?|l8tn$d%yp$u9qkHb<W_O@7T0|4LiM(-
z%v7|Hd`!_P*Xl|ewQ=@+!|da<3b%|0at!8d3)q#)e$#O5GEtXWlawg^MJNmtebtP#
zkf1c|WBo~^H+23;Cs|2qeKSdlXa*a87s{^A4su=nU51sUC*p2U6g)#kdo(p@PyLw;
zj}aZnKo;%p^y^R`(t(MJeec-PKuOj_ystVEG7*4A|677wXM=ieBlZYBOq4fy7(_2!
zC<|<gkQd|OAM=H@B4iYSm)dusIW9<;skBS3yo9Km_HjP0jBIP@MNas-S%ZA4NwTJz
zJ=I%>w1-nmtEuWFQX1(7Qv3s<KM_u<G2BxoJd#L<#tqzmH@8cr0JrWiB3W0?wc1SF
zuV$fh-MH2Yy7ALFZS+|IQsiL`GNm^~nq4mAH)?F~I92FKWN*nmH_H3y7Eysv256#W
zzcn*vcL^v?mZxt{yNo361hW1l&~$|~_xV&<ByyHgxWjWn10AXO>ofghZ`^E`Wa>}s
zig$sw^L~lsDYW8;sRU!00!xI3RP~!_<^k=nyLU+*5~r+ez?%My^-LE&4ckfH89jf*
zVU9FNCW6&RiEA-J)e5dR|83-L!Os`C`6+28*pMsDrQ_)WvktljV~dL=)BqpqC1kTF
zvqy}yIH9s3lI4)bZ3NweE`vdsXKF&*IFeyofN4`aT)ea7%<L@bv7U2Y=8MaD?zceL
zwfouGcl=wr1$glT%O60xUy$RM%+Q3y&q-Ks0&f#1aOq!wST|r=m4tC}zLKN^5==q5
zI5Ez(g1=bB2{}*!p3@bjLvJxdI-`(L8dTcg)D`!n#&`9I0hyRnp47vy^&k6T8k-d&
zUY#^3Zrmv<YGnn^rpdPZOmi`<7!7Z!o!M5V$=0V$3lPx0%X*AGV&8(11`nnwI%OQf
z4SOt%cpgC}`K?~&w@Ds-pA%)=&c_<zaOdOcT17a0lRQFNNS7PYPgC=W=3Hn<R*j*H
zc;Ky_*n`vn_DGDk?G*Owarf~8c8s#4J+S=;JSp(IxF3PEg0F9~?h2!%?Bci(_NX0Z
zB=tdBn<NDeK9GzmlROm<+&x55l5FMXH{?Aeg$7A-Id7D;H0=*C6gP<6{cL?_7T&y!
zuYa?0pm-cumHVh^Z9Zz+{|w$J|8+qRnYxj!+rI=&DId#G@zjw2OzWqcv4%Jzl7aFA
zKOq<m>B^Fkp#Z?0Bj|_&fm8JWrur@scMIm5+ueYAwuqx|G)f3n#wlc~bPi@I74tBJ
zzN5iN0>AgS(taCj4PUYjm}`OJRWB~j7B=2~t@u6PKOKL!$piBQGD7YJY6L2T5_*B-
zmbP%y<1L^j?FBYi@ms?kUT~s<+`jbc>@a1=eY(YfRI3iALFSmeKJ;Y65iqe9=dzDI
zZ(x#Yx~aI%&y^mrpdXM0WUzV{nrlXtxCygTQYiEE*`I#HuUwIpZDqOl#t2;{su!r$
zS#LMDl1O|GaT3qxn&2@eM;z(V6ocFFflGWeqZw~d>dlka6qn5(bZ?4oC%BX^rlU8K
z`Yw%;wK~n2z;+<C8AcCZscI|M@+HAlD(SmQ5PAcL^4l2@EOqJeSiQW(h%FqZUQQ?`
zQrnjDVS*KHG;VGm{cGjwz{4*Z9As3*V@*LOA=7go9Oo!hvPL;y4qiz4<&!^MjZ_Rz
zwUy%!Ho#*^BMc;G@Ta6scA}XGo4fePoK-QgS%tC|pjy#%3GAgAoMD`_UaJO?WIW3A
z<PW95`DaiH`s(us33OFKjQCuh2ZzBkSO(nI=fn7`6*2xoNx)uRpt3M$03)H%K?})=
zBCdifTAt^Dnx36pQ9qzR)ZGJF?^Jzu0Oo$Mk=BS6WA$<wik6k8ly<qSkPreK_h3DG
z+lZnt(`~Z8R5CF`k=?|@ulljlsX(;DW0oF+>L)v@cL0w-DP>r5L;AGFWVCgI5xv#*
zw$gJobud@!{q})a*_X%!9@*!n#v=(Rc#>4ioU;Y<w0yK@>`aKR_VX+JEg5UDIgu&p
zFz#JI3ei{wgNmgIr_$Hrq6bkbk_JYLc379EuTJvG!=u@L7Ha|HwYW#~a_|$nKSB)$
zWhsli%lf!ej%V%66<MxURMgWl8qp_V**4u;7kw{EtxBqkIb@2<CT~=Y2vCL6)72a^
zb!e#-U9vh7(n$qR>M!ii7YkD}idDGMwk%=`5Z6n{KQ_x%maec_%r|-1*O<kMSXj7W
zxwPrDpcaZm4UvFK+MvHsu23L7c)hq;qRB0FFGh5hS`*Aw$CKuS9yvhZexu5Fr$qH`
zBrPpb=3%ck=%>zKsQFe^jloB$=w_jU6WGeEZMo=q>i(iMi9{?l^ol%|LV($k%4<`w
zh$VH-2a891#^p-}rdCjeOx*B^938a?flBjB0(}ZY{yu5r^{&)2J*B~}+AU9*Z+4j`
zRy|amQG9b{Ob9IK6Si3x+L77qbWw}8xYZ$*9G)SJQ5cOMI+^NOS$^Ars!+ks3iUKD
z`iWfihz|O>o$5ZmH{MRl&F9th49}%TaA9d(h`8i-cztRod|%~#>EC0wR3Lm1<J@?z
zj|icN*5L6SY?3NjiFP7QadSqoGBrkmDiQgR2b{na-;+1_om}FQn6WP$hG!hX>f>Ap
z(&<e{x?0J%&*vtM^11wBT(3^iT(0^B_ZhCg(ICas=iR8D(vVGW;4gP7=?i0@m|2ep
zZEFi}oIyk0Xa1qL-y+SmVUE_E#QHP5LzyGd(Brum`(2{O_mz;Z`_MkMVAv~BwD#N3
zwyT|LxpTRr;FT#iChmk`6L`%Z-c?V^q+0aUCMlhnxhoD#3;pK)Hj&|9@6<Eif5Xca
zL}-n55~+J~UONq=mm}kn^WDwO-lIe>{`@tk>P{u&*v2Cpq21S@?vx7m@P#fuC>v+|
zlKU)DqZwyArsX=<eW*$k@ha@&m(vif9^%zV%e8#RK1Ma@aY5UY*NSP?lXEnoZpO6y
zhUB&9X_yhE{nK}ko*M+nXJL(5*_FC6easI}S{SLeEcC9U+EDiw%Ql6}*16gkcRObd
z@h*{OUNVmk*|vph2>;TFcLcd|10~Q7a{tw$SwKEo0P4wiCZSFt?jf?FNxR&T4^d2h
z^q-i-Y0@T@Jr(eG<M7%BS!cY?q(f?Mu)yQqvg>HioN5wMfoXD<{Sz`0Qm;t?mO`eB
zQ4*eG)*3s7^sK>O4*Q<0Rh?5An0cd{aRijw>}|j2548sm9=;rv?BaL_ZdTnXU|!A_
zKPuJQvO|f~E`$f3Bz?*5p)T&L%L!v!NH4-V(8?aVD}VhPQz+5S0dedjKf$7Y`b7C3
zQ88sRCpR;ff0wu#Rz7HI=>BCJ&1V<W46u@Y98lm?jUgq9ROk!JnYC2AY&oqWP03@$
zQTc^IUF~0A;3KKZ<9?4)%oO=Qc>E@OJwD*}D7Bh5pFa(g{n#FO#eL;9!@?Ty=f6k<
zt-Bx?uTc#pBE@hLs1(W;<|(Y@LXn<<H_Bh}CHa<NDD2gG@VDnby428V%M-IuQ&Ao+
z;wVUJ*304Jg51O>IoXimpD2to_o4=&@9X1==SJ%tWI10Bdh9!wFPXzoQTVOB@`dYH
zSfK8HfG_xG^=tE8)?G0OLD8tG!l@RC_ep!4<3Cq~5KxwrXPWTU=94hRBqBerZTbd6
zX_kMvSlRbZ!&X<!+2^v%5O<Zd*QKk6M53aqr;u=iLJZ6nJ};i~M@roj!kB<kHzemy
z7kBbpWHDBX>Gn1bwu^AoJV#2p>0I2kn}7QixHbZ-38xOXXv_{~5(e+v0hYDDX%HEv
zR92|p8wCwzW`(W<3Uf7fis8*yO^I}~`enRu5{QJWYKy))NT4h|Bp{wa%}H$ls%RT3
zoD71AGj56;flN72hx)~>Qj_o68y*L08RMWYbir7fnWm8F*6WSKN8h##>fgvD?#>1`
z|KkDo)BF!VJ;Y!cv*js8)g$arGdHg)dn<^{l9sIJeCEEAW(7mROlp&0bGpL(;Z_@L
zl&uxi7#;0J4qwH5F^blV)|-wIC~)6eCL#a+?h?6OCI{-Dne%ukr-pL=ifx`-)U!k9
zk)Qc<!$&*MqGL{#kk-yoPQ?h91ddi2a-rO?Cnkd_uZts1z(<^f`x2XdWkvgYwk6v~
z*yy&3Jx8=wO;A?e;G&#obsq_7S<r%>?V+pT?pb$P!1<;)cCe9WpX4#Nq$snmKEnYN
zpvFxbFN=F&&m*NM*G$YriN?oClu-k#aWJ@sDy@~xc9|FqonpLCAM|}fm~>3Q57LR&
z$#LZdGAlyE321&jxi!%yhMg|JtKY=HNm*{PxY6&Q+aW@hGzX9r%Z$)WE5^;peyaIZ
zfq!Glkr>9u6=UI5FHmNvRQWz_#L6+vDk1Et->2NRxE@?VW(g2ur!`94Oc0Rsc&(!=
zYpkD8XxSD$@l?iD`bLj(wlXEZ;o?SwIp4pPX?4A>gsC|It<*^qWpg65+m_@o6J8pv
zmTU6KxsX-0E-EG32_p`7xqi#!g8L!ZRW(n=^2pY&lNjB0Ox2V-g9dM*AMQ9yuG9mS
z|GqIao8x;TGv@>fC%fUo!y$AzTW!o4{(8Gz_y%1El@Uy%2L`M~Ruf&zBR6ddC-jq$
z`oMfNM`^xU8jYp^DZ5osjJ9Z?aF;ra^QnrkKHFvVV98qbJR5?xwq=O+Xoa=HJnT{{
zB~T`v_}khpZ-0RqKSaKn3|nQ^?U7_$)o*nnJBAdojEo<`*2D~~)x}b&Fi;j&;;MHD
zDBs}J?_@B~^oh8U80X`*1Bzvl7@r8^-w`Yoh$&9JW7YYo@_BoOukfk1Uld;|WiIpY
zF~`3lwlQ6m@_FiKGUlH{cP<yg<Bm;Ibdybu9e85beNr~&8swYN8i`P-4HUj&On+3F
zH%(BrPc;wu*2i45t9C!fAkaO=tt%UbwKX)Kane?j&FDV8f!8hGxm}!-lgOM8`kDM5
z9d>CXNARb29YEnxnqDo%`owd#-J2z^I}*=WWU%arb?%d1FBW?P+VDIiXgw+#;kDZ=
zbwm>Dz#?E%a(^gMY^RgjW69u-?c70po2ENOG8YQ~bKpKj;yI<oPeN?^<a7A;X?!jd
zyqN{A8P$QeV|nW<hdG!x8SSjc=2wnRunUs>EtgOD)0!G`*t7U<HB}x`9w=#eu3b_e
zT#4y`1v<qM>Mcs;FBMXXG=bKsMB6g02Vj(o9}W=^^5vWsK>U2kU+6^`QbibJk~<2m
zJMNU^p95e@m04JgNy+!eO(|ndO@Asv50hwNzYwvSgqbtDM*>+-41bDn4r}WHaVdu>
zjtzg3e*D=2@+KuTl<TlITUddbw6gY0+RQCIY(OsP*H7G;d&#)7hM4(Sjo@#Ch?cX6
zr()pVR-g0p_E}+04NTed{)iy5nSE=U^TU;p+LYQ?X<d~x9>qk8=dz5dA;W21l{a3+
z3?>`aEDpHiKwVK>_9iTQS>Enr{l1e->^?_ony8zbhDdb!3?+R-9{5c*ZjV+os_wMv
z(FW&C!%AAe>`ibs0(bD|BU?{Ea$rsVo!`CFBX`abvd9>+i0K*2Q-`oK-0dIny2vq9
z7C3Kps(b8siPDU^s^8GBkYh!5E7y7l#?Oa6p!1lhcc{M->`YpONsc}Ub_gG%_W!o<
z@GldHe`vGGL_Su)|8u_nv6AT@YBLZd%V5Kx5H;-L9Eo#<csJG}YLZYPSwV(m%zCMa
zGoWY;Fe$6(^WBos!SBMx;JH$hv8q;^u<M!kne^GTYsRS^U9+m!nB(rkujkui+YI;J
z$%H{31XsiriDlxf1^110iEiwUyDY7~2Te6*+57Rii_?}HejB5dA}v`623wJsum(%Q
z)G>UC>N?ZCEKe5IX-R~xKoXVYY2G^g2Cys%quIF=|4fxSWg!OjWRbBf2K>=pCEu~m
znIVCO{Pu*=?7rHuyEH$B*Yq-d?(T%ET_kY4@4>b<c@7~$wJ;vmnx#FUEJ$yYkTgJF
z;rN!iNVMmW%%i6^KZ)1FdAQsDgZqg!-(g!3-&Jnm)oTy6HBp85O)*pU{7F=RTkCLI
zAIiZnE<|!i*7!%Fy(E{Tn+=I*1J(=4YSFITy_6-x3SO2HHbk%r=cE{`KI?@wAE!@n
zieKc#NFXdUI>0zwR1<ObLOiFDF|!4FLNCqH*Kq2G>C}C91N+y#u2emIovc7K*gtLP
zc!R`n^kwuLw=>eGz}0pZey)KofoelY2{JY<47eY|Oav~neNF^u6|6I?Rdmv;Qcz{r
z97o9iA8qg4U1_*xdsjsjdnGHjZQHh!ifua;+qUggY`bFHwo~Do?!Eh*vwNJ=-T%B}
ztn~rb7|(Ov^S;)c^Y`F^4Dkb^nR*E*`&B&AtI;9Uubz`2z9QIPiF8u!7X=OfGwiF0
zbE}+4r=qT0L#ky#G;5{Hr~S{N_jp|aP%PduPII_{dNVT81mnp3C{bq3<t_2Rz0zi-
zc#0Ie+2)0D78#y2NU5UIgJs;*`6BsX%KQU+u6&WOzVXZe3jK&sj*~>+iD`pPFhgyT
zl1L0|pu7<K&=|*J{I)dLmBa~M)j<<bC1?}1H2f2sobmY0CWD1)+<(L@;RbgirWWIH
za*RCw+|NRjHf|9OynL)hRBYOX@ednSv27P}Z^DgVAXK(;Lub6*q_$DI`PR&-fET`>
z=!H6qW780OtteZ1Sfmc4^y#?EZRL3jfX?vcfCIxADoaDG;*M?i2&T0G2JUb(ZiXTt
zI#3dBKW(Wr;sz}<Bl7u>_<X0al?s012zTO^dA#_-T*b&~yoDkj^G{Ags%6^&M}84#
zb2q)1A8m#!_qgjiSH*>U)L-{ul5wvXxdjFKsb;T2TlcAuzdp&+ti~(UYo$|+%{}d#
zUe^IyTsUv2oW}L6hHYqMFu?vMjiaFw3z7y*)uel?7BHM;;w2L<i}xT@_RzbwvsgrA
z8GLOtIBPbqdM_r!$seP}TN=FSw<iuXEh>VbnfLQ;SjYE^tK3py1;KN6<5qpU9Ql3j
zp$Q7f)OT+Z!*@i_!9%Znk@xlzYpjlgB%>WSNSLa8-oWN4*Bb;J{w9`MNxe0Y3J4c9
zJuc9-2^#kk2h>OQ=DLkH6oIR%d#NS71C88fZ==6*PEb5Cd7V9*ulJ<AMWzwgIK|Hb
zZUS!%%uvkbl0tHIpWwu}TlYC`IoV?s<jlfwGH<eZWTs#IDrZq=IJhV7-s|aJu}}o(
zAiSO9001dK-y<5u5M<2`o+}o$60_=HQ)FhxAto=0w!ejh-A3sVX&uTUI^ke}8R6ak
z`Ne^3F>wtWaqfrJ+@RPJU03bsuBul<{^FBB4UwF^fyMLRwCR=2?3`(?bx$MabwII2
zFs|XfSc6m0)fSut-{;*DQzUvw_V)T!1359WGo(NDYFxpM%v{fJpf3Tkt31O+0}gNT
zfOajC7vcU#;>S;+V-iiGWh#lRUnn7gQ%$5J2T?qO`EQSqXmSzCJ!PqHScL{=Py_|Q
zpMnGAtaLM9*kkG$0&3A@M5gdt<kcvH$Xs~FKxYiBr<BO48<Cz5G5Qs}Y^3J$ka;NQ
zTPRv?VexNiwdpD);D|{4T^cOJH@JYS6wP^zhu`0tV74WNJIlN1d{e(k{(i~hr1Ew7
zu53U<sZ;@Sf*1;jC}o>Z=WomI^9jxVL8bCE7uY(_WtSLi9|^`M+kOWIU5MCEe$m5_
z{<@RY`ApJ<{Ajrjc*N}jkOjnS<Dw0<fBdJzLgg~e`}E6~#rc&_{;xw8|JT)?ptHHv
zSJvVm$4Aju_dkjV&?oq36P%$Yw6Xv>4ci>529gLf<f;WYEKTgJW^1bq=|!Ij+qn%i
z`Itz@2U7PbN0Hq&_AlSzt^J#{iDEdJRnUX+$v<3EuN_NiE5ANGU)X#Ru027prVVmc
z^5HH(HkK;g$DOEM7qN3%i*NJzUm4aK`}aU-%6dn^IH%3=3F?p(@mpc1JT5DJ8EiQK
zEI(0~GdX!uy?wam!id{oousS;V|tL*m`q{*cDRq%Th;Fa5)B<xX(!T-ROBg=zB0~a
z9cN=3TxI4VR830qygIkxgZwkimnLXU;#MMb?@{<X&av9ZYYfM5Vb;sE)0+34$emUB
zg6)NWlxz?+ZGgQl;^*_VP2pIp(aGoW$4lp<@z7QN08LYGl?GdkWg5LMBYr4Yy_(54
zUcd3Oq&jBK&4E!Bkq3`98;OQvIY|RVbH4!@u1u_$xzw3PO<e{?DD0j!2zbd<H!(du
znsh7xV0yh+1CZ@b>j~0X)}lrEr=9~>qaOQrcSJwLW`Y}@SgFR3uvI2K0<YWEF3h|2
zy6`>7^RHC_AQ{67_2K#(cG5E<UR_?L*UzMrRb`7#_fpqxb^AL^lV~?um3(TP{$Yq{
zsmvZStFa+@aLx<DdL;4`pZk)<!Z~mrU;QwoEXRPq*v42-{M)6Qz@%qETPM3cf17pO
z>|3*=hJh51k}NI`z+<k+cmgm1IIQvbHxgcK+wQaoi?F|+Sul}bZP8^xy@<Ks4a#yz
z;RVsdeLStfORL6E-;&+5-bZXH!ydw>JuiKM&7Ym7R-u_WU@S@HCw_*71N_fkWqG2@
zX%o=`tv%`T(Hl>2qO5dIN}y8l5tZEN{^|urR!xd4f5_1i{82V~Ek3?bRhJV1nZwV)
zsR{+HCFgNyq94xDsm%=K+4ug_-|)hF(I4ZQ-)fJ71dg?g4-F@&z;rHJl6#!lAtaG$
zx&1cA2b(tBPt!Cin3ZasAR<(G@88zWV-?>|w_f1GlFA`uHEntodN(VNbZQdSIzzDl
zWHu=aFRT@$ON%&G>o|4TWTqjMb5U3zS{WN&2|Cu0_ZSEy)p~7McT~PoF<^ep%-2l=
zBHE`zt}mK4i#wQqJ4HY6?J-hX+Dg=(NV@u%GxieCD1Qyq`SaiSjvwJ&HJO=joBDav
zCH?~KhQ6<YJBU&R-$TS%>8a?9()}>DYZCZ`7benuGh4@qd5`M|SR(!9^UO1xG^$|s
zes37sO}OmtvqrSTvHzT;@{QEauV5O%qLTa1YeSGBVdoiCq?jAc`w_Abp@U`mVOO-e
zM}ae;$xOY3w8&7}K<X731Ez6d2(G>(=n8<-zA^fbIw6x;Ase9~Nk&}fCVw)ShCYBX
zi(SU0m189X&d8CtUX5T4BSFU;*F+aoBh2WM(&*hj)vMFsw}Pazw+nZFkCTTVi@M$^
z8t?`LM~8pQ@LZ!wzN$i3?F(w<Nybq#l=-W+eD!wFR9u#C=;K`eh;TDqlFq=)>;(#5
zhUcK087(eve=dE$K7Ic#ecwpNp`3J7G(JxxQ^Tb!=KD9-WpcjSlq<#o&o`Jhxvn2p
zaUsrOEupr0A~>1-uvv#0V~iHrAj-^W8c?-7S{hMki5O-i*&74RH|LYH=d`YPh}~Hg
z#LmBrc7Cw)?mwgW^x7^z^8KseKA=;VVE7W;248L0|8+#!<%=}$NcV5Nd13(vQ|JGU
zP5F<Whv?Qn#L@BaLH^*902VL?i_QjL<y`!Ew=w~%hGroL5Tb-MdM1I&&StrH@C(bO
z)6)ur3R;~;-Y3_4vHMY%oP_VKg*x$#jGm7NUavm!d^tQGAls;23$+1xTMqS(MFtG*
z=MGd__ELS5vs#UeIXcLjl{r~?rc<G8Y88-V;=TkH_`&QmP*YX(MviNOz(mA0zresy
z9ea@R<oGNISPBW*q>&Lyt-gfa4T$tYw<mX`Yh;9H61l`G<1&v?UkVkOlpx&-Wzccw
z;tlYx#_Vwj%|hCEbjp1-*oLxLV{*mX;hu_Py=e~<Q3ti5J6N%5Tc#M|w(Im@c+d^E
zEJcddYN8S6Ha6D)x|_<0tk(0v6|8)6>!&=iejm^ucCo+RZRjuOOM_RDn=N+@(sqPB
zHcl8aUO%=u1$eKiO>OKte?aA4d%_t_4<q9J#-;+An911ka4c{U&0VqC0X3ipP*mie
z6X8=H4C$M3CF0)|K!>j(^efoCgAGqMFP6^0WG&c@w`Dp8V^_~Zrw0w9)&e)<H#Pe<
zEioZ5;H~W_lOqJ3H>aX+XUi*YRLUeAeO7zuH;a)<ufZ7(IYn@_8~xoq?m#cW_AmGY
zI3HNc`@e}AMTxP2w|E$dib)T%%V?yb2_;`tGUphHvz-bX1_nkuGE1|xqI1IHpqr6Z
zHfBxF6z=g@XdCzQ9@9HZ&(XSJxeACyL{~KY=z?@=IB5}`89f|1=B2;RvnpS#UtKr`
zvc$<dBooojQ`Yxo9M-c+3}GgldA_IgAE34J^z%sN2Tv=6s1ZXQ(uCs+f{w<HXgR_o
zSm09J_vmEBL{$KS1qRC<V&;%9#(s3P*k!8;?eDK*Bi8aNH}rRg7J8ZjMOiPVr&;GP
zNT)_SwC=(U`r<E<6@RJw$2Y_DA&~0uO>Z;YcR(^)50suk_-x-$>bTt5jM|15Bo83l
zSg0o}c}3)A|FGten%}L3edx{J9_)D-IS+YwhlV@LO<1Q`>AM<jy%elk-M0B#6EN3Y
zp6~bf0V1OfU=X?HvI#wq8@&d*VOmA9<8)V>xbb79*Jk|6Wj!~8bcPbgguWPC%<c3e
zA)u@#S*Je*_Endh4NjNI>Ajm`gTr}`Nz9z!amG20eUA3m#<%>iSWE(I=rWAi<k%(&
zNyRorzj@rh<ANQcM<=ty>oK8gQp!H@RA${VlO@M(LfHMo_mNaOY3B&r3DY0!F68F3
zMrk3-uc*?iSIc@+C+722^i<vn*_T)zl7SM!h)HN^UC}?pO<#WX=e1h`+a+MAk&{ER
zt^ul4C&UH{2Si(vftY^sC8DEB7>@d08u_!1)OS?y*6<gHZPNw>+8}$0+B^+cP|TwD
z`$E{G4?G+=7?<bIP+8tt!w~rw3Lt;hhi~wZY-2Y6()RiMJ*pW7k{jXbL%R7g{hA&P
zy)`KZvn{~LQSh@RilSRYHZOLWNH8_G|GkN+{xFb3ke3%x*VIiBjzt`ySO{8H*a6>v
zUp&vTZ6^7OQ;DdN*Nq%>4Bg;G&?M-o8(K5%tu(C~JBEG_U_OGOKyEy2c2OAyIY)dn
zO=4YmXYflmM7qoRk=haxYEY7Y*dD%snh}w91jtZ6A8c`#sB1^{)L^;`m!WtJx0xhw
z(x|&C*)<WksY0-S$6dXu4r)vR0cliFEs3C<l>-3t5vLSlm*femr3DtXe)<)ZMwI7A
zFq7xr!G8DVD=Hty9TCtOIBI~@-KO#ic>MLBU>*|cXZ+7!G2sZne`mV<#{`xz`T|y&
zoBXqSGD&U46H5*7siSoxJ~k4a)L525S*A0tXhk9ung=h7GHfk_`eiRKk;tQuw>g&(
zV=^%5XoRwcEaEpCS3Dl-O3GrLhd0N+K)Jq|<m&;g=@8=EUQe50#pGz}o=WFB%06&S
z_MFV>et+s*`v!3%fJ$SQgcx7<-5NH7mhw(gROvqLPuaRib~DB*d_|iD0#gI&YjHp1
zoWW;L7i9i2xj-_K5SNf53nNpI7jL~8xka%VYD;pSN*Q}b+L6iRSR|murUE?~$SGN@
zkL50uaadf0$tlFG)yQd{QO?UmtdG)f62fg-p?O$pPAR3a@Vnrczk<F?V+hU4c)1ic
zyqs54S$Tr+ZKXU?4=-Gg%SF6JYDji{VtNhx$iCV>1D(`ulO6_^X0HVJ^4oGB4>|TS
zu1*RV2C!%*6xVAG<YBxNViS^cjEYGO=PjWqwopo4C6&-5!|$xnD~+>5T&F8g1Fo<u
zZ6MzBVo)GabJ(Ivkv0pj)6~_eiFVg3Y^!c6OS!lc5gF!)TeXi$1sAObw=!3wwk~_{
z4}GsAIY5n&lQ9CnAYz2qkIhS<DlT>y=dE78uRxVb6lEi8(%esD$O>)aX+Xm34?qq!
z!X6qPmGoXL9Y_Re?P5uLSlW}{a)%NFGCB)rP+QzjqTj7Q;NQ6^a7j(x%`j3#7QnWX
zQce;FvW0czp9N=)+<=KlMHm2ycJZ;F(jLPV6F>W5*J9$fpd8l8aEA(DpRymzxfrgJ
zT|wu_fG#l(Y?5Ju9MW)B8s)q-1IWcn;$iXAW-HoLbS$+oOy`wl5L;c4Pv#gg`u?-U
zngxUL<P4nCNB!*mwQ68I`r6{`rWCzd{rgIB^wO*Nt@Mu~_GmFu>|}e~+4%h*+RA;l
zipDhT?$d5@nBP<!`LzRxyzwJbd)~jw$Nc&b(Oyu;aQd5!bSF6Q?v9m}-BF3{Fwg@F
zZbZ>;eN^j){^rxTnHrb2j3Ca2_0$$sHa4vjn>p*ufCC{KtIQhj0`0{I_Uj4pjrNt5
z$j;z<F%g;|hpNdR>Nqg&)b*C>Ys?(i5ti#wL~Ro}C+8TmkvjC($c4J3z4H#=q}-D8
zx;elMGUluzUbKst0_}sG<{O}Q?p1c~(Sh(_92=F4iJ3#Ab&y@5=)_(ULn$`^%4aSa
zButFfOC~822VU(g@)H%1lY{~<pQJobnm5=u31?BYbB=^R&aV*TJEEo`A;4(X+A6A^
z=;&!k`<cu?<(zmqREI6@qJdI>B#3Iv=9B@u8$`k98c7hkr_l`L!x7X@lXjl@)invX
z;0xIgC?NrD+aA;+qq7XI(((t8C`rxi)>)6b;H)so5Efi@xK%iJH*FBxupYs$SfMiU
z4MFo!tdnI`#(&#{B%S;yd_Tn*eZ6&NR)qPzmZF^;E?nUy3w;mg=##YT{hj>)5~b~V
z_f^o1O#uoFFuBgN2^GDSmcP!vuL$6aSzNNy799p6858HqF8-2S3ldw%zt^s;yHK#$
z2WG2JoZw5HIq=rY9xzK}?npN$8_mg1$ehj%jOx&>p>?!wHl~AZ_>ozYe9lW0?KhU0
z9gvD*#FCTQpkL`W2ER>Y%u8cBnq>1;LTA<ez5*r8a#{e+Iom{=g&W)dMn+~_hPw&t
zw}V3p9LP%U@)X<!Ipa3mOyDI6JrdDu-X`%V8Lt#7dF{9>)M~tw{`>r5xvA^2c#k2{
ztxGgU(l86{M(+$t4M<5wlGqR&ZpAv*7Ug!vSxcS~iSbOCQQ8n!O*wJJ?$j;W(uqBG
zh0$1-{W!;$;+hdzzAV`Kz8+vZU45?E&vpaNgV7ZPjvx`7ZD1>Ossr1hqp*62h{Do`
zMcKDCRFQp+v}==Bk|;@Mh_3>O;oP@DKDAf2a$MmC7_i9A0FrfKgnw_v6w)D%p7n}9
zvf-bQ<@s^pyAvTw48-jF@e|uZ5QQ=0a|jCtxbolPc%?kPiSPOl3w;+~cX-8}>59Pv
zYjK>e*%!~{;v0zZU*}l<YQuOYwm6;4HT*mLEb%R#mM>lmH0}+R4@Piy!IxM{kSv3+
zb*=6V%?H=Fa5!eaj-R-@hb|!Yo*6%lFz=*TybWi(8(P|aHfH~=oZ`bdH@-o4G(jfm
zE!eEPO8K(%NL3nD>xGne)xREY@&KPVrhIaca&j=&^Wn9fKWWs2(p3Dw3MDCpC&_j%
z>s!)^2_=i7hE@J8bTt>{uNc>j<3?D;D_Di_5)p(q7=vbdFWQf3IBZYdhI~f-c_QJl
zKr!yVUPk>tL{3RiWZZ&sX?C+j1D}!bH!WdG`4O!d2?k6!ImqOy^jXor6jNPQbC6xk
z55~Ah?HsOT_5+VyG`}i;eM^SsZVdQtIv%=z74HT2h};>17dfpXr>g34m7{@Y1E^b9
z<Kg|;VjY%bSaffhBXXBQ3o}B!qJ^`G;-(TpQ<bY^ZD?nWK%_Y#&^YxC5e`f1rsf88
za#tF}ql}=)u9<OiO^=!0kvnyURJf%EU$9l?0jH8`H)`B5-E$>7eAgf!B00gIc`^Ms
zEklpnBCNhC%TOJEipeVopMI3B+a@#`Q|7Dg#%DTMkl>D%`K!j=IT%k{fHOzk{O~vt
z@H`^DL67kY{R#E=SHYPOHZ5IK8_aqj@a>*P`15KfSuGEAQy*4m`0k_rS#m-H*1cHk
zTI}dauH^!ip6IE1=RM@|<v-oxu8>mQs=m^%7GF2H|GKH~9~wf;*y;aFZX_vN%gxE7
z`dk93u#9{3M%MI3raQkq;5eH}Ljn`>!urGT+AmE|+g(~|=zj(94b&K*BFo&j^NqRL
zs8Pl9ABJpZJ5IT0-(`AwyxuJ>U42`;CijDUK^0cHCmN#v{nc-qUbH52A>y5bg)3yW
z(I9ihAf($RA7S{-9vlh~AddlET)=`Aoac<aF|R2bpoOV%v6$^LBC@fN?QliHhCPFi
ziv%1T8zk@D03CO1q%Gz4?F9>F$k$UAfi{Gl`_$v2ky^9Xs0li;@1^%3jw&yKv7Otc
zu}OGy>bh+%DJPR|*Pxvzw$vO1tERtyB@YhrIv{lDw7L1lQe>c+JzpEM+JGfM0$vXr
z@mqOVtSx)nLuzfKTG`vO-tfA~l(Wg71LDGq<o0h4EZaE+7)h*v>ZF;U{;ic5muDXb
z^!{L7Xr@02V9BmCWM|%N;-bS+>FS0lfKrDs$Fb+PKZsCuidS%w*Hr-BJTM<Ck^hGd
zgZ0N-uF8>t80%PUIeW0pf|I@^-*TjfXYpFZbL|{s|JxwZQ6GA5s7Kjszj_#r3#wO0
zeM%i8><qd^$HwBC-@UN7ARM{OrL*bpc)GV?;?Uw#Y{&rHw0I_rrdG;9rqU^^j0iX>
zR~=d7eB?mzwn-%V{S%2%DjB{Y-ruhZg^j|SXoE!evZ!*s;YD=v(W4Q1X^X@MAcmm^
z*!G2Wf}6r@SQXRXw&E+DqETA~7)JkQ+aagX6a~x1QUmyeIC|Yqz!LE28{Xm4*v3mz
zKkcQ-W2>1>$aPgS0|coy_*Nwhk`3-qClH^oH8gYuk{!szr)1V|8;yi$G}ec3b~~h+
z{70z3ne5kz$Rsl`JQnTv%sdxTq~qjTUKp&{53dg17%kXvW5up}bn)`f*<`vwIOiY8
zl)C?udY)^qL5}!xi9<tv`^NEK+Gqap<V%}7I{il($3N<%{@JpVrJ}2brGoe=^Sd^d
zmZmretx_;)(Td!PX8xCeRZ*S@XcdIg!$tgha8-Lo=0*lcPM_&JNSA8NYC!hh%?iS9
z$hF&iYX*x9NMaL0I~SMhAsbUS*V824=i4ooZ?nSam)#bszwa9aQ~|<((2g5nDVJ*#
z?npTyEN!b_MKaV$rp^}zj~xfAG4YIptxx_uX<gh{kB}!4rB*spojpt`5WIP3-g2S5
zehsmDkIiD%QQhKYZBhusMkLxrJ4JFn5V<018l93b^Y)dcpor{yqtp)APr=0ja~M;4
zQTCPgKWX8bQS`}F4{A!a-Sb_hG@1Qiy-o%BTgsmH);DA0Xp?(@zSs&Qa%Cdo$fNV>
zXUni`$JD-tFc`F-bMh+zq><e;`Eacj4HuC?5iP>>AgYLyZ!xP`Sz*{aV>6XOj27;c
z4jvp>g4rC$#xw!rsZ0#Ey}f`wBZR~1D~_Dk%}#lAiCUKi`TIgT&`GPjjHchv8@WHp
zaSrI3xHW32`dh-mQ6kW)cWC^**N4=edFor264#|eSbMEb(g;!;T_KsK4CH{c?GOB=
zsv~i>kBtknN(Q)-Uiz&)SZ#g5>rEtVu~;;}q=GZj0XAWZ1(Y4(kUH-<<Zz7_4&F=A
zRac0b?CMRl2=Pf5C)3Y?h^h$Wy0u;B(G^Xe4`6IhZ+ed~i<ys>Pf%((eE9nKHr9R0
zmm~1W1W$BZ4o?YV5U%lt_8;c7fpNc)7itzom{yjh?VBkx#;n2O!nnXnwlY4AhYLX$
zZg$uFpPIZ$4;_Xb9|}J?Tv}(KD;yRU!ZNu62i-TIyk?jD`GcvlLkUN{4b5D&x23qi
zclCQPz3uOwba3G*I)<72?zOjF{aD7u>%k%q@d9qU``&gLf`17fzAk%&ZF!{o)+m5#
zbWFuBG?`8zJWG9nAFT4~us`N3LI2{#xzB$GMkX2ROoE0vaup$HH2Y^r2#PEo`x0Rq
zx!@I0tdH}Zj+^+OWkh}-UK@hSO%7L&`r<jSN&M7xjDq-u&a%%t1hqxDl}rY8mhyB%
zxr3EyyyM(=<z{HeYB}{DxpMXKu5=e0O=M~qNkOZR$;#BxBP3`_KXJw?H^vg3v8ce=
zO1(?u^(QS+{qX%6Ymc<}V^_an5;_2#^|>`dE`IC?<s}mD+Jw(DrEQrh{u_lCX7~7V
zWZ2H#0M^IKL)hnk3MG;pPh2y68RWRW4BY>dv+dtEl*;aQ|MUe6{<DQPx>Xukv=`rk
z9~EGYJb)@vML1Ga+7Oz;ziQTq6OSZD21SZ8&~$Hc^;FS#p{Y|rr&A$^S@GLxVRfnN
z3Gd%GlvfGgg~WBHd6{7jGwYwSZLi+5I;YaMF1Na1^w7IhYK8HQj0g=!g$WtcW+KHY
z6Xqu%Cx(<v2~j*;n9;*#>fN7rTP}lqm4aYwzF&Rc;4CI%Tq)!q-}Wcq1ojv7jRUj&
z3bUIc=g>9Oiv*4JA9CaBt%CAQ9V@kpzbwX$m0X2dnu_%e?`c+&^@TpI(0peV>bjAV
zV``<P3DN4f3lT#V%9W!0{N~XQu+jHo;7yt8!XUiNdQtwq;i8oQJCZ-rnq+Fd)7u)>
zf)S~j9@GwQ_m$bTBTZ0e04w=Aq>02K(0~soUJ(LmGn1cuUYdGhwfh&mO5+Edl3)r{
zmW9Kdl05Xj16!55NMPXWo>2|@&QO)GlfNACQTOKiDK%?@SmP3qucz3IDyk?6-4fNu
zPmk_IRpoAr#m760Q;~KR(yf*1bkdE7XowOPrO__s>k@)~dNb-DIt~S15}g=Qx)>r1
zlHX0lMd+E?XI_bv_|pPjr)lJsa9IhIO4B7qoO}PSA#zsds^PN_6M&bF_c+G=q#5mc
zF(u}`-?lGq?1r^9!872+?hyb7rOfV0FuM26>WVavmm4Bky)_?;I911Dao&~5rBEL-
zDz&=s8;>BsR<#ozRKP|t(?OKuS*i01PZ#ZZ%5?`LgfVnKynuh?sWb@0q02aFAkuhm
zV9*FExo+@p3EyKUsCANE2a#etFt)1K)#n>?FxgLl^$geKP_I4!@rZU6LIIX3uic3l
zLn7z~8{oR}$a6qv736ZWs+Q-w^Uwz}QNk9Fwen?1)NN-%CxBNYt%4+wm;*49*^hBt
z?6Y;IC$ZHLRbXKH72{0t7KZP&c}XnY*d1l%JmoL^wgNa0uiXK3b|{n+OghI=n1<#P
zW2Pr>r`a&=u5r$D3j)OVaY@`gb1(9|Eaj#lt(V}BDyMlO4SYGuX@Mp~4VCA_Sc_?k
zirng^u#!V0_4#|Y)fAn!8J|B1!avjRKi_@GMN@vxjzndw4ibzGt$U8hCWv#&fK%cl
z&$lQ@No8^sMy+)`n@sT-d^K<7T$?XyZH9gp6Qj0ah1=nFA)cRX2AXfFMB|%IYq-?V
zOea*rJ?=)B+^z(6ZEZVsRIZKr?wgBGY5ZW~km^+fnSc=h$p4r%=b^gNvq2_nCn!zp
zXj>~yNk4uqE9dIT5&RbQ(^L7PZWZ_aQGJ-G>i98<Xrm_ZmT)3PFMM%re346PiRIy~
zSI`mfZ=Po&Gu?~@Xw=&sp!SyZ^eS(MvI^{Haf#NcYV5mchrwDi3YwI+4^s9}n<t_g
ziBH*k#l3Qbs+-JETOh(u55~S2JN`U->lWh)8Y}4LO@4B0yG?#e_U$&mCc7SQ(2J#!
zJ_3a^<3;QH^<c^|dyc_cXs+Xa^OE~{**7H2pD8Zf?ZUh`4nwdU2a&B5s|-{&9Rhd7
z8Wm;#{-O9y>F`8)aErFtgb_MD(%Ra`N1&Yjb{W5~<0AgEL+BomkVBYqo@<TS4xx4F
z!r6wo<P|fNJY?;e`JL>0ux<Vx^!oRs1u6KOe%)W|0&?75Fy7sNZg+^tb5R6dBK1wF
z%ypz1Z)rIkC5yu!ZgAh}0`_=2pfLm0-^n<9a*Sl5t3y8cdMLO`tzATM$4Z?sU&j+T
z)#DR~Wy?qYgb=@$63S|UXBHp~{%s+Y^#spE`HWQB+dCWGEc-e71F_ov6Bfx8_4p-{
z3r0TQUd``?=aP1s15FLOG;D|md|vcusq071_8eh$X+hQgR*fs<1mE#B0-9Z^?=iE%
zoLlgR&Cbf1o%luR9G@oY<OqO5uH_BtujFsvI*>`U*z_T{?;P>sOgYRMcCTc|B7J0k
zVfz%z+H#-ixKZ;&(`7u~5=5>@%2&;`JED`8Oy<r-;CRkTy;NuX>e5ZVQ+{|*enQN$
z%&PTj!W!bpD%MLI@H8%pu9lj3g~>d_XV_<uJFM>i3Z6Q61~+%_h@`qr-38ra>?#Je
z3LUa-1O4@%;zQ8tJsPfGx-#tR%lJRgm;X(+KkNUQ?Wb-eFZ=&5+0S8)Ka}+)lgYni
zGVTB1XZ)K?{)$unQyV9J<te}V>U@HUsRzIr6e~+bU?hJAHa=_=-30k7f>QSCy;_Gk
z_MMvauWVf33cXE#eD7Yxts3@-9-ew9ct_&lX_~T11`38f>ziJ!w?4H#@j99wP9gm2
z0JX!2i9Z&U7Sa|2*#H5Rt8^Z>qi!}>*K#Ku_v3#`yjT_ZiJv@~$b1ip4Ig#tcL8MM
znOdb>_K6J)R;PpKUz#o{!21C{>oQTwO`8%mk#3B&uxfY$Ok6Cl7;3v$^%CMhGv0<7
zc)w<oe}=3=lL>MY7lRG~hxeGRQCk9OKcrpAmQ=%6TjuK9l{LKk*3}amOvKqWpy2nB
z<p;*RmXr6cs(vIl_L3U?HSwnnf6UhVr<2hqPBs{^qo0KF_$Oe>o;+*nm$+mg{#v+2
z-#5v%8g|MY!ce_XB%p7JTJ38uBcQSKxOzdwkln`Gulb>2A_I}Y9svcHzzLg)0^Ho`
z)NqazQ!!mpI)FUJl1#NXQfd3M<JCqIWU#$rGe~`YU|YpL`zO&O_H@u)d)iK6m_!?G
z#LHq>3VS%YX_46cz2!CQv2G%!LmL2Gi|ORIovCh7m45<WT4-6yIESwERi&}D%FSsT
zgQ8if(au*;&1xy4+LgdG{ys>go>ILN$3RfEMoW4(Qdk3{|Jqd`p_k#%py7gicTBl;
zoRvfJs(U||Ms)Zr2?_D(hgWsYqb}hCEmZ2!i6ma6DUoGG(a(X7EPS#OJE_9}A9|92
zs%eNiM#R1fq?lHNt-PIcx1?EJ+5htubp!v4i3<t5*vuR+mOv>#Sy(<2eRVzT?mWY2
zSFi9i=CG^~erXCzSJvt6=RRti&2XXKN;zd!;bk9euZICqV}~!tO1ov*e9@stQd9dX
z=s88+VIS1MWsvOQe`FDUq-ns@EqDUNcL)F6vR9r0r<eXTY=F2A=BeI;_yl3Ik3fSS
z-<GZ-`Arw+H3N1GpF~7688*@yx616iWk@Pn3NXsWF}nZ74`yP|<<KQ-nN*cL(P<z-
zw;B#CQQ`~)TBM2~O123(DDQK;Atv2L&JO@Y$}`!3sL$Xl!Q9mJzaHVbke@Nc$RnXU
zhMxs#lhU4XT8}<IlBB!~ZjXeKFkl>ykML5rAI$B1X#eaHJ7b7W?b@`Y+nOYbeZTu-
z>c`0TfcFp|^)_*If(x*xT|a6LHBkO*B&_wu=CwAt8icmEtKdsZ9keHuDCqHwU2B<a
zi~Wx9um9&;>r*!0e!bv{U%<cr+Cck{`|!W1<$oGzV>@L*84v?a6A+IOAoIe7)BI7l
z<NZmIkQEERfkT>kr!3gVd84nSkau8$BlHLnEQ+H#skyzIyYk>pEIkdA`BG(4GD9YG
z%&$<&JajR)x*UX8p{=&CbsFY?y;G~?i2$o7Ce19vrTK_0WvPN#ch0w7JL_K-R?u_Q
zNb98KG1TO)u<|1APJU17Cbam-9P=b=<=k518n@XyV89{1JYkn}xj?<<+L4bn8XfVj
zancSvFz9QpLFw0$LqD=D2KM+(|3x8e*!4H!Hyh)KRhDp2JceYMNm}Jc@NQib1jW`T
z=YBEn8?~aw=`&;f_)nXJF*7PtsV_HK@mJpbzYdE2?@hu#|BEv>cKBaggnuN@Ay_ry
zX~7lwOGOHcSm}B|8tGVpn)FF#xstJh3yUOaq-!>;nHz9{Ir+bOYN|?TN*=K<N_>uE
zu0!0oPqRk-3HXKi&d;;Bo_L>lT`&K1yx$$^e$y6Wh-7W3kY@%%G&=S%vchOHUKV+u
z93sko0{Sx*TYFFhKbl#oi2UfsFjsz%mg+uWACg^k>ZDh02(g1s50`~2nHkK@0CcL4
z96e|b(myy9_0VJ$PB=(x?M?<)zzj?Kt!4k6-j5#7O>R+$RdjvK!SAD{sP$wPwhPW1
z-?3@zI7tI|7Tu<<!G@jR)FmTelF8*Eyi;z@(EADm&;0;ZKrYT8eZ?7l&aU-Q>*s)F
za7x8>g{|48zZWxv!!YsU(MR|~+z??-!kmxjqX^8}rMOL?G!<ad?t(%Ll7b6e;ac>=
z6RQYoEh?h+-)g@cQOOGE#*&=#XEs&;oTMM3uQm`2h?WSh|B-89ETv1O<%-iAm1n92
z$uVWu(J(mPzy|9*6I|$!ZMZsUWW^FGmAYt$fyW3|h~96<?8)77kI}CZ^%AXFCG}Ex
z;g44W8b@!VrzsLo;Iez6e8bQW9;Yi4?8p;>W$bOukddI+mV7j;IcVjGF`9koHPyE<
z<-A1^iE0y8&oE3stsa~due8F-N-bL{_zY$aXlC&W4@z!bTJuR7nn}u%p;TYWBbqKx
z$XG99;xz>Fgz*TGo1$6wS8$>_cb(WxG=#bvxsoU~h>dZtNI<jdmM62d)DuDr>f}`I
z!&xraNi#epg{v`!ZO(VkT9!kCL!-Ag*SazY!((&1v(OhJP<-MQL5gVFbZHGiz3n%{
z=)|lQt8oT8@V(&iYl3rEOZw6Dm)|Y|c+)vRiMk_JP_PMq!`Zy54YsP9X5}T&#=Y%{
z7|z-HUh{^w9G6W$piH;5P2kAUw@NOI-mMk)oLf`&2j=$V8e3&>-6ij|W%^U}0f_E>
z8~g}_3J7t@<M~R&YT-1}=h_7wVx7Ko(9Ti^xy1WkKGUkd0p=fc0<($Uls#x>$bZVk
zmI%fS;KVny@pSd1+?%S4MpJ_&%QDrWh4KkKkMi=%Q~top1nqL<X#~uA2dVJoiN;=<
z#O4w411}9GT(e0m<Ek*_xXC2t(#0cV=iH%YblL6*0vlveMU2|c&YV&OixkWzP@OjM
zNqp#L#;-w(&u%rsIUkX)7`$Tik!k5WhKh=Wi6242ZU$haXIu}4yM0i!H*@KbT4iAj
z1YctIF*(t72^x8uA~L#plRCPFy#L6X#XZ8U3gJtZ4bq3PR}=aXchc1Zhq28WQwcfe
zl>Nr{U8A^bw!dp6+3CziqWDRi`m<jm?Scl5oMK6Ate4pAYTX((K;PqE{|Huw{fwUR
z;{Y%bc!^mAB`e)yEMLR$>|Dj)q8w(hnHTFPpz=v$-8xYFj&JDQXBu5!A8v2`>s)Wz
z4F)~<5^&64(~04KDB%9F;{RV7?#y9M74ajwN;r%tfPp|e9Sy|q1z8N$!<9Z|p1%~z
zI+K&wI!)o6DVjf-F+Ov=pn-0>yFqCT%p~>WGT@$oGb@>AI6Mwu5Rb>Z>Dcgkap~$Z
z_3^M3q4tfpzW~f2^lLDE0Urn+mY3<B#%nWP0v3ilE}38_Q=3jwfV*i{GJ}Zy_GR;r
zGE&_qZ9^`D_itdz10f6`G9rroNZ7_B8PS_o^Jg!~hN&Lo=5|tK=ADhjwsx)yb3r>G
zHC#6RhVmOa6e{j}{H3Vimke;`*rx2K4mBH^PhU*~PT6)D>&lN$_0tvF*u7AZW$a};
zsIpAhC(gngm{Ab@VbUaHLJaMMR$FuQ(N7fWb5tmoO-3R<92Gm*q`+Y5oc7?W7FfeH
zEAoWa?M#CfUkLy@i#D?SNhf7sw~5=G*Z3Dy4^Cqrh?)Tp6m?bTpD9Z<7&)H`z@NC~
z>Fj?*EI#?k<wf>2Y|2{lcPM#H*yjT37JlD{&{&QFBpA#x1j)5J2Cc*QEmDiiuhL!W
z)mNrA)f?Ryw6Fv{Qco`(0lH?-$Rfe#?d64{XZyR4oTk8&vQ!^*JO&c~Y6fXs;T-)I
z3s&oX+xC5XQpE@+Z?DIAZE6LFF=`6=8CB_wsb;N;bsbdU=_<9%HvI+ICDhk#`I{x_
zv5M=-4ngMF1mT2k0+J0Sr{CT{Nl$o$G%?M#Q0AY0@(7zA_cm7PAFH^DNq-3VUpTz5
zSU|CY7f4M|aF%vc^;>g>#cxBLQ@PlgMaW*mcC1Xcns#Ve;8@N~rv3NcnK9y3wo3V0
zZ7Y8OlE`frTKA`v>IQPfs?4X_DRoM#0iD85cUgyLzcyxqiMCWqE*Ae<D}lvB&oI+S
z#{Ep-SUbF|G<L%+=~D^BAU!UN@q3A0RA3Mlr=2Mc-{C}M_%5z`5?KtWVlz_{%p}H7
z@`O+JgmV7N5u8JCQ_;{SQITqouN8!78&~Lj&+wH}%E^mdEBso`tcKZwwr<6_t%3s+
zLrMgPK>h5=8n~QX&>aQ%^<$M$joxVRVV|y@^}MngL>eq;KO+@AFeP@eF=WI;>!LNk
z5fnnl5piz~dwo-d?};bOdV?1=R9^*kj{|n2`b)bIB%}_3Lj8s7f&;#UEvpLef;jvz
z1^S3q6aC_^E^)ETj+>Q0<~4do`TN(aP5v45h3@k+OYRpTd0tdYMoT0C&CKn<2r67I
zNOjzl7UK-N43CN^Vv6vUs7fD5IqDqYs4~@OxVz5|9^oSwr~I){ln+83wjDjrdhjh4
zZ`9ABq-kSvzW|`>{tJ&!EGk2~D%11L(8<!j&I~zv#D?&%nX&Y>Jth4wXU6}D8~B3R
zDxpZA@=Op*Ge&}eiu%{K__inHMsF`!5W)y*+tphxKq&cefAM(5jzANjg08xrQ63l2
zb>B7f7B!ble}(Y%kv+ID2@@+1Di?WrTyh+3dbW9P{(5<$@x3Fj_@WJ*f|*z^{QeW=
z%T<hCxmqnDXSu0Uk9=FZBJNL6OcZSc;hd*TOOt{I92(1V0~e4!78fMi6?U%n>QvST
zc5kGW2@HS#f(!gC1nwqdJ+pqn1*o?6&eok;b(w0a*6XWcYk$P4&eRxw3jum`gGl<!
z75q6{w_aVkq|an=sXNlyG(&aiEDdxXt^v51B7!J>)<z2$VYEd=Uj;J3ViaVxCRT(;
z#~gpL1pqX6jD>4)n7yLT*n=^|6#8(%hN744nHa-?;f9<(eN(XBo{bXIKGXZOP`He%
z6Jr~SaRn2vnCcEX?L!-_9#tnRKI*Hr=Z(`)UT_ekB5T7><QLD%GWglP5)evBE@n01
z)x}_j>AlNSIq$+?Cy~+hebCMZ!x87YGJH<l?WfF{fTiraci+{La`I%dwAT(?2giQL
z3Ba%}i#wIg=CyX6r3!&^t|ONmE@R<XwC(50z3TZ3Bbh+3<7?ymicejZ-{1yi4VNIf
zV#MEd6eYK%Jm?ipq2IgnUitHD(bkEP_^zkDE_uRrKzMohvkyEk8e|z%8a7Uw@VJV2
zInQX5I>%0?M6n96i8f<h`#`fPm+eCNe5R$*@q-Y{KG7-y4TA?9Vs~qk5;IeTSy$1t
ziE!H=Rg*L2A%}POcs4!4n(L^!w&Gqy<fXIHDgJ%k(-x5?H*-Jvy`!>Sr*me)cR->x
z7?TO#zR`+4Gabj<HZqUf=3U{W_PBZn&`p=x7RaNvQpo;D7R{@L1ZVIYk%PA-OyIjg
z2+nS1_Mm_^5<jDFWFT*3L`4ZtIi}g4gDs<cR{0$rA<BTYU^+|9IDA(_-_YDZ)Giqz
z<{<H>G2K%--#)#h=~~GB_JYLN#ON7HlvJ#kZs<1y@}KUZ<*nn%p==(-<+&-m&7PLD
zE#Z$}b>NH&qR^4~Io!A;DZ^&W^fRXgId84fVL_luzY+9&+OOoq%cn80-a_4SNNp^Y
z7h8nqnub0=+sit970tH_!O-NxA?JQWN<If)pP)#-?32oN2L2A3qs!y9wP!K6N?$HZ
z&QiP1$V5Moker!A&WnK49=z&7|JS!U@G>M<=gTJug7n|L&2j<~@-pK8xYZ@8{dGlI
z0(@lCcp6!Pi9(PeqJ!zjk(@KcCi+5&Ao-KWS%pVx#G?+)_G1!Ggr>!jxauZ2+0L<A
zx6w6R#y1hbu`(YqzgHdIBb?yP%*{P^mDI%=Yp6`snQpGTUb#NKW`BHK@qL2#*stRW
zBX|IwmA^2v`p3y#rIsQa+S4Y7wl|sM)4#^(;hvbk(wbJZ-}t^#gyoR@#_VS5tAe~K
za~8=qX7J7EQP{4`omOV1&MCUJRU$-F*6}P=l>N~o>Y9{xQOHY*#e1j4Tr9pc%jJ6F
zgRFtTzB76$)ogSY%_J#sYtrntSodUs##W^!=@1wa*nVq%fK>^cL`{pRLd05AS0XF6
zD`NjKfD%vPhTJ9o*LoAp8o|~a!U}i^^Em^c;Q3pC!QC3*Ql1-E&empokTW51y?`*X
z6ShmlW=g4)GZYG5ETiCP9v^qu2mFWfSF|yFSttQnwN4z0VZ`=#qXDwN{oM3Xgf?)z
zmTuPKQ=N*ymq8dXpo~4l-k<!imPo>rgRUXjtlB%j%tBC6mO6k09lS#<W$Y@kIKaXe
zjTGj<Bs+>Rkno)Azekzf2NkSymRX$?zM7<X^V_;5pS($BknrrZDTDeJnQa5@Kx2vZ
zPf%GM2VXJp5na34OL4Az;WSX?u-N7ZdWg`Kl-g4uG1$e)KoR97N7Y`Fe2d`b3sdS*
zbS!&DLW#*U49GOMRAWt=0Jup!?P1(j90GkZje(YmnmnW`I9Zw8`8uP8XXkstl`Yul
z=~HFw2$a(_ijG1g{duf5jjs0`@h-#;t79jG8$N{?ChhjT>u?DvrD5p_=%jKLsl7og
z3462}jJilV4_<1du4ju)-;Egl4TQ*{ZNgsb&X(EiT(3AkicMMjK|Q5Gs&bGA|2{{|
zK;qR_zKi)YmxI9DVt(;YF>VzWjt(XA&nReXJfziXCTz<e-5T!^U0KL?POxp^?)$*E
zd@84<{7GOK^OMb3fzqeLx^iu9KK?3wLtGGMT`t#L$078l7UfUTIMG-Mu;2^J(uu69
z9;4;@)^Q02oOg1j`%!^1-$b)2n;Ev612>K6644m4C2^nF7x8sisZjd&lO2&xv;BU{
z1a9qeb{n_s5FA;e7gn@EKPN(8%w$wA<-y@=`}A)ck@C>JAg-n<W6J$|`}S;%ui#us
zlVmp(;5n){7+%Sm-Ifx;{F`=TBHj`WUY5C?iikzG?f_lH;qyfg{dD&lRzQd3j|jxF
zQ9^s|j587rqy2Iuainy*@M*8GotZ<A44P%t1u9B#U47t%vO8?=i5qEJC!!p2jc!|N
zzUHbKJp)Olhuoi&L1-xJ3DRsClij5`rm$x#3zOBDr82aSsl0yrSQa$tjjClZ_sWAv
z&IJP9->4<B3Hn`NGo#rJ`nM;N=GklY&dq`bW@tyHLW9j>_pRUolYhK%a?jXc1UDrc
zzjDqO2J(s>{h$29{+e7LCtlT<Hu^l1H{ux@b5K?KO1bcdX?DD`LEt(&@Uf;6SGOqP
zRxLF2+^v4gIvx;#y|)PjE2Hae;%Y;e?>Y2^DJEO#LIQ1S`#&d-jcXtW<V#~h#8ZU)
zzP<Owwaq(by_q4Oj-~Ogd@{QdW#A%a?lKPdgr4!YMU3*7zN=gru&hEQQMM5X+hhLG
z1aJ*cVGxS@wFRLF;^E{_%<a46mvX_A$>so^m!;I!aOu4;-j~B_b}bt|INy_xdnH~z
zMCYE^PI7GS8{oq-SZBIPPPU4FwJD9WY{Z`6<np}y6_~o3UV=F;0@Sj#L8Emd9N_xT
zJkfhO1Gp~riN`MWQ{2wGs0cQ5k08SW5}zU2`KO7NqlRmLY>|{}{^)<YChf%NqN5Ou
z6Sb{dLia}RZN}1jk8i1wXsIE11AVKFx~^8;39t_O6^Q5Ahevpc>p?Y>YIm9UoJ%Yw
zK~72_dTNCms2&yyJ;B#2x8`@T`mGpgd7o5|5Dw(r^qJ!Vs<t3o%g4cTpZBrR<54)l
z)CZv~dr=qh0^a8YBk4X88ai_sRM^ALJ-}Q};kPVv8k$uqnlMIpd@=Q2=nwZzCK_UV
zJUzie#T%ObrB^fs&x}Z~w$YK;kiV8`;n{giAp303))~x~HqNY@tWn+lS{H=fo&lZ`
z$ehg*`yx9q6Wzmjr*WnfyN@%QU;Wd^(Al9uvenzl)Tjs~s<DYz@|5>)(2RA{AtJq9
z0TEO!$S|Gc(01T-EF#7oU0uDg9B<#8cDusF%=GEs07WP2Bba0#2cK_-7)U#hTZmo=
z%{9T9D$1KNP-CFeH4gwU!OAd}CjTiKqEsa95Vf1tS65^4P5gDWjvl@M0*_(}I}GS$
z=BBxtaC%z(%<9+SFKd~$NSNl@V1(1S2UN`-#OMK}09n9Mna3@oqC$8tTzHK5FS-lZ
z?HD&L(JNUZ4_7<%t5|TtqJH_0ph%DpxyVOYxE!VHv2P#3SiA-;GX7U%h3iDN!kR#e
z8vTbqlb;~}dO%ZsQ36c9On4VxOT_=j>ebCw-<<A0>_-w##@7E_y((GCp$MSz%q=Bf
zG|3k(<dc&p^Ts{|0j0zf!B{Bt6qO$KrftUJFKp^Jkl)nO#Uayye6IzOt|n|!x_HYb
zrY3SzJWuOfOus(g-{ACMv?vKfDMQUeiF)Z>`{Y_}?Ar_QaI=6kF$8titHsUzh%`wV
z(DASu5}0nqMcsSvd)}K$dH9?GsLbHza2S6WE7PMl&6_n}()wjO&l=#ybuY1SZ5?B}
zpCV}kRvojlcRY$`OjE0LB@(P?f~XGx>(jMga4wI1U59zB*xr<)mzJ|tV#Vyhz?}?C
zo4g)GzJtXcy;Qt>7Vf16uGs-=IM-TX3@!*`YS~eC5#8R-xab!T*s-H`kN1aOElRVc
zx>wxh&f<~m0np%mjU^9~V^}7*dP7Is?f9CBnMo_T)l6X*3)ngxiw?6&bF3c$mvK8j
z`(nw|^XB#yqdH1nKlJ`^v6^FrKb)Q8l$E%(zxQr+*T7m9owZQ1QN&ENC(^F4y^Ucw
zC>ek=tw2%06jAVyA`G<L%4ZfcLB-k8MJixT_E=+h7MlsUv<$!@g#tLqklJV!P-~^>
zh`<8ZOXA?aOk85w*D7Irh3x|a-uZRnBk&@O=|`04dP%zSUD|qw*r%?eKMNF+UN8oZ
zOOwos{(2=U<fY|>Kk%Q$HsmvxQ1RueF3~Zd50=>HVMFZ~P5+jI4;(m+qvo#+e1NQC
z%MB4FV&qjQ%O>Kh*36AZE3()$4JwB!8$5mj%7M`6_<-6orhlSIk`T8rD;slH-cn?P
z_u7IGVQ3tXpb<R>wC_<;37IhFrNL(ZFkvP69Q^gKPpg^z=$!nQU3BHEX@lthemVU2
zr&ZM4*vjaiTJk@D&S0caKN3-G-6GTk{V}Q<R(FfU^BUno1N~<fT^KP&j)}kG%m%iP
zK8;g4j|lfwQcL9oQmSVe2=6jFIvYnuK*acI-dIPIsTI#(uWMVp{kosre^Gic-U@Sr
z@=ElkDl}+H)<kC%hFQd>FkKLN8z{_<<hM<M^f0GhqDu=70!#}Ille#57e)%5$@QY>
zQ5}12Xc(N0g#{~<rN;XsleJv4Ii)GaBQf|wYnkTiY544%04IB^ewSdLsVqE-<snVC
z!4{?2$`cSF=J=K(8jJFxgQEqi6RqG&SQc@BFeDxM@y@be7VP^3WgBPS!QugoI=D_f
zX&GU#TcOW$u!i^YM4edSIlYBf=(fQ5ATRhU2mCgEfAvwObGa%`Qzez7aI~t{!bsF-
z+A|_N6?>mO>M-zefg<IF)z}Q9pH%cA-g;d1!d!XF8QdF|>}-HxtgUW4HOR}JX8*W+
zBE~1!Fy$^H-PojWX$a-!+RWYW#pv*;KXJzCGWfOd+lxPYG;sKvEPX=`(_OKnpZ@R*
zJQ+^Ldhm-WYANh%PJcX=5o|>hPQ?jDv=ZTJ1Z-8@2L>MmhL`*3`#5{SHuW%7J`Gtq
zh5mA0;z_(=CHhl&)#8W{aF?A-{7|Fnm?IP&ot<`<CHT_4|K{f(Gu6@9S?lR3nTK#i
zTKmXtXNb@E6C)9W;JJrV31$+JQ~St0IEMM}G*_~vwLcHtq}08m6<olc!G_sM!Ay<x
z*yq%JCmKkC*hlRFO2kaN`kJC=Va%nD>3cW|ru_31Wysqm9Mw>EnfOOcv|n)Kxrups
z%``iGn}oj2K??9I2CFSMYcTSsS8P1~f;6qlM)C%XeD-2TSV0s$xaih}HVcE1K4rUz
zJyz=A&8PuLO%v-mB%-B8V%BU*;LB-4efFbBJhzxY<R~kK5pl&zx~xJ3^d&tulB{uB
z&GB+@vQk(^;kvuwmlCYB;rN4Gd4w7m6%Q;Eu`jCWXU%Gak<wgc+&4=;`~PbD>aZ@C
z=5JDI=?>`z32Bh-?ne01-HlSxAl==dbW3+5DM+`3q_hI>?KzLf1CPh^{Qh{?>-PR$
zUhZe+p52|D-JPA$W`EP(MNHx<P!(FO8wLbORW+xui--(&6;E^nWyeb4ojKBrP!aEc
z#u;YouClPKTll)q|D_4xVcpQYL<Yz8S$*wt50X18MmMsNjOMpoc$fJ(!vd<q&FE=m
zffJ@DTuyXHMDF5`XA`ua?pa{QwUNV<Yq9r82P?-TW8s*xt+ApZNSS6ak)BRGd%#C*
zqj?Rp%)pn+P6Yn;kySNhy71f$m{g7GShDn`pbrgK@m8sUT4l&0Tt{oB19Y!aRv&Y=
zoEowm{hA>OE?2Yrejc2zmv?%iN%68LbZ3?Bi~^iicS=9pV*V=<zP3g6YF}CmGLsy>
z1N3G+hh(!5a`N&nLewi&Pw7@W$59(bqzN@wu&+gne%M0TRfcx9P#L3QU-+&L@kk0u
zB;U7<Xr5l6pPLeNvBRvg80<T^?|9oR+W?EAhoB2V#l9_2PuFzdi(tOOYG%#3?7{k@
zAU1kbiAL7+NF3Kau$J8V$dUNn)a;3pYHPHSu^G^O7!r@DJH2!ea|k|PYHog-Al3#3
zapzNZ_S~6ZOqK>T8SAWTwZvKfBbRy4dhoT6@36N^ozob{&DtXsJL@(HV>cbv9bXVc
zg#=32F)`UCd=Q9U3^J@|h>p4vA5V!4i=LRl6mQ8tll-`5VjypejU^74L6}@JnnTJ@
z7{%QKA`;bU`>sPqjxc75e2h5ch$L+FqsM(|8+0Kak&TAKR?3Z~NT7aHG4~qZomALa
zsJoEO4)G{ly&!y6F9_c@z2GF#F4z{6B=hpw0P4Z*y?EE!efC&+!1{g{Sl^TXMj?w>
z8vVR`ou+2tf;WY+z#h*V?}^b12TMk#PCVKdZADH-3>^qXY1dZrnFswd2kff~)(Q%o
z@YJzBXYa$EMj&}M;)zVr+_B{2C@X~A6Yy%H3&^+K?3lMc-4G+qEV%u(hAA(~KaHe0
zoN=0D^fq5DnUu9cKgYUx^Bl;}#%V#8u24lSH8^*~HzjMtN()A`gTZP`Wol?T?Qj(3
zNQ05lSLE(VVlnFRA!?}iwMlq7({Q!U6pxU+%xtmIIksl}8BS?vHF>edwj%O#(=^ER
z;k>7v8t<;cmk~lXo1n^3hv8K1svmciTO)nGNzIFEmalezp5llH1&N}XOfo&SF5DFV
zHhPFdZ{#v{Nabx&F50dcVPQugG-u#Lw5?W!arRA=ArCi@+BRTB-031&)l2=oUGtNV
z>!LJmkTXGe=+*ZA6~QaBoCDM$Y>QUdfwC-<Z$?-MIWNf(ZF*$jtT!*<YM)pZqB7*2
z7v|?b4aJthpp!Co)G4`;r7{K0XhMsnh@0iqrn7u8>PsKjB{e|Mavx@z8l6~K^9mlZ
zecwg3A;B)zVW?2|KCrI7%M$jnFH(eT7Y?rTZoc(_zPeJ<TCP=;f!Z8DX)V)*w8Vz<
zXZiA&HPv?eUW4GhT8WqS&n@D}b!HuoD{=HT>Sb(uSj-odOog$?Us~fwOv|Fbi+^MS
z@5Y^~&|6)O%cfJ#&2jdeQD`v8*yA~5vBId~=?C#`UvJ3693k`xzKH8=yX)eQO6IA<
zTPqwvjZnn1P~>)Mdj=YBk#gg7Bg$5Gm0fd+<0vT`Nkeys{Iq8_P-|Z25Cs-K>~Z2=
z3x5q6MIM(BVAF+id{$kGvkex_k-toc(gD`lqgnj$)sxP}TW(g^$B^73O#W!Gk5Cdr
z8_S&4BUbHwxw?_x1&&j@i%11FQ*U>&bL^v$w-rGRRkKS?L7!@jnQYtcJH|On5ts0z
z5r~l*PkmDukjFB^laJI_r*FluTnKW}ig)MB`qZC*l6&3Nu7L!pVXlz`wNs=LTv;Fa
z8C8)pLV<W{EBSq>OehFXoV2=pJw?7P(bp~lHq}I(6D!(NX=2-LBFhmX75UX+Cd@7|
zE}zP#SWPfV<>ixJQrFl`Vy8FQ4;_O<i=EfjF7kbC>^!y9)t|M72qPkDzM~i29k8o7
z)YMbIWavFV^eV=wv>(l*Q?68^kU>6#>V0%XN+RQ3<QxGuJrecV>0IJU;+t^068^L9
z_b@hDFt0?=O7vu5BtOGu9l<kkyx@E$ogjv?S;m=;xmGU{px|}|ACa+ff%rmdkFs?<
zxV1cIKwCV5sP};L=J7y@#!f7)`jan|5ucz~WV*r{)3Cn2r@4UdG+tTphZ>%X&o^FE
z{v^?GJc0-PGOyFVUrEw^of`T{aBHZ&n}D_%O%O+Xh5g!2d6rW!pKH+orzQlNAOd(n
zcj`FoJ|(Eue0IP7obnV!sRkaiq;6R1Y@eK>hmgywmQkyKRm4Bu=Gh+F9PGm675qp2
zVXn;!T*)A<VQ=&8)rAGi@_D>=#L(BG0WwmWln)AZ6-~ZQDq!(0Gs$8cRIzaJ)-qCk
z+pry@>M0TWGGc!2XT+iQY%@2{3DyC@h2F-Ou5)vQ5yjF773b2;!2oANt`c!=fBj>*
zI-??Ubc1i)IMNOY%Y4lTYRl(nHQI0pj3INhx}xbH%0?MOF-)@wl21=wD75HhyWlQY
zp9OF4@3q2>)jCFHo?3uOWu>dO^^RS!w+HOxD<t3_ze>(WN$uG&dn+Xi5<+3;^IN7P
z5z5*^pDhy=(vn)Tp*B$4p4(fUqx&YbcuwLhw=yC;`N_bAGL(a#0_M={M3i=@FKtuZ
z5!VGP3On`Nw`<ca+qg2ZQ0&|?ti1M^@ucXrbB3LZYe6;&@xo4{tC!r@Z^5(cQJAW8
z{22Vw>hZMf;OdaA=C;8;`V^GM^emPLA2AF?_B`C`5UYn&6L%;P!V5{v{zT0K9$}X4
z7O<!)Xx4h8^j39wsbY+%bC(%0jA2ZAK5P4#!fRGHk|!Nq+qRCFq(VxgWy{iTW}+Z9
z+x=+ic_Xu`^c$kbZ@I_9yp$n$P4gVGKg(fPtwXPyr_ep3h+w7sIL@47;&sA2qJ8ol
zZ{4`ee<i{jeyy)bz{BzCowb^8YRaQ=HE918nWhbz19G#K0us{D_$f&HuQ1dEB`{(~
z9SXKnh=JBl4C=4pG0|7LjGvdaEkpEyn}@f<^<_T9A#=F3C0=qSe%SBB<z9*sStX8C
z)0=<DkGK`1E)(2J(jPBLc!HbYS%LbZEc4VsW#ajW$>B}1*#+g^m`=0gp>fIb1bUMy
zscV6DQaxpT)ni$Oi>*26sE;nlVXtaML+j<cKqnU?2rt@3r}_MdSl+o+kFS0TyO28T
z6$}i$P!W3@WU_VO5|i;#eD&p9;(f{^3bk+VOE1WLy{Z!N%`-ZdN_C^7K0RM?t5Z6c
zFM%`}69m0Qqc}B+c=0eoktjWfuiTaqCDk_^L1z#lY;5|Wsf(}k`!!-7s?H?=ZD-Vo
zK34)W*1^MF@t)T&SC*nv;R!jh4vCu9&W_!w=rcOXmiy&wW9nuKmfc#Xr(;geOLK3U
z8SmX^Sbck{ZVAlqKEU(4ZGwOCB#rxTPg0nw|6hrrFwp{@5CE>DJ%DZUJD$~nqlX{c
z8$Zq;w)OCOab7&|R}1R)PUUE~Lrd+%gh6KG#0BBgs?SuC+tLkf)EY)&R-f(k?Zer=
zw3;BbN?tUX%{`Y$IcYPad(3KQQ)ia4xOA0pGR@{?q6$MyCjCsDyVry7fQhB-_B?JH
zjK}|_tGu5kGy{gyOgFG)`u@nfeWJ=|Wm`&f-gw4IT5k8uE<jW7Yas-CC!s`al@lp4
ztIP}XY^~adaOS&XU@8JRAq%Dk^=j{-jM0u<pA&bU^3%kOBA9US;UkDWO`)tG#+gsf
z%B!xnin{6xFeR>$6M*l$k+H{Ad@$Ur)Z-RT$vWX@{2ArLQipBh`;~%gTdtHUP;JqX
zGC(vCft1k(R8I~Xc@WKm!Txj*Nw|SP4i2XT=qN}SUym>YM&Pa#k@CpV12_9-A!u<H
z`ao>#dy#9e%CmVDC8RQ*oHAfoakMQ<TEGi`jXW?gnmy}tmOXE<djy_9^L(q_i=%Kk
z5{_sVN0VIwzb|n%pd#c<I0BCpCm;esoxFYjjd?v$8r(Z&N7A;@76QK4h)2r7E$*af
zpL#eu0<-4ShNo#Xwd~ZpQL-wtB1r}7AD*v)Lq95xZM89~w?cDBZ9;@X1i1!eMQ|_i
zJ4L?f*)9y>!zXQ8<(!Dsw<<Bd&V?wBNQcWbg}0-(*iEXgL3uZNm5fJ;?YVM-&we62
z=gK<1fT`K1h<<WniDx#sM{5=MffUGv@PdbC+|zsI!+4)U1e)K_k*dEkLI^_Xr)@#5
zcXpak3rViF4@@wGm4%tQY}IP6=<@A#;#1;#kWZ{KB8)!1Q&G++Y;&L?>~w?MY_g^d
z<?3ijVOGP^o0TY}62)%9Dy)PG)66c}a;6nk34=9M7Nkg{@?{YKQV~N1*A7YNiL<U{
zhtvf-YhbZ6$A9p4c`n($M#GVh<7~69Kgr=nqJUX*>Yj4)7+j`3EJTA0=Pa(1j-Qal
zNsFauaW4$bDu7fAvQoCc05KeSE}9sQfoYyJ9*eAjJO$+4<UDK0#Dswzi--43zjM^M
zK|p5YLx?b;wy5Sh$T(+DawjS`DapkW+i49pfIGT2jTaYY=>2;aJhgE<I9(T>m}qDC
z1A2_wz8&6p<BUmT*O5pSYa=&pw68$ImF^dVP2O46Qy~kqG>g<0g8T7bXkFDrq(Lj#
zQ`RAkM}%<iee)WRbayPs<44Y&L(QL!PdKOxlJz&9R2zM%22Foe@dT4osL$KXmJATW
z7^qTge|JQ@TARBL<0Mf)?U}d|Wrb|<rq+af{RKOszY}m~rr>G0@GetEvcQ2&!^K(b
z!`=|2!eoa0k%VVRh`XxRYxo+kva;rHR9Gs<I2ak-pQvI)1Rc1AB${2&jOxo}C*QBa
z!?hHya`MO>*G9{0N!eS76XrNRO+v@l!z|cU+loD}v7u)JADk9u<|V&cW>@w^Tgpa_
z2UF-!E2A1)7KJ`{QT9}e^@>^lxJ3%rBIdQ8|Ij;DMNuF$Q_~|V%L1(+FUi4Oy9&ac
z#sca?ik9@6F%M2Y`6J!7M<N^7LCm%82lJCS-Q8A29U{fmCZi&ohNe$kiJ6(7Vk3#j
zqHbw{WQ8GdG@#C?*zJ??reQibnQ}|Ap0lEJW8uTd=x`8GBpN^#2#qZ(8@fK`KqVx!
z2gPxXBB3TCl_&D0Y&wsSRWutVIeyOn)NNNe@sxkpP)JzLLa1S~+Bkwk*IlFpCue@L
zyQzGuGKMQ}uRX23e^hTHzd`BdftO!svYLp#<0;$5(SYrzvtC95i<Gj-@JWibgd83%
z+xI}`6Z>Ny`kDq7;Yaha#Z8AH5}kbkUrD$*Jp3oVyjruqb%vJU?TRKRrsDQ8YQwS!
zGC8e8B^g1xeRx?>vJXSYQz1PPX5sgazb+5`o3+4e$VnWFwnI>T`6IO>)bN*rjHS3u
z(g{(X{X9}%Hli=#>_&HkH_Q4iae3b+x~7iZ%9(9&n43Ydy3qMKjqZ0b@07JWs3^8d
z-mXeKbVsSTg;<R%;5w;~$QY|j-+%Fp5-z&?O2V4Hq@*Ov&3E06)WY<!Tb<~2sal0g
zwlj2H?{R%qDMym6+ktL-GwqhTfSe_Cvm4Jh9^C2CXDeQYIPJS4Ju$vf>Osq#7uSnQ
zB5V!gliPX%9Isa@y4jZ^KQr~Wl<suY7Wa@_5yqrR8NMiS{3^gY{_-K`mKZ!2tTzKh
zW{RfQqlH1F&g_J)n5}LW;Y$);g3=ZJx2uKzg~LAJKu82~Va64;i>K`$1e?#;p|lXK
zN3X2wZ~R!`k}+84^$vP%%!WmjuTOGVM!_+_lVRI-xpV_eim>B!?CmniNSs~;aoF7u
zl#K1wBX1y=1W~cU5#OjZH9r6mNEs3HiAXqW!p-jjN9`eFW=#xxiQNbABn5q90#m}S
zJqc9f36$Rk#dQ*D>-%t<!Pc!|MPpS1`gT^beRZIQhz`XhmXzh4I*;gbk=fB6niE%{
zuR4#V@1Glgd2+qj_@%G^$am?h^+AkVliZ7Dq7%NfUKRp3Pfv^t;~?kK)h}Tq-ym5p
zP)P|)0)mD;XkM2&E3~!Bw%RbZT*_SvfE*D+(b5JlZcg8fzYTTlRd-qAz<~{mb^}3O
za5N=mDyDV`@W|>fbA+0u3gMGFmcJGtT_m%6k1XqmMoC@PZ)uNW6)Id6?~D%y72=L!
zL142imwO#R$2{FSmb3iv<;wD7eMP;YD3PmcoR`$=;x<`9yVHlhR82&&pCpRO<aXFM
z`t{8AZ0t|YZ|^x^j}we@bisjvS!4YooTr14y|Wp}$br$!%GQ!m>HFVC_o90Kd7b-D
zv!g^ERvUi`=l0pmf<`=e2W~V!4_mSysogNKgg^`oENm1$95L(>uJc264P&;(Dzb`d
z!l~+7&E2Ww+FG`nZgUHevS6^xtY%Hk>{mX^J+Gy}TA9zc!wBVV(b3i4UU1vA*tDEC
zA6&d#@_7A84uJr=Tzd%a@xul<9-5{@Sm{R9-Kh?{;VlFk>sHm*>JTlV2BJfn)R9`c
zW62Mn9iu}juM1%$VzG3ljfs;r^-dbB5V92ac6v&kIKG-De@aR)9nECH=)}5<G7$tv
zXPP`7Hp_#aE#4079NMStFjXnKSF&S{DXpl>kq}zP%U#>^#_da}GfkK>H9F<AOP`st
z^0hiB7x}XESm0LOa9}uS)wpVwN%gKO@Z#_zH-O_l73!8ALY1GZiPdekM7$2!f%r0*
zB1$@KNe&V<vFa991v5%4S(e5yS^3N~<_rZDt6m%tX3afsW&bfUgp)(9ZH_?(MO{<Z
zF8Z;tQ}&0~4G`Ik-k0i`nc5<+PW1DeJ!eC@J0+Txme3ZnHR97*>pzrMn{AKJ(qO;?
zu@aO?2toW<h7OLOgwu)ieNvNgi$E12<l{P5weht~D1%!)*hDA1C=0b*7^M^0YpLqo
z-<ZUQRNtsu<1OVl?VjeNjJ>sDdJ}3xEyeOy8BFSkD|i#vC)%>7Rx*Y`(T*v|>}5jy
zs&<lKPvh9@DX2Fe$D+pRsZ|TI2`&1@UGi#N%~M4S1kGt@znLz3jvRrSy$eXq&Mqo^
z1f=i~N{M79BgJ<JDtN&yJB*>Vl(ho}p+m&tp5kIUMCMAs(kG2e$Qr!Nff5M~DKW)>
z`J8`{V&wsCKFFTR%&P4<Etxl`@|hnmRFuZ*L&>H;A&Th$+}?yX1(DjaB(z#lJ??b5
zW#x2De9)_D)A$y0v$LLTW-487Du|RyY?ki$)%YBY-7y?XJi6NHJsOhdI+uCVh|+0o
zJ;!vFw@Rkm%8mmf$Ll0o<TPaL`Ky{Zhnefvll1h(8nc*qR08E{)R|0GVlq)oW-Ei@
z0^;Q<sGnhdG?KE+wk4ArYtHIro4&S#k$}OQK{wMl4{9Q0WV5iQ<yC$xL4fyA(GHxB
znJd!jyZ}L4!Pq}@^P?MMm%Om<8;ATTZs!+Uukc)?)={=3O4BtaBqfg)9CtHYrSiPU
zm1R+ojUEsD=;ZiqysJEYL6c0km9t+qMKD;uM`H;0A<}VSkAR4T8yk#-@KWBY^?WDE
zfo)xy%ttUsa}ENF!fB=x9h&`^fPvbL?7oghl_oLGoq{|z7MKju8$KYu@M<?Y5j^AN
zDI^V2A3uh}qU#~Gq5v^p?rJAa<ASEpzB4$F|7$8&^={IOtwRdq0}`j&STuJN6SCtG
zd?c-aKJ9bbFBepNrOTNiy|zKv>C%xE;qSEe!rpSr>ktCBgy9|lema?L_*y;B`$%;v
zoz&5%!V2TVK5(<9G`LtubxzSj4J1>*Gzy*t@RGrQ4r=4v;NGQ3cx$S1DB<J4!sX6W
z>SBH*6`i(CxKJ({^5Hcow#tIGtIHn&*i`HWjYXoZM>6C{ml@i<)GWQm@fnE0k~D4@
zJn>ZRW^w%>;U81okGk@rhTu9i<o%l4Lvbe$`ZQv$#&2YV2XEn*p_>YqLup$48BL^?
z`c_}ns=0@9dX6Twn;QGP^DT?8kp<Phk{EG=o+nb@^E8j|-|$6ys$_Z*x$Iosq04DJ
zMDrO(>B0O!T8@B%($FY-p2zH|VQ5(8q>X5`D=n?+IKu?UsT;crL#Dt*Gw+qfEs+QP
zDU7Cr>VyOv(!fRIX|wg?kv@Cx9B$@(M?Owx6lX}Oi2XCR_N5}5u*r3Fr%4s<Hr#MW
zn@Ln>evBq*sMm=@eVF}T_Cwv-C7uI1r|3)@hHJ_~8PH=8p>m{tx`W|0c*N{VoZP!m
zn{3zT6r?IATn-S!##}gKcm}9BSutRTo<;G9%_FQOv2l~A^BC`jOpE&hUqT(i>8c#c
zHQ3#TQiN$Dv$z*^oPOYpWH&|mfHvWvN0F{0Ahzw!wpO2>JZG4^uq_-f^RhCS-UH1Y
z^GF)%QN|!;apCmp(Pkn!qj2v>UtGk3quB~1iTXgyAm|rOJ;N{Fj9Dc%h9kcbW)>na
zo(;NswH(#kKr}fC)7obw2_?q(2+pfh`c?N7B_lXnTrZB-nMfPOm!wF(Pt5$uu-2>y
zyc$H)iqyP$L4rOZ)H$!JSl~mbUG%fVEK@?}d@z{OrcbHKg-}>#F60;nu4hm-7pf!0
z_<YLR-qWvJTyQP5wtHwIjgVdsBV2iozhT)@$;D&ds>z);8Qm4P>C42EcuDKm65DD}
z=y@LXsU~BILIpGjSr`{cO!G*<4Hf$JN0t^yH>8o3Du1z7heI9ejlNZn3qG-SkN!tg
z0=%3Lsbb_lq=_NV+hI?zt0HC_PGp;)sIz*HUmr5!w{bqif_{(J)da5m!Bvu1>`imS
zR12zJ@VWPl?hf@4eUXA>-16mdRqN!-$**8=lGo|vkoC`>`HGc0iWM>Y!?&{xhJf;J
z=E<MBaZdS+H-S&`L0q~(zFaIw5IfkcKS}aHTIgniK2qlHb=Q9KML%M=<zZQC2q>48
zvECdk;j@^KwNob18;P=-ZF3-A*5l@p{7)X_1SAWl6D*$5>7rMPDQDDEKGEKjRvnjL
z4%q`+yT9oSEnzk+3T_WPW?N+T-n6=|_sm+GWou!dIf#?Xe2&chFf*#gkxq(|c70@P
z^{XQ{E<!u<yENC6oI;BCo0|jycAt$iww{gI^ro8apf`3q1$|*4j+ymQ<okr``$gUx
zI`Nf#>MNSJU4k8^D79#wY3d}#`bmj_@FJY?q221l@mZp81xnNdL%Z4DqFXiHirEHl
z@i)&5H-2+!nmN}`n+c?`!vn5tR}sRwfj9XRk-T0~T@iClqAf$;Jpy$oMMc`JkS)D1
z5c<Gq-7R;-BKU@XJ}e_9AyjXsosKg?1I`z2fQNGZP>MKW@OC`*sOFGE^@|MpksNOw
z)idm&mvPq`0^d~DTLp)12S&n|B@~vYFT%CJ-_(Z*Hz;a|d{!gGe|STm>YB7Sh#+P;
zquGKn2Tkmnaaoch-6SsMaJk2CJKgh21yX!Z3?-0PXbbXc1#us@<J9|lkK)rDy->YV
zM_nDN3BI)pvh642{j|r&vSNm}L46*SLGuT158IIWIL_uC6UM&aay88{;ioOyLwJuA
zZ--}WKq++t=Wk1nVvix@{M6hIk-@h|ah!TVz?!l_$1@bf=x$4jFyBQ|A1C6%SSEd*
zGaaGT7u+X4kMv})71U(!wsghokOKO2W(}pgR@ndthoL@13Pn^V(V(Cjk+xk)5c8s8
zleI;<G@L)J|G1nR-`d2M3~W=4?_n7SN6^gxxaZq#7z|~Cj<vv}U_Y5kFh8+3NNY;H
zg`>TKw4F-UiG$*Ugd6&qo=ss`tC+`U`fN7Ko%%FnnK$0g?DsA6SIEEh@7H}fG6{fn
zPDEe7NXDQcfUeTh<<@y(laI=2bX6WDS5@$g&->GZ!&hTrShF|{;a_YDs9g-J&$e--
z6k=Y#Zk>TXQu`LZhRSf}0(Ud_B0W-WB>Fx6*X@c7zOQCdA>NT5vgDyuRB*y5qy~1W
zJx2;WWFa5Xb(gV)(>a7<gOaH3U+jEh0?niVcorc77V>`uI=X8e3m7;!+UtY<igTo7
zq;C&0{SoOtP35B^o)|hWJ*=oW2<J&CR!}=Ooqm61cp7qUBo&>HFbrk%QFOOi7gW!f
zV7Mr{r#Rs%QQsS-xET@cxB(@?W30>YSlW^8F<-U;f5q^3U!Bi+zq|N<EqnR$D?yvb
z%t<?R-GkQ=436+8d~qJk$uY0?wyrjnNG;$Udxw3^-ow}XWg#N!`tX@3d}MPN!_b)3
zh-u_AwLNcpq|=E*0G^7G$P_xZS7OQbPA}HD+ECrY_yd*5@HcCQ<Qck;@k6r~0rYjb
z^b-NqmD~a3qehsuVO~B}{iMhcU7lM)tpN^P51vrj*7Uoz)ElkSEClWbPbI5?-`46g
zZiF={luJQex6AuY=W0}fULdSB1;BGLtVZ)^x@opq%m$F}kt88L-P0|Z-PT7xFs*+J
zLRjlE)g#H=>r)(<sY}D>Q{|>`)b7spE?7={Xx@UyOf+FDvwUpl10--lM&)pUN-n2!
z%dG#3>_68V?e8RP>ql1EEm)Mw4z&-ZH4*6vFG*Lu(knARZmZRcun&`JM)L>~ln<Tn
zyQl9MByDu9lXeX1V6Cc-U8;E$yXUpxDf|3M{VWraozHU<m3|$TSvm?uZEa22c{$^B
zx-tfGEREy`31)N5@N-NIn$J}&HOkoyOD$caGNI0u)iNoqtg&)+YG*R6;z3OdDpHbb
zNz#_-&wS($XFjuq#8KztV{#OA*<gk#bGDkP<1{3(pr0G4ZnEVX728b};>7L1gtgXq
zpI99v@<6%76mTTW?+;JQO-=SgtVWp`dzEW}_*`&N<6<if&9sbLO)$*OE+Sld+}ll~
z^lBIg{JWl`f95q)BG=7%@$96Q5T2$2qyZhkO>9>>KoK=~6v34)Ln^!lHE3S$CF2tL
z4l8L;b?z3WKx|<Tg0_TR@FCF`$_8>M!Y&qvJ?ab_b^=nLvlwmo#RP`<lD8F>#o4b3
z3!?Gh`dCIn-$VOg--;cAZ+^UuWK4%AYR_4ujCkhU1Eku{gAc8y8#{)xj_|oSkqX*Y
z8zpQOeqVN|^U`Ng2m$u(t4B;Ehoqu24J3y^t|o1)^>^ES@Y=WA!%NQ`S|1L6YZX6e
zbBhQFas$`bG`0(F5<P@9=?TINh`@MTDW>ch@*b=pp$nHYZ)W<V>gI=!i)-vK(|GUJ
z2KRv21V<w6&#*sLzCVKYQ}p?ksq0)DGtnA(O`Of3NT3UU8w`%xN_&WKQ~njXih&2~
z{cafKNIp~TT4GxqmlRjALyGWhzp1y2^MiBPTy><1lDC>J-wGQLXVLW-yDX$lt5qs*
zyc>yD72?bTN@np)vx_+z2xJ#zzfI#aV8rsLNo5XfP|5kw_`!{X0zW0F<U)y=%OnVz
zL&I=`VNmL*cq_+j^zErhPft6I@w^G4u;+?9;ZCus45>rzutH5L`s7tDKoI3V8O7!#
zj5{f?*BbD;IFo{h@bugC#tmYt<N<7pljbGSUB9w)S};8_;KC6K5Uz>sz8k|`J@w<H
z;D>(t?hyIo9`%1*&17MuVf;uQV`_<@Gik3u*O15JD!^F@&rvP9<3*!kCk}Nb!3xqg
z>+N0Z?lm*=)s{}Z5&<I1D-pfBV!UG1u652xA`Xaryw^FD`q3oA>+%dp==AcN!?haN
z*CQchzF3LFK`JrmPQode*OX|%hhbTT`k^Tk=Du3`Pt(Ra#+U}#;{3h*=Oh&?;yBcX
zx}ex`Xs(oXYQEyk3RaLm7#EGU*gu>c+d5nw5T7gb2NPPzWiIirs+H`KQA!FgiYM^*
z&kV{B$znop%wc+NiYqr$oHcR$xVS>JLlftzdhe+6z^;CHL4!4m_}V<7!gy*H-{hv|
z6uK7=ew~a8(QD-_q*K%ngQjf{0-n0eha_ST#2QBHdr{eJj8#a$QI0!{c8ybkNcW8j
z$=Lm9rlT>1_Of$Q33`Vqa8kyEQHnmSIQFEIuVvM;fU~lc??0~166tUT&K=t2m9VM&
zUXIH<1wdYAAxKjhr)CV=^R|<^9qXs03?%lDiZCMq2}@A9gnQBuxYejU_1pU`laJ>J
zHLYu&=+`MOFn2(t(Fpdw2_ny&AqTOaJ%Lh2DYQb4!;SZ5``iy(-#kO9-x~H6+PP*>
z1!fes8+V1Jc62WeMSv(PFDA2mQ+ERj;+mPT16(uZi6brT))*SiP!?HUvoby#k)bJd
zUR_W|8+{NJ60AFs^NuVnk@1YOd7e<-;|CQK-eTAT1sL>$&|(J65ir@R@>3YYs5D|m
z_-M_@k0Zr&nyCmAP=HK^=@%YDtjzQ1{&NbI_Lry%jZ~sWsa@2}7H-DyvyTh3C4gIc
zc9?SVnZ@brEC?1~%6YO4NouOMdC1qyc!anlDRLB^$Vkzo5A4Xk4t&@Q9`^zP7FGfW
zpE_WN9J61fL)@g2jYxLvX1)4~KZ-$TObEpqrT~puSz0j(Mn2$!L9<?%GAfdUIE#OX
zOKh|PJZ^|O7e6_cX%QDue|~Shn|3w*5sxt$x|K4M%FzMr^_joqULE(Do)(*+inIq>
z?C4Idc|c|y!Qfubu*=>9`|K}Y49fBzTfn6RYlbt<(oE~*1>|Xr7-O<nQL8W1rMg@j
zR&ZI<22&gO)xBjdjo1xIduqm`JToF<^)|bkdOmhbl*CfPsz8U-VA@VLd3K|;5Tvwt
zgiID|UmnjOdb24o=t3`Lvhf^>&(CG4@W5L1@nZ`~ce<kLQRDH-m;ohAB6Z!vN@`iF
zn>9&CdZ!vHf)A+baPaklRVA||7*y7V!%#%Z&;@Lmdxh3fbQRw+^=C-@5X@w-B`mC<
z`4E7haC9qZI6#`ZfD)HX#Zxm-NFWF)vBNq<kzE?1h$ij!+=Q=Xkz~3(GMn<Lbxjun
zh$e-)(j`HYDtY%-<{g8Y?p&>>GyhmM2f;xUt~4r5LRXfDMvqp#x?gBlp}x+iP49el
z%sMhpp}G*2Jh~O`fMMD<ie(K0rW6HyPfQ)ZU2IFK>A3HnOv~95dC|^tm-^`BMLl}Z
z>=)sPW@arKAc|OuInoZ58U>wVdC`69v)PCFMi8gpXA)7opkI4KT<sIjI`rg~ZM5h)
z-7;Ump!&3KW8N;7B}TTJ|JKCDuwx_0yhQh9&P#A!goIHl(MM0d1?(&ypOy9;yYaYg
zoaw2hX$!wCDa<`rb+-}Xtp&kLyrW*zt)4KO7ogOjBuHD3CFG4A)8NXkOw32=P9CIs
z^(8SYtjjds*vs%hf=8;7nI}Pr-&E%@y~{qt@NkqP!GLv^mf!+CtN4runvCnB&oQ+7
zmisn%^+!n4{Ri0vW%|!^tDZ~)N!{8P?W49w4@{j~YC6BTo-psEeGBZeFeH4f<1@bz
zE~nk#m2+*9x?eAwr4KHNBg=IQk9{81{*Ivz`BnX%pf^KS$&3(I4`EmNBg(A^w~*14
z$NkVJ8@3jCQlCRz``fJ;0_X5`duWlY9bDr^kE5FDbUSwmt?jM%5tGqOt-Nn-CdGqL
zmFtkBp17j<q_A!qoEgi=R|krXE+E<Yct4(cDt#TBWBQ8pz^TI_4eF5X70I{*eY2lS
z+JT4b(!`~=?-jn@vXtjWWa^5AXXwG$1>@a$2g`i|;so$#4oCb&B9q_EI}*TF@}HZ=
zHELQw2vGDJ*?MUh$nH@^1zPzm#Oaeo$@2IfgRxk1r7SF)z;!Ulm?TGI!FH);l{crV
z2Q|97jq!4oj$`A_4W7sC8?A?Wjw-u+EX2sDBzzZ<LnG;4oZp?CKdqm)+I)j}&e-y(
zEsz;{gN8=Fzg&r>a}9_W$OE#cw}iLQl!D=Yn>X%W|8mlqF5NZ)CXlkBbIn&P7*?N2
z`OGX}^RtQRqwZsf+@ai2-lMLun|6`+;$O=lo(Wx(Wo)j5<tW$=u2wM(J447LN4_aC
zHbv-;r_0VS4fW4SdeHFj`vLi`^5hC(K>k!E;kbw-Hj*DRLn?7PD#EVNp008l-r7n%
z$gIaT7xz@X?73ga153j~9ZA~hF8Q7qi2%ebqjWJbN;A%=GbMZaaGL$jYXp^8V}3OE
zabp+;ih*vs2}{MJ$H}H5$zD`(&c@WPh1ap36WInVga(He5#{wD)JjA*rUzB-Ark@g
zaJ9uS{qpUCXd%zq_lTL+#OIJO(zXn!*u^VQeJzRM+_Bk89^`5%gDn)Eg1CjcS*KY@
zywhg#p4Wx&qSm~ND@SGNN<x^ndUnQCPH49DhQyaob0D_}2jOA75N_JCYATO^6mpc2
zdtIS|j&O)0gE-G(*{TBm^O?j|B@%O7*!?im5h#h;PQ*a>3P$BEjY4Wv-FQ!V5#`Du
zxnY8{9X@|>=+{!U_{LidOstok%;GcwB^Fv?Qpc3aJk-G|G7VLRwMJK@Gy%4;?@}{K
zSfZyJ1!+Il?$8-SDumF$omPi{f|TT*l2RLEf1nR_@GpSX4=_<i0Qp<Ga+RPNr5w9*
z#xu>gBRn#MCfSlmRkYRYu5yjYqF^M+6HhF1>_PDZRTtHN!J%i?Bxga_FPFaZ4Z&(R
z%ZFhMpznTAD^Gr&>Ob!gz5ir<leGt#W>F>mgDPuWJwCZ5xot9W0CSOoK0$(GUVB&)
zZ0REhshHNP0ecfcQpo_&Z7>_ksvgaoyp9jG?-e_H)|VAKRh?`pQ|KU_jaln-YQNFC
zm~sYi(AFsz=UJ1V1|=FWslHmldAjb$l%flj>-5S+Z{^A7f}p2%ft2|{&ot_a>)EVr
zDM3-5uH=`YJ?fqOeZ1qm6uz&(v6a&bL}QxbWc@x^RUeZ0X_tRO%gcufA9|$-*lU(L
zLOA4!4RDb@^+^?|2K+Hp)^xd=uTQe`30Y;t7-(fE(2U1*)q?9FT_0khH_^JxpTqd%
zK_xR;$p%{z+Mp3;hDe8+w>IGyzRkiqdBPt34p@)mbH+(veSDzi5c`eV;KjR>HWMM?
zhSJ{c*zk)ZzSF={=Hk6hFusmnIEJDNs0?OH2HVhvg#_<#dR5gl&70lVx2+>JttX1{
zXY{XR2spBiU-4MAC?C;`Os(LDw`J<X&=xz)Vb=Q6B3N0_XtdWMJc?(_`|4{FhAFv|
z;~+M=tt%_{E_M98o@ZC$AjiZ=?9<b7&S=lX%meQ?R>XtDqvGa=Z=VEHx5YW;Qi(S3
zux}G|8(=Ajx-Wl_p`xVLo|1Q&=9z?s^1>$GUWDdpvxQzupC204T2ycGRt+e#la|~=
zXw7b{%dRjWTv;03;Pac?tXP9f=JNGuEL+o8bAfyfrnr;Q3sOVTJ{y^uzxJ_5F#dAt
zYX738N4q6?F(krz8>i9z{5>ZYac~>qI|gqC50x3;Q%5FCQSPfTfrl=Xbnkkae4dPe
z9x{y4TOu{u5;WSy+(4Q#6vr8QfIW~Fw2c_)WF3hVo>@n35>c=el$S(mK2^xih$Pm*
z$#)2ndQ)Y%(abG%U@SftHqbg+l&LE)N8skN(-J;Aceo$`X=a@RTV+kDm;Gp=sIobo
z<bYX2srS8W@s|e?knkJ|0VwC^5b5VAxTiY0t?`BOyIiN^dVVmPW1lc*K0^;+Oavqx
zg=k6R)yAy9ffo-kK|8SRe|SO8RH}c{tNmG0ZE3ehnHR4~^rjM47q$#-^!SouG20|E
z_luzm3ehMWU+1R_xCEVd1L-gP4n{BTMb9EKTh56Cu5hse3z+|k0rl4;qHk-)_?xrG
zG!-qS34ZjO+G;3C<hK}k+PS{T5U40N>cV0V@J--2Vpn|X$aMw;lP9&2U--4Qy=+JG
z<Ky7_nu6aOQ|;ZX9?7$wn#!AS;Mr*M<;!{90a*H)3_eOVbx?6oRvIzARkQjNgzL6V
zMaGZN`a8LCQruU`7hCYtAaV3pbrjmI%4fM&C37Af23r%%4LU7A$fB717F-597Cf<s
zTo_#{jskh3qF4d4+b?YWY3T+Q@{QR15-n)lN2QjOLy6sz=hsyg^cH3@0uodrpKtN9
zf8rI>>}DXdQxeDs(W)QLoIY8DGttBCm~zwDaiXXDC>yL)qMpQE`dod|{<NVgNt@Q)
zd_3IBb^=TPmKp;R+c0Quj<&_@m_BCQLK7r*YiO(9o%Y<tz?TM}Mtqu8H`sXVlB_w+
z1*y(6hI^dbaAr~y>}Ig4r6SaAfVtX64M)pTC6ALnNz^(xqZ?AlzqAx0TtA=U4Tsj`
z(y^e<Y?XMx#}B3*Ec2;m0b3B9Xi=PI!5FR8<f*3v*5vlJ?Zb#9v=^ngIg1gFIQeC5
zX{)J76I<k?<2@d6)KYA{3u^EO<(_Z~7OT&u`>uI5wnjYWXS6mq%uP*nG3oa&k+wHg
zIMco!#Gvp8f3jL)>WW6N%}uuFz?d|UU($-V#gyKE=ZiF~ech&~E#J-~v^g$NjiHZ?
z2tp-=NjHsMVGxzj$L?&FA76kB_}Wg>{}6@_r&>RiF2fHm!O(pb+tTeAdjN~9SHk(W
z?X;{Or5*O_wd@l|^Z>b0ZUI#BF$`WX3_t9SClvk6iW2^TiEvrDS!*a5p;7Ny36-*N
zDvM3xDGl8u<B`hsuocDAg*-(y{cm7UnqX=)n#gbpYUp%Vo?hLLsVqbDteOfimSBO*
znRNfSNdMl?h4mec<n3*o&Hl=iS)*zJ1cL-JWzGeZD}#&hQ)9l7XsZuV@$rtcM`4AM
zgwU)`Fk*oX?YEv^cs!#y_iW8X^8HHg_2`*H>&c_jlan-w$NmiX?y`fNhQ=m~gI}5w
zk}j{yGG2n)K3aOH5a<q#NP|1pHCmfxvy*JH*}!JfkZ$dUa2kIdvf{~sdfRLK76+V_
z7N*$LXJAw-?$EX6Ik&rPinfd8pl+=+a~@d%B^IiZL_o_$a5j_AE-!|OZG2X@Lr8p<
z2Txih&VInPvQk{I@|oCd1QPTo<y0}sPL+udm1dozwU!H$$Ii*0Sd%f1cV~sf>Owdd
zn3}Bu^2yjOX@`+RG9*bq_%b-sZYkKIBw&|LnKsOSWJTOJcW<A}4;sq`*(96oN9Kg>
ztviJ%kbL&Li5;Qsa(EXv6`c;!)L6adyF%AiJp#YN8Bwt+o5j@YGt_3VZ%R!z+zR`;
zr^vw9r2;*z?2l|*FOLy27m$v|qj=IiYH5O0yy?RjuKCqrJ6U;3opf0TTb?Os*RUQx
z)vdYBHvg@{$xx~&Jo+KtDEhpz9lQ`i$<xLzI@${zc%qP@j@bw7P07zyfUD|Vqk1CB
z&TsZW$x#`EF242QjU=7t*rKv;dtv>?_hutrn$I$28z@hLu47vWy0CjN=GBgv2%k7!
z2nS>VSLqqT`#ZxZrkyDJ^)MTZ4m$<-kXm2PfFRl^X(*VwGk0{yCkSkah5E1=0$#t5
zEqslG@rX$(>G-oBDmKE`=@>l^IK0<TN4*GgHy-Aw1-@=1iVF)%iHppx?JQPOWQGFW
z*}(eXQ+z+Y+{u?{u=uyNn=52DjUzlA4M>9>CvZY1>LV|b!Fh~etS9swU+^W%hPrF3
z93i|nLSq;ZS4ZgN^Cm5TH2~9l;;2I4ubB1m<Cy1*NhhH<#AEh)MWYox@+KzOix<_?
zw{@tT_7FgFuFKB~Od-PKLz?f@91C^Qr+32An5_zer>?PuI>|JUO=8TBgqd1<(qdcU
zbK)YGn6?}+pHvST=n%IGR%I_n#>*_Nfc)W}hhPB-JVXQb^Rmg$fUPvLDcHeEULEur
z58G0ymnsC6qg%<!28L!^o1^k4n`v7mC|8g3rFd*?b{gE>$)3FPt_m#c;=fvMJK(FG
z#>U<|?~&VL>;FiJT;jNo%}6C7Cg`e-q6Rs>KA_{vVZ1Kw4m)4q_Y^<t431(i8+3@H
zgl);~`DGC~U~6LnS}0PauHMdc{X``YA$gQ8U9>tnFYbjV+RJv-8HQNi>V5GNrz;HR
z%(>d6eQ2~(#TP;A-R94qV_A`F&qS%d8CS3zEz^u|hhH}xl6r)Boss91vJTIn+oAD_
z)=IDVxf?~gHLG*X-Xd!0&;bea1zNV#1!7&<!HVpZhI|JhITq9Qp}j`Ms{9a-WAsO`
zS@|vs3HDI5vem6e(U`}<?K%jpLPVFLqn1l5uob-0$N{|42eId~#U2iE;ckkuO+xUn
z2nmPVBd2=(R~Q{E0UR1wR5qiesE*-OiR8i#Tb-nE7jzQjPr{(1Wg<^VdMbpuiXbW0
z{I4)-$$FveX5&*)F=Wfk7DKLR<uJN#yKt`J)>}#qx3q9y8Qk*27NuQC%p1nz7UG_P
zpUY$Vu$I^+8x;mr#@;%)n;DVS%T~?{U!pE2zD>6wtDoNZCI?SPX~gZ#?q8Pb-#d;q
zDz-J75qpRu(s1p-NwKcpk?@S<xKn^LzTFA6o?&%K=KUgJvd&{~5*iyLE6;QGyUWv}
zHRQD$K+|3VaXJ4h0Ph{k;_j~KpDWYwNEzAAC+PmY^j4;q7W(bb$dc@?!IQ#qGv$&~
zBKAIkAYWSABGiJNkLtEyNUvPMl`|1h<LNxU8T0jjxjOp>v5fhNkPD)P+AyAmoE;iR
zW82;;wv?<SEY(7cnlt2S+)jU|Pn)TPMRfeJGy`G0CMWp8*!nifG{p3a6W$0NvtznM
z;l^P8=g28^lxhk1?=0cTB@Urms#KSEY;5<!;-ZRhKd%$jMvk$Zoh6pALx64zK(e&y
zGA>IUUe>g=;9vEb7jD12EeX)qp3ECR@3DV`)jHQ=_RS02haq`t<Je=X>P+3qw$I&r
zMU|+6ucu!%<M^g2P5;C$V(D*gVi7_6nx7SnrY3->R>Z*E_1za;MnqYFUP4xs(MsRh
z$ePj2hQY)T1Y-Ptd6^z$V`XJy&1h?5#o%gXIjlNoy~c*@b*?saWrn4$&`@oPLZu0%
zQ8!Ft=R0dP(Obb<yCt5>uh`ObGRK{3+1t-$@ena&Sm=2K5@#Jtpfn$SF{-iQ+sU0K
z54wnV{4^5{$}wN|i8}SNGa56-Wsey`xWI1P${+Vt+vlc2^FB}$hX-k(W)hbVn@T1@
z7F<FKP_rn;KLbvKrld$IU%~gTuSc?PJXYb?)zdk<^3&x%vk7d13)JMtYQZbf*^Nls
z>M=x*unU--u<Pkv3F;gzjtvQKmjlBXnKH5C$#^efZ80Qn$`Y(r(TxzCT|FUTo+I>G
z`;pQ6#y2_`BjT{@Rw9iD`)3q40{E9)(CZ&N1`ubzCT2XC?;jhp^L**RyBv-os;Ci2
zL%L|Rk%ZV|k(LE-w6u$$D@bR#h@0b$*0i6WipH<#AQo$Z)$ZNX&t$w$BZq}+gldCB
zsDPG}l1#4{Dv@p^(Zt3hsOl*361`wm7+;K>Qjy|lcK+S#x@*d~k)m%7&@fpPM`&6F
z-PCWXnp>OeeWi3%G(VCd<&TsiWYaxwktOTzHx~WS@{XDab7A4z15!hp2)sBq+W2w$
ztP1J&3brTXrQY}iKu}d?mi&iL$c>plfr+5nWXx!A7fEdJ&_{n(bz<Ax$T^ZQD!6C^
z&v||m6s3F_f%@$I*=0P;Zo(DT!Ex&|DvB7Y@&N=57k>WNqdEdmtWpmKp$CPi#U2c!
zUKFe{rL%pgiOZ0Re}oCf*ZabsQ_jk)<`#<CRQweK?FT9$^~#X-69$COXln6OuM~}i
zhO?u(_Ku$=tZ%^1NQmx-PueV@XW09MV>pyJ?4GQ8yQ*7YQkHFszd71l(t`@A7b)~+
zXV<>+X{>(+t}#Wf!ZR(<(8QA>%Bg|U<RSvn@;TeMeY|XA@9nf#5Nr};cF1oVD8<TS
zL|(_D=Sy$ceAMrer?DiWkBm1s9ZBg&@2Ir-Bs-oL6o2vB6UB98GC=(Xznp?^xogb}
zA$9r6`qKW0dx%Uhd)N6`slx8^MJDaIr=IeSx%nl#7{-iAlB@Kyn^)3vzC*=OxfC}6
zu-n?tx2rG8Ic-vszRnH$V}Pn7!ZLQ%PFxU;z*$eiQ7j+oPi2*DlJK*M*yZc@8DBzZ
zq?bbnG`AlX-_m;SFPvUwcw7&@SzL~LdWfFECdqZ9C&kcBY`%3g_Mny03(IgPoV7i0
zaQGM;KO3I@xSY-Fq1}V_jmxjMpbfuC)|bc=#T@=%Divk<yS;rC9M{_)C)U3X8VQCV
za9NQkhv*UDe6%@T9(I_k^shsBwm3U&J9~LAL{^I0x*#8*5_o}!>3>%Zw)Qr*M)r<o
zMh;SRH2u<2(hNt^6(xOgLz6Ni?}vxquSqfvFw%pC7;Wz66_8On#N}aPm~4Lfn7o6t
zi?fZhv$;-5xoHay-17m4K!*g*=Yg9tnSiDOIQXjoVLSg*kiqr@zW@A7Z~a*f9jFHL
zN3}qUxoSn=KPUhX@UMTBTpvo{_g~dy1Y{*dMU<2oWJLc?c);l{VL(&<r+g>;2Ka4e
z18klC<n(?8fcd{w82YoqA1d{CwSZmMzt#F4ff^w5mm<DH@V;o!e$)i}&LIIXLEfqA
z2&8gx_$>hH9RS(;08Wl(mcOl!eW(75`}K`nK}NQYW;WKp=K{DI^`G+nGpg^S0Q1is
zChm*<t`yepSGTe;G`b6LUyQgv$p0ZmbYK_bju`(0047CSE7LoS+{YoggCqT09D5@N
zCriiQ%Z2(5UfBPHXKw_uu{ZoJn~(3nPW%@3&w$;3@4ojx`fe9M0S3)4g!e~0l)t0g
zZ$r#GJc->$`OD1vJH~xZ@a|xE{3FI6e(=8oy4xSB{}Jf>D*tylkM1z^8Nm5V1^sDp
z{jM_L%KxA8eNf;4{!8~N|1j5n2SWM-<By&#`_CYMxB31A{HayN;3{r20iZ45c?>*1
zO0Lgq0Ps$0|EX~Voy;u%+Vr@OmH>Gq-wuq?R6rcWKcIkju8$S4t?~;rWixBHpGm3i
z!-Z=jg}eaRfC8q8$9Lg?h!A(+{?KOXGSVu5R{M{$#C^1y$x7sx0CQQupdh(}Mh)1^
z|Ba@iC@o?Q0u+q>pR0}gc(;tV7v%tVY{1k;bO&z>Q2YOlr>JjjX!FC9<389X5oLKP
zz#JqXIp#ZHQ-B`71NJw?E2wWMU~l5|J@AFd4|V)&W>*YyeQp7Kd4S>XesVubuFnL}
z8GeI*Z%6lE$YA7IKsN(q_<_&(zMlJ0a($?QKK~ms-xDtU3-){OQcXJm&<A+FuW){p
zTpwnff5!gr`@;7{4?koE?+EZq3iPSFxVyi>1+Mh|3%{owYLh&GEWXcqkAE-=ymNgD
z2=4LweHK(#l28KN5v}xp-GI%Th9>L)(h>07?Y+c6=er}>KhUf!)$Gk2jqJ&oevL=1
zHebd9bOt`au(^wu2r&EKcuLapX0}F_X4d~nAa`Gib6L`j<Ur7@BS694{aSePU*Y}W
z@7LT3y6A+Z0H+NPfRTBZJL@OEKohdDb-NP)=010oIya?6KpVFLYKZJkTS&0~0#C`&
z-ptzMw}=DrB&*@T$d?0Vx4Rq`bNvEQ1Y~OSTfDJ^7OxwiZNJYXcR6$s`32sejVokh
z?P%oc_-h%u%|XEy0N;8BJa;*)6Z-|C`kyVLZ(#WkEzHr|#FYtfw+6He?Hw7Wi{Hb$
zV^xXS>svcn>I1#e?bnQIM-rN!K>(ltFwj^2D!D#^(!T>1vA4JR2i*)kAn29{@QMzM
zY5KnazmL5(x!*ww8(A7T8X5kXBH-8DE;EtZoB#s{8R(kd6EFTKxjyAezk|M~NPi8E
zt@y~T8xVyaAPSZr$iO?-=Scl`;6E%*VIv2Sz1bgT`L78uS0+A<1PH(Z1it$r{wTRV
z54Han0zbCl{(h_Q{$S(Ut0nLPgpUgdpXUbw;GOHUtNXvu_>Y+@Zln*)y<~q6!hW9;
zv4VW02r#4tfC(2E$A6VvpALin1En7y^=px#g^C5i0V4ZuE3*DY;``@loBkh&2pHHn
z{liFoD-FcR1iDlkpg+H#ul^{xKEN%IySn(!$okRhcLet9j~IViZt()ZjRqd>ANar<
zunKJc4<!D5HuaSy3U>p5LxJb6v_9DWFNFS`LOzQ}uK>_}j{#TOyEaA^U>@9=xqd0F
z-wkdCC!x6;pq(WEi}S9IV{rXnuz}=ozm`A6dFPA_z_bOx^xY<Q^86j}J*`2es&DD^
z5BfRU$_B9?AOQmyjFfkp7{l-PB<!4w9R7iCP>mqT1~9_lfv$PiI3f-C9q1prnGA?*
z{twKm>?e8c09~F7(4u#BgnZ=haDOR}->ykE7}X`1fG;orChNN@H8$>dl>S^Df457?
ze%RQ*ZdwWTUH%I|)rDf*?~j-%|4!gPxw8IYYP_Gp{ztRs`e^3-JNCVN_V=~t{UqT(
z!Iks>9sD0thTkW1KU48fGHk{FPUepW_~#|!{X~>M!K=&v9sJ*w&HW6KKk+>({vH2r
zzR3H6xu2BoC$?eDzhi$F%&$A-{giD#ano!69rruW|CPY)KI`}MF8w6I)A+xU_)`o2
z!&3czik6@7wynQ||DCOHKT*U_Ouo+FVg5aB#C<W`k8S-Eb7|n0n1Ae*{V+FvM!LR_
zdp`>CPu%d~f5!b=Oyc{1_oHb31SFjJXTaYsSndbx`U&}9?w=w5eZ<`ls`V51-EVOJ
zJH*y~5!{cX@e`M5{T{!6?MVJ_Q8n&Ux_>9}Cnes4-%|Sh4aNIp?q4bTNoM2AZ^``V
zf4{h3bf3n3_wk=JbgupnG=4gh-zRY2weTl_Y%uV<#@t`6@-L2t_etFM>iS6{1oC$z
z{@cgvKJtC<g`ddZV19>uw*mfJiT~<6|0lL69QZ$N7yo^y_dlom_j$g582A%cAL)O_
c{dqJfF9i*loM2$ez@G&?FtB|91Ptu|0SQ>DJ^%m!

