Normalize and casefold input in TitleContentFilter

Consolidate
Normalize filenames and titles to NFC
2026-02-22 11:26:24 +00:00 · 2026-01-07 13:02:43 -08:00 · 2026-01-05 11:19:35 -08:00 · 2026-01-05 11:17:16 -08:00 · 2026-01-05 11:10:21 -08:00 · 2026-01-05 11:03:50 -08:00
89 changed files with 831 additions and 1640 deletions
--- a/.devcontainer/vscode/tasks.json
+++ b/.devcontainer/vscode/tasks.json
@@ -116,9 +116,9 @@
 		},
 		{
 			"label": "Maintenance: Build Documentation",
-			"description": "Build the documentation with Zensical",
+			"description": "Build the documentation with MkDocs",
 			"type": "shell",
-			"command": "uv run zensical build && uv run zensical serve",
+			"command": "uv run mkdocs build --config-file mkdocs.yml && uv run mkdocs serve",
 			"group": "none",
 			"presentation": {
 				"echo": true,
--- a/.github/dependabot.yml
+++ b/.github/dependabot.yml
@@ -46,7 +46,7 @@ updates:
        patterns:
          - "*pytest*"
          - "ruff"
-          - "zensical"
+          - "mkdocs-material"
          - "pre-commit*"
      # Django & DRF Ecosystem
      django-ecosystem:
--- a/.github/release-drafter.yml
+++ b/.github/release-drafter.yml
@@ -44,7 +44,6 @@ include-labels:
  - 'notable'
 exclude-labels:
  - 'skip-changelog'
-filter-by-commitish: true
 category-template: '### $TITLE'
 change-template: '- $TITLE @$AUTHOR ([#$NUMBER]($URL))'
 change-title-escapes: '\<*_&#@'
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -11,10 +11,6 @@ on:
  pull_request:
    branches-ignore:
      - 'translations**'
-permissions:
-  contents: read
-  pages: write
-  id-token: write
 env:
  DEFAULT_UV_VERSION: "0.9.x"
  # This is the default version of Python to use in most steps which aren't specific
@@ -79,12 +75,11 @@ jobs:
      - name: Check files
        uses: pre-commit/action@v3.0.1
  documentation:
-    name: "Build Documentation"
+    name: "Build & Deploy Documentation"
    runs-on: ubuntu-24.04
    needs:
      - pre-commit
    steps:
-      - uses: actions/configure-pages@v5
      - name: Checkout
        uses: actions/checkout@v6
      - name: Set up Python
@@ -107,30 +102,24 @@ jobs:
            --python ${{ steps.setup-python.outputs.python-version }} \
            --dev \
            --frozen \
-            zensical build --clean
-      - name: Upload documentation artifact
-        uses: actions/upload-artifact@v5
+            mkdocs build --config-file ./mkdocs.yml
+      - name: Deploy documentation
+        if: github.event_name == 'push' && github.ref == 'refs/heads/main'
+        run: |
+          echo "docs.paperless-ngx.com" > "${{ github.workspace }}/docs/CNAME"
+          git config --global user.name "${{ github.actor }}"
+          git config --global user.email "${{ github.actor }}@users.noreply.github.com"
+          uv run \
+            --python ${{ steps.setup-python.outputs.python-version }} \
+            --dev \
+            --frozen \
+            mkdocs gh-deploy --force --no-history
+      - name: Upload artifact
+        uses: actions/upload-artifact@v6
        with:
          name: documentation
          path: site/
-      - uses: actions/upload-pages-artifact@v4
-        with:
-          path: site
-          name: github-pages-${{ github.run_id }}-${{ github.run_attempt }}
-  deploy-documentation:
-    name: "Deploy Documentation"
-    runs-on: ubuntu-24.04
-    needs:
-      - documentation
-    if: github.event_name == 'push' && github.ref == 'refs/heads/main'
-    environment:
-      name: github-pages
-      url: ${{ steps.deployment.outputs.page_url }}
-    steps:
-      - uses: actions/deploy-pages@v4
-        id: deployment
-        with:
-          artifact_name: github-pages-${{ github.run_id }}-${{ github.run_attempt }}
+          retention-days: 7
  tests-backend:
    name: "Backend Tests (Python ${{ matrix.python-version }})"
    runs-on: ubuntu-24.04
@@ -226,7 +215,7 @@ jobs:
          cache-dependency-path: 'src-ui/pnpm-lock.yaml'
      - name: Cache frontend dependencies
        id: cache-frontend-deps
-        uses: actions/cache@v4
+        uses: actions/cache@v5
        with:
          path: |
            ~/.pnpm-store
@@ -259,7 +248,7 @@ jobs:
          cache-dependency-path: 'src-ui/pnpm-lock.yaml'
      - name: Cache frontend dependencies
        id: cache-frontend-deps
-        uses: actions/cache@v4
+        uses: actions/cache@v5
        with:
          path: |
            ~/.pnpm-store
@@ -312,7 +301,7 @@ jobs:
          cache-dependency-path: 'src-ui/pnpm-lock.yaml'
      - name: Cache frontend dependencies
        id: cache-frontend-deps
-        uses: actions/cache@v4
+        uses: actions/cache@v5
        with:
          path: |
            ~/.pnpm-store
@@ -344,7 +333,7 @@ jobs:
          cache-dependency-path: 'src-ui/pnpm-lock.yaml'
      - name: Cache frontend dependencies
        id: cache-frontend-deps
-        uses: actions/cache@v4
+        uses: actions/cache@v5
        with:
          path: |
            ~/.pnpm-store
@@ -359,9 +348,6 @@ jobs:
  build-docker-image:
    name: Build Docker image for ${{ github.event_name == 'pull_request' && github.head_ref || github.ref_name }}
    runs-on: ubuntu-24.04
-    permissions:
-      contents: read
-      packages: write
    if: (github.event_name == 'push' && (startsWith(github.ref, 'refs/heads/feature-') || startsWith(github.ref, 'refs/heads/fix-') || github.ref == 'refs/heads/dev' || github.ref == 'refs/heads/beta' || contains(github.ref, 'beta.rc') || startsWith(github.ref, 'refs/tags/v') || startsWith(github.ref, 'refs/heads/l10n_'))) || (github.event_name == 'pull_request' && (startsWith(github.head_ref, 'feature-') || startsWith(github.head_ref, 'fix-') || github.head_ref == 'dev' || github.head_ref == 'beta' || contains(github.head_ref, 'beta.rc') || startsWith(github.head_ref, 'l10n_')))
    concurrency:
      group: ${{ github.workflow }}-build-docker-image-${{ github.ref_name }}
@@ -490,7 +476,7 @@ jobs:
          docker cp frontend-extract:/usr/src/paperless/src/documents/static/frontend src/documents/static/frontend/
      - name: Upload frontend artifact
        if: steps.build-vars.outputs.can-push == 'true'
-        uses: actions/upload-artifact@v5
+        uses: actions/upload-artifact@v6
        with:
          name: frontend-compiled
          path: src/documents/static/frontend/
@@ -524,12 +510,12 @@ jobs:
          sudo apt-get update -qq
          sudo apt-get install -qq --no-install-recommends gettext liblept5
      - name: Download frontend artifact
-        uses: actions/download-artifact@v6
+        uses: actions/download-artifact@v7
        with:
          name: frontend-compiled
          path: src/documents/static/frontend/
      - name: Download documentation artifact
-        uses: actions/download-artifact@v6
+        uses: actions/download-artifact@v7
        with:
          name: documentation
          path: docs/_build/html/
@@ -592,7 +578,7 @@ jobs:
          sudo chown -R 1000:1000 paperless-ngx/
          tar -cJf paperless-ngx.tar.xz paperless-ngx/
      - name: Upload release artifact
-        uses: actions/upload-artifact@v5
+        uses: actions/upload-artifact@v6
        with:
          name: release
          path: dist/paperless-ngx.tar.xz
@@ -600,8 +586,6 @@ jobs:
  publish-release:
    name: "Publish Release"
    runs-on: ubuntu-24.04
-    permissions:
-      contents: write
    outputs:
      prerelease: ${{ steps.get_version.outputs.prerelease }}
      changelog: ${{ steps.create-release.outputs.body }}
@@ -611,7 +595,7 @@ jobs:
    if: github.ref_type == 'tag' && (startsWith(github.ref_name, 'v') || contains(github.ref_name, '-beta.rc'))
    steps:
      - name: Download release artifact
-        uses: actions/download-artifact@v6
+        uses: actions/download-artifact@v7
        with:
          name: release
          path: ./
@@ -633,7 +617,6 @@ jobs:
          version: ${{ steps.get_version.outputs.version }}
          prerelease: ${{ steps.get_version.outputs.prerelease }}
          publish: true # ensures release is not marked as draft
-          commitish: main
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
      - name: Upload release archive
@@ -648,10 +631,6 @@ jobs:
  append-changelog:
    name: "Append Changelog"
    runs-on: ubuntu-24.04
-    permissions:
-      contents: write
-      pull-requests: write
-      issues: write
    needs:
      - publish-release
    if: needs.publish-release.outputs.prerelease == 'false'
--- a/.github/workflows/repo-maintenance.yml
+++ b/.github/workflows/repo-maintenance.yml
@@ -37,7 +37,7 @@ jobs:
    if: github.repository_owner == 'paperless-ngx'
    runs-on: ubuntu-24.04
    steps:
-      - uses: dessant/lock-threads@v5
+      - uses: dessant/lock-threads@v6
        with:
          issue-inactive-days: '30'
          pr-inactive-days: '30'
--- a/.github/workflows/translate-strings.yml
+++ b/.github/workflows/translate-strings.yml
@@ -12,9 +12,11 @@ jobs:
    steps:
      - name: Checkout code
        uses: actions/checkout@v6
+        env:
+          GH_REF: ${{ github.ref }} # sonar rule:githubactions:S7630 - avoid injection
        with:
          token: ${{ secrets.PNGX_BOT_PAT }}
-          ref: ${{ github.head_ref }}
+          ref: ${{ env.GH_REF }}
      - name: Set up Python
        id: setup-python
        uses: actions/setup-python@v6
@@ -45,7 +47,7 @@ jobs:
          cache-dependency-path: 'src-ui/pnpm-lock.yaml'
      - name: Cache frontend dependencies
        id: cache-frontend-deps
-        uses: actions/cache@v4
+        uses: actions/cache@v5
        with:
          path: |
            ~/.pnpm-store
--- a/.gitignore
+++ b/.gitignore
@@ -53,7 +53,7 @@ junit.xml
 # Django stuff:
 *.log

-# Zensical documentation
+# MkDocs documentation
 site/

 # PyBuilder
--- a/docker/management_script.sh
+++ b/docker/management_script.sh
@@ -5,13 +5,10 @@ set -e

 cd "${PAPERLESS_SRC_DIR}"

-if [[ -n "${USER_IS_NON_ROOT}" ]]; then
-	python3 manage.py management_command "$@"
-elif [[ $(id -u) == 0 ]]; then
+if [[ $(id -u) == 0 ]]; then
 	s6-setuidgid paperless python3 manage.py management_command "$@"
 elif [[ $(id -un) == "paperless" ]]; then
 	python3 manage.py management_command "$@"
 else
 	echo "Unknown user."
-	exit 1
 fi
--- a/docker/rootfs/usr/local/bin/convert_mariadb_uuid
+++ b/docker/rootfs/usr/local/bin/convert_mariadb_uuid
@@ -5,13 +5,10 @@ set -e

 cd "${PAPERLESS_SRC_DIR}"

-if [[ -n "${USER_IS_NON_ROOT}" ]]; then
-	python3 manage.py convert_mariadb_uuid "$@"
-elif [[ $(id -u) == 0 ]]; then
+if [[ $(id -u) == 0 ]]; then
 	s6-setuidgid paperless python3 manage.py convert_mariadb_uuid "$@"
 elif [[ $(id -un) == "paperless" ]]; then
 	python3 manage.py convert_mariadb_uuid "$@"
 else
 	echo "Unknown user."
-	exit 1
 fi
--- a/docker/rootfs/usr/local/bin/createsuperuser
+++ b/docker/rootfs/usr/local/bin/createsuperuser
@@ -5,13 +5,10 @@ set -e

 cd "${PAPERLESS_SRC_DIR}"

-if [[ -n "${USER_IS_NON_ROOT}" ]]; then
-	python3 manage.py createsuperuser "$@"
-elif [[ $(id -u) == 0 ]]; then
+if [[ $(id -u) == 0 ]]; then
 	s6-setuidgid paperless python3 manage.py createsuperuser "$@"
 elif [[ $(id -un) == "paperless" ]]; then
 	python3 manage.py createsuperuser "$@"
 else
 	echo "Unknown user."
-	exit 1
 fi
--- a/docker/rootfs/usr/local/bin/decrypt_documents
+++ b/docker/rootfs/usr/local/bin/decrypt_documents
@@ -5,13 +5,10 @@ set -e

 cd "${PAPERLESS_SRC_DIR}"

-if [[ -n "${USER_IS_NON_ROOT}" ]]; then
-	python3 manage.py decrypt_documents "$@"
-elif [[ $(id -u) == 0 ]]; then
+if [[ $(id -u) == 0 ]]; then
 	s6-setuidgid paperless python3 manage.py decrypt_documents "$@"
 elif [[ $(id -un) == "paperless" ]]; then
 	python3 manage.py decrypt_documents "$@"
 else
 	echo "Unknown user."
-	exit 1
 fi
--- a/docker/rootfs/usr/local/bin/document_archiver
+++ b/docker/rootfs/usr/local/bin/document_archiver
@@ -5,13 +5,10 @@ set -e

 cd "${PAPERLESS_SRC_DIR}"

-if [[ -n "${USER_IS_NON_ROOT}" ]]; then
-	python3 manage.py document_archiver "$@"
-elif [[ $(id -u) == 0 ]]; then
+if [[ $(id -u) == 0 ]]; then
 	s6-setuidgid paperless python3 manage.py document_archiver "$@"
 elif [[ $(id -un) == "paperless" ]]; then
 	python3 manage.py document_archiver "$@"
 else
 	echo "Unknown user."
-	exit 1
 fi
--- a/docker/rootfs/usr/local/bin/document_create_classifier
+++ b/docker/rootfs/usr/local/bin/document_create_classifier
@@ -5,13 +5,10 @@ set -e

 cd "${PAPERLESS_SRC_DIR}"

-if [[ -n "${USER_IS_NON_ROOT}" ]]; then
-	python3 manage.py document_create_classifier "$@"
-elif [[ $(id -u) == 0 ]]; then
+if [[ $(id -u) == 0 ]]; then
 	s6-setuidgid paperless python3 manage.py document_create_classifier "$@"
 elif [[ $(id -un) == "paperless" ]]; then
 	python3 manage.py document_create_classifier "$@"
 else
 	echo "Unknown user."
-	exit 1
 fi
--- a/docker/rootfs/usr/local/bin/document_exporter
+++ b/docker/rootfs/usr/local/bin/document_exporter
@@ -5,13 +5,10 @@ set -e

 cd "${PAPERLESS_SRC_DIR}"

-if [[ -n "${USER_IS_NON_ROOT}" ]]; then
-	python3 manage.py document_exporter "$@"
-elif [[ $(id -u) == 0 ]]; then
+if [[ $(id -u) == 0 ]]; then
 	s6-setuidgid paperless python3 manage.py document_exporter "$@"
 elif [[ $(id -un) == "paperless" ]]; then
 	python3 manage.py document_exporter "$@"
 else
 	echo "Unknown user."
-	exit 1
 fi
--- a/docker/rootfs/usr/local/bin/document_fuzzy_match
+++ b/docker/rootfs/usr/local/bin/document_fuzzy_match
@@ -5,13 +5,10 @@ set -e

 cd "${PAPERLESS_SRC_DIR}"

-if [[ -n "${USER_IS_NON_ROOT}" ]]; then
-	python3 manage.py document_fuzzy_match "$@"
-elif [[ $(id -u) == 0 ]]; then
+if [[ $(id -u) == 0 ]]; then
 	s6-setuidgid paperless python3 manage.py document_fuzzy_match "$@"
 elif [[ $(id -un) == "paperless" ]]; then
 	python3 manage.py document_fuzzy_match "$@"
 else
 	echo "Unknown user."
-	exit 1
 fi
--- a/docker/rootfs/usr/local/bin/document_importer
+++ b/docker/rootfs/usr/local/bin/document_importer
@@ -5,13 +5,10 @@ set -e

 cd "${PAPERLESS_SRC_DIR}"

-if [[ -n "${USER_IS_NON_ROOT}" ]]; then
-	python3 manage.py document_importer "$@"
-elif [[ $(id -u) == 0 ]]; then
+if [[ $(id -u) == 0 ]]; then
 	s6-setuidgid paperless python3 manage.py document_importer "$@"
 elif [[ $(id -un) == "paperless" ]]; then
 	python3 manage.py document_importer "$@"
 else
 	echo "Unknown user."
-	exit 1
 fi
--- a/docker/rootfs/usr/local/bin/document_index
+++ b/docker/rootfs/usr/local/bin/document_index
@@ -5,13 +5,10 @@ set -e

 cd "${PAPERLESS_SRC_DIR}"

-if [[ -n "${USER_IS_NON_ROOT}" ]]; then
-	python3 manage.py document_index "$@"
-elif [[ $(id -u) == 0 ]]; then
+if [[ $(id -u) == 0 ]]; then
 	s6-setuidgid paperless python3 manage.py document_index "$@"
 elif [[ $(id -un) == "paperless" ]]; then
 	python3 manage.py document_index "$@"
 else
 	echo "Unknown user."
-	exit 1
 fi
--- a/docker/rootfs/usr/local/bin/document_renamer
+++ b/docker/rootfs/usr/local/bin/document_renamer
@@ -5,13 +5,10 @@ set -e

 cd "${PAPERLESS_SRC_DIR}"

-if [[ -n "${USER_IS_NON_ROOT}" ]]; then
-	python3 manage.py document_renamer "$@"
-elif [[ $(id -u) == 0 ]]; then
+if [[ $(id -u) == 0 ]]; then
 	s6-setuidgid paperless python3 manage.py document_renamer "$@"
 elif [[ $(id -un) == "paperless" ]]; then
 	python3 manage.py document_renamer "$@"
 else
 	echo "Unknown user."
-	exit 1
 fi
--- a/docker/rootfs/usr/local/bin/document_retagger
+++ b/docker/rootfs/usr/local/bin/document_retagger
@@ -5,13 +5,10 @@ set -e

 cd "${PAPERLESS_SRC_DIR}"

-if [[ -n "${USER_IS_NON_ROOT}" ]]; then
-	python3 manage.py document_retagger "$@"
-elif [[ $(id -u) == 0 ]]; then
+if [[ $(id -u) == 0 ]]; then
 	s6-setuidgid paperless python3 manage.py document_retagger "$@"
 elif [[ $(id -un) == "paperless" ]]; then
 	python3 manage.py document_retagger "$@"
 else
 	echo "Unknown user."
-	exit 1
 fi
--- a/docker/rootfs/usr/local/bin/document_sanity_checker
+++ b/docker/rootfs/usr/local/bin/document_sanity_checker
@@ -5,13 +5,10 @@ set -e

 cd "${PAPERLESS_SRC_DIR}"

-if [[ -n "${USER_IS_NON_ROOT}" ]]; then
-	python3 manage.py document_sanity_checker "$@"
-elif [[ $(id -u) == 0 ]]; then
+if [[ $(id -u) == 0 ]]; then
 	s6-setuidgid paperless python3 manage.py document_sanity_checker "$@"
 elif [[ $(id -un) == "paperless" ]]; then
 	python3 manage.py document_sanity_checker "$@"
 else
 	echo "Unknown user."
-	exit 1
 fi
--- a/docker/rootfs/usr/local/bin/document_thumbnails
+++ b/docker/rootfs/usr/local/bin/document_thumbnails
@@ -5,13 +5,10 @@ set -e

 cd "${PAPERLESS_SRC_DIR}"

-if [[ -n "${USER_IS_NON_ROOT}" ]]; then
-	python3 manage.py document_thumbnails "$@"
-elif [[ $(id -u) == 0 ]]; then
+if [[ $(id -u) == 0 ]]; then
 	s6-setuidgid paperless python3 manage.py document_thumbnails "$@"
 elif [[ $(id -un) == "paperless" ]]; then
 	python3 manage.py document_thumbnails "$@"
 else
 	echo "Unknown user."
-	exit 1
 fi
--- a/docker/rootfs/usr/local/bin/mail_fetcher
+++ b/docker/rootfs/usr/local/bin/mail_fetcher
@@ -5,13 +5,10 @@ set -e

 cd "${PAPERLESS_SRC_DIR}"

-if [[ -n "${USER_IS_NON_ROOT}" ]]; then
-	python3 manage.py mail_fetcher "$@"
-elif [[ $(id -u) == 0 ]]; then
+if [[ $(id -u) == 0 ]]; then
 	s6-setuidgid paperless python3 manage.py mail_fetcher "$@"
 elif [[ $(id -un) == "paperless" ]]; then
 	python3 manage.py mail_fetcher "$@"
 else
 	echo "Unknown user."
-	exit 1
 fi
--- a/docker/rootfs/usr/local/bin/manage_superuser
+++ b/docker/rootfs/usr/local/bin/manage_superuser
@@ -5,13 +5,10 @@ set -e

 cd "${PAPERLESS_SRC_DIR}"

-if [[ -n "${USER_IS_NON_ROOT}" ]]; then
-	python3 manage.py manage_superuser "$@"
-elif [[ $(id -u) == 0 ]]; then
+if [[ $(id -u) == 0 ]]; then
 	s6-setuidgid paperless python3 manage.py manage_superuser "$@"
 elif [[ $(id -un) == "paperless" ]]; then
 	python3 manage.py manage_superuser "$@"
 else
 	echo "Unknown user."
-	exit 1
 fi
--- a/docker/rootfs/usr/local/bin/prune_audit_logs
+++ b/docker/rootfs/usr/local/bin/prune_audit_logs
@@ -5,13 +5,10 @@ set -e

 cd "${PAPERLESS_SRC_DIR}"

-if [[ -n "${USER_IS_NON_ROOT}" ]]; then
-	python3 manage.py prune_audit_logs "$@"
-elif [[ $(id -u) == 0 ]]; then
+if [[ $(id -u) == 0 ]]; then
 	s6-setuidgid paperless python3 manage.py prune_audit_logs "$@"
 elif [[ $(id -un) == "paperless" ]]; then
 	python3 manage.py prune_audit_logs "$@"
 else
 	echo "Unknown user."
-	exit 1
 fi
--- a/docs/advanced_usage.md
+++ b/docs/advanced_usage.md
@@ -431,10 +431,8 @@ This allows for complex logic to be included in the format, including [logical s
 and [filters](https://jinja.palletsprojects.com/en/3.1.x/templates/#id11) to manipulate the [variables](#filename-format-variables)
 provided. The template is provided as a string, potentially multiline, and rendered into a single line.

-In addition, a limited `document` object is available for advanced templates.
-This object includes common metadata fields such as `id`, `pk`, `title`, `content`, `page_count`, `created`, `added`, `modified`, `mime_type`,
-`checksum`, `archive_checksum`, `archive_serial_number`, `filename`, `archive_filename`, and `original_filename`.
-Related values are available as nested objects with limited fields, for example document.correspondent.name, etc.
+In addition, the entire Document instance is available to be utilized in a more advanced way, as well as some variables which only make sense to be accessed
+with more complex logic.

 #### Custom Jinja2 Filters

--- a/docs/api.md
+++ b/docs/api.md
@@ -1,4 +1,4 @@
-# REST API
+# The REST API

 Paperless-ngx now ships with a fully-documented REST API and a browsable
 web interface to explore it. The API browsable interface is available at
--- a/docs/assets/extra.css
+++ b/docs/assets/extra.css
@@ -1,31 +1,13 @@
-:root>* {
-    --paperless-green: #17541f;
-    --paperless-green-accent: #2b8a38;
-    --md-primary-fg-color: var(--paperless-green);
-    --md-primary-fg-color--dark: var(--paperless-green);
-    --md-primary-fg-color--light: var(--paperless-green-accent);
-    --md-accent-fg-color: var(--paperless-green-accent);
+:root > * {
+    --md-primary-fg-color: #17541f;
+    --md-primary-fg-color--dark: #17541f;
+    --md-primary-fg-color--light: #17541f;
+    --md-accent-fg-color: #2b8a38;
    --md-typeset-a-color: #21652a;
 }

-.md-header,
-.md-tabs {
-    background-color: var(--paperless-green);
-    color: #fff;
-}
-
-.md-tabs__link {
-    color: rgba(255, 255, 255, 0.82);
-}
-
-.md-tabs__link:hover,
-.md-tabs__link--active {
-    color: #fff;
-}
-
 [data-md-color-scheme="slate"] {
    --md-hue: 222;
-    --md-default-bg-color: hsla(var(--md-hue), 15%, 10%, 1);
 }

@media (min-width: 768px) {
@@ -87,8 +69,8 @@ h4 code {
 }

 /* Hide config vars from sidebar, toc and move the border on mobile case their hidden */
-.md-nav.md-nav--secondary .md-nav__item:has(> .md-nav__link[href*="PAPERLESS_"]),
-.md-nav.md-nav--secondary .md-nav__item:has(> .md-nav__link[href*="USERMAP_"]) {
+.md-nav.md-nav--secondary .md-nav__item .md-nav__link[href*="PAPERLESS_"],
+.md-nav.md-nav--secondary .md-nav__item .md-nav__link[href*="USERMAP_"] {
    display: none;
 }

@@ -101,3 +83,18 @@ h4 code {
        border-top: .05rem solid var(--md-default-fg-color--lightest);
    }
 }
+
+/* Show search shortcut key */
+[data-md-toggle="search"]:not(:checked) ~ .md-header .md-search__form::after {
+    position: absolute;
+    top: .3rem;
+    right: .3rem;
+    display: block;
+    padding: .1rem .4rem;
+    color: var(--md-default-fg-color--lighter);
+    font-weight: bold;
+    font-size: .8rem;
+    border: .05rem solid var(--md-default-fg-color--lighter);
+    border-radius: .1rem;
+    content: "/";
+  }
--- a/docs/changelog.md
+++ b/docs/changelog.md
@@ -1,97 +1,9 @@
 # Changelog

-## paperless-ngx 2.20.7
-
-### Bug Fixes
-
-   Performance fix: use subqueries to improve object retrieval in large installs [@shamoon](https://github.com/shamoon) ([#11950](https://github.com/paperless-ngx/paperless-ngx/pull/11950))
-   Fix: correct user dropdown button icon styling [@shamoon](https://github.com/shamoon) ([#12092](https://github.com/paperless-ngx/paperless-ngx/issues/12092))
-   Fix: fix broken docker create_classifier command in 2.20.6 [@shamoon](https://github.com/shamoon) ([#11965](https://github.com/paperless-ngx/paperless-ngx/issues/11965))
-
-### All App Changes
-
-<details>
-<summary>3 changes</summary>
-
-   Performance fix: use subqueries to improve object retrieval in large installs [@shamoon](https://github.com/shamoon) ([#11950](https://github.com/paperless-ngx/paperless-ngx/pull/11950))
-   Fix: correct user dropdown button icon styling [@shamoon](https://github.com/shamoon) ([#12092](https://github.com/paperless-ngx/paperless-ngx/issues/12092))
-   Fix: fix broken docker create_classifier command in 2.20.6 [@shamoon](https://github.com/shamoon) ([#11965](https://github.com/paperless-ngx/paperless-ngx/issues/11965))
-</details>
-
-## paperless-ngx 2.20.6
-
-### Bug Fixes
-
-   Fix: extract all ids for nested tags [@shamoon](https://github.com/shamoon) ([#11888](https://github.com/paperless-ngx/paperless-ngx/pull/11888))
-   Fixhancement: change date calculation for 'this year' to include future documents [@shamoon](https://github.com/shamoon) ([#11884](https://github.com/paperless-ngx/paperless-ngx/pull/11884))
-   Fix: Running management scripts under rootless could fail [@stumpylog](https://github.com/stumpylog) ([#11870](https://github.com/paperless-ngx/paperless-ngx/pull/11870))
-   Fix: use correct field id for overrides [@shamoon](https://github.com/shamoon) ([#11869](https://github.com/paperless-ngx/paperless-ngx/pull/11869))
-
-### All App Changes
-
-<details>
-<summary>3 changes</summary>
-
-   Fix: extract all ids for nested tags [@shamoon](https://github.com/shamoon) ([#11888](https://github.com/paperless-ngx/paperless-ngx/pull/11888))
-   Fixhancement: change date calculation for 'this year' to include future documents [@shamoon](https://github.com/shamoon) ([#11884](https://github.com/paperless-ngx/paperless-ngx/pull/11884))
-   Fix: use correct field id for overrides [@shamoon](https://github.com/shamoon) ([#11869](https://github.com/paperless-ngx/paperless-ngx/pull/11869))
-</details>
-
-## paperless-ngx 2.20.5
-
-### Bug Fixes
-
-   Fix: ensure horizontal scroll for long tag names in list, wrap tags without parent [@shamoon](https://github.com/shamoon) ([#11811](https://github.com/paperless-ngx/paperless-ngx/pull/11811))
-   Fix: use explicit order field for workflow actions [@shamoon](https://github.com/shamoon) [@stumpylog](https://github.com/stumpylog) ([#11781](https://github.com/paperless-ngx/paperless-ngx/pull/11781))
-
-### All App Changes
-
-<details>
-<summary>2 changes</summary>
-
-   Fix: ensure horizontal scroll for long tag names in list, wrap tags without parent [@shamoon](https://github.com/shamoon) ([#11811](https://github.com/paperless-ngx/paperless-ngx/pull/11811))
-   Fix: use explicit order field for workflow actions [@shamoon](https://github.com/shamoon) [@stumpylog](https://github.com/stumpylog) ([#11781](https://github.com/paperless-ngx/paperless-ngx/pull/11781))
-</details>
-
-## paperless-ngx 2.20.4
-
-### Security
-
-   Resolve [GHSA-28cf-xvcf-hw6m](https://github.com/paperless-ngx/paperless-ngx/security/advisories/GHSA-28cf-xvcf-hw6m)
-
-### Bug Fixes
-
-   Fix: propagate metadata override created value [@shamoon](https://github.com/shamoon) ([#11659](https://github.com/paperless-ngx/paperless-ngx/pull/11659))
-   Fix: support ordering by storage path name [@shamoon](https://github.com/shamoon) ([#11661](https://github.com/paperless-ngx/paperless-ngx/pull/11661))
-   Fix: validate cf integer values within PostgreSQL range [@shamoon](https://github.com/shamoon) ([#11666](https://github.com/paperless-ngx/paperless-ngx/pull/11666))
-   Fixhancement: add error handling and retry when opening index [@shamoon](https://github.com/shamoon) ([#11731](https://github.com/paperless-ngx/paperless-ngx/pull/11731))
-   Fix: fix recurring workflow to respect latest run time [@shamoon](https://github.com/shamoon) ([#11735](https://github.com/paperless-ngx/paperless-ngx/pull/11735))
-
-### All App Changes
-
-<details>
-<summary>5 changes</summary>
-
-   Fix: propagate metadata override created value [@shamoon](https://github.com/shamoon) ([#11659](https://github.com/paperless-ngx/paperless-ngx/pull/11659))
-   Fix: support ordering by storage path name [@shamoon](https://github.com/shamoon) ([#11661](https://github.com/paperless-ngx/paperless-ngx/pull/11661))
-   Fix: validate cf integer values within PostgreSQL range [@shamoon](https://github.com/shamoon) ([#11666](https://github.com/paperless-ngx/paperless-ngx/pull/11666))
-   Fixhancement: add error handling and retry when opening index [@shamoon](https://github.com/shamoon) ([#11731](https://github.com/paperless-ngx/paperless-ngx/pull/11731))
-   Fix: fix recurring workflow to respect latest run time [@shamoon](https://github.com/shamoon) ([#11735](https://github.com/paperless-ngx/paperless-ngx/pull/11735))
-</details>
-
 ## paperless-ngx 2.20.3

-### Security
-
-   Resolve [GHSA-7cq3-mhxq-w946](https://github.com/paperless-ngx/paperless-ngx/security/advisories/GHSA-7cq3-mhxq-w946)
-
 ## paperless-ngx 2.20.2

-### Security
-
-   Resolve [GHSA-6653-vcx4-69mc](https://github.com/paperless-ngx/paperless-ngx/security/advisories/GHSA-6653-vcx4-69mc)
-   Resolve [GHSA-24x5-wp64-9fcc](https://github.com/paperless-ngx/paperless-ngx/security/advisories/GHSA-24x5-wp64-9fcc)
-
 ### Features / Enhancements

 -   Tweakhancement: dim inactive users in users-groups list [@shamoon](https://github.com/shamoon) ([#11537](https://github.com/paperless-ngx/paperless-ngx/pull/11537))
--- a/docs/configuration.md
+++ b/docs/configuration.md
@@ -170,18 +170,11 @@ Available options are `postgresql` and `mariadb`.