diff --git a/local_lib/io/gdcc/xoai-common/5.3.2.1-local/xoai-common-5.3.2.1-local.pom b/local_lib/io/gdcc/xoai-common/5.3.2.1-local/xoai-common-5.3.2.1-local.pom
deleted file mode 100644
index c272295d0fc..00000000000
--- a/local_lib/io/gdcc/xoai-common/5.3.2.1-local/xoai-common-5.3.2.1-local.pom
+++ /dev/null
@@ -1,82 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!--
-  ~ The contents of this file are subject to the license and copyright
-  ~ detailed in the LICENSE and NOTICE files at the root of the source
-  ~ tree and available online at
-  ~
-  ~ http://www.dspace.org/license/
-  -->
-
-<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
-    <parent>
-        <artifactId>xoai</artifactId>
-        <groupId>io.gdcc</groupId>
-        <version>5.3.2.1-local</version>
-    </parent>
-    <modelVersion>4.0.0</modelVersion>
-
-    <name>XOAI Commons</name>
-    <artifactId>xoai-common</artifactId>
-    <description>OAI-PMH base functionality used for both data and service providers.</description>
-
-    <dependencies>
-        <dependency>
-            <groupId>jakarta.xml.bind</groupId>
-            <artifactId>jakarta.xml.bind-api</artifactId>
-        </dependency>
-        <dependency>
-            <groupId>org.hamcrest</groupId>
-            <artifactId>hamcrest</artifactId>
-            <!-- This library is not just used within tests, we also use it to match within real code! -->
-            <scope>compile</scope>
-        </dependency>
-        <dependency>
-            <groupId>io.gdcc</groupId>
-            <artifactId>xoai-xmlio</artifactId>
-        </dependency>
-        <dependency>
-            <groupId>org.codehaus.woodstox</groupId>
-            <artifactId>stax2-api</artifactId>
-        </dependency>
-        <!--
-        We need an actual StAX2 implementation at runtime (thus the scope). Yet appservers like Payara already ship
-        their version and using it should be just fine, so we prevent packaging the dep in the JAR via <optional>.
-        (Someone might also want to switch to another StAX2 engine like Aalto.)
-        -->
-        <dependency>
-            <groupId>com.fasterxml.woodstox</groupId>
-            <artifactId>woodstox-core</artifactId>
-            <scope>runtime</scope>
-            <optional>true</optional>
-        </dependency>
-
-        <!-- TESTING DEPENDENCIES -->
-        <dependency>
-            <groupId>org.junit.jupiter</groupId>
-            <artifactId>junit-jupiter</artifactId>
-            <scope>test</scope>
-        </dependency>
-        <dependency>
-            <groupId>org.xmlunit</groupId>
-            <artifactId>xmlunit-core</artifactId>
-            <scope>test</scope>
-        </dependency>
-        <dependency>
-            <groupId>org.xmlunit</groupId>
-            <artifactId>xmlunit-matchers</artifactId>
-            <scope>test</scope>
-        </dependency>
-        <dependency>
-            <groupId>org.openjdk.jmh</groupId>
-            <artifactId>jmh-core</artifactId>
-            <version>1.37</version>
-            <scope>test</scope>
-        </dependency>
-        <dependency>
-            <groupId>org.openjdk.jmh</groupId>
-            <artifactId>jmh-generator-annprocess</artifactId>
-            <version>1.37</version>
-            <scope>test</scope>
-        </dependency>
-    </dependencies>
-</project>
diff --git a/local_lib/io/gdcc/xoai-data-provider/5.3.2.1-local/xoai-data-provider-5.3.2.1-local.jar b/local_lib/io/gdcc/xoai-data-provider/5.3.2.1-local/xoai-data-provider-5.3.2.1-local.jar
deleted file mode 100644
index 8899dccb8a91f05b639dc1685e5f19af1cd9401a..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 73169
zcmbrm1CVUp5+>T#Y1@6;wr$(CZR@mcTc>T?wr$(?J9qA#xp*^w+<C7ec16Xm%#2)n
zeVLW(Te(V35*P#u00062ATRVv1K?j?kbgc)3oG$ci_3`6%KZ^T{v!tQKg2>T*Bcc6
zd@cXy`g8Z6V$%FF;v&L|N;J|U_tF#NQj*j(voMm>6jKw^^$K(gj5~)8G!oKO;?lFu
zWeo~9(o~X@iZ>3>3J@dY($f=)bW4o0jC+R;6q6I;vyT#^OE5HI(qI-$$A^1|KmdR9
z;qR`FIsdz>z<+!&xBVYZ{_h3;4DW9OrbdQ_e<20)FH&x{`sV*4n)@FQ2lGEgjr5)L
z?Hp`f%#Dm4{z8xVFZCRZ?Q9**oopT4|38~Bb~7}#b27KJar_Gt)PL#4znC!7w=uH%
z%K`oTOH<aiM#ffu;RwNBYC9O)I~zMX{e?dMU+SBfTRHuu^Mrq?{*S@`)q|w`?+ln3
zTiF>q{Hvk=3^uqwhW=NuS?jwP+x*L@|5F(4|1E58OY<M#{!b-}|FhEHuulCq08{@P
zg8v@xe?xxvtV16Z(4P?c6KFzzIplvqu)_ZWv!JbwiMgq>gZ|%eNkmU$Xr=GySg4>a
zi^Px2EjVtYiAEl(fB@?3hZ<E*G6W7ui;}pKJb>x7W8TKu6tJFV;?g{ZcT@dxAsR^^
zjJFfRu%!+e2#$ovTJLzx&iK5=$oRZ`jVB6#yKe)EMAky)ks8=vL*P6U(?{o4-3lGd
zfoRXSWyS`PjZsyXij{`Tz-EYRN}#V+&HAKy4CSF90%?qf0*AIkZ<QSu?lvYW5@Spx
zr8gi(%CLAu=jOi0(&$0>p0-=MFy`B1w|(7}V9sWCA4l70>-fr&l0$j(O>r|llD)D`
zKJQ2Ckt&jucaw<J>LT;`RA$1h)rTEWE=`0ILoV7`yT1q3-v@|y|MRE}&&i4P2l%?e
zz-%)8+DbYzoT{~SGjSp^MdJoDTtu>C8^HpFgMC1rN4iO~>(9Q#yat3Jg;6KQ>ZV~i
zt9X&%(`2Rm1Q^f0j=j#*)YW8I_YP4HY95l}HgdS_Icl7J2~|@P<n=lKL0_#KZpr`&
zt5Uim=SABHr(AJ^0R4Smo#^O!1o1a5QYQvmQF8rsdRfFcrIb?sDn-pYi^-<Y$58b?
zhSiKfo?JfM#!J_lf}A8;JKlBrM;OMz%^0$-kzKCdQN<R%nbBQRC|X0<`<6&d8^fdv
zOx!($RUjLA15(-Vq$R#;;FpK#9{0<+=%>*@0+l<Ma%3C%tfR-w(tX%fiK>h)i&MCN
z{<i!LYbs8k>c@XFvC5xRssH~MYySrf3OJiv{mIjR2V$oNq!;$0`?oJg$N8dKvaw{7
zS1tPJmiB6el@|a5NgWk<09AkymK9pc?3Ebi%4VFYsWB(9YF;7>zO-#7OHjOAdJ*`H
z8jsmeYuGiW&iJAf&)?Fg-f>0NYYj8s8EKnYi&szyLc7nJovgN7?_J-nzV{QRy6qnX
zzqB1JL14_F^TY)iQ6bl^mQ5dwM5d)l;G(u|e`ELNZ<<UwJwad^-WK2of{t%WgAPv+
zfm><va#|f_K?s;>MWUMFQ_aqV7y2U=C1pw#D~vKG+mOt+709kHMW(S_{I-_Tbf2%i
zs2`o3bD9~GPE7#Sbd{o9);9IF?VX7A&lQ$6o!pR9VP$j&!lMaLaC<{ZHpW~-fv2`U
zP;6qaoH|~NK*8kLKqIH*w8nbvcs3wb37RR?XI_HvpqMeOY={$gV9Cmo=vrKI42rbL
zm{LD8oe)!RZP1&)QO>f9tDLXVp*K&X>W09lSW)LEv|V8|85<#;yl^66FZ#kP5b26_
z7G}5N);oC8bWtgOtL86wbIc01d4NdHX2~jr${aRS4Ws4J!V2KACb492C0_fDAKa4L
zU)3mF^C+ztm5Y`kxRSr?K?FKJR^|Tl7(HPOT!7J|NDn(5-f0MSAf()-Wu(bsB^V3j
zQvEa1Aqv=>@HiEzNPpfod6~UIuwTZxWRRE1gstj$qhyz)aqFx)X70s>1CO8ACB!bG
zudNv9TxWa?-9rYS3s>l*x_x3RUmw5|v^+ACCz~D?GrB6@xX0egv113_(GD!;YM$-@
zw=qf)be`pDUByMOkNyIGb1GG23v$2GzY*|Vq&}zvX;NLrX(QBu9tl4U7}I7L2YH;7
z(SV)MOSm{1W?CBZ(=UmhU_$z7I40O$4xV<{imBK%ib6$xJQ}m%L4EK(Hki{M4MlM@
zp+9zwA*6Y_6xFscgdQfuegGvGLO&3~?C}gqe}j63E_V)mw&Vk0awbvPOw$f}SdcAm
zm(z|`T-5~KBPZ=Sj)B=>-!<N%CxZdQP+=N+B_W6k$L2(8%ubsNTH9{(W5XLKOGx6-
z_$WCVvn&+P+7vcthAxbpzn+IX3qKL2*6k;X46+0HpwjD;kMCCXL7Q$raIUvt^x=_R
zZ}bXQRzyz8QxN>g+PJJzfg)=5k{uNE{8Gm*G)R3TPPx5-%+~AD(hpTLQ9(dPsa0~z
zw~8^$+T4i%RO%y1j^^}|c~hoLW#&5e!ISzVukFHJe&U=AD`23q&Fh&PnU08#2PY3c
zVFgugo#Fl$o8Csin3BtAeJ(1qwFdS!a(~gAPJFJi-S?YM6ybG6;^s};G^Po;8Edd&
zC(p<{lLG~j?=TPAy~SYjkeyCU-2QhE%KA58FqF)>tafrHQ+Ls6_J-3T4H}Jc+N~Ho
z=-m*e4?3UUp`9C&2T4PBI$n<h7HnEc=6x^pHZT^|HcRp@?ppoqUcc}q+b6=x3BWNA
zNI_@4MTX>1!x`{o)lVtvC@wz|gGq0Guj|{@?_L@aWEL;98AUayvW0$;=WnZC$(|L!
z?e{}pcY17v;$q-bb<6I)VZcn6IH6-6KM}Hc9~1gN4yMB!TPc$sL-2&>!0n<jeGvGR
zs`X<tTGBzbh!o8^ESVQFZA0{?e4f2HVrCE1wx`Wf3zVHLu3++Zp&!#@^?|~m*^Ady
zbqwc0Cs#5G6<JZ5;^<$Cdl(7^gor#vK~`a8yOu}nfx>kA$JD!Uy704?#qn6x)`u^0
zc&y~Kgq(*x#s|ypsDkPbQ-H06t4;Em_jo3~@fPmRzd&#H-7t5>kVy!4`1_!D%YdU(
zJ?GuC_n3mRVlPamt_rYVp77*zaZHLa<-6Zocj>#k&9RIuMLz}IviDZ)^zy+y42Ae=
z&Y*Esc;vD2Jhn?!9}dx+xwyzzH<rh(@yI@NnJECaj+Wqt8jF<9NzRRg+`dbp4RY`M
zpa<T9OGykWx7U3`?8l@6N6@lj@IRa4a&sFO73G`ooJnEmh^Zl6dG$54j{kOI$s)Cw
z)9iae;_!(}M7x}=z`DZ!DAjvrRcu#!emTbc5^%;?YgyjJQO>dkQN2ki1AU>4i>hr+
zyN1cBuG;pUk9u8nGG^xL6e;#jl2px*iouJ)Q*OL%(YsA$Pn*y3pR760E=b*6w0nN2
zH-U|3h<L3@V-$f}weRPtXtQ4w&>-h_Ok7i#{xV2lG_F(IY|oXB*om{fDZkW&{jL4T
zR^XU^uE=cp)dy5twx^fJPQ&og)L1`<FeQVQr9YZlP>jn~BKtlKH#w*_e~60NoapVl
zMT<zh$99WW<Q{C$q|#J>;Ra)CrAYgv?8Ff>b)1tl+d8vH^Ei{lLCykj8czD?Q@srL
zS_iG1XxeU4eRs)+L-sw82F25A?^?50$8VR@cB!U!%+BWvcT?5Etd8lH*9Pdb>2{iT
zv^f24XxlbG<t8Tkva-}>Blo;^$m48YKeI}FObnyH8h*iO=Fx0gC?ooV{V+mwvSSnn
znB7I{N}m-aX}`@Y_#k~X_qSN3{qUoAms^2zRq%@HyDBXgOBDd*7UKKSfpWH?@>bhR
zj`Bfrq2hVMK@&rP>F~UV>tQFKYmRG->b}jdyG;3NLPM2a8H{)7!kR{BI<4yHdQH5%
z$Yynksiw~4!vh@6oTob#pHqTW__*`moJ8E|R*BLms;nk9!Ck4?F8mbDsWXb<5pA&0
zJl-^FUmt?F0qYN19EJz&A=DA(&R@}`d$|-8+bfbWhaaZ<i?-m8QYMi&Hoh4p>+55d
zO508gDz+fhb?OO=bw$!kcK8@^Jgb=T)|j{nSZZcvWS;RJuAuJ`6rNtY%15@<zOHhL
zA2k;{!;8w=gg4_o?RjC=@zS?77l>As9}P066e_Kwa-N&A;r?gB1-0UiLnE8m%56)q
z2M)p9sk8U)Nft}fIphL;KTldIHiHgO<1>6I@1vVBG+#T{0CG{R&vLAPzF6`w@1XEB
zPrF~0xCOtlLYI6SgtqVNW7`j#e#GJRUcG>1I}Ka6^y0X_?Mr{L{p!48JBZFYn2i+v
zcxUzUfQ-rnG}!|px&;y#rqR1~7aE&yx^r^hb9c%f)~M3zPqKVvihwz;rJqgi3LS8N
zKp|a^NYD-&ifDP|vUwctJ=VJYS_&$^y-t}G`YG93hv^%F`vJ_dk5~KSJ5ck6;%T3f
zEzozE`-S4F-`5V@Z45NB`&h?rYw|Oju2~UXbv113>9f9tdbYfWM{{pw?73$dzVADB
zY+2hPtIM6s!lGzlic1pYTPxt|hDro^bC#m5nve))=65ZuwlR<JGxAr^HS(sYcblfz
zGuiEvP9L|wquL#i46bGOHPDc*#Dh*SpqBsYFWH}*KO}3d9afth0|Q4`B3aZU7v~W5
zItvFpeta!HR`^nq%T{*ut(Irbf0cU|ze8<RRwa6unzjmnorrru$3=|bDeV(yq7r$S
z-Zq(vF5DkUx_JU$ZQUWlQ4<~~v7HuZO5+7I;8Ts)NU7)*I_V`j?Qy7|=1bXaQ&8pE
zcb}D27Y8<noH+bO8{$a!BG*Tb^Q5e{6UM*()gcoch2Ibu3$vT5FeE;9qbDAmG8#x{
zhsOM2Q@D%93%_7<-8)HpWxlbxFxzlNF2w4}WZmA%KD)T_C3h|CHErDSr;b0^C2>D`
zq$SsHeFM(!sJg|{W=9H@n`&(6<G}Rg<{%Ca)QaFa9g4z!f93jVj~yRK>6&<qxUlFu
zhm(%d5WnI2>d<}Gs&s4#Ax{%mtq-jFU49Vl`esw_FYsC7APRbk=+hBOxs&L?ZU303
z-2}#EC>*vA1r~6e_&ph0;_{Sp6L1os?Bp7IMKk7Uh-0eCE<XF|A-%wRnP*cT;=x*a
zjen+jp8KVX_xQaCJq!1W|K^0U$v=lfaQ5je$Gbo89o2g=>y3sZb}12mHBABD7MhbW
zSbtoj;VyrD|FS|wGrc!B{=(ezW99zEsE50Qt|cq-S`Qt%KvD!gLEb8^79i9JQfN;4
zyl^IxAHAm0>7}l?|M1btja7Y15C^xsQZU}xI0?-Bp)}@wp?!&o`%rY$wuPYbR?%IZ
zg7$GE!h}7nkYQ>^26V+KX~k)m#GFF1pNeSm{`P$mpu3C0C*goq*azcod}+7Ynx<R$
z&;3e(?n~tlnYbKjAI1aMHrVbg$JbITt;>Y&ebKog3Qle@&dvay*Qqt0(GFbKOJsc)
zTc^{jL)=En{9o;jjZ%uAc%-qzsm|MIxoG6G5uqfKVwK9=@U$yA5cLfsbsY_kYBDSe
z36pv#8N;JTS~x6}$XIjdu`)SZC{1i-FI*RkaeRgE+{;i}K5d^r#>&~TtiSVl-;Lh!
zC^qe%dY^cYE<m-|i^xho@;-998$Ya-LXaVy1G{;?n(mt=aSpDR)ITsn_+im*3R_R#
zAu)Hvi>~1CDez3*d@$D!30Da51|ziw)(;VJ_c}Jbxh^En*0sajIInI%J5waf@*AJJ
zprs*O)JLDS!U|2FW%I;&qKNMtN-31qybCKF)Egzx2pjW8B+MUWlA&UfcI(ehKA|mp
zsJgstaHDgMMTgMPUv;7FF39XJ>?q^+RuFbZE|w8(B1&kHa*XFDWBKmSV)o<eL`#AZ
zeSr5)OVpRb&+yXK&|4*!#+k3KC=m}^prWXvqYx7Ut@P6nSFgS{N8|JNs{Nwfg>4MF
zI@De2(Vaed|9zDy=2yKS3J3ro{D;+G`)^m7ipEa=Tu}af@t7npE!ocp@4db><YQ*p
z*!cpk0S`<OuG9gM?eC8Ox79R?*!+97W;O9G=K~b?1MrK?-bE9+6yk_3&HesvYvSN@
z{}HAK0}Ph}T2$dx99#HH!2Wc2<3_8zH8SX_aYPwEYHr$xY+_UOFmGrk>yG_dF`M}7
z(ujhfe}-a=OLYytRj&kAGzPkn66Hs*%uhyp#VHbj?R#+vF<LnUS-h6yCLKTKd!p0%
zgq?4}D2xuFiVn|y`JE%mD5+0A)Zn!!IT8%kLXv`e=DtC^Y{oVGMwflbxzY&G+tET^
z=&l%eOzL_gE7vEebV9T^ZHK6y8EEBFLVM~>3?C|cvr}iVHrxxvLMveBa9m~Z8k}4O
z?^=Wm<a5|n(EtO_RbeFR72Sm)RQz?=bGfC#DT&j>tt8!~=&U)tRc(saiV*GNuH&*V
z(tn>E)H__9lpg>9>woAyf&X@L{y8)MMmPO^nhw?6y^t4izPq&QSE2EVK-3#u20>Y{
zjQEuj0WjkM!tlu;bMq(?HpLn0IO`{-3=Arl>Psq{m&&*oG&C(Wh3Y{{*UBoF)|PNB
z;MUj1b)LGezqT?~FPPhd;Et+&ct*RnJKV3|-#fQIk6wLwpFn;cUWn0B$dTtsh%j5A
zW75dEkng7E#{{y%YUhej1*a#aSE-j{Py|qG61kzL59B8n4)$FZl}0{Wh>!n(Olm9%
zpwbVH^q4SGE5+E2Gb2L8WkjaNR;D7>$82vXu?UuC)+b^fryK6iC>ntk#9I<kC^9e)
zo{}pT+E3p?QEgC*Cpw>WID}qjt5;{hWG7`WBOxqG-oZ-v7_`Ee+!G!MC6!`MJD@$Y
z138ko8D&EhrC&G(o)ae&G4R@_6QoP+ujmgQ6hi=+SyCVa7WImVG`vw+s}w4@tVIu~
zUby0?S*>L_+GXR|3@tq=O*ODsV(ahQ;?f?BD#84LloT2hyljjXE;yZ13-ALY{Zy;8
zh3)=Vt>EG^rioUbA=TutMA;Dybv{YIgaDy&yA?tSHG_Z|aix*;eDQ#C@X%I;?1N@e
zQB3IL@VMH<vZSDd!lu>G%LXEbq&<+iw(>-35lN-YAVDArR`1-NMT@4aMz~Eqm;8`8
zTN>Ly5`ERwRY{rVT1`><XsNWnb+b(=VHr6~7Qwz!SLxL1LbXQUo;8EY-K&SGPXZ?W
zM2TCY#*jIiwwt(A;{r?>vxN|b#@I=RVnyWIPycI744f0A)bg`2xyS&rje>P*g;BXN
z1#u%1=nj=3j@lU|*CHlGZA;ACCw)ogcI-m26O$Dewps)-`fifKL5SXn$C3lyP6n3T
z7^irp%BKxI2LGUJt=vdf)m#>ui8O|(K9b-xG>fH^Hm&1s4!77X-cJG8k(Eel<bEx&
zWj*~CdbbfkmQVj2>V0fz1*%p5<B*#vJ$q=`ZZX>gdm6OT=!k})DMYU?FO2m(Ig#Ug
zZTGZ3=(gYCr^!tIB_PT}bRy^`D8@KoF-4l1iE0uk%rzM~{0a7eE_4&SrYk$~T}|Na
z#k&3W7#t}ECeg@Tcz3Rl7@V)|Lz%8JG6&TO3{=0d37w7(2R9G<=y~a7z7c2>>A}Vj
zM1Po)r+GAkgBR;2H;=ctNhC`X*LhM?XAZvmOB#11G%GE}p(hFQaIZ&D+7$+t8)-$k
z(g(uH>(!wW-}%#+o8Ht+d7qG2CD_6AmlnE~8X_!S4G2M`wIQyrY;7i`J??Ovxz@S)
zWH}`IDv7^2_us*lmR-fLA(qM0y6kgzuy$s@;WSe<4Mt$uCj@2~Z}@AP$7!Aqt`8^5
z_(;u;a*x<NAGIR)`a{Cmn3_$-C9!gTO=fsVj-L18K;JWV?T~gRa;1a2GGq$Hl@2P}
zcV~ygl@@KIKUuCaDR`W3LPtb2$Gax3-UC{|L_DXu$dGkj3PKMbBJa-qxHe|X^9}L9
zUmdJI`3fTE5V6Xu3~&o?(7(Pbj<;Bt77YCzDlhy(ca?I3fC0BtkoG}IrKigmpHGZZ
zyJULeO}?d{6Mqi*RL9Z`rP@$}3b(h9h#P+k=@qa4sBauu2rUWp=@bibxGcoS2!u`9
zQwv033U-l+F=FXL(IgL8+K-C?XGoi6E!23o)eJKJSlGH5ixy)bAfPeCqtkkXw?JdD
zGP;2|_#6DaG}{{Y<Yo_mhkDl@Lw09$0!2<~hhI>&y_7%+-HBXdXH5v1hNP4yqL_$_
zdLP4!#!(gdheuQ>V*R;SCH;kxYa4Of;)lV8mWra7(TwSBW+3f|8?G+Z5limvQ?Y~K
z`)VQv6yS>_{#A;R7l!UGE8F;14be&4k}}9`5vuOsGLe_|kdIe@zDw5wR!9grL#g_S
za|S7b&JZPH7x}*C3rjx&acb-mm7#=XCBJJ8Dw?s!EkzgQt|voR%rXOha=X7rgAi5H
zMX^$@DEZD2i06hK*9(4Y+9u%3e!eDI5{w(*M{Q)zj<W+B^{O!SZOchE821Z?a+g)c
zMYCJZ1s-aY134RHw;mhGbnoz9?TyNv+2Ze#h6Q>KA?t3Id`eVnJqYCAcS(a&?QK!D
zpu)^MzC3tZcDQ#ad1_q>j5L1nu97?>r2&_>VBnf30!oYglqK^Qi%yNQ$T5IA;;+Ym
zSHCq+7Cu(fD(Xa-?+O+}meX%SM}hHV*`QbC@;0?D--{|=zZ+Ur#bHZsg`|F8-2XVA
z%h=Gnrxj-zwYy?+ESq(DUq1>9+2Cr1986{Bew`Bx&PA3|?!JlV;apL$@(#xMOh#Pg
zhY3c~=+GZ|Po77ove0y|rO9-X{dI$w>Bw4qQWWy>!`*SF5`KoO(y9Gv$@KVDc!9_K
z>oVcaDZXuBvV(KN$AY@$w*9u^aQXpWb|wC3TSIgFN&5B5dVDqQ)5Hqc<-m)w2%}8+
zmC-S1QL7u0n)1L0es<a}F`24sVl73BBW~K<GeOu@ib1nGj)Cw@BdUF1mKfWIewkqL
ziD#{j|ByWc7T@)pV{sxiUg|F5p8hZZbXcKU128zJ05|HRo@cfj#Ow;j!-mSuhQ=*B
zWIxpAV7q(}U7#EtjdNci^XE{4T^+it^H9>18>S4JAvniii%g{SgKm^ALX0jjRg}aY
z)CTq%I4TFgX{L8c)-P5`7NgOknSz@p8G|VwY;C{FhlLul=hD-ci-c+mps(0!4<NtT
zY7?N|SlRTR{MczmKf4i8vvC2QYmnp+FJ~k*gu78BH57|%dcP+*$4`(pT#{0XTdcQB
zBnH=fsC)4xP`3C7dOU5l;6}4zMe6|%D-qVFJaDL~9taPFVK5@|W46vtWYay0%%Jlc
zNY*^OZsG>c3&nlc7w(^A>l~STE~W6u&0>YQE!1TogO&2sWHvFF{Pq!I{(CI95aF7I
zDsme%I{fzI3y|UKBB;pCQ_%eO?+g2ILhm?Lj|bowX<MoBr!XFto}+lDmpM14Z--5p
z{ES|c*5EbS&`bT5NkbS+FY_y6f<L2tF#XN-D}~Li3h*<B+?l8(4auV9^OJv2h%7+y
zV+d7B^#9J|j?!jwDzulkJuh$@_R$h(4S=|UYT7+Lt($l--XP69<rdJhnZo6O9#L~<
zODVbE>3?<Fx%{mXgv>4!9ue!2ZzPu#$sEbgP~tD|u?C1kuO&6q8D63p3tyCJh_^;x
z7*721<4b}<{{`#Irabt@YEi5*kBMgc?Iw{<hu%64N0D7`E>TzP1^kP==PSsUQ_nQ+
zt5x~PPMaqJ1H9%vbI9^}cT@H*j9bx1leU6Q1bsg>C<3I*>e}h%n{cU4T`%%GES3n|
zz#uMU-4>D6h*_2Jh;|h4j*YJm2fYwe<&@$mKQgtM-GGJy`Q8EX9t!b(?9M=?)&lLt
z4(zKF)~f~HhqYH%@MbwVq#9py{RSAeBj()%?8_UL%XKLPicL!v+vX=M>yh0Jies!6
zJJqyZ%lK~1Mo@p{z%I+4ou@l2t|}}g1NPRno!V~SuFRetnte+<75LX>{~*K{bO;;=
z_D7INOUTYO@yq)dR$j6@&da-b_^_a?<vw>pi|x6NSLEKYqB&RH3qLMS#}r*HLSoY8
zH*sZDLV}wWV$N#Bbn$JUPDkpHq^AZsinpn(rOI!20$Cmbf;d(KJegi16+>R*2X8fC
z34J#%QUcE+g1V5!F!)^{)dB~3Ms}hE@>di~BV`dnUOT3`GC4w7g!f``!s*0iu}(`n
zmKKm>N8<p;B1)NrA5%Y!?J;lK95<X{WeTz^d<R<Kl(~PEjaAsLhSDDWWI4jF#YBNA
zzJFkhU~W61i=Ew-#lZoCa(+QPy)mBKr95<AVIp>1iEB+)O$>p8{jz|SXbk9Ev09$g
z4$9DVT-6#)5867aAslFf;tGAVs+ti1byvr^myd*WwYm8~`}eXR{Qel==bugu6GQ+2
zmjAx&cXYOLa+K3IHU7uGvf8^Y@-oV|jvBg_=wM|8W|R$8yfGk}t~m0ZWs(UD+_?gB
zJWudpUF5`61!p}-LKmXp9Eo{4&)fi0ZBt_{+!~2Bp9PQi=bG;O^~3yACTIT@PzLH6
zUW+69^M+&Bu{+$yWzO?A$c{W!uzZLI3_cEw8M0ZI!34Vac#Y#|-Yq4=IV96ldednZ
zd`V1m3{#%?&n??For$zaltRtA4z;ZoRIC*GG+MU?a(DXmyqtLBAcP?in6_x?6{;F#
zNLu$I6bM&P7PP~~c=g19Xl^l95Zs98>VX+W;ZZl?`KiZ-YLmGcD!U1%_|`Bh7WQ*=
z6NkQ=NP*cjdQu~La?|>{owVpnlKCdmh$elQESVh5e32161e}~c7Qah(LyaPAPD{5G
zDcf+DD$^BcR!rIEY7wL%)P@@HW=2t%212Y_BsjB`LPJ(uqH@Y?Jzc0kt$X!St;}dX
zJzC%}$cBOW#)sMlZw{U)6~IZS>Dv9p!&-<S#<{={(CA|5jD5W|B$8EpL-%5`fY4U@
z{_Id`490jC{tbUM4Ul5UOQ6~ap%KdE0WMRGHHrzUIDt#>X5e=wCn%y6cJ6B_F-q}v
z0Uru=1cnI)4N>TFq6|B}+;;<FcQuQpTJHXa6yUO@Zoo~plHJ(oel~$;UiLX*bvvzj
z$MEI&F2ra5IKu0*Ov|}PWMsd9&+~!Jet6v3QY&1-Zdr^gfL0~G$RK;{MBh#hTyPYL
z2E@%oL-oYWOlKu6;*7-9gd%zyao($Ue=G9hJ_Qq1h>C~A=y^868v4*2-_};tb9J2K
z8POq+Xj3)6PY?#2qJC0zFG|s?j%d<Z*)Y>_bwp<(pDypss~I}7n-LD%Eb=r|Q1VE?
zh5I{o9JDwDGxTF%zy8~A(2--1wPmjeZhP@zV->7P@tEiz$UjSAlLqL5>4!i+k=so+
z-PT0adXAmF0Cka9o+8iiU;T->QJx~p9)Zst+~L3{XXv9Vdcc6Vnb=PyWR*YNmq?tY
z>Y8fiR4CeDU)`XJf+;zQ__LT57JZWR0z#dqh?pNRxtlrQQdT_G@+<rK{eVb5o8}R#
zN5{C!O8P;0@s(VI539_gCBuhSn1J4)O_;UjZ>h31Jt&d4F@|e@^MjU8*0_d{s2{62
zYeKU@Y^mNT!{{1f=<1RLaQeugDvMTjVa#~G6ngLvJ9mf?^Cxi+X38!CWRP5&PGnlU
z5m$Ylgd<+y;9jxM63#S#{l?H#pFDj+07}Tu0MdMu)`U&I+plAr*bK;Dy*7fe93U&R
zL4+6FN))%@S?Jz65{qR8hpF6P&`7pyQBj+_J82uFZ8cULVyv477Qv5wIQYIM(QUX(
z5;5L&9TM|W#wt|xMzM!fLDI%PauFXad*eS$lanZ2tg=F)qS0o&CBMEKx<GX7Zg9jk
zo?l(t=sZ6Gh*V<3epNOvC9sX%6<x+l54;07?#QvY-P+wRXU;4sWXiOc7_7KpWKW({
z7J#E;j4PqzUZ%th0z8#wN4iQD`Jjq?wpZ<+b{}{R;<FU4GM|pk>y6!y(e)Nd2K>>X
zy~z$FqI-hGG_E#hed(Hcs*pES@gk1KUSL_XT=up|pb%_qEG7HIw5tjP_g<);7Pe_T
zA3uSSE#9AO)>jRRt2>E}cDabQ!6i-#8%_?xtEeDtOplA8K41%~@U0wZj9gkh*k<^F
zy^wilCM34rL{&u9?@YYtDHwb1@yJ=ZOX&A$>ChPr>c{<^mb3+wg8_buP*sq|83+NV
z#N~Y-DcFAvv$niT{FViVAzbVi(}i_X0Z2Q)$_hX)$%+-~L23_|Pnl0`&|heFqAkQT
zlss#8!qWuw4FBo4j8_xz=5zw<@<Ph9%kz{tjfdD0b~!s!Id=Ft4%d9u6(;S4YHsKt
zN;GxGff}op?@G@-OCMuo@XQrW(uQhpg-ePwJHw@bN5R=Ge*Tk~dq%w5S)VZ8jD+@L
z5T9sdDBvI@flY*Q)}Bk66RG&*l}plgm7PmA+YQCM!|&cLfu#9)CME~*n3Cu+^ctMQ
z7e<crDMhZ`HqP{XA=+EB+T~&qUZ>bw((Z|(3ul8%+NYY7x(Al&BO;gC>||*MpXq`q
z%+s~m3U2QnXO6F)s1g~bjWls6ctDhmLo~y~*rtF$M~==p2mjaW8v|51+6ztBF}Q15
zO9Ea6JZlGuJ<r%R(xo()8nCei@z}Vf&?~T!MW|$zka>mt#$jE{@d-~(BQfd?hJ;x1
z*i*SzXYH>C?Wsn;Sx<D0o*=j}c9c9?xnIHMD?tQ@HhB`R>lB;Tem2o{!EM^+;j}m%
zLCwI|+XO!|(JQzc&tcbihHl9GFk3_9Nf45YF*bm@8h(WdA6(_zBfLW8dz<Ayf@)OH
z>weKH&}`-^d4$DklPc5h17vk7Om!QvJ0>Vuc!L!BGq++}4r4@-$niE@!vjmF_}za^
zeGlhe%jNHTGX)-Te1%`R&dBjD-=aCe*{Qh9O<OzF12#x+4*9s)6g%83a?D{HXK*BG
z7iP=|xFVG0P_8$GJOtQTC@D?`(n++yDx&-*vj#Vxej4zCF!l_-5$uozC{UWcMyRYR
zI|~LH|ESj#@)T6ZnM?oj(<y6H%+%tgIKCp<)r%o&;LW#b$fnj9kTPK!P%#owmZ04m
zPn#8CA*>HQRwa4SR925uOF{_)kR`Lbw*FA__7(63TM>!Bg5RcH<S1U+{zdo&kmV#N
z?IU*o1>o%~y1i|fy>>k13;gdj$Cq@-ukk+|FxsEGgZaO&IsRvx=08e~M9aUmvITGZ
z^$D1tf|8NxsPJ1y)UY6gmhwXy%&8G;2tMrB;H>x7X}UItenTNahLOC@4&WJc)l+o}
zDBx#I98P4rW;>c3eZ0PZlKxUY=tJ+x4VD8DL^lb&zVo(OXi=tba&ZYdrHAHCPJUQI
z2b)j3l#kR?5@hqI7ea?N$4aU*#{_3d5lQpxxLSFyqr&b-a9&T!zVxEsVhVxYpF{Gz
z3_di_#SDUN?$|?*`5DY6xPYS5zSsYSEP1KZ^@oyzl#0(a*Tgd_+_jTkL+#h_^`~x(
za{2BEM(!`TCm!%4KRc6MCR59{qtaQ|ptZ`@5T)zC*-NuKPvpotcNV>J#6<Xg&JL5n
zvd~%P^oSZxV;-hiG*iB@NUeDdK^94_rF_giPM1W}B-3%gK38_YxDK5M(@uqMAZ#9{
z8r6xj+i}RrTt^hqG-|oN5odvmE@<H!yzzZRK3$XDrR9KP)j`k^HAU!|KBXm-V#7bW
ze>9xZfeV7+>gn?8r2g`Qh>E`#wQXz0qI=e*lYnDtdam4MT=^ZkT=J4&wxod4nP)r6
zC*ahpClLchGDWR$T8^WU22s4lh!tCrE9I<eKtodU%o|_y(D)a{)z3yHLo=paijr+b
zgaVyPMM$uI=5*`1NO`<*+yLWM1g1ry?l;)wQfUGq>&!LtNCU8arY`>EkuWS9f#U4A
zgG#<T9CwPqQJK+;J_JPSO=S1XlAJS{mmby+=55{?6~e~8llG`qy_99-d;&4!Zv0!U
zS-ez_oJ^jfB;7H)lVZM0Mj39pA5k5MzgG-oLErAbx~cewI9sqrcp?2~ye=;E6F4t2
zjzfLAqLeM`EToq_#lQ`MdBKArq%Fl^-iMs9=HwW&FpQ=NW<A8N66W{Vi441_`hh+d
zB@r)4Mzh50LJRA~^0|q|4;ma`!`eJ7O#7eRZ~mhfPhujn+w)IUME|*1|J&%W(>JvI
zQ;k!b+nCt?JwBwzxS@dP;e&T=KYpm0?^8R~+<`TrX6s1}#X7G-($jb_|A5=c6GFw>
zz6v`2bngPV*nwC#!VY-$Vim{!EkUzXoEsEj(q3e7*sJ~_oL{Br$^uS6g?SpJc}jpM
z6ZLjRM?&?zY4S7hb=GF^oTsr3NF;R!O+R?ISohzfT`T=FyXnua&j2U@0Q-MC9&smQ
z>wj)8{9`{sY0_q%5B`g#!5InaA*35f6!xJHm(5P>G^nXh;YB{6h4yJ-b78B|Wm)-6
zfC~g1_g4tekWC^<Z17QVAhD%MS5{h<tqJqCuh%Eo4so`S8Dz(diivsrNS?Ar5k<+|
zDq~iBLbSxWbIq03kY9K~Er!0ho_Fq4;zZKu!TU6@gny5SNZwPVA_G63r329Wv`0$x
z=T5_D8)s)ZEwz<IYv$A($_X|!5=B7Mkf@pCS~=s)ieffd!V&b~X&3SLRB%AvlYXYe
zPfTShx>WgN-El8T{>7U-=OC!%gT*L2$(=<3kS(o|urb!}lSZ@`1_F7|tZ`gL?Nk9S
z9J}3q4fV_s!aL<zt?$|Fc=tE)LzGEk?pyz}9j+HR3PN1d_G-ogfkUy-r)%NssZqCz
z`=0!qmH4^-p_8l61ghiO)Yp;c7TWTH(mN{OuW4)Z^x4z(G2#IyF+EEUQ0{6^!WvX8
z!7Jyg4pJRxIM4%sWCAY4l~$M79tWf*f}eK4kIe()b{LdaqK$(NNpY|?GCwUNH->N;
zXb>vum-@hRtfshD_r7fkHv7Gkad<p`S#u3N{g007e>OEMuu=tO!2$pvkpTcu{UsQL
z{<KER{iC=4@AKcN;jZ_$o>A}kiZ~TQtMTGUzs5M6EFCK=!;Ya9R30NIbjf7eNQ}$q
z-;JW}cNY~_r1)qcK-TH80VLM*K-_ZzSXQCNSfqXrb`t5RYk{a@bM3^`o!1d9-OnbC
zYuc4d=jdOtTOF*|?_1ZLTdt80lXyJe%mB?JgkWPJ<Az}~a!iPjSz>Cnatn7A@~rfz
z5o<Olure-%q<|0<QWJcIxekI<xc4kju*@zpvfS~ZYceI=2+tQtIxQn2%ec}+hJSh_
zFxIl%p;;fn<$^4L0i7+P^p+4TC!p9>yvP<9?FORV{O^W}z9<%;(&vUjz>#d^=;37S
z;G)$?18xJ+uxkQt6Zb*rkm{i)SmZ<4{a4e?$0FFxi^O}GtGuaD951hgIx>*`oujf|
zO+)HcJh)j=@t|0xH<g0i{g=e^B>b8Ie!whbs0CVr=20$Sf@0Qn!cOCk>a-WumNGpa
zBO-n|`zx#8h$@KFqUV)Ws&SbixOPbU!48R`WgZj+w)6_YOPVq7oi=t_u~|w6B?yW#
zu_gzTn0t<LF^x-64SRYqIVJV3$c;62s1eYtC{d)3COEPMmb){iOEDD)%VCWgcio<;
zspd(~q!K&8zI$!c!{_@K@!G9~i{h+H2Xo}RY(&6hZ|u^7)BvGKge#NS3|aI}s9k~e
zo)I`m4YOG3S)03Y7>XYfjzVWM^JHsESBR#%Wp2O_?~NKt{^4<LDC26zpQs*PH2ZLB
z>vFAc@~jzZF*HFUGR>c%Y-mx8^}#^ALiD7=xLnrb0<p3{)~<jzZ4AIUK%A!%xuKy8
zfhLHFYB<fa5Y6Xp5cau%ZHnQl)`j3)AdfgfpCQ8wqsFlXV%tGkQ~0_!WyVwdTvOm|
zW5Rqc9t%XKU^NPn^<E<(&3$K6v-392+8|khP4QsMu-%&V9BTtL1^CR*R2?=A_vo&S
z8|oJ66V`Op!{t_I$Yy^1OcgvV_U4I-h7R#yalJTOL--YR24Dq^iOxVDnYvSC;D9Z;
zDjp+nVlPQ?B!tqD27G4T?9BD)|CJy!!QtzwUa-5D*8#sCEbgPPypPSis~5-|O<U7L
zQFS+dJ0YmV$Ejo>FcVup$%9ZUnlu=1F~1a+#;`??M59)i$Qg#Ob3PTwi7depP#zP=
zfg~u{AP!*vTPkw5<tN|tWnF@}WoZ0_wN<)C<H8QnmgSB&$yUt!$=T}#2xI;eU$`hU
zt4!gP#wnHy(r_i<@KVw`kCz<zogh&0?H%R`mGFy#QfcM|A<5M+Fwnef3Z$<4$JvEj
z(sLEWgZQ;4JRHVLYFNlEgy6PvE{YPIrnt9aLYo9nF4f)s7y%yIhVLM%`?0r<cB3pA
zSB_CQMeuRBo5o9Gm@H*B^RVHTU3wE(&Y&Tf&)mTA&Fe=nsd>9$ZD<y>dIA07%?c6>
z+#{;&4b)^t3$u>Z0Ic&sLN?0tgF3JEp6Lzf7RGnQ0U7s_3YF5J_OBu$1RvNKEVsUa
zgctYT;BtG8UV*IU_)-LK-#0|j%NAXII@%-EPIeD6u>rZ;h!<jDU8dXdm!uCa7k3Yl
zc=>T@1<vMVlbebqsrx$Yvt#p*GCy6$TVk$$nSAsNYzUao<b*oLQlsE#82_(w=T84&
z_#<;J%N=$k-60IH)6#glUZRc4=((XgpiN^xow=S>uPj|$ae(974!<8HUH;Wj$yzFE
ze*DF!oa_>M_gFvHa$$RZkmw97y9>9d+X+q$^(t}YHwAkr78J-xnf{)CfkEmH+uj>|
z7+hNQM-erY@AJ2K0b8#;Jw&hH^fM~S>BdS#UUY-pX1d`d=?dC5rd3`Wjt)+;qQ~@b
zuO{rLqD;-eLRJpQx0o4bei>#y*~erUh8%-+0kK1%&2R(lmbI>Xi!k?OgmNvBIbWwZ
z^A??PY^*w#<d}6j4Sfh9`GTm1EK?Fv$OYkyz+o({nDd{<?8uw(bv;YTL8KWxG)^;H
z=_{Lj>*6?#0R`W};6^d4?<<@6R&<`ofpqC)95#~ps<CkR5}^N<<bT+lQ&Cw*QlZ|~
zEeGC4-gvjcNwooShxsP?W-(5()~qOTD3dxx?a_SU1opMv!@G%L*S-7Th<`Sc@;kxk
z@M4ov&32~x`L#OGy`u~IL!_dB#Zh<Q?rHA!^*53YLyWrLwbN-KfX^>qRq7?*5-;6f
zfhd>0yWKD!F=5|>-?b=d8*^7`;*Ya(-s%c5S&)*&sc)GUoaf3dP`n2yg<~p}Y;jIN
zKnQ|kQsgO6xVo{y_Vd$+VToA!iRv7kTK4NdE>|}(s^TSji=KqW!p>rZ0&3luQtbj@
zF~Hml0^U71-&@XBDtkjY#Jg)Zb1gl|S#3lgS&5s#6^tbs=cESh$D>rmqW}O)lPsar
z%*UwGCKWi}ja+cT<T+)Ong&HIdIND!sBms)6OX$gz>T6On2oZ@?~VQRWc;{|Ch*%<
z?VB<mtSDOZYfpEQElN{_gS9Nj3|gbvCwVgx<Mfqv+!nw!S;wQA-W}&ASLT~9Z#a7M
zr^qwrGfsePM`4@*A<Mj6?8YBBPoV?5780=*RZlSxNaGq{)LHNaY#5Pa!Q5lWqvi%&
z*26`VEgV;4SE+bVS!CvUFy`VbW3wl?%i>vj_rx<OE)UieRw;j9IP3DMj8O>MuoyR1
z<YC-lwOgwUd}C`$Pp6+eCNm$sQ*ByEgow8b)z=m7__^L+0|=AVIkLzrH{6ryOiih6
zT**X1uh`_wm0ZOWCePcp(lg7_Vj|!nj)%q1&Nq|FqkiitsA2j)1RFYy8eonioga;R
z9g-!Mqs&ye+%%P+9i!(dWoc-n$b2S@akq{;R3fa`D}!?|$^s~VTC_wO6^=0QF8fe5
z%&}-?jJx$Ol(^ZQ&51Zv7{`WU6Ni}?iLs_QsNL#33<d9@8s=3-#NwUi##0%$Aepq)
z24V)TMb@xI*DHj3a`^o?LM@xe$l&^Z9HXQGJ1H`3^Rgl@^;l@64QoQ{sof2SQ+<-h
ztMaHw4Y!;~s+D3%Q>9BesCYJdH;^Xc45LXUAyh0DYM?zeDqOL2m?xLF%H8_x_5|~I
zEVBNy;a6W@eGVl&VAyW0Y*Pj=^!$hSh`Wi;wv4I+!jTb5V5Br=`$^AkFe0yrou?;B
z8aKFSxFAw8kBJegQD%aZ39-mbxLR*(41UfO=lkp1on>_<O$=K)3iU<v&?#^&ns-j}
zdt|RcT5-EcGkPBD{^Ev8{J=L)3eA_X{2-NLrpy%5c{TleH(zWOqbOSu5F=qfI8(2Z
zOi8038KO(#<BmQ7nfLkXyoqmvOz!IFyi{UKbo;^%+jGRh{|pK&=(U9qw^{pgu1p3>
z3d~lJN3B73s@>lx>A6ry7N(W=8|jfL?^m24q{T=;1&M@09zGtDmaZ2iQgAnhq}sD8
zV95}{BTlBQ^O<Zl_Hh}n&RH#<=VJ@5KKB)02(D+1WK2e_a7>6jttjwfor;Y<N>_A!
zR0$u(a1ZFn*HLmk8SkKa+Q!&+5*L;l;rXj)SGQze9pH>?^QcG{+9NF@53Tydu|t<<
z#Vb{0GRHl3)#|zit18@ns%|ser<3=l!sEika4@5p)fWTixyIudXvNC*oChjvR<DH2
z(#a^bX-#wjj7Qxqw9WBvZP}*mUKSabGx1{#CwqsK?1yZAJks~4a>l8>9t>=bthjP4
z$Cq~*iLEe9C;0-4Lhv8#G$t`#I4*|d!-p#YC<|8{7yT+1$7g_NH$OF}+U*fTZhl_%
zn%b+Klb%S@G>?;1<_tF!3GtFkC*7{bO$y~U_{6nSvNdV_YW$`m(560yzqGNz8je%k
zoHj^=(^+@VBm+-!EJ>P&%bbgr6V0_(GNVV8zwME)iq1tHei<r^OK`%F71WS+T*y~w
z661`?hyZm6v09|lWT4YD%CK6_v`xgB<9Fk1wXoPZ+stCJCe1nKr@8&*0DQ682CasT
zkb+w|uPwpif5Uw?+h7%iv6|>Nz1zP@z5jA@EMG3XcOR3b0Q4Pr*X%$&;{^nU`!f}s
z9t&<BH)aMFZ@G`@or|#tt5FTgZ3bK>9MmD@f`k^d1?-L`8L`Cg9&?M-+s(KhQug$6
zl8Fn*{Q;YYF*@f=fo=G<p8ELqhw+I`fpj+Ja48ynSC@bL6n9KD;Qq@an!WvJr0MPY
zBjeDmCuKH4HT_p;7hMm-SH)h8|LR~4@CSws@p;n0E%?6MV`6$mc{Td*Ia2-l>zOA~
z0*}m>k-=Qy)934eRYv+}Qo42z+|%+jTS&Jz?l(y0V0R~7<vO}kI+9zOjbprr^1k3p
z11@jC@Z$?e*Y9D|8x(Gzq;B1*mQ@xD)EA&uF8&|f;<CQsD(;xpzt_Yt!HY*<*&VnA
zqfJ}Sxm0OmBlhlrbb2FRc)F@8TLR4d-9$VJV@%BY6Y50Y%vYn_l%B?T*1nUdSiKny
zFIgLnS66lxxmX`tFJ(2onagMp<O&@WGnbcmt@So`f&$bn(;FL8$fVtm8lMan#sRTq
zhilqHMcnhWN%vo-IWx|;aEA-0l5KON-?9i9ry}Ho*%8?m8E8zFK|2N^2%V?L`sy9L
zUC)KlGil5@3vtgE_R-|)yYi!45)Q3toy>77E02wZTTS}<lMx<7%=tK*3`vK7vgFF9
zm&WsOzo{Bh+cK0)Nl=uaZWqCC>z8;Wwd)dwERXKP%yr6?EsH&a0WZ6fZ$2}qnqmkz
z{K*!~s{!gtH~2it3{IPbA*}_d?*}@ybFQ6ONw$P$HF7Cy&Gwb}j?f*>VQn<e%PqP2
zeEq~ab>S0;Xb)w1F3GRs7I_%T47pVWu&|O3-1;2l362i)j_Atr>UDLK6du|_qDdty
z*pw}A@z7@-sw9F+qFN$@C^1UcNzazy5^s&v&w04A<KPE^*u(5Tsr$mOp<FekxU{8=
zrplwDhxqR3kKg~n;YbAs0u21&JZ%4*-4*=HW$ypx+_%`@&wmU5&qL+^;5*}cW!CxN
zgTL`*pv`~AE+Lc2m3TlvmJxgGz~>4yl<*^9{}SV-d7@A^vNGaKeBM!bq^7_ZKFfpa
z5yUsKMk_RD%S&=`8T$UdycltP?*0Z?8E7XMie=PKj1~2}(E)WCcE*0^fFDa<j_!z5
z-VuG8wYeYPj+9$b=n8j*Xg$-=Bphn=^_MGeni@>1;ofz<*k@DnDW;cWKMn46wLcma
zvGB~ZCiZ9UOQtAl$d^hj=kcSb7hL%&wpJb3V}Pzor0nlybqc!n(0WTB@_UvNWl-v~
z9H-m+Xn0NI0}mYKZW`>1S?@a^_4*thn!J3PwgoYywIj~kQ0U^i(9Rsa5o#7JX#o1O
z>^09c6(+nY3%x0Qtf0XHxfc+LJ0W`hV5Jq<Lg)<T)gTlVCc_2qoQZpvU^Rxh=QT^H
z4L8r`;8WuRrDgBhvw}v2*7=CBJ7iYnaUhC*)xdk8jGMUCk(ywns?^JtEmRt)VZ~<F
zBLHTK+Xqc;eDlCNqU+nsFhLrSpcsdLYX~g_u{6N2Rj;fqgl_L|eL}N%<O%Ozc>Rqc
zoh7XtvmhX{SaC<TbU<ermNYI~<D~1sLm6iJ2>9>B7^fdh55gZBTpR=dK;r)vB;rOw
zw#JS!wobxs=8k{f{_zI{f5%E?{I(4uKk`ubZZ#-{b&>|PhNU@Zy3@WgZCMoLOep>X
z5Ybi~Ij0}}IBc3WMa<5=nr*t<ZYNJ5+zzmtIahrIxdE2t-sHp->-IILsm#-OOiT{I
zg`q1Tf>1)JF}$dM-p{1PW>0R*{Fa8`G1O>b-GbeoGV@BOJORXhht9Q1++~f;Bl~tu
zPi@;q3>VC0eK>^{zaSz7jNftkZckW7jyW+697#<x$*B(mBPnB#6@aeRA-~afb>5x(
zW8EmUPw^OpA_}8NyUhLTp<501VR#Rd`!~B5?;4%n!Sf7P*;LS%OmHs!RBT_v2uBhJ
ztb@;ZnN^z0CETPBmr3UCP2V){0+TmRAueZMl{?3JbQq{qLZ4dCU0WDYZ?AQEeLY>D
zjB@bj(R}DC?PdlIPCX2bLxY5x@U>^L;ba4CGM?!wn3Q5Tb{4?1iVY_4#A0?!Zh5oC
z7YhWdZ6!YG?_1e*=?Y<^{5eLoJ;q}#N^7se2+h|fb>-csYnU3_&Y`sJTaF=V!x;L9
zbc=$eH}ZV}^;$x(Rm{5uiy@Zae>6C2-2c9qoidB@2JpmVyP8jjXu!suNr$|y^$X$G
z;gEy2lwNgv#U8C^ck>2|p6*#C_Y%7bwNG)Ku65%t25RJ+aEYzKY%791vP6pU?=!d3
zPHtq%QT|;qhoTNz)+e?JnL2#HoG33b!rT3h^zXp4B;YjP{F9yH{$wZN|6Ab6*h=d=
z8JZb8{s-m?<EH<{&JJ}?^3E?1=gA3Z<Wj?sK`K0t<jIw6<f68gE+lG=FX^yHU~_74
zDidczf@o3L?*O`i;`+0ea5M!#Jn$i;{2^$MS?d|!FF(dr0c3CNz}OF9kfo624a`bn
zJ*)O_=H<wEptVmOIiiArw`MsOU?PZuEnL4(at$x>te&HvnqVt&f<>Q{XQCLY^oRIX
z2dJciO}qK4{<Kwxkd7s#k1L8s8=!z8;Dz=)im#1&9UsF8o|Zx>b&ST^Hob{oo{R57
z^$X1VP|AQj3-8?OR4DIQH@tz_&~beiXK&ic4ovZhC~B9-El9k0mlB5SUfVF%s6soU
z`qe`0b=?ftk#&8$Eq~n{aR;1^vTgD=b(+*WHyYC;GvphT^SKQ78<xTi*2<1`;BY(u
z@n7e<5uon*g`+oJd}qdD9*4xGIJGti1v}7UTZ(omiI1-tdvNQUooxP$UAq%T9v$He
z(0`>BG(`DBZ~xLqxNi~vLKSAG`YC&ic@<lkP$!ceN9zUlo@zoBPhF@1BWW~wf$M5d
zTgjS10Xa@;RqGA5KaY1ahpd(9Pl@D~Q0FM_@_vhP<THEt|4{ah(V2Ezx^Pu&n-$x(
zZQHhus@S&eC#l%BZQDl0$(P-4_xbwWea1e!$H@AVU(Xu%TyxDeFHB_}qT)E!<}4E#
zO5&1N^<pdzK;bwgUZHY6AnzmJ_n#6M_IHGwi+^<Vzv4&fe;YqS2DY|#&cYT>P9`=M
zwg%27qIQlp2LB_2#Yx#AGoS>;+!abluFe8k_$j7;X&AFm4HZg5ZxIAM#EFfyT9{M~
znfJoDWf!`7(?PZLm3sW~yJG~`(;x}E^F<8ztnjz4o+i`mwz|AQuR)SfiDSnJRrs+m
zgKO_A!;IDzTc(N*o}=w)Rwvra7G_tM4!|T}ibOlM@FQi@vv#T%&hF0&7A3r{%hm81
zxX*P5_Q*r5)JF)_`0+sh5maz&-o@`sClEGaPFmxU_bU1_Esompy8R6gcfkaA%9Iw-
znDGm%?Dw5`Sm>CI<r{2oky^BB$X4d{$_WLl>=7=(n|vKB+mg@46aoD1iVj4poqw7&
z(hX=3G#%Zjo%xTJvPglwMygkTVD}|qI=Ru#UTu=$A8q-92^kPdCyL`(HfXkKI>VHu
zlDifmy|=hg-iPM27Fs*|WRPw%gJ+=|j!K(!(;t5<T@^9J>(WDRy;120uTSS#Y1Nys
z^B*w&?wj@lIw2=<?mL)AH&!rR?jS}uH;D3OC7-ad-UeHc;UuXJBEGQOVXY)lgezk#
zFO$>9&yTjzWQuDH!_|bo;kn$l-A{>0jBP-(e%S_EiTT;hC1vjkNlUwJbSfLT0UkqJ
z{Sq-LVwsjIxo^*OsmUJL=Cw=`19B-gj)y0#TzXz`-+up3=rC_UQSa_obOFAiOXhzY
zU0>PB#M$5<wkm&x)jwyc%D64rFVuLj>!d5GRviQpnld-2KD9bUH@CmIUUM!vaB(yK
z<kFa{`DgkH#SV=(>O*ipG=4YwwN0d%n-u_yh;%d4=`iE&b@F^=N{`PM=o+LAdiaOc
z4>Q6TAR&?9<g?{Q7feTs=R6|ri1IML#&pS`^4T9@1`TeGi#BklLk|M)02jyAO86HT
zudK7_5Rvt6f4}@NkyMx|Uw@pcXW=09S;SGKl*UwZOt3hXL%+Sad&Y^0D>j&*62{n<
zPy($=Sfi_q8iz20%2kdd^z~c!ZB3s_<88dfU@%*T_NS7xj%q6Am^RJ4+m`6VVmdKF
ziA&g^@Z+~upYd*825OdJ{yTp77B<x98SJBrl-Z}m9_Jug*Erf*%}O0R3z(Kfau?$t
zo=QK7=YPd;E2?tl$<S@z!*NdaXX1^8=50L7=}E#5zr<n7z1oz)4EVCEG@6gN-!JCq
zz!@edPs0J_Vd2FPB4U;z+@+A{gOA-?eGi5O=qKIUaGF#HQ!kt~OVvn^em4>2c>I2@
zGg~826Kj69TxeeW*c|d2wq=;#4`4C6dsU;~`~<R_?0M#BW)6rc<wAD5;_K|4g>OwQ
zMKyFq4&ky`8Yig2(~sb0T$WA6<(4j0_XxbbyJh?PRkxS0vhedOh?2h+-~Tq4{x6_v
zcpK~&s0y0%tU>4>NUJX-3|t7JT)iBz(pM`tm|4XN1eHq;LWV?|G1I;oL-vaX&?CzP
zdWG|lmc*@QD|I<9MR1Z;uj14?6O<6MHDBB27~4?n)JP8&5zJLQOfkJPA6kKC6mam_
zgozgL%&--a&>^bvok;q+Pd~V)1pn`Q6Gk3;{;z`~`@h}We^!r5F820zj?P~qyZ?Do
zbgce^UolcL5fZkbsZ{wM&QdnrF&AN}Fe|Q@46%WAtdeFLGBIpQHZCpsGpb9VgM$1C
z_)TGVMW(+r7qy+^Xq@ZFW9oc`?(3j{U4y`*#R_u9NJDDuW1K2-`0-(|qlZhG6?!9b
zDo2S4l~gv&KA=g!ENoUN{r2%*J!y>5#cALqgIT*&neG6pG9ZW%gcM1{$bJWTUcaqT
zJ(@*dMMMW?XjBv##JnAbmpGMndVPfzx-5$<+%OYoOMhQ}^|aPDP`7Nhd*W~t!~=~s
zYl!skFy)KEhROPw?vWdKLUATDXjD{521vu!V-b|X`xC_K?7P9EuO9+)fX1PYx55ig
zM)>+?&a}q+);%H*1tNpmsC7`Zz@wp(!MIp>ASv!xM$}9Y|E?}JQA7>)7&LQJ;3zG%
zM#usKZsYTz?B4%=804mTYjITmdR`d5UkY<d_cLI^7G@5sRe{)<YJU(SK`hJQg3hWN
zto+{XdoU{XF6n`mv!nr}MR|%th+$Ns&S<3LA@Firp;3?_?M$*milK#PjF-C1TX+~!
z-DKp%r8eQ`2fDip+~j0W5@x&HMp?7h(G1Bb-?3o6E%F_`Lo?4sI!FJ44<Jqq>I|~Z
zZz3=}iDo`~sq>#Mb!8%R=zouP@ZX-S|CbXo+5y{3|3y2vda4r!h1Kc~3x_qQNZn?~
zPZly38x&59^8bzjl@}V^<W=+^v;&-Nh}TpOcNM%^;XjH+R4p-^P;0r13#oHiTr(LU
zYlF@caKh>=v(QcPKsmHg7A~nsi=Vb^NWHh2_#zh=T5I2s$FC!*yPxj<328P8zdR5B
zx<+unu91KH<V)Cod6(H5Sj!1W{8M?G6}Kk&r8y1$YzQ$26yteTQy%Ns3}}ZdLlHs+
z<>wYXt{In6*(k;<`_TM`(tY~Io7h|z)j02N1jJRB@cC)#dUx~u2W}hXl{7h)F?Nz5
zfLiDvj?clXyQ9;G?GGUbiW*%shREzAM(xpTf<gj;3eRc0Lz*@fOpvA5VOtE)$pg01
z040SZOasV(cF`Te(^NYfLXAz9HJVV%OUQ6HSYO)xMdum&pNOfVi`&o`pihZb!s>y?
z`Mix=LPU3Od#{;vE~%GUH_(8E<m_flcrU_Zgmi<t3oh^J1HVEaZD}!hMq~5(&yAWM
zeHamp+s@0IGe!(XIQ)=PBZ8Y@n8OY}I2;EWi`=Y2JTl{cg4<KD6N!KsJ(aWK)fGxc
zRHg>V<qFB<>Y_ye?O}DL8V&z<5!8`(q>KznnQ80FuU>#tMyn--i7s-ul8SULAh6ap
zbH>@QAy$!2fBtj`IW?l1#$<J|I-u+v+_ay5)Ky-=vR6}rsES5WN>by)NZ4>Dv~9KS
z5%lj#aFtY8)#&RHP4o4Lru~;m@V^rZ{>u+7=|BC@=8|o-&?rFn`{)u;H5F75dW4Ob
z`5WTU3?X^1cb(k|1J<%k-LwwSpUvm{F^rzRe}H~Q+)Oq~Fx-4+<9eLrU~;=`aXLD>
zx+?j`di^5=BpytWG&t6jT*3suCEBP<O?#E*0BWjOqivzSjnF*s&vy;0&q5lES)EH4
z;o)j+YTV0Au4@A{Ok>!6X_!7^@(<LL+t4Q9g`_Hoa~dEoAN@*tfX0Ixqhq?tW@BNk
zb7D~efIVkn%xvHpz$Azql0=>4(bG?U3zHU3^(NlQVW9p3zw%NHMLNjPqhH#c#QTU5
zKcG0!EfTz9w0Y1t^iI@Pe2QD5k=*Ol6u=M4`CK2C#{L`)Q_vbJD5J~hppmeb4hRoD
zI~}7mzuA0IL0-D|{F4@{3l$P?`KL7uI~{jH;a#&3Vi#hpU#5c<u;fXQ=O+^U#=mL1
zr_PQj;j!;Nn=-T491a{jPr87ga~7dlvVhRTYv<mN;+ojk0gNXe^|~+4vpcC}DT04=
zT8_+~PtAhCwbp8ql`*;T2Ujj=mM>p1W0a+OwA#M&GGR3xqTq;<c*k_$QKb6hh8{(E
zgEPP-n^n=THSU?i^C$HEi-xae7e5bCaVXNWR-i9|1QWkEFxPwBE6`ruhghc}b;IlT
zuNH77Av^Q0I*>VF_n=&cUrr!Q!0dALTWjx-7RC&I6w-!Rcf{665$Xdzw`cC*G`DNZ
zLRoLTx_tyW{YWEHLxg<0tScZ<T+E01os8yU5BSB!u!`!@k891)QL4k65oxG^IJ#+S
zffcsw@#&)Jl&QCW%Ce=9dDBi`VH)tY{x$#Qf2LNh2fHO+FfcGDFjrBqhH>xr`^0_Y
z_wcuV>G#C`_<sNVx7zW<dBS)9{{8d*d*zMs_IhtuFi}x3KR|!2@Ox%|yR*+{Az*$V
z$ra306imR_#q$SAB#d^?bCJkMnQa<JnIQ~}Gz>KiLicd@;J4knzuZ6nfAS8^;Wcf|
z7mEwz%Q%twU!JwUEGYk8ivQJ`%2KmYLl#5v1tZJ|L}jLY0A(;&ff$uURWOW5L@xpp
z3HZ^tK%3!5P1<&HDJ;14%Jc&LHVeNvXQ(x4(Y50AQeb&y%}N}|@2|(mRrk1g)H1cs
zRrmbZ#rFwBABf*;E?DRPE8NH2fW11OZ>b^Dmd5H4O|6*#L(?`jnS$5Q{PH9VnkY2Z
zzdBsC6y~VVLx9SdDc#<AOs6&rz^diBJ6UK8v8G{U-tcsqcmTD*$SwpZVVg-c(-y!M
z5?gut%2?xnfFRjIfnk<r1^0tlCYVmh5<Vo6X^xgTE<;&l*kCSOkwJTKrKTdMqQMaj
zen}r!hZ7y^%j?jJ2HB4fwEsvx@<K9UiLbY&8A4uo>GwMFXCI}%m1T}Mr0LsWJ`%iT
zui6FS#9S2zKv7^!&M!p-o*H5Rj6?#H#}C>IpywJ%p}?j_z(Ey)&x$K)N??SjmRrk;
zob!;6j!eV3u;?&bR})o;eeIkr=XgTrV0esNc@x4l8$;v6pS6_>Jrdh#48j{q$(11X
zP&QK*TvZo)s=iVau9u45xIL0ak4NxF7KiBt%9Qz>_OYW!e6I8CJx=<8oU{l&Eq$Px
zOkB3ZQ@n;g#_#W&8Ozv$+`==jD(20?QSo;~VvXR*uK1<RkyP{0`HpsNXP1Ecj&j91
zB+=p7y7h?@u#}1=6_~LF)+O;fKz22(ozX!BHYG0zi_LI#Wg>+dChd9rMtoXc*219V
zqOu$tChek&IF|BqnS>ou?+}I(ebtxLb_h$1NI?|&t^j(Zqz)cWHqair301o63B>I<
z)*=#Qq}s))l>ChByk)Qtqo<yFv<>DC);-C@5+%>ADrr7V!2uthTx%{1i917jts?RD
zU;`n-gsifp-By#ajMx*OD%GU9exTA^LaxPH)2TUQYPv^h15siHQDVHpJrFdQsFp~Q
z)lI5lfL^1E1M63WRH>YbH)$SWlKcQ^;_sYNcS=34j<oyJR04X@9?Vtb;(@Efx`_3(
zq@!QfH03wrnU|@KmvmsltIiTp9jtUh)y{$p<Wfa#<s~z1VSb1&@;rB|A+#P>a!?!Y
ztd&P^+^e-J57?TA`Oez7f3AMfXbJKf*M3PxQaEijBo<}Nua59^l0mc;=wC^!2i|^k
z$l7uwy+M`g-s4cg`IC8BcDeo7RD=<f^gtOKLhs|Bvc0j)bVs4pSF~bP^j4vf9w4)B
z6*ViiW6~}Ivn^~XHH&xMWMFq77=X9&*`RyG*>FZ>o=Mr{eJOhVm7TtCauDT=>9H5f
zhyQ2LmHwGRyi0Fdx*$&CbJ?m|kDDpWSF3#hj(YaDCi5>plqdpw=a)%7!tD;OSFS{^
z8gZ}vZBDoW!YkA-sKLv_47dc1a0BISd@K7z0jE!b+3Uv;Bp5S%ZUn#V4t+lJS@FXh
zo;`RR<aEj!QZmn(YN5gGoMha#zhIo8doVO_R)sMg!#r%JmU|SQ;q+@QWziifMOmjJ
z45o3@$qf~)Di{3xbifE5{FX-`;J}o;rgO`lLDd!BYb;>j*@cOT@lI%%Y($t)D`Quc
z5wp~kQ9B_lN}GlhcrDdiSeA&3K2C)wt_x5$qR*00lP;aPnhs-Y<QS1@d(~|`ywqPg
zvaiXKAS^?g&zfMhmO36g_l}zi^D2Gou1lrvtyLX@Vr?6uUqRdjquQO0Z#{8UFbNw;
zEpK`A6TvfR1|21f^f&!87G#*bbp|VzfDB@8BfEeR$C)g?2<xy0bH{)Hy$BwHz;qXU
zJBgUxrgkRPeNXTHW4PR2S&ow07Iq-XEjCW9&=!94QeaLli0+T+w>#3f{Bu>2be#+f
z*BvTvnJcySMBqxxJDIdQwx>n#jK_?JeX#g>0KAD!rIBpo1}EOwyUx&&i3XRryu3z(
zB8#xOQp}95^K5(O+sFjX=j7eX$Iri)TTmJ!G;&{6wa{0|^$&B~|MGYK59j88v|av>
zneAU!z(07re<l7XMIO06dITTZJPWD3BJbZ21nQ@d3@8M7gv5p4gb>>jQs<M9)uNSp
zx(tP3-oE*w?8f^e7@q7Nd3Cxy${xi`HMxB&S+>dxCc)Rm9xG+Cmg$$i?xmOr5w*hP
zFsaSVqnIo6f>XZ4@Dv;BvC|xZ^=8I^OWgT#cX=Cu7%<xDpHEK<FFGg-D>__~E#}pP
z*^sOfNxp8g7nJd?$9#!6{%w@T@laZ5Vop4(6IlF1ZZnn<gVS$x-zF}2b~8dAc@A2d
z_&%VzJhDq-Dhd_W1%rClfqyPWIUZ6?eOC7)<Kx^ettH-e&Uw6Y9QwkscX&Bf%@+Jf
z*)gbnOPp-97=}#Qd54gXv3wRQtylC`GD(R=s_A_en`TxFc|Isvn@C$E%RVZfS0r-U
z3)HJjm&<vP$`)UTbM4LzP$1T<aA56u&r&Vp7MvBn@(%R(&w>CcNcQ&S!aareRSEwa
zpXJM~#o5H&`L8e2pbqJ-t%CY-HEyiSco!c$U0lyhQV5+;Z?FoK%vu-=MwzD(OF=^;
z>67Ilq01%3c~?vfpp-{LO_YJAgtF8@KqMeh7SJvyylmbHrfR;z271VRy_DXRZcOvn
z>l$Bo+v@myo@)8zIFikAKZz6j4nRZw?!LXSJ*V)!i~mB_C<ZYad&JLvD>}<`9_>2E
zl!V6XOJhFY-U5|WI*Txk7)WdHp9BTppFeYLKU&?((8n4)TgIb0E**kgmWm1QRvh2R
zAx$nuCcU-|nlUTNIF}<yHeTO-vtez=&Yc+=a<Lv!Z6%QrjI~OwVPZptcPU;H6=zFj
z1TGItH^(6<h8vBRnp9Wq=ZfVToOyz`HKeur1-;-tw6CWyT)@cT6d2(hLMw|Xjij1r
zl@)g1UY6mWHSMzcxE!iBfkO0S^8=$<vdfAQMWd%O*|spD#wh);AW<46rJz^sGC2>;
z7?;SUP?oN1aVPvGq7E<!i!Ndp(4Uc3h)E5sfX7OkbVxbAZ?rH+Q)haxbz--KlPKPy
z<!o}E4SjTR&PvLt>}Slch^~*@TS^@^Js%V>idivdKHNj+hp413MW#R)<)SDH&1#GX
zwwcHXQ1?svQe(42l0na-yhs^GsRPV^6Ad*U+TdKOov45Lr24Cp8e%u1CgI6hT4Aqg
zRusUN#3eJit}-J54F#_YxSD!E`!p;lm;&Y;I46H3EtB49uwd3g=YA2y$Z&YsYz6_P
z1{pR20I`x_CYQ`0SRkj8YEpR%Vlht`E>7_igmk<*4=r4fMF!`TXs7BpZpVG`A<nr?
zig%M{Jlu|B<ms16V*n8cp}ZbK9xuf=BH5msZ5Eu&JCI3OnFP{kq&91&8C0eOR*CFd
zkHOT+Zc^MMBPI?s8Q7@%2k5}{=qR$ee(IeK^yB4lo6L<xl42Aebh$3op)-3#9(Z=n
z6U*#UYS`cC><*+Mo>1Y^-_~k`#83(sDSJuPUMdazR`L$R{2_Dkfw90`)Tv)qcR}~-
zTDYwGna15yqS=}LluQU)#$XB~QNRjux(2|t72V$wCj`b2Fs8PqX3J83PM6xs&ug01
zW9AVt8DZ}Wp(1V;>={-8dZI6BaJ7im*s|O{G*mEpNU&%Z9589o)itrmA(^%$iubNI
zg>ELdC25815SA5tt8T(|%Rx(GJ0ylwn$wY1^4Ws3B+<#_QqswSE(aR0s^%PcmTp?Z
zq=pqJ*E;sefBV!$H*HrI9v0rW%d1E>QVY=iY?m2YbExBg7)a(>wjv%Mk3}pR&f>7R
zpp-kB9j)ZFH3I(5x=o%{vX!@&#jP_m7k8YSM&GKGI9ZEmJ%r17+22;mb9d%{hz~ij
z{2uemjO1%8wC!q$l-_jqJL9)>{+Ve3@x?H+8=RLtuL~5-@z?paAnJ`<fIj%s<tex3
zaPxKMS!vP%bnxdJ1>8r+xY<&1k>GLiq>50MSmtx<bmH31(!^}ls%IA)po%fDykZ)+
z7tWJ7lvx{+iA`(6khIPIB_d7%G)3>axa1`gmXkVgnpTM<U+R4qW;O2QpwZQ#8OCQy
z4fOPB+vWo_x#Y__(z>8F1xTGlwxqtb41;YFlAU<v6DZV;1tXZUZ?9!Q5~iA@WXY{z
zB!P<@GniM?N*mF)Dd2vcNGZv9!&ok&g~FFwK-hYVm4(-q!j^T!$Kj3)ptHYmVs7&l
z<c-lOqGZ)fKwI^~6uGOqI1Oi%-mK2YiH4IUMkA|_e@Af3ps4&wiz$VuT-OrdKujGd
zch(63QI*y5AZ-y~knA#+^mam*`q_2MdgXg518ZW_Gor^VQQnbXa*nT99MHIS2`gs!
z_~`=oplzzO5@rb)4M|?z8XHw!fH}_39vM6_K84O$9G0(gSfN`RM<f|vZ;o3=WI{t<
z92uwpp(W3dx5x_j{W(EN-|Ak}y*gs7K)G%Wdi2uL<qo<bOjKsgX{p#L@9yGqN>+>c
z;?cmHR9hB~C4`dDqfE^-7Q+W}E%qkSm*esV`V-Y0%gmVMvCuVb$JQdGVA)Rigjbd?
zFaYv#F2R;<o^+^tMU)YZjVYo{sZ3`juaP2NKR${&j>zjIHPhGbuD>Zulp8Ovb5S)S
zfr9dLTk4L_g*(K|>c(zmQi=<G^_BbT{dct9o`$DqT#oMSjnrHCWC2wg^IVn#Q33<g
zmsd0a1%+e!H57HGFGW#C9mY_C2>dsEAF#Z+(&$ev1R(r^8t}&%rH-@by?ZwJI}2}^
z36*ZSoX0uj_t1RA>cWF>!V&HenqvaWc09i{;PYI)*)#Me-U9=7r#$_?9mYR{mI?x!
z8WBVn{DhwdTz=b4aF6Y*xJD37su7jIEaeWB?Bz*53hcid<GDM&`-WGn@@9(4b7O5X
z7LfW*kG7uEbP2F^)TmHi#4#H(zeL1QRs|mxX>7A!Ay2>Le-H?4T#RcQ!#CPCF@o@_
zE(%ifB=N-c0HqEJMz%*0+&8GJSH8+6m*Rdw;gw;<OX3<(VD^S7p)9bnV4!<!id|5;
zq{-hr1-d`_{{94mmm>Rna?hC}lVjWk#_E{z6Jk|>*414erfn9Kiwyqj?^VNFcA!zM
zXVR^&Gu>e7@Y;oIaAUcox%%j+=7`Fg>@ufh2HjqKB{lJ-WmJ^mEuEtDC!*eH-_JBr
zxos*+Mgx)<DF3DKomHLHQh9rS-&npf)|{$l3z{+Y+r2el$JPMWN;iht+eqd#8|&wa
z1gM5T2EySZ)~Sl6dIcOW6IJ3ovP{$+ymD=BI=}%@1`*vGiJ8o{7=1x_P>+8UFbXM*
zP!4&Ond|i~P+#Hs8n$KUuggJ=mPZ_mcZ5yoh+n!nj7^Cs+A@rr5y|pGv@eRLcqQtB
z$e+lY^@iBY(c?ziHbd-owS*UhtoH5~iIRTzJra5g24;(iz;<+iZ)H;tI+69W3w}u}
zMIu`i9i-ievVJS!CH03O{J1*A%fA)Y+c)kF@R|00-MQP$a9ap_YotJ0QdlUMO{OdL
zn$kCt+u<5rh7kGHM8_UFt~!)j--7=E9_#b158QshUD?VwlX|rdd1&_W$$(CtbY&XJ
z9Ztyt5exlN5)B9rneO@AC7XrVV$IE=F5jVYR%kh{7aP<wIc5h-;F5KE8?49j*v93)
z+t9q@=jV=@Fhd>j!VyZ=gY5_)?hs2p>S{*A(**0F7isX(gqEx1)aUzmSg#nbY>8cP
zWoTT*v!vw;jte*$#76)X#6r~%<!<D}noejrD((zc#+aaa>qaG|<~Z+`un*h3uC<gH
z!!7d7jsX%pu|A@CHCmG6G4Y`krL<=M)m4ar*U|QvAn*^N6U-Q2;d<`)o*2}Cj{5Yz
zb!JrH@axxbb><t79ZEw7*qUW2>M9bnr8xWFWN2!L0ob=I{S{8q>9^A9D9Cs<>n*UK
z#9I_grR3mQ1)smV1K(QWBDeO#o#^!reZ$R^O?IIMqFQxWZnN9tJ++eJ(HagD>lfLk
z#Att-<KG|LdCT4`|9m<*fZ2C)8Ppnn)GFiK3}#)=esrYhFp+sSewcV(t5U3te;JxO
z=G^U>LNzcu<W&(d?Rh0UWd{5hp)nZYc(_4t_};0E`Z#YwQ}AT(aHpj-t+YbDFV1Sw
zn^%$EYoW%jvVS24F-jfm_}EIhvhzcXqx48JM3Vy-1^2~n|7B~}O|r48q^s)-k4V9K
zC*$+<6Ad{ynM+c14}`z_0RMX#ZJo+&;{H`WhkY%^f1`~4pFKL6{|0{~LSYqut1<>&
zMUl2&4msG~C!`V{7w!256C^L(x7IOx_rb0AE!sX%hcUXx%Qux6j!|6CT3P_Q360r_
z?t@g}v8*i}7;!NwvR9*Z_@PLFk9{06<EL9HL>}i_hdWOZKubRu)E7}T)%W?In&RaX
zhzXBhzu)`orS|VM>i+RclQ1^1b+$0I_^$~KL9r8(eewuFQ<V)h4GS-ia2LgH6p9Wi
zP=3E6&ewIEhUiIJC`JmOtZBW!;Y((sNFt(7n)*%-VVZV!^6`FO-=h?q((g%{@JU{I
z9IbhfU2m*%JuhoCIVh{Hk;n9c>a~-03GD1~-gBKqquu}W>>`wgA?+AXWMa>iK_*6-
zlrGfCj6v1tC>Yi3Xl3t~8z@!lFztXaKscZnKe+wEU*8)f(|odTFzR7HyJ&oU4el=e
z!6i|dB9{fvMnx$;jGZ}tNC#F>Z+RBEs9pLnaW#j&k?!YLdz}9}hkfANh8SVy#T^3C
z!j#H|0pJ}3T@zdTl5FmuAXe8^yTFgHj_2@~WRc?E2#7Bn^*`I3sy0f<YAC+8Na})U
z{tDHa5%LN`{-P0$h6o}eMX>r&{^kp`Ba&zd*3zt$f8O6O(C1H%UV`8k%SugFYxK^g
zKgB<V%rw0wFOgX3%#UFV9<zDqzKo_hjyCx|-w)Wn*==({()!t?<E6=vBE@O7=8MFK
z=k4FVz|xc*5@GU`6%#oum<Rt769xWK`GGe8Okp7F!Ht|oVM*duYwO~g<CbdcW;RDm
znR}@6(i(h#Y^W%anVc+p5$wUe$VloT0Bl{Tur#=slSfI<sj9i+jP1HmOQc4)KtPU)
zG{m=>lhgOse*HD5M2j)CmtdF|$3H@YGSd+tl=loPQ;e+{8)_v*A9hTv<F3OaWvx-o
zX&xniBpKHdia`IYe*{`{9dk!r10k-Yj~~IjGu1?AA9uy%s#faGn68tEGJw7xP$hdV
zPi8%Ku-4!@6`~VF>ScVXminRGRrX7cDiX_*G<()=ww&)Nvw88b_K&&Z1lFpG%!HC7
z5+P8VE(TNfw3Fp+V9Pbqb_b*G9>AxsrflcrDXGqEGRnOM{*|PiR;dyfVOb$Z$uOQ$
zcH3h)>t*I2Pb=D{(r#s3RVwKvY`?PygbVAm)&cyE1I99OT^f`*(Vo*J0rwVz=wXaO
z1<E*$1&osT0#4XJswt#r_$dtj$Urh|EJP+JqE;?y09p`*XkW>}W5;{;2G9@>DNz7Q
zaFF)M9wVuJdLR}F0K-!^*9fy@1)-oZ6Y36T7in^oeW(b(R5j0@qKLj~lTqDGa?nHC
zsV^><(W@<kSR3WIEH3%k)7Q}5S(*i96H9hGK60#?aQg@(`Zo-iUzk3PZFwfZPY{#|
z35hX2cSF4?z5+B;RH4ALqqOkE#4L(J!OFIJN&}O^ydUx=(Xg0qaT=%S1aZl<E?i+;
z=^7Z7$*#InIiwVS9n`kS4}D4TqD2mmd&pcMa;P4_sXIPi`dl|Et$9FEL6&%57{BCh
z1I;5UNhI31bh0it;L&c~2|g-0m3a*WUJ+=OtAGBfGFYDKBVo32Q98wuMPI*Tg1Uyp
zme}9GKw_pumf&v`-((-gwRpoK)7a{klFmz1ZB}^{*x)iL#IJ96?V(_miM?MmG96Yt
zXH){>Nj0H%A#>W?$`YjOi(jo3N$3Qu*&sv4=A!MSO?QY)DL|xvtZ`*Z<vd4ilYbTu
z{=L(9TI&}bDREYT8+z4@T>^#MO^ciyU%NPw5SE7KL!XS@FE>a-&U=JQui|pqPwWZ!
zjJSf&+9Kl+1n-4f+)N^HTF=IW8Wc@`?stSr_-*(geEoMh60`4u5UmOB$AWubYE=H1
zljc6gL6`mScTqwJ4BqT31cZlJ<`D0ZQAuAjO|Ds%Z9#C=#vt)XZQuwPa-;H4?@X0&
zNDFwuk;(#v89nxfK{4(tk;1x=MzXQQ0W#$A=Zv<?p`zBpH0Q)`7#TXL<-HB?yytG)
zmJ~adJu>Tz4&%r%$zus$-u-Rfk+gnXvD|Ju4s@~e7vDIxzhPGUY_fiDTaB(xc$Acl
zS(U{!o0?O3!*zVJqIf)FdhdvVx4aORQyJ_tc5+V2+8#AAbKa}Z(y7UE3C_u10a_k}
z-(@=PeXPjkIk?`^xZMhazd`irvKhR6GHwccGx9bB&nT%ixucO<=9y6V`1Q#9XT3<-
z+yVa`p27Y%N_kRtZbcCIobykPs~_eO0l63UJO#3-NInh<;B#9{mm<1tl?}q^YCTJZ
zSU%OAwJ)>_=K*pzX*O@b7EaJ`GzPJn&gAu>eG%-UF$odwOs1%l7+GRIF*l7rz_^Z0
z6t^L1BSYM1cC*Ubraqv48(Xl{3$mMqPJ?Xt#*_NfzHG{+HjAf)5MWDz`!l=pHd)vP
zo#8u6U?kcf+8Ij3KB!__#KqQ{xRJjRVR1w6Y!O`M_H-cl0x=B!dOd!GxT015H4|FH
zQ9m<oRU$v8KdfL;(sl#dSxA2&tekF4iyR3~TNYNRw_}Cf`>SKecj~u!x+{~~jaYN5
ze9yBB_|XT_(N?PF)<0JjVV>ouEng_w0Mq~5V(qWlYl?r(VEfy|qy|k$edPsI9=5T!
zw2_cNkXXd&@BV?tz15}W{E5Qk=1Am_0{oRZ`(&7D<1uw01ui1xjjj!}`ju8imNs#g
z5ZkMuWviN%jSUf%8<nnenw26a9ao=e<I=&Y{1KC%cAITiov)WXZXR@Z_uyW5!1R1m
z7b1AKEGWn1ff4eKoij!teWHa#&4zu?rdFBTni%1MyAcr2s7zYx_Q;1UZs{MkM3&BJ
z4os(Z^sVTu0|j~FV%@%#d}eW7REQC;Y^fiisAbW_y#{pc<g>YF7(p|E43=5K+$gS#
zVTht)6VOO`r7PwlSRP<Ih2byO4rqlB%MmoG9I4_$kOl(7P_Fe2jbL>3k@D3Oq1YP=
z6=d_Kq5-wBm=WM=D_5(+UvAw86_GNsG3W!skGU{LERk~zcw&g<OiwNvHm2;um6uhM
z`Z1Ur2+)n!b>0s3L^CF$>UN;FSqK39nRZZJ-G!1pb7|t{z2pvw-sSMLfF|9*5q8nO
z8qT*=K@65$<wnT7(uMH;D0yPn;uR^36rl{JC5u$i(qV*|_UeW6=n#N7wYpV(n6p$o
zkFNBP1D5G=Y4<oxJ@LW3XQX|v_KYk$?UHA}qx>j4U>1>|Wv7(Zs6fL^L^J9sUA{d*
ztEL$d(b|}P%)q^5ETRkoD$&gBf{mj{M444>h#P0>*CqWPKCKy)5*gCy;*sVZaV8*7
z)VlFU8L~;>z)b1PSnpJ+I-j%(LV3G-pb|@Fu@QqMBvVLG_Ti>&0^$;0Ln}nd;rv4N
zGd03>PL&a4G9wUM4X*W%sd9|(F=;e-hqcl}j+s6F59DwvMEbdTyhM`JOomx9rrP66
zrADBtj{2+Se^|pnhlqWI6dcj*cBBDFILwINs1^Y(s_f&dX5>`V0MUqG7S730NBn_B
zRF*aXo>J-JiF!<(1}*`dyXbm2(x4f2>-vdV3O73boP9PNaQne*5AiusmMCDRoxV!&
zlrwFnxDVu2T0q#vjI#|G0}>|7KO7<N@>(Vn%^c03AiBC#aW8Zjm|?|AIE3WXo~$4Q
zK{uDE9HR2F89`D{TTJj}9f!Vmw#)#TfL@qdqADw#tSHmRbKse7H2lwGcJRqP4@5Gd
zo_7gG%4su93bM1nB|megcj~cB*^v+`cWq>T`>7;uh68F3Q7uiFC@73mEyycE6oWO3
zw?F;CbeqIMwUvEku-xfW;(mOP5agE4fFR6-Zgz&X<FyUE3o%A*J7v#UP3>Z6T17$T
zXwwh!b-seVx+femTfA5C`E6!9VIc=u7AC4-AS0}@*-><7?HD@7#?&ZW%kq#+K6YK3
zo+zZ>wuAs2g;*?q)(vYd7wbM67z#9ci&%Bn<(<f}{-)hAEZaE;uFD_ecoe$q<@K66
z8+p|y_wd_pd-B*)P#GkX^fs}b5ihZ;b?9yqUwsh@sB2W*M}4jkp#l|parU;|P#glE
zmOsM6pnJK6o||R;Q(g`^!LKgfu<-Qtj3P#{^;$C|qE=)*dJMz`X*7mWcE`(p;E>48
z)Q~l~riukr1*YSX^^S`Gd`RQkTWPojodCO2cL;doa7<dMNOSi7Hr}k1<oNzH1bCOU
zo&#5xg2VIK8M^1*qxtTdqRdhBCZ|zx$JmYYnHuyMd(2+LpjEGoG$|~+wh;KZ$cGTf
z1Q!lgt;iu~Zd!jY_L8ztG-Nk##i6Ea8(CO@{{mumY!;nbslI7o%OOR-8>qo6FR^F|
zt39#9xls4ffUmb)-yCN);&l>Sata%kWm66E(zOq(h-wR2_|2}yzEshz5bo3(CL>ae
zWM%%27^c#))L6=}I-+j36sIq>$ghZ`LDV+qcjck6SrSj{xZc%(oIP|b-?BZ_w{Uv5
z{%H0PWE&6Uqnt%q4Q}J4u{Xywy{da1+p{)pf-dee>4YZVmPCTzr%$lHR15s|G=*Oe
zm2pRgw=0*o?>~(fB!aEz_kxG}Uo7Eu#8dft%SkM53EPADtlV{mu%DpO&oP+{P3y_#
zEeHKY-N?yp8)s*}<;6~wGPt%4Y9|eZ8X6^c+4gKXzu|t`pY9cvpUW=NVb=FaF=$;U
zNB<nnD<U_&PsO1QD!Tua8se&rF2_hDlep?~X(yX+70SY5&)xG;_%tWb+Z<$tZU`AK
zg~6SNWGoy(5Q=*xmn-o;p-SjfA?5P(_o!=_i8NOhXMdi4lB`fl7GsxXfKjE^%`R73
zFGQ5JyM!5dtC6Kbw7nCP4o>WvJHBKk`mp?&aS)^K@RNKNOSV4k!@cALeb^zy5__bX
zbwCOf!g8NP8fW@9hGwsxCdmn57L^2+2)mJb(tfq2l&qLCKq(BR|5;Qk!@N?tgb~tK
z@%OUps@$G4*6&_@@<U<pyv*DLIZHZ<Y_Ld4WS4Z}4H4HSqmC2jNZFxqt(IQXLZZzR
zQeEdo7>@agYwS4I&&WXeN%4(J^^1?x8Iu<-uy12Ge#Ixsv^@rYs^7R_FLXKKep@mJ
z(EF%w?i8m1k`^Xhbj$O9i7s$X<m=x;0M6?t!&ArB*zMI<*nrYF<%o2*i#V9o3OqP*
z<;aNpiU>=aG^47sB=3k8Nhz4Y<>Zc1)2q9M?oNoKWEabV(O^s|)eVbbBc^t#vnKe#
zl9Wr1>qBLe6v=JnQgz}ISW6%*`-LLPR0}w>RNOf6?-`5qW;XE>5{{l;wBM<F6<<O{
z$DB1~y~}w|5hCcJ_L7l*Jxym-5{76@4vRj_=PD3c=|ZJ41du}+e2(2sQ(DfJYLqO@
z3#M}OW3siiR+jdNT}+mu)~JdJDmJjtlxfYlbLI@jRN}`ghuJ5~T3O)c1h@5tr4~jp
zIm%eNVp(clvUlW6CRb#;8hBR8;uqZQL*Q4iw1hGj5s#qOJoA5G*-V!uVKmVepEK?P
zbL`twmSn2&VBxE20N}DXMW|^|ln!($)=M4dL>CkHo^?cjhbNw22g?)p@l$XMj+oWe
z#23w-?DsCnY-r0CkM^A#@SZ3sm!$S*_^Tfi)+I)Klq;g-sRgs1IOp{<p;<wa1#K!G
zJ0qr8I5QaNh`184=QAx$FML|AtBsPy=+cItFlNz~P+?5gL>-crL;{AhOu!#+8c)>`
zX#38D5bGFb8hRpGv9WvCmCDzPf})7FvL^l6k0`53MZFt$lET@<owg&HzNO4-oDb8&
zLlg+dQ6;!t!Wa>$B%Z8GV-swS1L8I)s>9pBF%sc|sY<F*1f-SITR8Bdi)}s<i8ib(
zX=nrLk`t6tK!#zU8LM%qvQsHmdV91+90J-xIb_GQiH3ypuoh6*G}#!9%sA{MLl~ku
zg~|C6SLdXN7G0G}i46OZkphuWL&$F9fFzq3GU`_@#9T}HW|dY#)J6bri{n&fB4UlD
zK4%tJzN^(B<fr0Y`{@kh$5Sf|G~BS1+8*ul?-PMrr>Uuw{ETv;yM=?@23scOeXQtO
zD?O?9U)T$D%+rSwj=l=3`X{=y+}LVwZ=497!OiIK@1YO$TKq%UH3Mt;h}9$T=r;wT
zG#HmM1gy&Da-8PUi8L^=GDm}7l59+ug`^y8vH`T2=LThc+)!43-q)73Q`liP0%;Vg
zxUz#d`r~O#LNY%eeHIMNJ8~CJFDF1sCE<vKqU}AmukA3!I@dq-kCb{vmx5Uf-sB&P
z9pmO*h=aBv*jVaB;I?PrqNAgYPo68hSq<hsKmX9Hos2koWB`Qg7qqeB<8!H*Bqrl2
zGC8qYDtZzLl?`1hO$Ll^N@q6o2e~R6)oUWMA7&p<z_ED9QZV@T6%Bu^2NLouiq3^`
z{>d3i!Kx(0+c~^vY7jDK(lHfY?KK6oZ`QJswuW?m8%a$C>k(2R;P?o>s4ivd-6=-E
zZ{D~ES}UKC+}M9In}+$>mK0jwav}nj>SOLu#c0^>&u-hjg?P$9#3FcJjPG=rsF9b-
z*-B2$7*Xn@R4DE%$xeF_%LMZEu$^kZcX|mD?V3M9eL*!i{c&@K+PJ@4%Tu<KUv+Oc
z_3`<@^CsXml6M4WQh?<7fY1ePK|$M(O41yj^v8?NwutZeUT0NJ@F(YdS<8UTPg0y5
zQ<}b-6k&K1X3V+-SgSree1Hv6rvSU>wS`*%XYuQZ%+CYngUBW<M9fKc1g3#4P>RWi
zWdiX{Vr3T1ILl`%7sA2nYcj)AIGbD|+;ZC&vb<UX6l7`+#|)blbG%=KR;POTWp2(d
zXg+O$9}{LHaUT;J^-uV{_X8&p<T}B9i=<4*ubCq$VuYskwATHGq++O7{5(}NJ?DMH
z1ZYQ|gcoE|f3C!#RC-DeP^-!NfZCFe2yvL0DN+Ee42RpQ`(;+dY+cYhKr=~iG!V3G
zPde%?(D%9Pj5DUbt;$Ert>HPXGW=S{$Zvn97o1^lO&m8T$n{-wIg*Mr`M9nA<hx(c
zMwb0v51ZwcUXGIRSPs7NVsN2(yf5&Er}WcFeQ*yql*P;LhJ^L=xdy?bYKAomVxNwA
z_NtyHt%Ta2x)`GHDXs8?z_(bAU|LeW6a~K77Q?Pc@J_$0F7{+wM6!hP25obIGoWge
zs7P`TI$;Uw?Dch?ZwB&V-#S{2qD8y_`B=<)VGZaSP~7tNnyFhnGAsj@yoDCYjKKeW
zk4jopHRHX?>+X{d!7CeQC3zdOR;a?8A~%+^79zE1Ev66^(e=0!egV#=e4(GTDWg=1
z!$U3)6=N9hX&IWA>J`&N+PE^HK0ZF#Pof?s<-l6?C7;(PsuG~98X&XBy&ODp;Ir+<
zTMvD2hNRmuZI52NrnM~rS{Kk=7umZ}N%seLZ}2){_l^R3;sm{cHCeCQ*<mT3YhaIa
zaNzSiPGAq8_@p(REoqk9!=!DE=AH0y+rxT+@kyTPBQ2SlIr8vjkSU^@erV5$S|;P;
zj>k{Q&FK_pqZhX|4!`l|68VYzvu?=tu%`0O2DTlXUQFob`xA4fykqR6cBuj5qq%ya
zK|`>U-=jlg@Cnu^oIa3J6i29ny@>+DcX6R9ujx%A7(1gwP?#I7W7VJ&Iwo7Yf;F4z
zIzp%?zU`Ne<=Vz_c(tou7udHCXQSL&_?)XgSgS$@Cl|g><(5W#x2l!Cj3HZZ7I?uQ
zMo|9mPo96=e?6ZA4#o8NT#r)Uj#W`gXxai89))u);X8rvcgniq(5UnX3=#LfxnteB
z%`mv*iS3DO?n$MF<QPKgiX!{^Ex3c8U0Y@LUBJ4dZai_Z?$HeP^Ch`ZUD!}U3p8Bj
za;>OxRu#7$+cu74XiMnjdEt1W_-ziE!fN%O<2?(2p2>3iU}bFefn1#r)Sd70nFCg%
zjv!Xx9vw$_bP+<<qR@+URQKZl$XSccyY8CpLUd)j<oNuah%O?GjNn6kOB>56dea!n
zVf_%M^wGrk9parIr*R$Rd)WDHrF@jJ=Ac=AWz%-GaRE^}_|tt*dEw=k7IL9Tf8~r<
znZ6BXi)-BL%|)u}UR9%xTlZ3#ILEau)`Wt|Ymddk?r#@&IJ(%On<dw$#Ch9MF;uTr
zZ%Sd@7DTg{w$vj%$pU+ts6n$b482^2%mT?3<S~2rC?h$X7+mJ>ZNniv%!qQc#NHv%
z20>u%L1ln?3-^Tb8&=RHR5gcKAH<<*blamv?{gRL`e>i0it`w(@@te0smCz0U0f55
z(#7}lf<jHhJ?`vxwihg(ZTDh5-_9aa-;Fd6KA(USn{r$@Qp((}7zeCN6S`M^oD0xD
z!mey`8fim&H;b109_T~ib1PMUegK=$;nnyh{A6}AwV5>qXJ-LT@?kD6j^){b^b^64
z+6d<y3}{EcURGei^TpHId+_*jSe$BuC*ifjm-*xI<bX~31l6x;vM+}@tX6GACIfpv
zbFcAO;gdt`$ex>iTu+v)Ai}5eXYM@9*$|&*U83Y+Ccc41Gs=r=@Nq7U1&eQRHazQo
zhF4Q*FS{M}4(FzPzvBb4{P$^rQ=?%#ji5?yP9%?UvA{syZ`oPs-PI<;S{?y=N+!V*
zrt>IxO^KI-%EK6`%jdUqj|B<N94;f0rVd4RpCTYg8dmq;#&ZFOPSV_Az)vF>VkHhx
z>f`)X12~%gCiN(1=9sU}JhUZA%hDD0xGW5@88uO=OsP}7S@qch-gwyrz<l|v?Y&o9
z3S4mV;Hb0D%Dq=ND8)hZB2mT)TrPJ^qUblTj*{g1dINs#P)-(P0n2@PeEeJc$tg<e
z1U$m<Ow~;c5U<T7Duai_)h!JXui_2X`cf4+u1vW+?Y(%x?%%JdqX+6!zOzRY-a|BL
zHzWV%%yg@s4|f_xJx}9OWWtx3@J>|9Z59OP2CtF!Rh;@>n{7l)(X>4E2}~&>0}f|M
zU7v}fMAi|bxS+#lH~Gd9-NikqwdDt%#m}X(V4ACtWHL{}qN0MS;c8R#Cbqz*qWDq`
zK2W=NwX6I_Q$Ybp&K)ZnR~;|iltH&I@?awcL*a!|NsK7zA*wcd?dcf5eX~w(Xi>NA
zs{xLrM6DCXViH*d7#`sru4GL(?f%GSy{Vu!gJ*b*KjlBbJ3RnM;2$M&{#r+iG&;~8
zRc(VIaRw!|zd~unYS2z#wMVQA<^_&O*Z|e`?Qa=x_PcQ9+VB^{AlW*&ZpjJQx5ByH
z+~<E}z32yzY$o)S&U3)bs74b&)rM{<OuwktH8NhNVU3`400}5ySKsW$$n5qeE<7}V
z+RPnNGKu*yTI@+E(m*8g5QwaO)bsis2#QE?0EeFjeCd%NM;5-j!V}GLs!PH6rw_c+
zAV;%DZ9i2AUP-jx(C&?YsxpOZ9JOlExT8e6M(wDVr@GCW-IP*B?9YUGG>HeFkfyAm
zvulQV4KofUXdeX=RIzm_k~7mBtW8NHtwc#t5!n-hO0ngu+vR+@vb5I|FH2iI-^uJp
z<|a0MW}ZH1-rw1Lic=}`cVzdBR+mfn*e{iHFSzdtQSHUqzblUP=I`uIpWz?8$MSqL
zHdVH^3V_RJ?H%G=sFt{S6KB9Z*e60n-bj7BevNo|&_17_e^NOd9UP$^T3o;X)4U0%
zMOf19FY;)>7pnIEngRHKYli+G<&N^%myj2OM+#bN6bMzGc2hpNq8CV)U*J-WW<b6l
z<9^7Qs~&hwC({=C6gU-Qt8dFtFqDD&7re=vDPjf|OYHe%+TB6hMVj58*O=c!-$biX
zL_h^Od%-9bit?1)RY`5u7CVOmlkR5MYs{N6#xx`1TR=l3cDiQdRg7i*j#%y=?rjIB
zP?%MtAj(~YVduN2>9x_4OnKLmbQKC)>WP2KjQChxfS5t`64Y@N8ca)HLT*h~RqH6Z
z7l*T{v|}o>$d#v?RH|Cjs?CWlVwQ?Y3z<j9)x1XXP<dd%Fy~7IT#nS+rwMU*dZxH&
z&rUZ^gpWI>X4D|**6N#~gSgG!DS9d{STjtQTb?>xLS4QnXb+;|swFKiG2ef-g%GBc
zwKoV<aL_OX;eaL>elESxG58%`fZ3Awh)osh#12r8DazQmVbIT%<=F<kO5-jnjWqRl
zf}LgJQov#<58?rLP#U=lcygFDn`}2SD)Tz|?2wQB`YxrBKV|`is`WK%43Ci>FrG&Y
z@7ZRxoxS^D#jQ7d@zU$G)PZ|>iZO#gg*#(unXy)AWW4SgNc9%BP0Usrq;Z<QyVrXV
zCirFj$0@~OY!T|k>cnb}hVp3wka-#3BtZRnV?IkIo<Rp8f;DF5%CAx~ephwj?y+Mk
z-U&!qWDu(J-h}4QA`7MQ@OXhRT5)N~bW!J>y5mG+PBr6z7<KSOsd2@Me!a&o4Q(ie
z{0?D-;@?gm4ju>}R!=0%wY`T}zh^f?Hw{0p<P{3Nvmgh-2WieUGx`fJkH)^uH#a*Y
z<e1ZiXjP`ZR`@kkHOZV$p+guvOjPn7Ze}^`(d>aq06E<Ok>;2medos@y#RaIkUD|%
zHmELAryv?vAl#qp<ZIl`Jz#^-x9=_kc>^<*BJ@@BxsQk)KA}8IBUU0b*j;WvsUaJF
zNV}-)6Bp+$GgsF6nP52u!q!J15TfOIWDV^qpUM55n2`K@TkP?LKSzA6e+}q6{skS-
z{cCE%Ka`oVRCV8JK#_6&7;p%;=x2tmkYoJHLkKr_Z&UN!%sGPQhZQT0cYxWv>mzoE
zCG=@z0G-HuU_I`zr~9D%2R9)V7?Jghn^5T-7jq=)<B*En_*s<>Vc=6s;Kfs@>edYd
z{YD6&f4_zP`&PD*lK^2~V!gDlS(5_)5>o%Kt^6GgAyzbS`_KRU1+`bI+NfcRp!f!Z
zBojl+^m^G)iG+K6Z=7$;&$IakTnU>C60m(ns?j?;L2B!2@qBo74gWL%?->no%<=K<
zXW|f7#>ARGPuRoQ<T#I0&e5jXW!6g9$H%+ew=1E$0&u+Vx`-XeMi6)-L$!q?o(ij@
zxD*}<d3F*DDt8P4WJnWG$7T>K8PrM(g^9LFtoz~L`1&$6lf#3&bv;#*RmzlU$<u}F
zBv0fyRU@@kMrYkTSI9L<MA+UDemE|E58e@P9ce2cS+FEbf7rqD2NERg#V{1F&qFs>
zs=_!hYRJWi&+|5;P*GZ~ilRy`kMr=<@;y<<@U9ioGHFh>9h9pf1Bs-EVX+wtCdesV
zpbTP%frmHJ?gyz#KnXWUg!PAL<iE~><hy7k*d?`PxbIS)5Xz?N^CsSiBj+MR4O0AL
zgwzBo9p(-`XT!M!7my0>QCps8o%|ppHHTrU*-&94CH!UdiN!>?DH7P@WetvgMcDYw
zFcdl!l_A6<*pC&ojF}QGtleFN92XS5TZbB=nQWJ5y#!}%fW*B;ULT`{a?a=SRlZPB
z*BD{mvRs)#?p$-@aZhM^hc?U|gmNp6^wd&gZdi-vtR06sOHmD8nWKcll{EoTEl60$
zDmoLTCK8o0NcB;(Sqah2LwEzMd^l2b-eisuCHTVit!NUicvGSh%S>8mAtG!@IM&&r
zRX$10qsUO|N9Ax3r)s%v13`O*@C3H#LXu2HqEaMoHi;0s&g7V;D(g7_w_u4|Sz=1;
zgzZ?F5Y^*r0+_*5XCInp6xIw|WT~F5Fp&!;jL=mLK%>z(WjCL2yQTQ4sJ9y7<nmX(
z2AF8~-9`)INuIV02l@*CVB#HJ>0u@lN_e<NTk9d=4DBU2C+n@Yt!`~zXqyFw>w4p7
z$+S<u_7oXTOa6i?E#{{X-4m0^*f5n9Wr{^<hxQ={=fVhSTK50P*gG(3)~(B;UDajV
zwr$&Z%eHOXwr$(&vW+g=w!6@`*4aDa?r+73eOAPrKVZfj<5A|5nOarq&oj7X8x_mq
zU3w8|!0#`m(g!r?Ob(3b)TH+@y?|;zgmCqWP!aUz59&$fd3w_)tmjE@j&>~1fT3!!
z9TaCSI%{B*6BsA<$A@4NYnthH0j3?3`)AZAkOBQAx9~1XP&39h_uwhzh;M_=ij6(J
z&%tAkU^s-`+y|w`5Eex4-ZwmvU_VL7k^hUQuVMvpXuo%_hHR4J?dOY@I^HfD-nvW?
zD@$0!tou6aGuH{%)m|6yom2NO?5MnbIb`qnX5e3tza;wNO3>y6ezNTPGx3P815GF3
zzu>e9n%NxcF=FKX68IgowK_|ekc%Lkh>;5EGi;hs{l>07(hwla{peu5hkS4Pin0N>
z6PhGKaSezWrYCsPU&)!kLaZT{K$%t+f=xugy^GD6FjKca9kgC&5dYQpGZde|-7k3M
zAxTFHr)zfmuKUP&5YBX&E<aa4G3avN30&DxzzgzGPAM8|MipAlu1M;+UcRgSfp@ec
zPuepUe)B5>?XT}>uj-s${FSt~3+T)$XKuTL>tECptBH4PuV-3guc-oo1DD44{QUIn
zeAUUl_;tyWr>Mgr{(r`~1+?jV+wVf>*LSS@-#0x?Ev&z{&gqqm?Ck&BPAf*~Q+^SE
z!fU6ubsiLRS3p2PBs7{F8Azc85iDTHL|WQud{-u}W-7UoxPbUkXG|i*g5~=h$F%)Y
z9%(qWez=wGHOu?*eE78SBCiKTV<ajZXfOghrMlQUT_n(Msw85_4+FPVik#V1i>^?A
zslPKGKscNr7Am*_@iE33i4m=7w}rZvdo(uw{Dm$@LgGRVu|bqrVuhofnwVN-&o8dK
z|5z1^+>@386iWnV@$BsL>)CYC@Y|`=r9IXl+8pDsJr<k9(ktMG0S2>VJ(mNel>8&L
z<5$zkDx$-vz0x4ZD2VMmQ7>ecZ<*`^e8`GJs~cu&wDcBsE(b@swv@WU>7Q>88%RZg
zGkM3&eiY%-^FOxD6AXshSKhjnW(mt@i{wpXCjCug(#rek!WviwY@GTO*uS&{h5cGf
z*aFEq;_Etk9vT<79R^kmM~h^h@Hdh@@d4GKt+(ey&L!H_8TX<a2`$tU%2C@L&GIvj
zT0P-hgm;Nz6>{jMmR=3Q)P8U3S1x%fSovCl<jpy>YPN+{AKl4XS_J%~r+N}~F%wy^
zfT`hxQAT<r1DS2U@!~%|$rU$11(cEZ^Ia6)Lvx&={0N5WWz0pE9{cir(Qi=_<<+{z
zPG%Uq;7K1t_#a`;_t0o)w-QTdt#g#9Xz|79bH@`0W$iv6d9JW=N9Qccj;T<c-RyTn
z(h?QJ<jwT@F~(`W-C~u{)0V|uhXCS5(L9$YtwwjD8gwLA8ih9*sNt@0C7C>eioRdT
zz?s0z7NE|crp!=}IsF`hd#@}0h)k*4V)$SLHMyis=ob1!+rF6JyNl2NCco2s?H>9s
z-k|)qZo)TV;eXli`k&|4SnU5C;{VFXDT?EAz=8-q({ON&l(i&y1|np+Jo?@7?nIt_
z`aEpR#BBW*OfW;U3nGU5{qVO%(Mz!5j3m1yt+i@(ot1pO+x$PW3zCH(_Be>Z3d0$V
zy}YMt_+C1fUCK_@frKx$-HF=uA=0R?NRT8(5}4|Ng7!ots=kGHo=7_Caqw;f=tl<}
zd@gh!e=5>y!D*i;a>Gb!edqh&M~uqpl-&`Yu3C3?SmSt;a5xp&(ED@X%wIG1U1HaP
z)?1w^Y{JEaxaXvcD7jv&o|o-kus4sCiFQ(1FB_Za6M3M-{XrN^>Q+os$71*lowjr8
zQ?;tKA1A^vkOOU{M$9YyGvH~K;|X?MzrhKedb27kr28qaNJY|6gmiU4G(1{J77XS}
z<B2oKZ{%_?&!XSJO!4Fq*sG9>^;nwo4G<GS6SX7^v9l-=L2+aaP$+@d6<K7oA}K_k
z;atsF&@7(NSoIM7z9{h)`+0Tjp<-vCm?E#~fy({{N=x^Hb6wnG|1$_h|2jQy{SHFI
z-`y6&fATZG7sHG#oGt8Z|C`3Btn)9E9p1%MwDpiwA_-KW1_|i^Pz8l32^)e$6j>U>
z$6*<_G^YA38&~k;ynXuHVQ~K3-F|Vr=-zSnG8_MJqV(yR%?!?y+zvCh<M-JhyC27Z
za6*555JFfR2<B*LwYtpEf?lVNIaxZ7Eho1S3y(jc^`tJMD~us1wS#jCEr*Uqsf20c
zsbAwZfe(z$MZ|&Sp%^To4NmtMh68#Dsx{r;)*5eXQ<#ygE6vtA1!^*r35LS)_RlWh
zl5Q5^#QpiGQuNSu6LzW4CHF{!Z!dL;->z)sBn_&GEhqG;iN+RnOpS2{=RCeR9+H$l
zPt_=uV35%X$@=H2R)1DjDuV>UM9}t3x@2*yd}^3XGLZ<EOZYMjNe?vSUjL>_Z5yFx
zn<kO2?Z0xlhGeys4LvNqtw1)$AAA(GF+HV`wzaOi_oO!1JZ^~`U+g(l#5l`PVqS!~
zdI+V(Aw<Ur%(&zdZod4!bE2h6p|wScWy&tfhej(YJ&*1_ONm*vXQPAZkwT-+Ak0{{
z2B`*zs}Osaog1mTmgPu6cJ{)Z+ju_x>*MorGG{0il()g$r8aM8i5Ipv->tm9$r)r>
z=3i_Fn>yRi9YdviYuo2X%Y+Trj2<1n0EP}nwVXRnSfiMEA6C!&y;830^~eKt-TC7l
zyEjB0V+>xkCqy1Y3?A$W1lvGKa(^plHeiVg{_Mi!KWY_r(2OoOfT7<y0#^vb+3`T<
z;*Mb$SUccG93pzmV^_pTeO@9$_y|zGB+3Ybze6LS9}l=%d}P^prG!P<<4d0uO2YeY
ziKInTK507wz)&H41W(FFRAZ5!5gae&$F6r0Bs)=<##-Z(XpLWh=z#Pb-hQYl`#n7%
z(yp(T6g~l94`BTq)6K8^5|3>U;C@Y?;{AF9i!#82Ru?({w}}JWnXi)D_t}s9e*dF@
z_J3)eBDvwdMQuQL?*FA}(*~jC_)`-~u6{MPrGG*!HG%^h6nqx|L4;L`8N*Wdasave
zL)`o~2k6b4Z6Qwa1i<<?0(4vEg<8;SRq?9%&Nr!>E$5rm{b#658r{d`Uyaj_uO`Gr
z(^h1h__PD~RDB=(0F)B_zZDd<VCk-m-*-9vyP){rcRc?)F#pexoTH@muZ#Q@x@>Eq
z=Bbe2DL712Lje6}S2#wJ6hTr|b~ADwop}paU%zYd5{}~UIQjuL{MU~IJEq(<8={5=
zL44DhC+?l84CWobT;HF!81NS)rPhb>W)zdgT2TRQb$ntllQpf>DNX3FJr9x&XCT@S
z2Gy}91cqj6p_xOfR9uS`eT{%-#u%i*1x^Q%HJ2UN9S?lZx*cn#?7VuoP|88i`H|>?
zX7P~L&e}GMf(Zcc?&v0@NApSdIX;9QGmoV#0Y<q%aI8h2D*+L$8|hv14zscl-zj)^
zhIwttj<(sD9e@s08#5wJJg6t!s~bPD?3yYsjGHHQ1dsC}(UPh9llleY0ZaHU0)Il{
zybPv8)hn#vu%c)c{WqE+mD!dCD|;CjkCGHQ*YO~_&`lLV1&V!D@J73lLH~#j3nrQ`
zyQJ9YIe^1fN)n=H(x+x0nTngk>eIZ#C_j3aGcFK7BCA$0SY&V_lUZhjdFAp2c9{b+
z{1=pYVtn=4-8m?%Kzw$gqEJjngKCka#d@k_*~f@>qr6DWsRdV*XdA*KF??u%YH+{9
z)-FKT%GZ%fm{6K7J~Z+z!aN;cL~}5jb)4sO630@Y#TZV+$S<Osnj~X<)<;eu&4Ru-
z7piv7)=Xh)-!d{ATm1O1$V@b`La~!JHX(j7V!o?oa$UQ9WMjfJx?^KAAi}>CkPw?N
z_|!ZHyGg<+z0UK7<`Ab^+G0^tOd&RmTU~VbZ%zAOhaD_wu<w;`#Q&F`vH5?A7dz3*
ze9O}QQvk&2zlDweyKPs~P})#M`J&^1i2f0VfK?{DPeQ_2)l?P%Nr})JN*j<^BCBNp
zT}>b@mI&#*^Wr1_@?26kEh8Puu=rR3pYv5hcOo^g3LI^~m77pk>@>r><Cg06c*5`I
z_tPGV|BphjArK#;7GPkm@HAoEodzvqiIfy6jfT?XlvzrfjR;aQs;bdIY{b~8d!@sG
z!a{{**wUyS?^;iby<*gab)mv4mB&i-0RqcWiXBy&{g^0?Y0~^N9lwMEc^6#)E`hL7
z5E@2{+@xwYF==g9F608*iByeIGgL|$5+Zyx(lWFO)PA`xec9hy^24UhmV|V23ZP!$
z{=wBiS@&_M5)*z^ZgPvPnPw9@(#_x`d@u?J0(yz!z>lZTp`4E=%zAYSBmr-6g1r!p
zBB>Q=>4ZQ#YI})@fYgBg4&ile1t!SYl}H(-P64-~hYT3C_p~8DTuaYxMA2a;_BjkM
zkUR%?>8&g*D&iP(@MXpeGmg#zm~1o&JyIo-gcDH}O(L#cWZ_74c7%~zAAB#x(^o`z
z2cPSI3Z*oUkA<61tdp1&`-_FzOkTHPhq8<^zRvrb)~*{G<^Sf5CI*g;<On^0@p78u
zpjn_wkpc9`m6^y1fyytpS8GfJ4=@+Ag^dzoXB8{f%k3xogNtS#Ypd3w7*Hrp83?nD
zqou`0nh$H-N3rRbYcN?6V`KFaj#iiZJHY_a?>aUY2@8~kKb#tJv_^pF)b?AOpQsVL
zZ8=Z37@FC{h3h^d>XZ8?2f^T8ypY6|s60FchWo+*>XP>FTvH@qLz{-UTvSN+!*3|$
zR|!LN1Cf@mU=swll-M&KpNtTuf$2QnW+XE)&qu1B(fR2LJ2E>zh>1q*GrI5(LNUd7
zn^8>Z!?GfpO@)tP`((%?IOTq;Ag<g}pfV2UOGlDo2<>%Cb#qZU=nNgW2jVzW7__I(
z3bsjgYbX*x@RLMChew19&v<Qff;l~5O3~(UP2CF6v!dDQO*;fc($#2|jtV4;n<$C^
zL!n;E4okVS1MUs<22YR6^>1AgNrY8;3&(@b4%@Axr4D$0EPZ;)D2|c{@4Z|L=cNG3
zEAl3llt8oHnrjfWxLBe1(@$lX8#TuhU}q72tBBK3vau4Bq~6{-rS08{d4T{iq;frd
z0V6F{fS-uKxW7a1DK@SfOk4WoQVl|WM9$~$N~|1%In%YE{DzAYuDNL38~?@Dh^ISz
zv7F+Q6ZMCAYZ~R&aeL1qMfdC&FakCh^0!RoHY2sWO0ne7UAxlhxr%!#epS0}lOpQL
z2;~s64YWEh0ndi(Ni11Xws8S0#JMpZcp7V8i#=ox?l?S`&Cs!JfZ1YpoponGDIl>|
zc!hS6sTd`K^s!w-CGh3*^#?xGtHjXgYp}tN<1)p1G#{z>pR0KLL1e|Lim!X)=PkW8
z;^3-7>s@QR<)@23%3P>A83|UD_rPnL(q@w%oln#|u2Pj;LZ1{^eP+24i#e0$qv195
zuMQs4Lsjmy{&nVb>VAD1r1L|3vPm&=DonB&mA6`<KS2>GcD+Kk-b5*5a1AnVsLwW#
z@)v{s$mb`-t^Q0DU%+<0gAG6ajAdhC+XAvO&kVbzrouXIu)%xz46t--@z;TA12lwx
zs#U>n_7`}yNmgMfId4fW`|CJw$#z|dBD~v&i@gw+2T9op&A>?r{k%+xMY)<)TVxpH
zPg>ppJknRpo7tE6;{y9w7Dfk~lMw<rri6@7p&@1KiVQAsn`4=0iyPN_;E~%BZr(yu
znR^_&HPh}E5M|%7I?M+3csSGV?h$E!L26|&>Awb%p)0)+fsJq9{u0$L{)?yx`{&va
zMZGVD2*ihfqgr<DE7BP@$!@w_0NN6vUr@xN)UM?0FO8?U0KOP_ZGIM6Hr~L774w|f
zCXUDtv<2e`0^|1d5g1#fDMgC(VI0Al{ESmd9$9_T1$VI7#1SVF4e1-4iW6o<`goL+
zTHs;7gJ%CNU^!Kg+d}N)G~lbD9cnngM<8Y6G9k&Ih%Xr6D#k%n4Z?`cxTsey5f|Hy
zxcu_2>?Z5l+`hIa;~p~FJy#7&MjMqb#nuq@YIO&&o;QP8tsh$M8()6lH=W$Q;`V&Q
zC$C6)8~4!*58NOAyMF)dd1i1_QEk7SMe|YrUkKAba@D^iF#nODTGZd%u$NH3a%rs&
z??_y6a1f*ceUOQl>Kf(*sgNKC`k?d{#yFRusSPZN<apEJ83_$%sdPY{cFm;DMJ2R4
z=2^`IqYhclA*l;KMem++fBka@<#|h9rpFpd#Un-J<9tlFyWQH{ZrpBs<YzxmE;)a&
z@8T0-%~A9b7eMNU;w^<2Cq;-D&%`fDD7GF|TTE3-4oAyOdMYZ(P&3u0D+OJH2ervB
zsd(WJZuJ*TbYl`%m?!uOx214$Ylh4zH-?t1hjQX`YU79r9}sz)qY+4%2MpC$fiZ_E
zPsUQWs<61|Xf~(?GhM=kp0|n&c{W3tC)ER8!6b0KVXlvbyI0_PS+*1f)33|Wb%+Ro
zv&}D8D<-V;;sg-U1?lx2A=UP!9C<krOB7j~X0jO{F==SAJ~A4K&2x{M(3UYkRI&;z
z7WXn@WTMn(7}%L`CwBzzkJS?~4un)puAhFb_T5**1BGs=v4C3FQpJyJxC*de_9Y|D
zIc1_TO!*I_fVF}nElL@ZG1whW`Dcz>N{P+eWIWg+I-u6>A@rse5OX-o<fag3R+kYw
zY$!jm09Au(HOTh4AO(6qsQgeJ_k*ETrORTK0e1l&fC*x~>hWJ4vk5hf!Ep5!m6*pQ
z5;{G8wsZ5oP{&TF|H(amL03o<>I$6L)RJ9e3HMdRW9KT}j#sCT5K$i=2&1DSsFqnr
zgc=#{kBwPdl~4luD;(-H$sW0!t(v|ivfrrUg?dKSaC1P5<Z`se)-gUfIddjMZWqJ0
zf?raaB>t|=K%fr@vdu~9&lkEuGjgN7dahP2t#=+HB)9{(iqIq*D(9fRs3gXw1{{m0
zs1`#sB2W<$++GSynrc3=1*EY2*kR?KzNi5zI@QGqCteyuC^u%N1$|KkN(vk~5_pG=
zILT%RBwjuy>!iKOt^U)mZm9tUxt-z)%q6rt%WkngUL<3g1mb1;XY9;UlCe6RnpTH0
zxpD=iN}du*ItDhqF*i}V@5~e!h_c7GC&zr*?jNP<E>yMP<9v=Gi^NnGQ6)yA&N<x*
zH*O&+f;H-nG{b;Hap8(iA2&aKzZreknkpt1IFoQzWFL*$S`A4syQ8gkhQSzWk~Oh&
z9%+!T_2Z3GeQi$T{E#|EF*w53cD_3JJ(U_-&$_H=pgZ{ePII6ndlw7CaES*%)eaI@
zk)68>cCRRCtLP5!y7Ppz>%*2bnP31v1PLKWsGd0db1jRs9o^O*64aerqB4BPS)$6&
zs(Dp@fT~dh!w~=u!b7n~*d1dqNQDHBbJ*}y>S!m&nt~{dUw}4PPuq?rjP9?(jd3j6
zjeLW2YYTa^hi$261#FU=$z@E1)<UlPxlO+Josv41V~*F0lwo(FmhfQkj>E&@_XdIS
z66}%Un6$kbI`K|K2h6a47r?{9GX+mfI!1^s%3{qNiM$jc@rA}Ir6eScH-dFvPD@sD
zev$+gxJWFeBxsvTF^;+$5a7dMLTX^A$(8|7$atTdEmio>l)0e9a`qL>gIn4J&-0Hf
zZF`%p2Z>W8H$YEjI)7f~J8C3uTyIQ3L*)oSZ8$=bWThnufg0&Et_zCgQp-tbR9cR=
zXB{3QJ9!wW)o4*Ki!EF+Lqm=s)Z)g#WJwiq=jp`W!kWBabeR`(Y(FQAMRZ=(={$F~
z(~_Hp9$EKGHK;qDO|=c#E9r!E`HvOCG=Ba~`1qI*Yi+Z1G^L_+>s;q{W5B5`id;D?
zoZ~1dwWM|qUeiSWsWRA}xopC1mdGBroH$cOm+#Y(H5)`ea^@HhfGg*5OiNA)!GmL$
zs?vfTEL955##OzvAhu}nysHksIRFRFO}Z84nYEvm0#bU?fD$zxyQ6U!qvTX*hcj07
z<L&J{M@`oTt@W&O8e=eZTsvLgkR<*7UV6KE6^$JBX4e+I<z^00_VrMFweo|5!<xMN
z+Gl3SoxTpXk3cyB^uHE;A#zs8zQY@fb)+9)^bFSB@-1bP472vdu`m^7jIDcaFuX31
z<n_{wI%-qCvaK{BRDJjrMZanMu>zC&fxm>#6p?vAK4Rp?mn6?9_K=LAK??)q?0yTs
z!Gp5g&$UD9din<TTniC@0$uIZUW3-#bHEeExyTzGSY+Dt89i#>0IbP!s~UiSyc2tX
z>CpK?MuE&8ExbdG@8`|#KpdESOAFX7EHFfvKY{37d4D!g$4Sc@ZXwlXn)iAFY0ZS?
z4UC97Gx0>Gk_MBZ&8ehc6l}n2G*id%5^qJVPS$UEY&VSxFS4J^_m)MNo^mW)@yzOn
z7vt*=xf63`%F!4$CLCYuiWCCvh}hM+L7qj>^{yZ;%s*nVxwy+A5Sk_8^Fj7Mfbhil
z+J%_`S=Q~6tC`0tfML4aypg6qwtD$^6P~=}4CB;?udw#fqg;+3wC}JxfZ6dnqS=Ap
zyNB(#P26$492O%7)R_0PMT&(NBA1%MyAlUdxGu0dqVGGe;0?w|=+o;!dm7A7I9v_}
zVe}Dm_|qT2Wfy79HDL@xb42?gJ@qnNiyW0-92qL>e)~9jL=M?{gX{I7Q(`I5>`7v=
zCf1VQktQA!#>5>^vse=GHgSkn>HfhQvhYR)K8x73a*wosWRZkH{zXlzmz+v&L1)%8
z)*+B>7VZnOoq8NYKfff1u#0S;;jjD0EE>=JagXD3@lsmE69`y7!T&R>u6TTdE^xN>
zirm|0YZ%>iE~{u0yHuj*MH#U}7d#=2yC)&Lp=~z{m6NDWF~s_me$1l8oKL2ZuRT1D
zWq0h1DWE8}PnNFY0EeUK0ffoY_cc}cuZ<(JpC9@THGp3@_79?OU>>?y?~vV{7r6=6
zsp=Q_2c+)@rr+?+-rs){FSa9jmzDnp$d3ts{NVmy=eGZ-VH8b_>>Q2%S;o|8fV<-i
zqkiSBOO-W{9FD9dGpAl98NV5C){~$Y1cD?oq$boeGFB~0X?nYPU0!2yLlOq;J_aiX
zE=mXygpmApB2JEv2MF1F!V~^_5fU2D+FH_ha;AQL^yyq%%UId@yFJDCJkanCWS!so
z<37GFUmzbrG+3n*5fd+3jQAZ^B@U*tHIpUA=TE+=nAq<jeHrE&i9Ay{=XUtuLNeZh
zjV#Etkgn1lY<92~_2OZP)pg%4#z`S1X{=OR?Bjs3=c)RJPI`aCWC{p~WFZ71K1u{R
z%;iftt*E%14TRbm+2lKHY-vEKBPc3xS$<+Y9e9?@S?VvHD6HfB6h@s4KEYg<rbIG-
zkMuhIfIgvYu6dT)J&)w*xO(1dWgd$QF~hJ1HEHFiiiTt{fOAz$nTG#|{SzH%6a;n|
zy2u9p5)PJXanhCr+3(em=^UG)reTg4`)x@%Laj!qVWm`DDGXP00ccXi2K6xp;Y?$!
zN@!8>=F{ytAYzlyM|Y;u;g;Z<iC@yd5c@Eg8D>bwVO_O=mx_e+OpMsa_0n7n*Zo2m
zX^@!#MWJ!N>EB^+kCto(SHb4lYjAiCCcu*ofdtxySD~0{8M@ABkET;$w$rLd&6C9n
zjdf_{g0u#5zke%hS*;jZ8%F8Bo!q4Pv{>yV*NkS{yBt;^tA{`o1TKaxx=G;6WyIP+
zXgN*iCN*%y0x#;tG@(`_sz<p5m!=6#$==$!{7n~e+V5yW!M2YLi~)u<C#lX5jYN#(
zebmov3ngD4uPflzTLxg6VN;_v)!3ZZkBn>uPeZjrSf`BCyh!&gd4w5MF@l~TwH^jT
z;BAX~M%ykOcegUNBM2~SnozZI+MX%d;}y7i3fupIjSiaru|7}L!lkzh?96EWEw9d7
zz{Er8O5M@<1fd;nqh0vB93{}+traN+v=Y0C!#XjWp7JJCF`~RVl_muTVyY8mW4=m1
ztZ(@AAd^v7zI7npptWKiQHUZtB|f-Kwp~P@+_mFvYFqAJYdV5uV8H%FU4hPdvvh<b
z(e;1{v<_i4Xp(bwga)%+C~7?$*`(CfM2fuyk9dA?S5BP|t$NF($TK#l62w5jlTzw*
zBGf*qCVR^g$Q(nFfrf#oMwL^8mJa>T9Gg;8`zl2{k<}K<R`agjIQK$9#pTow=Vq#K
z<N@Xz=Mp#qGGUI;;=Yt!I0E|=+qm{aGIjuS6ayl9WBoBlV}fG6{4Uicx$-nhG165#
zjN~S^G4h#kXR?ECyQd>+YU;PjQ`N0yEJ(%tDz1%Eip@@>)R`W!J*@6zN`{H$(YpDX
zB@g90usn%YoYiLHt@D7Zai{7oS9fkoJX6ftJYKG0kY9$e2M@(9Sa$;MS*rNj7E`4O
zZS;ZG-jDC<iNd|AZ{yZ=AQI=Lp&*0UjSDR({Gt-t^t$(GAgKp4O(=ExQ%svH+z-cT
zhv0TbAw4CU1mTy~F0VU1ab;I_Jx6xTSd4pbU=|46-cK0%#cCr<1!BY$SyeZ8O~b{W
z^jtsEJZnCZTLbT4Ksi|wW9@-iXxUJVtKII{heANy-hp<>J{9;Rr&6J%sW98~+iUPp
zs}|&jY0~;y)j-T?iteA}zA}>)y+W-TO_`>aex%LVS*q9Uz7q#<gJ1F^D!(?p$}kpF
zmRoCEacyd>fqMtMSh7jFrFU&N4+OU;u734gF-keQ&LyC6L=y)qt`U1KrNwC>Kd@l8
z%-dA|X2emm&+9`k-cx%o6`+teU(auuW+}`xVI-JHy!G!3au1)ET|YZq;N_!9L7W%Y
zfY>$gmh4Xh#p_pV%zbD2oDWBnp4d@v#hqaWmswB=zn!xVe%@d^f@x@SXoSfW2gOVJ
zLGiwO{2dCULA-^&b5tVv+vN;7e9)6F1Dq1qFAuUi6gi65&^~sPY-Ks!0Wxfb8oX46
z+RxTLw_6<{!GZplyOiaNG!$>YeN<UC7n}+c`%l2G_$y;kFbthpYW+r7Qa0_^KqU-6
zsyi0Hk-HmlnEjhHpYZG)vQ#ZU`YWjKxW^%0{+3#>l~Yx0llivKYB6pv+V^teMZsRV
zHMi4Uu=r4(AV;RAJ1DVSTJD^u;vLZRW&xapnX)UU0_$>FW~cWv8T2J$&V$<^O`Igo
z-2D6($qQO|jX^A@W!<w6_t?>vYaBzB4>(5HNxa*z(#^`t{Vl5}zY^o!j|qC-6~vim
zKX0>O#$N}R1v6!f=+Q4%0f*&&S>zIH$)XHuEfRLWB`kxkd6f@L$$BQ+nAX~(C3z*i
z;nLntw{2O^AgTen%h+cX-2?N<9ZvNqR3z5-E>3&Hj-jEKxH^5+FHvcigYKpAbs3_l
z`@z3+wtYQp(UR3KaLJlX27db>*|G5oRF31unF`dc6?T3M^)*i#S$gXOY8-QvROC5M
zZ&G(n?5J?K)m|JZua?4)Hxo0nRlOYhCmHo*Gri9U9*E|wil@rE;Y?kj$%SvIGFGC6
zPOw6!M-f=ZJ!3F}R6P(ue>R7sQ9EbmFP^~+Xpnb7@ixT$LOOGdrlDml7SlnXi;45`
zG`z&z-Z*5kU(-_232k6cvCj7Xoo8DFQnL2TS;KTki}%eY3M=Z#k&RUqU_LM!JpW$N
z;}|ltj~AE<#T7zDZH}4Nfb$Nvtt~;_KBS}$U|m8u?j-fq{$Td}GlrHo+!LtEr1__C
zM=fAd<66T1+@eLu3|f<zJ}h;nxbY!kxC2ANavn-^6g({BYA6e<tew~J3;Q)+;sj!y
z!Y*DaC#X<d)AtoICnDIibx3(~0b`!MLCH}yVSeL%Oyv-d0M(L=W|A@!)siqf!H06u
z1>FepCD-FedsCtwsE6{{fe^~w-<`X~;jt6`{O(fMBLl$n1WU3P<B44E#Nf@FU&cdc
zBs<N)o#RJ9p3pVg2cjQv_I%zQIvIudcLn55K8}~=mjUX+ap@n_5=Q{Y8rjTZIN=E7
zrbfpfIfMUwD<kn$b#98d0P*sBGl<iL+G=69?9Y0Ux?Xr_puQlMY#6{3XPO(n=qTX8
z{A4FKROqd+iA=ry9-}j$sGS17AK1<b>$86#N8H}xFJrj?R#5){w|XM5coWz%c)2L0
zsv+Nb1B8`&)028YjCzPz^#Q8vYBZg-33H2nF!oW^T)>5Wk5R~Uttuup&d|;s{4!54
z;Ro_x!z(p?_^+71^(~q1vrVt`PCXb^cl<n~Y#zBUG-K7CgiYt7C=yDAz;7j_^!mSq
ziuJn!Ws`5l<dplmURm}!<8Ajk41JyUIh<R^w{s7|@9YZcV2cX!V`<0k;zt5}IlDFC
z^j2oUI&*El$Z|cv8<w_3IRamB2f<4q?Pi2?%v!V#A8b5!UGhjagBLoxZZlY}FWt!D
z4A|kXN$c^U7CAg2O!|R2JA41KO{EB*jb6m<Mma{N`KmB^Wv`%vM#b)5BpwoR{z2Ol
z^sW=!qm{zqKkdC5HVXt@P<e~3YBj?9yE9^`J5;+qLw0R4`qXeh*ROeLsP@?4M0W(S
zI{o+McHZ#^rFna%jstI~!%yeUXbwCv;JCrQBnDh`SAp-(qcVi1?*2nWRf^;ai_Ltn
zjEs`6NZu~*Zc95-L}Cs%$%g-;fSKY2rxiVLf~b^F9nKq80u`IW4_>faVTM>~KC-C1
zX9_Z^nVXa>%5?4LC{DH#iNi)H&axLBrOhbk*+V41{Da=Z?N&QLTT4r6^zKUrtM|Ou
z3AhC<Of#m7t|-~wFg`n>3MCFl^g-iWq!(<u=xyc(So2gdUnxP}YyqkAUTm^r8FOi#
zO7mj6rVPyT@F^;Nfyc6N8e-pdWS&+ls5xb(L>1)UeLk_OFL%wqxfP|~`cSO@S)DHG
z=xFEok3nOJn%BRyqW<a#s3xi);EP)Mh-HPDG%RVt62U9f167z;KO4|zNjEmG#dKl!
z^;lb7y+c3V_y)L^#;BV80pj|U$;s{Nf<%;oFiF?AzQ}&yKKYpGVE6m`{z(7B>{bcH
z#$0W#zz~`X)ARaXwD#NQ*h=l>8fwev6o-Xo5Zll^j=WK4HIfb#5mliaCey&`ExXog
zl8wC?=f!=z0X-($z8Sd9vD9AMX4Apij3}MadeO#edn^t28nbnnA=#pO0FiWqm1m=)
zPNxcX^!#WM(OSGM5D%4mZnAzbOz#<nIrxUj+HL4p<6gMMMkZYr+2EbKX-nGK&^jq-
z7X}=ESgrX<aK(JNG7Unpm&u+d;$^=y)F0)`VZPA*>GnZ{acH~buKiG90k`1`gK5uL
zgQM|-oK^a!C#b>e*Y!^kw!k2c;@xkVeU1tH@&;%%aWb<~GK@m$P&J58gLa(R>I+s-
zYu=VKirBsOKsA-2g#3Db@?9vi`MHp)yTk&W!`yVpK@py&OVTr~({3}A5H^bryteM<
zN7|Bo5MAP0u=1@$n+~B$eGX*502ydNiKguE4>>056w9W845Ri18l))ap{2wAWg6>Y
zY$~}u78PXxHcV30W0Z+bG6|wKC7W&z>(WhH+D#uOs@)!qaGG<Uo+*aiu^_=Z(klxX
zYPK3<Ff`1WDbCB8Ldm%K8iNI=YYhF;>5|HBt=-y_)`U%kx5zNXh<V(p-quA8QXl<E
zv|#Z?NiJ*cJ`$Z0LI>U8;O<aXb3D3h!Q&sim8@KPtxlOBv6l1HC=&c(l3EIPEm1I~
z-v+s1<M~q?GaM_>%HDUSkw_Y#YM5}fNktIb{j8u(RJD_M$W|dNg7g_kwUZA-ffko(
znzohh=xrFkE%QgmFobz}=!OmNjWww}<%i#2322f9d|4B)BkJUhLlaEjtoNiOj4`=@
z)weJQkrt2kv+ZjiI5ix8VQQV2rgDd7hehG)_7e=`Y%;`QOqs@pX|H?7ghhrw_5%+l
zsLHiPm{@kzWSF_P8>q3VzSVeOIGk$^zsar@jgC~0K7~-~LLqP2-0y40js{wffMJ-j
zC-o}iVmsU`kEN=mi5Keq9T6G3(CE56-A^P`xGq0Y@3qEvUWr+6J@JI2mxZj;Kl!$c
zpIa=776p~2N_EKNXt+mXs224SG{@Z0N!)$VPD>F|^J(yXmjC=ogaQQva=fKJ(uzJ&
z^0@9MM%;h#BEA3D28=9gl5F`p)?qQ5l_%l4pS&tpWNB0<H8(tO9Q)M?RaBk#HL&v6
z-PQ&}-FdMIq}kMAEwwf%JSG^M6ky^BN)*+*sWXfHG#jeNh+|o?7UiSQKL1VOoTT3X
zr?k9zzD24=f$z+sIb=lZmeA*B?h@&0;#1<DQJv`tJbA}_IW+FH3-{{rN*J8ir>h=5
z+te#?F+B+GmAE2heuwf<C?`%rNXoK;eAV?K_@g-2;H2j820*p?i9xSszYA%IN}>V!
zIgX6lt=pf~y9|TxFSKI>^1y)^Zp4qo5lIrGcv@Bm;z+@u@Uu`*KljI&0v_lB2_Yt7
zv7V5`Aa(rMc}E`O983lebG8icu;{M5Ofw-VW9vIc96&#yDfkY@0H=6|`~>m<p`cp;
zL)@H2HO#3!^j{B#TY~_HtR6Y`Jy0GT(Cl1dv~wQ(E9N)&M3wFljr~Zk)qj<uFZ$t>
z201386Z*#z?ES;OK9}vA+xaZHKxZJTw6wdUE$LMjXIl*C(_BiUDU46r()!^Lkx1_W
z5BHg-Y;SR8<Q)nAnyC6bPZLvj%bIYC_>1lu=4QC<6_4NW=HFnV?DLO}9q=DN$dLbI
znCQPH5<UJAy=&CooN&|-zjA96ROJ&2SK%Dt4p+&loDA27RufSt6LF|Da3vZ^@cS{Z
zVv7^Z+>$diG~mP`#DRnD^^VDKjv@4s)Ylk;vjo}+<Ef~IXO-{p0TsbF)7Oz(DKy_x
z%ZxLR#jU!yy7woq=aRBquzGYq_yUj;tO=3{1;RO7&Og>PSW9U*g9}EXb~NoXg{aIr
zJ~I+S){9S%kc&BdiC+lir;SLdJGA!l9F8Vy?a0hFzg8q)j}vz~;EJs1IC77;uQhy}
zL%!vj=Kz!lGfC1HBrOPei|7_fW$;5&!FJQxu!6!89?G-;EZa<o0<abH@|5zy7GPX#
zd!{PO;rUFB#lLxyz+Ho~qVI?UE~~``O+#qf^!ezN^Z;>UjA2YGwll1rBN7leG&}KJ
zFsvp28Z6uRc0_ha=U-SRz=WFaW4BX9wY2pSt<%_1p|;o&8a`8QHAB{AQZrVhSPioI
zf1;0OK`)CC1Fml^uYpgNB|Ue?TqAHNqO2YoS&fHeTdpohY*jXvt8AeC*z+X|F=>HU
z0PW;xZAhOEgN?lRW}gy&QftI%W^by+u-92nk=hK<MeqHfl{I_D(>X+DQhCk-rnp!y
zNAO_l(%NyoIz}zgfNW-NL)DppqT{F|e30JfDFLYvsSm_FJiK;dpK`F^5GezI${#G0
zP4H5Wy9g>+4e5Qyx0ax?qbeMKNd7pe=cn$SvTJWJ@%GN%%94J&5Vq}?^2OhJ6YqgX
z@Deflca44Hx6~r3uYrBId#oT)Qw}1A2*MU!e`Gcurv(@DoKB^s4QLN5q#j1ZrppgT
z$}K?belt)pmi}<M06S7X{MjD8TRsFrmQgG^D3>|N3=AF#VqYMN6)TA|3c0T~T&I6f
zv<F*7#Z>qr(G6L)(AT@jiX^#VPn-8yYO&>iTn{#ajkFlf#5nQF!)tVrky}*?F-R>)
zlIq&LQ`(xFlCJbk0$BGPa`7fVU*#$1VIw`->mIUDF=?SG*Cp@S&CLCCRN?0k5lr>I
zp5Jl&wTPew^CH>4)-z}3sj#96n3nqqU4J$4tSG<m%*!iptgs8X8=Z}<*vk#T;Uy$N
ztOOzMQu$ol857?a+f5khg6JJ_7;TW(>M`_e8q&H|4WL3zgA7p$sHiG>M8y<^;qh;?
zatG|=x|7RJDs`Z=Jyo>xo>h*FeVuZj)p+2b`xA#PrngSdu+AdD->8Cr2!q1XT+9SZ
zZF`YyN4=QbrW=*_MLgZMi)}~tmxR7RTdR@Lg4VkCSYbK%STZo70Y0S_m;su@6^B2O
z@Q1>}jW!HO&WU5WtGu44ay@wWr)Dzg6uuBU(~YEz2JW!eI;PcGzY!j*?}-KZ9VOd`
zkVb1IbEvdk)=D^FX5uybB3n|N3u2>;lrO0!EIWo5^)cSlTX!G&wa{PL!Q_S&MH|F3
z>eAP0SVPt_PSP7wZ_hjfEVu90a}A62M*7~Fvi8Ua_Jq}2XCM2uwC^b-fZJMR@jw-o
zI6mfRM*GIoX7Hi?sM47cmbhr}VDQ&qf)es)k<rgVVXB&{{Q-}}ASL?`lgdUZmBosl
zuLj-YnzUtRAVg{dIMRc~QtsM&<R2uKtH_rr=iE)|$FmwZiqGAFNTs-%EW9aAYj*Db
zC+R20G9_J+c)=FUST*7A<;ds=kA`N(KS_oA&(&=St!%kItJ`7qMPf`ce$-R3!C{zE
zXYwDr_I74uwIm&YC8?=#=s8+X%|5M#SogT0+`86;s<knBOtBZ1fyaah$PC(nwCb>m
zOkGOV^TPHX$T*pZPovJz^gY7Vsyah#e*UG@bvaXhyNF!RfHqr7XU$^xD4vYZ-h_B|
zx~|c|p8W-7Vm>9=sqj!=GSFL*AG)sc7%@r6#bjP-Xu@|SKxEJ<n8om>p=GaZi2kk(
zX}4RlS_$_<QR|MD2QI)aiB2$jXJ`CPR|wNWcmC~zP7RDgW1?+&bD<OF?w9`=a9)AH
z6|M0mT+4d8=^(N@5=8koP^Da0j*>b~tK4>!Whs4qgoZ`nsvGKRjj0keO*w{g9;UgW
z=q?MzE>E?eisCAFkJ}Th8t`cXYmzocXb;CueGUuEFSzn`zl_p}Jwd-0izJil_m(GB
z&mO}46V|Pa!5i^_QU)}ST&dlyv4t;nAbP<nXVA9ivZ}((@pqD+U;|%J?DFJotd3YB
zTy}+?)ZSN=`v%i?%D`aK3F4aG7YJU>-+H7^bIO?_B}$d|<f;<=y!t|>cV+uLC#gLq
zz70Uaz)2%F-->5I!8>8@DE}=)Q&AxQY;}OzlvJ=n7+GxWw2UaU=X|8WcDLAkEb`oV
zThypI`1MK1wcw>ep{*I!v*HFHPn6t8%FW5V?6i(M5cn<q!ru`=M4>qI!zCMTdQ++n
zas|;XB=m@6M;@_rMS))e=akxFoTROQi-X{wNtvKP75IA=ntGJB194}jkmp0DA1M69
z>ZzPCe{p*A#d}GrNYp%!)U-W9slfqnNb4--SXeBVU+}Ko;XW4oCY?I91!9ABO@B8C
zSa=j)h^T(1x^{;BnCPv!AiVa?8^OJqBL%Xh&eT$TT?j#CQ3H|qMQE=I<}5lAfyxW>
zj1S16jIsfO2dL;dA?o=c#Zd_+6rGDfeKG?6l7Dcz{|%X!tCHI9$oEH43F<94@BJsY
z#N-1nkK%hVV&a<%De<56d;eB6kf_TGN{W~`897?m|NlJu8s-0@=ax2GYoS4-qM(9y
zD`+~S-t5O@2`REbRg}Y<cH(X<UD2)K=6|911=J;)%d*V7`6b^?H3z2dlV*}RnVx9(
z+-Q6Dcz@nP_L0(%APR;Blt*BEH+{JeF18(;)LJi*vmvyYTy>ne#C8nM#v@RWLkSG=
zEc2jA2J3e<j^nL0nX|Z6L!^4JA1-Aiz*Pgk5~%~{G$|nExn^}|*zscPHnTL-Q44T6
zsuu2eLsz-nRzQTgdSQD=evVShQ?>JwDMC?G>D5MZcw#Ej5+<%j@%{WHdp6)7?9Y=}
zs;q5MbioIUMFA4N3GJkj#2e#OQ;xtA_A@2FS0{{BPTYmh<Omi7E224MV$?sKjJ|4C
z!--AD7+@I0i(w>{RMJj5WLyW!$1NV<w%ku2h(gvCL=_X|GuSVdqAekwRd(;Qks?>_
zjE-Pj>I}7=p=NzxiZ|jY1z2`M6u^MgX;MeMk@{p+tqG;g_ECaWwU|HB_Gkrbp>8@#
z8RDd3WirG3<S%X0hWvolbp|~$(hoGSZ*!#}{??DyBTAUy&Ta2frH$0@D3Cbu$?5{d
z<2dhn!$?6TH%_1a`@Sp7M8bxnLCNx6&u$@n;HS3-T1?5wutykBB<=V}RXD;#SIZs#
z&G!MB>zL2J?$;AFIW6sI)1$dxGG$HD5-cwrC-tMPAGQ&<_@mj#RTB;%a}%XF`HT;}
zfEygzQ48zWzU4ujYUhCw4M)s;g}|6uz*ON5X;oDI+>vx$@RG?pIh`aLml$ch>1R7b
z>VGRmWQc=y&V>D`T|5ldx%k&S>_H2|PBR;QgG+BDrSw6zF*cs1vBS;Tx{Lhj!N<`v
zU-;50omIG8D-CY)H<-m>aaW3D0c}#%RfhA8{(X9O?nmf2No|50s8<NwAD}hu&azl%
zI^Ou20|DGHClc{<j@&AvN7hbse#4LXSFh}^?urQ5g~Z9kvH@PHtDhY6^o8JTU;rYY
z3>uKoyJ$2e(FaVjcLNf8Ty~bGOSC2$QkSTGIg8YUGO$KSnF~t&W<xH9qNMEM?9{f3
zB`O^((asm5JJ^5TMl;_zvwv+xM}NQn;q>MI!tMVbitYc$ur_7QKQ#~%?wtWHm7a;v
zkPQk<pCXtDYx_DS_vPdbc&-nT19NnjmtO`6{H&yktvEl0UQuY-^FZ!HrO;N1GwUa!
zYR&f;Sn6=FLS=_r2J*tM4I9$HquJ}JQ(l9;4}|%Hh=$?o<KGz84vM@7(%*>h9sZ9W
zoc~#55jS!EFTnR7{YZ-jq&xOE-mCXLCwd}Nm4QPcP(UJ2t)n12Y)p(F0%vQ;LFi(G
z3~;8cxsoNRQLjm~PuXs^usDOYC?E%Dt^?bk?l*&Y&MSJhH9r=Xy!b4nqDkyr)>^+M
zlKR=)`>e06dHn76xbd^wj>h*gI3)amZP69YNs$Ps&IiF8z}kX<6CK#wWfWctLR?Zr
zE_D!zGdHzYj}b4-%z$~eI2P!75W2OVKj>_Uu{X(g@?1+toG<J*CAPH~tp>yfl%_Hy
zcABKGfV{-A3A6ezNhy#Cssi9b>b-FSgJx<(tkZ{U<t!wl82lufI$5MqU%g~(0Q_R=
zDCK87#dr!ql+tlvZsasu;Z^eh(hbAhKqz-eQ5rFIHrri&Dm*mdAl?cQqDm`M2{F={
zgnEH~AsQlOIWW>>Y*Q<iiYK_N5d|S50`h!r9pxB!P&as-g#lHGfew%xb+<T^^E*OJ
zY5UyZ2UKnUl3*7Pj!UHJ^{Nn9W~Ou24D>V4Ai${A^ok49hdP}>NMK4ik@5+pcsT~k
zRJvsgrs)VeZNN-~74&qq#7L11TlQ7h5>zGPt|(^ER)x7TZn$NzfPSN3*&T0z>T8ef
zl=y+l#1R`LEN74@RS9TX5Y#dh(X5HMvq*D$2|SZFDfj`;-mVK2-GJxGgE~%qn^ULd
z`EEi3Vit+D>Rd1ap?ZEdvIK4_+T`^{dL7XLsPNIZVG<IZYCSHuW22iUOyD7v2nS2Z
zAXLfRR5r3xLs?cv(<1y*YzS+X()hQa0XGqCXzC?f^|Fy?qTePElWU>M;Rf3b8&JZ=
z$M-xjK$_F+RFY9^w%&n-ZZjv%)(8Y@>5^WQeAMKoKKC&!XZJx|9olcR{=<_8M^==j
zm$c`chEn+qt@4tLCOh(@TAO#B^peyWwfWhUb%we1bi5dC@u0GVb9shIh}RRf8^R};
z>Di2ong-&xjA{{*XuEbl-z7OsY(*HW9JRsH`AUs}Eh#OlEh%JGS={y|9cEgA)<6of
zu)!vsq2;*pZ>f8w!)g7l(t9ow9D%A}bSKvgjfL@cCb&YCk6=`hJ`YL02`O&-q?f4-
zmGrS?93^I>FbLK~c>aNR_vK>(BZSV~0YV{RzQ~Tn-;XK8k?FzhV-}Y)mEIiG))@eM
z)>W8?VA&A~8S@+utFb|4AzEocC~*iVrRorkG3^LakQE(6bx#>+R}K^?$edWpcCZ!4
zV^l5^$!5?}1PX0(#ETW`b|89(1@$<xbS=)>_0vP+{)t```lMS&(7HbAHIV~;r>&G`
z8QCKg_iYZ1GPTucd>r;+_m;q{TP&dl6E#trx02+FHeR@e@R@+J2G7wuF337Hd*<yv
zLCzSk>XUrDmSFjBL8ZUZgvXkqkhTi9WZfBizw0Fkf_a-Db0|>|-iT3~)*Nx{RBqY2
zb9e`brK+&-$X?5Sdn%9ZeLW3mv{7;dxFJb#)@4%JDI-@+!?op^b>g~7xVHtq?EX5i
z9F0{_uuzwE-3URxL3j@tdPnvC;ns+M;QI2)!>P%*EvwF%<d@;ZbUnZe#YZx*RB9ju
z4gI`RwM$GyGzt3dmF?Rw5J%ZAf2vtZuGL&_YLURi;~yve8XPE3B)ba8XRh?5S(0LW
zDoI_QS>9eo8z>dRJvUr6c+U@1!f;r$0(-ab#~Bxxp<DBo>My%P(4xOM6jbMLP@V`$
zMLZDYjTR^I7V9?)*~5kw+fC%IwMaO`TZFJ0FZOZd2%n{X1;#t_rnqEbd(;O?#ZqbT
zuaOu@yG;+Kr*_BD+tZF8Eih4!A{%06*6I4336|u5CgNejE`hFrd*H*I9vKg0(Nns0
zX~0fqvT%jLpp+h9C&#073|M0tXxUM{#pUT|q|&x}L4rfkC(<frD5L9tLE(wGang1D
zU=!ALojv9x&j6$Zi&R?H1%s!h?T>mZUo6-#y~~a)c)Z+J9V49Vw;$ET#&BP$In`R5
z8p8$4@z%PO8UD;%yU2#4=8mbyx>AzW>F&xIE~GhjpWeH-i2LnbpE!`wWcxL0A*XJ-
z++W(TJBWJ&FX^DyU^zm`ne}jrv_v?vF67Y<5))Gz<<hjvg*`T<JzYH&M10BS){W+1
zsL*bss6jym^K!8+WRz7?XQq-f-04%Qoud~(!f}&&7Xx~OMsw-RQ1AfHp(XW*a1Iqt
zKxgWq1&x2Lh)lP5G;gG?NQBUe=G^Q=$sZ}W`qT^Q>Ciy&fu~~h6R~9?qs|i7KyPnY
zSN9IE$ZpXJ4Y}o!I`$^p;J1Jh6Ko&grq{%wFVA+UIbgzBXJg7Ptr5pJq^C%Rd@<qe
zXtw-$mkMm&Ejwftm%ucrnMJ4GZEuLAOKdH5d(8q96^CFMc;K@dPD0Idm}0@FBIO(_
z1Z_@eFr5DO^on>;k9OH?L&`LikL9}H;6d|#b!VN|Av6Or^Eh59H^`AK6<pe$m?>8O
zk{Qg_6*rUIVPZw*XQNs)k0<9uNPlfyl|8A&@rFWG!bG3qF#1+_035<YqLN%VEbS}g
zRgj%=yiPszN^Ptuse)9aSRbc~TuEkesy@}RV=<ZjwfwjDY->+V#><MQ1XG%_FUsC<
zK>iswi^?{1kZAS~t<h!av~&w{?JCpl`x@QTz%?uss!~K+;PaJ>@A$BE%wpd&<0Ti6
zSAvjJ`It2Jeb^OsiLCZW`$c8xc?9+1!OVo1G+qfY-pbT*`9wsZ6-As=Y@#`I8kt9j
zT%k>HNk<q{Ei*=pw&zU1EBW2C%D@ug9;NSv0OH@1?e)$-N%`*`oZ$R>dTV$+$>4N@
z@*PKRp?ek|Qz37hzWoG+Pv8Ds;z<<NZ{zh&xq^%+{<gK!!dU&<1Tk;$Mh<E=SUrDO
zQhCEwo`}mGzUieNo0*8q3%D!FQ$OitjDqUg_fT3<3Mz)w?kOhZjZS)!%sGkmy-6*!
z9f6%h^^R(jPPrBdI-j%q0vFq@^@Oo_iBG}h_9L0g9Q==JE$_2O1Z~Ut<gtFrE?B@^
zKS+`@ZYrNYyh?rB#5Mqn^*$t`(2KthYg=f$L9ruwlM=h5z8-$8bKZK0-HOfoLbrLm
za))oUA!SZ@o0Q$s4cN2`G;fQ0GySTPGzD<Rz?a_beRa+9k&^IHjVQnJ!0&#s$UX1G
zREgYJfD^?qlQYbcM=YPbZg3W^5hQyc=%MHsUaB!WP4KPdI7OJRIr$b<WSdMZzM{#$
zHrGA!xvC~yZCb502%vUZqfXRg>Hhx4mg{kzAoO|JjDFG`?f9|~Mk5%m1`@AEUev>~
z8-UyP%WVdjZU(Wj&69fXZ-<c2jUS#GQeBeaKQBl<0ucVc&b|UFtL1we5b5r2kOpb#
z?(UZE?v_TnySp3d?hfga1}W)KK)%=Cy<V^Wy<YD(Yn^r8#bTak_MWr%%$YN@_d^|I
z;xw(aw#qsX?tl_Yazz0D4*5Xk8TOz9vG|$BJ=_kb6P;HiPnEP}I?Qb2mB@Xt<JDW(
zTgK1bD9}-X9h=szDPuFC9riDu)8-p-`n`HxO2--bYV)P!Du?O^wfj^GH~8r*9+wDX
zw+zBNg3O&hR}$)ISxVh%f44hUDC*1fovYzk9x*n8jVymY$Ob<?6<QDJd#$sLkUjdu
zmW&+)SD)%owdvY-xGph+kYHsyg%D&iG`06FH{pRv18|uamZ9WM%Ucz$Fd}HhgW<E5
zv=P)c7I>>Xz@;Po>f2#8mOw3}N7POZ;|a9N3c`i#Ml<jq(!HmX1GcKmp<3d*Hde>`
z7X67d^fDltmJshJBN~FuHDllOyVk>Zk+%jnlT#gScc(zb4dXXK#04PmJ|6;!9~P_5
zv^T}$X%NVPLYX2`my}qUbImQ!uM11?D_ZiZ%w|{DZ<u=<Q1|Y0O*9K*$SvdMlhKKS
zV{WJ^<z|fb#~*U6V$0`N2?BDgdgB5C@%-Kl{mU81Z+Vrz-<Ju<y6S<Vg8A4%l1i95
zG-L>L$os@%e209pW<y&3EtyYD6iQWj?4p>{;D>Q1BQzwTQsuKE_4tyfZ{E!yXV+&F
z${#4bnY$}$xN1Maj{ek^JXF&HnJQV;abI(>i@SFAIL;dRlJf$>+tH#O-*pgOmY_R`
zKTuc-9?l<?lr3*Wot|35u6q*RM0XZKc-w`o1k0#Og!xlF2OUg+l)7du3&RSMNyq(S
z5}tBym!;c^d=OxI9v+x7DK+*sd}F<0hF)=cYk(RB@-&n@a1h~A)F)ey_stSDa{_k*
ztt=y#90Pn{h-?T0@D35B?2yeW6TSJoWGPKqKTY||+#3{+eDwrLb0d;ye0zG8PEN#&
zvoZ@8oKw@d*Fq4;jF=LtDR?Jy;Il4{kvLK%Fuq3hlT46N_(h9UI(*V^W(bAem?m|x
zFcc#u=5o~6y$PEb?<NX7q_d5o9v2TGm68ZKOqeMYKQmyW+z-sNE0Fig6I3*m#hQx^
z%<DsvV-}Vjx<At6DX~Gl8Q-HHg{?bDgdglG!oi1dQVT@Guky@A2^FI5nuQSpR}?q|
z3~e-l<~5vlW;mL95<=8Hc3@M4b0yf%0Vkmtvseu!9f}f03vtN^$J>PkX$~;NQ3T>?
z-YA74^^*DRr+27aGsCruNrW!ZnvYBq<RJ0|+CdRQZFpG{m@d@oE^w|wG;fz;qP+er
zUWQbq-pj1oGwDFuJIEv24d+TuwP2BHMb*!)Nwv<7c!;Q{%H>C|U*u3L3U;;SV=>d(
z{qFjeV;M}|sKE?_^Y9Z&zBXX&rxr-n$pUTNRKS61d7cecLvp|xm@HCMJdK$23&qZZ
zXhKcN!$@8he2nl%Xv@4@AQcnIP2?DNWF+!D>Qkf4EquM<CWV5+4Ch=1rJbPG6?rN1
z6nfxJ@*6Rzv=BY272V82An-f%D|zSIa)Q^-wxC2J(B<u*^j?N(y+@j)(PMQhN-;Q)
zFu6Pw4lNVJ$m5mf=RC9Q93#5csYKp4_y}5FQa}HE6uvG$w5Eq88;7*gjn)d$ru6ml
zDJNyEsm7=4(h#9DIkTdMXUqb}Gh69#*O&?Ug|^1ajT!q2@jCCf=HxM)c85J<iPN!P
z@F-qFV;~@I3@S-0hKB^tbxg}j5vheeV4xtNB5qwVizIGCBqS5Fk=Ck(mn2|a3yAP{
z9uvVNO=rdJ!@=~W3<Wz2UHTcs&nmELCFl5?UE4v%5W%ez3<(92q29eA41D2}5<L4R
zW~oOPabf^^@TuN;mN*b)&1|U}B3wS{KvO`Xlyc%TX-F5{aR}Bl0|6N!*6yz35=paL
zTZl27NAyq^NNsVYWCN>$X3<f7$alz%Y1A|Y@*H|2D4T`aWScu|l8%=IVyR9!%=AM(
zDL9{*i!}*pr>TTm0Rb7h5BZ@C#_wqnE4$2xKEAkcP%%kHp{g7WwPDq!TZbij_nH{S
zoGYX9L(T_Eu>|B4jU|m{jTFp^D@s3!p1@C1M1XCc^tVm*TXo>}eHPL&@6Ogehvg6l
zPL+|m_Z4oH{IY3{gJN9i&bE#lWjZ+oTVoSrcBVP^P;kv&NM%H<(QE=Xd!kAl92L_|
z4Q*dAP|Brp$iO+^+(5f@yoNu`lYe0gEf+Cp^z3Ziorh$z=N3YMZ^bADv(joD<y0=P
zv=AxH;A#sL>3$Cw5r2!;;xI}U)oMIQFwAC;rhaUH)ZV!xvWJs$6Q;k&oBd5Rp+}$R
z8B@&*x=Ujr&TiNq*rSEjZ4fTXP2^h=Qn138PRbY&F5}_v%xiDbs-ZK{&M-NJxgv4k
zjI~Vr%?abzeJusUv&*zXOVfu`GtC@EJaLYPowTBJxoWb{oSkbrLrhR?o0yVHVhQ18
z`yX6C5eoFvzx}iopHX=Y!#%Q3uk3bBbl&CFKwWWa#_<k2{AJm2?VX^y!|_1XuzR6Y
zmv!T+g4G)`XGd|2WEMQ>uw_??ggmJi{`ND_P84qZupEhllfp!J*JZM_w6S1F#tQsR
znwUpX$QAEDD{fgsxrFHY6(0H>=2KvyaFcax(WT2XiN7Sg;gE2{%vjQ`aoB{M7^7~I
zWOrR*JaQ$AA$dd+sT;|$E2E=U;m}d4)M*@WZ#iQ2=48#7F+{halAT}7hwUw%#NI|5
zc92(ILLVTT2(dN3blw*e*vOQBz0*C!s6z}-BMzqFxXM5yARX0>$Yqg$x;f$XB?s&&
zE8?pG9*hJ{@kRA}pk(R=D-Caf89FLyTIz`W4zB2oy;T9YCqZp$s}+ZSLxLuH&Mr-U
zoOGiWQ@Y7_7Gu4$mUc`_LS!)UTQ3ufHMtBy#xHX2@ew<^D@V@OFty~}hCN(T#JN!&
z`&IFJEZzkh1VHwb<N2C_af!U3%EC^0hR0<XP&PRM$|9j7<Y2Am6?g#2%O2<m$P2lJ
zXLrJQLipj@v#D}zaW11zFwk=qQE797N~;7h#z<WJEj>i_`>O4vxcAG;lKVP>3PdqP
z1FJIax?@bUNy0vrfuvT_Llp0jh^ZR-wo0mLD5udBbPQ*FC9xe22v#B&0>-cSbZU#~
zC7~sJ#ta)NZ<KQmE&BD&4>^Hm{Lknfna-ycg7`l@P`4cmb3XtZzHz)N>@qtPA>j0n
zQDBM>nwYXKZlj(8mNtXrw(eLIIb~}HTF8BNDnv9W^0GT|pJeNSg)8{!vQ_O9xOpzH
zSE~?4_(DS%CD)3yoZ-fqrTLh_kBZJw5X2A;bKI|E0zWMwPA-Qu%avW}dh#iCL8L@v
zyTE8%r}fv{>zm~7U0-pxPbzEdl=Aq&>7cOgWS4Yuar(ZaT+0ZmuDpRUn0z46+~E+5
zL0L#Cf9C1ELoN(tFBka~BF3oH#0VCvI>Ku{C)nxD^of-PKd6Q+!dPSMl3PT#ut+Hi
zRL~i!M?6#FWMt*WVcvt?N}%<6s=qR_RcFH~iS0W;Dl?XLfh3Q_@llE6PugblH>UIO
zCgnIE`-IS|mAz?o61`z>vuQYbBHyEE;o~4P1W4P7jUy>z<=$=QxcM@A!Pv76`};Y9
z2>^k+!vsORL3d=Coa4X%wlk)~Z})`<Y-vj43E2z;KW#=_nU<h`$Kl%$zNt0J(nbDm
zU_SAD3LF!!53+krWK=pv47<dGn2p&N-2LR$Cov+&6vDgpoJ+s`yG*lnqoIbex1wOc
zz;Zs=kQvf;P3c8_QU(!PfNh*u$HGWljnJ&Ip~q6mM8S)<&%O9NGrZSu5y>eo()wi1
z7?;H+ns<x)5btq12-<Nz2q7eB^5%LApvw}iyR37b)AHs`xl&WC@xwhx3}jdPW^fij
zH7#>{FaTl`vRnn!3+8aqIy4o+sALRCgkih8n^bsbpbGA8y@53-w$Hs)#B-A|j9xK_
zEpuckL@B9yc)dt0Ldg9ImLge(<CXdJEv}a}&!acb66Nle%;lrZJvREvlu*J1Icb%i
zGCv2}<O+`R@UUD!i|uPAiweDX3%Jyvl1Je0m%}M~P~ANN6Vo`r#r1m=R1-rB8$&z$
zpG6D(KIDxzjlEwTN}5h}VsBRs4KmTVa2GHe3O^d`beM3;AIsthSecFXbLYgt#?NxM
zW5`bGZ0M$*(y)GD-aeqdrcD3f*-G++$O0_c->)|!a*yxWg#MYuV~2ni#GyhndTBX)
z^AjW0b#UE)rI8;FLtSGZQq=%HxShlQ_Qd<ETweo_i2hH`uYpHCIxj1teb&~~2qsqF
zqMgZq3Prd;Q7$n;9ljV7HR+p*g7h{8#E*!oT740zW+m@vg!<@?8(P-s{iuVNtx<}7
zfw5OQ<16I!lOZRfXB8TDr|``(H>-eS+-q764{P`n57?cRHY_1<4wMkZ5X3|X92My^
zZxfVLq#|YTSsi2u>{8Vj+BiVjV~Z)CYJn_!5>89Qr=N%M&Cg1Qt8f->O1V^Iqvp!y
z_2c=Jqa=?Vy1BiZ8@=?H633@e7tx$%Tp`bC<X_T!7A0zg4dv&?P+Ux|*C@}Y*#~BU
z(wHyya%vn~IfbfFRkTI8Nzc_#e%0w>Um&n>hgk+0VnWOvWS*=R{idH4wa*AuMGT>v
zQ8`~zHVR>({?nx3b=5vbf*J#grc|(!4h}W5Znah)bE9(BKy9KRDF4t*bvAjuUXb91
z8<rFvc8rw;U*-17g1-c>;VvO&K&pBZOAh)G;s`kwDP0K4C)6WFTSh0yl^GJMXj{#@
zykyoD_OKqOA;w)mc%0fm)_t@5^RQzySe5lagJEa=cdQ%C^>2Z*!!Fs&_28{GxR?g2
zUAnrqNh9;s{S7d+%vPVB*pzmDkZ4+aeM63Fp5d^UNLhO~4+2H%n5&7_SmG5O?;<=E
z1PtjatRrDQXrAoSf})3eWD+e7{QmH*b1_D5R3|E^!{mjgee))!gT8%Fc!;t3zU=_x
zag34SCiOszQkYI0YT<tK20aFRS(U>JicH9o%;Go)Q{Mgt&EkLqAUMiKl|Iiws9u#8
zqDjkfoC2qJLhH>28jf$eF%_PFK##CmG!!6vNb&^-WubPC9r87wFr7woJ{iah0e>!J
zQRm^6v&qJ!%yK?*%9=Si=+84OsX1O)gP(XgC9tUOFT6{tb1B&+05T*&qRsnhBQTa>
zbIT`O<mvTG&cm=kon+T;F#d&paClnW$W25}vf6<6k^(AGD!Mwt>%%}RUhancW%l6%
zR0ZZ?i}}?dLbrFm<TJfke6Tf}2;_rd&!3XLsu#p$NYq>QL#{$WQHs-HR2_L6#1s@S
zL@&bBMquMPf&*z11MJaCll8Pbt^uYYjTR$;*tBQl$!Ctc9r{X=D(;bSdSwb}><@XP
zutqj>bIj)A_EI0UjRRYK#Y`9%nKcX;Zzt4wE%mFFN}KCE+88S>5)ya9coP*)3P9%T
zPU>Nb<ji$wg#2J5aC6=%8BTrBh}B1YY#HseGQZI(AZ?in_y{{ukIP9;<1!)TBd=B>
z3Mpi3O8$EEb{+cYWAO%&xZ9ROa`VwbwF?=i6i-+48M0zmsnnS5kQAIwf^yopd7GoR
z`wc``83lZ5Nj$2k4U-zrn1|1Me=S=_{h2t&+UzC>Ckfq8Oa{w%8Wp=XEjoK6hr}*)
zAvb3}zVJ#O{*jAM60G$Tq?ewBIm~suR%FZF&p5Utdrtwj_8I-i{z`!P3HbdI^^K9`
zonYS(XfK9oEmLaKLf4Q&M0NdG%Fwm3LaB2Q^GJ$LiILtdu|lQNUIvl+tBCHdmx`@{
z^ZK`8QdCWp+|Sc?)8_d3B;s{FD1yQ&6+ObOleFy%R8&(KKmlLllV)F-n^HXYXy_gb
zEj1o52A3f1!L4Vy4yo~F1Yy-y9!0$mw=8NSKWrom!xe0Jay~y4N%S~)x_?e1MJd|z
z0FCgtp7X?zo0yvsEK=qTnKzVljFY`dS}E=a46=sQRz^TpN9gx>8iGs>=D-KMMLdWl
zdTkyS>b(goMD@E)O4XLY^8si!J-jZ6o=t+cyOc3XNAJ}7v|}i}s=XhcL<{xW1rLH)
zVat9hZDh<&>!FwJ<AOBIk|^O6R0=}YG6wJdyv)jkA?A-9O-Y8daq)z(i6(hP+Mkrs
zA)|teNb7FQ^^#zG;u<HYOaTx|B-RNrZC-5eHttfYH56X7>n^iDntg0`|M_tG^+)EE
z(rJBvWj$xQ?L4f)Iam*??YuU~<&O=;k)>_-9JTn%Hs~*M@2439wKGn7sADcEgdW7q
zLKQTiUS_QgJnHJTCJKylKEPfGLdmR)36l?8$ZVKK#Mrj;_!%SSjLDqhoXiYOuet!!
z+4bG7H^ljMe8TlQ8MuJ??45{loY>@rH2gFLmg+UdLLosuuN+$))YF@nSs8;Nur&{D
z70`+ZP*!u14&^hbQ74*9(XA?aa%$&S7C8AW3=&%$clM9|PTM#>T^%;9PpA}XCxVRZ
zrIvz#KOew?MLzbNCD1*xyepPylX&;+7Mc4>B@;Qr`i$$wMeN?YWAjAx9{>Acp4rMk
zA{`P4C;<E4Vu71{jm4#GXs7qxN8&bBa2J#T)XyT8jsrxvL0$c}qrf#v8$ipwyZ$f`
z1|+3AB!d3>o3pDKb?>ciT3dqh9SRqMV;3Ov*raVkrm;zcz2h*RNvAE?x}CJ$Xm@zH
zGPcY^J8w(0%QUB_r+-{~{Oo!%cEo*s5&#a&3Hf-L1NH{#z+fiVr^{LOMGmNb2sbKD
zGG|$!WniF{)cg@%;8OjyEj-pn^m=?XC_@j}7=-kfugGQDCS9-fs351=a)cBa*~;HX
zCz+{t+0Le|Y^~6X>IyW>s`*;tQ**Ie3C^fi&0}J1vZNX?^$e^t&-&|{*6WTxx1f9y
zjfuXJXcgFcs^8=fZBW)J9;g$4A(lxoOQtPnNoh)1Z}c8!d3m@=9_1OhkEoWv5)y5~
z8K`EA%y6`?dhjh1q3V!}uM8HWkz$)6;LDy8Qh;dq+n4;XjGDX-454ghsVUq-WLUPv
zVY3kQ)cI43v|4gpud=t)F%Ks<MHy0{oATuc(_FJj8*$2!mJI50{dDcG5MU(A42X1-
z(xOTEue1DV1G)06XBMj{ncm1h$6hfknyb={G|F-+1aqAVR+nZX*C%F?b1SM%>9Z_1
zp_*xXAW-=Xg{iVhX`Jq+aJHtVoVx;ZDqo;Yvw?-F(KIv%wTIYb+DG&WsTs4PT-;Yz
zU$nYs+N|H62Q>^2b6$_5C&1QFn3PJlk2`B|dZxxgXpd4;TQWco7_(bi+ultAf_1!B
zuOW;(18GFGk#JU-ZNIGmYu2c3!Osiw2}8vIf!|9Y5=$C197Kb7j3G<GpxEjp2FzR>
z(-D@<xO$YzG*dzzj6lOM9l8McMMKrq1TOlNnH~?5C=n4!g)xM^8kv6be)4-5d*@O4
zfdZ*5WlC8~!)NvA@-g%o3jVk+Za?v;^@GAOFp0o2RxEf1?vr;_l@@L9g+#|?c!ET%
zRCFmcF0&e%psV#DWr(_%EskX+i9tg3oWmTzO)Kt#Q6#oDV!m0~c@2XqXP2y!R23~t
z?5RGwyF6G>1K9nZ>$|8>R4*wIYopo^L(Y=I;M63hZbphU1l^|?Ckuzq-y5lp!GP2l
zkgZMFQM?dV7q2U4@r0UIKXVx&+F+<EIxn38OW}x+v<uo{QH(UF5w5|mzLs>0b>Lvy
zfHPgAJe&%WE+g1j%%whTZ=FTFo!TWE!q7Fg_+8A5q~pS*YsgN%r<I$b^GAxU%x7C4
zU4UoFNJpulEnOBrpUsk2Aki@Z;&@m)54sR)_pVRn#DOK0AWLTzN$;B;Zy{-q+DHi*
zR%JpJiSb7qy_Z4n6mE^nHthKDf!>S+LFL$#7%3|ZW??!7)h5v+9Nk&(S>$@+kjsmR
zn96ayWR<{>JY_dv(pF#HqLP@^()Z1}CvT}G!p)oYN~JRlQBT1xU2I`Eux;T51`xtY
z?tq<Xh=Kdki1HmcCb1?c>dRqR<3lf3#!3!)1Uceco3*>MB=Kh)9N9246~~?zTHS$%
zS0Q1mNQSSqq&sR_28PcX;r9${HZ}=DotIEnHxKmlbAi5pk&~kCAWi)t-jyi*?ug8z
zvcXlP%eLNk5r*L<=WLD+3e0`Lln{8koCf5CEQPJsRRM8#%qeZ4rIJwc;VUdZHZ~--
zseS}*c+`^Ba&q~%5rs#zu&I>rZgM9S>}3b8iW0e89X4_WB3kS_zP0``@=SfJDiE#2
zm8C7iu(F_sMJz%Agr@Q+E02$fdmiMhY=E%Tp04dg80SwYjA4ZK^J2R-%~(A!=9GY_
z4xFCO6_e3R-p`-COu0_D=tRp??vJ}Q5HuYcicT0K@sD@2)!cv^8sANjBFZdf*UlIi
zN1@d9B<_JVlyTcLHrKdWm@AJLd#B(Mm<_^iMlwdP62190@ePH=x?iz*q3%M0C1o(7
zEpJr{_GuA%<c0zg-k!B=W`VsRn96kIq+8Qlb~+_b@delPwr3h1&RI_mlIqmKVD-t8
zAy6yiii16-sTl72&%xQyb5w%+gqby9nKx@4HkT49yMdu{d8y1{1>euU;Dts&sO;Om
z-D|rAX(!*1U}z7kq%WiC#6h8&Fc)FkxsGwUUfp_hN2Gl9K8c#AA<c%{gXWPqoQgI0
z3ifl;dMX2VNRX#X5_@|OM?2LPp+|4fati6axAVPhzaQH{&(yBleQ#(c5z&UR;_$dq
z=6=|E4;@DTgl9@_wqb3nYTNaO3aNH>e=1kf`9=dw>PRvz*b?`<*K3S*9H!KIVL|Ax
zo=kV&^CC|=>|LgRt|PxWY&N^@M=1ez=>3R1R?%qo)>d*x3i6d<V_8mB?5T60#0Y$T
z_$a1kL*QH`Sk^0^$3Sr!p2s>dmE?De2WMFHD-zC(_dV2FsT|Tijt&|AGgFR85;C$X
zG}=@Jvr{KnpR}Oi=dvMbTyU>I(@b5s-T}QvW9<<P#V+ac?8dMcX^XCKynhmJ?gFm$
zvG!90I03FqsyRY>dAC1f(>rF{m(r0>8d6M9x@pFO4$Ba%o+>xnv}iU8!?8vhetg|U
z-P;e++t0L_dTJ!^OYD`lYu^XPzGu53J5T)nIB5WRuX-1Tc8evEI>&w!WiHdPrDa^_
zNv130s`ZDIfduzz3&iZ;il-J&q;&@tk-I_m0Fe(sG=^dk%H>#Ta|nSib&xGV2rWc-
zoQ%pBdELgqPSI9m!Vaskt^1bk<}5m|HjXb(_{KUAqN+MzPY{GL--&gc^t)^BeQ?Sx
zicMQ~#G0qkfk+yFh1Y$I8hHeAM83gZ{VaefL`Np&!wu3FVR6!B2O}Q_o9$PDIhSra
zmri@Qv%Tkjq3YaRR%_Z0f8uP)EiTHLa))lqXv+1XH6u1v<QAsD%tnW6DvU#_T~x49
zADI1_1?@US$9Q=rTevZfYN!3j)#F1(X*LNPZ!dUx1l$~dzzN6L1z&m^K7Y+nC}VaU
z5L4q%TE;GiY|;o*!XZ2G>wf+ttLhXrjcbl0uGc_Z929o$8Aci1rp<dFj`OMTkF|Q!
zkv}J<b!!=4bUR7g*wD9`!fB^<fpAR>zNd+rs%{`Z@+{JGcaE>xyY;Yg$G@IEr5ThO
zMm*RM#cMaK<9FUO-Z4mcA+wYQZcHIwGv<n8&rP>>s(D%p8O&p@-dhc+exq_u;y!E3
zN35?)LUocVcxj8WB%&4fhDbSpWPt3x(g{%&tsCgYd$ybBC6M=@Ah`MFkE2e-u+A_&
zBIw&gDz`MO4wtPC-EX<Qw(GsZGDGL+&dl$HNAGYy18J9=lT&?u&7+U{*|%c@U-jy5
z)4gHG59(5&j2ewdfYlF0ARs_gJ0NRaQwCZWdy6(sbNglCn9QD+&!JBOoWw!NDctua
zQIORVEN8{)#bau1wY0QgeF&c;Lg@JTkXPhBdaYh``hki@#o#3JBPDrBcDNgPZ&cpY
zdaqQI?8vzo94~u@R!xR;;z>uANlLm^mcJB9A3wEj(=HSk#Gl{WCd<}k501e^M6}IC
z$a?zG!$TPEh+9k*OGI~AzFVO2VPGIN)E?BMh2WW2w*q1xx5QwOBt(LZ_3-szVw40}
zudg7o9j;+_VXdklVfX6s@?E-gW#WYmQeUXQj3*!5CvfnwPNzcqt&2EGmre+eew0Rk
z!ooyIn}isFJL64gM0gxy?#yNCgv4X=WcGAvR|HrtB0EVYUHSp<sW?{>Xs)EtQ%s+s
zQF%dl9(H_gPr^NFDccNc14!6GLl(G3iSecpUN+(N?I_uGn3H_&b!<BJ*GB+Dmoy~W
z6+QL@H7M%bP{ROHN9xKl7zdW2EYiu)GQ?25;+=%VH?~2(BzSR|i?MK7OrRO{0v?3H
zh(uzM1p1ntKIZ=7Xm@Lmj&=KXTIGCVtF&}WhV|uIr|5>CEM$v56nthMFnC=j_JR+J
z``+f|!8UOikC(fXm(xYOAf)Rnz~ap1r<B%5521*mowM1o#i7KDEh@W@I|t_%SH-JM
zMv_D;)HGGh457Rzc*t?!6r(rhanUFk(43po9E!msod}%#T|`>}bApT?BD$pf$kT?^
z5@>opq)CZl1arlJB$6^F2PQK`^ZFD<)Q_$3MetRLVoDnHBWQG+AW(}ACV?MqD8k?>
zR-gxjWnF#*^+u;JeF1@r3$2(t3a16vl{c54In{fmTVr<{MoR+0`(!fgov)lAqp%St
zD8_u@28st_yZpqKi6A)_Kev!?>yxF^_$ci428n^JUE0z4_yRDHBVXCv-a|C~6%#Z+
zrVTIFn?l+foeYl}@_wP`IY4R(+2!=Jw{I=TPF4jQsLO!g7f8117pK~|=7(-PRfJ24
zg;=+0px*WlYM}VYC=qZUg7ljFk!OM#j%>fgbiGwhsppOfBTo-FW1EqT1U~-uStYL`
z%rr0zSB>~mCcgO2$>aG59b8f05V0;M1X~f1&su=GK4q&n6fQ)3#B5hq;F0&Xew7dA
zlb06=E@-N7>haAq7`HfV?2!9mxN0%3<}-*Ho+5r>(bnns^kDXhU|d+IrffiBz1HkJ
zy+xNcOVA5~FoWEwsPkak^zE;vU3sY+EPUAdXWG)qFf84yPy~m(TXj6=G9{I>ybzAG
zG2|IAdfq&TNCuwt@_;A9u!(H7xx0n`Fy=|CN*7){0=BMl;ZNj_ENf*wj^M@HFSp)i
znlvadaIN{;C$4PA3FNVw8xCJ21BWShC@#qEU>oT3<ukamo153KfL;Z$$<{DrGvZN$
zkvuKGCNQ!|Yl5!Ei^_#S#eie=#TDTftOfq4CN3m5LU$eS{ov;tyP5F-Ki02%yed#k
zHKa8B2+N=PJkl7cJE7onIi*b%feqX_AiLLglQ2us>k=|Vm|K=iCA-SIN8OpD?7P8x
zzY=IQzs)&O*=l+??@|wtCp;iZTTGY7{;qveP<-zrXx7R{lY$PPN#50+NRf!24pL!0
zxfVTp2n_XR#*}}R<DU<4oi_j*r-ZIDW>OjX7+12qF|k@A-1VlLCXOt8*oJ;D;}m=w
zsMqI}=her8DtAlYrz*_-1(KFew<u?WqzC#D@OVF{3)NavvqK-fGF)j>>T1G($Y}Mw
z-HSKLxgV|4kHU}B3pqr)fgL{>BTX!4KsjAm8!3Q8MebFl*TU;&W3nq6(s>PmR%UkN
z$ntqI*m7`ROfl$=PskR+jIR=FxFza&o~0wC|6R5M+%*~N%9Q`Ktqy@h{SI}PCN6J%
zpnp_&^-7ORF9CLSVidC$r8e69J}A^oB3x1zP>syV`DX5YM%61rYE*a9GLcmk_f`CC
ze=mhkdW7y0O(wzthxlr6Bsqj+)JU=xn5q!y5SX9B+=!D=gFv`+4Y2&Fgpj%ONnvpv
zHDKerF_?oTjJb`O9A<b)wlTy7U_N2NYwHJp^5MBj9qQp?q|S35tAj?4fmv65f{x6Z
zW$I=ihFm4Anx<##Jg|t92agNd#X?^B$<g)`xF&zS<cL9Rs_0y*i$XnG7f6>aj<TQZ
z2U3IaeuFeYd-_&IB%tXDr1=?HmZnbr<RI1fq5?iNCsztrzhhw3nEogv9^F{t!>7vg
z5c=V91DI&~?1lnC5l7j`=2Ps3i{hqJY;b5zjc-?|M|R0*MENCiMB@}|OGh945UVN!
zQCIK}n;2dwZR6Z>k)trP!^I;Q(CrCa<lm|6Dv|nLX)MWhsu6QhFp=lUEngxPxoT#D
z%7OAd^LGNqes1Pacv7H-BN9BBBF5MV%Bdyz82CBtL-Y-&u0EU`w)<o)!ZsTJI7eF~
zVR%(<!W;YN=`W<gmtYAwhCVgXv%Z;zSk^ySS}aGdC5KDe`V3iHax$?4`lgGCWw|DN
z7M3p;XN1P7q(uV)e<3$Hfm|z32Sn6PW*oD{$|NxRl`lx=WgP<+TDda~&1xa=^~lAF
zH{avrTse!H<drJ9KvIZ9tqGp^+BW$mWL&vxZNOLxxDYEZ@iq>v80u&)C<={;E)U2~
za8|Pvh5o=Ag({7UnD0{r2sk=In%V0kF&tXhmYk(UQTYDd`lGM_R#;rr$If*^ELOu<
zBk*aA+D_2gcy}At^<2%B4v@R8T*lQ0HR1~?tkIX9@Gw?^9N?BEF(mO~U~c#!sGmv0
zHf}^p!fS=|b&t=q8KWs>@8|G7@L!y2_e+QC?d!Q)7`sZZvh}=`MXiN7&yJlft|3HC
z+$v{++@Vy@tWg=gqK=u8b=k$cRGfQ{D{Kv1R#KoAz%)4Fig!a<R2E$!v+fR0Ai1Ct
z5a25u$Kdb;>GtJY$(8LLI+eYam^g@p;;v^<x+Lf(28BF$QICtS`#-{p=*@jv+hFs7
z_caG+-)Qne$uElo-s7f?08Z-eiXjm%vn%1h;qEJ?n^uv)gw$^&gL)SZtqwRZVhM+?
z0TS5Nieg13hagx}6eVb*E8-;<ngyiF<z>8G0DYa73j3l3kkY97h4*+;ZnCB6`A0JY
zQ+eUkq!@ZqYCYkl;T24-4bAgY!8DpIZhBmYGRrLSYBO^-%$oYA>Jci--HF}fSdJ=}
zrL>sfMUay34GUFNGAm!J*RG)yrIqwpVAkZxM8^&;6G}hqf~e{@k|$oJw7D^{q$Dsc
z%!Y+_v$;Ee+TT5Tn77=PBbhxGvg_M~psXWTi;{`ja)vDcgWNPh?^=^5FK~ie)At5j
zcgmwhCf8jhC+H}RFk_9W?$3#?BlZ-J_0~5Tsok;aP417)H5K`ct3bh5xvMD*?2O)G
zyH26#nq|)SAi&>4odwAR)H0QZ24O~S6{0qidUom{?3&fBw5Z0~<<?gL0+MSUh-jr3
zP$Q7&sgHI5_#A8XoIAdvB|GEY_VD;y(3Aj=Fu&J0Z`z`cOH|DTkcgNp5W!QL_2%;1
z5~b~1)nf`TVuiBagvyqRC|h@|%}elt=Yp+lgF%5PfbU~Lq>`{oAgx0$anXT1=o02_
zDBTbrLL^xRHx{D~J9a-%HztG<DMR=8-g5Z~63lPXn%JfGY2}nlkad5;X&@1pafz0i
ze;wi8$TLGVw@lq;-rMGsDl9Q6JgEd`H)WN`UZItF9P?a9z8KU}<6sZ7Wb_<PF_cM(
zzzkR9V^}Eez8hFGZnb$xeCyE}{)-JoJ+lmpspGn8^|phWeoZyb$x@bnX|>ix>6>HE
z0dLGF%v7BD<WU+F^1H~Zyue~Bmru#U^FIaUB0D}MfYWGn0313-Dff_<pdRaIq`j$A
zVxW<08@JvGuBUlGEh`NJqEzUl%U<*6d?`kr3pVMzoU6`PD_2pQoM7JKuljzo5~`^~
zdG|~ueF0D3aU`YRk}P+%v1?$IUSZmr9<NN5Sy&S7BjqHk<4N{VJabW=?;%(74yB1D
zp=N%RNYgX+B*EC!@U*cMs9aAok4zghw?p4i5=_Y%0>)547z9i+`e%_0DXMsCHdhw8
zEg%m$ckh{Ko0-q7bnyE)XbD+DmZRFyi2-{{PjKm3(^+kj=NRgZdCD|WltM$x6>rc=
z99Igpa$BB{zKmo5!DvA7_MxgXey@Zi5Ig71aB1bkUg5A?Qsc!K7W_g5h7}>|crM!_
zev{bPgN>g$UbfB36fyq3A=j!wRc*8fwkpv1`McA_xV+#}S|hPj9YidME5PQM?x#&7
zm9#^ZHbaTva5KzTxU?l&*TkjPM6)cV-V^<U5#|a~>{@SLi<B}?9KMjYi+@Tzf9YiS
zQQDl+spTz7qVslj8SdOf*t#9gv8eVb<}~d3H3=|UYA4OXyXMYo;16T_dQzIH<KPO+
zgQ`6a@5Zs1lI$~sn5DwgP*cxaSWIe4SGBF^u^q*;EbSFbrku0#g-$DKwrj@pWPAi@
z1C#pp%|0r@P?l7o!PSjO9-xy+1n4qaXA*V2eX}xz7`Y{bs5YWo8)Q-SD&Ge;otI9B
zmD(;@jAwQ;LEUD8)q1Y1QH9l2ora)9p;!5Vk0wuJ>GL9QQ>$DZ&9QPW)j%0*mF5zt
zS(lURND(UILEYp<RYa;0jf?UC@KTgavWvQO>H<GM85fW{N5PZMnme>euy?wccm$RD
zyI5k(;Apvp`JTgQlo~IBrwX_~-@R=vvbx++;B|Q)z8);C$;}b~ooo{L9(TtFg^SyS
za66(kj6k{kzWEhhX19ZIf>e8vpJ1^o8K2;R4c;chHdv|<N9pJ?#Y_1CVR2~Wa_BQl
zp(sJdH!BqaEp37}Qd6tlZY2sUZ><x&!=ZPs>YLkhIh07-=1R@50q5vb+shB?Y~zcB
zAB?(8^kEz1(@xMxoyyL3oPbsd_*YwoqlgA7QT?&xpLx?rq+%8CR>-%E*GMnBBFdGT
z-|=bFrdNDchQgJaK3>wAwwfPM#7)aN%cS=ZV3HCijd-O)ChsZEhi5XYG3>{@=b%WN
zC>N~KKv35af4y!8WqG}>3>84LDe4Z<G-O`BwqhQaYgAdcW^}#IGt9x!pLXreZ-`tz
zD=kDip+9*rx)}n<z~ZM?YWvZ5iq>OB5jb^UI)pKW{iWpxM||h79&`5gYID>#D`KAm
zBX5oN<y7$J-=lG0Fq9sudW$R$z=#uajcPBpnYg~Lvq6Exi=;kg*>!0kQ{_xjTgq1f
zpSX(N3uKf_<*&)R+X{VnJnB$`qKHStCb^#m<6#{mk|k3|KHe;r(@@YaJvn*1<m7Y{
zr)(U)gS!rYA>aN?XB>ye_qJbuMX5V~Yb8A-l%;G{443AO26n9Wn-{UQ3VV`BR}dW@
zX_}eO#txU6t6P-kB@Dpwh0@9|+h?yMV(uCWjGJZ%)s>v7&y0KF(HG57o3bNEx|b2~
zLsZRhSjfA>DsT`FHW9Nc)TkbF5G&_SKT2=kya2=og~i90QKu&8YV-j=YjHWkuBhYg
zeWH&WN<AUVwWG=IdkVLvj1Ys&G_T1|hk9T7*495{N4csFCT<p`PRbEfFKYRPQFs-J
zKbr)|3)`eJS3=(vul^t~a~yHy++k{GbtH?iDi29Y@eJ>sEy>#hoX^4CAGsD}7?Vpf
zydTU1#JDZ4)-0Z@M1TBfEXy77@m7u6T9uRWVmE+BMwcfMY~J~~JNeQ!v4f1>r_3E_
zF=?o@wLY8mJq1;mtdDp{!(+n(wa{W3Tsx^Jsoacf$ZhO5CgV~pue=geCT6$;Iulba
z_TY|6T3vk`wU1DE7)NdwUI`b<bX_(HUvVu+tMX=&-)WjE!df&eG{5JM&3s)KRGIB&
zdLkxFeO{tbygqz-#fEfMk!cg6svV7AxC#4Fq(j4dkXYbKr2mrkMLEnau}7AO<1IJZ
zK2u*q&>2c*t|o$qBN~%TYwz^i2*HaAf1?7ySLts148gNnaK=LY$4(+Fbz7;Cn8#58
zd~PyZ&!1t<I-g;1hQ@OTbchOW`v!J4u{(b9U(rVovL0=eOhSOpvV#^9w<kvDkGwsf
zHLFyec5jCzx>0sk;sM(nqYpP#ZGI(CXeaVUR|!9}5xhas{0@R$eL3mjdYV#U9KzF$
zMs?c5oAUgKGsSdUXBiD~p3y9zwL6?Mr_D)4P^<!VksWb&!^JV#JUCIGFeW^QLSlEY
zMBwZWOTS`t$n0hq>|&UJUXbG@f|}d$<f|bStmFp6c<p}SyW0<CpU{nx8wydajoBxy
zrFuHr-I`)8@3ZdFn6BKK{Pg@;O5WbJXt#dYdUaLVAkQoO?xSW3*n^d}o3RbCkxIL_
zxsvZW|5<Z~+}_{!EJeKjpiVPa$a@G#Y83+bp!poIx+Nu~$VVe4Elg*r>ttv}XKGDr
zY@n}C=K@&uqA}2Q(511lvvx8y0Hn*bv9_djv9y>~lCxf-NATKHaWRRMkX)8ZDPfwO
zF~XLYh|W@YskH}`+Z$m4UQ}@0aH97N0V7VigzWg~#>CpHC-<v%!NgKdV(3X>a@Q#?
zNOvuem{P^TeW4q#d*<7fwlI#V7J~N(=c!@Fyp1tvdCY=RuhSs~$cUbFGa)E&kNaro
zp;`eAfr6XbNEBcIA_+fFS4$*&IzmrQ%Fn(l^+<^shBSb)5^lQ_gVkNOJTI>H5-zkz
z-rmNv3@kI9h91{l5L4WUpXmJo+uPBl&9t{Wc9;bPIyn6Kg>`en(MX`Sg~+JtFOC=B
zO=+7Q701yC1Ojy#@mX72^6`7LXP*slzQn9HQejRoj&NQ&OrH!|PDKRUrABzGO7=o0
z4soyFhc$%paLKC<<3+D(@{FI)RzTy2eit(S91v?k^$r`LX=O=_h6g5X3NoT45SFrH
zWka9WvKvf0oH?*n*)vYTJORcVrY=YZE>YAuuty`)1??|)DFco~#%$Dyn*(M!hwNVC
ze`voPVy+E?d87Us#X)dY*m#Z47bTgm+UNrwm3Ws8O-RZ7b0fIGhBYx%ffNj)b0R;S
zon~mrA+Ba+Hhi80B7s+8Z$W(}p-J-|WJR_F2xUyfGUcAAunVnWG3dJiyBx+-F}uvC
z(C1h(UuA1WEBl3(rRC_eh(fP|HB`XBPPz18=a1L!!QCWx-<ga%tZ!Xo8{k4xts6Q*
zUEJ)l=svb5R;W4=c!eTsSQzHRPRP^18|O{rg}rA?QBQ42FKj8dMwm`&Ywzl}e%cH=
zP~@##0DE5-`}sE3zD{e|K7Q{YSwp>J`iAFl18r`wGJW7+qDp4Xb}D{flI0`YD<6vi
zXjNO2YYVZ3&f7D>Ed!<x@a@ru21zg#v0X|$m`y_u?D-e+P@x?GRkKBGB@1VM%#S*y
zuwHAO$xJz)A5)poc%H|5C$e=jPN86Z22X!c%T`$T@kafnvGNu-taW}(K;xpfeQ(ET
z;|2J)Z2;K-%aQ3PbrS?w%$JMpKU)sKi~t+|983-EVTa_Pyy+o;CSRT8$WHCSO+FW#
zM-YaqojN;w;Et$^C55M{tj)G#h&VM>f1(aJQp8YLKtyl8va7Oanj4RHM7y#9$RG*~
zg7O4#HU_Xj{iSVy=KNIvhW%$j06PAX@cWyM|4|JEPz~aL)q>2I>*N9dAP2YrfBmcE
z`8)&s{>wE;@kxsb3n?hlN(uj+_{(DXUsV7<0AV`*EMJIA0l!VH0Xqx7we-gdUsl)u
zC|@d!0)7H2{LlUTsut|mN<d#~o&T-Y7pL_dVb%|-!TPQ$E+FaZSHk~Q{o?Qba(91k
z!jCwl-{C0z635Qa#@gQ0!P?ICmreT~GU=C)hA#Ss|BGc}|4Ya(ISc<NUlg_cyO4iw
zV)-RB!B^z}^#K`RJo#ruT3Q<zTKp1?=sPrnU!r}@QU9y%A^Z+6@0WOgrf&Qd9PxK>
zTfc<+YX{J;0I9wMBmvmXKWpzVz^^-O{|@}4=>zub{#m~CxFrDiFB|@2c>h&p^sjaQ
z*QY7}xANDy!LL9lzXO^0XON#vF#f>(!#jPkxQ;2iZm2KX2B3U#x?fA44?5_tRQ5NE
zlmE;30C{$eOpP7wbic#^B6<GD&g35%l^q_`_5l7x8DNdNU+Dn%JRd*6cIbcZq~Bot
zhnDa=npyxRS3hr#s88jL2*7NG0802W;(RT6KKlSI{Z?}TNw&T*|C|Nw91k}U8VG0^
zU^e_;DFF98pFp(VWcfz%otl5n2Y#^!L;!I8Mu2auEZ^~Y68$!xy`zPLy{xYBpZVK=
z?8whjLEa+(t)T;Wz67fITJn6(08i*|Y3`d$KNmxMG_1oNfExk0Sij-}?s-1&w7*I5
ze`DkPD2HasLq<K|3Fv+LN06GYJb6BAze^(KU}*VovdFVi2c*LR0U?tE0a1VD_@69C
zfF#!ctS&*ofGPXu`@zq(BpK)r)C&;68eqc$-yu%}j`aRB^52HIuj7&EADb(Mz7Bpr
zC*<&f?L-9hycobmh<`_T%l97%#S8?k4eh0^9fVu}$BO@j*PMvMbQK_IG(b?H?|5wi
zzUw~;Ds3&L>!5F9X#X#i*uV&x$6p=}0Hwlrl-0ujky1d{%F5b7(A3`E(9+aO*TGQO
z+Rjq<-(=?Y%kSO<G@uO70IBa905A3*8vu~m&_Vah1ndvyf0KO+5a9C_fHDDaeK{Nc
zwdDC|O8iIaf44$G<dKhG<&^%)1i0t<uu1+$vOk|F1xFhjYdZ&kcm6j)6^Tutf9_@i
z0ZsX>=jz`D)DQV^6awf-TtG*DuT5o{-y{*Uaxk>B(zO5t+xwTtc8N?-Ss!4bGyn?)
zII+J<o(~t`J>;Jy`n$9FrvbbOGJDb<fanLfesE*}3;Ad4e^(LB?kR0Gzzc%{=2%RB
zwfW04P^|bX<UeM=-#^?x_gqkFLo_mgP7na-=G!#t3qu*;HS3?-{s+SsH~({71W5j8
z_fSAU6L^25G5^~5JRbqgf5!z3=njT14nK#sNMbT{0pJA#E{3nTfP0=#i1EKe|GUyl
z#t>s~0C*k%wS2F1d6R#~|Duv_!61Gvfzy(;|7SqA4gy9$iti*yHT`!6fc^d)HrTD?
zpb0QX>tp<Jj<at4E7-4ZH}ZzIj)wLQznmS~&%u(d1D+K>K=Z$!9UlAtcaDFusDzK_
z1z$q`g#xbcyMXxh@38!PC$A&NmjwfSK{8+t%J*FteE2Pf?{!5Yuj~BhUw+;-Z_&oi
ztpI9k15keNBId$>CD5NQiVFIGb)26g*L`pa{PLvA0K6!m-~TFkJ`qvBi)<ilY5{Ph
zKPL!ldw)<5XnG%@#{u)Qze=8uM$B&z08H7y^jiqjALp7Z`(6sp0L&1;^?mbS#{UNT
zzjt&6Sd!CoK=YFTn*X*o@x@y_0}SK;?BM>?{I4|gXuF0b0eD5DMEr4@nVa-0=)c~s
zzXXo?-bsHSJmyDb{h0IkYhUE~$YlOD;g{k6&spuyJN(D2gx^?@i+-EsXE_Rg6z9jZ
zD&L4&YJZF9|0Y@ak>bbj|KBK_ntqGoPgnkZGJqdhevB9Vjit2f|A*!0(Sv_v{V^`;
zH`W(@zs36R#`9yi(r*+``+tk#=fO*Vl;p>lOW$Y;r+$m(R}q+gB>VCF{5LYumER)!
zx+eDT>ih9X`!_0r)&E5G)k*yQfcuYf{di#T8yVg9Z;}0<<AZ-^_}L!yZwz=JzU^55
zd##^+`}<bw9tilyrNXbPeLq>K`}0fS-{F7uf#e%J3+R7^|Ms~=R^lnZv43&v0ziit
MKtPiKEFhr&2g==RPXGV_