    !!! note

-        A pool of 8-10 connections per worker is typically sufficient.
-        If you encounter error messages such as `couldn't get a connection`
-        or database connection timeouts, you probably need to increase the pool size.
-
-    !!! warning
-        Make sure your PostgreSQL `max_connections` setting is large enough to handle the connection pools:
-        `(NB_PAPERLESS_WORKERS + NB_CELERY_WORKERS) × POOL_SIZE + SAFETY_MARGIN`. For example, with
-        4 Paperless workers and 2 Celery workers, and a pool size of 8:``(4 + 2) × 8 + 10 = 58`,
-        so `max_connections = 60` (or even more) is appropriate.
-
-        This assumes only Paperless-ngx connects to your PostgreSQL instance. If you have other applications,
-        you should increase `max_connections` accordingly.
+        A small pool is typically sufficient — for example, a size of 4.
+        Make sure your PostgreSQL server's max_connections setting is large enough to handle:
+        ```(Paperless workers + Celery workers) × pool size + safety margin```
+        For example, with 4 Paperless workers and 2 Celery workers, and a pool size of 4:
+        (4 + 2) × 4 + 10 = 34 connections required.

 #### [`PAPERLESS_DB_READ_CACHE_ENABLED=<bool>`](#PAPERLESS_DB_READ_CACHE_ENABLED) {#PAPERLESS_DB_READ_CACHE_ENABLED}

--- a/docs/development.md
+++ b/docs/development.md
@@ -338,13 +338,13 @@ LANGUAGES = [

 ## Building the documentation

-The documentation is built using Zensical, see their [documentation](https://zensical.org/docs/).
+The documentation is built using material-mkdocs, see their [documentation](https://squidfunk.github.io/mkdocs-material/reference/).
 If you want to build the documentation locally, this is how you do it:

 1.  Build the documentation

    ```bash
-    $ uv run zensical build
+    $ uv run mkdocs build --config-file mkdocs.yml
    ```

    _alternatively..._
@@ -355,7 +355,7 @@ If you want to build the documentation locally, this is how you do it:
    something.

    ```bash
-    $ uv run zensical serve
+    $ uv run mkdocs serve
    ```

 ## Building the Docker image
--- a/docs/faq.md
+++ b/docs/faq.md
@@ -1,7 +1,3 @@
---
-title: FAQs
---
-
 # Frequently Asked Questions

 ## _What's the general plan for Paperless-ngx?_
@@ -67,10 +63,8 @@ elsewhere. Here are a couple notes about that.
    Paperless also supports various Office documents (.docx, .doc, odt,
    .ppt, .pptx, .odp, .xls, .xlsx, .ods).

-Paperless-ngx determines the type of a file by inspecting its content
-rather than its file extensions. However, files processed via the
-consumption directory will be rejected if they have a file extension that
-not supported by any of the available parsers.
+Paperless-ngx determines the type of a file by inspecting its content.
+The file extensions do not matter.

 ## _Will paperless-ngx run on Raspberry Pi?_

--- a/docs/index.md
+++ b/docs/index.md
@@ -1,7 +1,3 @@
---
-title: Home
---
-
 <div class="grid-left" markdown>
 ![image](assets/logo_full_black.svg#only-light){.index-logo}
 ![image](assets/logo_full_white.svg#only-dark){.index-logo}
--- a/docs/setup.md
+++ b/docs/setup.md
@@ -1,8 +1,4 @@
---
-title: Setup
---
-
-# Installation
+## Installation

 You can go multiple routes to setup and run Paperless:

--- a/docs/usage.md
+++ b/docs/usage.md
@@ -1,8 +1,4 @@
---
-title: Basic Usage
---
-
-# Usage
+# Usage Overview

 Paperless-ngx is an application that manages your personal documents. With
 the (optional) help of a document scanner (see [the scanners wiki](https://github.com/paperless-ngx/paperless-ngx/wiki/Scanner-&-Software-Recommendations)), Paperless-ngx transforms your unwieldy
--- a/mkdocs.yml
+++ b/mkdocs.yml
@@ -0,0 +1,86 @@
+site_name: Paperless-ngx
+theme:
+  name: material
+  logo: assets/logo.svg
+  font:
+    text: Roboto
+    code: Roboto Mono
+  palette:
+    # Palette toggle for automatic mode
+    - media: "(prefers-color-scheme)"
+      toggle:
+        icon: material/brightness-auto
+        name: Switch to light mode
+    # Palette toggle for light mode
+    - media: "(prefers-color-scheme: light)"
+      scheme: default
+      toggle:
+        icon: material/brightness-7
+        name: Switch to dark mode
+    # Palette toggle for dark mode
+    - media: "(prefers-color-scheme: dark)"
+      scheme: slate
+      toggle:
+        icon: material/brightness-4
+        name: Switch to system preference
+  features:
+    - navigation.tabs
+    - navigation.top
+    - toc.integrate
+    - content.code.annotate
+  icon:
+    repo: fontawesome/brands/github
+  favicon: assets/favicon.png
+repo_url: https://github.com/paperless-ngx/paperless-ngx
+repo_name: paperless-ngx/paperless-ngx
+edit_uri: blob/main/docs/
+extra_css:
+  - assets/extra.css
+markdown_extensions:
+  - attr_list
+  - md_in_html
+  - def_list
+  - admonition
+  - tables
+  - pymdownx.highlight:
+      anchor_linenums: true
+  - pymdownx.superfences
+  - pymdownx.inlinehilite
+  - pymdownx.snippets
+  - pymdownx.tilde
+  - footnotes
+  - pymdownx.superfences:
+      custom_fences:
+        - name: mermaid
+          class: mermaid
+          format: !!python/name:pymdownx.superfences.fence_code_format
+  - pymdownx.emoji:
+      emoji_index: !!python/name:material.extensions.emoji.twemoji
+      emoji_generator: !!python/name:material.extensions.emoji.to_svg
+strict: true
+nav:
+  - index.md
+  - setup.md
+  - 'Basic Usage': usage.md
+  - configuration.md
+  - administration.md
+  - advanced_usage.md
+  - 'REST API': api.md
+  - development.md
+  - 'FAQs': faq.md
+  - troubleshooting.md
+  - changelog.md
+copyright: Copyright &copy; 2016 - 2023 Daniel Quinn, Jonas Winkler, and the Paperless-ngx team
+extra:
+  social:
+    - icon: fontawesome/brands/github
+      link: https://github.com/paperless-ngx/paperless-ngx
+    - icon: fontawesome/brands/docker
+      link: https://hub.docker.com/r/paperlessngx/paperless-ngx
+    - icon: material/chat
+      link: https://matrix.to/#/#paperless:matrix.org
+plugins:
+  - search
+  - glightbox:
+      skip_classes:
+        - no-lightbox
--- a/pyproject.toml
+++ b/pyproject.toml
@@ -1,6 +1,6 @@
 [project]
 name = "paperless-ngx"
-version = "2.20.8"
+version = "2.20.3"
 description = "A community-supported supercharged document management system: scan, index and archive all your physical documents"
 readme = "README.md"
 requires-python = ">=3.10"
@@ -96,7 +96,8 @@ dev = [
 ]

 docs = [
-  "zensical>=0.0.21",
+  "mkdocs-glightbox~=0.5.1",
+  "mkdocs-material~=9.7.0",
 ]

 testing = [
@@ -237,7 +238,7 @@ lint.isort.force-single-line = true

 [tool.codespell]
 write-changes = true
-ignore-words-list = "criterias,afterall,valeu,ureue,equest,ure,assertIn,Oktober,commitish"
+ignore-words-list = "criterias,afterall,valeu,ureue,equest,ure,assertIn,Oktober"
 skip = "src-ui/src/locale/*,src-ui/pnpm-lock.yaml,src-ui/e2e/*,src/paperless_mail/tests/samples/*,src/documents/tests/samples/*,*.po,*.json"

 [tool.pytest.ini_options]
--- a/src-ui/angular.json
+++ b/src-ui/angular.json
@@ -31,6 +31,7 @@
          "fi-FI": "src/locale/messages.fi_FI.xlf",
          "fr-FR": "src/locale/messages.fr_FR.xlf",
          "hu-HU": "src/locale/messages.hu_HU.xlf",
+          "id-ID": "src/locale/messages.id_ID.xlf",
          "it-IT": "src/locale/messages.it_IT.xlf",
          "ja-JP": "src/locale/messages.ja_JP.xlf",
          "lb-LU": "src/locale/messages.lb_LU.xlf",
--- a/src-ui/messages.xlf
+++ b/src-ui/messages.xlf
@@ -10028,179 +10028,186 @@
          <context context-type="linenumber">135</context>
        </context-group>
      </trans-unit>
+      <trans-unit id="8312065814232621608" datatype="html">
+        <source>Indonesian</source>
+        <context-group purpose="location">
+          <context context-type="sourcefile">src/app/services/settings.service.ts</context>
+          <context context-type="linenumber">141</context>
+        </context-group>
+      </trans-unit>
      <trans-unit id="2935232983274991580" datatype="html">
        <source>Italian</source>
        <context-group purpose="location">
          <context context-type="sourcefile">src/app/services/settings.service.ts</context>
-          <context context-type="linenumber">141</context>
+          <context context-type="linenumber">147</context>
        </context-group>
      </trans-unit>
      <trans-unit id="6924606686202701860" datatype="html">
        <source>Japanese</source>
        <context-group purpose="location">
          <context context-type="sourcefile">src/app/services/settings.service.ts</context>
-          <context context-type="linenumber">147</context>
+          <context context-type="linenumber">153</context>
        </context-group>
      </trans-unit>
      <trans-unit id="6145439649200570157" datatype="html">
        <source>Korean</source>
        <context-group purpose="location">
          <context context-type="sourcefile">src/app/services/settings.service.ts</context>
-          <context context-type="linenumber">153</context>
+          <context context-type="linenumber">159</context>
        </context-group>
      </trans-unit>
      <trans-unit id="1334425850005897370" datatype="html">
        <source>Luxembourgish</source>
        <context-group purpose="location">
          <context context-type="sourcefile">src/app/services/settings.service.ts</context>
-          <context context-type="linenumber">159</context>
+          <context context-type="linenumber">165</context>
        </context-group>
      </trans-unit>
      <trans-unit id="3071065188816255493" datatype="html">
        <source>Dutch</source>
        <context-group purpose="location">
          <context context-type="sourcefile">src/app/services/settings.service.ts</context>
-          <context context-type="linenumber">165</context>
+          <context context-type="linenumber">171</context>
        </context-group>
      </trans-unit>
      <trans-unit id="8069284467804715623" datatype="html">
        <source>Norwegian</source>
        <context-group purpose="location">
          <context context-type="sourcefile">src/app/services/settings.service.ts</context>
-          <context context-type="linenumber">171</context>
+          <context context-type="linenumber">177</context>
        </context-group>
      </trans-unit>
      <trans-unit id="4977087909184008115" datatype="html">
        <source>Persian</source>
        <context-group purpose="location">
          <context context-type="sourcefile">src/app/services/settings.service.ts</context>
-          <context context-type="linenumber">177</context>
+          <context context-type="linenumber">183</context>
        </context-group>
      </trans-unit>
      <trans-unit id="792060551707690640" datatype="html">
        <source>Polish</source>
        <context-group purpose="location">
          <context context-type="sourcefile">src/app/services/settings.service.ts</context>
-          <context context-type="linenumber">183</context>
+          <context context-type="linenumber">189</context>
        </context-group>
      </trans-unit>
      <trans-unit id="9184513005098760425" datatype="html">
        <source>Portuguese (Brazil)</source>
        <context-group purpose="location">
          <context context-type="sourcefile">src/app/services/settings.service.ts</context>
-          <context context-type="linenumber">189</context>
+          <context context-type="linenumber">195</context>
        </context-group>
      </trans-unit>
      <trans-unit id="153799456510623899" datatype="html">
        <source>Portuguese</source>
        <context-group purpose="location">
          <context context-type="sourcefile">src/app/services/settings.service.ts</context>
-          <context context-type="linenumber">195</context>
+          <context context-type="linenumber">201</context>
        </context-group>
      </trans-unit>
      <trans-unit id="8118856427047826368" datatype="html">
        <source>Romanian</source>
        <context-group purpose="location">
          <context context-type="sourcefile">src/app/services/settings.service.ts</context>
-          <context context-type="linenumber">201</context>
+          <context context-type="linenumber">207</context>
        </context-group>
      </trans-unit>
      <trans-unit id="7137419789978325708" datatype="html">
        <source>Russian</source>
        <context-group purpose="location">
          <context context-type="sourcefile">src/app/services/settings.service.ts</context>
-          <context context-type="linenumber">207</context>
+          <context context-type="linenumber">213</context>
        </context-group>
      </trans-unit>
      <trans-unit id="9102963095355753902" datatype="html">
        <source>Slovak</source>
        <context-group purpose="location">
          <context context-type="sourcefile">src/app/services/settings.service.ts</context>
-          <context context-type="linenumber">213</context>
+          <context context-type="linenumber">219</context>
        </context-group>
      </trans-unit>
      <trans-unit id="4287008301409320881" datatype="html">
        <source>Slovenian</source>
        <context-group purpose="location">
          <context context-type="sourcefile">src/app/services/settings.service.ts</context>
-          <context context-type="linenumber">219</context>
+          <context context-type="linenumber">225</context>
        </context-group>
      </trans-unit>
      <trans-unit id="8608389829607915090" datatype="html">
        <source>Serbian</source>
        <context-group purpose="location">
          <context context-type="sourcefile">src/app/services/settings.service.ts</context>
-          <context context-type="linenumber">225</context>
+          <context context-type="linenumber">231</context>
        </context-group>
      </trans-unit>
      <trans-unit id="499386805970351976" datatype="html">
        <source>Swedish</source>
        <context-group purpose="location">
          <context context-type="sourcefile">src/app/services/settings.service.ts</context>
-          <context context-type="linenumber">231</context>
+          <context context-type="linenumber">237</context>
        </context-group>
      </trans-unit>
      <trans-unit id="5682359291233237791" datatype="html">
        <source>Turkish</source>
        <context-group purpose="location">
          <context context-type="sourcefile">src/app/services/settings.service.ts</context>
-          <context context-type="linenumber">237</context>
+          <context context-type="linenumber">243</context>
        </context-group>
      </trans-unit>
      <trans-unit id="3578644052206125685" datatype="html">
        <source>Ukrainian</source>
        <context-group purpose="location">
          <context context-type="sourcefile">src/app/services/settings.service.ts</context>
-          <context context-type="linenumber">243</context>
+          <context context-type="linenumber">249</context>
        </context-group>
      </trans-unit>
      <trans-unit id="3611216939636790848" datatype="html">
        <source>Vietnamese</source>
        <context-group purpose="location">
          <context context-type="sourcefile">src/app/services/settings.service.ts</context>
-          <context context-type="linenumber">249</context>
+          <context context-type="linenumber">255</context>
        </context-group>
      </trans-unit>
      <trans-unit id="4689443708886954687" datatype="html">
        <source>Chinese Simplified</source>
        <context-group purpose="location">
          <context context-type="sourcefile">src/app/services/settings.service.ts</context>
-          <context context-type="linenumber">255</context>
+          <context context-type="linenumber">261</context>
        </context-group>
      </trans-unit>
      <trans-unit id="8082606363137705994" datatype="html">
        <source>Chinese Traditional</source>
        <context-group purpose="location">
          <context context-type="sourcefile">src/app/services/settings.service.ts</context>
-          <context context-type="linenumber">261</context>
+          <context context-type="linenumber">267</context>
        </context-group>
      </trans-unit>
      <trans-unit id="4912706592792948707" datatype="html">
        <source>ISO 8601</source>
        <context-group purpose="location">
          <context context-type="sourcefile">src/app/services/settings.service.ts</context>
-          <context context-type="linenumber">269</context>
+          <context context-type="linenumber">275</context>
        </context-group>
      </trans-unit>
      <trans-unit id="313643372755303297" datatype="html">
        <source>Successfully completed one-time migratration of settings to the database!</source>
        <context-group purpose="location">
          <context context-type="sourcefile">src/app/services/settings.service.ts</context>
-          <context context-type="linenumber">603</context>
+          <context context-type="linenumber">609</context>
        </context-group>
      </trans-unit>
      <trans-unit id="5558341108007064934" datatype="html">
        <source>Unable to migrate settings to the database, please try saving manually.</source>
        <context-group purpose="location">
          <context context-type="sourcefile">src/app/services/settings.service.ts</context>
-          <context context-type="linenumber">604</context>
+          <context context-type="linenumber">610</context>
        </context-group>
      </trans-unit>
      <trans-unit id="1168781785897678748" datatype="html">
        <source>You can restart the tour from the settings page.</source>
        <context-group purpose="location">
          <context context-type="sourcefile">src/app/services/settings.service.ts</context>
-          <context context-type="linenumber">677</context>
+          <context context-type="linenumber">683</context>
        </context-group>
      </trans-unit>
      <trans-unit id="3852289441366561594" datatype="html">
--- a/src-ui/package.json
+++ b/src-ui/package.json
@@ -1,6 +1,6 @@
 {
  "name": "paperless-ngx-ui",
-  "version": "2.20.8",
+  "version": "2.20.3",
  "scripts": {
    "preinstall": "npx only-allow pnpm",
    "ng": "ng",
--- a/src-ui/setup-jest.ts
+++ b/src-ui/setup-jest.ts
@@ -28,6 +28,7 @@ import localeFa from '@angular/common/locales/fa'
 import localeFi from '@angular/common/locales/fi'
 import localeFr from '@angular/common/locales/fr'
 import localeHu from '@angular/common/locales/hu'
+import localeId from '@angular/common/locales/id'
 import localeIt from '@angular/common/locales/it'
 import localeJa from '@angular/common/locales/ja'
 import localeKo from '@angular/common/locales/ko'
@@ -63,6 +64,7 @@ registerLocaleData(localeFa)
 registerLocaleData(localeFi)
 registerLocaleData(localeFr)
 registerLocaleData(localeHu)
+registerLocaleData(localeId)
 registerLocaleData(localeIt)
 registerLocaleData(localeJa)
 registerLocaleData(localeKo)
--- a/src-ui/src/app/components/app-frame/app-frame.component.scss
+++ b/src-ui/src/app/components/app-frame/app-frame.component.scss
@@ -281,7 +281,7 @@ main {
 .navbar .dropdown-menu {
  font-size: 0.875rem; // body size

-  a i-bs, button i-bs {
+  a i-bs {
    opacity: 0.6;
  }
 }
--- a/src-ui/src/app/components/common/edit-dialog/workflow-edit-dialog/workflow-edit-dialog.component.spec.ts
+++ b/src-ui/src/app/components/common/edit-dialog/workflow-edit-dialog/workflow-edit-dialog.component.spec.ts
@@ -252,7 +252,7 @@ describe('WorkflowEditDialogComponent', () => {
    expect(component.object.actions.length).toEqual(2)
  })

-  it('should update order on drag n drop', () => {
+  it('should update order and remove ids from actions on drag n drop', () => {
    const action1 = workflow.actions[0]
    const action2 = workflow.actions[1]
    component.object = workflow
@@ -261,6 +261,8 @@ describe('WorkflowEditDialogComponent', () => {
      WorkflowAction[]
    >)
    expect(component.object.actions).toEqual([action2, action1])
+    expect(action1.id).toBeNull()
+    expect(action2.id).toBeNull()
  })

  it('should not include auto matching in algorithms', () => {
--- a/src-ui/src/app/components/common/edit-dialog/workflow-edit-dialog/workflow-edit-dialog.component.ts
+++ b/src-ui/src/app/components/common/edit-dialog/workflow-edit-dialog/workflow-edit-dialog.component.ts