diff --git a/local_lib/io/gdcc/xoai-data-provider/5.3.2.1-local/xoai-data-provider-5.3.2.1-local.pom b/local_lib/io/gdcc/xoai-data-provider/5.3.2.1-local/xoai-data-provider-5.3.2.1-local.pom
deleted file mode 100644
index 457991d699b..00000000000
--- a/local_lib/io/gdcc/xoai-data-provider/5.3.2.1-local/xoai-data-provider-5.3.2.1-local.pom
+++ /dev/null
@@ -1,72 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!--
-  ~ The contents of this file are subject to the license and copyright
-  ~ detailed in the LICENSE and NOTICE files at the root of the source
-  ~ tree and available online at
-  ~
-  ~ http://www.dspace.org/license/
-  -->
-
-<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
-    <parent>
-        <artifactId>xoai</artifactId>
-        <groupId>io.gdcc</groupId>
-        <version>5.3.2.1-local</version>
-    </parent>
-
-    <modelVersion>4.0.0</modelVersion>
-
-    <name>XOAI Data Provider</name>
-    <artifactId>xoai-data-provider</artifactId>
-    <description>OAI-PMH data provider implementation. Use it to build an OAI-PMH endpoint, providing your data records as harvestable resources.</description>
-
-    <build>
-        <plugins>
-            <plugin>
-                <groupId>org.apache.maven.plugins</groupId>
-                <artifactId>maven-jar-plugin</artifactId>
-                <executions>
-                    <execution>
-                        <goals>
-                            <goal>test-jar</goal>
-                        </goals>
-                    </execution>
-                </executions>
-            </plugin>
-        </plugins>
-    </build>
-
-    <dependencies>
-        <dependency>
-            <groupId>io.gdcc</groupId>
-            <artifactId>xoai-common</artifactId>
-            <version>${project.version}</version>
-        </dependency>
-        <dependency>
-            <groupId>org.slf4j</groupId>
-            <artifactId>slf4j-api</artifactId>
-        </dependency>
-
-        <!-- TESTING DEPENDENCIES -->
-        <dependency>
-            <groupId>org.junit.jupiter</groupId>
-            <artifactId>junit-jupiter</artifactId>
-            <scope>test</scope>
-        </dependency>
-        <dependency>
-            <groupId>org.xmlunit</groupId>
-            <artifactId>xmlunit-core</artifactId>
-            <scope>test</scope>
-        </dependency>
-        <dependency>
-            <groupId>org.xmlunit</groupId>
-            <artifactId>xmlunit-matchers</artifactId>
-            <scope>test</scope>
-        </dependency>
-        <dependency>
-            <groupId>org.slf4j</groupId>
-            <artifactId>slf4j-simple</artifactId>
-            <scope>test</scope>
-        </dependency>
-    </dependencies>
-</project>
diff --git a/local_lib/io/gdcc/xoai-service-provider/5.3.2.1-local/xoai-service-provider-5.3.2.1-local.jar b/local_lib/io/gdcc/xoai-service-provider/5.3.2.1-local/xoai-service-provider-5.3.2.1-local.jar
deleted file mode 100644
index be8b7b2fdc3af2b053c44d73e7f93a1855ff7481..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 65917
zcmbrl1#nzVvMwl#nVFee%*@Qp++t?7ShARz*<xm9W@fOMW!YkBJ$K%`JO8}5Gk0S<
z;zXP{ot5!bMOMO>RZ6m8;IJSd&>$cM5!X5(|MY|T^DZy0CJc~PkYH5$BZmG*4En#s
z!fiI2RQ~*}{O9@e^}ogBg%zYF#8uT8<RyN}Pfg0n0vP5IWC64@Q?rdKOiQeLN6ri~
z^7PX3^KKPQD!20VveT-!&hRSGV>I%!Q>siWtn;h~N6xg<Q_}OlWX4wz7^LJOt=UeF
z4vs)U{)XZ2P$%8~3Ki@R1}lgE0{MRz_%pq~30Rn!n*JLpgnyFqbTGF1C((ah9D;up
zbpblNTbTkKogLh*%z)1SW+=sf8fs~5Z)W@dPlcng^B+Ji{{{v1e?kHD{4*O@D+l|3
zr-kG{Y4NnP{Wl=U{?l+f2Q%QmQ$YHk6xbSjd;J>#|8W)mETpj=(DmQ1CHa3sVQOmy
zw0Hd{9RF&-f3r_l2gCnhbVz@s{`ZcwGj<2s|C7ppwNR}8Q`pLZ;a_&ZzYYTYzYqEw
zHo*U~a=>5A{J;HzDTX931Oy0(`k$R7{zuh6w%mWs>tA=sKg?Xt%EeV4=xS_c>}o9G
z;B05?>LT^`9l&5}YwY4ut+DQmCW+2(Crd~+V$O`6j37nq34|vh*BUaijUeb6c8905
z@mZ>elwdV6C%>$6cn<gdQY%f%EL{%k;3cL0L7o>M>EcZuViwIwol=^%>37{-=CIrI
z_5Jac2xMoVm4+>UUT8oJRUXvGVLY)(?+l=m1lO8O0K=y5$VY{XY<YQ_En9%o312LC
z8AdaA^t58K(o#)f$fHpnlxSKhvX_=!1zXjXr(VPU!zV$9bgo7m1ED?keob(Dp1Wn=
zfY-oM9x*nx)y%yB!w3G7y&mZmg2BFxm#VvJ(tQf1$O&V-D*A`I;MgQJK26kVntuK8
zMkxg(B6QQR7zWvBGi0z3gN-~*Qvq|RD3>j<-2p@wwWGP{We~iXfjBL6^>=GcV)b&I
z?9J#3H{r3>NzdUv6f{XEx%@`NLSL3kjC=0N;-JvE%)`g0OK0KvRyRwuQ^HLaF^Qzx
z%x{NWBy+y2-<);GiFsQB>&a@H50WT(=4gz#a<4EOUCWp1fmJ%IHjW;aa-81q51CvL
zviTmm#uBf~i49RGSG_H6uNStlrpdgL-6G7H-#{sTM(-?wo^S@kv1|B2%MCZuJnSRn
z(9gi)Uu$Uw&!GBoS+I0>$ul~$WJlZx{v4GDoN*@fLj;CkDdy?p?Yb$Wl-Hd~*w~F<
zj({-WwwakAr$Oit?MnCsEKxLS2L@w++1zVOY%)dDLDpn?YL<1ixcMSWZPXCaf)&MK
z4q-R8_w~|Y>7@)n*JNN1wh6(xO{2p>Wa3s_n(CZ;#AAXbf%>`iFdXT}E~Bo;;qSs#
z<9T`LNaqfuNV-7oV2#;&8nM6P2riy0D2FN|^vPAHC9ww~fxomy@|~v?UznLf7zeVF
z8)L4z(Z_?^Bq3M(z>Pt~eH~l%aG6a%{Qk|vUl^h>lPd7tv<I-wjl<=wmmw#{9WHI@
zXbQ+Wd50%k@P8ovWjku#gAMcyJUfY3JSWpAN~<N9^;W$t+fhJ3(;$7?>qt`-DzBiA
zowMdrazE34FZ{TV0n*$RN4*9)TdwrDS$HIFfNxv`hagE%D21(-ch|lDU=eyt&5+t?
z9R-qvu{%l{?X9;lBd;7K(%$&qRQlD>+G%Vp?Tla6)egYqrEPz2zpH9C&lXpd7!HW`
zecUQ?3(qb!e={+vtc(>XBU9`xDr@5S;<EHpjp>I>srvnWbKhOH8qyR7558kGgeh2*
z9woXyOT%iPKPu-_&WUBRDZt^Z18IJ_8}tyX=?$B)bKHRr_nAKk{DLaUh{$=#U?(8%
zmKpg`pua2x?Fl~d0*3Cx+(xP84aDx}qm$#CX47X#n#L`ydY8cbFIF9I&AH_~&w!q1
z*8_o>2dc$!jIL+?-;bv=&%3t@U^TnC?`37ZG&xUb(`Q4lVGHttjwInw2mAc#$&`!o
zbe@bkzUBMorfu!v^z(5Cu%*vp(~CmmEd)tpriBX%>Kj%c_jkVSITcNdt~#oYk>Uc5
zL7r6YMM>rQRhAu2IQ&C56cR|Q?#_~ozBMc8F>}xMHHHE5HE|~R+SCWnQu{9S4U*Os
z;0%pYGYLKBTY<s4#jQE7_Jb7Pye6hAri!LcqM=MvU^C&HaH+AenH<OZ>iRoCuRaHU
zOwp!Mu8xtwM_1h|<!y1HPG<h95vx{Ggo-F<6{d@9!wVll{hV~Vf%6^b5MQ5sg5A}V
z`9%6_{`Fek&aDas0&<890>bnE#m}k&|HZlHXzF^Ptzvw{0+<{4z(<jTsHaQjNGDlD
z+aNbdkWGW4Y=e(@n5`CLOTP0n;nEZ(FrQJ#FLHEq%4brtb?<JKvQc1#;AP$}44+%)
zC9S^2)l_xta+BdnkHH=Te@}5+e6`qp%>DX#bLH{na<o&qDPLVwN)p=!oJS$6v2;KE
zx`~;`ZDZmI)aJ!*^*0i1(?}=f2C{HgSb41bDX7n77jw?ES#*1s6`uHHRx_(c|K#k3
z_9Uyh9Op%R>1APF%iBTyo-VO%yEYviv4Xf0-ip=foD(k(1giX<^K;b^Hkj9H>oK*~
zX44T8SIg1;dyl7P1&xCQ0h<I85(K@UN)iIkb)Q5<`u9HUO7L$cXePKE7f;wN(3jQ|
z`b_++7SE}gYzp+fuwroPM6Uueabd)2#|&H5`-B9K2WX)B?8t%ZPa0#>*o~>2>THxx
zTO9s1MlfQjU1W1P9aaJ*&m07KLuJrTE59v%qz2#^LW}?^aE0|Gu~0!T_$sv~FnoD$
zVozqZYJ@D#y+O+SX5GtDilqto*GTFNWOy`YUFrSFRsrLf!wOqv#%ZzJYh-hc6-KCY
zRorx{_h-q6ce?F8bV|Y5qV@$pRM94<ep#(i)s;ZnGo0MM&S$flXM{wVFkYuY>;?3d
zdWy!^z##a6b_&W=6rx+v6e^V8P<!76h*`k2w<^@~2z$ox`ALl$^9`{SfSfIPiZ>=Y
z@WSS##_mN#2MN<SYtr7xH*Wo4frsA3=6IiipD#8*y5I^U+2ByU=K~&Tb={rSsN%-L
z*;+Q?3^PfvMW1t#ILL7*kz!@j%h*9$c&Ub_cwr>|k`akMlalq{c7@u$%r`yqRFHYb
zAwcsCq0(1h|2;~iD?D<1oTQY*qp;6RJ9W-gGsi)nQOnaq_LL1$_{7(f-@n96;l*<v
zC%w+kOBDxn(|RJcDfuNf?pnS~u&j;72DhOU$y79$I!&JKbT3X9$(laD$MlLTmI~=%
zCHf_1*7LdXI9ap>AC@N<<aJnwHA_AX7Gk52`gNrAyfTejEna0e2f@~CnppujfmNGj
z<7g#6Xxr>qq>kqT>L+j71Dl?~CviAus1BkC`>;db7td?M<F2uf4yRXuGP6I);-Loa
zuRf~E;=7V*wfpcU^CmWjF}!*g9p-TQMA<V8UHdI3u**U}PF%j-fp6AebL=Y}#X{>H
z0mAO`9lvjHPxn&j=Qv7g(Zypk_jB}F9qJr2uf{}Iiao&ylG~e<!MZ)fgv>3qfAk4^
zSN<WDr}Ewm?lF8bJ0kB4wJ5tS<dPP54laX@r!?`-l1=RM4{ov?MlT%M1J2qNb{Dv!
zWNr37ir=-#S2|=RTggW;lhCQ}vY9pm54O+x+VIb;E!hZ}yA1<P%TzYI3uDQ8G5PRp
z+Oc74x^g)A=*8v7A+aykQx$vPlTq6$y+RMh3nzS5;=*FWL<^d`%0yhaGm3=_;*BcK
zloR<|7bqb(R&+8NrG^)v&e<*;Sf<C;2k)XF?Y2FXCPs><vT-=zU}Xn)!R;%>7jM1g
zt94hRtrA<x^cNYu&<k(E+*@&(Uo=m{-eFx7yoaFmjI<i$>xmJ|)CN^9m1B<|Ft{76
z4+JTUwza4-v$|=yHORc!jJU036>ZDm4hd8s-DgNvo4dY@nvqdkKZW<TWMy#TbSz9}
z$CAD6qCC;)%+pwW{Qz$s(^gUbScng6BO00X%{^JgUe%T2MN1<=txn6Q=$O><fw?f$
z<P%Kt`SC?rWG$A%WINWrYak`&3zdJYA;|ev+7pHognvwUo8((6*3nn2M**$A9EZI_
zpshT`&cJV*xlRf|(JRWrudYSxo}lie@yRtoXNc}3{<L|+k>KuvTrnIlAU=Ow692x(
z?b-MWMDapW0YtW38uJWNbH*jj;rxyxy)ObmPF_stq-R(3lvfj#h?+H_-8Zc#)Rx(z
zq6TDTHq3K`Bo`hp1f7QH#rj)ugYi(WQ!zN{d|!H3w-6|vqd>2wpF;FQN4b^g&)MkD
zvYJ*~<T3ZOoi7l2Ls`YTR?(Hkwf8h<f_IE>;jXO5cZ87`Iu&z`e2=+0NS5D4W*06O
zV92y)PZVO=I!^<(e{786{r<V~>ICx66$E8;KwNr9oI66oH;MDpt7D(yx+_R{$0;P@
zHG(VR(MgT_7Mm@%H(b<EL}3(P!asQTzK7hP@8;GAa$ch=P;f8K_4w8Go$sSq??ZU_
zNV)Jmqa5_>ewqTVksk4gVf#JHieJPuE(hSiscIg1zcP#!_qVmD{NWtLRWEd_WdYKW
z;=N52IFfo^&|JK(nOwMymy0!71NPgdraNu;rVVjW(gvxx4NU6MfVee9@T+_Zez0))
z0woK306<pxH-?1v$tvdU18A;(AJPJx=k<ZJN|mxj93AiZ7sFxNFTZv5IzyZ(rr}dC
zh0^<L^vl7xl_5}T0-7|87)*uddk^h^j_$;I{k-8OpHP1d)wX)7-!T4^cTQ*^AVU9N
zLbbHnpOVqa+zROY*J?;p*A?Fl=kq;jJ;#jIZt+2+6_6&gye+>FhzUmyXD6+Sx<*cc
zr>cUUbE%MIWnq!FzRvcYG@m-H@E4@k4HjD=HN-fjQh`o0wZZw>-LMPas3sAgfM+Zt
zVX^=26y^H1Er&cJ<Im~0&)s(chwh&ncp&y8d0^$j)$r1RNdAE%MH}g*nVIZ`zY&O*
z(P9Gxt+m2jI)&`0`LyDAmL{R8EdxmB%!`*3%t#Aj%h*My&wr;U%(1$APf4A(@Kk6^
zCmBtR@oY<PJ4cg+*?V}Ef!f&eXUPKb$?On{<IYlrRBa7>x9SmWigO@pH0mH@Kn1pC
z&ZWONr7LEkR}Fdx3Q06JCtshsYvhw@s26!Hv6M7Go!D=HtwmIt*{UE9nFmU#$9{KJ
z;arYwIyyc4QT2kdea3`fLg#2ot*4(A5>@{D>f*PQo@py>8}4fSCK?3CIZMV^n}Si!
z#aOm!`nka73gy}cNR7B1$f{{)^kc)%9jdyYGTUx-W8<A^ELEfg+E^l55@N!vI^Y8o
z^n8K~x|Hk{v1h*>H3*7Neg}SwR`{-h2?#u1!$@jvoaRL@ZxhbHZrhK(PYJ-(fsDh@
zo(l4yT?@?uHye~mZzsoLMe)W;bRB-V)F{7nD1bMXd`QzY(zG;&sZmnHqsAzLwFmnZ
zy8=97@{%Q5MdJ?da(hhisT|_3!4X@x13DvW7uwJ)Sk(5dpt>K@B=y|LXS{bvT!O9z
z^R{8RL)*fto1qdW&$p{xkX1LNfTaUTUY)4m&QRAh%ndRG$YbhnR2(@?exxb`HZM4E
ztw+M2OEraw5MiZKeYz^U*kltk@oLV@U?>;dRj%&E*z$>-aKK;%B7_5%e^v)KQz`2t
zW?qLKOx>D`@>VK^`*>l)*Y^(8H}Q+u38oNB$8HpHe^W;7Q|MOg55F~TAWmqs;~eT&
z0$$!4;}D@}8J@9#APlmg!Y0z!mjqp?5Spj@t#L~v!WJ*Fl3&kH9Yh47lxnh7F3PxP
zdPm-B$p&|OsqG!l`9)D{^6N|us>Oq*B+3;T^&w2WD0v#IFO!f3fY_P=xnP~;7PVqW
zWHu!t=VR%xPoAEBK{;n;0F|lGeWS}-7>!FCy+M!;LZTI?+&>q(QtoaqLnpr)Eh!MK
zhRKuqK<BC5((uvNMT!v20$I#lQmL*=5AtV~+bC{v0`X{{M2O00_rel$JY-KUGonW!
zHYza{Q23jJ{TouY42Sl{O)g#{8FF<h$fLMCbWJm@$o0Rh!{@}KDIB=yCB`}X`x^9P
zaS3WzIY~C=hy*PakOVLuTH(x6dtw?Epfijo#5PsWQe|C+SrN;_iIq%fSE=+w){Z}Q
z1Uc+w9g#KA_uib9m~%4L?#NNGCE>zTY{d@C*f4*`?Wx}5rEd^^j0PTm@kN>)f9eS$
zGE&*AKs7lh?&z3hdyQ54up(5$V$6yhWy!^YR*%X2o|CS0c$S@$uWiK03@4LX|J%cK
zLZw@p;H<bcNXy%SfxT)IOb@)Px?vQGeRJ<-px{R|E_#fm+rB#Iq5E}WBOGwjnZ7jo
zh<Q%F!zTNz_|Wzu<KiUb$7AVYqK*cE$<(O(r0!nkxqbpuqdig~jfzw8f=un~b~}(o
zbL}!(ISs+9*{J|vV^=GVepAL-ZDxwRriH7x@dC?yMU951|2v{PM^v<%+^I@(vP}>8
z)=^9_izAnU&nZDaJ-$xf;UfH|LCM!KW*ghFHOg&Pfkmc%QXswENp&2nn8qjc)c{?t
zFux$)U~Q&?x2rr%v(&GTOu)#IjYE?@lb{Ms{=t57;R;c;=vmz5mm=t9t=VW<$C0Ng
zUNtK_@)HR;+uaStJ2~gwCw4#X$B`S!do*e?^lUiM{Lj$`;N4fY{^|s)h=}wc{O>sf
z6;hMvD-xMM*O)>9jO|N|b1tlJ54I$P#!F;D%a#;Yymg`eD*hszt6p8Vs$I}+4i>kl
z(g&O?k#4>?f@D$+HXjP!V*!?2Q8wYF^#G3G$FAtdlX+Y(2%Dd6_2K!xUu570`2-vz
z_EJ;%?63Hv_(iK1*H$TWhCd4O*<!%#dh!|Lt`{w>kJEBBofHue<qbY8lp=pPQO6CI
zp&-fhtU7%vUBL_B5+$1FkN(6iL3(Uqr#^D3nkITM6f#xiIh{QW<Qq{aA|Xvsq*Nw?
zc^MZ?vZTjfYOl+Xif}Ic1^Q!!Pk`_tj|BK+h6=m=oW4jVyxY$4O=*Q0)({z%?nO$8
zNAh>JnU8=^Y!Jq<mtNt~G2;{6hlC^5&X6FqK_S)P*Ztimq<$s_*g!?BJyVD$a0ZzD
zT%X%|P~V`S5fc0%Nbl>yko6d1`-1pwnPlZeXFUGLJ%!8R_tQRQodqIEDusQJ+_FWi
z`Oww57?-B`JV|&g7z2@Hu2C@r@2%TMv{lt1W@(rcs>~!$2vzhS)Y3DinQUv)uB@II
z&0?yGZ!^vV5n&<&OW$<f@M~2Q!N*59r8E%yg->8}JUx1gTYtLV<F9<geVup(>U|>C
zq~7I6^RxVR@Wt~Ot2_D}&?J*}FhwZPqht`kaU*OAhb1{Im@E$Jy$p)o?&K*=jAVo(
zm*K7@ecNcq6L`h&Kg67YXax`NDyDLfF%X`jJfM*oDrKD6lV#=N4|W)~xZP%TfjIGS
zdey(74HdcfJ-YKxn(>#Nzm3$U7~>MCNK$7^X69BK8qzdU(KY(X+jTUsdx*4ml-q*$
zhJy77`LFCilJ?wU$DfwS`k%Dpf6Na2uXMxfFUdxZhOWn=1o8(*eWMulmjfY~ImkpM
z+tJuexZ)VAq&<<t1HDL5>TW{ujgi8JVwnb*-tt;IMLe!6?xSj?cjY<lad)&>CkDn&
z)<)LdOU_Q-h2GkaH@rT+9?iL6gV>Nr@)ztGfqA?R^NX3-mY#PpY!cC3yUF?iMQrcI
z3;;yg+-yNP7eWe&P5VZy74}9=rLGR~TNn^})&nn<#<%)7b6_R11}#z_^n4e^c)le>
z^xl<6^%~bkEOz6?nFf*O!4%noYo>xLoFuHhW?p@p*)CI-GE_&9PxqS}sVN(0J^^cY
zka6}&TmAuoo>}@C?$ue30b0Q=m|YQog?dNeXvG-g6j}t>7BY#isn!+sh|K~;d=QlM
zW4S^{^l3A&Mf`B+m{pM}+gd%?xWV^FTg0<E#wwEpvSM`|Z5sB&12dC?n0h~WjZ0VU
z0ptSwvnc^K7*^*%dAQh{{|osU>(MDd$!z@Y+?e7a)PT;>496TP7>-<{atkk^hB!Fe
z7w8ohbr!pJ?*+{N{sgiJKMoyE@^~zMrgWx3Td_`m%w=EEMv>=IA&M))Vath(Pt<~6
z_}HWUYrE{F1%Q4I2S*FrHqDfuWnOaa)dLM`{L%X}7^TSt@f<m{#to&jI3)D~{63v9
zBJZ3O`lclsU-tE}v&Uf{ad1F6K~_Pu6~HQk>}f{AGx?;3nR{v(z7+yS5T(UT9%*L6
zrP_jDuTg6U_f?g}9GkW?%--RwhvHW$Gl~Y_xuw&>OV)#SE{9!bn#ChKM#V6SSsFSs
z+_&ct!_=s-8<W7KbEe6CCJqVsbup87e6t`*6~^swRDC;&c2KxPj_4Pri?7$7c}uGl
zpy^=6Pjsu1e084_mWx6Zdnxe{y4Ui;6$lpVfI}I(@cs0`thP{sQ)*W%AXdxYTI!sH
z`&%d54q3HWhaS<G0Mw+yb>L@Updnf7tR=n}V@z6nAF#YF2xEa^=nMJ_H?s7jG9_1-
zy4+};ZQ?;9>IZ~Mudx|Y(b44%Hu2lta&Np>whv-r*^2XLz{zi>q)+ikQI$8GGAz{R
zgdswKiC*#(;F+H9H-Ta%83G`oYI?tXCWduM)KeQb<HCkX@#s%dJ7E><qBuTkl>(h&
zDZF8>=eUGb_IsRBRCaS|I$3hnF=K=aF-Ms9wLUDAWtF4~kq;y#lE|#$YT{>DPOdO+
zb8f;OO4fI8_z_5^*yq&;-2}_5F=Xxbhs$r%3%3!@e6g?}7(KBKOtep&Pxe+n1piuu
z%qytWdH*RsV*fmx|I;GG(b&|+*a8T!vNw15dnZOdvJ(N685v^tzEKPuM!zpI0#OR4
z+(?^oB-~8^r>;CE0F)ZG|67Q(1ljb(yC>*cAIb`|%WZ}4Eb6mKi9~bF58Q4H0qKjy
z)tpo9Ab_dQ6rxx<yGm$MQ=muq$iq1k`P65xdM|S6t1q4PX1eVcc%}iQ0dT*#f0>TB
z&@UNBa1fA2I1mut|LJrjfvze*QwL|Wzj(N64PDL6KOU}SjlK;Q1{w64LYl_Tw_jOW
z+LD;O05S+KxP2M$&>@9KPbwQpj`kAuvhka(w2Z&Z>q7La+Nl(W07r?D6j9Sg&i1o;
z&-(iM`|I+}SJ3nTyg|Ivy$I@v!leC$*fop_nku{Ix@I!=yn>&(#yB5-VX<NjYcUM2
zE<@;DFroV`#+92LrQdy8nA8+II>RUlR(IH4&nhU4&nVxCq`#_Lw^TANfy3)H0t~NF
zUMxSvA{we?Ri{@p6o==6qwv$v9}440mV0PLA6p(8OGyCdaTJMES<3^V*2a{Ysu{4J
zh8j!(bm+*{h()<5<Y6R3+&e0_96QEsZiOvmddjIiuKaH8^S}sh`C#6%J1)$SF}-2-
z*bCU5K_<}#h(b(`bMB+W4!UiCB0z<=;Uk!gCNiemOzLD)1O9s)^%DpYiz`3pn+nq~
zF{(u$7uIT@qlhpn%>>Wj!c?RJTbJ0T7Q%ph{>g(GI!<gBteWpoJh$p~{7+{^YmB_?
zuUkDo0RrKYS!^z;s&}itnvwVDqkyox#l5bgKw@F|!?tNB$pYGYn878Rp`?N|#FN5@
zPzK-n%L%Fx!oef4?V~!}gx;`bd13rPGo{K>?8tAXG&v>tZ<|65*y-sSjzmb<g(O}T
zDw0S#vV|QBmFYcYE1n5)tWU{gl|~%Y-`_{Mq{lL?d=gDR9EDGZyvLjKq5!HROyLj^
z+`c1!KE3D+JB>wCooyjd+>ctupWr_)a)?~d_i@@z!a3Wh3sg$Y=JBFC)3d+oT4rjQ
zr`uw2TU@~|&WVEMilP>(_F322iAnNP`0093Ynw%wUG2>oOyQ;KRV23-cM>w0pH6OO
zGDQur2RZ3u-^oIjEDeood|cQUcAZyEGh=_+q;Syy$I3MoqXSKoG6Tm)^xE!Xx(nLR
zR_~Ky^K@lHj>)+Fb4f+VJC5P5&I%m|w)gUV<(u#zW2pdT1;Pn6-4eTpOxT1?IZ-cF
zfNqMc#4XG5hcbA$t01#b;QB|E@JX$$)<D|N7F|sL#;-Q+!^=OqP<~AJ%@=pzIGQLq
zr&4TJ(Lje=a>0{bZTTlJ^uJ4{xnc3I2pJmQA{Q7K-onCBs43M+T=B$cSm9S)$X*4P
zEHL(|p3yRN34PA)Z_J8LLpT3vQ^negTn{rvlDDfY4q-i^T59EA4nlHR#olU@c+xIx
z9XnvZLELEE3H0x3$-PH@%+oH&el@Zs6D3nPh<kKujr2)Mm@?eUpd}n36ATUhFuEm6
z9=GH}jnlZJCiIfd42_u*&@e##Al6SqQ-dh`o;kD78-ASy<g59_va;vKU;T(Wh4w;F
zjSj$TqLqfG8IW3hL9doss9@8OLcPVOLJV$;s=Z~ms!@XP>2F;k(?Gb+dXRgKO@Abg
zyCI2q$CTDY_6v22C5gpByb2gXiDmGo20KjW&CeIlDj|oX>Oi!<xq6W!PFkZ}Q%Fp!
z6RpOvSHZ!2H#Pg9wdM1{{#SBH0sS*U>Q9z-_lF$f`=2_pzxB)iFP^MK>mS6>cFwf<
z0wqldL$zM<sd<v?h76;*s0^-ZqPq(To(if`_J0#Y5EvN4u!Yd&O?w0}SW7`>Xyr<^
z>XpBOT3xuxMzLn^h7Y3@y{Uh_nsbbsH%ce{2KKCfdh~u;%=Y}6umN#DaQKp3pcf<=
zh9wYqE_&WpfnC8}@eqr@aL^J^E6(ZGsh-cLCaCpAkd_?WOicuHt)MJ<UW~6su2@Zf
z+;XLjaCJe$T2Ik3m8CQjCfG=AcI{n<4@kkYjrOJ1oU$n-0NebVjaij=a{#(xMhl0q
z3|`Tsj6x}DW<gWu5(=g=ohd;LDs-{Bth{xLIS|~Pkr9~N)HfuzyJbZlz@tZI+#O9^
zg8^N;MHv{WJZ;bEI$iu&UGQ=Q_{JL|<Di>1dC=CRJhJIXKtY^~RaB)C5rPN4!i_V%
z(NWN(o$8&;kFe*R4CRQ%A>Eb%_J|m0M~9$pC>-FSH&LJH`$Hf47wP~D?i{sJuTTh{
zq_-^9XtL8Z?l^Vu!xoz(TQ!UtrkPAWNr%Y_^lPVfSP%g8gRFypg!&766D&^J5rA%o
z@=(7mlva=PP=Z4^)=X4WD?1IxOVE96>8TTZMMsA+OK#J90$++?MJ{mT)c1ANR+dwe
z;4lj)HYZXtq<q0>ehv>f?wI0gHfasnG;1=B6I!f@%n_-Sx4f&8FWBzApJRw9JA`y{
z&p4}+&$YBp^giVW#lwoolEQs>ttp<b{Z7sh;C^{@=hfNwq9jf7D;TwdfgLbjF?C>T
zq1Ep%M&UYnDqP!Ft*OQV%FdSF!LBP`-m+m~1@#Liuu|k#iOTLb-nDxFK%XcP9rWNa
z>k+qa&NycJU@X@|#1zhQ(+^y%$s99Grq_wgA;w?g&KSZEzBlGuv{xYT7PZw#(mEmS
z(Cz!NTo1oOtW3p;#v+|5p*4lqFwmQL{1n$}B_i7bI4Riqu>oTiRAfh_L#tgY-F>6=
zPTp)-5KWS?v{o9jt>MFDR9BH?=V<my;=kaBk&w^~n#IIWkmkD5u;RbOIxQqylyrG>
zwb7FT4h4?W)EfuoT(NZ$PuC{k!xL;baXNfp4pS9bCb83;LMoLCX>o}|{qZq`K#=yp
zPz9(DMWd@2W|(v>&ZH?{>!RZvNqsl`w3o-~rozp9qZx^I+7c!#zwkwellz*uy8$jK
zVDhrXx$dDxs+LgPhKO5CJ=I3aZqtP@j@VM=%f{Q`cUe}j%spZUttMxoZE5zKIE0TT
zMHyIczK&jIgv`Q<rB*+I`r|6U|DYRg7wSt2-T8${EI>8ar82I6+-7|WBPmQNPlX;*
zb_-#@KH7#HJIU1_s#G#!yWH?IWp8u_q$h$=`l%thcCS*c5-zfUA87Scor2p6S8D#M
zOf8Cj8P#yq1+|CdFe{yY=SDo#R}x9S)XNV;g0=>it+rf&lW|#8)`~ycVe$#FvT8}s
zLfaE$_Rt5lhw%`Ki^g#p)I1X<bHN<D8|wRq8WyeWqvW_L3?pnv>U3to&R4Z>B@G(c
zzmvSay{oY?)ZS(ap)D`w9?*?$l-pbLum6ZJM{oqY9XPQ>sz{yb{TWW^BUdJOsbg@L
znDz>dfj@i3pi=8xkeIpti-ptU+t>+1mn^N0Gh+k%<e6OHMQWa&SccOGl>AE~US^M2
z6L+@iz6-xJ*LY^PqXy&eq7moLPRG$5XKpOyz>d(fd^`&Q3V^t^u13$N4mZ)#=iT78
z^#%&nJ|~>SX?EF?AG6<*+EtY}k1iI4U5buw>RNgYD_S=B@N{J19c_{FCV^XO<{)9d
zqL>Vk(;PUFE}u^-l9TXY^}=PqWV7Z;-ztFiX4)1Su*$HwROK#Of{>JOixntO_Z*#n
zeb96u(V?9zya$oF-28SYYk1iF25}+ua!IB&vg!)8(8?i<H1BgK>fIyOEBE0@)yB++
zfWnX$gl?ZMqTc2N%f26mUz0l!hJ}Ak<81&(#GfT40Y+PgV{^)DNzh^h)<P<oj;E)c
zJ_5hjRWCo_Wm>tml6D6xyrBQvp+OW>Y@0?;kSzwUh}H8o%F_Z-em_kqX>i3pXmeJ`
z-Yk8v6A5{1E`6|?zidumi7h79e3r%)5rRLY+&Sa7d{ON>-or66Z|nx7Kld%mHN#-w
zc+@B90R9p_>L?1FcUP^6ZMiRGxQS>kPO%BM*27>w2LwO2S(cyhE{@u&0=OUdR^DLn
zs4~uPrD#fJ6vUU(IzQCqXRux{yogXP!3|eP6;(tcq!)!mW?vSV3`c|12dO!qj&)J;
zi}Vl_v4JoF)Q4=!)m)QRfv=hO%Rw$&ikykPheS_Q{dS%NpCq2Sx$vJ+aOhj6<)e5a
zBV|8t@A!N{PeL!VJOB0;bU(U|FG0ZHs)}$Wf;^qv4eivDn7Uouj__Is_3m1~P>-d(
z6-#x7=m)Bw-07D*`2GY@$R%rtb}|>m37soRCw+sVe(F+DkVl?J{GD?AalTg430AN$
zyH&}rD{^%#(r(BDS5SicPHm6siDosfd~!9;u&RId)}<nYm?6G}RgJT^*d;?jZ>#q7
zYV{A9WX*7E_~lWm?F<k?&PQLMFJiHswMMr8<?QQis&p=AeX0~gB6=-&uk2N#h!mH5
zg4`_z$?01EbH=1<#8l(ha0Be=<O!3nJ7%xj%W3vvf>SFLbpv6mpn24t7467|h579z
zd=JMTF3J3MJIUq!#KrQ)wUF-Qbs{E(?$yKfw-5ZWk1oj=o54B!*)u80AcRPl7s-(q
z^VdEif+wC2@Sc>#X7H~gh7NEaM1QRuOID(UcK?>4pn`yK|ECP)AE!?LmZALZq>0jh
zokIP4?U<tV`c>6}z+WNjp?F`2gh^|(8V%A4E(8ImXum;aLPu(GeknBwk1$cx$I@AW
z>!cXa!R?U6Q+8bn%9GQe%{kAEZ&hILx$U}htp5q~b#)eB;6^&Llw$n+WHEd4)xUQ3
z@!nr?*Z<~Ezsh|t&tI)TCrmOBiyaj+PepP`NrfF!bel@y58Ey>&9FU}!;e}K9OKt~
zTc8nU*bhpL+Hz)Y$%GOYJ|d@%wEm~LHQL++j6H>!hAmN#l69vp+*FWrxqRLBfSFuY
zR`+l<WvYnb&KZfo(InVrBbSm4eG`X0uS<^v$jd{&uqS9+kElrZ5J^+`Y`xb-2ZR7i
z*|Bj|RGnlSbClA~hr-z=6|E-Gw}OsP-&&5FsG5__=gM@0V-i&0jr*M{gS`6-EK`9x
zUWE1aD*d$e%95#av;f;{_Hg#WICd?%BH{ik6CYI=8&&S-7N$<Wko$XBJCSR6t1F4Z
z*B}0@x#Qn;!hf+`E7g6$qo}I*(FGnSj7)I}O-Og8Yzn*$X^?=Bw@f7-WlcRgP$i-#
zyDUe_`p#-k$tEbWMti6L;bDxYZO+`3k;-vcSd}wVK5n2YqRPa=IXD0mttar9Tr1ck
zyiA_cf>|C^W>+t+<rq(vVc9;NNOi7BUhF_LhUl!*9Y_?OwsOOl6-;ny5@64m*Mpjf
z$hxDGz%*sji|TIEl&B2yvrMY<PX(hPO^3gu$-#wfjuO+|9ib={ZF==o^wIU0{aCxJ
zS=nhpgux^IX<TyVGhed@a-F19LZyY)kE#LaLv^L)iV%&KMHC`+m;K&`k3r~469M}(
zRKNcB&LKh06@N9q9l@VeB(1L21Z-~PiF9HJu^G>a-OeJhqKE<!=eT@cpqr{la$x6q
z;#=k=IYEc{cMacDIpGMRaOEpWP62XU?Yxlf{xM&1_wp5JQSEpP`^zLJF_B4Mh`P}4
z(){z=8|y{uRyCGiI97{bWA_J9HHw#vtEY=U6?(7X@5bHL21!owf;hv=#D?BZM}r5d
z4_yw}rWdGi<16+;P6gnW(+7uUTLDBG-{j@{rIp3tnzkCKv6Op7VO_Hm_tcZduai(k
zjyk2*-825Qxw2aMiZ_&7vF`G@XvqM^Hs3M<1J!e(uye0{u`N8-9K~ybxDk!}r&Kt$
zoq-A$(!azK&9gj}PN%7{`^&-ee5RP_*2sclFl5ACuZm5>r6yPpqeFO)#V<zFrK;UL
zrTPb-xCnr{$RG;~zJW0?yCRUQmrb~<&R5j*0iPj3ijn1>_@rbZzB>IDVu7$E-Paqq
ze5HGh*MUX2e9-p^a6$to;;{S-`?;vfc^2n<fs7MRi9w8TCBJ|%CC<3$8TMHMeBx+!
zfIRBiJ#8FA<y-Z6Hq6=OfuxPAn-(Ms7rpu>Osu*b&09C$U=m#5!O2pH?D5-M5T%&E
zYJV#%X(%C4&-9yHoHY>x({s7uNEB*nhc`=XE_}02s<(t3iGLTd$=TrJ&^}KG2;<=^
z3j^&_;H~XEd^m9_J$pZgw@=+Y%Ep-c;W+zEM})oQyxe(+`L9T`6l6!{D^-Ag*9jK?
zO#IBtu0gwa3Sr)W$gw<f!?pJByL|@soYj3s^b{^+)0g}L9-Jt=&WS03&PbJYcP^h2
zk<4^8tulQS4|ABCg4`4gmRt>{5&-)Q<?cmGP|Q#G>OD5p`a+cHiw;GLGNgJDJ*i9M
z_~BF6pELLCo_W%Wradl*S2bQbl)i|&W`m!DS8*9QbTtHXp*XS@k}grmvXZ|uN=4_E
zUDJ-?GhjMvAbal*S3Pw{9K_I`04L!Y`4`z4;my96E|Qa9g6wr{tu3P9=oQn^HVSaR
z6`R+_r5`&|>K6tko1#;v5({crCwEGV;l-t<Ut1az`7`cw5GEp|`p8f=i3L+1Kr+j<
zut^DY4YrFXu0`@7h&FB{R@m9JL<`Dly$XQENB1`5%uYJsd_BPu2dcO?;WI;d6A8xm
z84CF(w<*5e?{}xZuSXHxzrgNxv@@KZXHpWgs~ZMxE%`#g8M@&x+~Ed<uOf8SP+dsS
ziy)hLc*P>5-I4YAp;|xDkRz&JE4MWTM1n8>l&=*Qh@;%WoTxP&7jjd@lr;q-+|d|<
z?CRRa#4FDjI@iJ^I(4{*W|g9AX@t%d&GUq_%^XUV_GOAn9RpsDn+Wb^)fN`Pp6pfk
zc;Y0i+XT|MBFXLF_JNzAopuX^egq!dV1rQJ_WkM#Dp7Mx;LzyY;pm^WVKuWIz_cCV
zFwo_8z#q}DY(p!0Gxv<HoOK?_lh|k4kb1`DFDvuntGR7O&IQ~=G6q`UehjA3r}2@q
zj5kaG(VvJMR|C`yu+pS`L+Zc}xD}}qBIHeORY<Ve8LkvGn-dQw>9QTIDBDL4Nf<lh
z6ksw_TwR{{Fctdop|f)X{P?j>>9b`aX0h%NFOTE9!$+<FD)kLxRIqw1lSv6yb}ACS
z5iTdoG|?z`aT3K0G#zL1V_CZci=eiO{i2*>dgBMCfZT&>$;cLg<pT_)#Wp?}y?gMk
zcJ2DEoh+*Eu-PwwojbgnC7*^Tk-c&HT!HWnZ--T`)Z^5iV}|7=pQ1y~#ObUCuGQTx
z?x>TOEDI(sXy(sri!*#9!Y#>9-umcDJjV!bWMfL#J3yo=eO5Tm<LG=a70RH?De%Xu
zV<6a#ESCruq~6<a<alHSmym9mKE%WW+@C{qLKCLvWbY7iC~|@$cjz9K<-f$Uk5rqZ
zo^Z!*gcF!Y_)x!o4!h$h-k#O;^(t$!(_#M#ZR*&p7L#DQ^(9F;E}aJxXVy3_R!(`^
z6&*%@R~SZDrz^I^@Ygf=U39~!Tbce*dx$_vWhR*HU}sZy3yOB%iJ}a7QdgYucvtE9
z9rpc@^W!LNS5*y^GB|O>I?S$gx*8B-15tBGrS@~N3#L6K@9r#eQ@3&_RB>c-GV&m?
z@#+Nq1McxG&2v#*Beb>cllSoj>TUk2S-q-Da6iT8;tuN#;Zx}S^S|yU{r5cxfN~I%
zJR}In#GiW*|B=`E=d9`Pyv|<|rxFb-O*Bnxe|uEy2r#J%YHJJ(J80P^T3RJq2_;()
z5_E*75>aOovZM?qR^dyDM?b@5hTcA;mNNR~#h32S!mmYTWo0)x-^LQf_}}BVcyGFI
z?z=YqKHnaH6M@7YQVH_i%G{1q3)2i9Pfk>!uAuwT@-aDOP}znpAgXI#DL^{Z85iRN
zsnhn->S0(!E3HGy62FOg&L}O_4Nq&c_p_EVS5mg)%urJ%R5_|OUy|f9O%=QKlQ1t)
zYoae}{QB-MVDWg~C?Qg>E^1*^BqClCO>0ZJO{tl9@Ns>LEAL_z)5BQOOmfnte+zEL
z7Y2Y=8JM$6oR~ugSQ~6eIRo&W9C%5s&1?tV!zS2TQ;JRKu;c{3&oF}*KE9(i$~ScC
z4<LpC!niRMXwE{$0lZsfYv0g0-^s1gqDSkq3I<#qJ#6@<-B_%A>PRx<%Ji9*$Jgl6
z&FnM7G7eFoUV%$d!L%mhrK|(0gClIK?_3d7<lsQIh{IAo0h!Kwz<$-Wc4C^UrE=93
z`prrbSdvAw*oyjc1SQNgiw?5+n)=icyuh~8{oS6HzZk->C}lE1>K%D(L_AP_@lMgM
zE}(9n1)nSjCNd-M{&z@763fP%0=*43Y1sIUX!4Vs#(Wq;m=aTmK=USC*a3~JjHk{B
zjVm)7`p<Kt-b90vTD>B%73y&q8CeqQ&?XL2(nI(ToQkrxZJ=tdyqTRqp{4dU2sN?2
zsCDWg{fzW!iWA{1(^Bo1J#+pmmNT_BU2+}25UFIucd$dz?S#Mr*801in*A~Eu;BS{
zV~WMuLPZHdNNhgq#0k>$(F*zU;rwWlA!>#iuyIq}pTj`4fkt>c@yfK>`S5aZI=Oez
z`K2F1nm5R;EMog#tnIOYdLr4zx;h!hYDY`P3>EH??y1$M9A^U9Tb4k=!FTMD^wYT6
zYSu@>$%yhnEVF1{jM^dF$geftlS+(;RA%I240Z<$+Ga6QrVOU2s_+z%r3i8?A#hl#
z{WS#>ZP8ZuRx<T3If=y*@`Q4%_!CJTm2WL7(c6!fz<ibOSDfbyY7%btHx1{|brm#d
zxEWQ(a-bNW`{CAa_KO}qJw&W^p;(RZ`u&n;Q_uVY!E`Lgjw#tE<)&Oj^gB+tk!FpS
zRhfRX2ftam<eYOj^ujcAJf!AuMu_qcKMx8qPc%%`)t0@!a`5+08}EDHL4Mm|DNL_;
znnCe%mno4GP}Xzk4^Q8)fGDvs=};W!LZ#^HG>3LXFukoUjyQE@c9YS(tdfRwMfaTJ
z!FP2T5H_AHwcsN-K6oyux`^UIQud*;a)1>OQ5%a+PhdyulEhfE;pnqM;Tiu}3^Ptr
zp;#QfN=|61kh#ks$~%OEF^sIa#b6(P#a71^EcHUH*rfJO4zWv5)?L+D^|>yjd&n-N
zVz*zGL@?#a8b_NFi5}Es<(vIg?|ZWdiGpH{&b)k_T(HY@nV%}DPU~%uNOe)8<Wq^p
zXr@b0L{q4_+Kw}iK6#KDVgv6(I5$nPWyE!><Vo=+B&vN^sm5^)%(R}coC5cSj%bf{
z|H53!O^2Y@<UPbEZ9`LjeT(}(yQrCZDxhN{Dr-b?16r(f2udp=4_A)J&S-Qoi+FMI
z&>O5J9O=6j?0hLo@jEHf8`U4gVNQAsBZTt~bMG>QWNIBom2XA?`;dZ`U9Aur?Ss^1
zXx;ZzQ;HM0utemApxMd65{1{)i3s3ha)+w(d-$Mak_%Z^?9^n8D!Qcez!N3B<}m#U
z7GGcDf`tduiRT5*8xy7EW@Oi~Klp<BZl^1F-}BHe8blVmJL_;)`i*lOycW!r=ouAS
zq%fm4)QF&<y#P)gTa1-UnI7L6WHo+0*!2}#7?tV7Wp1}L58h!?&@$zAX1Bc0N5KsH
zmwOyGt4p5`K5kv*kZ@=835@NY`059cx*kaGP~FzM)b6u1Pv7aw?RUfLAwaAHConax
zaAd}b*0F@3wiSqpbSgWx<rd@%#p*O*Am3XpTNi?d$?Rh@43W|VN~IK&1m0+uvT&?U
zOcT3oQ+K7`zaoR~q>tFu6lB4lI-_oK<fg@E(#CjRrWyHi=87Wdb(hfiik&y7BjF)X
zvb*}U@*NW?MrYUfLk(~=`S^s={Q2dt#eE`5k+096qW*u>7XC+=`aj#kyuTb)1t1|I
zT_D{hAP1*>-yf2Hn7v274avP9EEP6P{a6Yrd~29WULt)D8Y0bCVvbjsQIJzyo}QAO
zw6HKTGeaJep_g5nm7bDaeN>!~k!LWrFfuno7Skw$QW+TQ!^k$&NzOh`%}Amh>FXQn
z8vywd4Q~riEI{`!VV4Gk(OdLS*nRmEcK_qSmw(LXfA@v|nXM?%xX}D_=kOB&hCW0b
z{4Q`96@wX^yyrYv30-u~5>!S7-BvcujGQiOyR9>D?NRr&#?N~5=G~efgU?&1=TY(e
z%*w|C4T4Sj?%{{6yZP^(-JI8~*L1;;o=@I@!Kd+H+BWhwpjuIw@jDQx0Am>`fQFsZ
zGnK?4D&JdC`5Pp7a+Td6TxUu8cC0*n%2A0Ol=ZtAOFSn!yOEQNg8Y4z)zo(yd&q`J
zX<3au^43w$1twLC90*7nt5c3yG*87QQjrlUCjc_76jbP)8w+lIuCadDri@H|N+V@&
z@i9(j(WGwNW@*JNI0YMPQ#DKctR-7-{QO9p2qd4SNR*==*&wFjm%tv$2iqA+<QlUe
zh&;~8wIB`BLDvWD+!&34Kaqp!5<oKW^G9wqZbvgcfqxsNF`lTQxP->3<O8?3s%lYi
z0<%5PD%58#%zZ!BW1S#8UTlNyIK?U^i5JzKsR{d7j=0(^k+SttNUlD~s$T-YV|FP*
z6+9)s$TWyM>$r_+sXwnmD_n4xG*97*D|eC{B@?u1kHfz<xVMtCC~(=Sg<Dd|k_Adj
zY|8li+uC?WX=9m&Ax_=64nA>~G%O)f?jQ+FI1s;ISw*`9nMKY(tpPgSaGXYG!03;E
zu8D{2Z@7k<XWaL~0pl8(Qy++tn-|&Jib&Kpu2o=7jFg}eu6amxDal@@grDFFL>66y
zZ-ugheLBmY9>oBR5<pG#@h6bEL7Qp~NaK_t8=q<&36Z>8CQlcG8KWQ*km!&WB@}!w
zn0NHGHe+MP=t2HQh0RlBGhfmj?j#|B&KyR|E?#g-R}VmvaMBpy#xaekrIm&FG9h--
z7BL!AqF|#k00%$1k}dO{Bv_X$j9{iR^_`lCU#gD+yMx$NWNr}`7axTIN&Mi>k)DMm
z9a<3~E_N6a4V8f<Tc@%+zVIT9zgP!zw!FjSr}1Dhm$tDdYK?it9OGpA03Cc5>jZrn
zPrBOW&x)MV1R!09{I$nRu30U4fn7Rg3CT0IDUy0Q!(9KhuBx!1_B6kgu>?pN4y2!=
z>Wr+NNWOk5Gh9r;2J@)nhGsjDt2#6v>}R&Q;FePzCeJ=k$#gJ%jT945i`2!37Ray;
zJF7gct+3;5K<!LgVw2#48(i1NWY7`wW@u8Li=k4>TygG8o|bWJE~4f-|13s=qba98
z6%`eo`(EN%xfT#)Hlk4ZW3ONWk702`x_87Gzm%G89L()oTQ#|bsm#jy_Ye;pj^y~{
zTLFxQ=0*w0Q=dpFqg%dv9rVLC9#OA!)^9BzEZsG`PSlK^@aWm_jwl#nX7uMnl8!=q
zBQe<-KL#tf!cs?}&oPkIW)-l*<gsNqMy{F?8gOlHGobz+c$0gDOFX$@)%<4CkA{t?
z)dGzvtniN2!?Ng-+Nrfb_)AV{Vsr_V2h*p4vSRAo!$ZsTj3oZ`YMQ>Fq{Wsxdd=KN
z8>{dJ9XX!zC*Fw%G&g+947ExA2J<<uUD5WqDEcSnQmW<HI;cISmY;DFr2CYEHSAu1
zeW;E~b<C1<0JJHuzIjFYdB+@mjSpJ|>Z9I?e5-<Yr|>T@mj^+`Mv6?$#myT-@Sl%c
zp+9zAun<0=EHh6HhQd169$0Z-w~*#I=Fbg=8fAOqk9ll|IlT48lCBXOXg;>rzVW!u
zttz~%h@*DSBND~DwaK7DjjQnTd1BNi(60|&c!D`fI2-^5Fv#jRX)VZqUkq%r*^4g=
zf}f-+(d`q!+(<9!WrS4!DrSp9k_yZ=mNyeB-?{yalwa;Oehr!I4am8J;p}!F#o7~O
z?1^ZGc-R@hVYb=%iUf62;P7R%$b+dVU~wA`yFK&;N=lC2#P<wwrdBVzco-`UoM`*;
z4z&(C)ciZlK;o&D))2*)PLN;jO9`mO+&z8~HgQ}((U61~r@@Bi3_3QiMB!h*TM_oL
zF{ccZBnkvwaGg7zP;`?$@Cs!!=~TODp_g+;(!=Ji48CKTh$&3wS?0U9rPzY9i^&AV
zR}OWz31JklO6uCrpl|g;9k!rRcu9)-;yKb!LbMmA*u+k`d3VSdtpn>7)cTzF$t)h2
z1qwU><GwPpnonWo(@lgUt?7b0kvC3of`z{f{~Bt)LGxuV{kgFj@Tb%NKjzW@aVGPh
zBU6s1l@H!BhX0Kxjy4WeECI1|KVm;g0|99goAkE^qe)8UF{e6wsKZoudVSrbDN=KZ
zNKxI?IT6{j#HNzaYnu*E^!VjA<PIernOD3Qq!+$-nY`kYSah~Xisf^t81rlXoAufD
zlOC5}_jn+`_lbn1EEDIe@*%3>3CfnTap%=tm|3{LMpEgAt$<~IZx6@L9C&AC0fle1
z)-YpEk&{TJSC68{;qenRJ5|+_cjAS{5$?Am7(8~|I+T1pG^f0v)XS=rX!=@;aHYj)
z8XSaZYqqA}Kez9$AbTHecf@9bJzmZM;7+(h=hU~`zjV6ELT}^`gy+BWh7||8GQ+Er
z?8}l5FVip5sK)6VCOM%Eesn}W-yWJPEH^LxxP3zRU}+i%UJKC;A>v4T-+OlBvD39!
z^2(76<?X~7zz~6_8~z2|4UBdrAH8~R*cT2FtFkv;Gh2^JXtE}^yKYN>S(YyiJ@Kg*
zAGv~UIY0~}P^agJOwR2#<v!2};(@=i9#FUQkUN2_hRb<9TrL&^TN^>9zGxya#(9T@
zWEw-R2pFQzN~0Kio3E-+)P)E0|BC*TUPn|1*~7RjIwFW<YkJObwj3(%dzhj@mOX`f
zPD5zbI!?_@PwA4urN*r=i8BFXhZqyq%C&mAy};01;rYuCP*HNeRbmI6R}3+yfP(cO
zvc=my8}#Sq?jUNZ7k0Vz_|wgojp7(SPPIYC382#q^;q{NuoBD?Bw9bNo2Z=8LR;~{
zXyvB$q9eh13-_o;aCl}d?Y%34*ar)4t>+MUR>ln%9=|LY8@N4v``(7kQLvYe+@b)D
zM^gjkm~9M(kzqpt@Cy@>#-NNSLnjA!N+T99Xea7}3Cqu9VRM;MV%MMhb6X-l-;nV%
z+)tN<P=hHPDT!gc%FgGEup)&R3F;17fcDT7R&7d^a@h_By<n_O^jaFD6TQTksifo0
zd$xm4Pq5g}zb=iI1_D3XTppb#Y;YfP@4d28P9oE|sP)nsvaIK*t>O&UBS*y%m*@ZC
z>>b=Y;j(4n*y-5l*y-4|ZSxn~PRF*{v2As1+qTV)zPvMco_prK-+j)R`!`hWwQ8?j
zyH=k}uZ~e!rR9Ez!fX~rWF)x<T2<|K#yr66S35V$KtggB3{ij>U>OEC)_%?M4*Q|6
zqyfWfELGuw=3u`E!m-XjDdm;}+_Xm62Pt`r;6&JMq5}JNz$o!PqRGO<d0|o8BL7!6
z`Im8M8=8BhrjoUo7=VaYdJT$3Sx95AI-t>yXgy8H8=cKHN$H0DD-Rp>vIH@u<Oq&0
z145hd&jJ%nHrjhxpUfQt6H6<-1!;ZW5yZ8|t<o%GV9?TQ_Yo>L-RbHao$4m+Hmq>w
zuI%h$hY^Rk(qIZ|CI+B=rdgK;0ZXsQqoR`Be&V!BNZ^qHZl@eZw|hx)*4q=#@u5R0
zNQ+qaw7~pA1e^|9NwdRG{65&0>N(l$ta&-JcifR%)ylL_mf>7LyW6!N?pBBD%tC`f
z$W%D8Kc2&WVt=S^kh{5fz)r9g4P)pC4qVwQ1s&_%Ma5FU*|fBTJ$x3MrH|*P?V|oq
ziP*L35Dwl*WEl!63wpY4d@=caWN}HP-ZY0oQ2byX4woHI^IT4T(x$nEIoMM2G`h^f
z#Oi*H7`FKzNNnjmA(9F$wWycG)n=-p*I-Ptv+r2W^)>1IoHLsU73`bHs*AF>ugr1y
zI!S(Oltlah9z%^E;PMmFc5K##nedg*)`%&!M0>6<x<fc{T4N)nX&h(FG5tIlP`N)!
zBpCeV?QuS;UEi^EK+wQ(No`NpPa?DyPprt=IBzV0i>FMUKbtjBHNLNPd9aBJ84EhP
zH-OqI0^X<OD><h}l6(=pFJoYQ0@OIKVFDO!($}L;%J%HU2G<sf4^LOfr#t1auBHtd
z$mqu0Qfv$#Bub+r`dhM;lS_&fGLY2xJuHh{+n8tXJnx;eJ2Q^EO!cv>^uce>w;5M;
z100YpP^g!g+l{c;^xV@*GN89aw9~J>^R7gxd77tBRW-Lnxm>4tDiE4?WZ$~i%=4~T
z-w^q3_n)?hTA<u)`FiBSwx*7M!_KnY#LoQKJJM(5Tr)c(eXA?cox=hH)AsNI&s_m{
z5%6A9B_1x>pIIqIJkjKkGpwzzsC8$7pHt|o<^ALd<G$q3C_3j>-$dgIIH&~q7E#D8
zdfPIE(CRA_+wz^Um25b`XV?k6z`rH*iGYdxy~3lv3L$OiJmR>L(E4zHz|yvIlX{!j
zon))u5I<e-yAk{!RQ-dvhy2MZ=!YBb>|6PdZnSIjsm!U0iOi$nOlrdjJA8w&ZPJ^S
zmlw&m349-d7&;FV-QhiI7LhF=cojdG@4Dd;7MQ3D+W=#6&JfvBEf2}Jl<-}9?Ao6K
zqbqpJB2OpmF0)xgg87Gtozd;3_UFA@H8`I|uvaSQ1~|1T);+u~KdV|DTSBt>d|dDq
zRCB1$)|?LB$iLP5?&zB11s6_W#<d|O5Md^X+6kxkDV(4V7LwlpnIooT5B9$XVZ`G1
zRbN}uYtkkYps*-Y2`ISzhI)fk0|b8S3_02qvU-0ESPBh=so5wOWQ;4~@Ce6eAaObF
zdSKM>le#B!KWy?SSISl|6jwl2C~$8jrtkoSjp-^%Pg790&`W*14>ES@#H1*ms#Pa@
zB-`Cu;(Ozdk(Pl}>hxUQkavhs3!d@KH9V#)vc4tZzPko~!2Y{b_(ZKo<@=Hfcwccp
zeE-uY_kR!2`FFu!>4`Fg<}+0HyRPFKL3a-&Fe#>3Cm52Tpg>^%vLgMlV5|jwgZ<L1
zK5cTt=;bJ;hs4#>eR2bQgN&Ak1YH9u^RmrbgV)v7NinbYYG*xila;a1oj^Mm(@`eJ
zmFEwpKSRE}&s;x+)S+^~dEqNLSEql}yu>qD3WtljbH-=4kvLZIzbe#QwGDxJ?R?yP
zd!ET9%*jV->o%ARmp*cA9nJ)#B8jcmo5-qKSuT!CaVaub$#TRMI7M~rVB3%Vz`8WI
zRn1vzu}ZDd$d(=9aIN6BJb+tj7zNqw2o?i#sjA~qqjK=7QsyRxU;UN?n~^l71?Ccn
zlD(w;om#ETX0WkPA$&1&qs$1W2_@*_1o~Xk%9yQeN5Su1MtC1LjuJ8p?PU2k2Rsjm
z7%NG>z%Tu%yfit4n5;P2ASTA2c+a8!^^V}t7=czjO+RpyL?qa;U7)S%&rigAC=RSn
zTH*?J4q?LK`2;z$yAwb%B%Pa#L^R?7YFOuT%yZ#Xjk<WAN$EeV*XqtVfw_Zff_?Bn
zEv!qR@e0%7V<MMnoKHpZ4r8@qYaMvK?dL~TEDzi03--*<QOszWRzX5~G16b>yX@T(
zOW!%Odw_vy)f%l44CLJKjE>&fhj|=Tvr+kCgs^$b_UNPK0ZF}~fH5?nbgxPa)cWLZ
zej^$Sa3r0S@q9OdJ_bCxT~fb~D0WX$KqB_z83p50L<OwiN;7`qgUdy)JsvS8+A<^U
zhQU(fL}?lIP?VvH2hbuzvwy@xFIA)qL39dB<}^ca0?6-jpu}N)hTdw)QpB)Q<rBP}
z#O_694@Ru9Z!zCYL&*0|m_~N2M04nF=vVJ~qXVN!6hUZBvRCkIcGb!8hs^P+x8a18
z_F@aHZPC;3V1!kNhETu01LP;<pQxKKCQZr?PDTOhfHMa;;88dysf{w0YzA0&f;MNa
z?fo#mw`JeuCp#%7<76=5xwcY**#UPFteqD`%k?6<H5iW%BbASfx-L4wzBy>;pCe1_
zJ^L)nq{>?p6|V~Wz<+pB?fGb<n%!AwpxFzAl-AWMEy8FWWTpR_QBY3W02pf*>HI!_
z*MIUZXeiSvuPZ%vgSX1E7OhP!dLRBX&~Ed~-dUMp3<w>L{GbsCpPXij!;goOTG<dd
z`0@g`%=0V|YMQ3(5rd!20h_n6iLH8+#zvF2&2lOOsH*p9$P_0htLZ?*Q5NZj1Miob
za6{X@1lk;ivzJ6+{-EKghojmJ8lK+35}1DqR^vVu4#-VW?yGNB<ewXOlV3uelEJHY
zTAZ8mo)GidShlM%SM;S<2J*R1RHCv}Cs!xWo$;HS$2)akI}72?O1(5=%8ksV7Zrv{
zvB+f)kvL7IgAWotTYe_qZhcJjW$HAk<A-LuLVB=f1#{XQ{b401E0g1Z-9wXj(SbXS
zJ}xT}84|SK*Ipsjl;5fsY(}yv@XZz|k2B7bqxsoM90NlAH#A}eoDbr{j5}GrGe!-b
z^lyZMa;}W33zH))rOQ|5gJZmnJY0+RV-Brd3c2z<qg)xQH)}vXAzPNu0jG>?D=li*
z=^ZK)!<^@udto>nOLf&y9UH05&OPZfD54yCiL$o6btYv=$M0{I#i_p)<7E2jn7M?m
zm>7Bw;~8{DB%c$yjXH3Htgc)VQ(j^v&tf?TVgkXgsEiKk8pOhb_r#k{pTJ!Bwp(Vt
zjCsEig4Fu(bdlN60fmc!?gzJbAn+glr`adoHzwn*IDu{1w=ZO3OEWOvw>%-x2_U>&
zbKq%mEe-8}GcF09f3(F*Ei*7Q{2aRM6ifP+zS@&~)TgDq3LZ5@Zcfynq+7)^u<-j>
z;JazxGq9Ra;>FG>!VU3ME{_||642Edr;l_7-_Db2!&^!jE%qC>4@_=udw|sWxU!<p
zM*=VP0~^F<hzp)Ur~id--yTY*pZocwbi-{UInzv2Xy-UL#MHM2DhgD^ySq^BJ_!~W
z-uBQVbfl~yyIoepJNAK_ZM`^~TqWzyjAnrgrGPukuHZ>h?Ns${@=GcR2)^#}ZjhqO
z#i+}onGC0rLE-O6AOZVEp}5==reI<<-^tyHz0e@Hw>2K`j<`kJp!Z2WcX9itpyFar
zBPsCPraA9zx$}3<n|$rB9c3GpIx@&zBH9p^R@}0~B~=hcv9m>_w{8vJl8bW}zj<by
zu(bX`@47a&xqj-et7PvhHg;)pclxo5yaJb;d|`raP}%q{7;uqgX$9N+37BYFR!r#<
z=*>Jk))agazP<&iT7OWqhE|ifE=J3*+&t`=s<0ZPXj<g)(1Aa^33B&p6?i;Dh<!H+
zIB)(=@VcQjmdhPI;q|RvFgoE0>7IBH$0<{f?v7)WdL0u6E+<H-#@^pRMv-nnS#}SP
zWVlZpl#319|4b>6Ie0!q&%NLsyK84nF39!emH1;^A@<IGy*GpIVViYxh}+}iZ)py-
zKD2tRU%grE%MSP7ex&->g!!M3y8pE&SE`-3eqG`}dBkpqN7=(B;xPs7;z8=HOzV(q
z{Cn(ikz<X>Z;Jw%@ua2}!OROHMWcl<G|i4>%_$T4VVywRxcEr|aFQ<zJw5+4erGQZ
z;mgtcQ<%B=WI`g<RI$wC6?-_5(Z03y`{}pqrtdpEkmrpn-)W7cpI8va1KgSHnNnNw
z{Dg$H{u^`53f#jh++0mNmMZwFDE78c07zH(f;^TBrnxmEeuVj)`NnkJdOD*aw^3nn
zBztp1q|J<~D%YTqIW;fE7G|RQYQqb&#3j^{v0ULEcj*J?JYlYTRCuHMPz~9DHBZ&r
zpPT{mNb}&s>y8biHOBFgSpUO=RoBq7`_ttkv4qee7C5!yN(tKBVng()Rn0D&A>{R2
z10E3)LaaBl9%q;;wOS-L`Ud6cry|<RTjLQ^AF^WdkXg7Mem8?qA?qEBGC`m9P*v~@
z6{{ZA;3gQoA|(kAxmN6ke6f4ww9a5-&LZ*=;_%xhe&-u0i{H>})GZ<+{AL#=h0Zid
z=NY?2Jk@S2a<`}#P>yd<c{&0i;j&gn%jzP?(ClPJBijt5WRDQCGyoe~AIT?|V1Dqh
zfbW_BMd&EwgLoID2p=<bQpMj=12*Rd*OD~!xbX9;_1)oRR5Yc%A}Zn~tL3|_>yz7j
zmdjy6Rej{3)X9yw7tsNV*5U)a>jGw}`z{J+Ro$O^y;&_%0x{w5$AD?oVL1rQ6;Lp^
zj3EF9$EDEsfNJ%A5PR2h_P{>4D35-!`9}^4!(~Ku<RXFfa-v9|;0N^L^dqGXHdBrM
z#RO*$pauF`x>GnGIDPpZ1+<|+uAT!n!eGlNE8$<eeMS9J9b3)<J=47=O4L8@tcc+<
z&_N~}=c4?+_hF)JaE#i?=-0AY6Z;6;3Cgbz)i^WwP!C9Wz<*b@hxu+G4^9+uNS~<*
zOctR{El}uhZvi$7xx3;!dB~Go_>0TR#DO(!<Utv9cN>OGS(>P)Mq@Tz7*{GZbZtM%
zX3&{>^Q=Q@>gF2)9=9`2pYx7L{|}_XH|9&VSmii>4Tgho@f(FGC{OXtqV8G$RoU|=
zAu-XwSGdw|naf+Oc?4R8zs-%}u5;pcB>D<e%?Qceip*qNcEdWyucqzeQh}w**+U?q
z%#7t2dWDj0Ovq<dCFf_eEihxX<`m0yNESzz1$%$Sls>cb3W%PiN#EiM$!&*QMP%5t
zs@28wmhLL$MJ|%uTVa(y-`9l8?Qwe(=}~ztW4F`|!0-xfSZLg}V;1j%`3m2=!2VLZ
z0r!dvreo-LOLl1JT>ggMuUo@SMb?voby<>~T}F^HR_mADSEz~D_>2~JTs_-er70cZ
z4)(KCwC@ZC=_G?}$(q=j$}N7UDm`vTWR-@)z;SFoA;ift9NSDH96^p@o!;tnPh!)e
zSZjlzarJ=13q%gqG+V>Y#@;}!i7ByW)-;G>MbGQGDBM(pPwnBxY4S%S<M(W}8`>KK
z7PdW5lmT<xeph8Lj4hO6q2iD+&Qc#l_Nr|W&PAGbg$F2<H#cCTyt{Y)fv*;oE|GUP
zA_w<WnR6kLoFucGagBn;=iF=Xm}bw0%d1^bUvLnd172O?hL$4iO_l(P!fcwt3!}2}
zm`jj~m*N3J&7rM^L+wOzMoJXiXi)Y*+&a(R94s6@V6TNsC+0MUcy(DcB#WtR)NXNB
z=|T?0uzm-e*}m?^L|;edRtTX)1!kyjJ+8+2@M%{GEVADjxdsGoJprN7aRJ4xRFpM0
zZI}(C22C1P2Rl+ntmzX09R^fEU>L=$V)XQMhQ*fhq3Bcx^U+`PJA44ZQ)KKF7IjK(
zD4pJxRWH8YNh)jqIvSstG_%msA{X2LQPZIj*fzrHOOjP@_?AN`ZAm3I$=VY$F|T%d
z%&8S(Vo#ey-9|n;2U-R-KKp5TkB;W5<52~V-tB*pk^{!|BljlH*e&ZLBMex%3V%Hk
zV%?v`2{JuDOEm<ZuMfaq6^KoyCa8c{>ADB+5ue^BJD(t+-+uJvW!WzKaG3&V<LNAT
zUC^+O8_v=2qK@QSJAK3U-kh1q9-8E~;h9YnQ^Vho+jEH9;Rg?>=ZFZ1&uF<kxdqb;
ziXV!DZTT_^#vS7Z=hJ3`h{CdG4~@)V*qeOgwEi8bjxP#)^5Y7(!Ym>s)T&3iYmj^L
z@MfmULu@$!qo!&=hfnx5ziMA>czLR6{^+KayHmN_DEh7F2jH8Wa7Nc=9;)5WgiAFu
zW9kqakpcowHp*c55_hLJu+}Pd7Qqaia1c3oN8-?v7?&wUd{<BVGX{QfYD8wF5$Jof
zk}%f^Z$}j8v&(uk9(!0;sKUI`a=_hkgxE>=14-L8@`k&~v`mL<e1Yy8DCD)AM`uL4
zgvIyGK7lu!r@C@P6RqRN8k7LWp&{`;&%}i<FMwHZ{9E&lBghoo%?C(VLFV8!rjN+V
zW9T}1Eq}RQ0=@-I1!&j66%;7;-7e84;j6D47+dcv?<BREVh$zyyWTxTPC%ElV$a^E
zfDzlr_U?U5zhwRlFcQ{D9MIaaGw7pHxar+EH-X8`tu%DYL%fSP=Pr<AzUB5W(h0re
zCo74^N?}5?`9m*>O+gJKK;1le9p(p>n(yo1%<(<I?|v6wakm3-|ATC&f2o1L%<=y_
z+v(q|USDwwUsf;Fk8i+a{Q@MqwIvF`Lh_<#mDnBna6zm;5yK(YPGdPpzN}vCUskV)
z&8w#|&4sP)fQvGI=f=(_y?a|HXJ_YM68q`GYawY&j+2|OYg@dYSB@XgM?F_xX0H$+
zi|qt?>ilmHa5z<^Ol5{8CZbr`9fNZ}guG*HPA|<N^jaJ{fPI+7p@!8V({>7MD6wd>
zR844A)NpO4j?J^1E3tI;n&Q>0(;X56FIzyd*>t=mi$7sEnfuTmg3H?5(y(^xFMo0v
z6{@H;OGB^{>MxF&^+NPEx0XS_WQC!b)pG=V&>ci7*z!;j4%dv-F-fXU6n>4}M{`b#
z>es);Hp(!v8o>$~Eha?caEpCou!40Z8$A&Ynq|eJ6_hw^vgTPtf}I*RLxYtmP#iu8
zS~FT?W&>Rg(?J$wbcr~42jEVkU2yf@J;SX~19PH!v5oB&v2r_aN@9e|d(M#M>WD%<
zGBl{}P03p-;$lUI(50BpYw-AhR49pp>A)$r>96T}Y4)N;$~@cuq@PP31eLdw?<K^V
z+NCe8kPp>h)yt!}IRjt7tj8qU=|9zuP+bqtXD8cfi9E9N&#l)~77LzVXY7Cos2k0R
zB&OO(Dp3~Ph$xA~&onffv};~+w)U>uzO`SVu#4dbca-XgFEBL8gJ%z@NA>_@3Pt8x
zgZtr%Ov@ir{~DvRk2AAoNY8V^#O`Foj)9NKmea*L$BTGiaw5qVP15EIXo=+Io|4bE
zR7T%n)U6a^f-vs*iD9l64qOmw{iB%<1sUR(@`YFO*DpSH7_@qe<5jz>ZVK01=DvV=
z>tKL(H&owZCg+4vvc!Rpf@}T#U*mOT7csZW6aX#)fnR}{x>5PMcLn2*Q#<WJk?P%r
z0;yNMGF?8+fv?P@F`|^ko85+C?6|?|VK+22%v0q)%xpt>Dh#E8FXvXOaJpf-N)}-?
zNvWeEn7I@}vcv|!UW;b%d5?pS5soXkLOyzwqJWNN1~G0C-g%awnT3Q@+lc*Md81`Z
zh=O$o$mzMCn!FE81&~EPK#yFtNyAxAl6M>yd^VlhWK|i6@vz64_Jm#fy<zELMR9HQ
zoutIxf@vV!O!AoQJJmi}D-T%-6BtTf=a7mP#%JM(CR;g*pxo}~FIfcx4;e!RMui`R
z#gGdfkfb{kXksP`k%ToZzIouJ50Ry9;2GR!rFN_LZtC^^?Yk{b+XtvWCLtuldIDV~
zh2>EG>|FcCaJeTmz__G8oe;6EePsusUke{(0$KyB4<TDK8kvhr@xMb{Bk?9*hm~x~
zmAcc;ES!vIACfK(_+Ki`RROk)pY7dslEETGUsaTtTIP~#DozA>+gL}FP={;|-LY=Q
z4kqJR$PAUIB{mKcLw+ftmaqg_RkN9E!*1lTq9T*8j3DOE`E)b4;xQ=??L-GwW4iF<
zo=H9j=f0OdOFl>2FfNFcvWNFNMO@Fl!`*`o0ES=lA~2#JaxDC%uKdj^nd$b^iSG1~
zw!FpTs$R|BMwC)>T@f4aHzlrAne{Oii34$%>kCVQHP*p8=zxXP=x2J(WH3Jyeg@80
z4%5Y65(o<A-{Yh!bq?dQk|{MZTgeoink{EbFVN|WIehc{A!-qXLqeT=gxDFCzf0HR
z3%mi#&KQyq_RHSm+tEqancDr*HtVUE>vy8KQ;(m7`uO=Vl7Da{K7X`s-wmJVmi&}8
zg|<Ex<@z@FP=fJF?@!OpxsziVw+<!oz1vba6e`iIQ#J-p?`dmS^=44dtY3>+Ns1BM
zyuri6-|ZJ0WW%Dn6~;Ak9K0^opRS+E4#0F<T5$Hi$;;h_9TchqUB?pKGY&bgWk()W
zc8QEv!!{PU%)Fpz(K6G;9^;z55ps(U8EB8EdRm&ry?LStdMDTgZSZv<7CR$x(`<Bm
zN&#_m47QFEl&O0Awds9f0Fwh1T#J5|HVd!wvKtN+QeNJUGw<IaPv-Xt<B<1W!E_y9
zRk>0VDHNI3JxkB%TloindmrXskqAiqY9*Fm)}{aP`|!VpzW?=VS@;#%gQ9}^A)Dbc
zOD~SY&o9*qm8uI_Qm7Bp#9XNy-xRA0wGCk8kbxwVNRyTvfZe>>J&@7!a@g60)|>sI
z@dwmv`e4gGw`FRCS;ivX#e8uzGmXd8*YnC&Z}RQWlUx_j@z4_Qe6Fsam<T8~R(kbG
zM4QRUNdYTT*C2dIu6?(3#w1qoAO6=!5V}4>rhHPA;9OdOladqwd7WxqHysl@!cI)?
zIQlYx=w~y1L$bA=q{h7$B|vB2!+(wUxkd%kH`2hBfM#Ouwf0_cGK`aTNlCz<G0i}1
zP}btkW3<M7afYbPXxwoPmM?%!rJ)s+3yr(V5W|J(oN^9xa(R7Wl#$|1RJOT@5e~0v
zAwDPIVn=e&pO@Q@9Ic^jIf6C#5yr1j8+J9wo=3&7dSn!{jiq$0-%Kut(MzTL)t<jc
z08I|MT&J-DxtchF`=SDCvzIoTD9lbQ)?0l5iF;yO;*RvTkk76#ovCq_EXzV|#!r?C
z+cZ0-00qS{H!=>TNtntKY_2j-?6}k;eO?si<HZhj2o+athI;cMS!2q<bB6iZKTCso
zq^&7uO#|uDqE=?qRB)WL-wtUegcpr`TJD6^p^27fO)2VatT#Z3DqAG>X8|}yr~!q1
zMwGL0QbQmt66%GW<^UGA7-g$D=bgxTZFlhK!j2Tzj}rY*gDnVsqEQ1hLV-H+3-p1K
z@FV-^T+)#&!lBv;x5*u*wxqo}zB1Hd%{BSr^b-<rj!+C?reCJZSkF(dk5~pgd4}5R
zPb0=r>FbhEHwEFaf*nZ_ikdjY0iiIPMVNx0A*Bm=FeaFfs%r-xOi>>8Ur)x7)Xe(A
zy~3ahI;t?`WeU*bmLDQ$bP}U@7F+@^)KpIWrHo;>lq=y}AZV0XqJrQUHq6j$#;Rb{
z5@>hyI;G70c1@f@;A*T&C1UnEL8MImQmc-9vs8?XLLLnT6CEu*)AVWtKVZcKWCw_B
z7|*H7aRLsjS&cPN92<1#Dl{KXloZZIh9k5LJ*r(|Oj8B*m(f}0ytq@s9X%yuv`B73
z2D-Cmtd+Ri1!I_OXQj_!KSNFgm2w3-4cK)Ka#po7kfSLZO2nvo>2X(R<nw8d5QMZY
zUW7UF6S0<v|M-su+8T!uxr|G5mT#j3=cC=b+mB%@D@2h^Kr{~8>GxUW-$td6G+gdm
zIauV3mNF2yYa-j2Ye>Wo4p55ui1glez-AMcbjp-Ogr(?A!|Sr=6lT+<kE}p^X8~te
z8>`<WR<{3{p7(9{2pmOE(#bn2n^_a95*}|%pKn$MPq)}IAGK)*zO5_>-VLSM9N-3P
zJNF~^4M&2fLDw6Iv?;P^81&gNYfOHqorljzt73Dj&i{gXx!&J<hWp!u3!CH(49HBX
zDY(vzx{w%tx*Pc-clHa!gbv<@d*-;2{^MmnU)v>$&+q%vsBZ-FD4vw5=(xf_A;*a9
zkx<^>v_;$R8}qkg&dOUnA+O@6bftS@o`$c`GlyQEf70_M)-JpU{R9#5yTarp3JY=Z
zm3}=&q!k{CZdcg!{Mn;U{^HIW69<SC;e?$ThBCz0><w}wTO69B+-nuTdHZqSrzl$>
zgJND^9_p@*ePw0$auWZhjmF<F{BFV4(~%j%uqN_0KGEh0YZCNe8Nb^e(@DKk0jYJo
z8fDUUR%{$%hl_IWjV$(^!O5S9H;jut=!$alJH7lqeYC-PcX6PgJ;q80d0PGysaJ&7
zbL2A;?w=j^P!sTg-v|s9`hVoksg2^JC7X3c3*pRk;F(0SUojRfjKLq@omtq`6$2`(
z$bXITxE}lFayI4EG<;C$hgcYfgfIWLNnn0SfpI(Yn@j>?Ndop3_}qkta%(I~*h!bw
z#6gtD@vMVj?Mu16EcgAJOSOCEkn8v>y{P9az36{DLlg%Xd~KEauZ2EK)mrK6vfxt%
zZKeLBByllCu_2t5a5%h45GPy{Dv31|n<}r#WkowaX#@V!Cbn~R^{M&$_L9$u+FF`u
zQFNBiBVFU%<N5>{7-^c{xbf9y`w{n1=26Ev@5fUNA28e=IT{zD0^)(00Citg#-H#i
zjkbg(6LcGxK2tM17QDIdMxp&EDQNwe%=IM)j={N==*~*@5gZ2QPR&*r%xZ3=V^3x*
z;Wn~d<oB6&Diopp)3WN>)vu&-B9NSD=ljb+8*s1THoDZuO#-W(th!DE4VO6JJ05W1
zEh@8>D?~!R+;;_zrNSlw7A47wH*jre++#PmkMtz0&+Qgk4b4KZs{?m!I;PbVRM>6K
z0<M&|J<o^N@RgT+KHyW1_u}P4=^8v|uT`z`w`Vl2#|um+apAhS@^-O%BDjXfD`4m0
z);ciHfNk)NaslMrDBP~qU|w7WyTm=xek@sQh6L{w0^h{sFefsejBI_(5i0~@((=4t
z#9_b?4^1Z+Wy?}G7lLF>WvPnv!_&X9G#GHnyT&u^yc}l|MZ7@B(K^O&!pAT9>(3QU
zW~mEWve#V<pfhC4O7RXcd&=Py#3~dE;fJbOs2WYe<Rpp}ar51>a^8R}Y&#6xA9tCD
zurdqp4}$n`LR}M{J+uI&ftg;h>Gsjk1z4N_iy{l=uLnXoYOAbg%*_Imu@m0blC?3a
zqU&V;W)8;GqRBO&BWTwF=KeY@?Od;xcyQ}c;#ZDSCAw|3B=ICXXWb4CYww3qU^*sT
z47)f{+?!rI&Q9=${y8NHfn)<$yYq~u=_1_lnH$pbt1sz~%hGP_oQKWRXDn{<`;Apy
zg(0RKrpjJBg_L1Faqs}fJ=Z3w!)0gR1id`K6aUJ7Jyty{`?`LtS6mH7qprx2W_YIn
zlXM9!3CIywFj>ZPdIk+mqtHFtKk#I_RPAdr5w=5C>Z!s2+XNDl50z&;6--q`5#+L1
zXM&EUc|Tgla+wZ+X9w~lg#3NGEy2Zsg-!C_hAOa+nNwDn>3lpjnq99BBao|{PTgrX
zDefwGtj%)N+YR#pmJDrsWIVZ5R)M64qi^64tvO0E$8DWHd-HHvnQV>!Du)?cYVMDN
zctE;tp`CaAu^UXMK6_`Fi~@=Vo1Rj>c`VD_w+Z`{ZBZQQ+L;^~)c~aJ7u4KJXby8|
zdrp+`^?6M9Vv`8cCB%dxCu>)plK{nEvwR2ay?D(|Qz(hQ7e`@*dk`{wX{|P2k&A4k
zY){?)q{nwrq`qb6oxxoERpDvh5xRW}Gw@numKL{bAj_Q&(15*uBA5f7p}r@eQq~j3
zM@+BehsYm(&#~rQDXj9V&b5U19CO>jUxoDP+hIg@962V&&4_U_UpNw4VU$(*wsf7o
zJ`PVZhDp5_m40okw8N4~z4xZqqC9x6T}SG+syCQ)?v<GAT9~Lk=Jtv20TGWg4=Oac
zPWQ=!-y#Pr?4R?RJKKoCfZOeZ+fQg{9bd)7E*-TJ($4Px%N`Zs1XKjsu?E>oJhI~z
z>=&{C!&@}+C8ESH@OzPu9zyWZtriCVsXn;%!eZujD&hDfv!Ltb=@Ai_yfJMAUwEmf
zU*fWLKR9@D5%eG!^=3XjjLx-?*KETpSq45hTV5fyW>-aAy_vPTxatwMP+a+%n%@7m
z`64VcO9lGN;y>`^qh$Q=%n?fe+{q>Xzjku{Gl-y3&D!xxAp6*8wVS6WBj<>t!C8=c
z=K}AGWF#jyC87(Kf>8mZHI0yN#GfZ`$e1fAdkKi#w|~H7)hb^^9;^8#?73ZTT(Cx&
zw*hmejb#7!oN~;*t2;V>f8E;p1hNC!f>a351a~Iv_~{Xxtl_L1b)d|H(@xJbHpeRD
z{j13GQ6hNNY)Bat#7rI$E*FU~*k&RWz;xnd)g#}SIxyi*J8>j!q&sHEl<ag#zTpW$
zYJJSAM=*UUEHcp%x6`^@Q_oeEleS|f5`?8PwSUZ+z0+2?p^fW!8Ss~L-<nH^Ml(ug
zXaSG#y#GhA^{R(<@Lp06>$XtUxe4ZVVfr-9D|hokq(ymtaGIL+*j*VKt-r1o6x|LW
zxM@Au6HE5RsI8WR=y%LcDqSMedgt(5aN14DrE|$8!j4LZD0njMN{?Od_a4RL7I7O-
zDBEoyw9@(r80ytp{7DIF3CEYTWp1`&S~|+WX+K$T9YUu)g1(V(?n7mz3CE0##Wr;r
zk1^#fvM!x%^o1vR%BZrLU7|6DolU~vh>ZEmLo+<+7ZVICTJq+89D6WZDt7E%23%7!
z-Op6QoVaWYoWz_(v)ad&c3H5k-ZdBxq0syo!poH0l;PcJaODKKQVv?;*Krl_dAmPU
zM7Q8=wJbu-hC&vHiD|U^l$FJ5YM_|LnD<s9!l%SUeCZ>Vp|8A_>yh$1!nftXOfNFl
zgmt2<p+0b75RBtB)amMH(GqL(_cV>r3OmIj>7rQ7pXO93fo_GPq_aVp)&sbt;qR%T
z@9aXpEI~VFT9&M!?Bp4>PbDO>k8pI*(f)UEJZMpe^X(CN(zoS>dD|e)(p%Og1p(6A
zcyWFaa2_hO9c5~VzHxD-GTZU=-f27AWJQHj68ZW?t@B=L1xGN>TNdJxo+_<BMAWdp
zC2>E-6+K~kc!zkwufo2vcoBGYP3qg|ERT6e11snJ!FvHA8;J<sgKwb7;bq)!_Rd_K
zJH`F2TQ<RT<g^!k$r48}+kz#C&NQEE<^W#~9uYi#xe!dD)l-Ny*OD)L#122YGEw9i
zw*nnt787??mX@t?Z^bwduf%_nPn>(=l^6T#@Q@UE3Q-o*oQ170J-x*h<Ln$O3foNX
zpe4mCVn8Iob%>xZnsEyOP9P?}u)C_a_GUb^rxH3KonZ%^V=;EVuFV2NI?uc5T>j*4
z24o2(>KBP#QTCbFJsIwRewCRhJa0KtaEO-RJ!Sslws*t~rhC!Iz;t56!hPl4X=a5a
z_%Hg%m&z0al_hvj;d+|vr4rtjzS<HyY)4Dl^c@Fh0h+nhF>=psECZ}dTW}`66=yzJ
zVb$h?#V3_uW#<ak<B<a+);HW7EPQJ;A--BBz`3E3Hd>TIAbqT(DU1-jo<3&j_~a4=
z(!;|%ZA^=}p}-NWkupk@uc?IG71HvuTu3E0=h_k>&Ezpj&;X%=?g<TbwG(o_C6IJx
z<jE)c#zaE!^x26v#M!x~|7@#&k@6B_6D^^%LwT&8b}xSX6U<8zsjv@O6!!jc7yQHh
zmH<VT89#=`DcKLmlcfM|9&_jE+&-WJl4XWJ6FWc0c0xPIO|rTO-Y}~__j8xV9{P|e
z_s{L)Fm3kOEed_;F3_hm#eJu$LwQA~Y}v=<!yPN2iU$T50OOc6sQZ`hVO~Qb_<3kO
zT^a<g)`4qU`{wmW=1k}{;!{$z>!dG2k?|xn+T>D#)lt)OZ=pqK_r<-SW9$!s(xPVe
z!s_Koi|HpYaQr<42eu`{78$0EQ58PI=$8_-O*-iavCDE`yhV_|c0143X=X4+FN_by
z%TDTh?_rQj(WDDP{ROdpX^Yk+4qzEFh|&y3s5f}htcDGk7SaeK{@Eb#lD)-vu7gV`
zRUs>7AzM;S>(C1x0b^+8mnLH~zRf{Ss22ZNr7ncLw}ARtV)Pu$+!1MRz$S41tT*k$
zpC9`X_*ifjM)Q;2Wf~)2s4NNb=U4-y2;C;yxlp)l*b=t`*U1w+zU1!`sk>~NvGfA}
zdp@YSt|3K74IimnVoL9)zs>UNP8tb2fq{U6zk-wh+tqddWjCVim!0&lR8dD611BRh
zk$){s{AaHzj32W_VL%-08nGlSAh}PQ{R)kbCqS1Ku|Nydl-CNv{WH9=p&q87PJBhS
zPv`F_7sqb5JO5d#GPDU^))YsTn{=Kw^Ym_V{_t`zr3b`Xt1AqlfzXP4OM$pab>Ye-
zupQGN??W;n4}M!dBeW1Vm_jUTSlBnbg<?XH|J?TrCby<i5RDCLB?`kj!dpKL0ooB~
zV#<)>trM#KL%~XUc|#I4rXo+cL{|;>De{9%_LUKhrzwvy*9FqVf1(eixBV5run+-|
zBSZd&WH-n4LKuyea>iB)#oni`ODYGncm7+uA=04r%=h89tHqcrjHo}Mv1>DU5)^DI
z6j}jv#k06;eo%8Vc=TfQQFjfg5uQ{;9kw4wnOc#^MX#$(t<C~oudbU4yY501_$PkQ
z`(gkw&FtyjBoTdhv=2O>9m*nxzE>JktZ~922EOmQ7%jVZvK>d3M$>5t%I>r+hTst$
z$;iL~$+)pw5*9W!tE`msr$%m{>mq7d1_u?y<K$(D`uPBE$Edq#p9qzX5lwx7Gtrs*
zC{=NVxA6;ThvxeMrV^Wh)TFUNdDuDKxD;gl42%&IZZ+rAD%!u>GJ{40{oDT^2qIxD
zYzuIdwRIA4`+E8LKL|1+iz9#-{CUgT!%({d&u+ls7sj}sC{7^XpT}O;!tZ4pqg51_
zCdy+3DU0i#ok?>L3pp$#qWlC0olz)0Bfg<h`1x7ZR_y!!af8wgS%DrWuqad&$PE)1
zBl)@^i};+PNx}CO^$y~0aL?~taC1OPUOQ{B?~86ikpH}0B}idaE<eB(c)sc}W~irr
zh-qL_=}rdGdlgo5_I*e+Xrog2W|m4a@YH)?q;zIWxSd>ShMJlR<#bA4beUTk(dF}j
zB5JZTc_!|#uLP33tVSYCS1LX9t~$ya#G5eks+JnvU>*5)=Xl0lM)}3+Aq!!1F;~32
zO_@CY!_?Yr=CU7D!vAK6oQm-C{M!^qGbX9D>s*t&!xuZI{$ht51^!tl^nPv~@q%cB
zn<<jIK#(sazj`-Gk=w6BngFbQ_QRvTGh8*V&9EmgZ>T?)Br3YFRq8$5)rG>{IU<nz
zuJP%v>ed;kr#M1xz8hccFg$1=9w+;Y9oV|<gYII!y;Qs=6SZ}m@egExBqdc)jSrye
z&KsA|o1q#J)4G}i;YY~B!hjXCuv)C>lq}B!^nYgugptw@*DrQ-f&c*t{CB$azmyLt
z8(UYKe_ZST&J2ZCSx^Sl%oNL35HN8lF<?BB(2E?XX*+TLz*wl0tf)o?7|Z<)+%AzI
zVF7^=a`|h@&?6asC`AIou_5lMahw&ps~9;Tms(Cgu=sC^O5(&q%L=Ox8QDjVjq)}W
zGHUL(lgCvSl6#}P0pceFPIN)g2RGzo#*fN5d7y$m`5we=z19)kuGK{OAYFAD&DMif
zG4_JyV0&7Hi;QjL*w!PAkO_gKdQ4f6Z5VHGtYaXgtIp<vgG<F?V4TFp2pULX1Z5E}
zVnu9Q*)q3>581Jt^D+{trDgoOPBu8R^H!L>+A5ys#LH1PU%6SDR3ztWpK-N<b~XS^
z7{1HfGixYwIVZu+@fa_%-u|RZOu1|doKp6@fu;omyhj|MUdE!>1MhSN5GL-C558)S
zDqQ-e4(ZZ2ptcwe$Bu9F943=@Kro=_=&_KyO28542EPYGbc@Arfie}{&wwZ8>OmsH
zYgbl(J^~KmCeBMk3)y!aDs*4|HmcdIPg&6ZLe=yORiXa?RTUe{|2wWyQi1}gAJJ2c
z6SqmNu$m<Tu4=Gj=&JJKV5MXF9p5+suDhFOd(HQBn$Wa=fGYz&WSkByz;=kt7>>qW
zpYcP|nx|6KfI=up5e3<!#gP^Ip&%u--m|T>lxPzVBwQ=3UXD*|PbHS(l^{B2qfK>S
zml903QW3cnqi@dw?OJCUil_(eljLdGuKLy0g?8>M7rPfwX7ENe3sHu!cb===t&cWm
zP>x*BA*2#9T?)<^Z1ggbkK<!4Y6dZ)w~+ecB7M$1&RUDtTm=hqJ>z3-sKj)m@Y`ms
z)10Bwikeo$YH;=j=ywqk#n{b1EXS}3Eh6HEf?o=41;p2n<1EJ<0g6&mI*(DvT=cfE
z^so{IE!9jggcBj-7!DizVFOt$V&zQJj{GBbQQ&>db=nDzAP&Qj!Eaiy_E{@rB&r)3
zgdh3YVy3BS@VGFJi@iPTFv~Fh5q>7GfAi6AFq_ABe1Yfv)zJn21Mmb5j0GG_ovpvt
zFa7;Y#;?h)@qbn8krC!V2tkhK13PfwoktKquyA1xsIn3^{!0u~06HnFCKvDnsT+C~
z(StwawtyR4|M{vl5*ReJ#%dPU`zKrd*>BHhM_7G4SP|n`=U8gO7!U)YpsKBV?k6hL
z(Wrt;DmmTbn(}nT_S^6T^&o+Le5j2ig^s7@uX0_=KfogBVqa=d0~-9|N8hB*hoQ66
zB)r`&R;%jQl|}&(l_#9)RmRRcw^PV&J)(R+6FM4b@qL_{6_PlxvKjv%#LULBYc9EG
zZV#?rC`?u8H1sZ^PY2|k1n#1S6kT8)u`+tRT4(c9_qR<mbZb@(CG<fX%zm}(tMaK4
z6MU{B0?#2-k$pD0<4syPRO27d;C18Z=?}KKy@7@6FT-J0|6P_mHw@Qm!t3Zb(?U#_
z#arqS{U`WO`Y0Gt_s@O}2%};9@#^3u=&F_ul&cpD1SccXgbsA8+DJ-Wsj!~{Oz6W?
z#4Jnd*6FBaV?6Ai8zNejH4gL0gD5JJ^fRVjwNZD;AO0#{lh~#Q{pA(al;xRq-{KAs
z?8?TddEj_LWa`Zadk>LU_)-(TndE5<ny_crU%rU_d%5PyDkF;e;s)LqH~9YpZb;a;
z7+9Gb%Lzy*0vzqWc4GtnDfF`9CM5g#QG=$If0<RNmNz~iIH{GV7Un1-Do~&XQC$|F
zAd0OD$2UASYNKgC1Mw!hT`_BxUJQaAPHIoST#oGT-Cf{yL%Udy69NdcgdjBhD#=$;
zWX1ku&z-;2UY3>nm1i5_J%g+`UYxa%#g^f6*Vt$4z=8}&8lAUC2wixZ5)TkjJAf=u
zhU;a$4$-^CRYpr%jeVt)CsH#BqpO0;I&ZsKFF8Z_&C3?_b{16_OfOlZah`Iy?a#k=
zo*zG6i2N?iGd-p7y9Z1c#oL<cZQQrfqHQv1<xE3queitN9y-oS55;gIv)jJ;?x+1+
zP*EV^VcMT^hBDS(*)tm`{Z6aD1^#<lWhosc=|h&?1n03<kZo8F+y9fQ5}cDm8GJ$7
z8R|wdgQH?5on-=dal!(O!Z3g;0|VJHY94Mv6(OW%&}Pl)u0We1Fe;9U@VY9n4l9$v
z$z&le52L0mL`-Nop@xOA5@&f+{1LPs8S{#@R>WfPu=wj&RY9`2MmAEM2Cn^@n@i{4
zYB(O3BSzmB)bU?XOZ*2=f0cnRjGe9ju>)P%))HXzw`x!sFC&NgrQNnxtK*yv4B`+3
z3~s<+?eFu*5WiJn65_}huXr-8VQHqA&oZ^&HnUsr_C&DJeE|8w2A*aELw_FxO)F?G
zyX}-yah<BJzv2Vx7_4V>81|%4mKP4Y7B%NPhw$^Q2)Z>ghoFiT6Gc!~!`8!hjHkdG
z_<%HkV3ck8K@~U~9Ijj^F-%wOMDyqeh(;_**3#?ef9637`mixnMy)Ci4^dSh9M@H8
zK=_jPkDiPuQ5p(K(=FhRArpOIxi4K}?$m9+0PB2C=32f<Gf7HO^$KCSV(F=Ozb{<D
zRtY0nSJFZ$PC|9{(0xB&P(P$~vyfqAHj)A@q(p9wKJE0<oAAQrEl+-O_?u^%4hTBr
z81|~3;hX4~X43D#uAL5w+)%H3sFfa(=6007lEq#n;gx^HuujoJNMRlo14B8M7{ot`
zWggH6fegJ--*EP!{c_#?y^QHEn`xZ96i=;sle#2Hr9a&PddruP#-?GNk%(RXmxKeT
zRn|JpA{8mAh}O)Ya63muMEeA&bWWz59E@jG1VyS$sILv*LApgPG!lwd_Z==XU+F(6
zyFlO7^;k6wFXIk5AL(-b&D{OKOuQNT#T2?Pru?^SB>?}r={eGgJ2~0?jT>2UT2dea
zn88~keMK6Y<}1*rlZ$56y|6-|6fgxjd9UVpR=qA(2!~szlE-=9r(?noahe&KLR}0x
z`#P_fw#GX<dAfi~42UBrNoYtM#R(_mQ%233wU<t)e`I~ZdlFt%?NLYSC3f$OBzXWn
z`O<R|<Q6K7i0{peHTyc7U=Tp4u+m9(%WS{|S15TG{nRqIqr27$=Y7(6CNuy?=>Yc#
zHXwd<x~LZORzz&LhP!eLcQ8sv1bYYP>B}=Af$1VP8ON<m+Y@UmDVHho#MawIMAIjz
z)Y{=V;Vt33E*;#=s9(bJ*{GG((}p3?y%zkrhm5KCBL?KXmieXxZbb_1rHVb-q}TRZ
z$3Y(!+#7ID(sRsr<}9EV9W6bS$OGg#JA#V-kj^@R8*ah^l2}tfoW@k!n!5ldv$g<S
zLHG54=T1|DKCm#CicG#KvTlVPaNN%+BG~m4pymoO9NmZBSZb!9A+$n19&V6WsjpHF
zo$-r#_nh5XgL<qhQk(|ce!^{W>u-5C)bP&XfnNY)eE}@+AC!WBlzV$;!2fxDiyM>e
z<wp(v+))*X<?>Gvc2$qmY2%lOoCypxBMN+%C!>eZw1&OatP=l6)wh=|6+~2P8p&iT
z{`|~hnv0ogb_F_OmnI0T3I0pTVcy1gjYc6gLkv!gqsnDB&;~CDH54rAL#fHN?JpC#
zXXdI~)52R%#VzJ^%3CE6jpW$MS15A|4f*W+j)St|GL~XWEcXp%HpV)gWrgsbV>V$;
z38v00Rj%iJRDKLH3cc#l+50GaA;>20eNdG}X>EG-C)|inZpn!B>^(uuBwVVK;XQQ_
zo8_et?Z|b)`l0oCtYJDm*z5e#eRX>#h?z(BtL4<ley<h_+1hhAbysy(`~aSIayZ1u
zc%F0?1vsCtY%y~ci;58~{}1lD3Mt|K0`^@5CF*>-Hk7=ugb3phsH0FRH1?dOqnVUz
zZ?#Dx;~9!1tO|dQ6$YToe!du`Jgmk8Sf)B_GEP0@YdLaHG<x0lRP=6&a(%f{=!{Kf
zLyIg;)zQ)K#K;k%>rXt8fAi50EvttPd_kQ11+naZ0I`sPjg767u(_inz}no#zzHB~
z>tJp0cL7)#KW2l%@P&86S|TCoNfbnHp-9<$QK%o9xJZ(`<bo<vM)LVaSW;VhBy|kR
zAI%D)TK&Fgc-tN$f@mI4<=;@~W+bnf`JbPYwLE&hUVq@WNwWhfa&dDM#n4!KsSERW
z2%_^HX_XTtm=tQcnLP3!W`%DvQOcdtMLc_@jZL;b$`CE8Rm#p;b2~a`T$iziIz-ep
zud>3!LXqRX<qKIVbFPn~HD~3?n&~LxW?{Yy;F8xNZrJBR<T}D1LTLTu=-uqXFQlGT
zUc*ZQI20%v98|Fq+uxYUxKPL47ml#|c6AATjdiS2E>sJe=;CWDd=xI&w)$+Lb7vPo
zCCu)XskWlThGubFN1*O_@R<IZ>g1`{l2Z}m-hV80YmK9tJg+~rI{@DBmo_yo-36c!
z9+vwZ)LK^-KNio@j116Zd?<g~eZN!R_KvGZPL|(E{iM-NX+^$~?NH-VniiuoztOxK
zAiKQLoC1fl@Fe&Y406v{sFJ9x=McFb!uxXyLXE+*V^c*1^~2+5NT>b6Ty;(FSOq|}
z$;Oz6N<GTIF^18Xe|p7>bKo4HzLtS&MVj&+3_hU$!()6Id5C)R_aBshSArs3a3Nt|
zgpvCqjQD>*7+KqYxv&1o6vw}HfUnV?<k$T@`177sv;4v4ckZPHb#xVK;*XA8`F4di
zx#HZY`7q<6g(U|SyB*MH`CSQ<c|%$#S%Rbe>(8wb=)1>{TbOO2GYyhhr`S=#D7d~{
zWt;L7_sfLcS@^(92{~@Fg#?*gog3j0c`80Ty4K4u0`AWWdgJIqx;_}8x)vR_WrjXn
zQ*{c}E4P?-yvyeG40)+8XH-hENTMNmOy%{aMvwid=ui<Q(L_^<cYiDcNBTay+a(2y
zQ_aAR5h0)4dme-Uzg)%QGD^%_m6Hg~r%uBA%99>?EfxH$`PSq^Tnr@xEeJT%h0kVQ
zBJ8C~o;h<fD~~xn@)+({xD}j*h3uBtLsgvo_H%5QCVH7Gt4`F^7X-6kg$Yt|3eqWm
z^rsR@=*2t-(H&Ep+tKuaBT%E<xmnf3t#i^8TM>@dvKkk-DT`?h7!(J<5@>Vvaf)fZ
zLzCV|(uoh=#1|dLM~5n?Nz8#|OFQO<_T`q5(_qk>utqxdWxW^@DiK))Udo)Sz5k{L
zkDa+z{}TRx^?1?$0B#8zCxC;Eft9#{gUkO<A5f5y>*YuE9#aEXh(!<>5Vj2+#OKiu
zoiSr3#GiN58--Znw`>A`*UA>>eg=J07)(<PqR6yLNLxAawAD4`<K5Z>#x>vyz}!Vg
z)*y*PUiL~PHh(HytG5ld$$>n58&Ht*d(`%uuXS;rMh;zix=d^7uV~<J-ORqV0nOjg
zb@W#^5mwD%fMl3!^`zgdKfhNI)&gkC=4k2x)zy&M<?*yHIpe+#B&<FrVVU1rbi`d!
z8I{}ab$TB_jJDMIQcj4!^o-MyPIgow4>vZJSA_&bGrDpM<V-)}u5_h{-f>uv`9og7
zW;T6twNUEACti)|vY$>_fW=4S{<*K^b_E7W)3P<gb<SN`dd%YpkskbU+o0rwjOaCm
z3hPuy2|GG6h`E~-jv0=sWWW@IJa7*7lW~!fi32ZAE6`*{*~k~pa&$6qgNRTnxAzYi
z8l|0z01Iv=+=9j#jJ*eNd95$K=wY*ZkobbUl_|(8Qauqv6>E)zS@Oh0eao$ub3|+-
zIJ!mztxZtoD#pK`Z*b13(Uvd3?Y{u${SN^DlK-jz2gARe>a2LF|240*>}IHS$CQTJ
zsRaqZR7V0fL=psx8-Td(<grN;HGz1DgdY`g__nNW=$B~yBM!w5T-bSvL;wOkC%LU$
z^7GT#xzu-SYaK*=$P1sc0M8g^m`Loo0;GB2YX-oGI0|3*H3P^#%lXF)AU;7H+~@cb
zdLzl8;k8+C*qTyLWG(Q%*Kk8063#JJUbiGGyvlB^*S0kzPSwYfNwtG193=Nv-QFoL
z0CvV~O!$5?G(7N>DHX%&Td>|uB3+(FO54pbC8;X)%%R2b%gu)xh&TDy^`9HrM;YTH
zdi(?Tv)<nIeGh}M9)+1SS6!)-`#6)OfR`}~QPje32)BoMGQp6HQ-RPR|8Wt5EsfC0
za^d<{WZ=>Jxw7FDHlZ)3Qv-Py<(yROuiu6psX}4o2#CD;VEJCr_Q`@+SkW)V*StMw
zDRR3^S{Hs*6$QPXlju^Z`@a!kF_{5=Z=}d~tmPA=t*43zlfJH-s$v=(CeVAeRD`L=
z#6=ea8dAQ!qfhl@>Kg8G50nOID2u$a9YDox4eNdKd{(3Ba8|6z?*SYVMr7#*R^fXZ
zXW5>AD*_|*>8?FrocPb*dcL+Ah<|P5HgNd=D0|DWIM<|G7<YF|aCe8`?(R<G?(QDk
z-GT>qcPF^JLkJMu9lqW(`~A+@`<-*m%ysqsr~B8_Pt~fsR;{Wsw($I$X%r_;E1(Nu
zjP%s>U`f|CL6(7m<>sMaD`XlHL9iR*F@$b?Uzg%3IZa=+9TFJk(U6zpO82<iG1%P(
z_^@_Rfo7(s%b9I?Kluq<OrH9DxZYv*%J9;X1Xq65h4sXMsY$-~-Xyx5Zu+C%BMEt3
zI7_;iGMsjpJt+M(!JleEQv7QD1TOzlJCtUN++>+^4U5M#V?N~R?iVyO+Ph!~Uk@fe
z=Di!*P_$Yy%w1MwQupjPQF9`dS#ThokN03mvBJwscKUXr6zeK8{8btc5cGbC{|`c6
zNC!yh&lhq+cqydw8EVk=x6(t2WYqY#Jvy5D`H}uaa?wB=lfxX_-_?@HMCU=tUt0im
zhM4D4h-z!CA?f$K5jflcBr|o{uK${XygJ+VmWVin%wL%kLI2@C7Td^{Kja+Mi%0Xy
z1JaMKs<iJL+ko&ZVL$yFat*xhl_%xaO$_tVoYe15EZw@Gk$;qXus;1!?%6VJvQ@UQ
ziQRp3#nx*Y9^;nqNG??lib<_K#XJ1;hE(B^)zmxoEV?wGtR}A|@#7kp4Ng`uo7oRw
z<&5^LqpuRCry-dYVgeZ=eb@7*?Z4v2*y?$dFAy&hfal-Nk~IB4$>9GUk103Sh1k!8
z61IEs*dPjtsME_XX(K4p2QkcD37^2|6qK?`g%gmEBFfgeN!nHOun)TfBC%58SSh^I
z*XcyrW)aV!Gb_z9ekoRy`o+$-^@&PHPQ#g~zx;m4d0*w{d~xawk1XuThdn1l$ieD4
z_YWofRS@)v%c$Dkqo==RxGDl_GRQzKn+7O9{BOYUUq`(h;B9#RkL-syVzWq!v8|C>
zQ8J%CB8sU}5Tl)%D3S!Landg{dPArzW?25{rB;F{kc7Aoyml8Bg%-$(;(AMpWZGy>
zJZ5Kn_#Ey%J-^IjgShYhbO5EsKjvkr#gS(8{MMm&?tQ*L-|T@o+G}3>S<*n92cgWX
zkUba|$|PZ+GREgK<OK6ZQs9Z}n(YJI&KzRsZ<$DSAp^G%ry&E?BmRSO#(oQk+}~vk
zB6Xgro&w5q56!NY@a@%NVbX7}zJ<k@<W*FxsuGycBQze9aqa!#sf`vHeHj56Xv4LF
zwvt=6u$apEU%lgSR#?OO8SYRW1+1>@6iocOd~e>?rwPB|&UFY$Fimh4Gv+?X$A)~F
zq1)7%p+KU<d-}!n>C<@puHTJ6Ws4j_b>});b_6}yvis3RD9IO}S+W6E@wP240qC#|
zzZn(VE79N2H2Y6>$1s&b)98&11(BFc&sG;`^j@$gIxeXZ4{Fz+=eYT>C%%9)eYfxz
zz4s+>2)*YnvS1{RVFA##O6&6{6pELj6k;J-eJyaY8ehdTe2-4VP$fT*merJ24a=*t
zPL3F=ye3n3%y!L4u29ihMzmh7y)T8|{CZ}yNsz~aRG~DZjZi^ePdvd9YH6KQ>!pmJ
zwDx9h0qdFrx00@G)YsS%fgg4-%pdQ_PxN9JUcWc+{9}W4pl#V$ZU1jVttx-aGYTNa
zvH;EPzqwb7*%<>IoLy~zDVWJWierC+*&HP~8E|G4-?B6H<u%}J6UMzNnsnnnD`YD%
zhpW8e2R8h*9~{)HargF~X#cot?VUb*Qe&_(P4EKI6|l8spby$ucUBmZLNms$y2E_R
z7b$xwnU30{AXh+H&Y5PFX<?1i$!hB|XS!kw+2j0H*TBjgt$OI7I7BlL+U$cNJ$k5a
z@tHQwvcQ33KHo{#_hzWmyeNIxk_-)V3y+7@zi~>Zubz#w-;_q)FLe}J<OxX9<)c~@
zp3jXcw)veW<l|~m7X&(dx#;P2Vp(DySe(m@s&dDnQ7&Sx%YFZVM|cmG%TZna^3c+w
zc|q0#fuvY0@+(eBwN`xfd$o*3thdC-w4s7(O0E1V;|yYEWuf@u)FB4(UC@vScoyWc
zdfoi%-{Rd7LLg}+@Lh-l??C@{9R2@=W&f%!33PgS{C}pvf-s13t(X?@db0sI@hGZb
zb@^goVlc3oU95FM#Gf>Br40LI>LNo>kb6alWBF9hZORi)jZa<#zFke6Z7w1PxcdB`
z@CK|vq5DaM*nTW~5`7Fye+}s`fm7=g`!VHjzcLsw1PyC^b2rip07@3NB*Teil3|h*
zA_|QQr$rk`RgQu~$3oWdGu@3o^P?>#->+Bw87Jiw9BafMRAulC-mQ7BkwYSWCSl_O
z)Fb3YGQ*d9-2Krk;+Q%o9e@#y_={eKef8<dV${5~u$@i|S-!4D{>H_-rL?oj3z6#Y
zFNSf3_%-vBx;~X8{c+D9O)Y&;fVJ_Z_upS0tG7E7$Qp#HKL4(U{TW-Iqxvl?%?8aG
zXO{;WMx``w?1rj_1xF;-`u&wx{xWu&^(wpOPACm2<7eFt$N1x*F*T?r+gZpfYtb%!
z$r*9znlRy(ar==Qt*m+ufHxl~K{vZx{gmx~uTi}xv&@x*e$n1tRPFS8O)QnLw}PJT
zp7~XoV<_K}GE1%&IwOt4tfHoJ(t+<}&iUc55$%9cX59lA%_4z^6?iP|8O=?MjTt@c
z0hWx;|CCBP{3(@W^su#I{C|WpL4>f~>DQb;LK#HbKO-44<=6NqBra19I4DD^5E8tt
z^OW3&!zZv>5hB%GuBCEbGRJN$hU%q5)z0RLfu;lfTasCtiz(^=m<sVo2U@+K17*xz
z(7-6>-|`6-;3*qd+5E7?(F?))N<zo<{`$AV-nBkT>njjent?h{w*TZoq?~O4b|(K6
z&pZEFuu-*E0md%A@xuIkX=?s*URAo80yH0ipwa+1Rw3MV!0kSV-new8OCo)LPe0?{
zQM8}?t6Z$RNRw+XQu>6+!&cYfMu)lm{mb;U0qDk1eFTFG{*hEZHf-1}Pxlag+>6?Y
z=~IparihXJv+^XX%OU&;E^uLDe8}jG&LMydr}_Xs7NOE=$hGP$K*qY`SHfHSuP(Gs
zlKu^8(U27OPoLH(l(_&qCUD@AtkEvQEI4ZU(neWhTw+?<Lzrq*Z{?eD2w@1>bC@}1
z>90}I^|n$PqF6OD))BOISWr4FB{^e+Kdt6ywa}L$38~L%*L$_Xc2f-+k}a-X)-hel
z!MA(4!&XJ^iTor)tIl49GJY6o((?Dm+cFk6qC#DGuA;jEHhXafCICF;oDcabT4#IW
z2z*gOp;IQk3EdvEr72>Xb3O>Tln!kzQzB(&B@Gg`l3<fxMr4dx(=q8SY*@&m>VG>g
z!bCXja&0oXhyS`6<o|i4-PZ41Mb@Sjmh}`n@imtSys$t#2gzKLIihye-Z+PqDVvJs
z+^+iCOGW4g8S&TxD_Hy}(wqhBm2uR}1@zXR9wIPO^~Xttuq{N21yNuYh23s*AP@C3
z@da~q%d^n4PG3oFwkD$RWy^+|Q0u^qfpv>tBc~F2<2S<$=}XaM=ODudr55Dox1NCF
zoc70_p||9my3pW?sEwOQWmujVXavq!w<TN76glOo44k0>jFNZ-(&>2ZD_>LwFWyK|
zlO0%*-5*_Lv$iFH<Y5t{Wi~swuF8jszuVpnbqf+Z^1j(I`NGdXfN5dHL=SHr^VK4=
z9ruepQy3i*^$BuX5(GHvmM}*U+`3lx8DGJP`G<j?&P6xne`P|wkt>m-S3_4R0dpbF
zIF38|2<g*1gs%sp((Y>uj%gmUIhFWLb`dJqC+|cqd=2NY87VLL^w@pY)}RVD{q^Y%
z8^u9{NpA~w84ucO0M>FAPn%HpOD%Jp1amul+-Og{q!FsZ6~Uq3-$?OQIPjM>;C+x1
z*p4Ff@4U&@-o(^~QN$j|hIqJ;{UbiBIsxpQ&46sFsnegLH+Abjy4W|DLD0jLnE0>6
z%3-7`<(stEp-`hWOF_#6sTNa_M#-aP&E_()P+lH)>h<2>-*EZ09geL|4&O_wb9q>W
zL$2zuv}oIsydPE%vwf$zM|(c_KJa_RUh@p0MV4G{rQ1~JvSI<hKfB|bMJ(%n2c))D
zXymZ8+-4iYZ(+PG+nNvMIwG#?xNOk4^YqP><bV2v@M*pf{YJwXA?<qIa6)>lHB7z~
zLE7JuO@K$;5U0C=UKtb5jYg6ERG3r5d(_Ehs+KclYMT`=%nsL0?3;e;h)hszM}lIl
z#DM;(@k$dYPQ!^BTsc6~mA~tU1M#9!P6NX9c(V;gi1k{EO$D^n&JE#=14>uXYP@BZ
zQ98iis^UPjooa}yau+5xkt$V%CFFPoA);zW{+76G2OM$4F^Kr)-AYM3N?eNT+&7FU
zvSh1LyWOMs+g8EPCXfs@heQAq+$n4tz8WqTJ>>WE)YeF$B8(z-6Nkur^M;?vI-&3e
zf?<3$n^Jk@k@H-Ig3FhvQ!Fm_U%tzDnSOIekdDuHr<HLK)g|2T41&kw?-L92O`w7c
z#<6#rj`LrDuLnp<=&BrrLwu{Xc10B&l@s7kYI)@z=u;&l(^F**k%0?i*Byo#=zWP$
zI9~H9HvP8ibUOrj{S~!4G`;!;F6D+tQI#>utoZy{jBBaLD-jv4n&sBElm(#GX`~4W
zfayk(p6P5W*@cg0B`C!k&u%SEx6d$&$mIpB1lc+6O#W`REBmo4Lw)92eggv>;hI6d
zti_B)H<yPa;Z2~jz}uhk&=ItCb1;`tVqUgjW*{|;zW}C`gM+G}gonvCVW^Ho<4>iC
zL|S%xFOG>As-bJk9i-fLD3_(MSOLG0lhDSr5sqQyt&i@B$EZH*Aa_javS5a<))r2l
zw0BIGj=7HFn$~<T7OH4+gjVJ1Npg3-W^6d<ex=uX^qce~N7btMK&lXHn1GN*YgaX<
z*hF$Zi{f&oIT?>4&1yz-S@u`~KHt0u+eu)EkNMn#ZPBZmD>l#5Vu7Mf(`iiK9lCU>
zJg>yjgmVGsnbU~%EUaNdggF>W>*8@+=Kv`X^tcs}Mt^>H_{qFYKk5<GD`|J)4KFTW
zd-XXgeM>rlm9D}NE;lB)nw#5N<}9gSN}Ej}$&QOFDXK`(DIPIV8ogOAjY^`D?ksn*
zoyLMG+oy&AlMOev>yxw|Mu5bWa@Kjt6*~TL%7@AkHL<@!V6Mou0+jDXUQ@VM|7L;x
zh-C`n9c;3iOIOH!csKLLeZqC6&|_CR{MBLIz_uDX9Z<~9*hl6!V*OZitOBptO6oh$
zjfnr8jIbY`FGs@iJ+>0y|LgV}*R4m6F?J4^0NS#`QU5gmvfr1aX!kdtpGgx`VfH>1
z_M`K>-SGP_G4-hyZ?Lglf*-nOnBWzUOgGR-ReKwF{CZ;dO7D<P&Q2%X!vQMR>5n7G
z55U!oXjit|mOQ@vf&|FakI*jH@Z4{%e0harm4T4k^2j2zkR%&wOlyT>O1Mz2{R%io
zRxj{24EGRq{pu<ERKZ`N4t)-P9zpJ+KWQ2{A<iqHdWU5x<n!vcsJ-cG%*frJ<$sPU
zeLO*v^*<Zn)803!lfAguePSoJuR{(hFOt81n0*oW>wQXCHt1y%*s`sQ0s_MHUjgU;
z;G~ZGyg17Hl3RhOy0D~3Yt!H^nhhn9g;c(4fS_bhAQ{FX7<Ho>!4TGuMB34a{Ngl&
zISG9aD%(KiDa)6IukWSJ4T*b?1v{+-gfbPI85da@IT@QhA5UlQAm&$H;VAuJBxq|h
zQ!~y6S{f#L%ud%EW4`PsOpS5Cd0e`NFeB(uU|(?DI)uq3<_{_&bG|7>l0by;poWs=
z$p~}0F_W>YOjVgRIIXI(t*TeK(pO;7JL~DF(YF~^m$&l*@M5(o61#(bQ&mJ3PUu7e
zYBJP?nry=KIGanuDTb)sWR8Y-fXkXreg`S3(&^~sTrJ|RI6>btiE`0mZ_@$@?^$82
zrI(niz9KkcH`1lSx1ZX~jj9c*<eEqi3U$)%@WFm%>SbzVWe>9x*(}X8=R#9p+b651
zf+8mvMh)x2&rJGe84VM>hkJ3RI9$g@nq~!;(^_{^B?-$l%(MoP7_!``JE}}D$wn~_
zF$@hB%ZgyLnzrQ1{{0A7!f_!|5gH940#Zb4b}`*}*u%*(vYJoX*d%7xVrn40VTjBK
zW`LJlf~v6Dc`GYpTIUzkS2=R5r>SqrMEe*b3uUo8hVu?$SN!}a4&wb({3b``QbIxF
z%0(EHwKWxu%iiU-*U}Uzn!ivE$$UcM%4{OZr7xX9oj@~VR7i#$^m`%C5y$~nhdQ3O
z?EpI*wOq%FVRGGm(|VfkiE1K3OPunst$X&T_<O@5{Nw;Ujj|PW3?02%m$0p2`u(6~
zGTjkGII~y~>2{;pW}sSGPIVd|4-?+g(@SPXEIozkYt}+;eY?2j08tP3I3Kg;xw2RP
zr?y338DXd!6DT#Cwc1ZZKgxNhGgD8@q708FEVxA+rLm~>%WO4_KMK_uQA|vN2o5I|
zSQl260b)(RJhg8OGquDFiij@l{S#+DY*;sTf(~@$^$W#$=A@(YGV?O0_=&K6@!hV%
z)aFZnWxA~{t)aOtb{Z`!&UiM;&L{t1p9d$yp5gf}ds0$dZF$h1dB+(h(uD0BI3g7D
ziyp2<O~d>10w`0qKdoPwADqfg1PdNUbcy!}5!%kdB+W$>C7x1grH8g^2v9boJq}8e
zQ+<vT;bHWZZ$M!V?=18YDMg2^A&OP)3*tbRM^smtShqafIK}eub2uA$;m?^<*&S0W
zLU%HcV-wa~FH)Z2@YN2fNZbY!(?#l-2c%JK?$M-RCo}aXY8B7r!fvu+#NhU{>Xl~c
zZ+v$dF+yM9gk4fF9Rjv*EHL)I^LKeav12rjo^O!69a}h!xLmi|w~M#ie~~!q$}%}d
zlAR`heg;LwesH-a*SuyA;bEM8A~0fkCEy#~>i#zK0S2v4)O;I)cV~^Tc^re>BYGWY
z4lyHP_Nmwarv-M8>C2I4ILJeS5VR$`_=$vtFUp9;9Y)M~yr=-`XHxgnD{24=`}yAI
zE`dUSWZ{oQ9CVAE&l1NG(^sMPr($z1!SMusvFM|OdNo{4NAiS}J$smNpJ|cP<2)*X
zOh6DO;c5K~q6@iyUqla)Xf6?&pEP<d=h^vQI6S3ikeXXFF~+CEXDx(BkNUXf;j3oZ
z8wYu{-Nq*_gbKwI-l)WSu2;D4A|Be%jwNFa7DEkGOBOBMted62wOK!f)3-JmR({ZC
zBN~?xYajM9+7Yn+lF|S!sg>p5bA)d@;wF46k7J<tDxps#R;F}u`b48z7eu43DE2eI
zt@Pn4uO43?r2P#<7hzXHc7fEOJW{Bz3*ieKXa}<vGAnK?KGZ}WZ<bBCZf0_|ZIbzX
zH@TP(uAx->R^qCl4Bd)QY7stNo0xQlE#2<objGLTpk6b)-c*>=dk(`+SBF|x8;DkR
zm5ZfK!IrU<wF>p~GKE{+ylWBO>lBI2g<U&QkGOL80TS{KIHUO(Bp<b7FYt4?s<%i5
zKk*ONG{ATeUvj%aM{V2{VizeJPnf+P9Dn3q$JN{47b{gv$x;20YDWVP`+pW1{&lhq
z#{7?DTdW``jJ}r~e@2-p&{6j1erq<E=!AG52tw#gL|BV=@!^|iH;4@?%xQ*->VX8-
zVMWSsE8o$@Ld@=;7W5AV=2Fe~=gHvVwH8HiEpy~sg!uD1z3H{D?pc8-zrOk~TJhN1
zLPj(7G4>-2DD?a_%JrxpvCRP=feOeUG5otnu>p8_GOF0SIvM||i!@c}1L`7CeAlgv
zb#w-!dgApr3Js;>f>5YdvOBA?h;z`~Ogmr~6>fH*AC>mV+E&{pI!CfR?fv|Ex<Ppj
zGYpI3>zCCmtN1+!o+a~5WiI+!bd_hCo?d5owjpF-88GaSO4$3`rR}$oObYw^XQ}xm
z;3(?d;aZMqF4W|HY9IPUXY{*_q_Eb(7CE?6Xkv>sqb^44J_!$>m#N}>uh58SVfcLW
zQL_3gJMoP85PjK*g|OH6dluCXZWs1MLI!5kY!?`fpzrB-H@y>%n-4>TfBkoMm;m1$
zfUMf}e?mq4<KK~TF|`FACxDCnpZQXX>a+@m1jf6UKNAx|B&|$PM7ua*Lj{w#5gWs*
ziCB0Ae7a!mWwKdGLnE$PvzZz7Wv0$M_{C?wK^j=G$~o`%QdRxw)Bb+#lu3YByFt%`
z@3!|_`^WoXjXQ|leqAia93Bf)J&qxc?{G`ofm02D-kulTZIFqHmJe4AXU@z~Zh&ZD
zb)^hbYPlQ=bh~PtX)d3bF9d*tCytQaZy9EJtb;hxT=nUj3@t`qbE6pRWlJ$B7>Q@M
z^&&}~m_aY8fZ-2m?XaQ(zrnoTak$6mK!Pb21dcaF@wo>aO*z}2h|&9`Xn4<6y;umv
z&;IB&gWaY%dz1*-1C$7B6v%0V@)+jNE;xsdLIYypkh(@(uDYneEsE1(r`q_#rn<8Z
zi@k?%Bd2LOLfF8`&pY=e4jAE<dEsaS;Swx~^@E<jCiX@nsXUhvWdWIJhp{TIdSS2)
z<F-@odS3*=s3=!Am@Xmh5`Tsfy?Hh)L7ja$s}EzurHGpl@B~z>-Udr@jZZe`K7Epw
zkb}Cy6alnpXL)r#<`E5mF+v3KsB|BmV--m}`|mc-FbDILcXg{5=_S)D5p{`cv8!b`
z@hbZ*poq}c?_QN+Dpp-nN;7q|Yga4gEk0Pflax%n;}^AxOYj}?knOnWc^Q>8H4z7?
zb?+vUYdqMVS6>O1yRN54aFE|!#_)5scYJe+A^f^->qcb%rcfzg!1<!U2CK9hTPeEn
z?wY{K^W<@rgTpE?!{A~%Ng}3<3}rOFP4V#i^!KLzh;&WamiNx5O|Jq=A)0sA%?!B;
zBHaR=EU*E+qGJVn#7XmGKABzo=Obn=U5%qcjo@Fn^`=+!RXv4^_Ksu@b&bgCUhuZQ
zgd*NEGRJ(;snutI%3Df)zw1ohxzafgByhG^)CsED1B=uV2qitDdhbTo++G0EL!d|M
zk92|N7Kc_1?&L?l$)mS?CD<1}d4yIKFYq^zZ*$i7P=$;Mlbr>lE1>+w9)UL6RkwpI
zqYeSq)VxZG218{uL)_274$dxj@PphUh00cBkG91(BXrW+!8pVz_{7$T$m@_Vfsx-k
zubD5tSbAkXWmvg_(1r>ijkBTf$hn~&c!yux7LdJ3m{g27Mw$gWB*(pDv7WT)ytKZ(
zL)_mn*mObb*c*ReJBreb{22cL`>O{(|00U}1FEBd=iicv|M1{{fz**aNd1Bckl&uF
zfUIZ>5rZ?hHk`a60Xnznszo5C0~;Jt?;iy|S<Xz)E<yzma<Kf%AFjn?%T!a8GOLTv
z7!4Y!ttl@t-m`@ZK%_?b1F6ZzTU^=gA7YNV4P`ao{fBB%esy?AS>gW^sge5;f))Oj
zkCX@l7bgK}QTspU6aPD;b^tg5Y)yeU<jnZL2NM4I%RkeUsw5c|bRm=xZ^<7N<6)O@
zjF709!ird!2B8IlfnsWk<po!c_#7fQvTpn55Lf7)S0HNIs+K7d$bMAgxvP-<X3mM@
zyj~xhZ|k||0{;H5U;)q$249iFEm1i0(9s~g?vMD{D;BEL8CxFG$zjMoJ7-0agVk-w
zN(GYznx3bp)SG5NBOR2CZ1~#MwV#~cusBbCakY$r{pDpA=xtOuVbkZ%wbdfubCf4U
z7b=qm3RMK_QkaukmZ!t8z6%ZU3};Rzw(HbUPj!b2?p36JlTNjiL2l~{bvpnO_!xV#
z0CW428?>C>2JjAA6K+GoV<I!nLHt=JJsu8P$fBt+RP0tLt;fJ`oUZnL0>%Vx!;BHH
z$@W)w!MYkn0zs6z3{}!YFAjFc25GJK<3%Rjo<ZBGaj>W6ZPUg?sOV`GQynhN8OX35
zHN*QBC4<|*8fTmO@lgD+r1~u(s)67y{w~W$OT8}Bdx*OYYcxseE=JF+C`DZaBQ$RP
zaWmrhMA%^G#P&+jiq1;$J-$E}CB>5giYjQngoM4rNxqaA8e`b?&#c+#zs0`qYTM+D
zbM4#i{xV@}jpW-1G~S4yl}F9}^3$dC6Q%H(NFRUssU?xqlw(&2C%QYy+s%kzZ1O2f
zHLR)Z08VunV}N68kT)C!aHu@6?f_2aA9R0?qx{u_Lhc<`mvUEIrrbV{Fibf{w1~vv
zlO4pAf)ag_<<sg#-r@9ytLbMId6vOEMtI>LN%?*my{cqV?&&5hi6&n%i#kG0;BrdV
z<8L9zxYHwujuDe4#1ntceioWr7d9%G_rXV7#bdddluWcqHz7{^sm><V9Qu>^3!jw;
z3r73|H5jf9Ig!*j{}ZD2EBv6b!7Pe3iPxNHGE)EKi}TE#?DKXQk5FeZ2m|qMSe&rU
z_)-1bU@DiXOle?3-MP5iltZhub%L6<V!8L<_cYh%1e1;dT}A`wG9v$_%lz5)3#=;q
z#a)V%^!|{6giX)P*{0DSRQOOwmMTWpmp)=bK#&d>QPr)8UWA<~LalFp;SqZk+wuU7
z2optT?7Eb|otD+0T0bb~WNk3te#kbT&V9Oh7-0nQfI*f$3Q7lcgl{Jn%CrCWS+PTU
zGxE*L{2O<o;2x}dn=UcR_+%=AB%0>0Ts>-@Sl=ThyBApkhp&sF?!Du(E3PyaF;Wyh
z9lgF!VcfY?FFN0q&=JCm9ggdIgV+M~qvu&tTx4qX{3H$Y9K@B9gE~^ki>EbbzTbvT
zo77DaVB*&rqJ+T=x`%3zGOf5s>l@$8ET=7`tbMWR3r}?A)E%v$VKM7#m0nUoU9eRx
z+qq^f@%)v78z>vtajI6>JTS<yS;i9jle<w{IKvAm$gyq27px*Q_PH*^fNW(1>ZWeh
zx@|SK;Z7rc1EI+U=BAk)Q{V(W%^P6Lyv%TxJtkUibTa~2R@<DX1UIlf`bc|=^E^jJ
zlce!gsn3a0bcsz94QsLDf+<q1+sQ5pO0h^uyL;@RjAxMk?XyyJX9&e2{aWA}R<CqM
zyPIwt>MY!F#2zxh(K^QZ8J44lrH?&(nW3|Kvvn_~PbIA#)@$T=`9-oe?!*HxynVV=
zzn>D{z2Nl;ooGbc4R<*NsRRI~Q9&I*>wx)yA!{^S;;EblCHW4qzX@9udnv2^imUs5
z$4jTo-tcp%bc|Rsi37MD)GsyF3L|m9bDs1k){e3P^tB>o1Wr>SIM@1HO7!$tGN4Py
ziX~2nCfznC$QD}u0!!=;AcJl|C3^!Twn--P4wFhguS?pn(d!Bph>NIoV@f3=Ceeu}
zZp2cIHYe~3&+o%aii0J3%H<_iL6cdsQ}*<Q`v-cQ(n1;0i;mNa9usW}-+aF1ReR@g
z;QY~o)=Q4DapV|oi%5S$Zxf-?9Ma81v)uJ#6c^F`*wZ8ptLgXq-=a%vPg^}WEC>h|
zE(i$Mf8i>B_m3*g7jIPwTtCW|Bsxk#VVJgf5OTqKK@A35>fKxplq^MQBEc)SdhbMn
z`qhSPXATrE>^1EstHref_2S5;QcM~-R1AAe+peYcns-9}t*s0`n|r4@yP#?C?d+V4
zi#LXwNgh_uLjjE%@K$(#<a~%?yfK&LLSe&qX5)?U!I(jZpYMIfW((-0D@NpW_F00K
z-XnsTG)l$9MaD=jfp@8&aAU;^6Ox(%V!HFVEd^$Cbt6^j$D)a0#?cwMz-2GK847{*
zj`O$}nwwdLyk;X49w7#!bqV3wyW&t(>qxR>lk%2s)v=!Gj7(`<;uDwAzOmdUIT)p9
zIZo}{&Xt3;nFbZcf!PMXGjm_N6eakuW?$ot<6!9|tv#30agU{1a}zF;wF_e@xT|<m
zE-PD4wJHn6z(R2_Uc%_+6E<aB=u$Rs2<GKt$oa<Q32G%KLkK$LMx3}g%vYGv%360d
zw?xC=CT^uO)l*eM;!a%%j0={Xx=_^f*g}v(*ejRnpsXRkM9QNSN;CC<xt@IrT`fIO
zmT>U_If1~6!7VgP%L&KZA|A)zO@qrBudnY?WCgK7;xH@><8j%D=xD`Lsr$i{ZbyoR
zu9=RQT3s|13vCK_o?5m#v2%2Mdv%sOrehAHQ>!+>@oC)@BFecj`5^ek`$A5%?4njz
z?oJIp@CU)Ea9WtR%SM!)IF4$S-Jqm)f;YnS#^EwObC`|!gdvmnI(T`JWD7WU0Yrj!
zva}L~SQ`drxN3odU?sw?-|75iK<wMm^lG#v2*VBYx-`t`4|)6L@ZH<25fy}u(}~{~
zyKbyd`)0M2ct~T3I4CO^wU=Tk!Z2SQMF)bv#O{fJ(MFEJH}KdEs!-4}Y-~9;9^r9C
z#~nSEZeXS4=C}!#jL$Grozw=wGVR%69uB#r;}~i5;5MPt4XcUa;|3P*rpGE-n(Ng4
zq=4_aprAHI)w`=bzBAz>4PlO$T0Eh{@@P3eGe?lOfm16Wb0tVaT0-ez{E8srkg(7@
zw)qA9a9(`FhL&O2H9KBixN&aUUy7BcgVH6tUqlzujW8L5n$ugNmm?vGaQ3P+yVB8#
z(^BJ}uX-Ogf+x+lqv80f(d8|=cPgWmKV_TXLBUuTF7!DZBhLB4#c_9Zxl6r&BMT3o
zEeG7m`v>@7EZ!ApJF)*uj_FqT5c|do&kbpHl9Y_uVqeaass^3(0j%<Ez!&<Mdt8FF
z1~v`y$tUYI^g*8%H1U=%uIx{vR%k2e9vc&IJ-VoH(`vBY0uO9hrD<JmW3)J>Dd4`I
zX%SA-{6|cFwlfaEx4Zki!PCR}P+55JyfFqifBS7Yp4Cyzv|_tZbN&#0WbrNGb`gur
zcDd;>LnOU_@8k2c33<U)a^>#TeE}<`tbBvqU93(M?GDz3H^|52(p6Q9i7F9$Lo_zi
zZ=1I*zbG?E3bS9HMEO%oFV!Ex$G67`W_?W;o|Y5eh0Zr`SBJXzZLrXKd8I(OdFUUW
zPq%eOf4#YlMPzQKZWP{>_;lz^ku#sx+s4rW$h0m=-6nE00%?g~VKmrvlhP^)lTb<w
zs|LBwUfANhBi-?prrnNuqgE@A6l8<XnbGQ6kDKq-?k#9=9fY#vm5K`-o@WE#y@*BA
zP~#qSa#yt?POg6qZ`fg`JmN+qPSZR+!F%daw2WW0w5tDJCG+1vnfb0STYtzYt9HIG
zci%k_CA)<#?e-C?09&VrQbd`+lvCZh+g?(!8#iIfOx}yGD_*@j-I;-vqJrp;Y2kZO
zhQPsxJN}qTy*nT+-5vU*Mza0ATyLkv$G*II)L!THz1Xiqw<*S_{PIff3Bf<du*a~2
z<CQ{GvlCP<(u&%us5GfSDAJ5tyI9jrs?RskiM*T&``UAMu*Pg+$f$ij2&z$;q0g4B
zJ95fDvf;Lo*avUAzN+8+QfoV+n1&6?9Wg~>OLSe#4?ff&-vvv_4{7?Tp~bm5yCzga
z#+}hD8@BA6L%c;8w^Bjj263#0dki*kdLLfM5E0Vw69l{h_)^g;+M^MZrXJ|Z*)=E!
zqGlKJJ#RM#gt`hyb0ARO59%EVPv55<)Rzh0%Yk}&{s8LD432fzmr1T^U80XyA89rw
zh`x-nA`QN7VZ#&U2K~D>$+VSr+|YR#_}N*N_1)OTE=y(T^SS7N?dGW%wDV%TJlKIy
z#TML<2;X{;>eZ-aK%|iEE*s~%KWDEr?5h5)gWio`i*}~bHcYm6N6v+jJ6O_nTHO}t
z#jWcMnWKUGGPyfm+7U>>t=w`C=T<(usa1&hZXsgkqOfGq5Vuw-?o}^d{+3|He%)7@
zpzdF!7PH~*Y~pHrkx9GajR_5sk;;;i%7hMnO1jP4OTIcyzZN%{?Suo(91ChUBGTGx
zV80tKt;3ZQFT1uiq@lJ(bH$<Gzl;H|M*@z>>}v3!LBn^C7@K1}?W6jNpT%x7<Iq}M
zTvw;WykzG8rXTOmWzrD~O4kt>J4cW3HglI&7b17_%)i=YhDMk>I5Jh>GdaX6+<Cq2
z-x*tqP^KEXFxCX|?E(+J6^hx8D@l}D)GsnICAN$y)#;q1{hH-P=7*B)BSm*{q*V^#
z8n+s2@rQ7V#S>+P_zrLP8Bg0dW4)rs9a&f~hjx(Ax|S=}7#W=?zmM4Bs;AG$$ok3t
zqI75Lpt1Gg(uHmcR$A-lH+fUQvRSQl1d#Xj?Hh6PIjtRZA){DN-srVa7~7n<2ehTF
z@{7+guFRu1dPZ^(lB^3%Oz;J{@ur#zWY-avyj?us_h6fR?03IW`o1VU-G943^C$W7
zZn-8P@}e;JuG09yb|%1D^>#t~QnL%){TBX=m^@y^1DV6`kUMFVbd8WjV4i_Nqj5+p
zfL-dttk_0j@bn~jAd&G?_@LeApdoPVJ6H<-b&3I;>Ssik4sL@dASGNZc(CMia1%II
z1MU1!AH;V@lfoc7usQB~?gu7-aA~5|O<4o!p&U7GwS=E;(vd4Rl7;41@KYh>wJotn
z^;$#vU3;`8<(1yArr8jd5#7J{n;Tmq{zp(x{+0h<2?&O&G|B)Vxhf2#5k>!ti`5@#
z`~S2c{jW=w^7tR^=zQ}UHnO(1z8$lAI(>9{R5WlwiiC#Lt=SaD*>e=GELDE$ki~ib
zpkC$Z)Ehh6xgYwtA2vKY{X08BSNhr`AQGXJvF3g-VQ6<wpK(0!y%emX#hU#%l`{D4
z8)nir$HX*H%Lu;i{At7wrnONd|9K8o5A(K|HhJ?P(me!=rqP;Z!Ccrm&D!s2lLJ7M
zL7v`ZNIYVgIJJB&4mYG&8KcoUC;hy|Ao82b0aB!!!q;)@ge|oE#!N@_w0HLmN`s|b
zVlufqg?Ip9+s-$-thiTADcl}f=w$lr$gOZRPiU@}mya&b<IZ?@rl8;Tns$$TlCB}7
zz`Z9bp4QBt(fkS5I7y#Yh%gLwE=ei1AlnaNmq3j}Oq^NoQxKnWqF^o)I;Xi3QDZku
zx<rBz7CBw?ApVtw;V;bLJCs!+8@8oG80@;+k>9YtcGA==gD?kJ)W!F}jU>#(T~Bb$
zT<JLX?^z<$_fTaF8fU|)8us{b)Qu<CDF6C~qd#wj{KryqhyOpH{8#$BzY<LWw(+f?
z^pKQHu@MBq98Ud_4N49mNTEapfO1?*{fiOwUZlX<CX8`mvMqF-(}jkJ=G=PB-*u*k
z75Be4H4gfVtE;%bgOJeCOc7Yyjd^gX(fIyR7Wm*85KbqYpA>sgKY_ym1QCYdhUNPG
zO;f725U`8@Or3Lq(xHDV8~VQ<O2X9TpPBRDZMHa3$sP^JGkw4}LN5m^^U|tSD97Zd
zd&KeQEe#fxz%J5+iEgKM&~L&KFu>pAKkbRgvB|Mr)d6{?{SBukh$%{^(bMyd34cEx
zo}Q1_N5~!2^HoV=TjG5~*l~m*WBy<IX%9SG758<Q>;u=vt7*^FBJJ&)_3@^q<1;4^
z-4{6_x?Upr!*kf+n6air$(%cp4<T4qM_nk-F_$8k1g|%%weeF4T8=wJ(}pU_2IC^s
z7$RkkT0Lbcr|!R%PRoOhFm#9zKRZk!CvzoJB4iu_h;Y>L>lyW9y=?QhuH7_5h4ZI7
z=&Ma!VsmhP$-W{e;K5%m<I<7y#}3A8H>hmtE7ESGdfAtQGEh%71u(oz{VqIiU0!^u
z71LS@H}x;+J1D&jb>>v%t7i0T>k@TOrJdc=!%YwLRM4=oI`>~W41UBsHRDq5UP+nF
z&knd|YR9FyJ*Uo`#qedLGSgtIfW$(iU1k5`*~p@uW@T<@Ag38|TJKoB1E*z<27;|&
zISKf*y!Vr*1S0+o_GA;+>3gHO%9Cfksm(;nGt`SqNphBA<n9-{!BL)H6ru*+m!I6u
zST;G%S;%d1BJQL#=}^xI2KpRW6N;E*>N6zkGh~(1Ny`-Hmi#5{hR9mVoYCvL(g$O_
zoaCJ#T##sQa5HYPufKoqJy!^9tFsysERmij$)FE*dSLvk|HLBGKz#<9T0PLzWd0pO
z8rxU`2e&Xvn^^zRmahP?6#2&&WPg4k>}qKP9HdOf{3p4o@(;F#PsAGA3bJyKlEf%s
z30ea^W)?5TPLT<oH<^usU(S5Q&2W>PwL$Jp<JrWhKmfS0D~ow6Cl#k0Hf9%KcK*Qk
zFfs99V9*Wf5$=VnLghiF?f^#~_Qbb!=r@s6-7~+M)X$QfTPnKx9U;`K@C=X%7=py5
zW~n-bHjuP^<3v8^hm%yiNZwKRqGGMAShx@uehf~gja>F6{~0L%LX)_LU6&YfXCU!{
zzx4Uk0h3F_*2E*BEWO|AfmanL^*R+?AYqA<!fn&d)$9~Y!9&9;%qU(w5x}4tu`#vf
zUbJ<PlTNqDgvo2?T;=3zLbsO7f>6_sF0@j_P(V5KK64Q;8oulJX6wPLHhGDBNME5g
zXUnlRcrS?3zZgL?Lynu45%;3eB;rDk7iYmOs&OX$qC3-CWQ&(1CHJ=UI|h~~RmZX<
z)ThjeAA6V^I3+soL{mXD8&9~7+?FwhSJxayKHwJ4&M@?M#o%tTP^Kn#-g3L9eTc-i
zbOmN?XNZ@V4qitB-U%RO_x*ziP-;UFu^==NlQ6h?s$`)#jNnTXHh()1*?44};1)*q
zO+Hn}&L8SUv>(IFl978Kd16){7s~Ln`Eij>f1A=Zt9IxHNABZ1IRkP|;h^r9ILJfu
z)_^Fa*<$0Uy8gi-hW)We&Cr@l{#Z=9H{(i@>h@AGUFS74_ReEE_KkuD={dAf>jjfx
z&|dq$n&Ff6_Rb#@0^@;!`rqoO|1?A3<bZ$L-#^VQM;X{ZE`(AU%el3}?1=*t;;x9~
zR%F6J6cQcZ3kG0fCZR$bxoS_5t>0pAXc+$Jo$jSZlk@>03_WsG$I>N9<da=aZm;n2
zdRe}>5CG-vf1~-O2#31B6vqNMkc?}Jbal$}dLxY`$bTIq8|EWV#+!UYfe&exTI?f=
zTp(K%H?<j|*h`QbG3!+qtJ@tcTMpjWn2PaQYy3WFCd4}}M`x)PvgMvo`zB!3WuBvg
zD?B3)EvtE+8RC8e_;v=p85dgSJ})`)vWDl+_@nnzW^`Wrp_3(QIjlc}7dfvT+cagZ
zR&u1`5A;|k%C1h!Y<iYCb>!8$$%PJF8}^QQf0C3OljIIQb1h`wU`7h%6WL4?;%ZcF
zbE_M=RnDhefrIR}jG)r9;<lK_;wurI%r4^*Z*(ko@)!CSK-4OI{{XyPu;K|B?7CZJ
zL$ug2!)~8gs+9JtdydHjBpk<%`<g#FgkJ@5vy%#%)ZXh7>`_(#w{BtsFZpsUnfVzT
z=(uKrW*^OOv8yg&r(Nj&ILcBVOj-X$e^{6_N3lz_Hb}JP!T09{(@&gm=M;AE<?z^h
zu@=?vDnsIJ*MIA!S~^dY_X46(4DfLLhp6-~N=N_G95(%`^+%C^XRZzy(a{Og2HFi*
z6JW6#l$bz7h%sg_-D++-1*WkB_&P<5GlXe{<0iy8=@&&`5-XatB?~O^O3mAxW~z#1
z?j4XSVrf-=VjOv#t3t(<4Lon3iSO0&9(bejX)Yi#^&#{SVBz?`L;lsc^-Sm|3xLM$
z3dGodJNxAC#!dDos{RkA$|>LjJ9K`L%JgdlfYHBkIp%#`+EY}+R3nEeh`@_XwvFXW
zk7;6O;aJ(4*<KRy7xY(MtZM>;Z53=!Gw;dpwKp@rpWZg;0qq>AKu|%rNIp0yrFvAL
z#dw&DQ6px|{#23R(m5lY*{g8xo#V2`Uz%JZ7={~mpMe8k9ZLN)dYnNAHt?DPCx8@^
zCh{GZ|Ke69G9eHd`mJmEO(Nrr*{3WeQR{Oy%K?N{Mcr5|dzjUG$y9Mw>Fxd+2}&O_
zEoD%>nQ~HKXJt_jvsU!ac-4EEF*D7m2hxhBF1#NJPO9<dkF_@*>j$MPtom3fNuFEg
zno^tU{3|!W27fW6&GuCqs>!&aAqZa%XEi+3A2EF!iEke6R_+-J=;<x?55t#lxoS_}
z##z1b;t)EJKcRK4kJ$nTsTZ;NRu-T9Sl9eKu%V%yQhi4};2g$@jApKRG|S%+i?t<_
z>7cH$VQ82x?xTG>JyifoHi0&kpHZu}?=#70$h@l@Gj5SI1y?2uNIAFmNPKj)LE(&<
z#PEzXhi$nec_#L<-!(0K`dg=#>;ngHH4F#{6y|@>>G<cX|9g1-=bLZR^z^`&!2F1z
z^QJdN=aHXVu>9Q`F)!()n=r_23)Z~1AaB}ng(*vAN*_}kbD(F6OsE^`ge^U;M-(dD
z1_vsw!{Y{r$Z1P`(0%dJ{qenXHN|8!HMHAj=qWoR$MYt3+xun<U*P>)R2&FbxWCLL
zlMQ#FEHxlTXV-3A8W~xXw7ujiz4&(~p}wkgX(DlcX1>_sK!gV!R_-h&yN#2vbj(#_
zzCxL!U5GJtinV%cPa);r1Wx&ynp{&Xiz-AADgR@gco3a2{StFy>cEMpkMPk#O{rGu
zT)NRUfOJR^+x1qSTAPH|0=GQX0-eOlv=aN(m*eVGa)!9BU1(U`#z@orvVnuMir6*r
zgyU-c$f@p#$7g~A1K_%jXEU6F_S@8^PYuEP6WY46%C0`SoY~Ort<49Qh%u3N?IM=$
zJ-w&_eIe+2xXc6xy>ERMtx4XfqDsg;9`1TwaNjqwiUtb%h+hO`sh=3zylwqX2b<8`
zMq!A4)V7e7SPm&tw2Ac(aQ-SmNJ%~4@w7E0&+AK(@nbV?3Bkf$CY~TVbix08ggS$x
zTgNqUzu0CP9x?y<G^JKSoc5k|p{CKP*A;6w|LRy?M=k*ufd{;gB;3Rzi^b&UKrk2C
zZf!KFg>maI|J*#PCd3qgL7w8IQz)Oxuo6IG=uS^$(Sw7UPxiBgqp;$s`&jr6j!?1-
zNkIO07*TQ|TI%=K=#yDF?7^|H`(44h6^5_h2q_(cLrSCdZ<#9%;1=HNSd(!lCd8Bx
zx4v8Zx><QXwwgfhCTW!y4muY`C*cs0CF6urT6)nbhABU}TW>67zha!LQfp=07lHSi
zA&lY-!vr!_<LgP&wPAd%_zWKlbDK+Qj4@q2&O}kftgA;e4D;=9mjZS=&5>2Vx3&VO
zID-PVvrHv!+KpD5_h6%`>DePLwVD2!UV{QxxFTH3Gu<SXn1YxgI9Pc)rQ!ers%Dg(
zMTi>IN~cX(rc5H7GGCgD)EKPn^-FzFGDEN>b*ioSEtmV4P#jm~=!_8TB9Ax;H8yl4
zL^MP@4Su%in4Ra56p_xlv>7iy>0T6pU1WK3T^DT!6(BO-?J4wTpU%u=VlOm#LsGtz
zH05`86PM>SK1}ZU?e36AL`d3LD<tFi0j4r(swzTKG+`qQ&rrC;hJ6Cy>(|(A9}DV)
zLsawd9~~Tam}>W!2<u?qc{IKw#4ZHxs<G(DEHl~Us#0(bImy<^m#Hg@vPWPGyF+@7
zO&n6_Q<7~D*OqC{eNMQ9YL}3~=PScdpejQm6~dMrAGwKn%KbgP-kOw892Y2_GEzH_
z6?bUy>cP52vRlQn71n~?YDz`jxwD`!K;*f4(Qo0Xu?~^dVbZDMLd(xiE3xuu2iWIs
z=L+msd2VD$-7_g6yy){L-yq%h^$<uoBrlhgW`><zgJ>a%EU~tdmAX@U)2$Xknnm6T
zM&l>jA9#dmljKALu(EG?Q4lPm!`cyO7^T`NcD{t?cQk6>>G>^KqVd!08*?eNP!&^(
z;x`6`b0GsS<>y&KU(Oj%S=Yv?zeq$#bXH!gRu0lx+o;<c1SOYu*-4j1l;d4AP>!@R
zlM(FUh;zkJh0%1gM(NX*CDI~^GJf|aE3Bq6`I0ro(tT!G-z@7PV@z^|`?*03-&G{9
zu~^Kz{gj<?BF&^rVE*k()mnQ$$5#*q2F!3>g~r0@F<ChLRr#}WG_kMwYd<hUs)}jg
zgTGEI@{a{Gq)~@_I_`XLx^qG);HU|Cy)Sr-kf}?p_qGXoJq?Kok!ZlJQIt?-=A^`|
zSf?i0OpEtdY>B}UsE*8AZ{!uOLGQ#_x<%FP($$4h>0ibrNkc!E%Lt9mBJ)YgKe04i
zX#DB~_+G73VoG(aZ%2ODs-+To@pz@@qtO3g`U)aIM}=F?QLJ$3pqfDtMe8DrJN>Jd
zJ?Y6n;pcY$1hGcIdVIQ^lHRx4`3n8X6zHK(J)LqICdUnZDIKWfDR`>%Tk27SQ7oPH
z#nf|DaSM+#N>ShFd1{|43`0OZLJ4~YYsg-;*}!`M7TWnyGH3VDZS~H}AA~;<o{r}f
zf(`=I_T3j0a~j*2*SV?{E7|2$6y}fIVq=)g(PK^}NejCxCFWaqlTBySq}puA4_nsJ
z-ep~zI>pn#>UOL*uRCtsz1&knGei8b*m#B{kB|4!=HWG8BOpurv6L1p)hXY3_o7c&
z_r-0ThR;@ZqY+ocKkbZIp7&8I3KfPZ%)R<$Zb}$q#_$MZE23KE1~WE#BeCbFaxaAb
z?t*VMLederOL4Y%#Yj*SeBBmA2=FbEr1e=*FhVv2=ZkFKLxJUshPHSp9mhi6Bks+B
zWzS$mkMzpUP;BbYfF<vmk}cJX;LaS!eTGtA&tf*rU1BioQ~Smzo(aQ!m?eVT#~D`w
z8RCU~8NC_BwbMtkRwm6C)og_|s|1?4KwmH(%%5p%i>oI%T^4l&jf&(oQy;E^Ako>l
zOhqTahkPJu>U%&^YONh7anbkXN~orGdhhfNd4OQ@ln=q%#nSxqJo1hh_T_by2f5_p
zvOY=Z7F(QqIC=-;j$Rr;%skiEW%J>6*8NYn$y|q(9s6e)S4j2xJAPoUNcAjV6r<$(
z8G^(KL{Ri#3bVS8aOFSbNu+D$`J<C;&6xu%5q8zHN#qM#vvLa__9#XqHbZiwc}8EO
zLd<cJOvb*C5(W*JU&2UzBF|0xQ7-*OBY1ij7^|laJH0*|^kR>aYT38l8jw6Q&P%iM
zDkOlZp}nHHNn4}>H*0>5(0B5HBlg%pWP&y5Gj{2fp_5hJcYHRL_u=3s7MwWgylM3Y
zec%s&fxwsmEgD<3EpRq)4cdqGnbf-5k@5lGb}HBowoj50=vTN@dCflZkJ_Gp)-U)X
z*>a4m#t%joA)rk35i#5|^N{2+@*e56xAXpr_|e;=_+jwZ3$PnPRA?ds2#6x_e=sKU
z|8WcY8_DqJrAQ0bhd>SYqenN%hEifaxVh-8QSR8RWs;-#K)S5aa;;HrZcR=_SS;gI
zo@0JuDkNjI5moU75^fLHDFT|vLlK_Cb{;Mqnx-JHw3JE{5_1rJNauBH;?#t5m0l+L
z=`E3a%l&=Zy=!#fgWFFapkXx=BvO$sPgIn849DtzOvFhv=}y$d`$C`Gj5WDR&2>?K
zM3KPeh(UsTU@kV<RHiG^gu0onXlyPlxqJw-!SS2bgMB=`X<8X1J`GAQ8)!kev?_CB
zsW=&G+z`nNqE?J%BzMtpvd}z^as(^dysB6Wsm?yQZ8Kl1p1Mvp_T3h|0%-8eNu+tH
zEg>trRaSYf1%m|QKsJ0!%{Gac-qReCLLggX*t!a>5fo<$i5OI+LVTEVtAI5)7os!7
z1ST``_aqOA_9}{$AH&Ji>*e|AS+m$`Mq!^@aOC0bY%RV?E=(*=VAp}b<Ce=F%q1JG
z>WKo1V8%1rxFG0^($DFNY}BF}N7enm^5O)97%^1o4=QK(DdGZ0O`BwqB#D>^xxU~a
z&vHVehz1A5hcl(3qfC`ouO#>hGxY;pgiK+M#`p>6p7RbRkmkJN#;(ehL?LKL7ySG;
zvFjgG#2{+n%;7ZYjS#1dP<+Gmc-C>pYzH>Qz^H8%e{Dhi2yhn7j=I4qF&)GeQE(t}
z6?wrB%`(2y&c!)oofs=F&Qj?VAB5DLR<y$JaI?$D7#mF5Qq*i_N_Nl$vlyZP%@S(_
z$f(yB`yy*L+pI0wIWfgeMM2n*c8*{*TVy82H{F?$q>xc+KO`0MR*%j0DN2mi8c9fG
znG{1oBPP-{xw@W(i;{~hhk>s|Hi5Y@(On{*$2aj0$kI5jVHzX{<RE-E|AP5x$=0(+
zp_km%vB*tn!&G~7(H`&Rr@kC<Z3%#r0b_=AkK_~(uTO16<xjQjLL=<=o{c_{A_zIi
zIDH-^*7@0<C|a!|38i6?c!=5xJ4M6{##6e8jM1)r7lVth*fJ3y-7dk1II1nZyN-j7
zde{%KxF(p3lw25Ra#|pnWTLO(6seRLeD6?{Hm{LKSRT+t0wpNaNmT>QlhSI{9@^^s
zG8KE5Oe=H!l2u~&%kYE*0YN$ch?Q+}B~8C@u8vzXAUwzru@?gnI8mYQDicvGTRb#l
zYbwxHcEbYbAswi1lw?~wulfRo6tVL4jrTWjr;axE#I$OF)PV=-K!*1|cnr-|dV3|i
zlk)%9*_psY)xB|??6O437DZ&=Rj)PsnthLw?AbHcWGN<FLY9`ni?Pd^oe+{zSxSZq
zjitO~-<AJWG3KT*{cj&1^Qq4Bz0bMNIrq*z=XrjoM;MX0E$PKCiyY5ua(@WVS<Dea
z+!}h}77}<m%v(h3)fY?I+D1W9#mv>CDxBp@+Cg~Ud4UyS-Vz@hi+qI_plMnn)V1;S
zHmsNIujMT%_1#i<GV@6dI_4W0$Eci)=<2!E55rF|!=+x5A7@jBpVfi~+sr?|e`-S1
z)}gl~9<K0|j5||`_hIipB(AS2UdFNNSVzMa$8(mt?)31roq|JfR32GUw+8m<r$6fK
zNQ@zZS}o-r?o<)3U{AiXyi6R!U?xgF^`wTtjPDb}1xJUcNZAGV6vy$hH`#?WGZ$)a
zm&iuVd}`{Tg~eVPi0;%_)2+5VZ*@a0##ZP2Nv;cL0x3zCqeK65l{$&c|ETT}SY#h>
zsb5A*WG+jclIHxc@A#=JVe)+JBSY<%s2VgXO&a)ErLUWoLh-z~OKTC=smr=MB*HB7
zPuY;UysQ#O;-{Sx^gG+!Izw{*a_lUQ*2O-Lk2fk`mgl=)vmJIU6<dYyIMce_G-5RM
zY2j&2V)MBZ(}i><iCb+o8>{qJYtEXXSG(ER&YIFnHKjqJ?5$d5+AQlARqZA)@UEC4
zF3%>qn8=mV#dJxy*?l>2O2c!F{xo#N=v@cjpkPz&#B7hXF4XIpcp14~0~NG~i+F4`
z6GutgEJ~*jTCn(8TMwCwqdB;L-`9g~XPBo)o6HOn2zhheO<_s5bs`+wYv#lpM2+VD
z4HX!A5m&bUxuHm+()P%=Q`WuiRX*#wCzzS<YMSWecqk>Umgw~$mAZoF@<i)x?kvZa
zLRoOl(+|ALoDfaRG2Zayv*@r45Vmw(C2TU`Q&Nkl5o=?4$?q)m?wwMOyvDp9Q`{Fx
z7LTuXPQxJ+4_KKSD>(6Kx<#`gA(~7k_l{FfW!;`7_K(bJ9L_Y(;tDWoMlLfOP)KuE
zSfwyl-$1f@=4OuI_#gX3vL0=NTi_XSlMeSOM^sMttR<D!6+V&51Pw$fx%oy;Xx6e=
zYHZ<@TFU(L^VbTn=GQsM+4v+Rh3(Z@vP3=WMG@BIh4>09jdH&gqjkuf1N1z7DLwg+
zo>gGr7=6zn*09yJWwBb;+!GK)W*r+nqOr6*I=8Ceo|<d~mC<sl!Q1#(`Xxp}HQpT(
z-CAdRs;%`#UVnT+EzPUV1*0CIPe{J>ae*k%`Eo9zLqxE|+7K%5AM<b7^K8CWLSnpD
z8{B~O&~{l>f?my=cRNxvpCAwyC@C|g>Lvf-3d}m8W;f4ZE=b4EpDl9OrXhHcHQxGL
za+>ZKq($4RC0l)TN>CxSBZuXm0x?HJNK0H<_7beh;AFK0na!!g(3PwSiG4f=jaz~f
zVzdb4^@0{&5(Va8eqhG(DrBgt(C`}JRJm$^OdI<{WI%RW)v!~tzF0du*MXC|HfIs=
zS<we4rD+(d4nt=(FO#g}E6B<#OZAs%_!P+(uidINIRDg!px4p!e#2;}BmaZM1tz7p
zHzRS`yZAY-B8A<aUAxkLs@;MiEB2n&ZL24fLRF-Fb_Jb>@*aN>B-Fj(ll3|*vexgc
zbEkpN<&V&?JU&QuWNvwvS<^UO0?nx+FQdc~f;V4!<)}8E23+n<bIV_GP(LkO&(<)G
z&<#qGRi-KDm0GesH=<jUm8fA~>9V}hG#N7`w!mU72^q-`VwpIMuufRBZWFVRAbQf`
zII}Fza-%W?N?59RhfjS-xq-yI^;^yCybN0raZ|WayzoAUv?!AUcKakmzRd^<aM5@t
z(rFBCI9>FP(lk?CuipoO34A&_ob=y5Ubq9_MvsPQz1zn+nb%bL@HND|X}IvY6}}Jj
zoS70A6+d$tXB*PVDrT4a;&;o72+h&i-2RszvQPK54li?KY=;mpV`KQ$BQf>q_4|)?
z49Lb^6u2iE$Y6K(CR@(qLoX~oEj{9{CY>f)k12Qqo9573k=DJS@XpoZd6SsFd4l}H
z2=Nf9@`9sLZPxt(H!?fAA-pu(<`spe9B#Rx<96cLODR{lpC5TaX%(6~t!QvyLclle
z)ttfyrSFHjJw{0K$4QPV&Qay}GZlPr#b<Pp8zFI=%yBvs{)(uQgC<p;Y5nDFdZ_f^
zv(f&t4>gYyh9kv%*e$$iY&yg2SPGP+3RuFIF47lx@ZJgaq({uzuD8ULc2&4#9AqF9
z=&TD&3weOQ9?xv=xk%=`;8#e-^fY{$vpS+kLUc5s!K9X=+w~eDVf^EDwe=+4Pjs+(
z#YLa1=V<+japmScPWvXC$1c{s>Kt4(Qtu~vf0n_SWy3jxeBBP3DQ>QplofVW_j;N=
z4P+zk_L_H6oqdwpxv_Z?aTksxujp42s$=JUAg`u7)&GNc>nin5f6gB5_z=;|8C%s*
z^FT)YZVcgDe+J2+i0bBpWuXz`P<7=PR-Lk@R#*Cvmv!FilM>2q22>}OUGE0pj-_lR
zc|ar*$2%KWJKP~caU{t?b^klh)QT~Kp$@ljR_f{RyqyIfZpUV~3SZ2bwa9sL239?*
zWzG~Zcir6nyQ0^dILU#68QnB4v$Y}1O1GuiX}7*h)24md{auU;s<!DAma5(>oL{*Y
z10m%1m3@f&oN%@73~&e~UUDKyPSyACxgDT8$k-d4m~<^&;^{3OHDpon1!lHFvlnS>
z9k~DDQ_M$?lddLd)_c4sdwei`nYT&j2t$7tw{rK~U3p*jYE1>nhWf#)q+cQ7B1N^s
z(teM#mhqLcqnU0w=Sg{zwe~mhHb)Ic49QRW-Kf`WTN1qI9r{nMP|ECgK%zM{Uu~K-
z7a`hyiFMqV{csUCuhm=PVuqt(CfOGwX9CZKsu{MceU4%))-@beR5;oDf-Q>V>|nri
zhaTjy{oYE-Fi0i^mH2g++l9fGp{*GOt<CHIm<$US&dcRRCU#B1!fV>c{I7?J=?Byc
zzSSDF`mSTqu0?fSY~s7Bg=dPDK~-f6f8-kC{rh^($hG(H6SO{?tyJc@yKR)<ILB$j
zsc0U&y390==Lpri72bRHP-!>9??iFSMc!v}^Zqn51feI+iq$a6me)pZl=43_G!vvf
z?i!G6d23zDw9T;i?cKE<UwmG8d_6}c%^xWStgbEqsqECiItIkW{6|F~pem5Ll_kHo
zyJM2RgiF8Rfn=n4<7Kt|Dv|wd(8))f!uZ6oEc7KbqCVxu+HjfVb>r3ktE^7SYWWP=
zglC?uF)z(DBPI)k9r2{?Y{w9lm2J+n>4+@Jqe6=}>*5;VrNoEv+<BlG6pk6>f<r+e
zHY<#5!jMO}?RF%mIuZ=<bC)g@sz-{FY9CM$a<Uw0`u4h}b*#pCWqDq1gVp}xKICIB
ziaSTbDxa!{ihgD(jv((0V@J65*r`Y8a2$>gU5J~T^fb-Z-cJ%T=iop6G>7dqZF;98
zZM*1TvVuC!1c!{`x0}Kx7HZKxJ*fl!5pR%fR!_`RjxI;gp2~+6LWyA=^>Gt!l??gQ
zC2tssV<x|}N^P8bKdt}bX12Jf2T~(gSBx&Zuk;i0k{{uI33~>Ds+%2j?GBVYbvFcG
z$62XPlgqP|nG12gyZGT)9*%m}D80$EyLqCc^E^h!ZcXpA^t(z-k37#SXTTWLz#UWq
zvz0W3iP|)C#>vD~kF#4Y8j2HyKxhVHswjBnC?5**aN99@R|Irr;kC&=izSd#VZ+PO
z3y-FL;4gOLzuA-lsp9<#g^A>4iGGh#@FJz&E8Qi$!Z4H0gM<tE?62pSZY3s~spVL|
z{Un|+o#JWQV1Sr>@6ZCfy3V+qVF`pkdLVDUxy*?K!Y*?xX-X7N@A!ncM7-I;xzArI
zNto=;h|VZ|TofWZ;~{Ju`^n{+xp<mo{n%IpC55rv(Xqu3y#c{5muL9Y97z2ACO-?0
zeXDU6THR5$DJt~qIig$>iYOq^27tAO%}gr|MSWR5RZS%UCksz&X90T`{_S#9e80+3
z@om?ma&>Xy2WnE)8T30d0BcJFg?G~)_nk;oqv><hXYW7E#iA0;T^QxmVE66<VwBoo
zvchYcKUkrI&EWG3(xWN&#N0)`td#IxEP%c1ft5ws)et-<<|(63DRaJQ-Zs|blK?+T
ztcv5`<eDa9d@zoLd4l+f!d1F2a=2ck>l6OD3V|1A<YZGrgqaH?71GBWzs#^HoYp0X
zQlfqo)}HrO@gw7K45Ehq6PNfxgM6)54^;dJVX+8@KI9-Qw{A|X8o9*TbYG4U-x8*B
zKUmv?&Xo7C{%ZJs#fOZgN{sTPEGDt=_);B-o~GqeLra6%D&e?v1ibve0kcxQz6)=;
zgeBAqPfr*`wx|v>RrD)Qd|ka92xaH!TW+|eZ8zf4syzLil=%|EoQ!adPF=tuT7kL6
zou>(g(?u$AN$y%`LodSQZT!7*2yciAg25Z^N;@AK5jfa&C8>mOFy?Kf`eImeho!Fq
z=~+1N?*&bzlgsw@8QlJ&!JH?pwTj@Q^cQj`zK*KX5<Y)ftlZ({S&(ssE5fUdKdJeh
zm9EpX*CAQDK0}Z)Zg1#!)s0mNQJbPuc;^j6xOF@o$wEwF7nlN($DRb&RL$bj;whxY
zlrp$yRW@tc<5A?~=D%wce<-Pe@NBSpn5wJv$)CkCFPU+9h|15p)zeVEx8#wH*Icsb
zH1f60xc!ZF-=3E0J2mrlHFob$I8mmrkf*t2WeX@}bsIg4l6;bP&7njYPdY=eov6uq
ziqUNJTdmi<CI0G_V~^#DcnXJuHms$-KWy)Og6u9R3CxQrSzX#-PHGxC%zXdNv$*sz
zZ%OaPJbKuxNQ&i$5aW#bOH8aOj>}ioU5{0{n9?6jK`iN3g*4lqY^+bNt}_8I2uoBT
zMK()HZ|2@@E}{N)d;`JmYJCM_Z|zRr)<_a4NQTo8;AJn<VoT&28Qo0HsiErN>Q^_F
zDo_{G(=u}Mjbw|w>a6R2>lytI$uorv`X|&_q~H3A4FxilzmF`+0G9c1_Z`9`#lZmv
zTq-aCfpgkEfJ}~G#{ry4+0BpJr~9+nA)p!Yk7hR=`XA{6|3L@%0seOTfCq5^pSPQ7
z$ZD!8DeCF-YbfmmZ{A|In*bkx%@e<lO>iFY8K^^tsR3~EI~uhAZ17{Iz|@L-s}as7
zW_CxbA2+w1O~GBmgw~V^SQN)tDG!q=b~IDQdzrEWs?<4JUqR~*@Y$i8e6W{EVCNk$
zm%3v#$%%HBANMl3vp^(<2xCFB$_7mQ7`t(^;2@^1JdS40axZf~3zcCq$cknVzL&ut
zslS-)q4(nOUiNluiNs`;4eczsfzgAp7k|B&-f0m$0MW;jBVcjsiEn2saM)3zoyVq@
z()PgrdHcrHm=>*Z{qK#p?){jI@Sz!*|Fe<J0si{~#81<xS<RA0S%Ls~<TU_h3dL>H
zI5_a2Gr$%YjGeqSOn2_UR{9|q;;!;@1pj>V4@RzKSBdEXnWjjfVAN(w>8%4Elm$%3
zSR;WN<d`{*W_n>Xz-4v=G}2|ZAi!^UkS^6<a8#{;jg<B_K)G{_UfnV2=&lB?1_B_W
zd({G@3S#BeFOm;NPN$}BkuTsy6!3Ez&8v67jExoN_w85UOQa~Xpymo(|5BhB;^sYk
z>wpJkGGhtZ-r$VU8_h!-F)Bch%>dVEvn21<0S|IHjwNU_{C;kw#z@NOiICZR<emY(
z+=*>rfZy;SD&9RvTQ`qQ(q_~FTeg9l$?n0;r*mCU1E_-X92igN4k@4f3k)i&`j4bo
zs&v1rfCIk=!dKvuVGM*VhxQHxE*t@0dBB}jz#a6cehher6=XXQFm+oPu_WvbFed~8
zae#hxOysfTY>ggFn2kfFht2>PCSV>vgBAqAz>aFH+}X-C`8m^Jf))GonO6ZYWgz0v
zN9r*>EMeOz0)LExM%-^flfeAl0<77}pn1e^iX~(-tWlF3#^{zosNRSJXbwO)pkF2*
z3oL0{{fDXN8ahWMJ_FNFBQX7-_neh2mKYUl3t)dcCP)}8$$$h1?G_;9gwc8~)o~Aq
z-p?x0+P|tq?>-ZNmDINo@SxQzd)VLcXo*o*9XxG=wYgD9Mi1<f7?rxgNJ5a{GYTo@
zg+1~|1>GMPOL0p=V)sr3D-ok`ls?$wFz6D4{R6A#qJZtdT^QqxvEwTKSxXnp11qwk
zc%S{S=lw~a6-)z*f}&{M{@By@ln4c5!3vWo?6*MdvAgI^f<a)VLlo%ab?iZZ)I9{_
zz^Z#FTw^fyIP5g|z-+L98;U&(#h$&FoEw-5))7NdheENZVpbIcGr>|;C}tN>)Bi7q
z<SxQiU=~;+3B?+X#Ga+;f<Z6|j07w0ppc}uu}ALxXa^R-L2(BDg0s6M4%jEK3JQv)
z7K^=4dugJ8sbIYi6t(9L_Ec<cOJGe26zP5Z9;DqBCcv(MwH{D_j07wIyC^?^3E=wo
zD8k&mJqXxT!w2KQRijZj-ju(=?f#emE<B2|uAG6D^}UA=xF9GBL7lk=;<xgk;LZV;
z(?r=8%)-X@@5MF21aP@O6k#?O8^YfG11`gdBGdwJyD`qvuBhDa-@lunRT%@j1ukTU
zf=(6u9TfEi93v214hjWiD8U{GOfeWK;Mxc%ihB+Al+C`}@$CyE5uB@!A{x|TPux37
z!0GcS4)<g1IXho5U~~(dLXE=3H|&AKZm;uJLNz!r!AY|y@R26$z@QXbFaVr}i30Gn
zU<cUyVu6z*QH&KV8QV^vr%HmI0jJ`jK=ZBGIkS6W9+(5(?2h8BcKm;wUAMmP#O}7$
z1cjaZfLew?Z9Li8ezzS2sP<-qzb!~?ttsrj9Pn#D!A`>Fk_UJV7e$an{vQO?imtXg
V0r1KNFai9D1m0Ko1LkmW{s#e;*V+I8

diff --git a/local_lib/io/gdcc/xoai-service-provider/5.3.2.1-local/xoai-service-provider-5.3.2.1-local.pom b/local_lib/io/gdcc/xoai-service-provider/5.3.2.1-local/xoai-service-provider-5.3.2.1-local.pom
deleted file mode 100644
index 9a47a40f5f5..00000000000
--- a/local_lib/io/gdcc/xoai-service-provider/5.3.2.1-local/xoai-service-provider-5.3.2.1-local.pom
+++ /dev/null
@@ -1,65 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!--
-  ~ The contents of this file are subject to the license and copyright
-  ~ detailed in the LICENSE and NOTICE files at the root of the source
-  ~ tree and available online at
-  ~
-  ~ http://www.dspace.org/license/
-  -->
-
-<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
-    <parent>
-        <groupId>io.gdcc</groupId>
-        <artifactId>xoai</artifactId>
-        <version>5.3.2.1-local</version>
-    </parent>
-    <modelVersion>4.0.0</modelVersion>
-
-    <name>XOAI Service Provider</name>
-    <artifactId>xoai-service-provider</artifactId>
-    <description>OAI-PMH service provider implementation. Use it as a harvesting client to read remote repositories.</description>
-
-    <dependencies>
-        <dependency>
-            <groupId>io.gdcc</groupId>
-            <artifactId>xoai-common</artifactId>
-            <version>${project.version}</version>
-        </dependency>
-        <dependency>
-            <groupId>io.gdcc</groupId>
-            <artifactId>xoai-xmlio</artifactId>
-            <version>${project.version}</version>
-        </dependency>
-
-        <dependency>
-            <groupId>org.slf4j</groupId>
-            <artifactId>slf4j-api</artifactId>
-        </dependency>
-
-        <!-- TESTING DEPENDENCIES -->
-        <dependency>
-            <groupId>io.gdcc</groupId>
-            <artifactId>xoai-data-provider</artifactId>
-            <version>${project.version}</version>
-            <scope>test</scope>
-        </dependency>
-        <dependency>
-            <groupId>io.gdcc</groupId>
-            <artifactId>xoai-data-provider</artifactId>
-            <version>${project.version}</version>
-            <type>test-jar</type>
-            <scope>test</scope>
-        </dependency>
-        <dependency>
-            <groupId>org.junit.jupiter</groupId>
-            <artifactId>junit-jupiter</artifactId>
-            <scope>test</scope>
-        </dependency>
-        <dependency>
-            <groupId>org.slf4j</groupId>
-            <artifactId>slf4j-simple</artifactId>
-            <scope>test</scope>
-        </dependency>
-    </dependencies>
-
-</project>
diff --git a/local_lib/io/gdcc/xoai-xmlio/5.3.2.1-local/xoai-xmlio-5.3.2.1-local.jar b/local_lib/io/gdcc/xoai-xmlio/5.3.2.1-local/xoai-xmlio-5.3.2.1-local.jar
deleted file mode 100644
index 634f017657adf11048384c2fa3af88b606f15f61..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 26425
zcmcG#1yEgUvNlX`*|@s~3GVLh?(XjH!8QbUcMTp0?oM!r;O_1O{W){aojd2u+?o5|
zs&7}Vs$I})uU>C=zy0*{b}LAOfy07;K!bqfhMj4F{KE(4{kyEFiXg3|oEW{ryBONL
z81&!7LamqUl-~cX_<p_r^}oer1?42gM3q(OWW}y!M@M9&Y3ZimrD;Enk4}77Vwh##
z*ma_llBJQ9opLR!Q@W6)ksedNZ~`bn|Dckc7*%GNXP#o-+I9LgHYz!FD>XC^PbVP@
zX~nX?yR{1n@|zC7t2*TRXH~)8b+EMmo09)p;QjS}6EHV1HvTtK@c$s?VQ*;pZ$wf5
zD(Yct^KUgE_}4d>dKjBJxLDfTIsco7;r;7-Z4F(FEli#M-JRtB;Z9Qz7binw7kj6F
zc=})c0P+1d{_Y31hHj>I|3(<|pM@>$>Hf0re|-YU|9sPLW}yA=wf)@%e=~opJ1cnT
z2M`d%ciXf6>$m)ewbih-QFpR*F%|u<<)$;XF?4oLiW`#aWk3S@yTc_4Eo$A#>PQJ{
zWO96NB8rU##YA#o?Y4@l%_R%zz$lTz^8g`$W!wgeDj<->^JYK4u`^#DFJHrb)}={`
z6J8U{3nY;OJ$645bTwtaFpVG3g1CB|<!zi&T$s5p{UQ`F-2o%(MHFjqqr+qvcG?SC
z4;%qGEdTa#$gF2xPoJ?TJY2x}^Op8rKE8O&(ZE8QZKSPgz~TTQ2^1>mv`DS%v1ctV
zRqxo0rhi?=kK?Y+aM`j>Sp|+ryLy2+);zvraCWW^gWRq{T+iW7m6}cGWST<T1n85d
zw~Fr+8{k}$DkJg!@N^0{DinD!^#R*3i4z5KCx^zpwzK}|Kg}@b8RR;{b3nn@Nh=dv
z;_Kj+BE|^%P$4*FrnG8@sAOie4&fApv)tGa&G*2RnCoU&PP%_NrPwye4P#4xy;sE!
zD8L?F>JgPTpNF}+0hM!hE)Ttu|H+evL1R--{}jxL9a+FRy-U-;^|gO0XVz4y>UoOf
zds9Eev8E5ye{U|oS$2LgCg11XvY_vlW&7V)R>{=R#MJ4ZOgkdiBY*~c+f)-oYYr01
z=LR>9!o|d56GKJa5`uQ*PK1f1s<agJq*W)Q^8q0o<|wHYYND}8NMkN}d&_d>(qAXc
z0jW}uB?|rqlt5AJ!>XNlPC6!U1U{aQBGIE-Y6EJlEr%o{h;_J6<BUUh9DzQS?F=sD
z(RDys{Tk_TGGX5!BdQsE&O6-m43clB3AFtRWwywc63jXh+Jp!I;haUCqwh7P<6Dio
z>i#$xF@cD|-&urq1_+>mD%x6GhFoWGCDI~5nPs-7#qH=q=h#RYv1!vLo3}=V1VLQ5
zg<WC9b~Y~I*$riN-%)$KSmLRgl4#;HvRg%+Y6m&C%ngATS}zg<7gwvXuL)Id#dj9I
z2zOP1NVQf`o<l57R<e(vJBkY2Y1;wKMYG^hbGXhHaPB=LdpwB9upOU>6jVfpsPS$O
z`dY*_+CQt=XO6{bgd`=Fo^(h1E)vSX8K5OOew_`LwY74zPtsBxK1#;;B1%i(nLUj7
zXM4h;i9&k6+w%?de;KI?hEC4^9I5|kPFUD4XGoDz)PFN)!a%A(*m9nXfsCcBcH)AQ
z=vEKZMP8({6nc-TVa8}C=gZr9=FG3h*9UNi5G`0_5!SxxFw*W=|GjFR#wOlb`;uah
z%OYcDvZ^B57dGKKzj@L@grNjLe@hL6i;wzJ@4U{tIa!2_|7OnSaolrllDc<u_9|4_
zBU}DpI+&gc1)G^IK}dOYu_^ujV7oArGcZr;&RfGGcrt(u4U8nVy=1_?4_W?5Bs}gQ
zV|Uv`eTYYH{3_uENEzTiuEVOUx!~ag{ICvU?vv%aoE_X6xWrPzH{VL%l2gJhst3i~
z>7hcHt<I-_6uU2;&*VC^GPjChH#0c@6h>4%FA_VNpF4k}^O;1-io%(Rr7<Zz_luY_
zr0u30#G=p!v5;jIEDRccJ|0>$l#9_SX_=mYHOqv#L}kzLunLR;h4XLLG(=N%D4Y!*
zv-z7fRfm^;w<c8f(O<0D#vd~8`W}^`?-#>=j7|qbV{1cmQ(8+qGyC7ST<%-@1wKef
zNM}elG04hMpO>4&9g~;v=RTR2@D)5F{(2J5`dl(*{%Va*B1TSbMqX8RW_sG3tbn*U
zK_coJ8by8zMta?Keky9#=HRS=v^YT|%`5^57*a5G2R}<ir!s9bxiTy;FjO!&FmMK@
zZ;YQGD*lEX{yTLz+$2I+y{qo?etrDcukauA{`F6K|36b!Men|`1QG<~$GiSy|61Ai
z<R)qVxAf-p`x+Oiuezg(qIG5z1{W*C(n5s$BnlDR1`uKVf(B)^WmV8BEJ8zaXk9GU
zW?!sbOjLnDS3w$S3=7mhn1a&pa~7aQY<t+?d{rbk&sr_Eq!9MHAWmCscJ{wNW_Ndc
z`*lC04Du6!AJ_%;N(7FT*v$ih5&hNJs!wHRNMd3mtcnwMblJ8L-aH2M)j`=GdQaFB
zNeJ-iGu5~8+63e=se@iCHq;>wD?4kG4Fh%gdF(N+tg=0gy9YH0A<LJF`$7TZrqYOt
z9g^n6FI){(#o$F2&=>-$NEl2S;B&AQRHb<Wl|WE&aY6cZr&%_<RW$?k)a3{)wZ1ur
z{;4fHv?H+*L&jN1LztkVZ!!U@&~Y*rT4d&>kcXSs0>hEo%EfzGx8(57y?Wyt5E^+P
z-(m5T4I~{ysSVI85QKPxSSND@e5p`jX|`T(xXMmlQoW?)jd`uxT`owr-AJ<{*=|wq
zxIpbx420wGnX=#uQPm9gGhIw5#{gPCYLD&3t!A<BpFbXw#{(@f@-)H5^h~}bL2K_?
z6{12sX=B@Ln`Fn=YiqelHDz@ppd?!sCrw$JVg^y_V>5kEGt}}7=_YV8{{Us-JUQ20
z(aU~Ls+a)^mCdZD3278OVtisS$!XiBEqj=zsJcC%Z;n(lyx^qR%2#M6Yd#PS257N>
z+U7P=v-)&m2gysOF%A)GBR#{6%|a+o>Ry{}tYNuy2We|vs7W8hrv%+BaavX|?Zh8c
zP{*_Gnpd5L5yQwK7XjB6%nfAr(;y_7$^ghIIhB{BX=p^vknKUJS`N@!15kqZlG)fQ
zmOOe~xrJ+q<3FN91Lga+9NAqVgOEM61Fj0s@M>>~NlUsOjmR)lBzXIYWPj03$dt|;
zQ3f&Zh`?82NV@<7z%<pfG5ad&3idA|SwrB){k^2{(%PrWUo;^(yCBsPXn^S1Q}j6>
z#1zh%JP^mJ6uO-aqmCMw^|)~D%3~lmeIb(N=o?M(sl`e}@L60Tj!b;(^aBI{^dD$6
zQ{v`Zzn2QGo;fF#wbID4KB+F}n%gsO0C2Hw40I>XN)&Cr+8K-Bxb3j`CR(J!^pwC>
zB(Zls%T<(0&QmGxe2E3)q4?!Pz=<dBTtMJIJfOlXolPEl-xS@}AGw8}>VVRez8BWb
zX!5a<SzmseHY^qmw>te?1fa;&=MI4ue3!vxcVlh~hF)K~Rh6S{8FWFrMm6&~D61@A
zW|on)Ls3e!^~vSC`G9Hd=yr?(yNp$JQax+?Om036&5vg@rLKVvtaSt*iSp|QeOY&+
z4i=S}q!42;gU=Tqr1<(uNH+$t1#GVgb6MVCx|7%Qt{7)o8hL;%>k1n|a5|iy->5JB
z(N(&wSQHR39ZkQK0|>hZL459Da1=LC#=$uB1_<@MvTLy1;d1kTA<x#y^hgoPWI#Jk
zapB>@<x*cwqB}tFq2}W99@s_p#*l7L;!+q^>UY@*MVdwHo}Y~wGpBC+WFe*Q&{XTm
zPBLy1`|{PL(k4Cl_CvP}xL|_=^Vr#5TbfkUQCjKE=wzhKlR1`6T<9Dba4y`?);s!}
zRyOjy7-NO5!2RhPoU~Z*7zy&-R+Ig>NS8Y-q8Aij95r!Zb}()D=M{wA$?mwc))`^C
zzGd=WZ^^z0(zRC<4{j3=`UsEJumxpM`cJ*fR9m+sdipSJyiNnB7})HeSvklJSCV+P
zt6(B~*%>CnqiMea20z6(x&}!8)F#K`3eiU`Y0gt~_g+&_&30DJwB+M!?co$>W+F&6
z)seeb7j2<n0M!+`|3c!@Nj}-GoIT^lSOU4{A`(AS{wq@snlnloan5=xPiosj5@9ab
z;cH9b<df(DAUYcSu?1w6G=z^*Xx{-ZMPQv0lvehMnDKNUX}gW=l>N%GldiB`9;eHY
z@iQEUUZ%5Mv{YV9*kp=B8%;n5l>lLi5MtOQDu-T@z&c8<{4m!vObzL3U$jfPh&UIO
z>uut}5hll4Qj=F}Sh*6g?IY6;pOFu(;g5Y!;0gv-d@LjbCFBKfG$PrD6=cvZ`O^GK
zoBm<R$$qsv)W`epg-NU3E6tTBbUugmwbc%6-;*}o)6E^uD>Q(<7Yz1x1fh?jD1*Gj
z(RFP|#TsGy$lHcP2%hqkeb|=7G&M*u4n92lAQ#F?ptcc{2^@TJ0_)=8W5EOT($5qJ
z^J)8*GRRD?bw4zf4uX`F>fHPCUsy|mUg2Lmglk)(MR^8?ks9pSHr65dl6HN)y4+tb
z2>%QdjR|x-07xJpM3f*PzZHc4Rj&W75dXabd{1=0WBotUoF<Hi%7W`_OanU(Z%vpe
zbR_n7E3gl22C+0qpplVe7+>ZFF0gnd!3xqYM^T9eC2<yHxBA8i203h(ToSTUG3b#E
zmJHnUDvxbAzMS?+X3ohixkzTrJ9Z!WueW)6k&Z=z*Yk_HpYh&jI=^|3`;RB-dF(IJ
zgK3by`0Wtu3kO6Cp}}B?Z1cKyTcj*n-%uQ(Bs)5pu68ucCrebUFBySXTKE_gbrCYk
zbF72IQI~7Q;0#73xKcdzte~(*bxe65u|9wYT=w}~z$Gs!jZoIpP}S2U9vsB<=Q~oP
z9WMGzGi@W2ws9JTRK%uT2#c2jCAr9r!wt%obTHXScwKP|roLH<fG;_cuGrh1V~ket
z#NM#V=C2{bn{pK!w&ao-YH@E(rD8XFG<-}VxJ00qgF516UXH<I4N~)+BOo+`-HUYO
ziF5H*-X|wCgRx@Hv`N8+!xeO8aLo<SHEYCXClzGQGi)$e3acEW2r?Um6(z;7LmI`^
zw15d6BOqNd#7;hh{pCQ~zHSuUW2W8}4jIT|o)!>{eG-!qp!n^H5$XdzyJ1J}S7J06
z&8Wbm74h?vC~<i#@g8#d^Fbk+>2DgP8YHPqI7EVergPawDtTJMQPEm7=qpI!^S3S#
zL9P@9ViNt}o#)4J=S)#_%;OP-F`-&Z?k8tFbw#Dk&QDb@fmbe1i8fJ?Q4HtR2qUZ&
zlQk&paAqcn`KY|)x@mfvtap&A;1$y~>DU2>k`)&I*N)6aMR+Z9-9dIsKV5&aYvgd=
z@p2!}H7^`#gnD(8g)drjM|ucZwp*^8;@BB$nZ-+aZG4Hi4cx_6U{yx>g8X?^*N-J%
zQg=nHyJENkQzt~0i_JJ9m&h!Au-2r#^jWTn;wyc(TAf9c@E}_qil!)CyBOgIISp4^
zAo__amWA&fWp_sTXsiyD)MWH2j@!Y{(jMzIjxZS5piPS&8bK&7)|2@fC~xMt2}*lU
zZZe#aFzt+9vmD;;Z@js)Cku`s?n+%)9~IKTAgamYIKo<4@unTIAg3~ZkdyR=*|I;%
zbg!@oBaeSH5}T}8E=@j8iV?)uJ<9Z=ta&fNzbe43a(PXTK=ghm(#Y(+MdmEyE5qB5
znjq9)3gr_Nb@tChGlMwU6{wDb7RmpxTN_^gHN5`k*K)T5Q3x$O6FzBi{^$e-W)Wv5
zjV(8t<@>!p<ld4lCV8z-k>y&<qFU{++X-Bd4)l5O<n4u>Nohq1>i#*=?%TX<USsWI
znZcGB!y#*7cvDZbZSuV@Tz<HSJD(@ZwR9iJdzr+PlfdE;&&^968Rb9;p{ZgkKZ6Q{
zEJ3;QgdxI6m6i`}4UoPhOMOeDih5C_)L9S;f`kKE^?~jz-z4SYD--%^QvtoYCEBoj
zMA$Rv>LbKxD;SK5!zW5G;>NV#1;h8Hb#Bnyg(tu3Vycn1jLF)AMYYK`Lpw^uJ_GrB
z8x13A<NlHp-amI6@zS%qOy`53{+64dab=yj_9LlazoQ8_DFz(kSL+c0hP2^ss^^+$
z{_dQ3uphUiC+F`~SJ@}Pkq02=dpfERCSuB~nt4R$&Ea@J>Y|}b25I-RXn&>rxA?vI
znT!2ET<5u^5b9@+DCSS}IcOE7He(-ka{3o|!wYlfFC#x8_kW@}S-CNWHfPP8aU_^v
znww^07vJ8KxWd4R`!H8fS<&V!<N@B?S|xc(jOJgO`#|jmttleqfIMO8p*N_%Z4a)>
zd1)be0otmB-oj7}Ib6NcWzyswGDLpcz4GYo<Wc7TlfxiQ_OglbTl=~bHw-_WVcb?H
zrpt2zNvBe;HUKSNf9g`zCyIDT1(PO2W2Laz_W|-)^*b_*2<c{kz={bTlQ`JwrG-9G
z9!;FCl8+FAAC>jbI+6PU;T;Hmx^3-GHXXJJ7Dp~?!i$NouzGVB`1tFpn)-3|;f!`(
zD(ALtp>k!i>ob?W^}_oVtKFAkH1!uP(S&6oLvpTlt|x1A`Om*<qH{J%3KLL=`){mT
z*xbc4T*V;n1>5qr$Iyye)V|EnJH_Tus|V(6tKMF=I9=(xKI6V-od%y4QnQ>n_bQXq
zZ>w{?qP`_5ZB2(8EV~jgXXL%jU-Flor`zC4ozwaiY}=L`Vo@1d&7k9}tES1@;b>kP
zrm9-F2XA*M1lzh{8q=>4);-W{@*(S9CD!zuIr!(RTP}_F#R}<$pQIa#CUhiy*fQ><
z@3(=T3D;^Aesnz=!$Me;(WLmu#hP;E=}uyD+i($rsze_+m&D1gR@B&g<}I8sRG1!D
zU+hP{RG}p|N5>q=EyT-%BTx2qq9Wh$8Pl0G2hKTOJ`Uk&j!o+GTw~g~i_i*Ac<Skk
zulT5k`E&r&@&ExTfzo=GWF>dK{p-U3L=P=9&v+{$WK|MVb>N^zKK|VITArvoXbjUj
z)}vjeYOTgKq=>GlX3pe^nL?C>Mn!Vgv>Y#%l4|JZs^;LQ9isM$(b43)Kui%e)&06-
zrn4Uo1qJ%TM`HFPGE1mSx~@cvcy3F&XDasA=J$$s8NAYxSP9DjW#eFG43qlv^bLg0
zP0NoZ=2m2B2H|t7Yi72Pc_-%hHAT5Co;rnM{6Vu-%Y#rJCk>GgHe(tWgXe6=?KXX6
zd1XU;2SArG*CVsbbLJoAGdygWereX;)$-PK4qV)}8s&pa)*I6rD~T5+xLgZSr$C%)
z)CtFS+z@xSP8a*P%BEjSN{qZbxYeu)?aQj4_@CdDVy_)19ab$%<QmAmq4*HE<-<i$
zzaVK&7t_Rxcw)$c^Is2xTi%S*(8)!L4|0q3SG|UzA2HttpY*bb{<O!H+r4;2P$C`&
zHSF_7S*ho{2O~b!j61A1a93PQ5g%hcK&8oPatTV9U9KXQceX6sqKK2^rOI5FW%(Fi
zI;ckyU*6O7Qf&pM5@L97-YNc|lk<~)0o;>Vx}B(5vz=^gr}~=dhO;0j06t_jciN0-
zq*S>Ye;C89Cg5P#Q_DkLae_IN_v>=BiO<TMzBLuz2T|R`YGN!mKic#2u)D#az2sOc
zQS#=-S{W*%TU&Fcy0kJ(G9+a-u>y=+oEo;7qbRqJ<d~9^^twh?)0NUOH(Z_ZQfvN{
zPCQ<t71pee(Jt64hE4d!k~#Ow5o=Ju?^Kos)L^7G<QNTN1%r>q&Fff}xaj`6>qgTi
zXYH!S>KRcEO+gD<{1EJ@NydIEk{T&YXtIj_kTcpO$jobaY$z~u#|LYv3p)gN^{7Gu
zsB<%W7^cwVA-`g)dW6Dcgb2*a`QsgUAOx~yMAIIhJ`5^vs>?Z<;&l1~Adp^l{19p@
zTPir-@T7nY^({6)?oaYj<2J3IIiE)M)N=aUBJQdn>eK>!(#9{NCLfxU9+wzkPE$ip
zQ)99ce};%2#A54YNp`{_#il8Z+eavnd@l?<|F-xn7SqCFwQa1iH)*`P+WTYwtxh-r
zt}I7r7b%$+s?rR)(FdjxA;0bv6z6^+yB`=K?_~VJY|<uZd(x&1{LcA~Zk%vySg@=!
zLk_<o3r4{eBK)ui-X%iJq-q8FXMraQk-%`J<qzDwc^-Jx^cC=_Nd+3Xrd$W>oz4#{
z(m}(^St<o+NwX@5dB1q<CVEky({GA@K++ua2rw?_eW6Jdt!qp*UQJeJmgd;TajL3`
z-_Fw5>Oy^I<%_S5%pHzB>tLWI%L5C^Az&0_lBgui@?&$_Gr0#Ak)#|GoedXCm7oyn
zt9cHy;RAtf^NdjZfZoe(zQ?=<8;NZ1lnu1u_-)_7>n3Rj@?W=M=0hsd#B@}lBR%HG
z%?J6cLmhXNdl!-AjxnbOC~5Enjj*xo<_!xJr9EKL@=$m=7%Dlvyuuut>AopUPiu*b
z>ypgJjhiRt8hH1qIvb3VMd+3o<wXO{uPLV+kXk&HEM5u^pK~kkc=#&zFr6<LyPY3Q
zyvL@mAL_Ksn=%7))(MK8gL>&luuTUNwC|^L+>zs-QkBmKnA)H+F7#HS?-x7NW*(SE
z6SXv@==XEgk|nczvoY8wwM?3EEsi=8l&JAacWb9%yzqaiGl=&JC)uNpPYHT34<ZiJ
zj@MLAr-zrVVmes8Y5FvbIX_1o4%+J<;dOdh9z7hxT3LUB#RK=FN3<HfM%;|KLqO<M
z;RfyYd3gBc=jR79b1A4a5k%I6Xb8_2iSGf8{}2Y>OY33=|H%dmma={YC@4B(hY4J*
zl~TJ#;wv7-X-*Q?I=K*3@(UsDl$vi*I;Lb@jvj3**T~&OoAShUHSQ{<2!^Noi049?
z*Os1nYkp_}*n}%M+(aetqI6%SB@{-q+G_yZO#aA<*>t3UaQh0bsObBl<X$}i<#lV6
z(mUt!=XLAdv+>C<d~ZqW<4Z@cmH^Cx3IG>gJBg%_{3X1mGlIU7Iet%wIHReFpToo0
z5i@C`ZMmKdo3+CkhopQABRrwG;{%C$w!lZZRvX<z!(;TSR_a1Yw&Lb;v-B*5JK}Zz
z)-OA(kQK7EoG`&QoATXK&8yAzZu|2-taJO9yF8J=Qz}Foz6Hb_o1|nG{@GD{>?%uK
zce??M{qz<*jGS!nBm1-$QoJ*TruCu=GUn`EKsnQRYj&c?SMQe4ZwHt7mL>b0=CzA{
zRwNDdPJ5h7-mfh-{%GD=^V=AH--D<vpU(TLl06AB={+Sl(6dP@siG%xMm?zZW^3S@
zM2>!isyV&zXZJ?1t)?tJzq<CHV>)PN9c0-4ilQ4xF-hmvQ_r;+G^;2f{DFBJBH2>)
zts#GsPEXil5x;#e+K(Zau#}#^z(P?pPS_T1?#Et3PW6lxb=~!YIUm%oZT;D7{dYIW
zzhih=u(X<AQ?3?6Abhl<_F=>SR8TsFxH4sJWrDin4?y7O4^ti1Y%P<k#P6vl{6U!g
zL<t(CQMtFSbUkA=$Dn!(yy&D`DVcV<&SKy58~<>M521A$`}yt48dylgYw7Ex0bsWb
z{b>qH&oHHDl5vYZ+N+-SRo|HRkxTlXeKL6DCom;dWqoJPKO*GUGN3gDxtp3}{2c57
z;cU=da<h69*#}X->)sKkTKOCi=10ue+rim8)VA;(ryJ&H6#ETzycZn%E!t-xSkF<T
zXE7HYLoZ!Z0|2uMk@QFX^dg0ZFnO+i`lmvXvv?&&lX$$iAvcSDtd^KunWe%k^gB_v
zi)BqVpPTFJT46V)wli~zZxIlMVXroc2+=Gok_4=0W)kYdT8pIKX`pj7$WJExsJlO)
zC5IR(EPPQC!JJA;uE=lKc8_#FjLD@z9;h?O_ZF33SU1s}8&m@k;Gs0_%Bs5t3GMT!
zs@t|~M?c}4+5L>7qFanArI_+@LXyrDDX&Kj`*K4Q;vn}dUvMSKog^0T#XHdwU{SGO
zxn^6kNz7?OVMKuX%5uIeCz4I4FXW{1NCrA*w0~U{|E5dkHI;AlMN)@G<@qmM!mnci
zVwCse!)J(pN1Ff6C6F=x&L;S(EZfZpAn|4tyCz_1Nzp67!XtG_O360Y2}tGLki^E5
z#FYuGvyI0$ak!b-mtA~>_V|o=0EdE^1l7l^-=hv<yb!EHR%7bz?z1;~lD7DAd3?+c
z0;dr}9LNWui2j0Qz+uegRb+$ZHM3c~R-wt_ul1b(P7lM*D%wy$O_ts@B=(oyWab3-
zR}vtHuu+P3DNc%*Y7=1FbFlJ2RgYO`Q?lK`V4^>7D=e_!6Odt)!4<mhS1n!mb2H`h
zM{EriTV*=N8_UB=!AJ(YQYZSMB9}2G;c##<#$p4VesDR4Opd;WPdvS>$I~u0K#uB#
z5ZyI2*&&AVUH1pN1zJ1x8xqIGBpt5xG0v1OGC8VLB}W`{EHTh^APenF9vWQ=f@zt8
z9_|OuqLx!{GS$p}PT*JkRPlNj?Md+>d_xH%xy``9h);Baq%sskVNU`oF@`cvIi&6Q
zB_t*)CXB+5!5aEv#~*t|4jd_UuM9ONy;2&SU#7L|^3h9Zuz**^v}`!_@eb^sLnI>-
zYm80x{kk(bp#xvnr2s?OQ%cU9Ws00g?PP5Dz!|Okzz0dP;nUr$6NF-b43$-(9mPk9
zn*5!C2+-=#UjyN0{d={W(+`>*>i%?YL_FVEUv3YxT_CCtjnscm&!oJu+1h=v)3Tki
zYyxVqzvPN*ON~ChlAWd7YD9}?X(H7gC8DnstWHY{q2Jf^IAr3~pqI@FU2CN{-RTgS
zayALxK}Cz>SMb%@ZdPfmTnC4ev1UnyN}G86Tz>`eJ+vW~PRu6Ofjni#seGV_u^%$w
z4=^?36CCmp+zL8}%~}Hk2iMz#Z66%k<DS_3gcSK0^afaP;3aF5$09_Zh{jtUyoAnv
z-VTTIUsDjWUw+u4?clI8$o9y8HG}!(@q;~Ubx;zxkov<XSSY~~=$jd{aeJOK)!xAy
zcvBDIDIVJW)Ic;-Ni^fKu|{^K9e{x>17EGgK?`uF1z?VtbQ)hVPkZAhDFivvkev>m
zf+Y1CU9<-keSW4(uEEhbGoqD<g4l6+`S53c&Ta~5>-!#4(eE8LO#hmn`+GymJ5eY4
z-Y4QB`$vb$AADW%y3(>3+CXPN8*J?ghXAy!r1Vl9R!Tl31zC4uBFao*jUx(knuk|C
z1{{X5G`8hfYD9;!H^hw06Nv9uxrrqv^l)g710i$Qy3X_Gsj5Q%*OzO15X1|qL1+}5
zct|BI(;sKoV0H~n-_6x<pL*f}1?3IKBdkCXyVrUkH6WtF`s`FAdC|4m)@_-##m?E1
zHDo`-eyMUgz`^9B!%B0xurl#<Z=f`n3xppNjmBi0;zqq;w>MWUY$hH?TeY!J06P}B
zuKk3~Rl_cfetI_mKWD2LH~|>l!07E^*aBedC9EVAC0iuq7;>@eM@J~B7<Mo)lpA5K
zP;qj9DA<<vDcXz<sJ?{njZ&`L_3F`aM<{OvP^~peH|uW;i;%ocV6g50ZI^4KIp-Se
zv6K11!>ewZKI+=Xidk+bp!=H}Ad?Gor8e|02W}#>9vY<w{4^V^DLmzx?dLfwd->LP
zL4vssj7e0(Jy`pu>y=yZ8C=+@cQvo4D%n=t#&rpP)Am{{f@j-wVXJas<@=oLhRkrW
zthM=NP@0%AI=c8FbL89!Z|F$0xKg=!MdMtpm$pmN*F$Ofiw3GhoI|x?-qkG}Dl=2%
zNu`Q2KF3Nqe~6fb^2XxcaYn70ppV&n*y_BWwjxU$2G|TH17Wd?$J3cyTP#EEp`x^#
zWh$XA)AYhRR1%nF&#I*l7o(!lI+g%0cem`qOT^09H-!#%M69d+BeaGcDxmGqXTOTt
zV|2@k&j#%_;SO??EA*VXvp=%g){|6;HxA_omX>R)D2sm0lE7!r=8V2z(^|O?iCMle
z!U^D-HaJ?A+Ba=s8e*y~eMbIC$bywu&EVA-kl`U=Ucmn$=9`ckKy)Qv6E+*3thy~o
zjlbvTIg1&wA7nXiKVew<mjajkNXjHc#qW+Pz^~<sM}}cq5e2m(QR1azNVgo(=|o3f
ziAxBI{Mia{5_eyRX7y9cD54p4%PC?mJx{S33t*#Sd${~y(HbNLSF;GBC})*_1xS$;
z*5Z2c&HU^_tu0c{maTn};8!jzaYP?i47r|qz7zh%%RO{%8Jly7@XPBJ3r_rjFMY<4
zk^-z##7QZ8pMo>#Ff^Pm>3m-$H}g!~`H?pF6PkTFd)XGmBF)PL`av(RU;$uueO3CZ
zDt2y?|E9|fGz0!b#9$v(`yk`(FGt{F3VM&O@BJ81P#_@8{~?$KU0j?jja*$!{~XQr
zD!THhf@r)m7#PD>hV?~XDJiYAi%8QgWMIA!qe#M9S*2fa=#raCwl1H@Wn5L?l!~GF
zf94<dFmL?`(Ex9-657n{zMtuRmc@PjG%=wMvbLp)!q^8-CL?1IZ@8)90&WjoGR{92
zT~vfc&Tc!XrVY5%>98^g-;6rFddxGutfIDAvt_ebMH}Xd&z>+<_v}%s8oYn3LIe{>
zksQThkR3IOHuS|C@h;+NomXQbyTmpV+Vh=C1e`nlx|%ZyzI0!TF0xsm`e<k%SmGVA
z>0EW<<?2V4o=oA(8mrSn?AlT0+-AEKEjI~ZR}(Fug*U-^s8`ZkmLRD_G(TLD;F_n|
z0(`N(j}2$lZ@_O}x0^4#SDnS#kxbH+W-06We#_-TJ{u<+vS<9g6Ro0;ff{oBbrVfI
zk(Kb&j6ui?IQo?~?K)gu3v8~M6gk6mbx5}|o11Ld9!C0#UQ6FH;-Hw?Z56rf6j_*B
z>&zqkKnKX!aaCyHv=|qSQ>KmNcUEB}=&tbHrEV2BF^>V*?$1jd?0)n?(>L=KuJujU
z?YOw{?9+$*1nytw#NzCdwOb9m(q}(gCYVyVI=@ccFq|rXyf5s~b@3k69gJIZ6MpEp
zseygzI<g0q;jdv?D?q0hscW1Bdy-4QI-B9Z=D@6xDOg<p4CNu=hC?la0oO$s2mP8>
z!hitF&#>D2%&s*U%8?A@km2buuC?Chk^jL5Pr^@nw<2+;0{(QxdH4MBjtAEKWTF)O
zh5&d%ZOB<H7sq#CsL1@CcyA8rHc;Wa;#ZoyGd+<@q<Xne5#5p7rWfpDh=w@0Eb>!4
zQSa4eM(3YX61w%H!*5<}`400K|AQAR${E`J-Gl!N^JV?v!^*JBbmc@Opn<t04Jusu
zD8f<_XvFDgvjP{MEm?KK4d2I3=4btj=&^hm_?`+P-T6s&3!++v&PG>w??-v}&rT-v
z*E_&GfUdaM0L>p<SOd_#4>b=&O%yIcou&BF>?T-?Dq11h0O63WxG20U3>&Bd2P`uZ
zj}&)pf`$B#K@AQc{Tt<#AxnsR%g$lXD;Y$XH7V8PhY*DdTngfQRUwxn6e4T`qm1wt
zXk<8=q9uWr>ntA1bvmR$v7Lzl)+*d89mQl*cG9~1iMm^Km~={*<uCEnY{d>UJ#|6Y
zqfCj36S%GmySn;cCEzNxNnA3f!M~)oyVTbWFv#F~6JmSR?iX!Qr%2Q@41VLYppG{R
z#(e~ylYL)}c0;XSwC$8jj#f=de#%mlO&3<Yres3q_92T5pSNVdWmE0?ru714h^|!Z
z(kg7XhC>t?Sv@E>zmqq?pnq`gbQxw?x3>I!@znshyGB61zJ`rEgCzVaz*+~*4NP>S
z2Zanjv%cH|8N>8$M*roo;T}otuDSwbwo5JmKbntr<K@o{=EY`vX@MA5cs|bN(C9Vh
zinAQ!6}JqEp7t*-taW}ed7<Vf!r8B%pSJNPfj0Rp%7uolaDUhtTa@7kRhM3ZT@oi6
zmqc%nV;SFV>lNMC%}FykBMBnn6e@<1RnFoWG$3<R<pO#<)4UVH;rZ!9;n36x-C4gk
z-KL+^bsz)sFrBQ<ukaecS`LQMpnY;I#SK-?OX$P^6T#;w{*qc)s`Z3K`c9?CfE5_K
zO!`W7b-p4TF-Eb<T(lU(8k`K(0aB7k5>uWib`up5pBKnK`|ya7gYVaOSQY#Zt9br{
z5C3<!?jKvR=zq2E{sFMmw3TNB&|Vu<KH1hm7irNdowpMy3My)Upx>y3mg9Cc83>I9
zqLkRCvZ(r8P4RCBjUR9vM8@zv6yQyeA5JGLq&>!;WM{sNyLWu|X6t<Od4n;)m;k$A
zT$zM#R#H>-Tvl-LY*j1rl&zVS9kcnd)L{Cl%ry0?)>z91JJ8@lnj=^c*qy1jP{|3L
zGg)JxzA9EymaR0b$1uHyir5UKXFV<}!o9UAL+dkqXa9BrgaDTaH(RZ=mAN(+c4)u=
zlQI^OwrB~Ca0cPr`A3x7z5c8iNvv+l-q?+9hGmLPqyZ%OjizAKFh-qoxRA}*+Im&r
zK?lY(|H?MSoie5BAJoUytaHP~cj-bLAs!&xD00Su#9K*aNCn*tdl0P{J=mG>8=1k^
zO<fN8V7meH3bMW<dF)a*bzaS54Yl14<>hw}l`Wf1700)*murX&-dHJE8iA-1k`ko7
zNG?KXl4QVAw+@JrXNncmrF8owU=*cvQ(!rO7^<dFB|{6dP{B=KVhJCjT}i#7STaK1
z)2>*jCN+z6;@9h)T$RRf3v>W`CfUM`aP36YLHnvQl*lpPao>>tI;HZ_W}DtZHmmh<
zx~9r}xe4|VZkZA-Rq^<K6=Q{~{h>t(ZkEo%t$LM<w>@n*K|?cNKhp3WrFQ3Vo$8pq
z?U759-Cgx%&s&1W?&{|(vNz=pl`mZ7%OW1jyZFP^+FDWefxL71b~12>b`sOn^<v^J
zCoEu<77URT_xv_Ia$i^09OUk}(xx!ZYS+Fk);A3in76slPNl<5O`W0e1g*iPAa;DY
zZm(jfVx>3!X22q=sy+P+2K%_`9!<Pxe&E0f+{eXt%2xcl^_@-no=e`BUjW@K;ihO@
zmh6usIL|Dgf&5*1X4C5o7hlZ4nj|L#wIJ{YX}!eo=~u{Uev(p1HEb_OKCsb}>{*Ds
zLD;q3-w@=wrwTz#r&Y&JC+IUiYl7nw3w3eu%A-!f1WNq`M;T{Y>CVI_J3-kX&CZ=D
zu03X@Zz~R20C;j1VnDyq<#87d*M*lLN%|A>=`&<53igHKXWncYr{L``?}S0KA+Pkl
zAaIfdg1y}d{HT#A_{dX85z{7!afUx}@r_$T;f3yu=n$;LXhQ$Q3boEx*`>Q=S)&gk
zf`eeQW<;oVaX=TtkEdIieYr7sKs8)8TBbqhOJoTTsNB?B#EM#QDm0e!%w7Rc$Xz`Q
z5-MmP7q|w7s0R@Jsr?c2&pSYoZ6ngkd*nO3_sDYpuXlhyLSM|)&iJ?Sfj>A5g^}O-
z+3`Zfmq1aV?4E`1gJT`$P<PP22w#DnZM9V4X*=O1q7n`SAZ`>OSqhY?DBORGnW`{z
z<L_MK2U*$vBu?&N4wi;#b`(@Q%Wjv7o8(boEZrin=m;B^?bnijooREyDF;#2c%&Mq
zyf%4lRnED~f!TyVMW-o#tj~73Kn_MMB8)rdFl(DH)p}cC$GMbrD`udjxvhGXkKv(>
zhPay-R`J%I?4NfP79*<rqa|5dli-pB!c6sm<hZA$du*&5agRG-(;xuVghM!5*CaLC
z6BtpW=Lh!ZMN^u|UHPqlGv@u`_+KyDKeu(t4$C5Z5JUoQRzJHM^$*Z~HDR+eu-*hO
zN}MV%*V0Ph%LoDENMxwFJj>qkZ6}lmvE~rkC0&40rBmcdVe?s)nolUA)*g~%8SKNH
z`aaumv&zVYWH|prmqSAR+HF16ER@*r^{w(TgkiN`TWR^h0M6huvL7<}0q^TyAi0BP
zldaP`m^lOo0b%(MZ}ivtnvCUl`zI;?j>+Hgj2)&RnkaZB^pcW^qKpsaW<a%s(ncOU
z&RTJ+Ft-VRdKN9!+YqKc%Y%W>ojCTn9J^8mh+)ENv-5p6^L}>w)6+yu4hWyYst6=0
zWG#jm;{XGu7;WpAF9ph{23$;h#r=}4&x3N>A^>Atrr1mJUWrm49RUPSu;LI<8sHW-
z|2}W)zIQ`7X}7O-W(1Mi-G0!L9SUQlbUkhpciznHZMKG-Q_~;=wJM`sL_YM2kw=*@
zd*vqslzVs?O^?r^0OmKC73ASBCKSnrT?SWjq0l(_;<M#NTKR)_9+S1lj$}b<^*XHx
zI;@w_G4P`r9)X%dBa?Q`(Z=^ebP358=l8O?em?T|2`%{;>&oUYjh`GxS`9Rg2>lcA
z=dNIc-MC#KdPQU*x4s>-i_UJy#xN<@Pj0R;#+cN~CoDG6qW5Z@+Fg|eC)QkGW7w&S
z^0h3b7Fz@Zu8WRksR^0UR=VXGynPvaZ#F16t+HWC&ILQ@v_HhOBD*%JwpxO)+og1-
zy|>@B#*yBcY%Sh=BP@r3((J(H(EDmZhaj?opbKV?rFLdi0fB1`NMNaCnG-Kjcji^b
z!Kp_RT5<}ld&BxvR(lsDAhJxLE=7rE3Cb){MYDRt9Jom(%2r7;MB@+jBqa#xe1kVL
z#5+1ObA-8poo&q#<p5hXogRymB#i~o2W~v!tnn{MY)Y#1!TBD6>J^J<t0btTC6!)E
z%a~joN`;rM<B`M^eBiq#%=scp6CisQ`%Rr{-D@~Szv@}&47WJ62;MDOzEtc|OFc<p
z{+Q`g%Q||+R^@obMiyUe9JKEX#Gj+`5HJfG{O-fW?|}S&7|QuONAyo+B^lH2PW%s`
z+)iCkMFb69(5BP{{G)|bSQwHlMr6RowF|dpO5OLdv&7k)jm{}dcs{J07sUbY<tP;i
z>W6RM=PT{{`zzc}*9(p3AZj&6q#?v`mQcM|hFIKa;(_eJWtWXf!iSc?I9B~%URj2e
z`W!!qgDN1F1rZQ>BOT8#<i2;4;!92KTuFSwzl5(8?wp>F?=F*Ur%o@F-G@7q{7j-f
zi;}%_KDzG&nSwn%klu?`rGe${fWCl59`tSCIR7w&Y5F-SvTf4dl3xMPU{POKb~b{*
zsx{n7v3joPt4fWz;@548i`rypINdEP!|1@jQD3%yDM#cpLzI;v<n4-m*R?1~<2(ZB
zRcX5n*c4rRp@82N{6V{7rh%=Ja}m-rBlx4SWyww3Qx|qRLolfc-_`e{`|?;g;9j&y
zFxip)LS$PYxPy~opswl(xi{Whu+B8_xLhs6BAXXVD_w@QxP{~%jQQc!m=cd+r>tE#
z>*#!xVV!&DES!Ah)zs+6*)P_QF5G0ZgcDo<vRwLA>-{c1gUMrHYI`oem(w!)b}EOk
z>yXF{M`PjwG>O(Ge(AB`9H_ZQ+vFr3O+W)n%I8D9?tK@CH#kn$?8PF-HUyHT5BpI{
zOe;2Fl<~-CQ?gP4n;0)j(>Iej!E!T&j`5=!7#)GW<R3%0ZwS6b;kh54y5Lg|0VK`n
zj8SyR(?~4QV+<L6xX?TBLgig_;~ffC2W@m*5fI}==!XV97W*%y2eD)~UnHsBo=wp;
zd5(w7--gVM2@tyn*uK{I#GgyX)3+)-2aICs@ULpo*V@EeVTJs({?M<%*JC834iiI_
zSCe?bLMLI3oHAhlXSXKn!a;C;-;zV#FS`G*HUD#p`P0Nh)IUuQ@Uz#Dagx@5{eL&_
zfTw60`P=Xf*83R2|L@Gg_D5z>8BzL;?a2ZsPm=*5CE9{RXZc{_(-{~hpimA<7cUf{
zYd%dLbS*LF^7VnrF94U#PDMwf>V<M-IYBWfJVwQ|#o76svt*)uCa2Tq0eS<2;8237
zl-Se&BnUw9l55$}WDP-*Xm)C<t@6vcrn_hk<wNgA{^_FA7h+9HyF&@m0zvlJkZuP1
zC$sN{nq~|84U4Y$kEeIA!q;iXiS8j3#)YxOgXQs1wI|RiTL9D$qg@csOs!!f=w2K#
z0G?pB;f=c_Kr1Hv^B`;ze#eMxsJHC3q_4O}t;)){5t=d106bnVcyFTA;in`sO0aHS
zWlB#nmjV<RQ>?8`!4L=~4-HL!a;oe;7<dZ!%pObNp+6OgaJmp*EYr7R{L*nof|)dY
zOYS{mDo{FK(?PUxD-QDwo?`5)&f-{XS^~T9s>sK>tN{ov_>kfU_XiqSN~=^>hEPwY
zx6h^4Bz2&zw6^QUlb)@#ZDO>6+6VUyQU-e8Z<LoG!=<?}46K@LHejoiZr@~n+{o6F
z*_EXW?tko+*_?#*ImWF|C$2wY2k&+0zw0v_tc=JVI7Se?LSNq+$3V2X<whtr86oea
zSAUh)`|`<_N(boduP$nyXQxfi=D}??ha0Eps(6hphmOEr)6^epd(&ugbzuUOnX~iK
zaRc4bD1AP3)q8F|`3O2&?nm*huccBY=H;X}u!pF8BzyOPc&rx~OWSFfTX7bQC#(A=
zQ^GDeNXlQR$VA|s4XuVx03<0))60#J@Kw4gDu)IvSeQ=_tC-y3|HNG)bI8gLQgnb~
zKd`((aY(3QR+THjz~oM>6fj>C&R7<w3s6rj98(1P;;F|lM+#{ju__JmO38?A2-ktq
zIbATwmXlzgf9NN(a>sQK+p`nN;^?d}N&be#T-`VNsN-iwh>7a)DBMc$f=U9m2vzAH
zI`4=mZ9r=667Lh~PCGC%I_}$Zpslm?6oj6JWd(9yP+`gwHjiE*23b@CyrqmE=nae2
z8w<nH|I1NGNDgnI*?T~({$HTlA6YI*S^J$n#p3-9s-;9whC^#1*I^nU6Z{6%BBl!a
zL)k1mGVBK3e(0rVg(SZ1M9|~-{Ed8CKe4N0`OrhgopSE9=VRXS^0GfD4`Tn#mL!M~
zOcQQ9)j$K#Q?<ICjS7ptSQ*h_aW#?OO<F=B1pI=3IAW1vSfRp4M-<xjVMgc!hVW%#
z&UFCqg^spp-bOa<cnBfYlX8LIS9gH25-TZzSZLLS5m<NT4nsc!sj8x-x*}NzsF}k=
zS4GH^M;C*C$U=aE9OY9Szy~tn{;B7@uJ1DlyOgVJuUqqaeTE|Ci(REoCtb7I7BK;K
zYU2eKTp}%4>#`%BH<Cjsb>8=sSvgY=I~}o4K&?fiRGBuZh#ftK3i5^ZLZM2Zp4e4H
zu0X>UI$uYZy?W7~Tec}Q-*3A%&lnMl_(}$BW)s2<zx%O!u?{E3U0@~Kn~QR}85u6+
zqchMXRbf{8j4B)e_`7><y8+I<@>hAjpE5;)e3adM39>>|HuYYLJC>WXUaRPGu`@%W
zJ*ex=oC~~cECBJ(lkO`5iux=fvv6FH^VsueB<~n4<L2hsih3eN?2#sl!l;>)s}l}Q
zRP)?dKlq96H+WY1!Zb-LP5AQJz(a^TL#>!L>D)lyGNGGf47H{v@MC%<8HoHPja<pA
zY=U*2l|q3ROwi_t#G_Yc_KJ1kp_h8!^~1brn?%4JrI>iy+~Sb5jQPbSKRWZB4ROpV
zG0!z&_80Vuz%e|eniQ%vxA2r|6@TJ;c;|vyAoWOz!nOyxc#=Z&0&JOMyY<hm<Da!+
zEH@#M5`Ei$8`ORu9D5(z|826i3?S)x`R=!i@2vm-FuV76c=iXwB;;yo^FCbrdlINr
z{heQ8qph?pAWG3XqoiyHiOYbkbOpaD?cq3`70j7tNi;}znVt`L+X)&ypyYZ4dsd7#
zUuIz|GVR*jJvrkv@4WV1{GPGy-|+@|fi>}rgte7Ul@uOMf}c@Kj-TSHm9m@e^i@ms
zP}R9sb>Sx83Zi=heF};&h`tD0i*}3wXDn4sk}Gi}yhzQul6FXgFANv@0eOd82!O1<
zl&qtAssbs`l8lJ-AdB2MIk7?CNV0jh;kROjb%p`^o(udU!=SejYMgg%GStc~lJex|
zZ`;8jsUE9BgU{^rj8yut1~`F^J&bB}U-FQ^4msBo0EQq5B*hG;(Bw*_Q=@Uug2^t6
zl#<>dq^hMKjqQb-BE0=Z!&7@-#^sv})X=5NXIW+pu;QuF=O`O~akNK83lEn)3Njbv
zVi(E9+h!yH0xHy)cC=QNum@VhWp<s0SWIDYV16FXA*PM6;~082j*+0BOjrP0wCOQb
zs3|aAt^j5-qVw0aMVIxbfYvOEB(>bsVcYDt+`}`x46Z7nx}p_r?wuvfs$$1q{GViX
zC3xlCCE3COtqYY342Nu9_32uB;tppKOyCh?eoD^dy(V?;;*RloM&1+Ay0d=AtMUvp
z$E=pf2xem~MPKPz*C2)M6s7TEs?Z8BVND=jPbMEetAXxq3WF&2SrAZ6z<E$Yg8O|w
z9qjD6{(?b3_Tv#JK#?XEJwp<n(qL*gt)vE~Lxj&u!1myt1(xLwwSs@VLm-mkM<y2p
z<mN|iQMbU)#V}UIiZm-LkT8e=0~MtPQ|Q`mM%U3T=;@VQOD-h6-$^e!a<G2h_wfsl
zo_V7#+GFk5yh_5eU75l7Rz(T+86t5G5^XVrHDOgu*}O0TNLH~#V0hi&0SBueN3h!(
z5Q+PwDaILyH;e~i=<Cq|oDjkuBAtr!Zu7*gM7^jsKQBCS^<*5LnMa{LoR^5LlH985
z=a8~+NZ8_B=8#Tt0%^%ZN}?EF{zBA*<<SLUy;HTX{}&v^{zq}6s{0#7%c~7*Idee_
zN)k>&((oBvRD>o_BYdNd0|CI*L3=0%Q!Gg#iS6Sc<{Q_!(b<KG@8j@ZrE{*y2BBqQ
z)G&{&t?+uEH}9X>`Mo~g;dilQmxbj@3aSV*YhiIU{6cu|=D@r)&sgrcz}7O8UB21J
zN{=s%0yheyR$wK|Wduk(RCQ?Ax=gr3&>tF!|LiE~9Nn*-HnL!DXU%E#n@1_?5;W8s
zVz9+oni2%@1C5m_cDmh~Cz*k9*=h@<gI_%`#Cl8-1xP7Al(&&#J;r>j9okQ7CcfEs
z;-clevudI|o|U1u#_U0I+KLB`9F)N5F?Tbpe11fZ7Sd1ZgTjK87awH!fs}NDg4F{L
z(Tih8GBkPIB<dTH0#Ntp=%9RWQW@zu{0aC(pAw?0f!Qiz#goQ;bd-Lc?#7rkJg1$h
z#u%swVT@yEn5mW#t@qwN(sAsdj8b%uavw#zsgxnDHo50>fR%1$QM@vb3;boGONHPr
z-V*l;OO92HV_I^gWA_kUZeBjG)X!E1D#9!mz_pUiY+Iv6Wee+`Wv{h!ILZmx$kt>%
zd_ReO+b9!bNaEh0HKS5tnL=H7xp7#}R5vZgqPOqKDN~LCy2#$&LdtIZl3d7!g%Yv^
zc|Qj=qMOR?87W*8(~PxcZ8o*%*Z+~p+aC;PSW*3Xai+*(@|H8dsEQMP0ZF<Tt@Nqz
zY}<*kp3NFJd3(xi9L|4)ic-S_i(49um1YwL23Jj~9o6gr{7rqakGnytUBiuM32`ah
z7LMK6aRQY9@<2kgD|aRfw}@Z2{>CkXCQFQ*msG!-F9Eq5->U(9yfL+~L=9qtuGqrl
zN(C69i$ls19Yr8u_z>*Iq=k*(5N()q0v9^Yci1K**C78;OeBsQ)y3Vyy^h+BC|H$k
z)y9xgcQz#+xalXrGrcN$2OtRkMTn}kH8(YG4b?=@9Z>)~Yp_SU^|Sm-#p{;}k|@n@
z(GX?(hFJDYk(h+oF9AO>3-55DQ4ob$jp+o&wiOxZkZ2{@f@qS#<RPgAg~UuDJJ<hQ
zaLEb_K6$+-s_6d{kMKuB*WY;rt%lXAz_2h%lE9ychhb7-RK$Y87D^W%lyXXzC0kA2
z&!@-ZANS;^|B*+qf_a#1cek5(;rOr9y`NnzU(f~sg|sFN;|!iOa^UVE3tQ(ngVSn&
z?TqOCue87#p_*)Q49<57jE4p&3V(j7H@KSzTX^8$Ny3YMWm^PVf=o3OYb&XWX(w{#
zlBdCK?I3|vtva^FCA=p>dX?G-52lP^XOwO@kEqo~%jHHS+^;_}iI7?4<P+14wpw+Q
zE?z5+ss`Ju8d0w}q>9SiWNR?rgFnjXFt}e?Y<rzek0%>4j-PkZ0D$y3p@`dM#Ys+Y
zCB$NT^rhd?e}OUvyT_WRx00>{HKgX>X!W(HzdGT&zKLEZqoS~ira;V>6NVJe-&8Uw
z+gt9bjOd!$Creecr7+Pb*Nrnt(%{l#Cvi=o6O6~0jzqWnL7Ma4+@kejltsLbx3arp
z!O%OrVfR$MqaROB3|z^Zxe5*kHF|Nxa>xTA-Cb(~zu$bZv*bm1q5QU+UC_wDT<9Q5
zF@@pIyL>AwwUknJ$`0=UoTEM+?!n1s)PM=yDQ+*!xYPgtI=k+8D!)Ho$lfcLkacaz
z7D~y!h04fE>Q=7N%`U5qsEiQTmdLe<tgK{@>}+LaUbK<X@44UT>LGo9-}8ETdHnHt
zzt1_(dCvHJKIhHf;tOVP=12g0$9!gC9IqFvzIOuo$J-*ONy(k2JA;$i-40JlXtD7&
z*(ZHrz=+H8527cX4;WYDDP$hKeP1X9{(YXOK{uB_S7n)=unKKA-E`wSj6EdDa)Bd!
zG^@$^5&bP?rU0>~vpuH|2ftd$(`jCc=d|Uc=o0_YCH~B_&Mb65!hj=nQ9czV80K+s
zWnW=SkW{@8>QSRMU4THsfdO8FfcI&`{0v>eq^8vr(`9}}W75A5W(Njy6>OAx;lG>~
zBsY%VJ3DsGv8M&9#0ESn>zCAS5jMV#_3jdKMrYPT50zj0P`QK&5_=nKlO(lwlv|D+
zdyjEY+{t5YeI5TLOGb3PS+!#KE52H$iB~D`!r}#$6E%)&rCf;BlbDaa)(`wHS}75V
zy}iuDA4Wx1&vE_bbM4zT+VbzOmR?<SZPmNMU3C3{I8Alqdd?&UDtDJ86>&IdG`4N-
zd;bZUI@!S|)n^#S3i#5-%bDV)l*GRZn$Z>luH7Q962P_l5OD1VY`S(;30}XLqFF*T
zsLS-RQ5iZ42VQPV3y)3rOoz^ol;44nQHg4{i#<0w)syeSfl@zj|83=j_Nj8TrAC;}
zgKS9cN}+&Gv)omK8Fa<z5X5o>M+vLczI$W!iWsN0yM8mJBf;=S5|eq>PioM~u84qv
zGlw%|f2d|_1dA~qt$Ou3L#-~EF_~kAqsny}(cb7w?lUn=*K9i1EUK`?O%!l;<eOxD
z&t<{k8`4im3u9)ZkYiWAN2~A6&tWMZ&4furvvpsRtUTD@gx^EP@U<q+Z{T9*OR~FR
zKWMr=10-+p&*%;H5%HqR0N*a6K*F#0{kQ2=k#pnlGAcY8YZqhw1nnfY=7W&)-=|On
zRZ9JR&vUDDS1B-L)?yKfH(@NZ5$L`dxnUZ%StMdqqDaFM4{=V!Ow^T)^jOEpTB!<i
z9Ol0BlRS}O3)1JxNAID|M>1EuJV~gEItO$6Omowf`K9=e(MW@8+TL+W8kg|VOtkaz
z`$nzta`Rge{bulGdIWuIzCH=OOeFEitVyMSDWZwgblTfrZR#UPmPa-%L-issj2r&T
zFy5Gwe;#`2*OTcBhD1Dd>1mQUuN|uQlwZ<*g}*<sfswuc@rd;c)&UL|3rE7Oqqqeo
zZ3x6CLSmaDKgWKKz236^eQk~Cc293XaHY3ThL<{wMyOW3XRf_XE8?Ne?3320FLajL
z(~AZtMDwe-M4U*VjbUSWw)I9itn|awk4{g^vKD!XB7I;?6ef->ocx196bsr5#0Nya
zxkx0GU%n@L9EeURncdI{u{uZ=QDZ`;OtgrMH(Ng@Mg&_TS<qxtC6Jn1Jl|!(PhF|f
z*I7JtTg9Z1pN`F8mSI5vIaG@;|6Fuon1+!)s?MfxY-RpnvT>*WB+?*fl#TGNOWJLN
zA<hW4x1^ac<nbISn1{*q*G7`#j>qOjJt0A=m?<Hvyd>p;JGt~_z39rrr;32{ZU*MY
z)AnR1xmylC;~_o-g3@_sjyU>@T6f<k32)SYpeGCEvsZ~X8$n$4EN<t$`R*uuUE9kw
z)QL-=l~#8o&dDTiZV=|7zrW4Dl{UU?#4xY;hJutmInVONaiVA1ZtZ5d`<;YJxeY1;
zawv_hW>gPTNMB&H%<ek%v4J)9^MJvWjmLgvp+2e<YS`nX7b5ryxie>vu@JMR$ENE&
z5q@+1;Ds)zm$IZ5WQ;Ss3q#KOfuM;nt6yqg&zm$a!+cExg7~`OCc>l5mQRsof+ML7
zFFdbWJXUz0ScWmY@tsy2;<}_-BPE?)f61CVZcREabG}>g3KjjcNsH1s3Da`Jm3xEw
z%>idwGKJ#rMpcuI>8jLZ=yt)%W_w?TKg$>kQ&*!W5eJ9ViZAQU`~ae=xxkP;^cTPF
zZ}~wRd-b#L02dAQdU!aS!s*I12B72%lK?TZWbgf)?c*sC%(QXM-+GNvgH*Xrl3y!2
z(9G(q_^XNjc>|Ujp@|%rsum2US^8ZwW_@jOh3a;pGyKwC9x^!5gA~z>xKGyyDQ+Gp
ziob<^)ygCwCl=l(qLkV$p9^Ghsz7a!qbu{GBOR<N9I;$+%Wes0^vT6*)`WECD|^4V
zo9A4-)aN-iOlTt}F`3{x|3Phh4}W{3PFeNj2#5a3S(C(RlK|DzW**clk+9JM3bOPU
zZ;i-(DGuq}8JG;tJ{fgNrZAf%lf^#z;%wtn>+%8}rF#jbs2JkA3|h5M#Qkoaa2qLm
zC?t9IGmZY4c)LrovzmyeZsRENd;R2Zko{$Inlm<x(U6P-;R)`Mnr`9Ki+LmidKaq$
zrQIxtU=1?Y77*bkkZO4rKGIdg=3LR-h~-{~6r-`)uD~z;E9Qfc&`ggZeF>_fBGHm)
z@<)fhJ&l}cMiw~isj~HrU?)~^WzPD1IMAn`>}J$`daVSHG*ceYHGPW;O<oi?S8*@%
zoi%RwUWb0cT7x=;{@7>u-N^XM3{)Q;mfC+Hdh|Nhj&io>E7=<wJ@*Luv;O&HOqAUp
z{l>>2O>`kF&^)NRhn(uWdXhu2iH`EGSOc0x4rWj4wDP^POSB%{r~W$iE-I-{MSS+y
z@2j{Y?HLEG&#(8tOn>6rS8)`T4n56t&TE>%$~W7Ry!o^f8$7A3+dfDQ0n^_~J4PsJ
zmG^>c`>@x?K6ZFa<j^(iGsMxDmgZQOmKc|b`RsS^JoY%>5vG&%htwM})e%&h(>q~A
zC<Y_$Rolca8icx=6G_}C5rRhaPH<>B64wg6Nu(v^V-^*DWJdEyYYH+qu=cW0nO2;+
z7vt}9FXtGW422|DPSG`Q)2gd?Of^Er@REs>i}>=|1oQ0C-jG32QOgmi4Ndb8v_(9L
z^hBArD#sml7X=clXXQx)DKZ+KbDcStq(dWoV{g5I?8}NS3Xmh55FV`YJo&kP-Z{&1
zk*iUc!Im}2p@|mn0_q`zL$81s+G&zN{;8EjuXF5>-D6V)X#IjR8&`y*b3LV&m(&BJ
z=W|W<8Fa;6$DSP4pB0MGdSOg$b)+X$AEg$TbK7hgq1&OV#nO2t)6XnbtpE88&G817
zQcs`u1_C=T{ZHj?uLirk%tM_{M8(wRzA~B2jT<O8Tn`j@42i83aj6QsYFFiM#Ybsz
zlgoZht-f5wOkMgDxjc_SMc^|=E33w%$s=a$t@?NSg)~twNPTVBq-fKY-}!JnSacO2
zpyO+rZ#u4UbGgxjiePcPIh;!;I3Jh;$GLr#mt)&1Q3fFw1W&zmlW#-zl|za|RFx53
zB4*UCY@R)m@(Mlm!w9`vCAS$dHu%XBF;#eEeqRF_Z1TfMJpI{)(i1e<L`%&Tu28)k
zQn9>4J_;>M1!Co+hI7267Y<7cS?A=Mt4Id&9!d91W9!lG{F-$Mzt#RSYwOoLC-1kl
zvj0AA>u$YGB?RWc_rT8|=D=UF8r<r3Ru^q9|D(UQ;qvo&*s4*bNL^cT&$^@9a4bGi
zTH*PA{ZeARQa|&Al->iSS<yU6N$P#4cv>ea0ok=`bss*%8PhA}eUa~6n^)>)S#FDC
zT#&?G&#Bcj9;J{*-baK#bB}@t8P@h62(W^FUOLX49^lK!5!1MzzbL|QWinNdCqW^*
zf&{(x@klpPbX`G?o1iDG<FlBs?QA7)OorlA^84s+f0|YGsPSB5rf<llcwfHJr)v+U
zR<k3U!q%ZRulU?TufP^0ACJ8VYb)+7C>6GvzUYh0v5`!WYqYb@60^uG$X~r-gi`EP
zT=UBwyh}#Jmd@BCM=WEP(=a1AYi<c~={2pTE;)eT^@!Rf>jw$0O9KIs)Nn7)7%jjL
zbRAGg<p-7(kT~Y1-sKkQO5}BG5oc?wGCiZ~of_2c3)xKH3C@&J?ll#-#Q!KpN&6N}
z>f=cg>z+_&BbT0j6X}MEtB!6BK6**2ib*Hmew6N6V3AXYe_<shO3&5)wsvFQ*nzo@
z$3wBkxkfn<7Om{+aFeY9jxQx+^AIg4=<>z3_;Qo<Ug-nmrghSjoe<e@`H;pVSp*@d
zFtijC+7QW`f8-!U-iP?^)X3ao<>FqWK8%b4-goY&Ejdf~YtO7oc&m-F4(NEL7af1k
zj5af1GSLqe3X2jJ;|M7dw>mf|BRlyj_{P&>*r;$7;nz0kt-7~494@R3UDm<XvBm1_
zPRl`T4-T|@KV6qSsw+Idd?HQxR$Ty92W#}eeN@C-<3Ok)!OL;l7W?xEc&N;vg(Af8
z;^p@wYR8a*%0$WTvFENO6hu@Svk)gtv6#eq;GNgo7k<uuII!|q|Da1uJI|C+I+;Cj
zXFjcjb<PVZJYmhzIeY6uANmxb{>+5@<N$bQt3#kDX>}E>btr_8sFTngPdHuli~RK{
z3|CjOTA8<%V2AKN2i@w<hQ1|psX#tLJ3&<STMKCzG*kRj0i_93hF>&mXL7JJI&}S7
z$y@OZZFq|J;B<v__M(`RK+^rlc&ir6rf|cn-P3QlIEPSl*6$EZA7}XUYlGmYO;750
zEZu$l&~JjYzIb9^^WfB#A~ex3B`h;Wh{p6qX~D3csGz-1Hq)vvrL*pN33rOe4;P8`
zU0+iWnKF&{F<XhGALU)vz@KZ>p757Y7bBV`M$dA38F`oVABhMx*HW{|IhjJ<p;URi
zf-!**L7ha3idVfbeB4&ezK!e9nQpYJY$p%GN4rt^^c%*bQ1rFaUM3p6wjMQM$%@IW
zdj%RjPswqa%DguH`tiw>>=#m#T-icOip+JprMbt!ZG`NTGDQT?j_?F-o4}HX?tCp>
z1k*uUesEP`WUOZEZ05)n3VU@s1TiTUUDSnnS;bk*J+y#7%I2nuMF!8}XKS4#U%b-p
z3-We;?y9z?q)HZ)Ohbg<XJ7YPI?9*C8LyJD*XfTv2pW5k*Wmo^7=kCwl81^vUztrM
zmrP;q@M`sw9|=eB<DZv#RCLS5$GZ!vm)I-T>}CJD^zQ6@IFJ0q^r@lM28|&1E%{Se
zLD>?eqnrxB*N9D`#RfP2-B*dUy^e(2+FQWwG=&5jV45(IkFaN%^;*qcnf0$5nkO|5
zH69Y)LkgdmeTwGhwF`U7$Z&OHvM*`|G7Fi8%uI~)@=gGWd)k_N@#yh?Y7c|eZLvDa
zKMVDqx#QTUUsd~Q_A@|(H3RD^Z`kcgy2HEGY>UeBR$^?3XVU`v8<?Ut3YIt>c>YJB
z7*|uU0ahjXXTcgY1CN^`OuNxwRg-@ftkoyranou;L;25ybeooYu%@iQ67`!YFlGLw
z##mM5p9KqWdS`$wI>5WN<G?1=Kb5(^GuE&8*ltMB-;k>Rf`rTJ-iiqxMOYQ)p9R}e
zVqhowYZPs2GUNIgY>ZW9#u-a)H{M*ccB=vBCdNPggZMMZmWA&p9xeh2R&CydOuCZ>
z;O+48x4b)Go3fLJGnfJ_AB>~$2Da{hrPxtS7|a2dw8e3p17bse<=9E!7EA%wS;bLs
z0-x#b6v%C=t6+4n1S$^w{m$rrhXf0i;vhqS8E}UR1Ml;9*-~&N!HRG=L>E9OZfC@;
z`fy-8@U3thUfsdn@iy-Zff2!XVsVHp+&d!vnm&NW?{GsFj1Ru1hr^!&7K9yo;1~Y3
z?8=`fP%r`b1{IDVOJH|`-~1(i>L2js796~-@b2)qNpT|)0d&;`+z@aQJ&ws9xEZ!v
zPvMw0D1J|=2NQu4&v8Vlz^&+iNA&lP37ia$V{rklYwpGZ9$1^H;ox?FQ+06+#{kjw
z-59nFt<A(;Fa<bm5=X%(yF10-I|!W9h{JyK7wl~vw2|Qmu01%(3&#Kjwwb$i&^CsR
zlrJy?I2{Ma0Nlmcm0{zX_$@gHj1JCLz@f7$?T)^!{u{XqU<PoM7RTVLvOB}}A+!-7
z08@ZtXE=&;>bp~HYs5w*4a@)zYv34IVE-q>AKC!+LgN@(PVdg}+Z?;|1P*pf;=q}K
zf6nrMjnWM#CAfpY4kR2y$JrejfS%t_R@v@O+6umtD+LG6qq}W~ySYi-vcKGLtZaqF
l?tQ^$K^$y}!M}yYoeZ@#_W`>)tgnZE&k%6hQ8|zO>wn0`31k2O

diff --git a/local_lib/io/gdcc/xoai-xmlio/5.3.2.1-local/xoai-xmlio-5.3.2.1-local.pom b/local_lib/io/gdcc/xoai-xmlio/5.3.2.1-local/xoai-xmlio-5.3.2.1-local.pom
deleted file mode 100644
index f7b1c608c05..00000000000
--- a/local_lib/io/gdcc/xoai-xmlio/5.3.2.1-local/xoai-xmlio-5.3.2.1-local.pom
+++ /dev/null
@@ -1,63 +0,0 @@
-<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
-    <modelVersion>4.0.0</modelVersion>
-
-    <parent>
-        <groupId>io.gdcc</groupId>
-        <artifactId>xoai</artifactId>
-        <version>5.3.2.1-local</version>
-    </parent>
-
-    <artifactId>xoai-xmlio</artifactId>
-    <packaging>jar</packaging>
-    <name>XOAI XML IO Commons</name>
-    <description>Basic XML IO routines used for XOAI OAI-PMH implementation. Forked from obsolete Lyncode sources.</description>
-
-    <licenses>
-        <license>
-            <name>The Apache Software License, Version 2.0</name>
-            <url>https://www.apache.org/licenses/LICENSE-2.0.txt</url>
-            <distribution>repo</distribution>
-        </license>
-    </licenses>
-
-    <dependencies>
-        <dependency>
-            <groupId>org.codehaus.woodstox</groupId>
-            <artifactId>stax2-api</artifactId>
-        </dependency>
-        <!--
-        We need an actual StAX2 implementation at runtime (thus the scope). Yet appservers like Payara already ship
-        their version and using it should be just fine, so we prevent packaging the dep in the JAR via <optional>.
-        (Someone might also want to switch to another StAX2 engine like Aalto.)
-        -->
-        <dependency>
-            <groupId>com.fasterxml.woodstox</groupId>
-            <artifactId>woodstox-core</artifactId>
-            <scope>runtime</scope>
-            <optional>true</optional>
-        </dependency>
-
-        <!-- This library is not just used within tests, we also use it to match within real code! -->
-        <dependency>
-            <groupId>org.hamcrest</groupId>
-            <artifactId>hamcrest</artifactId>
-        </dependency>
-
-        <!-- TESTING DEPENDENCIES -->
-        <dependency>
-            <groupId>org.xmlunit</groupId>
-            <artifactId>xmlunit-core</artifactId>
-            <scope>test</scope>
-        </dependency>
-        <dependency>
-            <groupId>org.xmlunit</groupId>
-            <artifactId>xmlunit-matchers</artifactId>
-            <scope>test</scope>
-        </dependency>
-        <dependency>
-            <groupId>org.junit.jupiter</groupId>
-            <artifactId>junit-jupiter</artifactId>
-            <scope>test</scope>
-        </dependency>
-    </dependencies>
-</project>
diff --git a/local_lib/io/gdcc/xoai/5.3.2.1-local/xoai-5.3.2.1-local.pom b/local_lib/io/gdcc/xoai/5.3.2.1-local/xoai-5.3.2.1-local.pom
deleted file mode 100644
index 04d71ecfb71..00000000000
--- a/local_lib/io/gdcc/xoai/5.3.2.1-local/xoai-5.3.2.1-local.pom
+++ /dev/null
@@ -1,235 +0,0 @@
-<!--
-  ~ The contents of this file are subject to the license and copyright
-  ~ detailed in the LICENSE and NOTICE files at the root of the source
-  ~ tree and available online at
-  ~
-  ~ http://www.dspace.org/license/
-  -->
-
-<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
-    <modelVersion>4.0.0</modelVersion>
-    <packaging>pom</packaging>
-
-    <parent>
-        <groupId>io.gdcc</groupId>
-        <artifactId>parent</artifactId>
-        <version>0.10.2</version>
-    </parent>
-
-    <modules>
-        <module>xoai-common</module>
-        <module>xoai-data-provider</module>
-        <module>xoai-service-provider</module>
-        <module>xoai-xmlio</module>
-        <module>report</module>
-        <module>xoai-data-provider-tck</module>
-    </modules>
-
-    <artifactId>xoai</artifactId>
-    <version>5.3.2.1-local</version>
-
-    <name>XOAI : OAI-PMH Java Toolkit</name>
-    <!--<url>https://github.com/gdcc/xoai</url>-->
-    <description>An OAI-PMH data and/or service provider implementation, integration ready for your service.</description>
-    <url>https://github.com/${project.github.org}/${project.github.repo}</url>
-
-    <properties>
-        <jdk.version>11</jdk.version>
-        <project.github.repo>xoai</project.github.repo>
-        <skipEnforce.pomcheck-warn-is-no-error>true</skipEnforce.pomcheck-warn-is-no-error>
-
-        <!-- Dependencies -->
-        <jakarta.jaxb.version>4.0.1</jakarta.jaxb.version>
-        <jakarta.jaxb-impl.version>4.0.4</jakarta.jaxb-impl.version>
-        <stax2.api.version>4.2.2</stax2.api.version>
-        <woodstox.version>7.0.0</woodstox.version>
-
-        <!-- Testing dependencies -->
-        <dependency-check-maven.version>10.0.4</dependency-check-maven.version>
-    </properties>
-
-    <licenses>
-        <license>
-            <name>DuraSpace BSD License</name>
-            <url>https://raw.github.com/DSpace/DSpace/master/LICENSE</url>
-            <distribution>repo</distribution>
-            <comments>
-                A BSD 3-Clause license for the DSpace codebase.
-            </comments>
-        </license>
-    </licenses>
-
-    <build>
-        <plugins>
-            <!-- META -->
-            <plugin>
-                <groupId>com.diffplug.spotless</groupId>
-                <artifactId>spotless-maven-plugin</artifactId>
-                <version>${spotless.version}</version>
-                <configuration>
-                    <!-- optional: limit format enforcement to just the files changed by this feature branch -->
-                    <ratchetFrom>origin/branch-5.0</ratchetFrom>
-                    <formats>
-                        <!-- you can define as many formats as you want, each is independent -->
-                        <format>
-                            <!-- define the files to apply to -->
-                            <includes>
-                                <include>*.md</include>
-                                <include>.gitignore</include>
-                            </includes>
-                            <!-- define the steps to apply to those files -->
-                            <trimTrailingWhitespace />
-                            <endWithNewline />
-                            <indent>
-                                <tabs>true</tabs>
-                                <spacesPerTab>4</spacesPerTab>
-                            </indent>
-                        </format>
-                    </formats>
-                    <!-- define a language-specific format -->
-                    <java>
-                        <!-- no need to specify files, inferred automatically, but you can if you want -->
-
-                        <importOrder /> <!-- standard import order -->
-                        <removeUnusedImports /> <!-- self-explanatory -->
-
-                        <!-- apply a specific flavor of google-java-format and reflow long strings -->
-                        <googleJavaFormat>
-                            <version>1.15.0</version>
-                            <style>AOSP</style>
-                            <reflowLongStrings>true</reflowLongStrings>
-                        </googleJavaFormat>
-
-                        <!-- make sure every file has the following copyright header.
-                          optionally, Spotless can set copyright years by digging
-                          through git history (see "license" section below) -->
-                        <!--<licenseHeader>-->
-                            <!--<content>/* (C)$YEAR */</content>-->
-                            <!-- or <file>${project.basedir}/license-header</file> -->
-                        <!--</licenseHeader>-->
-                    </java>
-                </configuration>
-            </plugin>
-        </plugins>
-    </build>
-
-    <dependencyManagement>
-        <dependencies>
-            <dependency>
-                <groupId>jakarta.xml.bind</groupId>
-                <artifactId>jakarta.xml.bind-api</artifactId>
-                <version>${jakarta.jaxb.version}</version>
-            </dependency>
-            <!--
-            This library is meant to be used with a Jakarta EE application server, so we do not include
-            the runtime dependency for JAXB. This is only necessary when using Java SE standalone. We mark this
-            as scope runtime (not necessary for compilation) and as optional (to exclude from packaging).
-
-            (Usually you would not add the scope in <dependencyManagement>, but as we want to provide a sane default,
-            lets do this anyway.)
-            -->
-            <dependency>
-                <groupId>com.sun.xml.bind</groupId>
-                <artifactId>jaxb-impl</artifactId>
-                <version>${jakarta.jaxb-impl.version}</version>
-                <scope>runtime</scope>
-                <optional>true</optional>
-            </dependency>
-
-            <!--
-            Some XML handling is not done via JAXB, but by using the Java native XML Stream API (but StAX2).
-            We are not using the JVM included parser, but the most common standard parser Woodstox.
-            (One might want to swap that to Aalto if more speed is required...)
-            -->
-            <dependency>
-                <groupId>com.fasterxml.woodstox</groupId>
-                <artifactId>woodstox-core</artifactId>
-                <version>${woodstox.version}</version>
-            </dependency>
-            <dependency>
-                <groupId>org.codehaus.woodstox</groupId>
-                <artifactId>stax2-api</artifactId>
-                <version>${stax2.api.version}</version>
-            </dependency>
-
-            <dependency>
-                <groupId>io.gdcc</groupId>
-                <artifactId>xoai-xmlio</artifactId>
-                <version>${project.version}</version>
-            </dependency>
-        </dependencies>
-    </dependencyManagement>
-
-    <developers>
-        <developer>
-            <name>Oliver Bertuch</name>
-            <url>https://github.com/poikilotherm</url>
-            <email>xoai-lib@gdcc.io</email>
-            <organization>Forschungszentrum Jülich GmbH</organization>
-            <organizationUrl>https://www.fz-juelich.de/en/zb</organizationUrl>
-        </developer>
-        <developer>
-            <name>DSpace @ Lyncode</name>
-            <email>dspace@lyncode.com</email>
-            <organization>Lyncode</organization>
-            <organizationUrl>http://www.lyncode.com</organizationUrl>
-        </developer>
-    </developers>
-
-    <profiles>
-        <profile>
-            <id>coverage</id>
-            <properties>
-                <sonar.coverage.jacoco.xmlReportPaths>${maven.multiModuleProjectDirectory}/report/target/site/jacoco-aggregate/jacoco.xml</sonar.coverage.jacoco.xmlReportPaths>
-            </properties>
-        </profile>
-        <profile>
-            <id>benchmark</id>
-            <build>
-                <plugins>
-                    <plugin>
-                        <groupId>org.apache.maven.plugins</groupId>
-                        <artifactId>maven-surefire-plugin</artifactId>
-                        <version>${maven-surefire-plugin.version}</version>
-                        <configuration>
-                            <skipTests>${skipUT}</skipTests>
-                            <includes>**/*Benchmark</includes>
-                            <systemPropertyVariables>
-                                <benchmark>true</benchmark>
-                            </systemPropertyVariables>
-                        </configuration>
-                    </plugin>
-                </plugins>
-            </build>
-        </profile>
-        <profile>
-            <id>owasp</id>
-            <build>
-                <plugins>
-                    <plugin>
-                        <!-- https://jeremylong.github.io/DependencyCheck/dependency-check-maven/index.html -->
-                        <groupId>org.owasp</groupId>
-                        <artifactId>dependency-check-maven</artifactId>
-                        <version>${dependency-check-maven.version}</version>
-                        <configuration>
-                            <failBuildOnCVSS>7</failBuildOnCVSS>
-                            <skipProvidedScope>true</skipProvidedScope>
-                            <skipRuntimeScope>true</skipRuntimeScope>
-                            <!-- Use SARIF output so we can upload to Github Security tab -->
-                            <format>SARIF</format>
-                            <suppressionFile>owaspSuppression.xml</suppressionFile>
-                        </configuration>
-                        <executions>
-                            <execution>
-                                <goals>
-                                    <goal>check</goal>
-                                </goals>
-                            </execution>
-                        </executions>
-                    </plugin>
-                </plugins>
-            </build>
-        </profile>
-    </profiles>
-
-</project>
diff --git a/modules/dataverse-parent/pom.xml b/modules/dataverse-parent/pom.xml
index 80d4ceaabe6..d61e2eff795 100644
--- a/modules/dataverse-parent/pom.xml
+++ b/modules/dataverse-parent/pom.xml
@@ -165,8 +165,7 @@
         <apache.httpcomponents.core.version>4.4.14</apache.httpcomponents.core.version>
         
         <!-- NEW gdcc XOAI library implementation -->
-        <!--gdcc.xoai.version>5.2.0</gdcc.xoai.version -->
-        <gdcc.xoai.version>5.3.2.1-local</gdcc.xoai.version>
+        <gdcc.xoai.version>5.3.0</gdcc.xoai.version>
     
         <!-- Testing dependencies -->
         <testcontainers.version>1.19.7</testcontainers.version>
@@ -419,15 +418,22 @@
             <id>unidata-all</id>
             <name>Unidata All</name>
             <url>https://artifacts.unidata.ucar.edu/repository/unidata-all/</url>
+            <snapshots>
+                <enabled>false</enabled>
+            </snapshots>
         </repository>
         <!-- Uncomment when using snapshot releases from Maven Central -->
+        <!-- Note the new - as of Sept. 2025 sonatype url -->
         <!--
         <repository>
-            <id>oss-sonatype</id>
-            <name>oss-sonatype</name>
+            <id>central-portal-snapshots</id>
+            <name>Central Portal Snapshots</name>
             <url>
-                https://oss.sonatype.org/content/repositories/snapshots/
+                https://central.sonatype.com/repository/maven-snapshots/
             </url>
+	    <releases>
+	      <enabled>false</enabled>
+	    </releases>
             <snapshots>
                 <enabled>true</enabled>
             </snapshots>
@@ -441,8 +447,8 @@
             <snapshots>
                 <enabled>true</enabled>
             </snapshots>
-        </repository>
-        -->
+            </repository>
+	 -->
     </repositories>
     
     <profiles>

From fbd4ed2c2dcd80bf0853646709cee44046f77a20 Mon Sep 17 00:00:00 2001
From: Jim Myers <qqmyers@hotmail.com>
Date: Wed, 12 Nov 2025 10:09:32 -0500
Subject: [PATCH 495/634] typos, updates, references

---
 .../source/admin/big-data-administration.rst  | 23 ++++++++++---------
 .../source/installation/config.rst            |  7 ++++--
 2 files changed, 17 insertions(+), 13 deletions(-)

diff --git a/doc/sphinx-guides/source/admin/big-data-administration.rst b/doc/sphinx-guides/source/admin/big-data-administration.rst
index fd2316525ab..d0a74b47912 100644
--- a/doc/sphinx-guides/source/admin/big-data-administration.rst
+++ b/doc/sphinx-guides/source/admin/big-data-administration.rst
@@ -129,13 +129,13 @@ remote store, would be, instead of using URLs that directly enable download of t
 may require the user to login, or go through some other authentication/validation process before being able to access the file.
 
 Dataverse considers remote storage to be read-only, or, in cases where the remote service does not provide a way for Dataverse to download the file bytes
-(due to access control or because the URL refers to a landing page), inacessible. Depending on whether Dataverse can access the bytes of the file,
+(due to access control or because the URL refers to a landing page), inaccessible. Depending on whether Dataverse can access the bytes of the file,
 functionality such as ingest and integrity checking may or may not be possible. If the file bytes are not accessible the remote store in Dataverse should be
-configured to disable operations that attempt to access the file (see  files-not-accessible-by-dataverse). If the file bytes are accessible, Dataverse can still
-support features such as ingest and thumbnail creation in Dataverse-local storage. In either case, local storage of other files and auxiliary files in the same
-dataset is possible. Support for such files is handled by configuring a 'base' store with the remote store that is used for these purposes. (This means that while
-the specified files remain on the remote store, other files in the dataset, and potentially the ingested TSV format of a remote file would be managed by Dataverse
-in some other store. If ingest is not desired, the ingest size limit for the store can be set to 0 bytes).
+configured to disable operations that attempt to access the file (see the files-not-accessible-by-dataverse in :ref:`trusted-remote-storage`).
+Regardless of whether the remote files can be read, local storage of other datafiles and auxiliary files in the same dataset is possible. Support for such files is handled by configuring a 'base' store with the remote store that is used for these purposes. (This means that while
+files added as remote remain on the remote store, other files in the dataset, and potentially thumbnails and the ingested TSV format of remote files would be managed by Dataverse
+in the base store. If ingest is not desired, the ingest size limit for the store can be set to 0 bytes).
+
 
 Benefits: 
 
@@ -146,7 +146,7 @@ Challenges:
 
 - Currently, remote files can only be added via the API. (This may be addressed in future versions).
 - Remote files can only be added after the dataset is created in the UI (and therefore has an id and PID for use with the API). However, the UI will still allow upload of files to the base store (at dataset creation and when editing), which could be confusing.
-- As Dataverse is relying on the remote service to main the integrity and availability of the files, it is likely that the Dataverse site admin will want to have a formal agreement with the remote service 
+- As Dataverse is relying on the remote service to maintain the integrity and availability of the files, it is likely that the Dataverse site admin will want to have a formal agreement with the remote service 
   operator about their policies.
 - Site admins need to consider carefully how to configure file size limits, ingest size limits, etc. on the remote store and it's base store, and whether the remote store is public-only, and whether files there can be read by Dataverse to assure the
   requirements of a specific use case(s) are addressed.
@@ -187,7 +187,7 @@ Challenges:
 - Users familiar with Globus sometimes expect to be able to find the Dataverse endpoint in Globus' online service and download files from there. Due to the fact that Dataverse is managing permissions and handling file naming, this doesn't work.
 - Due to differences between Dataverse's and Globus's access control models, Dataverse cannot enforce per-file-access restrictions - restriction can only be done today at the level of providing access to all files in a dataset.
   Globus stores can be defined as public to disable Dataverse's ability to restrict and embargo files in that store. If the store is configured to support restriction and embargo,
-  Dataverse and it's Dataverse-Globus app will limit users to downloading only the files they have been granted access to, but a technically knowledgeable user could access other files in the same dataset if they are give access to one.
+  Dataverse and its Dataverse-Globus app will limit users to downloading only the files they have been granted access to, but a technically knowledgeable user could access other files in the same dataset if they are give access to one.
   (Data depositors would need to be aware of this limitation and could be guided to restrict all files/only grant access to all dataset files in Globus as a work-around).
 - Dataverse-managed endpoints must be Globus 'guest collections' hosted on either a file-system-based endpoint or an S3-based endpoint (the latter requires use of the Globus
   S3 connector which requires a paid Globus subscription at the host institution). In either case, Dataverse is configured with the Globus credentials of a user account that can manage the endpoint.
@@ -201,7 +201,7 @@ Challenges:
   Users will need to be made aware of these limitations and the possibilities for managing them (e.g. by aggregating multiple files in a single larger file, or storing smaller files in the base-store via the normal Dataverse upload UI).
 - There is currently (a bug)[https://github.com/gdcc/dataverse-globus/issues/2] that won't allow users to transfer files from/to endpoints where they do not have permission to list the overall file tree (i.e. an institution manages <endpoint>/institution_name but the user only has access to <endpoint>/institution_name/my_dir.)
   Until that is fixed, a work-around is to first transfer data to an endpoint without this restriction.
-- An alternative, experimental implementation of Globus polling of ongoing upload transfers has been added in v6.4. This framework does not rely on the instance staying up continuously for the duration of the transfer and saves the state information about Globus upload requests in the database. While it is now the recommended option, it is not enabled by default. See the ``globus-use-experimental-async-framework`` feature flag (see :ref:`feature-flags`) and the JVM option :ref:`dataverse.files.globus-monitoring-server`.
+- An alternative, experimental implementation of Globus polling of ongoing upload transfers was added in v6.4. This framework does not rely on the instance staying up continuously for the duration of the transfer and saves the state information about Globus upload requests in the database. While it is now the recommended option, it is not enabled by default. See the ``globus-use-experimental-async-framework`` feature flag (see :ref:`feature-flags`) and the JVM option :ref:`dataverse.files.globus-monitoring-server`.
 
 More details of the setup required to enable Globus is described in the `Community Dataverse-Globus Setup and Configuration document <https://docs.google.com/document/d/1mwY3IVv8_wTspQC0d4ddFrD2deqwr-V5iAGHgOy4Ch8/edit?usp=sharing>`_ and the references therein.
 
@@ -256,7 +256,7 @@ Avoiding Many Files
 
 Before describing things that can be done to improve scaling, it is important to note that there are configuration options and best practices to suggest to users to help avoid larger datasets and and help them avoid hitting performance issues by going beyond the file counts you know work in your instance.
 
-There are a number of settings to limit how many files can be uploaded:
+There are a number of settings to limit how many files can be uploaded (see :ref:`database-settings` and :ref:`jvm-options` for more details):
 
 - ZipUploadFilesLimit - the maximum number of files allowed in an uploaded zip file - only relevant for file stores and S3 when direct upload is not used.
 - MultipleUploadFilesLimit - the number of files the GUI user is allowed to upload in one batch, via drag-and-drop, or through the file select dialog
@@ -267,7 +267,8 @@ There are a number of settings to limit how many files can be uploaded:
 Ways to Scale
 ~~~~~~~~~~~~~
 
-There are a broad range of options (that are not turned on by default) for improving how well Solr indexing and searching scales. Some of these are useful for all installations while others are related to specific use cases, or are mostly for emergency use (e.g. disabling facets):
+There are a broad range of options (that are not turned on by default) for improving how well Solr indexing and searching scales and for handling more files per dataset. Some of these are useful for all installations while others are related to specific use cases, or are mostly for emergency use (e.g. disabling facets).
+(see :ref:`database-settings`, :ref:`jvm-options`, and :ref:`feature-flags` for more details):
 
 - dataverse.feature.add-publicobject-solr-field=true - specifically marks unrestricted content as public in solr
 - dataverse.feature.avoid-expensive-solr-join=true - this tells Dataverse to use the feature above to speed searches
diff --git a/doc/sphinx-guides/source/installation/config.rst b/doc/sphinx-guides/source/installation/config.rst
index 369a58896aa..6cdabcac666 100644
--- a/doc/sphinx-guides/source/installation/config.rst
+++ b/doc/sphinx-guides/source/installation/config.rst
@@ -1467,9 +1467,9 @@ In addition to having the type "remote" and requiring a label, Trusted Remote St
 These and other available options are described in the table below.
 
 Trusted remote stores can range from being a static trusted website to a sophisticated service managing access requests and logging activity
-and/or managing access to a secure enclave.  See :doc:`/developers/big-data-support` for additional information on how to use a trusted remote store. For specific remote stores, consult their documentation when configuring the remote store in your Dataverse installation.
+and/or managing access to a secure enclave.  See :doc:`/admin/big-data-administration` and :doc:`/developers/big-data-support` for additional information on how to use a trusted remote store. For specific remote stores, consult their documentation when configuring the remote store in your Dataverse installation.
 
-Note that in the current implementation, activites where Dataverse needs access to data bytes, e.g. to create thumbnails or validate hash values at publication will fail if a remote store does not allow Dataverse access. Implementers of such trusted remote stores should consider using Dataverse's settings to disable ingest, validation of files at publication, etc. as needed.
+Note that in the current implementation, activities where Dataverse needs access to data bytes, e.g. to create thumbnails or validate hash values at publication will fail if a remote store does not allow Dataverse access. Implementers of such trusted remote stores should consider using Dataverse's settings to disable ingest, validation of files at publication, etc. as needed.
 
 Once you have configured a trusted remote store, you can point your users to the :ref:`add-remote-file-api` section of the API Guide.
 
@@ -1486,6 +1486,8 @@ Once you have configured a trusted remote store, you can point your users to the
     dataverse.files.<id>.upload-out-of-band                  ``true``            **Required to be true** Dataverse does not manage file placement            ``false``
     dataverse.files.<id>.download-redirect                   ``true``/``false``  Enable direct download (should usually be true).                            ``false``
     dataverse.files.<id>.secret-key                          <?>                 A key used to sign download requests sent to the remote store. Optional.    (none)
+    dataverse.files.<id>.public                              ``true``/``false``  True if the remote store does not enforce Dataverse access controls         ``false``
+    dataverse.files.<id>.ingestsizelimit                     <size in bytes>     Maximum size of files that should be ingested                               (none)
     dataverse.files.<id>.url-expiration-minutes              <?>                 If direct downloads and using signing: time until links expire. Optional.   60
     dataverse.files.<id>.remote-store-name                   <?>                 A short name used in the UI to indicate where a file is located. Optional.  (none)
     dataverse.files.<id>.remote-store-url                    <?>                 A url to an info page about the remote store used in the UI. Optional.      (none)
@@ -1531,6 +1533,7 @@ Once you have configured a globus store, or configured an S3 store for Globus ac
                                                                                  for a managed store) - using a microprofile alias is recommended            (none)
     dataverse.files.<id>.reference-endpoints-with-basepaths  <?>                 A comma separated list of *remote* trusted Globus endpoint id/<basePath>s   (none)
     dataverse.files.<id>.files-not-accessible-by-dataverse   ``true``/``false``  Should be false for S3 Connector-based *managed* stores, true for others    ``false``
+    dataverse.files.<id>.public                              ``true``/``false``  True can be used to disable users ability restrict/embargo files            ``false``
     
     =======================================================  ==================  ==========================================================================  ===================
     

From 2c5b5b0a5001799b3f5cad3b0e35add806dfbc20 Mon Sep 17 00:00:00 2001
From: qqmyers <jim.myers@computer.org>
Date: Thu, 13 Nov 2025 15:46:18 -0500
Subject: [PATCH 496/634] Apply suggestions from code review

Co-authored-by: Philip Durbin <philip_durbin@harvard.edu>
---
 .../source/admin/big-data-administration.rst  | 96 +++++++++----------
 .../source/installation/config.rst            |  4 +-
 2 files changed, 50 insertions(+), 50 deletions(-)

diff --git a/doc/sphinx-guides/source/admin/big-data-administration.rst b/doc/sphinx-guides/source/admin/big-data-administration.rst
index d0a74b47912..ce635df35bd 100644
--- a/doc/sphinx-guides/source/admin/big-data-administration.rst
+++ b/doc/sphinx-guides/source/admin/big-data-administration.rst
@@ -1,7 +1,7 @@
 Scaling Dataverse with Data Size
 ================================
 
-This guide is intended to help administrators configure Dataverse appropriately to handle the amount of data their installation needs to manage.
+This guide is intended to help administrators configure Dataverse appropriately to handle larger amounts of data.
 
 Scaling is a complex subject: there are many options available in Dataverse that can improve performance with larger scale data, some of which
 work differently than Dataverse's default configuration, potentially requiring user education, and some which can require additional expertise to manage.
@@ -9,8 +9,8 @@ work differently than Dataverse's default configuration, potentially requiring u
 In general, there are three dimensions in which Dataverse can scale:
   
 1. **Storage size of individual files and aggregate storage size**
-2. **Number of Files per Dataset**
-3. **Number of Datasets**
+2. **Number of files per dataset**
+3. **Number of datasets**
 
 
 .. contents:: |toctitle|
@@ -22,15 +22,15 @@ Storage: Choosing the Right Store
 The main issues for handling larger files and larger aggregate data size relate to the performance of the storage used and how involved the Dataverse server is in the data transfer. 
 With appropriate configuration, Dataverse can support file sizes and aggregate dataset sizes into the terabyte scale and beyond.
 
-The primary choice in Dataverse related to storage is which type(s) of "store" (also called "Storage driver") to use:
+The primary choice in Dataverse related to storage is which types of "store" (also called "storage driver") to use:
 
 File Stores
 ~~~~~~~~~~~
 
-The default storage option in Dataverse is based on a local file system. When files are transferred to Dataverse, they are first stored in a
+The default storage option in Dataverse uses the local file system. When files are transferred to Dataverse, they are first stored in a
 temporary location on the Dataverse server. Any zip files uploaded are unzipped to create multiple individual file entries. Once an upload is completed, 
-Dataverse copies the files to permanent storage. Dataverse also takes advantage of the file being local to inspect it's bytes to determine it's 
-MIME type, and, for tabular data, to 'ingest' it - extracting metadata about the variables used in the file and creating a tab-separated value (TSV)
+Dataverse copies the files to permanent storage. Dataverse also takes advantage of the file being local to inspect its bytes to determine its 
+MIME type, and, for tabular data, to "ingest" it - extracting metadata about the variables used in the file and creating a tab-separated values (TSV)
 version of the file.
 
 Benefits: 
@@ -38,31 +38,31 @@ Benefits:
 - This option requires no external services and can potentially handle files into the gigabyte (GB) size range. For smaller institutions,
   and in disciplines where datasets do not have more than a few hundred files and files are not too large, this can be the simplest option.
 - Unzipping of zip archives can be simpler for users than having to upload many individual files and was, at one time, the only way to 
-  preserve file path names when uploading.
+  preserve file path names when uploading. In addition, some of the unzipped files might be in a format that can be previewed or otherwise acted upon.
 
-Challenges: In general file storage is not a good option for larger data sizes - both in terms of file size and number of files. Contributing factors include:
+Challenges: In general, file storage is not a good option for larger data sizes - both in terms of file size and number of files. Contributing factors include:
  
 - Because temporary storage is used, transfers will temporarily use several times as much space as the final transfer. Unzipping also increases the final storage size of a dataset.
 - Because all uploads use the same temporary storage, temporary storage must be large enough to handle multiple users uploading data.
 - Each file is uploaded as a single HTTP request, which can cause long transfer times which, in turn, can trigger timeout errors in Dataverse or any proxy or load balancer in front of Dataverse.
-- Uploading many files at once can trigger any rate limiter in front of the Dataverse server (i.e. used to throttle use by AI) resulting in failures
+- Uploading many files at once can trigger any rate limiter in front of the Dataverse server (i.e. used to throttle AI bots) resulting in failures.
 - Because transfers (both uploads and downloads) are handled by the Dataverse server, they add to server processing load which can affect overall performance.
 - Cost: local file storage must be provisioned in advance based on anticipated demand. It can involve up-front costs (for a local disk), or, when procured from a 
-  cloud provider, is likely to be more expensive than object storage from that provider (see below) 
+  cloud provider, is likely to be more expensive than object storage from that provider (see below).
 
 
 S3 Stores: Object Storage via S3
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 A more scalable option for storage is to use an object store with transfers managed using the Simple Storage Service (S3) protocol. S3-compatible storage can 
-easily be bought (rented) from major cloud providers, but may also be available from institutional clouds. It is also possible to run open-source software to provide
+easily be bought (rented) from major cloud providers, but may also be available from institutional clouds. It is also possible to run open source software to provide
 S3 storage over a local file system (making it possible to enjoy the advantages discussed below while still leveraging local file storage). 
 
 While S3 Stores can be configured to handle uploads and downloads as with file storage (with zip files being unzipped, but having many of the same challenges in terms of temporary storage and server load as discussed above) 
-they can also be configured to use 'direct' upload and download. In this configuration, the actual transfer of file bytes is from/to the user's local machine to/from
-the S3 store. In this configuration, files are never stored on the Dataverse server, and Dataverse does not attempt to unzip zip files and they are stored as a single file in the dataset.
+they can also be configured to use "direct" upload and download. In this configuration, the actual transfer of file bytes is between the user's local machine and
+the S3 store. In this configuration, files are never stored on the Dataverse server. Dataverse does not attempt to unzip zip files, and they are stored as a single file in the dataset.
 
-Benefits: S3 offers several advantages over file storage which :
+Benefits: S3 offers several advantages over file storage:
  
 - Scalability: S3 is designed to handle large amounts of data. It can handle individual files up to several TB in size. 
   Because S3 supports breaking files into pieces, Dataverse can transfer a file in pieces (several in parallel, potentially thousands of pieces per file) making transfers faster
@@ -72,7 +72,7 @@ Benefits: S3 offers several advantages over file storage which :
 
 Challenges:
 
-- One additional step that is required to enable direct uploads via a Dataverse installation and for direct download to work with previewers and direct upload to work with dvwebloader (:ref:`folder-upload`) is to allow cross site (CORS) requests on your S3 store.
+- One additional step that is required to enable direct uploads via a Dataverse installation and for direct download to work with previewers and direct upload to work with DVWebloader (:ref:`folder-upload`) is to allow cross site (CORS) requests on your S3 store.
 - Cost: S3 offers a pricing model that allows you to pay for the storage and transfer of data based on current usage (versus long term demand) but commercial 
   providers charge more per TB than the equivalent cost of a local disk (though commercial S3 storage is cheaper than commercial file storage).
   There can also be egress and other charges. Overall, S3 storage is generally more expensive than local file storage but cheaper than cloud file storage.
@@ -87,8 +87,8 @@ Other Considerations
 
 - S3 Storage without direct upload/download provides minimal benefits with Dataverse as files still pass through the server, files are still uploaded as a single HTTP/HTTPS stream, and temporary storage is still used.
 - While not having files unzipped can be confusing to users who are used to it from using Dataverse with file storage, there are ways to minimize the impact. 
-  For example, Dataverse can be configured to use a 'Zip File Previewer' that allows users to see the contents of a zip file and even download individual files from within it. 
-  For users who still want their data stored as individual files with their relative folder paths, Dataverse can be configured with the 'DVWebloader' which allows users to select an entire folder tree of files and 
+  For example, Dataverse can be configured to use a "Zip File Previewer" that allows users to see the contents of a zip file and even download individual files from within it. 
+  For users who still want their data stored as individual files with their relative folder paths, Dataverse can be configured with "DVWebloader" which allows users to select an entire folder tree of files and 
   upload them, with their relative paths intact, to Dataverse. (DVWebloader can only be used with S3/direct upload, but it is much more efficient with many files than using the 
   standard upload interface in Dataverse (which also does not retain path information)).
 - The following features are disabled when S3 direct upload is enabled.
@@ -99,16 +99,16 @@ Other Considerations
   - Extraction of a geospatial bounding box from NetCDF and HDF5 files (see :ref:`netcdf-and-hdf5`) unless :ref:`dataverse.netcdf.geo-extract-s3-direct-upload` is set to true.
 
 - Using direct upload stops Dataverse from inspecting the file bytes to determine the MIME type (with one exception - Stata files). Dataverse will still look at the file name and extension to determine the MIME type.
-- To perform the 'ingest' processing, Dataverse currently has to copy the file to local storage, somewhat negating the benefit of sending data directly to S3. To manage larger files, one can set a per-store
+- To perform "ingest" processing, Dataverse currently has to copy the file to local storage, negating the benefit of sending data directly to S3. To manage larger files, one can set a per-store
   ingest size limit (which can be 0 bytes) to stop ingest or limit it to smaller files. 
 - Dataverse's mechanism for downloading a whole dataset or multiple selected files involves zipping those files together. Even When using S3 with direct upload/download,
   the file bytes are transferred to the Dataverse server as part of the zipping process. There are ways to reduce the performance impact of this:
-  - There is a 'ZipDownloader' app that can be run separate from Dataverse to handle the zipping process.
+  - There is a "ZipDownloader" app that can be run separate from Dataverse to handle the zipping process.
   - Dataverse has a :ZipDownloadLimit that can be used to limit the amount of data that can be zipped. If a dataset is larger than this limit, Dataverse will only add some of the files to the zip and list others in the included manifest file.
-  - There are tools such as the Dataverse Dataset Downloader (https://github.com/gdcc/dataverse-recipes/tree/main/shell/download#dataverse-dataset-downloader) that can be used to download all off the files individually. This avoids sending any of the files to/through the Dataverse server when S3 direct download is enabled.  
+  - There are tools such as the Dataverse Dataset Downloader (https://github.com/gdcc/dataverse-recipes/tree/main/shell/download#dataverse-dataset-downloader) that can be used to download all of the files individually. This avoids sending any of the files through the Dataverse server when S3 direct download is enabled.  
 
 - Dataverse leverages S3 features that are not implemented by all servers and has several configuration options geared towards handling variations between servers. Site admins should be sure to test with their preferred S3 implementation.
-- The part-size used when directly transferring files to S3 is configurable (at AWS, from 5 MiB to 5GiB). The default in Dataverse is 1 GiB (1024^3). If the primary use case is with smaller files than that, decreasing the part size may improve upload speeds.
+- The part-size used when directly transferring files to S3 is configurable (at AWS, from 5 MiB to 5GiB). The default in Dataverse is 1 GiB (1024^3 bytes). If the primary use case is with smaller files than that, decreasing the part size may improve upload speeds.
 
 Remote Stores
 ~~~~~~~~~~~~~
@@ -117,11 +117,11 @@ Note: Remote Storage is still experimental: feedback is welcome! See :ref:`suppo
 
 For very large, and/or very sensitive data, it may not make sense to transfer or copy files to Dataverse at all.
 The ``remote`` store type in the Dataverse software supports these use cases.
-It allows Dataverse to store a URL reference for the file rather than transferring the file bytes to a store managed directly by Dataverse.
+It allows Dataverse to store a URL reference to the file rather than transferring the file bytes to a store managed directly by Dataverse.
 In the most basic configuration a site administrator configures the base URL for the store, e.g. "https://thirdpartystorage.edu/long-term-storage/" 
 and users can then create files referencing any URL starting with that base, e.g. "https://thirdpartystorage.edu/long-term-storage/my_project_dir/my_file.txt".
 
-If the remote site is a public web server, the remote store in Dataverse should be configured to be 'public' which will disable the ability to restrict
+If the remote site is a public web server, the remote store in Dataverse should be configured to be "public" which will disable the ability to restrict
 or embargo files (as they are public on the remote site and Dataverse cannot block access.) Conversely, Dataverse can be configured to sign requests to the 
 remote server which the remote server can then, if it is capable of validating them, use to reject requests not approved by Dataverse. In this configuration,
 users can restrict and embargo files and Dataverse and the remote server will cooperate to manage access control. Another alternative, with a more advanced
@@ -130,9 +130,9 @@ may require the user to login, or go through some other authentication/validatio
 
 Dataverse considers remote storage to be read-only, or, in cases where the remote service does not provide a way for Dataverse to download the file bytes
 (due to access control or because the URL refers to a landing page), inaccessible. Depending on whether Dataverse can access the bytes of the file,
-functionality such as ingest and integrity checking may or may not be possible. If the file bytes are not accessible the remote store in Dataverse should be
+functionality such as ingest and integrity checking may or may not be possible. If the file bytes are not accessible, the remote store in Dataverse should be
 configured to disable operations that attempt to access the file (see the files-not-accessible-by-dataverse in :ref:`trusted-remote-storage`).
-Regardless of whether the remote files can be read, local storage of other datafiles and auxiliary files in the same dataset is possible. Support for such files is handled by configuring a 'base' store with the remote store that is used for these purposes. (This means that while
+Regardless of whether the remote files can be read, local storage of other datafiles and auxiliary files in the same dataset is possible. Support for such files is handled by configuring a "base" store with the remote store that is used for these purposes. (This means that while
 files added as remote remain on the remote store, other files in the dataset, and potentially thumbnails and the ingested TSV format of remote files would be managed by Dataverse
 in the base store. If ingest is not desired, the ingest size limit for the store can be set to 0 bytes).
 
@@ -148,13 +148,13 @@ Challenges:
 - Remote files can only be added after the dataset is created in the UI (and therefore has an id and PID for use with the API). However, the UI will still allow upload of files to the base store (at dataset creation and when editing), which could be confusing.
 - As Dataverse is relying on the remote service to maintain the integrity and availability of the files, it is likely that the Dataverse site admin will want to have a formal agreement with the remote service 
   operator about their policies.
-- Site admins need to consider carefully how to configure file size limits, ingest size limits, etc. on the remote store and it's base store, and whether the remote store is public-only, and whether files there can be read by Dataverse to assure the
+- Site admins need to consider carefully how to configure file size limits, ingest size limits, etc. on the remote store and its base store, and whether the remote store is public-only, and whether files there can be read by Dataverse to assure the
   requirements of a specific use case(s) are addressed.
-- The current remote store implementation will not prevent you from providing a relative URL that results in a 404 when resolved. (I.e. if you make a typo). You should check to make sure the file exists at the location you specify - by trying to download in Dataverse, by checking to see that Dataverse was able to get the file size (which it does by doing a HEAD call to that location), or just manually trying the URL in your browser.
+- The current remote store implementation will not prevent you from providing a relative URL that results in a 404 when resolved (i.e. if you make a typo). You should check to make sure the file exists at the location you specify - by trying to download in Dataverse, by checking to see that Dataverse was able to get the file size (which it does with a HEAD call to that location), or just manually trying the URL in your browser.
 - For large files, direct-download should always be used with a remote store. (Otherwise the Dataverse will be involved in the download.)
 - When multiple files are selected for download, Dataverse will try to include remote files in the zip file being created (up to the max zip size limit) which is inefficient, and will not be able to include remote files that are inaccessible (possibly confusing). 
 
-Globus Stores: Globus Transfer between Large File/Tape Archives
+Globus Stores: Globus Transfer Between Large File/Tape Archives
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 Note: Globus Transfer is still experimental: feedback is welcome! See :ref:`support`.
@@ -173,23 +173,23 @@ Dataverse can be configured to support Globus transfers in multiple ways:
 
 Benefits: 
 
-- Globus scales to higher data volumes than any other option. Users working with large data are often familiar with Globus and are interested in transferring data to/from computational clusters rather than their local machine
+- Globus scales to higher data volumes than any other option. Users working with large data are often familiar with Globus and are interested in transferring data to/from computational clusters rather than their local machine.
 - Globus transfers can be initiated by choosing the Globus option in the dataset upload panel. Analogously, "Globus Transfer" is one of the download options in the "Access Dataset" menu.
-- For the non-S3 options, Dataverse supports having a base store (e.g. a local file system or an S3-based store), which can be used internally by Dataverse (e.g. for thumbnails, etc.) and can allow users to upload smaller files (e.g. Readmes, documentation) that might not be suited to a given Globus endpoint (e.g. a tape store)
+- For the non-S3 options, Dataverse supports having a base store (e.g. a local file system or an S3-based store), which can be used internally by Dataverse (e.g. for thumbnails, etc.) and can allow users to upload smaller files (e.g. READMEs, documentation) that might not be suited to a given Globus endpoint (e.g. a tape store).
 
 Challenges: 
 
-- Globus is complex to manage and Dataverse installations will need to develop Globus expertise or partner with another organization (i.e. a institutional high-performance computing center) to manage Globus endpoints.
-- For users not familiar with Globus, managing transfers can be confusing. For the non-S3 options, users cannot just download files - they must have access to a destination Globus endpoint and have a Globus account. Globus does provide free accounts and a free 'Globus Personal Connect' service which installed on any machine to allow transfers to/from it.
+- Globus is complex to manage and Dataverse installations will need to develop Globus expertise or partner with another organization (i.e. an institutional high-performance computing center) to manage Globus endpoints.
+- For users not familiar with Globus, managing transfers can be confusing. For the non-S3 options, users cannot just download files - they must have access to a destination Globus endpoint and have a Globus account. Globus does provide free accounts and a free "Globus Personal Connect" service which installed on any machine to allow transfers to/from it.
 - Globus transfers are not enabled at dataset-creation time. Once the draft version is created, users can initiate Globus transfers to upload files from remote endpoints.
 - For Dataverse-managed endpoints, a community-developed `dataverse-globus <https://github.com/scholarsportal/dataverse-globus>`_ app must be installed and configured in the Dataverse instance. 
-  This app manages granting and revoking access for users to upload/download files from Dataverse and handles the translation between Dataverse's internal file naming/organization to that see by the user.
+  This app manages granting and revoking access for users to upload/download files from Dataverse and handles the translation between Dataverse's internal file naming/organization to that seen by the user.
 - Users familiar with Globus sometimes expect to be able to find the Dataverse endpoint in Globus' online service and download files from there. Due to the fact that Dataverse is managing permissions and handling file naming, this doesn't work.
-- Due to differences between Dataverse's and Globus's access control models, Dataverse cannot enforce per-file-access restrictions - restriction can only be done today at the level of providing access to all files in a dataset.
+- Due to differences between Dataverse's and Globus's access control models, Dataverse cannot enforce per-file access restrictions - restriction can only be done today at the level of providing access to all files in a dataset.
   Globus stores can be defined as public to disable Dataverse's ability to restrict and embargo files in that store. If the store is configured to support restriction and embargo,
   Dataverse and its Dataverse-Globus app will limit users to downloading only the files they have been granted access to, but a technically knowledgeable user could access other files in the same dataset if they are give access to one.
   (Data depositors would need to be aware of this limitation and could be guided to restrict all files/only grant access to all dataset files in Globus as a work-around).
-- Dataverse-managed endpoints must be Globus 'guest collections' hosted on either a file-system-based endpoint or an S3-based endpoint (the latter requires use of the Globus
+- Dataverse-managed endpoints must be Globus "guest collections" hosted on either a file-system-based endpoint or an S3-based endpoint (the latter requires use of the Globus
   S3 connector which requires a paid Globus subscription at the host institution). In either case, Dataverse is configured with the Globus credentials of a user account that can manage the endpoint.
   Users will need their own Globus account, which can be obtained via their institution or directly from Globus (at no cost).
 - With the file-system endpoint, Dataverse does not currently have access to the file contents. Thus, functionality related to ingest, previews, fixity hash validation, etc. are not available. 
@@ -217,7 +217,7 @@ Based on both file size and volume considerations, here are some general recomme
 
 1. **For research projects with moderate data (< 2GB files, < 100s of files/dataset):**
 
-   * Default File Store is sufficient
+   * The default File Store is sufficient
    * Consider setting file count and size limits (see below)
 
 2. **For projects with larger files (GBs to TBs) and/or more files per dataset (100s to 1000s):**
@@ -240,7 +240,7 @@ Based on both file size and volume considerations, here are some general recomme
    * Consider a Remote Store and referencing a single URL/Globus endpoint for the entire dataset
 
 
-Managing more files per dataset and more datasets
+Managing More Files per Dataset and More Datasets
 -------------------------------------------------
 
 Dataverse can be configured to handle datasets with hundreds or thousands of files and hundreds of thousands of datasets. However, reaching these levels can require significant effort to appropriately configure the server.
@@ -254,7 +254,7 @@ Scaling to larger numbers of datasets (and to some extent scaling files per data
 Avoiding Many Files
 ~~~~~~~~~~~~~~~~~~~
 
-Before describing things that can be done to improve scaling, it is important to note that there are configuration options and best practices to suggest to users to help avoid larger datasets and and help them avoid hitting performance issues by going beyond the file counts you know work in your instance.
+Before describing things that can be done to improve scaling, it is important to note that there are configuration options and best practices to suggest to users to help avoid larger datasets and help them avoid hitting performance issues by going beyond the file counts you know work in your instance.
 
 There are a number of settings to limit how many files can be uploaded (see :ref:`database-settings` and :ref:`jvm-options` for more details):
 
@@ -270,28 +270,28 @@ Ways to Scale
 There are a broad range of options (that are not turned on by default) for improving how well Solr indexing and searching scales and for handling more files per dataset. Some of these are useful for all installations while others are related to specific use cases, or are mostly for emergency use (e.g. disabling facets).
 (see :ref:`database-settings`, :ref:`jvm-options`, and :ref:`feature-flags` for more details):
 
-- dataverse.feature.add-publicobject-solr-field=true - specifically marks unrestricted content as public in solr
-- dataverse.feature.avoid-expensive-solr-join=true - this tells Dataverse to use the feature above to speed searches
-- dataverse.feature.reduce-solr-deletes=true - when solr entries are being updated, this avoids an unnecessary step (deletion of existing entries) for entries that are being replaced
+- dataverse.feature.add-publicobject-solr-field=true - specifically marks unrestricted content as public in Solr
+- dataverse.feature.avoid-expensive-solr-join=true - this tells Dataverse to use the feature above to speed up searches
+- dataverse.feature.reduce-solr-deletes=true - when Solr entries are being updated, this avoids an unnecessary step (deletion of existing entries) for entries that are being replaced
 - dataverse.feature.disable-dataset-thumbnail-autoselect=true - by default, Dataverse scans through all files in a dataset to find one that can be used as a thumbnail, which is expensive for many files. This disables that behavior to improve performance
 - dataverse.feature.only-update-datacite-when-needed=true - reduces the load on DataCite and reduces Dataverse failures related to that load, which is important when using file PIDs on Datasets with many files
 - v6.9: dataverse.solr.min-files-to-use-proxy=<X> - improve performance/lower memory requirements when indexing datasets with many files, suggested value is in the range 200 to 500
 - dataverse.solr.concurrency.max-async-indexes=<X> - limits the number of index operations running in parallel. The default is 4, larger values may improve performance (if the Solr intance is appropriately sized)
-- v6.9?: dataverse.exports.schema-dot-org.max-files-for-download-entries - reduces the size of the schema.org metadata export wehn there are many files per dataset. By default, this is included in the dataset page header, so the smaller version improves page loading and can avoid issues with Google indexing (datasets with thousands of files+)
+- v6.9?: dataverse.exports.schema-dot-org.max-files-for-download-entries - reduces the size of the schema.org metadata export when there are many files per dataset. By default, this is included in the dataset page header, so the smaller version improves page loading and can avoid issues with Google indexing (datasets with thousands of files+)
 - SolrFullTextIndexing - false improves performance at the expense of not indexing file contents
 - SolrMaxFileSizeForFullTextIndexing - size in bytes (default unset/no limit) above which file contents should not be indexed
-- ZipDownloadLimit - the maximum size in bytes for zipped downloads of files from a dataset. If the size of requested files is larger, some files will be omitted and listedin the zip manifest file as not included.
-- DatasetChecksumValidationSizeLimit - by default, Dataverse checks fixity (assuring the file contents match the recorded checksum) as part of publication. This setting specifies a maximum aggregate dataset size, above which validation will not be done.
+- ZipDownloadLimit - the maximum size in bytes for zipped downloads of files from a dataset. If the size of requested files is larger, some files will be omitted and listed in the zip manifest file as not included.
+- DatasetChecksumValidationSizeLimit - by default, Dataverse checks fixity (assuring the file contents match the recorded checksum) as part of publication. This setting specifies a maximum aggregate dataset size, above which this validation will not be done.
 - DataFileChecksumValidationSizeLimit - by default, Dataverse checks fixity (assuring the file contents match the recorded checksum) as part of publication. This setting specifies a maximum file size, above which validation will not be done.
 - FilePIDsEnabled - false is recommended when datasets have many files. Related settings allow file PIDS to be enabled/disabled per collection and per file
-- CustomZipDownloadServiceUrl - allows use of a separate process/machine to handle zipping up multi-file downloads. Requires installation of the separate Zip Download app.
-- WebloaderUrl - enables use of an installed DVWebloader (by specifying it's web location) which is more efficient for uploading many files 
+- CustomZipDownloadServiceUrl - allows use of a separate process/machine to handle zipping up multi-file downloads. Requires installation of the separate Zip Download app
+- WebloaderUrl - enables use of an installed DVWebloader (by specifying its web location) which is more efficient for uploading many files 
 - CategoryOrder - Pre-sorts the file display by category, e.g. showing all "Documentation" files before "Data" files. Any user selected sorting by name, age, or size is done within these sections  
 - OrderByFolder - pre-sorts files by their directory Label (folder), showing files with no path before others. Any user selected sorting by name, age, or size is done within these sections
 - DisableSolrFacets - disables facets, which are costly to generate, in search results (including the main collection page)
 - DisableSolrFacetsForGuestUsers - only disable facets for guests
 - DisableSolrFacetsWithoutJsession - disables facets for users who have disabled cookies (e.g. for bots)
-- DisableUncheckedTypesFacet -only disables the facet showing the number of collections, datasets, files matching the query (this facet is potentially less useful than others)
+- DisableUncheckedTypesFacet - only disables the facet showing the number of collections, datasets, files matching the query (this facet is potentially less useful than others)
 - StoreIngestedTabularFilesWithVarHeaders - by default, Dataverse stores ingested files without headers and dynamically adds them back at download time. Once this setting is enabled, Dataverse will leave the headers in place (for newly ingested files), reducing the cost of downloads
 
 
diff --git a/doc/sphinx-guides/source/installation/config.rst b/doc/sphinx-guides/source/installation/config.rst
index 197c40c4c5d..695b54c1f93 100644
--- a/doc/sphinx-guides/source/installation/config.rst
+++ b/doc/sphinx-guides/source/installation/config.rst
@@ -1511,8 +1511,8 @@ Once you have configured a trusted remote store, you can point your users to the
     dataverse.files.<id>.ingestsizelimit                     <size in bytes>     Maximum size of files that should be ingested                               (none)
     dataverse.files.<id>.url-expiration-minutes              <?>                 If direct downloads and using signing: time until links expire. Optional.   60
     dataverse.files.<id>.remote-store-name                   <?>                 A short name used in the UI to indicate where a file is located. Optional.  (none)
-    dataverse.files.<id>.remote-store-url                    <?>                 A url to an info page about the remote store used in the UI. Optional.      (none)
-    dataverse.files.<id>.files-not-accessible-by-dataverse   ``true``/``false``  True if the file is at the url provided, false if that is a landing page    ``false``
+    dataverse.files.<id>.remote-store-url                    <?>                 A URL to an info page about the remote store used in the UI. Optional.      (none)
+    dataverse.files.<id>.files-not-accessible-by-dataverse   ``true``/``false``  True if the file is at the URL provided, false if that is a landing page    ``false``
     
     =======================================================  ==================  ==========================================================================  ===================
 

From 1e719cb83247bb67455b9cb9e7fbfd89f47adc2a Mon Sep 17 00:00:00 2001
From: Jim Myers <qqmyers@hotmail.com>
Date: Thu, 13 Nov 2025 17:32:19 -0500
Subject: [PATCH 497/634] updates per review

---
 .../11850-big-data-admin-guide.md             |  3 +
 .../source/admin/big-data-administration.rst  | 61 ++++++++++---------
 .../source/installation/config.rst            |  9 ++-
 .../source/installation/prep.rst              |  2 +-
 .../source/user/dataset-management.rst        |  5 +-
 5 files changed, 46 insertions(+), 34 deletions(-)
 create mode 100644 doc/release-notes/11850-big-data-admin-guide.md

diff --git a/doc/release-notes/11850-big-data-admin-guide.md b/doc/release-notes/11850-big-data-admin-guide.md
new file mode 100644
index 00000000000..e7bd0b87781
--- /dev/null
+++ b/doc/release-notes/11850-big-data-admin-guide.md
@@ -0,0 +1,3 @@
+### Big Data Admin Section
+
+- A new section - Scaling Dataverse with Data Size - has been added to the Admin Guide. It is intended to help administrators configure Dataverse appropriately to handle larger amounts of data.
diff --git a/doc/sphinx-guides/source/admin/big-data-administration.rst b/doc/sphinx-guides/source/admin/big-data-administration.rst
index ce635df35bd..390c231d01a 100644
--- a/doc/sphinx-guides/source/admin/big-data-administration.rst
+++ b/doc/sphinx-guides/source/admin/big-data-administration.rst
@@ -1,7 +1,7 @@
 Scaling Dataverse with Data Size
 ================================
 
-This guide is intended to help administrators configure Dataverse appropriately to handle larger amounts of data.
+This section is intended to help administrators configure Dataverse appropriately to handle larger amounts of data.
 
 Scaling is a complex subject: there are many options available in Dataverse that can improve performance with larger scale data, some of which
 work differently than Dataverse's default configuration, potentially requiring user education, and some which can require additional expertise to manage.
@@ -38,7 +38,7 @@ Benefits:
 - This option requires no external services and can potentially handle files into the gigabyte (GB) size range. For smaller institutions,
   and in disciplines where datasets do not have more than a few hundred files and files are not too large, this can be the simplest option.
 - Unzipping of zip archives can be simpler for users than having to upload many individual files and was, at one time, the only way to 
-  preserve file path names when uploading. In addition, some of the unzipped files might be in a format that can be previewed or otherwise acted upon.
+  preserve file path names when uploading. In addition, some of the unzipped files might be in a format that can be previewed or otherwise acted upon - see :ref:`file-handling` in the User Guide.
 
 Challenges: In general, file storage is not a good option for larger data sizes - both in terms of file size and number of files. Contributing factors include:
  
@@ -68,7 +68,7 @@ Benefits: S3 offers several advantages over file storage:
   Because S3 supports breaking files into pieces, Dataverse can transfer a file in pieces (several in parallel, potentially thousands of pieces per file) making transfers faster
   and more robust (a failure requires only resending the failed piece). It may also be the case that users will have a faster network connection to the S3 store 
   (e.g. in a commercial cloud or High Performance Computing center) than they do to the Dataverse server, reducing transfer time.
-- High Availability: S3 provides redundancy beyond what is available with a single disk (valuable for preservation, potentially reducing the need to perform data integrity checks).
+- High Availability: S3 provides redundancy beyond what is available with a local file system (valuable for preservation, potentially reducing the need to perform data integrity checks).
 
 Challenges:
 
@@ -87,27 +87,23 @@ Other Considerations
 
 - S3 Storage without direct upload/download provides minimal benefits with Dataverse as files still pass through the server, files are still uploaded as a single HTTP/HTTPS stream, and temporary storage is still used.
 - While not having files unzipped can be confusing to users who are used to it from using Dataverse with file storage, there are ways to minimize the impact. 
-  For example, Dataverse can be configured to use a "Zip File Previewer" that allows users to see the contents of a zip file and even download individual files from within it. 
+  For example, Dataverse can be configured to use a "Zip File Previewer" that allows users to see the contents of a zip file and even download individual files from within it (see :ref:`compressed-files`). 
   For users who still want their data stored as individual files with their relative folder paths, Dataverse can be configured with "DVWebloader" which allows users to select an entire folder tree of files and 
   upload them, with their relative paths intact, to Dataverse. (DVWebloader can only be used with S3/direct upload, but it is much more efficient with many files than using the 
   standard upload interface in Dataverse (which also does not retain path information)).
-- The following features are disabled when S3 direct upload is enabled.
-  - Unzipping of zip files. (See :ref:`compressed-files`.)
-  - Detection of file type based on JHOVE and custom code that reads the first few bytes except for the refinement of Stata file types to include the version. (See :ref:`redetect-file-type`.)
-  - Extraction of metadata from FITS files. (See :ref:`fits`.)
-  - Creation of NcML auxiliary files (See :ref:`netcdf-and-hdf5`.)
-  - Extraction of a geospatial bounding box from NetCDF and HDF5 files (see :ref:`netcdf-and-hdf5`) unless :ref:`dataverse.netcdf.geo-extract-s3-direct-upload` is set to true.
+- Several features that involve Dataverse accessing files' contents, including unzipping zip files, are disabled when S3 direct upload is enabled. See :ref:`s3-direct-upload-features-disabled`.
 
 - Using direct upload stops Dataverse from inspecting the file bytes to determine the MIME type (with one exception - Stata files). Dataverse will still look at the file name and extension to determine the MIME type.
-- To perform "ingest" processing, Dataverse currently has to copy the file to local storage, negating the benefit of sending data directly to S3. To manage larger files, one can set a per-store
-  ingest size limit (which can be 0 bytes) to stop ingest or limit it to smaller files. 
+- To perform "ingest" processing (see :doc:`/user/tabulardataingest`), Dataverse currently has to copy the file to local storage, negating the benefit of sending data directly to S3. To manage larger files, one can set a per-store
+  ingest size limit (which can be 0 bytes) to stop ingest or limit it to smaller files (see :ref:`list-of-s3-storage-options`). 
 - Dataverse's mechanism for downloading a whole dataset or multiple selected files involves zipping those files together. Even When using S3 with direct upload/download,
   the file bytes are transferred to the Dataverse server as part of the zipping process. There are ways to reduce the performance impact of this:
-  - There is a "ZipDownloader" app that can be run separate from Dataverse to handle the zipping process.
-  - Dataverse has a :ZipDownloadLimit that can be used to limit the amount of data that can be zipped. If a dataset is larger than this limit, Dataverse will only add some of the files to the zip and list others in the included manifest file.
+  
+  - There is a :ref:`Standalone "Zipper" Service Tool <zipdownloader>` that can be run separate from Dataverse to handle the zipping process.
+  - Dataverse has a :ref:`:ZipDownloadLimit` that can be used to limit the amount of data that can be zipped. If a dataset is larger than this limit, Dataverse will only add some of the files to the zip and list others in the included manifest file.
   - There are tools such as the Dataverse Dataset Downloader (https://github.com/gdcc/dataverse-recipes/tree/main/shell/download#dataverse-dataset-downloader) that can be used to download all of the files individually. This avoids sending any of the files through the Dataverse server when S3 direct download is enabled.  
 
-- Dataverse leverages S3 features that are not implemented by all servers and has several configuration options geared towards handling variations between servers. Site admins should be sure to test with their preferred S3 implementation.
+- Dataverse leverages S3 features that are not implemented by all servers and has several configuration options geared towards handling variations between servers - see :ref:`s3-compatible`. Site admins should be sure to test with their preferred S3 implementation (and consider adding to the list of working S3 implementations).
 - The part-size used when directly transferring files to S3 is configurable (at AWS, from 5 MiB to 5GiB). The default in Dataverse is 1 GiB (1024^3 bytes). If the primary use case is with smaller files than that, decreasing the part size may improve upload speeds.
 
 Remote Stores
@@ -126,7 +122,7 @@ or embargo files (as they are public on the remote site and Dataverse cannot blo
 remote server which the remote server can then, if it is capable of validating them, use to reject requests not approved by Dataverse. In this configuration,
 users can restrict and embargo files and Dataverse and the remote server will cooperate to manage access control. Another alternative, with a more advanced
 remote store, would be, instead of using URLs that directly enable download of the file, to use URLs that point to a landing page at the remote server that 
-may require the user to login, or go through some other authentication/validation process before being able to access the file.
+may require the user to login and go through some approval process before being able to access the file.
 
 Dataverse considers remote storage to be read-only, or, in cases where the remote service does not provide a way for Dataverse to download the file bytes
 (due to access control or because the URL refers to a landing page), inaccessible. Depending on whether Dataverse can access the bytes of the file,
@@ -144,10 +140,10 @@ Benefits:
 
 Challenges:
 
-- Currently, remote files can only be added via the API. (This may be addressed in future versions).
-- Remote files can only be added after the dataset is created in the UI (and therefore has an id and PID for use with the API). However, the UI will still allow upload of files to the base store (at dataset creation and when editing), which could be confusing.
 - As Dataverse is relying on the remote service to maintain the integrity and availability of the files, it is likely that the Dataverse site admin will want to have a formal agreement with the remote service 
   operator about their policies.
+- Currently, remote files can only be added via the API. (This may be addressed in future versions).
+- Remote files can only be added after the dataset is created in the UI (and therefore has an id and PID for use with the API). However, the UI will still allow upload of files to the base store (at dataset creation and when editing), which could be confusing.
 - Site admins need to consider carefully how to configure file size limits, ingest size limits, etc. on the remote store and its base store, and whether the remote store is public-only, and whether files there can be read by Dataverse to assure the
   requirements of a specific use case(s) are addressed.
 - The current remote store implementation will not prevent you from providing a relative URL that results in a 404 when resolved (i.e. if you make a typo). You should check to make sure the file exists at the location you specify - by trying to download in Dataverse, by checking to see that Dataverse was able to get the file size (which it does with a HEAD call to that location), or just manually trying the URL in your browser.
@@ -161,9 +157,9 @@ Note: Globus Transfer is still experimental: feedback is welcome! See :ref:`supp
 
 `Globus <https://www.globus.org>`_ provides file transfer service that is widely used for the world's largest datasets (in terms of both file size and number of files). It provides:
 
-- robust file transfer capable of handling delays (e.g. due to the time it takes to mount tapes) and restarting after network or endpoint failures
-- rapid parallel file transfers, potentially between clusters of computers on both ends
-- third-party transfer, which enables a user working with their desktop browser to initiate transfer of files from one remote endpoint (i.e. on a local high-performance computing cluster) to/from another (e.g. one associated with a Dataverse store)
+- Robust file transfer capable of handling delays (e.g. due to the time it takes to mount tapes) and restarting after network or endpoint failures
+- Rapid parallel file transfers, potentially between clusters of computers on both ends
+- Third-party transfer, which enables a user working with their desktop browser to initiate transfers of files between remote endpoints, i.e. sending files on a local high-performance computing cluster to a Dataverse endpoint or vice versa.
 
 Dataverse can be configured to support Globus transfers in multiple ways:
 
@@ -195,11 +191,11 @@ Challenges:
 - With the file-system endpoint, Dataverse does not currently have access to the file contents. Thus, functionality related to ingest, previews, fixity hash validation, etc. are not available. 
   (Using the S3-based endpoint, Dataverse has access via S3 and all functionality normally associated with direct uploads to S3 is available. In this case admins should be sure to set the maximum size for ingest and avoid requiring hash validation at publication, etc.)
 - For the reference use case, Dataverse must be configured with a list of allowed endpoint/base paths from which files may be referenced. In this case, since Dataverse is not accessing the remote endpoint itself, it does not need Globus credentials. 
-  Users will also need a Globus account in this case, and the remote endpoint must be configured to allow them access (i.e. be publicly readable, or potentially involving some out-of-band mechanism to request access (that could be described, for example, in the dataset's Terms of Use and Access).
+  Users will also need a Globus account in this case, and the remote endpoint must be configured to allow them access, i.e. be publicly readable, or potentially supporting some out-of-band mechanism for access requests (which could be described, for example, in the dataset's Terms of Use and Access).
 - As with remote stores, files can only be added in the Globus reference case via the Dataverse API.
 - While Globus itself can handle many (millions of) files of any size, Dataverse cannot handle more than thousands of files per dataset (at best) and some Globus endpoints may have limits on file sizes - both maximums and minimums (e.g. for tape storage where small files are inefficient).
   Users will need to be made aware of these limitations and the possibilities for managing them (e.g. by aggregating multiple files in a single larger file, or storing smaller files in the base-store via the normal Dataverse upload UI).
-- There is currently (a bug)[https://github.com/gdcc/dataverse-globus/issues/2] that won't allow users to transfer files from/to endpoints where they do not have permission to list the overall file tree (i.e. an institution manages <endpoint>/institution_name but the user only has access to <endpoint>/institution_name/my_dir.)
+- There is currently `a bug <https://github.com/gdcc/dataverse-globus/issues/2>`_ that won't allow users to transfer files from/to endpoints where they do not have permission to list the overall file tree (i.e. an institution manages <endpoint>/institution_name but the user only has access to <endpoint>/institution_name/my_dir.)
   Until that is fixed, a work-around is to first transfer data to an endpoint without this restriction.
 - An alternative, experimental implementation of Globus polling of ongoing upload transfers was added in v6.4. This framework does not rely on the instance staying up continuously for the duration of the transfer and saves the state information about Globus upload requests in the database. While it is now the recommended option, it is not enabled by default. See the ``globus-use-experimental-async-framework`` feature flag (see :ref:`feature-flags`) and the JVM option :ref:`dataverse.files.globus-monitoring-server`.
 
@@ -207,7 +203,7 @@ More details of the setup required to enable Globus is described in the `Communi
 
 An overview of the control and data transfer interactions between components was presented at the 2022 Dataverse Community Meeting and can be viewed in the `Integrations and Tools Session Video <https://youtu.be/3ek7F_Dxcjk?t=5289>`_ around the 1 hr 28 min mark.
 
-See also :ref:`Globus settings <:GlobusSettings>`.
+See also :ref:`globus-support` and :ref:`Globus settings <:GlobusSettings>`.
 
 
 Storage Strategy Recommendations
@@ -239,7 +235,10 @@ Based on both file size and volume considerations, here are some general recomme
 
    * Consider a Remote Store and referencing a single URL/Globus endpoint for the entire dataset
 
+6. **For Dataverse installations supporting a range of data scales:**
 
+   * Consider using :ref:`multiple stores <multiple-stores>` and assigning stores to individual collections or datasets
+   
 Managing More Files per Dataset and More Datasets
 -------------------------------------------------
 
@@ -249,7 +248,9 @@ Technically, there are two factors that can limit scaling the number of files pe
 The former is dramatically affected by the choice for file storage and options such as the S3 direct upload/download settings and ingest size limits. There are fewer ways to affect the latter beyond increasing the amount of memory and CPU resources available
 or rewriting the relevant parts of Dataverse. (There are continuing efforts to improve Dataverse's performance and scaling, so it is also advisable to use the latest version if you are pushing the boundaries on scaling. Progress is being made.)
 
-Scaling to larger numbers of datasets (and to some extent scaling files per dataset) also depends on Dataverse's Solr search engine. There have been very significant improvements in indexing and search performance in recent releases, including some that are not turned on by default.
+Scaling to larger numbers of datasets (and to some extent scaling files per dataset) also depends on Dataverse's Solr search engine. There have been very significant improvements in indexing and search performance in recent releases, including some that are not turned on by default (listed below).
+
+
 