@@ -1283,6 +1283,11 @@ export class WorkflowEditDialogComponent
    const actionField = this.actionFields.at(event.previousIndex)
    this.actionFields.removeAt(event.previousIndex)
    this.actionFields.insert(event.currentIndex, actionField)
+    // removing id will effectively re-create the actions in this order
+    this.object.actions.forEach((a) => (a.id = null))
+    this.actionFields.controls.forEach((c) =>
+      c.get('id').setValue(null, { emitEvent: false })
+    )
  }

  save(): void {
--- a/src-ui/src/app/components/common/input/tags/tags.component.html
+++ b/src-ui/src/app/components/common/input/tags/tags.component.html
@@ -28,7 +28,7 @@
            </button>
          </ng-template>
          <ng-template ng-option-tmp let-item="item" let-index="index" let-search="searchTerm">
-            <div class="tag-option-row d-flex align-items-center" [class.w-auto]="!getTag(item.id)?.parent">
+            <div class="tag-option-row d-flex align-items-center">
              @if (item.id && tags) {
                @if (getTag(item.id)?.parent) {
                  <i-bs name="list-nested" class="me-1"></i-bs>
--- a/src-ui/src/app/components/common/input/tags/tags.component.scss
+++ b/src-ui/src/app/components/common/input/tags/tags.component.scss
@@ -22,8 +22,8 @@
 }

 // Dropdown hierarchy reveal for ng-select options
-:host ::ng-deep .ng-dropdown-panel .ng-option {
-  overflow-x: auto !important;
+::ng-deep .ng-dropdown-panel .ng-option {
+  overflow-x: scroll;

  .tag-option-row {
    font-size: 1rem;
@@ -41,12 +41,12 @@
  }
 }

-:host ::ng-deep .ng-dropdown-panel .ng-option:hover .hierarchy-reveal,
-:host ::ng-deep .ng-dropdown-panel .ng-option.ng-option-marked .hierarchy-reveal {
+::ng-deep .ng-dropdown-panel .ng-option:hover .hierarchy-reveal,
+::ng-deep .ng-dropdown-panel .ng-option.ng-option-marked .hierarchy-reveal {
  max-width: 1000px;
 }

 ::ng-deep .ng-dropdown-panel .ng-option:hover .hierarchy-indicator,
-:host ::ng-deep .ng-dropdown-panel .ng-option.ng-option-marked .hierarchy-indicator {
+::ng-deep .ng-dropdown-panel .ng-option.ng-option-marked .hierarchy-indicator {
  background: transparent;
 }
--- a/src-ui/src/app/components/common/preview-popup/preview-popup.component.html
+++ b/src-ui/src/app/components/common/preview-popup/preview-popup.component.html
@@ -14,7 +14,7 @@
        @if (previewText) {
          <div class="bg-light p-3 overflow-auto whitespace-preserve" width="100%">{{previewText}}</div>
        } @else {
-          <object [data]="previewURL | safeUrl" width="100%" class="bg-light" [class.p-2]="!isPdf"></object>
+          <object [data]="previewUrl | safeUrl" width="100%" class="bg-light" [class.p-2]="!isPdf"></object>
        }
      } @else {
        @if (requiresPassword) {
@@ -24,7 +24,7 @@
        }
        @if (!requiresPassword) {
          <pdf-viewer
-            [src]="previewURL"
+            [src]="previewUrl"
            [original-size]="false"
            [show-borders]="false"
            [show-all]="true"
--- a/src-ui/src/app/components/common/preview-popup/preview-popup.component.ts
+++ b/src-ui/src/app/components/common/preview-popup/preview-popup.component.ts
@@ -71,7 +71,7 @@ export class PreviewPopupComponent implements OnDestroy {
    return (this.isPdf && this.useNativePdfViewer) || !this.isPdf
  }

-  get previewURL() {
+  get previewUrl() {
    return this.documentService.getPreviewUrl(this.document.id)
  }

@@ -93,7 +93,7 @@ export class PreviewPopupComponent implements OnDestroy {
  init() {
    if (this.document.mime_type?.includes('text')) {
      this.http
-        .get(this.previewURL, { responseType: 'text' })
+        .get(this.previewUrl, { responseType: 'text' })
        .pipe(first(), takeUntil(this.unsubscribeNotifier))
        .subscribe({
          next: (res) => {
@@ -126,10 +126,6 @@ export class PreviewPopupComponent implements OnDestroy {
    }
  }

-  get previewUrl() {
-    return this.documentService.getPreviewUrl(this.document.id)
-  }
-
  mouseEnterPreview() {
    this.mouseOnPreview = true
    if (!this.popover.isOpen()) {
--- a/src-ui/src/app/components/document-detail/document-detail.component.html
+++ b/src-ui/src/app/components/document-detail/document-detail.component.html
@@ -379,7 +379,7 @@
 <ng-template #previewContent>
  <div class="thumb-preview position-absolute pe-none text-center" [class.fade]="previewLoaded">
    @if (showThumbnailOverlay) {
-      <img [src]="thumbUrl | safeUrl" class="mx-auto" [attr.width]="previewZoomScale === 'page-fit' ? 'auto' : '100%'" [attr.height]="previewZoomScale === 'page-fit' ? '100%' : 'auto'" alt="Document loading..." i18n-alt />
+      <img [src]="thumbUrl" class="mx-auto" [attr.width]="previewZoomScale === 'page-fit' ? 'auto' : '100%'" [attr.height]="previewZoomScale === 'page-fit' ? '100%' : 'auto'" alt="Document loading..." i18n-alt />
    }
    <div class="position-absolute top-0 start-0 m-2 p-2 d-flex align-items-center justify-content-center">
      <div>
@@ -414,7 +414,7 @@
      }
      @case (ContentRenderType.Image) {
        <div class="preview-sticky">
-          <img [src]="previewUrl | safeUrl" width="100%" height="100%" alt="{{title}}" />
+          <img [src]="previewUrl" width="100%" height="100%" alt="{{title}}" />
        </div>
      }
      @case (ContentRenderType.TIFF) {
--- a/src-ui/src/app/components/manage/management-list/management-list.component.spec.ts
+++ b/src-ui/src/app/components/manage/management-list/management-list.component.spec.ts
@@ -229,21 +229,6 @@ describe('ManagementListComponent', () => {
    expect(reloadSpy).toHaveBeenCalled()
  })

-  it('should use the all list length for collection size when provided', fakeAsync(() => {
-    jest.spyOn(tagService, 'listFiltered').mockReturnValueOnce(
-      of({
-        count: 1,
-        all: [1, 2, 3],
-        results: tags.slice(0, 1),
-      })
-    )
-
-    component.reloadData()
-    tick(100)
-
-    expect(component.collectionSize).toBe(3)
-  }))
-
  it('should support quick filter for objects', () => {
    const qfSpy = jest.spyOn(documentListViewService, 'quickFilter')
    const filterButton = fixture.debugElement.queryAll(By.css('button'))[9]
--- a/src-ui/src/app/components/manage/management-list/management-list.component.ts
+++ b/src-ui/src/app/components/manage/management-list/management-list.component.ts
@@ -171,7 +171,7 @@ export abstract class ManagementListComponent<T extends MatchingModel>
        tap((c) => {
          this.unfilteredData = c.results
          this.data = this.filterData(c.results)
-          this.collectionSize = c.all?.length ?? c.count
+          this.collectionSize = c.count
        }),
        delay(100)
      )
@@ -364,7 +364,7 @@ export abstract class ManagementListComponent<T extends MatchingModel>
      backdrop: 'static',
    })
    modal.componentInstance.title = $localize`Confirm delete`
-    modal.componentInstance.messageBold = $localize`This operation will permanently delete the selected ${this.typeNamePlural}.`
+    modal.componentInstance.messageBold = $localize`This operation will permanently delete all objects.`
    modal.componentInstance.message = $localize`This operation cannot be undone.`
    modal.componentInstance.btnClass = 'btn-danger'
    modal.componentInstance.btnCaption = $localize`Proceed`
--- a/src-ui/src/app/components/manage/saved-views/saved-views.component.html
+++ b/src-ui/src/app/components/manage/saved-views/saved-views.component.html
@@ -51,7 +51,6 @@
            @if (displayFields) {
              <pngx-input-drag-drop-select i18n-title title="Show" i18n-emptyText emptyText="Default" [items]="displayFields" formControlName="display_fields"></pngx-input-drag-drop-select>
            }
-            <span class="small text-muted fst-italic" i18n>Note: ordering is not preserved</span>
          </div>
      </div>
      </li>
--- a/src-ui/src/app/services/settings.service.ts
+++ b/src-ui/src/app/services/settings.service.ts
@@ -136,6 +136,12 @@ const LANGUAGE_OPTIONS = [
    englishName: 'Hungarian',
    dateInputFormat: 'yyyy.mm.dd',
  },
+  {
+    code: 'id-id',
+    name: $localize`Indonesian`,
+    englishName: 'Indonesian',
+    dateInputFormat: 'dd-mm-yyyy',
+  },
  {
    code: 'it-it',
    name: $localize`Italian`,
--- a/src-ui/src/environments/environment.prod.ts
+++ b/src-ui/src/environments/environment.prod.ts
@@ -6,7 +6,7 @@ export const environment = {
  apiVersion: '9', // match src/paperless/settings.py
  appTitle: 'Paperless-ngx',
  tag: 'prod',
-  version: '2.20.8',
+  version: '2.20.3',
  webSocketHost: window.location.host,
  webSocketProtocol: window.location.protocol == 'https:' ? 'wss:' : 'ws:',
  webSocketBaseUrl: base_url.pathname + 'ws/',
--- a/src-ui/src/main.ts
+++ b/src-ui/src/main.ts
@@ -171,6 +171,7 @@ import localeFa from '@angular/common/locales/fa'
 import localeFi from '@angular/common/locales/fi'
 import localeFr from '@angular/common/locales/fr'
 import localeHu from '@angular/common/locales/hu'
+import localeId from '@angular/common/locales/id'
 import localeIt from '@angular/common/locales/it'
 import localeJa from '@angular/common/locales/ja'
 import localeKo from '@angular/common/locales/ko'
@@ -209,6 +210,7 @@ registerLocaleData(localeFa)
 registerLocaleData(localeFi)
 registerLocaleData(localeFr)
 registerLocaleData(localeHu)
+registerLocaleData(localeId)
 registerLocaleData(localeIt)
 registerLocaleData(localeJa)
 registerLocaleData(localeKo)
--- a/src/documents/barcodes.py
+++ b/src/documents/barcodes.py
@@ -186,7 +186,11 @@ class BarcodePlugin(ConsumeTaskPlugin):

        # Update/overwrite an ASN if possible
        # After splitting, as otherwise each split document gets the same ASN
-        if self.settings.barcode_enable_asn and (located_asn := self.asn) is not None:
+        if (
+            self.settings.barcode_enable_asn
+            and not self.metadata.skip_asn
+            and (located_asn := self.asn) is not None
+        ):
            logger.info(f"Found ASN in barcode: {located_asn}")
            self.metadata.asn = located_asn

--- a/src/documents/bulk_edit.py
+++ b/src/documents/bulk_edit.py
@@ -433,6 +433,8 @@ def merge(

    if user is not None:
        overrides.owner_id = user.id
+    # Avoid copying or detecting ASN from merged PDFs to prevent collision
+    overrides.skip_asn = True

    logger.info("Adding merged document to the task queue.")

--- a/src/documents/consumer.py
+++ b/src/documents/consumer.py
@@ -46,6 +46,7 @@ from documents.signals.handlers import run_workflows
 from documents.templating.workflows import parse_w_workflow_placeholders
 from documents.utils import copy_basic_file_stats
 from documents.utils import copy_file_with_basic_stats
+from documents.utils import normalize_nfc
 from documents.utils import run_subprocess
 from paperless_mail.parsers import MailDocumentParser

@@ -111,7 +112,12 @@ class ConsumerPluginMixin:

        self.renew_logging_group()

-        self.filename = self.metadata.filename or self.input_doc.original_file.name
+        self.metadata.filename = normalize_nfc(self.metadata.filename)
+        self.metadata.title = normalize_nfc(self.metadata.title)
+
+        self.filename = normalize_nfc(
+            self.metadata.filename or self.input_doc.original_file.name,
+        )

    def _send_progress(
        self,
@@ -652,6 +658,8 @@ class ConsumerPlugin(
                    f"Error occurred parsing title override '{self.metadata.title}', falling back to original. Exception: {e}",
                )

+        title = normalize_nfc(title)
+
        file_for_checksum = (
            self.unmodified_original
            if self.unmodified_original is not None
@@ -696,7 +704,7 @@ class ConsumerPlugin(
                pk=self.metadata.storage_path_id,
            )

-        if self.metadata.asn is not None:
+        if self.metadata.asn is not None and not self.metadata.skip_asn:
            document.archive_serial_number = self.metadata.asn

        if self.metadata.owner_id:
@@ -812,8 +820,8 @@ class ConsumerPreflightPlugin(
        """
        Check that if override_asn is given, it is unique and within a valid range
        """
-        if self.metadata.asn is None:
-            # check not necessary in case no ASN gets set
+        if self.metadata.skip_asn or self.metadata.asn is None:
+            # if skip is set or ASN is None
            return
        # Validate the range is above zero and less than uint32_t max
        # otherwise, Whoosh can't handle it in the index
--- a/src/documents/data_models.py
+++ b/src/documents/data_models.py
@@ -30,6 +30,7 @@ class DocumentMetadataOverrides:
    change_users: list[int] | None = None
    change_groups: list[int] | None = None
    custom_fields: dict | None = None
+    skip_asn: bool = False

    def update(self, other: "DocumentMetadataOverrides") -> "DocumentMetadataOverrides":
        """
@@ -49,6 +50,8 @@ class DocumentMetadataOverrides:
            self.storage_path_id = other.storage_path_id
        if other.owner_id is not None:
            self.owner_id = other.owner_id
+        if other.skip_asn:
+            self.skip_asn = True

        # merge
        if self.tag_ids is None:
@@ -115,7 +118,7 @@ class DocumentMetadataOverrides:
            ).values_list("id", flat=True),
        )
        overrides.custom_fields = {
-            custom_field.field.id: custom_field.value
+            custom_field.id: custom_field.value
            for custom_field in doc.custom_fields.all()
        }

--- a/src/documents/file_handling.py
+++ b/src/documents/file_handling.py
@@ -6,6 +6,7 @@ from django.conf import settings
 from documents.models import Document
 from documents.templating.filepath import validate_filepath_template_and_render
 from documents.templating.utils import convert_format_str_to_template_format
+from documents.utils import normalize_nfc


 def create_source_path_directory(source_path: Path) -> None:
@@ -55,11 +56,11 @@ def generate_unique_filename(doc, *, archive_filename=False) -> Path:
    """
    if archive_filename:
        old_filename: Path | None = (
-            Path(doc.archive_filename) if doc.archive_filename else None
+            Path(normalize_nfc(doc.archive_filename)) if doc.archive_filename else None
        )
        root = settings.ARCHIVE_DIR
    else:
-        old_filename = Path(doc.filename) if doc.filename else None
+        old_filename = Path(normalize_nfc(doc.filename)) if doc.filename else None
        root = settings.ORIGINALS_DIR

    # If generating archive filenames, try to make a name that is similar to
@@ -91,7 +92,7 @@ def generate_unique_filename(doc, *, archive_filename=False) -> Path:
        )
        if new_filename == old_filename:
            # still the same as before.
-            return new_filename
+            return Path(normalize_nfc(str(new_filename)))

        if (root / new_filename).exists():
            counter += 1
@@ -119,7 +120,7 @@ def format_filename(document: Document, template_str: str) -> str | None:
        "none",
    )  # backward compatibility

-    return rendered_filename
+    return normalize_nfc(rendered_filename)


 def generate_filename(
@@ -174,4 +175,4 @@ def generate_filename(
    if append_gpg and doc.storage_type == doc.STORAGE_TYPE_GPG:
        full_path = full_path.with_suffix(full_path.suffix + ".gpg")

-    return full_path
+    return Path(normalize_nfc(str(full_path)))
--- a/src/documents/filters.py
+++ b/src/documents/filters.py
@@ -41,6 +41,7 @@ from documents.models import PaperlessTask
 from documents.models import ShareLink
 from documents.models import StoragePath
 from documents.models import Tag
+from documents.utils import normalize_nfc

 if TYPE_CHECKING:
    from collections.abc import Callable
@@ -162,7 +163,11 @@ class TitleContentFilter(Filter):
    def filter(self, qs, value):
        value = value.strip() if isinstance(value, str) else value
        if value:
-            return qs.filter(Q(title__icontains=value) | Q(content__icontains=value))
+            normalized = normalize_nfc(value) or ""
+            folded = normalized.casefold()
+            return qs.filter(
+                Q(title__icontains=folded) | Q(content__icontains=folded),
+            )
        else:
            return qs

--- a/src/documents/index.py
+++ b/src/documents/index.py
@@ -3,6 +3,7 @@ from __future__ import annotations
 import logging
 import math
 import re
+import unicodedata
 from collections import Counter
 from contextlib import contextmanager
 from datetime import datetime
@@ -10,7 +11,6 @@ from datetime import time
 from datetime import timedelta
 from datetime import timezone
 from shutil import rmtree
-from time import sleep
 from typing import TYPE_CHECKING
 from typing import Literal

@@ -33,7 +33,6 @@ from whoosh.highlight import HtmlFormatter
 from whoosh.idsets import BitSet
 from whoosh.idsets import DocIdSet
 from whoosh.index import FileIndex
-from whoosh.index import LockError
 from whoosh.index import create_in
 from whoosh.index import exists_in
 from whoosh.index import open_dir
@@ -60,6 +59,14 @@ if TYPE_CHECKING:
 logger = logging.getLogger("paperless.index")


+def _normalize_for_index(value: str | None) -> str | None:
+    """Normalize text to NFC for consistent search/index matching."""
+
+    if value is None:
+        return None
+    return unicodedata.normalize("NFC", value)
+
+
 def get_schema() -> Schema:
    return Schema(
        id=NUMERIC(stored=True, unique=True),
@@ -99,33 +106,11 @@ def get_schema() -> Schema:


 def open_index(*, recreate=False) -> FileIndex:
-    transient_exceptions = (FileNotFoundError, LockError)
-    max_retries = 3
-    retry_delay = 0.1
-
-    for attempt in range(max_retries + 1):
-        try:
-            if exists_in(settings.INDEX_DIR) and not recreate:
-                return open_dir(settings.INDEX_DIR, schema=get_schema())
-            break
-        except transient_exceptions as exc:
-            is_last_attempt = attempt == max_retries or recreate
-            if is_last_attempt:
-                logger.exception(
-                    "Error while opening the index after retries, recreating.",
-                )
-                break
-
-            logger.warning(
-                "Transient error while opening the index (attempt %s/%s): %s. Retrying.",
-                attempt + 1,
-                max_retries + 1,
-                exc,
-            )
-            sleep(retry_delay)
-        except Exception:
-            logger.exception("Error while opening the index, recreating.")
-            break
+    try:
+        if exists_in(settings.INDEX_DIR) and not recreate:
+            return open_dir(settings.INDEX_DIR, schema=get_schema())
+    except Exception:
+        logger.exception("Error while opening the index, recreating.")

    # create_in doesn't handle corrupted indexes very well, remove the directory entirely first
    if settings.INDEX_DIR.is_dir():
@@ -187,37 +172,41 @@ def update_document(writer: AsyncWriter, doc: Document) -> None:
    viewer_ids: str = ",".join([str(u.id) for u in users_with_perms])
    writer.update_document(
        id=doc.pk,
-        title=doc.title,
-        content=doc.content,
-        correspondent=doc.correspondent.name if doc.correspondent else None,
+        title=_normalize_for_index(doc.title),
+        content=_normalize_for_index(doc.content),
+        correspondent=_normalize_for_index(
+            doc.correspondent.name if doc.correspondent else None,
+        ),
        correspondent_id=doc.correspondent.id if doc.correspondent else None,
        has_correspondent=doc.correspondent is not None,
-        tag=tags if tags else None,
+        tag=_normalize_for_index(tags) if tags else None,
        tag_id=tags_ids if tags_ids else None,
        has_tag=len(tags) > 0,
-        type=doc.document_type.name if doc.document_type else None,
+        type=_normalize_for_index(
+            doc.document_type.name if doc.document_type else None,
+        ),
        type_id=doc.document_type.id if doc.document_type else None,
        has_type=doc.document_type is not None,
        created=datetime.combine(doc.created, time.min),
        added=doc.added,
        asn=asn,
        modified=doc.modified,
-        path=doc.storage_path.name if doc.storage_path else None,
+        path=_normalize_for_index(doc.storage_path.name if doc.storage_path else None),