 Avoiding Many Files
 ~~~~~~~~~~~~~~~~~~~
@@ -264,8 +265,8 @@ There are a number of settings to limit how many files can be uploaded (see :ref
 - UseStorageQuotas - once enabled, super users can set per-collection quotas (in bytes) to limit the aggregate size of all files in the collection
 - dataverse.files.default-dataset-file-count-limit - directly limits the number of files per dataset, can be changed per dataset via API (by super users)
 
-Ways to Scale
-~~~~~~~~~~~~~
+Scaling-related Configuration
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 There are a broad range of options (that are not turned on by default) for improving how well Solr indexing and searching scales and for handling more files per dataset. Some of these are useful for all installations while others are related to specific use cases, or are mostly for emergency use (e.g. disabling facets).
 (see :ref:`database-settings`, :ref:`jvm-options`, and :ref:`feature-flags` for more details):
@@ -275,15 +276,15 @@ There are a broad range of options (that are not turned on by default) for impro
 - dataverse.feature.reduce-solr-deletes=true - when Solr entries are being updated, this avoids an unnecessary step (deletion of existing entries) for entries that are being replaced
 - dataverse.feature.disable-dataset-thumbnail-autoselect=true - by default, Dataverse scans through all files in a dataset to find one that can be used as a thumbnail, which is expensive for many files. This disables that behavior to improve performance
 - dataverse.feature.only-update-datacite-when-needed=true - reduces the load on DataCite and reduces Dataverse failures related to that load, which is important when using file PIDs on Datasets with many files
-- v6.9: dataverse.solr.min-files-to-use-proxy=<X> - improve performance/lower memory requirements when indexing datasets with many files, suggested value is in the range 200 to 500
+- dataverse.solr.min-files-to-use-proxy=<X> - improve performance/lower memory requirements when indexing datasets with many files, suggested value is in the range 200 to 500
 - dataverse.solr.concurrency.max-async-indexes=<X> - limits the number of index operations running in parallel. The default is 4, larger values may improve performance (if the Solr intance is appropriately sized)
-- v6.9?: dataverse.exports.schema-dot-org.max-files-for-download-entries - reduces the size of the schema.org metadata export when there are many files per dataset. By default, this is included in the dataset page header, so the smaller version improves page loading and can avoid issues with Google indexing (datasets with thousands of files+)
+- dataverse.exports.schema-dot-org.max-files-for-download-entries - reduces the size of the schema.org metadata export when there are many files per dataset. By default, this is included in the dataset page header, so the smaller version improves page loading and can avoid issues with Google indexing (datasets with thousands of files+)
 - SolrFullTextIndexing - false improves performance at the expense of not indexing file contents
 - SolrMaxFileSizeForFullTextIndexing - size in bytes (default unset/no limit) above which file contents should not be indexed
 - ZipDownloadLimit - the maximum size in bytes for zipped downloads of files from a dataset. If the size of requested files is larger, some files will be omitted and listed in the zip manifest file as not included.
 - DatasetChecksumValidationSizeLimit - by default, Dataverse checks fixity (assuring the file contents match the recorded checksum) as part of publication. This setting specifies a maximum aggregate dataset size, above which this validation will not be done.
 - DataFileChecksumValidationSizeLimit - by default, Dataverse checks fixity (assuring the file contents match the recorded checksum) as part of publication. This setting specifies a maximum file size, above which validation will not be done.
-- FilePIDsEnabled - false is recommended when datasets have many files. Related settings allow file PIDS to be enabled/disabled per collection and per file
+- FilePIDsEnabled - false is recommended when datasets have many files. Related settings allow file PIDS to be enabled/disabled per collection and per dataset
 - CustomZipDownloadServiceUrl - allows use of a separate process/machine to handle zipping up multi-file downloads. Requires installation of the separate Zip Download app
 - WebloaderUrl - enables use of an installed DVWebloader (by specifying its web location) which is more efficient for uploading many files 
 - CategoryOrder - Pre-sorts the file display by category, e.g. showing all "Documentation" files before "Data" files. Any user selected sorting by name, age, or size is done within these sections  
diff --git a/doc/sphinx-guides/source/installation/config.rst b/doc/sphinx-guides/source/installation/config.rst
index 695b54c1f93..59c52f848ae 100644
--- a/doc/sphinx-guides/source/installation/config.rst
+++ b/doc/sphinx-guides/source/installation/config.rst
@@ -1008,9 +1008,10 @@ File Storage
 
 By default, a Dataverse installation stores all data files (files uploaded by end users) on the filesystem at ``/usr/local/payara6/glassfish/domains/domain1/files``. This path can vary based on answers you gave to the installer (see the :ref:`dataverse-installer` section of the Installation Guide) or afterward by reconfiguring the ``dataverse.files.\<id\>.directory`` JVM option described below.
 
-A Dataverse installation can alternately store files in a Swift or S3-compatible object store, or on a Globus endpoint, and can now be configured to support multiple stores at once. With a multi-store configuration, the location for new files can be controlled on a per-Dataverse collection basis.
-
+A Dataverse installation can alternately store files in a Swift or S3-compatible object store, or on a Globus endpoint, and can now be configured to support multiple stores at once.
 A Dataverse installation may also be configured to reference some files (e.g. large and/or sensitive data) stored in a web or Globus accessible trusted remote store.
+With a multi-store configuration, the location for new files can be controlled on a per-Dataverse collection or per-dataset basis.
+The :doc:`/admin/big-data-administration` provides more detail about the pros and cons of different types of storage.
 
 A Dataverse installation can be configured to allow out of band upload by setting the ``dataverse.files.\<id\>.upload-out-of-band`` JVM option to ``true``.
 By default, Dataverse supports uploading files via the :ref:`add-file-api`. With S3 stores, a direct upload process can be enabled to allow sending the file directly to the S3 store (without any intermediate copies on the Dataverse server).
@@ -1018,6 +1019,8 @@ With the upload-out-of-band option enabled, it is also possible for file upload
 
 The following sections describe how to set up various types of stores and how to configure for multiple stores.
 
+.. _multiple-stores:
+
 Multi-store Basics
 ++++++++++++++++++
 
@@ -1402,6 +1405,8 @@ You may provide the values for these via any `supported MicroProfile Config API
 2. A non-empty ``dataverse.files.<id>.profile`` will be ignored when no credentials can be found for this profile name.
    Current codebase does not make use of "named profiles" as seen for AWS CLI besides credentials.
 
+.. _s3-compatible:
+
 Reported Working S3-Compatible Storage
 ######################################
 
diff --git a/doc/sphinx-guides/source/installation/prep.rst b/doc/sphinx-guides/source/installation/prep.rst
index 33b1aa3c7b5..e61503fa615 100644
--- a/doc/sphinx-guides/source/installation/prep.rst
+++ b/doc/sphinx-guides/source/installation/prep.rst
@@ -110,7 +110,7 @@ Decisions to Make
 
 Here are some questions to keep in the back of your mind as you test and move into production:
 
-- How much storage do I need?
+- How much storage do I need? What is the scale of data I will need to handle (see :doc:`/admin/big-data-administration`)?
 - Which features do I want based on :ref:`architecture`?
 - How do I want my users to log in to the Dataverse installation? With local accounts? With Shibboleth/SAML? With OAuth providers such as ORCID, GitHub, or Google?
 - Do I want to to run my app server on the standard web ports (80 and 443) or do I want to "front" my app server with a proxy such as Apache or nginx? See "Network Ports" in the :doc:`config` section.
diff --git a/doc/sphinx-guides/source/user/dataset-management.rst b/doc/sphinx-guides/source/user/dataset-management.rst
index 0802d1255b6..6625314dcd8 100755
--- a/doc/sphinx-guides/source/user/dataset-management.rst
+++ b/doc/sphinx-guides/source/user/dataset-management.rst
@@ -388,7 +388,8 @@ If the bounding box was successfully populated, :ref:`geospatial-search` should
 Compressed Files
 ----------------
 
-Compressed files in .zip format are unpacked automatically. If a .zip file fails to unpack for whatever reason, it will upload as is. If the number of files inside are more than a set limit (1,000 by default, configurable by the Administrator), you will get an error message and the .zip file will upload as is.
+Depending on the configuration, compressed files in .zip format are unpacked automatically. If a .zip file is not unpacked, it will upload as is.
+If the number of files inside are more than a set limit (1,000 by default, configurable by the Administrator), you will get an error message and the .zip file will upload as is.
 
 If the uploaded .zip file contains a folder structure, the Dataverse installation will keep track of this structure. A file's location within this folder structure is displayed in the file metadata as the File Path. When you download the contents of the dataset, this folder structure will be preserved and files will appear in their original locations. 
 
@@ -396,6 +397,8 @@ These folder names are subject to strict validation rules. Only the following ch
 
 .. note:: If you upload multiple .zip files to one dataset, any subdirectories that are identical across multiple .zips will be merged together when the user downloads the full dataset.
 
+If a .zip file is not unpacked and Zip Previewer is installed (see :ref:`file-previews`), it will be possible for users to view the contents of the zip file and to download individual files from within the .zip.
+
 Other File Types
 ----------------
 

From db72308c22fb9645d5d548e2d5bc9cde06db4360 Mon Sep 17 00:00:00 2001
From: Jim Myers <qqmyers@hotmail.com>
Date: Thu, 13 Nov 2025 17:43:42 -0500
Subject: [PATCH 498/634] missed ,

---
 doc/sphinx-guides/source/admin/big-data-administration.rst | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/doc/sphinx-guides/source/admin/big-data-administration.rst b/doc/sphinx-guides/source/admin/big-data-administration.rst
index 390c231d01a..e413bfab6af 100644
--- a/doc/sphinx-guides/source/admin/big-data-administration.rst
+++ b/doc/sphinx-guides/source/admin/big-data-administration.rst
@@ -194,7 +194,7 @@ Challenges:
   Users will also need a Globus account in this case, and the remote endpoint must be configured to allow them access, i.e. be publicly readable, or potentially supporting some out-of-band mechanism for access requests (which could be described, for example, in the dataset's Terms of Use and Access).
 - As with remote stores, files can only be added in the Globus reference case via the Dataverse API.
 - While Globus itself can handle many (millions of) files of any size, Dataverse cannot handle more than thousands of files per dataset (at best) and some Globus endpoints may have limits on file sizes - both maximums and minimums (e.g. for tape storage where small files are inefficient).
-  Users will need to be made aware of these limitations and the possibilities for managing them (e.g. by aggregating multiple files in a single larger file, or storing smaller files in the base-store via the normal Dataverse upload UI).
+  Users will need to be made aware of these limitations and the possibilities for managing them (e.g. by aggregating multiple files in a single, larger file, or storing smaller files in the base-store via the normal Dataverse upload UI).
 - There is currently `a bug <https://github.com/gdcc/dataverse-globus/issues/2>`_ that won't allow users to transfer files from/to endpoints where they do not have permission to list the overall file tree (i.e. an institution manages <endpoint>/institution_name but the user only has access to <endpoint>/institution_name/my_dir.)
   Until that is fixed, a work-around is to first transfer data to an endpoint without this restriction.
 - An alternative, experimental implementation of Globus polling of ongoing upload transfers was added in v6.4. This framework does not rely on the instance staying up continuously for the duration of the transfer and saves the state information about Globus upload requests in the database. While it is now the recommended option, it is not enabled by default. See the ``globus-use-experimental-async-framework`` feature flag (see :ref:`feature-flags`) and the JVM option :ref:`dataverse.files.globus-monitoring-server`.

From 758f13f120b9d006178822bdf0ba9bccf1177148 Mon Sep 17 00:00:00 2001
From: Jim Myers <qqmyers@hotmail.com>
Date: Thu, 13 Nov 2025 17:46:45 -0500
Subject: [PATCH 499/634] add /index to doc link

---
 doc/sphinx-guides/source/admin/big-data-administration.rst | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/doc/sphinx-guides/source/admin/big-data-administration.rst b/doc/sphinx-guides/source/admin/big-data-administration.rst
index e413bfab6af..fb94f0e9cab 100644
--- a/doc/sphinx-guides/source/admin/big-data-administration.rst
+++ b/doc/sphinx-guides/source/admin/big-data-administration.rst
@@ -94,7 +94,7 @@ Other Considerations
 - Several features that involve Dataverse accessing files' contents, including unzipping zip files, are disabled when S3 direct upload is enabled. See :ref:`s3-direct-upload-features-disabled`.
 
 - Using direct upload stops Dataverse from inspecting the file bytes to determine the MIME type (with one exception - Stata files). Dataverse will still look at the file name and extension to determine the MIME type.
-- To perform "ingest" processing (see :doc:`/user/tabulardataingest`), Dataverse currently has to copy the file to local storage, negating the benefit of sending data directly to S3. To manage larger files, one can set a per-store
+- To perform "ingest" processing (see :doc:`/user/tabulardataingest/index`), Dataverse currently has to copy the file to local storage, negating the benefit of sending data directly to S3. To manage larger files, one can set a per-store
   ingest size limit (which can be 0 bytes) to stop ingest or limit it to smaller files (see :ref:`list-of-s3-storage-options`). 
 - Dataverse's mechanism for downloading a whole dataset or multiple selected files involves zipping those files together. Even When using S3 with direct upload/download,
   the file bytes are transferred to the Dataverse server as part of the zipping process. There are ways to reduce the performance impact of this:

From c06867f0020618cd1f34d64d49f14caddf628122 Mon Sep 17 00:00:00 2001
From: Jim Myers <qqmyers@hotmail.com>
Date: Fri, 14 Nov 2025 11:08:58 -0500
Subject: [PATCH 500/634] mime fix

---
 pom.xml                                                   | 2 +-
 src/main/java/META-INF/{mime.types => jakarta.mime.types} | 0
 2 files changed, 1 insertion(+), 1 deletion(-)
 rename src/main/java/META-INF/{mime.types => jakarta.mime.types} (100%)

diff --git a/pom.xml b/pom.xml
index a9d0bb0b26b..fc9bb5fd671 100644
--- a/pom.xml
+++ b/pom.xml
@@ -834,7 +834,7 @@
                 <includes>
                     <include>*.properties</include>
                     <include>**/*.properties</include>
-                    <include>**/mime.types</include>
+                    <include>**/jakarta.mime.types</include>
                     <include>**/*.R</include>
                 </includes>
             </resource>
diff --git a/src/main/java/META-INF/mime.types b/src/main/java/META-INF/jakarta.mime.types
similarity index 100%
rename from src/main/java/META-INF/mime.types
rename to src/main/java/META-INF/jakarta.mime.types

From 899c9e54b2b21fb1d655c8342bd172c108d47b2c Mon Sep 17 00:00:00 2001
From: Jim Myers <qqmyers@hotmail.com>
Date: Fri, 14 Nov 2025 14:24:59 -0500
Subject: [PATCH 501/634] old name for FileUtilTest

---
 src/main/java/META-INF/mime.types | 42 +++++++++++++++++++++++++++++++
 1 file changed, 42 insertions(+)
 create mode 100644 src/main/java/META-INF/mime.types

diff --git a/src/main/java/META-INF/mime.types b/src/main/java/META-INF/mime.types
new file mode 100644
index 00000000000..9ef3f2019be
--- /dev/null
+++ b/src/main/java/META-INF/mime.types
@@ -0,0 +1,42 @@
+# Common document formats
+application/pdf pdf PDF
+application/msword doc DOC
+application/vnd.ms-excel xls XLS xlc XLC xll XLL xlm XLM xlw XLW
+application/vnd.openxmlformats-officedocument.spreadsheetml.sheet xlsx XLSX
+text/comma-separated-values csv CSV
+text/plain txt TXT
+text/xml xml XML
+# Common statistical data formats
+text/tsv tab TAB tsv TSV
+text/x-fixed-field dat DAT asc ASC
+application/x-rlang-transport Rdata RData rdata RDATA
+type/x-r-syntax r R
+application/x-stata dta DTA
+text/x-stata-syntax do DO
+application/x-spss-sav sav SAV
+application/x-spss-por por POR
+text/x-spss-syntax sps SPS
+application/x-sas-transport xpt XPT cport CPORT v5x V5X v6x V6X v7x V7X
+application/x-sas-system sas7bdat SAS7BDAT sd1 SD1 sd2 SD2 sd7 SD7 ssd01 SSD01 ssd SSD ssd04 SSD04
+text/x-sas-syntax sas SAS
+# Common image formats
+image/gif gif GIF
+image/jpeg jpeg JPEG jpg JPG jpe JPE
+image/bmp bmp BMP
+image/x-portable-bitmap pbm PBM
+image/x-portable-graymap pgm PGM
+image/png png PNG
+image/x-portable-anymap pnm PNM
+image/x-portable-pixmap ppm PPM
+image/cmu-raster ras RAS
+image/x-rgb rgb RGB
+image/tiff tif TIF tiff TIFF
+image/x-xbitmap xbm XBM
+image/x-xpixmap xpm XPM
+image/x-xwindowdump xwd XWD
+# Common archive formats
+application/zip zip ZIP
+application/x-gzip gz GZ
+application/x-tar tar TAR
+# Rdata
+application/octet-stream
\ No newline at end of file

From 4489b7b9615679104fa4e8d1ee4ebeae7bfddafb Mon Sep 17 00:00:00 2001
From: Jim Myers <qqmyers@hotmail.com>
Date: Fri, 14 Nov 2025 14:40:58 -0500
Subject: [PATCH 502/634] restore mime.types in pom as well

---
 pom.xml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/pom.xml b/pom.xml
index fc9bb5fd671..629ca00a658 100644
--- a/pom.xml
+++ b/pom.xml
@@ -835,6 +835,7 @@
                     <include>*.properties</include>
                     <include>**/*.properties</include>
                     <include>**/jakarta.mime.types</include>
+                    <include>**/mime.types</include>
                     <include>**/*.R</include>
                 </includes>
             </resource>

From b93634722b512e8ab78e1f8440f3cb006680b968 Mon Sep 17 00:00:00 2001
From: Jim Myers <qqmyers@hotmail.com>
Date: Fri, 14 Nov 2025 15:22:07 -0500
Subject: [PATCH 503/634] document need to retain mime.types

---
 pom.xml                           | 3 +++
 src/main/java/META-INF/mime.types | 1 +
 2 files changed, 4 insertions(+)

diff --git a/pom.xml b/pom.xml
index 629ca00a658..779136f09eb 100644
--- a/pom.xml
+++ b/pom.xml
@@ -834,6 +834,9 @@
                 <includes>
                     <include>*.properties</include>
                     <include>**/*.properties</include>
+                    <!-- As of https://github.com/payara/Payara/issues/7741, Payara uses the jakarta.mime.types file. 
+                         The original mime.types file (with the same content) is retained to support the FileUtilTest.testGZipFile.
+                     -->
                     <include>**/jakarta.mime.types</include>
                     <include>**/mime.types</include>
                     <include>**/*.R</include>
diff --git a/src/main/java/META-INF/mime.types b/src/main/java/META-INF/mime.types
index 9ef3f2019be..6f8aaec6d25 100644
--- a/src/main/java/META-INF/mime.types
+++ b/src/main/java/META-INF/mime.types
@@ -1,3 +1,4 @@
+# mime.types is a copy of jakarta.mime.types which only used in unit tests (specifically FileUtilTest.testGZipFile)
 # Common document formats
 application/pdf pdf PDF
 application/msword doc DOC

From 886a9cfe4bfb8c220a5b0ccb8615e3942f68e920 Mon Sep 17 00:00:00 2001
From: Oliver Bertuch <o.bertuch@fz-juelich.de>
Date: Fri, 14 Nov 2025 22:51:48 +0100
Subject: [PATCH 504/634] feat(db): add `SettingsCleanupCallback` to remove
 invalid settings after migrations #11654

Introduced a Flyway callback to clean up entries in the `setting` table with unknown keys post-migration. Updated `StartupFlywayMigrator` to register this callback.
---
 .../flyway/SettingsCleanupCallback.java       | 103 ++++++++++++++++++
 .../flyway/StartupFlywayMigrator.java         |   8 ++
 2 files changed, 111 insertions(+)
 create mode 100644 src/main/java/edu/harvard/iq/dataverse/flyway/SettingsCleanupCallback.java

diff --git a/src/main/java/edu/harvard/iq/dataverse/flyway/SettingsCleanupCallback.java b/src/main/java/edu/harvard/iq/dataverse/flyway/SettingsCleanupCallback.java
new file mode 100644
index 00000000000..4b02f07a810
--- /dev/null
+++ b/src/main/java/edu/harvard/iq/dataverse/flyway/SettingsCleanupCallback.java
@@ -0,0 +1,103 @@
+package edu.harvard.iq.dataverse.flyway;
+
+import edu.harvard.iq.dataverse.settings.SettingsServiceBean;
+import org.flywaydb.core.api.FlywayException;
+import org.flywaydb.core.api.callback.Callback;
+import org.flywaydb.core.api.callback.Context;
+import org.flywaydb.core.api.callback.Event;
+
+import java.sql.Connection;
+import java.sql.PreparedStatement;
+import java.sql.ResultSet;
+import java.sql.SQLException;
+import java.util.ArrayList;
+import java.util.List;
+import java.util.logging.Level;
+import java.util.logging.Logger;
+
+/**
+ * Flyway callback that runs after all migrations and removes any settings
+ * whose "name" column does not correspond to a SettingsServiceBean.Key.
+ *
+ * This enforces that the settings table contains only keys known to the
+ * current application version.
+ */
+public class SettingsCleanupCallback implements Callback {
+
+    private static final Logger logger = Logger.getLogger(SettingsCleanupCallback.class.getName());
+
+    @Override
+    public boolean supports(Event event, Context context) {
+        // Only run after all migrations have completed successfully.
+        return event == Event.AFTER_MIGRATE;
+    }
+
+    @Override
+    public boolean canHandleInTransaction(Event event, Context context) {
+        // Prefer to run inside the same transaction
+        return true;
+    }
+
+    @Override
+    public void handle(Event event, Context context) {
+        if (event != Event.AFTER_MIGRATE) {
+            return;
+        }
+
+        logger.info("Starting settings cleanup: removing entries with unknown keys");
+
+        try {
+            cleanupInvalidSettings(context.getConnection());
+        } catch (SQLException e) {
+            logger.log(Level.SEVERE, "Error while cleaning up settings table", e);
+            throw new FlywayException("Failed to clean up invalid settings", e);
+        }
+
+        logger.info("Finished cleaning up settings");
+    }
+    
+    @Override
+    public String getCallbackName() {
+        return "SettingsCleanup";
+    }
+    
+    private void cleanupInvalidSettings(Connection connection) throws SQLException {
+        // Collect IDs of rows to delete
+        List<Long> idsToDelete = new ArrayList<>();
+
+        String selectSql = "SELECT id, name FROM setting";
+        try (PreparedStatement ps = connection.prepareStatement(selectSql);
+             ResultSet rs = ps.executeQuery()) {
+
+            while (rs.next()) {
+                long id = rs.getLong("id");
+                String name = rs.getString("name");
+
+                // We expect names like ":KeyName". Anything that does not parse
+                // to a SettingsServiceBean.Key is considered invalid and will be removed.
+                SettingsServiceBean.Key key = SettingsServiceBean.Key.parse(name);
+                if (key == null) {
+                    idsToDelete.add(id);
+                }
+            }
+        }
+
+        if (idsToDelete.isEmpty()) {
+            logger.fine("Settings cleanup: no invalid settings found");
+            return;
+        }
+
+        logger.info(() -> "Settings cleanup: found " + idsToDelete.size()
+                + " invalid settings; deleting them");
+
+        String deleteSql = "DELETE FROM setting WHERE id = ?";
+        try (PreparedStatement delete = connection.prepareStatement(deleteSql)) {
+            for (Long id : idsToDelete) {
+                delete.setLong(1, id);
+                delete.addBatch();
+            }
+            int[] counts = delete.executeBatch();
+            logger.info(() -> "Settings cleanup: deleted " + counts.length + " rows with invalid keys");
+        }
+    }
+}
diff --git a/src/main/java/edu/harvard/iq/dataverse/flyway/StartupFlywayMigrator.java b/src/main/java/edu/harvard/iq/dataverse/flyway/StartupFlywayMigrator.java
index 39bc46216ca..06c6048c65a 100644
--- a/src/main/java/edu/harvard/iq/dataverse/flyway/StartupFlywayMigrator.java
+++ b/src/main/java/edu/harvard/iq/dataverse/flyway/StartupFlywayMigrator.java
@@ -27,6 +27,14 @@ void migrateDatabase() {
 
         Flyway flyway = Flyway.configure()
                 .dataSource(dataSource)
+                .locations(
+                    // Path where to find normal SQL migrations
+                    "classpath:db/migration",
+                    // Path where to find compiled Java migrations
+                    "classpath:edu/harvard/iq/dataverse/flyway"
+                )
+                // Java-based callbacks are not auto-discovered (unlike migrations)
+                .callbacks(new SettingsCleanupCallback())
                 .baselineOnMigrate(true)
                 .load();
 

From f7b54e079def2537c4ad41ec8bb2cf116f3bbb83 Mon Sep 17 00:00:00 2001
From: Steven Winship <39765413+stevenwinship@users.noreply.github.com>
Date: Mon, 17 Nov 2025 10:40:55 -0500
Subject: [PATCH 505/634] safe proof sql calls

---
 .../iq/dataverse/DataFileServiceBean.java     | 65 ++++---------------
 1 file changed, 14 insertions(+), 51 deletions(-)

diff --git a/src/main/java/edu/harvard/iq/dataverse/DataFileServiceBean.java b/src/main/java/edu/harvard/iq/dataverse/DataFileServiceBean.java
index 271cdcafd11..b2949aab0de 100644
--- a/src/main/java/edu/harvard/iq/dataverse/DataFileServiceBean.java
+++ b/src/main/java/edu/harvard/iq/dataverse/DataFileServiceBean.java
@@ -40,6 +40,7 @@
 import jakarta.inject.Named;
 import jakarta.persistence.*;
 import jakarta.persistence.criteria.*;
+import org.jsoup.internal.StringUtil;
 
 /**
  *
@@ -281,60 +282,22 @@ public List<FileMetadata> findFileMetadataByDatasetVersionId(Long datasetVersion
                     .setMaxResults(maxResults)
                     .getResultList();
     }
-    
-    public List<FileMetadata> findFileMetadataByDatasetVersionIdLabelSearchTerm(Long datasetVersionId, String searchTerm, String userSuppliedSortField, String userSuppliedSortOrder){
-        FileSortFieldAndOrder sortFieldAndOrder = new FileSortFieldAndOrder(userSuppliedSortField, userSuppliedSortOrder);
 
-        String sortField = sortFieldAndOrder.getSortField();
-        String sortOrder = sortFieldAndOrder.getSortOrder();
-        String searchClause = "";
-        if(searchTerm != null && !searchTerm.isEmpty()){
-            searchClause = " and  (lower(o.label) like '%" + searchTerm.toLowerCase() + "%' or lower(o.description) like '%" + searchTerm.toLowerCase() + "%')";
-        }
-        
-        String queryString = "select o from FileMetadata o where o.datasetVersion.id = :datasetVersionId"
-                + searchClause
-                + " order by o." + sortField + " " + sortOrder;
-        return em.createQuery(queryString, FileMetadata.class) 
-            .setParameter("datasetVersionId", datasetVersionId)
-            .getResultList();
-    }
-    
-    public List<Integer> findFileMetadataIdsByDatasetVersionIdLabelSearchTerm(Long datasetVersionId, String searchTerm, String userSuppliedSortField, String userSuppliedSortOrder){
-        FileSortFieldAndOrder sortFieldAndOrder = new FileSortFieldAndOrder(userSuppliedSortField, userSuppliedSortOrder);
-        
-        searchTerm=searchTerm.trim();
-        String sortField = sortFieldAndOrder.getSortField();
-        String sortOrder = sortFieldAndOrder.getSortOrder();
-        String searchClause = "";
-        if(searchTerm != null && !searchTerm.isEmpty()){
-            searchClause = " and  (lower(o.label) like '%" + searchTerm.toLowerCase() + "%' or lower(o.description) like '%" + searchTerm.toLowerCase() + "%')";
-        }
-        
-        //the createNativeQuary takes persistant entities, which Integer.class is not,
-        //which is causing the exception. Hence, this query does not need an Integer.class
-        //as the second parameter. 
-        return em.createNativeQuery("select o.id from FileMetadata o where o.datasetVersion_id = "  + datasetVersionId
-                + searchClause
-                + " order by o." + sortField + " " + sortOrder)
-                .getResultList();
-    }
-    
-    public List<Long> findDataFileIdsByDatasetVersionIdLabelSearchTerm(Long datasetVersionId, String searchTerm, String userSuppliedSortField, String userSuppliedSortOrder){
+    public List<Long> findDataFileIdsByDatasetVersionIdLabelSearchTerm(Long datasetVersionId, String userSuppliedSearchTerm, String userSuppliedSortField, String userSuppliedSortOrder) {
         FileSortFieldAndOrder sortFieldAndOrder = new FileSortFieldAndOrder(userSuppliedSortField, userSuppliedSortOrder);
-        
-        searchTerm=searchTerm.trim();
-        String sortField = sortFieldAndOrder.getSortField();
-        String sortOrder = sortFieldAndOrder.getSortOrder();
-        String searchClause = "";
-        if(searchTerm != null && !searchTerm.isEmpty()){
-            searchClause = " and  (lower(o.label) like '%" + searchTerm.toLowerCase() + "%' or lower(o.description) like '%" + searchTerm.toLowerCase() + "%')";
+        String searchTerm = !StringUtil.isBlank(userSuppliedSearchTerm) ? "%"+userSuppliedSearchTerm.trim().toLowerCase()+"%" : null;
+
+        String selectClause = "select o.datafile_id from FileMetadata o where o.datasetversion_id = " + datasetVersionId;
+        String searchClause = searchTerm != null ? " and (lower(o.label) like ? or lower(o.description) like ?)" : "";
+        String orderByClause = " order by o." + sortFieldAndOrder.getSortField() + " " + sortFieldAndOrder.getSortOrder();
+
+        // NOTE: since datafile_id and datasetversion_id are indexes we can't use a TypedQuery
+        Query query = em.createNativeQuery(selectClause + searchClause + orderByClause);
+        if (searchTerm != null) {
+            query.setParameter(1, searchTerm);
+            query.setParameter(2, searchTerm);
         }
-        
-        return em.createNativeQuery("select o.datafile_id from FileMetadata o where o.datasetVersion_id = "  + datasetVersionId
-                + searchClause
-                + " order by o." + sortField + " " + sortOrder)
-                .getResultList();
+        return query.getResultList();
     }
     
     public List<FileMetadata> findFileMetadataByDatasetVersionIdLazy(Long datasetVersionId, int maxResults, String userSuppliedSortField, String userSuppliedSortOrder, int firstResult) {

From 50b7a96be9506d93e27c3c6e7bd3c067f2d99cd1 Mon Sep 17 00:00:00 2001
From: Philip Durbin <philip_durbin@harvard.edu>
Date: Mon, 17 Nov 2025 14:45:51 -0500
Subject: [PATCH 506/634] update docs to suggest using Docker in production
 (#11862)

---
 .../source/container/app-image.rst            |  5 ----
 .../source/container/base-image.rst           |  5 ----
 .../source/container/dev-usage.rst            |  2 +-
 doc/sphinx-guides/source/container/intro.rst  |  2 +-
 .../source/container/running/production.rst   | 24 +++++++------------
 .../source/installation/intro.rst             |  6 +++--
 .../source/installation/prep.rst              |  9 ++++++-
 modules/container-base/README.md              |  5 ----
 modules/container-configbaker/README.md       |  5 ----
 9 files changed, 23 insertions(+), 40 deletions(-)

diff --git a/doc/sphinx-guides/source/container/app-image.rst b/doc/sphinx-guides/source/container/app-image.rst
index 47055bd3786..13133a9760f 100644
--- a/doc/sphinx-guides/source/container/app-image.rst
+++ b/doc/sphinx-guides/source/container/app-image.rst
@@ -17,11 +17,6 @@ Within the main repository, you may find the application image's files at ``<git
 This is the same Maven module providing a Dataverse WAR file for classic installations, and uses the
 `Maven Docker Plugin <https://dmp.fabric8.io>`_ to build and ship the image within a special Maven profile.
 
-**NOTE: This image is created, maintained and supported by the Dataverse community on a best-effort basis.**
-IQSS will not offer you support how to deploy or run it, please reach out to the community for help on using it.
-You might be interested in taking a look at :doc:`../developers/containers`, linking you to some (community-based)
-efforts.
-
 .. _app-image-supported-tags:
 
 Supported Image Tags
diff --git a/doc/sphinx-guides/source/container/base-image.rst b/doc/sphinx-guides/source/container/base-image.rst
index 4adc6bb6fb1..8b8079c7b6e 100644
--- a/doc/sphinx-guides/source/container/base-image.rst
+++ b/doc/sphinx-guides/source/container/base-image.rst
@@ -16,11 +16,6 @@ Within the main repository, you may find the base image's files at ``<git root>/
 This Maven module uses the `Maven Docker Plugin <https://dmp.fabric8.io>`_ to build and ship the image.
 You may use, extend, or alter this image to your liking and/or host in some different registry if you want to.
 
-**NOTE: This image is created, maintained and supported by the Dataverse community on a best-effort basis.**
-IQSS will not offer you support how to deploy or run it, please reach out to the community (:ref:`support`) for help on using it.
-You might be interested in taking a look at :doc:`../developers/containers`, linking you to some (community-based)
-efforts.
-
 .. _base-image-supported-tags:
 
 Supported Image Tags
diff --git a/doc/sphinx-guides/source/container/dev-usage.rst b/doc/sphinx-guides/source/container/dev-usage.rst
index aa9061af88a..7bce7158cb3 100644
--- a/doc/sphinx-guides/source/container/dev-usage.rst
+++ b/doc/sphinx-guides/source/container/dev-usage.rst
@@ -1,7 +1,7 @@
 Development Usage
 =================
 
-Please note! This Docker setup is not for production!
+Please note! This Docker setup is not for :doc:`production <running/production>`!
 
 .. contents:: |toctitle|
         :local:
diff --git a/doc/sphinx-guides/source/container/intro.rst b/doc/sphinx-guides/source/container/intro.rst
index 5099531dcc9..77187f2b40b 100644
--- a/doc/sphinx-guides/source/container/intro.rst
+++ b/doc/sphinx-guides/source/container/intro.rst
@@ -9,7 +9,7 @@ Dataverse in containers!
 Intended Audience
 -----------------
 
-This guide is intended for anyone who wants to run Dataverse in containers. This is potentially a wide audience, from sysadmins interested in running Dataverse in production in containers (not recommended yet) to contributors working on a bug fix (encouraged!). See :doc:`running/index` for various scenarios and please let us know if your use case is not covered.
+This guide is intended for anyone who wants to run Dataverse in containers. This is potentially a wide audience, from sysadmins interested in running Dataverse in production in containers to contributors working on a bug fix. See :doc:`running/index` for various scenarios and please let us know if your use case is not covered.
 
 .. _getting-help-containers:
 
diff --git a/doc/sphinx-guides/source/container/running/production.rst b/doc/sphinx-guides/source/container/running/production.rst
index 4fe16447d7e..723e4d31298 100644
--- a/doc/sphinx-guides/source/container/running/production.rst
+++ b/doc/sphinx-guides/source/container/running/production.rst
@@ -1,5 +1,5 @@
-Production (Future)
-===================
+Production
+==========
 
 .. contents:: |toctitle|
 	:local:
@@ -7,21 +7,15 @@ Production (Future)
 Status
 ------
 
-The images described in this guide are not yet recommended for production usage, but we think we are close. (Tagged releases are done; see the "supported image tags" section for :ref:`Application <app-image-supported-tags>` and :ref:`Config Baker <config-image-supported-tags>` images.) For now, please see :doc:`demo`.
+As of Dataverse 6.8, when we introduced image tagging per version (see the :ref:`app-image-supported-tags` section for the :ref:`application image <app-image-supported-tags>`), we feel that the images described in this guide are ready for production use. Enjoy!
 
-We'd like to make the following improvements:
+The images and the documentation is not perfect, of course.
 
-- More docs on setting up additional features
+For now, we recommend following the :doc:`demo` tutorial. It will help you learn how to configure and secure your installation. Not that instead of "latest" you might want to select a specific version. Again see :ref:`app-image-supported-tags`.
 
-  - How to set up Rserve.
+The Dataverse guides were originally written with a non-Docker installation in mind so we'd like rewrite them with both Docker and non-Docker in mind. This is a big job, obviously. 😅 We know we'd like to write more about ports. We'd like to explain `how to set up Rserve <https://github.com/IQSS/dataverse/issues/11731>`_. Etc., etc.
 
-- Go through all the features in docs and check what needs to be done differently with containers
-
-  - Check ports, for example.
-
-To join the discussion on what else might be needed before declaring images ready for production, please comment on https://dataverse.zulipchat.com/#narrow/stream/375812-containers/topic/containers.20for.20production/near/434979159
-
-You are also very welcome to join our meetings. See "how to help" below.
+To talk about your ideas for making the images and docs better for production, please feel free to join the `containers for production <https://dataverse.zulipchat.com/#narrow/channel/375812-containers/topic/containers.20for.20production/with/451611258>`_ topic or join a working group meeting (see :ref:`helping-containers`).
 
 Limitations
 -----------
@@ -31,9 +25,9 @@ Limitations
 How to Help
 -----------
 
-You can help the effort to support these images in production by trying them out (see :doc:`demo`) and giving feedback (see :ref:`helping-containers`).
+Please try the images (see :doc:`demo`) and give feedback (see :ref:`helping-containers`)! ❤️
 
 Alternatives
 ------------
 
-Until the images are ready for production, please use the traditional installation method described in the :doc:`/installation/index`.
+The traditional (non-Docker) installation method is described in the :doc:`/installation/index`.
\ No newline at end of file
diff --git a/doc/sphinx-guides/source/installation/intro.rst b/doc/sphinx-guides/source/installation/intro.rst
index 1c239863e98..e13c22824b7 100644
--- a/doc/sphinx-guides/source/installation/intro.rst
+++ b/doc/sphinx-guides/source/installation/intro.rst
@@ -17,16 +17,18 @@ Jump ahead to :doc:`config` or :doc:`upgrading` for an existing Dataverse instal
 Intended Audience
 -----------------
 
-This guide is intended primarily for sysadmins who are installing, configuring, and upgrading a Dataverse installation. 
+This guide is intended primarily for sysadmins who are installing, configuring, and upgrading a Dataverse installation. This guide was written with non-Docker installation in mind but if you're interested in Docker, see the :doc:`/container/index`.
 
 Sysadmins are expected to be comfortable using standard Linux commands, issuing ``curl`` commands, and running SQL scripts.
 
 Related Guides
 --------------
 
+See the :doc:`/container/index` if you want to run Dataverse in Docker.
+
 Many "admin" functions can be performed by Dataverse installation users themselves (non-superusers) as documented in the :doc:`/user/index` and that guide is a good introduction to the features of the Dataverse Software from an end user perspective.
 
-If you are a sysadmin who likes to code, you may find the :doc:`/api/index` useful, and you may want to consider improving the installation script or hacking on the community-lead configuration management options mentioned in the :doc:`prep` section. If you **really** like to code and want to help with the Dataverse Software code, please check out the :doc:`/developers/index`!
+If you are a sysadmin who likes to code, you may find the :doc:`/api/index` useful, and you may want to consider improving the installation script or hacking on the community-lead configuration management options mentioned in the :doc:`prep` section. If you **really** like to code and want to help with the Dataverse code or documentation, please check out the :doc:`/contributor/index` and the :doc:`/developers/index`!
 
 .. _support:
 
diff --git a/doc/sphinx-guides/source/installation/prep.rst b/doc/sphinx-guides/source/installation/prep.rst
index 33b1aa3c7b5..748400827be 100644
--- a/doc/sphinx-guides/source/installation/prep.rst
+++ b/doc/sphinx-guides/source/installation/prep.rst
@@ -19,6 +19,13 @@ Standard Installation
 
 Installing the Dataverse Software involves some system configuration followed by executing an installation script that will guide you through the installation process as described in :doc:`installation-main`, but reading about the :ref:`architecture` of the Dataverse Software is recommended first.
 
+.. _docker-installation:
+
+Docker Installation
++++++++++++++++++++
+
+See the :doc:`/container/index`, especially :doc:`/container/running/index` and :doc:`/container/running/production`.
+
 .. _advanced:
 
 Advanced Installation
@@ -32,7 +39,7 @@ There are some community-lead projects to use configuration management tools suc
 
 (Please note that the "dataverse-ansible" repo is used in a script that allows the Dataverse Software to be installed on Amazon Web Services (AWS) from arbitrary GitHub branches as described in the :doc:`/developers/deployment` section of the Developer Guide.)
 
-The Dataverse Project team is happy to "bless" additional community efforts along these lines (i.e. Docker, Chef, Salt, etc.) by creating a repo under https://github.com/gdcc and managing team access.
+The Dataverse Project team is happy to "bless" additional community efforts along these lines (i.e. Chef, Salt, etc.) by creating a repo under https://github.com/gdcc and managing team access.
 
 The Dataverse Software permits a fair amount of flexibility in where you choose to install the various components. The diagram below shows a load balancer, multiple proxies and web servers, redundant database servers, and offloading of potentially resource intensive work to a separate server. (Glassfish is shown rather than Payara.)
 
diff --git a/modules/container-base/README.md b/modules/container-base/README.md
index 7a39457b766..bfe3da3d08e 100644
--- a/modules/container-base/README.md
+++ b/modules/container-base/README.md
@@ -13,10 +13,6 @@ this image for other purposes than the Dataverse application.
 
 ## Quick Reference
 
-**Maintained by:** 
-
-This image is created, maintained and supported by the Dataverse community on a best-effort basis.
-
 **Where to find documentation:**
 
 The [Dataverse Container Guide - Base Image](https://guides.dataverse.org/en/latest/container/base-image.html)
@@ -24,7 +20,6 @@ provides in-depth information about content, building, tuning and so on for this
 
 **Where to get help and ask questions:**
 
-IQSS will not offer support on how to deploy or run it. Please reach out to the community for help on using it.
 You can join the Community Chat at https://chat.dataverse.org and https://groups.google.com/g/dataverse-community
 to ask for help and guidance.
 
diff --git a/modules/container-configbaker/README.md b/modules/container-configbaker/README.md
index 8b68e3db692..d05fa2103ff 100644
--- a/modules/container-configbaker/README.md
+++ b/modules/container-configbaker/README.md
@@ -7,10 +7,6 @@ You may use this image as is, base your own derivative image on it or use bind m
 
 ## Quick Reference
 
-**Maintained by:** 
-
-This image is created, maintained and supported by the Dataverse community on a best-effort basis.
-
 **Where to find documentation:**
 
 The [Dataverse Container Guide - Config Baker Image](https://guides.dataverse.org/en/latest/container/configbaker-image.html)
@@ -18,7 +14,6 @@ provides information about this image.
 
 **Where to get help and ask questions:**
 
-IQSS will not offer support on how to deploy or run it. Please reach out to the community for help on using it.
 You can join the Community Chat at https://chat.dataverse.org and https://groups.google.com/g/dataverse-community
 to ask for help and guidance.
 

From c5a96bafed1b8dea2d837d0ee71424214607ead6 Mon Sep 17 00:00:00 2001
From: Steven Winship <39765413+stevenwinship@users.noreply.github.com>
Date: Mon, 17 Nov 2025 14:55:43 -0500
Subject: [PATCH 507/634] doc update sphinx 7.2.6 -> 7.4.0

---
 doc/sphinx-guides/source/contributor/documentation.md | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/doc/sphinx-guides/source/contributor/documentation.md b/doc/sphinx-guides/source/contributor/documentation.md
index 614dba1d6a0..3d95a11c24f 100644
--- a/doc/sphinx-guides/source/contributor/documentation.md
+++ b/doc/sphinx-guides/source/contributor/documentation.md
@@ -66,7 +66,7 @@ From a terminal, switch to the "dataverse" directory you just cloned. This is th
 
 Then try running this command:
 
-`docker run -it --rm -v $(pwd):/docs sphinxdoc/sphinx:7.2.6 bash -c "cd doc/sphinx-guides && pip3 install -r requirements.txt && make html"`
+`docker run -it --rm -v $(pwd):/docs sphinxdoc/sphinx:7.4.0 bash -c "cd doc/sphinx-guides && pip3 install -r requirements.txt && make html"`
 
 If all goes well, you should be able to open `doc/sphinx-guides/build/html/index.html` to see the guides you just built.
 
@@ -187,7 +187,7 @@ The HTML version of the guides is the official one. Any other formats are mainta
 
 If you would like to build a PDF version of the guides and have Docker installed, please try the command below from the root of the git repo:
 
-`docker run -it --rm -v $(pwd):/docs sphinxdoc/sphinx-latexpdf:7.2.6 bash -c "cd doc/sphinx-guides && pip3 install -r requirements.txt && make latexpdf LATEXMKOPTS=\"-interaction=nonstopmode\"; cd ../.. && ls -1 doc/sphinx-guides/build/latex/Dataverse.pdf"`
+`docker run -it --rm -v $(pwd):/docs sphinxdoc/sphinx-latexpdf:7.4.0 bash -c "cd doc/sphinx-guides && pip3 install -r requirements.txt && make latexpdf LATEXMKOPTS=\"-interaction=nonstopmode\"; cd ../.. && ls -1 doc/sphinx-guides/build/latex/Dataverse.pdf"`
 
 A few notes about the command above:
 

From 5e470142e225f4aef3ef4a75e12022ba9f0ff194 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 17 Nov 2025 15:06:33 -0500
Subject: [PATCH 508/634] Bump appleboy/ssh-action from 1.2.2 to 1.2.3 (#11970)

Bumps [appleboy/ssh-action](https://github.com/appleboy/ssh-action) from 1.2.2 to 1.2.3.
- [Release notes](https://github.com/appleboy/ssh-action/releases)
- [Changelog](https://github.com/appleboy/ssh-action/blob/master/.goreleaser.yaml)
- [Commits](https://github.com/appleboy/ssh-action/compare/v1.2.2...v1.2.3)

---
updated-dependencies:
- dependency-name: appleboy/ssh-action
  dependency-version: 1.2.3
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Steven Winship <39765413+stevenwinship@users.noreply.github.com>
---
 .github/workflows/deploy_beta_testing.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/deploy_beta_testing.yml b/.github/workflows/deploy_beta_testing.yml
index efb9d9685b8..48fd5c80d3b 100644
--- a/.github/workflows/deploy_beta_testing.yml
+++ b/.github/workflows/deploy_beta_testing.yml
@@ -69,7 +69,7 @@ jobs:
           overwrite: true
 
       - name: Execute payara war deployment remotely
-        uses: appleboy/ssh-action@v1.2.2
+        uses: appleboy/ssh-action@v1.2.3
         env:
           INPUT_WAR_FILE: ${{ env.war_file }}
         with:

From 79a592672410097de8cfc1bbb5f0c61ddcf408a5 Mon Sep 17 00:00:00 2001
From: Steven Winship <39765413+stevenwinship@users.noreply.github.com>
Date: Tue, 18 Nov 2025 06:58:53 -0500
Subject: [PATCH 509/634] address review comments

---
 .../java/edu/harvard/iq/dataverse/DataFileServiceBean.java   | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/src/main/java/edu/harvard/iq/dataverse/DataFileServiceBean.java b/src/main/java/edu/harvard/iq/dataverse/DataFileServiceBean.java
index b2949aab0de..1c880ce464b 100644
--- a/src/main/java/edu/harvard/iq/dataverse/DataFileServiceBean.java
+++ b/src/main/java/edu/harvard/iq/dataverse/DataFileServiceBean.java
@@ -40,7 +40,7 @@
 import jakarta.inject.Named;
 import jakarta.persistence.*;
 import jakarta.persistence.criteria.*;
-import org.jsoup.internal.StringUtil;
+import org.apache.commons.lang3.StringUtils;
 
 /**
  *
@@ -285,13 +285,12 @@ public List<FileMetadata> findFileMetadataByDatasetVersionId(Long datasetVersion
 
     public List<Long> findDataFileIdsByDatasetVersionIdLabelSearchTerm(Long datasetVersionId, String userSuppliedSearchTerm, String userSuppliedSortField, String userSuppliedSortOrder) {
         FileSortFieldAndOrder sortFieldAndOrder = new FileSortFieldAndOrder(userSuppliedSortField, userSuppliedSortOrder);
-        String searchTerm = !StringUtil.isBlank(userSuppliedSearchTerm) ? "%"+userSuppliedSearchTerm.trim().toLowerCase()+"%" : null;
+        String searchTerm = !StringUtils.isBlank(userSuppliedSearchTerm) ? "%"+userSuppliedSearchTerm.trim().toLowerCase()+"%" : null;
 
         String selectClause = "select o.datafile_id from FileMetadata o where o.datasetversion_id = " + datasetVersionId;
         String searchClause = searchTerm != null ? " and (lower(o.label) like ? or lower(o.description) like ?)" : "";
         String orderByClause = " order by o." + sortFieldAndOrder.getSortField() + " " + sortFieldAndOrder.getSortOrder();
 
-        // NOTE: since datafile_id and datasetversion_id are indexes we can't use a TypedQuery
         Query query = em.createNativeQuery(selectClause + searchClause + orderByClause);
         if (searchTerm != null) {
             query.setParameter(1, searchTerm);

From c95b0e922fc14d6d9c331da7c712b823a01e2bdc Mon Sep 17 00:00:00 2001
From: qqmyers <qqmyers@hotmail.com>
Date: Tue, 18 Nov 2025 16:58:36 -0500
Subject: [PATCH 510/634] fix #11990

---
 src/main/java/edu/harvard/iq/dataverse/DatasetField.java | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/src/main/java/edu/harvard/iq/dataverse/DatasetField.java b/src/main/java/edu/harvard/iq/dataverse/DatasetField.java
index a735ae7470c..0f47caf256b 100644
--- a/src/main/java/edu/harvard/iq/dataverse/DatasetField.java
+++ b/src/main/java/edu/harvard/iq/dataverse/DatasetField.java
@@ -197,6 +197,7 @@ public void setDatasetFieldValues(List<DatasetFieldValue> datasetFieldValues) {
 
     @ManyToMany(cascade = {CascadeType.MERGE})
     @JoinTable(indexes = {@Index(columnList="datasetfield_id"),@Index(columnList="controlledvocabularyvalues_id")})
+    @OrderBy("displayOrder ASC")
     private List<ControlledVocabularyValue> controlledVocabularyValues = new ArrayList<>();
 
     public List<ControlledVocabularyValue> getControlledVocabularyValues() {
@@ -604,14 +605,15 @@ private DatasetField copy(Object versionOrTemplate, DatasetFieldCompoundValue pa
         
         if (versionOrTemplate != null) {
             if (versionOrTemplate instanceof DatasetVersion) {
-                dsf.setDatasetVersion((DatasetVersion) versionOrTemplate);               
+                dsf.setDatasetVersion((DatasetVersion) versionOrTemplate);
             } else {
                 dsf.setTemplate((Template) versionOrTemplate);
             }
         }
         
         dsf.setParentDatasetFieldCompoundValue(parent);
-        dsf.setControlledVocabularyValues(controlledVocabularyValues);
+        
+        dsf.getControlledVocabularyValues().addAll(controlledVocabularyValues);
 
         for (DatasetFieldValue dsfv : datasetFieldValues) {
             dsf.getDatasetFieldValues().add(dsfv.copy(dsf));

From bf9cc0dd3eb15fdb5981ea6d410acabcc3f7cd8b Mon Sep 17 00:00:00 2001
From: qqmyers <qqmyers@hotmail.com>
Date: Tue, 18 Nov 2025 17:16:41 -0500
Subject: [PATCH 511/634] release note

---
 doc/release-notes/11990-controlled-vocab-edit-error.md | 5 +++++
 1 file changed, 5 insertions(+)
 create mode 100644 doc/release-notes/11990-controlled-vocab-edit-error.md

diff --git a/doc/release-notes/11990-controlled-vocab-edit-error.md b/doc/release-notes/11990-controlled-vocab-edit-error.md
new file mode 100644
index 00000000000..8e98d10b40a
--- /dev/null
+++ b/doc/release-notes/11990-controlled-vocab-edit-error.md
@@ -0,0 +1,5 @@
+### Bug Fix
+
+Editing a controlled vocabulary field (i.e. one with values specified in the field's metadatablock) that only allows a single selection would also update the value in the prior published version if (and only if) the edit was made starting from the published version (versus an existing draft). This is now fixed.
+The bug appears to be 11+ years old and previously unreported. As the value in the database was overwritten, there is no simple way to detect if/when this occurred without looking at backups or archival file copies. 
+ 

From 722a0bf6a837dede03a1b8de95c5b79fbe28a2e3 Mon Sep 17 00:00:00 2001
From: qqmyers <qqmyers@hotmail.com>
Date: Tue, 18 Nov 2025 17:25:50 -0500
Subject: [PATCH 512/634] unrelated change

---
 src/main/java/edu/harvard/iq/dataverse/DatasetField.java | 1 -
 1 file changed, 1 deletion(-)

diff --git a/src/main/java/edu/harvard/iq/dataverse/DatasetField.java b/src/main/java/edu/harvard/iq/dataverse/DatasetField.java
index 0f47caf256b..dc19f73cd81 100644
--- a/src/main/java/edu/harvard/iq/dataverse/DatasetField.java
+++ b/src/main/java/edu/harvard/iq/dataverse/DatasetField.java
@@ -172,7 +172,6 @@ public void setParentDatasetFieldCompoundValue(DatasetFieldCompoundValue parentD
     }
 
     @OneToMany(mappedBy = "parentDatasetField", orphanRemoval = true, cascade = {CascadeType.REMOVE, CascadeType.MERGE, CascadeType.PERSIST})
-    @OrderBy("displayOrder ASC")
     private List<DatasetFieldCompoundValue> datasetFieldCompoundValues = new ArrayList<>();
 
     public List<DatasetFieldCompoundValue> getDatasetFieldCompoundValues() {

From 8feb8d068a38b1e21386b89f0f9855151b9fa19c Mon Sep 17 00:00:00 2001
From: Leonid Andreev <leonid@hmdc.harvard.edu>
Date: Thu, 20 Nov 2025 11:26:45 -0500
Subject: [PATCH 513/634] A straightforward implementation of extending
 configurable stoage quotas to individual datasets. #11987

---
 .../iq/dataverse/DatasetServiceBean.java      | 30 +++++++++
 .../harvard/iq/dataverse/api/Datasets.java    | 64 +++++++++++++++++++
 .../impl/DeleteDatasetQuotaCommand.java       | 53 +++++++++++++++
 .../impl/GetCollectionQuotaCommand.java       |  1 -
 .../command/impl/GetDatasetQuotaCommand.java  | 48 ++++++++++++++
 .../impl/GetDatasetStorageUseCommand.java     | 37 +++++++++++
 .../command/impl/SetDatasetQuotaCommand.java  | 52 +++++++++++++++
 src/main/java/propertyFiles/Bundle.properties |  8 ++-
 8 files changed, 291 insertions(+), 2 deletions(-)
 create mode 100644 src/main/java/edu/harvard/iq/dataverse/engine/command/impl/DeleteDatasetQuotaCommand.java
 create mode 100644 src/main/java/edu/harvard/iq/dataverse/engine/command/impl/GetDatasetQuotaCommand.java
 create mode 100644 src/main/java/edu/harvard/iq/dataverse/engine/command/impl/GetDatasetStorageUseCommand.java
 create mode 100644 src/main/java/edu/harvard/iq/dataverse/engine/command/impl/SetDatasetQuotaCommand.java

diff --git a/src/main/java/edu/harvard/iq/dataverse/DatasetServiceBean.java b/src/main/java/edu/harvard/iq/dataverse/DatasetServiceBean.java
index cca9be7ce9d..fe409fa7992 100644
--- a/src/main/java/edu/harvard/iq/dataverse/DatasetServiceBean.java
+++ b/src/main/java/edu/harvard/iq/dataverse/DatasetServiceBean.java
@@ -24,6 +24,7 @@
 import edu.harvard.iq.dataverse.search.IndexServiceBean;
 import edu.harvard.iq.dataverse.settings.FeatureFlags;
 import edu.harvard.iq.dataverse.settings.SettingsServiceBean;
+import edu.harvard.iq.dataverse.storageuse.StorageQuota;
 import edu.harvard.iq.dataverse.util.BundleUtil;
 import edu.harvard.iq.dataverse.util.SystemConfig;
 import edu.harvard.iq.dataverse.workflows.WorkflowComment;
@@ -1118,5 +1119,34 @@ public int getDataFileCountByOwner(long id) {
         Long c = em.createNamedQuery("Dataset.countFilesByOwnerId", Long.class).setParameter("ownerId", id).getSingleResult();
         return c.intValue(); // ignoring the truncation since the number should never be too large
     }
+    
+    /**
+     * 
+     * @todo: consider moving the quota methods, from here and the DataverseServiceBean,
+     * to DvObjectServiceBean. 
+     */
+    public void saveStorageQuota(Dataset target, Long allocation) {
+        StorageQuota storageQuota = target.getStorageQuota();
+        
+        if (storageQuota != null) {
+            storageQuota.setAllocation(allocation);
+            em.merge(storageQuota);
+        } else {
+            storageQuota = new StorageQuota(); 
+            storageQuota.setDefinitionPoint(target);
+            storageQuota.setAllocation(allocation);
+            target.setStorageQuota(storageQuota);
+            em.persist(storageQuota);
+        }
+        em.flush();
+    }
+    
+    public void disableStorageQuota(StorageQuota storageQuota) {
+        if (storageQuota != null && storageQuota.getAllocation() != null) {
+            storageQuota.setAllocation(null);
+            em.merge(storageQuota);
+            em.flush();
+        }
+    }
 
 }
diff --git a/src/main/java/edu/harvard/iq/dataverse/api/Datasets.java b/src/main/java/edu/harvard/iq/dataverse/api/Datasets.java
index df292762353..8b21f5fbcf9 100644
--- a/src/main/java/edu/harvard/iq/dataverse/api/Datasets.java
+++ b/src/main/java/edu/harvard/iq/dataverse/api/Datasets.java
@@ -6156,4 +6156,68 @@ public Response updateLicense(@Context ContainerRequestContext crc,
             }
         }, getRequestUser(crc));
     }
+    
+    /**
+     * Storage quotas and use. Note that these methods replicate the
+     * collection-level equivalents 1:1. Both the quotas and the system for
+     * caching the size of the storage in use are implemented on
+     * DvObjectContainers internally and therefore work identically in both
+     * cases.
+     */
+    
+    @GET
+    @AuthRequired
+    @Path("{identifier}/storage/quota")
+    public Response getDatasetQuota(@Context ContainerRequestContext crc, @PathParam("identifier") String dvIdtf) throws WrappedResponse {
+        try {
+            Long bytesAllocated = execCommand(new GetDatasetQuotaCommand(createDataverseRequest(getRequestUser(crc)), findDatasetOrDie(dvIdtf)));
+            if (bytesAllocated != null) {
+                return ok(MessageFormat.format(BundleUtil.getStringFromBundle("dataset.storage.quota.allocation"),bytesAllocated));
+            }
+            return ok(BundleUtil.getStringFromBundle("dataset.storage.quota.notdefined"));
+        } catch (WrappedResponse ex) {
+            return ex.getResponse();
+        }
+    }
+    
+    @POST
+    @AuthRequired
+    @Path("{identifier}/storage/quota/{bytesAllocated}")
+    public Response setDatasetQuota(@Context ContainerRequestContext crc, @PathParam("identifier") String dvIdtf, @PathParam("bytesAllocated") Long bytesAllocated) throws WrappedResponse {
+        try {
+            execCommand(new SetDatasetQuotaCommand(createDataverseRequest(getRequestUser(crc)), findDatasetOrDie(dvIdtf), bytesAllocated));
+            return ok(BundleUtil.getStringFromBundle("dataset.storage.quota.updated"));
+        } catch (WrappedResponse ex) {
+            return ex.getResponse();
+        }
+    }
+    
+    @DELETE
+    @AuthRequired
+    @Path("{identifier}/storage/quota")
+    public Response deleteDatasetQuota(@Context ContainerRequestContext crc, @PathParam("identifier") String dvIdtf) throws WrappedResponse {
+        try {
+            execCommand(new DeleteDatasetQuotaCommand(createDataverseRequest(getRequestUser(crc)), findDatasetOrDie(dvIdtf)));
+            return ok(BundleUtil.getStringFromBundle("dataset.storage.quota.deleted"));
+        } catch (WrappedResponse ex) {
+            return ex.getResponse();
+        }
+    }
+    
+    /**
+     *
+     * @param crc
+     * @param identifier
+     * @return
+     * @throws edu.harvard.iq.dataverse.api.AbstractApiBean.WrappedResponse 
+     * @todo: add an optional parameter that would force the recorded storage use
+     * to be recalculated (or should that be a POST version of this API?)
+     */
+    @GET
+    @AuthRequired
+    @Path("{identifier}/storage/use")
+    public Response getDatasetStorageUse(@Context ContainerRequestContext crc, @PathParam("identifier") String identifier) throws WrappedResponse {
+        return response(req -> ok(MessageFormat.format(BundleUtil.getStringFromBundle("dataset.storage.use"),
+                execCommand(new GetCollectionStorageUseCommand(req, findDataverseOrDie(identifier))))), getRequestUser(crc));
+    }
 }
diff --git a/src/main/java/edu/harvard/iq/dataverse/engine/command/impl/DeleteDatasetQuotaCommand.java b/src/main/java/edu/harvard/iq/dataverse/engine/command/impl/DeleteDatasetQuotaCommand.java
new file mode 100644
index 00000000000..78e5165efe4
--- /dev/null
+++ b/src/main/java/edu/harvard/iq/dataverse/engine/command/impl/DeleteDatasetQuotaCommand.java
@@ -0,0 +1,53 @@
+package edu.harvard.iq.dataverse.engine.command.impl;
+
+import edu.harvard.iq.dataverse.Dataset;
+import edu.harvard.iq.dataverse.authorization.users.AuthenticatedUser;
+import edu.harvard.iq.dataverse.engine.command.AbstractVoidCommand;
+import edu.harvard.iq.dataverse.engine.command.CommandContext;
+import edu.harvard.iq.dataverse.engine.command.DataverseRequest;
+import edu.harvard.iq.dataverse.engine.command.RequiredPermissions;
+import edu.harvard.iq.dataverse.engine.command.exception.CommandException;
+import edu.harvard.iq.dataverse.engine.command.exception.IllegalCommandException;
+import edu.harvard.iq.dataverse.engine.command.exception.PermissionException;
+import edu.harvard.iq.dataverse.storageuse.StorageQuota;
+import edu.harvard.iq.dataverse.util.BundleUtil;
+import java.util.logging.Logger;
+
+/**
+ *
+ * @author landreev
+ *
+ * A superuser-only command:
+ */
+@RequiredPermissions({})
+public class DeleteDatasetQuotaCommand extends AbstractVoidCommand {
+
+    private static final Logger logger = Logger.getLogger(DeleteDatasetQuotaCommand.class.getCanonicalName());
+    
+    private final Dataset targetDataset;
+    
+    public DeleteDatasetQuotaCommand(DataverseRequest aRequest, Dataset target) {
+        super(aRequest, target);
+        targetDataset = target;
+    } 
+        
+    @Override
+    public void executeImpl(CommandContext ctxt) throws CommandException {
+        // first check if  user is a superuser
+        if ( (!(getUser() instanceof AuthenticatedUser) || !getUser().isSuperuser() ) ) {      
+            throw new PermissionException(BundleUtil.getStringFromBundle("dataset.storage.quota.superusersonly"),
+                this,  null, targetDataset);                
+        }
+        
+        if (targetDataset == null) {
+            throw new IllegalCommandException("", this);
+        }
+        
+        StorageQuota storageQuota = targetDataset.getStorageQuota();
+        
+        if (storageQuota != null && storageQuota.getAllocation() != null) {
+            ctxt.dataverses().disableStorageQuota(storageQuota);
+        } 
+        // ... and if no quota was enabled on the collection - nothing to do = success
+    }    
+}
\ No newline at end of file
diff --git a/src/main/java/edu/harvard/iq/dataverse/engine/command/impl/GetCollectionQuotaCommand.java b/src/main/java/edu/harvard/iq/dataverse/engine/command/impl/GetCollectionQuotaCommand.java
index 49f14e7c280..e34c7f5cbdd 100644
--- a/src/main/java/edu/harvard/iq/dataverse/engine/command/impl/GetCollectionQuotaCommand.java
+++ b/src/main/java/edu/harvard/iq/dataverse/engine/command/impl/GetCollectionQuotaCommand.java
@@ -5,7 +5,6 @@
 import edu.harvard.iq.dataverse.engine.command.AbstractCommand;
 import edu.harvard.iq.dataverse.engine.command.CommandContext;
 import edu.harvard.iq.dataverse.engine.command.DataverseRequest;
-import edu.harvard.iq.dataverse.engine.command.RequiredPermissions;
 import edu.harvard.iq.dataverse.engine.command.exception.CommandException;
 import java.util.Collections;
 import java.util.Map;
diff --git a/src/main/java/edu/harvard/iq/dataverse/engine/command/impl/GetDatasetQuotaCommand.java b/src/main/java/edu/harvard/iq/dataverse/engine/command/impl/GetDatasetQuotaCommand.java
new file mode 100644
index 00000000000..839bbacaff4
--- /dev/null
+++ b/src/main/java/edu/harvard/iq/dataverse/engine/command/impl/GetDatasetQuotaCommand.java
@@ -0,0 +1,48 @@
+package edu.harvard.iq.dataverse.engine.command.impl;
+
+import edu.harvard.iq.dataverse.Dataset;
+import edu.harvard.iq.dataverse.authorization.Permission;
+import edu.harvard.iq.dataverse.engine.command.AbstractCommand;
+import edu.harvard.iq.dataverse.engine.command.CommandContext;
+import edu.harvard.iq.dataverse.engine.command.DataverseRequest;
+import edu.harvard.iq.dataverse.engine.command.exception.CommandException;
+import java.util.Collections;
+import java.util.Map;
+import java.util.Set;
+import java.util.logging.Logger;
+
+/**
+ *
+ * @author landreev
+ * The sole purpose of this command is to check the permissions
+ * when it's called by the /api/datasets/.../storage/quota api.
+ */
+// No @RequiredPermissions defined, dynamic
+public class GetDatasetQuotaCommand extends AbstractCommand<Long> {
+
+    private static final Logger logger = Logger.getLogger(GetDatasetQuotaCommand.class.getCanonicalName());
+    
+    private final Dataset dataset;
+    
+    public GetDatasetQuotaCommand(DataverseRequest aRequest, Dataset target) {
+        super(aRequest, target);
+        dataset = target;
+    } 
+        
+    @Override
+    public Long execute(CommandContext ctxt) throws CommandException {
+               
+        if (dataset != null && dataset.getStorageQuota() != null) {
+            return dataset.getStorageQuota().getAllocation();
+        }
+        
+        return null;
+    }
+
+    @Override
+    public Map<String, Set<Permission>> getRequiredPermissions() {
+        return Collections.singletonMap("",
+                dataset.isReleased() ? Collections.<Permission>emptySet()
+                : Collections.singleton(Permission.ViewUnpublishedDataset));
+    }    
+}
\ No newline at end of file
diff --git a/src/main/java/edu/harvard/iq/dataverse/engine/command/impl/GetDatasetStorageUseCommand.java b/src/main/java/edu/harvard/iq/dataverse/engine/command/impl/GetDatasetStorageUseCommand.java
new file mode 100644
index 00000000000..fda84bc96e5
--- /dev/null
+++ b/src/main/java/edu/harvard/iq/dataverse/engine/command/impl/GetDatasetStorageUseCommand.java
@@ -0,0 +1,37 @@
+
+package edu.harvard.iq.dataverse.engine.command.impl;
+
+import edu.harvard.iq.dataverse.Dataset;
+import edu.harvard.iq.dataverse.authorization.Permission;
+import edu.harvard.iq.dataverse.engine.command.AbstractCommand;
+import edu.harvard.iq.dataverse.engine.command.CommandContext;
+import edu.harvard.iq.dataverse.engine.command.DataverseRequest;
+import edu.harvard.iq.dataverse.engine.command.RequiredPermissions;
+import edu.harvard.iq.dataverse.engine.command.exception.CommandException;
+import java.util.logging.Logger;
+
+/**
+ *
+ * @author landreev
+ */
+@RequiredPermissions(Permission.ManageDatasetPermissions)
+public class GetDatasetStorageUseCommand extends AbstractCommand<Long> {
+
+    private static final Logger logger = Logger.getLogger(GetDatasetStorageUseCommand.class.getCanonicalName());
+    
+    private final Dataset dataset;
+    
+    public GetDatasetStorageUseCommand(DataverseRequest aRequest, Dataset target) {
+        super(aRequest, target);
+        dataset = target;
+    } 
+        
+    @Override
+    public Long execute(CommandContext ctxt) throws CommandException {
+               
+        if (dataset == null) {
+            throw new CommandException("null dataset passed to get storage use command", this);
+        }
+        return ctxt.storageUse().findStorageSizeByDvContainerId(dataset.getId());        
+    }
+}
\ No newline at end of file
diff --git a/src/main/java/edu/harvard/iq/dataverse/engine/command/impl/SetDatasetQuotaCommand.java b/src/main/java/edu/harvard/iq/dataverse/engine/command/impl/SetDatasetQuotaCommand.java
new file mode 100644
index 00000000000..a9a44bfa347
--- /dev/null
+++ b/src/main/java/edu/harvard/iq/dataverse/engine/command/impl/SetDatasetQuotaCommand.java
@@ -0,0 +1,52 @@
+package edu.harvard.iq.dataverse.engine.command.impl;
+
+import edu.harvard.iq.dataverse.Dataset;
+import edu.harvard.iq.dataverse.authorization.users.AuthenticatedUser;
+import edu.harvard.iq.dataverse.engine.command.AbstractVoidCommand;
+import edu.harvard.iq.dataverse.engine.command.CommandContext;
+import edu.harvard.iq.dataverse.engine.command.DataverseRequest;
+import edu.harvard.iq.dataverse.engine.command.RequiredPermissions;
+import edu.harvard.iq.dataverse.engine.command.exception.CommandException;
+import edu.harvard.iq.dataverse.engine.command.exception.IllegalCommandException;
+import edu.harvard.iq.dataverse.engine.command.exception.PermissionException;
+import edu.harvard.iq.dataverse.util.BundleUtil;
+import java.util.logging.Logger;
+
+/**
+ *
+ * @author landreev
+ * 
+ * A superuser-only command:
+ */
+@RequiredPermissions({})
+public class SetDatasetQuotaCommand   extends AbstractVoidCommand {
+
+    private static final Logger logger = Logger.getLogger(GetDatasetQuotaCommand.class.getCanonicalName());
+    
+    private final Dataset dataset;
+    private final Long allocation; 
+    
+    public SetDatasetQuotaCommand(DataverseRequest aRequest, Dataset target, Long allocation) {
+        super(aRequest, target);
+        dataset = target;
+        this.allocation = allocation; 
+    } 
+        
+    @Override
+    public void executeImpl(CommandContext ctxt) throws CommandException {
+        // Check if user is a superuser:
+        if ( (!(getUser() instanceof AuthenticatedUser) || !getUser().isSuperuser() ) ) {      
+            throw new PermissionException(BundleUtil.getStringFromBundle("dataset.storage.quota.superusersonly"),
+                this,  null, dataset);                
+        }
+        
+        if (dataset == null) {
+            throw new IllegalCommandException("Must specify valid dataset", this);
+        }
+        
+        if (allocation == null) {
+            throw new IllegalCommandException("Must specify valid allocation in bytes", this);
+        }
+        ctxt.datasets().saveStorageQuota(dataset, allocation);
+    }    
+}
\ No newline at end of file
diff --git a/src/main/java/propertyFiles/Bundle.properties b/src/main/java/propertyFiles/Bundle.properties
index 3254c26ed22..5b94a466deb 100644
--- a/src/main/java/propertyFiles/Bundle.properties
+++ b/src/main/java/propertyFiles/Bundle.properties
@@ -1004,7 +1004,13 @@ dataverse.storage.quota.notdefined=No quota defined for this collection
 dataverse.storage.quota.updated=Storage quota successfully set for the collection
 dataverse.storage.quota.deleted=Storage quota successfully disabled for the collection
 dataverse.storage.quota.superusersonly=Only superusers can change storage quotas.
-dataverse.storage.use=Total recorded size of the files stored in this collection (user-uploaded files plus the versions in the archival tab-delimited format when applicable): {0} bytes
+dataverse.storage.use=Total recorded size of the files stored in this collection (user-uploaded files plus the versions in the archival tab-delimited format and/or auxiliary files, when applicable): {0} bytes
+dataset.storage.quota.allocation=Total quota allocation for this dataset: {0} bytes
+dataset.storage.quota.notdefined=No quota defined for this dataset
+dataset.storage.quota.updated=Storage quota successfully set for the dataset
+dataset.storage.quota.deleted=Storage quota successfully disabled for the dataset
+dataset.storage.quota.superusersonly=Only superusers can change storage quotas.
+dataet.storage.use=Total recorded size of the files stored in this dataset (user-uploaded files plus the versions in the archival tab-delimited format and/or auxiliary files, when applicable): {0} bytes
 dataverse.datasize.ioerror=Fatal IO error while trying to determine the total size of the files stored in the dataverse. Please report this error to the Dataverse administrator.
 dataverse.inherited=(inherited from enclosing Dataverse)
 dataverse.default=(Default)

From 05ad1a974050bbe01d53ac72f55fbd5a078df896 Mon Sep 17 00:00:00 2001
From: Leonid Andreev <leonid@hmdc.harvard.edu>
Date: Thu, 20 Nov 2025 11:57:49 -0500
Subject: [PATCH 514/634] Adding utility methods to the RestAssured suite for
 the dataset-level storage quota APIs. #11987

---
 .../edu/harvard/iq/dataverse/api/UtilIT.java  | 26 +++++++++++++++++++
 1 file changed, 26 insertions(+)

diff --git a/src/test/java/edu/harvard/iq/dataverse/api/UtilIT.java b/src/test/java/edu/harvard/iq/dataverse/api/UtilIT.java
index 5a07769b313..a93c095c05c 100644
--- a/src/test/java/edu/harvard/iq/dataverse/api/UtilIT.java
+++ b/src/test/java/edu/harvard/iq/dataverse/api/UtilIT.java
@@ -3675,6 +3675,32 @@ static Response checkCollectionStorageUse(String collectionId, String apiToken)
                 .get("/api/dataverses/" + collectionId + "/storage/use");
     }
     
+    static Response checkDatasetQuota(String datasetId, String apiToken) {
+        return given()
+                .header(API_TOKEN_HTTP_HEADER, apiToken)
+                .get("/api/datasets/" + datasetId + "/storage/quota");
+    }
+    
+    static Response setDatasetQuota(String datasetId, long allocatedSize, String apiToken) {
+        Response response = given()
+                .header(API_TOKEN_HTTP_HEADER, apiToken)
+                .post("/api/dataset/" + datasetId + "/storage/quota/" + allocatedSize);
+        return response;
+    }
+    
+    static Response disableDatasetQuota(String datasetId, String apiToken) {
+        Response response = given()
+                .header(API_TOKEN_HTTP_HEADER, apiToken)
+                .delete("/api/datasets/" + datasetId + "/storage/quota");
+        return response;
+    }
+    
+    static Response checkDatasetStorageUse(String datasetId, String apiToken) {
+        return given()
+                .header(API_TOKEN_HTTP_HEADER, apiToken)
+                .get("/api/datasets/" + datasetId + "/storage/use");
+    }
+    
     /**
      * Determine the "payload" storage size of a dataverse
      *

From 6eaaab29f20ed9a8f16d460c845370081542ff61 Mon Sep 17 00:00:00 2001
From: Stephen Kraffmiller <skraffmiller@hmdc.harvard.edu>
Date: Thu, 20 Nov 2025 13:43:12 -0500
Subject: [PATCH 515/634] #11852 merge conflict

---
 doc/sphinx-guides/source/api/changelog.rst | 4 ----
 1 file changed, 4 deletions(-)

diff --git a/doc/sphinx-guides/source/api/changelog.rst b/doc/sphinx-guides/source/api/changelog.rst
index 8bf534b4140..264c755b42c 100644
--- a/doc/sphinx-guides/source/api/changelog.rst
+++ b/doc/sphinx-guides/source/api/changelog.rst
@@ -7,10 +7,6 @@ This API changelog is experimental and we would love feedback on its usefulness.
     :local:
     :depth: 1
 
-v6.9
-----
-- The POST /api/admin/makeDataCount/{id}/updateCitationsForDataset processing is now asynchronous and the response no longer includes the number of citations. The response can be OK if the request is queued or 503 if the queue is full (default queue size is 1000).
-- For GET /api/notifications/all the JSON response has changed breaking the backward compatibility of the API.
 
 v6.8
 ----

From cbbe63db0dcf5f3cd229870f8f36f48743cbbd5a Mon Sep 17 00:00:00 2001
From: Stephen Kraffmiller <skraffmiller@hmdc.harvard.edu>
Date: Thu, 20 Nov 2025 13:45:47 -0500
Subject: [PATCH 516/634] #11852 restore merge loss

---
 doc/sphinx-guides/source/api/changelog.rst | 1 +
 1 file changed, 1 insertion(+)

diff --git a/doc/sphinx-guides/source/api/changelog.rst b/doc/sphinx-guides/source/api/changelog.rst
index bf1d993a5ce..89babf3c0f8 100644
--- a/doc/sphinx-guides/source/api/changelog.rst
+++ b/doc/sphinx-guides/source/api/changelog.rst
@@ -13,6 +13,7 @@ v6.9
 - The POST /api/admin/makeDataCount/{id}/updateCitationsForDataset processing is now asynchronous and the response no longer includes the number of citations. The response can be OK if the request is queued or 503 if the queue is full (default queue size is 1000).
 - The way to set per-format size limits for tabular ingest has changed. JSON input is now used. See :ref:`:TabularIngestSizeLimit`.
 - In the past, the settings API would accept any key and value. This is no longer the case because validation has been added. See :ref:`settings_put_single`, for example.
+- For GET /api/notifications/all the JSON response has changed breaking the backward compatibility of the API.
 
 v6.8
 ----

From b8f5c1e7a4fb0907b6ca03268b28301717ff0bff Mon Sep 17 00:00:00 2001
From: Eryk Kulikowski <101262459+ErykKul@users.noreply.github.com>
Date: Thu, 20 Nov 2025 21:14:11 +0100
Subject: [PATCH 517/634] 11744 CORS: echo request Origin + add Vary (#11745)

* 11744: CORS: echo request Origin and add Vary: Origin; sanitize CSV lists; prefer comma-separated origins; rely on JVM options/MicroProfile only; add tests and release notes

* Centralize CSV parsing (CsvUtil) + CORS origin echo & Vary header improvements

* Make CORS origin list optional in CorsFilter initialization

* Refactor GlobusOverlayAccessIO and CsvUtil for improved endpoint handling and CSV parsing

* updated release note and comments

* test fixes

* Clarify CORS requirements for browser-based external tools in documentation

* Update CORS documentation to clarify configuration requirements and deprecate legacy settings

* Remove unused CSV lookup methods

* Update JvmSettings documentation to clarify CSV list return types

* Refactor doc structure for improved readability and maintainability

* wording

* Removed deprecated (and removed from code) AllowCors setting from doc

* Fix formatting inconsistencies in dataset management documentation

* rename: CsvUtil -> ListSplitUtil

* Refactor CSV list lookup methods to join array elements before splitting

* Rename CSV list lookup methods to use 'lookupSplittedList' for consistency

* revert whitespace changes done by automated formatting tool

* revert whitespace-only changes done by automatic tool

* code cleanup

* code cleanup

* revert whitespace changes done by automated formatting tool

* revert whitespace changes done by automated formatting tool

* revert whitespace changes done by automated formatting tool

* revert whitespace changes done by automated formatting tool

* remove legacy dependency on SettingsServiceBean in CorsFilterTest

* refactor: replace Arrays.stream with ListSplitUtil.split in CorsFilter

* refactor: replace ListSplitUtil.split with Arrays.stream for list processing in JvmSettings

* Enhance JvmSettings: Add trimming options for lookupSplittedList methods to handle whitespace in tokenized values

---------

Co-authored-by: Steven Winship <39765413+stevenwinship@users.noreply.github.com>
---
 .../11744-cors-echo-origin-vary.md            |  41 ++++
 .../source/api/external-tools.rst             |   3 +
 .../source/developers/big-data-support.rst    |   9 +
 .../source/installation/config.rst            |  45 ++--
 .../source/user/dataset-management.rst        |   3 +
 .../iq/dataverse/DatasetFieldServiceBean.java |   9 +-
 .../harvard/iq/dataverse/FileMetadata.java    |  17 +-
 .../harvard/iq/dataverse/SettingsWrapper.java |  24 +-
 .../edu/harvard/iq/dataverse/api/Admin.java   |   3 +-
 .../harvard/iq/dataverse/api/Datasets.java    |   6 +-
 .../importer/filesystem/FileRecordReader.java |  11 +-
 .../dataaccess/GlobusAccessibleStore.java     |   7 +-
 .../dataaccess/GlobusOverlayAccessIO.java     |  31 +--
 .../dataaccess/RemoteOverlayAccessIO.java     |  15 +-
 .../DataCaptureModuleUtil.java                |   6 +-
 .../iq/dataverse/dataset/DatasetUtil.java     |   3 +-
 .../command/impl/CreateDataverseCommand.java  |   4 +-
 .../iq/dataverse/filter/CorsFilter.java       |  86 +++++--
 .../pidproviders/AbstractPidProvider.java     |   5 +-
 .../pidproviders/PidProviderFactoryBean.java  |  11 +-
 .../iq/dataverse/settings/JvmSettings.java    |  70 ++++++
 .../harvard/iq/dataverse/util/CSLUtil.java    |   7 +-
 .../iq/dataverse/util/ListSplitUtil.java      |  45 ++++
 .../iq/dataverse/util/SystemConfig.java       |  17 +-
 .../LDNAnnounceDatasetVersionStep.java        |   8 +-
 .../export/ddi/DdiExportUtilTest.java         |   4 +-
 .../iq/dataverse/filter/CorsFilterTest.java   | 224 ++++++++++++++++++
 .../dataverse/pidproviders/PidUtilTest.java   |   2 +-
 .../iq/dataverse/util/ListSplitUtilTest.java  |  31 +++
 29 files changed, 614 insertions(+), 133 deletions(-)
 create mode 100644 doc/release-notes/11744-cors-echo-origin-vary.md
 create mode 100644 src/main/java/edu/harvard/iq/dataverse/util/ListSplitUtil.java
 create mode 100644 src/test/java/edu/harvard/iq/dataverse/filter/CorsFilterTest.java
 create mode 100644 src/test/java/edu/harvard/iq/dataverse/util/ListSplitUtilTest.java

diff --git a/doc/release-notes/11744-cors-echo-origin-vary.md b/doc/release-notes/11744-cors-echo-origin-vary.md
new file mode 100644
index 00000000000..48eaa3b96f9
--- /dev/null
+++ b/doc/release-notes/11744-cors-echo-origin-vary.md
@@ -0,0 +1,41 @@
+# 11744: CORS handling improvements
+
+Modernizes CORS so browser integrations (previewers, external tools, JS clients) work correctly with multiple origins and proper caching.
+
+## Highlights
+
+- Echoes the request origin (`Access-Control-Allow-Origin`) when it matches `dataverse.cors.origin`.
+- Adds `Vary: Origin` for per-origin responses (not for wildcard).
+- Supports comma‑separated origin list; any `*` in the list = wildcard mode.
+- CORS now only enabled when `dataverse.cors.origin` is set (removed `:AllowCors` no longer enables it).
+- All comma-separated configuration settings (database properties and MicroProfile config) now ignore spaces around commas; tokens remain unchanged (no quote parsing). Examples: `dataverse.cors.methods`, `dataverse.cors.headers.allow`, `dataverse.cors.headers.expose`. See "Comma-separated configuration values" in the Installation Guide.
+- Docs updated (Installation, Big Data Support, External Tools, File Previews); new tests cover edge cases.
+
+## Admin Action
+
+Set `dataverse.cors.origin` explicitly (required). Use explicit origins (not `*`) for credentialed requests. Ensure proxies keep `Vary: Origin`.
+
+Examples:
+
+```
+dataverse.cors.origin=https://example.org
+dataverse.cors.origin=https://libis.github.io,https://gdcc.github.io
+dataverse.cors.origin=*
+```
+
+Optional (unquoted):
+
+```
+dataverse.cors.methods=GET, POST, OPTIONS, PUT, DELETE
+```
+
+## Compatibility
+
+- Must configure `dataverse.cors.origin`; `:AllowCors` was deprecated and has now been removed.
+- Any `*` triggers wildcard (no per-origin echo / no Vary header).
+
+## Docs
+
+See updated `dataverse.cors.origin` section and related notes in Big Data Support (S3), External Tools, and File Previews.
+
+<!-- Maintainer note: The generic behavior for comma-separated settings has been documented centrally under Installation Guide > Configuration > "Comma-separated configuration values". Keep this item here as a cross-reference. -->
diff --git a/doc/sphinx-guides/source/api/external-tools.rst b/doc/sphinx-guides/source/api/external-tools.rst
index 389519318db..57a98a0c7c2 100644
--- a/doc/sphinx-guides/source/api/external-tools.rst
+++ b/doc/sphinx-guides/source/api/external-tools.rst
@@ -11,6 +11,9 @@ Introduction
 
 External tools are additional applications the user can access or open from your Dataverse installation to preview, explore, and manipulate data files and datasets. The term "external" is used to indicate that the tool is not part of the main Dataverse Software.
 
+.. note::
+  Browser-based tools must have CORS explicitly enabled via :ref:`dataverse.cors.origin <dataverse.cors.origin>`. List every origin that will host your tool (or use ``*`` when a wildcard is acceptable). If an origin is not listed, the browser will block that tool's API requests even if the tool page itself loads.
+
 Once you have created the external tool itself (which is most of the work!), you need to teach a Dataverse installation how to construct URLs that your tool needs to operate. For example, if you've deployed your tool to fabulousfiletool.com your tool might want the ID of a file and the siteUrl of the Dataverse installation like this: https://fabulousfiletool.com?fileId=42&siteUrl=https://demo.dataverse.org
 
 In short, you will be creating a manifest in JSON format that describes not only how to construct URLs for your tool, but also what types of files your tool operates on, where it should appear in the Dataverse installation web interfaces, etc. 
diff --git a/doc/sphinx-guides/source/developers/big-data-support.rst b/doc/sphinx-guides/source/developers/big-data-support.rst
index 75a50e2513d..ef13143be02 100644
--- a/doc/sphinx-guides/source/developers/big-data-support.rst
+++ b/doc/sphinx-guides/source/developers/big-data-support.rst
@@ -57,6 +57,15 @@ Allow CORS for S3 Buckets
 **IMPORTANT:** One additional step that is required to enable direct uploads via a Dataverse installation and for direct download to work with previewers and direct upload to work with dvwebloader (:ref:`folder-upload`) is to allow cross site (CORS) requests on your S3 store.
 The example below shows how to enable CORS rules (to support upload and download) on a bucket using the AWS CLI command line tool. Note that you may want to limit the AllowedOrigins and/or AllowedHeaders further.  https://github.com/gdcc/dataverse-previewers/wiki/Using-Previewers-with-download-redirects-from-S3 has some additional information about doing this.
 
+Dataverse itself will only emit the necessary ``Access-Control-*`` headers to browsers when CORS has been explicitly enabled via the JVM/MicroProfile setting :ref:`dataverse.cors.origin <dataverse.cors.origin>`. You must both:
+
+* Configure an appropriate ``dataverse.cors.origin`` value (single origin, comma-separated list, or ``*``) on the Dataverse application server; and
+* Configure a matching/compatible CORS policy on each S3 bucket (and any CDN/proxy in front of it) that will be used for direct upload or for redirect (download-redirect) operations consumed by previewers.
+
+If you specify multiple origins in ``dataverse.cors.origin`` Dataverse will echo back the requesting origin (when it matches) and will include ``Vary: Origin`` so that shared caches do not serve one origin's response to another. If you configure ``*`` Dataverse will respond with ``Access-Control-Allow-Origin: *`` (note that browsers will not allow credentialed requests with a wildcard).
+
+Make sure the bucket CORS configuration ``AllowedOrigins`` is at least as permissive as the origins you configure in ``dataverse.cors.origin``. If the bucket allows ``*`` but the Dataverse application only allows a subset, the browser will still enforce the more restrictive application response.
+
 If you'd like to check the CORS configuration on your bucket before making changes:
 
 ``aws s3api get-bucket-cors --bucket <BUCKET_NAME>``
diff --git a/doc/sphinx-guides/source/installation/config.rst b/doc/sphinx-guides/source/installation/config.rst
index e7d7b9f2592..6c19464489d 100644
--- a/doc/sphinx-guides/source/installation/config.rst
+++ b/doc/sphinx-guides/source/installation/config.rst
@@ -10,6 +10,27 @@ Once you have finished securing and configuring your Dataverse installation, you
 .. contents:: |toctitle|
   :local:
 
+.. _comma-separated-config-values:
+
+Comma-separated configuration values
+------------------------------------
+
+Many configuration options (both MicroProfile/JVM settings and database settings) accept comma-separated lists. For all such settings, Dataverse applies consistent, lightweight parsing:
+
+- Whitespace immediately around commas is ignored (e.g., ``GET, POST`` is equivalent to ``GET,POST``).
+- Tokens are otherwise preserved exactly as typed. There is no quote parsing and no escape processing.
+- Embedded commas within a token are not supported.
+
+Examples include (but are not limited to):
+
+- :ref:`dataverse.cors.origin <dataverse.cors.origin>`
+- :ref:`dataverse.cors.methods <dataverse.cors.methods>`
+- :ref:`dataverse.cors.headers.allow <dataverse.cors.headers.allow>`
+- :ref:`dataverse.cors.headers.expose <dataverse.cors.headers.expose>`
+- :ref:`:UploadMethods`
+
+This behavior is implemented centrally and applies across all Dataverse settings that accept comma-separated values.
+
 .. _securing-your-installation:
 
 Securing Your Installation
@@ -3704,10 +3725,9 @@ The following settings control Cross-Origin Resource Sharing (CORS) for your Dat
 dataverse.cors.origin
 +++++++++++++++++++++
 
-Allowed origins for CORS requests. The default with no value set is to not include CORS headers. However, if the deprecated :AllowCors setting is explicitly set to true the default is "\*" (all origins).
-When the :AllowsCors setting is not used, you must set this setting to "\*" or a list of origins to enable CORS headers.
+Allowed origins for CORS requests. If this setting is not defined, CORS headers are not added. Set to ``*`` to allow all origins (note that browsers will not allow credentialed requests with ``*``) or provide a comma-separated list of explicit origins.
 
-Multiple origins can be specified as a comma-separated list.
+Multiple origins can be specified as a comma-separated list (whitespace is ignored):
 
 Example:
 
@@ -3715,6 +3735,11 @@ Example:
 
 Can also be set via any `supported MicroProfile Config API source`_, e.g. the environment variable ``DATAVERSE_CORS_ORIGIN``.
 
+Behavior:
+
+* When a list of origins is configured, Dataverse echoes the single matching request ``Origin`` value in ``Access-Control-Allow-Origin`` and adds ``Vary: Origin`` to support correct proxy/CDN caching.
+* When ``*`` is configured, ``Access-Control-Allow-Origin: *`` is sent and ``Vary`` is not modified.
+
 .. _dataverse.cors.methods:
 
 dataverse.cors.methods
@@ -5028,20 +5053,6 @@ This can be helpful in situations where multiple organizations are sharing one D
 or
 ``curl -X PUT -d '*' http://localhost:8080/api/admin/settings/:InheritParentRoleAssignments``
 
-:AllowCors (Deprecated)
-+++++++++++++++++++++++
-
-.. note::
-   This setting is deprecated. Please use the JVM settings above instead.
-   This legacy setting will only be used if the newer JVM settings are not set.
-
-Enable or disable support for Cross-Origin Resource Sharing (CORS) by setting ``:AllowCors`` to ``true`` or ``false``.
-
-``curl -X PUT -d true http://localhost:8080/api/admin/settings/:AllowCors``
-
-.. note::
-   New values for this setting will only be used after a server restart.
-
 :ChronologicalDateFacets
 ++++++++++++++++++++++++
 
diff --git a/doc/sphinx-guides/source/user/dataset-management.rst b/doc/sphinx-guides/source/user/dataset-management.rst
index 0802d1255b6..ff8cbe79a46 100755
--- a/doc/sphinx-guides/source/user/dataset-management.rst
+++ b/doc/sphinx-guides/source/user/dataset-management.rst
@@ -175,6 +175,9 @@ File Previews
 
 Dataverse installations can add previewers for common file types uploaded by their research communities. The previews appear on the file page. If a preview tool for a specific file type is available, the preview will be created and will display automatically, after terms have been agreed to or a guestbook entry has been made, if necessary. File previews are not available for restricted files unless they are being accessed using a Preview URL. See also :ref:`previewUrl`. When the dataset license is not the default license, users will be prompted to accept the license/data use agreement before the preview is shown. See also :ref:`license-terms`.
 
+.. note::
+   Some previewers run purely in the browser and make direct (JavaScript) requests back to the Dataverse API endpoints to retrieve file contents, metadata, or signed URLs. For these previewers to function when hosted on a different origin (e.g., a CDN or a separate previewer service), the Dataverse installation must have CORS enabled via :ref:`dataverse.cors.origin <dataverse.cors.origin>`. Administrators should configure the list of allowed origins to include the host serving the previewers.
+
 Previewers are available for the following file types:
 
 - Text
diff --git a/src/main/java/edu/harvard/iq/dataverse/DatasetFieldServiceBean.java b/src/main/java/edu/harvard/iq/dataverse/DatasetFieldServiceBean.java
index ebee7c20ba2..e6b2711b443 100644
--- a/src/main/java/edu/harvard/iq/dataverse/DatasetFieldServiceBean.java
+++ b/src/main/java/edu/harvard/iq/dataverse/DatasetFieldServiceBean.java
@@ -53,6 +53,7 @@
 import org.apache.http.protocol.HttpContext;
 import org.apache.http.util.EntityUtils;
 import edu.harvard.iq.dataverse.settings.SettingsServiceBean;
+import edu.harvard.iq.dataverse.util.ListSplitUtil;
 
 /**
  *
@@ -908,12 +909,12 @@ public String getFieldLanguage(String languages, String localeCode) {
         // If the fields list of supported languages contains the current locale (e.g.
         // the lang of the UI, or the current metadata input/display lang (tbd)), use
         // that. Otherwise, return the first in the list
-        String[] langStrings = languages.split("\\s*,\\s*");
-        if (langStrings.length > 0) {
-            if (Arrays.asList(langStrings).contains(localeCode)) {
+        final List<String> langStrings = ListSplitUtil.split(languages);
+        if (!langStrings.isEmpty()) {
+            if (langStrings.contains(localeCode)) {
                 return localeCode;
             } else {
-                return langStrings[0];
+                return langStrings.get(0);
             }
         }
         return null;
diff --git a/src/main/java/edu/harvard/iq/dataverse/FileMetadata.java b/src/main/java/edu/harvard/iq/dataverse/FileMetadata.java
index 932bbd60be6..b60b5afedd3 100644
--- a/src/main/java/edu/harvard/iq/dataverse/FileMetadata.java
+++ b/src/main/java/edu/harvard/iq/dataverse/FileMetadata.java
@@ -49,6 +49,7 @@
 import edu.harvard.iq.dataverse.datavariable.VarGroup;
 import edu.harvard.iq.dataverse.datavariable.VariableMetadata;
 import edu.harvard.iq.dataverse.util.DateUtil;
+import edu.harvard.iq.dataverse.util.ListSplitUtil;
 import edu.harvard.iq.dataverse.util.StringUtil;
 import java.util.HashSet;
 import java.util.Set;
@@ -605,18 +606,18 @@ public int compare(FileMetadata o1, FileMetadata o2) {
         }
     };
     
-    static Map<String,Long> categoryMap=null;
+    static Map<String, Long> categoryMap = null;
     
     public static void setCategorySortOrder(String categories) {
-       categoryMap=new HashMap<String, Long>();
-       long i=1;
-       for(String cat: categories.split(",\\s*")) {
-           categoryMap.put(cat.toUpperCase(), i);
-           i++;
-       }
+        categoryMap = new HashMap<String, Long>();
+        long i = 1;
+        for (String cat : ListSplitUtil.split(categories)) {
+            categoryMap.put(cat.toUpperCase(), i);
+            i++;
+        }
     }
     
-    public static Map<String,Long> getCategorySortOrder() {
+    public static Map<String, Long> getCategorySortOrder() {
         return categoryMap;
     }
     
diff --git a/src/main/java/edu/harvard/iq/dataverse/SettingsWrapper.java b/src/main/java/edu/harvard/iq/dataverse/SettingsWrapper.java
index 653632ba719..23a26a8cf2c 100644
--- a/src/main/java/edu/harvard/iq/dataverse/SettingsWrapper.java
+++ b/src/main/java/edu/harvard/iq/dataverse/SettingsWrapper.java
@@ -14,6 +14,7 @@
 import edu.harvard.iq.dataverse.settings.SettingsServiceBean;
 import edu.harvard.iq.dataverse.settings.SettingsServiceBean.Key;
 import edu.harvard.iq.dataverse.util.BundleUtil;
+import edu.harvard.iq.dataverse.util.ListSplitUtil;
 import edu.harvard.iq.dataverse.util.StringUtil;
 import edu.harvard.iq.dataverse.util.SystemConfig;
 import edu.harvard.iq.dataverse.UserNotification.Type;
@@ -50,8 +51,7 @@
 public class SettingsWrapper implements java.io.Serializable {
 
     static final Logger logger = Logger.getLogger(SettingsWrapper.class.getCanonicalName());
-    public static final String COMMA_BETWEEN_OPTIONAL_WHITE_SPACE = "\\s*,\\s*";
-
+    
     @EJB
     SettingsServiceBean settingsService;
 
@@ -393,10 +393,12 @@ public boolean isRsyncOnly() {
                 rsyncOnly = false;
             } else {
                 String uploadMethods = getValueForKey(SettingsServiceBean.Key.UploadMethods);
-                if (uploadMethods==null){
+                if (uploadMethods == null) {
                     rsyncOnly = false;
                 } else {
-                    rsyncOnly = Arrays.asList(uploadMethods.toLowerCase().split(COMMA_BETWEEN_OPTIONAL_WHITE_SPACE)).size() == 1 && uploadMethods.toLowerCase().equals(SystemConfig.FileUploadMethods.RSYNC.toString());
+                    String normalizedUploadMethods = uploadMethods.toLowerCase();
+                    rsyncOnly = ListSplitUtil.split(normalizedUploadMethods).size() == 1
+                            && normalizedUploadMethods.equals(SystemConfig.FileUploadMethods.RSYNC.toString());
                 }
             }
         }
@@ -424,11 +426,11 @@ public String getSupportTeamEmail() {
     
     public Integer getUploadMethodsCount() {
         if (uploadMethodsCount == null) {
-            String uploadMethods = getValueForKey(SettingsServiceBean.Key.UploadMethods); 
-            if (uploadMethods==null){
+            String uploadMethods = getValueForKey(SettingsServiceBean.Key.UploadMethods);
+            if (uploadMethods == null) {
                 uploadMethodsCount = 0;
             } else {
-                uploadMethodsCount = Arrays.asList(uploadMethods.toLowerCase().split(COMMA_BETWEEN_OPTIONAL_WHITE_SPACE)).size();
+                uploadMethodsCount = ListSplitUtil.split(uploadMethods).size();
             } 
         }
         return uploadMethodsCount;
@@ -502,7 +504,7 @@ public boolean shouldBeAnonymized(DatasetField df) {
         if (anonymizedFieldTypes == null) {
             anonymizedFieldTypes = new ArrayList<String>();
             String names = get(SettingsServiceBean.Key.AnonymizedFieldTypeNames.toString(), "");
-            anonymizedFieldTypes.addAll(Arrays.asList(names.split(COMMA_BETWEEN_OPTIONAL_WHITE_SPACE)));
+            anonymizedFieldTypes.addAll(ListSplitUtil.split(names));
         }
         return anonymizedFieldTypes.contains(df.getDatasetFieldType().getName());
     }
@@ -826,11 +828,11 @@ public String getMetricsUrl() {
     }
     
     private Boolean getUploadMethodAvailable(String method){
-        String uploadMethods = getValueForKey(SettingsServiceBean.Key.UploadMethods); 
-        if (uploadMethods==null){
+        String uploadMethods = getValueForKey(SettingsServiceBean.Key.UploadMethods);
+        if (uploadMethods == null) {
             return false;
         } else {
-           return  Arrays.asList(uploadMethods.toLowerCase().split(COMMA_BETWEEN_OPTIONAL_WHITE_SPACE)).contains(method);
+            return ListSplitUtil.splitToLowerCaseSet(uploadMethods).contains(method);
         }
     }
 
diff --git a/src/main/java/edu/harvard/iq/dataverse/api/Admin.java b/src/main/java/edu/harvard/iq/dataverse/api/Admin.java
index 245b76b2cdb..75aedb038dc 100644
--- a/src/main/java/edu/harvard/iq/dataverse/api/Admin.java
+++ b/src/main/java/edu/harvard/iq/dataverse/api/Admin.java
@@ -115,6 +115,7 @@
 import edu.harvard.iq.dataverse.util.ArchiverUtil;
 import edu.harvard.iq.dataverse.util.BundleUtil;
 import edu.harvard.iq.dataverse.util.FileUtil;
+import edu.harvard.iq.dataverse.util.ListSplitUtil;
 import edu.harvard.iq.dataverse.util.SystemConfig;
 import edu.harvard.iq.dataverse.util.URLTokenUtil;
 import edu.harvard.iq.dataverse.util.UrlSignerUtil;
@@ -2243,7 +2244,7 @@ public Response addRoleAssignementsToChildren(@Context ContainerRequestContext c
         boolean inheritAllRoles = false;
         String rolesString = settingsSvc.getValueForKey(SettingsServiceBean.Key.InheritParentRoleAssignments, "");
         if (rolesString.length() > 0) {
-            ArrayList<String> rolesToInherit = new ArrayList<String>(Arrays.asList(rolesString.split("\\s*,\\s*")));
+            ArrayList<String> rolesToInherit = new ArrayList<>(ListSplitUtil.split(rolesString));
             if (!rolesToInherit.isEmpty()) {
                 if (rolesToInherit.contains("*")) {
                     inheritAllRoles = true;
diff --git a/src/main/java/edu/harvard/iq/dataverse/api/Datasets.java b/src/main/java/edu/harvard/iq/dataverse/api/Datasets.java
index df292762353..4b3db65556c 100644
--- a/src/main/java/edu/harvard/iq/dataverse/api/Datasets.java
+++ b/src/main/java/edu/harvard/iq/dataverse/api/Datasets.java
@@ -5317,7 +5317,8 @@ public Response getPrivateUrlDatasetVersion(@PathParam("privateUrlToken") String
         }
         JsonObjectBuilder responseJson;
         if (isAnonymizedAccess) {
-            List<String> anonymizedFieldTypeNamesList = new ArrayList<>(Arrays.asList(anonymizedFieldTypeNames.split(SettingsWrapper.COMMA_BETWEEN_OPTIONAL_WHITE_SPACE)));
+            // Use ListSplitUtil for consistent CSV parsing
+            List<String> anonymizedFieldTypeNamesList = new ArrayList<>(ListSplitUtil.split(anonymizedFieldTypeNames));
             responseJson = json(dsv, anonymizedFieldTypeNamesList, true, returnOwners);
         } else {
             responseJson = json(dsv, null, true, returnOwners);
@@ -5343,7 +5344,8 @@ public Response getPreviewUrlDatasetVersion(@PathParam("previewUrlToken") String
         }
         JsonObjectBuilder responseJson;
         if (isAnonymizedAccess) {
-            List<String> anonymizedFieldTypeNamesList = new ArrayList<>(Arrays.asList(anonymizedFieldTypeNames.split(SettingsWrapper.COMMA_BETWEEN_OPTIONAL_WHITE_SPACE)));
+            // Use ListSplitUtil for consistent CSV parsing
+            List<String> anonymizedFieldTypeNamesList = new ArrayList<>(ListSplitUtil.split(anonymizedFieldTypeNames));
             responseJson = json(dsv, anonymizedFieldTypeNamesList, true, returnOwners);
         } else {
             responseJson = json(dsv, null, true, returnOwners);
diff --git a/src/main/java/edu/harvard/iq/dataverse/batch/jobs/importer/filesystem/FileRecordReader.java b/src/main/java/edu/harvard/iq/dataverse/batch/jobs/importer/filesystem/FileRecordReader.java
index 9ce30683a87..175683bbb16 100644
--- a/src/main/java/edu/harvard/iq/dataverse/batch/jobs/importer/filesystem/FileRecordReader.java
+++ b/src/main/java/edu/harvard/iq/dataverse/batch/jobs/importer/filesystem/FileRecordReader.java
@@ -25,6 +25,7 @@
 import edu.harvard.iq.dataverse.authorization.users.AuthenticatedUser;
 import edu.harvard.iq.dataverse.batch.jobs.importer.ImportMode;
 import edu.harvard.iq.dataverse.settings.JvmSettings;
+import edu.harvard.iq.dataverse.util.ListSplitUtil;
 import org.apache.commons.io.filefilter.NotFileFilter;
 import org.apache.commons.io.filefilter.WildcardFileFilter;
 
@@ -43,7 +44,6 @@
 import java.io.FileFilter;
 import java.io.Serializable;
 import java.util.ArrayList;
-import java.util.Arrays;
 import java.util.HashMap;
 import java.util.Iterator;
 import java.util.List;
@@ -152,8 +152,13 @@ public File readItem() {
      * @return list of files
      */
     private List<File> getFiles(final File directory) {
-        // create filter from job xml excludes property
-        FileFilter excludeFilter = new NotFileFilter(new WildcardFileFilter(Arrays.asList(excludes.split("\\s*,\\s*"))));
+        // create filter from job xml excludes property using builder to avoid deprecated constructors
+        final String[] excludedPatterns = ListSplitUtil.split(excludes).toArray(new String[0]);
+        FileFilter excludeFilter = new NotFileFilter(
+                WildcardFileFilter.builder()
+                        .setWildcards(excludedPatterns)
+                        .get()
+        );
         List<File> files = new ArrayList<>();
         File[] filesList = directory.listFiles(excludeFilter);
         if (filesList != null) {
diff --git a/src/main/java/edu/harvard/iq/dataverse/dataaccess/GlobusAccessibleStore.java b/src/main/java/edu/harvard/iq/dataverse/dataaccess/GlobusAccessibleStore.java
index 8bed60d8302..032ec1cfe48 100644
--- a/src/main/java/edu/harvard/iq/dataverse/dataaccess/GlobusAccessibleStore.java
+++ b/src/main/java/edu/harvard/iq/dataverse/dataaccess/GlobusAccessibleStore.java
@@ -1,5 +1,6 @@
 package edu.harvard.iq.dataverse.dataaccess;
 
+import edu.harvard.iq.dataverse.util.ListSplitUtil;
 import jakarta.json.Json;
 import jakarta.json.JsonArray;
 import jakarta.json.JsonArrayBuilder;
@@ -38,10 +39,10 @@ public static String getTransferPath(String driverId) {
     }
 
     public static JsonArray getReferenceEndpointsWithPaths(String driverId) {
-        String[] endpoints = StorageIO.getConfigParamForDriver(driverId, AbstractRemoteOverlayAccessIO.REFERENCE_ENDPOINTS_WITH_BASEPATHS).split("\\s*,\\s*");
         JsonArrayBuilder builder = Json.createArrayBuilder();
-        for(int i=0;i<endpoints.length;i++) {
-            builder.add(endpoints[i]);
+        for (String endpoint : ListSplitUtil.split(StorageIO.getConfigParamForDriver(driverId,
+                AbstractRemoteOverlayAccessIO.REFERENCE_ENDPOINTS_WITH_BASEPATHS))) {
+            builder.add(endpoint);
         }
         return builder.build();
     }
diff --git a/src/main/java/edu/harvard/iq/dataverse/dataaccess/GlobusOverlayAccessIO.java b/src/main/java/edu/harvard/iq/dataverse/dataaccess/GlobusOverlayAccessIO.java
index 89c7306929c..b0728390c55 100644
--- a/src/main/java/edu/harvard/iq/dataverse/dataaccess/GlobusOverlayAccessIO.java
+++ b/src/main/java/edu/harvard/iq/dataverse/dataaccess/GlobusOverlayAccessIO.java
@@ -7,6 +7,7 @@
 import edu.harvard.iq.dataverse.datavariable.DataVariable;
 import edu.harvard.iq.dataverse.globus.AccessToken;
 import edu.harvard.iq.dataverse.globus.GlobusServiceBean;
+import edu.harvard.iq.dataverse.util.ListSplitUtil;
 import edu.harvard.iq.dataverse.util.UrlSignerUtil;
 import edu.harvard.iq.dataverse.util.json.JsonUtil;
 
@@ -392,24 +393,24 @@ protected void configureGlobusEndpoints() throws IOException {
     }
     
     private static String[] getAllowedEndpoints(String driverId) throws IOException {
-        String[] allowedEndpoints = null;
         if (GlobusAccessibleStore.isDataverseManaged(driverId)) {
-            allowedEndpoints = new String[1];
-            allowedEndpoints[0] = getConfigParamForDriver(driverId, TRANSFER_ENDPOINT_WITH_BASEPATH);
-            if (allowedEndpoints[0] == null) {
-                throw new IOException(
-                        "dataverse.files." + driverId + "." + TRANSFER_ENDPOINT_WITH_BASEPATH + " is required");
-            }
-        } else {
-            String rawEndpoints = getConfigParamForDriver(driverId, REFERENCE_ENDPOINTS_WITH_BASEPATHS);
-            if (rawEndpoints != null) {
-                allowedEndpoints = getConfigParamForDriver(driverId, REFERENCE_ENDPOINTS_WITH_BASEPATHS).split("\\s*,\\s*");
-            }
-            if (rawEndpoints == null || allowedEndpoints.length == 0) {
-                throw new IOException("dataverse.files." + driverId + ".base-url is required");
+            final String endpoint = getConfigParamForDriver(driverId, TRANSFER_ENDPOINT_WITH_BASEPATH);
+            if (endpoint == null) {
+                throw new IOException("dataverse.files." + driverId + "." + TRANSFER_ENDPOINT_WITH_BASEPATH + " is required");
             }
+            return new String[] { endpoint };
+        }
+
+        final String rawEndpoints = getConfigParamForDriver(driverId, REFERENCE_ENDPOINTS_WITH_BASEPATHS);
+        if (rawEndpoints == null) {
+            throw new IOException("dataverse.files." + driverId + ".base-url is required");
+        }
+
+        final List<String> allowedEndpoints = ListSplitUtil.split(rawEndpoints);
+        if (allowedEndpoints.isEmpty()) {
+            throw new IOException("dataverse.files." + driverId + ".base-url is required");
         }
-        return allowedEndpoints;
+        return allowedEndpoints.toArray(new String[0]);
     }
 
 
diff --git a/src/main/java/edu/harvard/iq/dataverse/dataaccess/RemoteOverlayAccessIO.java b/src/main/java/edu/harvard/iq/dataverse/dataaccess/RemoteOverlayAccessIO.java
index bca70259cb7..1613d1ec7cc 100644
--- a/src/main/java/edu/harvard/iq/dataverse/dataaccess/RemoteOverlayAccessIO.java
+++ b/src/main/java/edu/harvard/iq/dataverse/dataaccess/RemoteOverlayAccessIO.java
@@ -5,6 +5,7 @@
 import edu.harvard.iq.dataverse.Dataverse;
 import edu.harvard.iq.dataverse.DvObject;
 import edu.harvard.iq.dataverse.datavariable.DataVariable;
+import edu.harvard.iq.dataverse.util.ListSplitUtil;
 import edu.harvard.iq.dataverse.util.UrlSignerUtil;
 
 import java.io.FileNotFoundException;
@@ -33,10 +34,10 @@
  */
 /*
  * Remote Overlay Driver
- * 
+ *
  * StorageIdentifier format:
  * <remoteDriverId>://<baseStorageIdentifier>//<relativePath>
- * 
+ *
  * baseUrl: http(s)://<host(:port)/basePath>
  */
 public class RemoteOverlayAccessIO<T extends DvObject> extends AbstractRemoteOverlayAccessIO<T> {
@@ -48,7 +49,7 @@ public class RemoteOverlayAccessIO<T extends DvObject> extends AbstractRemoteOve
     public RemoteOverlayAccessIO() {
         super();
     }
-    
+
     public RemoteOverlayAccessIO(T dvObject, DataAccessRequest req, String driverId) throws IOException {
         super(dvObject, req, driverId);
         this.setIsLocalFile(false);
@@ -124,10 +125,10 @@ public void open(DataAccessOption... options) throws IOException {
                     logger.fine("Setting size");
                     this.setSize(retrieveSizeFromMedia());
                 }
-                if (dataFile.getContentType() != null 
+                if (dataFile.getContentType() != null
                         && dataFile.getContentType().equals("text/tab-separated-values")
-                        && dataFile.isTabularData() 
-                        && dataFile.getDataTable() != null 
+                        && dataFile.isTabularData()
+                        && dataFile.getDataTable() != null
                         && (!this.noVarHeader())
                         && (!dataFile.getDataTable().isStoredWithVariableHeader())) {
 
@@ -317,7 +318,7 @@ protected void configureRemoteEndpoints() throws IOException {
         baseUrl = getConfigParam(BASE_URL);
         if (baseUrl == null) {
             //Will accept the first endpoint using the newer setting
-            baseUrl = getConfigParam(REFERENCE_ENDPOINTS_WITH_BASEPATHS).split("\\s*,\\s*")[0];
+            baseUrl = ListSplitUtil.split(getConfigParam(REFERENCE_ENDPOINTS_WITH_BASEPATHS)).stream().findFirst().orElse(baseUrl);
             if (baseUrl == null) {
                 throw new IOException("dataverse.files." + this.driverId + ".base-url is required");
             }
diff --git a/src/main/java/edu/harvard/iq/dataverse/datacapturemodule/DataCaptureModuleUtil.java b/src/main/java/edu/harvard/iq/dataverse/datacapturemodule/DataCaptureModuleUtil.java
index 094d3976133..de2aa0aaee8 100644
--- a/src/main/java/edu/harvard/iq/dataverse/datacapturemodule/DataCaptureModuleUtil.java
+++ b/src/main/java/edu/harvard/iq/dataverse/datacapturemodule/DataCaptureModuleUtil.java
@@ -5,8 +5,8 @@
 import edu.harvard.iq.dataverse.Dataset;
 import edu.harvard.iq.dataverse.DatasetVersion;
 import edu.harvard.iq.dataverse.authorization.users.AuthenticatedUser;
+import edu.harvard.iq.dataverse.util.ListSplitUtil;
 import edu.harvard.iq.dataverse.util.SystemConfig;
-import java.util.Arrays;
 import java.util.logging.Logger;
 import jakarta.json.Json;
 import jakarta.json.JsonObject;
@@ -19,11 +19,11 @@ public class DataCaptureModuleUtil {
 
     @Deprecated(forRemoval = true, since = "2024-07-07")
     public static boolean rsyncSupportEnabled(String uploadMethodsSettings) {
-        logger.fine("uploadMethodsSettings: " + uploadMethodsSettings);; 
+        logger.fine("uploadMethodsSettings: " + uploadMethodsSettings);;
         if (uploadMethodsSettings==null){
             return false;
         } else {
-           return  Arrays.asList(uploadMethodsSettings.toLowerCase().split("\\s*,\\s*")).contains(SystemConfig.FileUploadMethods.RSYNC.toString());
+            return ListSplitUtil.splitToLowerCaseSet(uploadMethodsSettings).contains(SystemConfig.FileUploadMethods.RSYNC.toString());
         }
     }
 
diff --git a/src/main/java/edu/harvard/iq/dataverse/dataset/DatasetUtil.java b/src/main/java/edu/harvard/iq/dataverse/dataset/DatasetUtil.java
index 46f458c5403..2ce5471a523 100644
--- a/src/main/java/edu/harvard/iq/dataverse/dataset/DatasetUtil.java
+++ b/src/main/java/edu/harvard/iq/dataverse/dataset/DatasetUtil.java
@@ -13,6 +13,7 @@
 import edu.harvard.iq.dataverse.dataaccess.ImageThumbConverter;
 import edu.harvard.iq.dataverse.util.BundleUtil;
 import edu.harvard.iq.dataverse.util.FileUtil;
+import edu.harvard.iq.dataverse.util.ListSplitUtil;
 import java.awt.image.BufferedImage;
 import java.io.ByteArrayInputStream;
 import java.io.File;
@@ -531,7 +532,7 @@ public static String[] getDatasetSummaryFieldNames(String customFieldNames) {
         } else {
             summaryFieldNames = customFieldNames;
         }
-        return summaryFieldNames.split("\\s*,\\s*");
+        return ListSplitUtil.split(summaryFieldNames).toArray(new String[0]);
     }
 
     public static boolean isRsyncAppropriateStorageDriver(Dataset dataset){
diff --git a/src/main/java/edu/harvard/iq/dataverse/engine/command/impl/CreateDataverseCommand.java b/src/main/java/edu/harvard/iq/dataverse/engine/command/impl/CreateDataverseCommand.java
index b28302ba861..3071cfaea8f 100644
--- a/src/main/java/edu/harvard/iq/dataverse/engine/command/impl/CreateDataverseCommand.java
+++ b/src/main/java/edu/harvard/iq/dataverse/engine/command/impl/CreateDataverseCommand.java
@@ -12,10 +12,10 @@
 import edu.harvard.iq.dataverse.engine.command.exception.IllegalCommandException;
 import edu.harvard.iq.dataverse.settings.SettingsServiceBean;
 import edu.harvard.iq.dataverse.util.BundleUtil;
+import edu.harvard.iq.dataverse.util.ListSplitUtil;
 
 import java.sql.Timestamp;
 import java.util.ArrayList;
-import java.util.Arrays;
 import java.util.Date;
 import java.util.List;
 
@@ -107,7 +107,7 @@ protected Dataverse innerExecute(CommandContext ctxt) throws IllegalCommandExcep
         // Add additional role assignments if inheritance is set
         boolean inheritAllRoles = false;
         String rolesString = ctxt.settings().getValueForKey(SettingsServiceBean.Key.InheritParentRoleAssignments, "");
-        ArrayList<String> rolesToInherit = new ArrayList<String>(Arrays.asList(rolesString.split("\\s*,\\s*")));
+        ArrayList<String> rolesToInherit = new ArrayList<>(ListSplitUtil.split(rolesString));
         if (rolesString.length() > 0) {
             if (!rolesToInherit.isEmpty()) {
                 if (rolesToInherit.contains("*")) {
diff --git a/src/main/java/edu/harvard/iq/dataverse/filter/CorsFilter.java b/src/main/java/edu/harvard/iq/dataverse/filter/CorsFilter.java
index 7d99d9ee4d2..d7f14fff245 100644
--- a/src/main/java/edu/harvard/iq/dataverse/filter/CorsFilter.java
+++ b/src/main/java/edu/harvard/iq/dataverse/filter/CorsFilter.java
@@ -1,20 +1,30 @@
 package edu.harvard.iq.dataverse.filter;
 
-import jakarta.inject.Inject;
-import jakarta.servlet.*;
-import jakarta.servlet.annotation.WebFilter;
-import jakarta.servlet.http.HttpServletResponse;
 import java.io.IOException;
+import java.util.Collections;
+import java.util.HashSet;
+import java.util.List;
+import java.util.Set;
+import java.util.stream.Collectors;
 
 import edu.harvard.iq.dataverse.settings.JvmSettings;
-import edu.harvard.iq.dataverse.settings.SettingsServiceBean;
+import edu.harvard.iq.dataverse.util.ListSplitUtil;
+import jakarta.servlet.Filter;
+import jakarta.servlet.FilterChain;
+import jakarta.servlet.FilterConfig;
+import jakarta.servlet.ServletException;
+import jakarta.servlet.ServletRequest;
+import jakarta.servlet.ServletResponse;
+import jakarta.servlet.annotation.WebFilter;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
 
 /**
  * CorsFilter is a servlet filter that handles Cross-Origin Resource Sharing (CORS) for the Dataverse application.
  * It configures and applies CORS headers to HTTP responses based on application settings.
  * 
  * This filter:
- * 1. Reads CORS configuration from JVM settings or (deprecated) the SettingsServiceBean. See the Dataverse Configuration Guide for more details.
+ * 1. Reads CORS configuration from JVM settings (dataverse.cors.*). See the Dataverse Configuration Guide for more details.
  * 2. Determines whether CORS should be allowed based on these settings.
  * 3. If CORS is allowed, it adds the appropriate CORS headers to all HTTP responses. The JVMSettings allow customization of the header contents if desired.
  * 
@@ -24,32 +34,33 @@
 @WebFilter("/*")
 public class CorsFilter implements Filter {
 
-    @Inject
-    private SettingsServiceBean settingsSvc;
-
     private boolean allowCors;
-    private String origin;
+    private boolean allowAllOrigins;
+    private Set<String> allowedOrigins = Collections.emptySet();
     private String methods;
     private String allowHeaders;
     private String exposeHeaders;
 
     @Override
     public void init(FilterConfig filterConfig) throws ServletException {
-        origin = JvmSettings.CORS_ORIGIN.lookupOptional().orElse(null);
-        boolean corsSetting = settingsSvc.isTrueForKey(SettingsServiceBean.Key.AllowCors, true);
-
-        if (origin == null && !corsSetting) {
-            allowCors = false;
-        } else {
-            allowCors = true;
-            origin = (origin != null) ? origin : "*";
-        }
+        List<String> origins = JvmSettings.CORS_ORIGIN.lookupSplittedListOptional().orElse(List.of());
+        allowCors = !origins.isEmpty();
 
         if (allowCors) {
-            methods = JvmSettings.CORS_METHODS.lookupOptional().orElse("PUT, GET, POST, DELETE, OPTIONS");
-            allowHeaders = JvmSettings.CORS_ALLOW_HEADERS.lookupOptional()
+            if (origins.contains("*")) {
+                allowAllOrigins = true;
+            } else {
+                allowedOrigins = Set.copyOf(origins);
+            }
+
+            methods = JvmSettings.CORS_METHODS.lookupSplittedListOptional()
+                    .map(values -> String.join(", ", values))
+                    .orElse("GET, POST, OPTIONS, PUT, DELETE");
+            allowHeaders = JvmSettings.CORS_ALLOW_HEADERS.lookupSplittedListOptional()
+                    .map(values -> String.join(", ", values))
                     .orElse("Accept, Content-Type, X-Dataverse-key, Range");
-            exposeHeaders = JvmSettings.CORS_EXPOSE_HEADERS.lookupOptional()
+            exposeHeaders = JvmSettings.CORS_EXPOSE_HEADERS.lookupSplittedListOptional()
+                    .map(values -> String.join(", ", values))
                     .orElse("Accept-Ranges, Content-Range, Content-Encoding");
         }
     }
@@ -58,12 +69,35 @@ public void init(FilterConfig filterConfig) throws ServletException {
     public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain chain)
             throws IOException, ServletException {
         if (allowCors) {
+            HttpServletRequest request = (HttpServletRequest) servletRequest;
             HttpServletResponse response = (HttpServletResponse) servletResponse;
-            response.addHeader("Access-Control-Allow-Origin", origin);
-            response.addHeader("Access-Control-Allow-Methods", methods);
-            response.addHeader("Access-Control-Allow-Headers", allowHeaders);
-            response.addHeader("Access-Control-Expose-Headers", exposeHeaders);
+
+            String originHeader = request.getHeader("Origin");
+            String requestOrigin = originHeader == null ? null : originHeader.trim();
+
+            if (allowAllOrigins) {
+                response.setHeader("Access-Control-Allow-Origin", "*");
+            } else if (requestOrigin != null && allowedOrigins.contains(requestOrigin)) {
+                response.setHeader("Access-Control-Allow-Origin", requestOrigin);
+                response.setHeader("Vary", appendVary(response.getHeader("Vary"), "Origin"));
+            }
+
+            response.setHeader("Access-Control-Allow-Methods", methods);
+            response.setHeader("Access-Control-Allow-Headers", allowHeaders);
+            response.setHeader("Access-Control-Expose-Headers", exposeHeaders);
         }
         chain.doFilter(servletRequest, servletResponse);
     }
+
+    private String appendVary(String existing, String value) {
+        if (existing == null || existing.isEmpty()) {
+            return value;
+        }
+        Set<String> tokens = ListSplitUtil.split(existing).stream()
+                .map(String::trim)
+                .filter(token -> !token.isEmpty())
+                .collect(Collectors.toCollection(HashSet::new));
+        tokens.add(value);
+        return String.join(", ", tokens);
+    }
 }
diff --git a/src/main/java/edu/harvard/iq/dataverse/pidproviders/AbstractPidProvider.java b/src/main/java/edu/harvard/iq/dataverse/pidproviders/AbstractPidProvider.java
index 0b5b49fc52d..0affd32eb99 100644
--- a/src/main/java/edu/harvard/iq/dataverse/pidproviders/AbstractPidProvider.java
+++ b/src/main/java/edu/harvard/iq/dataverse/pidproviders/AbstractPidProvider.java
@@ -7,6 +7,7 @@
 import edu.harvard.iq.dataverse.DatasetVersion;
 import edu.harvard.iq.dataverse.DvObject;
 import edu.harvard.iq.dataverse.GlobalId;
+import edu.harvard.iq.dataverse.util.ListSplitUtil;
 import edu.harvard.iq.dataverse.util.SystemConfig;
 import jakarta.json.Json;
 import jakarta.json.JsonObject;
@@ -60,10 +61,10 @@ protected AbstractPidProvider(String id, String label, String protocol, String a
         this.identifierGenerationStyle = identifierGenerationStyle;
         this.datafilePidFormat = datafilePidFormat;
         if(!managedList.isEmpty()) {
-            this.managedSet.addAll(Arrays.asList(managedList.split(",\\s")));
+            this.managedSet.addAll(ListSplitUtil.split(managedList));
         }
         if(!excludedList.isEmpty()) {
-            this.excludedSet.addAll(Arrays.asList(excludedList.split(",\\s")));
+            this.excludedSet.addAll(ListSplitUtil.split(excludedList));
         }
         if (logger.isLoggable(Level.FINE)) {
             Iterator<String> iter = managedSet.iterator();
diff --git a/src/main/java/edu/harvard/iq/dataverse/pidproviders/PidProviderFactoryBean.java b/src/main/java/edu/harvard/iq/dataverse/pidproviders/PidProviderFactoryBean.java
index 1bd49bc7f6e..267cbab3edd 100644
--- a/src/main/java/edu/harvard/iq/dataverse/pidproviders/PidProviderFactoryBean.java
+++ b/src/main/java/edu/harvard/iq/dataverse/pidproviders/PidProviderFactoryBean.java
@@ -12,7 +12,6 @@
 import java.util.HashMap;
 import java.util.List;
 import java.util.Map;
-import java.util.NoSuchElementException;
 import java.util.Optional;
 import java.util.ServiceLoader;
 import java.util.logging.Level;
@@ -23,11 +22,9 @@
 import jakarta.ejb.Singleton;
 import jakarta.ejb.Startup;
 import jakarta.inject.Inject;
-import jakarta.json.JsonObject;
 import edu.harvard.iq.dataverse.settings.JvmSettings;
 import edu.harvard.iq.dataverse.settings.SettingsServiceBean;
 import edu.harvard.iq.dataverse.util.SystemConfig;
-import edu.harvard.iq.dataverse.DatasetFieldServiceBean;
 import edu.harvard.iq.dataverse.DataverseServiceBean;
 import edu.harvard.iq.dataverse.DvObjectServiceBean;
 import edu.harvard.iq.dataverse.GlobalId;
@@ -121,14 +118,12 @@ private void loadProviderFactories() {
     }
 
     private void loadProviders() {
-        Optional<String[]> providers = JvmSettings.PID_PROVIDERS.lookupOptional(String[].class);
-        if (!providers.isPresent()) {
+        Optional<List<String>> providersOpt = JvmSettings.PID_PROVIDERS.lookupSplittedListOptional();
+        if (!providersOpt.isPresent() || providersOpt.get().isEmpty()) {
             logger.warning(
                     "No PidProviders configured via dataverse.pid.providers. Please consider updating as older PIDProvider configuration mechanisms will be removed in a future version of Dataverse.");
         } else {
-            for (String id : providers.get()) {
-                //Allows spaces in PID_PROVIDERS setting
-                id=id.trim();
+            for (String id : providersOpt.get()) {
                 Optional<String> type = JvmSettings.PID_PROVIDER_TYPE.lookupOptional(id);
                 if (!type.isPresent()) {
                     logger.warning("PidProvider " + id
diff --git a/src/main/java/edu/harvard/iq/dataverse/settings/JvmSettings.java b/src/main/java/edu/harvard/iq/dataverse/settings/JvmSettings.java
index 87123801a3e..07dc417ba1f 100644
--- a/src/main/java/edu/harvard/iq/dataverse/settings/JvmSettings.java
+++ b/src/main/java/edu/harvard/iq/dataverse/settings/JvmSettings.java
@@ -309,6 +309,7 @@ public enum JvmSettings {
     
     private final String key;
     private final String scopedKey;
+    @SuppressWarnings("unused")
     private final JvmSettings parent;
     private final List<String> oldNames;
     private final int placeholders;
@@ -608,4 +609,73 @@ public String insert(String... arguments) {
         return String.format(this.getScopedKey(), (Object[]) arguments);
     }
     
+    /**
+     * Lookup an optional comma-separated value and return the tokens as an immutable list.
+     * MicroProfile Config removes zero-length segments when it converts to {@code String[]}, but
+     * it leaves any leading or trailing whitespace on the surviving tokens (including tokens that
+     * contain only spaces). This convenience overload trims each token; after trimming, any token
+     * that becomes empty (because it consisted solely of whitespace) is discarded so callers still
+     * receive a list that is free of empty strings. Use the boolean overload with {@code false} if
+     * you need the exact whitespace that MicroProfile provided.
+     *
+     * @return an {@link Optional} containing the list of tokens when the setting is present;
+     *         an empty {@link Optional} if the setting is not configured
+     */
+    public Optional<List<String>> lookupSplittedListOptional() {
+        return lookupSplittedListOptional(true);
+    }
+
+    /**
+    * Lookup an optional comma-separated value and return the tokens as an immutable list.
+    *
+    * @param trimSpaces when {@code true}, individual elements are trimmed; tokens that become empty after
+    *                   trimming (because they were all whitespace) are removed to preserve MicroProfile's
+    *                   "no empty entries" guarantee; when {@code false}, the tokens are returned exactly as
+    *                   produced by MicroProfile Config
+     * @return an {@link Optional} containing the list of tokens when the setting is present;
+     *         an empty {@link Optional} if the setting is not configured
+     */
+    public Optional<List<String>> lookupSplittedListOptional(boolean trimSpaces) {
+        return lookupOptional(String[].class)
+            .map(values -> Arrays.stream(values)
+                .map(s -> trimSpaces ? s.trim() : s)
+                .filter(s -> trimSpaces ? !s.isEmpty() : true)
+                .toList());
+    }
+
+    /**
+     * Lookup a required comma-separated value and return the tokens as an immutable list.
+     * MicroProfile Config removes zero-length segments when it converts to {@code String[]}, but it
+     * leaves any leading or trailing whitespace on the surviving tokens (including tokens that contain
+     * only spaces). This convenience overload trims each token; after trimming, any token that becomes
+     * empty (because it consisted solely of whitespace) is discarded so callers still receive a list that
+     * is free of empty strings. Use the boolean overload with {@code false} if you need the exact whitespace
+     * that MicroProfile provided.
+     *
+     * @return the list of tokens for the configured setting
+     * @throws java.util.NoSuchElementException if the setting is missing or blank
+     * @throws IllegalArgumentException if conversion to {@code String[]} fails
+     */
+    public List<String> lookupSplittedList() {
+        return lookupSplittedList(true);
+    }
+
+    /**
+    * Lookup a required comma-separated value and return the tokens as an immutable list.
+    *
+    * @param trimSpaces when {@code true}, individual elements are trimmed; tokens that become empty after
+    *                   trimming (because they were all whitespace) are removed to preserve MicroProfile's
+    *                   "no empty entries" guarantee; when {@code false}, the tokens are returned exactly as
+    *                   produced by MicroProfile Config
+     * @return the list of tokens for the configured setting
+     * @throws java.util.NoSuchElementException if the setting is missing or blank
+     * @throws IllegalArgumentException if conversion to {@code String[]} fails
+     */
+    public List<String> lookupSplittedList(boolean trimSpaces) {
+        return Arrays.stream(lookup(String[].class))
+            .map(s -> trimSpaces ? s.trim() : s)
+            .filter(s -> trimSpaces ? !s.isEmpty() : true)
+            .toList();
+    }
+
 }
diff --git a/src/main/java/edu/harvard/iq/dataverse/util/CSLUtil.java b/src/main/java/edu/harvard/iq/dataverse/util/CSLUtil.java
index fe9e00bd837..213737ffeeb 100644
--- a/src/main/java/edu/harvard/iq/dataverse/util/CSLUtil.java
+++ b/src/main/java/edu/harvard/iq/dataverse/util/CSLUtil.java
@@ -87,7 +87,7 @@ public static List<SelectItem> getSupportedStyles(String localeCode) {
      * Adapted from private retrieveStyle method in de.undercouch.citeproc.CSL
      * Retrieves a CSL style from the classpath. For example, if the given name is
      * <code>ieee</code> this method will load the file <code>/ieee.csl</code>
-     * 
+     *
      * @param styleName the style's name
      * @return the serialized XML representation of the style
      * @throws IOException if the style could not be loaded
@@ -119,8 +119,9 @@ public static String getCitationFormat(String styleName) throws IOException {
 
     private static String[] getCommonStyles() {
         if (commonStyles == null) {
-            commonStyles = JvmSettings.CSL_COMMON_STYLES.lookupOptional().orElse("chicago-author-date, ieee")
-                    .split("\\s*,\\s*");
+            commonStyles = ListSplitUtil.split(
+                JvmSettings.CSL_COMMON_STYLES.lookupOptional().orElse("chicago-author-date, ieee")
+            ).toArray(new String[0]);
         }
         return commonStyles;
     }
diff --git a/src/main/java/edu/harvard/iq/dataverse/util/ListSplitUtil.java b/src/main/java/edu/harvard/iq/dataverse/util/ListSplitUtil.java
new file mode 100644
index 00000000000..793eef1db7b
--- /dev/null
+++ b/src/main/java/edu/harvard/iq/dataverse/util/ListSplitUtil.java
@@ -0,0 +1,45 @@
+package edu.harvard.iq.dataverse.util;
+
+import java.util.Arrays;
+import java.util.Collections;
+import java.util.List;
+import java.util.Set;
+import java.util.regex.Pattern;
+
+/**
+ * Helpers for simple admin settings that accept comma-separated lists (origins, methods, headers, etc.).
+ * <p>
+ * Behavior:
+ * - Leading/trailing whitespace of the whole input is ignored.
+ * - Whitespace immediately around commas is ignored ("GET, POST" == "GET,POST").
+ * - Tokens are otherwise preserved exactly as typed (no quote stripping, no escape processing).
+ * Not a full CSV parser: embedded commas, quoted fields with separators, and newlines inside tokens are NOT supported.
+ */
+public final class ListSplitUtil {
+    /** Split on commas, trimming any adjacent to comma whitespace. */
+    private static final Pattern SPLIT = Pattern.compile("\\s*,\\s*");
+
+    /**
+     * Split a comma-separated string into tokens preserving user input (beyond removing cosmetic
+     * whitespace around commas and overall leading/trailing whitespace). Returns an empty list for
+     * null or blank input.
+     */
+    public static List<String> split(final String rawCsv) {
+        if (rawCsv == null) {
+            return Collections.emptyList();
+        }
+        final String trimmedCsv = rawCsv.trim();
+        if (trimmedCsv.isEmpty()) {
+            return Collections.emptyList();
+        }
+        return Arrays.asList(SPLIT.split(trimmedCsv));
+    }
+
+    /** Convenience: split into a lowercase set. */
+    public static Set<String> splitToLowerCaseSet(final String rawCsv) {
+        if (rawCsv == null || rawCsv.trim().isEmpty()) {
+            return Collections.emptySet();
+        }
+        return Set.copyOf(split(rawCsv.toLowerCase()));
+    }
+}
diff --git a/src/main/java/edu/harvard/iq/dataverse/util/SystemConfig.java b/src/main/java/edu/harvard/iq/dataverse/util/SystemConfig.java
index 71f24b1fe3a..c1d61378f42 100644
--- a/src/main/java/edu/harvard/iq/dataverse/util/SystemConfig.java
+++ b/src/main/java/edu/harvard/iq/dataverse/util/SystemConfig.java
@@ -1001,11 +1001,12 @@ public boolean isRsyncOnly(){
             return false;
         }
         String uploadMethods = settingsService.getValueForKey(SettingsServiceBean.Key.UploadMethods);
-        if (uploadMethods==null){
+        if (uploadMethods == null) {
             return false;
-        } else {
-           return  Arrays.asList(uploadMethods.toLowerCase().split("\\s*,\\s*")).size() == 1 && uploadMethods.toLowerCase().equals(SystemConfig.FileUploadMethods.RSYNC.toString());
         }
+        String normalizedUploadMethods = uploadMethods.toLowerCase();
+        return ListSplitUtil.split(normalizedUploadMethods).size() == 1
+                && normalizedUploadMethods.equals(SystemConfig.FileUploadMethods.RSYNC.toString());
     }
 
     @Deprecated(forRemoval = true, since = "2024-07-07")
@@ -1035,18 +1036,16 @@ private Boolean getMethodAvailable(String method, boolean upload) {
                 upload ? SettingsServiceBean.Key.UploadMethods : SettingsServiceBean.Key.DownloadMethods);
         if (methods == null) {
             return false;
-        } else {
-            return Arrays.asList(methods.toLowerCase().split("\\s*,\\s*")).contains(method);
         }
+        return ListSplitUtil.split(methods.toLowerCase()).contains(method);
     }
     
     public Integer getUploadMethodCount(){
         String uploadMethods = settingsService.getValueForKey(SettingsServiceBean.Key.UploadMethods); 
-        if (uploadMethods==null){
+        if (uploadMethods == null) {
             return 0;
-        } else {
-           return  Arrays.asList(uploadMethods.toLowerCase().split("\\s*,\\s*")).size();
-        }       
+        }
+        return ListSplitUtil.split(uploadMethods.toLowerCase()).size();
     }
 
     public boolean isAllowCustomTerms() {
diff --git a/src/main/java/edu/harvard/iq/dataverse/workflow/internalspi/LDNAnnounceDatasetVersionStep.java b/src/main/java/edu/harvard/iq/dataverse/workflow/internalspi/LDNAnnounceDatasetVersionStep.java
index d96c4db1305..49ca77573da 100644
--- a/src/main/java/edu/harvard/iq/dataverse/workflow/internalspi/LDNAnnounceDatasetVersionStep.java
+++ b/src/main/java/edu/harvard/iq/dataverse/workflow/internalspi/LDNAnnounceDatasetVersionStep.java
@@ -5,6 +5,7 @@
 import edu.harvard.iq.dataverse.DatasetFieldType;
 import edu.harvard.iq.dataverse.DatasetVersion;
 import edu.harvard.iq.dataverse.branding.BrandingUtil;
+import edu.harvard.iq.dataverse.util.ListSplitUtil;
 import static edu.harvard.iq.dataverse.settings.SettingsServiceBean.Key.LDNAnnounceRequiredFields;
 import static edu.harvard.iq.dataverse.settings.SettingsServiceBean.Key.LDNTarget;
 import edu.harvard.iq.dataverse.util.SystemConfig;
@@ -48,7 +49,7 @@
  * anounce new dataset versions to the Harvard DASH preprint repository so that
  * a DASH admin can create a backlink for any dataset versions that reference a
  * DASH deposit or a paper with a DOI where DASH has a preprint copy.
- * 
+ *
  * @author qqmyers
  */
 
@@ -76,7 +77,7 @@ public WorkflowStepResult run(WorkflowContext context) {
             CloseableHttpClient client = HttpClients.createDefault();
 
             // build method
-            
+
             HttpPost announcement;
             try {
                 announcement = buildAnnouncement(false, context, target);
@@ -126,8 +127,7 @@ HttpPost buildAnnouncement(boolean qb, WorkflowContext ctxt, JsonObject target)
         DatasetVersion dv = ctxt.getDataset().getReleasedVersion();
         List<DatasetField> dvf = dv.getDatasetFields();
         Map<String, DatasetField> fields = new HashMap<String, DatasetField>();
-        String[] requiredFields = ((String) ctxt.getSettings().getOrDefault(REQUIRED_FIELDS, "")).split(",\\s*");
-        for (String field : requiredFields) {
+        for (String field : ListSplitUtil.split((String) ctxt.getSettings().getOrDefault(REQUIRED_FIELDS, ""))) {
             fields.put(field, null);
         }
         Set<String> reqFields = fields.keySet();
diff --git a/src/test/java/edu/harvard/iq/dataverse/export/ddi/DdiExportUtilTest.java b/src/test/java/edu/harvard/iq/dataverse/export/ddi/DdiExportUtilTest.java
index 360e9dfbafe..03000d55b5a 100644
--- a/src/test/java/edu/harvard/iq/dataverse/export/ddi/DdiExportUtilTest.java
+++ b/src/test/java/edu/harvard/iq/dataverse/export/ddi/DdiExportUtilTest.java
@@ -19,8 +19,6 @@
 import java.nio.charset.StandardCharsets;
 import java.nio.file.Files;
 import java.nio.file.Path;
-import java.nio.file.Paths;
-import java.util.Arrays;
 import java.util.HashMap;
 import java.util.List;
 import java.util.Map;
@@ -93,7 +91,7 @@ public static void setUpClass() throws Exception {
         PidUtil.clearPidProviders();
 
         //Read list of providers to add
-        List<String> providers = Arrays.asList(JvmSettings.PID_PROVIDERS.lookup().split(",\\s"));
+        List<String> providers = JvmSettings.PID_PROVIDERS.lookupSplittedList();
         //Iterate through the list of providers and add them using the PidProviderFactory of the appropriate type
         for (String providerId : providers) {
             System.out.println("Loading provider: " + providerId);
diff --git a/src/test/java/edu/harvard/iq/dataverse/filter/CorsFilterTest.java b/src/test/java/edu/harvard/iq/dataverse/filter/CorsFilterTest.java
new file mode 100644
index 00000000000..8db5d43e14d
--- /dev/null
+++ b/src/test/java/edu/harvard/iq/dataverse/filter/CorsFilterTest.java
@@ -0,0 +1,224 @@
+package edu.harvard.iq.dataverse.filter;
+
+import jakarta.servlet.FilterChain;
+import jakarta.servlet.ServletRequest;
+import jakarta.servlet.ServletResponse;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
+import org.junit.jupiter.api.AfterEach;
+import org.junit.jupiter.api.BeforeEach;
+import org.junit.jupiter.api.Test;
+import org.mockito.ArgumentCaptor;
+
+import java.util.HashMap;
+import java.util.Map;
+
+import static org.junit.jupiter.api.Assertions.*;
+import static org.mockito.ArgumentMatchers.any;
+import static org.mockito.ArgumentMatchers.anyString;
+import static org.mockito.ArgumentMatchers.argThat;
+import static org.mockito.ArgumentMatchers.contains;
+import static org.mockito.ArgumentMatchers.eq;
+import static org.mockito.Mockito.*;
+
+class CorsFilterTest {
+
+    private final Map<String, String> sysPropsBackup = new HashMap<>();
+
+    @BeforeEach
+    void setUp() {
+        // backup potentially touched props
+        backupAndClear("dataverse.cors.origin");
+        backupAndClear("dataverse.cors.methods");
+        backupAndClear("dataverse.cors.headers.allow");
+        backupAndClear("dataverse.cors.headers.expose");
+    }
+
+    @AfterEach
+    void tearDown() {
+        restore("dataverse.cors.origin");
+        restore("dataverse.cors.methods");
+        restore("dataverse.cors.headers.allow");
+        restore("dataverse.cors.headers.expose");
+    }
+
+    @Test
+    void wildcardOrigin_allowsAny_noVary() throws Exception {
+        System.setProperty("dataverse.cors.origin", "*");
+
+        CorsFilter sut = new CorsFilter();
+        sut.init(null);
+
+        HttpServletRequest req = mock(HttpServletRequest.class);
+        when(req.getHeader("Origin")).thenReturn("https://a.example");
+        HttpServletResponse res = mock(HttpServletResponse.class);
+        FilterChain chain = mock(FilterChain.class);
+
+        sut.doFilter(req, res, chain);
+
+        verify(res).setHeader("Access-Control-Allow-Origin", "*");
+        // By design, Vary not required for wildcard
+        verify(res, never()).setHeader(eq("Vary"), anyString());
+        verify(chain).doFilter(any(ServletRequest.class), any(ServletResponse.class));
+    }
+
+    @Test
+    void singleOrigin_echoesAndAddsVary() throws Exception {
+        System.setProperty("dataverse.cors.origin", "https://libis.github.io");
+
+        CorsFilter sut = new CorsFilter();
+        sut.init(null);
+
+        HttpServletRequest req = mock(HttpServletRequest.class);
+        when(req.getHeader("Origin")).thenReturn("https://libis.github.io");
+        HttpServletResponse res = mock(HttpServletResponse.class);
+        when(res.getHeader("Vary")).thenReturn(null);
+        FilterChain chain = mock(FilterChain.class);
+
+        sut.doFilter(req, res, chain);
+
+        verify(res).setHeader("Access-Control-Allow-Origin", "https://libis.github.io");
+
+        ArgumentCaptor<String> varyVal = ArgumentCaptor.forClass(String.class);
+        verify(res).setHeader(eq("Vary"), varyVal.capture());
+        assertTrue(varyVal.getValue().contains("Origin"));
+        verify(chain).doFilter(any(ServletRequest.class), any(ServletResponse.class));
+    }
+
+    @Test
+    void multipleOrigins_echoesMatch_onlyWhenAllowed() throws Exception {
+        // Comma-separated list as set via JVM options/Microprofile
+        System.setProperty("dataverse.cors.origin", "https://a.example, https://b.example");
+
+        CorsFilter sut = new CorsFilter();
+        sut.init(null);
+
+        // allowed origin
+        HttpServletRequest reqAllowed = mock(HttpServletRequest.class);
+        when(reqAllowed.getHeader("Origin")).thenReturn("https://b.example");
+        HttpServletResponse resAllowed = mock(HttpServletResponse.class);
+        FilterChain chain = mock(FilterChain.class);
+
+        sut.doFilter(reqAllowed, resAllowed, chain);
+        verify(resAllowed).setHeader("Access-Control-Allow-Origin", "https://b.example");
+        verify(resAllowed).setHeader(eq("Vary"), contains("Origin"));
+
+        // not allowed origin -> no ACAO header set
+        HttpServletRequest reqDenied = mock(HttpServletRequest.class);
+        when(reqDenied.getHeader("Origin")).thenReturn("https://c.example");
+        HttpServletResponse resDenied = mock(HttpServletResponse.class);
+
+        sut.doFilter(reqDenied, resDenied, chain);
+        verify(resDenied, never()).setHeader(eq("Access-Control-Allow-Origin"), anyString());
+    }
+
+    @Test
+    void whitespaceAndMixedCasingParsing() throws Exception {
+        System.setProperty("dataverse.cors.origin",
+                "  https://one.example  ,\n\t https://two.example  ,  https://three.example  ");
+
+        CorsFilter sut = new CorsFilter();
+        sut.init(null);
+
+        HttpServletRequest req = mock(HttpServletRequest.class);
+        when(req.getHeader("Origin")).thenReturn("https://two.example");
+        HttpServletResponse res = mock(HttpServletResponse.class);
+        when(res.getHeader("Vary")).thenReturn("Accept-Encoding");
+
+        sut.doFilter(req, res, mock(FilterChain.class));
+
+        verify(res).setHeader("Access-Control-Allow-Origin", "https://two.example");
+        // ensure existing Vary preserved and Origin added
+        verify(res).setHeader(eq("Vary"), argThat(v -> v.contains("Origin") && v.contains("Accept-Encoding")));
+    }
+
+    @Test
+    void wildcardAmongOthersTreatsAsWildcard() throws Exception {
+        System.setProperty("dataverse.cors.origin", "https://a.example,*,https://b.example");
+
+        CorsFilter sut = new CorsFilter();
+        sut.init(null);
+
+        HttpServletRequest req = mock(HttpServletRequest.class);
+        when(req.getHeader("Origin")).thenReturn("https://random.example");
+        HttpServletResponse res = mock(HttpServletResponse.class);
+
+        sut.doFilter(req, res, mock(FilterChain.class));
+
+        verify(res).setHeader("Access-Control-Allow-Origin", "*");
+        verify(res, never()).setHeader(eq("Vary"), anyString());
+    }
+
+    @Test
+    void existingVaryMergedWithoutDuplication() throws Exception {
+        System.setProperty("dataverse.cors.origin", "https://merge.example");
+
+        CorsFilter sut = new CorsFilter();
+        sut.init(null);
+
+        HttpServletRequest req = mock(HttpServletRequest.class);
+        when(req.getHeader("Origin")).thenReturn("https://merge.example");
+        HttpServletResponse res = mock(HttpServletResponse.class);
+        when(res.getHeader("Vary")).thenReturn("Accept-Encoding, Origin");
+
+        sut.doFilter(req, res, mock(FilterChain.class));
+
+        // Origin should not be duplicated
+        verify(res).setHeader(eq("Vary"), argThat(v -> v.indexOf("Origin") == v.lastIndexOf("Origin")));
+    }
+
+    @Test
+    void quotedHeaderListsPreserved() throws Exception {
+        System.setProperty("dataverse.cors.origin", "https://x.example");
+        System.setProperty("dataverse.cors.headers.allow", "\"Accept, X-Dataverse-key\"");
+        System.setProperty("dataverse.cors.headers.expose", "\"Accept-Ranges, Content-Range\"");
+        System.setProperty("dataverse.cors.methods", "GET, POST, OPTIONS");
+
+        CorsFilter sut = new CorsFilter();
+        sut.init(null);
+
+        HttpServletRequest req = mock(HttpServletRequest.class);
+        when(req.getHeader("Origin")).thenReturn("https://x.example");
+        HttpServletResponse res = mock(HttpServletResponse.class);
+
+        sut.doFilter(req, res, mock(FilterChain.class));
+        
+        // With simplified CsvUtil we now preserve surrounding quotes provided by admin config.
+        verify(res).setHeader("Access-Control-Allow-Headers", "\"Accept, X-Dataverse-key\"");
+        verify(res).setHeader("Access-Control-Expose-Headers", "\"Accept-Ranges, Content-Range\"");
+        verify(res).setHeader("Access-Control-Allow-Methods", "GET, POST, OPTIONS");
+    }
+
+    @Test
+    void disabledCors_skipsHeaders() throws Exception {
+        // no origin set -> CORS disabled
+        CorsFilter sut = new CorsFilter();
+        sut.init(null);
+
+        HttpServletRequest req = mock(HttpServletRequest.class);
+        when(req.getHeader("Origin")).thenReturn("https://any.example");
+        HttpServletResponse res = mock(HttpServletResponse.class);
+
+        sut.doFilter(req, res, mock(FilterChain.class));
+
+        verify(res, never()).setHeader(eq("Access-Control-Allow-Origin"), anyString());
+        verify(res, never()).setHeader(eq("Access-Control-Allow-Methods"), anyString());
+        verify(res, never()).setHeader(eq("Access-Control-Allow-Headers"), anyString());
+        verify(res, never()).setHeader(eq("Access-Control-Expose-Headers"), anyString());
+    }
+
+    private void backupAndClear(String key) {
+        String old = System.getProperty(key);
+        if (old != null) {
+            sysPropsBackup.put(key, old);
+        }
+        System.clearProperty(key);
+    }
+
+    private void restore(String key) {
+        System.clearProperty(key);
+        if (sysPropsBackup.containsKey(key)) {
+            System.setProperty(key, sysPropsBackup.get(key));
+        }
+    }
+}
diff --git a/src/test/java/edu/harvard/iq/dataverse/pidproviders/PidUtilTest.java b/src/test/java/edu/harvard/iq/dataverse/pidproviders/PidUtilTest.java
index 3f8c198b0fe..201d3c6c25d 100644
--- a/src/test/java/edu/harvard/iq/dataverse/pidproviders/PidUtilTest.java
+++ b/src/test/java/edu/harvard/iq/dataverse/pidproviders/PidUtilTest.java
@@ -153,7 +153,7 @@ public static void setUpClass() throws Exception {
         PidUtil.clearPidProviders();
         
         //Read list of providers to add
-        List<String> providers = Arrays.asList(JvmSettings.PID_PROVIDERS.lookup().split(",\\s"));
+        List<String> providers = JvmSettings.PID_PROVIDERS.lookupSplittedList();
         //Iterate through the list of providers and add them using the PidProviderFactory of the appropriate type
         for (String providerId : providers) {
             System.out.println("Loading provider: " + providerId);
diff --git a/src/test/java/edu/harvard/iq/dataverse/util/ListSplitUtilTest.java b/src/test/java/edu/harvard/iq/dataverse/util/ListSplitUtilTest.java
new file mode 100644
index 00000000000..9535cb4cca2
--- /dev/null
+++ b/src/test/java/edu/harvard/iq/dataverse/util/ListSplitUtilTest.java
@@ -0,0 +1,31 @@
+package edu.harvard.iq.dataverse.util;
+
+import org.junit.jupiter.api.DisplayName;
+import org.junit.jupiter.api.Test;
+
+import java.util.List;
+import java.util.Set;
+
+import static org.junit.jupiter.api.Assertions.*;
+
+class ListSplitUtilTest {
+
+    @Test
+    @DisplayName("split preserves empty tokens and quotes")
+    void testSplitBasic() {
+        List<String> tokens = ListSplitUtil.split("  a ,  b, \"c\" , , d  ");
+        assertEquals(List.of("a", "b", "\"c\"", "", "d"), tokens);
+    }
+
+    @Test
+    @DisplayName("splitToLowerCaseSet lowercases and de-dups (order not asserted)")
+    void testSplitToLowerCaseSet() {
+        assertTrue(ListSplitUtil.splitToLowerCaseSet(null).isEmpty(), "null should yield empty set");
+        assertTrue(ListSplitUtil.splitToLowerCaseSet("   ").isEmpty(), "blank should yield empty set");
+        Set<String> set = ListSplitUtil.splitToLowerCaseSet("B, a, b, A, C");
+        assertEquals(Set.of("b", "a", "c"), set);
+
+        Set<String> quoted = ListSplitUtil.splitToLowerCaseSet("\"A\" , \"b\" , \"A\"");
+        assertEquals(Set.of("\"a\"", "\"b\""), quoted);
+    }
+}

From 19cfbe9c4a6fe8e56b6913e19cf7d26df5ef8e1f Mon Sep 17 00:00:00 2001
From: Leonid Andreev <leonid@hmdc.harvard.edu>
Date: Thu, 20 Nov 2025 15:46:25 -0500
Subject: [PATCH 518/634] Adding RestAssured tests, the Guide entries and a
 short release note. Plus a couple of bugfixes. #11987

---
 .../11987-storage-quotas-on-datasets.md       |   3 +
 doc/sphinx-guides/source/api/native-api.rst   |  42 +++++-
 .../harvard/iq/dataverse/api/Datasets.java    |   2 +-
 src/main/java/propertyFiles/Bundle.properties |   2 +-
 .../edu/harvard/iq/dataverse/api/FilesIT.java | 123 +++++++++++++++++-
 .../edu/harvard/iq/dataverse/api/UtilIT.java  |   2 +-
 6 files changed, 166 insertions(+), 8 deletions(-)
 create mode 100644 doc/release-notes/11987-storage-quotas-on-datasets.md

diff --git a/doc/release-notes/11987-storage-quotas-on-datasets.md b/doc/release-notes/11987-storage-quotas-on-datasets.md
new file mode 100644
index 00000000000..8f3e465e703
--- /dev/null
+++ b/doc/release-notes/11987-storage-quotas-on-datasets.md
@@ -0,0 +1,3 @@
+It is now possible to define storage quotas on individual datasets. See the API guide for more information.
+The practical use case is for datasets in the top-level, root collection. This does address the use case of a user creating multiple datasets. There is an open dev. issue for adding per-user storage quotas as well.
+
diff --git a/doc/sphinx-guides/source/api/native-api.rst b/doc/sphinx-guides/source/api/native-api.rst
index c3870372614..00b009dcd65 100644
--- a/doc/sphinx-guides/source/api/native-api.rst
+++ b/doc/sphinx-guides/source/api/native-api.rst
@@ -1205,8 +1205,13 @@ Collection Storage Quotas
 
   curl -H "X-Dataverse-key:$API_TOKEN" "$SERVER_URL/api/dataverses/$ID/storage/quota"
 
-Will output the storage quota allocated (in bytes), or a message indicating that the quota is not defined for the specific collection. The user identified by the API token must have the ``Manage`` permission on the collection. 
+Will output the storage quota allocated (in bytes), or a message indicating that the quota is not defined for the specific collection. The user identified by the API token must have the ``Edit`` permission on the collection. 
 
+.. code-block:: 
+
+  curl -H "X-Dataverse-key:$API_TOKEN" "$SERVER_URL/api/dataverses/$ID/storage/use"
+
+Will output the dynamically cached total storage size (in bytes) used by the collection.
 
 To set or change the storage allocation quota for a collection:
 
@@ -1225,7 +1230,40 @@ To delete a storage quota configured for a collection:
 
 This is API is superuser-only.
 
-Use the ``/settings`` API to enable or disable the enforcement of storage quotas that are defined across the instance via the following setting. For example,
+Storage Quotas on Individual Datasets
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+.. code-block:: 
+
+  curl -H "X-Dataverse-key:$API_TOKEN" "$SERVER_URL/api/datasets/$ID/storage/quota"
+
+Will output the storage quota allocated (in bytes), or a message indicating that the quota is not defined for the specific collection. The user identified by the API token must have the ``Edit`` permission on the dataset. 
+
+.. code-block:: 
+
+  curl -H "X-Dataverse-key:$API_TOKEN" "$SERVER_URL/api/datasets/$ID/storage/use"
+
+Will output the dynamically cached total storage size (in bytes) used by the dataset.
+
+To set or change the storage allocation quota for a dataset:
+
+.. code-block:: 
+
+  curl -X POST -H "X-Dataverse-key:$API_TOKEN" "$SERVER_URL/api/datasets/$ID/storage/quota/$SIZE_IN_BYTES"
+
+This is API is superuser-only.
+  
+
+To delete a storage quota configured for a dataset:
+
+.. code-block:: 
+
+  curl -X DELETE -H "X-Dataverse-key:$API_TOKEN" "$SERVER_URL/api/datasets/$ID/storage/quota"
+
+This is API is superuser-only.
+
+
+Use the ``/settings`` API to enable or disable the enforcement of storage quotas that are defined across the instance via the following setting:
 
 .. code-block:: 
 
diff --git a/src/main/java/edu/harvard/iq/dataverse/api/Datasets.java b/src/main/java/edu/harvard/iq/dataverse/api/Datasets.java
index 8b21f5fbcf9..267dfb71a48 100644
--- a/src/main/java/edu/harvard/iq/dataverse/api/Datasets.java
+++ b/src/main/java/edu/harvard/iq/dataverse/api/Datasets.java
@@ -6218,6 +6218,6 @@ public Response deleteDatasetQuota(@Context ContainerRequestContext crc, @PathPa
     @Path("{identifier}/storage/use")
     public Response getDatasetStorageUse(@Context ContainerRequestContext crc, @PathParam("identifier") String identifier) throws WrappedResponse {
         return response(req -> ok(MessageFormat.format(BundleUtil.getStringFromBundle("dataset.storage.use"),
-                execCommand(new GetCollectionStorageUseCommand(req, findDataverseOrDie(identifier))))), getRequestUser(crc));
+                execCommand(new GetDatasetStorageUseCommand(req, findDatasetOrDie(identifier))))), getRequestUser(crc));
     }
 }
diff --git a/src/main/java/propertyFiles/Bundle.properties b/src/main/java/propertyFiles/Bundle.properties
index 5b94a466deb..23b328d05e0 100644
--- a/src/main/java/propertyFiles/Bundle.properties
+++ b/src/main/java/propertyFiles/Bundle.properties
@@ -1010,7 +1010,7 @@ dataset.storage.quota.notdefined=No quota defined for this dataset
 dataset.storage.quota.updated=Storage quota successfully set for the dataset
 dataset.storage.quota.deleted=Storage quota successfully disabled for the dataset
 dataset.storage.quota.superusersonly=Only superusers can change storage quotas.
-dataet.storage.use=Total recorded size of the files stored in this dataset (user-uploaded files plus the versions in the archival tab-delimited format and/or auxiliary files, when applicable): {0} bytes
+dataset.storage.use=Total recorded size of the files stored in this dataset (user-uploaded files plus the versions in the archival tab-delimited format and/or auxiliary files, when applicable): {0} bytes
 dataverse.datasize.ioerror=Fatal IO error while trying to determine the total size of the files stored in the dataverse. Please report this error to the Dataverse administrator.
 dataverse.inherited=(inherited from enclosing Dataverse)
 dataverse.default=(Default)
diff --git a/src/test/java/edu/harvard/iq/dataverse/api/FilesIT.java b/src/test/java/edu/harvard/iq/dataverse/api/FilesIT.java
index 175d93b57a6..780ec88a6c5 100644
--- a/src/test/java/edu/harvard/iq/dataverse/api/FilesIT.java
+++ b/src/test/java/edu/harvard/iq/dataverse/api/FilesIT.java
@@ -3169,9 +3169,7 @@ public void testCollectionStorageQuotas() {
         // ... should work this time around:
         uploadResponse.then().assertThat().statusCode(OK.getStatusCode());
             
-        // Let's confirm that the total storage use has been properly implemented:
-
-        //try {sleep(1000);}catch(InterruptedException ie){}
+        // Let's confirm that the total storage use has been properly incremented:
         
         checkStorageUseResponse = UtilIT.checkCollectionStorageUse(dataverseAlias, apiToken);
         checkStorageUseResponse.then().assertThat().statusCode(OK.getStatusCode());
@@ -3188,6 +3186,125 @@ public void testCollectionStorageQuotas() {
         UtilIT.deleteSetting(SettingsServiceBean.Key.UseStorageQuotas);
     }
     
+    @Test
+    public void testDatasetStorageQuotas() {
+        // This test largely replicates the collection-level storage quota test
+        // above. Both types of quotas share the same implementation underneath 
+        // (it operates on DvObjectContainers), so the separate tests here 
+        // are for testing the dataverses- and datasets-level APIs that expose
+        // the functionality. 
+        // A minimal storage quota functionality test: 
+        // - We create a dataset and define a storage quota
+        // - We configure the Dataverse instance to enforce it 
+        // - We confirm that we can upload a file with the size under the quota
+        // - We confirm that we cannot upload a file once the quota is reached
+        // - We disable the quota on the dataset and try again
+        
+        Response createUser = UtilIT.createRandomUser();
+        createUser.then().assertThat().statusCode(OK.getStatusCode());
+        String apiToken = UtilIT.getApiTokenFromResponse(createUser);
+        String username = UtilIT.getUsernameFromResponse(createUser);
+        Response makeSuperUser = UtilIT.makeSuperUser(username);
+        assertEquals(200, makeSuperUser.getStatusCode());
+
+        Response createDataverseResponse = UtilIT.createRandomDataverse(apiToken);
+        createDataverseResponse.then().assertThat().statusCode(CREATED.getStatusCode());
+        String dataverseAlias = UtilIT.getAliasFromResponse(createDataverseResponse);
+
+        Response createDatasetResponse = UtilIT.createRandomDatasetViaNativeApi(dataverseAlias, apiToken);
+        createDatasetResponse.then().assertThat().statusCode(CREATED.getStatusCode());
+        Integer datasetId = JsonPath.from(createDatasetResponse.body().asString()).getInt("data.id");
+        
+        System.out.println("dataset-level quota test, dataset id: "+datasetId);
+        
+        Response checkQuotaResponse = UtilIT.checkDatasetQuota(datasetId.toString(), apiToken);
+        checkQuotaResponse.then().assertThat().statusCode(OK.getStatusCode());
+        // This brand new dataset shouldn't have any quota defined yet: 
+        assertEquals(BundleUtil.getStringFromBundle("dataset.storage.quota.notdefined"), JsonPath.from(checkQuotaResponse.body().asString()).getString("data.message"));
+        
+        // Set quota to 1K:
+        Response setQuotaResponse = UtilIT.setDatasetQuota(datasetId.toString(), 1024, apiToken);
+        setQuotaResponse.then().assertThat().statusCode(OK.getStatusCode());
+        assertEquals(BundleUtil.getStringFromBundle("dataset.storage.quota.updated"), JsonPath.from(setQuotaResponse.body().asString()).getString("data.message"));
+        
+        // Check again:
+        checkQuotaResponse = UtilIT.checkDatasetQuota(datasetId.toString(), apiToken);
+        checkQuotaResponse.then().assertThat().statusCode(OK.getStatusCode());
+        String expectedApiMessage = BundleUtil.getStringFromBundle("dataset.storage.quota.allocation", Arrays.asList("1,024"));
+        assertEquals(expectedApiMessage, JsonPath.from(checkQuotaResponse.body().asString()).getString("data.message"));
+
+        System.out.println(expectedApiMessage);
+        
+        UtilIT.enableSetting(SettingsServiceBean.Key.UseStorageQuotas);
+                
+        String pathToFile306bytes = "src/test/resources/FileRecordJobIT.properties"; 
+        String pathToFile1787bytes = "src/test/resources/datacite.xml";
+
+        // Upload a small file: 
+        
+        Response uploadResponse = UtilIT.uploadFileViaNative(Integer.toString(datasetId), pathToFile306bytes, Json.createObjectBuilder().build(), apiToken);
+        uploadResponse.then().assertThat().statusCode(OK.getStatusCode());
+        
+        // Check the recorded storage use: 
+        
+        Response checkStorageUseResponse = UtilIT.checkDatasetStorageUse(datasetId.toString(), apiToken);
+        checkStorageUseResponse.then().assertThat().statusCode(OK.getStatusCode());
+        expectedApiMessage = BundleUtil.getStringFromBundle("dataset.storage.use", Arrays.asList("306"));
+        assertEquals(expectedApiMessage, JsonPath.from(checkStorageUseResponse.body().asString()).getString("data.message"));
+
+        System.out.println(expectedApiMessage);
+        
+        // Attempt to upload the second file - this should get us over the quota, 
+        // so it should be rejected:
+        
+        uploadResponse = UtilIT.uploadFileViaNative(Integer.toString(datasetId), pathToFile1787bytes, Json.createObjectBuilder().build(), apiToken);
+        uploadResponse.then().assertThat().statusCode(BAD_REQUEST.getStatusCode());
+        // We should get this error message made up from 2 Bundle strings:
+        expectedApiMessage = BundleUtil.getStringFromBundle("file.addreplace.error.ingest_create_file_err");
+        expectedApiMessage = expectedApiMessage + " " + BundleUtil.getStringFromBundle("file.addreplace.error.quota_exceeded", Arrays.asList("1.7 KB", "718 B"));
+        assertEquals(expectedApiMessage, JsonPath.from(uploadResponse.body().asString()).getString("message"));
+        
+        System.out.println(expectedApiMessage);
+        
+        // Check Storage Use again - should be unchanged: 
+        
+        checkStorageUseResponse = UtilIT.checkDatasetStorageUse(datasetId.toString(), apiToken);
+        checkStorageUseResponse.then().assertThat().statusCode(OK.getStatusCode());
+        expectedApiMessage = BundleUtil.getStringFromBundle("dataset.storage.use", Arrays.asList("306"));
+        assertEquals(expectedApiMessage, JsonPath.from(checkStorageUseResponse.body().asString()).getString("data.message"));
+
+        // Disable the quota on the dataset; try again:
+        
+        Response disableQuotaResponse = UtilIT.disableDatasetQuota(datasetId.toString(), apiToken);
+        disableQuotaResponse.then().assertThat().statusCode(OK.getStatusCode());
+        expectedApiMessage = BundleUtil.getStringFromBundle("dataset.storage.quota.deleted");
+        assertEquals(expectedApiMessage, JsonPath.from(disableQuotaResponse.body().asString()).getString("data.message"));
+
+        // Check again: 
+        
+        checkQuotaResponse = UtilIT.checkDatasetQuota(datasetId.toString(), apiToken);
+        checkQuotaResponse.then().assertThat().statusCode(OK.getStatusCode());
+        // ... should say "no quota", again: 
+        assertEquals(BundleUtil.getStringFromBundle("dataset.storage.quota.notdefined"), JsonPath.from(checkQuotaResponse.body().asString()).getString("data.message"));
+        
+        // And try to upload the larger file again:
+        
+        uploadResponse = UtilIT.uploadFileViaNative(Integer.toString(datasetId), pathToFile1787bytes, Json.createObjectBuilder().build(), apiToken);
+        // ... should work this time around:
+        uploadResponse.then().assertThat().statusCode(OK.getStatusCode());
+            
+        // Let's confirm that the storage use for the dataset has been properly incremented:
+        
+        checkStorageUseResponse = UtilIT.checkDatasetStorageUse(datasetId.toString(), apiToken);
+        checkStorageUseResponse.then().assertThat().statusCode(OK.getStatusCode());
+        expectedApiMessage = BundleUtil.getStringFromBundle("dataset.storage.use", Arrays.asList("2,093"));
+        assertEquals(expectedApiMessage, JsonPath.from(checkStorageUseResponse.body().asString()).getString("data.message"));
+
+        System.out.println(expectedApiMessage);
+        
+        UtilIT.deleteSetting(SettingsServiceBean.Key.UseStorageQuotas);
+    }
+
     @Test
     public void testIngestWithAndWithoutVariableHeader() throws NoSuchAlgorithmException {
         msgt("testIngestWithAndWithoutVariableHeader");
diff --git a/src/test/java/edu/harvard/iq/dataverse/api/UtilIT.java b/src/test/java/edu/harvard/iq/dataverse/api/UtilIT.java
index a93c095c05c..3bf18123a1e 100644
--- a/src/test/java/edu/harvard/iq/dataverse/api/UtilIT.java
+++ b/src/test/java/edu/harvard/iq/dataverse/api/UtilIT.java
@@ -3684,7 +3684,7 @@ static Response checkDatasetQuota(String datasetId, String apiToken) {
     static Response setDatasetQuota(String datasetId, long allocatedSize, String apiToken) {
         Response response = given()
                 .header(API_TOKEN_HTTP_HEADER, apiToken)
-                .post("/api/dataset/" + datasetId + "/storage/quota/" + allocatedSize);
+                .post("/api/datasets/" + datasetId + "/storage/quota/" + allocatedSize);
         return response;
     }
     

From 87de3e7d8e68f1e006598398a4477a4bc5a192ec Mon Sep 17 00:00:00 2001
From: Leonid Andreev <leonid@hmdc.harvard.edu>
Date: Thu, 20 Nov 2025 16:58:44 -0500
Subject: [PATCH 519/634] Switching the permission required for viewing current
 storageuse; it was "ManagePermissions" in the original collection-level
 command, which I initially copied into the new dataset equivalent. But I
 don't think it was the right, or even an intentional choise. #11987

---
 .../engine/command/impl/GetCollectionStorageUseCommand.java     | 2 +-
 .../engine/command/impl/GetDatasetStorageUseCommand.java        | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/main/java/edu/harvard/iq/dataverse/engine/command/impl/GetCollectionStorageUseCommand.java b/src/main/java/edu/harvard/iq/dataverse/engine/command/impl/GetCollectionStorageUseCommand.java
index c30a5a34a81..2d7180df2c9 100644
--- a/src/main/java/edu/harvard/iq/dataverse/engine/command/impl/GetCollectionStorageUseCommand.java
+++ b/src/main/java/edu/harvard/iq/dataverse/engine/command/impl/GetCollectionStorageUseCommand.java
@@ -13,7 +13,7 @@
  *
  * @author landreev
  */
-@RequiredPermissions(Permission.ManageDataversePermissions)
+@RequiredPermissions(Permission.EditDataverse)
 // alternatively, we could make it dynamic - public for published collections
 // and Permission.ViewUnpublishedDataverse required otherwise (?)
 public class GetCollectionStorageUseCommand extends AbstractCommand<Long> {
diff --git a/src/main/java/edu/harvard/iq/dataverse/engine/command/impl/GetDatasetStorageUseCommand.java b/src/main/java/edu/harvard/iq/dataverse/engine/command/impl/GetDatasetStorageUseCommand.java
index fda84bc96e5..08b8e4e862b 100644
--- a/src/main/java/edu/harvard/iq/dataverse/engine/command/impl/GetDatasetStorageUseCommand.java
+++ b/src/main/java/edu/harvard/iq/dataverse/engine/command/impl/GetDatasetStorageUseCommand.java
@@ -14,7 +14,7 @@
  *
  * @author landreev
  */
-@RequiredPermissions(Permission.ManageDatasetPermissions)
+@RequiredPermissions(Permission.EditDataset)
 public class GetDatasetStorageUseCommand extends AbstractCommand<Long> {
 
     private static final Logger logger = Logger.getLogger(GetDatasetStorageUseCommand.class.getCanonicalName());

From e47a94725d50b47d3d85bac6be50dbdedfe5cae5 Mon Sep 17 00:00:00 2001
From: Jim Myers <qqmyers@hotmail.com>
Date: Fri, 21 Nov 2025 08:01:17 -0500
Subject: [PATCH 520/634] update link

---
 doc/sphinx-guides/source/admin/big-data-administration.rst | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/doc/sphinx-guides/source/admin/big-data-administration.rst b/doc/sphinx-guides/source/admin/big-data-administration.rst
index fb94f0e9cab..ead0f8fb032 100644
--- a/doc/sphinx-guides/source/admin/big-data-administration.rst
+++ b/doc/sphinx-guides/source/admin/big-data-administration.rst
@@ -178,7 +178,7 @@ Challenges:
 - Globus is complex to manage and Dataverse installations will need to develop Globus expertise or partner with another organization (i.e. an institutional high-performance computing center) to manage Globus endpoints.
 - For users not familiar with Globus, managing transfers can be confusing. For the non-S3 options, users cannot just download files - they must have access to a destination Globus endpoint and have a Globus account. Globus does provide free accounts and a free "Globus Personal Connect" service which installed on any machine to allow transfers to/from it.
 - Globus transfers are not enabled at dataset-creation time. Once the draft version is created, users can initiate Globus transfers to upload files from remote endpoints.
-- For Dataverse-managed endpoints, a community-developed `dataverse-globus <https://github.com/scholarsportal/dataverse-globus>`_ app must be installed and configured in the Dataverse instance. 
+- For Dataverse-managed endpoints, a community-developed `dataverse-globus <https://github.com/gdcc/dataverse-globus>`_ app must be installed and configured in the Dataverse instance. 
   This app manages granting and revoking access for users to upload/download files from Dataverse and handles the translation between Dataverse's internal file naming/organization to that seen by the user.
 - Users familiar with Globus sometimes expect to be able to find the Dataverse endpoint in Globus' online service and download files from there. Due to the fact that Dataverse is managing permissions and handling file naming, this doesn't work.
 - Due to differences between Dataverse's and Globus's access control models, Dataverse cannot enforce per-file access restrictions - restriction can only be done today at the level of providing access to all files in a dataset.

From 388af2588964b43fa6376019f0a38166684b0d72 Mon Sep 17 00:00:00 2001
From: Leonid Andreev <leonid@hmdc.harvard.edu>
Date: Fri, 21 Nov 2025 09:19:40 -0500
Subject: [PATCH 521/634] a typo in the release note. #11987

---
 doc/release-notes/11987-storage-quotas-on-datasets.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/doc/release-notes/11987-storage-quotas-on-datasets.md b/doc/release-notes/11987-storage-quotas-on-datasets.md
index 8f3e465e703..6a103421503 100644
--- a/doc/release-notes/11987-storage-quotas-on-datasets.md
+++ b/doc/release-notes/11987-storage-quotas-on-datasets.md
@@ -1,3 +1,3 @@
 It is now possible to define storage quotas on individual datasets. See the API guide for more information.
-The practical use case is for datasets in the top-level, root collection. This does address the use case of a user creating multiple datasets. There is an open dev. issue for adding per-user storage quotas as well.
+The practical use case is for datasets in the top-level, root collection. This does not address the use case of a user creating multiple datasets. But there is an open dev. issue for adding per-user storage quotas as well.
 

From ca44ce860ca58c5e838dc65df378f236218bb261 Mon Sep 17 00:00:00 2001
From: Jim Myers <qqmyers@hotmail.com>
Date: Fri, 21 Nov 2025 12:24:45 -0500
Subject: [PATCH 522/634] update release note re *.p12 files (not specifically
 PR related)

---
 doc/release-notes/11827-Payara-6.2025.10.md | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/doc/release-notes/11827-Payara-6.2025.10.md b/doc/release-notes/11827-Payara-6.2025.10.md
index 3737c05be27..271b7dbb5ea 100644
--- a/doc/release-notes/11827-Payara-6.2025.10.md
+++ b/doc/release-notes/11827-Payara-6.2025.10.md
@@ -5,3 +5,12 @@ Payara 6.2025.10 cannot be used with earlier versions of Dataverse, e.g. v6.8.
 Standard Payara upgrade instructions - as in the 6.7 release notes should be added, 
 but we should assure the instructions don't have you trying to run 6.8 with the latest Payara 
 and perhaps should explicitly note that you can't. 
+
+We should also change the 'standard' language related to Payara updates to include copying the
+*.p12 files from the distributed domain1/config directory into the Dataverse domain1/config directory,
+at least if/when they are different. Those files include base certs and over time using the old files
+can cause SSL errors. If the domain.xml file is old enough, it may also reference *.jks files instead
+of the *.p12 ones. That should also be fixed (domain.xml having those lines updated to reference *.p12 files).
+FWIW: I ran across this at TDL where a dev machine stopped being able to contact DataCite because the root
+cert used by DataCite today is not in the *.jks files that had been copied forward during Payara updates.)
+

From 4337c47d4621226a4d2e5cd2a45b3f2548a90ee2 Mon Sep 17 00:00:00 2001
From: Leonid Andreev <leonid@hmdc.harvard.edu>
Date: Fri, 21 Nov 2025 16:27:13 -0500
Subject: [PATCH 523/634] Added an optional parameter to the quota APIs to show
 the quota that may be inherited from a parent collection. #11987

---
 doc/sphinx-guides/source/api/native-api.rst   |  6 ++++--
 .../harvard/iq/dataverse/api/Datasets.java    |  4 ++--
 .../harvard/iq/dataverse/api/Dataverses.java  |  4 ++--
 .../impl/GetCollectionQuotaCommand.java       | 19 ++++++++++++++---
 .../command/impl/GetDatasetQuotaCommand.java  | 21 +++++++++++++++----
 5 files changed, 41 insertions(+), 13 deletions(-)

diff --git a/doc/sphinx-guides/source/api/native-api.rst b/doc/sphinx-guides/source/api/native-api.rst
index dd7a0850e09..dadbf3e239b 100644
--- a/doc/sphinx-guides/source/api/native-api.rst
+++ b/doc/sphinx-guides/source/api/native-api.rst
@@ -1250,7 +1250,8 @@ Collection Storage Quotas
 
   curl -H "X-Dataverse-key:$API_TOKEN" "$SERVER_URL/api/dataverses/$ID/storage/quota"
 
-Will output the storage quota allocated (in bytes), or a message indicating that the quota is not defined for the specific collection. The user identified by the API token must have the ``Edit`` permission on the collection. 
+Will output the storage quota allocated (in bytes), or a message indicating that the quota is not defined for the collection. The user identified by the API token must have the ``Edit`` permission on the collection. 
+With an optional query parameter ``showInherited=true`` it will show the applicable quota potentially defined on the nearest parent when the collection does not have a quota configured directly.
 
 .. code-block:: 
 
@@ -1282,7 +1283,8 @@ Storage Quotas on Individual Datasets
 
   curl -H "X-Dataverse-key:$API_TOKEN" "$SERVER_URL/api/datasets/$ID/storage/quota"
 
-Will output the storage quota allocated (in bytes), or a message indicating that the quota is not defined for the specific collection. The user identified by the API token must have the ``Edit`` permission on the dataset. 
+Will output the storage quota allocated (in bytes), or a message indicating that the quota is not defined for this dataset. The user identified by the API token must have the ``Edit`` permission on the dataset.
+With an optional query parameter ``showInherited=true`` it will show the applicable quota potentially defined on the nearest parent collection when the dataset does not have a quota configured directly.
 
 .. code-block:: 
 
diff --git a/src/main/java/edu/harvard/iq/dataverse/api/Datasets.java b/src/main/java/edu/harvard/iq/dataverse/api/Datasets.java
index 95d02b757b6..db87a1e7757 100644
--- a/src/main/java/edu/harvard/iq/dataverse/api/Datasets.java
+++ b/src/main/java/edu/harvard/iq/dataverse/api/Datasets.java
@@ -6170,9 +6170,9 @@ public Response updateLicense(@Context ContainerRequestContext crc,
     @GET
     @AuthRequired
     @Path("{identifier}/storage/quota")
-    public Response getDatasetQuota(@Context ContainerRequestContext crc, @PathParam("identifier") String dvIdtf) throws WrappedResponse {
+    public Response getDatasetQuota(@Context ContainerRequestContext crc, @PathParam("identifier") String dvIdtf, @QueryParam("showInherited") boolean showInherited) throws WrappedResponse {
         try {
-            Long bytesAllocated = execCommand(new GetDatasetQuotaCommand(createDataverseRequest(getRequestUser(crc)), findDatasetOrDie(dvIdtf)));
+            Long bytesAllocated = execCommand(new GetDatasetQuotaCommand(createDataverseRequest(getRequestUser(crc)), findDatasetOrDie(dvIdtf), showInherited));
             if (bytesAllocated != null) {
                 return ok(MessageFormat.format(BundleUtil.getStringFromBundle("dataset.storage.quota.allocation"),bytesAllocated));
             }
diff --git a/src/main/java/edu/harvard/iq/dataverse/api/Dataverses.java b/src/main/java/edu/harvard/iq/dataverse/api/Dataverses.java
index 29bac86e658..5d0d6048e53 100644
--- a/src/main/java/edu/harvard/iq/dataverse/api/Dataverses.java
+++ b/src/main/java/edu/harvard/iq/dataverse/api/Dataverses.java
@@ -1236,9 +1236,9 @@ public Response getStorageSize(@Context ContainerRequestContext crc, @PathParam(
     @GET
     @AuthRequired
     @Path("{identifier}/storage/quota")
-    public Response getCollectionQuota(@Context ContainerRequestContext crc, @PathParam("identifier") String dvIdtf) throws WrappedResponse {
+    public Response getCollectionQuota(@Context ContainerRequestContext crc, @PathParam("identifier") String dvIdtf, @QueryParam("showInherited") boolean showInherited) throws WrappedResponse {
         try {
-            Long bytesAllocated = execCommand(new GetCollectionQuotaCommand(createDataverseRequest(getRequestUser(crc)), findDataverseOrDie(dvIdtf)));
+            Long bytesAllocated = execCommand(new GetCollectionQuotaCommand(createDataverseRequest(getRequestUser(crc)), findDataverseOrDie(dvIdtf), showInherited));
             if (bytesAllocated != null) {
                 return ok(MessageFormat.format(BundleUtil.getStringFromBundle("dataverse.storage.quota.allocation"),bytesAllocated));
             }
diff --git a/src/main/java/edu/harvard/iq/dataverse/engine/command/impl/GetCollectionQuotaCommand.java b/src/main/java/edu/harvard/iq/dataverse/engine/command/impl/GetCollectionQuotaCommand.java
index e34c7f5cbdd..0676e6204d7 100644
--- a/src/main/java/edu/harvard/iq/dataverse/engine/command/impl/GetCollectionQuotaCommand.java
+++ b/src/main/java/edu/harvard/iq/dataverse/engine/command/impl/GetCollectionQuotaCommand.java
@@ -23,17 +23,30 @@ public class GetCollectionQuotaCommand  extends AbstractCommand<Long> {
     private static final Logger logger = Logger.getLogger(GetCollectionQuotaCommand.class.getCanonicalName());
     
     private final Dataverse dataverse;
+    private final boolean inherited;
     
-    public GetCollectionQuotaCommand(DataverseRequest aRequest, Dataverse target) {
+    public GetCollectionQuotaCommand(DataverseRequest aRequest, Dataverse target, boolean inherited) {
         super(aRequest, target);
         dataverse = target;
+        this.inherited = inherited;
     } 
         
     @Override
     public Long execute(CommandContext ctxt) throws CommandException {
                
-        if (dataverse != null && dataverse.getStorageQuota() != null) {
-            return dataverse.getStorageQuota().getAllocation();
+        if (dataverse != null) {
+
+            if (dataverse.getStorageQuota() != null) {
+                return dataverse.getStorageQuota().getAllocation();
+            } else if (inherited) {
+                Dataverse uptree = dataverse; 
+                while (uptree.getStorageQuota() == null && uptree.getOwner() != null) {
+                    uptree = uptree.getOwner(); 
+                    if (uptree.getStorageQuota() != null) {
+                        return uptree.getStorageQuota().getAllocation();
+                    }
+                }
+            }
         }
         
         return null;
diff --git a/src/main/java/edu/harvard/iq/dataverse/engine/command/impl/GetDatasetQuotaCommand.java b/src/main/java/edu/harvard/iq/dataverse/engine/command/impl/GetDatasetQuotaCommand.java
index 839bbacaff4..88a04c0f049 100644
--- a/src/main/java/edu/harvard/iq/dataverse/engine/command/impl/GetDatasetQuotaCommand.java
+++ b/src/main/java/edu/harvard/iq/dataverse/engine/command/impl/GetDatasetQuotaCommand.java
@@ -1,6 +1,7 @@
 package edu.harvard.iq.dataverse.engine.command.impl;
 
 import edu.harvard.iq.dataverse.Dataset;
+import edu.harvard.iq.dataverse.DvObjectContainer;
 import edu.harvard.iq.dataverse.authorization.Permission;
 import edu.harvard.iq.dataverse.engine.command.AbstractCommand;
 import edu.harvard.iq.dataverse.engine.command.CommandContext;
@@ -23,19 +24,31 @@ public class GetDatasetQuotaCommand extends AbstractCommand<Long> {
     private static final Logger logger = Logger.getLogger(GetDatasetQuotaCommand.class.getCanonicalName());
     
     private final Dataset dataset;
+    private final boolean inherited;
     
-    public GetDatasetQuotaCommand(DataverseRequest aRequest, Dataset target) {
+    public GetDatasetQuotaCommand(DataverseRequest aRequest, Dataset target, boolean inherited) {
         super(aRequest, target);
         dataset = target;
+        this.inherited = inherited; 
     } 
         
     @Override
     public Long execute(CommandContext ctxt) throws CommandException {
                
-        if (dataset != null && dataset.getStorageQuota() != null) {
-            return dataset.getStorageQuota().getAllocation();
+        if (dataset != null) {
+            if (dataset.getStorageQuota() != null) {
+                return dataset.getStorageQuota().getAllocation();
+            } else if (inherited) {
+                DvObjectContainer uptree = dataset;
+                while (uptree.getStorageQuota() == null && uptree.getOwner() != null) {
+                    uptree = uptree.getOwner();
+                    if (uptree.getStorageQuota() != null) {
+                        return uptree.getStorageQuota().getAllocation();
+                    }
+                }
+            }
         }
-        
+
         return null;
     }
 

From 43678bb6e4b28c7aae50fd4ed65a61aa53c54f75 Mon Sep 17 00:00:00 2001
From: Leonid Andreev <leonid@hmdc.harvard.edu>
Date: Fri, 21 Nov 2025 16:48:58 -0500
Subject: [PATCH 524/634] Cosmetic, fixes the comments in the command #11987

---
 .../engine/command/impl/DeleteDatasetQuotaCommand.java        | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/src/main/java/edu/harvard/iq/dataverse/engine/command/impl/DeleteDatasetQuotaCommand.java b/src/main/java/edu/harvard/iq/dataverse/engine/command/impl/DeleteDatasetQuotaCommand.java
index 78e5165efe4..1ad7591e257 100644
--- a/src/main/java/edu/harvard/iq/dataverse/engine/command/impl/DeleteDatasetQuotaCommand.java
+++ b/src/main/java/edu/harvard/iq/dataverse/engine/command/impl/DeleteDatasetQuotaCommand.java
@@ -46,8 +46,10 @@ public void executeImpl(CommandContext ctxt) throws CommandException {
         StorageQuota storageQuota = targetDataset.getStorageQuota();
         
         if (storageQuota != null && storageQuota.getAllocation() != null) {
+            // The method below, in dataverseServiceBean, can be used to delete
+            // quotas defined on either of the DvObjectContainer classes:
             ctxt.dataverses().disableStorageQuota(storageQuota);
         } 
-        // ... and if no quota was enabled on the collection - nothing to do = success
+        // ... and if no quota was enabled on the dataset - nothing to do = success
     }    
 }
\ No newline at end of file

From 5daa7c5149ac7117646e6e28efef7f8c91d50adf Mon Sep 17 00:00:00 2001
From: qqmyers <qqmyers@hotmail.com>
Date: Fri, 21 Nov 2025 17:44:41 -0500
Subject: [PATCH 525/634] fix tests

---
 .../iq/dataverse/api/LocalContextsIT.java     |  62 +------
 .../iq/dataverse/api/LocalContextsTest.java   | 162 ++++++++++++++++++
 tests/integration-tests.txt                   |   2 +-
 3 files changed, 164 insertions(+), 62 deletions(-)
 create mode 100644 src/test/java/edu/harvard/iq/dataverse/api/LocalContextsTest.java

diff --git a/src/test/java/edu/harvard/iq/dataverse/api/LocalContextsIT.java b/src/test/java/edu/harvard/iq/dataverse/api/LocalContextsIT.java
index 4d75815e88c..67569e2dd91 100644
--- a/src/test/java/edu/harvard/iq/dataverse/api/LocalContextsIT.java
+++ b/src/test/java/edu/harvard/iq/dataverse/api/LocalContextsIT.java
@@ -1,9 +1,6 @@
 package edu.harvard.iq.dataverse.api;
 
 import io.restassured.response.Response;
-import edu.harvard.iq.dataverse.settings.JvmSettings;
-import edu.harvard.iq.dataverse.util.testing.JvmSetting;
-import edu.harvard.iq.dataverse.util.testing.LocalJvmSettings;
 import org.junit.jupiter.params.ParameterizedTest;
 import org.junit.jupiter.params.provider.MethodSource;
 
@@ -14,68 +11,11 @@
 import java.util.stream.Stream;
 
 /**
- * Since testing for valid responses requires seting up a project at
- * localcontexts that has the PID of the test dataset and an api key, these
- * tests are just checking for various error conditions - if the LocalContexts
- * settings aren't set, if the LC server doesn't respond with a 200, if the user
- * can't edit the dataset.
+ * Simple test of NOT_FOUND responses when LocalContexts is not configured
  * 
  */
-@LocalJvmSettings
 public class LocalContextsIT {
 
-    private static final String RANDOM_API_KEY = "random_api_key_12345";
-
-    @ParameterizedTest
-    @MethodSource("localContextsTestCases")
-    @JvmSetting(key = JvmSettings.LOCALCONTEXTS_URL, value = "https://localcontexts.org/")
-    @JvmSetting(key = JvmSettings.LOCALCONTEXTS_API_KEY, value = RANDOM_API_KEY)
-    public void testGetDatasetLocalContexts(String testCase) {
-        Response createUser = UtilIT.createRandomUser();
-        String username = UtilIT.getUsernameFromResponse(createUser);
-        String apiToken = UtilIT.getApiTokenFromResponse(createUser);
-
-        Response createDataverseResponse = UtilIT.createRandomDataverse(apiToken);
-        String dataverseAlias = UtilIT.getAliasFromResponse(createDataverseResponse);
-
-        Response createDatasetResponse = UtilIT.createRandomDatasetViaNativeApi(dataverseAlias, apiToken);
-        Integer datasetId = UtilIT.getDatasetIdFromResponse(createDatasetResponse);
-
-
-        Response localContextsResponse;
-        if (testCase.equals("searchLocalContexts")) {
-            localContextsResponse = UtilIT.searchLocalContexts(datasetId.toString(), apiToken);
-        } else {
-            String projectId = "sample_project_id";
-            localContextsResponse = UtilIT.getLocalContextsProject(datasetId.toString(), projectId, apiToken);
-        }
-        localContextsResponse.then().assertThat()
-                .statusCode(SERVICE_UNAVAILABLE.getStatusCode());
-
-        // Test with a second user
-        Response createSecondUser = UtilIT.createRandomUser();
-        String secondUsername = UtilIT.getUsernameFromResponse(createSecondUser);
-        String secondApiToken = UtilIT.getApiTokenFromResponse(createSecondUser);
-
-        Response secondUserResponse;
-        if (testCase.equals("searchLocalContexts")) {
-            secondUserResponse = UtilIT.searchLocalContexts(datasetId.toString(), secondApiToken);
-            secondUserResponse.then().assertThat()
-                    .statusCode(FORBIDDEN.getStatusCode());
-        } else {
-            String projectId = "sample_project_id";
-            secondUserResponse = UtilIT.getLocalContextsProject(datasetId.toString(), projectId, secondApiToken);
-            secondUserResponse.then().assertThat()
-                    .statusCode(SERVICE_UNAVAILABLE.getStatusCode());
-        }
-
-        // Clean up
-        UtilIT.deleteDatasetViaNativeApi(datasetId, apiToken);
-        UtilIT.deleteDataverse(dataverseAlias, apiToken);
-        UtilIT.deleteUser(username);
-        UtilIT.deleteUser(secondUsername);
-    }
-
     @ParameterizedTest
     @MethodSource("localContextsTestCases")
     public void testLocalContextsWithoutConfiguration(String testCase) {
diff --git a/src/test/java/edu/harvard/iq/dataverse/api/LocalContextsTest.java b/src/test/java/edu/harvard/iq/dataverse/api/LocalContextsTest.java
new file mode 100644
index 00000000000..2e97dba54fd
--- /dev/null
+++ b/src/test/java/edu/harvard/iq/dataverse/api/LocalContextsTest.java
@@ -0,0 +1,162 @@
+package edu.harvard.iq.dataverse.api;
+
+import edu.harvard.iq.dataverse.Dataset;
+import edu.harvard.iq.dataverse.DatasetServiceBean;
+import edu.harvard.iq.dataverse.GlobalId;
+import edu.harvard.iq.dataverse.PermissionServiceBean;
+import edu.harvard.iq.dataverse.PermissionsWrapper;
+import edu.harvard.iq.dataverse.UserServiceBean;
+import edu.harvard.iq.dataverse.authorization.Permission;
+import edu.harvard.iq.dataverse.authorization.users.AuthenticatedUser;
+import edu.harvard.iq.dataverse.authorization.users.GuestUser;
+import edu.harvard.iq.dataverse.settings.FeatureFlags;
+import edu.harvard.iq.dataverse.settings.JvmSettings;
+import edu.harvard.iq.dataverse.util.SystemConfig;
+import edu.harvard.iq.dataverse.util.testing.JvmSetting;
+import edu.harvard.iq.dataverse.util.testing.LocalJvmSettings;
+import jakarta.ws.rs.container.ContainerRequestContext;
+import jakarta.ws.rs.core.Response;
+import org.junit.jupiter.api.Test;
+import org.junit.jupiter.api.extension.ExtendWith;
+import org.mockito.InjectMocks;
+import org.mockito.Mock;
+import org.mockito.Mockito;
+import org.mockito.junit.jupiter.MockitoExtension;
+
+import static jakarta.ws.rs.core.Response.Status.FORBIDDEN;
+import static jakarta.ws.rs.core.Response.Status.NOT_FOUND;
+import static jakarta.ws.rs.core.Response.Status.SERVICE_UNAVAILABLE;
+import static org.junit.jupiter.api.Assertions.assertEquals;
+import static org.junit.jupiter.api.Assertions.assertTrue;
+import static org.mockito.Mockito.when;
+
+@LocalJvmSettings
+@ExtendWith(MockitoExtension.class)
+public class LocalContextsTest {
+
+    @InjectMocks
+    private LocalContexts localContexts;
+
+    @Mock
+    private DatasetServiceBean datasetService;
+    @Mock
+    private UserServiceBean userService;
+    @Mock
+    private SystemConfig systemConfig;
+    @Mock
+    private PermissionsWrapper permissionsWrapper;
+    @Mock
+    private PermissionServiceBean permissionService;
+    @Mock
+    private AuthenticatedUser authUser;
+    @Mock
+    private Dataset dataset;
+    @Mock
+    private ContainerRequestContext crc;
+
+    private static final String RANDOM_API_KEY = "random_api_key_12345";
+
+    @Test
+    @JvmSetting(key = JvmSettings.LOCALCONTEXTS_URL, value = "https://sandbox.localcontextshub.org/")
+    @JvmSetting(key = JvmSettings.LOCALCONTEXTS_API_KEY, value = RANDOM_API_KEY)
+    public void testSearchLocalContexts_ServiceUnavailable() {
+        // given
+        when(datasetService.find(1L)).thenReturn(dataset);
+        // No mock for http client, so it will fail and return SERVICE_UNAVAILABLE
+
+        // when
+        Response response = localContexts.searchLocalContexts("1", "2");
+
+        // then
+        assertEquals(SERVICE_UNAVAILABLE.getStatusCode(), response.getStatus());
+    }
+
+    @Test
+    @JvmSetting(key = JvmSettings.LOCALCONTEXTS_URL, value = "https://sandbox.localcontextshub.org/")
+    @JvmSetting(key = JvmSettings.LOCALCONTEXTS_API_KEY, value = RANDOM_API_KEY)
+    public void testGetLocalContextsProject_ServiceUnavailable() {
+        // given
+        when(datasetService.find(1L)).thenReturn(dataset);
+        when(dataset.getGlobalId()).thenReturn(new GlobalId("doi", "10.5072", "FK2ABCDEF", "/","https://doi.org/", "test"));
+        when(crc.getProperty(ApiConstants.CONTAINER_REQUEST_CONTEXT_USER))
+        .thenReturn(GuestUser.get());
+
+        // No mock for http client, so it will fail and return SERVICE_UNAVAILABLE
+
+        // when
+        Response response = localContexts.getDatasetLocalContexts(crc ,"1");
+
+        // then
+        assertEquals(SERVICE_UNAVAILABLE.getStatusCode(), response.getStatus());
+    }
+
+    @Test
+    @JvmSetting(key = JvmSettings.LOCALCONTEXTS_URL, value = "https://sandbox.localcontextshub.org/")
+    @JvmSetting(key = JvmSettings.LOCALCONTEXTS_API_KEY, value = RANDOM_API_KEY)
+    @JvmSetting(key = JvmSettings.FEATURE_FLAG, value = "true", varArgs = "add-local-contexts-permission-check")
+    public void testGetLocalContextsProject_Forbidden() {
+        assertTrue(FeatureFlags.ADD_LOCAL_CONTEXTS_PERMISSION_CHECK.enabled());
+        // given
+        AuthenticatedUser au = new AuthenticatedUser();
+        au.setId(1L);
+        when(datasetService.find(1L)).thenReturn(dataset);
+        when(crc.getProperty(ApiConstants.CONTAINER_REQUEST_CONTEXT_USER))
+        .thenReturn(au);
+        PermissionServiceBean.StaticPermissionQuery staticPermissionQuery = Mockito.mock(PermissionServiceBean.StaticPermissionQuery.class);
+        when(permissionService.userOn(Mockito.any(AuthenticatedUser.class), Mockito.any(Dataset.class))).thenReturn(staticPermissionQuery);
+        when(staticPermissionQuery.has(Permission.EditDataset)).thenReturn(false);
+
+        // when
+        Response response = localContexts.getDatasetLocalContexts(crc, "1");
+
+        // then
+        assertEquals(FORBIDDEN.getStatusCode(), response.getStatus());
+    }
+    
+    @Test
+    @JvmSetting(key = JvmSettings.LOCALCONTEXTS_URL, value = "https://sandbox.localcontextshub.org/")
+    @JvmSetting(key = JvmSettings.LOCALCONTEXTS_API_KEY, value = RANDOM_API_KEY)
+    @JvmSetting(key = JvmSettings.FEATURE_FLAG, value = "true", varArgs = "add-local-contexts-permission-check")
+    public void testGetLocalContextsProject_Allowed() {
+        assertTrue(FeatureFlags.ADD_LOCAL_CONTEXTS_PERMISSION_CHECK.enabled());
+        // given
+        AuthenticatedUser au = new AuthenticatedUser();
+        au.setId(1L);
+        when(datasetService.find(1L)).thenReturn(dataset);
+        when(dataset.getGlobalId()).thenReturn(new GlobalId("doi", "10.5072", "FK2ABCDEF", "/","https://doi.org/", "test"));
+        when(crc.getProperty(ApiConstants.CONTAINER_REQUEST_CONTEXT_USER))
+        .thenReturn(au);
+        PermissionServiceBean.StaticPermissionQuery staticPermissionQuery = Mockito.mock(PermissionServiceBean.StaticPermissionQuery.class);
+        when(permissionService.userOn(Mockito.any(AuthenticatedUser.class), Mockito.any(Dataset.class))).thenReturn(staticPermissionQuery);
+        when(staticPermissionQuery.has(Permission.EditDataset)).thenReturn(true);
+
+        // when
+        Response response = localContexts.getDatasetLocalContexts(crc, "1");
+
+        // then
+        assertEquals(SERVICE_UNAVAILABLE.getStatusCode(), response.getStatus());
+    }
+    
+    @Test
+    public void testSearchLocalContexts_NoConfig() {
+
+        // when
+        Response response = localContexts.searchLocalContexts("1", "2");
+
+        // then
+        assertEquals(NOT_FOUND.getStatusCode(), response.getStatus());
+    }
+
+    @Test
+    public void testGetLocalContextsProject_NoConfig() {
+
+        when(datasetService.find(1L)).thenReturn(dataset);
+        when(crc.getProperty(ApiConstants.CONTAINER_REQUEST_CONTEXT_USER))
+        .thenReturn(GuestUser.get());
+        // when
+        Response response = localContexts.getDatasetLocalContexts(crc, "1");
+
+        // then
+        assertEquals(NOT_FOUND.getStatusCode(), response.getStatus());
+    }
+}
\ No newline at end of file
diff --git a/tests/integration-tests.txt b/tests/integration-tests.txt
index 2a15ac3ce74..4130ab991f9 100644
--- a/tests/integration-tests.txt
+++ b/tests/integration-tests.txt
@@ -1 +1 @@
-DataversesIT,DatasetsIT,SwordIT,AdminIT,BuiltinUsersIT,UsersIT,UtilIT,ConfirmEmailIT,FileMetadataIT,FilesIT,SearchIT,InReviewWorkflowIT,HarvestingServerIT,HarvestingClientsIT,MoveIT,MakeDataCountApiIT,FileTypeDetectionIT,EditDDIIT,ExternalToolsIT,AccessIT,DuplicateFilesIT,DownloadFilesIT,LinkIT,DeleteUsersIT,DeactivateUsersIT,AuxiliaryFilesIT,InvalidCharactersIT,LicensesIT,NotificationsIT,BagIT,MetadataBlocksIT,NetcdfIT,SignpostingIT,FitsIT,LogoutIT,DataRetrieverApiIT,ProvIT,S3AccessIT,OpenApiIT,InfoIT,DatasetFieldsIT,SavedSearchIT,DatasetTypesIT,DataverseFeaturedItemsIT,SendFeedbackApiIT,CustomizationIT,JsonLDExportIT
+DataversesIT,DatasetsIT,SwordIT,AdminIT,BuiltinUsersIT,UsersIT,UtilIT,ConfirmEmailIT,FileMetadataIT,FilesIT,SearchIT,InReviewWorkflowIT,HarvestingServerIT,HarvestingClientsIT,MoveIT,MakeDataCountApiIT,FileTypeDetectionIT,EditDDIIT,ExternalToolsIT,AccessIT,DuplicateFilesIT,DownloadFilesIT,LinkIT,DeleteUsersIT,DeactivateUsersIT,AuxiliaryFilesIT,InvalidCharactersIT,LicensesIT,NotificationsIT,BagIT,MetadataBlocksIT,NetcdfIT,SignpostingIT,FitsIT,LogoutIT,DataRetrieverApiIT,ProvIT,S3AccessIT,OpenApiIT,InfoIT,DatasetFieldsIT,SavedSearchIT,DatasetTypesIT,DataverseFeaturedItemsIT,SendFeedbackApiIT,CustomizationIT,JsonLDExportIT,LocalContextsIT

From 4c61b5efae19b0e9cbdd013bbf35d5a7dd3aca7d Mon Sep 17 00:00:00 2001
From: Leonid Andreev <leonid@hmdc.harvard.edu>
Date: Sat, 22 Nov 2025 14:50:09 -0500
Subject: [PATCH 526/634] Fixed the required permissions in the API guide.
 #11987

---
 doc/sphinx-guides/source/api/native-api.rst | 16 ++++++++--------
 1 file changed, 8 insertions(+), 8 deletions(-)

diff --git a/doc/sphinx-guides/source/api/native-api.rst b/doc/sphinx-guides/source/api/native-api.rst
index dadbf3e239b..83a9e397240 100644
--- a/doc/sphinx-guides/source/api/native-api.rst
+++ b/doc/sphinx-guides/source/api/native-api.rst
@@ -1250,14 +1250,14 @@ Collection Storage Quotas
 
   curl -H "X-Dataverse-key:$API_TOKEN" "$SERVER_URL/api/dataverses/$ID/storage/quota"
 
-Will output the storage quota allocated (in bytes), or a message indicating that the quota is not defined for the collection. The user identified by the API token must have the ``Edit`` permission on the collection. 
+Will output the storage quota allocated (in bytes), or a message indicating that the quota is not defined for the collection. If this is an unpublished collection, the user must have the ``ViewUnpublishedDataverse`` permission. 
 With an optional query parameter ``showInherited=true`` it will show the applicable quota potentially defined on the nearest parent when the collection does not have a quota configured directly.
 
 .. code-block:: 
 
   curl -H "X-Dataverse-key:$API_TOKEN" "$SERVER_URL/api/dataverses/$ID/storage/use"
 
-Will output the dynamically cached total storage size (in bytes) used by the collection.
+Will output the dynamically cached total storage size (in bytes) used by the collection. The user identified by the API token must have the ``Edit`` permission on the collection. 
 
 To set or change the storage allocation quota for a collection:
 
@@ -1265,7 +1265,7 @@ To set or change the storage allocation quota for a collection:
 
   curl -X POST -H "X-Dataverse-key:$API_TOKEN" "$SERVER_URL/api/dataverses/$ID/storage/quota/$SIZE_IN_BYTES"
 
-This is API is superuser-only.
+This API is superuser-only.
   
 
 To delete a storage quota configured for a collection:
@@ -1274,7 +1274,7 @@ To delete a storage quota configured for a collection:
 
   curl -X DELETE -H "X-Dataverse-key:$API_TOKEN" "$SERVER_URL/api/dataverses/$ID/storage/quota"
 
-This is API is superuser-only.
+This API is superuser-only.
 
 Storage Quotas on Individual Datasets
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
@@ -1283,14 +1283,14 @@ Storage Quotas on Individual Datasets
 
   curl -H "X-Dataverse-key:$API_TOKEN" "$SERVER_URL/api/datasets/$ID/storage/quota"
 
-Will output the storage quota allocated (in bytes), or a message indicating that the quota is not defined for this dataset. The user identified by the API token must have the ``Edit`` permission on the dataset.
+Will output the storage quota allocated (in bytes), or a message indicating that the quota is not defined for this dataset. If this is an unpublished dataset, the user must have the ``ViewUnpublishedDataset`` permission.  
 With an optional query parameter ``showInherited=true`` it will show the applicable quota potentially defined on the nearest parent collection when the dataset does not have a quota configured directly.
 
 .. code-block:: 
 
   curl -H "X-Dataverse-key:$API_TOKEN" "$SERVER_URL/api/datasets/$ID/storage/use"
 
-Will output the dynamically cached total storage size (in bytes) used by the dataset.
+Will output the dynamically cached total storage size (in bytes) used by the dataset. The user identified by the API token must have the ``Edit`` permission on the dataset.
 
 To set or change the storage allocation quota for a dataset:
 
@@ -1298,7 +1298,7 @@ To set or change the storage allocation quota for a dataset:
 
   curl -X POST -H "X-Dataverse-key:$API_TOKEN" "$SERVER_URL/api/datasets/$ID/storage/quota/$SIZE_IN_BYTES"
 
-This is API is superuser-only.
+This API is superuser-only.
   
 
 To delete a storage quota configured for a dataset:
@@ -1307,7 +1307,7 @@ To delete a storage quota configured for a dataset:
 
   curl -X DELETE -H "X-Dataverse-key:$API_TOKEN" "$SERVER_URL/api/datasets/$ID/storage/quota"
 
-This is API is superuser-only.
+This API is superuser-only.
 
 
 Use the ``/settings`` API to enable or disable the enforcement of storage quotas that are defined across the instance via the following setting:

From 8e1da69a5e1d0ceccc6e7be440af9d074896ccbe Mon Sep 17 00:00:00 2001
From: Oliver Bertuch <o.bertuch@fz-juelich.de>
Date: Tue, 25 Nov 2025 00:46:52 +0100
Subject: [PATCH 527/634] chore(deps): update Testcontainers testing
 dependencies (breaking change upstream)

Upgraded Testcontainers to `2.0.2` and updated related artifact names for consistency (`testcontainers-junit-jupiter`, `testcontainers-postgresql`, etc.). Bumped `testcontainers-keycloak` to `4.0.0` which is compatible with TC2.
---
 modules/dataverse-parent/pom.xml |  2 +-
 pom.xml                          | 14 ++++----------
 2 files changed, 5 insertions(+), 11 deletions(-)

diff --git a/modules/dataverse-parent/pom.xml b/modules/dataverse-parent/pom.xml
index d61e2eff795..1792a3c169c 100644
--- a/modules/dataverse-parent/pom.xml
+++ b/modules/dataverse-parent/pom.xml
@@ -168,7 +168,7 @@
         <gdcc.xoai.version>5.3.0</gdcc.xoai.version>
     
         <!-- Testing dependencies -->
-        <testcontainers.version>1.19.7</testcontainers.version>
+        <testcontainers.version>2.0.2</testcontainers.version>
         <smallrye-mpconfig.version>3.7.1</smallrye-mpconfig.version>
         <junit.jupiter.version>5.10.2</junit.jupiter.version>
         <mockito.version>5.11.0</mockito.version>
diff --git a/pom.xml b/pom.xml
index 9a199c714e7..7eb6279dfed 100644
--- a/pom.xml
+++ b/pom.xml
@@ -752,32 +752,26 @@
             <groupId>org.testcontainers</groupId>
             <artifactId>testcontainers</artifactId>
             <scope>test</scope>
-            <exclusions>
-                <exclusion>
-                    <groupId>junit</groupId>
-                    <artifactId>junit</artifactId>
-                </exclusion>
-            </exclusions>
         </dependency>
         <dependency>
             <groupId>org.testcontainers</groupId>
-            <artifactId>junit-jupiter</artifactId>
+            <artifactId>testcontainers-junit-jupiter</artifactId>
             <scope>test</scope>
         </dependency>
         <dependency>
             <groupId>org.testcontainers</groupId>
-            <artifactId>postgresql</artifactId>
+            <artifactId>testcontainers-postgresql</artifactId>
             <scope>test</scope>
         </dependency>
         <dependency>
             <groupId>com.github.dasniko</groupId>
             <artifactId>testcontainers-keycloak</artifactId>
-            <version>3.6.0</version>
+            <version>4.0.0</version>
             <scope>test</scope>
         </dependency>
         <dependency>
             <groupId>org.testcontainers</groupId>
-            <artifactId>localstack</artifactId>
+            <artifactId>testcontainers-localstack</artifactId>
             <scope>test</scope>
         </dependency>
         <!--

From 4d47ef03504aa7d00952bc59bc49d5f690277fd3 Mon Sep 17 00:00:00 2001
From: Oliver Bertuch <o.bertuch@fz-juelich.de>
Date: Tue, 25 Nov 2025 00:49:10 +0100
Subject: [PATCH 528/634] test,chore(db): add PostgreSQL server version
 property to Maven configuration

Before, the Postgres Server version was only present in the container profile. Now moving it into the parent POM and aligning with our documented settings allows reuse in tests, too.

Using the caps of Maven Failsafe to expose the server version in JUnit Tests will allow to use it with Testcontainers, deploying a Postgres Container for migration tests as documented in our guides.
---
 modules/dataverse-parent/pom.xml | 1 +
 pom.xml                          | 3 +++
 2 files changed, 4 insertions(+)

diff --git a/modules/dataverse-parent/pom.xml b/modules/dataverse-parent/pom.xml
index 1792a3c169c..24a5578d2a8 100644
--- a/modules/dataverse-parent/pom.xml
+++ b/modules/dataverse-parent/pom.xml
@@ -152,6 +152,7 @@
         <payara.version>6.2025.3</payara.version>
         <postgresql.version>42.7.7</postgresql.version>
         <solr.version>9.8.0</solr.version>
+        <postgresql.server.version>16</postgresql.server.version>
         <aws.version>2.33.0</aws.version>
         <google.library.version>26.30.0</google.library.version>
     
diff --git a/pom.xml b/pom.xml
index 7eb6279dfed..1dce73c8db4 100644
--- a/pom.xml
+++ b/pom.xml
@@ -1060,6 +1060,9 @@
                     -->
                     <argLine>@{failsafe.jacoco.args} ${argLine}</argLine>
                     <skip>${skipIntegrationTests}</skip>
+                    <systemPropertyVariables>
+                        <postgresql.server.version>${postgresql.server.version}</postgresql.server.version>
+                    </systemPropertyVariables>
                 </configuration>
                 <executions>
                     <execution>

From 11984e87446e45a2e9d20cc20ee4a7b01edaba32 Mon Sep 17 00:00:00 2001
From: Oliver Bertuch <o.bertuch@fz-juelich.de>
Date: Tue, 25 Nov 2025 00:51:27 +0100
Subject: [PATCH 529/634] test(migrations): introducing migration tests to the
 codebase

Expanded integration test tags in `pom.xml` to include `migration` and added `DBunit` as a test-scoped dependency to support database migration testing. Updated `Tags.java` to reflect the new tag, to be used in tests that are migration tests (so they can be easily excluded or run as necessary).
---
 pom.xml                                                   | 8 +++++++-
 .../java/edu/harvard/iq/dataverse/util/testing/Tags.java  | 1 +
 2 files changed, 8 insertions(+), 1 deletion(-)

diff --git a/pom.xml b/pom.xml
index 1dce73c8db4..a4b640ef768 100644
--- a/pom.xml
+++ b/pom.xml
@@ -20,7 +20,7 @@
     <properties>
         <skipUnitTests>false</skipUnitTests>
         <skipIntegrationTests>false</skipIntegrationTests>
-        <it.groups>integration</it.groups>
+        <it.groups>integration,migration</it.groups>
         <!-- Provide a fallback value that won't break things if JaCoCo prepare-agent steps don't set it. -->
         <!-- Note: you must use @{} style late variable binding in argLine, otherwise JaCoCo cannot inject the right settings! -->
         <surefire.jacoco.args>-Ddummy.jacoco.property=true</surefire.jacoco.args>
@@ -748,6 +748,12 @@
                 </exclusion>
             </exclusions>
         </dependency>
+        <dependency>
+            <groupId>org.dbunit</groupId>
+            <artifactId>dbunit</artifactId>
+            <version>3.0.0</version>
+            <scope>test</scope>
+        </dependency>
         <dependency>
             <groupId>org.testcontainers</groupId>
             <artifactId>testcontainers</artifactId>
diff --git a/src/test/java/edu/harvard/iq/dataverse/util/testing/Tags.java b/src/test/java/edu/harvard/iq/dataverse/util/testing/Tags.java
index 1544d393896..22e13f08665 100644
--- a/src/test/java/edu/harvard/iq/dataverse/util/testing/Tags.java
+++ b/src/test/java/edu/harvard/iq/dataverse/util/testing/Tags.java
@@ -4,4 +4,5 @@ public class Tags {
     public static final String NOT_ESSENTIAL_UNITTESTS = "not-essential-unittests";
     public static final String INTEGRATION_TEST = "integration";
     public static final String USES_TESTCONTAINERS = "testcontainers";
+    public static final String DB_MIGRATION_TEST = "migration";
 }

From 83f3d37ad868a394f4d7bdebbf6c59560f2a2610 Mon Sep 17 00:00:00 2001
From: Oliver Bertuch <o.bertuch@fz-juelich.de>
Date: Tue, 25 Nov 2025 00:51:57 +0100
Subject: [PATCH 530/634] test(migration): introduce `SharedPostgresContainer`
 singleton for migration tests

Added a reusable PostgresContainer to optimize resource usage in database migration tests. Ensures a single container instance is shared across all migration test cases, with automatic cleanup on JVM shutdown.
---
 .../db/migration/SharedPostgresContainer.java | 44 +++++++++++++++++++
 1 file changed, 44 insertions(+)
 create mode 100644 src/test/java/edu/harvard/iq/dataverse/db/migration/SharedPostgresContainer.java

diff --git a/src/test/java/edu/harvard/iq/dataverse/db/migration/SharedPostgresContainer.java b/src/test/java/edu/harvard/iq/dataverse/db/migration/SharedPostgresContainer.java
new file mode 100644
index 00000000000..47a995621f7
--- /dev/null
+++ b/src/test/java/edu/harvard/iq/dataverse/db/migration/SharedPostgresContainer.java
@@ -0,0 +1,44 @@
+package edu.harvard.iq.dataverse.db.migration;
+
+import org.testcontainers.postgresql.PostgreSQLContainer;
+
+import java.sql.Connection;
+import java.sql.DriverManager;
+
+/**
+ * Singleton container that is started once and reused across all tests.
+ */
+public class SharedPostgresContainer {
+    
+    private static volatile PostgreSQLContainer instance;
+    
+    public static PostgreSQLContainer getInstance() {
+        if (instance == null) {
+            synchronized (SharedPostgresContainer.class) {
+                if (instance == null) {
+                    String version = System.getProperty("postgresql.server.version");
+                    System.out.println("Creating singleton Postgres container with version: " + version);
+                    
+                    instance = new PostgreSQLContainer("postgres:" + version)
+                        .withDatabaseName("testdb")
+                        .withUsername("test")
+                        .withPassword("test");
+                    
+                    instance.start();
+                    
+                    // Ensure container is stopped when JVM shuts down
+                    Runtime.getRuntime().addShutdownHook(new Thread(instance::stop));
+                }
+            }
+        }
+        return instance;
+    }
+    
+    public static Connection getConnection() throws Exception {
+        return DriverManager.getConnection(
+            getInstance().getJdbcUrl(),
+            getInstance().getUsername(),
+            getInstance().getPassword()
+        );
+    }
+}

From 664b2943b61575223fb6f06a55d7ccdda9062e5d Mon Sep 17 00:00:00 2001
From: Oliver Bertuch <o.bertuch@fz-juelich.de>
Date: Tue, 25 Nov 2025 00:53:08 +0100
Subject: [PATCH 531/634] test(migration): add integration tests for
 `V6_8_0_1__SettingsDataMigration`

Introduced comprehensive tests for `V6_8_0_1__SettingsDataMigration` using Testcontainers and DBUnit. Includes scenarios for migrating settings to new formats, handling null and invalid values, and verifying JSON transformations.

This is a reproducer for an issue discovered after merging PR #11654 by @landreev. See also https://github.com/IQSS/dataverse/pull/11654#issuecomment-3570855865
---
 .../V6_8_0_1__SettingsDataMigrationIT.java    | 275 ++++++++++++++++++
 1 file changed, 275 insertions(+)
 create mode 100644 src/test/java/edu/harvard/iq/dataverse/db/migration/V6_8_0_1__SettingsDataMigrationIT.java

diff --git a/src/test/java/edu/harvard/iq/dataverse/db/migration/V6_8_0_1__SettingsDataMigrationIT.java b/src/test/java/edu/harvard/iq/dataverse/db/migration/V6_8_0_1__SettingsDataMigrationIT.java
new file mode 100644
index 00000000000..f432aa7ed26
--- /dev/null
+++ b/src/test/java/edu/harvard/iq/dataverse/db/migration/V6_8_0_1__SettingsDataMigrationIT.java
@@ -0,0 +1,275 @@
+package edu.harvard.iq.dataverse.db.migration;
+
+
+import edu.harvard.iq.dataverse.util.testing.Tags;
+import org.dbunit.Assertion;
+import org.dbunit.IDatabaseTester;
+import org.dbunit.JdbcDatabaseTester;
+import org.dbunit.dataset.IDataSet;
+import org.dbunit.dataset.ITable;
+import org.dbunit.dataset.SortedTable;
+import org.dbunit.dataset.filter.DefaultColumnFilter;
+import org.dbunit.dataset.xml.FlatXmlDataSetBuilder;
+import org.dbunit.operation.DatabaseOperation;
+import org.junit.jupiter.api.AfterEach;
+import org.junit.jupiter.api.BeforeAll;
+import org.junit.jupiter.api.BeforeEach;
+import org.junit.jupiter.api.DisplayName;
+import org.junit.jupiter.api.Tag;
+import org.junit.jupiter.api.Test;
+import org.testcontainers.junit.jupiter.Container;
+import org.testcontainers.junit.jupiter.Testcontainers;
+import org.testcontainers.postgresql.PostgreSQLContainer;
+
+import java.io.ByteArrayInputStream;
+import java.io.InputStream;
+import java.nio.charset.StandardCharsets;
+import java.sql.Connection;
+import java.sql.Statement;
+
+import static org.dbunit.Assertion.assertEquals;
+import static org.junit.jupiter.api.Assertions.assertTrue;
+
+@Tag(Tags.DB_MIGRATION_TEST)
+@Tag(Tags.USES_TESTCONTAINERS)
+@Testcontainers(disabledWithoutDocker = true)
+public class V6_8_0_1__SettingsDataMigrationIT {
+    
+    static final String MIGRATION_RESOURCE = "/db/migration/V6.8.0.1.sql";
+    static final String TABLE_NAME = "setting";
+    
+    @Container
+    static PostgreSQLContainer POSTGRES = SharedPostgresContainer.getInstance();
+    
+    private IDatabaseTester databaseTester;
+    
+    @BeforeAll
+    static void initSchema() throws Exception {
+        // Create the table structure (the DDL that already exists in your database)
+        String schemaDDL = """
+            create table %s
+            (
+                id      serial primary key,
+                content text,
+                lang    text constraint non_empty_lang check (lang <> ''::text),
+                name    text
+            );
+            
+            create unique index unique_settings on setting (name, (COALESCE(lang, ''::text)));
+            """.formatted(TABLE_NAME);
+        
+        try (Connection conn = SharedPostgresContainer.getConnection(); Statement stmt = conn.createStatement()) {
+            stmt.execute(schemaDDL);
+        }
+    }
+    
+    @BeforeEach
+    void setUp() throws Exception {
+        // Create a new database tester instance, get the connection details from Testcontainers
+        databaseTester = new JdbcDatabaseTester(
+            POSTGRES.getDriverClassName(),
+            POSTGRES.getJdbcUrl(),
+            POSTGRES.getUsername(),
+            POSTGRES.getPassword()
+        );
+    }
+    
+    @AfterEach
+    void tearDown() throws Exception {
+        if (databaseTester != null) {
+            databaseTester.onTearDown();
+        }
+        // Clean up for the next test
+        try (Connection conn = SharedPostgresContainer.getConnection(); Statement stmt = conn.createStatement()) {
+            stmt.execute("TRUNCATE TABLE setting RESTART IDENTITY CASCADE");
+        }
+    }
+    
+    @Test
+    @DisplayName("Test migrating BuiltinUsers.KEY and WorkflowsAdmin")
+    void testMigrationConvertSimpleSettings() throws Exception {
+        // GIVEN
+        var inputXml = """
+            <?xml version='1.0' encoding='UTF-8'?>
+            <dataset>
+                <setting id="1" name="BuiltinUsers.KEY" content="secret-key-123" />
+                <setting id="2" name="WorkflowsAdmin#IP_WHITELIST_KEY" content="127.0.0.1" />
+            </dataset>
+            """;
+        loadData(inputXml);
+        
+        // WHEN
+        runMigrationScript();
+        var actualData = getActualData();
+        
+        // THEN
+        // Notes: We don't specify 'id' in expected because they are auto-generated.
+        //        We use single quotes for XML attributes containing JSON with double quotes.
+        var expectedXml = """
+            <?xml version='1.0' encoding='UTF-8'?>
+            <dataset>
+                <setting name=":BuiltinUsersKey" content="secret-key-123" />
+                <setting name=":WorkflowsAdminIpWhitelist" content="127.0.0.1" />
+            </dataset>
+            """;
+        var expectedData = getExpectedData(expectedXml);
+        
+        Assertion.assertEquals(expectedData, actualData);
+    }
+    
+    @Test
+    @DisplayName("Test migrating TabularIngestSizeLimit to JSON")
+    void testMigrationConvertTabularIngestSizeLimitToJsonFormat() throws Exception {
+        // GIVEN
+        var inputXml = """
+            <?xml version='1.0' encoding='UTF-8'?>
+            <dataset>
+                <setting id="3" name=":TabularIngestSizeLimit" content="2000" />
+                <setting id="4" name=":TabularIngestSizeLimit:csv" content="5000" />
+                <setting id="5" name=":TabularIngestSizeLimit:tab" content="1000" />
+            </dataset>
+            """;
+        loadData(inputXml);
+        
+        // WHEN
+        runMigrationScript();
+        var actualData = getActualData();
+        
+        // THEN
+        // Notes: We don't specify 'id' in expected because they are auto-generated.
+        //        We use single quotes for XML attributes containing JSON with double quotes.
+        var expectedXml = """
+            <?xml version='1.0' encoding='UTF-8'?>
+            <dataset>
+                <setting name=":TabularIngestSizeLimit" content='{"csv": 5000, "tab": 1000, "default": 2000}' />
+            </dataset>
+            """;
+        var expectedData = getExpectedData(expectedXml);
+        
+        Assertion.assertEquals(expectedData, actualData);
+    }
+    
+    @Test
+    @DisplayName("Test migrating TabularIngestSizeLimit handles NULL lang values")
+    void testMigrationTabularIngestSizeLimitToJsonHandlesNullLangValues() throws Exception {
+        // GIVEN
+        var inputXml = """
+            <?xml version='1.0' encoding='UTF-8'?>
+            <dataset>
+                <setting id="1" name=":TabularIngestSizeLimit:csv" content="3000" lang="[null]" />
+            </dataset>
+            """;
+        loadData(inputXml);
+        
+        // WHEN
+        runMigrationScript();
+        
+        // THEN
+        // Verify the migration completed...
+        IDataSet actualDataSet = databaseTester.getConnection().createDataSet();
+        ITable actualTable = actualDataSet.getTable("setting");
+        
+        // Just verify we have at least one row (the migrated JSON setting)
+        assertTrue(actualTable.getRowCount() > 0);
+    }
+    
+    @Test
+    @DisplayName("Test migrating TabularIngestSizeLimit handles non-numeric values")
+    void testMigrationTabularIngestSizeLimitToJsonHandlesNonNumericValuesGracefully() throws Exception {
+        // GIVEN
+        var inputXml = """
+            <?xml version='1.0' encoding='UTF-8'?>
+            <dataset>
+                <setting id="1" name=":TabularIngestSizeLimit:csv" content="not-a-number" />
+            </dataset>
+            """;
+        loadData(inputXml);
+        
+        // WHEN
+        runMigrationScript();
+        var actualData = getActualData();
+        
+        // THEN
+        // Invalid values should be set to 0 (at least that's what the migration *should* do)
+        // Notes: We don't specify 'id' in expected because they are auto-generated.
+        //        We use single quotes for XML attributes containing JSON with double quotes.
+        var expectedXml = """
+            <?xml version='1.0' encoding='UTF-8'?>
+            <dataset>
+                <setting name=":TabularIngestSizeLimit" content='{"csv": 0}' />
+            </dataset>
+            """;
+        var expectedData = getExpectedData(expectedXml);
+        
+        assertEquals(expectedData, actualData);
+    }
+    
+    // --- Helper Methods ---
+    private void loadData(String inputXml) throws Exception {
+        try (InputStream xml = new ByteArrayInputStream(inputXml.getBytes(StandardCharsets.UTF_8))) {
+            IDataSet inputDataSet = new FlatXmlDataSetBuilder().build(xml);
+            databaseTester.setDataSet(inputDataSet);
+            databaseTester.setSetUpOperation(DatabaseOperation.CLEAN_INSERT);
+            databaseTester.onSetup();
+        }
+        
+        // Update the sequence to avoid primary key collisions with the data just inserted by DBUnit
+        try (Connection conn = SharedPostgresContainer.getConnection(); Statement stmt = conn.createStatement()) {
+            stmt.execute("SELECT setval('setting_id_seq', (SELECT MAX(id) FROM setting))");
+        }
+    }
+    
+    /**
+     * Retrieves and processes the actual data from the database for verification purposes.
+     * The method performs the following steps:
+     * - Obtains the current dataset from the database connection.
+     * - Filters out the id and lang column from the data.
+     * - Sorts the resulting table based on predefined sorting criteria.
+     *
+     * @return a processed and sorted {@link ITable} object representing the actual state of the database.
+     * @throws Exception if an error occurs during dataset retrieval, column filtering, or table sorting.
+     */
+    private ITable getActualData() throws Exception {
+        IDataSet actualDataSet = databaseTester.getConnection().createDataSet();
+        ITable actualTable = actualDataSet.getTable(TABLE_NAME);
+        ITable filteredActual = DefaultColumnFilter.excludedColumnsTable(actualTable, new String[]{"id", "lang"});
+        SortedTable sortedActual = new SortedTable(filteredActual, new String[]{"name"});
+        return sortedActual;
+    }
+    
+    /**
+     * Constructs and returns an expected data table for testing database contents, based on the provided XML input.
+     * The method parses the given XML string into a dataset, filters out the id and lang column,
+     * and sorts the table based on predefined sorting criteria.
+     *
+     * @param expectedXml the XML string representing the expected dataset to be used for verification
+     * @return a processed and sorted {@link ITable} object representing the expected database state
+     * @throws Exception if an error occurs during XML parsing, dataset creation, or table manipulation
+     */
+    private ITable getExpectedData(String expectedXml) throws Exception {
+        try (InputStream xml = new ByteArrayInputStream(expectedXml.getBytes(StandardCharsets.UTF_8))) {
+            IDataSet expectedDataSet = new FlatXmlDataSetBuilder().build(xml);
+            ITable expectedTable = expectedDataSet.getTable(TABLE_NAME);
+            ITable filteredExpected = DefaultColumnFilter.excludedColumnsTable(expectedTable, new String[]{"id", "lang"});
+            SortedTable sortedExpected = new SortedTable(filteredExpected, new String[]{"name"});
+            return sortedExpected;
+        }
+    }
+    
+    private void runMigrationScript() throws Exception {
+        String migrationSql = loadResource(MIGRATION_RESOURCE);
+        try (Connection conn = SharedPostgresContainer.getConnection(); Statement stmt = conn.createStatement()) {
+            stmt.execute(migrationSql);
+        }
+    }
+    
+    private String loadResource(String path) throws Exception {
+        try (InputStream is = getClass().getResourceAsStream(path)) {
+            if (is == null) {
+                throw new RuntimeException("Resource not found: " + path);
+            }
+            return new String(is.readAllBytes(), StandardCharsets.UTF_8);
+        }
+    }
+
+}
\ No newline at end of file

From 9c258bd3e634520e708e9bee59d0a1642fcb1f17 Mon Sep 17 00:00:00 2001
From: Oliver Bertuch <o.bertuch@fz-juelich.de>
Date: Tue, 25 Nov 2025 01:28:01 +0100
Subject: [PATCH 532/634] fix(db): align ON CONFLICT clause with existing
 functional index

The migration script `V6.8.0.1.sql` failed with a `PSQLException` stating "there is no unique or exclusion constraint matching the ON CONFLICT specification".

This occurred because the script used a partial index syntax for the conflict target:
`ON CONFLICT (name) WHERE lang IS NULL`

However, PostgreSQL's `ON CONFLICT` inference requires the target to syntactically match an existing unique index or constraint. The actual index on the `setting` table is a functional index defined as:
`CREATE UNIQUE INDEX unique_settings ON setting (name, (COALESCE(lang, '')))`

While `WHERE lang IS NULL` and `COALESCE(lang, '')` logically handle nulls similarly for uniqueness in this context, Postgres does not treat them as interchangeable for arbiter inference.

This commit updates the migration script to explicitly target the functional index expression:
`ON CONFLICT (name, (coalesce(lang, '')))`

References:
- PostgreSQL 16 Documentation on INSERT: https://www.postgresql.org/docs/16/sql-insert.html#SQL-ON-CONFLICT
---
 src/main/resources/db/migration/V6.8.0.1.sql | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/main/resources/db/migration/V6.8.0.1.sql b/src/main/resources/db/migration/V6.8.0.1.sql
index 8e810270b06..63df0a44717 100644
--- a/src/main/resources/db/migration/V6.8.0.1.sql
+++ b/src/main/resources/db/migration/V6.8.0.1.sql
@@ -67,7 +67,7 @@ DO $$
         -- Insert or update the new JSON-based setting
         INSERT INTO setting (name, content, lang)
         VALUES (':TabularIngestSizeLimit', json_object::TEXT, NULL)
-        ON CONFLICT (name) WHERE lang IS NULL
+        ON CONFLICT (name, (coalesce(lang, '')))
             DO UPDATE SET content = EXCLUDED.content;
 
         -- Delete all format-specific settings

From 739052f0e18bb7b5570e08e56118a2e5144bd85d Mon Sep 17 00:00:00 2001
From: qqmyers <qqmyers@hotmail.com>
Date: Tue, 25 Nov 2025 02:08:04 -0500
Subject: [PATCH 533/634] IQSS/8914 COAR compliant LDN messaging (#10490)

* HDC 3b 1.5 initial update

* add workflow settings to main list per qa

* start adding default bestID

* replace system.out.println call

* Improve default compound field handling and some reformatting

* add template custom instructions info

* get blocks from metadataroot

* fix parsing to match spec/dash msg

* use getString for 'Relationship', revert other changes

* temporarily drop name/type in display

* misplaced }

* Add callback loop and make display tolerant wrt name/type being found

* add fields missing in https://notify.coar-repositories.org/scenarios/10/

* debugging

* added logging/switched to info for HDC debugging

* merge issues

* updates to send context, use as namespace, use relationType, DASH-NRS

* doc updates

* note some ToDos

* New format has strings, not objects with @id

* add space to fix link

* more doc tweaks

* refactor, use JVMSettings, add tests, add superusers only flag

* refactor wf step - name change, multiple targets, gen. improvements

prioritize publicationIDNumber field over url, support all IDTypes if
they provide URIs, check DOIs and Handles for any form, including raw,
fix logic for other fields, check for URI form in all cases, handle null
results, ...

* drop lower case start to DataCite relation types, use constants

* test fixes, use COAR step announcement builder

* don't autofollow redirect, handle more redirect codes

* get absolute redirect url, fix signposting parsing

* remove overloaded method (failing in xhtml)

* cleanup, fine logging

* info to fine

* doc updates

* Changes per review

* Apply suggestions from code review

Co-authored-by: Philip Durbin <philip_durbin@harvard.edu>

* typo

* add IT tests to list

* null bug fix, refactor tests so that allowed hosts can be mocked

* update docs per QA

* missing /

---------

Co-authored-by: Philip Durbin <philip_durbin@harvard.edu>
---
 doc/release-notes/10490-COAR-Notify.md        |  23 +
 .../source/api/linkeddatanotification.rst     |  60 ++-
 doc/sphinx-guides/source/api/native-api.rst   |   2 +-
 .../source/developers/workflows.rst           |  22 +-
 .../source/installation/config.rst            |  19 +-
 ...fy-relationship-announcement-workflow.json |  16 +
 .../internal-ldnannounce-workflow.json        |  16 -
 .../harvard/iq/dataverse/MailServiceBean.java |   4 +-
 .../harvard/iq/dataverse/api/LDNInbox.java    | 238 +++++-----
 .../iq/dataverse/api/MakeDataCountApi.java    |   2 +-
 .../COARNotifyRelationshipAnnouncement.java   | 333 ++++++++++++++
 .../command/impl/GetProvJsonCommand.java      |   2 +-
 .../iq/dataverse/settings/JvmSettings.java    |   7 +
 .../settings/SettingsServiceBean.java         |  12 +-
 .../iq/dataverse/util/json/JSONLDUtil.java    |   2 +-
 .../iq/dataverse/util/json/JsonUtil.java      |   6 +-
 ...OARNotifyRelationshipAnnouncementStep.java | 415 ++++++++++++++++++
 .../internalspi/InternalWorkflowStepSP.java   |   4 +-
 .../LDNAnnounceDatasetVersionStep.java        | 281 ------------
 src/main/java/propertyFiles/Bundle.properties |   1 +
 src/main/webapp/dataverseuser.xhtml           |   4 +-
 .../harvard/iq/dataverse/api/LDNInboxIT.java  |  25 ++
 .../iq/dataverse/api/LDNInboxTest.java        | 276 ++++++++++++
 .../edu/harvard/iq/dataverse/api/UtilIT.java  |   9 +
 tests/integration-tests.txt                   |   2 +-
 25 files changed, 1293 insertions(+), 488 deletions(-)
 create mode 100644 doc/release-notes/10490-COAR-Notify.md
 create mode 100644 scripts/api/data/workflows/internal-coar-notify-relationship-announcement-workflow.json
 delete mode 100644 scripts/api/data/workflows/internal-ldnannounce-workflow.json
 create mode 100644 src/main/java/edu/harvard/iq/dataverse/api/ldn/COARNotifyRelationshipAnnouncement.java
 create mode 100644 src/main/java/edu/harvard/iq/dataverse/workflow/internalspi/COARNotifyRelationshipAnnouncementStep.java
 delete mode 100644 src/main/java/edu/harvard/iq/dataverse/workflow/internalspi/LDNAnnounceDatasetVersionStep.java
 create mode 100644 src/test/java/edu/harvard/iq/dataverse/api/LDNInboxIT.java
 create mode 100644 src/test/java/edu/harvard/iq/dataverse/api/LDNInboxTest.java

diff --git a/doc/release-notes/10490-COAR-Notify.md b/doc/release-notes/10490-COAR-Notify.md
new file mode 100644
index 00000000000..0419466f424
--- /dev/null
+++ b/doc/release-notes/10490-COAR-Notify.md
@@ -0,0 +1,23 @@
+### Support for COAR Notify Relationship Announcement
+
+Dataverse now supports sending and receiving [Linked Data Notification ](https://www.w3.org/TR/ldn/) messages involved in the 
+[COAR Notify Relationship Announcement Workflow](https://coar-notify.net/catalogue/workflows/repository-relationship-repository/).
+
+Dataverse can send messages to configured repositories announcing that a dataset has a related publication (as defined in the dataset metadata). This may be done automatically upon publication or triggered manually by a superuser. The receiving repository may do anything with the message, with the default expectation being that the repository will create a backlink from the publication to the dataset (assuming the publication exists in the repository, admins agree the link makes sense, etc.)
+
+Conversely, Dataverse can receive notices from other configured repositories announcing relationships between their publications and datasets. If the referenced dataset exists in the Dataverse instance, a notification will be sent to users who can publish the dataset, or, optionally, only superusers who can publish the dataset. They can then decide whether to create a backlink to the publication in the dataset metadata.
+
+(Earlier releases of Dataverse had experimental support in this area that was based on message formats defined prior to finalization of the COAR Notify specification for relationship announcements.)
+
+#### New Settings/JVM Options
+
+Configuration for sending messages involves specifying the
+:COARNotifyRelationshipAnnouncementTargets and :COARNotifyRelationshipAnnouncementTriggerFields
+
+Configuration to receive messages involves specifying
+DATAVERSE_LDN_ALLOWED_HOSTS (dataverse.ldn.allowed-hosts)
+
+Notifications are sent by default to users who can publish a dataset. The option below can be used to restrict notifications to superusers who can publish the dataset.
+ 
+DATAVERSE_COAR_NOTIFY_RELATIONSHIP_ANNOUNCEMENT_NOTIFY_SUPERSUSERS_ONLY
+
diff --git a/doc/sphinx-guides/source/api/linkeddatanotification.rst b/doc/sphinx-guides/source/api/linkeddatanotification.rst
index d55dc4da084..f3278196093 100644
--- a/doc/sphinx-guides/source/api/linkeddatanotification.rst
+++ b/doc/sphinx-guides/source/api/linkeddatanotification.rst
@@ -1,12 +1,17 @@
 Linked Data Notification API
 ============================
 
-Dataverse has a limited, experimental API implementing a Linked Data Notification inbox allowing it to receive messages indicating a link between an external resource and a Dataverse dataset.
+Dataverse has an API implementing a Linked Data Notification (LDN) inbox allowing it to receive messages implementing the `COAR Notify Relationship Announcement <https://coar-notify.net/catalogue/workflows/repository-relationship-repository/>`_ indicating a link between an external resource and a Dataverse dataset.
+
+Dataverse has a related capability to send COAR Notify Relationship Announcement messages, automatically upon publication or manually. See the :doc:`/developers/workflows` section of the Guides.
+
 The motivating use case is to support a use case where Dataverse administrators may wish to create back-links to the remote resource (e.g. as a Related Publication, Related Material, etc.).
 
-Upon receipt of a relevant message, Dataverse will create Announcement Received notifications for superusers, who can edit the dataset involved. (In the motivating use case, these users may then add an appropriate relationship and use the Update Curent Version publishing option to add it to the most recently published version of the dataset.)
+Upon receipt of a relevant message, Dataverse will create Announcement Received notifications for users who can edit the dataset involved. Notifications can be restricted to superusers who can publish the dataset as described below. (In the motivating use case, these superusers may then add an appropriate relationship and use the Update Curent Version publishing option to add it to the most recently published version of the dataset.)
+
+The ``dataverse.ldn.allowed-hosts`` JVM option is a comma-separated list of hosts from which Dataverse will accept and process messages. By default, no hosts are allowed. ``*`` can be used in testing to indicate all hosts are allowed.
 
-The ``:LDNMessageHosts`` setting is a comma-separated whitelist of hosts from which Dataverse will accept and process messages. By default, no hosts are allowed. ``*`` can be used in testing to indicate all hosts are allowed.
+The ``dataverse.ldn.coar-notify.relationship-announcement.notify-superusers-only`` JVM option can be set to ``true`` to restrict notifications to superusers only (those who can publish the dataset). The default is to notify all users who can publish the dataset.
 
 Messages can be sent via POST, using the application/ld+json ContentType:
 
@@ -15,10 +20,12 @@ Messages can be sent via POST, using the application/ld+json ContentType:
   export SERVER_URL=https://demo.dataverse.org
   
   curl -X POST -H 'ContentType:application/ld+json' $SERVER_URL/api/inbox --upload-file message.jsonld
+  
 
-The supported message format is described by `our preliminary specification <https://docs.google.com/document/d/1dqj8_vEcIBeyDIZCaPQvp0FM1eSGO_5CSNCdXOpoUz0/edit?usp=sharing>`_. The format is expected to change in the near future to match the standard for relationship announcements being developed as part of `the COAR Notify Project <https://notify.coar-repositories.org/>`_. 
+The supported message format is described by `the COAR Notify Relationship Announcement specification <https://coar-notify.net/catalogue/workflows/repository-relationship-repository/2/>`_. 
 
-An example message is shown below. It indicates that a resource with the name "An Interesting Title" exists and "IsSupplementedBy" the dataset with DOI https://doi.org/10.5072/FK2/GGCCDL. If this dataset is managed in the receiving Dataverse, a notification will be sent to user with the relevant permissions (as described above).
+An example message is shown below. It indicates that a resource in the "Harvard DASH" test server has, as a "supplement", the dataset with DOI doi:10.5074/FKNOAHNQ.
+If this dataset is managed in the receiving Dataverse, a notification will be sent to user with the relevant permissions (as described above).
 
 .. code:: json
 
@@ -27,39 +34,44 @@ An example message is shown below. It indicates that a resource with the name "A
       "https://www.w3.org/ns/activitystreams",
       "https://purl.org/coar/notify"
     ],
-    "id": "urn:uuid:94ecae35-dcfd-4182-8550-22c7164fe23f",
     "actor": {
-      "id": "https://research-organisation.org/dspace",
-      "name": "DSpace Repository",
+      "id": "https://harvard-dash.staging.4science.cloud",
+      "name": "Harvard DASH",
       "type": "Service"
     },
     "context": {
-      "IsSupplementedBy":
-        {
-          "id": "http://dev-hdc3b.lib.harvard.edu/dataset.xhtml?persistentId=doi:10.5072/FK2/GGCCDL",
-          "ietf:cite-as": "https://doi.org/10.5072/FK2/GGCCDL",
-          "type": "sorg:Dataset"
-        }
+      "id": "https://harvard-dash.staging.4science.cloud/handle/1/42718322",
+      "ietf:cite-as": "https://harvard-dash.staging.4science.cloud/handle/1/42718322",
+      "ietf:item": {
+        "id": "https://harvard-dash.staging.4science.cloud/bitstreams/e2ae80a1-35e5-411b-9ef1-9175f6cccf23/download",
+        "mediaType": "application/pdf",
+        "type": [
+          "Article",
+          "sorg:ScholarlyArticle"
+        ]
+      },
+      "type": "sorg:AboutPage"
     },
+    "id": "urn:uuid:3c933c09-c246-473d-bea4-674db168cfee",
     "object": {
-      "id": "https://research-organisation.org/dspace/item/35759679-5df3-4633-b7e5-4cf24b4d0614",
-      "ietf:cite-as": "https://research-organisation.org/authority/resolve/35759679-5df3-4633-b7e5-4cf24b4d0614",
-      "sorg:name": "An Interesting Title",
-      "type": "sorg:ScholarlyArticle"
+      "as:object": "doi: 10.5074/FKNOAHNQ",
+      "as:relationship": "http://purl.org/vocab/frbr/core#supplement",
+      "as:subject": "https://harvard-dash.staging.4science.cloud/handle/1/42718322",
+      "id": "urn:uuid:0851f805-c52f-4d0b-81ac-a07e99c33e20",
+      "type": "Relationship"
     },
     "origin": {
-      "id": "https://research-organisation.org/dspace",
-      "inbox": "https://research-organisation.org/dspace/inbox/",
+      "id": "https://harvard-dash.staging.4science.cloud",
+      "inbox": "https://harvard-dash.staging.4science.cloud/server/ldn/inbox",
       "type": "Service"
     },
     "target": {
-      "id": "https://research-organisation.org/dataverse",
-      "inbox": "https://research-organisation.org/dataverse/inbox/",
+      "id": "http://ec2-3-238-245-253.compute-1.amazonaws.com/",
+      "inbox": "http://ec2-3-238-245-253.compute-1.amazonaws.com/api/inbox",
       "type": "Service"
     },
     "type": [
       "Announce",
-      "coar-notify:ReleaseAction"
+      "coar-notify:RelationshipAction"
     ]
   }
-
diff --git a/doc/sphinx-guides/source/api/native-api.rst b/doc/sphinx-guides/source/api/native-api.rst
index db9a408083a..aecb9684675 100644
--- a/doc/sphinx-guides/source/api/native-api.rst
+++ b/doc/sphinx-guides/source/api/native-api.rst
@@ -8241,7 +8241,7 @@ Get details of a workflow with a given id::
 
    GET http://$SERVER/api/admin/workflows/$id
 
-Add a new workflow. Request body specifies the workflow properties and steps in JSON format.
+Add a new workflow. Request body specifies the workflow properties and steps in JSON format. Specifically, the body of the message should be a JSON Object with a String "name" for the workflow and a "steps" JSON Array containing a JSON Object per workflow step. (See :doc:`/developers/workflows` for the exiting steps and their required JSON representations.)
 Sample ``json`` files are available at ``scripts/api/data/workflows/``::
 
    POST http://$SERVER/api/admin/workflows
diff --git a/doc/sphinx-guides/source/developers/workflows.rst b/doc/sphinx-guides/source/developers/workflows.rst
index 38ca6f4e141..bc894a7dfeb 100644
--- a/doc/sphinx-guides/source/developers/workflows.rst
+++ b/doc/sphinx-guides/source/developers/workflows.rst
@@ -202,16 +202,16 @@ Note - the example step includes two settings required for any archiver, three (
   }
 
 
-ldnannounce
-+++++++++++
+coarNotifyRelationshipAnnouncement
+++++++++++++++++++++++++++++++++++
 
-An experimental step that sends a Linked Data Notification (LDN) message to a specific LDN Inbox announcing the publication/availability of a dataset meeting certain criteria. 
+A step that sends a `COAR Notify Relationship Announcement <https://coar-notify.net/catalogue/workflows/repository-relationship-repository/>`_ message, using the `Linked Data Notification (LDN) <https://www.w3.org/TR/ldn/>`_ message standard,
+to a specific set of LDN Inboxes announcing a relationship between a newly published/available dataset and an external resource (e.g. one managed by the recipient). 
 
 The two parameters are
-* ``:LDNAnnounceRequiredFields`` - a list of metadata fields that must exist to trigger the message. Currently, the message also includes the values for these fields but future versions may only send the dataset's persistent identifier (making the receiver responsible for making a call-back to get any metadata).
-* ``:LDNTarget`` - a JSON object containing an ``inbox`` key whose value is the URL of the target LDN inbox to which messages should be sent, e.g. ``{"id": "https://dashv7-dev.lib.harvard.edu","inbox": "https://dashv7-api-dev.lib.harvard.edu/server/ldn/inbox","type": "Service"}`` ).
-
-The supported message format is desribed by `our preliminary specification <https://docs.google.com/document/d/1dqj8_vEcIBeyDIZCaPQvp0FM1eSGO_5CSNCdXOpoUz0/edit?usp=sharing>`_. The format is expected to change in the near future to match the standard for relationship announcements being developed as part of `the COAR Notify Project <https://notify.coar-repositories.org/>`_. 
+* ``:COARNotifyRelationshipAnnouncementTriggerFields`` - a list of metadata field types that can trigger messages. Separate messages will be sent for each field (whether of the same type or not).
+* ``:COARNotifyRelationshipAnnouncementTargets`` - a JSON Array of JSON objects containing ``id``, ``inbox``, and ``type`` fields as required by the `COAR Notify Relationship Announcement specification <https://coar-notify.net/catalogue/workflows/repository-relationship-repository/2/>`_ .
+The ``inbox`` value should be the full URL of the target LDN inbox to which messages should be sent, e.g. ``{"id": "https://dashv7-dev.lib.harvard.edu","inbox": "https://dashv7-api-dev.lib.harvard.edu/server/ldn/inbox","type": ["Service"]}`` ).
 
 
 .. code:: json
@@ -219,13 +219,13 @@ The supported message format is desribed by `our preliminary specification <http
 
   {
     "provider":":internal",
-    "stepType":"ldnannounce",
+    "stepType":"coarNotifyRelationshipAnnouncement",
     "parameters": {
-      "stepName":"LDN Announce"
+      "stepName":"COAR Notify Relationship Announcement"
     },
     "requiredSettings": {
-      ":LDNAnnounceRequiredFields": "string",
-      ":LDNTarget": "string"
+      ":COARNotifyRelationshipAnnouncementTriggerFields": "string",
+      ":COARNotifyRelationshipAnnouncementTargets": "string"
     }
   }
 
diff --git a/doc/sphinx-guides/source/installation/config.rst b/doc/sphinx-guides/source/installation/config.rst
index 6c19464489d..f1ee169b2bb 100644
--- a/doc/sphinx-guides/source/installation/config.rst
+++ b/doc/sphinx-guides/source/installation/config.rst
@@ -3716,7 +3716,7 @@ Experimental. See :doc:`/developers/search-services`.
 .. _dataverse.cors:
 
 CORS Settings
--------------
++++++++++++++
 
 The following settings control Cross-Origin Resource Sharing (CORS) for your Dataverse installation.
 
@@ -3798,6 +3798,23 @@ Example: ``dataverse.api.mdc.min-delay-ms=100`` (enforces a minimum 100ms delay
 
 Can also be set via any `supported MicroProfile Config API source`_, e.g. the environment variable ``DATAVERSE_API_MDC_MIN_DELAY_MS``.
 
+.. dataverse.ldn
+
+Linked Data Notifications (LDN) Allowed Hosts
++++++++++++++++++++++++++++++++++++++++++++++
+
+Dataverse supports receiving LDN notifications via the /api/inbox endpoint. The dataverse.ldn.allowed-hosts allows you to specify the list of host IP addresses from which LDN notifications can be received, or ``*`` to receive messages from anywhere.
+
+Example: ``dataverse.ldn.allowed-hosts=*``
+
+COAR Notify Relationship Announcement Notify Superusers Only
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
+
+When Dataverse receives an LDN message conforming to the COAR Notify Relationship Announcement format and the message is about a dataset hosted in the installation, Dataverse will send an notification to users who have permission to publish the dataset.
+This can instead be restricted to only superusers who can publish the dataset using this option.
+
+Example: ``dataverse.coar-notify.relationship-announcement.notify-superusers-only=true``
+
 .. _feature-flags:
 
 Feature Flags
diff --git a/scripts/api/data/workflows/internal-coar-notify-relationship-announcement-workflow.json b/scripts/api/data/workflows/internal-coar-notify-relationship-announcement-workflow.json
new file mode 100644
index 00000000000..f0cbea63443
--- /dev/null
+++ b/scripts/api/data/workflows/internal-coar-notify-relationship-announcement-workflow.json
@@ -0,0 +1,16 @@
+{
+  "name": "COAR Notify Relationship Announcement workflow",
+  "steps": [
+    {
+      "provider":":internal",
+      "stepType":"coarNotifyRelationshipAnnouncement",
+      "parameters": {
+        "stepName":"LDN Announce"
+      },
+      "requiredSettings": {
+        ":COARNotifyRelationshipAnnouncementTriggerFields": "string",
+        ":COARNotifyRelationshipAnnouncementTargets": "string"
+      }
+    }
+  ]
+}
diff --git a/scripts/api/data/workflows/internal-ldnannounce-workflow.json b/scripts/api/data/workflows/internal-ldnannounce-workflow.json
deleted file mode 100644
index 9cf058b68a1..00000000000
--- a/scripts/api/data/workflows/internal-ldnannounce-workflow.json
+++ /dev/null
@@ -1,16 +0,0 @@
-{
-  "name": "LDN Announce workflow",
-  "steps": [
-    {
-      "provider":":internal",
-      "stepType":"ldnannounce",
-      "parameters": {
-        "stepName":"LDN Announce"
-      },
-      "requiredSettings": {
-        ":LDNAnnounceRequiredFields": "string",
-        ":LDNTarget": "string"
-      }
-    }
-  ]
-}
diff --git a/src/main/java/edu/harvard/iq/dataverse/MailServiceBean.java b/src/main/java/edu/harvard/iq/dataverse/MailServiceBean.java
index 569bb82ff80..f578cc3a248 100644
--- a/src/main/java/edu/harvard/iq/dataverse/MailServiceBean.java
+++ b/src/main/java/edu/harvard/iq/dataverse/MailServiceBean.java
@@ -737,9 +737,9 @@ public String getMessageTextBasedOnNotification(UserNotification userNotificatio
                 Object[] paramArrayDatasetMentioned = {
                         userNotification.getUser().getName(),
                         BrandingUtil.getInstallationBrandName(), 
-                        citingResource.getString("@type"),
+                        citingResource.getString("@type", "External Resource"),
                         citingResource.getString("@id"),
-                        citingResource.getString("name"),
+                        citingResource.getString("name", citingResource.getString("@id")),
                         citingResource.getString("relationship"), 
                         systemConfig.getDataverseSiteUrl(),
                         dataset.getGlobalId().toString(), 
diff --git a/src/main/java/edu/harvard/iq/dataverse/api/LDNInbox.java b/src/main/java/edu/harvard/iq/dataverse/api/LDNInbox.java
index 6a9c608dc13..071450a5f98 100644
--- a/src/main/java/edu/harvard/iq/dataverse/api/LDNInbox.java
+++ b/src/main/java/edu/harvard/iq/dataverse/api/LDNInbox.java
@@ -1,41 +1,31 @@
+
 package edu.harvard.iq.dataverse.api;
 
-import edu.harvard.iq.dataverse.Dataset;
 import edu.harvard.iq.dataverse.DatasetServiceBean;
 import edu.harvard.iq.dataverse.DataverseRoleServiceBean;
-import edu.harvard.iq.dataverse.GlobalId;
 import edu.harvard.iq.dataverse.MailServiceBean;
 import edu.harvard.iq.dataverse.RoleAssigneeServiceBean;
-import edu.harvard.iq.dataverse.RoleAssignment;
-import edu.harvard.iq.dataverse.UserNotification;
 import edu.harvard.iq.dataverse.UserNotificationServiceBean;
-import edu.harvard.iq.dataverse.authorization.Permission;
+import edu.harvard.iq.dataverse.api.ldn.COARNotifyRelationshipAnnouncement;
 import edu.harvard.iq.dataverse.authorization.groups.impl.ipaddress.ip.IpAddress;
 import edu.harvard.iq.dataverse.engine.command.DataverseRequest;
-import edu.harvard.iq.dataverse.pidproviders.PidProvider;
-import edu.harvard.iq.dataverse.pidproviders.doi.AbstractDOIProvider;
-import edu.harvard.iq.dataverse.pidproviders.handle.HandlePidProvider;
+import edu.harvard.iq.dataverse.settings.JvmSettings;
 import edu.harvard.iq.dataverse.settings.SettingsServiceBean;
 import edu.harvard.iq.dataverse.util.json.JSONLDUtil;
 import edu.harvard.iq.dataverse.util.json.JsonLDNamespace;
 import edu.harvard.iq.dataverse.util.json.JsonLDTerm;
+import edu.harvard.iq.dataverse.util.json.JsonUtil;
 
-import java.util.Date;
-import java.util.Map;
-import java.util.Optional;
-import java.util.Set;
-import java.io.StringWriter;
-import java.sql.Timestamp;
+import java.util.logging.Level;
 import java.util.logging.Logger;
 
 import jakarta.ejb.EJB;
-import jakarta.json.Json;
 import jakarta.json.JsonObject;
-import jakarta.json.JsonValue;
-import jakarta.json.JsonWriter;
 import jakarta.servlet.http.HttpServletRequest;
 import jakarta.ws.rs.BadRequestException;
+import jakarta.ws.rs.ClientErrorException;
 import jakarta.ws.rs.ServiceUnavailableException;
+import jakarta.ws.rs.WebApplicationException;
 import jakarta.ws.rs.Consumes;
 import jakarta.ws.rs.ForbiddenException;
 import jakarta.ws.rs.POST;
@@ -65,134 +55,114 @@ public class LDNInbox extends AbstractApiBean {
 
     @EJB
     RoleAssigneeServiceBean roleAssigneeService;
+
     @Context
     protected HttpServletRequest httpRequest;
 
+    public static final JsonLDNamespace activityStreams = JsonLDNamespace.defineNamespace("as",
+            "https://www.w3.org/ns/activitystreams#");
+    public static final String objectKey = new JsonLDTerm(activityStreams, "object").getUrl();
+
     @POST
     @Path("/")
     @Consumes("application/ld+json, application/json-ld")
     public Response acceptMessage(String body) {
-        IpAddress origin = new DataverseRequest(null, httpRequest).getSourceAddress();
-        String whitelist = settingsService.get(SettingsServiceBean.Key.LDNMessageHosts.toString(), "");
-        // Only do something if we listen to this host
-        if (whitelist.equals("*") || whitelist.contains(origin.toString())) {
-            String citingPID = null;
-            String citingType = null;
-            boolean sent = false;
-
-            JsonObject jsonld = null;
-            jsonld = JSONLDUtil.decontextualizeJsonLD(body);
-            if (jsonld == null) {
-                // Kludge - something about the coar notify URL causes a
-                // LOADING_REMOTE_CONTEXT_FAILED error in the titanium library - so replace it
-                // and try with a local copy
-                body = body.replace("\"https://purl.org/coar/notify\"",
-                        "{\n" + "                \"@vocab\": \"http://purl.org/coar/notify_vocabulary/\",\n"
-                                + "                \"ietf\": \"http://www.iana.org/assignments/relation/\",\n"
-                                + "                \"coar-notify\": \"http://purl.org/coar/notify_vocabulary/\",\n"
-                                + "                \"sorg\": \"http://schema.org/\",\n"
-                                + "                \"ReviewAction\": \"coar-notify:ReviewAction\",\n"
-                                + "                \"EndorsementAction\": \"coar-notify:EndorsementAction\",\n"
-                                + "                \"IngestAction\": \"coar-notify:IngestAction\",\n"
-                                + "                \"ietf:cite-as\": {\n" + "                \"@type\": \"@id\"\n"
-                                + "                }}");
-                jsonld = JSONLDUtil.decontextualizeJsonLD(body);
+        try {
+            IpAddress origin = new DataverseRequest(null, httpRequest).getSourceAddress();
+            String allowedIPs = JvmSettings.LINKEDDATANOTIFICATION_ALLOWED_HOSTS.lookupOptional().orElse("");
+            
+            // Only process messages from whitelisted hosts
+            if (!allowedIPs.equals("*") && !allowedIPs.contains(origin.toString())) {
+                logger.fine("Ignoring message from IP address: " + origin.toString());
+                throw new ForbiddenException("The LDN Inbox does not accept messages from this address");
             }
+
+            // Parse JSON-LD message
+            JsonObject jsonld = parseJsonLD(body);
             if (jsonld == null) {
-                throw new BadRequestException("Could not parse message to find acceptable citation link to a dataset.");
-            }
-            String relationship = "isRelatedTo";
-            String name = null;
-            JsonLDNamespace activityStreams = JsonLDNamespace.defineNamespace("as",
-                    "https://www.w3.org/ns/activitystreams#");
-            JsonLDNamespace ietf = JsonLDNamespace.defineNamespace("ietf", "http://www.iana.org/assignments/relation/");
-            String objectKey = new JsonLDTerm(activityStreams, "object").getUrl();
-            if (jsonld.containsKey(objectKey)) {
-                JsonObject msgObject = jsonld.getJsonObject(objectKey);
-
-                citingPID = msgObject.getJsonObject(new JsonLDTerm(ietf, "cite-as").getUrl()).getString("@id");
-                logger.fine("Citing PID: " + citingPID);
-                if (msgObject.containsKey("@type")) {
-                    citingType = msgObject.getString("@type");
-                    if (citingType.startsWith(JsonLDNamespace.schema.getUrl())) {
-                        citingType = citingType.replace(JsonLDNamespace.schema.getUrl(), "");
-                    }
-                    if (msgObject.containsKey(JsonLDTerm.schemaOrg("name").getUrl())) {
-                        name = msgObject.getString(JsonLDTerm.schemaOrg("name").getUrl());
-                    }
-                    logger.fine("Citing Type: " + citingType);
-                    String contextKey = new JsonLDTerm(activityStreams, "context").getUrl();
-
-                    if (jsonld.containsKey(contextKey)) {
-                        JsonObject context = jsonld.getJsonObject(contextKey);
-                        for (Map.Entry<String, JsonValue> entry : context.entrySet()) {
-
-                            relationship = entry.getKey().replace("_:", "");
-                            // Assuming only one for now - should check for array and loop
-                            JsonObject citedResource = (JsonObject) entry.getValue();
-                            String pid = citedResource.getJsonObject(new JsonLDTerm(ietf, "cite-as").getUrl())
-                                    .getString("@id");
-                            if (citedResource.getString("@type").equals(JsonLDTerm.schemaOrg("Dataset").getUrl())) {
-                                logger.fine("Raw PID: " + pid);
-                                if (pid.startsWith(AbstractDOIProvider.DOI_RESOLVER_URL)) {
-                                    pid = pid.replace(AbstractDOIProvider.DOI_RESOLVER_URL, AbstractDOIProvider.DOI_PROTOCOL + ":");
-                                } else if (pid.startsWith(HandlePidProvider.HDL_RESOLVER_URL)) {
-                                    pid = pid.replace(HandlePidProvider.HDL_RESOLVER_URL, HandlePidProvider.HDL_PROTOCOL + ":");
-                                }
-                                logger.fine("Protocol PID: " + pid);
-                                Optional<GlobalId> id = PidProvider.parse(pid);
-                                Dataset dataset = datasetSvc.findByGlobalId(pid);
-                                if (dataset != null) {
-                                    JsonObject citingResource = Json.createObjectBuilder().add("@id", citingPID)
-                                            .add("@type", citingType).add("relationship", relationship)
-                                            .add("name", name).build();
-                                    StringWriter sw = new StringWriter(128);
-                                    try (JsonWriter jw = Json.createWriter(sw)) {
-                                        jw.write(citingResource);
-                                    }
-                                    String jsonstring = sw.toString();
-                                    Set<RoleAssignment> ras = roleService.rolesAssignments(dataset);
-
-                                    roleService.rolesAssignments(dataset).stream()
-                                            .filter(ra -> ra.getRole().permissions()
-                                                    .contains(Permission.PublishDataset))
-                                            .flatMap(
-                                                    ra -> roleAssigneeService
-                                                            .getExplicitUsers(roleAssigneeService
-                                                                    .getRoleAssignee(ra.getAssigneeIdentifier()))
-                                                            .stream())
-                                            .distinct() // prevent double-send
-                                            .forEach(au -> {
-
-                                                if (au.isSuperuser()) {
-                                                    userNotificationService.sendNotification(au,
-                                                            new Timestamp(new Date().getTime()),
-                                                            UserNotification.Type.DATASETMENTIONED, dataset.getId(),
-                                                            null, null, true, jsonstring);
-
-                                                }
-                                            });
-                                    sent = true;
-                                }
-                            }
-                        }
-                    }
-                }
+                throw new BadRequestException("Could not parse JSON message.");
             }
 
-            if (!sent) {
-                if (citingPID == null || citingType == null) {
-                    throw new BadRequestException(
-                            "Could not parse message to find acceptable citation link to a dataset.");
-                } else {
-                    throw new ServiceUnavailableException(
-                            "Unable to process message. Please contact the administrators.");
-                }
+            logger.fine(JsonUtil.prettyPrint(jsonld));
+
+            // Process message based on type
+            processMessage(jsonld);
+
+            return ok("Message Received");
+
+        } catch (Throwable t) {
+            logger.warning(t.getLocalizedMessage());
+            if(logger.isLoggable(Level.FINE)) {
+                t.printStackTrace();
             }
-        } else {
-            logger.info("Ignoring message from IP address: " + origin.toString());
-            throw new ForbiddenException("Inbox does not acept messages from this address");
+            throw t;
+        }
+    }
+
+    /**
+     * Parse JSON-LD message with fallback for COAR Notify context issues.
+     */
+    private JsonObject parseJsonLD(String body) {
+        JsonObject jsonld = JSONLDUtil.decontextualizeJsonLD(body);
+        
+        if (jsonld == null) {
+            // The COAR Notify URL has many redirects which cause a
+            // LOADING_REMOTE_CONTEXT_FAILED error in the titanium library - so replace it
+            // with the contents of the final redirect (current as of 10/29/2025)
+            // and try again
+            body = body.replace("\"https://purl.org/coar/notify\"",
+                    """
+                    {
+                        "@vocab": "http://purl.org/coar/notify_vocabulary/",
+                        "ietf": "http://www.iana.org/assignments/relation/",
+                        "coar-notify": "http://purl.org/coar/notify_vocabulary/",
+                        "sorg": "http://schema.org/",
+                        "ReviewAction": "coar-notify:ReviewAction",
+                        "EndorsementAction": "coar-notify:EndorsementAction",
+                        "IngestAction": "coar-notify:IngestAction",
+                        "ietf:cite-as": {
+                        "@type": "@id"
+                        }
+                    }""");
+            jsonld = JSONLDUtil.decontextualizeJsonLD(body);
+        }
+        
+        return jsonld;
+    }
+
+    /**
+     * Process the message based on its type.
+     * Returns true if the message was successfully processed.
+     */
+    private void processMessage(JsonObject jsonld) throws WebApplicationException {
+        if (!jsonld.containsKey(objectKey)) {
+            throw new BadRequestException("Message does not contain an 'object' key - ignoring");
+        }
+
+        JsonObject msgObject = jsonld.getJsonObject(objectKey);
+        String messageType = msgObject.getString("@type", "");
+
+        switch (messageType) {
+            case "https://www.w3.org/ns/activitystreams#Relationship":
+                handleRelationshipAnnouncement(msgObject);
+                break;
+            
+            default:
+                throw new ServiceUnavailableException("Unsupported message type: " + messageType + " - ignoring");
         }
-        return ok("Message Received");
     }
-}
+
+    /**
+     * Handle COAR Notify Relationship Announcement messages.
+     */
+    private void handleRelationshipAnnouncement(JsonObject msgObject) {
+        COARNotifyRelationshipAnnouncement handler = new COARNotifyRelationshipAnnouncement(
+                datasetService,
+                userNotificationService,
+                roleService,
+                roleAssigneeService
+        );
+        
+        handler.processMessage(msgObject);
+    }
+}
\ No newline at end of file
diff --git a/src/main/java/edu/harvard/iq/dataverse/api/MakeDataCountApi.java b/src/main/java/edu/harvard/iq/dataverse/api/MakeDataCountApi.java
index 07e87a9b86a..892352e2794 100644
--- a/src/main/java/edu/harvard/iq/dataverse/api/MakeDataCountApi.java
+++ b/src/main/java/edu/harvard/iq/dataverse/api/MakeDataCountApi.java
@@ -256,7 +256,7 @@ private boolean processCitationUpdate(Dataset dataset, GlobalId pid, PidProvider
                 
                 JsonObject report;
                 try (InputStream inStream = connection.getInputStream()) {
-                    report = JsonUtil.getJsonObject(inStream);
+                    report = JsonUtil.getJsonObjectFromInputStream(inStream);
                 } finally {
                     connection.disconnect();
                 }
diff --git a/src/main/java/edu/harvard/iq/dataverse/api/ldn/COARNotifyRelationshipAnnouncement.java b/src/main/java/edu/harvard/iq/dataverse/api/ldn/COARNotifyRelationshipAnnouncement.java
new file mode 100644
index 00000000000..91b54c1a6ff
--- /dev/null
+++ b/src/main/java/edu/harvard/iq/dataverse/api/ldn/COARNotifyRelationshipAnnouncement.java
@@ -0,0 +1,333 @@
+package edu.harvard.iq.dataverse.api.ldn;
+
+import edu.harvard.iq.dataverse.Dataset;
+import edu.harvard.iq.dataverse.DatasetServiceBean;
+import edu.harvard.iq.dataverse.DataverseRoleServiceBean;
+import edu.harvard.iq.dataverse.GlobalId;
+import edu.harvard.iq.dataverse.RoleAssigneeServiceBean;
+import edu.harvard.iq.dataverse.UserNotification;
+import edu.harvard.iq.dataverse.UserNotificationServiceBean;
+import edu.harvard.iq.dataverse.authorization.Permission;
+import edu.harvard.iq.dataverse.pidproviders.PidProvider;
+import edu.harvard.iq.dataverse.settings.JvmSettings;
+import edu.harvard.iq.dataverse.util.json.JsonLDNamespace;
+import edu.harvard.iq.dataverse.util.json.JsonLDTerm;
+import edu.harvard.iq.dataverse.util.json.JsonUtil;
+
+import static edu.harvard.iq.dataverse.api.LDNInbox.activityStreams;
+import static edu.harvard.iq.dataverse.api.LDNInbox.objectKey;
+
+import jakarta.json.Json;
+import jakarta.json.JsonObject;
+import jakarta.json.JsonObjectBuilder;
+import jakarta.ws.rs.BadRequestException;
+
+import org.apache.http.client.methods.CloseableHttpResponse;
+import org.apache.http.client.methods.HttpGet;
+import org.apache.http.client.methods.HttpHead;
+import org.apache.http.impl.client.CloseableHttpClient;
+import org.apache.http.impl.client.HttpClients;
+import org.apache.http.util.EntityUtils;
+
+import java.net.URI;
+import java.sql.Timestamp;
+import java.util.Date;
+import java.util.Optional;
+import java.util.logging.Logger;
+
+/**
+ * Handles COAR Notify Relationship Announcement messages.
+ * Processes relationship announcements between scholarly resources and datasets.
+ */
+public class COARNotifyRelationshipAnnouncement {
+
+    private static final Logger logger = Logger.getLogger(COARNotifyRelationshipAnnouncement.class.getName());
+
+    private static final String subjectKey = new JsonLDTerm(activityStreams, "subject").getUrl();
+    private static final String relationshipKey = new JsonLDTerm(activityStreams, "relationship").getUrl();
+    
+    private static final boolean notifySuperusersOnly = JvmSettings.COARNOTIFY_RELATIONSHIP_ANNOUNCEMENT_NOTIFY_SUPERUSERS_ONLY
+            .lookupOptional(Boolean.class).orElse(false);
+
+    private final DatasetServiceBean datasetService;
+    private final UserNotificationServiceBean userNotificationService;
+    private final DataverseRoleServiceBean roleService;
+    private final RoleAssigneeServiceBean roleAssigneeService;
+
+    public COARNotifyRelationshipAnnouncement(
+            DatasetServiceBean datasetService,
+            UserNotificationServiceBean userNotificationService,
+            DataverseRoleServiceBean roleService,
+            RoleAssigneeServiceBean roleAssigneeService) {
+        this.datasetService = datasetService;
+        this.userNotificationService = userNotificationService;
+        this.roleService = roleService;
+        this.roleAssigneeService = roleAssigneeService;
+    }
+
+    /**
+     * Process a COAR Notify Relationship Announcement message.
+     *
+     * @param msgObject The JSON-LD message object
+     * @return true if the message was successfully processed, false otherwise
+     */
+    public void processMessage(JsonObject msgObject) {
+        // Extract subject, object, and relationship from the message
+        String subjectId = extractField(msgObject, subjectKey);
+        String objectId = extractField(msgObject, objectKey);
+        String relationshipId = extractField(msgObject, relationshipKey);
+
+        if (subjectId == null || objectId == null || relationshipId == null) {
+            throw new BadRequestException("Can't find the subject, relationship or object in the message - ignoring");
+        }
+
+        // Get metadata about the citing resource
+        ResourceMetadata metadata = retrieveResourceMetadata(subjectId);
+
+        // Extract relationship label from URI
+        String relationship = extractRelationshipLabel(relationshipId);
+
+        // Find the dataset being cited
+        Optional<GlobalId> id = PidProvider.parse(objectId);
+        if (!id.isPresent()) {
+            throw new BadRequestException("Unable to parse relationship object ID as a PID: " + objectId);
+        }
+
+        Dataset dataset = datasetService.findByGlobalId(objectId);
+        if (dataset == null) {
+            logger.fine("Didn't find dataset for object ID: " + objectId + " - ignoring");
+            return;
+        }
+
+        // Create the citing resource JSON
+        JsonObject citingResource = buildCitingResourceJson(subjectId, relationship, metadata);
+        String jsonString = JsonUtil.prettyPrint(citingResource);
+        logger.fine("Citing resource: " + jsonString);
+
+        // Send notifications to users with publish permissions
+        sendNotifications(dataset, jsonString);
+    }
+
+    /**
+     * Extract a field value from the message object.
+     */
+    private String extractField(JsonObject msgObject, String key) {
+        return msgObject.containsKey(key) ? msgObject.getString(key) : null;
+    }
+
+    /**
+     * Retrieve metadata about the citing resource using Signposting and DataCite.
+     */
+    private ResourceMetadata retrieveResourceMetadata(String subjectId) {
+        ResourceMetadata metadata = new ResourceMetadata();
+
+        try (CloseableHttpClient client = HttpClients.custom().disableRedirectHandling().build()) {
+            logger.fine("Getting " + subjectId);
+
+            // Step 1: Initial GET request expecting a 30x redirect
+            HttpGet initialGet = new HttpGet(new URI(subjectId));
+            initialGet.addHeader("Accept", "application/json");
+
+            CloseableHttpResponse initialResponse = client.execute(initialGet);
+            int statusCode = initialResponse.getStatusLine().getStatusCode();
+
+            if (statusCode == 301 || statusCode == 302 || statusCode == 303 || statusCode == 307 || statusCode == 308) {
+                String location = initialResponse.getFirstHeader("Location").getValue();
+                logger.fine("Redirecting to: " + location);
+                initialResponse.close();
+                // Assure the location is an absolute URI by converting any relative redirect
+                // location to absolute URI using the original request URI as base
+                // An absolute location will not be changed by this call
+                URI locationUri = new URI(subjectId).resolve(new URI(location));
+                logger.fine("Absolute redirect: " + locationUri.toString());
+                
+                // Step 2: HEAD request to get Signposting links
+                HttpHead headRequest = new HttpHead(locationUri);
+                CloseableHttpResponse headResponse = client.execute(headRequest);
+
+                if (headResponse.getStatusLine().getStatusCode() == 200) {
+                    String dataciteXmlUrl = extractDataCiteXmlUrl(headResponse);
+                    headResponse.close();
+
+                    // Step 3: Retrieve and parse DataCite XML
+                    if (dataciteXmlUrl != null) {
+                        parseDataCiteXml(dataciteXmlUrl, client, metadata);
+                    } else {
+                        logger.fine("No DataCite XML URL found in Signposting links");
+                    }
+                } else {
+                    logger.fine("HEAD request failed with status: " + headResponse.getStatusLine().getStatusCode());
+                    headResponse.close();
+                }
+            } else {
+                logger.fine("Expected 302/303 redirect but received status: " + statusCode);
+                initialResponse.close();
+            }
+
+        } catch (Exception e) {
+            logger.fine("Unable to get metadata from " + subjectId);
+            logger.fine(e.getLocalizedMessage());
+        }
+
+        return metadata;
+    }
+
+    /**
+     * Extract DataCite XML URL from Signposting Link headers.
+     */
+
+/**
+ * Extract DataCite XML URL from Signposting Link headers.
+ */
+private String extractDataCiteXmlUrl(CloseableHttpResponse headResponse) {
+    org.apache.http.Header[] linkHeaders = headResponse.getHeaders("Link");
+
+    for (org.apache.http.Header linkHeader : linkHeaders) {
+        String linkValue = linkHeader.getValue();
+        logger.fine("Full Link header: " + linkValue);
+        
+        // Split by comma to handle multiple links in a single header
+        String[] links = linkValue.split(",");
+        
+        for (String link : links) {
+            link = link.trim();
+            logger.fine("Checking link segment: [" + link + "]");
+            
+            // Check if this link has the DataCite XML type
+            boolean hasDataCiteType = link.contains("type=\"application/vnd.datacite.datacite+xml\"") || 
+                                     link.contains("type='application/vnd.datacite.datacite+xml'");
+            
+            logger.fine("Contains DataCite type: " + hasDataCiteType);
+            
+            if (hasDataCiteType) {
+                int urlStart = link.indexOf('<');
+                int urlEnd = link.indexOf('>');
+                if (urlStart != -1 && urlEnd != -1 && urlEnd > urlStart) {
+                    String dataciteXmlUrl = link.substring(urlStart + 1, urlEnd);
+                    logger.fine("Found DataCite XML URL: " + dataciteXmlUrl);
+                    return dataciteXmlUrl;
+                }
+            }
+        }
+    }
+
+    logger.fine("No DataCite XML URL found in Link headers");
+    return null;
+}
+
+    /**
+     * Parse DataCite XML to extract title and resource type.
+     */
+    private void parseDataCiteXml(String dataciteXmlUrl, CloseableHttpClient client, ResourceMetadata metadata) {
+        try {
+            HttpGet xmlGet = new HttpGet(new URI(dataciteXmlUrl));
+            xmlGet.addHeader("Accept", "application/vnd.datacite.datacite+xml, application/xml");
+
+            CloseableHttpResponse xmlResponse = client.execute(xmlGet);
+
+            if (xmlResponse.getStatusLine().getStatusCode() == 200) {
+                String xmlContent = EntityUtils.toString(xmlResponse.getEntity(), "UTF-8");
+                logger.fine("Retrieved DataCite XML");
+
+                javax.xml.parsers.DocumentBuilderFactory factory = javax.xml.parsers.DocumentBuilderFactory.newInstance();
+                factory.setNamespaceAware(true);
+                javax.xml.parsers.DocumentBuilder builder = factory.newDocumentBuilder();
+                org.w3c.dom.Document doc = builder.parse(
+                        new java.io.ByteArrayInputStream(xmlContent.getBytes("UTF-8")));
+
+                // Extract title
+                org.w3c.dom.NodeList titleNodes = doc.getElementsByTagNameNS("*", "title");
+                if (titleNodes.getLength() == 0) {
+                    titleNodes = doc.getElementsByTagName("title");
+                }
+
+                if (titleNodes.getLength() > 0) {
+                    metadata.name = titleNodes.item(0).getTextContent();
+                    logger.fine("Extracted title from DataCite XML: " + metadata.name);
+                } else {
+                    logger.fine("No title element found in DataCite XML");
+                }
+
+                // Extract resource type
+                org.w3c.dom.NodeList resourceTypeNodes = doc.getElementsByTagNameNS("*", "resourceType");
+                if (resourceTypeNodes.getLength() == 0) {
+                    resourceTypeNodes = doc.getElementsByTagName("resourceType");
+                }
+
+                if (resourceTypeNodes.getLength() > 0) {
+                    org.w3c.dom.Element resourceTypeElement = (org.w3c.dom.Element) resourceTypeNodes.item(0);
+                    String resourceTypeGeneral = resourceTypeElement.getAttribute("resourceTypeGeneral");
+                    if (resourceTypeGeneral != null && !resourceTypeGeneral.isEmpty()) {
+                        metadata.itemType = resourceTypeGeneral.toLowerCase();
+                        logger.fine("Extracted resource type: " + metadata.itemType);
+                    }
+                }
+
+            } else {
+                logger.fine("Failed to retrieve DataCite XML. Status: " + xmlResponse.getStatusLine().getStatusCode());
+            }
+
+            xmlResponse.close();
+
+        } catch (Exception parseException) {
+            logger.warning("Failed to parse DataCite XML: " + parseException.getMessage());
+        }
+    }
+
+    /**
+     * Extract relationship label from relationship URI.
+     * Assumes the label exists after a # character.
+     */
+    private String extractRelationshipLabel(String relationshipId) {
+        int index = relationshipId.indexOf("#");
+        logger.fine("Found # at " + index + " in " + relationshipId);
+        return relationshipId.substring(index + 1);
+    }
+
+    /**
+     * Build the JSON object representing the citing resource.
+     */
+    private JsonObject buildCitingResourceJson(String subjectId, String relationship, ResourceMetadata metadata) {
+        JsonObjectBuilder citingResourceBuilder = Json.createObjectBuilder()
+                .add("@id", subjectId)
+                .add("relationship", relationship);
+
+        if (metadata.name != null && !metadata.name.isBlank()) {
+            citingResourceBuilder.add("name", metadata.name);
+        }
+
+        if (metadata.itemType != null && !metadata.itemType.isBlank()) {
+            citingResourceBuilder.add("@type", metadata.itemType);
+        }
+
+        return citingResourceBuilder.build();
+    }
+
+    /**
+     * Send notifications to users with publish permissions on the dataset.
+     */
+    private void sendNotifications(Dataset dataset, String jsonString) {
+        roleService.rolesAssignments(dataset).stream()
+                .filter(assignment -> assignment.getRole().permissions().contains(Permission.PublishDataset))
+                .flatMap(ra -> roleAssigneeService
+                        .getExplicitUsers(roleAssigneeService.getRoleAssignee(ra.getAssigneeIdentifier())).stream())
+                .distinct() // prevent double-send
+                .forEach(au -> {
+
+                    if (!notifySuperusersOnly || au.isSuperuser()) {
+                        userNotificationService.sendNotification(au, new Timestamp(new Date().getTime()),
+                                UserNotification.Type.DATASETMENTIONED, dataset.getId(), null, null, true, jsonString);
+
+                    }
+                });
+    }
+    
+
+    /**
+     * Inner class to hold resource metadata.
+     */
+    private static class ResourceMetadata {
+        String name;
+        String itemType;
+    }
+}
diff --git a/src/main/java/edu/harvard/iq/dataverse/engine/command/impl/GetProvJsonCommand.java b/src/main/java/edu/harvard/iq/dataverse/engine/command/impl/GetProvJsonCommand.java
index b98cd70a4da..c1410d1cd27 100644
--- a/src/main/java/edu/harvard/iq/dataverse/engine/command/impl/GetProvJsonCommand.java
+++ b/src/main/java/edu/harvard/iq/dataverse/engine/command/impl/GetProvJsonCommand.java
@@ -38,7 +38,7 @@ public JsonObject execute(CommandContext ctxt) throws CommandException {
             try (InputStream inputStream = dataAccess.getAuxFileAsInputStream(provJsonExtension)) {
                 JsonObject jsonObject = null;
                 if (null != inputStream) {
-                    jsonObject = JsonUtil.getJsonObject(inputStream);
+                    jsonObject = JsonUtil.getJsonObjectFromInputStream(inputStream);
                 }
                 return jsonObject;
             }
diff --git a/src/main/java/edu/harvard/iq/dataverse/settings/JvmSettings.java b/src/main/java/edu/harvard/iq/dataverse/settings/JvmSettings.java
index 07dc417ba1f..8816ffb52c4 100644
--- a/src/main/java/edu/harvard/iq/dataverse/settings/JvmSettings.java
+++ b/src/main/java/edu/harvard/iq/dataverse/settings/JvmSettings.java
@@ -301,6 +301,13 @@ public enum JvmSettings {
     SCOPE_LOCALCONTEXTS(PREFIX, "localcontexts"),
     LOCALCONTEXTS_URL(SCOPE_LOCALCONTEXTS, "url"),
     LOCALCONTEXTS_API_KEY(SCOPE_LOCALCONTEXTS, "api-key"),
+    
+    // LinkedDataNotification
+    SCOPE_LINKEDDATANOTIFICATION(PREFIX, "ldn"),
+    LINKEDDATANOTIFICATION_ALLOWED_HOSTS(SCOPE_LINKEDDATANOTIFICATION, "allowed-hosts"),
+    SCOPE_COARNOTIFY(SCOPE_LINKEDDATANOTIFICATION, "coar-notify"),
+    SCOPE_COARNOTIFY_RELATIONSHIP_ANNOUNCEMENT(SCOPE_COARNOTIFY, "relationship-announcement"),
+    COARNOTIFY_RELATIONSHIP_ANNOUNCEMENT_NOTIFY_SUPERUSERS_ONLY(SCOPE_COARNOTIFY_RELATIONSHIP_ANNOUNCEMENT, "notify-superusers-only"),
     ;
 
     private static final String SCOPE_SEPARATOR = ".";
diff --git a/src/main/java/edu/harvard/iq/dataverse/settings/SettingsServiceBean.java b/src/main/java/edu/harvard/iq/dataverse/settings/SettingsServiceBean.java
index 1cdac02a013..ade961b3b92 100644
--- a/src/main/java/edu/harvard/iq/dataverse/settings/SettingsServiceBean.java
+++ b/src/main/java/edu/harvard/iq/dataverse/settings/SettingsServiceBean.java
@@ -684,13 +684,6 @@ Whether Harvesting (OAI) service is enabled
          * Nevermuted setting warning is logged.
          */
         NeverMuted,
-        /**
-         * LDN Inbox Allowed Hosts - a comma separated list of IP addresses allowed to submit messages to the inbox
-         */
-        LDNMessageHosts,
-        LDNAnnounceRequiredFields,
-        LDNTarget,
-
         /*
          * Allow a custom JavaScript to control values of specific fields.
          */
@@ -758,6 +751,11 @@ Whether Harvesting (OAI) service is enabled
         PostExternalSearchUrl,
         //Experimental setting to provide a display name for the POST external search service
         PostExternalSearchName,
+        //COAR Notify Relationship Anouncement Workflow Step settings
+        // Which field(s) to trigger on, e.g. 'publication'
+        COARNotifyRelationshipAnnouncementTriggerFields,
+        // JSON specification of the targets to send announcements to
+        COARNotifyRelationshipAnnouncementTargets,
         ;
 
         @Override
diff --git a/src/main/java/edu/harvard/iq/dataverse/util/json/JSONLDUtil.java b/src/main/java/edu/harvard/iq/dataverse/util/json/JSONLDUtil.java
index 380cef6aa9d..242847d2e25 100644
--- a/src/main/java/edu/harvard/iq/dataverse/util/json/JSONLDUtil.java
+++ b/src/main/java/edu/harvard/iq/dataverse/util/json/JSONLDUtil.java
@@ -552,7 +552,7 @@ public static JsonObject decontextualizeJsonLD(String jsonLDString) {
                 logger.fine("Decontextualized object: " + jsonld);
                 return jsonld;
             } catch (JsonLdError e) {
-                System.out.println(e.getMessage());
+                logger.warning(e.getMessage());
                 return null;
             }
         }
diff --git a/src/main/java/edu/harvard/iq/dataverse/util/json/JsonUtil.java b/src/main/java/edu/harvard/iq/dataverse/util/json/JsonUtil.java
index 737d67d8245..32f7bb6de16 100644
--- a/src/main/java/edu/harvard/iq/dataverse/util/json/JsonUtil.java
+++ b/src/main/java/edu/harvard/iq/dataverse/util/json/JsonUtil.java
@@ -71,7 +71,7 @@ public static String prettyPrint(JsonObject jsonObject) {
      * not catch any exceptions.
      * @param serializedJson the JSON object serialized as a {@code String}
      * @throws JsonException when parsing fails.
-     * @see #getJsonObject(InputStream)
+     * @see #getJsonObjectFromInputStream(InputStream)
      * @see #getJsonObjectFromFile(String)
      * @see #getJsonArray(String)
      */
@@ -94,7 +94,7 @@ public static JsonObject getJsonObject(String serializedJson) {
      * @see #getJsonObject(String)
      * @see #getJsonObjectFromFile(String)
      */
-    public static JsonObject getJsonObject(InputStream stream) {
+    public static JsonObject getJsonObjectFromInputStream(InputStream stream) {
         try (JsonReader jsonReader = Json.createReader(stream)) {
             return jsonReader.readObject();
         }
@@ -108,7 +108,7 @@ public static JsonObject getJsonObject(InputStream stream) {
      * @throws FileNotFoundException when the file cannot be opened for reading
      * @throws JsonException when parsing fails.
      * @see #getJsonObject(String)
-     * @see #getJsonObject(InputStream)
+     * @see #getJsonObjectFromInputStream(InputStream)
      */
     public static JsonObject getJsonObjectFromFile(String fileName) throws IOException {
         try (FileReader rdr = new FileReader(fileName)) {
diff --git a/src/main/java/edu/harvard/iq/dataverse/workflow/internalspi/COARNotifyRelationshipAnnouncementStep.java b/src/main/java/edu/harvard/iq/dataverse/workflow/internalspi/COARNotifyRelationshipAnnouncementStep.java
new file mode 100644
index 00000000000..8f49f8a50df
--- /dev/null
+++ b/src/main/java/edu/harvard/iq/dataverse/workflow/internalspi/COARNotifyRelationshipAnnouncementStep.java
@@ -0,0 +1,415 @@
+package edu.harvard.iq.dataverse.workflow.internalspi;
+
+import edu.harvard.iq.dataverse.Dataset;
+import edu.harvard.iq.dataverse.DatasetField;
+import edu.harvard.iq.dataverse.DatasetFieldType;
+import edu.harvard.iq.dataverse.DatasetVersion;
+import edu.harvard.iq.dataverse.GlobalId;
+import edu.harvard.iq.dataverse.branding.BrandingUtil;
+import edu.harvard.iq.dataverse.pidproviders.PidUtil;
+import edu.harvard.iq.dataverse.pidproviders.doi.AbstractDOIProvider;
+import edu.harvard.iq.dataverse.pidproviders.handle.HandlePidProvider;
+import static edu.harvard.iq.dataverse.settings.SettingsServiceBean.Key.COARNotifyRelationshipAnnouncementTargets;
+import static edu.harvard.iq.dataverse.settings.SettingsServiceBean.Key.COARNotifyRelationshipAnnouncementTriggerFields;
+
+import edu.harvard.iq.dataverse.util.ListSplitUtil;
+import edu.harvard.iq.dataverse.util.SystemConfig;
+import edu.harvard.iq.dataverse.util.bagit.OREMap;
+import edu.harvard.iq.dataverse.util.json.JsonLDTerm;
+import edu.harvard.iq.dataverse.util.json.JsonUtil;
+import edu.harvard.iq.dataverse.workflow.WorkflowContext;
+import edu.harvard.iq.dataverse.workflow.step.Failure;
+import edu.harvard.iq.dataverse.workflow.step.WorkflowStep;
+import edu.harvard.iq.dataverse.workflow.step.WorkflowStepResult;
+import static edu.harvard.iq.dataverse.workflow.step.WorkflowStepResult.OK;
+
+import java.net.URI;
+import java.net.URISyntaxException;
+import java.nio.charset.StandardCharsets;
+import java.util.Arrays;
+import java.util.Collection;
+import java.util.HashMap;
+import java.util.Iterator;
+import java.util.List;
+import java.util.Map;
+import java.util.Map.Entry;
+import java.util.UUID;
+import java.util.logging.Level;
+import java.util.logging.Logger;
+import jakarta.json.Json;
+import jakarta.json.JsonArray;
+import jakarta.json.JsonArrayBuilder;
+import jakarta.json.JsonObject;
+import jakarta.json.JsonObjectBuilder;
+import jakarta.json.JsonString;
+import jakarta.json.JsonValue;
+
+import org.apache.http.client.methods.CloseableHttpResponse;
+import org.apache.http.client.methods.HttpPost;
+import org.apache.http.entity.StringEntity;
+import org.apache.http.impl.client.CloseableHttpClient;
+import org.apache.http.impl.client.HttpClients;
+
+/**
+ * A workflow step that generates and sends a COAR Notify Relationship
+ * Announcement message to the inbox of a configured target (using the Linked
+ * Data Notification standard). An example use case is for Dataverse to anounce
+ * new dataset versions to the DSpace-based Harvard DASH preprint repository so
+ * that a DASH admin can create a backlink for any dataset versions that
+ * reference a DASH deposit or a paper with a DOI where DASH has a preprint
+ * copy.
+ * 
+ * @author qqmyers
+ */
+
+public class COARNotifyRelationshipAnnouncementStep implements WorkflowStep {
+    private static final Logger logger = Logger.getLogger(COARNotifyRelationshipAnnouncementStep.class.getName());
+    /*
+     * Keeping db settings since only DB settings are supported in workflows at
+     * present. Going forward, it might make sense to have a config model that links
+     * the trigger field and targets (so different fields can trigger notices to
+     * different types of target repositories/services)
+     */
+    private static final String RELATED_PUBLICATION = "publication";
+    public static final String DATACITE_URI_PREFIX = "https://purl.org/datacite/ontology#";
+
+    public COARNotifyRelationshipAnnouncementStep(Map<String, String> paramSet) {
+        new HashMap<>(paramSet);
+    }
+
+    @Override
+    public WorkflowStepResult run(WorkflowContext context) {
+
+        JsonArray targets = JsonUtil.getJsonArray((String) context.getSettings().get(COARNotifyRelationshipAnnouncementTargets.toString()));
+        if (targets != null && !targets.isEmpty()) {
+            CloseableHttpClient client = HttpClients.createDefault();
+
+            try {
+                // First check that we have what is required
+                Dataset d = context.getDataset();
+                DatasetVersion dv = d.getReleasedVersion();
+                List<DatasetField> dvf = dv.getDatasetFields();
+                Map<String, DatasetField> fields = new HashMap<String, DatasetField>();
+                List<String> reqFields = ListSplitUtil.split((String) context.getSettings().getOrDefault(COARNotifyRelationshipAnnouncementTriggerFields.toString(), ""));
+                for (DatasetField df : dvf) {
+                    if (!df.isEmpty() && reqFields.contains(df.getDatasetFieldType().getName())) {
+                        fields.put(df.getDatasetFieldType().getName(), df);
+                    }
+                }
+
+                // Get all relationship objects once
+                JsonArray relationships = getObjects(context, fields);
+
+                if (relationships.isEmpty()) {
+                    logger.fine("No valid relationships found to announce");
+                    return OK;
+                }
+
+                // Track overall success
+                boolean anySuccess = false;
+                StringBuilder errors = new StringBuilder();
+
+                // Loop through each target
+                for (JsonObject target : targets.getValuesAs(JsonObject.class)) {
+                    String inboxUrl = target.getString("inbox");
+
+                    // Send a message for each relationship to this target
+                    for (JsonObject rel : relationships.getValuesAs(JsonObject.class)) {
+                        HttpPost announcement = buildAnnouncementPost(rel, target);
+
+                        try (CloseableHttpResponse response = client.execute(announcement)) {
+                            int code = response.getStatusLine().getStatusCode();
+                            if (code >= 200 && code < 300) {
+                                // HTTP OK range
+                                anySuccess = true;
+                                logger.fine("Successfully sent message for " + rel.toString() + " to " + inboxUrl);
+                            } else {
+                                String responseBody = new String(response.getEntity().getContent().readAllBytes(),
+                                        StandardCharsets.UTF_8);
+                                String errorMsg = "Error communicating with " + inboxUrl + " for relationship "
+                                        + rel.toString() + ". Server response: " + responseBody + " (" + response
+                                        + ").";
+                                logger.warning(errorMsg);
+                                errors.append(errorMsg).append("\n");
+                            }
+                        } catch (Exception ex) {
+                            logger.log(Level.SEVERE, "Error communicating with " + inboxUrl + ": " + ex.getMessage(),
+                                    ex);
+                            String errorMsg = "Error executing request to " + inboxUrl + ": "
+                                    + ex.getLocalizedMessage();
+                            errors.append(errorMsg).append("\n");
+                        }
+                    }
+                }
+
+                // If we had any errors but also some successes, report partial failure
+                if (errors.length() > 0) {
+                    return new Failure((anySuccess ? "Partial failure: " : "") + errors.toString());
+                }
+
+                // All succeeded
+                return OK;
+
+            } catch (URISyntaxException e) {
+                return new Failure(
+                        "COARNotifyRelationshipAnnouncementStep workflow step failed: unable to parse inbox in target setting.");
+            }
+        }
+        return new Failure("COARNotifyRelationshipAnnouncementStep workflow step failed: " + COARNotifyRelationshipAnnouncementTargets.toString()
+                + " setting missing or invalid.");
+    }
+
+    @Override
+    public WorkflowStepResult resume(WorkflowContext context, Map<String, String> internalData, String externalData) {
+        throw new UnsupportedOperationException("Not supported yet."); // This class does not need to resume.
+    }
+
+    @Override
+    public void rollback(WorkflowContext context, Failure reason) {
+        throw new UnsupportedOperationException("Not supported yet."); // This class does not need to resume.
+    }
+
+    /**
+     * Scan through all fields and return an array of relationship JsonObjects with
+     * subjectId, relationship, objectId, and @context
+     * 
+     * @param ctxt
+     * @param fields
+     * @return JsonArray of JsonObjects with subjectId, relationship, objectId,
+     *         and @context
+     */
+    JsonArray getObjects(WorkflowContext ctxt, Map<String, DatasetField> fields) {
+        JsonArrayBuilder jab = Json.createArrayBuilder();
+        Map<String, String> localContext = new HashMap<String, String>();
+        Map<Long, JsonObject> emptyCvocMap = new HashMap<Long, JsonObject>();
+
+        Dataset d = ctxt.getDataset();
+        for (Entry<String, DatasetField> entry : fields.entrySet()) {
+            DatasetField field = entry.getValue();
+            DatasetFieldType dft = field.getDatasetFieldType();
+            JsonValue jv = OREMap.getJsonLDForField(field, false, emptyCvocMap, localContext);
+            // jv is a JsonArray for multi-val fields, so loop
+            if (jv != null) {
+                if (jv instanceof JsonArray) {
+                    JsonArray rels = (JsonArray) jv;
+                    Iterator<JsonValue> iter = rels.iterator();
+                    while (iter.hasNext()) {
+                        JsonValue jval = iter.next();
+                        JsonObject relObject = getRelationshipObject(dft, jval, d, localContext);
+                        if (relObject != null) {
+                            jab.add(relObject);
+                        }
+                    }
+                } else {
+                    JsonObject relObject = getRelationshipObject(dft, jv, d, localContext);
+                    if (relObject != null) {
+                        jab.add(relObject);
+                    }
+                }
+            }
+
+        }
+        return jab.build();
+    }
+
+    private JsonObject getRelationshipObject(DatasetFieldType dft, JsonValue jval, Dataset d,
+            Map<String, String> localContext) {
+        String[] answers = getBestIdAndType(dft, jval);
+        String id = answers[0];
+        String type = answers[1];
+        // Skip if we couldn't determine a valid ID
+        if (id == null || type == null) {
+            return null;
+        }
+        return Json.createObjectBuilder().add("as:object", id).add("as:relationship", type)
+                .add("as:subject", d.getGlobalId().asURL().toString())
+                .add("id", "urn:uuid:" + UUID.randomUUID().toString()).add("type", "Relationship").build();
+    }
+
+    HttpPost buildAnnouncementPost(JsonObject rel, JsonObject target) throws URISyntaxException {
+        String body = buildAnnouncement(rel, target);
+        logger.info("Body: " + body);
+
+        HttpPost annPost = new HttpPost();
+        annPost.setURI(new URI(target.getString("inbox")));
+        annPost.setEntity(new StringEntity(JsonUtil.prettyPrint(body), "utf-8"));
+        annPost.setHeader("Content-Type", "application/ld+json");
+        return annPost;
+    }
+
+    public static String buildAnnouncement(JsonObject rel, JsonObject target) {
+        JsonObjectBuilder job = Json.createObjectBuilder();
+        JsonArrayBuilder context = Json.createArrayBuilder().add("https://www.w3.org/ns/activitystreams")
+                .add("https://coar-notify.net");
+        job.add("@context", context);
+        job.add("id", "urn:uuid:" + UUID.randomUUID().toString());
+        job.add("actor", Json.createObjectBuilder().add("id", SystemConfig.getDataverseSiteUrlStatic())
+                .add("name", BrandingUtil.getInstallationBrandName()).add("type", "Service"));
+        JsonObjectBuilder coarContextBuilder = Json.createObjectBuilder();
+        coarContextBuilder.add("id", rel.getString("as:object"));
+        job.add("context", coarContextBuilder.build());
+        job.add("object", rel);
+        job.add("origin", Json.createObjectBuilder().add("id", SystemConfig.getDataverseSiteUrlStatic())
+                .add("inbox", SystemConfig.getDataverseSiteUrlStatic() + "/api/inbox").add("type", "Service"));
+        job.add("target", target);
+        job.add("type", Json.createArrayBuilder().add("Announce").add("coar-notify:RelationshipAction"));
+
+        return JsonUtil.prettyPrint(job.build());
+    }
+
+    private String[] getBestIdAndType(DatasetFieldType dft, JsonValue jv) {
+
+        String type = DATACITE_URI_PREFIX + "IsSupplementTo";
+        // Primitive value
+        if (jv instanceof JsonString) {
+            String value = ((JsonString) jv).getString();
+            if (isURI(value)) {
+                return new String[] { ((JsonString) jv).getString(), type };
+            } else {
+                return new String[] { null, null };
+            }
+        }
+        // Compound - apply type specific logic to get best Id
+        JsonObject jo = jv.asJsonObject();
+        String id = null;
+        switch (dft.getName()) {
+        case RELATED_PUBLICATION:
+            JsonLDTerm publicationIDType = null;
+            JsonLDTerm publicationIDNumber = null;
+            JsonLDTerm publicationURL = null;
+            JsonLDTerm publicationRelationType = null;
+
+            Collection<DatasetFieldType> childTypes = dft.getChildDatasetFieldTypes();
+            for (DatasetFieldType cdft : childTypes) {
+                switch (cdft.getName()) {
+                case "publicationURL":
+                    publicationURL = cdft.getJsonLDTerm();
+                    break;
+                case "publicationIDType":
+                    publicationIDType = cdft.getJsonLDTerm();
+                    break;
+                case "publicationIDNumber":
+                    publicationIDNumber = cdft.getJsonLDTerm();
+                    break;
+                case "publicationRelationType":
+                    publicationRelationType = cdft.getJsonLDTerm();
+                }
+            }
+            if (jo.containsKey(publicationIDType.getLabel())) {
+                if ((jo.containsKey(publicationIDNumber.getLabel()))) {
+                    String number = jo.getString(publicationIDNumber.getLabel());
+
+                    switch (jo.getString(publicationIDType.getLabel())) {
+                    case AbstractDOIProvider.DOI_PROTOCOL:
+                        if (number.startsWith("10")) {
+                            number = AbstractDOIProvider.DOI_PROTOCOL + number;
+                        }
+                        // Validate using GlobalId
+                        try {
+                            GlobalId pid = PidUtil.parseAsGlobalID(number);
+                            id = pid.asURL();
+                        } catch (IllegalArgumentException e) {
+                            // Ignore
+                        }
+                        break;
+                    case HandlePidProvider.HDL_PROTOCOL:
+                        if (!number.startsWith(HandlePidProvider.HDL_PROTOCOL)
+                                && !number.startsWith(HandlePidProvider.HDL_RESOLVER_URL)
+                                && !number.startsWith(HandlePidProvider.HTTP_HDL_RESOLVER_URL)) {
+                            number = "hdl:" + number;
+                        }
+                        // Validate using GlobalId
+                        try {
+                            GlobalId pid = PidUtil.parseAsGlobalID(number);
+                            id = pid.asURL();
+                        } catch (IllegalArgumentException e) {
+                            // Ignore
+                        }
+                        break;
+                    default:
+                        // Check if the number can be interpreted as a valid URI of some sort
+                        if (isURI(number)) {
+                            id = number;
+                        }
+
+                        break;
+                    }
+                }
+            } else if (jo.containsKey(publicationURL.getLabel())) {
+
+                String value = jo.getString(publicationURL.getLabel());
+                if (isURI(value)) {
+                    id = value;
+                }
+            }
+            if (jo.containsKey(publicationRelationType.getLabel())) {
+                type = jo.getString(publicationRelationType.getLabel());
+                type = DATACITE_URI_PREFIX + type;
+            }
+            break;
+        default:
+            Collection<DatasetFieldType> childDFTs = dft.getChildDatasetFieldTypes();
+            // Loop through child fields and select one
+            // The order of preference is for a field with URL in the name, followed by one
+            // with 'ID',then 'Name', and as a last resort, a field.
+            for (DatasetFieldType cdft : childDFTs) {
+                String fieldname = cdft.getName();
+                if (fieldname.contains("URL")) {
+                    if (jo.containsKey(cdft.getJsonLDTerm().getLabel())) {
+                        String value = jo.getString(cdft.getJsonLDTerm().getLabel());
+                        if (isURI(value)) {
+                            id = value;
+                        }
+                        break;
+                    }
+                }
+            }
+            if (id == null) {
+                for (DatasetFieldType cdft : childDFTs) {
+                    String fieldname = cdft.getName();
+
+                    if ((fieldname.contains("ID") || fieldname.contains("Id")) && !fieldname.contains("Type")) {
+                        if (jo.containsKey(cdft.getJsonLDTerm().getLabel())) {
+                            String value = jo.getString(cdft.getJsonLDTerm().getLabel());
+                            if (isURI(value)) {
+                                id = value;
+                            }
+                            break;
+                        }
+
+                    }
+                }
+            }
+            if (id == null) {
+                for (DatasetFieldType cdft : childDFTs) {
+                    String fieldname = cdft.getName();
+
+                    if (fieldname.contains("Name")) {
+                        if (jo.containsKey(cdft.getJsonLDTerm().getLabel())) {
+                            String value = jo.getString(cdft.getJsonLDTerm().getLabel());
+                            if (isURI(value)) {
+                                id = value;
+                            }
+                            break;
+                        }
+                    }
+                }
+            }
+        }
+        return new String[] { id, type };
+    }
+
+    private boolean isURI(String number) {
+        try {
+            URI uri = new URI(number);
+            if (uri.isAbsolute()) {
+                return true;
+            }
+        } catch (URISyntaxException e) {
+            // Not a valid URI, skip
+            logger.fine("Value is not a valid URI: " + number);
+        }
+        return false;
+    }
+
+}
diff --git a/src/main/java/edu/harvard/iq/dataverse/workflow/internalspi/InternalWorkflowStepSP.java b/src/main/java/edu/harvard/iq/dataverse/workflow/internalspi/InternalWorkflowStepSP.java
index d99e0901d3c..aee5c11f39e 100644
--- a/src/main/java/edu/harvard/iq/dataverse/workflow/internalspi/InternalWorkflowStepSP.java
+++ b/src/main/java/edu/harvard/iq/dataverse/workflow/internalspi/InternalWorkflowStepSP.java
@@ -25,8 +25,8 @@ public WorkflowStep getStep(String stepType, Map<String, String> stepParameters)
                 return new AuthorizedExternalStep(stepParameters);
             case "archiver":
                 return new ArchivalSubmissionWorkflowStep(stepParameters);
-            case "ldnannounce":
-                return new LDNAnnounceDatasetVersionStep(stepParameters);
+            case "coarNotifyRelationshipAnnouncement":
+                return new COARNotifyRelationshipAnnouncementStep(stepParameters);
             default:
                 throw new IllegalArgumentException("Unsupported step type: '" + stepType + "'.");
         }
diff --git a/src/main/java/edu/harvard/iq/dataverse/workflow/internalspi/LDNAnnounceDatasetVersionStep.java b/src/main/java/edu/harvard/iq/dataverse/workflow/internalspi/LDNAnnounceDatasetVersionStep.java
deleted file mode 100644
index 49ca77573da..00000000000
--- a/src/main/java/edu/harvard/iq/dataverse/workflow/internalspi/LDNAnnounceDatasetVersionStep.java
+++ /dev/null
@@ -1,281 +0,0 @@
-package edu.harvard.iq.dataverse.workflow.internalspi;
-
-import edu.harvard.iq.dataverse.Dataset;
-import edu.harvard.iq.dataverse.DatasetField;
-import edu.harvard.iq.dataverse.DatasetFieldType;
-import edu.harvard.iq.dataverse.DatasetVersion;
-import edu.harvard.iq.dataverse.branding.BrandingUtil;
-import edu.harvard.iq.dataverse.util.ListSplitUtil;
-import static edu.harvard.iq.dataverse.settings.SettingsServiceBean.Key.LDNAnnounceRequiredFields;
-import static edu.harvard.iq.dataverse.settings.SettingsServiceBean.Key.LDNTarget;
-import edu.harvard.iq.dataverse.util.SystemConfig;
-import edu.harvard.iq.dataverse.util.bagit.OREMap;
-import edu.harvard.iq.dataverse.util.json.JsonLDTerm;
-import edu.harvard.iq.dataverse.util.json.JsonUtil;
-import edu.harvard.iq.dataverse.workflow.WorkflowContext;
-import edu.harvard.iq.dataverse.workflow.step.Failure;
-import edu.harvard.iq.dataverse.workflow.step.WorkflowStep;
-import edu.harvard.iq.dataverse.workflow.step.WorkflowStepResult;
-import static edu.harvard.iq.dataverse.workflow.step.WorkflowStepResult.OK;
-
-import java.net.URI;
-import java.net.URISyntaxException;
-import java.nio.charset.StandardCharsets;
-import java.util.Collection;
-import java.util.HashMap;
-import java.util.List;
-import java.util.Map;
-import java.util.Map.Entry;
-import java.util.Set;
-import java.util.UUID;
-import java.util.logging.Level;
-import java.util.logging.Logger;
-import jakarta.json.Json;
-import jakarta.json.JsonArray;
-import jakarta.json.JsonArrayBuilder;
-import jakarta.json.JsonObject;
-import jakarta.json.JsonObjectBuilder;
-import jakarta.json.JsonValue;
-
-import org.apache.http.client.methods.CloseableHttpResponse;
-import org.apache.http.client.methods.HttpPost;
-import org.apache.http.entity.StringEntity;
-import org.apache.http.impl.client.CloseableHttpClient;
-import org.apache.http.impl.client.HttpClients;
-
-/**
- * A workflow step that generates and sends an LDN Announcement message to the
- * inbox of a configured target. THe initial use case is for Dataverse to
- * anounce new dataset versions to the Harvard DASH preprint repository so that
- * a DASH admin can create a backlink for any dataset versions that reference a
- * DASH deposit or a paper with a DOI where DASH has a preprint copy.
- *
- * @author qqmyers
- */
-
-public class LDNAnnounceDatasetVersionStep implements WorkflowStep {
-    private static final Logger logger = Logger.getLogger(LDNAnnounceDatasetVersionStep.class.getName());
-    private static final String REQUIRED_FIELDS = LDNAnnounceRequiredFields.toString();
-    private static final String LDN_TARGET = LDNTarget.toString();
-    private static final String RELATED_PUBLICATION = "publication";
-
-    JsonLDTerm publicationIDType = null;
-    JsonLDTerm publicationIDNumber = null;
-    JsonLDTerm publicationURL = null;
-
-    public LDNAnnounceDatasetVersionStep(Map<String, String> paramSet) {
-        new HashMap<>(paramSet);
-    }
-
-    @Override
-    public WorkflowStepResult run(WorkflowContext context) {
-
-        JsonObject target = JsonUtil.getJsonObject((String) context.getSettings().get(LDN_TARGET));
-        if (target != null) {
-            String inboxUrl = target.getString("inbox");
-
-            CloseableHttpClient client = HttpClients.createDefault();
-
-            // build method
-
-            HttpPost announcement;
-            try {
-                announcement = buildAnnouncement(false, context, target);
-            } catch (URISyntaxException e) {
-                return new Failure("LDNAnnounceDatasetVersion workflow step failed: unable to parse inbox in :LDNTarget setting.");
-            }
-            if(announcement==null) {
-                logger.info(context.getDataset().getGlobalId().asString() + "does not have metadata required to send LDN message. Nothing sent.");
-                return OK;
-            }
-            // execute
-            try (CloseableHttpResponse response = client.execute(announcement)) {
-                int code = response.getStatusLine().getStatusCode();
-                if (code >= 200 && code < 300) {
-                    // HTTP OK range
-                    return OK;
-                } else {
-                    String responseBody = new String(response.getEntity().getContent().readAllBytes(),
-                            StandardCharsets.UTF_8);
-                    ;
-                    return new Failure("Error communicating with " + inboxUrl + ". Server response: " + responseBody
-                            + " (" + response + ").");
-                }
-
-            } catch (Exception ex) {
-                logger.log(Level.SEVERE, "Error communicating with remote server: " + ex.getMessage(), ex);
-                return new Failure("Error executing request: " + ex.getLocalizedMessage(),
-                        "Cannot communicate with remote server.");
-            }
-        }
-        return new Failure("LDNAnnounceDatasetVersion workflow step failed: :LDNTarget setting missing or invalid.");
-    }
-
-    @Override
-    public WorkflowStepResult resume(WorkflowContext context, Map<String, String> internalData, String externalData) {
-        throw new UnsupportedOperationException("Not supported yet."); // This class does not need to resume.
-    }
-
-    @Override
-    public void rollback(WorkflowContext context, Failure reason) {
-        throw new UnsupportedOperationException("Not supported yet."); // This class does not need to resume.
-    }
-
-    HttpPost buildAnnouncement(boolean qb, WorkflowContext ctxt, JsonObject target) throws URISyntaxException {
-
-        // First check that we have what is required
-        DatasetVersion dv = ctxt.getDataset().getReleasedVersion();
-        List<DatasetField> dvf = dv.getDatasetFields();
-        Map<String, DatasetField> fields = new HashMap<String, DatasetField>();
-        for (String field : ListSplitUtil.split((String) ctxt.getSettings().getOrDefault(REQUIRED_FIELDS, ""))) {
-            fields.put(field, null);
-        }
-        Set<String> reqFields = fields.keySet();
-        for (DatasetField df : dvf) {
-            if(!df.isEmpty() && reqFields.contains(df.getDatasetFieldType().getName())) {
-                fields.put(df.getDatasetFieldType().getName(), df);
-            }
-        }
-        if (fields.containsValue(null)) {
-            logger.fine("DatasetVersion doesn't contain metadata required to trigger announcement");
-            return null;
-        }
-        // We do, so construct the json-ld body and method
-
-        Map<String, String> localContext = new HashMap<String, String>();
-        JsonObjectBuilder coarContext = Json.createObjectBuilder();
-        Map<Long, JsonObject> emptyCvocMap = new HashMap<Long, JsonObject>();
-        boolean includeLocalContext = false;
-        for (Entry<String, DatasetField> entry : fields.entrySet()) {
-            DatasetField field = entry.getValue();
-            DatasetFieldType dft = field.getDatasetFieldType();
-            String dfTypeName = entry.getKey();
-            JsonValue jv = OREMap.getJsonLDForField(field, false, emptyCvocMap, localContext);
-            switch (dfTypeName) {
-            case RELATED_PUBLICATION:
-                JsonArrayBuilder relArrayBuilder = Json.createArrayBuilder();
-                publicationIDType = null;
-                publicationIDNumber = null;
-                publicationURL = null;
-                Collection<DatasetFieldType> childTypes = dft.getChildDatasetFieldTypes();
-                for (DatasetFieldType cdft : childTypes) {
-                    switch (cdft.getName()) {
-                    case "publicationURL":
-                        publicationURL = cdft.getJsonLDTerm();
-                        break;
-                    case "publicationIDType":
-                        publicationIDType = cdft.getJsonLDTerm();
-                        break;
-                    case "publicationIDNumber":
-                        publicationIDNumber = cdft.getJsonLDTerm();
-                        break;
-                    }
-
-                }
-
-                if (jv != null) {
-                    if (jv instanceof JsonArray) {
-                        JsonArray rels = (JsonArray) jv;
-                        for (JsonObject jo : rels.getValuesAs(JsonObject.class)) {
-                            String id = getBestPubId(jo);
-                            relArrayBuilder.add(Json.createObjectBuilder().add("id", id).add("ietf:cite-as", id)
-                                    .add("type", "sorg:ScholaryArticle").build());
-                        }
-                    }
-
-                    else { // JsonObject
-                        String id = getBestPubId((JsonObject) jv);
-                        relArrayBuilder.add(Json.createObjectBuilder().add("id", id).add("ietf:cite-as", id)
-                                .add("type", "sorg:ScholaryArticle").build());
-                    }
-                }
-                coarContext.add("IsSupplementTo", relArrayBuilder);
-                break;
-            default:
-                if (jv != null) {
-                    includeLocalContext = true;
-                    coarContext.add(dft.getJsonLDTerm().getLabel(), jv);
-                }
-
-            }
-        }
-        dvf.get(0).getDatasetFieldType().getName();
-        JsonObjectBuilder job = Json.createObjectBuilder();
-        JsonArrayBuilder context = Json.createArrayBuilder().add("https://purl.org/coar/notify")
-                .add("https://www.w3.org/ns/activitystreams");
-        if (includeLocalContext && !localContext.isEmpty()) {
-            JsonObjectBuilder contextBuilder = Json.createObjectBuilder();
-            for (Entry<String, String> e : localContext.entrySet()) {
-                contextBuilder.add(e.getKey(), e.getValue());
-            }
-            context.add(contextBuilder);
-        }
-        job.add("@context", context);
-        job.add("id", "urn:uuid:" + UUID.randomUUID().toString());
-        job.add("actor", Json.createObjectBuilder().add("id", SystemConfig.getDataverseSiteUrlStatic())
-                .add("name", BrandingUtil.getInstallationBrandName()).add("type", "Service"));
-        job.add("context", coarContext);
-        Dataset d = ctxt.getDataset();
-        job.add("object",
-                Json.createObjectBuilder().add("id", d.getLocalURL())
-                        .add("ietf:cite-as", d.getGlobalId().asURL())
-                        .add("sorg:name", d.getDisplayName()).add("type", "sorg:Dataset"));
-        job.add("origin", Json.createObjectBuilder().add("id", SystemConfig.getDataverseSiteUrlStatic())
-                .add("inbox", SystemConfig.getDataverseSiteUrlStatic() + "/api/inbox").add("type", "Service"));
-        job.add("target", target);
-        job.add("type", Json.createArrayBuilder().add("Announce").add("coar-notify:ReleaseAction"));
-
-        HttpPost annPost = new HttpPost();
-        annPost.setURI(new URI(target.getString("inbox")));
-        String body = JsonUtil.prettyPrint(job.build());
-        logger.fine("Body: " + body);
-        annPost.setEntity(new StringEntity(JsonUtil.prettyPrint(body), "utf-8"));
-        annPost.setHeader("Content-Type", "application/ld+json");
-        return annPost;
-    }
-
-    private String getBestPubId(JsonObject jo) {
-        String id = null;
-        if (jo.containsKey(publicationURL.getLabel())) {
-            id = jo.getString(publicationURL.getLabel());
-        } else if (jo.containsKey(publicationIDType.getLabel())) {
-            if ((jo.containsKey(publicationIDNumber.getLabel()))) {
-                String number = jo.getString(publicationIDNumber.getLabel());
-
-                switch (jo.getString(publicationIDType.getLabel())) {
-                case "doi":
-                    if (number.startsWith("https://doi.org/")) {
-                        id = number;
-                    } else if (number.startsWith("doi:")) {
-                        id = "https://doi.org/" + number.substring(4);
-                    }
-
-                    break;
-                case "DASH-URN":
-                    if (number.startsWith("http")) {
-                        id = number;
-                    }
-                    break;
-                }
-            }
-        }
-        return id;
-    }
-
-    String process(String template, Map<String, String> values) {
-        String curValue = template;
-        for (Map.Entry<String, String> ent : values.entrySet()) {
-            String val = ent.getValue();
-            if (val == null) {
-                val = "";
-            }
-            String varRef = "${" + ent.getKey() + "}";
-            while (curValue.contains(varRef)) {
-                curValue = curValue.replace(varRef, val);
-            }
-        }
-
-        return curValue;
-    }
-
-}
diff --git a/src/main/java/propertyFiles/Bundle.properties b/src/main/java/propertyFiles/Bundle.properties
index e93280cca2d..4f823449118 100644
--- a/src/main/java/propertyFiles/Bundle.properties
+++ b/src/main/java/propertyFiles/Bundle.properties
@@ -252,6 +252,7 @@ notification.workflowSucceeded=An external workflow run on {0} in {1} has succee
 notification.statusUpdated=The status of dataset {0} has been updated to {1}.
 notification.pidreconciled=The persistent identifier of dataset {0} has been updated to `{1}`.
 notification.datasetMentioned=Announcement Received: Newly released {0} <a href="{1}">{2}</a> {3} Dataset {4}.
+notification.datasetMentioned.itemType=Resource
 
 notification.ingestCompleted=Dataset <a href="/dataset.xhtml?persistentId={0}" title="{1}">{1}</a> has one or more tabular files that completed the <a href="{2}/{3}/user/dataset-management.html#tabular-data-files" title="Tabular Data Files - Dataverse User Guide" target="_blank" rel="noopener">tabular ingest process</a> and are available in archival formats.
 notification.ingestCompletedWithErrors=Dataset <a href="/dataset.xhtml?persistentId={0}" title="{1}">{1}</a> has one or more tabular files that are available but are not supported for <a href="{2}/{3}/user/dataset-management.html#tabular-data-files" title="Tabular Data Files- Dataverse User Guide" target="_blank" rel="noopener">tabular ingest</a>.
diff --git a/src/main/webapp/dataverseuser.xhtml b/src/main/webapp/dataverseuser.xhtml
index 6c7826783d7..4ff9f5c18ca 100644
--- a/src/main/webapp/dataverseuser.xhtml
+++ b/src/main/webapp/dataverseuser.xhtml
@@ -467,9 +467,9 @@
                                                 <o:importFunctions type="edu.harvard.iq.dataverse.util.json.JsonUtil" />
                                                     <span class="icon-dataset text-icon-inline text-muted"></span>
                                                     <h:outputFormat value="#{bundle['notification.datasetMentioned']}" escape="false">
-                                                    <f:param value="#{JsonUtil:getJsonObject(item.additionalInfo).getString('@type')}"/>
+                                                    <f:param value="#{JsonUtil:getJsonObject(item.additionalInfo).getString('@type', bundle['notification.datasetMentioned.itemType'])}"/>
                                                     <f:param value="#{JsonUtil:getJsonObject(item.additionalInfo).getString('@id')}"/>
-                                                    <f:param value="#{JsonUtil:getJsonObject(item.additionalInfo).getString('name')}"/>
+                                                    <f:param value="#{JsonUtil:getJsonObject(item.additionalInfo).getString('name', JsonUtil:getJsonObject(item.additionalInfo).getString('@id'))}"/>
                                                     <f:param value="#{JsonUtil:getJsonObject(item.additionalInfo).getString('relationship', 'isRelatedTo')}"/>
                                                         <o:param>
                                                             <a href="/dataset.xhtml?persistentId=#{item.theObject.getGlobalId()}&amp;version=DRAFT&amp;faces-redirect=true" title="#{item.theObject.getDisplayName()}">#{item.theObject.getDisplayName()}</a>
diff --git a/src/test/java/edu/harvard/iq/dataverse/api/LDNInboxIT.java b/src/test/java/edu/harvard/iq/dataverse/api/LDNInboxIT.java
new file mode 100644
index 00000000000..33019efa8b4
--- /dev/null
+++ b/src/test/java/edu/harvard/iq/dataverse/api/LDNInboxIT.java
@@ -0,0 +1,25 @@
+
+package edu.harvard.iq.dataverse.api;
+
+import org.junit.jupiter.api.Test;
+import static edu.harvard.iq.dataverse.workflow.internalspi.COARNotifyRelationshipAnnouncementStep.DATACITE_URI_PREFIX;
+import io.restassured.response.Response;
+
+import static jakarta.ws.rs.core.Response.Status.FORBIDDEN;
+
+public class LDNInboxIT {
+
+    private static String datasetPid ="doi:10.5072/F2ABCDEF";
+
+    //Simple test to assure that the default with no hosts allowed causes a message to get rejected.
+    @Test
+    public void testRejectMessageFromNonAllowedHost() {
+        String message = LDNInboxTest.createRelationshipAnnouncementMessage("https://doi.org/10.1234/test", datasetPid,
+                DATACITE_URI_PREFIX + "Cites");
+
+        // Send the message - should be rejected
+        Response response = UtilIT.sendMessageToLDNInbox(message);
+
+        response.then().assertThat().statusCode(FORBIDDEN.getStatusCode());
+    }
+}
\ No newline at end of file
diff --git a/src/test/java/edu/harvard/iq/dataverse/api/LDNInboxTest.java b/src/test/java/edu/harvard/iq/dataverse/api/LDNInboxTest.java
new file mode 100644
index 00000000000..1adf8327f83
--- /dev/null
+++ b/src/test/java/edu/harvard/iq/dataverse/api/LDNInboxTest.java
@@ -0,0 +1,276 @@
+package edu.harvard.iq.dataverse.api;
+
+import edu.harvard.iq.dataverse.Dataset;
+import edu.harvard.iq.dataverse.DatasetServiceBean;
+import edu.harvard.iq.dataverse.DataverseRoleServiceBean;
+import edu.harvard.iq.dataverse.DataverseServiceBean;
+import edu.harvard.iq.dataverse.GlobalId;
+import edu.harvard.iq.dataverse.MailServiceBean;
+import edu.harvard.iq.dataverse.RoleAssigneeServiceBean;
+import edu.harvard.iq.dataverse.RoleAssignment;
+import edu.harvard.iq.dataverse.UserNotification;
+import edu.harvard.iq.dataverse.UserNotificationServiceBean;
+import edu.harvard.iq.dataverse.api.ldn.COARNotifyRelationshipAnnouncement;
+import edu.harvard.iq.dataverse.authorization.DataverseRole;
+import edu.harvard.iq.dataverse.authorization.Permission;
+import edu.harvard.iq.dataverse.authorization.RoleAssignee;
+import edu.harvard.iq.dataverse.authorization.users.AuthenticatedUser;
+import edu.harvard.iq.dataverse.branding.BrandingUtil;
+import edu.harvard.iq.dataverse.pidproviders.PidUtil;
+import edu.harvard.iq.dataverse.settings.JvmSettings;
+import edu.harvard.iq.dataverse.settings.SettingsServiceBean;
+import edu.harvard.iq.dataverse.util.SystemConfig;
+import edu.harvard.iq.dataverse.util.testing.JvmSetting;
+import edu.harvard.iq.dataverse.util.testing.LocalJvmSettings;
+import jakarta.json.Json;
+import jakarta.json.JsonArray;
+import jakarta.json.JsonObject;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.ws.rs.BadRequestException;
+import jakarta.ws.rs.ForbiddenException;
+import jakarta.ws.rs.core.Response;
+import org.junit.jupiter.api.BeforeEach;
+import org.junit.jupiter.api.Test;
+import org.junit.jupiter.api.extension.ExtendWith;
+import org.mockito.ArgumentCaptor;
+import org.mockito.InjectMocks;
+import org.mockito.Mock;
+import org.mockito.MockedStatic;
+import org.mockito.Mockito;
+import org.mockito.junit.jupiter.MockitoExtension;
+
+import static jakarta.ws.rs.core.Response.Status.OK;
+import static jakarta.ws.rs.core.Response.Status.BAD_REQUEST;
+import static jakarta.ws.rs.core.Response.Status.FORBIDDEN;
+import static org.junit.jupiter.api.Assertions.assertEquals;
+import static org.junit.jupiter.api.Assertions.assertThrows;
+import static org.junit.jupiter.api.Assertions.assertTrue;
+import static org.mockito.ArgumentMatchers.any;
+import static org.mockito.ArgumentMatchers.anyBoolean;
+import static org.mockito.ArgumentMatchers.anyLong;
+import static org.mockito.ArgumentMatchers.anyString;
+import static org.mockito.Mockito.mock;
+import static org.mockito.Mockito.never;
+import static org.mockito.Mockito.verify;
+import static org.mockito.Mockito.when;
+
+import java.util.Collections;
+import java.util.UUID;
+
+@ExtendWith(MockitoExtension.class)
+@LocalJvmSettings
+public class LDNInboxTest {
+
+    @InjectMocks
+    private LDNInbox ldnInbox;
+
+    @Mock
+    private HttpServletRequest httpRequest;
+
+    @Mock
+    private DatasetServiceBean datasetService;
+    @Mock
+    private UserNotificationServiceBean userNotificationService;
+    @Mock
+    private DataverseRoleServiceBean roleService;
+    @Mock
+    private RoleAssigneeServiceBean roleAssigneeService;
+    @Mock
+    private SettingsServiceBean settingsService;
+    @Mock
+    private DataverseServiceBean dataverseService;
+
+    
+    private static final String DATACITE_URI_PREFIX = "http://purl.org/spar/datacite/";
+    private static final String FRBR_SUPPLEMENT = "http://purl.org/vocab/frbr/core#supplement";
+    private static final String TEST_REMOTE_IP = "127.0.0.1";
+    private static final String datasetPid = "doi:10.5072/FK2/TESTID";
+    GlobalId pid = new GlobalId("doi", "10.5072", "FK2/TESTID", "/", "https://doi.org/", "test");
+
+    @BeforeEach
+    public void setUp() {
+
+        // Inject the mocked request into the API bean
+        ldnInbox.httpRequest = httpRequest;
+        when(httpRequest.getRemoteAddr()).thenReturn(TEST_REMOTE_IP);
+    }
+
+    @Test
+    @JvmSetting(key = JvmSettings.LINKEDDATANOTIFICATION_ALLOWED_HOSTS, value = "192.168.1.100")
+    public void testAcceptMessage_ForbiddenIp() {
+        // given
+        String remoteIp = "10.0.0.5";
+        when(httpRequest.getRemoteAddr()).thenReturn(remoteIp);
+        String messageBody = createRelationshipAnnouncementMessage("https://doi.org/10.1234/test", datasetPid,
+                DATACITE_URI_PREFIX + "Cites");
+
+        // when & then
+        ForbiddenException exception = assertThrows(ForbiddenException.class, () -> {
+            ldnInbox.acceptMessage(messageBody);
+        });
+
+        assertEquals("The LDN Inbox does not accept messages from this address", exception.getMessage());
+        verify(datasetService, never()).findByGlobalId(anyString());
+    }
+
+    @Test
+    @JvmSetting(key = JvmSettings.LINKEDDATANOTIFICATION_ALLOWED_HOSTS, value = "192.168.1.100,10.0.0.5")
+    public void testAcceptMessage_AllowedIp() {
+        // given
+        String remoteIp = "10.0.0.5";
+        when(httpRequest.getRemoteAddr()).thenReturn(remoteIp);
+        // This is a valid JSON-LD but will cause a BadRequestException later, which is
+        // fine.
+        // It proves we got past the ForbiddenException check.
+        String messageBody = "{\"@context\": \"https://www.w3.org/ns/activitystreams\"}";
+
+        // when & then
+        // We expect a BadRequestException because the message is incomplete,
+        // but this proves the IP was allowed.
+        assertThrows(BadRequestException.class, () -> {
+            ldnInbox.acceptMessage(messageBody);
+        }, "Should throw BadRequest, not Forbidden, when IP is in the whitelist.");
+    }
+
+    @Test
+    @JvmSetting(key = JvmSettings.LINKEDDATANOTIFICATION_ALLOWED_HOSTS, value = "*")
+    public void testAcceptMessage_AllowedIp_Wildcard() {
+        // given
+        String remoteIp = "10.0.0.5";
+        when(httpRequest.getRemoteAddr()).thenReturn(remoteIp);
+        String messageBody = "{\"@context\": \"https://www.w3.org/ns/activitystreams\"}";
+
+        // when & then
+        // We expect a BadRequestException because the message is incomplete,
+        // but this proves the wildcard allowed the request to proceed.
+        assertThrows(jakarta.ws.rs.BadRequestException.class, () -> {
+            ldnInbox.acceptMessage(messageBody);
+        }, "Should throw BadRequest, not Forbidden, when whitelist is a wildcard.");
+    }
+
+    @Test
+    @JvmSetting(key = JvmSettings.LINKEDDATANOTIFICATION_ALLOWED_HOSTS, value = TEST_REMOTE_IP)
+    public void testAcceptRelationshipAnnouncementMessage() {
+        // given
+        String citingResourceId = "https://doi.org/10.1234/example-publication";
+        String relationship = DATACITE_URI_PREFIX + "Cites";
+        String message = createRelationshipAnnouncementMessage(citingResourceId, datasetPid, relationship);
+
+        Dataset targetDataset = new Dataset();
+        targetDataset.setId(1L);
+        AuthenticatedUser testUser = mock(AuthenticatedUser.class);
+        RoleAssignment testRoleAssignment = mock(RoleAssignment.class);
+        DataverseRole testRole = mock(DataverseRole.class);
+        RoleAssignee testRoleAssignee = mock(RoleAssignee.class);
+
+        try (MockedStatic<PidUtil> pidUtilMock = Mockito.mockStatic(PidUtil.class)) {
+
+            pidUtilMock.when(() -> PidUtil.parseAsGlobalID(datasetPid)).thenReturn(pid);
+            when(datasetService.findByGlobalId(datasetPid)).thenReturn(targetDataset);
+
+            // Mocks to ensure a user is found to be notified
+            when(roleService.rolesAssignments(targetDataset)).thenReturn(Collections.singleton(testRoleAssignment));
+            when(testRoleAssignment.getRole()).thenReturn(testRole);
+            when(testRole.permissions()).thenReturn(Collections.singleton(Permission.PublishDataset));
+            when(testRoleAssignment.getAssigneeIdentifier()).thenReturn("testAssignee");
+            when(roleAssigneeService.getRoleAssignee("testAssignee")).thenReturn(testRoleAssignee);
+            when(roleAssigneeService.getExplicitUsers(testRoleAssignee)).thenReturn(Collections.singletonList(testUser));
+
+            // Setup mocks for BrandingUtil
+            BrandingUtil.injectServices(dataverseService, settingsService);
+
+            // when
+            Response response = ldnInbox.acceptMessage(message);
+
+            // then
+            assertEquals(OK.getStatusCode(), response.getStatus());
+            ArgumentCaptor<UserNotification.Type> typeCaptor = ArgumentCaptor.forClass(UserNotification.Type.class);
+            ArgumentCaptor<Long> objectIdCaptor = ArgumentCaptor.forClass(Long.class);
+            verify(userNotificationService).sendNotification(any(), any(), typeCaptor.capture(),
+                    objectIdCaptor.capture(), any(), any(), anyBoolean(), anyString());
+            assertEquals(UserNotification.Type.DATASETMENTIONED, typeCaptor.getValue());
+            assertTrue(objectIdCaptor.getValue().equals(targetDataset.getId()));
+        }
+    }
+
+    @Test
+    @JvmSetting(key = JvmSettings.LINKEDDATANOTIFICATION_ALLOWED_HOSTS, value = TEST_REMOTE_IP)
+    public void testAcceptRelationshipAnnouncementMessage_IsSupplementTo() {
+        // given
+        String citingResourceId = "https://doi.org/10.1234/example-publication";
+        String relationship = FRBR_SUPPLEMENT;
+        String message = createRelationshipAnnouncementMessage(citingResourceId, datasetPid, relationship);
+
+        Dataset targetDataset = new Dataset();
+        try (MockedStatic<PidUtil> pidUtilMock = Mockito.mockStatic(PidUtil.class)) {
+
+            pidUtilMock.when(() -> PidUtil.parseAsGlobalID(datasetPid)).thenReturn(pid);
+
+            when(datasetService.findByGlobalId(datasetPid)).thenReturn(targetDataset);
+            // Setup mocks for BrandingUtil
+            BrandingUtil.injectServices(dataverseService, settingsService);
+
+            // when
+            Response response = ldnInbox.acceptMessage(message);
+
+            // then
+            assertEquals(OK.getStatusCode(), response.getStatus());
+        }
+    }
+
+    @Test
+    @JvmSetting(key = JvmSettings.LINKEDDATANOTIFICATION_ALLOWED_HOSTS, value = TEST_REMOTE_IP)
+    public void testAcceptMessage_NoDatasetFound() {
+        // given
+        String citingResourceId = "https://doi.org/10.1234/example-publication";
+        String relationship = DATACITE_URI_PREFIX + "Cites";
+        String message = createRelationshipAnnouncementMessage(citingResourceId, datasetPid, relationship);
+
+        try (MockedStatic<PidUtil> pidUtilMock = Mockito.mockStatic(PidUtil.class)) {
+
+            pidUtilMock.when(() -> PidUtil.parseAsGlobalID(datasetPid)).thenReturn(pid);
+            when(datasetService.findByGlobalId(datasetPid)).thenReturn(null);
+
+            // when
+            Response response = ldnInbox.acceptMessage(message);
+
+            // then
+            assertEquals(OK.getStatusCode(), response.getStatus());
+            verify(userNotificationService, never()).sendNotification(any(), any(),any(), anyLong(), any(),any(), anyBoolean(), any());
+        }
+    }
+
+    @Test
+    @JvmSetting(key = JvmSettings.LINKEDDATANOTIFICATION_ALLOWED_HOSTS, value = TEST_REMOTE_IP)
+    public void testAcceptMessage_InvalidJsonLD() {
+        // given
+        String invalidMessage = "{\"@context\": \"https://www.w3.org/ns/activitystreams\", \"@id\": \"urn:uuid:invalid\"}";
+
+        // when & then
+        BadRequestException exception = assertThrows(BadRequestException.class, () -> {
+            ldnInbox.acceptMessage(invalidMessage);
+        });
+
+        assertTrue(exception.getMessage().contains("Message does not contain an 'object' key"));
+    }
+
+    static String createRelationshipAnnouncementMessage(String sourceId, String targetId, String relationship) {
+        JsonArray context = Json.createArrayBuilder().add("https://www.w3.org/ns/activitystreams")
+                .add("https://purl.org/coar/notify").build();
+
+        JsonArray type = Json.createArrayBuilder().add("Announce").add("coar-notify:RelationshipAction").build();
+
+        JsonObject message = Json.createObjectBuilder().add("@context", context)
+                .add("id", "urn:uuid:" + UUID.randomUUID().toString()).add("type", type)
+                .add("origin", Json.createObjectBuilder().add("id", "https://some-service.com").add("type", "Service"))
+                .add("target", Json.createObjectBuilder().add("id", "https://dataverse.org").add("type", "Service"))
+                .add("object",
+                        Json.createObjectBuilder().add("id", "urn:uuid:" + UUID.randomUUID().toString())
+                                .add("type", "Relationship").add("as:relationship", relationship)
+                                .add("as:subject", sourceId).add("as:object", targetId))
+                .add("actor", Json.createObjectBuilder().add("id", "https://some-service.com").add("type", "Service")
+                        .add("name", "Some Service"))
+                .build();
+        return message.toString();
+    }
+}
\ No newline at end of file
diff --git a/src/test/java/edu/harvard/iq/dataverse/api/UtilIT.java b/src/test/java/edu/harvard/iq/dataverse/api/UtilIT.java
index 496ae826e02..f178bb09380 100644
--- a/src/test/java/edu/harvard/iq/dataverse/api/UtilIT.java
+++ b/src/test/java/edu/harvard/iq/dataverse/api/UtilIT.java
@@ -5205,4 +5205,13 @@ public static Response updateLicense(String datasetId, String licenseOrCustomTer
                 .header(API_TOKEN_HTTP_HEADER, apiToken)
                 .put("/api/datasets/" + datasetId + "/license");
     }
+
+    public static Response sendMessageToLDNInbox(String message) {
+        // Send the message to the LDN inbox
+        return given()
+                .contentType("application/ld+json")
+                .body(message)
+                .when()
+                .post("/api/inbox/");
+    }
 }
diff --git a/tests/integration-tests.txt b/tests/integration-tests.txt
index 33d137c893a..af96689eb1e 100644
--- a/tests/integration-tests.txt
+++ b/tests/integration-tests.txt
@@ -1 +1 @@
-DataversesIT,DatasetsIT,SwordIT,AdminIT,BuiltinUsersIT,UsersIT,UtilIT,ConfirmEmailIT,FileMetadataIT,FilesIT,SearchIT,InReviewWorkflowIT,HarvestingServerIT,HarvestingClientsIT,MoveIT,MakeDataCountApiIT,FileTypeDetectionIT,EditDDIIT,ExternalToolsIT,AccessIT,DuplicateFilesIT,DownloadFilesIT,LinkIT,DeleteUsersIT,DeactivateUsersIT,AuxiliaryFilesIT,InvalidCharactersIT,LicensesIT,NotificationsIT,BagIT,MetadataBlocksIT,NetcdfIT,SignpostingIT,FitsIT,LogoutIT,DataRetrieverApiIT,ProvIT,S3AccessIT,OpenApiIT,InfoIT,DatasetFieldsIT,SavedSearchIT,DatasetTypesIT,DataverseFeaturedItemsIT,SendFeedbackApiIT,CustomizationIT,JsonLDExportIT,WorkflowsIT
+DataversesIT,DatasetsIT,SwordIT,AdminIT,BuiltinUsersIT,UsersIT,UtilIT,ConfirmEmailIT,FileMetadataIT,FilesIT,SearchIT,InReviewWorkflowIT,HarvestingServerIT,HarvestingClientsIT,MoveIT,MakeDataCountApiIT,FileTypeDetectionIT,EditDDIIT,ExternalToolsIT,AccessIT,DuplicateFilesIT,DownloadFilesIT,LinkIT,DeleteUsersIT,DeactivateUsersIT,AuxiliaryFilesIT,InvalidCharactersIT,LicensesIT,NotificationsIT,BagIT,MetadataBlocksIT,NetcdfIT,SignpostingIT,FitsIT,LogoutIT,DataRetrieverApiIT,ProvIT,S3AccessIT,OpenApiIT,InfoIT,DatasetFieldsIT,SavedSearchIT,DatasetTypesIT,DataverseFeaturedItemsIT,SendFeedbackApiIT,CustomizationIT,JsonLDExportIT,WorkflowsIT,LDNInboxIT

From b4b10712c4414f04a89f8d480f124b8e33c4f26c Mon Sep 17 00:00:00 2001
From: donsizemore <don.sizemore@gmail.com>
Date: Tue, 25 Nov 2025 11:04:55 -0500
Subject: [PATCH 534/634] #11993 update dataverse-globus link to GDCC repo

---
 doc/sphinx-guides/source/developers/big-data-support.rst | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/doc/sphinx-guides/source/developers/big-data-support.rst b/doc/sphinx-guides/source/developers/big-data-support.rst
index ef13143be02..cec51ec6864 100644
--- a/doc/sphinx-guides/source/developers/big-data-support.rst
+++ b/doc/sphinx-guides/source/developers/big-data-support.rst
@@ -165,7 +165,7 @@ Globus File Transfer
 Note: Globus file transfer is still experimental but feedback is welcome! See :ref:`support`.
 
 Users can transfer files via `Globus <https://www.globus.org>`_ into and out of datasets, or reference files on a remote Globus endpoint, when their Dataverse installation is configured to use a Globus accessible store(s) 
-and a community-developed `dataverse-globus <https://github.com/scholarsportal/dataverse-globus>`_ app has been properly installed and configured.
+and a community-developed `dataverse-globus <https://github.com/gdcc/dataverse-globus>`_ app has been properly installed and configured.
 
 Globus endpoints can be in a variety of places, from data centers to personal computers. 
 This means that from within the Dataverse software, a Globus transfer can feel like an upload or a download (with Globus Personal Connect running on your laptop, for example) or it can feel like a true transfer from one server to another (from a cluster in a data center into a Dataverse dataset or vice versa).

From 917987636b66b1d20b904ee67579a68eff24e2a2 Mon Sep 17 00:00:00 2001
From: Leonid Andreev <leonid@hmdc.harvard.edu>
Date: Tue, 25 Nov 2025 11:43:40 -0500
Subject: [PATCH 535/634] renaming the flyway script, 6.8.0.1 -> 6.8.0.3 #11828

---
 src/main/resources/db/migration/{V6.8.0.1.sql => V6.8.0.3.sql} | 0
 1 file changed, 0 insertions(+), 0 deletions(-)
 rename src/main/resources/db/migration/{V6.8.0.1.sql => V6.8.0.3.sql} (100%)

diff --git a/src/main/resources/db/migration/V6.8.0.1.sql b/src/main/resources/db/migration/V6.8.0.3.sql
similarity index 100%
rename from src/main/resources/db/migration/V6.8.0.1.sql
rename to src/main/resources/db/migration/V6.8.0.3.sql

From 1c08eebbc35c11bb63ff60861b8aac07f3176ce9 Mon Sep 17 00:00:00 2001
From: Philip Durbin <philip_durbin@harvard.edu>
Date: Tue, 25 Nov 2025 12:33:11 -0500
Subject: [PATCH 536/634] add cross links

---
 .../source/admin/big-data-administration.rst  | 67 +++++++++++--------
 .../source/developers/big-data-support.rst    |  2 +-
 .../source/installation/config.rst            | 35 +++++++++-
 3 files changed, 71 insertions(+), 33 deletions(-)

diff --git a/doc/sphinx-guides/source/admin/big-data-administration.rst b/doc/sphinx-guides/source/admin/big-data-administration.rst
index ead0f8fb032..205b96f630a 100644
--- a/doc/sphinx-guides/source/admin/big-data-administration.rst
+++ b/doc/sphinx-guides/source/admin/big-data-administration.rst
@@ -16,6 +16,8 @@ In general, there are three dimensions in which Dataverse can scale:
 .. contents:: |toctitle|
         :local:
 
+.. _choose-store:
+
 Storage: Choosing the Right Store
 ---------------------------------
 
@@ -24,13 +26,15 @@ With appropriate configuration, Dataverse can support file sizes and aggregate d
 
 The primary choice in Dataverse related to storage is which types of "store" (also called "storage driver") to use:
 
+.. _file-stores:
+
 File Stores
 ~~~~~~~~~~~
 
 The default storage option in Dataverse uses the local file system. When files are transferred to Dataverse, they are first stored in a
 temporary location on the Dataverse server. Any zip files uploaded are unzipped to create multiple individual file entries. Once an upload is completed, 
 Dataverse copies the files to permanent storage. Dataverse also takes advantage of the file being local to inspect its bytes to determine its 
-MIME type, and, for tabular data, to "ingest" it - extracting metadata about the variables used in the file and creating a tab-separated values (TSV)
+MIME type, and, for tabular data, to ":doc:`ingest </user/tabulardataingest/index>`" it - extracting metadata about the variables used in the file and creating a tab-separated values (TSV)
 version of the file.
 
 Benefits: 
@@ -50,6 +54,7 @@ Challenges: In general, file storage is not a good option for larger data sizes
 - Cost: local file storage must be provisioned in advance based on anticipated demand. It can involve up-front costs (for a local disk), or, when procured from a 
   cloud provider, is likely to be more expensive than object storage from that provider (see below).
 
+.. _s3-stores:
 
 S3 Stores: Object Storage via S3
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
@@ -77,7 +82,7 @@ Challenges:
   providers charge more per TB than the equivalent cost of a local disk (though commercial S3 storage is cheaper than commercial file storage).
   There can also be egress and other charges. Overall, S3 storage is generally more expensive than local file storage but cheaper than cloud file storage.
   Running a local S3 storage or leveraging an institutional service can further reduce costs.
-- Direct upload via S3 is a multi-step process: Dataverse provides URLs for the uploads, the user's browser or other app uses the URLs to transfer files to the S3 store,
+- Direct upload via S3 is a :doc:`multi-step process </developers/s3-direct-upload-api>`: Dataverse provides URLs for the uploads, the user's browser or other app uses the URLs to transfer files to the S3 store,
   possibly in many pieces per file, and finally, Dataverse is told that one or more files are in place and should be added to the dataset. If the last step fails, or if
   all parts of a file cannot be transferred, orphaned files or parts of files can be left on S3. These files are not accessible via Dataverse but do use space (for which there is a monetary cost)
   until they are deleted. There is currently no automated clean-up mechanism.
@@ -88,7 +93,7 @@ Other Considerations
 - S3 Storage without direct upload/download provides minimal benefits with Dataverse as files still pass through the server, files are still uploaded as a single HTTP/HTTPS stream, and temporary storage is still used.
 - While not having files unzipped can be confusing to users who are used to it from using Dataverse with file storage, there are ways to minimize the impact. 
   For example, Dataverse can be configured to use a "Zip File Previewer" that allows users to see the contents of a zip file and even download individual files from within it (see :ref:`compressed-files`). 
-  For users who still want their data stored as individual files with their relative folder paths, Dataverse can be configured with "DVWebloader" which allows users to select an entire folder tree of files and 
+  For users who still want their data stored as individual files with their relative folder paths, Dataverse can be configured with ":ref:`DVWebloader <folder-upload>`" which allows users to select an entire folder tree of files and
   upload them, with their relative paths intact, to Dataverse. (DVWebloader can only be used with S3/direct upload, but it is much more efficient with many files than using the 
   standard upload interface in Dataverse (which also does not retain path information)).
 - Several features that involve Dataverse accessing files' contents, including unzipping zip files, are disabled when S3 direct upload is enabled. See :ref:`s3-direct-upload-features-disabled`.
@@ -106,6 +111,8 @@ Other Considerations
 - Dataverse leverages S3 features that are not implemented by all servers and has several configuration options geared towards handling variations between servers - see :ref:`s3-compatible`. Site admins should be sure to test with their preferred S3 implementation (and consider adding to the list of working S3 implementations).
 - The part-size used when directly transferring files to S3 is configurable (at AWS, from 5 MiB to 5GiB). The default in Dataverse is 1 GiB (1024^3 bytes). If the primary use case is with smaller files than that, decreasing the part size may improve upload speeds.
 
+.. _remote-stores:
+
 Remote Stores
 ~~~~~~~~~~~~~
 
@@ -150,6 +157,8 @@ Challenges:
 - For large files, direct-download should always be used with a remote store. (Otherwise the Dataverse will be involved in the download.)
 - When multiple files are selected for download, Dataverse will try to include remote files in the zip file being created (up to the max zip size limit) which is inefficient, and will not be able to include remote files that are inaccessible (possibly confusing). 
 
+.. _globus-stores:
+
 Globus Stores: Globus Transfer Between Large File/Tape Archives
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
@@ -259,11 +268,11 @@ Before describing things that can be done to improve scaling, it is important to
 
 There are a number of settings to limit how many files can be uploaded (see :ref:`database-settings` and :ref:`jvm-options` for more details):
 
-- ZipUploadFilesLimit - the maximum number of files allowed in an uploaded zip file - only relevant for file stores and S3 when direct upload is not used.
-- MultipleUploadFilesLimit - the number of files the GUI user is allowed to upload in one batch, via drag-and-drop, or through the file select dialog
-- MaxFileUploadSizeInBytes - limit the size of files that can be uploaded
-- UseStorageQuotas - once enabled, super users can set per-collection quotas (in bytes) to limit the aggregate size of all files in the collection
-- dataverse.files.default-dataset-file-count-limit - directly limits the number of files per dataset, can be changed per dataset via API (by super users)
+- :ref:`:ZipUploadFilesLimit` - the maximum number of files allowed in an uploaded zip file - only relevant for file stores and S3 when direct upload is not used.
+- :ref:`:MultipleUploadFilesLimit` - the number of files the GUI user is allowed to upload in one batch, via drag-and-drop, or through the file select dialog
+- :ref:`:MaxFileUploadSizeInBytes` - limit the size of files that can be uploaded
+- :ref:`:UseStorageQuotas` - once enabled, super users can set per-collection quotas (in bytes) to limit the aggregate size of all files in the collection
+- :ref:`dataverse.files.default-dataset-file-count-limit` - directly limits the number of files per dataset, can be changed per dataset via API (by super users)
 
 Scaling-related Configuration
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
@@ -271,29 +280,29 @@ Scaling-related Configuration
 There are a broad range of options (that are not turned on by default) for improving how well Solr indexing and searching scales and for handling more files per dataset. Some of these are useful for all installations while others are related to specific use cases, or are mostly for emergency use (e.g. disabling facets).
 (see :ref:`database-settings`, :ref:`jvm-options`, and :ref:`feature-flags` for more details):
 
-- dataverse.feature.add-publicobject-solr-field=true - specifically marks unrestricted content as public in Solr
-- dataverse.feature.avoid-expensive-solr-join=true - this tells Dataverse to use the feature above to speed up searches
-- dataverse.feature.reduce-solr-deletes=true - when Solr entries are being updated, this avoids an unnecessary step (deletion of existing entries) for entries that are being replaced
-- dataverse.feature.disable-dataset-thumbnail-autoselect=true - by default, Dataverse scans through all files in a dataset to find one that can be used as a thumbnail, which is expensive for many files. This disables that behavior to improve performance
+- dataverse.feature.add-publicobject-solr-field=true - specifically marks unrestricted content as public in Solr. See :ref:`feature-flags`.
+- dataverse.feature.avoid-expensive-solr-join=true - this tells Dataverse to use the feature above to speed up searches. See :ref:`feature-flags`.
+- dataverse.feature.reduce-solr-deletes=true - when Solr entries are being updated, this avoids an unnecessary step (deletion of existing entries) for entries that are being replaced. See :ref:`feature-flags`.
+- dataverse.feature.disable-dataset-thumbnail-autoselect=true - by default, Dataverse scans through all files in a dataset to find one that can be used as a thumbnail, which is expensive for many files. This disables that behavior to improve performance. See :ref:`feature-flags`.
 - dataverse.feature.only-update-datacite-when-needed=true - reduces the load on DataCite and reduces Dataverse failures related to that load, which is important when using file PIDs on Datasets with many files
-- dataverse.solr.min-files-to-use-proxy=<X> - improve performance/lower memory requirements when indexing datasets with many files, suggested value is in the range 200 to 500
-- dataverse.solr.concurrency.max-async-indexes=<X> - limits the number of index operations running in parallel. The default is 4, larger values may improve performance (if the Solr intance is appropriately sized)
+- :ref:`dataverse.solr.min-files-to-use-proxy` =<X> - improve performance/lower memory requirements when indexing datasets with many files, suggested value is in the range 200 to 500
+- :ref:`dataverse.solr.concurrency.max-async-indexes` =<X> - limits the number of index operations running in parallel. The default is 4, larger values may improve performance (if the Solr intance is appropriately sized)
 - dataverse.exports.schema-dot-org.max-files-for-download-entries - reduces the size of the schema.org metadata export when there are many files per dataset. By default, this is included in the dataset page header, so the smaller version improves page loading and can avoid issues with Google indexing (datasets with thousands of files+)
-- SolrFullTextIndexing - false improves performance at the expense of not indexing file contents
-- SolrMaxFileSizeForFullTextIndexing - size in bytes (default unset/no limit) above which file contents should not be indexed
-- ZipDownloadLimit - the maximum size in bytes for zipped downloads of files from a dataset. If the size of requested files is larger, some files will be omitted and listed in the zip manifest file as not included.
-- DatasetChecksumValidationSizeLimit - by default, Dataverse checks fixity (assuring the file contents match the recorded checksum) as part of publication. This setting specifies a maximum aggregate dataset size, above which this validation will not be done.
-- DataFileChecksumValidationSizeLimit - by default, Dataverse checks fixity (assuring the file contents match the recorded checksum) as part of publication. This setting specifies a maximum file size, above which validation will not be done.
-- FilePIDsEnabled - false is recommended when datasets have many files. Related settings allow file PIDS to be enabled/disabled per collection and per dataset
-- CustomZipDownloadServiceUrl - allows use of a separate process/machine to handle zipping up multi-file downloads. Requires installation of the separate Zip Download app
-- WebloaderUrl - enables use of an installed DVWebloader (by specifying its web location) which is more efficient for uploading many files 
-- CategoryOrder - Pre-sorts the file display by category, e.g. showing all "Documentation" files before "Data" files. Any user selected sorting by name, age, or size is done within these sections  
-- OrderByFolder - pre-sorts files by their directory Label (folder), showing files with no path before others. Any user selected sorting by name, age, or size is done within these sections
-- DisableSolrFacets - disables facets, which are costly to generate, in search results (including the main collection page)
-- DisableSolrFacetsForGuestUsers - only disable facets for guests
-- DisableSolrFacetsWithoutJsession - disables facets for users who have disabled cookies (e.g. for bots)
-- DisableUncheckedTypesFacet - only disables the facet showing the number of collections, datasets, files matching the query (this facet is potentially less useful than others)
-- StoreIngestedTabularFilesWithVarHeaders - by default, Dataverse stores ingested files without headers and dynamically adds them back at download time. Once this setting is enabled, Dataverse will leave the headers in place (for newly ingested files), reducing the cost of downloads
+- :ref:`:SolrFullTextIndexing` - false improves performance at the expense of not indexing file contents
+- :ref:`:SolrMaxFileSizeForFullTextIndexing` - size in bytes (default unset/no limit) above which file contents should not be indexed
+- :ref:`:ZipDownloadLimit` - the maximum size in bytes for zipped downloads of files from a dataset. If the size of requested files is larger, some files will be omitted and listed in the zip manifest file as not included.
+- :ref:`:DatasetChecksumValidationSizeLimit` - by default, Dataverse checks fixity (assuring the file contents match the recorded checksum) as part of publication. This setting specifies a maximum aggregate dataset size, above which this validation will not be done.
+- :ref:`:DataFileChecksumValidationSizeLimit` - by default, Dataverse checks fixity (assuring the file contents match the recorded checksum) as part of publication. This setting specifies a maximum file size, above which validation will not be done.
+- :ref:`:FilePIDsEnabled` - false is recommended when datasets have many files. Related settings allow file PIDS to be enabled/disabled per collection and per dataset
+- :ref:`:CustomZipDownloadServiceUrl` - allows use of a separate process/machine to handle zipping up multi-file downloads. Requires installation of the separate Zip Download app
+- :ref:`:WebloaderUrl` - enables use of an installed DVWebloader (by specifying its web location) which is more efficient for uploading many files 
+- :ref:`:CategoryOrder` - Pre-sorts the file display by category, e.g. showing all "Documentation" files before "Data" files. Any user selected sorting by name, age, or size is done within these sections  
+- :ref:`:OrderByFolder` - pre-sorts files by their directory Label (folder), showing files with no path before others. Any user selected sorting by name, age, or size is done within these sections
+- :ref:`:DisableSolrFacets` - disables facets, which are costly to generate, in search results (including the main collection page)
+- :ref:`:DisableSolrFacetsForGuestUsers` - only disable facets for guests
+- :ref:`:DisableSolrFacetsWithoutJsession` - disables facets for users who have disabled cookies (e.g. for bots)
+- :ref:`:DisableUncheckedTypesFacet` - only disables the facet showing the number of collections, datasets, files matching the query (this facet is potentially less useful than others)
+- :ref:`:StoreIngestedTabularFilesWithVarHeaders` - by default, Dataverse stores ingested files without headers and dynamically adds them back at download time. Once this setting is enabled, Dataverse will leave the headers in place (for newly ingested files), reducing the cost of downloads
 
 
 Scaling Infrastructure
diff --git a/doc/sphinx-guides/source/developers/big-data-support.rst b/doc/sphinx-guides/source/developers/big-data-support.rst
index 75a50e2513d..759930b5b2b 100644
--- a/doc/sphinx-guides/source/developers/big-data-support.rst
+++ b/doc/sphinx-guides/source/developers/big-data-support.rst
@@ -187,6 +187,6 @@ As described in that document, Globus transfers can be initiated by choosing the
 
 An overview of the control and data transfer interactions between components was presented at the 2022 Dataverse Community Meeting and can be viewed in the `Integrations and Tools Session Video <https://youtu.be/3ek7F_Dxcjk?t=5289>`_ around the 1 hr 28 min mark.
 
-See also :ref:`Globus settings <:GlobusSettings>`.
+See also :ref:`Globus settings <:GlobusSettings>` and :ref:`globus-stores`.
 
 An alternative, experimental implementation of Globus polling of ongoing upload transfers has been added in v6.4. This framework does not rely on the instance staying up continuously for the duration of the transfer and saves the state information about Globus upload requests in the database. Due to its experimental nature it is not enabled by default. See the ``globus-use-experimental-async-framework`` feature flag (see :ref:`feature-flags`) and the JVM option :ref:`dataverse.files.globus-monitoring-server`.
diff --git a/doc/sphinx-guides/source/installation/config.rst b/doc/sphinx-guides/source/installation/config.rst
index 59c52f848ae..bd31471e093 100644
--- a/doc/sphinx-guides/source/installation/config.rst
+++ b/doc/sphinx-guides/source/installation/config.rst
@@ -1011,13 +1011,13 @@ By default, a Dataverse installation stores all data files (files uploaded by en
 A Dataverse installation can alternately store files in a Swift or S3-compatible object store, or on a Globus endpoint, and can now be configured to support multiple stores at once.
 A Dataverse installation may also be configured to reference some files (e.g. large and/or sensitive data) stored in a web or Globus accessible trusted remote store.
 With a multi-store configuration, the location for new files can be controlled on a per-Dataverse collection or per-dataset basis.
-The :doc:`/admin/big-data-administration` provides more detail about the pros and cons of different types of storage.
+:doc:`/admin/big-data-administration` provides more detail about the pros and cons of different types of storage.
 
 A Dataverse installation can be configured to allow out of band upload by setting the ``dataverse.files.\<id\>.upload-out-of-band`` JVM option to ``true``.
 By default, Dataverse supports uploading files via the :ref:`add-file-api`. With S3 stores, a direct upload process can be enabled to allow sending the file directly to the S3 store (without any intermediate copies on the Dataverse server).
 With the upload-out-of-band option enabled, it is also possible for file upload to be managed manually or via third-party tools, with the :ref:`Adding the Uploaded file to the Dataset <direct-add-to-dataset-api>` API call (described in the :doc:`/developers/s3-direct-upload-api` page) used to add metadata and inform Dataverse that a new file has been added to the relevant store.
 
-The following sections describe how to set up various types of stores and how to configure for multiple stores.
+The following sections describe how to set up various types of stores and how to configure for multiple stores. See also :ref:`choose-store`.
 
 .. _multiple-stores:
 
@@ -1080,6 +1080,8 @@ File stores have one option - the directory where files should be stored. This c
 
 Multiple file stores should specify different directories (which would nominally be the reason to use multiple file stores), but one may share the same directory as "\-Ddataverse.files.directory" option - this would result in temp files being stored in the /temp subdirectory within the file store's root directory.
 
+See also :ref:`file-stores`.
+
 Swift Storage
 +++++++++++++
 
@@ -1175,6 +1177,8 @@ The Dataverse Software S3 driver supports multi-part upload for large files (ove
 
 **Note:** The Dataverse Project Team is most familiar with AWS S3, and can provide support on its usage with the Dataverse Software. Thanks to community contributions, the application's architecture also allows non-AWS S3 providers. The Dataverse Project Team can provide very limited support on these other providers. We recommend reaching out to the wider Dataverse Project Community if you have questions.
 
+See also :ref:`s3-stores`.
+
 First: Set Up Accounts and Access Credentials
 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
 
@@ -1493,7 +1497,7 @@ In addition to having the type "remote" and requiring a label, Trusted Remote St
 These and other available options are described in the table below.
 
 Trusted remote stores can range from being a static trusted website to a sophisticated service managing access requests and logging activity
-and/or managing access to a secure enclave.  See :doc:`/admin/big-data-administration` and :doc:`/developers/big-data-support` for additional information on how to use a trusted remote store. For specific remote stores, consult their documentation when configuring the remote store in your Dataverse installation.
+and/or managing access to a secure enclave.  See :doc:`/admin/big-data-administration` (specifically :ref:`remote-stores`) and :doc:`/developers/big-data-support` for additional information on how to use a trusted remote store. For specific remote stores, consult their documentation when configuring the remote store in your Dataverse installation.
 
 Note that in the current implementation, activities where Dataverse needs access to data bytes, e.g. to create thumbnails or validate hash values at publication will fail if a remote store does not allow Dataverse access. Implementers of such trusted remote stores should consider using Dataverse's settings to disable ingest, validation of files at publication, etc. as needed.
 
@@ -2786,6 +2790,8 @@ when using it to configure your core name!
 
 Can also be set via *MicroProfile Config API* sources, e.g. the environment variable ``DATAVERSE_SOLR_PATH``.
 
+.. _dataverse.solr.min-files-to-use-proxy:
+
 dataverse.solr.min-files-to-use-proxy
 +++++++++++++++++++++++++++++++++++++
 
@@ -2797,6 +2803,8 @@ A recommended value would be ~1000 but the optimal value may vary depending on d
 
 Can also be set via *MicroProfile Config API* sources, e.g. the environment variable ``DATAVERSE_SOLR_MIN_FILES_TO_USE_PROXY``.
 
+.. _dataverse.solr.concurrency.max-async-indexes:
+
 dataverse.solr.concurrency.max-async-indexes
 ++++++++++++++++++++++++++++++++++++++++++++
 
@@ -4400,6 +4408,8 @@ Notes:
 
 - For larger file upload sizes, you may need to configure your reverse proxy timeout. If using apache2 (httpd) with Shibboleth, add a timeout to the ProxyPass defined in etc/httpd/conf.d/ssl.conf (which is described in the :doc:`/installation/shibboleth` setup).
 
+.. _:MultipleUploadFilesLimit:
+
 :MultipleUploadFilesLimit
 +++++++++++++++++++++++++
 
@@ -4446,6 +4456,8 @@ For example :
 
 ``curl -X PUT -d 0 http://localhost:8080/api/admin/settings/:TabularIngestSizeLimit:xlsx``
 
+.. _:ZipUploadFilesLimit:
+
 :ZipUploadFilesLimit
 ++++++++++++++++++++
 
@@ -4464,6 +4476,8 @@ By default your Dataverse installation will attempt to connect to Solr on port 8
 
 **Note:** instead of using a database setting, you could alternatively use JVM settings like :ref:`dataverse.solr.host`.
 
+.. _:SolrFullTextIndexing:
+
 :SolrFullTextIndexing
 +++++++++++++++++++++
 
@@ -4471,6 +4485,8 @@ Whether or not to index the content of files such as PDFs. The default is false.
 
 ``curl -X PUT -d true http://localhost:8080/api/admin/settings/:SolrFullTextIndexing``
 
+.. _:SolrMaxFileSizeForFullTextIndexing:
+
 :SolrMaxFileSizeForFullTextIndexing
 +++++++++++++++++++++++++++++++++++
 
@@ -4492,12 +4508,15 @@ To enable the setting::
 
   curl -X PUT -d true "http://localhost:8080/api/admin/settings/:DisableSolrFacets"
 
+.. _:DisableSolrFacetsForGuestUsers:
 
 :DisableSolrFacetsForGuestUsers
 +++++++++++++++++++++++++++++++
 
 Similar to the above, but will disable the facets for Guest (unauthenticated) users only. 
 
+.. _:DisableSolrFacetsWithoutJsession:
+
 :DisableSolrFacetsWithoutJsession
 +++++++++++++++++++++++++++++++++
 
@@ -5014,6 +5033,8 @@ If you don’t want date facets to be sorted chronologically, set:
 
 ``curl -X PUT -d 'false' http://localhost:8080/api/admin/settings/:ChronologicalDateFacets``
 
+.. _:CustomZipDownloadServiceUrl:
+
 :CustomZipDownloadServiceUrl
 ++++++++++++++++++++++++++++
 
@@ -5145,6 +5166,8 @@ A suggested minimum includes author, datasetContact, and contributor, but additi
 
 ``curl -X PUT -d 'author, datasetContact, contributor, depositor, grantNumber, publication' http://localhost:8080/api/admin/settings/:AnonymizedFieldTypeNames``
 
+.. _:DatasetChecksumValidationSizeLimit:
+
 :DatasetChecksumValidationSizeLimit
 +++++++++++++++++++++++++++++++++++
 
@@ -5160,6 +5183,8 @@ Refer to "Physical Files Validation in a Dataset" API :ref:`dataset-files-valida
 
 Also refer to the "Datafile Integrity" API  :ref:`datafile-integrity`
 
+.. _:DataFileChecksumValidationSizeLimit:
+
 :DataFileChecksumValidationSizeLimit
 ++++++++++++++++++++++++++++++++++++
 
@@ -5421,6 +5446,8 @@ To use the current GDCC version directly:
 
 ``curl -X PUT -d 'https://gdcc.github.io/dvwebloader/src/dvwebloader.html' http://localhost:8080/api/admin/settings/:WebloaderUrl``
 
+.. _:CategoryOrder:
+
 :CategoryOrder
 ++++++++++++++
 
@@ -5430,6 +5457,8 @@ The default is category ordering disabled.
 
 ``curl -X PUT -d 'Documentation,Data,Code' http://localhost:8080/api/admin/settings/:CategoryOrder``
 
+.. _:OrderByFolder:
+
 :OrderByFolder
 ++++++++++++++
 

From 2908951a990fdbd3408bb83d02ce4d2067dbf1ad Mon Sep 17 00:00:00 2001
From: Philip Durbin <philip_durbin@harvard.edu>
Date: Tue, 25 Nov 2025 12:40:44 -0500
Subject: [PATCH 537/634] missed a feature flag

---
 doc/sphinx-guides/source/admin/big-data-administration.rst | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/doc/sphinx-guides/source/admin/big-data-administration.rst b/doc/sphinx-guides/source/admin/big-data-administration.rst
index 205b96f630a..201e6dfb408 100644
--- a/doc/sphinx-guides/source/admin/big-data-administration.rst
+++ b/doc/sphinx-guides/source/admin/big-data-administration.rst
@@ -284,7 +284,7 @@ There are a broad range of options (that are not turned on by default) for impro
 - dataverse.feature.avoid-expensive-solr-join=true - this tells Dataverse to use the feature above to speed up searches. See :ref:`feature-flags`.
 - dataverse.feature.reduce-solr-deletes=true - when Solr entries are being updated, this avoids an unnecessary step (deletion of existing entries) for entries that are being replaced. See :ref:`feature-flags`.
 - dataverse.feature.disable-dataset-thumbnail-autoselect=true - by default, Dataverse scans through all files in a dataset to find one that can be used as a thumbnail, which is expensive for many files. This disables that behavior to improve performance. See :ref:`feature-flags`.
-- dataverse.feature.only-update-datacite-when-needed=true - reduces the load on DataCite and reduces Dataverse failures related to that load, which is important when using file PIDs on Datasets with many files
+- dataverse.feature.only-update-datacite-when-needed=true - reduces the load on DataCite and reduces Dataverse failures related to that load, which is important when using file PIDs on Datasets with many files. See :ref:`feature-flags`.
 - :ref:`dataverse.solr.min-files-to-use-proxy` =<X> - improve performance/lower memory requirements when indexing datasets with many files, suggested value is in the range 200 to 500
 - :ref:`dataverse.solr.concurrency.max-async-indexes` =<X> - limits the number of index operations running in parallel. The default is 4, larger values may improve performance (if the Solr intance is appropriately sized)
 - dataverse.exports.schema-dot-org.max-files-for-download-entries - reduces the size of the schema.org metadata export when there are many files per dataset. By default, this is included in the dataset page header, so the smaller version improves page loading and can avoid issues with Google indexing (datasets with thousands of files+)

From 86fbca9cbf5551746c3776bd534621cb16951a04 Mon Sep 17 00:00:00 2001
From: Philip Durbin <philip_durbin@harvard.edu>
Date: Tue, 25 Nov 2025 12:42:03 -0500
Subject: [PATCH 538/634] typo

---
 doc/sphinx-guides/source/admin/big-data-administration.rst | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/doc/sphinx-guides/source/admin/big-data-administration.rst b/doc/sphinx-guides/source/admin/big-data-administration.rst
index 201e6dfb408..793c5b25997 100644
--- a/doc/sphinx-guides/source/admin/big-data-administration.rst
+++ b/doc/sphinx-guides/source/admin/big-data-administration.rst
@@ -286,7 +286,7 @@ There are a broad range of options (that are not turned on by default) for impro
 - dataverse.feature.disable-dataset-thumbnail-autoselect=true - by default, Dataverse scans through all files in a dataset to find one that can be used as a thumbnail, which is expensive for many files. This disables that behavior to improve performance. See :ref:`feature-flags`.
 - dataverse.feature.only-update-datacite-when-needed=true - reduces the load on DataCite and reduces Dataverse failures related to that load, which is important when using file PIDs on Datasets with many files. See :ref:`feature-flags`.
 - :ref:`dataverse.solr.min-files-to-use-proxy` =<X> - improve performance/lower memory requirements when indexing datasets with many files, suggested value is in the range 200 to 500
-- :ref:`dataverse.solr.concurrency.max-async-indexes` =<X> - limits the number of index operations running in parallel. The default is 4, larger values may improve performance (if the Solr intance is appropriately sized)
+- :ref:`dataverse.solr.concurrency.max-async-indexes` =<X> - limits the number of index operations running in parallel. The default is 4, larger values may improve performance (if the Solr instance is appropriately sized)
 - dataverse.exports.schema-dot-org.max-files-for-download-entries - reduces the size of the schema.org metadata export when there are many files per dataset. By default, this is included in the dataset page header, so the smaller version improves page loading and can avoid issues with Google indexing (datasets with thousands of files+)
 - :ref:`:SolrFullTextIndexing` - false improves performance at the expense of not indexing file contents
 - :ref:`:SolrMaxFileSizeForFullTextIndexing` - size in bytes (default unset/no limit) above which file contents should not be indexed

From 252c9b3045ea39600b28351ca4be636f70d60f30 Mon Sep 17 00:00:00 2001
From: Philip Durbin <philip_durbin@harvard.edu>
Date: Tue, 25 Nov 2025 12:47:11 -0500
Subject: [PATCH 539/634] remove
 dataverse.exports.schema-dot-org.max-files-for-download-entries

Not supported yet. It's in this fork:
https://github.com/QualitativeDataRepository/dataverse/blob/1493abdad47eee23b208616bfa8e040cccd72b3a/src/main/java/edu/harvard/iq/dataverse/DatasetVersion.java#L2132
---
 doc/sphinx-guides/source/admin/big-data-administration.rst | 1 -
 1 file changed, 1 deletion(-)

diff --git a/doc/sphinx-guides/source/admin/big-data-administration.rst b/doc/sphinx-guides/source/admin/big-data-administration.rst
index 793c5b25997..b3c7e79c382 100644
--- a/doc/sphinx-guides/source/admin/big-data-administration.rst
+++ b/doc/sphinx-guides/source/admin/big-data-administration.rst
@@ -287,7 +287,6 @@ There are a broad range of options (that are not turned on by default) for impro
 - dataverse.feature.only-update-datacite-when-needed=true - reduces the load on DataCite and reduces Dataverse failures related to that load, which is important when using file PIDs on Datasets with many files. See :ref:`feature-flags`.
 - :ref:`dataverse.solr.min-files-to-use-proxy` =<X> - improve performance/lower memory requirements when indexing datasets with many files, suggested value is in the range 200 to 500
 - :ref:`dataverse.solr.concurrency.max-async-indexes` =<X> - limits the number of index operations running in parallel. The default is 4, larger values may improve performance (if the Solr instance is appropriately sized)
-- dataverse.exports.schema-dot-org.max-files-for-download-entries - reduces the size of the schema.org metadata export when there are many files per dataset. By default, this is included in the dataset page header, so the smaller version improves page loading and can avoid issues with Google indexing (datasets with thousands of files+)
 - :ref:`:SolrFullTextIndexing` - false improves performance at the expense of not indexing file contents
 - :ref:`:SolrMaxFileSizeForFullTextIndexing` - size in bytes (default unset/no limit) above which file contents should not be indexed
 - :ref:`:ZipDownloadLimit` - the maximum size in bytes for zipped downloads of files from a dataset. If the size of requested files is larger, some files will be omitted and listed in the zip manifest file as not included.

From 764ba9a70c8905e4cb4bc589c2354e946cf3e88e Mon Sep 17 00:00:00 2001
From: Leonid Andreev <leonid@hmdc.harvard.edu>
Date: Mon, 24 Nov 2025 12:36:40 -0500
Subject: [PATCH 540/634] A quick experiment - add the remaining storage quota
 and/or file count limits to the output of /storageDriver API, if present. A
 further refinement: made the new behavior optional; added authentication -
 the limits will be used by the SPA and/or other clients in the context of
 file upload, where Edit permission should be expected. #11987

---
 .../harvard/iq/dataverse/api/Datasets.java    | 48 ++++++++++++++++++-
 1 file changed, 46 insertions(+), 2 deletions(-)

diff --git a/src/main/java/edu/harvard/iq/dataverse/api/Datasets.java b/src/main/java/edu/harvard/iq/dataverse/api/Datasets.java
index db87a1e7757..d8578ca3652 100644
--- a/src/main/java/edu/harvard/iq/dataverse/api/Datasets.java
+++ b/src/main/java/edu/harvard/iq/dataverse/api/Datasets.java
@@ -3652,7 +3652,9 @@ public Response getMakeDataCountMetric(@PathParam("id") String idSupplied, @Path
     @AuthRequired
     @Path("{identifier}/storageDriver")
     public Response getFileStore(@Context ContainerRequestContext crc, @PathParam("identifier") String dvIdtf,
-            @Context UriInfo uriInfo, @Context HttpHeaders headers) throws WrappedResponse {
+            @QueryParam("showRemainingQuotas") boolean showRemaining,
+            @Context UriInfo uriInfo,
+            @Context HttpHeaders headers) throws WrappedResponse {
 
         Dataset dataset;
 
@@ -3662,7 +3664,49 @@ public Response getFileStore(@Context ContainerRequestContext crc, @PathParam("i
             return error(Response.Status.NOT_FOUND, "No such dataset");
         }
 
-        return ok(JsonPrinter.jsonStorageDriver(dataset.getEffectiveStorageDriverId(), dataset));
+        if (showRemaining) {
+            AuthenticatedUser user;
+            try {
+                user = getRequestAuthenticatedUserOrDie(crc);
+            } catch (WrappedResponse ex) {
+                return error(Response.Status.BAD_REQUEST, "The option showRemainingQuotas requires authentication.");
+            }
+            if (!permissionSvc.requestOn(createDataverseRequest(user), dataset).has(Permission.EditDataset)) {
+                return error(Response.Status.FORBIDDEN, "The option showRemainingQuotas requires EditDataset permission.");
+            }
+        }
+
+        JsonObjectBuilder output = JsonPrinter.jsonStorageDriver(dataset.getEffectiveStorageDriverId(), dataset);
+
+        if (showRemaining) {
+            // Add optional elements - storage size and file count limits, if present:
+
+            Long storageSizeQuotaRemaining = null;
+            Integer numberOfFilesRemaining = null;
+
+            if (systemConfig.isStorageQuotasEnforced()) {
+                UploadSessionQuotaLimit uploadSessionQuota = fileService.getUploadSessionQuotaLimit(dataset);
+                if (uploadSessionQuota != null) {
+                    storageSizeQuotaRemaining = uploadSessionQuota.getRemainingQuotaInBytes();
+                }
+            }
+
+            Integer effectiveFileCountLimit = dataset.getEffectiveDatasetFileCountLimit();
+
+            if (effectiveFileCountLimit != null) {
+                numberOfFilesRemaining = effectiveFileCountLimit - datasetService.getDataFileCountByOwner(dataset.getId());
+            }
+
+            if (storageSizeQuotaRemaining != null) {
+                output.add("storageQuotaRemaining", storageSizeQuotaRemaining);
+            }
+
+            if (numberOfFilesRemaining != null) {
+                output.add("numberOfFilesRemaining", numberOfFilesRemaining);
+            }
+        }
+
+        return ok(output);
     }
 
     @PUT

From cc9f9a29a7ad18102e5d60368eeb3ef82cd2a10f Mon Sep 17 00:00:00 2001
From: Leonid Andreev <leonid@hmdc.harvard.edu>
Date: Mon, 24 Nov 2025 15:22:55 -0500
Subject: [PATCH 541/634] cleanup per review #11987

---
 .../edu/harvard/iq/dataverse/api/Datasets.java    | 15 ++-------------
 1 file changed, 2 insertions(+), 13 deletions(-)

diff --git a/src/main/java/edu/harvard/iq/dataverse/api/Datasets.java b/src/main/java/edu/harvard/iq/dataverse/api/Datasets.java
index d8578ca3652..c29b3364f51 100644
--- a/src/main/java/edu/harvard/iq/dataverse/api/Datasets.java
+++ b/src/main/java/edu/harvard/iq/dataverse/api/Datasets.java
@@ -3681,28 +3681,17 @@ public Response getFileStore(@Context ContainerRequestContext crc, @PathParam("i
         if (showRemaining) {
             // Add optional elements - storage size and file count limits, if present:
 
-            Long storageSizeQuotaRemaining = null;
-            Integer numberOfFilesRemaining = null;
-
             if (systemConfig.isStorageQuotasEnforced()) {
                 UploadSessionQuotaLimit uploadSessionQuota = fileService.getUploadSessionQuotaLimit(dataset);
                 if (uploadSessionQuota != null) {
-                    storageSizeQuotaRemaining = uploadSessionQuota.getRemainingQuotaInBytes();
+                    output.add("storageQuotaRemaining", uploadSessionQuota.getRemainingQuotaInBytes());
                 }
             }
 
             Integer effectiveFileCountLimit = dataset.getEffectiveDatasetFileCountLimit();
 
             if (effectiveFileCountLimit != null) {
-                numberOfFilesRemaining = effectiveFileCountLimit - datasetService.getDataFileCountByOwner(dataset.getId());
-            }
-
-            if (storageSizeQuotaRemaining != null) {
-                output.add("storageQuotaRemaining", storageSizeQuotaRemaining);
-            }
-
-            if (numberOfFilesRemaining != null) {
-                output.add("numberOfFilesRemaining", numberOfFilesRemaining);
+                output.add("numberOfFilesRemaining", effectiveFileCountLimit - datasetService.getDataFileCountByOwner(dataset.getId()));
             }
         }
 

From ac5620b9bc0df5bacbcc55de06ffffc2b0f320bb Mon Sep 17 00:00:00 2001
From: Leonid Andreev <leonid@hmdc.harvard.edu>
Date: Tue, 25 Nov 2025 14:09:27 -0500
Subject: [PATCH 542/634] Extra documentation. #11987

---
 .../11987-storage-quotas-on-datasets.md       |  1 +
 .../source/admin/dataverses-datasets.rst      | 20 +++++++++++++++++++
 2 files changed, 21 insertions(+)

diff --git a/doc/release-notes/11987-storage-quotas-on-datasets.md b/doc/release-notes/11987-storage-quotas-on-datasets.md
index 6a103421503..d4ccce02b2b 100644
--- a/doc/release-notes/11987-storage-quotas-on-datasets.md
+++ b/doc/release-notes/11987-storage-quotas-on-datasets.md
@@ -1,3 +1,4 @@
 It is now possible to define storage quotas on individual datasets. See the API guide for more information.
 The practical use case is for datasets in the top-level, root collection. This does not address the use case of a user creating multiple datasets. But there is an open dev. issue for adding per-user storage quotas as well.
 
+The `/api/datasets/{id}/storageDriver` API has been further extended to (optionally) include the remaining storage and/or number of files quotas, if present.
\ No newline at end of file
diff --git a/doc/sphinx-guides/source/admin/dataverses-datasets.rst b/doc/sphinx-guides/source/admin/dataverses-datasets.rst
index 0fa5bcf69f1..cee457ca30c 100644
--- a/doc/sphinx-guides/source/admin/dataverses-datasets.rst
+++ b/doc/sphinx-guides/source/admin/dataverses-datasets.rst
@@ -269,6 +269,26 @@ The current driver can be seen using::
 
     curl http://$SERVER/api/datasets/$dataset-id/storageDriver
 
+The output of the API will include the id, label, type (for example, "file" or "s3") as well as the support for direct download and upload. 
+With the optional parameter ``showRemainingQuotas=true``, the remaining storage size and/or file number quotas will also be included, if present. For example:
+
+.. code-block::
+   curl  -H "X-Dataverse-key: $API_TOKEN" "http://localhost:8080/api/datasets/$dataset-id/storageDriver?showRemainingQuotas=true" 
+   {
+     "status": "OK",
+     "data": {
+       "label": "S3",
+       "type": "s3",
+       "name": "s3",
+       "directDownload": true,
+       "directUpload": false,
+       "numberOfFilesRemaining": 20,
+       "storageQuotaRemaining": 1048576
+     } 
+   }
+
+Note that using this option requires the Edit permission on the dataset. 
+
 It can be reset to the default store as follows (only a superuser can do this) ::
 
     curl -H "X-Dataverse-key: $API_TOKEN" -X DELETE http://$SERVER/api/datasets/$dataset-id/storageDriver

From cbc098cf3da48e4d2cd07be96cc3803a7d048a31 Mon Sep 17 00:00:00 2001
From: Leonid Andreev <leonid@hmdc.harvard.edu>
Date: Tue, 25 Nov 2025 14:30:52 -0500
Subject: [PATCH 543/634] typo in the guide #11987

---
 doc/sphinx-guides/source/admin/dataverses-datasets.rst | 1 +
 1 file changed, 1 insertion(+)

diff --git a/doc/sphinx-guides/source/admin/dataverses-datasets.rst b/doc/sphinx-guides/source/admin/dataverses-datasets.rst
index cee457ca30c..0847b347c0c 100644
--- a/doc/sphinx-guides/source/admin/dataverses-datasets.rst
+++ b/doc/sphinx-guides/source/admin/dataverses-datasets.rst
@@ -273,6 +273,7 @@ The output of the API will include the id, label, type (for example, "file" or "
 With the optional parameter ``showRemainingQuotas=true``, the remaining storage size and/or file number quotas will also be included, if present. For example:
 
 .. code-block::
+
    curl  -H "X-Dataverse-key: $API_TOKEN" "http://localhost:8080/api/datasets/$dataset-id/storageDriver?showRemainingQuotas=true" 
    {
      "status": "OK",

From 031b6f54b88602e4b74ed654f206bfa9b81a8b44 Mon Sep 17 00:00:00 2001
From: Caen Jones <caenkj@protonmail.com>
Date: Tue, 25 Nov 2025 19:35:14 -0500
Subject: [PATCH 544/634] Update production.rst

---
 .../source/container/running/production.rst            | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

diff --git a/doc/sphinx-guides/source/container/running/production.rst b/doc/sphinx-guides/source/container/running/production.rst
index 723e4d31298..0bd7a65bebb 100644
--- a/doc/sphinx-guides/source/container/running/production.rst
+++ b/doc/sphinx-guides/source/container/running/production.rst
@@ -1,6 +1,12 @@
 Production
 ==========
 
+.. _production-security-warning:
+
+The :doc:`demo` tutorial is **NOT SECURE BY DEFAULT**. It uses public, hardcoded passwords and secrets for demonstration purposes only.
+
+If you use the demo as a structural template, you MUST replace all default secrets before deploying your instance. Failure to do so will result in a vulnerable production environment.
+
 .. contents:: |toctitle|
 	:local:
 
@@ -11,7 +17,7 @@ As of Dataverse 6.8, when we introduced image tagging per version (see the :ref:
 
 The images and the documentation is not perfect, of course.
 
-For now, we recommend following the :doc:`demo` tutorial. It will help you learn how to configure and secure your installation. Not that instead of "latest" you might want to select a specific version. Again see :ref:`app-image-supported-tags`.
+For now, we recommend following the :doc:`demo` as a structural template. Note that instead of "latest" you might want to select a specific version. Again see :ref:`app-image-supported-tags`.
 
 The Dataverse guides were originally written with a non-Docker installation in mind so we'd like rewrite them with both Docker and non-Docker in mind. This is a big job, obviously. 😅 We know we'd like to write more about ports. We'd like to explain `how to set up Rserve <https://github.com/IQSS/dataverse/issues/11731>`_. Etc., etc.
 
@@ -30,4 +36,4 @@ Please try the images (see :doc:`demo`) and give feedback (see :ref:`helping-con
 Alternatives
 ------------
 
-The traditional (non-Docker) installation method is described in the :doc:`/installation/index`.
\ No newline at end of file
+The traditional (non-Docker) installation method is described in the :doc:`/installation/index`.

From c6c0a9796c4ef47964a35f09dc6bd5a881a349b0 Mon Sep 17 00:00:00 2001
From: Caen Jones <caenkj@protonmail.com>
Date: Tue, 25 Nov 2025 19:43:01 -0500
Subject: [PATCH 545/634] fixed security warning for demo tutorial usage

---
 doc/sphinx-guides/source/container/running/production.rst | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/doc/sphinx-guides/source/container/running/production.rst b/doc/sphinx-guides/source/container/running/production.rst
index 0bd7a65bebb..786851267e9 100644
--- a/doc/sphinx-guides/source/container/running/production.rst
+++ b/doc/sphinx-guides/source/container/running/production.rst
@@ -3,9 +3,11 @@ Production
 
 .. _production-security-warning:
 
-The :doc:`demo` tutorial is **NOT SECURE BY DEFAULT**. It uses public, hardcoded passwords and secrets for demonstration purposes only.
+.. warning::
 
-If you use the demo as a structural template, you MUST replace all default secrets before deploying your instance. Failure to do so will result in a vulnerable production environment.
+    The :doc:`demo` tutorial is **NOT SECURE BY DEFAULT**. It uses public, hardcoded passwords and secrets for demonstration purposes only.
+
+    If you use the demo as a structural template, you MUST replace all default secrets before deploying your instance. Failure to do so will result in a vulnerable production environment.
 
 .. contents:: |toctitle|
 	:local:

From b18716c7d550380fa8f6502ae434b2f04e9d378e Mon Sep 17 00:00:00 2001
From: Oliver Bertuch <o.bertuch@fz-juelich.de>
Date: Wed, 26 Nov 2025 09:11:44 +0100
Subject: [PATCH 546/634] test,fix(auth): avoid flapping test results due to
 logout when Keycloak client is autoclosed

Removing the try-with-resources avoids autoclosing the resource, which triggers a logout. As we reuse the token in multiple tests, we don't want that.
---
 .../oidc/OIDCAuthenticationProviderFactoryIT.java   | 13 +++++++------
 1 file changed, 7 insertions(+), 6 deletions(-)

diff --git a/src/test/java/edu/harvard/iq/dataverse/authorization/providers/oauth2/oidc/OIDCAuthenticationProviderFactoryIT.java b/src/test/java/edu/harvard/iq/dataverse/authorization/providers/oauth2/oidc/OIDCAuthenticationProviderFactoryIT.java
index 0ca74ab2f2b..91160b0ad77 100644
--- a/src/test/java/edu/harvard/iq/dataverse/authorization/providers/oauth2/oidc/OIDCAuthenticationProviderFactoryIT.java
+++ b/src/test/java/edu/harvard/iq/dataverse/authorization/providers/oauth2/oidc/OIDCAuthenticationProviderFactoryIT.java
@@ -72,11 +72,12 @@ class OIDCAuthenticationProviderFactoryIT {
         .withAdminPassword(adminPassword);
     
     // simple method to retrieve the issuer URL, referenced to by @JvmSetting annotations (do no delete)
+    @SuppressWarnings("unused")
     private static String getAuthUrl() {
         return keycloakContainer.getAuthServerUrl() + "/realms/" + realm;
     }
     
-    OIDCAuthProvider getProvider() throws Exception {
+    private OIDCAuthProvider getProvider() throws Exception {
         OIDCAuthProvider oidcAuthProvider = (OIDCAuthProvider) OIDCAuthenticationProviderFactory.buildFromSettings();
         
         assumeTrue(oidcAuthProvider.getMetadata().getTokenEndpointURI().toString()
@@ -86,8 +87,9 @@ OIDCAuthProvider getProvider() throws Exception {
     }
     
     // NOTE: This requires the "direct access grants" for the client to be enabled!
-    String getBearerTokenViaKeycloakAdminClient() throws Exception {
-        try (Keycloak keycloak = KeycloakBuilder.builder()
+    private String getBearerTokenViaKeycloakAdminClient() {
+        // NOTE: While Keycloak implements AutoClosable, don't use a try-with-resources with it to avoid logging out.
+        Keycloak keycloak = KeycloakBuilder.builder()
             .serverUrl(keycloakContainer.getAuthServerUrl())
             .grantType(OAuth2Constants.PASSWORD)
             .realm(realm)
@@ -96,9 +98,8 @@ String getBearerTokenViaKeycloakAdminClient() throws Exception {
             .username(realmAdminUser)
             .password(realmAdminPassword)
             .scope("openid")
-            .build()) {
-            return keycloak.tokenManager().getAccessTokenString();
-        }
+            .build();
+        return keycloak.tokenManager().getAccessTokenString();
     }
     
     /**

From c63e6953d47fc8e0fdca87bf714856f8d8195dc7 Mon Sep 17 00:00:00 2001
From: Oliver Bertuch <o.bertuch@fz-juelich.de>
Date: Thu, 27 Nov 2025 14:32:42 +0100
Subject: [PATCH 547/634] refactor(migration): centralize DBUnit helpers and
 reuse shared Postgres container in migration tests

Extracted DBUnit helper methods to a new `DBUnitHelper` class for reusability and cleaner test code. Updated `V6_8_0_1__SettingsDataMigrationIT` to utilize these helpers and the shared Postgres container for better maintainability and reduced redundancy in test setup.
---
 .../dataverse/db/migration/DBUnitHelper.java  | 207 ++++++++++++++++++
 .../db/migration/SharedPostgresContainer.java |  47 +++-
 .../V6_8_0_1__SettingsDataMigrationIT.java    | 143 ++----------
 3 files changed, 277 insertions(+), 120 deletions(-)
 create mode 100644 src/test/java/edu/harvard/iq/dataverse/db/migration/DBUnitHelper.java

diff --git a/src/test/java/edu/harvard/iq/dataverse/db/migration/DBUnitHelper.java b/src/test/java/edu/harvard/iq/dataverse/db/migration/DBUnitHelper.java
new file mode 100644
index 00000000000..17beaabaad0
--- /dev/null
+++ b/src/test/java/edu/harvard/iq/dataverse/db/migration/DBUnitHelper.java
@@ -0,0 +1,207 @@
+package edu.harvard.iq.dataverse.db.migration;
+
+import org.dbunit.Assertion;
+import org.dbunit.IDatabaseTester;
+import org.dbunit.assertion.DiffCollectingFailureHandler;
+import org.dbunit.assertion.Difference;
+import org.dbunit.dataset.DefaultDataSet;
+import org.dbunit.dataset.IDataSet;
+import org.dbunit.dataset.ITable;
+import org.dbunit.dataset.ReplacementDataSet;
+import org.dbunit.dataset.SortedTable;
+import org.dbunit.dataset.filter.DefaultColumnFilter;
+import org.dbunit.dataset.xml.FlatXmlDataSet;
+import org.dbunit.dataset.xml.FlatXmlDataSetBuilder;
+import org.dbunit.operation.DatabaseOperation;
+
+import java.io.ByteArrayInputStream;
+import java.io.ByteArrayOutputStream;
+import java.io.IOException;
+import java.io.InputStream;
+import java.nio.charset.StandardCharsets;
+import java.sql.Connection;
+import java.sql.Statement;
+
+class DBUnitHelper {
+    /**
+     * Loads dataset from the provided XML string into the database associated with the given
+     * {@link IDatabaseTester} instance. It performs the following steps:
+     * - Parses the XML string into an {@link IDataSet}.
+     * - Replaces occurrences of "[null]" with actual null values in the dataset.
+     * - Inserts the data into the database, performing a CLEAN_INSERT operation.
+     * - Updates database sequences to avoid primary key collisions.
+     *
+     * @param tester the {@link IDatabaseTester} instance used for database operations.
+     * @param inputXml the XML string representing the dataset to be loaded into the database.
+     * @throws Exception if an error occurs during dataset parsing, database setup, or sequence update.
+     */
+    public static void loadData(IDatabaseTester tester, String inputXml) throws Exception {
+        try (InputStream xml = new ByteArrayInputStream(inputXml.getBytes(StandardCharsets.UTF_8))) {
+            IDataSet inputDataSet = new FlatXmlDataSetBuilder().build(xml);
+            
+            // Handle NULL values by replacing [null] string with actual NULL in the input dataset
+            ReplacementDataSet dataSet = new ReplacementDataSet(inputDataSet);
+            dataSet.addReplacementObject("[null]", null);
+            
+            tester.setDataSet(dataSet);
+            tester.setSetUpOperation(DatabaseOperation.CLEAN_INSERT);
+            tester.onSetup();
+        }
+        
+        // Update the sequence to avoid primary key collisions with the data just inserted by DBUnit
+        try (Connection conn = tester.getConnection().getConnection(); Statement stmt = conn.createStatement()) {
+            stmt.execute("SELECT setval('setting_id_seq', (SELECT MAX(id) FROM setting))");
+        }
+    }
+    
+    /**
+     * Retrieves and processes the actual data from a specified table in the database.
+     * The method performs the following steps:
+     * - Fetches the entire dataset from the database connection.
+     * - Retrieves the specific table from the dataset.
+     * - Filters out specified columns from the table.
+     * - Sorts the table based on the provided column.
+     *
+     * @param tester the {@link IDatabaseTester} instance used to access the database.
+     * @param table the name of the table to retrieve from the dataset.
+     * @param orderBy the column name by which the table should be sorted.
+     * @param ignoreCols optional columns to exclude from the resulting table.
+     * @return a processed and sorted {@link ITable} object representing the actual data from the database table.
+     * @throws Exception if an error occurs during database access, table filtering, or sorting.
+     */
+    public static ITable getActualData(IDatabaseTester tester, String table, String orderBy, String... ignoreCols) throws Exception {
+        IDataSet actualDataSet = tester.getConnection().createDataSet();
+        ITable actualTable = actualDataSet.getTable(table);
+        ITable filteredActual = DefaultColumnFilter.excludedColumnsTable(actualTable, ignoreCols);
+        SortedTable sortedActual = new SortedTable(filteredActual, new String[]{orderBy});
+        sortedActual.setUseComparable(true);
+        return sortedActual;
+    }
+    
+    /**
+     * Processes the given XML data to produce an expected dataset table for comparison purposes.
+     * The method performs the following steps:
+     * - Parses the XML data into an {@link IDataSet}.
+     * - Replaces "[null]" strings with actual null values in the dataset.
+     * - Filters out specified columns from the table.
+     * - Sorts the resulting table based on the provided column(s).
+     *
+     * @param expectedXml the XML string representing the expected dataset.
+     * @param table the name of the table to retrieve from the dataset.
+     * @param orderBy the column name by which the table should be sorted.
+     * @param ignoreCols optional columns to exclude from the resulting table.
+     * @return a processed and sorted {@link ITable} object representing the expected state of the dataset.
+     * @throws Exception if an error occurs during XML parsing, dataset processing, or table filtering.
+     */
+    public static ITable getExpectedData(String expectedXml, String table, String orderBy, String... ignoreCols) throws Exception {
+        try (InputStream xml = new ByteArrayInputStream(expectedXml.getBytes(StandardCharsets.UTF_8))) {
+            IDataSet rawDataSet = new FlatXmlDataSetBuilder().build(xml);
+            
+            // Handle NULL values by replacing [null] string with actual NULL in the expected dataset
+            // This is necessary to deal with the lang column, which may contain NULL values.
+            ReplacementDataSet expectedDataSet = new ReplacementDataSet(rawDataSet);
+            expectedDataSet.addReplacementObject("[null]", null);
+            ITable expectedTable = expectedDataSet.getTable(table);
+            
+            // Filter out the id column (potentially contains auto-generated values, not comparable)
+            ITable filteredExpected = DefaultColumnFilter.excludedColumnsTable(expectedTable, ignoreCols);
+            
+            // Sort the resulting table by name (using comparable to avoid byte-wise sorting!)
+            SortedTable sortedExpected = new SortedTable(filteredExpected, new String[]{orderBy});
+            sortedExpected.setUseComparable(true);
+            
+            return sortedExpected;
+        }
+    }
+    
+    
+    /**
+     * Executes a database migration script located at the specified resource path.
+     * This method loads the SQL script from the given path, establishes a connection
+     * to the database via the {@link SharedPostgresContainer}, and executes the script.
+     *
+     * @param migrationResourcePath the path to the migration script resource to be executed
+     * @throws Exception if an error occurs while loading the resource, establishing the database connection,
+     *         or executing the SQL script
+     */
+    public static void runMigrationScript(String migrationResourcePath) throws Exception {
+        String migrationSql = loadResource(migrationResourcePath);
+        try (Connection conn = SharedPostgresContainer.getConnection(); Statement stmt = conn.createStatement()) {
+            stmt.execute(migrationSql);
+        }
+    }
+    
+    /**
+     * Loads the content of a resource file located at the given path into a string.
+     * The resource is read with UTF-8 encoding, and if the resource is not found, an IOException
+     * is thrown. Proper handling of the InputStream is ensured using try-with-resources.
+     *
+     * @param path the path to the resource file to be loaded
+     *             (Note: a path starting with "/" is absolute (root of the classpath). Without it is relative to {@link DBUnitHelper})
+     * @return the content of the resource as a string
+     * @throws IOException if the resource cannot be found or an error occurs during reading
+     */
+    public static String loadResource(String path) throws IOException {
+        try (InputStream is = DBUnitHelper.class.getResourceAsStream(path)) {
+            if (is == null) {
+                throw new IOException("Resource not found: " + path);
+            }
+            return new String(is.readAllBytes(), StandardCharsets.UTF_8);
+        }
+    }
+    
+    /**
+     * Asserts that two database tables are equal. The method compares the
+     * expected and actual tables row by row and column by column. If differences
+     * are found, an {@link AssertionError} is thrown with detailed information
+     * about the discrepancies, including the expected and actual values and
+     * their corresponding XML representations.
+     *
+     * @param expected the expected {@link ITable} object, representing the
+     *                 expected state of the database table.
+     * @param actual   the actual {@link ITable} object, representing the actual
+     *                 state of the database table to compare against the expected table.
+     * @throws Exception if an error occurs during the comparison or while
+     *                   generating the XML representation of the tables.
+     */
+    public static void assertTablesEqual(ITable expected, ITable actual) throws Exception {
+        DiffCollectingFailureHandler failureHandler = new DiffCollectingFailureHandler();
+        Assertion.assertEquals(expected, actual, failureHandler);
+        
+        if (!failureHandler.getDiffList().isEmpty()) {
+            StringBuilder sb = new StringBuilder();
+            sb.append("=== DIFFERENCES FOUND ===\n");
+            
+            for (Object diff : failureHandler.getDiffList()) {
+                Difference d = (Difference) diff;
+                sb.append(String.format("Row %d, Column '%s': expected <%s> but was <%s>%n",
+                    d.getRowIndex(),
+                    d.getColumnName(),
+                    d.getExpectedValue(),
+                    d.getActualValue()));
+            }
+            
+            sb.append("\n=== EXPECTED DATA ===\n");
+            sb.append(tableToXmlString(expected));
+            
+            sb.append("\n=== ACTUAL DATA ===\n");
+            sb.append(tableToXmlString(actual));
+            
+            throw new AssertionError(sb.toString());
+        }
+    }
+    
+    /**
+     * Converts the data in the given {@link ITable} to an XML string representation.
+     * This method serializes the specified table into a flat XML format using UTF-8 encoding.
+     *
+     * @param table the {@link ITable} to be converted to an XML string
+     * @return a string containing the XML representation of the specified table
+     * @throws Exception if an error occurs during the serialization process
+     */
+    public static String tableToXmlString(ITable table) throws Exception {
+        ByteArrayOutputStream baos = new ByteArrayOutputStream();
+        FlatXmlDataSet.write(new DefaultDataSet(table), baos);
+        return baos.toString(StandardCharsets.UTF_8);
+    }
+}
\ No newline at end of file
diff --git a/src/test/java/edu/harvard/iq/dataverse/db/migration/SharedPostgresContainer.java b/src/test/java/edu/harvard/iq/dataverse/db/migration/SharedPostgresContainer.java
index 47a995621f7..5970e36069a 100644
--- a/src/test/java/edu/harvard/iq/dataverse/db/migration/SharedPostgresContainer.java
+++ b/src/test/java/edu/harvard/iq/dataverse/db/migration/SharedPostgresContainer.java
@@ -1,9 +1,15 @@
 package edu.harvard.iq.dataverse.db.migration;
 
+import org.dbunit.IDatabaseTester;
+import org.dbunit.JdbcDatabaseTester;
+import org.dbunit.database.DatabaseConfig;
+import org.dbunit.database.IDatabaseConnection;
+import org.dbunit.ext.postgresql.PostgresqlDataTypeFactory;
 import org.testcontainers.postgresql.PostgreSQLContainer;
 
 import java.sql.Connection;
 import java.sql.DriverManager;
+import java.sql.SQLException;
 
 /**
  * Singleton container that is started once and reused across all tests.
@@ -12,6 +18,14 @@ public class SharedPostgresContainer {
     
     private static volatile PostgreSQLContainer instance;
     
+    /**
+     * Provides a singleton instance of {@link PostgreSQLContainer} configured with
+     * a specific PostgreSQL version, database name, username, and password. The
+     * container is created and started on first invocation and reused across
+     * subsequent calls.
+     *
+     * @return the singleton {@link PostgreSQLContainer} instance for use in tests
+     */
     public static PostgreSQLContainer getInstance() {
         if (instance == null) {
             synchronized (SharedPostgresContainer.class) {
@@ -34,11 +48,42 @@ public static PostgreSQLContainer getInstance() {
         return instance;
     }
     
-    public static Connection getConnection() throws Exception {
+    /**
+     * Retrieves a database connection using the credentials and JDBC URL
+     * provided by the singleton PostgreSQL container instance.
+     *
+     * @return a {@link Connection} object to interact with the PostgreSQL database
+     * @throws SQLException if a database access error occurs
+     */
+    public static Connection getConnection() throws SQLException {
         return DriverManager.getConnection(
             getInstance().getJdbcUrl(),
             getInstance().getUsername(),
             getInstance().getPassword()
         );
     }
+    
+    /**
+     * Creates and returns an initialized instance of IDatabaseTester for testing
+     * database interactions. The tester is configured to work with a PostgreSQL
+     * database by using a PostgresqlDataTypeFactory.
+     *
+     * @return an IDatabaseTester instance configured for the current PostgreSQL container
+     * @throws ClassNotFoundException if there is an issue creating the database tester or connection
+     */
+    public static IDatabaseTester getTester() throws ClassNotFoundException {
+        return new JdbcDatabaseTester(
+            getInstance().getDriverClassName(),
+            getInstance().getJdbcUrl(),
+            getInstance().getUsername(),
+            getInstance().getPassword()
+        ) {
+            @Override
+            public IDatabaseConnection getConnection() throws Exception {
+                IDatabaseConnection connection = super.getConnection();
+                connection.getConfig().setProperty(DatabaseConfig.PROPERTY_DATATYPE_FACTORY, new PostgresqlDataTypeFactory());
+                return connection;
+            }
+        };
+    }
 }
diff --git a/src/test/java/edu/harvard/iq/dataverse/db/migration/V6_8_0_1__SettingsDataMigrationIT.java b/src/test/java/edu/harvard/iq/dataverse/db/migration/V6_8_0_1__SettingsDataMigrationIT.java
index f432aa7ed26..6c442d86bd4 100644
--- a/src/test/java/edu/harvard/iq/dataverse/db/migration/V6_8_0_1__SettingsDataMigrationIT.java
+++ b/src/test/java/edu/harvard/iq/dataverse/db/migration/V6_8_0_1__SettingsDataMigrationIT.java
@@ -2,45 +2,28 @@
 
 
 import edu.harvard.iq.dataverse.util.testing.Tags;
-import org.dbunit.Assertion;
 import org.dbunit.IDatabaseTester;
-import org.dbunit.JdbcDatabaseTester;
-import org.dbunit.dataset.IDataSet;
-import org.dbunit.dataset.ITable;
-import org.dbunit.dataset.SortedTable;
-import org.dbunit.dataset.filter.DefaultColumnFilter;
-import org.dbunit.dataset.xml.FlatXmlDataSetBuilder;
-import org.dbunit.operation.DatabaseOperation;
 import org.junit.jupiter.api.AfterEach;
 import org.junit.jupiter.api.BeforeAll;
 import org.junit.jupiter.api.BeforeEach;
 import org.junit.jupiter.api.DisplayName;
 import org.junit.jupiter.api.Tag;
 import org.junit.jupiter.api.Test;
-import org.testcontainers.junit.jupiter.Container;
 import org.testcontainers.junit.jupiter.Testcontainers;
-import org.testcontainers.postgresql.PostgreSQLContainer;
 
-import java.io.ByteArrayInputStream;
-import java.io.InputStream;
-import java.nio.charset.StandardCharsets;
 import java.sql.Connection;
 import java.sql.Statement;
 
-import static org.dbunit.Assertion.assertEquals;
 import static org.junit.jupiter.api.Assertions.assertTrue;
 
 @Tag(Tags.DB_MIGRATION_TEST)
 @Tag(Tags.USES_TESTCONTAINERS)
 @Testcontainers(disabledWithoutDocker = true)
-public class V6_8_0_1__SettingsDataMigrationIT {
+class V6_8_0_1__SettingsDataMigrationIT {
     
     static final String MIGRATION_RESOURCE = "/db/migration/V6.8.0.1.sql";
     static final String TABLE_NAME = "setting";
     
-    @Container
-    static PostgreSQLContainer POSTGRES = SharedPostgresContainer.getInstance();
-    
     private IDatabaseTester databaseTester;
     
     @BeforeAll
@@ -65,13 +48,7 @@ lang    text constraint non_empty_lang check (lang <> ''::text),
     
     @BeforeEach
     void setUp() throws Exception {
-        // Create a new database tester instance, get the connection details from Testcontainers
-        databaseTester = new JdbcDatabaseTester(
-            POSTGRES.getDriverClassName(),
-            POSTGRES.getJdbcUrl(),
-            POSTGRES.getUsername(),
-            POSTGRES.getPassword()
-        );
+        databaseTester = SharedPostgresContainer.getTester();
     }
     
     @AfterEach
@@ -81,7 +58,7 @@ void tearDown() throws Exception {
         }
         // Clean up for the next test
         try (Connection conn = SharedPostgresContainer.getConnection(); Statement stmt = conn.createStatement()) {
-            stmt.execute("TRUNCATE TABLE setting RESTART IDENTITY CASCADE");
+            stmt.execute("TRUNCATE TABLE " + TABLE_NAME + " RESTART IDENTITY CASCADE");
         }
     }
     
@@ -96,11 +73,11 @@ void testMigrationConvertSimpleSettings() throws Exception {
                 <setting id="2" name="WorkflowsAdmin#IP_WHITELIST_KEY" content="127.0.0.1" />
             </dataset>
             """;
-        loadData(inputXml);
+        DBUnitHelper.loadData(databaseTester, inputXml);
         
         // WHEN
-        runMigrationScript();
-        var actualData = getActualData();
+        DBUnitHelper.runMigrationScript(MIGRATION_RESOURCE);
+        var actualData = DBUnitHelper.getActualData(databaseTester, TABLE_NAME, "name", "id");
         
         // THEN
         // Notes: We don't specify 'id' in expected because they are auto-generated.
@@ -112,9 +89,9 @@ void testMigrationConvertSimpleSettings() throws Exception {
                 <setting name=":WorkflowsAdminIpWhitelist" content="127.0.0.1" />
             </dataset>
             """;
-        var expectedData = getExpectedData(expectedXml);
+        var expectedData = DBUnitHelper.getExpectedData(expectedXml, TABLE_NAME, "name", "id");
         
-        Assertion.assertEquals(expectedData, actualData);
+        DBUnitHelper.assertTablesEqual(expectedData, actualData);
     }
     
     @Test
@@ -129,11 +106,11 @@ void testMigrationConvertTabularIngestSizeLimitToJsonFormat() throws Exception {
                 <setting id="5" name=":TabularIngestSizeLimit:tab" content="1000" />
             </dataset>
             """;
-        loadData(inputXml);
+        DBUnitHelper.loadData(databaseTester, inputXml);
         
         // WHEN
-        runMigrationScript();
-        var actualData = getActualData();
+        DBUnitHelper.runMigrationScript(MIGRATION_RESOURCE);
+        var actualData = DBUnitHelper.getActualData(databaseTester, TABLE_NAME, "name", "id");
         
         // THEN
         // Notes: We don't specify 'id' in expected because they are auto-generated.
@@ -141,12 +118,12 @@ void testMigrationConvertTabularIngestSizeLimitToJsonFormat() throws Exception {
         var expectedXml = """
             <?xml version='1.0' encoding='UTF-8'?>
             <dataset>
-                <setting name=":TabularIngestSizeLimit" content='{"csv": 5000, "tab": 1000, "default": 2000}' />
+                <setting name=":TabularIngestSizeLimit" content='{"csv": 5000, "tab": 1000, "default": 2000}' lang="[null]" />
             </dataset>
             """;
-        var expectedData = getExpectedData(expectedXml);
+        var expectedData = DBUnitHelper.getExpectedData(expectedXml, TABLE_NAME, "name", "id");
         
-        Assertion.assertEquals(expectedData, actualData);
+        DBUnitHelper.assertTablesEqual(expectedData, actualData);
     }
     
     @Test
@@ -156,19 +133,16 @@ void testMigrationTabularIngestSizeLimitToJsonHandlesNullLangValues() throws Exc
         var inputXml = """
             <?xml version='1.0' encoding='UTF-8'?>
             <dataset>
-                <setting id="1" name=":TabularIngestSizeLimit:csv" content="3000" lang="[null]" />
+                <setting id="1" name=":TabularIngestSizeLimit:csv" content="3000" />
             </dataset>
             """;
-        loadData(inputXml);
+        DBUnitHelper.loadData(databaseTester, inputXml);
         
         // WHEN
-        runMigrationScript();
+        DBUnitHelper.runMigrationScript(MIGRATION_RESOURCE);
+        var actualTable = DBUnitHelper.getActualData(databaseTester, TABLE_NAME, "name", "id");
         
         // THEN
-        // Verify the migration completed...
-        IDataSet actualDataSet = databaseTester.getConnection().createDataSet();
-        ITable actualTable = actualDataSet.getTable("setting");
-        
         // Just verify we have at least one row (the migrated JSON setting)
         assertTrue(actualTable.getRowCount() > 0);
     }
@@ -183,11 +157,11 @@ void testMigrationTabularIngestSizeLimitToJsonHandlesNonNumericValuesGracefully(
                 <setting id="1" name=":TabularIngestSizeLimit:csv" content="not-a-number" />
             </dataset>
             """;
-        loadData(inputXml);
+        DBUnitHelper.loadData(databaseTester, inputXml);
         
         // WHEN
-        runMigrationScript();
-        var actualData = getActualData();
+        DBUnitHelper.runMigrationScript(MIGRATION_RESOURCE);
+        var actualData = DBUnitHelper.getActualData(databaseTester, TABLE_NAME, "name", "id");
         
         // THEN
         // Invalid values should be set to 0 (at least that's what the migration *should* do)
@@ -196,80 +170,11 @@ void testMigrationTabularIngestSizeLimitToJsonHandlesNonNumericValuesGracefully(
         var expectedXml = """
             <?xml version='1.0' encoding='UTF-8'?>
             <dataset>
-                <setting name=":TabularIngestSizeLimit" content='{"csv": 0}' />
+                <setting name=":TabularIngestSizeLimit" content='{"csv": 0}' lang="[null]" />
             </dataset>
             """;
-        var expectedData = getExpectedData(expectedXml);
+        var expectedData = DBUnitHelper.getExpectedData(expectedXml, TABLE_NAME, "name", "id");
         
-        assertEquals(expectedData, actualData);
+        DBUnitHelper.assertTablesEqual(expectedData, actualData);
     }
-    
-    // --- Helper Methods ---
-    private void loadData(String inputXml) throws Exception {
-        try (InputStream xml = new ByteArrayInputStream(inputXml.getBytes(StandardCharsets.UTF_8))) {
-            IDataSet inputDataSet = new FlatXmlDataSetBuilder().build(xml);
-            databaseTester.setDataSet(inputDataSet);
-            databaseTester.setSetUpOperation(DatabaseOperation.CLEAN_INSERT);
-            databaseTester.onSetup();
-        }
-        
-        // Update the sequence to avoid primary key collisions with the data just inserted by DBUnit
-        try (Connection conn = SharedPostgresContainer.getConnection(); Statement stmt = conn.createStatement()) {
-            stmt.execute("SELECT setval('setting_id_seq', (SELECT MAX(id) FROM setting))");
-        }
-    }
-    
-    /**
-     * Retrieves and processes the actual data from the database for verification purposes.
-     * The method performs the following steps:
-     * - Obtains the current dataset from the database connection.
-     * - Filters out the id and lang column from the data.
-     * - Sorts the resulting table based on predefined sorting criteria.
-     *
-     * @return a processed and sorted {@link ITable} object representing the actual state of the database.
-     * @throws Exception if an error occurs during dataset retrieval, column filtering, or table sorting.
-     */
-    private ITable getActualData() throws Exception {
-        IDataSet actualDataSet = databaseTester.getConnection().createDataSet();
-        ITable actualTable = actualDataSet.getTable(TABLE_NAME);
-        ITable filteredActual = DefaultColumnFilter.excludedColumnsTable(actualTable, new String[]{"id", "lang"});
-        SortedTable sortedActual = new SortedTable(filteredActual, new String[]{"name"});
-        return sortedActual;
-    }
-    
-    /**
-     * Constructs and returns an expected data table for testing database contents, based on the provided XML input.
-     * The method parses the given XML string into a dataset, filters out the id and lang column,
-     * and sorts the table based on predefined sorting criteria.
-     *
-     * @param expectedXml the XML string representing the expected dataset to be used for verification
-     * @return a processed and sorted {@link ITable} object representing the expected database state
-     * @throws Exception if an error occurs during XML parsing, dataset creation, or table manipulation
-     */
-    private ITable getExpectedData(String expectedXml) throws Exception {
-        try (InputStream xml = new ByteArrayInputStream(expectedXml.getBytes(StandardCharsets.UTF_8))) {
-            IDataSet expectedDataSet = new FlatXmlDataSetBuilder().build(xml);
-            ITable expectedTable = expectedDataSet.getTable(TABLE_NAME);
-            ITable filteredExpected = DefaultColumnFilter.excludedColumnsTable(expectedTable, new String[]{"id", "lang"});
-            SortedTable sortedExpected = new SortedTable(filteredExpected, new String[]{"name"});
-            return sortedExpected;
-        }
-    }
-    
-    private void runMigrationScript() throws Exception {
-        String migrationSql = loadResource(MIGRATION_RESOURCE);
-        try (Connection conn = SharedPostgresContainer.getConnection(); Statement stmt = conn.createStatement()) {
-            stmt.execute(migrationSql);
-        }
-    }
-    
-    private String loadResource(String path) throws Exception {
-        try (InputStream is = getClass().getResourceAsStream(path)) {
-            if (is == null) {
-                throw new RuntimeException("Resource not found: " + path);
-            }
-            return new String(is.readAllBytes(), StandardCharsets.UTF_8);
-        }
-    }
-
 }
\ No newline at end of file

From 85e94eec400126df887127f2730a5725640a340d Mon Sep 17 00:00:00 2001
From: Oliver Bertuch <o.bertuch@fz-juelich.de>
Date: Thu, 27 Nov 2025 14:37:28 +0100
Subject: [PATCH 548/634] fix(settings,workflow): migrate workflow keys to
 structured enums and simplify access methods #11996

Replaced hard-coded workflow keys with structured enum-based keys in `TriggerType`. Updated `WorkflowServiceBean` and `SettingsServiceBean` to use consistent key resolution methods, improving readability and maintainability. Updated related database migration script to align with new key naming schema.

This adds the missing keys after introduction of naming restrictions in #11654. The config keys for the default workflows will no longer be cleansed from the database during deployment.
---
 .../iq/dataverse/settings/SettingsServiceBean.java | 12 ++++++++++++
 .../iq/dataverse/workflow/WorkflowContext.java     | 13 ++++++++++++-
 .../iq/dataverse/workflow/WorkflowServiceBean.java | 14 ++++----------
 src/main/resources/db/migration/V6.8.0.1.sql       |  4 ++++
 4 files changed, 32 insertions(+), 11 deletions(-)

diff --git a/src/main/java/edu/harvard/iq/dataverse/settings/SettingsServiceBean.java b/src/main/java/edu/harvard/iq/dataverse/settings/SettingsServiceBean.java
index 1cdac02a013..174264eabee 100644
--- a/src/main/java/edu/harvard/iq/dataverse/settings/SettingsServiceBean.java
+++ b/src/main/java/edu/harvard/iq/dataverse/settings/SettingsServiceBean.java
@@ -177,6 +177,18 @@ public enum Key {
          */
         WorkflowsAdminIpWhitelist,
         
+        /**
+         * Represents the workflow identifier for the "pre-publish dataset" operation.
+         * This identifier is used to manage and define the specific workflow
+         * triggered before a dataset is published within the application.
+         */
+        PrePublishDatasetWorkflowId,
+        /**
+         * Represents the configuration key for specifying the workflow identifier that
+         * will be executed after a dataset has been published.
+         */
+        PostPublishDatasetWorkflowId,
+        
         /**
          * A special secret that, if set, needs to be given when trying to manage internal users.
          * This key was formerly known as "BuiltinUsers.KEY", which never was a setting name aligning with the others.
diff --git a/src/main/java/edu/harvard/iq/dataverse/workflow/WorkflowContext.java b/src/main/java/edu/harvard/iq/dataverse/workflow/WorkflowContext.java
index a0aee4cb4c9..178028d4241 100644
--- a/src/main/java/edu/harvard/iq/dataverse/workflow/WorkflowContext.java
+++ b/src/main/java/edu/harvard/iq/dataverse/workflow/WorkflowContext.java
@@ -3,6 +3,7 @@
 import edu.harvard.iq.dataverse.Dataset;
 import edu.harvard.iq.dataverse.authorization.users.ApiToken;
 import edu.harvard.iq.dataverse.engine.command.DataverseRequest;
+import edu.harvard.iq.dataverse.settings.SettingsServiceBean.Key;
 import edu.harvard.iq.dataverse.workflow.step.WorkflowStep;
 
 import java.util.Map;
@@ -20,7 +21,17 @@
 public class WorkflowContext {
     
     public enum TriggerType {
-        PrePublishDataset, PostPublishDataset
+        PrePublishDataset(Key.PrePublishDatasetWorkflowId),
+        PostPublishDataset(Key.PostPublishDatasetWorkflowId);
+        
+        final Key key;
+        TriggerType(Key key) {
+            this.key = key;
+        }
+        
+        Key getKey() {
+            return key;
+        }
     }
     
     private final DataverseRequest request;
diff --git a/src/main/java/edu/harvard/iq/dataverse/workflow/WorkflowServiceBean.java b/src/main/java/edu/harvard/iq/dataverse/workflow/WorkflowServiceBean.java
index 757d447b60a..ae1175f0e1d 100644
--- a/src/main/java/edu/harvard/iq/dataverse/workflow/WorkflowServiceBean.java
+++ b/src/main/java/edu/harvard/iq/dataverse/workflow/WorkflowServiceBean.java
@@ -53,7 +53,6 @@
 public class WorkflowServiceBean {
 
     private static final Logger logger = Logger.getLogger(WorkflowServiceBean.class.getName());
-    private static final String WORKFLOW_ID_KEY = "WorkflowServiceBean.WorkflowId:";
 
     @PersistenceContext(unitName = "VDCNet-ejbPU")
     EntityManager em;
@@ -452,7 +451,7 @@ public boolean deleteWorkflow(long workflowId) {
         if (doomedOpt.isPresent()) {
             // validate that this is not the default workflow
             for ( WorkflowContext.TriggerType tp : WorkflowContext.TriggerType.values() ) {
-                String defaultWorkflowId = settings.get(workflowSettingKey(tp));
+                String defaultWorkflowId = settings.getValueForKey(tp.getKey());
                 if (defaultWorkflowId != null
                         && Long.parseLong(defaultWorkflowId) == doomedOpt.get().getId()) {
                     throw new IllegalArgumentException("Workflow " + workflowId + " cannot be deleted as it is the default workflow for trigger " + tp.name() );
@@ -476,7 +475,7 @@ public PendingWorkflowInvocation getPendingWorkflow(String invocationId) {
     }
 
     public Optional<Workflow> getDefaultWorkflow( WorkflowContext.TriggerType type ) {
-        String defaultWorkflowId = settings.get(workflowSettingKey(type));
+        String defaultWorkflowId = settings.getValueForKey(type.getKey());
         if (defaultWorkflowId == null) {
             return Optional.empty();
         }
@@ -491,18 +490,13 @@ public Optional<Workflow> getDefaultWorkflow( WorkflowContext.TriggerType type )
      * @param type type of the workflow.
      */
     public void setDefaultWorkflowId(WorkflowContext.TriggerType type, Long id) {
-        String workflowKey = workflowSettingKey(type);
         if (id == null) {
-            settings.delete(workflowKey);
+            settings.deleteValueForKey(type.getKey());
         } else {
-            settings.set(workflowKey, id.toString());
+            settings.setValueForKey(type.getKey(), id.toString());
         }
     }
 
-    private String workflowSettingKey(WorkflowContext.TriggerType type) {
-        return WORKFLOW_ID_KEY+type.name();
-    }
-
     private WorkflowStep createStep(WorkflowStepData wsd) {
         WorkflowStepSPI provider = providers.get(wsd.getProviderId());
         if (provider == null) {
diff --git a/src/main/resources/db/migration/V6.8.0.1.sql b/src/main/resources/db/migration/V6.8.0.1.sql
index 63df0a44717..e00fe993de9 100644
--- a/src/main/resources/db/migration/V6.8.0.1.sql
+++ b/src/main/resources/db/migration/V6.8.0.1.sql
@@ -95,3 +95,7 @@ DO $$
             DELETE FROM setting WHERE name = 'WorkflowsAdmin#IP_WHITELIST_KEY';
         END IF;
     END $$;
+
+-- 4. Migrate WorkflowServiceBean.WorkflowId specials to new PrePublishDatasetWorkflowId and PostPublishDatasetWorkflowId
+UPDATE setting SET name = ':PrePublishDatasetWorkflowId' WHERE name = 'WorkflowServiceBean.WorkflowId:PrePublishDataset';
+UPDATE setting SET name = ':PostPublishDatasetWorkflowId' WHERE name = 'WorkflowServiceBean.WorkflowId:PostPublishDataset';

From 58a12372ae5eff074131b0c153bb8d2f9b7f5a17 Mon Sep 17 00:00:00 2001
From: Oliver Bertuch <o.bertuch@fz-juelich.de>
Date: Thu, 27 Nov 2025 14:37:51 +0100
Subject: [PATCH 549/634] docs(workflow): add details on workflow configuration
 via Settings API

Expanded documentation to include new Settings API options for managing workflows. Added references for `WorkflowsAdminIpWhitelist`, `PrePublishDatasetWorkflowId`, and `PostPublishDatasetWorkflowId` with usage examples. Enhanced developer guide with a new "Administration" section for workflow-related settings.
---
 .../source/developers/workflows.rst           |  4 ++
 .../source/installation/config.rst            | 40 +++++++++++++++++++
 2 files changed, 44 insertions(+)

diff --git a/doc/sphinx-guides/source/developers/workflows.rst b/doc/sphinx-guides/source/developers/workflows.rst
index 38ca6f4e141..80830a1822d 100644
--- a/doc/sphinx-guides/source/developers/workflows.rst
+++ b/doc/sphinx-guides/source/developers/workflows.rst
@@ -27,6 +27,8 @@ If a step in a workflow fails, the Dataverse installation makes an effort to rol
   provider offers two steps for sending and receiving customizable HTTP requests.
   *http/sr* and *http/authExt*, detailed below, with the latter able to use the API to make changes to the dataset being processed. (Both lock the dataset to prevent other processes from changing the dataset between the time the step is launched to when the external process responds to the Dataverse instance.)
 
+.. _workflow_admin:
+
 Administration
 ~~~~~~~~~~~~~~
 
@@ -36,6 +38,8 @@ At the moment, defining a workflow for each trigger is done for the entire insta
 
 In order to prevent unauthorized resuming of workflows, the Dataverse installation maintains a "white list" of IP addresses from which resume requests are honored. This list is maintained using the ``/api/admin/workflows/ip-whitelist`` endpoint of the :doc:`/api/native-api`. By default, the Dataverse installation honors resume requests from localhost only (``127.0.0.1;::1``), so set-ups that use a single server work with no additional configuration.
 