        path_id=doc.storage_path.id if doc.storage_path else None,
        has_path=doc.storage_path is not None,
-        notes=notes,
+        notes=_normalize_for_index(notes),
        num_notes=len(notes),
-        custom_fields=custom_fields,
+        custom_fields=_normalize_for_index(custom_fields),
        custom_field_count=len(doc.custom_fields.all()),
        has_custom_fields=len(custom_fields) > 0,
        custom_fields_id=custom_fields_ids if custom_fields_ids else None,
-        owner=doc.owner.username if doc.owner else None,
+        owner=_normalize_for_index(doc.owner.username if doc.owner else None),
        owner_id=doc.owner.id if doc.owner else None,
        has_owner=doc.owner is not None,
        viewer_id=viewer_ids if viewer_ids else None,
        checksum=doc.checksum,
        page_count=doc.page_count,
-        original_filename=doc.original_filename,
+        original_filename=_normalize_for_index(doc.original_filename),
        is_shared=len(viewer_ids) > 0,
    )
    logger.debug(f"Index updated for document {doc.pk}.")
@@ -445,7 +434,7 @@ class LocalDateParser(English):

 class DelayedFullTextQuery(DelayedQuery):
    def _get_query(self) -> tuple:
-        q_str = self.query_params["query"]
+        q_str = _normalize_for_index(self.query_params["query"]) or ""
        q_str = rewrite_natural_date_keywords(q_str)
        qp = MultifieldParser(
            [
@@ -484,7 +473,12 @@ class DelayedFullTextQuery(DelayedQuery):
 class DelayedMoreLikeThisQuery(DelayedQuery):
    def _get_query(self) -> tuple:
        more_like_doc_id = int(self.query_params["more_like_id"])
-        content = Document.objects.get(id=more_like_doc_id).content
+        content = (
+            _normalize_for_index(
+                Document.objects.get(id=more_like_doc_id).content,
+            )
+            or ""
+        )

        docnum = self.searcher.document_number(id=more_like_doc_id)
        kts = self.searcher.key_terms_from_text(
@@ -512,6 +506,7 @@ def autocomplete(
    Mimics whoosh.reading.IndexReader.most_distinctive_terms with permissions
    and without scoring
    """
+    term = _normalize_for_index(term) or ""
    terms = []

    with ix.searcher(weighting=TF_IDF()) as s:
@@ -602,7 +597,7 @@ def rewrite_natural_date_keywords(query_string: str) -> str:

            case "this year":
                start = datetime(local_now.year, 1, 1, 0, 0, 0, tzinfo=tz)
-                end = datetime(local_now.year, 12, 31, 23, 59, 59, tzinfo=tz)
+                end = datetime.combine(today, time.max, tzinfo=tz)

            case "previous week":
                days_since_monday = local_now.weekday()
--- a/src/documents/matching.py
+++ b/src/documents/matching.py
@@ -2,10 +2,12 @@ from __future__ import annotations

 import logging
 import re
+import unicodedata
 from fnmatch import fnmatch
 from fnmatch import translate as fnmatch_translate
 from typing import TYPE_CHECKING

+from django.db.models import Q
 from rest_framework import serializers

 from documents.data_models import ConsumableDocument
@@ -21,6 +23,7 @@ from documents.models import Workflow
 from documents.models import WorkflowTrigger
 from documents.permissions import get_objects_for_user_owner_aware
 from documents.regex import safe_regex_search
+from documents.utils import normalize_nfc

 if TYPE_CHECKING:
    from django.db.models import QuerySet
@@ -30,6 +33,34 @@ if TYPE_CHECKING:
 logger = logging.getLogger("paperless.matching")


+def _normalize_glob_value(value: str) -> str:
+    """Normalize strings for glob-style matching (case-insensitive)."""
+
+    return (normalize_nfc(value) or "").casefold()
+
+
+def _normalized_fnmatch(name: str, pattern: str) -> bool:
+    """Canonicalize Unicode and compare using fnmatch semantics."""
+
+    return fnmatch(_normalize_glob_value(name), _normalize_glob_value(pattern))
+
+
+def _glob_regex_variants(pattern: str) -> list[str]:
+    """
+    Build regex patterns that match both NFC and NFD forms of a glob pattern.
+    Using both forms lets DB prefilters remain Unicode-normalization agnostic.
+    """
+
+    regexes = set()
+    for normalized in {
+        normalize_nfc(pattern) or "",
+        unicodedata.normalize("NFD", pattern),
+    }:
+        regex = fnmatch_translate(normalized).lstrip("^").rstrip("$")
+        regexes.add(regex)
+    return list(regexes)
+
+
 def log_reason(
    matching_model: MatchingModel | WorkflowTrigger,
    document: Document,
@@ -305,9 +336,9 @@ def consumable_document_matches_workflow(
    if (
        trigger.filter_filename is not None
        and len(trigger.filter_filename) > 0
-        and not fnmatch(
-            document.original_file.name.lower(),
-            trigger.filter_filename.lower(),
+        and not _normalized_fnmatch(
+            document.original_file.name,
+            trigger.filter_filename,
        )
    ):
        reason = (
@@ -328,7 +359,7 @@ def consumable_document_matches_workflow(
    if (
        trigger.filter_path is not None
        and len(trigger.filter_path) > 0
-        and not fnmatch(
+        and not _normalized_fnmatch(
            match_against,
            trigger.filter_path,
        )
@@ -492,9 +523,9 @@ def existing_document_matches_workflow(
        trigger.filter_filename is not None
        and len(trigger.filter_filename) > 0
        and document.original_filename is not None
-        and not fnmatch(
-            document.original_filename.lower(),
-            trigger.filter_filename.lower(),
+        and not _normalized_fnmatch(
+            document.original_filename,
+            trigger.filter_filename,
        )
    ):
        return (
@@ -573,8 +604,11 @@ def prefilter_documents_by_workflowtrigger(
        documents = documents.annotate(**annotations).filter(custom_field_q)

    if trigger.filter_filename:
-        regex = fnmatch_translate(trigger.filter_filename).lstrip("^").rstrip("$")
-        documents = documents.filter(original_filename__iregex=regex)
+        regexes = _glob_regex_variants(trigger.filter_filename)
+        filename_q = Q()
+        for regex in regexes:
+            filename_q |= Q(original_filename__iregex=regex)
+        documents = documents.filter(filename_q)

    return documents

--- a/src/documents/migrations/1075_workflowaction_order.py
+++ b/src/documents/migrations/1075_workflowaction_order.py
@@ -1,28 +0,0 @@
-# Generated by Django 5.2.7 on 2026-01-14 16:53
-
-from django.db import migrations
-from django.db import models
-from django.db.models import F
-
-
-def populate_action_order(apps, schema_editor):
-    WorkflowAction = apps.get_model("documents", "WorkflowAction")
-    WorkflowAction.objects.all().update(order=F("id"))
-
-
-class Migration(migrations.Migration):
-    dependencies = [
-        ("documents", "1074_workflowrun_deleted_at_workflowrun_restored_at_and_more"),
-    ]
-
-    operations = [
-        migrations.AddField(
-            model_name="workflowaction",
-            name="order",
-            field=models.PositiveIntegerField(default=0, verbose_name="order"),
-        ),
-        migrations.RunPython(
-            populate_action_order,
-            reverse_code=migrations.RunPython.noop,
-        ),
-    ]
--- a/src/documents/models.py
+++ b/src/documents/models.py
@@ -1294,8 +1294,6 @@ class WorkflowAction(models.Model):
        default=WorkflowActionType.ASSIGNMENT,
    )

-    order = models.PositiveIntegerField(_("order"), default=0)
-
    assign_title = models.TextField(
        _("assign title"),
        null=True,
--- a/src/documents/permissions.py
+++ b/src/documents/permissions.py
@@ -2,17 +2,10 @@ from django.contrib.auth.models import Group
 from django.contrib.auth.models import Permission
 from django.contrib.auth.models import User
 from django.contrib.contenttypes.models import ContentType
-from django.db.models import Count
-from django.db.models import IntegerField
-from django.db.models import OuterRef
 from django.db.models import Q
 from django.db.models import QuerySet
-from django.db.models import Subquery
-from django.db.models.functions import Cast
-from django.db.models.functions import Coalesce
 from guardian.core import ObjectPermissionChecker
 from guardian.models import GroupObjectPermission
-from guardian.models import UserObjectPermission
 from guardian.shortcuts import assign_perm
 from guardian.shortcuts import get_objects_for_user
 from guardian.shortcuts import get_users_with_perms
@@ -136,96 +129,23 @@ def set_permissions_for_object(permissions: dict, object, *, merge: bool = False
                        )


-def _permitted_document_ids(user):
-    """
-    Return a queryset of document IDs the user may view, limited to non-deleted
-    documents. This intentionally avoids ``get_objects_for_user`` to keep the
-    subquery small and index-friendly.
-    """
-
-    base_docs = Document.objects.filter(deleted_at__isnull=True).only("id", "owner")
-
-    if user is None or not getattr(user, "is_authenticated", False):
-        # Just Anonymous user e.g. for drf-spectacular
-        return base_docs.filter(owner__isnull=True).values_list("id", flat=True)
-
-    if getattr(user, "is_superuser", False):
-        return base_docs.values_list("id", flat=True)
-
-    document_ct = ContentType.objects.get_for_model(Document)
-    perm_filter = {
-        "permission__codename": "view_document",
-        "permission__content_type": document_ct,
-    }
-
-    user_perm_docs = (
-        UserObjectPermission.objects.filter(user=user, **perm_filter)
-        .annotate(object_pk_int=Cast("object_pk", IntegerField()))
-        .values_list("object_pk_int", flat=True)
-    )
-
-    group_perm_docs = (
-        GroupObjectPermission.objects.filter(group__user=user, **perm_filter)
-        .annotate(object_pk_int=Cast("object_pk", IntegerField()))
-        .values_list("object_pk_int", flat=True)
-    )
-
-    permitted_documents = user_perm_docs.union(group_perm_docs)
-
-    return base_docs.filter(
-        Q(owner=user) | Q(owner__isnull=True) | Q(id__in=permitted_documents),
-    ).values_list("id", flat=True)
-
-
 def get_document_count_filter_for_user(user):
    """
    Return the Q object used to filter document counts for the given user.
-
-    The filter is expressed as an ``id__in`` against a small subquery of permitted
-    document IDs to keep the generated SQL simple and avoid large OR clauses.
    """

+    if user is None or not getattr(user, "is_authenticated", False):
+        return Q(documents__deleted_at__isnull=True, documents__owner__isnull=True)
    if getattr(user, "is_superuser", False):
-        # Superuser: no permission filtering needed
        return Q(documents__deleted_at__isnull=True)
-
-    permitted_ids = _permitted_document_ids(user)
-    return Q(documents__id__in=permitted_ids)
-
-
-def annotate_document_count_for_related_queryset(
-    queryset,
-    through_model,
-    related_object_field: str,
-    target_field: str = "document_id",
-    user=None,
-):
-    """
-    Annotate a queryset with permissions-aware document counts using a subquery
-    against a relation table.
-
-    Args:
-        queryset: base queryset to annotate (must contain pk)
-        through_model: model representing the relation (e.g., Document.tags.through
-                       or CustomFieldInstance)
-        source_field: field on the relation pointing back to queryset pk
-        target_field: field on the relation pointing to Document id
-        user: the user for whom to filter permitted document ids
-    """
-
-    permitted_ids = _permitted_document_ids(user)
-    counts = (
-        through_model.objects.filter(
-            **{
-                related_object_field: OuterRef("pk"),
-                f"{target_field}__in": permitted_ids,
-            },
-        )
-        .values(related_object_field)
-        .annotate(c=Count(target_field))
-        .values("c")
+    return Q(
+        documents__deleted_at__isnull=True,
+        documents__id__in=get_objects_for_user_owner_aware(
+            user,
+            "documents.view_document",
+            Document,
+        ).values_list("id", flat=True),
    )
-    return queryset.annotate(document_count=Coalesce(Subquery(counts[:1]), 0))


 def get_objects_for_user_owner_aware(user, perms, Model) -> QuerySet:
--- a/src/documents/serialisers.py
+++ b/src/documents/serialisers.py
@@ -6,7 +6,6 @@ import re
 from datetime import datetime
 from decimal import Decimal
 from typing import TYPE_CHECKING
-from typing import Any
 from typing import Literal

 import magic
@@ -41,7 +40,6 @@ from guardian.utils import get_group_obj_perms_model
 from guardian.utils import get_user_obj_perms_model
 from rest_framework import fields
 from rest_framework import serializers
-from rest_framework.exceptions import PermissionDenied
 from rest_framework.fields import SerializerMethodField
 from rest_framework.filters import OrderingFilter

@@ -74,7 +72,6 @@ from documents.models import WorkflowTrigger
 from documents.parsers import is_mime_type_supported
 from documents.permissions import get_document_count_filter_for_user
 from documents.permissions import get_groups_with_only_permission
-from documents.permissions import get_objects_for_user_owner_aware
 from documents.permissions import set_permissions_for_object
 from documents.regex import validate_regex_pattern
 from documents.templating.filepath import validate_filepath_template_and_render
@@ -439,19 +436,6 @@ class OwnedObjectSerializer(
        return instance

    def update(self, instance, validated_data):
-        user = getattr(self, "user", None)
-        is_superuser = user.is_superuser if user is not None else False
-        is_owner = instance.owner == user if user is not None else False
-        is_unowned = instance.owner is None
-
-        if (
-            ("owner" in validated_data and validated_data["owner"] != instance.owner)
-            or "set_permissions" in validated_data
-        ) and not (is_superuser or is_owner or is_unowned):
-            raise PermissionDenied(
-                _("Insufficient permissions."),
-            )
-
        if "set_permissions" in validated_data:
            self._set_permissions(validated_data["set_permissions"], instance)
        self.validate_unique_together(validated_data, instance)
@@ -596,34 +580,30 @@ class TagSerializer(MatchingModelSerializer, OwnedObjectSerializer):
        ),
    )
    def get_children(self, obj):
-        children_map = self.context.get("children_map")
-        if children_map is not None:
-            children = children_map.get(obj.pk, [])
-        else:
-            filter_q = self.context.get("document_count_filter")
-            request = self.context.get("request")
-            if filter_q is None:
-                user = getattr(request, "user", None) if request else None
-                filter_q = get_document_count_filter_for_user(user)
-                self.context["document_count_filter"] = filter_q
+        filter_q = self.context.get("document_count_filter")
+        request = self.context.get("request")
+        if filter_q is None:
+            user = getattr(request, "user", None) if request else None
+            filter_q = get_document_count_filter_for_user(user)
+            self.context["document_count_filter"] = filter_q

-            children = (
-                obj.get_children_queryset()
-                .select_related("owner")
-                .annotate(document_count=Count("documents", filter=filter_q))
-            )
+        children_queryset = (
+            obj.get_children_queryset()
+            .select_related("owner")
+            .annotate(document_count=Count("documents", filter=filter_q))
+        )

-            view = self.context.get("view")
-            ordering = (
-                OrderingFilter().get_ordering(request, children, view)
-                if request and view
-                else None
-            )
-            ordering = ordering or (Lower("name"),)
-            children = children.order_by(*ordering)
+        view = self.context.get("view")
+        ordering = (
+            OrderingFilter().get_ordering(request, children_queryset, view)
+            if request and view
+            else None
+        )
+        ordering = ordering or (Lower("name"),)
+        children_queryset = children_queryset.order_by(*ordering)

        serializer = TagSerializer(
-            children,
+            children_queryset,
            many=True,
            user=self.user,
            full_perms=self.full_perms,
@@ -715,9 +695,6 @@ class StoragePathField(serializers.PrimaryKeyRelatedField):

 class CustomFieldSerializer(serializers.ModelSerializer):
    def __init__(self, *args, **kwargs):
-        # Ignore args passed by permissions mixin
-        kwargs.pop("user", None)
-        kwargs.pop("full_perms", None)
        context = kwargs.get("context")
        self.api_version = int(
            context.get("request").version
@@ -2585,8 +2562,7 @@ class WorkflowSerializer(serializers.ModelSerializer):
                set_triggers.append(trigger_instance)

        if actions is not None and actions is not serializers.empty:
-            for index, action in enumerate(actions):
-                action["order"] = index
+            for action in actions:
                assign_tags = action.pop("assign_tags", None)
                assign_view_users = action.pop("assign_view_users", None)
                assign_view_groups = action.pop("assign_view_groups", None)
@@ -2713,16 +2689,6 @@ class WorkflowSerializer(serializers.ModelSerializer):

        return instance

-    def to_representation(self, instance):
-        data = super().to_representation(instance)
-        actions = instance.actions.order_by("order", "pk")
-        data["actions"] = WorkflowActionSerializer(
-            actions,
-            many=True,
-            context=self.context,
-        ).data
-        return data
-

 class TrashSerializer(SerializerWithPerms):
    documents = serializers.ListField(
@@ -2755,22 +2721,8 @@ class StoragePathTestSerializer(SerializerWithPerms):
    )

    document = serializers.PrimaryKeyRelatedField(
-        queryset=Document.objects.none(),
+        queryset=Document.objects.all(),
        required=True,
        label="Document",
        write_only=True,
    )
-
-    def __init__(self, *args: Any, **kwargs: Any) -> None:
-        super().__init__(*args, **kwargs)
-        request = self.context.get("request")
-        user = getattr(request, "user", None) if request else None
-        if user is not None and user.is_authenticated:
-            document_field = self.fields.get("document")
-            if not isinstance(document_field, serializers.PrimaryKeyRelatedField):
-                return
-            document_field.queryset = get_objects_for_user_owner_aware(
-                user,
-                "documents.view_document",
-                Document,
-            )
--- a/src/documents/signals/handlers.py
+++ b/src/documents/signals/handlers.py
@@ -418,15 +418,7 @@ def update_filename_and_move_files(
            return
        instance = instance.document

-    def validate_move(instance, old_path: Path, new_path: Path, root: Path):
-        if not new_path.is_relative_to(root):
-            msg = (
-                f"Document {instance!s}: Refusing to move file outside root {root}: "
-                f"{new_path}."
-            )
-            logger.warning(msg)
-            raise CannotMoveFilesException(msg)
-
+    def validate_move(instance, old_path: Path, new_path: Path):
        if not old_path.is_file():
            # Can't do anything if the old file does not exist anymore.
            msg = f"Document {instance!s}: File {old_path} doesn't exist."
@@ -515,22 +507,12 @@ def update_filename_and_move_files(
                return

            if move_original:
-                validate_move(
-                    instance,
-                    old_source_path,
-                    instance.source_path,
-                    settings.ORIGINALS_DIR,
-                )
+                validate_move(instance, old_source_path, instance.source_path)
                create_source_path_directory(instance.source_path)
                shutil.move(old_source_path, instance.source_path)

            if move_archive:
-                validate_move(
-                    instance,
-                    old_archive_path,
-                    instance.archive_path,
-                    settings.ARCHIVE_DIR,
-                )
+                validate_move(instance, old_archive_path, instance.archive_path)
                create_source_path_directory(instance.archive_path)
                shutil.move(old_archive_path, instance.archive_path)

@@ -769,7 +751,7 @@ def run_workflows(

        if matching.document_matches_workflow(document, workflow, trigger_type):
            action: WorkflowAction
-            for action in workflow.actions.order_by("order", "pk"):
+            for action in workflow.actions.all():
                message = f"Applying {action} from {workflow}"
                if not use_overrides:
                    logger.info(message, extra={"group": logging_group})
--- a/src/documents/tasks.py
+++ b/src/documents/tasks.py
@@ -493,7 +493,7 @@ def check_scheduled_workflows():
                            trigger.schedule_is_recurring
                            and workflow_runs.exists()
                            and (
-                                workflow_runs.first().run_at
+                                workflow_runs.last().run_at
                                > now
                                - datetime.timedelta(
                                    days=trigger.schedule_recurring_interval_days,
--- a/src/documents/templating/filepath.py
+++ b/src/documents/templating/filepath.py
@@ -193,52 +193,6 @@ def get_basic_metadata_context(
    }


-def get_safe_document_context(
-    document: Document,
-    tags: Iterable[Tag],
-) -> dict[str, object]:
-    """
-    Build a document context object to avoid supplying entire model instance.
-    """
-    return {
-        "id": document.pk,
-        "pk": document.pk,
-        "title": document.title,
-        "content": document.content,
-        "page_count": document.page_count,
-        "created": document.created,
-        "added": document.added,
-        "modified": document.modified,
-        "archive_serial_number": document.archive_serial_number,
-        "mime_type": document.mime_type,
-        "checksum": document.checksum,
-        "archive_checksum": document.archive_checksum,
-        "filename": document.filename,
-        "archive_filename": document.archive_filename,
-        "original_filename": document.original_filename,
-        "owner": {"username": document.owner.username, "id": document.owner.id}
-        if document.owner
-        else None,
-        "tags": [{"name": tag.name, "id": tag.id} for tag in tags],
-        "correspondent": (
-            {"name": document.correspondent.name, "id": document.correspondent.id}
-            if document.correspondent
-            else None
-        ),
-        "document_type": (
-            {"name": document.document_type.name, "id": document.document_type.id}
-            if document.document_type
-            else None
-        ),
-        "storage_path": {
-            "path": document.storage_path.path,
-            "id": document.storage_path.id,
-        }
-        if document.storage_path
-        else None,
-    }
-
-
 def get_tags_context(tags: Iterable[Tag]) -> dict[str, str | list[str]]:
    """
    Given an Iterable of tags, constructs some context from them for usage
@@ -308,17 +262,6 @@ def get_custom_fields_context(
    return field_data


-def _is_safe_relative_path(value: str) -> bool:
-    if value == "":
-        return True
-
-    path = PurePath(value)
-    if path.is_absolute() or path.drive:
-        return False
-
-    return ".." not in path.parts
-
-
 def validate_filepath_template_and_render(
    template_string: str,
    document: Document | None = None,
@@ -349,7 +292,7 @@ def validate_filepath_template_and_render(

    # Build the context dictionary
    context = (
-        {"document": get_safe_document_context(document, tags=tags_list)}
+        {"document": document}
        | get_basic_metadata_context(document, no_value_default=NO_VALUE_PLACEHOLDER)
        | get_creation_date_context(document)
        | get_added_date_context(document)
@@ -366,12 +309,6 @@ def validate_filepath_template_and_render(
        )
        rendered_template = template.render(context)

-        if not _is_safe_relative_path(rendered_template):
-            logger.warning(
-                "Template rendered an unsafe path (absolute or containing traversal).",
-            )
-            return None
-
        # We're good!
        return rendered_template
    except UndefinedError:
--- a/src/documents/tests/test_api_documents.py
+++ b/src/documents/tests/test_api_documents.py
@@ -1216,17 +1216,6 @@ class TestDocumentApi(DirectoriesMixin, DocumentConsumeDelayMixin, APITestCase):

        self.assertEqual(response.status_code, status.HTTP_405_METHOD_NOT_ALLOWED)

-    def test_upload_insufficient_permissions(self):
-        self.client.force_authenticate(user=User.objects.create_user("testuser2"))
-
-        with (Path(__file__).parent / "samples" / "simple.pdf").open("rb") as f:
-            response = self.client.post(
-                "/api/documents/post_document/",
-                {"document": f},
-            )
-
-        self.assertEqual(response.status_code, status.HTTP_403_FORBIDDEN)
-
    def test_upload_empty_metadata(self):
        self.consume_file_mock.return_value = celery.result.AsyncResult(
            id=str(uuid.uuid4()),
--- a/src/documents/tests/test_api_objects.py
+++ b/src/documents/tests/test_api_objects.py
@@ -5,13 +5,10 @@ from unittest import mock
 from django.contrib.auth.models import Permission
 from django.contrib.auth.models import User
 from django.test import override_settings
-from guardian.shortcuts import assign_perm
 from rest_framework import status
 from rest_framework.test import APITestCase

 from documents.models import Correspondent
-from documents.models import CustomField
-from documents.models import CustomFieldInstance
 from documents.models import Document
 from documents.models import DocumentType
 from documents.models import StoragePath
@@ -222,30 +219,6 @@ class TestApiStoragePaths(DirectoriesMixin, APITestCase):
        self.assertEqual(response.status_code, status.HTTP_400_BAD_REQUEST)
        self.assertEqual(StoragePath.objects.count(), 1)

-    def test_api_create_storage_path_rejects_traversal(self):
-        """
-        GIVEN:
-            - API request to create a storage paths
-            - Storage path attempts directory traversal
-        WHEN:
-            - API is called
-        THEN:
-            - Correct HTTP 400 response
-            - No storage path is created
-        """
-        response = self.client.post(
-            self.ENDPOINT,
-            json.dumps(
-                {
-                    "name": "Traversal path",
-                    "path": "../../../../../tmp/proof",
-                },
-            ),
-            content_type="application/json",
-        )
-        self.assertEqual(response.status_code, status.HTTP_400_BAD_REQUEST)
-        self.assertEqual(StoragePath.objects.count(), 1)
-
    def test_api_storage_path_placeholders(self):
        """
        GIVEN:
@@ -401,292 +374,6 @@ class TestApiStoragePaths(DirectoriesMixin, APITestCase):
        self.assertEqual(response.status_code, status.HTTP_200_OK)
        self.assertEqual(response.data, "folder/Something")

-    def test_test_storage_path_requires_document_view_permission(self) -> None:
-        owner = User.objects.create_user(username="owner")
-        unprivileged = User.objects.create_user(username="unprivileged")
-        document = Document.objects.create(
-            mime_type="application/pdf",
-            owner=owner,
-            title="Sensitive",
-            checksum="123",
-        )
-        self.client.force_authenticate(user=unprivileged)
-        response = self.client.post(
-            f"{self.ENDPOINT}test/",
-            json.dumps(
-                {
-                    "document": document.id,
-                    "path": "path/{{ title }}",
-                },
-            ),
-            content_type="application/json",
-        )
-        self.assertEqual(response.status_code, status.HTTP_400_BAD_REQUEST)
-        self.assertIn("document", response.data)
-
-    def test_test_storage_path_allows_shared_document_view_permission(self) -> None:
-        owner = User.objects.create_user(username="owner")
-        viewer = User.objects.create_user(username="viewer")
-        document = Document.objects.create(
-            mime_type="application/pdf",
-            owner=owner,
-            title="Shared",
-            checksum="123",
-        )
-        assign_perm("view_document", viewer, document)
-
-        self.client.force_authenticate(user=viewer)
-        response = self.client.post(
-            f"{self.ENDPOINT}test/",
-            json.dumps(
-                {
-                    "document": document.id,
-                    "path": "path/{{ title }}",
-                },
-            ),
-            content_type="application/json",
-        )
-        self.assertEqual(response.status_code, status.HTTP_200_OK)
-        self.assertEqual(response.data, "path/Shared")
-
-    def test_test_storage_path_exposes_basic_document_context_but_not_sensitive_owner_data(
-        self,
-    ) -> None:
-        owner = User.objects.create_user(
-            username="owner",
-            password="password",
-            email="owner@example.com",
-        )
-        document = Document.objects.create(
-            mime_type="application/pdf",
-            owner=owner,
-            title="Document",
-            content="Top secret content",
-            page_count=2,
-            checksum="123",
-        )
-        self.client.force_authenticate(user=owner)
-
-        response = self.client.post(
-            f"{self.ENDPOINT}test/",
-            json.dumps(
-                {
-                    "document": document.id,
-                    "path": "{{ document.owner.username }}",
-                },
-            ),
-            content_type="application/json",
-        )
-        self.assertEqual(response.status_code, status.HTTP_200_OK)
-        self.assertEqual(response.data, "owner")
-
-        for expression, expected in (
-            ("{{ document.content }}", "Top secret content"),
-            ("{{ document.id }}", str(document.id)),
-            ("{{ document.page_count }}", "2"),
-        ):
-            response = self.client.post(
-                f"{self.ENDPOINT}test/",
-                json.dumps(
-                    {
-                        "document": document.id,
-                        "path": expression,
-                    },
-                ),
-                content_type="application/json",
-            )
-            self.assertEqual(response.status_code, status.HTTP_200_OK)
-            self.assertEqual(response.data, expected)
-
-        for expression in (
-            "{{ document.owner.password }}",
-            "{{ document.owner.email }}",
-        ):
-            response = self.client.post(
-                f"{self.ENDPOINT}test/",
-                json.dumps(
-                    {
-                        "document": document.id,
-                        "path": expression,
-                    },
-                ),
-                content_type="application/json",
-            )
-            self.assertEqual(response.status_code, status.HTTP_200_OK)
-            self.assertIsNone(response.data)
-
-    def test_test_storage_path_includes_related_objects_for_visible_document(
-        self,
-    ) -> None:
-        owner = User.objects.create_user(username="owner")
-        viewer = User.objects.create_user(username="viewer")
-        private_correspondent = Correspondent.objects.create(
-            name="Private Correspondent",
-            owner=owner,
-        )
-        document = Document.objects.create(
-            mime_type="application/pdf",
-            owner=owner,
-            correspondent=private_correspondent,
-            title="Document",
-            checksum="123",
-        )
-        assign_perm("view_document", viewer, document)
-
-        self.client.force_authenticate(user=viewer)
-        response = self.client.post(
-            f"{self.ENDPOINT}test/",
-            json.dumps(
-                {
-                    "document": document.id,
-                    "path": "{{ correspondent }}",
-                },
-            ),
-            content_type="application/json",
-        )
-        self.assertEqual(response.status_code, status.HTTP_200_OK)
-        self.assertEqual(response.data, "Private Correspondent")
-
-        response = self.client.post(
-            f"{self.ENDPOINT}test/",
-            json.dumps(
-                {
-                    "document": document.id,
-                    "path": (
-                        "{{ document.correspondent.name if document.correspondent else 'none' }}"
-                    ),
-                },
-            ),
-            content_type="application/json",
-        )
-        self.assertEqual(response.status_code, status.HTTP_200_OK)
-        self.assertEqual(response.data, "Private Correspondent")
-
-    def test_test_storage_path_superuser_can_view_private_related_objects(self) -> None:
-        owner = User.objects.create_user(username="owner")
-        private_correspondent = Correspondent.objects.create(
-            name="Private Correspondent",
-            owner=owner,
-        )
-        document = Document.objects.create(
-            mime_type="application/pdf",
-            owner=owner,
-            correspondent=private_correspondent,
-            title="Document",
-            checksum="123",
-        )
-
-        response = self.client.post(
-            f"{self.ENDPOINT}test/",
-            json.dumps(
-                {
-                    "document": document.id,
-                    "path": (
-                        "{{ document.correspondent.name if document.correspondent else 'none' }}"
-                    ),
-                },
-            ),
-            content_type="application/json",
-        )
-        self.assertEqual(response.status_code, status.HTTP_200_OK)
-        self.assertEqual(response.data, "Private Correspondent")
-
-    def test_test_storage_path_includes_doc_type_storage_path_and_tags(
-        self,
-    ) -> None:
-        owner = User.objects.create_user(username="owner")
-        viewer = User.objects.create_user(username="viewer")
-        private_document_type = DocumentType.objects.create(
-            name="Private Type",
-            owner=owner,
-        )
-        private_storage_path = StoragePath.objects.create(
-            name="Private Storage Path",
-            path="private/path",
-            owner=owner,
-        )
-        private_tag = Tag.objects.create(
-            name="Private Tag",
-            owner=owner,
-        )
-        document = Document.objects.create(
-            mime_type="application/pdf",
-            owner=owner,
-            document_type=private_document_type,
-            storage_path=private_storage_path,
-            title="Document",
-            checksum="123",
-        )
-        document.tags.add(private_tag)
-        assign_perm("view_document", viewer, document)
-
-        self.client.force_authenticate(user=viewer)
-        response = self.client.post(
-            f"{self.ENDPOINT}test/",
-            json.dumps(
-                {
-                    "document": document.id,
-                    "path": (
-                        "{{ document.document_type.name if document.document_type else 'none' }}/"
-                        "{{ document.storage_path.path if document.storage_path else 'none' }}/"
-                        "{{ document.tags[0].name if document.tags else 'none' }}"
-                    ),
-                },
-            ),
-            content_type="application/json",
-        )
-        self.assertEqual(response.status_code, status.HTTP_200_OK)
-        self.assertEqual(response.data, "Private Type/private/path/Private Tag")
-
-        response = self.client.post(
-            f"{self.ENDPOINT}test/",
-            json.dumps(
-                {
-                    "document": document.id,
-                    "path": "{{ document_type }}/{{ tag_list if tag_list else 'none' }}",
-                },
-            ),
-            content_type="application/json",
-        )
-        self.assertEqual(response.status_code, status.HTTP_200_OK)
-        self.assertEqual(response.data, "Private Type/Private Tag")
-
-    def test_test_storage_path_includes_custom_fields_for_visible_document(
-        self,
-    ) -> None:
-        owner = User.objects.create_user(username="owner")
-        viewer = User.objects.create_user(username="viewer")
-        document = Document.objects.create(
-            mime_type="application/pdf",
-            owner=owner,
-            title="Document",
-            checksum="123",
-        )
-        custom_field = CustomField.objects.create(
-            name="Secret Number",
-            data_type=CustomField.FieldDataType.INT,
-        )
-        CustomFieldInstance.objects.create(
-            document=document,
-            field=custom_field,
-            value_int=42,
-        )
-        assign_perm("view_document", viewer, document)
-
-        self.client.force_authenticate(user=viewer)
-        response = self.client.post(
-            f"{self.ENDPOINT}test/",
-            json.dumps(
-                {
-                    "document": document.id,
-                    "path": "{{ custom_fields | get_cf_value('Secret Number', 'none') }}",
-                },
-            ),
-            content_type="application/json",
-        )
-        self.assertEqual(response.status_code, status.HTTP_200_OK)
-        self.assertEqual(response.data, "42")
-

 class TestBulkEditObjects(APITestCase):
    # See test_api_permissions.py for bulk tests on permissions
--- a/src/documents/tests/test_api_permissions.py
+++ b/src/documents/tests/test_api_permissions.py
@@ -441,59 +441,6 @@ class TestApiAuth(DirectoriesMixin, APITestCase):
        self.assertTrue(checker.has_perm("change_document", doc))
        self.assertIn("change_document", get_perms(group1, doc))

-    def test_document_permissions_change_requires_owner(self):
-        owner = User.objects.create_user(username="owner")
-        editor = User.objects.create_user(username="editor")
-        editor.user_permissions.add(
-            *Permission.objects.all(),
-        )
-
-        doc = Document.objects.create(
-            title="Ownered doc",
-            content="sensitive",
-            checksum="abc123",
-            mime_type="application/pdf",
-            owner=owner,
-        )
-
-        assign_perm("view_document", editor, doc)
-        assign_perm("change_document", editor, doc)
-
-        self.client.force_authenticate(editor)
-        response = self.client.patch(
-            f"/api/documents/{doc.pk}/",
-            json.dumps(
-                {
-                    "set_permissions": {
-                        "view": {
-                            "users": [editor.id],
-                            "groups": [],
-                        },
-                        "change": {
-                            "users": None,
-                            "groups": None,
-                        },
-                    },
-                },
-            ),
-            content_type="application/json",
-        )
-
-        self.assertEqual(response.status_code, status.HTTP_403_FORBIDDEN)
-
-        self.client.force_authenticate(editor)
-        response = self.client.patch(
-            f"/api/documents/{doc.pk}/",
-            json.dumps(
-                {
-                    "owner": editor.id,
-                },
-            ),
-            content_type="application/json",
-        )
-
-        self.assertEqual(response.status_code, status.HTTP_403_FORBIDDEN)
-
    def test_dynamic_permissions_fields(self):
        user1 = User.objects.create_user(username="user1")
        user1.user_permissions.add(*Permission.objects.filter(codename="view_document"))
--- a/src/documents/tests/test_api_search.py
+++ b/src/documents/tests/test_api_search.py
@@ -89,6 +89,23 @@ class TestDocumentSearchApi(DirectoriesMixin, APITestCase):
        self.assertEqual(len(results), 0)