+Note: these settings are also exposed and manageable via the Settings API.
+See :ref:`:WorkflowsAdminIpWhitelist`, :ref:`:PrePublishDatasetWorkflowId` and :ref:`:PostPublishDatasetWorkflowId`
 
 Available Steps
 ~~~~~~~~~~~~~~~
diff --git a/doc/sphinx-guides/source/installation/config.rst b/doc/sphinx-guides/source/installation/config.rst
index 6c19464489d..d661b14f9c5 100644
--- a/doc/sphinx-guides/source/installation/config.rst
+++ b/doc/sphinx-guides/source/installation/config.rst
@@ -2403,6 +2403,9 @@ The workflow id returned in this call (or available by doing a GET of /api/admin
 
 Once these steps are taken, new publication requests will automatically trigger submission of an archival copy to the specified archiver, Chronopolis' DuraCloud component in this example. For Chronopolis, as when using the API, it is currently the admin's responsibility to snap-shot the DuraCloud space and monitor the result. Failure of the workflow, (e.g. if DuraCloud is unavailable, the configuration is wrong, or the space for this dataset already exists due to a prior publication action or use of the API), will create a failure message but will not affect publication itself.
 
+Note: setting the default workflow is also available via the Settings API.
+See :ref:`:WorkflowsAdminIpWhitelist`, :ref:`:PrePublishDatasetWorkflowId` and :ref:`:PostPublishDatasetWorkflowId`
+
 .. _bag-info.txt:
 
 Configuring bag-info.txt
@@ -5085,6 +5088,43 @@ Number of errors to display to the user when creating DataFiles from a file uplo
 
 ``curl -X PUT -d '1' http://localhost:8080/api/admin/settings/:CreateDataFilesMaxErrorsToDisplay``
 
+.. _:WorkflowsAdminIpWhitelist:
+
+:WorkflowsAdminIpWhitelist
+++++++++++++++++++++++++++
+
+A semicolon-separated list of IP addresses from which workflow resume requests are honored.
+By default, the Dataverse installation honors resume requests from localhost only (``127.0.0.1;::1``).
+This setting allows for preventing unauthorized resuming of workflows.
+
+``curl -X PUT -d '127.0.0.1;::1;192.168.0.1' http://localhost:8080/api/admin/settings/:WorkflowsAdminIpWhitelist``
+
+See :ref:`Workflow Admin section <workflow_admin>` for more details and context.
+
+.. _:PrePublishDatasetWorkflowId:
+
+:PrePublishDatasetWorkflowId
+++++++++++++++++++++++++++++
+
+The identifier of the workflow to be executed prior to dataset publication.
+This pre-publish workflow is useful for preparing a dataset for public access (e.g., moving files, checking metadata) or starting an approval process.
+
+``curl -X PUT -d '1' http://localhost:8080/api/admin/settings/:PrePublishDatasetWorkflowId``
+
+See :ref:`Workflow Admin section <workflow_admin>` for more details and context.
+
+.. _:PostPublishDatasetWorkflowId:
+
+:PostPublishDatasetWorkflowId
++++++++++++++++++++++++++++++
+
+The identifier of the workflow to be executed after a dataset has been successfully published.
+This post-publish workflow is useful for actions such as sending notifications about the newly published dataset or archiving.
+
+``curl -X PUT -d '2' http://localhost:8080/api/admin/settings/:PostPublishDatasetWorkflowId``
+
+See :ref:`Workflow Admin section <workflow_admin>` for more details and context.
+
 .. _:BagItHandlerEnabled:
 
 :BagItHandlerEnabled

From a05fcc868d8329e4c6ccac720351528fd3705f0f Mon Sep 17 00:00:00 2001
From: Oliver Bertuch <o.bertuch@fz-juelich.de>
Date: Thu, 27 Nov 2025 14:38:19 +0100
Subject: [PATCH 550/634] test(migration): update tests to account for
 additional workflow settings

Enhanced `V6_8_0_1__SettingsDataMigrationIT` to include tests for new workflow settings (`PrePublishDatasetWorkflowId` and `PostPublishDatasetWorkflowId`). Updated expected data assertions and display names for better clarity and completeness.
---
 .../V6_8_0_1__SettingsDataMigrationIT.java         | 14 +++++++++-----
 1 file changed, 9 insertions(+), 5 deletions(-)

diff --git a/src/test/java/edu/harvard/iq/dataverse/db/migration/V6_8_0_1__SettingsDataMigrationIT.java b/src/test/java/edu/harvard/iq/dataverse/db/migration/V6_8_0_1__SettingsDataMigrationIT.java
index 6c442d86bd4..309c4779c0e 100644
--- a/src/test/java/edu/harvard/iq/dataverse/db/migration/V6_8_0_1__SettingsDataMigrationIT.java
+++ b/src/test/java/edu/harvard/iq/dataverse/db/migration/V6_8_0_1__SettingsDataMigrationIT.java
@@ -1,6 +1,6 @@
 package edu.harvard.iq.dataverse.db.migration;
 
-
+import edu.harvard.iq.dataverse.settings.SettingsServiceBean.Key;
 import edu.harvard.iq.dataverse.util.testing.Tags;
 import org.dbunit.IDatabaseTester;
 import org.junit.jupiter.api.AfterEach;
@@ -63,7 +63,7 @@ void tearDown() throws Exception {
     }
     
     @Test
-    @DisplayName("Test migrating BuiltinUsers.KEY and WorkflowsAdmin")
+    @DisplayName("Test migrating BuiltinUsers.KEY and Workflow settings")
     void testMigrationConvertSimpleSettings() throws Exception {
         // GIVEN
         var inputXml = """
@@ -71,6 +71,8 @@ void testMigrationConvertSimpleSettings() throws Exception {
             <dataset>
                 <setting id="1" name="BuiltinUsers.KEY" content="secret-key-123" />
                 <setting id="2" name="WorkflowsAdmin#IP_WHITELIST_KEY" content="127.0.0.1" />
+                <setting id="3" name="WorkflowServiceBean.WorkflowId:PrePublishDataset" content="1" />
+                <setting id="4" name="WorkflowServiceBean.WorkflowId:PostPublishDataset" content="2" />
             </dataset>
             """;
         DBUnitHelper.loadData(databaseTester, inputXml);
@@ -85,10 +87,12 @@ void testMigrationConvertSimpleSettings() throws Exception {
         var expectedXml = """
             <?xml version='1.0' encoding='UTF-8'?>
             <dataset>
-                <setting name=":BuiltinUsersKey" content="secret-key-123" />
-                <setting name=":WorkflowsAdminIpWhitelist" content="127.0.0.1" />
+                <setting name="%s" content="secret-key-123" lang="[null]" />
+                <setting name="%s" content="127.0.0.1" lang="[null]" />
+                <setting name="%s" content="1" lang="[null]" />
+                <setting name="%s" content="2" lang="[null]" />
             </dataset>
-            """;
+            """.formatted(Key.BuiltinUsersKey, Key.WorkflowsAdminIpWhitelist, Key.PrePublishDatasetWorkflowId, Key.PostPublishDatasetWorkflowId);
         var expectedData = DBUnitHelper.getExpectedData(expectedXml, TABLE_NAME, "name", "id");
         
         DBUnitHelper.assertTablesEqual(expectedData, actualData);

From a81859633a5cd09e9c9b86fac0ff9e3a96d1594a Mon Sep 17 00:00:00 2001
From: Oliver Bertuch <o.bertuch@fz-juelich.de>
Date: Thu, 27 Nov 2025 14:38:33 +0100
Subject: [PATCH 551/634] refactor(migration): simplify setting name migrations
 with direct `UPDATE` statements

---
 src/main/resources/db/migration/V6.8.0.1.sql | 16 ++--------------
 1 file changed, 2 insertions(+), 14 deletions(-)

diff --git a/src/main/resources/db/migration/V6.8.0.1.sql b/src/main/resources/db/migration/V6.8.0.1.sql
index e00fe993de9..1c3fbf8ffd7 100644
--- a/src/main/resources/db/migration/V6.8.0.1.sql
+++ b/src/main/resources/db/migration/V6.8.0.1.sql
@@ -79,22 +79,10 @@ DO $$
     END $$;
 
 -- 2. Migrate BuiltinUsers.KEY to the new setting name
-DO $$
-    BEGIN
-        IF EXISTS (SELECT 1 FROM setting WHERE name = 'BuiltinUsers.KEY') THEN
-            INSERT INTO setting (name, lang, content) VALUES (':BuiltinUsersKey', NULL, (SELECT content FROM setting WHERE name = 'BuiltinUsers.KEY'));
-            DELETE FROM setting WHERE name = 'BuiltinUsers.KEY';
-        END IF;
-    END $$;
+UPDATE setting SET name = ':BuiltinUsersKey' WHERE name = 'BuiltinUsers.KEY';
 
 -- 3. Migrate WorkflowsAdmin#IP_WHITELIST_KEY to the new setting name
-DO $$
-    BEGIN
-        IF EXISTS (SELECT 1 FROM setting WHERE name = 'WorkflowsAdmin#IP_WHITELIST_KEY') THEN
-            INSERT INTO setting (name, lang, content) VALUES (':WorkflowsAdminIpWhitelist', NULL, (SELECT content FROM setting WHERE name = 'WorkflowsAdmin#IP_WHITELIST_KEY'));
-            DELETE FROM setting WHERE name = 'WorkflowsAdmin#IP_WHITELIST_KEY';
-        END IF;
-    END $$;
+UPDATE setting SET name = ':WorkflowsAdminIpWhitelist' WHERE name = 'WorkflowsAdmin#IP_WHITELIST_KEY';
 
 -- 4. Migrate WorkflowServiceBean.WorkflowId specials to new PrePublishDatasetWorkflowId and PostPublishDatasetWorkflowId
 UPDATE setting SET name = ':PrePublishDatasetWorkflowId' WHERE name = 'WorkflowServiceBean.WorkflowId:PrePublishDataset';

From 1fbbff0bfc721cb5188a2636641d2504b1e970b1 Mon Sep 17 00:00:00 2001
From: Leonid Andreev <leonid@hmdc.harvard.edu>
Date: Tue, 2 Dec 2025 15:52:37 -0500
Subject: [PATCH 552/634] moving the dynamic, remaining upload allocations from
 /storageDriver into a dedicated API #11987

---
 .../harvard/iq/dataverse/api/Datasets.java    | 81 +++++++++++--------
 1 file changed, 46 insertions(+), 35 deletions(-)

diff --git a/src/main/java/edu/harvard/iq/dataverse/api/Datasets.java b/src/main/java/edu/harvard/iq/dataverse/api/Datasets.java
index c29b3364f51..b281a51546b 100644
--- a/src/main/java/edu/harvard/iq/dataverse/api/Datasets.java
+++ b/src/main/java/edu/harvard/iq/dataverse/api/Datasets.java
@@ -3652,9 +3652,7 @@ public Response getMakeDataCountMetric(@PathParam("id") String idSupplied, @Path
     @AuthRequired
     @Path("{identifier}/storageDriver")
     public Response getFileStore(@Context ContainerRequestContext crc, @PathParam("identifier") String dvIdtf,
-            @QueryParam("showRemainingQuotas") boolean showRemaining,
-            @Context UriInfo uriInfo,
-            @Context HttpHeaders headers) throws WrappedResponse {
+            @Context UriInfo uriInfo, @Context HttpHeaders headers) throws WrappedResponse {
 
         Dataset dataset;
 
@@ -3664,38 +3662,7 @@ public Response getFileStore(@Context ContainerRequestContext crc, @PathParam("i
             return error(Response.Status.NOT_FOUND, "No such dataset");
         }
 
-        if (showRemaining) {
-            AuthenticatedUser user;
-            try {
-                user = getRequestAuthenticatedUserOrDie(crc);
-            } catch (WrappedResponse ex) {
-                return error(Response.Status.BAD_REQUEST, "The option showRemainingQuotas requires authentication.");
-            }
-            if (!permissionSvc.requestOn(createDataverseRequest(user), dataset).has(Permission.EditDataset)) {
-                return error(Response.Status.FORBIDDEN, "The option showRemainingQuotas requires EditDataset permission.");
-            }
-        }
-
-        JsonObjectBuilder output = JsonPrinter.jsonStorageDriver(dataset.getEffectiveStorageDriverId(), dataset);
-
-        if (showRemaining) {
-            // Add optional elements - storage size and file count limits, if present:
-
-            if (systemConfig.isStorageQuotasEnforced()) {
-                UploadSessionQuotaLimit uploadSessionQuota = fileService.getUploadSessionQuotaLimit(dataset);
-                if (uploadSessionQuota != null) {
-                    output.add("storageQuotaRemaining", uploadSessionQuota.getRemainingQuotaInBytes());
-                }
-            }
-
-            Integer effectiveFileCountLimit = dataset.getEffectiveDatasetFileCountLimit();
-
-            if (effectiveFileCountLimit != null) {
-                output.add("numberOfFilesRemaining", effectiveFileCountLimit - datasetService.getDataFileCountByOwner(dataset.getId()));
-            }
-        }
-
-        return ok(output);
+        return ok(JsonPrinter.jsonStorageDriver(dataset.getEffectiveStorageDriverId(), dataset));
     }
 
     @PUT
@@ -6255,4 +6222,48 @@ public Response getDatasetStorageUse(@Context ContainerRequestContext crc, @Path
         return response(req -> ok(MessageFormat.format(BundleUtil.getStringFromBundle("dataset.storage.use"),
                 execCommand(new GetDatasetStorageUseCommand(req, findDatasetOrDie(identifier))))), getRequestUser(crc));
     }
+    
+    @GET
+    @AuthRequired
+    @Path("{identifier}/uploadlimits")
+    public Response getUploadLimits(@Context ContainerRequestContext crc, @PathParam("identifier") String dvIdtf,
+            @Context UriInfo uriInfo,
+            @Context HttpHeaders headers) throws WrappedResponse {
+
+        Dataset dataset;
+
+        try {
+            dataset = findDatasetOrDie(dvIdtf);
+        } catch (WrappedResponse ex) {
+            return error(Response.Status.NOT_FOUND, "No such dataset");
+        }
+
+        AuthenticatedUser user;
+        try {
+            user = getRequestAuthenticatedUserOrDie(crc);
+        } catch (WrappedResponse ex) {
+            return error(Response.Status.BAD_REQUEST, "This API call requires authentication.");
+        }
+        if (!permissionSvc.requestOn(createDataverseRequest(user), dataset).has(Permission.EditDataset)) {
+            return error(Response.Status.FORBIDDEN, "This API call requires EditDataset permission.");
+        }
+
+        JsonObjectBuilder limits = new NullSafeJsonBuilder();
+
+        // Add optional elements - storage size and file count limits, if present:
+        if (systemConfig.isStorageQuotasEnforced()) {
+            UploadSessionQuotaLimit uploadSessionQuota = fileService.getUploadSessionQuotaLimit(dataset);
+            if (uploadSessionQuota != null) {
+                limits.add("storageQuotaRemaining", uploadSessionQuota.getRemainingQuotaInBytes());
+            }
+        }
+
+        Integer effectiveFileCountLimit = dataset.getEffectiveDatasetFileCountLimit();
+
+        if (effectiveFileCountLimit != null) {
+            limits.add("numberOfFilesRemaining", effectiveFileCountLimit - datasetService.getDataFileCountByOwner(dataset.getId()));
+        }
+
+        return ok(new NullSafeJsonBuilder().add("uploadLimits", limits));
+    }
 }

From 908ce3c1738a54f22ef1b83be98cb7a51a5bf938 Mon Sep 17 00:00:00 2001
From: Philip Durbin <philip_durbin@harvard.edu>
Date: Wed, 3 Dec 2025 09:48:00 -0500
Subject: [PATCH 553/634] add Quickstart Guide (#11653)

* add Quickstart Guide and first page: Publish #11652

* lowercase a #11652

* change filename/path from publish to publish-a-dataset #11652

* Update doc/sphinx-guides/source/quickstart/publish-a-dataset.md

* Update publish-a-dataset.md

removed numbers for bullets

* make "Log In" a link (and add ref) #11652

* add "publish a dataset" button to top of User Guide #11652

* Update publish-a-dataset.md

Updated ref links

* Update doc/sphinx-guides/source/quickstart/publish-a-dataset.md

* Update doc/sphinx-guides/source/quickstart/publish-a-dataset.md

* Update doc/sphinx-guides/source/quickstart/publish-a-dataset.md

* Update doc/sphinx-guides/source/quickstart/publish-a-dataset.md

* Update doc/sphinx-guides/source/quickstart/publish-a-dataset.md

* Updated links

* add "what is Dataverse" and "publish a collection" #11652

* the software is called Dataverse #11652

* link to list of feature on website, for now

* add quickstart buttons to user guide

* fix link to collection

* make buttons smaller #11652

* #11652 remove duplication

---------

Co-authored-by: Omer Fahim <mfahim11427@gmail.com>
Co-authored-by: Stephen Kraffmiller <skraffmiller@hmdc.harvard.edu>
---
 doc/sphinx-guides/source/index.rst            |   3 +
 doc/sphinx-guides/source/quickstart/index.md  |   9 ++
 .../source/quickstart/publish-a-collection.md |  63 ++++++++++
 .../source/quickstart/publish-a-dataset.md    |  61 +++++++++
 .../source/quickstart/what-is-dataverse.md    |  40 ++++++
 doc/sphinx-guides/source/user/account.rst     |   2 +
 .../source/user/dataset-management.rst        |  15 +++
 .../source/user/img/access-data.svg           |  95 ++++++++++++++
 .../source/user/img/publish-a-collection.svg  | 111 +++++++++++++++++
 .../source/user/img/publish-a-dataset.svg     |  89 ++++++++++++++
 .../source/user/img/what-is-dataverse.svg     | 116 ++++++++++++++++++
 doc/sphinx-guides/source/user/index.rst       |  25 ++++
 12 files changed, 629 insertions(+)
 create mode 100644 doc/sphinx-guides/source/quickstart/index.md
 create mode 100644 doc/sphinx-guides/source/quickstart/publish-a-collection.md
 create mode 100644 doc/sphinx-guides/source/quickstart/publish-a-dataset.md
 create mode 100644 doc/sphinx-guides/source/quickstart/what-is-dataverse.md
 create mode 100644 doc/sphinx-guides/source/user/img/access-data.svg
 create mode 100644 doc/sphinx-guides/source/user/img/publish-a-collection.svg
 create mode 100644 doc/sphinx-guides/source/user/img/publish-a-dataset.svg
 create mode 100644 doc/sphinx-guides/source/user/img/what-is-dataverse.svg

diff --git a/doc/sphinx-guides/source/index.rst b/doc/sphinx-guides/source/index.rst
index 0b1d85718b2..01f6b1969b5 100755
--- a/doc/sphinx-guides/source/index.rst
+++ b/doc/sphinx-guides/source/index.rst
@@ -6,6 +6,8 @@
 Dataverse Documentation v. |version|
 ====================================
 
+Check out the new :doc:`/quickstart/index`!
+
 These documentation guides are for the |version| version of Dataverse. To find guides belonging to previous or future versions, :ref:`guides_versions` has a list of all available versions.
 
 .. toctree::
@@ -13,6 +15,7 @@ These documentation guides are for the |version| version of Dataverse. To find g
   :titlesonly:
   :maxdepth: 2
 
+  quickstart/index
   user/index
   admin/index
   ai/index
diff --git a/doc/sphinx-guides/source/quickstart/index.md b/doc/sphinx-guides/source/quickstart/index.md
new file mode 100644
index 00000000000..96f3fdbeff5
--- /dev/null
+++ b/doc/sphinx-guides/source/quickstart/index.md
@@ -0,0 +1,9 @@
+# Quickstart Guide
+
+```{toctree}
+:caption: "Contents:"
+:maxdepth: 1
+what-is-dataverse.md
+publish-a-dataset.md
+publish-a-collection.md
+```
diff --git a/doc/sphinx-guides/source/quickstart/publish-a-collection.md b/doc/sphinx-guides/source/quickstart/publish-a-collection.md
new file mode 100644
index 00000000000..4b97703225b
--- /dev/null
+++ b/doc/sphinx-guides/source/quickstart/publish-a-collection.md
@@ -0,0 +1,63 @@
+# Publish a Collection
+
+## 🔐 Step 1: Log In & Create a Draft
+
+- {ref}`Log in <account-log-in-options>`.
+- (Optional) Navigate to {doc}`a collection </user/dataverse-management>`.
+- Click "Add Data" → "New Dataverse".
+
+Note: If you don’t see the "Add Data" button, contact your repository support team.
+
+## 📝 Step 2: Enter Basic Metadata & Settings
+
+- Fill in the required {ref}`metadata <create-dataverse>` fields
+- Select metadata settings.  
+- Click "Create Dataverse" at the bottom to save your draft collection.
+
+## 🚀 Step 3: Publish Your Collection
+
+Note: once published, easy deletion of a collection is no longer possible.
+
+- Click "Publish" (top right).
+
+---
+
+## ✅ Choose Look & Feel (optional)
+
+- Click "Edit" → "Theme \+ Widgets".  
+- Select {ref}`theme settings <theme>`.
+- Click "Save Changes".
+
+## ✅ Set Permissions (optional)
+
+- Click "Edit" → "Permissions".  
+- Under "Permissions", click "Edit Access" to {ref}`set general permissions <dataverse-permissions>`.
+- (Optional) Add users or groups with specific permissions under "Users/Groups" by clicking "Assign Roles to Users/Groups".
+
+## ✅ Create Groups (optional)
+
+- Click "Edit" → "Groups".  
+- Click "Create Group".  
+- Enter a Group Name and Group Identifier.  
+- Add users to this group using autofill in "Users/Groups".  
+- Click "Create Group".
+
+## ✅ Set Dataset Templates (optional)
+
+- Click "Edit" → "Dataset Templates".  
+- Click {ref}`Create Dataset Template <dataset-templates>`.
+- Enter a template name.  
+- Add any template metadata in the metadata fields.  
+- Click "Save \+ Add Terms".  
+- {ref}`Choose a license <choosing-license>` from the dropdown or select {ref}`Custom Dataset Terms <custom-terms>`.
+- Provide other relevant terms information  
+- Click "Save Dataset Template"
+
+## ✅ Set Dataset Guestbooks (optional)
+
+- Click "Edit" → "Dataset Guestbooks".  
+- Click {ref}`Create Dataset Guestbook <dataset-guestbooks>`.
+- Enter a guestbook name.  
+- Add information to collect.  
+- Click "Create Dataset Guestbook".
+
diff --git a/doc/sphinx-guides/source/quickstart/publish-a-dataset.md b/doc/sphinx-guides/source/quickstart/publish-a-dataset.md
new file mode 100644
index 00000000000..91e0da5f93d
--- /dev/null
+++ b/doc/sphinx-guides/source/quickstart/publish-a-dataset.md
@@ -0,0 +1,61 @@
+# Publish a Dataset
+
+## 🔐 Step 1: Log In & Create a Draft
+
+- {ref}`Log in <account-log-in-options>`.
+- (Optional) Navigate to {doc}`a collection </user/dataverse-management>`.
+- Click "Add Data" → "{ref}`New Dataset <adding-new-dataset>`".
+
+Note: If you don’t see the "Add Data" button, contact your repository support team.
+
+## 📝Step 2: Enter Basic Metadata
+
+- Fill in the required {ref}`metadata <metadata-supported>` fields.
+- Click "Save" at the bottom to save your draft dataset.
+
+
+## 📁 Step 3: Upload or Edit Files
+
+- In the draft dataset, scroll down to the "Files" tab.
+- Click "{ref}`Upload Files <dataset-file-upload>`".
+- Choose "Select Files to Add" or drag and drop files.
+- (Optional) Use "{ref}`Upload Folder <folder-upload>`" if available.
+- Click "Done" when upload is completed.
+
+To edit files:
+
+- Select files on the left → Click "{ref}`Edit Files <edit-files>`".
+- To {ref}`restrict/embargo files <edit-file-metadata>`, choose the relevant option.
+
+## 📜 Step 4: Set Terms of Use
+
+- Go to the terms tab.
+- Click "{ref}`Edit Terms Requirements <license-terms>`".
+- {ref}`Choose a license <choosing-license>` from the dropdown or select {ref}`Custom Dataset Terms <custom-terms>`.
+- Click "Save changes".
+
+## 🧾 Step 5: Add or Edit Metadata
+
+- Go to the metadata tab.
+- Click "Add + Edit Metadata".
+- Click "Save" after making changes.
+
+## 🚀 Step 6: Publish Your Dataset
+
+Note: once published, easy deletion of a dataset is no longer possible.
+
+- Click publish-dataset or submit-for-review (top right).
+
+ - {ref}`Publish Dataset <publish-dataset>`: Immediately publish a dataset. This option is only available on repositories without a review phase.
+
+ - {ref}`Submit for Review <submit-for-review>`: Locks draft and sends to support staff. If changes are needed, you’ll be notified via email and you can resubmit. This option is only available on repositories with a review phase.
+
+## 🔄 Optional: Update a Published Dataset
+
+- Edit the dataset and publish {ref}`a new version <dataset-versions>`.
+- The DOI remains the same.
+- The dataset-versioning tracks all changes:
+
+  - Metadata changes = minor version.
+
+  - Data changes = major version.
diff --git a/doc/sphinx-guides/source/quickstart/what-is-dataverse.md b/doc/sphinx-guides/source/quickstart/what-is-dataverse.md
new file mode 100644
index 00000000000..6f86473bada
--- /dev/null
+++ b/doc/sphinx-guides/source/quickstart/what-is-dataverse.md
@@ -0,0 +1,40 @@
+# What is Dataverse?
+
+Dataverse is an open source web application for sharing, preserving, citing, exploring, and analyzing research data. It is developed and supported by the Dataverse user community.
+
+A Dataverse repository can host one or more Dataverse collections, which organize datasets. 
+
+- Collections can contain datasets and sub-collections for further organization.  
+- Each dataset includes:  
+  - Metadata  
+  - Data files  
+  - Documentation or code
+
+## Core Capabilities
+
+### 📤 Upload, manage, publish and download data files.
+
+- Upload data while retaining directory structure for better context and reproducibility.  
+- Manage datasets by inviting collaborators before publication.  
+- Control access with permissions, configurations, licenses, file restrictions, and guestbooks.  
+- Publish datasets with rich metadata, licensing, and versioning to make data FAIR.  
+- Download data with clear terms of use and cite data using provided citation options.
+
+### 🔍 Make your data findable, reusable, and citable with rich metadata
+
+- Rich metadata is added to a dataset before publication, with the option to use domain-specific metadata blocks.  
+- Harvest metadata of datasets through the distribution of standardized data descriptions across the web (e.g. Google Dataset Search).
+
+### 📜Define how data can be reused with clear terms
+
+- Standardized licenses can be applied to a dataset.  
+- Custom dataset terms allow for dataset publication that cannot use standardized licenses.
+
+### 📈 Keep track of changes on published datasets with versioning
+
+- Track version changes with metadata and file changes tracked as minor and major versions.  
+- Access and cite specific versions via the version tab on a dataset.  
+- Compare versions with the detailed version change overview on dataset-level.
+
+### ✨More features  
+The Dataverse project is continuously evolving. For an overview of capabilities, visit the [features list](https://dataverse.org/software-features).
diff --git a/doc/sphinx-guides/source/user/account.rst b/doc/sphinx-guides/source/user/account.rst
index cd269ddac20..17415a59190 100755
--- a/doc/sphinx-guides/source/user/account.rst
+++ b/doc/sphinx-guides/source/user/account.rst
@@ -14,6 +14,8 @@ As a registered user, you can:
 -  Contribute to existing datasets, if permitted.
 -  Request access to restricted files, if permitted.
 
+.. _account-log-in-options:
+
 Account Log In Options
 ~~~~~~~~~~~~~~~~~~~~~~
 
diff --git a/doc/sphinx-guides/source/user/dataset-management.rst b/doc/sphinx-guides/source/user/dataset-management.rst
index d91232142ae..22e72a6a210 100755
--- a/doc/sphinx-guides/source/user/dataset-management.rst
+++ b/doc/sphinx-guides/source/user/dataset-management.rst
@@ -8,6 +8,7 @@ A dataset in a Dataverse installation is a container for your data, documentatio
 .. contents:: |toctitle|
 	:local:
 
+.. _metadata-supported:
 
 Supported Metadata
 ==================
@@ -421,9 +422,13 @@ Differentially Private (DP) Metadata can be accessed for restricted tabular file
 
 See also :ref:`terms-of-access` and :ref:`permissions`.
 
+.. _edit-files:
+
 Edit Files
 ==========
 
+.. _edit-file-metadata:
+
 Edit File Metadata
 ------------------
 
@@ -476,6 +481,8 @@ Terms
 
 Dataset terms can be viewed and edited from the Terms tab of the dataset page, or under the Edit dropdown button of a Dataset. There, you can set up how users can use your data once they have downloaded it (via a standard license or, if allowed, custom terms), how they can access your data if you have files that are restricted (terms of access), and enable a Guestbook for your dataset so that you can track who is using your data and for what purposes. These are explained in further detail below:
 
+.. _choosing-license:
+
 Choosing a License
 ------------------
 
@@ -506,6 +513,8 @@ The `Dataverse Community Norms <https://dataverse.org/best-practices/dataverse-c
 
 \* **Legal Disclaimer:** these `Community Norms <https://dataverse.org/best-practices/dataverse-community-norms>`_ are not a substitute for the CC0 waiver or custom terms and licenses applicable to each dataset. The Community Norms are not a binding contractual agreement, and downloading datasets from a Dataverse installation does not create a legal obligation to follow these policies.
 
+.. _custom-terms:
+
 Custom Terms of Use for Datasets
 --------------------------------
 
@@ -688,6 +697,8 @@ Adding Widgets to an OpenScholar Website
 #. Click on the Settings Cog and select Layout
 #. At the top right, select Add New Widget and under Misc. you will see the Dataverse Collection and the Dataverse Dataset Citation Widgets. Click on the widget you would like to add, fill out the form, and then drag it to where you would like it to display in the page.
 
+.. _publish-dataset:
+
 Publish Dataset
 ===============
 
@@ -700,6 +711,8 @@ Whenever you edit your dataset, you are able to publish a new version of the dat
 Note: Prior to publishing your dataset the Data Citation will indicate that this is a draft but the "DRAFT VERSION" text
 will be removed as soon as you Publish.
 
+.. _submit-for-review:
+
 Submit for Review
 =================
 
@@ -758,6 +771,8 @@ Support for file-level retention periods can also be configured in a Dataverse i
 Retention periods are intended to support use cases where files must be made unavailable - and in most cases destroyed, e.g. to meet legal requirements - after a certain period or date.
 Actual destruction is not automatically handled, but would have to be done on the storage if needed.
 
+.. _dataset-versions:
+
 Dataset Versions
 ================
 
diff --git a/doc/sphinx-guides/source/user/img/access-data.svg b/doc/sphinx-guides/source/user/img/access-data.svg
new file mode 100644
index 00000000000..ef27df08523
--- /dev/null
+++ b/doc/sphinx-guides/source/user/img/access-data.svg
@@ -0,0 +1,95 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!-- Created with Inkscape (http://www.inkscape.org/) -->
+
+<svg
+   width="110.681mm"
+   height="40.157001mm"
+   viewBox="0 0 110.681 40.157002"
+   version="1.1"
+   id="svg1"
+   xml:space="preserve"
+   inkscape:version="1.3.2 (091e20e, 2023-11-25, custom)"
+   sodipodi:docname="access-data.svg"
+   inkscape:export-filename="publish-a-dataset-button.png"
+   inkscape:export-xdpi="189.86"
+   inkscape:export-ydpi="189.86"
+   xmlns:inkscape="http://www.inkscape.org/namespaces/inkscape"
+   xmlns:sodipodi="http://sodipodi.sourceforge.net/DTD/sodipodi-0.dtd"
+   xmlns="http://www.w3.org/2000/svg"
+   xmlns:svg="http://www.w3.org/2000/svg"><sodipodi:namedview
+     id="namedview1"
+     pagecolor="#ffffff"
+     bordercolor="#000000"
+     borderopacity="0.25"
+     inkscape:showpageshadow="2"
+     inkscape:pageopacity="0.0"
+     inkscape:pagecheckerboard="0"
+     inkscape:deskcolor="#d1d1d1"
+     inkscape:document-units="mm"
+     inkscape:zoom="2.0485264"
+     inkscape:cx="205.2695"
+     inkscape:cy="128.14089"
+     inkscape:window-width="2880"
+     inkscape:window-height="1514"
+     inkscape:window-x="2869"
+     inkscape:window-y="-11"
+     inkscape:window-maximized="1"
+     inkscape:current-layer="layer1" /><defs
+     id="defs1" /><g
+     inkscape:groupmode="layer"
+     id="layer3"
+     inkscape:label="Padding"
+     transform="translate(1.5874994,3.968749)"><rect
+       style="fill:none;stroke:none;stroke-width:1.56463;stroke-linecap:round;stroke-linejoin:round;stroke-opacity:1"
+       id="rect1-6"
+       width="110.681"
+       height="40.157001"
+       x="-1.5874994"
+       y="-3.968749"
+       ry="3.9715712" /></g><g
+     inkscape:label="Layer 1"
+     inkscape:groupmode="layer"
+     id="layer1"
+     transform="translate(-22.02082,-62.347961)"><text
+       xml:space="preserve"
+       style="font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;font-size:7.05556px;font-family:helvetica;-inkscape-font-specification:helvetica;text-align:start;letter-spacing:0px;text-anchor:start;fill:#337ab7;fill-opacity:1;stroke:none;stroke-width:2;stroke-linecap:round;stroke-linejoin:round;stroke-opacity:1"
+       x="50.035465"
+       y="77.987808"
+       id="text1"><tspan
+         sodipodi:role="line"
+         id="tspan1"
+         style="font-size:7.05556px;text-align:start;text-anchor:start;fill:#337ab7;fill-opacity:1;stroke:none;stroke-width:2"
+         x="50.035465"
+         y="77.987808">Access a Dataset</tspan></text><text
+       xml:space="preserve"
+       style="font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;font-size:4.23333px;font-family:helvetica;-inkscape-font-specification:helvetica;text-align:start;letter-spacing:0px;text-anchor:start;white-space:pre;inline-size:82.9212;display:inline;fill:#333333;fill-opacity:1;stroke:none;stroke-width:2;stroke-linecap:round;stroke-linejoin:round;stroke-opacity:1"
+       x="-6.0697236"
+       y="112.33395"
+       id="text2"
+       transform="translate(56.093375,-25.783397)"><tspan
+         x="-6.0697236"
+         y="112.33395"
+         id="tspan4">How to access and download data from
+</tspan><tspan
+         x="-6.0697236"
+         y="117.62561"
+         id="tspan5">a dataset</tspan></text><g
+       style="overflow:hidden;fill:#c55b28;fill-opacity:1"
+       id="g3"
+       transform="matrix(0.30645161,0,0,0.296875,22.263143,68.176961)"><g
+         transform="translate(-592,-312)"
+         id="g2"
+         style="fill:#c55b28;fill-opacity:1"><path
+           d="M 660.5,356 H 648 v -28 h -16 v 28 h -12.5 l 20.5,24 z"
+           id="path1-4"
+           style="fill:#c55b28;fill-opacity:1" /><path
+           d="m 665,368 v 18 h -50 v -18 h -6 v 24 h 62 v -24 z"
+           id="path2"
+           style="fill:#c55b28;fill-opacity:1" /></g></g><rect
+       style="fill:none;stroke:#c55b28;stroke-width:1.34669;stroke-linecap:round;stroke-linejoin:round;stroke-opacity:1"
+       id="rect1"
+       width="105.68102"
+       height="31.156733"
+       x="24.520809"
+       y="66.848083"
+       ry="3.081435" /></g></svg>
diff --git a/doc/sphinx-guides/source/user/img/publish-a-collection.svg b/doc/sphinx-guides/source/user/img/publish-a-collection.svg
new file mode 100644
index 00000000000..bd4b2737048
--- /dev/null
+++ b/doc/sphinx-guides/source/user/img/publish-a-collection.svg
@@ -0,0 +1,111 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!-- Created with Inkscape (http://www.inkscape.org/) -->
+
+<svg
+   width="110.681mm"
+   height="40.157001mm"
+   viewBox="0 0 110.681 40.157002"
+   version="1.1"
+   id="svg1"
+   xml:space="preserve"
+   inkscape:version="1.3.2 (091e20e, 2023-11-25, custom)"
+   sodipodi:docname="publish-a-collection.svg"
+   inkscape:export-filename="publish-a-dataset-button.png"
+   inkscape:export-xdpi="189.86"
+   inkscape:export-ydpi="189.86"
+   xmlns:inkscape="http://www.inkscape.org/namespaces/inkscape"
+   xmlns:sodipodi="http://sodipodi.sourceforge.net/DTD/sodipodi-0.dtd"
+   xmlns="http://www.w3.org/2000/svg"
+   xmlns:svg="http://www.w3.org/2000/svg"><sodipodi:namedview
+     id="namedview1"
+     pagecolor="#ffffff"
+     bordercolor="#000000"
+     borderopacity="0.25"
+     inkscape:showpageshadow="2"
+     inkscape:pageopacity="0.0"
+     inkscape:pagecheckerboard="0"
+     inkscape:deskcolor="#d1d1d1"
+     inkscape:document-units="mm"
+     inkscape:zoom="2.8970538"
+     inkscape:cx="146.87335"
+     inkscape:cy="80.944302"
+     inkscape:window-width="2880"
+     inkscape:window-height="1514"
+     inkscape:window-x="2869"
+     inkscape:window-y="-11"
+     inkscape:window-maximized="1"
+     inkscape:current-layer="layer1" /><defs
+     id="defs1" /><g
+     inkscape:groupmode="layer"
+     id="layer2"
+     inkscape:label="Padding"><rect
+       style="fill:none;stroke:none;stroke-width:1.56463;stroke-linecap:round;stroke-linejoin:round;stroke-opacity:1"
+       id="rect1-6"
+       width="110.681"
+       height="40.157001"
+       x="21.973841"
+       y="62.65686"
+       ry="3.9715712"
+       transform="translate(-21.973841,-62.65686)" /></g><g
+     inkscape:label="Layer 1"
+     inkscape:groupmode="layer"
+     id="layer1"
+     transform="translate(-21.973841,-62.65686)"><rect
+       style="fill:none;stroke:#c55b28;stroke-width:1.34669;stroke-linecap:round;stroke-linejoin:round;stroke-opacity:1"
+       id="rect1-8"
+       width="105.68102"
+       height="31.156733"
+       x="24.473829"
+       y="67.156998"
+       ry="3.081435"
+       inkscape:label="rect1" /><text
+       xml:space="preserve"
+       style="font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;font-size:7.05556px;font-family:helvetica;-inkscape-font-specification:helvetica;text-align:start;letter-spacing:0px;text-anchor:start;fill:#337ab7;fill-opacity:1;stroke:none;stroke-width:2;stroke-linecap:round;stroke-linejoin:round;stroke-opacity:1"
+       x="49.488949"
+       y="78.434509"
+       id="text1"><tspan
+         id="tspan1"
+         style="font-size:7.05556px;text-align:start;text-anchor:start;fill:#337ab7;fill-opacity:1;stroke:none;stroke-width:2"
+         x="49.488949"
+         y="78.434509"
+         sodipodi:role="line">Publish a Collection</tspan></text><g
+       style="overflow:hidden;fill:#c55b28;fill-opacity:1"
+       id="g3"
+       transform="matrix(0.05364716,0,0,0.05364711,23.514051,69.32409)"><g
+         transform="translate(-359)"
+         id="g7"
+         style="fill:#c55b28;fill-opacity:1"><path
+           d="m 431.917,395.833 h 354.166 v 31.25 H 431.917 Z"
+           id="path1-0"
+           style="fill:#c55b28;fill-opacity:1" /><path
+           d="m 431.917,72.9167 h 41.666 V 375 h -41.666 z"
+           id="path2"
+           style="fill:#c55b28;fill-opacity:1" /><path
+           d="m 692.333,333.333 h 93.75 V 375 h -93.75 z"
+           id="path3"
+           style="fill:#c55b28;fill-opacity:1" /><path
+           d="m 692.333,156.25 h 93.75 V 312.5 h -93.75 z"
+           id="path4"
+           style="fill:#c55b28;fill-opacity:1" /><path
+           d="m 692.333,93.75 h 93.75 v 41.667 h -93.75 z"
+           id="path5"
+           style="fill:#c55b28;fill-opacity:1" /><path
+           d="m 629.833,187.5 c -5.729,0 -10.416,-4.688 -10.416,-10.417 0,-5.729 4.687,-10.416 10.416,-10.416 5.729,0 10.417,4.687 10.417,10.416 0,5.729 -4.688,10.417 -10.417,10.417 z m 0,166.667 c -5.729,0 -10.416,-4.688 -10.416,-10.417 0,-5.729 4.687,-10.417 10.416,-10.417 5.729,0 10.417,4.688 10.417,10.417 0,5.729 -4.688,10.417 -10.417,10.417 z M 671.5,145.833 H 588.167 V 375 H 671.5 Z"
+           id="path6"
+           style="fill:#c55b28;fill-opacity:1" /><path
+           d="M 546.5,156.25 H 515.25 V 125 h 31.25 z m 20.833,-52.083 H 494.417 V 375 h 72.916 z"
+           id="path7"
+           style="fill:#c55b28;fill-opacity:1" /></g></g><text
+       xml:space="preserve"
+       style="font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;font-size:4.23333px;font-family:helvetica;-inkscape-font-specification:helvetica;text-align:start;letter-spacing:0px;text-anchor:start;white-space:pre;inline-size:82.9212;display:inline;fill:#333333;fill-opacity:1;stroke:none;stroke-width:2;stroke-linecap:round;stroke-linejoin:round;stroke-opacity:1"
+       x="-6.0697236"
+       y="112.33395"
+       id="text2"
+       transform="translate(56.100143,-25.470366)"><tspan
+         x="-6.0697236"
+         y="112.33395"
+         id="tspan3">A quickstart guide to create and publish
+</tspan><tspan
+         x="-6.0697236"
+         y="117.62561"
+         id="tspan4">a data collection</tspan></text></g></svg>
diff --git a/doc/sphinx-guides/source/user/img/publish-a-dataset.svg b/doc/sphinx-guides/source/user/img/publish-a-dataset.svg
new file mode 100644
index 00000000000..47708db6e2e
--- /dev/null
+++ b/doc/sphinx-guides/source/user/img/publish-a-dataset.svg
@@ -0,0 +1,89 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!-- Created with Inkscape (http://www.inkscape.org/) -->
+
+<svg
+   width="110.681mm"
+   height="40.157001mm"
+   viewBox="0 0 110.681 40.157002"
+   version="1.1"
+   id="svg1"
+   xml:space="preserve"
+   inkscape:version="1.3.2 (091e20e, 2023-11-25, custom)"
+   sodipodi:docname="publish-a-dataset-slim_padded.svg"
+   inkscape:export-filename="publish-a-dataset-button.png"
+   inkscape:export-xdpi="189.86"
+   inkscape:export-ydpi="189.86"
+   xmlns:inkscape="http://www.inkscape.org/namespaces/inkscape"
+   xmlns:sodipodi="http://sodipodi.sourceforge.net/DTD/sodipodi-0.dtd"
+   xmlns="http://www.w3.org/2000/svg"
+   xmlns:svg="http://www.w3.org/2000/svg"><sodipodi:namedview
+     id="namedview1"
+     pagecolor="#ffffff"
+     bordercolor="#000000"
+     borderopacity="0.25"
+     inkscape:showpageshadow="2"
+     inkscape:pageopacity="0.0"
+     inkscape:pagecheckerboard="0"
+     inkscape:deskcolor="#d1d1d1"
+     inkscape:document-units="mm"
+     inkscape:zoom="2.8970538"
+     inkscape:cx="229.71613"
+     inkscape:cy="158.95459"
+     inkscape:window-width="2880"
+     inkscape:window-height="1514"
+     inkscape:window-x="2869"
+     inkscape:window-y="-11"
+     inkscape:window-maximized="1"
+     inkscape:current-layer="layer2" /><defs
+     id="defs1" /><g
+     inkscape:groupmode="layer"
+     id="layer2"
+     inkscape:label="Padding"
+     transform="translate(1.8266437,3.8267896)"><rect
+       style="fill:none;stroke:none;stroke-width:1.56463;stroke-linecap:round;stroke-linejoin:round;stroke-opacity:1"
+       id="rect1-6"
+       width="110.681"
+       height="40.157001"
+       x="-1.8266437"
+       y="-3.8267896"
+       ry="3.9715712" /></g><g
+     inkscape:label="Layer 1"
+     inkscape:groupmode="layer"
+     id="layer1"
+     transform="translate(-21.781677,-62.489924)"><rect
+       style="fill:none;stroke:#c55b28;stroke-width:1.34669;stroke-linecap:round;stroke-linejoin:round;stroke-opacity:1"
+       id="rect1"
+       width="105.68102"
+       height="31.156733"
+       x="24.281666"
+       y="66.990059"
+       ry="3.081435" /><text
+       xml:space="preserve"
+       style="font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;font-size:7.05556px;font-family:helvetica;-inkscape-font-specification:helvetica;text-align:start;letter-spacing:0px;text-anchor:start;fill:#337ab7;fill-opacity:1;stroke:none;stroke-width:2;stroke-linecap:round;stroke-linejoin:round;stroke-opacity:1"
+       x="49.296303"
+       y="78.1465"
+       id="text1"><tspan
+         sodipodi:role="line"
+         id="tspan1"
+         style="font-size:7.05556px;text-align:start;text-anchor:start;fill:#337ab7;fill-opacity:1;stroke:none;stroke-width:2"
+         x="49.296303"
+         y="78.1465">Publish a Dataset</tspan></text><g
+       style="overflow:hidden;fill:#c55b28;fill-opacity:1"
+       id="g1"
+       transform="matrix(0.05289994,0,0,0.0530232,25.333785,71.168429)"><path
+         d="M 395.08541,188.125 H 242.43857 V 35.8333 H 188.56333 V 188.125 H 35.916792 v 53.75 H 188.56333 v 152.292 h 53.87524 V 241.875 h 152.64684 z"
+         id="path1"
+         style="fill:#c55b28;fill-opacity:1;stroke-width:1.00116" /></g><text
+       xml:space="preserve"
+       style="font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;font-size:4.23333px;font-family:helvetica;-inkscape-font-specification:helvetica;text-align:start;letter-spacing:0px;text-anchor:start;white-space:pre;inline-size:82.9212;display:inline;fill:#333333;fill-opacity:1;stroke:none;stroke-width:2;stroke-linecap:round;stroke-linejoin:round;stroke-opacity:1"
+       x="-6.0697236"
+       y="112.33395"
+       id="text2"
+       transform="translate(55.89716,-25.641933)"><tspan
+         x="-6.0697236"
+         y="112.33395"
+         id="tspan2">A quickstart guide to create and publish
+</tspan><tspan
+         x="-6.0697236"
+         y="117.62561"
+         id="tspan5">a dataset</tspan></text></g></svg>
diff --git a/doc/sphinx-guides/source/user/img/what-is-dataverse.svg b/doc/sphinx-guides/source/user/img/what-is-dataverse.svg
new file mode 100644
index 00000000000..b1056d875d9
--- /dev/null
+++ b/doc/sphinx-guides/source/user/img/what-is-dataverse.svg
@@ -0,0 +1,116 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!-- Created with Inkscape (http://www.inkscape.org/) -->
+
+<svg
+   width="110.681mm"
+   height="40.157001mm"
+   viewBox="0 0 110.681 40.157002"
+   version="1.1"
+   id="svg1"
+   xml:space="preserve"
+   inkscape:version="1.3.2 (091e20e, 2023-11-25, custom)"
+   sodipodi:docname="what-is-dataverse.svg"
+   inkscape:export-filename="publish-a-dataset-button.png"
+   inkscape:export-xdpi="189.86"
+   inkscape:export-ydpi="189.86"
+   xmlns:inkscape="http://www.inkscape.org/namespaces/inkscape"
+   xmlns:sodipodi="http://sodipodi.sourceforge.net/DTD/sodipodi-0.dtd"
+   xmlns="http://www.w3.org/2000/svg"
+   xmlns:svg="http://www.w3.org/2000/svg"><sodipodi:namedview
+     id="namedview1"
+     pagecolor="#ffffff"
+     bordercolor="#000000"
+     borderopacity="0.25"
+     inkscape:showpageshadow="2"
+     inkscape:pageopacity="0.0"
+     inkscape:pagecheckerboard="0"
+     inkscape:deskcolor="#d1d1d1"
+     inkscape:document-units="mm"
+     inkscape:zoom="2.8970538"
+     inkscape:cx="232.82274"
+     inkscape:cy="118.91391"
+     inkscape:window-width="2880"
+     inkscape:window-height="1514"
+     inkscape:window-x="2869"
+     inkscape:window-y="-11"
+     inkscape:window-maximized="1"
+     inkscape:current-layer="layer1" /><defs
+     id="defs1" /><rect
+     style="fill:none;stroke:none;stroke-width:1.56463;stroke-linecap:round;stroke-linejoin:round;stroke-opacity:1"
+     id="rect1-6"
+     width="110.681"
+     height="40.157001"
+     x="0"
+     y="0"
+     ry="3.9715712" /><g
+     inkscape:groupmode="layer"
+     id="layer4"
+     inkscape:label="Padding"
+     transform="translate(1.8856709,3.8344653)" /><g
+     inkscape:label="Layer 1"
+     inkscape:groupmode="layer"
+     id="layer1"
+     transform="translate(-21.722648,-62.482245)"><text
+       xml:space="preserve"
+       style="font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;font-size:7.05556px;font-family:helvetica;-inkscape-font-specification:helvetica;text-align:start;letter-spacing:0px;text-anchor:start;fill:#337ab7;fill-opacity:1;stroke:none;stroke-width:2;stroke-linecap:round;stroke-linejoin:round;stroke-opacity:1"
+       x="49.713181"
+       y="78.187553"
+       id="text1"><tspan
+         sodipodi:role="line"
+         id="tspan1"
+         style="font-size:7.05556px;text-align:start;text-anchor:start;fill:#337ab7;fill-opacity:1;stroke:none;stroke-width:2"
+         x="49.713181"
+         y="78.187553">What is Dataverse?</tspan></text><text
+       xml:space="preserve"
+       style="font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;font-size:4.23333px;font-family:helvetica;-inkscape-font-specification:helvetica;text-align:start;letter-spacing:0px;text-anchor:start;white-space:pre;inline-size:82.9212;display:inline;fill:#333333;fill-opacity:1;stroke:none;stroke-width:2;stroke-linecap:round;stroke-linejoin:round;stroke-opacity:1"
+       x="-6.0697236"
+       y="112.33395"
+       id="text2"
+       transform="translate(55.84895,-25.649114)"><tspan
+         x="-6.0697236"
+         y="112.33395"
+         id="tspan2">A quick look at what a Dataverse
+</tspan><tspan
+         x="-6.0697236"
+         y="117.62561"
+         id="tspan3">repository is</tspan></text><g
+       id="g1"
+       transform="matrix(0.03816027,0,0,0.03816027,32.605288,73.019269)"
+       style="fill:#c55b28;fill-opacity:1"><g
+         id="Layer_1"
+         class="st0"
+         style="fill:#c55b28;fill-opacity:1">
+	<path
+   class="st1"
+   d="M 245.4,472.9"
+   id="path1"
+   style="fill:#c55b28;fill-opacity:1" />
+	<path
+   class="st2"
+   d="m 245.4,472.9 c -4.8,-3.5 -9.2,-7.4 -13.4,-11.6 -21.5,-21.5 -34.9,-51.4 -34.8,-84.2 0,-32.8 13.3,-62.7 34.8,-84.2 13.9,-13.9 31.3,-24.4 50.8,-30.1 l -21.2,-95.3 c -0.9,0 -1.8,0.1 -2.8,0.1 -22.7,0 -43.4,-9.2 -58.3,-24.1 -14.9,-14.9 -24.2,-35.6 -24.1,-58.3 0,-22.7 9.2,-43.4 24.1,-58.3 C 215.4,12.2 236.1,3 258.8,3 c 22.7,0 43.4,9.3 58.3,24.1 14.9,14.9 24.1,35.6 24.1,58.3 0,22.7 -9.3,43.4 -24.1,58.3 -6.6,6.6 -14.4,12 -22.9,16.1 l 21.9,98.4 c 0,0 0.1,0 0.1,0 32.8,0 62.7,13.4 84.2,34.9 21.5,21.5 34.9,51.4 34.9,84.2 0,32.8 -13.4,62.7 -34.9,84.2 -21.5,21.5 -51.4,34.9 -84.2,34.9 -14.5,0 -28.4,-2.6 -41.2,-7.3 v 0 C 264.3,485 254.4,479.6 245.4,472.9 Z M 201.5,85.4 c 0,-15.8 6.4,-30.1 16.8,-40.5 10.4,-10.4 24.6,-16.8 40.5,-16.8 15.9,0 30.1,6.4 40.5,16.8 10.4,10.4 16.8,24.6 16.8,40.5 0,15.9 -6.4,30.1 -16.8,40.5 -10.4,10.4 -24.6,16.8 -40.5,16.8 -15.9,0 -30.1,-6.4 -40.5,-16.8 -10.4,-10.4 -16.8,-24.6 -16.8,-40.5 z m 175.1,352.3 c -15.5,15.5 -36.8,25 -60.5,25 -23.7,0 -44.9,-9.5 -60.4,-25 -15.5,-15.5 -25,-36.8 -25,-60.5 0,-23.7 9.5,-44.9 25,-60.5 15.5,-15.5 36.8,-25 60.4,-25 23.7,0 44.9,9.5 60.5,25 15.5,15.5 25,36.8 25,60.5 0,23.7 -9.5,44.9 -25,60.5 z"
+   id="path2-4"
+   style="fill:#c55b28;fill-opacity:1" />
+</g><g
+         id="Layer_2"
+         style="fill:#c55b28;fill-opacity:1">
+	<path
+   class="st3"
+   d="m 142.1,258.7 c 0,0 -0.1,0 -0.1,0 v 0 L 120,159.4 C 148,146 167.4,117.4 167.4,84.3 167.4,38.3 130.1,1.1 84.2,1.1 38.3,1.1 1,38.3 1,84.2 c 0,45.9 37.3,83.2 83.2,83.2 1,0 1.9,0 2.9,-0.1 l 21.3,96.1 C 58.4,278.1 22,324.2 22,378.8 22,445.2 75.8,499 142.1,499 c 66.3,0 120.2,-53.8 120.2,-120.2 0,-66.4 -53.8,-120.1 -120.2,-120.1 z M 84.2,142 c -31.9,0 -57.8,-25.9 -57.8,-57.8 0,-31.9 25.9,-57.8 57.8,-57.8 31.9,0 57.8,25.9 57.8,57.8 0,31.9 -25.9,57.8 -57.8,57.8 z m 57.9,323.1 c -47.7,0 -86.3,-38.6 -86.3,-86.3 0,-47.7 38.6,-86.3 86.3,-86.3 47.7,0 86.3,38.6 86.3,86.3 0,47.7 -38.6,86.3 -86.3,86.3 z"
+   id="path3"
+   style="fill:#c55b28;fill-opacity:1" />
+</g></g><rect
+       style="fill:none;stroke:#c55b28;stroke-width:1.34669;stroke-linecap:round;stroke-linejoin:round;stroke-opacity:1"
+       id="rect1-8"
+       width="105.68102"
+       height="31.156733"
+       x="24.222637"
+       y="66.982384"
+       ry="3.081435"
+       inkscape:label="rect1" /></g><style
+     type="text/css"
+     id="style1">
+	.st0{display:none;}
+	.st1{fill:none;stroke:#DEBAA0;stroke-miterlimit:10;}
+	.st2{display:inline;fill:none;stroke:#B76138;stroke-width:0.25;stroke-miterlimit:10;}
+	.st3{fill:#B86138;}
+</style></svg>
diff --git a/doc/sphinx-guides/source/user/index.rst b/doc/sphinx-guides/source/user/index.rst
index cd6ccdbd421..7a196afe476 100755
--- a/doc/sphinx-guides/source/user/index.rst
+++ b/doc/sphinx-guides/source/user/index.rst
@@ -6,6 +6,11 @@
 User Guide
 =================================================
 
+|what-is-dataverse|
+|access-data|
+|publish-a-dataset|
+|publish-a-collection|
+
 **Contents:**
 
 .. toctree::
@@ -17,3 +22,23 @@ User Guide
    dataset-management
    tabulardataingest/index
    appendix
+
+.. |what-is-dataverse| image:: ./img/what-is-dataverse.svg
+   :scale: 70%
+   :alt: What is Dataverse button
+   :target: ../quickstart/what-is-dataverse.html
+
+.. |access-data| image:: ./img/access-data.svg
+   :scale: 70%
+   :alt: Access Data button
+   :target: ../user/find-use-data.html
+
+.. |publish-a-dataset| image:: ./img/publish-a-dataset.svg
+   :scale: 70%
+   :alt: Publish a Dataset button
+   :target: ../quickstart/publish-a-dataset.html
+
+.. |publish-a-collection| image:: ./img/publish-a-collection.svg
+   :scale: 70%
+   :alt: Publish a Collection button
+   :target: ../quickstart/publish-a-collection.html

From c385abb7b5ad5179f7a4105dc0f1985c9cdf39b7 Mon Sep 17 00:00:00 2001
From: Oliver Bertuch <o.bertuch@fz-juelich.de>
Date: Wed, 3 Dec 2025 16:48:03 +0100
Subject: [PATCH 554/634] refactor(settings): enhance cleanup logic with
 detailed logging of keys deleted from the database #11639

---
 .../flyway/SettingsCleanupCallback.java       | 29 ++++++++++++++-----
 1 file changed, 21 insertions(+), 8 deletions(-)

diff --git a/src/main/java/edu/harvard/iq/dataverse/flyway/SettingsCleanupCallback.java b/src/main/java/edu/harvard/iq/dataverse/flyway/SettingsCleanupCallback.java
index 4b02f07a810..c83472f4b17 100644
--- a/src/main/java/edu/harvard/iq/dataverse/flyway/SettingsCleanupCallback.java
+++ b/src/main/java/edu/harvard/iq/dataverse/flyway/SettingsCleanupCallback.java
@@ -11,7 +11,9 @@
 import java.sql.ResultSet;
 import java.sql.SQLException;
 import java.util.ArrayList;
+import java.util.HashMap;
 import java.util.List;
+import java.util.Map;
 import java.util.logging.Level;
 import java.util.logging.Logger;
 
@@ -40,6 +42,7 @@ public boolean canHandleInTransaction(Event event, Context context) {
 
     @Override
     public void handle(Event event, Context context) {
+        // Failsafe - we only run _after_ all migrations are done.
         if (event != Event.AFTER_MIGRATE) {
             return;
         }
@@ -61,10 +64,19 @@ public String getCallbackName() {
         return "SettingsCleanup";
     }
     
+    /**
+     * Cleans up invalid settings from the database by identifying and removing
+     * rows in the `setting` table where the `name` attribute does not correspond
+     * to a valid SettingsServiceBean.Key.
+     *
+     * @param connection the database connection to use for querying and updating the `setting` table
+     * @throws SQLException if a database access error occurs or the query fails
+     */
     private void cleanupInvalidSettings(Connection connection) throws SQLException {
-        // Collect IDs of rows to delete
-        List<Long> idsToDelete = new ArrayList<>();
+        // Collect IDs of rows to delete, together with the setting's "name" attribute.
+        Map<Long, String> entriesToDelete = new HashMap<>();
 
+        // IMPORTANT: as we cannot use JPQL mid-Flyway, this query needs to be carefully aligned with the Setting class!
         String selectSql = "SELECT id, name FROM setting";
         try (PreparedStatement ps = connection.prepareStatement(selectSql);
              ResultSet rs = ps.executeQuery()) {
@@ -77,24 +89,25 @@ private void cleanupInvalidSettings(Connection connection) throws SQLException {
                 // to a SettingsServiceBean.Key is considered invalid and will be removed.
                 SettingsServiceBean.Key key = SettingsServiceBean.Key.parse(name);
                 if (key == null) {
-                    idsToDelete.add(id);
+                    entriesToDelete.put(id, name);
                 }
             }
         }
 
-        if (idsToDelete.isEmpty()) {
+        if (entriesToDelete.isEmpty()) {
             logger.fine("Settings cleanup: no invalid settings found");
             return;
         }
 
-        logger.info(() -> "Settings cleanup: found " + idsToDelete.size()
-                + " invalid settings; deleting them");
+        logger.info(() -> "Settings cleanup: found " + entriesToDelete.size()
+                + " invalid/obsolete settings; deleting them.");
 
         String deleteSql = "DELETE FROM setting WHERE id = ?";
         try (PreparedStatement delete = connection.prepareStatement(deleteSql)) {
-            for (Long id : idsToDelete) {
-                delete.setLong(1, id);
+            for (Map.Entry<Long, String> entry : entriesToDelete.entrySet()) {
+                delete.setLong(1, entry.getKey());
                 delete.addBatch();
+                logger.info("Settings cleanup: deleting \"" + entry.getValue() + "\"");
             }
             int[] counts = delete.executeBatch();
             logger.info(() -> "Settings cleanup: deleted " + counts.length + " rows with invalid keys");

From 984cd27383441ea5b455f5f6f50c050d470f0e6d Mon Sep 17 00:00:00 2001
From: Oliver Bertuch <o.bertuch@fz-juelich.de>
Date: Wed, 3 Dec 2025 16:48:54 +0100
Subject: [PATCH 555/634] docs: expand release notes with workflow keys and
 upgrade considerations #11639

Added details on `PrePublishDatasetWorkflowId` and `PostPublishDatasetWorkflowId` to release notes. Included important upgrade guidelines for customized forks and database backup tips.
---
 doc/release-notes/11639-db-opts-idempotency.md | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/doc/release-notes/11639-db-opts-idempotency.md b/doc/release-notes/11639-db-opts-idempotency.md
index f73cbdebf83..b01e3d955cb 100644
--- a/doc/release-notes/11639-db-opts-idempotency.md
+++ b/doc/release-notes/11639-db-opts-idempotency.md
@@ -43,3 +43,13 @@ The following database settings are were added to the official list within the c
 - `:LDNAnnounceRequiredFields`
 - `:LDNTarget`
 - `:WorkflowsAdminIpWhitelist` - formerly `WorkflowsAdmin#IP_WHITELIST_KEY`
+- `:PrePublishDatasetWorkflowId` - formerly `WorkflowServiceBean.WorkflowId:PrePublishDataset`
+- `:PostPublishDatasetWorkflowId` - formerly `WorkflowServiceBean.WorkflowId:PostPublishDataset`
+
+### Important Considerations During Upgrade Of Your Installation
+
+1. Running a customized fork? Make sure to add any custom settings to the SettingsServiceBean.Key enum before deploying!
+2. Any database settings not contained in the `SettingServiceBean.Key` will be removed from your database during each deployment cycle.
+3. As always when upgrading, make sure to backup your database beforehand!
+   You can also use the existing API endpoint `/api/admin/settings` to retrieve all settings as JSONish data for a quick backup before upgrading.
+

From b832a2fa99bb69e9987b3b66f92d1701a403108a Mon Sep 17 00:00:00 2001
From: Leonid Andreev <leonid@hmdc.harvard.edu>
Date: Wed, 3 Dec 2025 16:43:03 -0500
Subject: [PATCH 556/634] doc changes #11987

---
 .../11987-storage-quotas-on-datasets.md       |  2 +-
 .../source/admin/dataverses-datasets.rst      | 21 ---------------
 doc/sphinx-guides/source/api/native-api.rst   | 27 +++++++++++++++++--
 3 files changed, 26 insertions(+), 24 deletions(-)

diff --git a/doc/release-notes/11987-storage-quotas-on-datasets.md b/doc/release-notes/11987-storage-quotas-on-datasets.md
index d4ccce02b2b..79edba13cba 100644
--- a/doc/release-notes/11987-storage-quotas-on-datasets.md
+++ b/doc/release-notes/11987-storage-quotas-on-datasets.md
@@ -1,4 +1,4 @@
 It is now possible to define storage quotas on individual datasets. See the API guide for more information.
 The practical use case is for datasets in the top-level, root collection. This does not address the use case of a user creating multiple datasets. But there is an open dev. issue for adding per-user storage quotas as well.
 
-The `/api/datasets/{id}/storageDriver` API has been further extended to (optionally) include the remaining storage and/or number of files quotas, if present.
\ No newline at end of file
+A convenience API `/api/datasets/{id}/uploadlimits` has been added to show the remaining storage and/or number of files quotas, if present.
\ No newline at end of file
diff --git a/doc/sphinx-guides/source/admin/dataverses-datasets.rst b/doc/sphinx-guides/source/admin/dataverses-datasets.rst
index 0847b347c0c..0fa5bcf69f1 100644
--- a/doc/sphinx-guides/source/admin/dataverses-datasets.rst
+++ b/doc/sphinx-guides/source/admin/dataverses-datasets.rst
@@ -269,27 +269,6 @@ The current driver can be seen using::
 
     curl http://$SERVER/api/datasets/$dataset-id/storageDriver
 
-The output of the API will include the id, label, type (for example, "file" or "s3") as well as the support for direct download and upload. 
-With the optional parameter ``showRemainingQuotas=true``, the remaining storage size and/or file number quotas will also be included, if present. For example:
-
-.. code-block::
-
-   curl  -H "X-Dataverse-key: $API_TOKEN" "http://localhost:8080/api/datasets/$dataset-id/storageDriver?showRemainingQuotas=true" 
-   {
-     "status": "OK",
-     "data": {
-       "label": "S3",
-       "type": "s3",
-       "name": "s3",
-       "directDownload": true,
-       "directUpload": false,
-       "numberOfFilesRemaining": 20,
-       "storageQuotaRemaining": 1048576
-     } 
-   }
-
-Note that using this option requires the Edit permission on the dataset. 
-
 It can be reset to the default store as follows (only a superuser can do this) ::
 
     curl -H "X-Dataverse-key: $API_TOKEN" -X DELETE http://$SERVER/api/datasets/$dataset-id/storageDriver
diff --git a/doc/sphinx-guides/source/api/native-api.rst b/doc/sphinx-guides/source/api/native-api.rst
index b49aa0259e0..b7d11aa2b7e 100644
--- a/doc/sphinx-guides/source/api/native-api.rst
+++ b/doc/sphinx-guides/source/api/native-api.rst
@@ -1263,7 +1263,7 @@ To set or change the storage allocation quota for a collection:
 
 .. code-block:: 
 
-  curl -X POST -H "X-Dataverse-key:$API_TOKEN" "$SERVER_URL/api/dataverses/$ID/storage/quota/$SIZE_IN_BYTES"
+  curl -X PUT -H "X-Dataverse-key:$API_TOKEN" -d $SIZE_IN_BYTES "$SERVER_URL/api/dataverses/$ID/storage/quota"
 
 This API is superuser-only.
   
@@ -1296,7 +1296,7 @@ To set or change the storage allocation quota for a dataset:
 
 .. code-block:: 
 
-  curl -X POST -H "X-Dataverse-key:$API_TOKEN" "$SERVER_URL/api/datasets/$ID/storage/quota/$SIZE_IN_BYTES"
+  curl -X PUT -H "X-Dataverse-key:$API_TOKEN" -d $SIZE_IN_BYTES "$SERVER_URL/api/datasets/$ID/storage/quota"
 
 This API is superuser-only.
   
@@ -1309,6 +1309,29 @@ To delete a storage quota configured for a dataset:
 
 This API is superuser-only.
 
+The following convenience API shows the dynamic values of the *remaining* storage size and/or file number quotas on the dataset, if present. For example:
+
+.. code-block::
+
+   curl  -H "X-Dataverse-key: $API_TOKEN" "http://localhost:8080/api/datasets/$dataset-id/uploadlimits" 
+   {
+     "status": "OK",
+     "uploadLimits": {
+       "numberOfFilesRemaining": 20,
+       "storageQuotaRemaining": 1048576
+     } 
+   }
+
+Or, when neither limit is present: 
+
+.. code-block::
+
+   {
+     "status": "OK",
+     "uploadLimits": {} 
+   }
+
+This API requires the Edit permission on the dataset. 
 
 Use the ``/settings`` API to enable or disable the enforcement of storage quotas that are defined across the instance via the following setting:
 

From 92141d4a3b1a50860aa7b3d9614c869a22ef92a2 Mon Sep 17 00:00:00 2001
From: Leonid Andreev <leonid@hmdc.harvard.edu>
Date: Wed, 3 Dec 2025 19:40:22 -0500
Subject: [PATCH 557/634] Some refactoring per suggestions during QA #11987

---
 .../source/admin/dataverses-datasets.rst             |  2 ++
 .../edu/harvard/iq/dataverse/DatasetServiceBean.java | 11 +----------
 .../harvard/iq/dataverse/DataverseServiceBean.java   |  7 ++++++-
 .../java/edu/harvard/iq/dataverse/api/Datasets.java  | 12 +++++++++---
 .../edu/harvard/iq/dataverse/api/Dataverses.java     | 12 +++++++++---
 .../command/impl/DeleteDatasetQuotaCommand.java      |  2 ++
 .../java/edu/harvard/iq/dataverse/api/FilesIT.java   |  4 ++--
 .../java/edu/harvard/iq/dataverse/api/UtilIT.java    | 10 ++++++----
 8 files changed, 37 insertions(+), 23 deletions(-)

diff --git a/doc/sphinx-guides/source/admin/dataverses-datasets.rst b/doc/sphinx-guides/source/admin/dataverses-datasets.rst
index 1d97155317d..c916b79aaa8 100644
--- a/doc/sphinx-guides/source/admin/dataverses-datasets.rst
+++ b/doc/sphinx-guides/source/admin/dataverses-datasets.rst
@@ -271,6 +271,8 @@ The effective store can be seen using::
 
     curl http://$SERVER/api/datasets/$dataset-id/storageDriver
 
+The output of the API will include the id, label, type (for example, "file" or "s3") as well as the support for direct download and upload.
+
 To remove an assigned store, and allow the dataset to inherit the store from it's parent collection, use the following (only a superuser can do this) ::
 
     curl -H "X-Dataverse-key: $API_TOKEN" -X DELETE http://$SERVER/api/datasets/$dataset-id/storageDriver
diff --git a/src/main/java/edu/harvard/iq/dataverse/DatasetServiceBean.java b/src/main/java/edu/harvard/iq/dataverse/DatasetServiceBean.java
index fe409fa7992..a58dad4f4c7 100644
--- a/src/main/java/edu/harvard/iq/dataverse/DatasetServiceBean.java
+++ b/src/main/java/edu/harvard/iq/dataverse/DatasetServiceBean.java
@@ -1122,7 +1122,7 @@ public int getDataFileCountByOwner(long id) {
     
     /**
      * 
-     * @todo: consider moving the quota methods, from here and the DataverseServiceBean,
+     * @todo: consider moving the quota method, from here and the DataverseServiceBean,
      * to DvObjectServiceBean. 
      */
     public void saveStorageQuota(Dataset target, Long allocation) {
@@ -1140,13 +1140,4 @@ public void saveStorageQuota(Dataset target, Long allocation) {
         }
         em.flush();
     }
-    
-    public void disableStorageQuota(StorageQuota storageQuota) {
-        if (storageQuota != null && storageQuota.getAllocation() != null) {
-            storageQuota.setAllocation(null);
-            em.merge(storageQuota);
-            em.flush();
-        }
-    }
-
 }
diff --git a/src/main/java/edu/harvard/iq/dataverse/DataverseServiceBean.java b/src/main/java/edu/harvard/iq/dataverse/DataverseServiceBean.java
index 03a046d2e28..29cfb3fb42a 100644
--- a/src/main/java/edu/harvard/iq/dataverse/DataverseServiceBean.java
+++ b/src/main/java/edu/harvard/iq/dataverse/DataverseServiceBean.java
@@ -1307,7 +1307,12 @@ static String getBaseSchemaStringFromFile(String pathToJsonFile) {
 "    },\n" +
 "    \"required\": [\"datasetVersion\"]\n" +
 "}\n";
-    
+
+    /**
+     * 
+     * @todo: consider moving these quota methods, and the DatasetServiceBean
+     * equivalent to DvObjectServiceBean. 
+     */    
     public void saveStorageQuota(Dataverse target, Long allocation) {
         StorageQuota storageQuota = target.getStorageQuota();
         
diff --git a/src/main/java/edu/harvard/iq/dataverse/api/Datasets.java b/src/main/java/edu/harvard/iq/dataverse/api/Datasets.java
index 2e93e2b2315..2378388c540 100644
--- a/src/main/java/edu/harvard/iq/dataverse/api/Datasets.java
+++ b/src/main/java/edu/harvard/iq/dataverse/api/Datasets.java
@@ -6182,11 +6182,17 @@ public Response getDatasetQuota(@Context ContainerRequestContext crc, @PathParam
         }
     }
     
-    @POST
+    @PUT
     @AuthRequired
-    @Path("{identifier}/storage/quota/{bytesAllocated}")
-    public Response setDatasetQuota(@Context ContainerRequestContext crc, @PathParam("identifier") String dvIdtf, @PathParam("bytesAllocated") Long bytesAllocated) throws WrappedResponse {
+    @Path("{identifier}/storage/quota")
+    public Response setDatasetQuota(@Context ContainerRequestContext crc, @PathParam("identifier") String dvIdtf, String value) throws WrappedResponse {
         try {
+            Long bytesAllocated; 
+            try {
+                bytesAllocated = Long.parseLong(value);
+            } catch (NumberFormatException nfe){
+                return error(Status.BAD_REQUEST, value + " is not a valid number of bytes");
+            }
             execCommand(new SetDatasetQuotaCommand(createDataverseRequest(getRequestUser(crc)), findDatasetOrDie(dvIdtf), bytesAllocated));
             return ok(BundleUtil.getStringFromBundle("dataset.storage.quota.updated"));
         } catch (WrappedResponse ex) {
diff --git a/src/main/java/edu/harvard/iq/dataverse/api/Dataverses.java b/src/main/java/edu/harvard/iq/dataverse/api/Dataverses.java
index 5d0d6048e53..ed078d85518 100644
--- a/src/main/java/edu/harvard/iq/dataverse/api/Dataverses.java
+++ b/src/main/java/edu/harvard/iq/dataverse/api/Dataverses.java
@@ -1248,11 +1248,17 @@ public Response getCollectionQuota(@Context ContainerRequestContext crc, @PathPa
         }
     }
     
-    @POST
+    @PUT
     @AuthRequired
-    @Path("{identifier}/storage/quota/{bytesAllocated}")
-    public Response setCollectionQuota(@Context ContainerRequestContext crc, @PathParam("identifier") String dvIdtf, @PathParam("bytesAllocated") Long bytesAllocated) throws WrappedResponse {
+    @Path("{identifier}/storage/quota")
+    public Response setCollectionQuota(@Context ContainerRequestContext crc, @PathParam("identifier") String dvIdtf, String value) throws WrappedResponse {
         try {
+            Long bytesAllocated; 
+            try {
+                bytesAllocated = Long.parseLong(value);
+            } catch (NumberFormatException nfe){
+                return error(Status.BAD_REQUEST, value + " is not a valid number of bytes");
+            }
             execCommand(new SetCollectionQuotaCommand(createDataverseRequest(getRequestUser(crc)), findDataverseOrDie(dvIdtf), bytesAllocated));
             return ok(BundleUtil.getStringFromBundle("dataverse.storage.quota.updated"));
         } catch (WrappedResponse ex) {
diff --git a/src/main/java/edu/harvard/iq/dataverse/engine/command/impl/DeleteDatasetQuotaCommand.java b/src/main/java/edu/harvard/iq/dataverse/engine/command/impl/DeleteDatasetQuotaCommand.java
index 1ad7591e257..189fbc429e7 100644
--- a/src/main/java/edu/harvard/iq/dataverse/engine/command/impl/DeleteDatasetQuotaCommand.java
+++ b/src/main/java/edu/harvard/iq/dataverse/engine/command/impl/DeleteDatasetQuotaCommand.java
@@ -48,6 +48,8 @@ public void executeImpl(CommandContext ctxt) throws CommandException {
         if (storageQuota != null && storageQuota.getAllocation() != null) {
             // The method below, in dataverseServiceBean, can be used to delete
             // quotas defined on either of the DvObjectContainer classes:
+            targetDataset.setStorageQuota(null);
+            storageQuota.setDefinitionPoint(null);
             ctxt.dataverses().disableStorageQuota(storageQuota);
         } 
         // ... and if no quota was enabled on the dataset - nothing to do = success
diff --git a/src/test/java/edu/harvard/iq/dataverse/api/FilesIT.java b/src/test/java/edu/harvard/iq/dataverse/api/FilesIT.java
index b857cd22df7..a911e010ed0 100644
--- a/src/test/java/edu/harvard/iq/dataverse/api/FilesIT.java
+++ b/src/test/java/edu/harvard/iq/dataverse/api/FilesIT.java
@@ -3278,7 +3278,7 @@ public void testCollectionStorageQuotas() {
         assertEquals(BundleUtil.getStringFromBundle("dataverse.storage.quota.notdefined"), JsonPath.from(checkQuotaResponse.body().asString()).getString("data.message"));
         
         // Set quota to 1K:
-        Response setQuotaResponse = UtilIT.setCollectionQuota(dataverseAlias, 1024, apiToken);
+        Response setQuotaResponse = UtilIT.setCollectionQuota(dataverseAlias, Long.valueOf(1024), apiToken);
         setQuotaResponse.then().assertThat().statusCode(OK.getStatusCode());
         assertEquals(BundleUtil.getStringFromBundle("dataverse.storage.quota.updated"), JsonPath.from(setQuotaResponse.body().asString()).getString("data.message"));
         
@@ -3402,7 +3402,7 @@ public void testDatasetStorageQuotas() {
         assertEquals(BundleUtil.getStringFromBundle("dataset.storage.quota.notdefined"), JsonPath.from(checkQuotaResponse.body().asString()).getString("data.message"));
         
         // Set quota to 1K:
-        Response setQuotaResponse = UtilIT.setDatasetQuota(datasetId.toString(), 1024, apiToken);
+        Response setQuotaResponse = UtilIT.setDatasetQuota(datasetId.toString(), Long.valueOf(1024), apiToken);
         setQuotaResponse.then().assertThat().statusCode(OK.getStatusCode());
         assertEquals(BundleUtil.getStringFromBundle("dataset.storage.quota.updated"), JsonPath.from(setQuotaResponse.body().asString()).getString("data.message"));
         
diff --git a/src/test/java/edu/harvard/iq/dataverse/api/UtilIT.java b/src/test/java/edu/harvard/iq/dataverse/api/UtilIT.java
index cda2256c7e3..f09b33a0b5b 100644
--- a/src/test/java/edu/harvard/iq/dataverse/api/UtilIT.java
+++ b/src/test/java/edu/harvard/iq/dataverse/api/UtilIT.java
@@ -3689,10 +3689,11 @@ static Response checkCollectionQuota(String collectionId, String apiToken) {
                 .get("/api/dataverses/" + collectionId + "/storage/quota");
     }
     
-    static Response setCollectionQuota(String collectionId, long allocatedSize, String apiToken) {
+    static Response setCollectionQuota(String collectionId, Long allocatedSize, String apiToken) {
         Response response = given()
                 .header(API_TOKEN_HTTP_HEADER, apiToken)
-                .post("/api/dataverses/" + collectionId + "/storage/quota/" + allocatedSize);
+                .body(allocatedSize.toString())
+                .put("/api/dataverses/" + collectionId + "/storage/quota");
         return response;
     }
     
@@ -3715,10 +3716,11 @@ static Response checkDatasetQuota(String datasetId, String apiToken) {
                 .get("/api/datasets/" + datasetId + "/storage/quota");
     }
     
-    static Response setDatasetQuota(String datasetId, long allocatedSize, String apiToken) {
+    static Response setDatasetQuota(String datasetId, Long allocatedSize, String apiToken) {
         Response response = given()
                 .header(API_TOKEN_HTTP_HEADER, apiToken)
-                .post("/api/datasets/" + datasetId + "/storage/quota/" + allocatedSize);
+                .body(allocatedSize.toString())
+                .put("/api/datasets/" + datasetId + "/storage/quota");
         return response;
     }
     

From aa84df1610aef54dd537b6ee6fa5420568d8e867 Mon Sep 17 00:00:00 2001
From: Leonid Andreev <leonid@hmdc.harvard.edu>
Date: Thu, 4 Dec 2025 08:32:36 -0500
Subject: [PATCH 558/634] These 2 lines were a leftover of an earlier
 experiment, removed. #11987

---
 .../engine/command/impl/DeleteDatasetQuotaCommand.java          | 2 --
 1 file changed, 2 deletions(-)

diff --git a/src/main/java/edu/harvard/iq/dataverse/engine/command/impl/DeleteDatasetQuotaCommand.java b/src/main/java/edu/harvard/iq/dataverse/engine/command/impl/DeleteDatasetQuotaCommand.java
index 189fbc429e7..1ad7591e257 100644
--- a/src/main/java/edu/harvard/iq/dataverse/engine/command/impl/DeleteDatasetQuotaCommand.java
+++ b/src/main/java/edu/harvard/iq/dataverse/engine/command/impl/DeleteDatasetQuotaCommand.java
@@ -48,8 +48,6 @@ public void executeImpl(CommandContext ctxt) throws CommandException {
         if (storageQuota != null && storageQuota.getAllocation() != null) {
             // The method below, in dataverseServiceBean, can be used to delete
             // quotas defined on either of the DvObjectContainer classes:
-            targetDataset.setStorageQuota(null);
-            storageQuota.setDefinitionPoint(null);
             ctxt.dataverses().disableStorageQuota(storageQuota);
         } 
         // ... and if no quota was enabled on the dataset - nothing to do = success

From c88a1d0562120cf8d8930f260d4fb5c50eec6645 Mon Sep 17 00:00:00 2001
From: Philip Durbin <philip_durbin@harvard.edu>
Date: Thu, 4 Dec 2025 09:49:09 -0500
Subject: [PATCH 559/634] keep Securing Your Installation at the top #12018
 (#12019)

---
 .../source/installation/config.rst            | 43 ++++++++++---------
 1 file changed, 22 insertions(+), 21 deletions(-)

diff --git a/doc/sphinx-guides/source/installation/config.rst b/doc/sphinx-guides/source/installation/config.rst
index dc2f389a7f3..0ac3e74bfa9 100644
--- a/doc/sphinx-guides/source/installation/config.rst
+++ b/doc/sphinx-guides/source/installation/config.rst
@@ -10,27 +10,6 @@ Once you have finished securing and configuring your Dataverse installation, you
 .. contents:: |toctitle|
   :local:
 
-.. _comma-separated-config-values:
-
-Comma-separated configuration values
-------------------------------------
-
-Many configuration options (both MicroProfile/JVM settings and database settings) accept comma-separated lists. For all such settings, Dataverse applies consistent, lightweight parsing:
-
-- Whitespace immediately around commas is ignored (e.g., ``GET, POST`` is equivalent to ``GET,POST``).
-- Tokens are otherwise preserved exactly as typed. There is no quote parsing and no escape processing.
-- Embedded commas within a token are not supported.
-
-Examples include (but are not limited to):
-
-- :ref:`dataverse.cors.origin <dataverse.cors.origin>`
-- :ref:`dataverse.cors.methods <dataverse.cors.methods>`
-- :ref:`dataverse.cors.headers.allow <dataverse.cors.headers.allow>`
-- :ref:`dataverse.cors.headers.expose <dataverse.cors.headers.expose>`
-- :ref:`:UploadMethods`
-
-This behavior is implemented centrally and applies across all Dataverse settings that accept comma-separated values.
-
 .. _securing-your-installation:
 
 Securing Your Installation
@@ -2537,6 +2516,28 @@ Setting Up Integrations
 
 Before going live, you might want to consider setting up integrations to make it easier for your users to deposit or explore data. See the :doc:`/admin/integrations` section of the Admin Guide for details.
 
+.. _comma-separated-config-values:
+
+Comma-Separated Configuration Values
+------------------------------------
+
+Many configuration options (both MicroProfile/JVM settings and database settings) accept comma-separated lists. For all such settings, Dataverse applies consistent, lightweight parsing:
+
+- Whitespace immediately around commas is ignored (e.g., ``GET, POST`` is equivalent to ``GET,POST``).
+- Tokens are otherwise preserved exactly as typed. There is no quote parsing and no escape processing.
+- Embedded commas within a token are not supported.
+
+Examples include (but are not limited to):
+
+- :ref:`dataverse.cors.origin <dataverse.cors.origin>`
+- :ref:`dataverse.cors.methods <dataverse.cors.methods>`
+- :ref:`dataverse.cors.headers.allow <dataverse.cors.headers.allow>`
+- :ref:`dataverse.cors.headers.expose <dataverse.cors.headers.expose>`
+- :ref:`:UploadMethods`
+
+This behavior is implemented centrally and applies across all Dataverse settings that accept comma-separated values.
+
+
 .. _jvm-options:
 
 JVM Options

From 4c7b1905dce1c8c0ee44e160253412912d63be82 Mon Sep 17 00:00:00 2001
From: Leonid Andreev <leonid@hmdc.harvard.edu>
Date: Thu, 4 Dec 2025 11:51:17 -0500
Subject: [PATCH 560/634] corrected an error in the guide. #11987

---
 doc/sphinx-guides/source/api/native-api.rst | 12 ++++++++----
 1 file changed, 8 insertions(+), 4 deletions(-)

diff --git a/doc/sphinx-guides/source/api/native-api.rst b/doc/sphinx-guides/source/api/native-api.rst
index baffcfd168d..6c1720e2b5b 100644
--- a/doc/sphinx-guides/source/api/native-api.rst
+++ b/doc/sphinx-guides/source/api/native-api.rst
@@ -1316,9 +1316,11 @@ The following convenience API shows the dynamic values of the *remaining* storag
    curl  -H "X-Dataverse-key: $API_TOKEN" "http://localhost:8080/api/datasets/$dataset-id/uploadlimits" 
    {
      "status": "OK",
-     "uploadLimits": {
-       "numberOfFilesRemaining": 20,
-       "storageQuotaRemaining": 1048576
+     "data": {
+       "uploadLimits": {
+         "numberOfFilesRemaining": 20,
+         "storageQuotaRemaining": 1048576
+       }
      } 
    }
 
@@ -1328,7 +1330,9 @@ Or, when neither limit is present:
 
    {
      "status": "OK",
-     "uploadLimits": {} 
+     "data": {
+       "uploadLimits": {}
+     }
    }
 
 This API requires the Edit permission on the dataset. 

From 0ca703aaee483375fa5117e6cef48e2712d232bc Mon Sep 17 00:00:00 2001
From: Oliver Bertuch <o.bertuch@fz-juelich.de>
Date: Thu, 4 Dec 2025 23:14:54 +0100
Subject: [PATCH 561/634] fix(config): support numeric values for
 TabularIngestSizeLimit, improve validation and logging

Enhanced `getTabularIngestSizeLimits` to accept numeric values in addition to strings for size limits. Improved validation to handle invalid types, numbers, or decimal values. Updated related tests and configuration documentation.

This was done because the limitation to long numbers as string was artificial. Users can choose which way they like best. Also, the data migration uses numbers, so this lead to errors.
---
 .../source/installation/config.rst            |  6 ++-
 .../iq/dataverse/util/SystemConfig.java       | 25 +++++++----
 .../iq/dataverse/util/SystemConfigTest.java   | 42 +++++++++++++------
 3 files changed, 53 insertions(+), 20 deletions(-)

diff --git a/doc/sphinx-guides/source/installation/config.rst b/doc/sphinx-guides/source/installation/config.rst
index de40b9a0033..3e3799f46d7 100644
--- a/doc/sphinx-guides/source/installation/config.rst
+++ b/doc/sphinx-guides/source/installation/config.rst
@@ -4517,7 +4517,11 @@ Using a JSON-based setting, you can set a global default and per-format limits f
 
 (In previous releases of Dataverse, a colon-separated form was used to specify per-format limits, such as ``:TabularIngestSizeLimit:Rdata``, but this is no longer supported. Now JSON is used.)
 
-The expected JSON is an object with key/value pairs like the following. Format names are case-insensitive, and all fields are optional. The size limits must be strings with double quotes around them (e.g. ``"10"``) rather than numbers (e.g. ``10``).
+The expected JSON is an object with key/value pairs like the following.
+Format names are case-insensitive, and all fields are optional (an empty JSON object equals not restricted).
+The size limits must be whole numbers, either presented as strings with double quotes around them (e.g. ``"10"``) or numeric values (e.g. ``10`` or ``10.0``).
+Note that decimal numbers like ``10.5`` are invalid.
+Any invalid setting will temporarily disable tabular ingest until corrected.
 
 .. code:: json
 
diff --git a/src/main/java/edu/harvard/iq/dataverse/util/SystemConfig.java b/src/main/java/edu/harvard/iq/dataverse/util/SystemConfig.java
index c1d61378f42..b8f62bf027a 100644
--- a/src/main/java/edu/harvard/iq/dataverse/util/SystemConfig.java
+++ b/src/main/java/edu/harvard/iq/dataverse/util/SystemConfig.java
@@ -527,19 +527,30 @@ public Map<String, Long> getTabularIngestSizeLimits() {
                     limitsMap.put(TABULAR_INGEST_SIZE_LIMITS_DEFAULT_KEY, -1L);
                     
                     for (String formatName : limits.keySet()) {
-                        // We deliberatly do not validate the formatNames here for backward compatibility.
-                        // But we transform to lowercase here, so the casing doesn't matter for lookups.
                         String lowercaseFormatName = formatName.toLowerCase();
                         
                         try {
-                            Long sizeOption = Long.valueOf(limits.getString(formatName));
+                            JsonValue value = limits.get(formatName);
+                            Long sizeOption;
+                            
+                            // We want to be able to use either numbers or string values, so detect which one it is.
+                            if (value.getValueType() == JsonValue.ValueType.STRING) {
+                                sizeOption = Long.valueOf(limits.getString(formatName));
+                            } else if (value.getValueType() == JsonValue.ValueType.NUMBER) {
+                                sizeOption = limits.getJsonNumber(formatName).longValueExact();
+                            } else {
+                                logger.warning("Invalid value type for format " + formatName + ": expected string or number");
+                                logger.warning("Disabling all tabular ingest completely until fixed!");
+                                return Map.of(TABULAR_INGEST_SIZE_LIMITS_DEFAULT_KEY, 0L);
+                            }
+                            
                             limitsMap.put(lowercaseFormatName, sizeOption);
-                        } catch (ClassCastException cce) {
-                            logger.warning("Could not convert " + SettingsServiceBean.Key.TabularIngestSizeLimit + " to long from JSON integer. You must provide the long number as string (use quotes) for format " + formatName);
+                        } catch (NumberFormatException nfe) {
+                            logger.warning("Could not convert " + SettingsServiceBean.Key.TabularIngestSizeLimit + " to long for format " + formatName + " (not a valid number)");
                             logger.warning("Disabling all tabular ingest completely until fixed!");
                             return Map.of(TABULAR_INGEST_SIZE_LIMITS_DEFAULT_KEY, 0L);
-                        } catch (NumberFormatException nfe) {
-                            logger.warning("Could not convert " + SettingsServiceBean.Key.TabularIngestSizeLimit + " to long for format " + formatName + " (not a number)");
+                        } catch (ArithmeticException ae) {
+                            logger.warning("Number too large or has fractional part for format " + formatName);
                             logger.warning("Disabling all tabular ingest completely until fixed!");
                             return Map.of(TABULAR_INGEST_SIZE_LIMITS_DEFAULT_KEY, 0L);
                         }
diff --git a/src/test/java/edu/harvard/iq/dataverse/util/SystemConfigTest.java b/src/test/java/edu/harvard/iq/dataverse/util/SystemConfigTest.java
index 06026962d2c..0bf14ec5b59 100644
--- a/src/test/java/edu/harvard/iq/dataverse/util/SystemConfigTest.java
+++ b/src/test/java/edu/harvard/iq/dataverse/util/SystemConfigTest.java
@@ -8,9 +8,11 @@
 import org.junit.jupiter.api.extension.ExtendWith;
 import org.junit.jupiter.params.ParameterizedTest;
 import org.junit.jupiter.params.provider.CsvSource;
+import org.junit.jupiter.params.provider.ValueSource;
 import org.mockito.InjectMocks;
 import org.mockito.Mock;
 import org.mockito.junit.jupiter.MockitoExtension;
+import org.springframework.beans.factory.annotation.Value;
 
 import java.util.Map;
 
@@ -202,10 +204,10 @@ void testGetTabularIngestSizeLimitsWithSingleInvalidValue() {
         assertEquals(0L, (long) result.get(SystemConfig.TABULAR_INGEST_SIZE_LIMITS_DEFAULT_KEY));
     }
     
-    @Test
-    void testGetTabularIngestSizeLimitsWithJsonButUnsupportedJsonInt() {
+    @ParameterizedTest
+    @ValueSource(strings = {"", "{ invalid: }"})
+    void testGetTabularIngestSizeLimitsWithInvalidJson(String invalidJson) {
         // given
-        String invalidJson = "{\"default\": 0}";
         doReturn(invalidJson).when(settingsService).getValueForKey(SettingsServiceBean.Key.TabularIngestSizeLimit);
         
         // when
@@ -216,10 +218,10 @@ void testGetTabularIngestSizeLimitsWithJsonButUnsupportedJsonInt() {
         assertEquals(0L, (long) result.get(SystemConfig.TABULAR_INGEST_SIZE_LIMITS_DEFAULT_KEY));
     }
     
-    @Test
-    void testGetTabularIngestSizeLimitsWithInvalidJson() {
+    @ParameterizedTest
+    @ValueSource(strings = {"[]", "{[{\"tsv\": 1}]}", "{ \"invalid\": \"foobar\" }", "{ \"tsv\": 1.5}", "{ \"tsv\": \"1.0\"}"})
+    void testGetTabularIngestSizeLimitsWithInvalidNumbersInValidJson(String invalidJson) {
         // given
-        String invalidJson = "{invalid:}";
         doReturn(invalidJson).when(settingsService).getValueForKey(SettingsServiceBean.Key.TabularIngestSizeLimit);
         
         // when
@@ -230,17 +232,33 @@ void testGetTabularIngestSizeLimitsWithInvalidJson() {
         assertEquals(0L, (long) result.get(SystemConfig.TABULAR_INGEST_SIZE_LIMITS_DEFAULT_KEY));
     }
     
-    @Test
-    void testGetTabularIngestSizeLimitsWithInvalidNumberInValidJson() {
+    @ParameterizedTest
+    @ValueSource(strings = {"{ \"tSv\": 1.0 }", "{ \"tsv\": \"1\"}", "{ \"tsv\": 1 }"})
+    void testGetTabularIngestSizeLimitsWithValidNumbersInValidJson(String validConfig) {
         // given
-        String invalidJson = "{\"csv\": \"this-is-not-a-number\", \"tSv\": \"10000\"}";
-        doReturn(invalidJson).when(settingsService).getValueForKey(SettingsServiceBean.Key.TabularIngestSizeLimit);
+        doReturn(validConfig).when(settingsService).getValueForKey(SettingsServiceBean.Key.TabularIngestSizeLimit);
         
         // when
         Map<String, Long> result = systemConfig.getTabularIngestSizeLimits();
         
         // then
-        assertEquals(1, result.size());
-        assertEquals(0L, (long) result.get(SystemConfig.TABULAR_INGEST_SIZE_LIMITS_DEFAULT_KEY));
+        assertEquals(2, result.size());
+        assertEquals(-1L, (long) result.get(SystemConfig.TABULAR_INGEST_SIZE_LIMITS_DEFAULT_KEY));
+        assertEquals(1L, (long) result.get("tsv"));
+    }
+    
+    @ParameterizedTest
+    @ValueSource(strings = {"{ \"tSv\": 429496729600.0 }", "{ \"tsv\": \"429496729600\"}", "{ \"tsv\": 429496729600 }"})
+    void testGetTabularIngestSizeLimitsWithValidLongNumbers(String validConfig) {
+        // given
+        doReturn(validConfig).when(settingsService).getValueForKey(SettingsServiceBean.Key.TabularIngestSizeLimit);
+        
+        // when
+        Map<String, Long> result = systemConfig.getTabularIngestSizeLimits();
+        
+        // then
+        assertEquals(2, result.size());
+        assertEquals(-1L, (long) result.get(SystemConfig.TABULAR_INGEST_SIZE_LIMITS_DEFAULT_KEY));
+        assertEquals(429496729600L, (long) result.get("tsv"));
     }
 }

From 270d0394880afc557cd860be28ac50394ebce143 Mon Sep 17 00:00:00 2001
From: Oliver Bertuch <o.bertuch@fz-juelich.de>
Date: Thu, 4 Dec 2025 23:24:30 +0100
Subject: [PATCH 562/634] refactor(config): improve JSON parsing and logging in
 getTabularIngestSizeLimits

Refactored `getTabularIngestSizeLimits` to utilize try-with-resources for safer JSON parsing. Enhanced logging with lambdas and improved iteration over JSON entries.
---
 .../iq/dataverse/util/SystemConfig.java       | 25 +++++++++++--------
 1 file changed, 14 insertions(+), 11 deletions(-)

diff --git a/src/main/java/edu/harvard/iq/dataverse/util/SystemConfig.java b/src/main/java/edu/harvard/iq/dataverse/util/SystemConfig.java
index b8f62bf027a..2883212be79 100644
--- a/src/main/java/edu/harvard/iq/dataverse/util/SystemConfig.java
+++ b/src/main/java/edu/harvard/iq/dataverse/util/SystemConfig.java
@@ -519,38 +519,41 @@ public Map<String, Long> getTabularIngestSizeLimits() {
         if (limitEntry != null) {
             // Case A: the setting is using JSON to support multiple formats
             if (limitEntry.trim().startsWith("{")) {
-                try {
-                    JsonObject limits = Json.createReader(new StringReader(limitEntry)).readObject();
+                try (JsonReader reader = Json.createReader(new StringReader(limitEntry))) {
+                    JsonObject limits = reader.readObject();
                     
                     Map<String, Long> limitsMap = new HashMap<>();
                     // We add the default in case the JSON does not contain the default (which is optional).
                     limitsMap.put(TABULAR_INGEST_SIZE_LIMITS_DEFAULT_KEY, -1L);
                     
-                    for (String formatName : limits.keySet()) {
+                    for (Map.Entry<String, JsonValue> format : limits.entrySet()) {
+                        String formatName = format.getKey();
                         String lowercaseFormatName = formatName.toLowerCase();
                         
                         try {
-                            JsonValue value = limits.get(formatName);
-                            Long sizeOption;
+                            JsonValue value = format.getValue();
+                            long sizeOption;
                             
                             // We want to be able to use either numbers or string values, so detect which one it is.
+                            // This is necessary as we need to tell the JSON parser what to do, it doesn't automatically handle this for us.
                             if (value.getValueType() == JsonValue.ValueType.STRING) {
-                                sizeOption = Long.valueOf(limits.getString(formatName));
+                                sizeOption = Long.parseLong(limits.getString(formatName));
                             } else if (value.getValueType() == JsonValue.ValueType.NUMBER) {
+                                // Will throw if not a whole number!
                                 sizeOption = limits.getJsonNumber(formatName).longValueExact();
                             } else {
-                                logger.warning("Invalid value type for format " + formatName + ": expected string or number");
+                                logger.warning(() -> "Invalid value type for format " + formatName + ": expected string or number");
                                 logger.warning("Disabling all tabular ingest completely until fixed!");
                                 return Map.of(TABULAR_INGEST_SIZE_LIMITS_DEFAULT_KEY, 0L);
                             }
                             
                             limitsMap.put(lowercaseFormatName, sizeOption);
                         } catch (NumberFormatException nfe) {
-                            logger.warning("Could not convert " + SettingsServiceBean.Key.TabularIngestSizeLimit + " to long for format " + formatName + " (not a valid number)");
+                            logger.warning(() -> "Could not convert " + SettingsServiceBean.Key.TabularIngestSizeLimit + " to long for format " + formatName + " (not a valid number)");
                             logger.warning("Disabling all tabular ingest completely until fixed!");
                             return Map.of(TABULAR_INGEST_SIZE_LIMITS_DEFAULT_KEY, 0L);
                         } catch (ArithmeticException ae) {
-                            logger.warning("Number too large or has fractional part for format " + formatName);
+                            logger.warning(() -> "Number too large or has fractional part for format " + formatName);
                             logger.warning("Disabling all tabular ingest completely until fixed!");
                             return Map.of(TABULAR_INGEST_SIZE_LIMITS_DEFAULT_KEY, 0L);
                         }
@@ -558,7 +561,7 @@ public Map<String, Long> getTabularIngestSizeLimits() {
                     
                     return Collections.unmodifiableMap(limitsMap);
                 } catch (JsonParsingException e) {
-                    logger.warning("Invalid TabularIngestSizeLimit option found, cannot parse JSON: " + e.getMessage());
+                    logger.warning(() -> "Invalid TabularIngestSizeLimit option found, cannot parse JSON: " + e.getMessage());
                     logger.warning("Disabling all tabular ingest completely until fixed!");
                     return Map.of(TABULAR_INGEST_SIZE_LIMITS_DEFAULT_KEY, 0L);
                 }
@@ -568,7 +571,7 @@ public Map<String, Long> getTabularIngestSizeLimits() {
                     Long limit = Long.valueOf(limitEntry);
                     return Map.of(TABULAR_INGEST_SIZE_LIMITS_DEFAULT_KEY, limit);
                 } catch (NumberFormatException nfe) {
-                    logger.warning("Could not convert " + SettingsServiceBean.Key.TabularIngestSizeLimit + " to long: " + nfe);
+                    logger.warning(() -> "Could not convert " + SettingsServiceBean.Key.TabularIngestSizeLimit + " to long: " + nfe);
                     logger.warning("Disabling all tabular ingest completely until fixed!");
                     return Map.of(TABULAR_INGEST_SIZE_LIMITS_DEFAULT_KEY, 0L);
                 }

From 37df10396daf6edea3066b03640dcdffefc9ea4d Mon Sep 17 00:00:00 2001
From: Oliver Bertuch <o.bertuch@fz-juelich.de>
Date: Fri, 5 Dec 2025 08:26:06 +0100
Subject: [PATCH 563/634] style: remove unused (& illegal) Spring `@Value`
 import from `SystemConfigTest`

---
 .../java/edu/harvard/iq/dataverse/util/SystemConfigTest.java     | 1 -
 1 file changed, 1 deletion(-)

diff --git a/src/test/java/edu/harvard/iq/dataverse/util/SystemConfigTest.java b/src/test/java/edu/harvard/iq/dataverse/util/SystemConfigTest.java
index 0bf14ec5b59..123aacc601d 100644
--- a/src/test/java/edu/harvard/iq/dataverse/util/SystemConfigTest.java
+++ b/src/test/java/edu/harvard/iq/dataverse/util/SystemConfigTest.java
@@ -12,7 +12,6 @@
 import org.mockito.InjectMocks;
 import org.mockito.Mock;
 import org.mockito.junit.jupiter.MockitoExtension;
-import org.springframework.beans.factory.annotation.Value;
 
 import java.util.Map;
 

From 58468e6211b8ea3c580c22dcb85aa03cb9a21830 Mon Sep 17 00:00:00 2001
From: Steven Ferey <steven.ferey@gmail.com>
Date: Fri, 5 Dec 2025 11:19:49 +0100
Subject: [PATCH 564/634] 12021 - Broken link modification

---
 src/main/java/propertyFiles/Bundle.properties | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/main/java/propertyFiles/Bundle.properties b/src/main/java/propertyFiles/Bundle.properties
index 14a33e24119..f801c762752 100644
--- a/src/main/java/propertyFiles/Bundle.properties
+++ b/src/main/java/propertyFiles/Bundle.properties
@@ -1559,7 +1559,7 @@ metrics.dataset.title=Dataset Metrics
 metrics.dataset.tip.default=Aggregated metrics for this dataset.
 metrics.dataset.makedatacount.title=Make Data Count (MDC) Metrics
 metrics.dataset.makedatacount.since=since
-metrics.dataset.tip.makedatacount=Metrics collected using <a href="https://makedatacount.org/counter-code-of-practice-for-research-data/" target="_blank" rel="noopener"/>Make Data Count</a> standards.
+metrics.dataset.tip.makedatacount=Metrics collected using <a href="https://makedatacount.org/read-our-blog/bringing-the-counter-code-of-practice-for-research-data-and-counter-release-5-1-together/" target="_blank" rel="noopener"/>Make Data Count</a> standards.
 metrics.dataset.views.tip=Aggregate of views of the dataset landing page, file views, and file downloads.
 metrics.dataset.downloads.default.tip=Total aggregated downloads of files in this dataset.
 metrics.dataset.downloads.makedatacount.tip=Each file downloaded is counted as 1, and added to the total download count.

From 4ab16f3f240f040f90a87d02d7e6df23c1a128cc Mon Sep 17 00:00:00 2001
From: Jim Myers <qqmyers@hotmail.com>
Date: Fri, 5 Dec 2025 11:39:13 -0500
Subject: [PATCH 565/634] make test order independent

---
 .../edu/harvard/iq/dataverse/api/DatasetsIT.java   | 14 +++++++++++---
 1 file changed, 11 insertions(+), 3 deletions(-)

diff --git a/src/test/java/edu/harvard/iq/dataverse/api/DatasetsIT.java b/src/test/java/edu/harvard/iq/dataverse/api/DatasetsIT.java
index 39c66f9888f..d4531ec21cf 100644
--- a/src/test/java/edu/harvard/iq/dataverse/api/DatasetsIT.java
+++ b/src/test/java/edu/harvard/iq/dataverse/api/DatasetsIT.java
@@ -3703,9 +3703,17 @@ public void testSemanticMetadataAPIs() {
         // Look for a second description
         jsonLDString = getData(response.getBody().asString());
         jsonLDObject = JSONLDUtil.decontextualizeJsonLD(jsonLDString);
-        assertEquals("New description",
-                ((JsonObject) jsonLDObject.getJsonArray("https://dataverse.org/schema/citation/dsDescription").get(1))
-                        .getString("https://dataverse.org/schema/citation/dsDescriptionValue"));
+        JsonArray descriptions = jsonLDObject.getJsonArray("https://dataverse.org/schema/citation/dsDescription");
+        assertEquals(2, descriptions.size(), "Should have two descriptions");
+        boolean foundNewDescription = false;
+        for (int i = 0; i < descriptions.size(); i++) {
+            JsonObject desc = descriptions.getJsonObject(i);
+            if ("New description".equals(desc.getString("https://dataverse.org/schema/citation/dsDescriptionValue"))) {
+                foundNewDescription = true;
+                break;
+            }
+        }
+        assertTrue(foundNewDescription, "Should find 'New description' in the descriptions array");
 
         // Can't add terms of use with replace=false and a value already set (single
         // valued field)

From 7cccdd7e6c08f1b21c2c064e154a193c5abe235d Mon Sep 17 00:00:00 2001
From: Philip Durbin <philip_durbin@harvard.edu>
Date: Fri, 5 Dec 2025 15:17:02 -0500
Subject: [PATCH 566/634] use release independent URL

---
 doc/release-notes/11522-licenses-added.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/doc/release-notes/11522-licenses-added.md b/doc/release-notes/11522-licenses-added.md
index 6afbb0fcb2c..f20e2874ce4 100644
--- a/doc/release-notes/11522-licenses-added.md
+++ b/doc/release-notes/11522-licenses-added.md
@@ -14,4 +14,4 @@ The following country-specific license has been added:
 
 - Open Government Licence (OGL UK)
 
-The licenses above are widely recognized and used in Europe and beyond to promote data and software sharing. See [the guides](https://guides.dataverse.org/en/6.7/installation/config.html#configuring-licenses) and #11522.
+The licenses above are widely recognized and used in Europe and beyond to promote data and software sharing. See [the guides](https://dataverse-guide--11522.org.readthedocs.build/en/11522/installation/config.html#configuring-licenses) and #11522.

From 0a215c5424c6c99ca6771833da788b96b54d2109 Mon Sep 17 00:00:00 2001
From: Philip Durbin <philip_durbin@harvard.edu>
Date: Fri, 5 Dec 2025 15:17:23 -0500
Subject: [PATCH 567/634] add periods for consistency

---
 doc/sphinx-guides/source/installation/config.rst | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/doc/sphinx-guides/source/installation/config.rst b/doc/sphinx-guides/source/installation/config.rst
index 642d4279e47..5f1df35549f 100644
--- a/doc/sphinx-guides/source/installation/config.rst
+++ b/doc/sphinx-guides/source/installation/config.rst
@@ -2161,8 +2161,8 @@ Contributing to the Collection of Standard Licenses Above
 
 If you do not find the license JSON you need above, you are encouraged to contribute it to this documentation. Following the Dataverse 6.2 release, we have standardized on the following procedure:
 
-- Look for the license at https://spdx.org/licenses/
-- ``cd scripts/api/data/licenses``
+- Look for the license at https://spdx.org/licenses/.
+- ``cd scripts/api/data/licenses``.
 - Copy an existing license as a starting point.
 - Name your file using the SPDX identifier. For example, if the identifier is ``Apache-2.0``, you should name your file ``licenseApache-2.0.json``.
 - For the ``name`` field, use the "short identifier" from the SPDX landing page (e.g. ``Apache-2.0``).

From 28d90a7e85c9a0cd26e25543eb86656e1580fc1a Mon Sep 17 00:00:00 2001
From: Oliver Bertuch <o.bertuch@fz-juelich.de>
Date: Mon, 8 Dec 2025 14:43:19 +0100
Subject: [PATCH 568/634] docs(settings): clarify Javadocs on
 TabularIngestSizeLimit usage #11639

---
 .../dataverse/settings/SettingsServiceBean.java   | 15 ++++++++-------
 1 file changed, 8 insertions(+), 7 deletions(-)

diff --git a/src/main/java/edu/harvard/iq/dataverse/settings/SettingsServiceBean.java b/src/main/java/edu/harvard/iq/dataverse/settings/SettingsServiceBean.java
index 8e09088c30f..37d26995017 100644
--- a/src/main/java/edu/harvard/iq/dataverse/settings/SettingsServiceBean.java
+++ b/src/main/java/edu/harvard/iq/dataverse/settings/SettingsServiceBean.java
@@ -303,13 +303,14 @@ public enum Key {
          */
         @Deprecated(since = "6.2", forRemoval = true)
         SystemEmail, 
-        /* size limit for Tabular data file ingests */
-        /* (can be set separately for specific ingestable formats; in which 
-        case the actual stored option will be TabularIngestSizeLimit:{FORMAT_NAME}
-        where {FORMAT_NAME} is the format identification tag returned by the 
-        getFormatName() method in the format-specific plugin; "sav" for the 
-        SPSS/sav format, "RData" for R, etc.
-        for example: :TabularIngestSizeLimit:RData */
+        
+        /**
+        <p>Size limit (in bytes) for tabular file ingest. Accepts either a single numeric value or JSON for per-format control.</p>
+        <p>Values: -1 (or absent) = no limit, 0 = disable ingest, >0 = byte threshold, or JSON object.</p>
+        <p>JSON object allows setting a "default" (same as single byte value) and override limits per-format for: CSV, DTA, POR, Rdata, SAV, XLSX.
+        Example: <code>{"default": "536870912", "CSV": "0", "Rdata": "1000000"}</code></p>
+        <p>Format names are case-insensitive. Invalid settings disable ingest until corrected.</p>
+        */
         TabularIngestSizeLimit,
         /* Validate physical files in the dataset when publishing, if the dataset size less than the threshold limit */
         DatasetChecksumValidationSizeLimit,

From 2f662ec895e21d1dcfe18fde8495a34786c44146 Mon Sep 17 00:00:00 2001
From: Oliver Bertuch <o.bertuch@fz-juelich.de>
Date: Mon, 8 Dec 2025 14:47:00 +0100
Subject: [PATCH 569/634] test(files): refactor tabular ingest size limit tests
 with parameterized approach #11639

Simplified and improved test structure by introducing nested classes, parameterized tests, and utility methods for TabularIngestSizeLimit configurations. Enhanced code readability and reusability.
---
 .../edu/harvard/iq/dataverse/api/FilesIT.java | 280 +++++++-----------
 1 file changed, 102 insertions(+), 178 deletions(-)

diff --git a/src/test/java/edu/harvard/iq/dataverse/api/FilesIT.java b/src/test/java/edu/harvard/iq/dataverse/api/FilesIT.java
index 83eb80104f3..24ccfd11bed 100644
--- a/src/test/java/edu/harvard/iq/dataverse/api/FilesIT.java
+++ b/src/test/java/edu/harvard/iq/dataverse/api/FilesIT.java
@@ -9,17 +9,22 @@
 import io.restassured.RestAssured;
 import io.restassured.response.Response;
 
+import java.nio.charset.StandardCharsets;
 import java.util.*;
 import java.util.logging.Logger;
 
 import edu.harvard.iq.dataverse.api.auth.ApiKeyAuthMechanism;
 import jakarta.json.JsonObject;
+import jakarta.ws.rs.core.Response.Status;
 import org.assertj.core.util.Lists;
+import org.hamcrest.Matcher;
+import org.junit.jupiter.api.Nested;
 import org.junit.jupiter.api.Test;
 import org.junit.jupiter.api.BeforeAll;
 import io.restassured.path.json.JsonPath;
 
 import static edu.harvard.iq.dataverse.api.ApiConstants.*;
+import static edu.harvard.iq.dataverse.settings.SettingsServiceBean.Key;
 import static io.restassured.path.json.JsonPath.with;
 import io.restassured.path.xml.XmlPath;
 import edu.harvard.iq.dataverse.settings.SettingsServiceBean;
@@ -45,6 +50,10 @@
 import org.hamcrest.CoreMatchers;
 import org.hamcrest.Matchers;
 import org.junit.jupiter.api.AfterAll;
+import org.junit.jupiter.api.io.TempDir;
+import org.junit.jupiter.params.ParameterizedTest;
+import org.junit.jupiter.params.provider.Arguments;
+import org.junit.jupiter.params.provider.MethodSource;
 
 import static org.hamcrest.CoreMatchers.*;
 import static org.junit.jupiter.api.Assertions.*;
@@ -59,15 +68,11 @@ public static void setUpClass() {
 
         Response removePublicInstall = UtilIT.deleteSetting(SettingsServiceBean.Key.PublicInstall);
         removePublicInstall.then().assertThat().statusCode(200);
-
-        Response removeLimit = UtilIT.deleteSetting(SettingsServiceBean.Key.TabularIngestSizeLimit);
-        removeLimit.then().assertThat().statusCode(OK.getStatusCode());
     }
 
     @AfterAll
     public static void tearDownClass() {
         UtilIT.deleteSetting(SettingsServiceBean.Key.PublicInstall);
-        UtilIT.deleteSetting(SettingsServiceBean.Key.TabularIngestSizeLimit);
     }
 
     /**
@@ -1211,183 +1216,102 @@ public void test_AddFileBadUploadFormat() {
         }
 
     }
-
-    @Test
-    public void testIngestSizeLimits() throws InterruptedException, IOException {
-        Response createUser = UtilIT.createRandomUser();
-        createUser.then().assertThat().statusCode(OK.getStatusCode());
-        String username = UtilIT.getUsernameFromResponse(createUser);
-        String apiToken = UtilIT.getApiTokenFromResponse(createUser);
-        Response makeSuperUser = UtilIT.setSuperuserStatus(username, true);
-        makeSuperUser.then().assertThat().statusCode(OK.getStatusCode());
-
-        Response createDataverseResponse = UtilIT.createRandomDataverse(apiToken);
-        createDataverseResponse.prettyPrint();
-        String dataverseAlias = UtilIT.getAliasFromResponse(createDataverseResponse);
-        Response createDatasetResponse = UtilIT.createRandomDatasetViaNativeApi(dataverseAlias, apiToken);
-        createDatasetResponse.prettyPrint();
-        Integer datasetId = JsonPath.from(createDatasetResponse.body().asString()).getInt("data.id");
-
-        String tinyCsvOnly = """
-{
-  "csv": "50"
-}
-""";
-
-        Response setLimit = UtilIT.setSetting(SettingsServiceBean.Key.TabularIngestSizeLimit, tinyCsvOnly);
-        setLimit.then().assertThat().statusCode(OK.getStatusCode());
-
-        Path pathToDataFile = Paths.get(java.nio.file.Files.createTempDirectory(null) + File.separator + "data.csv");
-        String contentOfCsv = ""
-                + "name,pounds,species,treats\n"
-                + "Midnight,15,dog,milkbones\n"
-                + "Tiger,17,cat,cat grass\n"
-                + "Panther,21,cat,cat nip\n";
-        java.nio.file.Files.write(pathToDataFile, contentOfCsv.getBytes());
-
-        Response uploadFile = UtilIT.uploadFileViaNative(datasetId.toString(), pathToDataFile.toString(), apiToken);
-        uploadFile.prettyPrint();
-        uploadFile.then().assertThat()
-                .statusCode(OK.getStatusCode())
-                .body("data.files[0].label", equalTo("data.csv"));
-
-        String fileId1 = JsonPath.from(uploadFile.body().asString()).getString("data.files[0].dataFile.id");
-
-        Response getTabularFails = UtilIT.getFileDataTables(fileId1, apiToken);
-        getTabularFails.prettyPrint();
-        getTabularFails.then().assertThat()
-                .statusCode(BAD_REQUEST.getStatusCode())
-                .body("message", equalTo(BundleUtil.getStringFromBundle("files.api.only.tabular.supported")));
-
-        String largerCsv = """
-{
-  "csv": "123456"
-}
-""";
-
-        setLimit = UtilIT.setSetting(SettingsServiceBean.Key.TabularIngestSizeLimit, largerCsv);
-        setLimit.then().assertThat().statusCode(OK.getStatusCode());
-
-        uploadFile = UtilIT.uploadFileViaNative(datasetId.toString(), pathToDataFile.toString(), apiToken);
-        uploadFile.prettyPrint();
-        uploadFile.then().assertThat()
-                .statusCode(OK.getStatusCode())
-                .body("data.files[0].label", equalTo("data-1.csv"));
-
-        assertTrue(UtilIT.sleepForLock(datasetId.longValue(), "Ingest", apiToken, UtilIT.MAXIMUM_INGEST_LOCK_DURATION), "Failed test if Ingest Lock exceeds max duration " + pathToDataFile);
-
-        String fileId2 = JsonPath.from(uploadFile.body().asString()).getString("data.files[0].dataFile.id");
-
-        Response getTabularWorks = UtilIT.getFileDataTables(fileId2, apiToken);
-        getTabularWorks.prettyPrint();
-        getTabularWorks.then().assertThat()
-                .statusCode(OK.getStatusCode())
-                .body("data[0].varQuantity", equalTo(4));
-
-        String tinyDefaultSize = """
-{
-  "default": "50"
-}
-""";
-
-        setLimit = UtilIT.setSetting(SettingsServiceBean.Key.TabularIngestSizeLimit, tinyDefaultSize);
-        setLimit.then().assertThat().statusCode(OK.getStatusCode());
-
-        uploadFile = UtilIT.uploadFileViaNative(datasetId.toString(), pathToDataFile.toString(), apiToken);
-        uploadFile.prettyPrint();
-        uploadFile.then().assertThat()
-                .statusCode(OK.getStatusCode())
-                .body("data.files[0].label", equalTo("data-2.csv"));
-
-        String fileId3 = JsonPath.from(uploadFile.body().asString()).getString("data.files[0].dataFile.id");
-
-        getTabularFails = UtilIT.getFileDataTables(fileId3, apiToken);
-        getTabularFails.prettyPrint();
-        getTabularFails.then().assertThat()
-                .statusCode(BAD_REQUEST.getStatusCode())
-                .body("message", equalTo(BundleUtil.getStringFromBundle("files.api.only.tabular.supported")));
-
-        // The behavior of `"default": "-2"` is not documented in the guides
-        // but it acts like `"default": "0"` which disables ingest.
-        String unexpectedNegativeDefault = """
-{
-  "default": "-2"
-}
-""";
-
-        setLimit = UtilIT.setSetting(SettingsServiceBean.Key.TabularIngestSizeLimit, unexpectedNegativeDefault);
-        setLimit.then().assertThat().statusCode(OK.getStatusCode());
-
-        uploadFile = UtilIT.uploadFileViaNative(datasetId.toString(), pathToDataFile.toString(), apiToken);
-        uploadFile.prettyPrint();
-        uploadFile.then().assertThat()
-                .statusCode(OK.getStatusCode())
-                .body("data.files[0].label", equalTo("data-3.csv"));
-
-        String fileId4 = JsonPath.from(uploadFile.body().asString()).getString("data.files[0].dataFile.id");
-
-        getTabularFails = UtilIT.getFileDataTables(fileId4, apiToken);
-        getTabularFails.prettyPrint();
-        getTabularFails.then().assertThat()
-                .statusCode(BAD_REQUEST.getStatusCode())
-                .body("message", equalTo(BundleUtil.getStringFromBundle("files.api.only.tabular.supported")));
-
-        // As the guides say, you MUST provide a string, not a JSON number.
-        // That is, `"123"` in quotes rather than `123` with no quotes.
-        // If you provide a number (no quotes) rather than a string,
-        // all ingest will be disabled and you'll see an error in server.log
-        // about how the system is misconfigured.
-        String invalidNonString = """
-{
-  "default": 987654321
-}
-""";
-
-        setLimit = UtilIT.setSetting(SettingsServiceBean.Key.TabularIngestSizeLimit, invalidNonString);
-        setLimit.then().assertThat().statusCode(OK.getStatusCode());
-
-        uploadFile = UtilIT.uploadFileViaNative(datasetId.toString(), pathToDataFile.toString(), apiToken);
-        uploadFile.prettyPrint();
-        uploadFile.then().assertThat()
-                .statusCode(OK.getStatusCode())
-                .body("data.files[0].label", equalTo("data-4.csv"));
-
-        String fileId5 = JsonPath.from(uploadFile.body().asString()).getString("data.files[0].dataFile.id");
-
-        getTabularFails = UtilIT.getFileDataTables(fileId5, apiToken);
-        getTabularFails.prettyPrint();
-        getTabularFails.then().assertThat()
-                .statusCode(BAD_REQUEST.getStatusCode())
-                .body("message", equalTo(BundleUtil.getStringFromBundle("files.api.only.tabular.supported")));
-
-        String defaultDisabledAndLargeCsvLimit = """
-{
-  "default": "0",
-  "csv": "123456"
-}
-""";
-
-        setLimit = UtilIT.setSetting(SettingsServiceBean.Key.TabularIngestSizeLimit, defaultDisabledAndLargeCsvLimit);
-        setLimit.then().assertThat().statusCode(OK.getStatusCode());
-
-        uploadFile = UtilIT.uploadFileViaNative(datasetId.toString(), pathToDataFile.toString(), apiToken);
-        uploadFile.prettyPrint();
-        uploadFile.then().assertThat()
-                .statusCode(OK.getStatusCode())
-                .body("data.files[0].label", equalTo("data-5.csv"));
-
-        String fileId6 = JsonPath.from(uploadFile.body().asString()).getString("data.files[0].dataFile.id");
-
-        getTabularWorks = UtilIT.getFileDataTables(fileId2, apiToken);
-        getTabularWorks.prettyPrint();
-        getTabularWorks.then().assertThat()
+    
+    @Nested
+    class IngestSizeLimits {
+        
+        static String apiToken;
+        static int datasetId;
+        @TempDir
+        static Path tempDir;
+        static String csvFileName = "data.csv";
+        static Path csvFile;
+        static final String csvData =
+            """
+            name,pounds,species,treats
+            Midnight,15,dog,milkbones
+            Tiger,17,cat,cat grass
+            Panther,21,cat,cat nip
+            """;
+        
+        @BeforeAll
+        static void setup() throws IOException {
+            // Create random user, collection and dataset to work with
+            Response createUser = UtilIT.createRandomUser();
+            createUser.then().assertThat().statusCode(OK.getStatusCode());
+            String username = UtilIT.getUsernameFromResponse(createUser);
+            apiToken = UtilIT.getApiTokenFromResponse(createUser);
+            Response makeSuperUser = UtilIT.setSuperuserStatus(username, true);
+            makeSuperUser.then().assertThat().statusCode(OK.getStatusCode());
+            
+            Response createDataverseResponse = UtilIT.createRandomDataverse(apiToken);
+            createDataverseResponse.prettyPrint();
+            String dataverseAlias = UtilIT.getAliasFromResponse(createDataverseResponse);
+            Response createDatasetResponse = UtilIT.createRandomDatasetViaNativeApi(dataverseAlias, apiToken);
+            createDatasetResponse.prettyPrint();
+            datasetId = JsonPath.from(createDatasetResponse.body().asString()).getInt("data.id");
+            
+            // Create CSV datafile to work with
+            csvFile = tempDir.resolve(csvFileName);
+            java.nio.file.Files.writeString(csvFile, csvData, StandardCharsets.UTF_8);
+        }
+        
+        @AfterAll
+        static void teardown() {
+            // Remove the setting for test isolation purposes
+            Response removeLimit = UtilIT.deleteSetting(Key.TabularIngestSizeLimit);
+            removeLimit.then().assertThat().statusCode(OK.getStatusCode());
+        }
+        
+        static List<Arguments> configurations() {
+            return List.of(
+                // Too small for 134 chars
+                Arguments.of("{\"csv\": 50}", BAD_REQUEST, "message", equalTo(BundleUtil.getStringFromBundle("files.api.only.tabular.supported"))),
+                Arguments.of("{\"default\": 50.0}", BAD_REQUEST, "message", equalTo(BundleUtil.getStringFromBundle("files.api.only.tabular.supported"))),
+                
+                // The behavior of `"default": "-2"` is not documented in the guides
+                // but it acts like `"default": "0"` which disables ingest.
+                Arguments.of("{\"default\": -2}", BAD_REQUEST, "message", equalTo(BundleUtil.getStringFromBundle("files.api.only.tabular.supported"))),
+                
+                // Large enough :-)
+                Arguments.of("{\"csv\": 123456}", OK, "data[0].varQuantity", equalTo(4)),
+                // Default is disabled, but exception for CSV
+                Arguments.of("{\"default\": 0,\"csv\": 123456}", OK, "data[0].varQuantity", equalTo(4))
+            );
+        }
+        
+        @ParameterizedTest
+        @MethodSource("configurations")
+        void testIngestSizeLimits(String ingestSizeLimitConfig, Status expectedStatus, String jsonPath, Matcher matcher) throws IOException {
+            // given
+            Response setLimit = UtilIT.setSetting(Key.TabularIngestSizeLimit, ingestSizeLimitConfig);
+            setLimit.then().assertThat().statusCode(OK.getStatusCode());
+            
+            // when
+            Response uploadResponse = UtilIT.uploadFileViaNative(Integer.toString(datasetId), csvFile.toString(), apiToken);
+            //uploadResponse.prettyPrint();
+            uploadResponse.then().assertThat()
                 .statusCode(OK.getStatusCode())
-                .body("data[0].varQuantity", equalTo(4));
-
-        Response removeLimit = UtilIT.deleteSetting(SettingsServiceBean.Key.TabularIngestSizeLimit);
-        removeLimit.then().assertThat().statusCode(OK.getStatusCode());
+                .body("data.files[0].label", equalTo(csvFileName));
+            String fileId = JsonPath.from(uploadResponse.body().asString()).getString("data.files[0].dataFile.id");
+            
+            // Wait for ingest to complete
+            assertTrue(UtilIT.sleepForLock(datasetId, "Ingest", apiToken, UtilIT.MAXIMUM_INGEST_LOCK_DURATION),
+                "Failed test if Ingest Lock exceeds max duration");
+            
+            // then
+            Response getTabularFails = UtilIT.getFileDataTables(fileId, apiToken);
+            //getTabularFails.prettyPrint();
+            getTabularFails.then().assertThat()
+                .statusCode(expectedStatus.getStatusCode())
+                .body(jsonPath, matcher);
+            
+            // delete the file for the next test
+            UtilIT.deleteFile(Integer.valueOf(fileId), apiToken);
+        }
     }
 
+
     @Test
     public void testUningestFileViaApi() throws InterruptedException {
         Response createUser = UtilIT.createRandomUser();

From cd5f33d00a42d15fb0e27334a4c40e6806533cbe Mon Sep 17 00:00:00 2001
From: Oliver Bertuch <o.bertuch@fz-juelich.de>
Date: Mon, 8 Dec 2025 14:51:00 +0100
Subject: [PATCH 570/634] test(files): expand TabularIngestSizeLimit tests with
 additional numeric value cases #11639

Added more test cases to validate support for various numeric formats, including integers, strings, and decimals, in TabularIngestSizeLimit configurations.
---
 src/test/java/edu/harvard/iq/dataverse/api/FilesIT.java | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/src/test/java/edu/harvard/iq/dataverse/api/FilesIT.java b/src/test/java/edu/harvard/iq/dataverse/api/FilesIT.java
index 24ccfd11bed..0e693f207e8 100644
--- a/src/test/java/edu/harvard/iq/dataverse/api/FilesIT.java
+++ b/src/test/java/edu/harvard/iq/dataverse/api/FilesIT.java
@@ -1274,7 +1274,12 @@ static List<Arguments> configurations() {
                 Arguments.of("{\"default\": -2}", BAD_REQUEST, "message", equalTo(BundleUtil.getStringFromBundle("files.api.only.tabular.supported"))),
                 
                 // Large enough :-)
+                Arguments.of("-1", OK, "data[0].varQuantity", equalTo(4)),
+                Arguments.of("123456", OK, "data[0].varQuantity", equalTo(4)),
+                Arguments.of("{\"default\": 123456}", OK, "data[0].varQuantity", equalTo(4)),
                 Arguments.of("{\"csv\": 123456}", OK, "data[0].varQuantity", equalTo(4)),
+                Arguments.of("{\"csv\": \"123457\"}", OK, "data[0].varQuantity", equalTo(4)),
+                Arguments.of("{\"csv\": 123458.0}", OK, "data[0].varQuantity", equalTo(4)),
                 // Default is disabled, but exception for CSV
                 Arguments.of("{\"default\": 0,\"csv\": 123456}", OK, "data[0].varQuantity", equalTo(4))
             );
@@ -1282,7 +1287,7 @@ static List<Arguments> configurations() {
         
         @ParameterizedTest
         @MethodSource("configurations")
-        void testIngestSizeLimits(String ingestSizeLimitConfig, Status expectedStatus, String jsonPath, Matcher matcher) throws IOException {
+        void testIngestSizeLimits(String ingestSizeLimitConfig, Status expectedStatus, String jsonPath, Matcher matcher) {
             // given
             Response setLimit = UtilIT.setSetting(Key.TabularIngestSizeLimit, ingestSizeLimitConfig);
             setLimit.then().assertThat().statusCode(OK.getStatusCode());

From e2ae1d741c5492ea0cbd59720dd519634ddf74c1 Mon Sep 17 00:00:00 2001
From: Philip Durbin <philip_durbin@harvard.edu>
Date: Mon, 8 Dec 2025 10:44:06 -0500
Subject: [PATCH 571/634] claify "add license" procedure and make incoming
 licenses comply #11521

---
 doc/sphinx-guides/source/installation/config.rst | 14 ++++++++++----
 scripts/api/data/licenses/licenseEUPL-1.2.json   |  2 +-
 scripts/api/data/licenses/licenseODC-By-1.0.json |  4 ++--
 scripts/api/data/licenses/licenseODbL-1.0.json   |  4 ++--
 scripts/api/data/licenses/licenseOGL-UK-3.0.json |  2 +-
 scripts/api/data/licenses/licensePDDL-1.0.json   |  2 +-
 6 files changed, 17 insertions(+), 11 deletions(-)

diff --git a/doc/sphinx-guides/source/installation/config.rst b/doc/sphinx-guides/source/installation/config.rst
index 5f1df35549f..1c085bedc62 100644
--- a/doc/sphinx-guides/source/installation/config.rst
+++ b/doc/sphinx-guides/source/installation/config.rst
@@ -2159,23 +2159,29 @@ Adding Country-Specific Licenses
 Contributing to the Collection of Standard Licenses Above
 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
 
-If you do not find the license JSON you need above, you are encouraged to contribute it to this documentation. Following the Dataverse 6.2 release, we have standardized on the following procedure:
+If you do not find the license JSON you need above, you are encouraged to contribute it to this documentation. Following the Dataverse 6.9 release, we have standardized on the following procedure:
 
-- Look for the license at https://spdx.org/licenses/.
+- Look for the license at https://spdx.org/licenses/ and https://github.com/datacite/bracco/blob/main/app/spdx.js.
 - ``cd scripts/api/data/licenses``.
 - Copy an existing license as a starting point.
 - Name your file using the SPDX identifier. For example, if the identifier is ``Apache-2.0``, you should name your file ``licenseApache-2.0.json``.
 - For the ``name`` field, use the "short identifier" from the SPDX landing page (e.g. ``Apache-2.0``).
 - For the ``shortDescription`` field, use the "full name" from the SPDX landing page (e.g. ``Apache License 2.0``) followed by a period (full-stop) (e.g. ``Apache License 2.0.``).
-- For the ``uri`` field, we encourage you to use the same resource that DataCite uses, which is often the same as the first "Other web pages for this license" on the SPDX page for the license. When these differ, or there are other concerns about the URI DataCite uses, please reach out to the community to see if a consensus can be reached.
+- For the ``uri`` field, use the same resource that DataCite uses, which is often the same as the first "Other web pages for this license" on the SPDX page for the license. Look at the ``seeAlso`` array for the license at https://github.com/datacite/bracco/blob/main/app/spdx.js to be sure. When these differ, or there are other concerns about the URI DataCite uses, please reach out to the community to see if a consensus can be reached. See :ref:`support`.
 - For the ``active`` field, put ``true``.
 - For the ``sortOrder`` field, put the next sequential number after checking previous files with ``grep sortOrder scripts/api/data/licenses/*``.
 - For the ``rightsIdentifier`` field, use the identifier from SPDX (e.g. ``Apache-2.0``).
 - For the ``rightsIdentifierScheme`` field, use "SPDX".
 - For the ``schemeUri`` field, use "https://spdx.org/licenses/".
 - For the ``languageCode`` field, use "en".
+- For all of the fields above, resist the urge to change the spelling of words like license/licence, center/centre, etc. SPDX is the upstream authority, and they have the following `varietal word spelling policy <https://github.com/spdx/license-list-XML/blob/v3.27.0/DOCS/license-matching-guidelines-and-templates.md#8-varietal-word-spelling->`_: "The words in each line of the text file available at https://spdx.org/licenses/equivalentwords.txt are considered equivalent and interchangeable."
 
-Note that prior to Dataverse 6.2, various license above have been added that do not adhere perfectly with this procedure. For example, the ``name`` for the CC0 license is ``CC0 1.0`` (no dash) rather than ``CC0-1.0`` (with a dash). We are keeping the existing names for backward compatibility. For more on standarizing license configuration, see https://github.com/IQSS/dataverse/issues/8512
+In the past, licenses have been added that do not adhere perfectly with the procedure above. Here are known inconsistencies:
+
+- The ``name`` for the CC licenses don't have a dash as their SPDX short identifiers do (e.g. CC-BY-4.0, CC-BY-NC-4.0, CC-BY-NC-ND-4.0, CC-BY-NC-SA-4.0, CC-BY-ND-4.0, CC-BY-SA-4.0, CC0-1.0). For example, the ``name`` for the CC0 license is ``CC0 1.0`` (no dash) rather than ``CC0-1.0`` (with a dash). We are keeping the existing names without dashes for backward compatibility.
+- The ``uri`` for Creative Commons licenses comes from the Creative Commons website rather than SPDX or DataCite. As with ``name``, we are keeping ``uri`` the as-is for these licenses for backward compatibility. For more on our attempts to standardize license configuration, see https://github.com/IQSS/dataverse/issues/8512 and https://github.com/IQSS/dataverse/pull/11522.
+- The ``uri`` for Etalab is https://spdx.org/licenses/etalab-2.0 rather than a link listed in SPDX or DataCite.
+- The ``shortDescription`` doesn't have a trailing period for Apache-2.0, Etalab, and MIT.
 
 Adding Custom Licenses
 ^^^^^^^^^^^^^^^^^^^^^^
diff --git a/scripts/api/data/licenses/licenseEUPL-1.2.json b/scripts/api/data/licenses/licenseEUPL-1.2.json
index cb3afad2fea..b87d66f0aa8 100644
--- a/scripts/api/data/licenses/licenseEUPL-1.2.json
+++ b/scripts/api/data/licenses/licenseEUPL-1.2.json
@@ -1,7 +1,7 @@
 {
   "name": "EUPL-1.2",
   "uri": "https://joinup.ec.europa.eu/page/eupl-text-11-12",
-  "shortDescription": "European Union Public License 1.2",
+  "shortDescription": "European Union Public License 1.2.",
   "active": true,
   "sortOrder": 14,
   "rightsIdentifier": "EUPL-1.2",
diff --git a/scripts/api/data/licenses/licenseODC-By-1.0.json b/scripts/api/data/licenses/licenseODC-By-1.0.json
index fdeab439d86..27bd08f0bcf 100644
--- a/scripts/api/data/licenses/licenseODC-By-1.0.json
+++ b/scripts/api/data/licenses/licenseODC-By-1.0.json
@@ -1,11 +1,11 @@
 {
   "name": "ODC-By-1.0",
   "uri": "https://opendatacommons.org/licenses/by/1.0/",
-  "shortDescription": "Open Data Commons Attribution License v1.0",
+  "shortDescription": "Open Data Commons Attribution License v1.0.",
   "active": true,
   "sortOrder": 12,
   "rightsIdentifier": "ODC-By-1.0",
   "rightsIdentifierScheme": "SPDX",
   "schemeUri": "https://spdx.org/licenses/",
   "languageCode": "en"
-}
\ No newline at end of file
+}
diff --git a/scripts/api/data/licenses/licenseODbL-1.0.json b/scripts/api/data/licenses/licenseODbL-1.0.json
index bf13ad404b4..cca01be3365 100644
--- a/scripts/api/data/licenses/licenseODbL-1.0.json
+++ b/scripts/api/data/licenses/licenseODbL-1.0.json
@@ -1,11 +1,11 @@
 {
   "name": "ODbL-1.0",
   "uri": "http://www.opendatacommons.org/licenses/odbl/1.0/",
-  "shortDescription": "Open Data Commons Open Database License v1.0",
+  "shortDescription": "Open Data Commons Open Database License v1.0.",
   "active": true,
   "sortOrder": 11,
   "rightsIdentifier": "ODbL-1.0",
   "rightsIdentifierScheme": "SPDX",
   "schemeUri": "https://spdx.org/licenses/",
   "languageCode": "en"
-}
\ No newline at end of file
+}
diff --git a/scripts/api/data/licenses/licenseOGL-UK-3.0.json b/scripts/api/data/licenses/licenseOGL-UK-3.0.json
index 7363645e075..4bc39476af2 100644
--- a/scripts/api/data/licenses/licenseOGL-UK-3.0.json
+++ b/scripts/api/data/licenses/licenseOGL-UK-3.0.json
@@ -1,5 +1,5 @@
 {
-  "name": "OGL UK 3.0",
+  "name": "OGL-UK-3.0",
   "uri": "https://www.nationalarchives.gov.uk/doc/open-government-licence/version/3",
   "shortDescription": "Open Government Licence v3.0.",
   "active": true,
diff --git a/scripts/api/data/licenses/licensePDDL-1.0.json b/scripts/api/data/licenses/licensePDDL-1.0.json
index 986b97e5b01..12a4fe00bc7 100644
--- a/scripts/api/data/licenses/licensePDDL-1.0.json
+++ b/scripts/api/data/licenses/licensePDDL-1.0.json
@@ -1,7 +1,7 @@
 {
   "name": "PDDL-1.0",
   "uri": "http://opendatacommons.org/licenses/pddl/1.0/",
-  "shortDescription": "Open Data Commons Public Domain Dedication & License 1.0",
+  "shortDescription": "Open Data Commons Public Domain Dedication & License 1.0.",
   "active": true,
   "sortOrder": 13,
   "rightsIdentifier": "PDDL-1.0",

From bc056fbce7be6e4618326a952bc01aa02a6ce471 Mon Sep 17 00:00:00 2001
From: Philip Durbin <philip_durbin@harvard.edu>
Date: Mon, 8 Dec 2025 14:43:34 -0500
Subject: [PATCH 572/634] stub out 6.9 release notes, add Payara upgrade #11879

---
 doc/release-notes/11827-Payara-6.2025.10.md |  16 ---
 doc/release-notes/6.9-release-notes.md      | 137 ++++++++++++++++++++
 2 files changed, 137 insertions(+), 16 deletions(-)
 delete mode 100644 doc/release-notes/11827-Payara-6.2025.10.md
 create mode 100644 doc/release-notes/6.9-release-notes.md

diff --git a/doc/release-notes/11827-Payara-6.2025.10.md b/doc/release-notes/11827-Payara-6.2025.10.md
deleted file mode 100644
index 271b7dbb5ea..00000000000
--- a/doc/release-notes/11827-Payara-6.2025.10.md
+++ /dev/null
@@ -1,16 +0,0 @@
-The recommended Payara version has been updated to Payara-6.2025.10
-
-Payara 6.2025.10 cannot be used with earlier versions of Dataverse, e.g. v6.8.
-
-Standard Payara upgrade instructions - as in the 6.7 release notes should be added, 
-but we should assure the instructions don't have you trying to run 6.8 with the latest Payara 
-and perhaps should explicitly note that you can't. 
-
-We should also change the 'standard' language related to Payara updates to include copying the
-*.p12 files from the distributed domain1/config directory into the Dataverse domain1/config directory,
-at least if/when they are different. Those files include base certs and over time using the old files
-can cause SSL errors. If the domain.xml file is old enough, it may also reference *.jks files instead
-of the *.p12 ones. That should also be fixed (domain.xml having those lines updated to reference *.p12 files).
-FWIW: I ran across this at TDL where a dev machine stopped being able to contact DataCite because the root
-cert used by DataCite today is not in the *.jks files that had been copied forward during Payara updates.)
-
diff --git a/doc/release-notes/6.9-release-notes.md b/doc/release-notes/6.9-release-notes.md
new file mode 100644
index 00000000000..7765487b9a8
--- /dev/null
+++ b/doc/release-notes/6.9-release-notes.md
@@ -0,0 +1,137 @@
+# Dataverse 6.9
+
+Please note: To read these instructions in full, please go to https://github.com/IQSS/dataverse/releases/tag/v6.9 rather than the [list of releases](https://github.com/IQSS/dataverse/releases), which will cut them off.
+
+This release brings new features, enhancements, and bug fixes to Dataverse. Thank you to all of the community members who contributed code, suggestions, bug reports, and other assistance across the project!
+
+## Release Highlights
+
+Highlights for Dataverse 6.9 include:
+
+- Infrastructure upgrade: Payara
+- New and improved APIs
+- Bug fixes
+
+## Features Added
+
+## Bugs Fixed
+
+## API Updates
+
+## Security Updates
+
+This release contains important security updates. If you are not receiving security notices, please sign up by following [the steps](https://guides.dataverse.org/en/latest/installation/config.html#ongoing-security-of-your-installation) in the guides.
+
+## Developer Updates
+
+## End-Of-Life (EOL) Announcements
+
+### PostgreSQL 13 Reached EOL on 13 November 2025
+
+We mentioned this in the Dataverse [6.6](https://github.com/IQSS/dataverse/releases/tag/v6.6) and [6.8](https://github.com/IQSS/dataverse/releases/tag/v6.6) release notes, but as a reminder, according to https://www.postgresql.org/support/versioning/ PostgreSQL 13 reached EOL on 13 November 2025. As mentioned in the [Installation Guide](https://guides.dataverse.org/en/6.9/installation/prerequisites.html#postgresql), we recommend running PostgreSQL 16 since it is the version we test with in our continuous integration ([since](https://github.com/gdcc/dataverse-ansible/commit/8ebbd84ad2cf3903b8f995f0d34578250f4223ff) February 2025). The [Dataverse 5.4 release notes](https://github.com/IQSS/dataverse/releases/tag/v5.4) explained the upgrade process from 9 to 13 (e.g. pg_dumpall, etc.) and the steps will be similar. If you have any problems, please feel free to reach out (see "getting help" in these release notes).
+
+## New Settings
+
+## Deprecated Settings
+
+## Backward Incompatible Changes
+
+Generally speaking, see the [API Changelog](https://guides.dataverse.org/en/latest/api/changelog.html) for a list of backward-incompatible API changes.
+
+## Complete List of Changes
+
+For the complete list of code changes in this release, see the [6.9 milestone](https://github.com/IQSS/dataverse/issues?q=milestone%3A6.9+is%3Aclosed) in GitHub.
+
+## Getting Help
+
+For help with upgrading, installing, or general questions please see [getting help](https://guides.dataverse.org/en/latest/installation/intro.html#getting-help) in the Installation Guide.
+
+## Installation
+
+If this is a new installation, please follow our [Installation Guide](https://guides.dataverse.org/en/latest/installation/). Please don't be shy about [asking for help](https://guides.dataverse.org/en/latest/installation/intro.html#getting-help) if you need it!
+
+Once you are in production, we would be delighted to update our [map of Dataverse installations around the world](https://dataverse.org/installations) to include yours! Please [create an issue](https://github.com/IQSS/dataverse-installations/issues) or email us at support@dataverse.org to join the club!
+
+You are also very welcome to join the [Global Dataverse Community Consortium](https://www.gdcc.io/) (GDCC).
+
+## Upgrade Instructions
+
+Upgrading requires a maintenance window and downtime. Please plan accordingly, create backups of your database, etc.
+
+These instructions assume that you've already upgraded through all the 5.x releases and are now running Dataverse 6.8.
+
+0\. These instructions assume that you are upgrading from the immediate previous version. See [tags on GitHub](https://github.com/IQSS/dataverse/tags) for a list of versions. If you are running an earlier version, the only supported way to upgrade is to progress through the upgrades to all the releases in between before attempting the upgrade to this version.
+
+If you are running Payara as a non-root user (and you should be!), **remember not to execute the commands below as root**. By default, Payara runs as the `dataverse` user. In the commands below, we use sudo to run the commands as a non-root user.
+
+Also, we assume that Payara 6 is installed in `/usr/local/payara6`. If not, adjust as needed.
+
+```shell
+export PAYARA=/usr/local/payara6
+```
+
+(or `setenv PAYARA /usr/local/payara6` if you are using a `csh`-like shell)
+
+1\. List deployed applications
+
+```shell
+$PAYARA/bin/asadmin list-applications
+```
+
+2\. Undeploy the previous version (should match "list-applications" above)
+
+```shell
+$PAYARA/bin/asadmin undeploy dataverse-6.8
+```
+
+3\. Stop Payara
+
+```shell
+sudo service payara stop
+```
+
+4\. Upgrade to Payara 6.2025.10
+
+The recommended Payara version has been updated to Payara 6.2025.10. See #11827.
+
+Payara 6.2025.10 cannot be used with earlier versions of Dataverse, e.g. v6.8.
+
+The steps below reuse your existing domain directory with the new distribution of Payara. You may also want to review the Payara upgrade instructions as it could be helpful during any troubleshooting:
+[Payara Release Notes](https://docs.payara.fish/community/docs/6.2025.10/Release%20Notes/Release%20Notes%206.2025.10.html).
+We also recommend you ensure you followed all update instructions from the past releases regarding Payara.
+(The most recent Payara update was for [Dataverse 6.7](https://github.com/IQSS/dataverse/releases/tag/v6.7).)
+
+Move the current Payara directory out of the way:
+
+```shell
+mv $PAYARA $PAYARA.6.2025.3
+```
+
+Download the new Payara version 6.2025.10 (from https://www.payara.fish/downloads/payara-platform-community-edition/ or https://nexus.payara.fish/repository/payara-community/fish/payara/distributions/payara/6.2025.10/payara-6.2025.10.zip), and unzip it in its place:
+
+```shell
+cd /usr/local
+unzip payara-6.2025.10.zip
+```
+
+Replace the brand new `payara/glassfish/domains/domain1` with your old, preserved domain1:
+
+```shell
+mv payara6/glassfish/domains/domain1 payara6/glassfish/domains/domain1_DIST
+mv payara6.6.2025.3/glassfish/domains/domain1 payara6/glassfish/domains/
+```
+
+Once your old, preserved domain1 directory is in place, copy the *.p12 files from distributed domain1/config directory into it, at least if they are different. These files include base certs. Over time, using the old cert files can cause SSL errors. If the domain.xml file is old enough, it may also reference *.jks files instead of the *.p12 ones. If so, update domain.xml so that these lines reference *.p12 files instead of *.jks files.
+
+5\. Download and deploy this version
+
+```shell
+wget https://github.com/IQSS/dataverse/releases/download/v6.9/dataverse-6.9.war
+$PAYARA/bin/asadmin deploy dataverse-6.9.war
+```
+
+6\. For installations with internationalization or text customizations:
+
+Please remember to update translations via [Dataverse language packs](https://github.com/GlobalDataverseCommunityConsortium/dataverse-language-packs).
+
+If you have text customizations you can get the latest English files from <https://github.com/IQSS/dataverse/tree/v6.9/src/main/java/propertyFiles>.
\ No newline at end of file

From c5599236434ace8dfe50e9b3c12d66012cb35c67 Mon Sep 17 00:00:00 2001
From: Philip Durbin <philip_durbin@harvard.edu>
Date: Mon, 8 Dec 2025 14:55:14 -0500
Subject: [PATCH 573/634] add Quickstart Guide #11879

---
 doc/release-notes/6.9-release-notes.md | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/doc/release-notes/6.9-release-notes.md b/doc/release-notes/6.9-release-notes.md
index 7765487b9a8..8de061117f0 100644
--- a/doc/release-notes/6.9-release-notes.md
+++ b/doc/release-notes/6.9-release-notes.md
@@ -8,12 +8,17 @@ This release brings new features, enhancements, and bug fixes to Dataverse. Than
 
 Highlights for Dataverse 6.9 include:
 
+- Quickstart Guide
 - Infrastructure upgrade: Payara
 - New and improved APIs
 - Bug fixes
 
 ## Features Added
 
+### Quickstart Guide
+
+A new [Quickstart Guide](https://guides.dataverse.org/en/6.9/quickstart/index.html) has been added to help researchers understand what Dataverse is, how to publish datasets and collections, and how to find data. Buttons have been added to the top of the User Guide to direct people to these pages. Feedback on this new guide is welcome, such as through [Google Groups](https://groups.google.com/g/dataverse-community/c/TXOEFv9-0kY/m/RT5XV0QiAgAJ), [Zulip](https://dataverse.zulipchat.com/#narrow/channel/446770-docs/topic/Quickstart.20Guide.20'Publish.20a.20Dataset'/with/561675778), or the [Documentation Working Group](https://www.gdcc.io/working-groups/documentation.html). Special thanks to Dieuwertje Bloemen for writing most of the guide and to Vaida Plankytė for contributing. See https://guides.dataverse.org/en/6.9/quickstart and #11653.
+
 ## Bugs Fixed
 
 ## API Updates

From 066a7bf1f3c87037a45c625b4a868505105df8cf Mon Sep 17 00:00:00 2001
From: Philip Durbin <philip_durbin@harvard.edu>
Date: Mon, 8 Dec 2025 15:24:52 -0500
Subject: [PATCH 574/634] add big data admin guide

---
 doc/release-notes/11850-big-data-admin-guide.md | 3 ---
 doc/release-notes/6.9-release-notes.md          | 5 +++++
 2 files changed, 5 insertions(+), 3 deletions(-)
 delete mode 100644 doc/release-notes/11850-big-data-admin-guide.md

diff --git a/doc/release-notes/11850-big-data-admin-guide.md b/doc/release-notes/11850-big-data-admin-guide.md
deleted file mode 100644
index e7bd0b87781..00000000000
--- a/doc/release-notes/11850-big-data-admin-guide.md
+++ /dev/null
@@ -1,3 +0,0 @@
-### Big Data Admin Section
-
-- A new section - Scaling Dataverse with Data Size - has been added to the Admin Guide. It is intended to help administrators configure Dataverse appropriately to handle larger amounts of data.
diff --git a/doc/release-notes/6.9-release-notes.md b/doc/release-notes/6.9-release-notes.md
index 8de061117f0..2b8b767cadc 100644
--- a/doc/release-notes/6.9-release-notes.md
+++ b/doc/release-notes/6.9-release-notes.md
@@ -9,6 +9,7 @@ This release brings new features, enhancements, and bug fixes to Dataverse. Than
 Highlights for Dataverse 6.9 include:
 
 - Quickstart Guide
+- Scaling Dataverse with Data Size (Admin Guide)
 - Infrastructure upgrade: Payara
 - New and improved APIs
 - Bug fixes
@@ -19,6 +20,10 @@ Highlights for Dataverse 6.9 include:
 
 A new [Quickstart Guide](https://guides.dataverse.org/en/6.9/quickstart/index.html) has been added to help researchers understand what Dataverse is, how to publish datasets and collections, and how to find data. Buttons have been added to the top of the User Guide to direct people to these pages. Feedback on this new guide is welcome, such as through [Google Groups](https://groups.google.com/g/dataverse-community/c/TXOEFv9-0kY/m/RT5XV0QiAgAJ), [Zulip](https://dataverse.zulipchat.com/#narrow/channel/446770-docs/topic/Quickstart.20Guide.20'Publish.20a.20Dataset'/with/561675778), or the [Documentation Working Group](https://www.gdcc.io/working-groups/documentation.html). Special thanks to Dieuwertje Bloemen for writing most of the guide and to Vaida Plankytė for contributing. See https://guides.dataverse.org/en/6.9/quickstart and #11653.
 
+### Scaling Dataverse with Data Size (Admin Guide)
+
+A new section, [Scaling Dataverse with Data Size](https://guides.dataverse.org/en/6.9/admin/big-data-administration.html), has been added to the Admin Guide. It is intended to help administrators configure Dataverse appropriately to handle larger amounts of data. See https://guides.dataverse.org/en/6.9/admin/big-data-administration.html and #11850.
+
 ## Bugs Fixed
 
 ## API Updates

From 1699c0188e352a3ca7d6065ee17673b009c085bd Mon Sep 17 00:00:00 2001
From: Philip Durbin <philip_durbin@harvard.edu>
Date: Tue, 9 Dec 2025 09:09:14 -0500
Subject: [PATCH 575/634] use same language for rightsIdentifier as name #11521

---
 doc/sphinx-guides/source/installation/config.rst | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/doc/sphinx-guides/source/installation/config.rst b/doc/sphinx-guides/source/installation/config.rst
index 1c085bedc62..c25110cc6a3 100644
--- a/doc/sphinx-guides/source/installation/config.rst
+++ b/doc/sphinx-guides/source/installation/config.rst
@@ -2170,7 +2170,7 @@ If you do not find the license JSON you need above, you are encouraged to contri
 - For the ``uri`` field, use the same resource that DataCite uses, which is often the same as the first "Other web pages for this license" on the SPDX page for the license. Look at the ``seeAlso`` array for the license at https://github.com/datacite/bracco/blob/main/app/spdx.js to be sure. When these differ, or there are other concerns about the URI DataCite uses, please reach out to the community to see if a consensus can be reached. See :ref:`support`.
 - For the ``active`` field, put ``true``.
 - For the ``sortOrder`` field, put the next sequential number after checking previous files with ``grep sortOrder scripts/api/data/licenses/*``.
-- For the ``rightsIdentifier`` field, use the identifier from SPDX (e.g. ``Apache-2.0``).
+- For the ``rightsIdentifier`` field, use the "short identifier" from the SPDX landing page (e.g. ``Apache-2.0``).
 - For the ``rightsIdentifierScheme`` field, use "SPDX".
 - For the ``schemeUri`` field, use "https://spdx.org/licenses/".
 - For the ``languageCode`` field, use "en".

From 428a55c2a86dd362d178fced3d6a8c4d99db4f38 Mon Sep 17 00:00:00 2001
From: Philip Durbin <philip_durbin@harvard.edu>
Date: Tue, 9 Dec 2025 09:23:43 -0500
Subject: [PATCH 576/634] draft in UI for file access

---
 doc/release-notes/6.9-release-notes.md                        | 4 ++++
 .../7618-file-level-permissions-restricted-draft.md           | 3 ---
 2 files changed, 4 insertions(+), 3 deletions(-)
 delete mode 100644 doc/release-notes/7618-file-level-permissions-restricted-draft.md

diff --git a/doc/release-notes/6.9-release-notes.md b/doc/release-notes/6.9-release-notes.md
index 2b8b767cadc..d78c8558b2b 100644
--- a/doc/release-notes/6.9-release-notes.md
+++ b/doc/release-notes/6.9-release-notes.md
@@ -24,6 +24,10 @@ A new [Quickstart Guide](https://guides.dataverse.org/en/6.9/quickstart/index.ht
 
 A new section, [Scaling Dataverse with Data Size](https://guides.dataverse.org/en/6.9/admin/big-data-administration.html), has been added to the Admin Guide. It is intended to help administrators configure Dataverse appropriately to handle larger amounts of data. See https://guides.dataverse.org/en/6.9/admin/big-data-administration.html and #11850.
 
+### Other Features Added
+
+- In the UI for granting file access, restricted files in draft will now show "Draft/Unpublished". See #7618 and #11794.
+
 ## Bugs Fixed
 
 ## API Updates
diff --git a/doc/release-notes/7618-file-level-permissions-restricted-draft.md b/doc/release-notes/7618-file-level-permissions-restricted-draft.md
deleted file mode 100644
index 6b674ee7ec3..00000000000
--- a/doc/release-notes/7618-file-level-permissions-restricted-draft.md
+++ /dev/null
@@ -1,3 +0,0 @@
-File level permissions: Restricted files in Draft will now show a "Draft/Unpublished" tag in the UI when granting file access
-
-See #7618

From 0fc0bdcac3bd6c751490cad43e2bdde9afa2fa34 Mon Sep 17 00:00:00 2001
From: Philip Durbin <philip_durbin@harvard.edu>
Date: Tue, 9 Dec 2025 09:29:52 -0500
Subject: [PATCH 577/634] allowed langs

---
 doc/release-notes/6.9-release-notes.md         | 2 ++
 doc/release-notes/metadataLanguage-API-call.md | 6 ------
 2 files changed, 2 insertions(+), 6 deletions(-)
 delete mode 100644 doc/release-notes/metadataLanguage-API-call.md

diff --git a/doc/release-notes/6.9-release-notes.md b/doc/release-notes/6.9-release-notes.md
index d78c8558b2b..9c22e52df24 100644
--- a/doc/release-notes/6.9-release-notes.md
+++ b/doc/release-notes/6.9-release-notes.md
@@ -32,6 +32,8 @@ A new section, [Scaling Dataverse with Data Size](https://guides.dataverse.org/e
 
 ## API Updates
 
+- A new API endpoint has been implemented for getting and setting the metadata language of a collection. See [the guides](https://guides.dataverse.org/en/6.9/api/native-api.html#list-the-allowed-metadata-languages-of-a-dataverse-collection), 11856, and #11857.
+
 ## Security Updates
 
 This release contains important security updates. If you are not receiving security notices, please sign up by following [the steps](https://guides.dataverse.org/en/latest/installation/config.html#ongoing-security-of-your-installation) in the guides.
diff --git a/doc/release-notes/metadataLanguage-API-call.md b/doc/release-notes/metadataLanguage-API-call.md
deleted file mode 100644
index 9e2598cf159..00000000000
--- a/doc/release-notes/metadataLanguage-API-call.md
+++ /dev/null
@@ -1,6 +0,0 @@
-A new API endpoint has been implemented for getting the metadata language of a Dataverse Collection:
-
-`GET /dataverses/{alias}/allowedMetadataLanguages`: Returns the specified metadata language(s) in the collection if any.
-`PUT /dataverses/{alias}/allowedMetadataLanguages{metadataLanguage}`: Sets a metadata language in the collection.
-
-For more information, see #11856 and #11856.
\ No newline at end of file

From bb7d7a38ae21f2112a28484dada69dbe35ae201e Mon Sep 17 00:00:00 2001
From: Philip Durbin <philip_durbin@harvard.edu>
Date: Tue, 9 Dec 2025 09:47:50 -0500
Subject: [PATCH 578/634] coar notify

---
 doc/release-notes/10490-COAR-Notify.md | 23 -----------------------
 doc/release-notes/6.9-release-notes.md | 16 ++++++++++++++++
 2 files changed, 16 insertions(+), 23 deletions(-)
 delete mode 100644 doc/release-notes/10490-COAR-Notify.md

diff --git a/doc/release-notes/10490-COAR-Notify.md b/doc/release-notes/10490-COAR-Notify.md
deleted file mode 100644
index 0419466f424..00000000000
--- a/doc/release-notes/10490-COAR-Notify.md
+++ /dev/null
@@ -1,23 +0,0 @@
-### Support for COAR Notify Relationship Announcement
-
-Dataverse now supports sending and receiving [Linked Data Notification ](https://www.w3.org/TR/ldn/) messages involved in the 
-[COAR Notify Relationship Announcement Workflow](https://coar-notify.net/catalogue/workflows/repository-relationship-repository/).
-
-Dataverse can send messages to configured repositories announcing that a dataset has a related publication (as defined in the dataset metadata). This may be done automatically upon publication or triggered manually by a superuser. The receiving repository may do anything with the message, with the default expectation being that the repository will create a backlink from the publication to the dataset (assuming the publication exists in the repository, admins agree the link makes sense, etc.)
-
-Conversely, Dataverse can receive notices from other configured repositories announcing relationships between their publications and datasets. If the referenced dataset exists in the Dataverse instance, a notification will be sent to users who can publish the dataset, or, optionally, only superusers who can publish the dataset. They can then decide whether to create a backlink to the publication in the dataset metadata.
-
-(Earlier releases of Dataverse had experimental support in this area that was based on message formats defined prior to finalization of the COAR Notify specification for relationship announcements.)
-
-#### New Settings/JVM Options
-
-Configuration for sending messages involves specifying the
-:COARNotifyRelationshipAnnouncementTargets and :COARNotifyRelationshipAnnouncementTriggerFields
-
-Configuration to receive messages involves specifying
-DATAVERSE_LDN_ALLOWED_HOSTS (dataverse.ldn.allowed-hosts)
-
-Notifications are sent by default to users who can publish a dataset. The option below can be used to restrict notifications to superusers who can publish the dataset.
- 
-DATAVERSE_COAR_NOTIFY_RELATIONSHIP_ANNOUNCEMENT_NOTIFY_SUPERSUSERS_ONLY
-
diff --git a/doc/release-notes/6.9-release-notes.md b/doc/release-notes/6.9-release-notes.md
index 9c22e52df24..3058434ca63 100644
--- a/doc/release-notes/6.9-release-notes.md
+++ b/doc/release-notes/6.9-release-notes.md
@@ -10,6 +10,7 @@ Highlights for Dataverse 6.9 include:
 
 - Quickstart Guide
 - Scaling Dataverse with Data Size (Admin Guide)
+- Support for COAR Notify Relationship Announcement
 - Infrastructure upgrade: Payara
 - New and improved APIs
 - Bug fixes
@@ -24,6 +25,16 @@ A new [Quickstart Guide](https://guides.dataverse.org/en/6.9/quickstart/index.ht
 
 A new section, [Scaling Dataverse with Data Size](https://guides.dataverse.org/en/6.9/admin/big-data-administration.html), has been added to the Admin Guide. It is intended to help administrators configure Dataverse appropriately to handle larger amounts of data. See https://guides.dataverse.org/en/6.9/admin/big-data-administration.html and #11850.
 