        self.assertCountEqual(response.data["all"], [])

+    def test_search_handles_diacritics_normalization(self):
+        doc = Document.objects.create(
+            title="certida\u0303o de nascimento",
+            content="birth record without keyword",
+            checksum="D",
+            pk=10,
+        )
+        with AsyncWriter(index.open_index()) as writer:
+            index.update_document(writer, doc)
+
+        response = self.client.get("/api/documents/?query=certidão")
+        self.assertEqual(response.status_code, status.HTTP_200_OK)
+        results = response.data["results"]
+        self.assertEqual(response.data["count"], 1)
+        self.assertEqual(len(results), 1)
+        self.assertEqual(results[0]["id"], doc.id)
+
    def test_search_custom_field_ordering(self):
        custom_field = CustomField.objects.create(
            name="Sortable field",
--- a/src/documents/tests/test_bulk_edit.py
+++ b/src/documents/tests/test_bulk_edit.py
@@ -602,12 +602,14 @@ class TestPDFActions(DirectoriesMixin, TestCase):
            expected_filename,
        )
        self.assertEqual(consume_file_args[1].title, None)
+        self.assertTrue(consume_file_args[1].skip_asn)

        # With metadata_document_id overrides
        result = bulk_edit.merge(doc_ids, metadata_document_id=metadata_document_id)
        consume_file_args, _ = mock_consume_file.call_args
        self.assertEqual(consume_file_args[1].title, "B (merged)")
        self.assertEqual(consume_file_args[1].created, self.doc2.created)
+        self.assertTrue(consume_file_args[1].skip_asn)

        self.assertEqual(result, "OK")

@@ -648,6 +650,7 @@ class TestPDFActions(DirectoriesMixin, TestCase):
            expected_filename,
        )
        self.assertEqual(consume_file_args[1].title, None)
+        self.assertTrue(consume_file_args[1].skip_asn)

        delete_documents_args, _ = mock_delete_documents.call_args
        self.assertEqual(
--- a/src/documents/tests/test_consumer.py
+++ b/src/documents/tests/test_consumer.py
@@ -290,6 +290,23 @@ class TestConsumer(

        self._assert_first_last_send_progress()

+    def test_override_filename_normalized(self):
+        filename = self.get_test_file()
+        override_filename = "Inhaltsu\u0308bersicht.pdf"
+
+        with self.get_consumer(
+            filename,
+            DocumentMetadataOverrides(filename=override_filename),
+        ) as consumer:
+            consumer.run()
+
+            document = Document.objects.first()
+
+        self.assertIsNotNone(document)
+        self.assertEqual(document.original_filename, "Inhaltsübersicht.pdf")
+        self.assertEqual(document.title, "Inhaltsübersicht")
+        self._assert_first_last_send_progress()
+
    def testOverrideTitle(self):
        with self.get_consumer(
            self.get_test_file(),
@@ -304,6 +321,25 @@ class TestConsumer(
        self.assertEqual(document.title, "Override Title")
        self._assert_first_last_send_progress()

+    @override_settings(FILENAME_FORMAT="{{ title }}")
+    def test_filename_format_normalized(self):
+        filename = self.get_test_file()
+        title = "Inhaltsu\u0308bersicht Faszination"
+
+        with self.get_consumer(
+            filename,
+            DocumentMetadataOverrides(title=title),
+        ) as consumer:
+            consumer.run()
+
+            document = Document.objects.first()
+
+        self.assertIsNotNone(document)
+        self.assertEqual(document.title, "Inhaltsübersicht Faszination")
+        self.assertEqual(document.filename, "Inhaltsübersicht Faszination.pdf")
+        self.assertIsFile(document.source_path)
+        self._assert_first_last_send_progress()
+
    def testOverrideCorrespondent(self):
        c = Correspondent.objects.create(name="test")

@@ -412,6 +448,14 @@ class TestConsumer(
        self.assertEqual(document.archive_serial_number, 123)
        self._assert_first_last_send_progress()

+    def testMetadataOverridesSkipAsnPropagation(self):
+        overrides = DocumentMetadataOverrides()
+        incoming = DocumentMetadataOverrides(skip_asn=True)
+
+        overrides.update(incoming)
+
+        self.assertTrue(overrides.skip_asn)
+
    def testOverrideTitlePlaceholders(self):
        c = Correspondent.objects.create(name="Correspondent Name")
        dt = DocumentType.objects.create(name="DocType Name")
--- a/src/documents/tests/test_file_handling.py
+++ b/src/documents/tests/test_file_handling.py
@@ -1382,11 +1382,11 @@ class TestFilenameGeneration(DirectoriesMixin, TestCase):
    def test_template_with_security(self):
        """
        GIVEN:
-            - Filename format with an unavailable document attribute
+            - Filename format with one or more undefined variables
        WHEN:
            - Filepath for a document with this format is called
        THEN:
-            - The missing attribute is logged
+            - The first undefined variable is logged
            - The default format is used
        """
        doc_a = Document.objects.create(
@@ -1408,7 +1408,7 @@ class TestFilenameGeneration(DirectoriesMixin, TestCase):
            self.assertEqual(len(capture.output), 1)
            self.assertEqual(
                capture.output[0],
-                "ERROR:paperless.templating:Template variable error: 'dict object' has no attribute 'save'",
+                "WARNING:paperless.templating:Template attempted restricted operation: <bound method Model.save of <Document: 2020-06-25 Does Matter>> is not safely callable",
            )

    def test_template_with_custom_fields(self):
--- a/src/documents/tests/test_index.py
+++ b/src/documents/tests/test_index.py
@@ -1,7 +1,6 @@
 from datetime import datetime
 from unittest import mock

-from django.conf import settings
 from django.contrib.auth.models import User
 from django.test import SimpleTestCase
 from django.test import TestCase
@@ -180,7 +179,7 @@ class TestRewriteNaturalDateKeywords(SimpleTestCase):
            (
                "added:this year",
                datetime(2025, 7, 15, 12, 0, 0, tzinfo=timezone.utc),
-                ("added:[20250101", "TO 20251231"),
+                ("added:[20250101", "TO 20250715"),
            ),
            (
                "added:previous year",
@@ -252,120 +251,3 @@ class TestRewriteNaturalDateKeywords(SimpleTestCase):
        result = self._rewrite_with_now("added:today", fixed_now)
        # Should convert to UTC properly
        self.assertIn("added:[20250719", result)
-
-
-class TestIndexResilience(DirectoriesMixin, SimpleTestCase):
-    def _assert_recreate_called(self, mock_create_in):
-        mock_create_in.assert_called_once()
-        path_arg, schema_arg = mock_create_in.call_args.args
-        self.assertEqual(path_arg, settings.INDEX_DIR)
-        self.assertEqual(schema_arg.__class__.__name__, "Schema")
-
-    def test_transient_missing_segment_does_not_force_recreate(self):
-        """
-        GIVEN:
-            - Index directory exists
-        WHEN:
-            - open_index is called
-            - Opening the index raises FileNotFoundError once due to a
-              transient missing segment
-        THEN:
-            - Index is opened successfully on retry
-            - Index is not recreated
-        """
-        file_marker = settings.INDEX_DIR / "file_marker.txt"
-        file_marker.write_text("keep")
-        expected_index = object()
-
-        with (
-            mock.patch("documents.index.exists_in", return_value=True),
-            mock.patch(
-                "documents.index.open_dir",
-                side_effect=[FileNotFoundError("missing"), expected_index],
-            ) as mock_open_dir,
-            mock.patch(
-                "documents.index.create_in",
-            ) as mock_create_in,
-            mock.patch(
-                "documents.index.rmtree",
-            ) as mock_rmtree,
-        ):
-            ix = index.open_index()
-
-        self.assertIs(ix, expected_index)
-        self.assertGreaterEqual(mock_open_dir.call_count, 2)
-        mock_rmtree.assert_not_called()
-        mock_create_in.assert_not_called()
-        self.assertEqual(file_marker.read_text(), "keep")
-
-    def test_transient_errors_exhaust_retries_and_recreate(self):
-        """
-        GIVEN:
-            - Index directory exists
-        WHEN:
-            - open_index is called
-            - Opening the index raises FileNotFoundError multiple times due to
-              transient missing segments
-        THEN:
-            - Index is recreated after retries are exhausted
-        """
-        recreated_index = object()
-
-        with (
-            self.assertLogs("paperless.index", level="ERROR") as cm,
-            mock.patch("documents.index.exists_in", return_value=True),
-            mock.patch(
-                "documents.index.open_dir",
-                side_effect=FileNotFoundError("missing"),
-            ) as mock_open_dir,
-            mock.patch("documents.index.rmtree") as mock_rmtree,
-            mock.patch(
-                "documents.index.create_in",
-                return_value=recreated_index,
-            ) as mock_create_in,
-        ):
-            ix = index.open_index()
-
-        self.assertIs(ix, recreated_index)
-        self.assertEqual(mock_open_dir.call_count, 4)
-        mock_rmtree.assert_called_once_with(settings.INDEX_DIR)
-        self._assert_recreate_called(mock_create_in)
-        self.assertIn(
-            "Error while opening the index after retries, recreating.",
-            cm.output[0],
-        )
-
-    def test_non_transient_error_recreates_index(self):
-        """
-        GIVEN:
-            - Index directory exists
-        WHEN:
-            - open_index is called
-            - Opening the index raises a "non-transient" error
-        THEN:
-            - Index is recreated
-        """
-        recreated_index = object()
-
-        with (
-            self.assertLogs("paperless.index", level="ERROR") as cm,
-            mock.patch("documents.index.exists_in", return_value=True),
-            mock.patch(
-                "documents.index.open_dir",
-                side_effect=RuntimeError("boom"),
-            ),
-            mock.patch("documents.index.rmtree") as mock_rmtree,
-            mock.patch(
-                "documents.index.create_in",
-                return_value=recreated_index,
-            ) as mock_create_in,
-        ):
-            ix = index.open_index()
-
-        self.assertIs(ix, recreated_index)
-        mock_rmtree.assert_called_once_with(settings.INDEX_DIR)
-        self._assert_recreate_called(mock_create_in)
-        self.assertIn(
-            "Error while opening the index, recreating.",
-            cm.output[0],
-        )
--- a/src/documents/tests/test_workflows.py
+++ b/src/documents/tests/test_workflows.py
@@ -557,6 +557,50 @@ class TestWorkflows(
        expected_str = f"Document filename {test_file.name} does not match"
        self.assertIn(expected_str, cm.output[1])

+    def test_workflow_match_filename_diacritics_normalized(self):
+        """
+        GIVEN:
+            - Consumption workflow filtering on filename with diacritics
+        WHEN:
+            - File with decomposed Unicode filename is consumed
+        THEN:
+            - Workflow still matches and applies overrides
+        """
+        trigger = WorkflowTrigger.objects.create(
+            type=WorkflowTrigger.WorkflowTriggerType.CONSUMPTION,
+            sources=f"{DocumentSource.ApiUpload},{DocumentSource.ConsumeFolder},{DocumentSource.MailFetch}",
+            filter_filename="*račun*",
+        )
+        action = WorkflowAction.objects.create(
+            assign_title="Diacritics matched",
+        )
+        action.save()
+
+        w = Workflow.objects.create(
+            name="Workflow 1",
+            order=0,
+        )
+        w.triggers.add(trigger)
+        w.actions.add(action)
+        w.save()
+
+        decomposed_name = "rac\u030cun.pdf"
+        test_file = shutil.copy(
+            self.SAMPLE_DIR / "simple.pdf",
+            self.dirs.scratch_dir / decomposed_name,
+        )
+
+        with mock.patch("documents.tasks.ProgressManager", DummyProgressManager):
+            tasks.consume_file(
+                ConsumableDocument(
+                    source=DocumentSource.ConsumeFolder,
+                    original_file=test_file,
+                ),
+                None,
+            )
+            document = Document.objects.first()
+            self.assertEqual(document.title, "Diacritics matched")
+
    def test_workflow_no_match_path(self):
        """
        GIVEN:
@@ -946,6 +990,35 @@ class TestWorkflows(
        self.assertEqual(doc.correspondent, self.c2)
        self.assertEqual(doc.title, f"Doc created in {created.year}")

+    def test_document_added_filename_diacritics_normalized(self):
+        trigger = WorkflowTrigger.objects.create(
+            type=WorkflowTrigger.WorkflowTriggerType.DOCUMENT_ADDED,
+            filter_filename="*račun*",
+        )
+        action = WorkflowAction.objects.create(
+            assign_title="Matched diacritics",
+        )
+        w = Workflow.objects.create(
+            name="Workflow 1",
+            order=0,
+        )
+        w.triggers.add(trigger)
+        w.actions.add(action)
+        w.save()
+
+        doc = Document.objects.create(
+            title="sample test",
+            correspondent=self.c,
+            original_filename="rac\u030cun.pdf",
+        )
+
+        document_consumption_finished.send(
+            sender=self.__class__,
+            document=doc,
+        )
+
+        self.assertEqual(doc.title, "Matched diacritics")
+
    def test_document_added_no_match_filename(self):
        trigger = WorkflowTrigger.objects.create(
            type=WorkflowTrigger.WorkflowTriggerType.DOCUMENT_ADDED,
@@ -2094,68 +2167,6 @@ class TestWorkflows(
            doc.refresh_from_db()
            self.assertIsNone(doc.owner)

-    def test_workflow_scheduled_recurring_respects_latest_run(self):
-        """
-        GIVEN:
-            - Scheduled workflow marked as recurring with a 1-day interval
-            - Document that matches the trigger
-            - Two prior runs exist: one 2 days ago and one 1 hour ago
-        WHEN:
-            - Scheduled workflows are checked again
-        THEN:
-            - Workflow does not run because the most recent run is inside the interval
-        """
-        trigger = WorkflowTrigger.objects.create(
-            type=WorkflowTrigger.WorkflowTriggerType.SCHEDULED,
-            schedule_date_field=WorkflowTrigger.ScheduleDateField.CREATED,
-            schedule_is_recurring=True,
-            schedule_recurring_interval_days=1,
-        )
-        action = WorkflowAction.objects.create(
-            assign_title="Doc assign owner",
-            assign_owner=self.user2,
-        )
-        w = Workflow.objects.create(
-            name="Workflow 1",
-            order=0,
-        )
-        w.triggers.add(trigger)
-        w.actions.add(action)
-        w.save()
-
-        doc = Document.objects.create(
-            title="sample test",
-            correspondent=self.c,
-            original_filename="sample.pdf",
-            created=timezone.now().date() - timedelta(days=3),
-        )
-
-        WorkflowRun.objects.create(
-            workflow=w,
-            document=doc,
-            type=WorkflowTrigger.WorkflowTriggerType.SCHEDULED,
-            run_at=timezone.now() - timedelta(days=2),
-        )
-        WorkflowRun.objects.create(
-            workflow=w,
-            document=doc,
-            type=WorkflowTrigger.WorkflowTriggerType.SCHEDULED,
-            run_at=timezone.now() - timedelta(hours=1),
-        )
-
-        tasks.check_scheduled_workflows()
-
-        doc.refresh_from_db()
-        self.assertIsNone(doc.owner)
-        self.assertEqual(
-            WorkflowRun.objects.filter(
-                workflow=w,
-                document=doc,
-                type=WorkflowTrigger.WorkflowTriggerType.SCHEDULED,
-            ).count(),
-            2,
-        )
-
    def test_workflow_scheduled_trigger_negative_offset_customfield(self):
        """
        GIVEN:
--- a/src/documents/utils.py
+++ b/src/documents/utils.py
@@ -1,5 +1,7 @@
 import logging
 import shutil
+import unicodedata
+from os import PathLike
 from os import utime
 from pathlib import Path
 from subprocess import CompletedProcess
@@ -16,6 +18,14 @@ def _coerce_to_path(
    return Path(source).resolve(), Path(dest).resolve()


+def normalize_nfc(value: str | PathLike[str] | None) -> str | None:
+    """Return NFC-normalized string for filesystem-safe comparisons."""
+
+    if value is None:
+        return None
+    return unicodedata.normalize("NFC", str(value))
+
+
 def copy_basic_file_stats(source: Path | str, dest: Path | str) -> None:
    """
    Copies only the m_time and a_time attributes from source to destination.
--- a/src/documents/views.py
+++ b/src/documents/views.py
@@ -32,6 +32,7 @@ from django.db.models import Count
 from django.db.models import IntegerField
 from django.db.models import Max
 from django.db.models import Model
+from django.db.models import Q
 from django.db.models import Sum
 from django.db.models import When
 from django.db.models.functions import Length
@@ -127,7 +128,6 @@ from documents.matching import match_storage_paths
 from documents.matching import match_tags
 from documents.models import Correspondent
 from documents.models import CustomField
-from documents.models import CustomFieldInstance
 from documents.models import Document
 from documents.models import DocumentType
 from documents.models import Note
@@ -147,7 +147,6 @@ from documents.permissions import PaperlessAdminPermissions
 from documents.permissions import PaperlessNotePermissions
 from documents.permissions import PaperlessObjectPermissions
 from documents.permissions import ViewDocumentsPermissions
-from documents.permissions import annotate_document_count_for_related_queryset
 from documents.permissions import get_document_count_filter_for_user
 from documents.permissions import get_objects_for_user_owner_aware
 from documents.permissions import has_perms_owner_aware
@@ -371,37 +370,22 @@ class PermissionsAwareDocumentCountMixin(BulkPermissionMixin, PassUserMixin):
    Mixin to add document count to queryset, permissions-aware if needed
    """

-    # Default is simple relation path, override for through-table/count specialization.
-    document_count_through = None
-    document_count_source_field = None
-
    def get_document_count_filter(self):
        request = getattr(self, "request", None)
        user = getattr(request, "user", None) if request else None
        return get_document_count_filter_for_user(user)

    def get_queryset(self):
-        base_qs = super().get_queryset()
-
-        # Use optimized through-table counting when configured.
-        if self.document_count_through:
-            user = getattr(getattr(self, "request", None), "user", None)
-            return annotate_document_count_for_related_queryset(
-                base_qs,
-                through_model=self.document_count_through,
-                related_object_field=self.document_count_source_field,
-                user=user,
-            )
-
-        # Fallback: simple Count on relation with permission filter.
        filter = self.get_document_count_filter()
-        return base_qs.annotate(
-            document_count=Count("documents", filter=filter),
+        return (
+            super()
+            .get_queryset()
+            .annotate(document_count=Count("documents", filter=filter))
        )


@extend_schema_view(**generate_object_with_permissions_schema(CorrespondentSerializer))
-class CorrespondentViewSet(PermissionsAwareDocumentCountMixin, ModelViewSet):
+class CorrespondentViewSet(ModelViewSet, PermissionsAwareDocumentCountMixin):
    model = Correspondent

    queryset = Correspondent.objects.select_related("owner").order_by(Lower("name"))
@@ -438,10 +422,8 @@ class CorrespondentViewSet(PermissionsAwareDocumentCountMixin, ModelViewSet):


@extend_schema_view(**generate_object_with_permissions_schema(TagSerializer))
-class TagViewSet(PermissionsAwareDocumentCountMixin, ModelViewSet):
+class TagViewSet(ModelViewSet, PermissionsAwareDocumentCountMixin):
    model = Tag