+### Support for COAR Notify Relationship Announcement
+
+Dataverse now supports sending and receiving [Linked Data Notification ](https://www.w3.org/TR/ldn/) messages involved in the [COAR Notify Relationship Announcement Workflow](https://coar-notify.net/catalogue/workflows/repository-relationship-repository/).
+
+Dataverse can send messages to configured repositories announcing that a dataset has a related publication (as defined in the dataset metadata). This may be done automatically upon publication or triggered manually by a superuser. The receiving repository may do anything with the message, with the default expectation being that the repository will create a backlink from the publication to the dataset (assuming the publication exists in the repository, admins agree the link makes sense, etc.)
+
+Conversely, Dataverse can receive notices from other configured repositories announcing relationships between their publications and datasets. If the referenced dataset exists in the Dataverse instance, a notification will be sent to users who can publish the dataset, or, optionally, only superusers who can publish the dataset. They can then decide whether to create a backlink to the publication in the dataset metadata.
+
+See [the guides](https://guides.dataverse.org/en/6.9/developers/workflows.html#coarnotifyrelationshipannouncement), #8914, and #10490. (Earlier releases of Dataverse had experimental support in this area that was based on message formats defined prior to finalization of the COAR Notify specification for relationship announcements.)
+
 ### Other Features Added
 
 - In the UI for granting file access, restricted files in draft will now show "Draft/Unpublished". See #7618 and #11794.
@@ -48,6 +59,11 @@ We mentioned this in the Dataverse [6.6](https://github.com/IQSS/dataverse/relea
 
 ## New Settings
 
+- :COARNotifyRelationshipAnnouncementTargets
+- :COARNotifyRelationshipAnnouncementTriggerFields
+- dataverse.coar-notify.relationship-announcement.notify-superusers-only
+- dataverse.ldn.allowed-hosts
+
 ## Deprecated Settings
 
 ## Backward Incompatible Changes

From ae25a6f4ba0704feb279cdb831066fb211bb5d78 Mon Sep 17 00:00:00 2001
From: Philip Durbin <philip_durbin@harvard.edu>
Date: Tue, 9 Dec 2025 10:11:36 -0500
Subject: [PATCH 579/634] role assignment history

---
 doc/release-notes/11612-RAHistory.md   | 17 -----------------
 doc/release-notes/6.9-release-notes.md |  6 ++++++
 2 files changed, 6 insertions(+), 17 deletions(-)
 delete mode 100644 doc/release-notes/11612-RAHistory.md

diff --git a/doc/release-notes/11612-RAHistory.md b/doc/release-notes/11612-RAHistory.md
deleted file mode 100644
index 82df91c3913..00000000000
--- a/doc/release-notes/11612-RAHistory.md
+++ /dev/null
@@ -1,17 +0,0 @@
-# Role Assignment History Tracking
-
-Dataverse can now track the history of role assignments, allowing administrators to see who assigned or revoked roles, when these actions occurred, and which roles were involved. This feature helps with auditing and understanding permission changes over time.
-
-## Key components of this feature:
-
-- **Feature Flag**: The functionality can be enabled/disabled via the `ROLE_ASSIGNMENT_HISTORY` feature flag (default is `off`)
-- **UI Integration**: New history panels on permission management pages showing the complete history of role assignments/revocations
-- **CSV Export**: Administrators can download the role assignment history for a given collection or dataset (or files in a dataset) as a CSV file directly from the new panels
-- **API Access**: New API endpoints provide access to role assignment history in both JSON and CSV formats:
-  - `/api/dataverses/{identifier}/assignments/history`
-  - `/api/datasets/{identifier}/assignments/history`
-  - `/api/datasets/{identifier}/files/assignments/history`
-  
-All return JSON by default but will return an internationalized CSV if an `Accept: text/csv` header is adde
-
-For more information, see #11612
\ No newline at end of file
diff --git a/doc/release-notes/6.9-release-notes.md b/doc/release-notes/6.9-release-notes.md
index 3058434ca63..33625147d42 100644
--- a/doc/release-notes/6.9-release-notes.md
+++ b/doc/release-notes/6.9-release-notes.md
@@ -9,6 +9,7 @@ This release brings new features, enhancements, and bug fixes to Dataverse. Than
 Highlights for Dataverse 6.9 include:
 
 - Quickstart Guide
+- Role Assignment History Tracking
 - Scaling Dataverse with Data Size (Admin Guide)
 - Support for COAR Notify Relationship Announcement
 - Infrastructure upgrade: Payara
@@ -21,6 +22,10 @@ Highlights for Dataverse 6.9 include:
 
 A new [Quickstart Guide](https://guides.dataverse.org/en/6.9/quickstart/index.html) has been added to help researchers understand what Dataverse is, how to publish datasets and collections, and how to find data. Buttons have been added to the top of the User Guide to direct people to these pages. Feedback on this new guide is welcome, such as through [Google Groups](https://groups.google.com/g/dataverse-community/c/TXOEFv9-0kY/m/RT5XV0QiAgAJ), [Zulip](https://dataverse.zulipchat.com/#narrow/channel/446770-docs/topic/Quickstart.20Guide.20'Publish.20a.20Dataset'/with/561675778), or the [Documentation Working Group](https://www.gdcc.io/working-groups/documentation.html). Special thanks to Dieuwertje Bloemen for writing most of the guide and to Vaida Plankytė for contributing. See https://guides.dataverse.org/en/6.9/quickstart and #11653.
 
+# Role Assignment History Tracking
+
+Dataverse can now track the history of role assignments, allowing administrators to see who assigned or revoked roles, when these actions occurred, and which roles were involved. This feature helps with auditing and understanding permission changes over time. An additional column called "Role Assignment History" has been added to the permission management page for collections. The information can also be downloaded via API in CSV and JSON formats. This feature is off by default but can be enabled with the "role-assignment-history" [feature flag](https://guides.dataverse.org/en/6.8/installation/config.html#feature-flags). See the [User Guide](https://guides.dataverse.org/en/6.9/user/dataverse-management.html#roles-permissions), [API Guide](https://guides.dataverse.org/en/6.9/api/native-api.html#dataverse-role-assignment-history), and #11612.
+
 ### Scaling Dataverse with Data Size (Admin Guide)
 
 A new section, [Scaling Dataverse with Data Size](https://guides.dataverse.org/en/6.9/admin/big-data-administration.html), has been added to the Admin Guide. It is intended to help administrators configure Dataverse appropriately to handle larger amounts of data. See https://guides.dataverse.org/en/6.9/admin/big-data-administration.html and #11850.
@@ -62,6 +67,7 @@ We mentioned this in the Dataverse [6.6](https://github.com/IQSS/dataverse/relea
 - :COARNotifyRelationshipAnnouncementTargets
 - :COARNotifyRelationshipAnnouncementTriggerFields
 - dataverse.coar-notify.relationship-announcement.notify-superusers-only
+- dataverse.feature.role-assignment-history
 - dataverse.ldn.allowed-hosts
 
 ## Deprecated Settings

From f6d8fad6e3bef54e9719caf483e8ed7293d4dbe3 Mon Sep 17 00:00:00 2001
From: Philip Durbin <philip_durbin@harvard.edu>
Date: Tue, 9 Dec 2025 10:17:03 -0500
Subject: [PATCH 580/634] =?UTF-8?q?=F0=9F=A5=90?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 doc/release-notes/11752-croissant-restricted.md | 13 -------------
 doc/release-notes/6.9-release-notes.md          | 14 +++++++++++++-
 2 files changed, 13 insertions(+), 14 deletions(-)
 delete mode 100644 doc/release-notes/11752-croissant-restricted.md

diff --git a/doc/release-notes/11752-croissant-restricted.md b/doc/release-notes/11752-croissant-restricted.md
deleted file mode 100644
index ced0ef4eaa7..00000000000
--- a/doc/release-notes/11752-croissant-restricted.md
+++ /dev/null
@@ -1,13 +0,0 @@
-- The optional Croissant exporter has been updated to 0.1.6 to prevent variable names, variable descriptions, and variable types from being exposed for restricted files. See https://github.com/gdcc/exporter-croissant/pull/20 and #11752.
-
-## Upgrade Instructions
-
-### Update Croissant exporter, if enabled, and reexport metadata
-
-If you have enabled the Croissant dataset metadata exporter, you should upgrade to version 0.1.6.
-
-- Stop Payara.
-- Delete the old Croissant exporter jar file. It will be located in the directory defined by the `dataverse.spi.exporters.directory` setting.
-- Download the updated Croissant jar from https://repo1.maven.org/maven2/io/gdcc/export/croissant/ and place it in the same directory.
-- Restart Payara.
-- Run reExportAll.
diff --git a/doc/release-notes/6.9-release-notes.md b/doc/release-notes/6.9-release-notes.md
index 33625147d42..0eb041636ca 100644
--- a/doc/release-notes/6.9-release-notes.md
+++ b/doc/release-notes/6.9-release-notes.md
@@ -46,6 +46,8 @@ See [the guides](https://guides.dataverse.org/en/6.9/developers/workflows.html#c
 
 ## Bugs Fixed
 
+- The optional Croissant exporter has been updated to 0.1.6 to prevent variable names, variable descriptions, and variable types from being exposed for restricted files. See https://github.com/gdcc/exporter-croissant/pull/20 and #11752.
+
 ## API Updates
 
 - A new API endpoint has been implemented for getting and setting the metadata language of a collection. See [the guides](https://guides.dataverse.org/en/6.9/api/native-api.html#list-the-allowed-metadata-languages-of-a-dataverse-collection), 11856, and #11857.
@@ -172,4 +174,14 @@ $PAYARA/bin/asadmin deploy dataverse-6.9.war
 
 Please remember to update translations via [Dataverse language packs](https://github.com/GlobalDataverseCommunityConsortium/dataverse-language-packs).
 
-If you have text customizations you can get the latest English files from <https://github.com/IQSS/dataverse/tree/v6.9/src/main/java/propertyFiles>.
\ No newline at end of file
+If you have text customizations you can get the latest English files from <https://github.com/IQSS/dataverse/tree/v6.9/src/main/java/propertyFiles>.
+
+7\. Update Croissant exporter, if enabled, and reexport metadata
+
+If you have enabled the Croissant dataset metadata exporter, you should upgrade to version 0.1.6.
+
+- Stop Payara.
+- Delete the old Croissant exporter jar file. It will be located in the directory defined by the `dataverse.spi.exporters.directory` setting.
+- Download the updated Croissant jar from https://repo1.maven.org/maven2/io/gdcc/export/croissant/ and place it in the same directory.
+- Restart Payara.
+- Run reExportAll.

From 1943b1f9252f1ac52dcc2a1211283e1400bdf418 Mon Sep 17 00:00:00 2001
From: Philip Durbin <philip_durbin@harvard.edu>
Date: Tue, 9 Dec 2025 10:38:16 -0500
Subject: [PATCH 581/634] quotas per dataset

---
 doc/release-notes/11987-storage-quotas-on-datasets.md | 4 ----
 doc/release-notes/6.9-release-notes.md                | 5 +++++
 2 files changed, 5 insertions(+), 4 deletions(-)
 delete mode 100644 doc/release-notes/11987-storage-quotas-on-datasets.md

diff --git a/doc/release-notes/11987-storage-quotas-on-datasets.md b/doc/release-notes/11987-storage-quotas-on-datasets.md
deleted file mode 100644
index 79edba13cba..00000000000
--- a/doc/release-notes/11987-storage-quotas-on-datasets.md
+++ /dev/null
@@ -1,4 +0,0 @@
-It is now possible to define storage quotas on individual datasets. See the API guide for more information.
-The practical use case is for datasets in the top-level, root collection. This does not address the use case of a user creating multiple datasets. But there is an open dev. issue for adding per-user storage quotas as well.
-
-A convenience API `/api/datasets/{id}/uploadlimits` has been added to show the remaining storage and/or number of files quotas, if present.
\ No newline at end of file
diff --git a/doc/release-notes/6.9-release-notes.md b/doc/release-notes/6.9-release-notes.md
index 0eb041636ca..f17007feb1c 100644
--- a/doc/release-notes/6.9-release-notes.md
+++ b/doc/release-notes/6.9-release-notes.md
@@ -11,6 +11,7 @@ Highlights for Dataverse 6.9 include:
 - Quickstart Guide
 - Role Assignment History Tracking
 - Scaling Dataverse with Data Size (Admin Guide)
+- Storage Quotas on Individual Datasets
 - Support for COAR Notify Relationship Announcement
 - Infrastructure upgrade: Payara
 - New and improved APIs
@@ -30,6 +31,10 @@ Dataverse can now track the history of role assignments, allowing administrators
 
 A new section, [Scaling Dataverse with Data Size](https://guides.dataverse.org/en/6.9/admin/big-data-administration.html), has been added to the Admin Guide. It is intended to help administrators configure Dataverse appropriately to handle larger amounts of data. See https://guides.dataverse.org/en/6.9/admin/big-data-administration.html and #11850.
 
+### Storage Quotas on Individual Datasets
+
+It is now possible to define storage quotas on individual datasets via API. The practical use case is for datasets in the top-level root collection. This feature does not address the use case of a user creating multiple datasets (#11529). A convenience API `/api/datasets/{id}/uploadlimits` has been added to show the "remaining storage" and "number of files" quotas, if present. See [the guides](https://preview.guides.gdcc.io/en/develop/api/native-api.html#storage-quotas-on-individual-datasets), #11987, and #11997.
+
 ### Support for COAR Notify Relationship Announcement
 
 Dataverse now supports sending and receiving [Linked Data Notification ](https://www.w3.org/TR/ldn/) messages involved in the [COAR Notify Relationship Announcement Workflow](https://coar-notify.net/catalogue/workflows/repository-relationship-repository/).

From c5ce6b4562d3f0c35a93484666fdf60fab8785b1 Mon Sep 17 00:00:00 2001
From: Philip Durbin <philip_durbin@harvard.edu>
Date: Tue, 9 Dec 2025 14:04:08 -0500
Subject: [PATCH 582/634] more licenses

---
 doc/release-notes/11522-licenses-added.md | 17 -----------------
 doc/release-notes/6.9-release-notes.md    | 19 +++++++++++++++++++
 2 files changed, 19 insertions(+), 17 deletions(-)
 delete mode 100644 doc/release-notes/11522-licenses-added.md

diff --git a/doc/release-notes/11522-licenses-added.md b/doc/release-notes/11522-licenses-added.md
deleted file mode 100644
index f20e2874ce4..00000000000
--- a/doc/release-notes/11522-licenses-added.md
+++ /dev/null
@@ -1,17 +0,0 @@
-### Additional licenses
-
-The following Open Data Commons licenses have been added:
-
-- Open Database License (ODbL)
-- Open Data Commons Attribution License (ODC-By)
-- Open Data Commons Public Domain Dedication and License (PDDL))
-
-The following software license has been added:
-
-- European Union Public License (EUPL)
-
-The following country-specific license has been added:
-
-- Open Government Licence (OGL UK)
-
-The licenses above are widely recognized and used in Europe and beyond to promote data and software sharing. See [the guides](https://dataverse-guide--11522.org.readthedocs.build/en/11522/installation/config.html#configuring-licenses) and #11522.
diff --git a/doc/release-notes/6.9-release-notes.md b/doc/release-notes/6.9-release-notes.md
index f17007feb1c..560a88ea56f 100644
--- a/doc/release-notes/6.9-release-notes.md
+++ b/doc/release-notes/6.9-release-notes.md
@@ -12,6 +12,7 @@ Highlights for Dataverse 6.9 include:
 - Role Assignment History Tracking
 - Scaling Dataverse with Data Size (Admin Guide)
 - Storage Quotas on Individual Datasets
+- Additional Licenses
 - Support for COAR Notify Relationship Announcement
 - Infrastructure upgrade: Payara
 - New and improved APIs
@@ -35,6 +36,24 @@ A new section, [Scaling Dataverse with Data Size](https://guides.dataverse.org/e
 
 It is now possible to define storage quotas on individual datasets via API. The practical use case is for datasets in the top-level root collection. This feature does not address the use case of a user creating multiple datasets (#11529). A convenience API `/api/datasets/{id}/uploadlimits` has been added to show the "remaining storage" and "number of files" quotas, if present. See [the guides](https://preview.guides.gdcc.io/en/develop/api/native-api.html#storage-quotas-on-individual-datasets), #11987, and #11997.
 
+### Additional Licenses
+
+The following Open Data Commons licenses have been added:
+
+- Open Database License (ODbL)
+- Open Data Commons Attribution License (ODC-By)
+- Open Data Commons Public Domain Dedication and License (PDDL))
+
+The following software license has been added:
+
+- European Union Public License (EUPL)
+
+The following country-specific license has been added:
+
+- Open Government Licence (OGL UK)
+
+The licenses above are widely recognized and used in Europe and beyond to promote data and software sharing. See [the guides](https://guides.dataverse.org/en/6.9/installation/config.html#configuring-licenses) and #11522.
+
 ### Support for COAR Notify Relationship Announcement
 
 Dataverse now supports sending and receiving [Linked Data Notification ](https://www.w3.org/TR/ldn/) messages involved in the [COAR Notify Relationship Announcement Workflow](https://coar-notify.net/catalogue/workflows/repository-relationship-repository/).

From 6daeec961b25024e48d0111c6d423f9db97b1882 Mon Sep 17 00:00:00 2001
From: Philip Durbin <philip_durbin@harvard.edu>
Date: Tue, 9 Dec 2025 14:05:01 -0500
Subject: [PATCH 583/634] fix link

---
 doc/release-notes/6.9-release-notes.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/doc/release-notes/6.9-release-notes.md b/doc/release-notes/6.9-release-notes.md
index 560a88ea56f..4f9053c86d8 100644
--- a/doc/release-notes/6.9-release-notes.md
+++ b/doc/release-notes/6.9-release-notes.md
@@ -34,7 +34,7 @@ A new section, [Scaling Dataverse with Data Size](https://guides.dataverse.org/e
 
 ### Storage Quotas on Individual Datasets
 
-It is now possible to define storage quotas on individual datasets via API. The practical use case is for datasets in the top-level root collection. This feature does not address the use case of a user creating multiple datasets (#11529). A convenience API `/api/datasets/{id}/uploadlimits` has been added to show the "remaining storage" and "number of files" quotas, if present. See [the guides](https://preview.guides.gdcc.io/en/develop/api/native-api.html#storage-quotas-on-individual-datasets), #11987, and #11997.
+It is now possible to define storage quotas on individual datasets via API. The practical use case is for datasets in the top-level root collection. This feature does not address the use case of a user creating multiple datasets (#11529). A convenience API `/api/datasets/{id}/uploadlimits` has been added to show the "remaining storage" and "number of files" quotas, if present. See [the guides](https://guides.dataverse.org/en/6.9/api/native-api.html#storage-quotas-on-individual-datasets), #11987, and #11997.
 
 ### Additional Licenses
 

From 09e4e53789ea955c0b2defc1e8d412bfe2410eee Mon Sep 17 00:00:00 2001
From: Philip Durbin <philip_durbin@harvard.edu>
Date: Tue, 9 Dec 2025 14:08:28 -0500
Subject: [PATCH 584/634] LC

---
 doc/release-notes/11904-LocalContexts-api-updates.md | 3 ---
 doc/release-notes/6.9-release-notes.md               | 1 +
 2 files changed, 1 insertion(+), 3 deletions(-)
 delete mode 100644 doc/release-notes/11904-LocalContexts-api-updates.md

diff --git a/doc/release-notes/11904-LocalContexts-api-updates.md b/doc/release-notes/11904-LocalContexts-api-updates.md
deleted file mode 100644
index 0e89fd8b4a1..00000000000
--- a/doc/release-notes/11904-LocalContexts-api-updates.md
+++ /dev/null
@@ -1,3 +0,0 @@
-### Updates to Local Contexts integration
-
-- Integration with Local Contexts (https://guides.dataverse.org/en/latest/installation/localcontexts.html) has been updated to support the change in their API w.r.t. how DOIs entered as "Optional Project Information" are represented.
diff --git a/doc/release-notes/6.9-release-notes.md b/doc/release-notes/6.9-release-notes.md
index 4f9053c86d8..4c5c4d37485 100644
--- a/doc/release-notes/6.9-release-notes.md
+++ b/doc/release-notes/6.9-release-notes.md
@@ -67,6 +67,7 @@ See [the guides](https://guides.dataverse.org/en/6.9/developers/workflows.html#c
 ### Other Features Added
 
 - In the UI for granting file access, restricted files in draft will now show "Draft/Unpublished". See #7618 and #11794.
+- Integration with Local Contexts has been updated to support the change in their API regarding how DOIs entered as "Optional Project Information" are represented. See [the guides](https://guides.dataverse.org/en/6.9/installation/localcontexts.html) and #11904.
 
 ## Bugs Fixed
 

From ee712774dcdf8d0eb576f4a007bb560dfaa3277c Mon Sep 17 00:00:00 2001
From: Philip Durbin <philip_durbin@harvard.edu>
Date: Tue, 9 Dec 2025 14:14:02 -0500
Subject: [PATCH 585/634] spi

---
 doc/release-notes/11766-new-io.gdcc.dataverse-spi.md | 2 --
 doc/release-notes/6.9-release-notes.md               | 1 +
 2 files changed, 1 insertion(+), 2 deletions(-)
 delete mode 100644 doc/release-notes/11766-new-io.gdcc.dataverse-spi.md

diff --git a/doc/release-notes/11766-new-io.gdcc.dataverse-spi.md b/doc/release-notes/11766-new-io.gdcc.dataverse-spi.md
deleted file mode 100644
index ef9e68f5719..00000000000
--- a/doc/release-notes/11766-new-io.gdcc.dataverse-spi.md
+++ /dev/null
@@ -1,2 +0,0 @@
-The ExportDataProvider framework in the dataverse-spi package has been extended, adding some extra options for developers of metadata exporter plugins. 
-See the [documentation](https://guides.dataverse.org/en/latest/developers/metadataexport.html#building-an-exporter) in the Metadata Export guide for details. 
\ No newline at end of file
diff --git a/doc/release-notes/6.9-release-notes.md b/doc/release-notes/6.9-release-notes.md
index 4c5c4d37485..41a9761dc2e 100644
--- a/doc/release-notes/6.9-release-notes.md
+++ b/doc/release-notes/6.9-release-notes.md
@@ -68,6 +68,7 @@ See [the guides](https://guides.dataverse.org/en/6.9/developers/workflows.html#c
 
 - In the UI for granting file access, restricted files in draft will now show "Draft/Unpublished". See #7618 and #11794.
 - Integration with Local Contexts has been updated to support the change in their API regarding how DOIs entered as "Optional Project Information" are represented. See [the guides](https://guides.dataverse.org/en/6.9/installation/localcontexts.html) and #11904.
+- The ExportDataProvider framework in the dataverse-spi package has been extended, adding some extra options for developers of metadata exporter plugins. See [the guides](https://guides.dataverse.org/en/6.9/developers/metadataexport.html#building-an-exporter) #11766, and #11767.
 
 ## Bugs Fixed
 

From 9ca63fa9a25a5f8839db1697d972647d5311ad39 Mon Sep 17 00:00:00 2001
From: Philip Durbin <philip_durbin@harvard.edu>
Date: Tue, 9 Dec 2025 14:25:21 -0500
Subject: [PATCH 586/634] manage licenses

---
 .../11771-update-dataset-license-api.md             | 13 -------------
 doc/release-notes/6.9-release-notes.md              |  1 +
 2 files changed, 1 insertion(+), 13 deletions(-)
 delete mode 100644 doc/release-notes/11771-update-dataset-license-api.md

diff --git a/doc/release-notes/11771-update-dataset-license-api.md b/doc/release-notes/11771-update-dataset-license-api.md
deleted file mode 100644
index e87f7e0f93f..00000000000
--- a/doc/release-notes/11771-update-dataset-license-api.md
+++ /dev/null
@@ -1,13 +0,0 @@
-## New Endpoint: `/datasets/{id}/license`
-
-A new endpoint has been implemented to manage dataset licenses.
-
-### Functionality
-- Updates the license of a dataset by applying it to the draft version.
-- If no draft exists, a new one is automatically created.
-
-### Usage
-This endpoint supports two ways of defining a license:
-1. **Predefined License** – Provide the license name (e.g., `CC BY 4.0`).
-2. **Custom Terms of Use and Access** – Provide a JSON body with the `customTerms` object.
-    - All fields are optional **except** `termsOfUse`, which is required.
diff --git a/doc/release-notes/6.9-release-notes.md b/doc/release-notes/6.9-release-notes.md
index 41a9761dc2e..2af3ecac4db 100644
--- a/doc/release-notes/6.9-release-notes.md
+++ b/doc/release-notes/6.9-release-notes.md
@@ -76,6 +76,7 @@ See [the guides](https://guides.dataverse.org/en/6.9/developers/workflows.html#c
 
 ## API Updates
 
+- A new API endpoint has been implemented to manage dataset licenses. See [the guides](https://preview.guides.gdcc.io/en/develop/api/native-api.html#update-dataset-license), #11771, #11815, and #11958.
 - A new API endpoint has been implemented for getting and setting the metadata language of a collection. See [the guides](https://guides.dataverse.org/en/6.9/api/native-api.html#list-the-allowed-metadata-languages-of-a-dataverse-collection), 11856, and #11857.
 
 ## Security Updates

From 2140bf849d20d77b5ee3c7ba91194a28c8cc5939 Mon Sep 17 00:00:00 2001
From: Philip Durbin <philip_durbin@harvard.edu>
Date: Tue, 9 Dec 2025 14:38:36 -0500
Subject: [PATCH 587/634] new APIs

---
 .../11710-get-available-dataverses-api.md            |  5 -----
 .../11772-update-dataset-terms-of-access-api.md      | 12 ------------
 doc/release-notes/6.9-release-notes.md               |  6 ++++--
 3 files changed, 4 insertions(+), 19 deletions(-)
 delete mode 100644 doc/release-notes/11710-get-available-dataverses-api.md
 delete mode 100644 doc/release-notes/11772-update-dataset-terms-of-access-api.md

diff --git a/doc/release-notes/11710-get-available-dataverses-api.md b/doc/release-notes/11710-get-available-dataverses-api.md
deleted file mode 100644
index ac33c581848..00000000000
--- a/doc/release-notes/11710-get-available-dataverses-api.md
+++ /dev/null
@@ -1,5 +0,0 @@
-### New API endpoint for retrieving a list of Dataverse Collections to which a given Dataset or Dataverse Collection may be linked
-
--The end point also takes in a search term which currently must be part of the collections' names.
--The user calling this API must have Link Dataset or Link Dataverse permission on the Dataverse Collections returned.
--If the Collection has already been linked to the given Dataset or Collection, it will not be returned.
diff --git a/doc/release-notes/11772-update-dataset-terms-of-access-api.md b/doc/release-notes/11772-update-dataset-terms-of-access-api.md
deleted file mode 100644
index 04b85d81ca9..00000000000
--- a/doc/release-notes/11772-update-dataset-terms-of-access-api.md
+++ /dev/null
@@ -1,12 +0,0 @@
-## New Endpoint: `/datasets/{id}/access`
-
-A new endpoint has been implemented to manage dataset terms of access for restricted files.
-
-### Functionality
-- Updates the terms of access for a dataset by applying it to the draft version.
-- If no draft exists, a new one is automatically created.
-
-### Usage
-
-**Custom Terms of Access** – Provide a JSON body with the `customTermsOfAccess` object.
-    - All fields are optional **except** if there are restricted files in which case `fileAccessRequest` must be set to true or  `termsOfAccess` must be provided.
diff --git a/doc/release-notes/6.9-release-notes.md b/doc/release-notes/6.9-release-notes.md
index 2af3ecac4db..5a1dec9d6b2 100644
--- a/doc/release-notes/6.9-release-notes.md
+++ b/doc/release-notes/6.9-release-notes.md
@@ -76,8 +76,10 @@ See [the guides](https://guides.dataverse.org/en/6.9/developers/workflows.html#c
 
 ## API Updates
 
-- A new API endpoint has been implemented to manage dataset licenses. See [the guides](https://preview.guides.gdcc.io/en/develop/api/native-api.html#update-dataset-license), #11771, #11815, and #11958.
-- A new API endpoint has been implemented for getting and setting the metadata language of a collection. See [the guides](https://guides.dataverse.org/en/6.9/api/native-api.html#list-the-allowed-metadata-languages-of-a-dataverse-collection), 11856, and #11857.
+- A new API endpoint has been added for retrieveing a list of collections to which a given dataset or collection can be linked. See [the guides](https://guides.dataverse.org/en/6.9/api/native-api.html#list-dataverse-collections-to-which-a-given-dataset-or-dataverse-collection-may-be-linked), #11710, and #11741.
+- A new API endpoint has been added to manage dataset licenses. See [the guides](https://guides.dataverse.org/en/6.9/api/native-api.html#update-dataset-license), #11771, #11815, and #11958.
+- A new API endpoint has been added to manage dataset terms of access for restricted files. See [the guides](https://guides.dataverse.org/en/6.9/api/native-api.html#update-dataset-terms-of-access), #11772, and #11893.
+- A new API endpoint has been added for getting and setting the metadata language of a collection. See [the guides](https://guides.dataverse.org/en/6.9/api/native-api.html#list-the-allowed-metadata-languages-of-a-dataverse-collection), 11856, and #11857.
 
 ## Security Updates
 

From bc76871b4b2d64b12e547362769ec66ad511f19b Mon Sep 17 00:00:00 2001
From: Philip Durbin <philip_durbin@harvard.edu>
Date: Tue, 9 Dec 2025 14:39:15 -0500
Subject: [PATCH 588/634] mv spi under dev

---
 doc/release-notes/6.9-release-notes.md | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/doc/release-notes/6.9-release-notes.md b/doc/release-notes/6.9-release-notes.md
index 5a1dec9d6b2..d880c9bb0e7 100644
--- a/doc/release-notes/6.9-release-notes.md
+++ b/doc/release-notes/6.9-release-notes.md
@@ -68,7 +68,6 @@ See [the guides](https://guides.dataverse.org/en/6.9/developers/workflows.html#c
 
 - In the UI for granting file access, restricted files in draft will now show "Draft/Unpublished". See #7618 and #11794.
 - Integration with Local Contexts has been updated to support the change in their API regarding how DOIs entered as "Optional Project Information" are represented. See [the guides](https://guides.dataverse.org/en/6.9/installation/localcontexts.html) and #11904.
-- The ExportDataProvider framework in the dataverse-spi package has been extended, adding some extra options for developers of metadata exporter plugins. See [the guides](https://guides.dataverse.org/en/6.9/developers/metadataexport.html#building-an-exporter) #11766, and #11767.
 
 ## Bugs Fixed
 
@@ -87,6 +86,8 @@ This release contains important security updates. If you are not receiving secur
 
 ## Developer Updates
 
+- The ExportDataProvider framework in the dataverse-spi package has been extended, adding some extra options for developers of metadata exporter plugins. See [the guides](https://guides.dataverse.org/en/6.9/developers/metadataexport.html#building-an-exporter) #11766, and #11767.
+
 ## End-Of-Life (EOL) Announcements
 
 ### PostgreSQL 13 Reached EOL on 13 November 2025

From 1d964276710dacf5aaa89791dd7d1f76f701022d Mon Sep 17 00:00:00 2001
From: Philip Durbin <philip_durbin@harvard.edu>
Date: Tue, 9 Dec 2025 14:45:59 -0500
Subject: [PATCH 589/634] input levels

---
 doc/release-notes/11387-modify-input-level-api.md | 3 ---
 doc/release-notes/6.9-release-notes.md            | 2 ++
 2 files changed, 2 insertions(+), 3 deletions(-)
 delete mode 100644 doc/release-notes/11387-modify-input-level-api.md

diff --git a/doc/release-notes/11387-modify-input-level-api.md b/doc/release-notes/11387-modify-input-level-api.md
deleted file mode 100644
index ca18eabb515..00000000000
--- a/doc/release-notes/11387-modify-input-level-api.md
+++ /dev/null
@@ -1,3 +0,0 @@
-### Update Collection Input Level API Changed
-
-- This endpoint will no longer delete the custom input levels previously modified for the given collection. In order to update a previously modified custom input level, it must be included in the JSON provided to the api.
diff --git a/doc/release-notes/6.9-release-notes.md b/doc/release-notes/6.9-release-notes.md
index d880c9bb0e7..1467c792b6c 100644
--- a/doc/release-notes/6.9-release-notes.md
+++ b/doc/release-notes/6.9-release-notes.md
@@ -108,6 +108,8 @@ We mentioned this in the Dataverse [6.6](https://github.com/IQSS/dataverse/relea
 
 Generally speaking, see the [API Changelog](https://guides.dataverse.org/en/latest/api/changelog.html) for a list of backward-incompatible API changes.
 
+- The Update Collection Input Levels API endpoint no longer deletes the custom input levels previously modified for the given collection. In order to update a previously modified custom input level, it must be included in the JSON provided to the api. See [the guides](https://guides.dataverse.org/en/6.9/api/native-api.html#update-collection-input-levels), #11387, and #11748.
+
 ## Complete List of Changes
 
 For the complete list of code changes in this release, see the [6.9 milestone](https://github.com/IQSS/dataverse/issues?q=milestone%3A6.9+is%3Aclosed) in GitHub.

From 2b2bae1725c06b6dae8aad8e659ad236fc41b61e Mon Sep 17 00:00:00 2001
From: Philip Durbin <philip_durbin@harvard.edu>
Date: Wed, 10 Dec 2025 10:16:22 -0500
Subject: [PATCH 590/634] settings cleanup

---
 .../11639-db-opts-idempotency.md              | 55 ------------------
 doc/release-notes/6.9-release-notes.md        | 58 +++++++++++++++++++
 2 files changed, 58 insertions(+), 55 deletions(-)
 delete mode 100644 doc/release-notes/11639-db-opts-idempotency.md

diff --git a/doc/release-notes/11639-db-opts-idempotency.md b/doc/release-notes/11639-db-opts-idempotency.md
deleted file mode 100644
index b01e3d955cb..00000000000
--- a/doc/release-notes/11639-db-opts-idempotency.md
+++ /dev/null
@@ -1,55 +0,0 @@
-## Database Settings Cleanup
-
-With this release, we remove some legacy specialties around Database Settings and provide better Admin API endpoints for them.
-
-Most important changes:
-
-1. Setting `BuiltinUsers.KEY` was renamed to `:BuiltinUsersKey`, aligned with our general naming pattern for options.
-2. Setting `WorkflowsAdmin#IP_WHITELIST_KEY` was renamed to `:WorkflowsAdminIpWhitelist`, aligned with our general naming pattern for options.
-3. Setting `:TabularIngestSizeLimit` no longer uses suffixes for formats and becomes a JSON-based setting instead.
-4. If set, all three settings will be migrated to their new form automatically for you (Flyway migration).
-5. You can no longer (accidentally) create or use arbitrary setting names or languages.
-   All Admin API endpoints for settings now validate setting names and languages for existence and compliance.
-
-As an administrator of a Dataverse instance, you can now make use of enhanced Bulk Operations on the Settings Admin API:
-
-1. Retrieving all settings as JSON via `GET /api/admin/settings` supports localized options now, too.
-2. You can replace all existing settings in an idempotent way sending JSON to `PUT /api/admin/settings`.
-   This will create, update and remove settings as necessary in one atomic operation.  
-   The new endpoint is especially useful to admins using GitOps or other automations.
-   It allows control over all Database Settings from a single source without risking an undefined state.
-
-Note: Despite the validation of setting names and languages, the content of any database setting is still not being validated when using the Settings Admin API!
-
-### Updated Database Settings
-
-The following database settings are were added to the official list within the code (to remain valid with the settings cleanup mentioned above):
-
-- `:BagGeneratorThreads`
-- `:BagItHandlerEnabled`
-- `:BagItLocalPath`
-- `:BagValidatorJobPoolSize`
-- `:BagValidatorJobWaitInterval`
-- `:BagValidatorMaxErrors`
-- `:BuiltinUsersKey` - formerly `BuiltinUsers.KEY`
-- `:CreateDataFilesMaxErrorsToDisplay`
-- `:DRSArchiverConfig` - a Harvard-specific setting
-- `:DuraCloudContext`
-- `:DuraCloudHost`
-- `:DuraCloudPort`
-- `:FileCategories`
-- `:GoogleCloudBucket`
-- `:GoogleCloudProject`
-- `:LDNAnnounceRequiredFields`
-- `:LDNTarget`
-- `:WorkflowsAdminIpWhitelist` - formerly `WorkflowsAdmin#IP_WHITELIST_KEY`
-- `:PrePublishDatasetWorkflowId` - formerly `WorkflowServiceBean.WorkflowId:PrePublishDataset`
-- `:PostPublishDatasetWorkflowId` - formerly `WorkflowServiceBean.WorkflowId:PostPublishDataset`
-
-### Important Considerations During Upgrade Of Your Installation
-
-1. Running a customized fork? Make sure to add any custom settings to the SettingsServiceBean.Key enum before deploying!
-2. Any database settings not contained in the `SettingServiceBean.Key` will be removed from your database during each deployment cycle.
-3. As always when upgrading, make sure to backup your database beforehand!
-   You can also use the existing API endpoint `/api/admin/settings` to retrieve all settings as JSONish data for a quick backup before upgrading.
-
diff --git a/doc/release-notes/6.9-release-notes.md b/doc/release-notes/6.9-release-notes.md
index 1467c792b6c..ffdc107d7a6 100644
--- a/doc/release-notes/6.9-release-notes.md
+++ b/doc/release-notes/6.9-release-notes.md
@@ -88,6 +88,36 @@ This release contains important security updates. If you are not receiving secur
 
 - The ExportDataProvider framework in the dataverse-spi package has been extended, adding some extra options for developers of metadata exporter plugins. See [the guides](https://guides.dataverse.org/en/6.9/developers/metadataexport.html#building-an-exporter) #11766, and #11767.
 
+## Database Settings Cleanup
+
+With this release, we remove some legacy quirks around Database settings and provide better Admin API endpoints for managing settings.
+
+Most important changes:
+
+1. The setting `BuiltinUsers.KEY` was renamed to `:BuiltinUsersKey` to align with our naming pattern.
+2. The setting `WorkflowsAdmin#IP_WHITELIST_KEY` was renamed to `:WorkflowsAdminIpWhitelist` to align with our naming pattern.
+3. The setting `:TabularIngestSizeLimit` no longer uses suffixes for formats and becomes a JSON-based setting instead. See [the guides](https://guides.dataverse.org/en/6.9/installation/config.html#tabularingestsizelimit) for details.
+4. If set any of the settings above are set, they will be migrated to their new form automatically for you when the war file is deployed (Flyway migration).
+5. You can no longer (accidentally) create or use arbitrary setting names or languages.
+   All Admin API endpoints for settings now validate setting names and languages for existence and compliance.
+
+As an administrator of a Dataverse instance, you can now make use of enhanced Bulk Operations on the Settings Admin API:
+
+1. Retrieving all settings as JSON via `GET /api/admin/settings` supports localized options now, too.
+2. You can replace all existing settings in an idempotent way sending JSON to `PUT /api/admin/settings`.
+   This will create, update and remove settings as necessary in one atomic operation.
+   The new endpoint is especially useful to admins using GitOps or other automations.
+   It allows control over all Database Settings from a single source without risking an undefined state.
+
+Note: Despite the validation of setting names and languages, the content of any database setting is still not being validated when using the Settings Admin API!
+
+### Important Considerations During Upgrade Of Your Installation
+
+1. Running a customized fork? Make sure to add any custom settings to the SettingsServiceBean.Key enum before deploying!
+2. Any database settings not contained in the `SettingServiceBean.Key` will be removed from your database during each deployment cycle.
+3. As always when upgrading, make sure to backup your database beforehand!
+   You can also use the existing API endpoint `/api/admin/settings` to retrieve all settings as JSONish data for a quick backup before upgrading.
+
 ## End-Of-Life (EOL) Announcements
 
 ### PostgreSQL 13 Reached EOL on 13 November 2025
@@ -102,12 +132,38 @@ We mentioned this in the Dataverse [6.6](https://github.com/IQSS/dataverse/relea
 - dataverse.feature.role-assignment-history
 - dataverse.ldn.allowed-hosts
 
+### Updated Database Settings
+
+The following database settings are were added to the official list within the code (to remain valid with the settings cleanup mentioned above):
+
+- `:BagGeneratorThreads`
+- `:BagItHandlerEnabled`
+- `:BagItLocalPath`
+- `:BagValidatorJobPoolSize`
+- `:BagValidatorJobWaitInterval`
+- `:BagValidatorMaxErrors`
+- `:BuiltinUsersKey` - formerly `BuiltinUsers.KEY`
+- `:CreateDataFilesMaxErrorsToDisplay`
+- `:DRSArchiverConfig` - a Harvard-specific setting
+- `:DuraCloudContext`
+- `:DuraCloudHost`
+- `:DuraCloudPort`
+- `:FileCategories`
+- `:GoogleCloudBucket`
+- `:GoogleCloudProject`
+- `:LDNAnnounceRequiredFields`
+- `:LDNTarget`
+- `:WorkflowsAdminIpWhitelist` - formerly `WorkflowsAdmin#IP_WHITELIST_KEY`
+- `:PrePublishDatasetWorkflowId` - formerly `WorkflowServiceBean.WorkflowId:PrePublishDataset`
+- `:PostPublishDatasetWorkflowId` - formerly `WorkflowServiceBean.WorkflowId:PostPublishDataset`
+
 ## Deprecated Settings
 
 ## Backward Incompatible Changes
 
 Generally speaking, see the [API Changelog](https://guides.dataverse.org/en/latest/api/changelog.html) for a list of backward-incompatible API changes.
 
+- See the "Database Settings Cleanup" section above.
 - The Update Collection Input Levels API endpoint no longer deletes the custom input levels previously modified for the given collection. In order to update a previously modified custom input level, it must be included in the JSON provided to the api. See [the guides](https://guides.dataverse.org/en/6.9/api/native-api.html#update-collection-input-levels), #11387, and #11748.
 
 ## Complete List of Changes
@@ -130,6 +186,8 @@ You are also very welcome to join the [Global Dataverse Community Consortium](ht
 
 Upgrading requires a maintenance window and downtime. Please plan accordingly, create backups of your database, etc.
 
+When doing backups, make sure your settings are backed up. See "Database Settings Cleanup" above for details.
+
 These instructions assume that you've already upgraded through all the 5.x releases and are now running Dataverse 6.8.
 
 0\. These instructions assume that you are upgrading from the immediate previous version. See [tags on GitHub](https://github.com/IQSS/dataverse/tags) for a list of versions. If you are running an earlier version, the only supported way to upgrade is to progress through the upgrades to all the releases in between before attempting the upgrade to this version.

From 543d81bf70eb723441e8e0abeeff1f02ad9512c7 Mon Sep 17 00:00:00 2001
From: Philip Durbin <philip_durbin@harvard.edu>
Date: Wed, 10 Dec 2025 10:23:21 -0500
Subject: [PATCH 591/634] link to settings issues, PRs and doc for feature

---
 doc/release-notes/6.9-release-notes.md | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/doc/release-notes/6.9-release-notes.md b/doc/release-notes/6.9-release-notes.md
index ffdc107d7a6..062bb528e8f 100644
--- a/doc/release-notes/6.9-release-notes.md
+++ b/doc/release-notes/6.9-release-notes.md
@@ -67,6 +67,7 @@ See [the guides](https://guides.dataverse.org/en/6.9/developers/workflows.html#c
 ### Other Features Added
 
 - In the UI for granting file access, restricted files in draft will now show "Draft/Unpublished". See #7618 and #11794.
+- It is now possible to configure all database settings at once with a JSON file. See [the guides](https://guides.dataverse.org/en/6.9/api/native-api.html#configure-all-database-settings), #11639, and #11654.
 - Integration with Local Contexts has been updated to support the change in their API regarding how DOIs entered as "Optional Project Information" are represented. See [the guides](https://guides.dataverse.org/en/6.9/installation/localcontexts.html) and #11904.
 
 ## Bugs Fixed
@@ -118,6 +119,8 @@ Note: Despite the validation of setting names and languages, the content of any
 3. As always when upgrading, make sure to backup your database beforehand!
    You can also use the existing API endpoint `/api/admin/settings` to retrieve all settings as JSONish data for a quick backup before upgrading.
 
+See also #11639 and #11654.
+
 ## End-Of-Life (EOL) Announcements
 
 ### PostgreSQL 13 Reached EOL on 13 November 2025

From e8e4c01de579e1bf4c48b48d6a0cc14e5c704123 Mon Sep 17 00:00:00 2001
From: Philip Durbin <philip_durbin@harvard.edu>
Date: Wed, 10 Dec 2025 10:42:22 -0500
Subject: [PATCH 592/634] storage API

---
 .../11695-11940-change-api-get-storage-driver.md     | 12 ------------
 doc/release-notes/6.9-release-notes.md               |  2 ++
 2 files changed, 2 insertions(+), 12 deletions(-)
 delete mode 100644 doc/release-notes/11695-11940-change-api-get-storage-driver.md

diff --git a/doc/release-notes/11695-11940-change-api-get-storage-driver.md b/doc/release-notes/11695-11940-change-api-get-storage-driver.md
deleted file mode 100644
index 8fb05879871..00000000000
--- a/doc/release-notes/11695-11940-change-api-get-storage-driver.md
+++ /dev/null
@@ -1,12 +0,0 @@
-## Get Dataset/Dataverse Storage Driver API
-
-### Changed Json response - breaking change!
-
-The API for getting the Storage Driver info has been changed/extended.
-/api/datasets/{identifier}/storageDriver
-/api/admin/dataverse/{dataverse-alias}/storageDriver
-Rather than returning just the name/id of the driver (with the key "message"), the api call now returns a JSONObject with the driver's "name", "type" and "label", and booleans indicating whether the driver has "directUpload", "directDownload", and/or "uploadOutOfBand" enabled.
-
-This change also affects the /api/admin/dataverse/{dataverse-alias}/storageDriver api call. In addition, this call now supports an optional ?getEffective=true to find the effective storageDriver (the driver that will be used for new datasets in the collection)
-
-See also [the guides](https://dataverse-guide--11664.org.readthedocs.build/en/11664/api/native-api.html#configure-a-dataset-to-store-all-new-files-in-a-specific-file-store), #11695, and #11664.
diff --git a/doc/release-notes/6.9-release-notes.md b/doc/release-notes/6.9-release-notes.md
index 062bb528e8f..055a213cc54 100644
--- a/doc/release-notes/6.9-release-notes.md
+++ b/doc/release-notes/6.9-release-notes.md
@@ -80,6 +80,7 @@ See [the guides](https://guides.dataverse.org/en/6.9/developers/workflows.html#c
 - A new API endpoint has been added to manage dataset licenses. See [the guides](https://guides.dataverse.org/en/6.9/api/native-api.html#update-dataset-license), #11771, #11815, and #11958.
 - A new API endpoint has been added to manage dataset terms of access for restricted files. See [the guides](https://guides.dataverse.org/en/6.9/api/native-api.html#update-dataset-terms-of-access), #11772, and #11893.
 - A new API endpoint has been added for getting and setting the metadata language of a collection. See [the guides](https://guides.dataverse.org/en/6.9/api/native-api.html#list-the-allowed-metadata-languages-of-a-dataverse-collection), 11856, and #11857.
+- The storage API driver endpoint now returns a JSON object with the driver's "name", "type" and "label", and booleans indicating whether the driver has "directUpload", "directDownload", and/or "uploadOutOfBand" enabled. This change also affects the /api/admin/dataverse/{dataverse-alias}/storageDriver api call. In addition, this call now supports an optional ?getEffective=true to find the effective storageDriver (the driver that will be used for new datasets in the collection), See [the guides](https://guides.dataverse.org/en/6.9/admin/dataverses-datasets.html#configure-a-dataverse-collection-to-store-all-new-files-in-a-specific-file-store), #11695, and #11716.
 
 ## Security Updates
 
@@ -168,6 +169,7 @@ Generally speaking, see the [API Changelog](https://guides.dataverse.org/en/late
 
 - See the "Database Settings Cleanup" section above.
 - The Update Collection Input Levels API endpoint no longer deletes the custom input levels previously modified for the given collection. In order to update a previously modified custom input level, it must be included in the JSON provided to the api. See [the guides](https://guides.dataverse.org/en/6.9/api/native-api.html#update-collection-input-levels), #11387, and #11748.
+- For `/api/admin/dataverse/{dataverse-alias}/storageDriver` and `/api/datasets/{identifier}/storageDriver` the driver name is no longer returned in data.message. Instead, it is returned as data.name (along with other information about the storageDriver). See [the guides](https://guides.dataverse.org/en/6.9/api/native-api.html#configure-a-dataset-to-store-all-new-files-in-a-specific-file-store), #11695, and #11664.
 
 ## Complete List of Changes
 

From 406f699633a80b45506d1f78d7f1b6822b812924 Mon Sep 17 00:00:00 2001
From: Philip Durbin <philip_durbin@harvard.edu>
Date: Wed, 10 Dec 2025 11:18:15 -0500
Subject: [PATCH 593/634] typo

---
 doc/release-notes/6.9-release-notes.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/doc/release-notes/6.9-release-notes.md b/doc/release-notes/6.9-release-notes.md
index 055a213cc54..5107b58a23b 100644
--- a/doc/release-notes/6.9-release-notes.md
+++ b/doc/release-notes/6.9-release-notes.md
@@ -26,7 +26,7 @@ A new [Quickstart Guide](https://guides.dataverse.org/en/6.9/quickstart/index.ht
 
 # Role Assignment History Tracking
 
-Dataverse can now track the history of role assignments, allowing administrators to see who assigned or revoked roles, when these actions occurred, and which roles were involved. This feature helps with auditing and understanding permission changes over time. An additional column called "Role Assignment History" has been added to the permission management page for collections. The information can also be downloaded via API in CSV and JSON formats. This feature is off by default but can be enabled with the "role-assignment-history" [feature flag](https://guides.dataverse.org/en/6.8/installation/config.html#feature-flags). See the [User Guide](https://guides.dataverse.org/en/6.9/user/dataverse-management.html#roles-permissions), [API Guide](https://guides.dataverse.org/en/6.9/api/native-api.html#dataverse-role-assignment-history), and #11612.
+Dataverse can now track the history of role assignments, allowing administrators to see who assigned or revoked roles, when these actions occurred, and which roles were involved. This feature helps with auditing and understanding permission changes over time. An additional column called "Role Assignment History" has been added to the permission management page for collections. The information can also be downloaded via API in CSV and JSON formats. This feature is off by default but can be enabled with the "role-assignment-history" [feature flag](https://guides.dataverse.org/en/6.9/installation/config.html#feature-flags). See the [User Guide](https://guides.dataverse.org/en/6.9/user/dataverse-management.html#roles-permissions), [API Guide](https://guides.dataverse.org/en/6.9/api/native-api.html#dataverse-role-assignment-history), and #11612.
 
 ### Scaling Dataverse with Data Size (Admin Guide)
 

From 39cecb901a8ae4e7d9692d001dff44cc7b8555f6 Mon Sep 17 00:00:00 2001
From: Philip Durbin <philip_durbin@harvard.edu>
Date: Wed, 10 Dec 2025 11:18:43 -0500
Subject: [PATCH 594/634] fix header level

---
 doc/release-notes/6.9-release-notes.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/doc/release-notes/6.9-release-notes.md b/doc/release-notes/6.9-release-notes.md
index 5107b58a23b..3cdd1b69199 100644
--- a/doc/release-notes/6.9-release-notes.md
+++ b/doc/release-notes/6.9-release-notes.md
@@ -24,7 +24,7 @@ Highlights for Dataverse 6.9 include:
 
 A new [Quickstart Guide](https://guides.dataverse.org/en/6.9/quickstart/index.html) has been added to help researchers understand what Dataverse is, how to publish datasets and collections, and how to find data. Buttons have been added to the top of the User Guide to direct people to these pages. Feedback on this new guide is welcome, such as through [Google Groups](https://groups.google.com/g/dataverse-community/c/TXOEFv9-0kY/m/RT5XV0QiAgAJ), [Zulip](https://dataverse.zulipchat.com/#narrow/channel/446770-docs/topic/Quickstart.20Guide.20'Publish.20a.20Dataset'/with/561675778), or the [Documentation Working Group](https://www.gdcc.io/working-groups/documentation.html). Special thanks to Dieuwertje Bloemen for writing most of the guide and to Vaida Plankytė for contributing. See https://guides.dataverse.org/en/6.9/quickstart and #11653.
 
-# Role Assignment History Tracking
+### Role Assignment History Tracking
 
 Dataverse can now track the history of role assignments, allowing administrators to see who assigned or revoked roles, when these actions occurred, and which roles were involved. This feature helps with auditing and understanding permission changes over time. An additional column called "Role Assignment History" has been added to the permission management page for collections. The information can also be downloaded via API in CSV and JSON formats. This feature is off by default but can be enabled with the "role-assignment-history" [feature flag](https://guides.dataverse.org/en/6.9/installation/config.html#feature-flags). See the [User Guide](https://guides.dataverse.org/en/6.9/user/dataverse-management.html#roles-permissions), [API Guide](https://guides.dataverse.org/en/6.9/api/native-api.html#dataverse-role-assignment-history), and #11612.
 

From d1f3adc65d34757ce69aad760207a7ecdb3ce760 Mon Sep 17 00:00:00 2001
From: Philip Durbin <philip_durbin@harvard.edu>
Date: Wed, 10 Dec 2025 14:34:40 -0500
Subject: [PATCH 595/634] CORS and commas in settings

---
 .../11744-cors-echo-origin-vary.md            | 41 -------------------
 doc/release-notes/6.9-release-notes.md        | 15 ++++++-
 2 files changed, 14 insertions(+), 42 deletions(-)
 delete mode 100644 doc/release-notes/11744-cors-echo-origin-vary.md

diff --git a/doc/release-notes/11744-cors-echo-origin-vary.md b/doc/release-notes/11744-cors-echo-origin-vary.md
deleted file mode 100644
index 48eaa3b96f9..00000000000
--- a/doc/release-notes/11744-cors-echo-origin-vary.md
+++ /dev/null
@@ -1,41 +0,0 @@
-# 11744: CORS handling improvements
-
-Modernizes CORS so browser integrations (previewers, external tools, JS clients) work correctly with multiple origins and proper caching.
-
-## Highlights
-
-- Echoes the request origin (`Access-Control-Allow-Origin`) when it matches `dataverse.cors.origin`.
-- Adds `Vary: Origin` for per-origin responses (not for wildcard).
-- Supports comma‑separated origin list; any `*` in the list = wildcard mode.
-- CORS now only enabled when `dataverse.cors.origin` is set (removed `:AllowCors` no longer enables it).
-- All comma-separated configuration settings (database properties and MicroProfile config) now ignore spaces around commas; tokens remain unchanged (no quote parsing). Examples: `dataverse.cors.methods`, `dataverse.cors.headers.allow`, `dataverse.cors.headers.expose`. See "Comma-separated configuration values" in the Installation Guide.
-- Docs updated (Installation, Big Data Support, External Tools, File Previews); new tests cover edge cases.
-
-## Admin Action
-
-Set `dataverse.cors.origin` explicitly (required). Use explicit origins (not `*`) for credentialed requests. Ensure proxies keep `Vary: Origin`.
-
-Examples:
-
-```
-dataverse.cors.origin=https://example.org
-dataverse.cors.origin=https://libis.github.io,https://gdcc.github.io
-dataverse.cors.origin=*
-```
-
-Optional (unquoted):
-
-```
-dataverse.cors.methods=GET, POST, OPTIONS, PUT, DELETE
-```
-
-## Compatibility
-
-- Must configure `dataverse.cors.origin`; `:AllowCors` was deprecated and has now been removed.
-- Any `*` triggers wildcard (no per-origin echo / no Vary header).
-
-## Docs
-
-See updated `dataverse.cors.origin` section and related notes in Big Data Support (S3), External Tools, and File Previews.
-
-<!-- Maintainer note: The generic behavior for comma-separated settings has been documented centrally under Installation Guide > Configuration > "Comma-separated configuration values". Keep this item here as a cross-reference. -->
diff --git a/doc/release-notes/6.9-release-notes.md b/doc/release-notes/6.9-release-notes.md
index 3cdd1b69199..d5622a4c335 100644
--- a/doc/release-notes/6.9-release-notes.md
+++ b/doc/release-notes/6.9-release-notes.md
@@ -68,7 +68,9 @@ See [the guides](https://guides.dataverse.org/en/6.9/developers/workflows.html#c
 
 - In the UI for granting file access, restricted files in draft will now show "Draft/Unpublished". See #7618 and #11794.
 - It is now possible to configure all database settings at once with a JSON file. See [the guides](https://guides.dataverse.org/en/6.9/api/native-api.html#configure-all-database-settings), #11639, and #11654.
+- CORS support has been modernized so browser integrations (previewers, external tools, JS clients) work correctly with multiple origins and proper caching. See [the guides](https://guides.dataverse.org/en/6.9/installation/config.html#cors-settings), #11744, and #11745.
 - Integration with Local Contexts has been updated to support the change in their API regarding how DOIs entered as "Optional Project Information" are represented. See [the guides](https://guides.dataverse.org/en/6.9/installation/localcontexts.html) and #11904.
+- Processing of comma-separated lists in settings has been centralized and now ignores spaces around commas. See [the guides](https://guides.dataverse.org/en/6.9/installation/config.html#comma-separated-configuration-values) and #11745.
 
 ## Bugs Fixed
 
@@ -163,10 +165,15 @@ The following database settings are were added to the official list within the c
 
 ## Deprecated Settings
 
+## Deleted Settings
+
+- In Dataverse 6.7 (#11454) the `:AllowCors` setting was deprecated in favor of a new `dataverse.cors.origin` setting and now, in Dataverse 6.9, the `:AllowCors` setting has been removed (#11745). See also the step on CORS in the upgrade instructions below.
+
 ## Backward Incompatible Changes
 
 Generally speaking, see the [API Changelog](https://guides.dataverse.org/en/latest/api/changelog.html) for a list of backward-incompatible API changes.
 
+- CORS is no longer enabled by default. See the upgrade instructions for details.
 - See the "Database Settings Cleanup" section above.
 - The Update Collection Input Levels API endpoint no longer deletes the custom input levels previously modified for the given collection. In order to update a previously modified custom input level, it must be included in the JSON provided to the api. See [the guides](https://guides.dataverse.org/en/6.9/api/native-api.html#update-collection-input-levels), #11387, and #11748.
 - For `/api/admin/dataverse/{dataverse-alias}/storageDriver` and `/api/datasets/{identifier}/storageDriver` the driver name is no longer returned in data.message. Instead, it is returned as data.name (along with other information about the storageDriver). See [the guides](https://guides.dataverse.org/en/6.9/api/native-api.html#configure-a-dataset-to-store-all-new-files-in-a-specific-file-store), #11695, and #11664.
@@ -271,7 +278,13 @@ Please remember to update translations via [Dataverse language packs](https://gi
 
 If you have text customizations you can get the latest English files from <https://github.com/IQSS/dataverse/tree/v6.9/src/main/java/propertyFiles>.
 
-7\. Update Croissant exporter, if enabled, and reexport metadata
+7\. Enable or re-enable CORS, if desired
+
+As of Dataverse 6.8 CORS was enabled by default but this is no longer the case.
+
+If you are relying on CORS, e.g. using file previewers hosted at gdcc.github.io, and did not configure `dataverse.cors.origin` as recommended in the 6.7 release notes, you should do so now. With updates in 6.9, it is also possible to limit CORS support to specific internet hosts. See [the guides](https://guides.dataverse.org/en/6.9/installation/config.html#cors-settings) for details.
+
+8\. Update Croissant exporter, if enabled, and reexport metadata
 
 If you have enabled the Croissant dataset metadata exporter, you should upgrade to version 0.1.6.
 

From 075c46233084f60b873dafb29d4093763a7a26ae Mon Sep 17 00:00:00 2001
From: Philip Durbin <philip_durbin@harvard.edu>
Date: Wed, 10 Dec 2025 14:57:01 -0500
Subject: [PATCH 596/634] MDC citations

---
 doc/release-notes/11777-MDC-citation-api-improvement.md | 7 -------
 doc/release-notes/6.9-release-notes.md                  | 3 +++
 2 files changed, 3 insertions(+), 7 deletions(-)
 delete mode 100644 doc/release-notes/11777-MDC-citation-api-improvement.md

diff --git a/doc/release-notes/11777-MDC-citation-api-improvement.md b/doc/release-notes/11777-MDC-citation-api-improvement.md
deleted file mode 100644
index 9441e9e0f44..00000000000
--- a/doc/release-notes/11777-MDC-citation-api-improvement.md
+++ /dev/null
@@ -1,7 +0,0 @@
-The /api/admin/makeDataCount/{id}/updateCitationsForDataset endpoint, which allows citations for a dataset to be retrieved from DataCite, is often called periodically for all datasets. However, allowing calls for many datasets to be processed in parallel can cause performance problems in Dataverse and/or cause calls to DataCite to fail due to rate limiting. The existing implementation was also inefficient w.r.t. memory use when used on datasets with many (>~1K) files. This release configures Dataverse to queue calls to this api, processes them serially, adds optional throttling to avoid hitting DataCite rate limits and improves memory use.
-
-New optional MPConfig setting: 
- 
-dataverse.api.mdc.min-delay-ms - number of milliseconds to wait between calls to DataCite. A value of ~100 should conservatively address DataCite's current 3000/5 minute limit. A value of 250 may be required for their test service. 
-
-Backward compatibility: This api call is now asynchronous and will return an OK response when the call is queued or a 503 if the queue is full.
\ No newline at end of file
diff --git a/doc/release-notes/6.9-release-notes.md b/doc/release-notes/6.9-release-notes.md
index d5622a4c335..58cf79d3e1d 100644
--- a/doc/release-notes/6.9-release-notes.md
+++ b/doc/release-notes/6.9-release-notes.md
@@ -70,6 +70,7 @@ See [the guides](https://guides.dataverse.org/en/6.9/developers/workflows.html#c
 - It is now possible to configure all database settings at once with a JSON file. See [the guides](https://guides.dataverse.org/en/6.9/api/native-api.html#configure-all-database-settings), #11639, and #11654.
 - CORS support has been modernized so browser integrations (previewers, external tools, JS clients) work correctly with multiple origins and proper caching. See [the guides](https://guides.dataverse.org/en/6.9/installation/config.html#cors-settings), #11744, and #11745.
 - Integration with Local Contexts has been updated to support the change in their API regarding how DOIs entered as "Optional Project Information" are represented. See [the guides](https://guides.dataverse.org/en/6.9/installation/localcontexts.html) and #11904.
+- Performance has been improved when retrieving citations from DataCite. A related setting called `dataverse.api.mdc.min-delay-ms` has been added. See [the guides](https://guides.dataverse.org/en/6.9/installation/config.html#dataverse-api-mdc-min-delay-ms), #11777, and #11781.
 - Processing of comma-separated lists in settings has been centralized and now ignores spaces around commas. See [the guides](https://guides.dataverse.org/en/6.9/installation/config.html#comma-separated-configuration-values) and #11745.
 
 ## Bugs Fixed
@@ -134,6 +135,7 @@ We mentioned this in the Dataverse [6.6](https://github.com/IQSS/dataverse/relea
 
 - :COARNotifyRelationshipAnnouncementTargets
 - :COARNotifyRelationshipAnnouncementTriggerFields
+- dataverse.api.mdc.min-delay-ms
 - dataverse.coar-notify.relationship-announcement.notify-superusers-only
 - dataverse.feature.role-assignment-history
 - dataverse.ldn.allowed-hosts
@@ -177,6 +179,7 @@ Generally speaking, see the [API Changelog](https://guides.dataverse.org/en/late
 - See the "Database Settings Cleanup" section above.
 - The Update Collection Input Levels API endpoint no longer deletes the custom input levels previously modified for the given collection. In order to update a previously modified custom input level, it must be included in the JSON provided to the api. See [the guides](https://guides.dataverse.org/en/6.9/api/native-api.html#update-collection-input-levels), #11387, and #11748.
 - For `/api/admin/dataverse/{dataverse-alias}/storageDriver` and `/api/datasets/{identifier}/storageDriver` the driver name is no longer returned in data.message. Instead, it is returned as data.name (along with other information about the storageDriver). See [the guides](https://guides.dataverse.org/en/6.9/api/native-api.html#configure-a-dataset-to-store-all-new-files-in-a-specific-file-store), #11695, and #11664.
+- The POST /api/admin/makeDataCount/{id}/updateCitationsForDataset processing is now asynchronous and the response no longer includes the number of citations. The response can be OK if the request is queued or 503 if the queue is full (default queue size is 1000). See #11777 and #11781.
 
 ## Complete List of Changes
 

From 0c03225bb116658bc7a0bb654ccdbc76a483f4c8 Mon Sep 17 00:00:00 2001
From: Philip Durbin <philip_durbin@harvard.edu>
Date: Thu, 11 Dec 2025 09:17:44 -0500
Subject: [PATCH 597/634] curation status fix

---
 doc/release-notes/11783-Curation-Status-fixes.md | 1 -
 doc/release-notes/6.9-release-notes.md           | 1 +
 2 files changed, 1 insertion(+), 1 deletion(-)
 delete mode 100644 doc/release-notes/11783-Curation-Status-fixes.md

diff --git a/doc/release-notes/11783-Curation-Status-fixes.md b/doc/release-notes/11783-Curation-Status-fixes.md
deleted file mode 100644
index 62b33165d0c..00000000000
--- a/doc/release-notes/11783-Curation-Status-fixes.md
+++ /dev/null
@@ -1 +0,0 @@
-In prior versions of Dataverse, publishing a dataset via the superuser only update-current-version option would not set the current curation status (if enabled/used) to none/empty and, in v6.7, would not maintain the curation status history. These issues are now resolved and the update current version option works the same as normal publication of a new version w.r.t. curation status.
\ No newline at end of file
diff --git a/doc/release-notes/6.9-release-notes.md b/doc/release-notes/6.9-release-notes.md
index 58cf79d3e1d..7b69eb4fdd2 100644
--- a/doc/release-notes/6.9-release-notes.md
+++ b/doc/release-notes/6.9-release-notes.md
@@ -75,6 +75,7 @@ See [the guides](https://guides.dataverse.org/en/6.9/developers/workflows.html#c
 
 ## Bugs Fixed
 
+- In prior versions of Dataverse, publishing a dataset via the superuser-only update-current-version option would not set the current curation status (if enabled/used) to none/empty and, in v6.7, would not maintain the curation status history. These issues are now resolved and the update-current-version option works the same as normal publication of a new version with regard to curation status. See #11783 and #11784.
 - The optional Croissant exporter has been updated to 0.1.6 to prevent variable names, variable descriptions, and variable types from being exposed for restricted files. See https://github.com/gdcc/exporter-croissant/pull/20 and #11752.
 
 ## API Updates

From 6f0eee1990865d8ffbf529f1ddccc22a2ae0c153 Mon Sep 17 00:00:00 2001
From: Philip Durbin <philip_durbin@harvard.edu>
Date: Thu, 11 Dec 2025 09:22:15 -0500
Subject: [PATCH 598/634] guestbook fix

---
 doc/release-notes/11800-qb-ra-fixes.md | 2 --
 doc/release-notes/6.9-release-notes.md | 1 +
 2 files changed, 1 insertion(+), 2 deletions(-)
 delete mode 100644 doc/release-notes/11800-qb-ra-fixes.md

diff --git a/doc/release-notes/11800-qb-ra-fixes.md b/doc/release-notes/11800-qb-ra-fixes.md
deleted file mode 100644
index 5c7ef82f7f2..00000000000
--- a/doc/release-notes/11800-qb-ra-fixes.md
+++ /dev/null
@@ -1,2 +0,0 @@
-This release fixes problems with guestbook questions being displayed at download when files are selected from the dataset files table
-when guestbook-at-request is enabled and not displaying when they should when access is requested from the file page. 
\ No newline at end of file
diff --git a/doc/release-notes/6.9-release-notes.md b/doc/release-notes/6.9-release-notes.md
index 7b69eb4fdd2..84cf3ef9080 100644
--- a/doc/release-notes/6.9-release-notes.md
+++ b/doc/release-notes/6.9-release-notes.md
@@ -76,6 +76,7 @@ See [the guides](https://guides.dataverse.org/en/6.9/developers/workflows.html#c
 ## Bugs Fixed
 
 - In prior versions of Dataverse, publishing a dataset via the superuser-only update-current-version option would not set the current curation status (if enabled/used) to none/empty and, in v6.7, would not maintain the curation status history. These issues are now resolved and the update-current-version option works the same as normal publication of a new version with regard to curation status. See #11783 and #11784.
+- This release fixes problems with guestbook questions being displayed at download when files are selected from the dataset files table when guestbook-at-request is enabled and not displaying when they should when access is requested from the file page. See #11800, #11808, and #11835.
 - The optional Croissant exporter has been updated to 0.1.6 to prevent variable names, variable descriptions, and variable types from being exposed for restricted files. See https://github.com/gdcc/exporter-croissant/pull/20 and #11752.
 
 ## API Updates

From 095788a037e3aaf984cfcc074ce098b2322f2b2a Mon Sep 17 00:00:00 2001
From: Philip Durbin <philip_durbin@harvard.edu>
Date: Thu, 11 Dec 2025 09:29:18 -0500
Subject: [PATCH 599/634] templates API perm fix

---
 ...796-fix-list-dataverse-templates-api-permissions.md | 10 ----------
 doc/release-notes/6.9-release-notes.md                 |  1 +
 2 files changed, 1 insertion(+), 10 deletions(-)
 delete mode 100644 doc/release-notes/11796-fix-list-dataverse-templates-api-permissions.md

diff --git a/doc/release-notes/11796-fix-list-dataverse-templates-api-permissions.md b/doc/release-notes/11796-fix-list-dataverse-templates-api-permissions.md
deleted file mode 100644
index e15f9f4dfa1..00000000000
--- a/doc/release-notes/11796-fix-list-dataverse-templates-api-permissions.md
+++ /dev/null
@@ -1,10 +0,0 @@
-### Fixed: Permissions for `/{identifier}/templates` endpoint
-
-The `/{identifier}/templates` endpoint previously required **`editDataverse`** permissions to retrieve the list of dataverse templates.
-
-This has been corrected: the endpoint now requires **`addDataset`** permissions instead.
-
-**Impact:**
-- The endpoint now works in scenarios such as the **Create Dataset form** in the SPA UI, without needing unnecessary elevated permissions.  
-
-Related issues: #11796
\ No newline at end of file
diff --git a/doc/release-notes/6.9-release-notes.md b/doc/release-notes/6.9-release-notes.md
index 84cf3ef9080..c8ec21c189d 100644
--- a/doc/release-notes/6.9-release-notes.md
+++ b/doc/release-notes/6.9-release-notes.md
@@ -85,6 +85,7 @@ See [the guides](https://guides.dataverse.org/en/6.9/developers/workflows.html#c
 - A new API endpoint has been added to manage dataset licenses. See [the guides](https://guides.dataverse.org/en/6.9/api/native-api.html#update-dataset-license), #11771, #11815, and #11958.
 - A new API endpoint has been added to manage dataset terms of access for restricted files. See [the guides](https://guides.dataverse.org/en/6.9/api/native-api.html#update-dataset-terms-of-access), #11772, and #11893.
 - A new API endpoint has been added for getting and setting the metadata language of a collection. See [the guides](https://guides.dataverse.org/en/6.9/api/native-api.html#list-the-allowed-metadata-languages-of-a-dataverse-collection), 11856, and #11857.
+- The `/{identifier}/templates` endpoint previously required editDataverse permissions to retrieve the list of dataverse templates. This has been corrected. The endpoint now addDataset permissions instead. See #11796 and #11801.
 - The storage API driver endpoint now returns a JSON object with the driver's "name", "type" and "label", and booleans indicating whether the driver has "directUpload", "directDownload", and/or "uploadOutOfBand" enabled. This change also affects the /api/admin/dataverse/{dataverse-alias}/storageDriver api call. In addition, this call now supports an optional ?getEffective=true to find the effective storageDriver (the driver that will be used for new datasets in the collection), See [the guides](https://guides.dataverse.org/en/6.9/admin/dataverses-datasets.html#configure-a-dataverse-collection-to-store-all-new-files-in-a-specific-file-store), #11695, and #11716.
 
 ## Security Updates

From fece441cfe915982033993fd131363f7a41034b8 Mon Sep 17 00:00:00 2001
From: Philip Durbin <philip_durbin@harvard.edu>
Date: Thu, 11 Dec 2025 09:35:24 -0500
Subject: [PATCH 600/634] perf

---
 doc/release-notes/11822-faster-permission-indexing.md           | 1 -
 .../11828-unacceptable-performance-deleting-datasets.md         | 1 -
 doc/release-notes/6.9-release-notes.md                          | 2 ++
 3 files changed, 2 insertions(+), 2 deletions(-)
 delete mode 100644 doc/release-notes/11822-faster-permission-indexing.md
 delete mode 100644 doc/release-notes/11828-unacceptable-performance-deleting-datasets.md

diff --git a/doc/release-notes/11822-faster-permission-indexing.md b/doc/release-notes/11822-faster-permission-indexing.md
deleted file mode 100644
index f716655232e..00000000000
--- a/doc/release-notes/11822-faster-permission-indexing.md
+++ /dev/null
@@ -1 +0,0 @@
-Permission reindexing, which occurs, e.g., after a user has been granted a role on a collection, has been made faster and less memory intensive in this release.
\ No newline at end of file
diff --git a/doc/release-notes/11828-unacceptable-performance-deleting-datasets.md b/doc/release-notes/11828-unacceptable-performance-deleting-datasets.md
deleted file mode 100644
index dd970617a01..00000000000
--- a/doc/release-notes/11828-unacceptable-performance-deleting-datasets.md
+++ /dev/null
@@ -1 +0,0 @@
-This release adds database indexes on GuestbookResponse and DatasetMetrtics, speeding up Dataset deletes. It also adds a constraint preventing null VersionState, as a matter of good housekeeping practice. 
diff --git a/doc/release-notes/6.9-release-notes.md b/doc/release-notes/6.9-release-notes.md
index c8ec21c189d..4709fb67de0 100644
--- a/doc/release-notes/6.9-release-notes.md
+++ b/doc/release-notes/6.9-release-notes.md
@@ -70,6 +70,8 @@ See [the guides](https://guides.dataverse.org/en/6.9/developers/workflows.html#c
 - It is now possible to configure all database settings at once with a JSON file. See [the guides](https://guides.dataverse.org/en/6.9/api/native-api.html#configure-all-database-settings), #11639, and #11654.
 - CORS support has been modernized so browser integrations (previewers, external tools, JS clients) work correctly with multiple origins and proper caching. See [the guides](https://guides.dataverse.org/en/6.9/installation/config.html#cors-settings), #11744, and #11745.
 - Integration with Local Contexts has been updated to support the change in their API regarding how DOIs entered as "Optional Project Information" are represented. See [the guides](https://guides.dataverse.org/en/6.9/installation/localcontexts.html) and #11904.
+- This release adds database indexes on GuestbookResponse and DatasetMetrtics, speeding up Dataset deletes. It also adds a constraint preventing null VersionState, as a matter of good housekeeping practice. See #11828 and #11898.
+- Permission reindexing, which occurs, e.g., after a user has been granted a role on a collection, has been made faster and less memory intensive in this release. See #11822.
 - Performance has been improved when retrieving citations from DataCite. A related setting called `dataverse.api.mdc.min-delay-ms` has been added. See [the guides](https://guides.dataverse.org/en/6.9/installation/config.html#dataverse-api-mdc-min-delay-ms), #11777, and #11781.
 - Processing of comma-separated lists in settings has been centralized and now ignores spaces around commas. See [the guides](https://guides.dataverse.org/en/6.9/installation/config.html#comma-separated-configuration-values) and #11745.
 

From 1691fb7feedf3eaa16ad3faa92d2749c39b6a596 Mon Sep 17 00:00:00 2001
From: Philip Durbin <philip_durbin@harvard.edu>
Date: Thu, 11 Dec 2025 09:38:40 -0500
Subject: [PATCH 601/634] host dv

---
 doc/release-notes/11865-suppress-host-dataverse-field.md | 3 ---
 doc/release-notes/6.9-release-notes.md                   | 1 +
 2 files changed, 1 insertion(+), 3 deletions(-)
 delete mode 100644 doc/release-notes/11865-suppress-host-dataverse-field.md

diff --git a/doc/release-notes/11865-suppress-host-dataverse-field.md b/doc/release-notes/11865-suppress-host-dataverse-field.md
deleted file mode 100644
index 0160831885d..00000000000
--- a/doc/release-notes/11865-suppress-host-dataverse-field.md
+++ /dev/null
@@ -1,3 +0,0 @@
-### Suppression of the Host Dataverse field
-
-When creating a dataset, the _host dataverse_ field is not shown when the user can only add datasets to one collection.
\ No newline at end of file
diff --git a/doc/release-notes/6.9-release-notes.md b/doc/release-notes/6.9-release-notes.md
index 4709fb67de0..d062f401a0c 100644
--- a/doc/release-notes/6.9-release-notes.md
+++ b/doc/release-notes/6.9-release-notes.md
@@ -66,6 +66,7 @@ See [the guides](https://guides.dataverse.org/en/6.9/developers/workflows.html#c
 
 ### Other Features Added
 
+- When creating a dataset, the "Host Dataverse" field is not shown when the user can only add datasets to one collection. See #11865.
 - In the UI for granting file access, restricted files in draft will now show "Draft/Unpublished". See #7618 and #11794.
 - It is now possible to configure all database settings at once with a JSON file. See [the guides](https://guides.dataverse.org/en/6.9/api/native-api.html#configure-all-database-settings), #11639, and #11654.
 - CORS support has been modernized so browser integrations (previewers, external tools, JS clients) work correctly with multiple origins and proper caching. See [the guides](https://guides.dataverse.org/en/6.9/installation/config.html#cors-settings), #11744, and #11745.

From d9d49d1a6c7b59406268408d011dc8911f2babb5 Mon Sep 17 00:00:00 2001
From: Philip Durbin <philip_durbin@harvard.edu>
Date: Thu, 11 Dec 2025 09:43:46 -0500
Subject: [PATCH 602/634] internal cvoc bug

---
 doc/release-notes/11990-controlled-vocab-edit-error.md | 5 -----
 doc/release-notes/6.9-release-notes.md                 | 1 +
 2 files changed, 1 insertion(+), 5 deletions(-)
 delete mode 100644 doc/release-notes/11990-controlled-vocab-edit-error.md

diff --git a/doc/release-notes/11990-controlled-vocab-edit-error.md b/doc/release-notes/11990-controlled-vocab-edit-error.md
deleted file mode 100644
index 8e98d10b40a..00000000000
--- a/doc/release-notes/11990-controlled-vocab-edit-error.md
+++ /dev/null
@@ -1,5 +0,0 @@
-### Bug Fix
-
-Editing a controlled vocabulary field (i.e. one with values specified in the field's metadatablock) that only allows a single selection would also update the value in the prior published version if (and only if) the edit was made starting from the published version (versus an existing draft). This is now fixed.
-The bug appears to be 11+ years old and previously unreported. As the value in the database was overwritten, there is no simple way to detect if/when this occurred without looking at backups or archival file copies. 
- 
diff --git a/doc/release-notes/6.9-release-notes.md b/doc/release-notes/6.9-release-notes.md
index d062f401a0c..4bf698763d1 100644
--- a/doc/release-notes/6.9-release-notes.md
+++ b/doc/release-notes/6.9-release-notes.md
@@ -78,6 +78,7 @@ See [the guides](https://guides.dataverse.org/en/6.9/developers/workflows.html#c
 
 ## Bugs Fixed
 
+- Editing a controlled vocabulary field (i.e. one with values specified in the field's metadatablock) that only allows a single selection would also update the value in the prior published version if (and only if) the edit was made starting from the published version (versus an existing draft). This is now fixed. The bug appears to be 11+ years old and previously unreported. As the value in the database was overwritten, there is no simple way to detect if or when this occurred without looking at backups or archival file copies.  See #11990 and #11991.
 - In prior versions of Dataverse, publishing a dataset via the superuser-only update-current-version option would not set the current curation status (if enabled/used) to none/empty and, in v6.7, would not maintain the curation status history. These issues are now resolved and the update-current-version option works the same as normal publication of a new version with regard to curation status. See #11783 and #11784.
 - This release fixes problems with guestbook questions being displayed at download when files are selected from the dataset files table when guestbook-at-request is enabled and not displaying when they should when access is requested from the file page. See #11800, #11808, and #11835.
 - The optional Croissant exporter has been updated to 0.1.6 to prevent variable names, variable descriptions, and variable types from being exposed for restricted files. See https://github.com/gdcc/exporter-croissant/pull/20 and #11752.

From dbffd192dcc7df520ad45afa53af484342c53035 Mon Sep 17 00:00:00 2001
From: Philip Durbin <philip_durbin@harvard.edu>
Date: Thu, 11 Dec 2025 11:53:10 -0500
Subject: [PATCH 603/634] datacite scaling

---
 doc/release-notes/11832-DataCite-scaling.md | 14 --------------
 doc/release-notes/6.9-release-notes.md      | 12 ++++++++++++
 2 files changed, 12 insertions(+), 14 deletions(-)
 delete mode 100644 doc/release-notes/11832-DataCite-scaling.md

diff --git a/doc/release-notes/11832-DataCite-scaling.md b/doc/release-notes/11832-DataCite-scaling.md
deleted file mode 100644
index 574ef05f94c..00000000000
--- a/doc/release-notes/11832-DataCite-scaling.md
+++ /dev/null
@@ -1,14 +0,0 @@
-This release adds functionality to retry calls to DataCite when their server is overloaded or Dataverse has hit their rate limit.
-
-It also introduces an option to only update DataCite metadata after checking to see if the current DataCite information is out of date.
-(This adds a request to get information from DataCite before any potential write of new information which will be more efficient when 
-most DOIs have not changed but will result in an extra call to get info when a DOI has changed.)
-  
-Both of these can help when DataCite is being used heavily, e.g. creating and publishing datasets with many datafiles and using file DOIs,
-or doing bulk operations that involve DataCite with many datasets.
-
-### New Settings
-
-- dataverse.feature.only-update-datacite-when-needed 
-
-The default is false - Dataverse will not check to see if DataCite's information is out of date before sending an update.
diff --git a/doc/release-notes/6.9-release-notes.md b/doc/release-notes/6.9-release-notes.md
index 4bf698763d1..a6d723b039b 100644
--- a/doc/release-notes/6.9-release-notes.md
+++ b/doc/release-notes/6.9-release-notes.md
@@ -13,6 +13,7 @@ Highlights for Dataverse 6.9 include:
 - Scaling Dataverse with Data Size (Admin Guide)
 - Storage Quotas on Individual Datasets
 - Additional Licenses
+- DataCite Scaling
 - Support for COAR Notify Relationship Announcement
 - Infrastructure upgrade: Payara
 - New and improved APIs
@@ -54,6 +55,16 @@ The following country-specific license has been added:
 
 The licenses above are widely recognized and used in Europe and beyond to promote data and software sharing. See [the guides](https://guides.dataverse.org/en/6.9/installation/config.html#configuring-licenses) and #11522.
 
+### DataCite Scaling
+
+Dataverse now retries calls to DataCite when their server is overloaded or when the Dataverse server has hit the DataCite rate limit.
+
+It also introduces an option to only update DataCite metadata after checking to see if the current DataCite information is out of date. (This adds a request to get information from DataCite before any potential write of new information which will be more efficient when most DOIs have not changed but will result in an extra call to get info when a DOI has changed.) This functionality is off by default but can be enabled with the `only-update-datacite-when-needed` feature flag.
+
+Both of these can help when DataCite is being used heavily, e.g. creating and publishing datasets with many datafiles and using file DOIs, or doing bulk operations that involve DataCite with many datasets.
+
+See [the guides](https://guides.dataverse.org/en/6.9/installation/config.html#dataverse-feature-only-update-datacite-when-needed) and #11832
+
 ### Support for COAR Notify Relationship Announcement
 
 Dataverse now supports sending and receiving [Linked Data Notification ](https://www.w3.org/TR/ldn/) messages involved in the [COAR Notify Relationship Announcement Workflow](https://coar-notify.net/catalogue/workflows/repository-relationship-repository/).
@@ -144,6 +155,7 @@ We mentioned this in the Dataverse [6.6](https://github.com/IQSS/dataverse/relea
 - :COARNotifyRelationshipAnnouncementTriggerFields
 - dataverse.api.mdc.min-delay-ms
 - dataverse.coar-notify.relationship-announcement.notify-superusers-only
+- dataverse.feature.only-update-datacite-when-needed
 - dataverse.feature.role-assignment-history
 - dataverse.ldn.allowed-hosts
 

From fb8e9e13b306845c02000f9dd35614731906b06d Mon Sep 17 00:00:00 2001
From: Philip Durbin <philip_durbin@harvard.edu>
Date: Thu, 11 Dec 2025 12:21:09 -0500
Subject: [PATCH 604/634] changedFileMetadata fix

---
 ...1921-dataset-version-summaries-metadatacount-fix.md | 10 ----------
 doc/release-notes/6.9-release-notes.md                 |  2 ++
 2 files changed, 2 insertions(+), 10 deletions(-)
 delete mode 100644 doc/release-notes/11921-dataset-version-summaries-metadatacount-fix.md

diff --git a/doc/release-notes/11921-dataset-version-summaries-metadatacount-fix.md b/doc/release-notes/11921-dataset-version-summaries-metadatacount-fix.md
deleted file mode 100644
index df4e0e7c7aa..00000000000
--- a/doc/release-notes/11921-dataset-version-summaries-metadatacount-fix.md
+++ /dev/null
@@ -1,10 +0,0 @@
-### Dataset version summaries API changedFileMetaData count fix
-
-The endpoint ``{id}/versions/compareSummary`` was previously returning an incorrect count for
-the ``changedFileMetaData`` field.
-The logic for calculating this count has been fixed to accurately reflect the total number of file metadata changes
-across all files in the dataset version.
-
-### Related issues
-
-- https://github.com/IQSS/dataverse/issues/11921
diff --git a/doc/release-notes/6.9-release-notes.md b/doc/release-notes/6.9-release-notes.md
index a6d723b039b..0c04057ed83 100644
--- a/doc/release-notes/6.9-release-notes.md
+++ b/doc/release-notes/6.9-release-notes.md
@@ -101,6 +101,8 @@ See [the guides](https://guides.dataverse.org/en/6.9/developers/workflows.html#c
 - A new API endpoint has been added to manage dataset terms of access for restricted files. See [the guides](https://guides.dataverse.org/en/6.9/api/native-api.html#update-dataset-terms-of-access), #11772, and #11893.
 - A new API endpoint has been added for getting and setting the metadata language of a collection. See [the guides](https://guides.dataverse.org/en/6.9/api/native-api.html#list-the-allowed-metadata-languages-of-a-dataverse-collection), 11856, and #11857.
 - The `/{identifier}/templates` endpoint previously required editDataverse permissions to retrieve the list of dataverse templates. This has been corrected. The endpoint now addDataset permissions instead. See #11796 and #11801.
+- The endpoint ``{id}/versions/compareSummary`` was previously returning an incorrect count for
+the ``changedFileMetaData`` field. The logic for calculating this count has been fixed to accurately reflect the total number of file metadata changes across all files in the dataset version. See #11921 and #11944.
 - The storage API driver endpoint now returns a JSON object with the driver's "name", "type" and "label", and booleans indicating whether the driver has "directUpload", "directDownload", and/or "uploadOutOfBand" enabled. This change also affects the /api/admin/dataverse/{dataverse-alias}/storageDriver api call. In addition, this call now supports an optional ?getEffective=true to find the effective storageDriver (the driver that will be used for new datasets in the collection), See [the guides](https://guides.dataverse.org/en/6.9/admin/dataverses-datasets.html#configure-a-dataverse-collection-to-store-all-new-files-in-a-specific-file-store), #11695, and #11716.
 
 ## Security Updates

From ec42b1eb6b396668ad4986624ba74e5d46be78d4 Mon Sep 17 00:00:00 2001
From: Philip Durbin <philip_durbin@harvard.edu>
Date: Thu, 11 Dec 2025 12:29:29 -0500
Subject: [PATCH 605/634] pagination, etc

---
 ...ion-summaries-pagination-and-perfomance.md | 33 -------------------
 doc/release-notes/6.9-release-notes.md        |  1 +
 2 files changed, 1 insertion(+), 33 deletions(-)
 delete mode 100644 doc/release-notes/11855-version-summaries-pagination-and-perfomance.md

diff --git a/doc/release-notes/11855-version-summaries-pagination-and-perfomance.md b/doc/release-notes/11855-version-summaries-pagination-and-perfomance.md
deleted file mode 100644
index ca867ba9697..00000000000
--- a/doc/release-notes/11855-version-summaries-pagination-and-perfomance.md
+++ /dev/null
@@ -1,33 +0,0 @@
-### Pagination for API Version Summaries
-
-We've added pagination support to the following API endpoints:
-
-- File Version Differences: api/files/{id}/versionDifferences
-
-- Dataset Version Summaries: api/datasets/:persistentId/versions/compareSummary
-
-You can now use two new query parameters to control the results:
-
-- **limit**: An integer specifying the maximum number of results to return per page.
-
-- **offset**: An integer specifying the number of results to skip before starting to return items. This is used to
-  navigate to different pages.
-
-### Performance enhancements for API Version Summaries
-
-In addition to adding pagination, we've significantly improved the performance of these endpoints by implementing more
-efficient database queries.
-
-These changes address performance bottlenecks that were previously encountered, especially with datasets or files
-containing a large number of versions.
-
-### Fixes for File Version Summaries API
-
-The implementation for file version summaries was unreliable, leading to exceptions and functional inconsistencies, as
-documented in issue #11561. This functionality has been reviewed and fixed to ensure correctness and stability.
-
-### Related issues and PRs
-
-- https://github.com/IQSS/dataverse/issues/11855
-- https://github.com/IQSS/dataverse/pull/11859
-- https://github.com/IQSS/dataverse/issues/11561
\ No newline at end of file
diff --git a/doc/release-notes/6.9-release-notes.md b/doc/release-notes/6.9-release-notes.md
index 0c04057ed83..8664c292cb8 100644
--- a/doc/release-notes/6.9-release-notes.md
+++ b/doc/release-notes/6.9-release-notes.md
@@ -103,6 +103,7 @@ See [the guides](https://guides.dataverse.org/en/6.9/developers/workflows.html#c
 - The `/{identifier}/templates` endpoint previously required editDataverse permissions to retrieve the list of dataverse templates. This has been corrected. The endpoint now addDataset permissions instead. See #11796 and #11801.
 - The endpoint ``{id}/versions/compareSummary`` was previously returning an incorrect count for
 the ``changedFileMetaData`` field. The logic for calculating this count has been fixed to accurately reflect the total number of file metadata changes across all files in the dataset version. See #11921 and #11944.
+- The "File Version Differences" and "Dataset Version Summaries" API endpoints have been improved with pagination support (with `limit` and `offset` parameters), performance improvements, and a bug fix. See [the guides](https://guides.dataverse.org/en/6.9/api/native-api.html#get-versions-of-a-dataset-with-summary-of-changes), #11561, #11855 and #11859.
 - The storage API driver endpoint now returns a JSON object with the driver's "name", "type" and "label", and booleans indicating whether the driver has "directUpload", "directDownload", and/or "uploadOutOfBand" enabled. This change also affects the /api/admin/dataverse/{dataverse-alias}/storageDriver api call. In addition, this call now supports an optional ?getEffective=true to find the effective storageDriver (the driver that will be used for new datasets in the collection), See [the guides](https://guides.dataverse.org/en/6.9/admin/dataverses-datasets.html#configure-a-dataverse-collection-to-store-all-new-files-in-a-specific-file-store), #11695, and #11716.
 
 ## Security Updates

From bdbc7b8997a60505d3fffcea59a9a96ce4807ef2 Mon Sep 17 00:00:00 2001
From: Gustavo Durand <scolapasta+github@gmail.com>
Date: Thu, 11 Dec 2025 13:16:41 -0500
Subject: [PATCH 606/634] Add display order compound fields

---
 src/main/java/edu/harvard/iq/dataverse/DatasetField.java | 1 +
 1 file changed, 1 insertion(+)

diff --git a/src/main/java/edu/harvard/iq/dataverse/DatasetField.java b/src/main/java/edu/harvard/iq/dataverse/DatasetField.java
index dc19f73cd81..0f47caf256b 100644
--- a/src/main/java/edu/harvard/iq/dataverse/DatasetField.java
+++ b/src/main/java/edu/harvard/iq/dataverse/DatasetField.java
@@ -172,6 +172,7 @@ public void setParentDatasetFieldCompoundValue(DatasetFieldCompoundValue parentD
     }
 
     @OneToMany(mappedBy = "parentDatasetField", orphanRemoval = true, cascade = {CascadeType.REMOVE, CascadeType.MERGE, CascadeType.PERSIST})
+    @OrderBy("displayOrder ASC")
     private List<DatasetFieldCompoundValue> datasetFieldCompoundValues = new ArrayList<>();
 
     public List<DatasetFieldCompoundValue> getDatasetFieldCompoundValues() {

From dc04ffc007a61137490ff22796999e471e2e15dd Mon Sep 17 00:00:00 2001
From: Philip Durbin <philip_durbin@harvard.edu>
Date: Thu, 11 Dec 2025 15:32:50 -0500
Subject: [PATCH 607/634] external vocab

---
 doc/release-notes/11793 - ext. vocab. improvements.md | 1 -
 doc/release-notes/11954-CVoC-for-textarea-inputs.md   | 5 -----
 doc/release-notes/6.9-release-notes.md                | 2 ++
 3 files changed, 2 insertions(+), 6 deletions(-)
 delete mode 100644 doc/release-notes/11793 - ext. vocab. improvements.md
 delete mode 100644 doc/release-notes/11954-CVoC-for-textarea-inputs.md

diff --git a/doc/release-notes/11793 - ext. vocab. improvements.md b/doc/release-notes/11793 - ext. vocab. improvements.md
deleted file mode 100644
index 46998e56b60..00000000000
--- a/doc/release-notes/11793 - ext. vocab. improvements.md	
+++ /dev/null
@@ -1 +0,0 @@
-This version of Dataverse includes extensions of the Dataverse External Vocabulary mechanism (https://guides.dataverse.org/en/latest/admin/metadatacustomization.html#using-external-vocabulary-services) that improve Dataverse's ability to include metadata about vocabulary terms and external identifiers such as ORCID and ROR in it's metadata exports. More information on how to configure external vocabulary scripts to use this functionality can be found at https://github.com/gdcc/dataverse-external-vocab-support/blob/main/docs/readme.md and in the examples in the https://github.com/gdcc/dataverse-external-vocab-support repository.
\ No newline at end of file
diff --git a/doc/release-notes/11954-CVoC-for-textarea-inputs.md b/doc/release-notes/11954-CVoC-for-textarea-inputs.md
deleted file mode 100644
index 1102975332d..00000000000
--- a/doc/release-notes/11954-CVoC-for-textarea-inputs.md
+++ /dev/null
@@ -1,5 +0,0 @@
-### External Vocabulary Mechanism enhancement
-
-- The external vocabulary mechanism (see https://github.com/gdcc/dataverse-external-vocab-support/) now supports 
-  assigning metadatablock dataset field types of fieldType textbox (multiline inputs) as managed fields. This new functionality is
-  being leveraged to support automated generation of citation text for Related Publications entries. (a url could be added once the work in the external vocabulary repo is done).
diff --git a/doc/release-notes/6.9-release-notes.md b/doc/release-notes/6.9-release-notes.md
index 8664c292cb8..ac4a6532c3e 100644
--- a/doc/release-notes/6.9-release-notes.md
+++ b/doc/release-notes/6.9-release-notes.md
@@ -79,6 +79,8 @@ See [the guides](https://guides.dataverse.org/en/6.9/developers/workflows.html#c
 
 - When creating a dataset, the "Host Dataverse" field is not shown when the user can only add datasets to one collection. See #11865.
 - In the UI for granting file access, restricted files in draft will now show "Draft/Unpublished". See #7618 and #11794.
+- This version of Dataverse includes extensions of the Dataverse [external vocabulary mechanism](https://guides.dataverse.org/en/6.9/admin/metadatacustomization.html#using-external-vocabulary-services) that improve Dataverse's ability to include metadata about vocabulary terms and external identifiers such as ORCID and ROR in its metadata exports. More information on how to configure external vocabulary scripts to use this functionality can be found in [docs/readme.md](https://github.com/gdcc/dataverse-external-vocab-support/blob/main/docs/readme.md) and in the examples in the https://github.com/gdcc/dataverse-external-vocab-support repository. See #11793.
+- The [external vocabulary mechanism](https://github.com/gdcc/dataverse-external-vocab-support) now supports assigning metadatablock dataset field types of fieldType textbox (multiline inputs) as managed fields. This new functionality is being leveraged to support automated generation of citation text for Related Publications entries. (A URL could be added once the work in the external vocabulary repo is done). See #11954.
 - It is now possible to configure all database settings at once with a JSON file. See [the guides](https://guides.dataverse.org/en/6.9/api/native-api.html#configure-all-database-settings), #11639, and #11654.
 - CORS support has been modernized so browser integrations (previewers, external tools, JS clients) work correctly with multiple origins and proper caching. See [the guides](https://guides.dataverse.org/en/6.9/installation/config.html#cors-settings), #11744, and #11745.
 - Integration with Local Contexts has been updated to support the change in their API regarding how DOIs entered as "Optional Project Information" are represented. See [the guides](https://guides.dataverse.org/en/6.9/installation/localcontexts.html) and #11904.

From fe4d90f83051db2c7b29d18e15b68537f2864d4a Mon Sep 17 00:00:00 2001
From: Philip Durbin <philip_durbin@harvard.edu>
Date: Thu, 11 Dec 2025 15:39:26 -0500
Subject: [PATCH 608/634] notifications API

---
 .../11804-notifications-api-updates.md        | 21 ------
 ...ications-api-pagination-and-only-unread.md | 72 -------------------
 doc/release-notes/6.9-release-notes.md        |  1 +
 3 files changed, 1 insertion(+), 93 deletions(-)
 delete mode 100644 doc/release-notes/11804-notifications-api-updates.md
 delete mode 100644 doc/release-notes/11852-notifications-api-pagination-and-only-unread.md

diff --git a/doc/release-notes/11804-notifications-api-updates.md b/doc/release-notes/11804-notifications-api-updates.md
deleted file mode 100644
index a704442464c..00000000000
--- a/doc/release-notes/11804-notifications-api-updates.md
+++ /dev/null
@@ -1,21 +0,0 @@
-## Notifications API Update
-
-**Endpoint:** `notifications/all`
-
-**Enhancements:**
-
-* When the query parameter `inAppNotificationFormat=true` is set:
-
-    * Notifications of types:
-
-        * `REQUESTFILEACCESS`
-        * `REQUESTEDFILEACCESS`
-        * `GRANTFILEACCESS`
-        * `REJECTFILEACCESS`
-
-  now return both the **dataset display name** and **dataset persistent identifier**.
-
-    * Notifications of type `DATASETMENTIONED` now return a **formatted JSON** in the `additionalInfo` field when this field contains a valid persisted JSON string, instead of a raw JSON string.
-
-Related issue: #11804
-Related PR: #11851
diff --git a/doc/release-notes/11852-notifications-api-pagination-and-only-unread.md b/doc/release-notes/11852-notifications-api-pagination-and-only-unread.md
deleted file mode 100644
index c8c4aadff73..00000000000
--- a/doc/release-notes/11852-notifications-api-pagination-and-only-unread.md
+++ /dev/null
@@ -1,72 +0,0 @@
-## Notifications API Update
-
-**Endpoint:** `notifications/all`
-
-The user notifications endpoint has been enhanced with new optional query parameters to allow for more specific and
-efficient data retrieval.
-
-**1. Filter by Unread Status**
-
-You can now fetch only unread notifications by using the `onlyUnread` boolean parameter.
-
-* **`onlyUnread`**: (Optional, boolean) When set to `true`, the API will only return notifications that the user has not
-  yet marked as read.
-
-**Example:**
-
-```bash
-curl -H "X-Dataverse-key:$API_TOKEN" "$SERVER_URL/api/notifications/all?onlyUnread=true"
-```
-
-**2. Pagination Support**
-
-Pagination is now supported through the limit and offset parameters, allowing you to retrieve notifications in smaller,
-manageable chunks.
-
-- **`limit`**: (Optional, integer) Specifies the maximum number of notifications to return.
-
-- **`offset`**: (Optional, integer) Specifies the number of notifications to skip before starting to return results.
-
-Example (Retrieve notifications 11 through 20):
-
-```bash
-curl -H "X-Dataverse-key:$API_TOKEN" "$SERVER_URL/api/notifications/all?limit=10&offset=10"
-```
-
-**3 Breaking Change: API Response Format Updated**
-
-To support pagination and improve consistency across the API, the JSON response format for this endpoint has been
-changed. This is a breaking change and will require updates to any client code currently using this endpoint.
-
-**Old Format:**
-
-Previously, the response nested the notification list inside a notifications object within the data field.
-
-```
-{
-  "status": "OK",
-  "data": {
-    "notifications": [
-      / ... /
-    ]
-  }
-}
-```
-
-**New Format:**
-
-The response now includes a top-level totalCount field (required for pagination) and places the notification list
-directly in the data field. This flattens the structure and makes it consistent with other paginated endpoints.
-
-```
-{
-  "status": "OK",
-  "totalCount": 2,
-  "data": [
-    / ... /  
-  ]
-}
-```
-
-Related issue: #11852
-Related PR: #11854
\ No newline at end of file
diff --git a/doc/release-notes/6.9-release-notes.md b/doc/release-notes/6.9-release-notes.md
index ac4a6532c3e..fa9b559ac45 100644
--- a/doc/release-notes/6.9-release-notes.md
+++ b/doc/release-notes/6.9-release-notes.md
@@ -106,6 +106,7 @@ See [the guides](https://guides.dataverse.org/en/6.9/developers/workflows.html#c
 - The endpoint ``{id}/versions/compareSummary`` was previously returning an incorrect count for
 the ``changedFileMetaData`` field. The logic for calculating this count has been fixed to accurately reflect the total number of file metadata changes across all files in the dataset version. See #11921 and #11944.
 - The "File Version Differences" and "Dataset Version Summaries" API endpoints have been improved with pagination support (with `limit` and `offset` parameters), performance improvements, and a bug fix. See [the guides](https://guides.dataverse.org/en/6.9/api/native-api.html#get-versions-of-a-dataset-with-summary-of-changes), #11561, #11855 and #11859.
+- The Notifications API has been improved (with `onlyUnread`, `limit`, and `offset` parameters) but also has some breaking changes. See [the guides](https://guides.dataverse.org/en/6.8/api/native-api.html#notifications), #11804, #11851, and #11854.
 - The storage API driver endpoint now returns a JSON object with the driver's "name", "type" and "label", and booleans indicating whether the driver has "directUpload", "directDownload", and/or "uploadOutOfBand" enabled. This change also affects the /api/admin/dataverse/{dataverse-alias}/storageDriver api call. In addition, this call now supports an optional ?getEffective=true to find the effective storageDriver (the driver that will be used for new datasets in the collection), See [the guides](https://guides.dataverse.org/en/6.9/admin/dataverses-datasets.html#configure-a-dataverse-collection-to-store-all-new-files-in-a-specific-file-store), #11695, and #11716.
 
 ## Security Updates

From db661e9f4054f1a3e051bc8a359eb4b3294a0893 Mon Sep 17 00:00:00 2001
From: Philip Durbin <philip_durbin@harvard.edu>
Date: Thu, 11 Dec 2025 15:40:22 -0500
Subject: [PATCH 609/634] no deprecated settings. remove

---
 doc/release-notes/6.9-release-notes.md | 2 --
 1 file changed, 2 deletions(-)

diff --git a/doc/release-notes/6.9-release-notes.md b/doc/release-notes/6.9-release-notes.md
index fa9b559ac45..ded13ea80a4 100644
--- a/doc/release-notes/6.9-release-notes.md
+++ b/doc/release-notes/6.9-release-notes.md
@@ -190,8 +190,6 @@ The following database settings are were added to the official list within the c
 - `:PrePublishDatasetWorkflowId` - formerly `WorkflowServiceBean.WorkflowId:PrePublishDataset`
 - `:PostPublishDatasetWorkflowId` - formerly `WorkflowServiceBean.WorkflowId:PostPublishDataset`
 
-## Deprecated Settings
-
 ## Deleted Settings
 
 - In Dataverse 6.7 (#11454) the `:AllowCors` setting was deprecated in favor of a new `dataverse.cors.origin` setting and now, in Dataverse 6.9, the `:AllowCors` setting has been removed (#11745). See also the step on CORS in the upgrade instructions below.

From f9541e48db64822d527abcafcdbe74c083373d03 Mon Sep 17 00:00:00 2001
From: Philip Durbin <philip_durbin@harvard.edu>
Date: Thu, 11 Dec 2025 15:42:42 -0500
Subject: [PATCH 610/634] add deleted settings

---
 doc/release-notes/6.9-release-notes.md | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/doc/release-notes/6.9-release-notes.md b/doc/release-notes/6.9-release-notes.md
index ded13ea80a4..fbb1f1e4022 100644
--- a/doc/release-notes/6.9-release-notes.md
+++ b/doc/release-notes/6.9-release-notes.md
@@ -193,6 +193,10 @@ The following database settings are were added to the official list within the c
 ## Deleted Settings
 
 - In Dataverse 6.7 (#11454) the `:AllowCors` setting was deprecated in favor of a new `dataverse.cors.origin` setting and now, in Dataverse 6.9, the `:AllowCors` setting has been removed (#11745). See also the step on CORS in the upgrade instructions below.
+- `BuiltinUsers.KEY` - now `:BuiltinUsersKey`
+- `WorkflowsAdmin#IP_WHITELIST_KEY` - now `:WorkflowsAdminIpWhitelist`
+- `WorkflowServiceBean.WorkflowId:PrePublishDataset` - now `:PrePublishDatasetWorkflowId`
+- `WorkflowServiceBean.WorkflowId:PostPublishDataset` - now `:PostPublishDatasetWorkflowId`
 
 ## Backward Incompatible Changes
 

From 27fa1ef438a3029e88c2bb3e9a5d3f9bd07e7a7e Mon Sep 17 00:00:00 2001
From: Philip Durbin <philip_durbin@harvard.edu>
Date: Thu, 11 Dec 2025 15:45:27 -0500
Subject: [PATCH 611/634] more on back incompat

---
 doc/release-notes/6.9-release-notes.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/doc/release-notes/6.9-release-notes.md b/doc/release-notes/6.9-release-notes.md
index fbb1f1e4022..13848bcba43 100644
--- a/doc/release-notes/6.9-release-notes.md
+++ b/doc/release-notes/6.9-release-notes.md
@@ -203,7 +203,7 @@ The following database settings are were added to the official list within the c
 Generally speaking, see the [API Changelog](https://guides.dataverse.org/en/latest/api/changelog.html) for a list of backward-incompatible API changes.
 
 - CORS is no longer enabled by default. See the upgrade instructions for details.
-- See the "Database Settings Cleanup" section above.
+- See the "Database Settings Cleanup" section above. In the past, the settings API would accept any key and value. This is no longer the case because validation has been added. Also the way to set per-format size limits for tabular ingest has changed. JSON input is now used. See #11639 and #11654.
 - The Update Collection Input Levels API endpoint no longer deletes the custom input levels previously modified for the given collection. In order to update a previously modified custom input level, it must be included in the JSON provided to the api. See [the guides](https://guides.dataverse.org/en/6.9/api/native-api.html#update-collection-input-levels), #11387, and #11748.
 - For `/api/admin/dataverse/{dataverse-alias}/storageDriver` and `/api/datasets/{identifier}/storageDriver` the driver name is no longer returned in data.message. Instead, it is returned as data.name (along with other information about the storageDriver). See [the guides](https://guides.dataverse.org/en/6.9/api/native-api.html#configure-a-dataset-to-store-all-new-files-in-a-specific-file-store), #11695, and #11664.
 - The POST /api/admin/makeDataCount/{id}/updateCitationsForDataset processing is now asynchronous and the response no longer includes the number of citations. The response can be OK if the request is queued or 503 if the queue is full (default queue size is 1000). See #11777 and #11781.

From a27c659ac496bf33315f09970187e260f577e8bf Mon Sep 17 00:00:00 2001
From: Stephen Kraffmiller <skraffmiller@hmdc.harvard.edu>
Date: Fri, 12 Dec 2025 11:07:31 -0500
Subject: [PATCH 612/634] 12033 add template command fix (#12037)

* #12033 fix create template ui

* #12033 fix set default

* #12033 fix command test
---
 .../engine/command/impl/CreateTemplateCommand.java    | 11 +++++++----
 .../command/impl/CreateTemplateCommandTest.java       | 11 ++++++++++-
 2 files changed, 17 insertions(+), 5 deletions(-)

diff --git a/src/main/java/edu/harvard/iq/dataverse/engine/command/impl/CreateTemplateCommand.java b/src/main/java/edu/harvard/iq/dataverse/engine/command/impl/CreateTemplateCommand.java
index fb5e3534f0e..69e19378b1a 100644
--- a/src/main/java/edu/harvard/iq/dataverse/engine/command/impl/CreateTemplateCommand.java
+++ b/src/main/java/edu/harvard/iq/dataverse/engine/command/impl/CreateTemplateCommand.java
@@ -49,13 +49,16 @@ public Template execute(CommandContext ctxt) throws CommandException {
         }
 
         Template createdTemplate = ctxt.templates().save(template);
-
-        if (initialize && template.isIsDefaultForDataverse()) {
+        
+        createdTemplate.setIsDefaultForDataverse(template.isIsDefaultForDataverse());
+        if (initialize && createdTemplate.isIsDefaultForDataverse()) {
             dataverse.setDefaultTemplate(createdTemplate);
             ctxt.em().merge(dataverse);
-        }
+        }      
+        
+        ctxt.em().flush();
+        return createdTemplate;
 
-        return template;
     }
 
     private static void updateTermsOfUseAndAccess(CommandContext ctxt, Template template) {
diff --git a/src/test/java/edu/harvard/iq/dataverse/engine/command/impl/CreateTemplateCommandTest.java b/src/test/java/edu/harvard/iq/dataverse/engine/command/impl/CreateTemplateCommandTest.java
index bf3daa6c593..71bcbad98b8 100644
--- a/src/test/java/edu/harvard/iq/dataverse/engine/command/impl/CreateTemplateCommandTest.java
+++ b/src/test/java/edu/harvard/iq/dataverse/engine/command/impl/CreateTemplateCommandTest.java
@@ -18,6 +18,7 @@
 import org.mockito.Mockito;
 import org.mockito.Spy;
 import org.mockito.junit.jupiter.MockitoExtension;
+import jakarta.persistence.EntityManager;
 
 import java.util.Collections;
 import java.util.List;
@@ -42,6 +43,8 @@ public class CreateTemplateCommandTest {
     private LicenseServiceBean licenseServiceBeanMock;
     @Mock
     private DataverseFieldTypeInputLevelServiceBean fieldTypeInputLevelServiceBeanMock;
+    @Mock
+    private EntityManager em;
 
     @Spy
     private Template templateSpy;
@@ -53,6 +56,7 @@ public class CreateTemplateCommandTest {
     public void setUp() {
         dataverseRequestStub = Mockito.mock(DataverseRequest.class);
         when(contextMock.templates()).thenReturn(templateServiceBeanStub);
+        when(contextMock.em()).thenReturn(em);
     }
 
     @Test
@@ -60,8 +64,10 @@ public void execute_shouldSaveTemplate_noInitialization() throws CommandExceptio
         // Create the command with initialization set to false
 
         CreateTemplateCommand sut = new CreateTemplateCommand(templateSpy, dataverseRequestStub, dataverseMock, false);
-
+        Template savedTemplate = mock(Template.class);
+        when(templateServiceBeanStub.save(templateSpy)).thenReturn(savedTemplate);
         // Act
+        
 
         sut.execute(contextMock);
 
@@ -83,6 +89,9 @@ public void execute_shouldInitializeAndSaveTemplate_withInitialization() throws
 
         when(dataverseMock.getId()).thenReturn(42L);
         when(dataverseMock.isMetadataBlockRoot()).thenReturn(true);
+                
+        Template savedTemplate = mock(Template.class);
+        when(templateServiceBeanStub.save(templateSpy)).thenReturn(savedTemplate);
 
         // Mock system metadata blocks
 

From dbb8e2f277ae73906c7ea6b0b5eb4ac45d8832b8 Mon Sep 17 00:00:00 2001
From: Julian Gautier <jggautier@ucla.edu>
Date: Fri, 12 Dec 2025 11:38:59 -0500
Subject: [PATCH 613/634] Clarify 'Host Dataverse' field visibility in dataset
 creation

Moving "only" closer to "collections" for clarity
---
 doc/release-notes/6.9-release-notes.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/doc/release-notes/6.9-release-notes.md b/doc/release-notes/6.9-release-notes.md
index 13848bcba43..9c1a3a4494e 100644
--- a/doc/release-notes/6.9-release-notes.md
+++ b/doc/release-notes/6.9-release-notes.md
@@ -77,7 +77,7 @@ See [the guides](https://guides.dataverse.org/en/6.9/developers/workflows.html#c
 
 ### Other Features Added
 
-- When creating a dataset, the "Host Dataverse" field is not shown when the user can only add datasets to one collection. See #11865.
+- When creating a dataset, the "Host Dataverse" field is not shown when the user can add datasets to only one collection. See #11865.
 - In the UI for granting file access, restricted files in draft will now show "Draft/Unpublished". See #7618 and #11794.
 - This version of Dataverse includes extensions of the Dataverse [external vocabulary mechanism](https://guides.dataverse.org/en/6.9/admin/metadatacustomization.html#using-external-vocabulary-services) that improve Dataverse's ability to include metadata about vocabulary terms and external identifiers such as ORCID and ROR in its metadata exports. More information on how to configure external vocabulary scripts to use this functionality can be found in [docs/readme.md](https://github.com/gdcc/dataverse-external-vocab-support/blob/main/docs/readme.md) and in the examples in the https://github.com/gdcc/dataverse-external-vocab-support repository. See #11793.
 - The [external vocabulary mechanism](https://github.com/gdcc/dataverse-external-vocab-support) now supports assigning metadatablock dataset field types of fieldType textbox (multiline inputs) as managed fields. This new functionality is being leveraged to support automated generation of citation text for Related Publications entries. (A URL could be added once the work in the external vocabulary repo is done). See #11954.

From 988ed81ee1bc057b561d5f6869dce5fe1ee483e2 Mon Sep 17 00:00:00 2001
From: qqmyers <qqmyers@hotmail.com>
Date: Fri, 12 Dec 2025 15:06:22 -0500
Subject: [PATCH 614/634] Minor cleanup

Removed information about a planned new script in the external vocabulary mechanism' repo that isn't yet ready.
---
 doc/release-notes/6.9-release-notes.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/doc/release-notes/6.9-release-notes.md b/doc/release-notes/6.9-release-notes.md
index 9c1a3a4494e..3b61fbf54bf 100644
--- a/doc/release-notes/6.9-release-notes.md
+++ b/doc/release-notes/6.9-release-notes.md
@@ -80,7 +80,7 @@ See [the guides](https://guides.dataverse.org/en/6.9/developers/workflows.html#c
 - When creating a dataset, the "Host Dataverse" field is not shown when the user can add datasets to only one collection. See #11865.
 - In the UI for granting file access, restricted files in draft will now show "Draft/Unpublished". See #7618 and #11794.
 - This version of Dataverse includes extensions of the Dataverse [external vocabulary mechanism](https://guides.dataverse.org/en/6.9/admin/metadatacustomization.html#using-external-vocabulary-services) that improve Dataverse's ability to include metadata about vocabulary terms and external identifiers such as ORCID and ROR in its metadata exports. More information on how to configure external vocabulary scripts to use this functionality can be found in [docs/readme.md](https://github.com/gdcc/dataverse-external-vocab-support/blob/main/docs/readme.md) and in the examples in the https://github.com/gdcc/dataverse-external-vocab-support repository. See #11793.
-- The [external vocabulary mechanism](https://github.com/gdcc/dataverse-external-vocab-support) now supports assigning metadatablock dataset field types of fieldType textbox (multiline inputs) as managed fields. This new functionality is being leveraged to support automated generation of citation text for Related Publications entries. (A URL could be added once the work in the external vocabulary repo is done). See #11954.
+- The [external vocabulary mechanism](https://github.com/gdcc/dataverse-external-vocab-support) now supports assigning metadatablock dataset field types of fieldType textbox (multiline inputs) as managed fields. See #11954.
 - It is now possible to configure all database settings at once with a JSON file. See [the guides](https://guides.dataverse.org/en/6.9/api/native-api.html#configure-all-database-settings), #11639, and #11654.
 - CORS support has been modernized so browser integrations (previewers, external tools, JS clients) work correctly with multiple origins and proper caching. See [the guides](https://guides.dataverse.org/en/6.9/installation/config.html#cors-settings), #11744, and #11745.
 - Integration with Local Contexts has been updated to support the change in their API regarding how DOIs entered as "Optional Project Information" are represented. See [the guides](https://guides.dataverse.org/en/6.9/installation/localcontexts.html) and #11904.

From 2f265eda41f4196d7d9078827f59a5717926c6df Mon Sep 17 00:00:00 2001
From: Philip Durbin <philip_durbin@harvard.edu>
Date: Sat, 13 Dec 2025 08:32:57 -0500
Subject: [PATCH 615/634] Apply suggestions from code review

Co-authored-by: Oliver Bertuch <poikilotherm@users.noreply.github.com>
---
 doc/release-notes/6.9-release-notes.md | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/doc/release-notes/6.9-release-notes.md b/doc/release-notes/6.9-release-notes.md
index 3b61fbf54bf..b96d3eda7bb 100644
--- a/doc/release-notes/6.9-release-notes.md
+++ b/doc/release-notes/6.9-release-notes.md
@@ -43,7 +43,7 @@ The following Open Data Commons licenses have been added:
 
 - Open Database License (ODbL)
 - Open Data Commons Attribution License (ODC-By)
-- Open Data Commons Public Domain Dedication and License (PDDL))
+- Open Data Commons Public Domain Dedication and License (PDDL)
 
 The following software license has been added:
 
@@ -98,7 +98,7 @@ See [the guides](https://guides.dataverse.org/en/6.9/developers/workflows.html#c
 
 ## API Updates
 
-- A new API endpoint has been added for retrieveing a list of collections to which a given dataset or collection can be linked. See [the guides](https://guides.dataverse.org/en/6.9/api/native-api.html#list-dataverse-collections-to-which-a-given-dataset-or-dataverse-collection-may-be-linked), #11710, and #11741.
+- A new API endpoint has been added for retrieving a list of collections to which a given dataset or collection can be linked. See [the guides](https://guides.dataverse.org/en/6.9/api/native-api.html#list-dataverse-collections-to-which-a-given-dataset-or-dataverse-collection-may-be-linked), #11710, and #11741.
 - A new API endpoint has been added to manage dataset licenses. See [the guides](https://guides.dataverse.org/en/6.9/api/native-api.html#update-dataset-license), #11771, #11815, and #11958.
 - A new API endpoint has been added to manage dataset terms of access for restricted files. See [the guides](https://guides.dataverse.org/en/6.9/api/native-api.html#update-dataset-terms-of-access), #11772, and #11893.
 - A new API endpoint has been added for getting and setting the metadata language of a collection. See [the guides](https://guides.dataverse.org/en/6.9/api/native-api.html#list-the-allowed-metadata-languages-of-a-dataverse-collection), 11856, and #11857.
@@ -106,7 +106,7 @@ See [the guides](https://guides.dataverse.org/en/6.9/developers/workflows.html#c
 - The endpoint ``{id}/versions/compareSummary`` was previously returning an incorrect count for
 the ``changedFileMetaData`` field. The logic for calculating this count has been fixed to accurately reflect the total number of file metadata changes across all files in the dataset version. See #11921 and #11944.
 - The "File Version Differences" and "Dataset Version Summaries" API endpoints have been improved with pagination support (with `limit` and `offset` parameters), performance improvements, and a bug fix. See [the guides](https://guides.dataverse.org/en/6.9/api/native-api.html#get-versions-of-a-dataset-with-summary-of-changes), #11561, #11855 and #11859.
-- The Notifications API has been improved (with `onlyUnread`, `limit`, and `offset` parameters) but also has some breaking changes. See [the guides](https://guides.dataverse.org/en/6.8/api/native-api.html#notifications), #11804, #11851, and #11854.
+The Notifications API has been improved (with `onlyUnread`, `limit`, and `offset` parameters) but also has some breaking changes. See [the guides](https://guides.dataverse.org/en/6.9/api/native-api.html#notifications), #11804, #11851, and #11854.
 - The storage API driver endpoint now returns a JSON object with the driver's "name", "type" and "label", and booleans indicating whether the driver has "directUpload", "directDownload", and/or "uploadOutOfBand" enabled. This change also affects the /api/admin/dataverse/{dataverse-alias}/storageDriver api call. In addition, this call now supports an optional ?getEffective=true to find the effective storageDriver (the driver that will be used for new datasets in the collection), See [the guides](https://guides.dataverse.org/en/6.9/admin/dataverses-datasets.html#configure-a-dataverse-collection-to-store-all-new-files-in-a-specific-file-store), #11695, and #11716.
 
 ## Security Updates
@@ -126,7 +126,7 @@ Most important changes:
 1. The setting `BuiltinUsers.KEY` was renamed to `:BuiltinUsersKey` to align with our naming pattern.
 2. The setting `WorkflowsAdmin#IP_WHITELIST_KEY` was renamed to `:WorkflowsAdminIpWhitelist` to align with our naming pattern.
 3. The setting `:TabularIngestSizeLimit` no longer uses suffixes for formats and becomes a JSON-based setting instead. See [the guides](https://guides.dataverse.org/en/6.9/installation/config.html#tabularingestsizelimit) for details.
-4. If set any of the settings above are set, they will be migrated to their new form automatically for you when the war file is deployed (Flyway migration).
+4. If any of the settings above are set, they will be migrated to their new form automatically for you when the war file is deployed (Flyway migration).
 5. You can no longer (accidentally) create or use arbitrary setting names or languages.
    All Admin API endpoints for settings now validate setting names and languages for existence and compliance.
 
@@ -153,7 +153,7 @@ See also #11639 and #11654.
 
 ### PostgreSQL 13 Reached EOL on 13 November 2025
 
-We mentioned this in the Dataverse [6.6](https://github.com/IQSS/dataverse/releases/tag/v6.6) and [6.8](https://github.com/IQSS/dataverse/releases/tag/v6.6) release notes, but as a reminder, according to https://www.postgresql.org/support/versioning/ PostgreSQL 13 reached EOL on 13 November 2025. As mentioned in the [Installation Guide](https://guides.dataverse.org/en/6.9/installation/prerequisites.html#postgresql), we recommend running PostgreSQL 16 since it is the version we test with in our continuous integration ([since](https://github.com/gdcc/dataverse-ansible/commit/8ebbd84ad2cf3903b8f995f0d34578250f4223ff) February 2025). The [Dataverse 5.4 release notes](https://github.com/IQSS/dataverse/releases/tag/v5.4) explained the upgrade process from 9 to 13 (e.g. pg_dumpall, etc.) and the steps will be similar. If you have any problems, please feel free to reach out (see "getting help" in these release notes).
+We mentioned this in the Dataverse [6.6](https://github.com/IQSS/dataverse/releases/tag/v6.6) and [6.8](https://github.com/IQSS/dataverse/releases/tag/v6.8) release notes, but as a reminder, according to https://www.postgresql.org/support/versioning/ PostgreSQL 13 reached EOL on 13 November 2025. As mentioned in the [Installation Guide](https://guides.dataverse.org/en/6.9/installation/prerequisites.html#postgresql), we recommend running PostgreSQL 16 since it is the version we test with in our continuous integration ([since](https://github.com/gdcc/dataverse-ansible/commit/8ebbd84ad2cf3903b8f995f0d34578250f4223ff) February 2025). The [Dataverse 5.4 release notes](https://github.com/IQSS/dataverse/releases/tag/v5.4) explained the upgrade process from 9 to 13 (e.g. pg_dumpall, etc.) and the steps will be similar. If you have any problems, please feel free to reach out (see "getting help" in these release notes).
 
 ## New Settings
 
@@ -167,7 +167,7 @@ We mentioned this in the Dataverse [6.6](https://github.com/IQSS/dataverse/relea
 
 ### Updated Database Settings
 
-The following database settings are were added to the official list within the code (to remain valid with the settings cleanup mentioned above):
+The following database settings were added to the official list within the code (to remain valid with the settings cleanup mentioned above):
 
 - `:BagGeneratorThreads`
 - `:BagItHandlerEnabled`

From 14d94230ba5c594372da46e1f6fdb09b1f0a243d Mon Sep 17 00:00:00 2001
From: Philip Durbin <philip_durbin@harvard.edu>
Date: Sat, 13 Dec 2025 08:43:33 -0500
Subject: [PATCH 616/634] Apply suggestions from code review

Co-authored-by: landreev <leonid@hmdc.harvard.edu>
---
 doc/release-notes/6.9-release-notes.md | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/doc/release-notes/6.9-release-notes.md b/doc/release-notes/6.9-release-notes.md
index b96d3eda7bb..e6eb4df9118 100644
--- a/doc/release-notes/6.9-release-notes.md
+++ b/doc/release-notes/6.9-release-notes.md
@@ -295,6 +295,8 @@ mv payara6.6.2025.3/glassfish/domains/domain1 payara6/glassfish/domains/
 
 Once your old, preserved domain1 directory is in place, copy the *.p12 files from distributed domain1/config directory into it, at least if they are different. These files include base certs. Over time, using the old cert files can cause SSL errors. If the domain.xml file is old enough, it may also reference *.jks files instead of the *.p12 ones. If so, update domain.xml so that these lines reference *.p12 files instead of *.jks files.
 
+cp payara6/glassfish/domains/domain1_DIST/*.p12 payara6/glassfish/domains/domain1
+
 5\. Download and deploy this version
 
 ```shell
@@ -302,6 +304,7 @@ wget https://github.com/IQSS/dataverse/releases/download/v6.9/dataverse-6.9.war
 $PAYARA/bin/asadmin deploy dataverse-6.9.war
 ```
 
+Please note that, depending on your database, the initial deployment of this version may take a little longer than usual. This is because new database indexes will need to be created in real time. The time it should take is not even a function of the overall size of your database, but specifically the `GuestbookResponse` table. (In other words, not a function of how much content you have in the repository, but how *popular* it is).
 6\. For installations with internationalization or text customizations:
 
 Please remember to update translations via [Dataverse language packs](https://github.com/GlobalDataverseCommunityConsortium/dataverse-language-packs).

From b5784d8947595401d7caa4e61d5c6dc17f2ab0d7 Mon Sep 17 00:00:00 2001
From: Philip Durbin <philip_durbin@harvard.edu>
Date: Sat, 13 Dec 2025 08:44:43 -0500
Subject: [PATCH 617/634] formatting tweaks

---
 doc/release-notes/6.9-release-notes.md | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/doc/release-notes/6.9-release-notes.md b/doc/release-notes/6.9-release-notes.md
index e6eb4df9118..e5659a5ba27 100644
--- a/doc/release-notes/6.9-release-notes.md
+++ b/doc/release-notes/6.9-release-notes.md
@@ -295,7 +295,9 @@ mv payara6.6.2025.3/glassfish/domains/domain1 payara6/glassfish/domains/
 
 Once your old, preserved domain1 directory is in place, copy the *.p12 files from distributed domain1/config directory into it, at least if they are different. These files include base certs. Over time, using the old cert files can cause SSL errors. If the domain.xml file is old enough, it may also reference *.jks files instead of the *.p12 ones. If so, update domain.xml so that these lines reference *.p12 files instead of *.jks files.
 
+```shell
 cp payara6/glassfish/domains/domain1_DIST/*.p12 payara6/glassfish/domains/domain1
+```
 
 5\. Download and deploy this version
 
@@ -305,6 +307,7 @@ $PAYARA/bin/asadmin deploy dataverse-6.9.war
 ```
 
 Please note that, depending on your database, the initial deployment of this version may take a little longer than usual. This is because new database indexes will need to be created in real time. The time it should take is not even a function of the overall size of your database, but specifically the `GuestbookResponse` table. (In other words, not a function of how much content you have in the repository, but how *popular* it is).
+
 6\. For installations with internationalization or text customizations:
 
 Please remember to update translations via [Dataverse language packs](https://github.com/GlobalDataverseCommunityConsortium/dataverse-language-packs).

From 94f674dd5c526fc9b312705a76618196fee8f7d5 Mon Sep 17 00:00:00 2001
From: Philip Durbin <philip_durbin@harvard.edu>
Date: Sat, 13 Dec 2025 08:48:06 -0500
Subject: [PATCH 618/634] mention settings under API updates

---
 doc/release-notes/6.9-release-notes.md | 1 +
 1 file changed, 1 insertion(+)

diff --git a/doc/release-notes/6.9-release-notes.md b/doc/release-notes/6.9-release-notes.md
index e5659a5ba27..ce218ccf6af 100644
--- a/doc/release-notes/6.9-release-notes.md
+++ b/doc/release-notes/6.9-release-notes.md
@@ -98,6 +98,7 @@ See [the guides](https://guides.dataverse.org/en/6.9/developers/workflows.html#c
 
 ## API Updates
 
+- The Settings API no longer accepts keys (in the sense of key/value pairs) that are not defined in the code. See "Database Settings Cleanup" in these release notes for details, #11639 and #11654.
 - A new API endpoint has been added for retrieving a list of collections to which a given dataset or collection can be linked. See [the guides](https://guides.dataverse.org/en/6.9/api/native-api.html#list-dataverse-collections-to-which-a-given-dataset-or-dataverse-collection-may-be-linked), #11710, and #11741.
 - A new API endpoint has been added to manage dataset licenses. See [the guides](https://guides.dataverse.org/en/6.9/api/native-api.html#update-dataset-license), #11771, #11815, and #11958.
 - A new API endpoint has been added to manage dataset terms of access for restricted files. See [the guides](https://guides.dataverse.org/en/6.9/api/native-api.html#update-dataset-terms-of-access), #11772, and #11893.

From 71c655f195442623a803922734cdd5de4ec21f67 Mon Sep 17 00:00:00 2001
From: Philip Durbin <philip_durbin@harvard.edu>
Date: Sat, 13 Dec 2025 08:57:04 -0500
Subject: [PATCH 619/634] made API endpoints absolute instead of relative

---
 doc/release-notes/6.9-release-notes.md | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/doc/release-notes/6.9-release-notes.md b/doc/release-notes/6.9-release-notes.md
index ce218ccf6af..c806394818c 100644
--- a/doc/release-notes/6.9-release-notes.md
+++ b/doc/release-notes/6.9-release-notes.md
@@ -103,9 +103,9 @@ See [the guides](https://guides.dataverse.org/en/6.9/developers/workflows.html#c
 - A new API endpoint has been added to manage dataset licenses. See [the guides](https://guides.dataverse.org/en/6.9/api/native-api.html#update-dataset-license), #11771, #11815, and #11958.
 - A new API endpoint has been added to manage dataset terms of access for restricted files. See [the guides](https://guides.dataverse.org/en/6.9/api/native-api.html#update-dataset-terms-of-access), #11772, and #11893.
 - A new API endpoint has been added for getting and setting the metadata language of a collection. See [the guides](https://guides.dataverse.org/en/6.9/api/native-api.html#list-the-allowed-metadata-languages-of-a-dataverse-collection), 11856, and #11857.
-- The `/{identifier}/templates` endpoint previously required editDataverse permissions to retrieve the list of dataverse templates. This has been corrected. The endpoint now addDataset permissions instead. See #11796 and #11801.
-- The endpoint ``{id}/versions/compareSummary`` was previously returning an incorrect count for
-the ``changedFileMetaData`` field. The logic for calculating this count has been fixed to accurately reflect the total number of file metadata changes across all files in the dataset version. See #11921 and #11944.
+- The `/api/dataverses/{identifier}/templates` endpoint previously required editDataverse permissions to retrieve the list of dataverse templates. This has been corrected. The endpoint now addDataset permissions instead. See #11796 and #11801.
+- The endpoint `/api/datasets/{id}/versions/compareSummary` was previously returning an incorrect count for
+the `changedFileMetaData` field. The logic for calculating this count has been fixed to accurately reflect the total number of file metadata changes across all files in the dataset version. See #11921 and #11944.
 - The "File Version Differences" and "Dataset Version Summaries" API endpoints have been improved with pagination support (with `limit` and `offset` parameters), performance improvements, and a bug fix. See [the guides](https://guides.dataverse.org/en/6.9/api/native-api.html#get-versions-of-a-dataset-with-summary-of-changes), #11561, #11855 and #11859.
 The Notifications API has been improved (with `onlyUnread`, `limit`, and `offset` parameters) but also has some breaking changes. See [the guides](https://guides.dataverse.org/en/6.9/api/native-api.html#notifications), #11804, #11851, and #11854.
 - The storage API driver endpoint now returns a JSON object with the driver's "name", "type" and "label", and booleans indicating whether the driver has "directUpload", "directDownload", and/or "uploadOutOfBand" enabled. This change also affects the /api/admin/dataverse/{dataverse-alias}/storageDriver api call. In addition, this call now supports an optional ?getEffective=true to find the effective storageDriver (the driver that will be used for new datasets in the collection), See [the guides](https://guides.dataverse.org/en/6.9/admin/dataverses-datasets.html#configure-a-dataverse-collection-to-store-all-new-files-in-a-specific-file-store), #11695, and #11716.

From 5957166d5c47b52ce630f6b79d88d8950dd40abb Mon Sep 17 00:00:00 2001
From: Philip Durbin <philip_durbin@harvard.edu>
Date: Sat, 13 Dec 2025 09:01:30 -0500
Subject: [PATCH 620/634] split out new db vs jvm settings

---
 doc/release-notes/6.9-release-notes.md | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/doc/release-notes/6.9-release-notes.md b/doc/release-notes/6.9-release-notes.md
index c806394818c..5b95aac1f24 100644
--- a/doc/release-notes/6.9-release-notes.md
+++ b/doc/release-notes/6.9-release-notes.md
@@ -158,14 +158,19 @@ We mentioned this in the Dataverse [6.6](https://github.com/IQSS/dataverse/relea
 
 ## New Settings
 
-- :COARNotifyRelationshipAnnouncementTargets
-- :COARNotifyRelationshipAnnouncementTriggerFields
+### New JVM Options (MicroProfile Config Settings)
+
 - dataverse.api.mdc.min-delay-ms
 - dataverse.coar-notify.relationship-announcement.notify-superusers-only
 - dataverse.feature.only-update-datacite-when-needed
 - dataverse.feature.role-assignment-history
 - dataverse.ldn.allowed-hosts
 
+### New Database Settings
+
+- :COARNotifyRelationshipAnnouncementTargets
+- :COARNotifyRelationshipAnnouncementTriggerFields
+
 ### Updated Database Settings
 
 The following database settings were added to the official list within the code (to remain valid with the settings cleanup mentioned above):

From 45734cdf070295c20bdc942fc11d97b8658a08bc Mon Sep 17 00:00:00 2001
From: Philip Durbin <philip_durbin@harvard.edu>
Date: Sat, 13 Dec 2025 10:00:14 -0500
Subject: [PATCH 621/634] mention Payara and CORS under Security, more links to
 CORS PR

---
 doc/release-notes/6.9-release-notes.md | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/doc/release-notes/6.9-release-notes.md b/doc/release-notes/6.9-release-notes.md
index 5b95aac1f24..dad67fbaf03 100644
--- a/doc/release-notes/6.9-release-notes.md
+++ b/doc/release-notes/6.9-release-notes.md
@@ -112,7 +112,7 @@ The Notifications API has been improved (with `onlyUnread`, `limit`, and `offset
 
 ## Security Updates
 
-This release contains important security updates. If you are not receiving security notices, please sign up by following [the steps](https://guides.dataverse.org/en/latest/installation/config.html#ongoing-security-of-your-installation) in the guides.
+This release contains important security updates such as an upgrade to Payara (#11827) and how CORS is handled (#11745). If you are not receiving security notices, please sign up by following [the steps](https://guides.dataverse.org/en/latest/installation/config.html#ongoing-security-of-your-installation) in the guides.
 
 ## Developer Updates
 
@@ -208,7 +208,7 @@ The following database settings were added to the official list within the code
 
 Generally speaking, see the [API Changelog](https://guides.dataverse.org/en/latest/api/changelog.html) for a list of backward-incompatible API changes.
 
-- CORS is no longer enabled by default. See the upgrade instructions for details.
+- CORS is no longer enabled by default. See the upgrade instructions for details as well as #11745.
 - See the "Database Settings Cleanup" section above. In the past, the settings API would accept any key and value. This is no longer the case because validation has been added. Also the way to set per-format size limits for tabular ingest has changed. JSON input is now used. See #11639 and #11654.
 - The Update Collection Input Levels API endpoint no longer deletes the custom input levels previously modified for the given collection. In order to update a previously modified custom input level, it must be included in the JSON provided to the api. See [the guides](https://guides.dataverse.org/en/6.9/api/native-api.html#update-collection-input-levels), #11387, and #11748.
 - For `/api/admin/dataverse/{dataverse-alias}/storageDriver` and `/api/datasets/{identifier}/storageDriver` the driver name is no longer returned in data.message. Instead, it is returned as data.name (along with other information about the storageDriver). See [the guides](https://guides.dataverse.org/en/6.9/api/native-api.html#configure-a-dataset-to-store-all-new-files-in-a-specific-file-store), #11695, and #11664.
@@ -322,7 +322,7 @@ If you have text customizations you can get the latest English files from <https
 
 7\. Enable or re-enable CORS, if desired
 
-As of Dataverse 6.8 CORS was enabled by default but this is no longer the case.
+As of Dataverse 6.8 CORS was enabled by default but this is no longer the case. See #11745.
 
 If you are relying on CORS, e.g. using file previewers hosted at gdcc.github.io, and did not configure `dataverse.cors.origin` as recommended in the 6.7 release notes, you should do so now. With updates in 6.9, it is also possible to limit CORS support to specific internet hosts. See [the guides](https://guides.dataverse.org/en/6.9/installation/config.html#cors-settings) for details.
 

From 51ef3f4b2b1a893e949ba99fb9349b529e41be4d Mon Sep 17 00:00:00 2001
From: Philip Durbin <philip_durbin@harvard.edu>
Date: Sat, 13 Dec 2025 10:06:58 -0500
Subject: [PATCH 622/634] add Payara 6 to EOL list

---
 doc/release-notes/6.9-release-notes.md | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/doc/release-notes/6.9-release-notes.md b/doc/release-notes/6.9-release-notes.md
index dad67fbaf03..e83bd291fdd 100644
--- a/doc/release-notes/6.9-release-notes.md
+++ b/doc/release-notes/6.9-release-notes.md
@@ -156,6 +156,10 @@ See also #11639 and #11654.
 
 We mentioned this in the Dataverse [6.6](https://github.com/IQSS/dataverse/releases/tag/v6.6) and [6.8](https://github.com/IQSS/dataverse/releases/tag/v6.8) release notes, but as a reminder, according to https://www.postgresql.org/support/versioning/ PostgreSQL 13 reached EOL on 13 November 2025. As mentioned in the [Installation Guide](https://guides.dataverse.org/en/6.9/installation/prerequisites.html#postgresql), we recommend running PostgreSQL 16 since it is the version we test with in our continuous integration ([since](https://github.com/gdcc/dataverse-ansible/commit/8ebbd84ad2cf3903b8f995f0d34578250f4223ff) February 2025). The [Dataverse 5.4 release notes](https://github.com/IQSS/dataverse/releases/tag/v5.4) explained the upgrade process from 9 to 13 (e.g. pg_dumpall, etc.) and the steps will be similar. If you have any problems, please feel free to reach out (see "getting help" in these release notes).
 
+### Payara 6 Reaching EOL with 6.2025.11
+
+As explained in #12020 and https://payara.fish/blog/payara-6-community-end-of-life/ Payara 6.2025.11 is the last release in the 6.x series. A pull request at #12043 to upgrade to Payara 7 has already been made but won't make it into this release of Dataverse. You are welcome to try it out and give feedback.
+
 ## New Settings
 
 ### New JVM Options (MicroProfile Config Settings)

From 10471f086fa4b52c76c33f526720376d5ceaafb3 Mon Sep 17 00:00:00 2001
From: Philip Durbin <philip_durbin@harvard.edu>
Date: Sat, 13 Dec 2025 10:08:42 -0500
Subject: [PATCH 623/634] should be running 6.8

---
 doc/release-notes/6.9-release-notes.md | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

diff --git a/doc/release-notes/6.9-release-notes.md b/doc/release-notes/6.9-release-notes.md
index e83bd291fdd..14959d953ef 100644
--- a/doc/release-notes/6.9-release-notes.md
+++ b/doc/release-notes/6.9-release-notes.md
@@ -240,9 +240,7 @@ Upgrading requires a maintenance window and downtime. Please plan accordingly, c
 
 When doing backups, make sure your settings are backed up. See "Database Settings Cleanup" above for details.
 
-These instructions assume that you've already upgraded through all the 5.x releases and are now running Dataverse 6.8.
-
-0\. These instructions assume that you are upgrading from the immediate previous version. See [tags on GitHub](https://github.com/IQSS/dataverse/tags) for a list of versions. If you are running an earlier version, the only supported way to upgrade is to progress through the upgrades to all the releases in between before attempting the upgrade to this version.
+0\. These instructions assume that you are upgrading from the immediate previous version. That is to say, you've already upgraded through all the 6.x releases and are now running Dataverse 6.8. See [tags on GitHub](https://github.com/IQSS/dataverse/tags) for a list of versions. If you are running an earlier version, the only supported way to upgrade is to progress through the upgrades to all the releases in between before attempting the upgrade to this version.
 
 If you are running Payara as a non-root user (and you should be!), **remember not to execute the commands below as root**. By default, Payara runs as the `dataverse` user. In the commands below, we use sudo to run the commands as a non-root user.
 

From d3b2c1d1b7a2c448b336ab4070327f73d011562b Mon Sep 17 00:00:00 2001
From: Philip Durbin <philip_durbin@harvard.edu>
Date: Sat, 13 Dec 2025 10:15:01 -0500
Subject: [PATCH 624/634] don't run 6.8 and lower on Payara 6.2025.10

---
 doc/release-notes/6.9-release-notes.md | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/doc/release-notes/6.9-release-notes.md b/doc/release-notes/6.9-release-notes.md
index 14959d953ef..48fc47849d6 100644
--- a/doc/release-notes/6.9-release-notes.md
+++ b/doc/release-notes/6.9-release-notes.md
@@ -236,6 +236,8 @@ You are also very welcome to join the [Global Dataverse Community Consortium](ht
 
 ## Upgrade Instructions
 
+NOTE: These instructions include an upgrade to Payara 6.2025.10. Do not attempt to run Dataverse 6.8 or lower on Payara 6.2025.10. It won't work. To see the changes that had to be made to the the Dataverse code to make it compatible with Payara 6.2025.10 see #11827.
+
 Upgrading requires a maintenance window and downtime. Please plan accordingly, create backups of your database, etc.
 
 When doing backups, make sure your settings are backed up. See "Database Settings Cleanup" above for details.
@@ -274,7 +276,7 @@ sudo service payara stop
 
 The recommended Payara version has been updated to Payara 6.2025.10. See #11827.
 
-Payara 6.2025.10 cannot be used with earlier versions of Dataverse, e.g. v6.8.
+As a reminder, Payara 6.2025.10 cannot be used with earlier versions of Dataverse, e.g. v6.8.
 
 The steps below reuse your existing domain directory with the new distribution of Payara. You may also want to review the Payara upgrade instructions as it could be helpful during any troubleshooting:
 [Payara Release Notes](https://docs.payara.fish/community/docs/6.2025.10/Release%20Notes/Release%20Notes%206.2025.10.html).

From b5c14f1d6cd46ae919f87a0c5d2b6574990256d2 Mon Sep 17 00:00:00 2001
From: Philip Durbin <philip_durbin@harvard.edu>
Date: Sat, 13 Dec 2025 10:18:35 -0500
Subject: [PATCH 625/634] move back incompat up

---
 doc/release-notes/6.9-release-notes.md | 20 ++++++++++----------
 1 file changed, 10 insertions(+), 10 deletions(-)

diff --git a/doc/release-notes/6.9-release-notes.md b/doc/release-notes/6.9-release-notes.md
index 48fc47849d6..5078946155c 100644
--- a/doc/release-notes/6.9-release-notes.md
+++ b/doc/release-notes/6.9-release-notes.md
@@ -114,6 +114,16 @@ The Notifications API has been improved (with `onlyUnread`, `limit`, and `offset
 
 This release contains important security updates such as an upgrade to Payara (#11827) and how CORS is handled (#11745). If you are not receiving security notices, please sign up by following [the steps](https://guides.dataverse.org/en/latest/installation/config.html#ongoing-security-of-your-installation) in the guides.
 
+## Backward Incompatible Changes
+
+Generally speaking, see the [API Changelog](https://guides.dataverse.org/en/latest/api/changelog.html) for a list of backward-incompatible API changes.
+
+- CORS is no longer enabled by default. See the upgrade instructions for details as well as #11745.
+- See the "Database Settings Cleanup" section below. In the past, the settings API would accept any key and value. This is no longer the case because validation has been added. Also the way to set per-format size limits for tabular ingest has changed. JSON input is now used. See #11639 and #11654.
+- The Update Collection Input Levels API endpoint no longer deletes the custom input levels previously modified for the given collection. In order to update a previously modified custom input level, it must be included in the JSON provided to the api. See [the guides](https://guides.dataverse.org/en/6.9/api/native-api.html#update-collection-input-levels), #11387, and #11748.
+- For `/api/admin/dataverse/{dataverse-alias}/storageDriver` and `/api/datasets/{identifier}/storageDriver` the driver name is no longer returned in data.message. Instead, it is returned as data.name (along with other information about the storageDriver). See [the guides](https://guides.dataverse.org/en/6.9/api/native-api.html#configure-a-dataset-to-store-all-new-files-in-a-specific-file-store), #11695, and #11664.
+- The POST /api/admin/makeDataCount/{id}/updateCitationsForDataset processing is now asynchronous and the response no longer includes the number of citations. The response can be OK if the request is queued or 503 if the queue is full (default queue size is 1000). See #11777 and #11781.
+
 ## Developer Updates
 
 - The ExportDataProvider framework in the dataverse-spi package has been extended, adding some extra options for developers of metadata exporter plugins. See [the guides](https://guides.dataverse.org/en/6.9/developers/metadataexport.html#building-an-exporter) #11766, and #11767.
@@ -208,16 +218,6 @@ The following database settings were added to the official list within the code
 - `WorkflowServiceBean.WorkflowId:PrePublishDataset` - now `:PrePublishDatasetWorkflowId`
 - `WorkflowServiceBean.WorkflowId:PostPublishDataset` - now `:PostPublishDatasetWorkflowId`
 
-## Backward Incompatible Changes
-
-Generally speaking, see the [API Changelog](https://guides.dataverse.org/en/latest/api/changelog.html) for a list of backward-incompatible API changes.
-
-- CORS is no longer enabled by default. See the upgrade instructions for details as well as #11745.
-- See the "Database Settings Cleanup" section above. In the past, the settings API would accept any key and value. This is no longer the case because validation has been added. Also the way to set per-format size limits for tabular ingest has changed. JSON input is now used. See #11639 and #11654.
-- The Update Collection Input Levels API endpoint no longer deletes the custom input levels previously modified for the given collection. In order to update a previously modified custom input level, it must be included in the JSON provided to the api. See [the guides](https://guides.dataverse.org/en/6.9/api/native-api.html#update-collection-input-levels), #11387, and #11748.
-- For `/api/admin/dataverse/{dataverse-alias}/storageDriver` and `/api/datasets/{identifier}/storageDriver` the driver name is no longer returned in data.message. Instead, it is returned as data.name (along with other information about the storageDriver). See [the guides](https://guides.dataverse.org/en/6.9/api/native-api.html#configure-a-dataset-to-store-all-new-files-in-a-specific-file-store), #11695, and #11664.
-- The POST /api/admin/makeDataCount/{id}/updateCitationsForDataset processing is now asynchronous and the response no longer includes the number of citations. The response can be OK if the request is queued or 503 if the queue is full (default queue size is 1000). See #11777 and #11781.
-
 ## Complete List of Changes
 
 For the complete list of code changes in this release, see the [6.9 milestone](https://github.com/IQSS/dataverse/issues?q=milestone%3A6.9+is%3Aclosed) in GitHub.

From 7bc8a31cbc241fc3d472d5190613763d0085328c Mon Sep 17 00:00:00 2001
From: Philip Durbin <philip_durbin@harvard.edu>
Date: Sat, 13 Dec 2025 10:20:37 -0500
Subject: [PATCH 626/634] move EOL up

---
 doc/release-notes/6.9-release-notes.md | 20 ++++++++++----------
 1 file changed, 10 insertions(+), 10 deletions(-)

diff --git a/doc/release-notes/6.9-release-notes.md b/doc/release-notes/6.9-release-notes.md
index 5078946155c..edf6fa26902 100644
--- a/doc/release-notes/6.9-release-notes.md
+++ b/doc/release-notes/6.9-release-notes.md
@@ -124,6 +124,16 @@ Generally speaking, see the [API Changelog](https://guides.dataverse.org/en/late
 - For `/api/admin/dataverse/{dataverse-alias}/storageDriver` and `/api/datasets/{identifier}/storageDriver` the driver name is no longer returned in data.message. Instead, it is returned as data.name (along with other information about the storageDriver). See [the guides](https://guides.dataverse.org/en/6.9/api/native-api.html#configure-a-dataset-to-store-all-new-files-in-a-specific-file-store), #11695, and #11664.
 - The POST /api/admin/makeDataCount/{id}/updateCitationsForDataset processing is now asynchronous and the response no longer includes the number of citations. The response can be OK if the request is queued or 503 if the queue is full (default queue size is 1000). See #11777 and #11781.
 
+## End-Of-Life (EOL) Announcements
+
+### PostgreSQL 13 Reached EOL on 13 November 2025
+
+We mentioned this in the Dataverse [6.6](https://github.com/IQSS/dataverse/releases/tag/v6.6) and [6.8](https://github.com/IQSS/dataverse/releases/tag/v6.8) release notes, but as a reminder, according to https://www.postgresql.org/support/versioning/ PostgreSQL 13 reached EOL on 13 November 2025. As mentioned in the [Installation Guide](https://guides.dataverse.org/en/6.9/installation/prerequisites.html#postgresql), we recommend running PostgreSQL 16 since it is the version we test with in our continuous integration ([since](https://github.com/gdcc/dataverse-ansible/commit/8ebbd84ad2cf3903b8f995f0d34578250f4223ff) February 2025). The [Dataverse 5.4 release notes](https://github.com/IQSS/dataverse/releases/tag/v5.4) explained the upgrade process from 9 to 13 (e.g. pg_dumpall, etc.) and the steps will be similar. If you have any problems, please feel free to reach out (see "getting help" in these release notes).
+
+### Payara 6 Reaching EOL with 6.2025.11
+
+As explained in #12020 and https://payara.fish/blog/payara-6-community-end-of-life/ Payara 6.2025.11 is the last release in the 6.x series. A pull request at #12043 to upgrade to Payara 7 has already been made but won't make it into this release of Dataverse. You are welcome to try it out and give feedback.
+
 ## Developer Updates
 
 - The ExportDataProvider framework in the dataverse-spi package has been extended, adding some extra options for developers of metadata exporter plugins. See [the guides](https://guides.dataverse.org/en/6.9/developers/metadataexport.html#building-an-exporter) #11766, and #11767.
@@ -160,16 +170,6 @@ Note: Despite the validation of setting names and languages, the content of any
 
 See also #11639 and #11654.
 
-## End-Of-Life (EOL) Announcements
-
-### PostgreSQL 13 Reached EOL on 13 November 2025
-
-We mentioned this in the Dataverse [6.6](https://github.com/IQSS/dataverse/releases/tag/v6.6) and [6.8](https://github.com/IQSS/dataverse/releases/tag/v6.8) release notes, but as a reminder, according to https://www.postgresql.org/support/versioning/ PostgreSQL 13 reached EOL on 13 November 2025. As mentioned in the [Installation Guide](https://guides.dataverse.org/en/6.9/installation/prerequisites.html#postgresql), we recommend running PostgreSQL 16 since it is the version we test with in our continuous integration ([since](https://github.com/gdcc/dataverse-ansible/commit/8ebbd84ad2cf3903b8f995f0d34578250f4223ff) February 2025). The [Dataverse 5.4 release notes](https://github.com/IQSS/dataverse/releases/tag/v5.4) explained the upgrade process from 9 to 13 (e.g. pg_dumpall, etc.) and the steps will be similar. If you have any problems, please feel free to reach out (see "getting help" in these release notes).
-
-### Payara 6 Reaching EOL with 6.2025.11
-
-As explained in #12020 and https://payara.fish/blog/payara-6-community-end-of-life/ Payara 6.2025.11 is the last release in the 6.x series. A pull request at #12043 to upgrade to Payara 7 has already been made but won't make it into this release of Dataverse. You are welcome to try it out and give feedback.
-
 ## New Settings
 
 ### New JVM Options (MicroProfile Config Settings)

From 6529b4cfab26bfe25e7c1dea32c704e7710e9686 Mon Sep 17 00:00:00 2001
From: Steven Winship <39765413+stevenwinship@users.noreply.github.com>
Date: Mon, 15 Dec 2025 09:38:24 -0500
Subject: [PATCH 627/634] Bunp version to 6.9

---
 doc/sphinx-guides/source/conf.py      | 2 +-
 doc/sphinx-guides/source/versions.rst | 1 +
 modules/dataverse-parent/pom.xml      | 6 +++---
 3 files changed, 5 insertions(+), 4 deletions(-)

diff --git a/doc/sphinx-guides/source/conf.py b/doc/sphinx-guides/source/conf.py
index abf6ba7379b..b6aadae5761 100755
--- a/doc/sphinx-guides/source/conf.py
+++ b/doc/sphinx-guides/source/conf.py
@@ -70,7 +70,7 @@
 # built documents.
 #
 # The short X.Y version.
-version = '6.8'
+version = '6.9'
 # The full version, including alpha/beta/rc tags.
 release = version
 
diff --git a/doc/sphinx-guides/source/versions.rst b/doc/sphinx-guides/source/versions.rst
index 393b2b07e97..c1035db8d89 100755
--- a/doc/sphinx-guides/source/versions.rst
+++ b/doc/sphinx-guides/source/versions.rst
@@ -8,6 +8,7 @@ This list provides a way to refer to the documentation for previous and future v
 
 - pre-release `HTML (not final!) <http://preview.guides.gdcc.io/en/develop/>`__ and `PDF (experimental!) <http://preview.guides.gdcc.io/_/downloads/en/develop/pdf/>`__ built from the :doc:`develop </developers/version-control>` branch :doc:`(how to contribute!) </contributor/documentation>`
 - |version|
+- `6.8 </en/6.8/>`__
 - `6.7.1 </en/6.7.1/>`__
 - `6.7 </en/6.7/>`__
 - `6.6 </en/6.6/>`__
diff --git a/modules/dataverse-parent/pom.xml b/modules/dataverse-parent/pom.xml
index 9b909f0c147..6ed02dda20c 100644
--- a/modules/dataverse-parent/pom.xml
+++ b/modules/dataverse-parent/pom.xml
@@ -132,7 +132,7 @@
  
     <properties>
         <!-- This is a special Maven property name, do not change! -->
-        <revision>6.8</revision>
+        <revision>6.9</revision>
     
         <target.java.version>17</target.java.version>
         <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
@@ -461,8 +461,8 @@
                     Once the release has been made (tag created), change this back to "${parsedVersion.majorVersion}.${parsedVersion.nextMinorVersion}"
                     (These properties are provided by the build-helper plugin below.)
                 -->
-                <base.image.version>${parsedVersion.majorVersion}.${parsedVersion.nextMinorVersion}</base.image.version>
-                <!-- <base.image.version>${revision}</base.image.version> -->
+                <!-- <base.image.version>${parsedVersion.majorVersion}.${parsedVersion.nextMinorVersion}</base.image.version> -->
+                <base.image.version>${revision}</base.image.version>
                 <!-- This is used by the maintenance CI jobs, no need to adapt during releases. -->
                 <app.image.version>${base.image.version}</app.image.version>
             </properties>

From 2bbddef7ae6ce1e7d78e5b90f60f94a83b8d34c4 Mon Sep 17 00:00:00 2001
From: Philip Durbin <philip_durbin@harvard.edu>
Date: Tue, 16 Dec 2025 10:20:53 -0500
Subject: [PATCH 628/634] typo

---
 doc/release-notes/6.9-release-notes.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/doc/release-notes/6.9-release-notes.md b/doc/release-notes/6.9-release-notes.md
index edf6fa26902..3e1bf20d8bf 100644
--- a/doc/release-notes/6.9-release-notes.md
+++ b/doc/release-notes/6.9-release-notes.md
@@ -84,7 +84,7 @@ See [the guides](https://guides.dataverse.org/en/6.9/developers/workflows.html#c
 - It is now possible to configure all database settings at once with a JSON file. See [the guides](https://guides.dataverse.org/en/6.9/api/native-api.html#configure-all-database-settings), #11639, and #11654.
 - CORS support has been modernized so browser integrations (previewers, external tools, JS clients) work correctly with multiple origins and proper caching. See [the guides](https://guides.dataverse.org/en/6.9/installation/config.html#cors-settings), #11744, and #11745.
 - Integration with Local Contexts has been updated to support the change in their API regarding how DOIs entered as "Optional Project Information" are represented. See [the guides](https://guides.dataverse.org/en/6.9/installation/localcontexts.html) and #11904.
-- This release adds database indexes on GuestbookResponse and DatasetMetrtics, speeding up Dataset deletes. It also adds a constraint preventing null VersionState, as a matter of good housekeeping practice. See #11828 and #11898.
+- This release adds database indexes on GuestbookResponse and DatasetMetrics, speeding up Dataset deletes. It also adds a constraint preventing null VersionState, as a matter of good housekeeping practice. See #11828 and #11898.
 - Permission reindexing, which occurs, e.g., after a user has been granted a role on a collection, has been made faster and less memory intensive in this release. See #11822.
 - Performance has been improved when retrieving citations from DataCite. A related setting called `dataverse.api.mdc.min-delay-ms` has been added. See [the guides](https://guides.dataverse.org/en/6.9/installation/config.html#dataverse-api-mdc-min-delay-ms), #11777, and #11781.
 - Processing of comma-separated lists in settings has been centralized and now ignores spaces around commas. See [the guides](https://guides.dataverse.org/en/6.9/installation/config.html#comma-separated-configuration-values) and #11745.

From 3c9379322d987f27c688bd0a90e341e1d36ed60b Mon Sep 17 00:00:00 2001
From: Philip Durbin <philip_durbin@harvard.edu>
Date: Tue, 16 Dec 2025 10:27:34 -0500
Subject: [PATCH 629/634] fix typo: add 6

---
 doc/release-notes/6.9-release-notes.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/doc/release-notes/6.9-release-notes.md b/doc/release-notes/6.9-release-notes.md
index 3e1bf20d8bf..3012037dfba 100644
--- a/doc/release-notes/6.9-release-notes.md
+++ b/doc/release-notes/6.9-release-notes.md
@@ -296,7 +296,7 @@ cd /usr/local
 unzip payara-6.2025.10.zip
 ```
 
-Replace the brand new `payara/glassfish/domains/domain1` with your old, preserved domain1:
+Replace the brand new `payara6/glassfish/domains/domain1` with your old, preserved domain1:
 
 ```shell
 mv payara6/glassfish/domains/domain1 payara6/glassfish/domains/domain1_DIST

From 0b850c18f7bff4d64db52e3d35e1c7568d974eb0 Mon Sep 17 00:00:00 2001
From: Philip Durbin <philip_durbin@harvard.edu>
Date: Tue, 16 Dec 2025 10:37:20 -0500
Subject: [PATCH 630/634] extra heads up about payara/dv compat

---
 doc/release-notes/6.9-release-notes.md | 1 +
 1 file changed, 1 insertion(+)

diff --git a/doc/release-notes/6.9-release-notes.md b/doc/release-notes/6.9-release-notes.md
index 3012037dfba..0211afc9acc 100644
--- a/doc/release-notes/6.9-release-notes.md
+++ b/doc/release-notes/6.9-release-notes.md
@@ -118,6 +118,7 @@ This release contains important security updates such as an upgrade to Payara (#
 
 Generally speaking, see the [API Changelog](https://guides.dataverse.org/en/latest/api/changelog.html) for a list of backward-incompatible API changes.
 
+- This release of Dataverse requires an upgrade to Payara. Please be aware that you need to upgrade Payara and Dataverse at the same time because older versions of Dataverse are not compatible with newer versions of Payara. See upgrade instructions for details.
 - CORS is no longer enabled by default. See the upgrade instructions for details as well as #11745.
 - See the "Database Settings Cleanup" section below. In the past, the settings API would accept any key and value. This is no longer the case because validation has been added. Also the way to set per-format size limits for tabular ingest has changed. JSON input is now used. See #11639 and #11654.
 - The Update Collection Input Levels API endpoint no longer deletes the custom input levels previously modified for the given collection. In order to update a previously modified custom input level, it must be included in the JSON provided to the api. See [the guides](https://guides.dataverse.org/en/6.9/api/native-api.html#update-collection-input-levels), #11387, and #11748.

From d1f9cb9c1cba8488c7e6dd43bd63d6fab43c6bba Mon Sep 17 00:00:00 2001
From: qqmyers <qqmyers@hotmail.com>
Date: Wed, 17 Dec 2025 15:40:02 -0500
Subject: [PATCH 631/634] use jsf:rendered

---
 src/main/webapp/permissions-manage-files.xhtml | 2 +-
 src/main/webapp/permissions-manage.xhtml       | 3 ++-
 2 files changed, 3 insertions(+), 2 deletions(-)

diff --git a/src/main/webapp/permissions-manage-files.xhtml b/src/main/webapp/permissions-manage-files.xhtml
index cc04af6c022..2eb9e2a6f5f 100644
--- a/src/main/webapp/permissions-manage-files.xhtml
+++ b/src/main/webapp/permissions-manage-files.xhtml
@@ -221,7 +221,7 @@
                     </div>
                     <!-- Role Assignment History Panel -->
                     <o:importConstants type="edu.harvard.iq.dataverse.settings.FeatureFlags" />
-                    <div class="panel panel-default" rendered="#{FeatureFlags.ROLE_ASSIGNMENT_HISTORY.enabled()}">
+                    <div class="panel panel-default" jsf:rendered="#{FeatureFlags.ROLE_ASSIGNMENT_HISTORY.enabled()}">
                       <div data-toggle="collapse" data-target="#panelCollapseHistory" class="panel-heading text-info">
                         #{bundle['dataverse.permissions.history']} <span class="glyphicon glyphicon-chevron-down" /> <span class="text-muted small pull-right">#{bundle['dataverse.permissions.history.description']}</span>
                       </div>
diff --git a/src/main/webapp/permissions-manage.xhtml b/src/main/webapp/permissions-manage.xhtml
index 6289089c912..d2a37268288 100644
--- a/src/main/webapp/permissions-manage.xhtml
+++ b/src/main/webapp/permissions-manage.xhtml
@@ -5,6 +5,7 @@
       xmlns:ui="http://java.sun.com/jsf/facelets"
       xmlns:p="http://primefaces.org/ui"
       xmlns:c="http://java.sun.com/jsp/jstl/core"
+      xmlns:jsf="http://xmlns.jcp.org/jsf"
       xmlns:o="http://omnifaces.org/ui"
       xmlns:iqbs="http://xmlns.jcp.org/jsf/composite/iqbs">
 
@@ -198,7 +199,7 @@
                         </div>
                         <!-- Role Assignment History Panel -->
                         <o:importConstants type="edu.harvard.iq.dataverse.settings.FeatureFlags" />
-                        <div class="panel panel-default" rendered="#{FeatureFlags.ROLE_ASSIGNMENT_HISTORY.enabled()}">
+                        <div class="panel panel-default" jsf:rendered="#{FeatureFlags.ROLE_ASSIGNMENT_HISTORY.enabled()}">
                           <div data-toggle="collapse" data-target="#panelCollapseHistory" class="panel-heading text-info">
                             #{bundle['dataverse.permissions.history']} <span class="glyphicon glyphicon-chevron-down" /> <span class="text-muted small pull-right">#{bundle['dataverse.permissions.history.description']}</span>
                           </div>

From d642f38d0fecfec5a56018bdbaab91fcc0c0da31 Mon Sep 17 00:00:00 2001
From: Gustavo Durand <scolapasta+github@gmail.com>
Date: Thu, 18 Dec 2025 10:57:07 -0500
Subject: [PATCH 632/634] Fix role assignment history JS

---
 .../java/edu/harvard/iq/dataverse/ManagePermissionsPage.java  | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/main/java/edu/harvard/iq/dataverse/ManagePermissionsPage.java b/src/main/java/edu/harvard/iq/dataverse/ManagePermissionsPage.java
index f2a2dfb5df7..6275f3fd08f 100644
--- a/src/main/java/edu/harvard/iq/dataverse/ManagePermissionsPage.java
+++ b/src/main/java/edu/harvard/iq/dataverse/ManagePermissionsPage.java
@@ -701,10 +701,10 @@ public String getSignedUrlForRAHistoryCsv() {
         //Including /v1 in these urls is required for the signature to validate
         if (dvObject instanceof Dataverse dv) {
             // For Dataverses, use the dataverses API endpoint with the alias
-            apiPath = "/api/v1/dataverses/" + dv.getAlias() + "/permissions/history";
+            apiPath = "/api/v1/dataverses/" + dv.getAlias() + "/assignments/history";
         } else if (dvObject instanceof Dataset) {
             // For Datasets, use the datasets API endpoint with the ID
-            apiPath = "/api/v1/datasets/" + dvObject.getId() + "/permissions/history";
+            apiPath = "/api/v1/datasets/" + dvObject.getId() + "/assignments/history";
         } else {
             // For other types (like DataFile), return null or a default path
             return null;

From 9c0d3ac9f1cc290c6428ff89111d85b74d1d056e Mon Sep 17 00:00:00 2001
From: Gustavo Durand <scolapasta+github@gmail.com>
Date: Thu, 18 Dec 2025 10:58:23 -0500
Subject: [PATCH 633/634] Fix API path for file permissions history

---
 .../edu/harvard/iq/dataverse/ManageFilePermissionsPage.java     | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/main/java/edu/harvard/iq/dataverse/ManageFilePermissionsPage.java b/src/main/java/edu/harvard/iq/dataverse/ManageFilePermissionsPage.java
index a23b41cb1d1..c44529d9299 100644
--- a/src/main/java/edu/harvard/iq/dataverse/ManageFilePermissionsPage.java
+++ b/src/main/java/edu/harvard/iq/dataverse/ManageFilePermissionsPage.java
@@ -586,7 +586,7 @@ public void setRenderFileMessages(boolean renderFileMessages) {
 
     public String getSignedUrlForRAHistoryCsv() {
         //Including /v1 is required for the signature to validate
-        String apiPath = "/api/v1/datasets/" + dataset.getId() + "/files/permissions/history";
+        String apiPath = "/api/v1/datasets/" + dataset.getId() + "/files/assignments/history";
         
         try {
             // Get the application URL from the system config

From 015ad0c86b88dc65896edf2ec0410916ef4190ef Mon Sep 17 00:00:00 2001
From: landreev <leonid@hmdc.harvard.edu>
Date: Thu, 18 Dec 2025 13:33:36 -0500
Subject: [PATCH 634/634] Manage Guestbooks page performance (#12053)

* A quick pr speeding up Manage Guestbooks page.

* Removed the code that allowed to run "select count(o) from guestbookresponse", on the entire table.

* Added another useful index on guestbookresponse table (that we've been using at HDV since April)
---
 doc/release-notes/6.9-release-notes.md        |  1 +
 .../iq/dataverse/GuestbookResponse.java       |  4 ++-
 .../GuestbookResponseServiceBean.java         | 26 ++++++++++++-------
 src/main/resources/db/migration/V6.8.0.4.sql  |  2 ++
 4 files changed, 23 insertions(+), 10 deletions(-)
 create mode 100644 src/main/resources/db/migration/V6.8.0.4.sql

diff --git a/doc/release-notes/6.9-release-notes.md b/doc/release-notes/6.9-release-notes.md
index 0211afc9acc..c49e4697096 100644
--- a/doc/release-notes/6.9-release-notes.md
+++ b/doc/release-notes/6.9-release-notes.md
@@ -95,6 +95,7 @@ See [the guides](https://guides.dataverse.org/en/6.9/developers/workflows.html#c
 - In prior versions of Dataverse, publishing a dataset via the superuser-only update-current-version option would not set the current curation status (if enabled/used) to none/empty and, in v6.7, would not maintain the curation status history. These issues are now resolved and the update-current-version option works the same as normal publication of a new version with regard to curation status. See #11783 and #11784.
 - This release fixes problems with guestbook questions being displayed at download when files are selected from the dataset files table when guestbook-at-request is enabled and not displaying when they should when access is requested from the file page. See #11800, #11808, and #11835.
 - The optional Croissant exporter has been updated to 0.1.6 to prevent variable names, variable descriptions, and variable types from being exposed for restricted files. See https://github.com/gdcc/exporter-croissant/pull/20 and #11752.
+- Manage Gustbooks page was optimized to load much faster for collections with large numbers of downloads recorded. 
 
 ## API Updates
 
diff --git a/src/main/java/edu/harvard/iq/dataverse/GuestbookResponse.java b/src/main/java/edu/harvard/iq/dataverse/GuestbookResponse.java
index a6da7de68c7..a6ac270b45c 100644
--- a/src/main/java/edu/harvard/iq/dataverse/GuestbookResponse.java
+++ b/src/main/java/edu/harvard/iq/dataverse/GuestbookResponse.java
@@ -32,7 +32,9 @@
         @Index(columnList = "datafile_id"),
         @Index(columnList = "datasetversion_id"),
         @Index(columnList = "authenticateduser_id"),
-        @Index(columnList = "dataset_id")
+        @Index(columnList = "dataset_id"),
+        @Index(columnList = "dataset_id, guestbook_id", name="INDEX_GUESTBOOKRESPONSE_dataset_id_guestbook_id"),
+        @Index(columnList = "dataset_id, eventtype", name="INDEX_GUESTBOOKRESPONSE_dataset_id_eventtype")
 })
 
 @NamedQueries(
diff --git a/src/main/java/edu/harvard/iq/dataverse/GuestbookResponseServiceBean.java b/src/main/java/edu/harvard/iq/dataverse/GuestbookResponseServiceBean.java
index a49845ce834..dcd62c9c0ff 100644
--- a/src/main/java/edu/harvard/iq/dataverse/GuestbookResponseServiceBean.java
+++ b/src/main/java/edu/harvard/iq/dataverse/GuestbookResponseServiceBean.java
@@ -488,17 +488,25 @@ public Long findCount30Days(Long dataverseId) {
         return (Long) query.getSingleResult();
     }
 
-    public Long findCountAll() {
-        return findCountAll(null);
-    }
-
     public Long findCountAll(Long dataverseId) {
-        String queryString;
-        if (dataverseId != null) {
-            queryString = "select count(o.id) from GuestbookResponse  o,  DvObject v where o.dataset_id = v.id and v.owner_id = " + dataverseId + " ";
-        } else {
-            queryString = "select count(o.id) from GuestbookResponse  o ";
+      
+        if (dataverseId == null) {
+            return null;
         }
+        
+        // Note that this method used to support NULL dataverseId, 
+        // in which case it counted ALL the guestbookresponse rows
+        // for the entire instance: 
+        // queryString = "select count(o.id) from GuestbookResponse  o ";
+        // I removed this code (it was not being used, thankfully) since
+        // the query can be insanely expensive on a large production table. 
+        // That's why we use a stored procedure to "estimate" its size, in 
+        // the dedicated getTotalDownloadCount() method further below, for 
+        // example, when we need to show the total number of downloads on 
+        // the homepage. (L.A.)
+        
+        String queryString = "select count(o.id) from GuestbookResponse  o, DvObject v, Dataset d where o.dataset_id = v.id and v.id = d.id and v.owner_id = " + dataverseId + " ";
+            
 
         Query query = em.createNativeQuery(queryString);
         return (Long) query.getSingleResult();
diff --git a/src/main/resources/db/migration/V6.8.0.4.sql b/src/main/resources/db/migration/V6.8.0.4.sql
new file mode 100644
index 00000000000..6d2f3484b81
--- /dev/null
+++ b/src/main/resources/db/migration/V6.8.0.4.sql
@@ -0,0 +1,2 @@
+CREATE INDEX IF NOT EXISTS  INDEX_GUESTBOOKRESPONSE_dataset_id_guestbook_id ON GUESTBOOKRESPONSE (dataset_id, guestbook_id);
+CREATE INDEX IF NOT EXISTS  INDEX_GUESTBOOKRESPONSE_dataset_id_eventtype ON GUESTBOOKRESPONSE (dataset_id, eventtype);