-    document_count_through = Document.tags.through
-    document_count_source_field = "tag_id"

    queryset = Tag.objects.select_related("owner").order_by(
        Lower("name"),
@@ -466,51 +448,8 @@ class TagViewSet(PermissionsAwareDocumentCountMixin, ModelViewSet):
    def get_serializer_context(self):
        context = super().get_serializer_context()
        context["document_count_filter"] = self.get_document_count_filter()
-        if hasattr(self, "_children_map"):
-            context["children_map"] = self._children_map
        return context

-    def list(self, request, *args, **kwargs):
-        """
-        Build a children map once to avoid per-parent queries in the serializer.
-        """
-        queryset = self.filter_queryset(self.get_queryset())
-        ordering = OrderingFilter().get_ordering(request, queryset, self) or (
-            Lower("name"),
-        )
-        queryset = queryset.order_by(*ordering)
-
-        all_tags = list(queryset)
-        descendant_pks = {pk for tag in all_tags for pk in tag.get_descendants_pks()}
-
-        if descendant_pks:
-            user = getattr(getattr(self, "request", None), "user", None)
-            children_source = list(
-                annotate_document_count_for_related_queryset(
-                    Tag.objects.filter(pk__in=descendant_pks | {t.pk for t in all_tags})
-                    .select_related("owner")
-                    .order_by(*ordering),
-                    through_model=self.document_count_through,
-                    related_object_field=self.document_count_source_field,
-                    user=user,
-                ),
-            )
-        else:
-            children_source = all_tags
-
-        children_map = {}
-        for tag in children_source:
-            children_map.setdefault(tag.tn_parent_id, []).append(tag)
-        self._children_map = children_map
-
-        page = self.paginate_queryset(queryset)
-        serializer = self.get_serializer(page, many=True)
-        response = self.get_paginated_response(serializer.data)
-        if descendant_pks:
-            # Include children in the "all" field, if needed
-            response.data["all"] = [tag.pk for tag in children_source]
-        return response
-
    def perform_update(self, serializer):
        old_parent = self.get_object().get_parent()
        tag = serializer.save()
@@ -520,7 +459,7 @@ class TagViewSet(PermissionsAwareDocumentCountMixin, ModelViewSet):


@extend_schema_view(**generate_object_with_permissions_schema(DocumentTypeSerializer))
-class DocumentTypeViewSet(PermissionsAwareDocumentCountMixin, ModelViewSet):
+class DocumentTypeViewSet(ModelViewSet, PermissionsAwareDocumentCountMixin):
    model = DocumentType

    queryset = DocumentType.objects.select_related("owner").order_by(Lower("name"))
@@ -1121,7 +1060,7 @@ class DocumentViewSet(
            ):
                return HttpResponseForbidden("Insufficient permissions to delete notes")

-            note = Note.objects.get(id=int(request.GET.get("id")), document=doc)
+            note = Note.objects.get(id=int(request.GET.get("id")))
            if settings.AUDIT_LOG_ENABLED:
                LogEntry.objects.log_create(
                    instance=doc,
@@ -1725,8 +1664,6 @@ class PostDocumentView(GenericAPIView):
    parser_classes = (parsers.MultiPartParser,)

    def post(self, request, *args, **kwargs):
-        if not request.user.has_perm("documents.add_document"):
-            return HttpResponseForbidden("Insufficient permissions")
        serializer = self.get_serializer(data=request.data)
        serializer.is_valid(raise_exception=True)

@@ -2366,7 +2303,7 @@ class BulkDownloadView(GenericAPIView):


@extend_schema_view(**generate_object_with_permissions_schema(StoragePathSerializer))
-class StoragePathViewSet(PermissionsAwareDocumentCountMixin, ModelViewSet):
+class StoragePathViewSet(ModelViewSet, PermissionsAwareDocumentCountMixin):
    model = StoragePath

    queryset = StoragePath.objects.select_related("owner").order_by(
@@ -2411,10 +2348,7 @@ class StoragePathViewSet(PermissionsAwareDocumentCountMixin, ModelViewSet):
        """
        Test storage path against a document
        """
-        serializer = StoragePathTestSerializer(
-            data=request.data,
-            context={"request": request},
-        )
+        serializer = StoragePathTestSerializer(data=request.data)
        serializer.is_valid(raise_exception=True)

        document = serializer.validated_data.get("document")
@@ -2886,7 +2820,7 @@ class WorkflowViewSet(ModelViewSet):
    )


-class CustomFieldViewSet(PermissionsAwareDocumentCountMixin, ModelViewSet):
+class CustomFieldViewSet(ModelViewSet):
    permission_classes = (IsAuthenticated, PaperlessObjectPermissions)

    serializer_class = CustomFieldSerializer
@@ -2898,11 +2832,35 @@ class CustomFieldViewSet(PermissionsAwareDocumentCountMixin, ModelViewSet):
    filterset_class = CustomFieldFilterSet

    model = CustomField
-    document_count_through = CustomFieldInstance
-    document_count_source_field = "field_id"

    queryset = CustomField.objects.all().order_by("-created")

+    def get_queryset(self):
+        filter = (
+            Q(fields__document__deleted_at__isnull=True)
+            if self.request.user is None or self.request.user.is_superuser
+            else (
+                Q(
+                    fields__document__deleted_at__isnull=True,
+                    fields__document__id__in=get_objects_for_user_owner_aware(
+                        self.request.user,
+                        "documents.view_document",
+                        Document,
+                    ).values_list("id", flat=True),
+                )
+            )
+        )
+        return (
+            super()
+            .get_queryset()
+            .annotate(
+                document_count=Count(
+                    "fields",
+                    filter=filter,
+                ),
+            )
+        )
+

@extend_schema_view(
    get=extend_schema(
--- a/src/documents/workflows/utils.py
+++ b/src/documents/workflows/utils.py
@@ -20,6 +20,9 @@ def get_workflows_for_trigger(
    wrap it in a list; otherwise fetch enabled workflows for the trigger with
    the prefetches used by the runner.
    """
+    if workflow_to_run is not None:
+        return [workflow_to_run]
+
    annotated_actions = (
        WorkflowAction.objects.select_related(
            "assign_correspondent",
@@ -102,25 +105,10 @@ def get_workflows_for_trigger(
        )
    )

-    action_prefetch = Prefetch(
-        "actions",
-        queryset=annotated_actions.order_by("order", "pk"),
-    )
-
-    if workflow_to_run is not None:
-        return (
-            Workflow.objects.filter(pk=workflow_to_run.pk)
-            .prefetch_related(
-                action_prefetch,
-                "triggers",
-            )
-            .distinct()
-        )
-
    return (
        Workflow.objects.filter(enabled=True, triggers__type=trigger_type)
        .prefetch_related(
-            action_prefetch,
+            Prefetch("actions", queryset=annotated_actions),
            "triggers",
        )
        .order_by("order")
--- a/src/locale/en_US/LC_MESSAGES/django.po
+++ b/src/locale/en_US/LC_MESSAGES/django.po
@@ -2,7 +2,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: paperless-ngx\n"
 "Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2025-12-12 17:41+0000\n"
+"POT-Creation-Date: 2025-12-29 14:49+0000\n"
 "PO-Revision-Date: 2022-02-17 04:17\n"
 "Last-Translator: \n"
 "Language-Team: English\n"
@@ -1219,35 +1219,35 @@ msgstr ""
 msgid "workflow runs"
 msgstr ""

-#: documents/serialisers.py:640
+#: documents/serialisers.py:642
 msgid "Invalid color."
 msgstr ""

-#: documents/serialisers.py:1826
+#: documents/serialisers.py:1835
 #, python-format
 msgid "File type %(type)s not supported"
 msgstr ""

-#: documents/serialisers.py:1870
+#: documents/serialisers.py:1879
 #, python-format
 msgid "Custom field id must be an integer: %(id)s"
 msgstr ""

-#: documents/serialisers.py:1877
+#: documents/serialisers.py:1886
 #, python-format
 msgid "Custom field with id %(id)s does not exist"
 msgstr ""

-#: documents/serialisers.py:1894 documents/serialisers.py:1904
+#: documents/serialisers.py:1903 documents/serialisers.py:1913
 msgid ""
 "Custom fields must be a list of integers or an object mapping ids to values."
 msgstr ""

-#: documents/serialisers.py:1899
+#: documents/serialisers.py:1908
 msgid "Some custom fields don't exist or were specified twice."
 msgstr ""

-#: documents/serialisers.py:2014
+#: documents/serialisers.py:2023
 msgid "Invalid variable detected."
 msgstr ""

@@ -1767,82 +1767,86 @@ msgid "Hungarian"
 msgstr ""

 #: paperless/settings.py:789
-msgid "Italian"
+msgid "Indonesian"
 msgstr ""

 #: paperless/settings.py:790
-msgid "Japanese"
+msgid "Italian"
 msgstr ""

 #: paperless/settings.py:791
-msgid "Korean"
+msgid "Japanese"
 msgstr ""

 #: paperless/settings.py:792
-msgid "Luxembourgish"
+msgid "Korean"
 msgstr ""

 #: paperless/settings.py:793
-msgid "Norwegian"
+msgid "Luxembourgish"
 msgstr ""

 #: paperless/settings.py:794
-msgid "Dutch"
+msgid "Norwegian"
 msgstr ""

 #: paperless/settings.py:795
-msgid "Polish"
+msgid "Dutch"
 msgstr ""

 #: paperless/settings.py:796
-msgid "Portuguese (Brazil)"
+msgid "Polish"
 msgstr ""

 #: paperless/settings.py:797
-msgid "Portuguese"
+msgid "Portuguese (Brazil)"
 msgstr ""

 #: paperless/settings.py:798
-msgid "Romanian"
+msgid "Portuguese"
 msgstr ""

 #: paperless/settings.py:799
-msgid "Russian"
+msgid "Romanian"
 msgstr ""

 #: paperless/settings.py:800
-msgid "Slovak"
+msgid "Russian"
 msgstr ""

 #: paperless/settings.py:801
-msgid "Slovenian"
+msgid "Slovak"
 msgstr ""

 #: paperless/settings.py:802
-msgid "Serbian"
+msgid "Slovenian"
 msgstr ""

 #: paperless/settings.py:803
-msgid "Swedish"
+msgid "Serbian"
 msgstr ""

 #: paperless/settings.py:804
-msgid "Turkish"
+msgid "Swedish"
 msgstr ""

 #: paperless/settings.py:805
-msgid "Ukrainian"
+msgid "Turkish"
 msgstr ""

 #: paperless/settings.py:806
-msgid "Vietnamese"
+msgid "Ukrainian"
 msgstr ""

 #: paperless/settings.py:807
-msgid "Chinese Simplified"
+msgid "Vietnamese"
 msgstr ""

 #: paperless/settings.py:808
+msgid "Chinese Simplified"
+msgstr ""
+
+#: paperless/settings.py:809
 msgid "Chinese Traditional"
 msgstr ""

--- a/src/paperless/settings.py
+++ b/src/paperless/settings.py
@@ -786,6 +786,7 @@ LANGUAGES = [
    ("fi-fi", _("Finnish")),
    ("fr-fr", _("French")),
    ("hu-hu", _("Hungarian")),
+    ("id-id", _("Indonesian")),
    ("it-it", _("Italian")),
    ("ja-jp", _("Japanese")),
    ("ko-kr", _("Korean")),
--- a/src/paperless/version.py
+++ b/src/paperless/version.py
@@ -1,6 +1,6 @@
 from typing import Final

-__version__: Final[tuple[int, int, int]] = (2, 20, 8)
+__version__: Final[tuple[int, int, int]] = (2, 20, 3)
 # Version string like X.Y.Z
 __full_version_str__: Final[str] = ".".join(map(str, __version__))
 # Version string like X.Y
--- a/src/paperless_mail/tests/test_api.py
+++ b/src/paperless_mail/tests/test_api.py
@@ -272,24 +272,6 @@ class TestAPIMailAccounts(DirectoriesMixin, APITestCase):
        self.assertEqual(response.status_code, status.HTTP_200_OK)
        self.assertEqual(response.data["success"], True)

-    def test_mail_account_test_existing_nonexistent_id_forbidden(self):
-        response = self.client.post(
-            f"{self.ENDPOINT}test/",
-            json.dumps(
-                {
-                    "id": 999999,
-                    "imap_server": "server.example.com",
-                    "imap_port": 443,
-                    "imap_security": MailAccount.ImapSecurity.SSL,
-                    "username": "admin",
-                    "password": "******",
-                },
-            ),
-            content_type="application/json",
-        )
-        self.assertEqual(response.status_code, status.HTTP_403_FORBIDDEN)
-        self.assertEqual(response.content.decode(), "Insufficient permissions")
-
    def test_get_mail_accounts_owner_aware(self):
        """
        GIVEN:
--- a/src/paperless_mail/tests/test_mail.py
+++ b/src/paperless_mail/tests/test_mail.py
@@ -9,7 +9,6 @@ from datetime import timedelta
 from unittest import mock

 import pytest
-from django.contrib.auth.models import Permission
 from django.contrib.auth.models import User
 from django.core.management import call_command
 from django.db import DatabaseError
@@ -1109,6 +1108,7 @@ class TestMail(
        self.assertEqual(len(self.mailMocker.bogus_mailbox.messages), 2)
        self.assertEqual(len(self.mailMocker.bogus_mailbox.messages_spam), 1)

+    @pytest.mark.flaky(reruns=4)
    def test_error_skip_rule(self):
        account = MailAccount.objects.create(
            name="test2",
@@ -1700,10 +1700,6 @@ class TestMailAccountTestView(APITestCase):
            username="testuser",
            password="testpassword",
        )
-        self.user.user_permissions.add(
-            *Permission.objects.filter(codename__in=["add_mailaccount"]),
-        )
-        self.user.save()
        self.client.force_authenticate(user=self.user)
        self.url = "/api/mail_accounts/test/"

@@ -1820,54 +1816,6 @@ class TestMailAccountTestView(APITestCase):
            expected_str = "Unable to refresh oauth token"
            self.assertIn(expected_str, error_str)

-    def test_mail_account_test_view_existing_forbidden_for_other_owner(self):
-        other_user = User.objects.create_user(
-            username="otheruser",
-            password="testpassword",
-        )
-        existing_account = MailAccount.objects.create(
-            name="Owned account",
-            imap_server="imap.example.com",
-            imap_port=993,
-            imap_security=MailAccount.ImapSecurity.SSL,
-            username="admin",
-            password="secret",
-            owner=other_user,
-        )
-        data = {
-            "id": existing_account.id,
-            "imap_server": "imap.example.com",
-            "imap_port": 993,
-            "imap_security": MailAccount.ImapSecurity.SSL,
-            "username": "admin",
-            "password": "****",
-            "is_token": False,
-        }
-
-        response = self.client.post(self.url, data, format="json")
-
-        self.assertEqual(response.status_code, status.HTTP_403_FORBIDDEN)
-        self.assertEqual(response.content.decode(), "Insufficient permissions")
-
-    def test_mail_account_test_view_requires_add_permission_without_account_id(self):
-        self.user.user_permissions.remove(
-            *Permission.objects.filter(codename__in=["add_mailaccount"]),
-        )
-        self.user.save()
-        data = {
-            "imap_server": "imap.example.com",
-            "imap_port": 993,
-            "imap_security": MailAccount.ImapSecurity.SSL,
-            "username": "admin",
-            "password": "secret",
-            "is_token": False,
-        }
-
-        response = self.client.post(self.url, data, format="json")
-
-        self.assertEqual(response.status_code, status.HTTP_403_FORBIDDEN)
-        self.assertEqual(response.content.decode(), "Insufficient permissions")
-

 class TestMailAccountProcess(APITestCase):
    def setUp(self):
--- a/src/paperless_mail/views.py
+++ b/src/paperless_mail/views.py
@@ -86,34 +86,13 @@ class MailAccountViewSet(ModelViewSet, PassUserMixin):
        request.data["name"] = datetime.datetime.now().isoformat()
        serializer = self.get_serializer(data=request.data)
        serializer.is_valid(raise_exception=True)
-        existing_account = None
-        account_id = request.data.get("id")

-        # testing a new connection requires add permission
-        if account_id is None and not request.user.has_perms(
-            ["paperless_mail.add_mailaccount"],
-        ):
-            return HttpResponseForbidden("Insufficient permissions")
-
-        # testing an existing account requires change permission on that account
-        if account_id is not None:
-            try:
-                existing_account = MailAccount.objects.get(pk=account_id)
-            except (TypeError, ValueError, MailAccount.DoesNotExist):
-                return HttpResponseForbidden("Insufficient permissions")
-
-            if not has_perms_owner_aware(
-                request.user,
-                "change_mailaccount",
-                existing_account,
-            ):
-                return HttpResponseForbidden("Insufficient permissions")
-
-        # account exists, use the password from there instead of ***
+        # account exists, use the password from there instead of *** and refresh_token / expiration
        if (
            len(serializer.validated_data.get("password").replace("*", "")) == 0
-            and existing_account is not None
+            and request.data["id"] is not None
        ):
+            existing_account = MailAccount.objects.get(pk=request.data["id"])
            serializer.validated_data["password"] = existing_account.password
            serializer.validated_data["account_type"] = existing_account.account_type
            serializer.validated_data["refresh_token"] = existing_account.refresh_token
@@ -127,8 +106,7 @@ class MailAccountViewSet(ModelViewSet, PassUserMixin):
        ) as M:
            try:
                if (
-                    existing_account is not None
-                    and account.is_token
+                    account.is_token
                    and account.expiration is not None
                    and account.expiration < timezone.now()
                ):
@@ -270,7 +248,6 @@ class OauthCallbackView(GenericAPIView):
                imap_server=imap_server,
                refresh_token=refresh_token,
                expiration=timezone.now() + timedelta(seconds=expires_in),
-                owner=request.user,
                defaults=defaults,
            )
            return HttpResponseRedirect(
--- a/uv.lock
+++ b/uv.lock
@@ -104,6 +104,20 @@ wheels = [
    { url = "https://files.pythonhosted.org/packages/b7/b8/3fe70c75fe32afc4bb507f75563d39bc5642255d1d94f1f23604725780bf/babel-2.17.0-py3-none-any.whl", hash = "sha256:4d0b53093fdfb4b21c92b5213dba5a1b23885afa8383709427046b21c366e5f2", size = 10182537, upload-time = "2025-02-01T15:17:37.39Z" },
 ]

+[[package]]
+name = "backrefs"
+version = "5.9"
+source = { registry = "https://pypi.org/simple" }
+sdist = { url = "https://files.pythonhosted.org/packages/eb/a7/312f673df6a79003279e1f55619abbe7daebbb87c17c976ddc0345c04c7b/backrefs-5.9.tar.gz", hash = "sha256:808548cb708d66b82ee231f962cb36faaf4f2baab032f2fbb783e9c2fdddaa59", size = 5765857, upload-time = "2025-06-22T19:34:13.97Z" }
+wheels = [
+    { url = "https://files.pythonhosted.org/packages/19/4d/798dc1f30468134906575156c089c492cf79b5a5fd373f07fe26c4d046bf/backrefs-5.9-py310-none-any.whl", hash = "sha256:db8e8ba0e9de81fcd635f440deab5ae5f2591b54ac1ebe0550a2ca063488cd9f", size = 380267, upload-time = "2025-06-22T19:34:05.252Z" },
+    { url = "https://files.pythonhosted.org/packages/55/07/f0b3375bf0d06014e9787797e6b7cc02b38ac9ff9726ccfe834d94e9991e/backrefs-5.9-py311-none-any.whl", hash = "sha256:6907635edebbe9b2dc3de3a2befff44d74f30a4562adbb8b36f21252ea19c5cf", size = 392072, upload-time = "2025-06-22T19:34:06.743Z" },
+    { url = "https://files.pythonhosted.org/packages/9d/12/4f345407259dd60a0997107758ba3f221cf89a9b5a0f8ed5b961aef97253/backrefs-5.9-py312-none-any.whl", hash = "sha256:7fdf9771f63e6028d7fee7e0c497c81abda597ea45d6b8f89e8ad76994f5befa", size = 397947, upload-time = "2025-06-22T19:34:08.172Z" },
+    { url = "https://files.pythonhosted.org/packages/10/bf/fa31834dc27a7f05e5290eae47c82690edc3a7b37d58f7fb35a1bdbf355b/backrefs-5.9-py313-none-any.whl", hash = "sha256:cc37b19fa219e93ff825ed1fed8879e47b4d89aa7a1884860e2db64ccd7c676b", size = 399843, upload-time = "2025-06-22T19:34:09.68Z" },
+    { url = "https://files.pythonhosted.org/packages/fc/24/b29af34b2c9c41645a9f4ff117bae860291780d73880f449e0b5d948c070/backrefs-5.9-py314-none-any.whl", hash = "sha256:df5e169836cc8acb5e440ebae9aad4bf9d15e226d3bad049cf3f6a5c20cc8dc9", size = 411762, upload-time = "2025-06-22T19:34:11.037Z" },
+    { url = "https://files.pythonhosted.org/packages/41/ff/392bff89415399a979be4a65357a41d92729ae8580a66073d8ec8d810f98/backrefs-5.9-py39-none-any.whl", hash = "sha256:f48ee18f6252b8f5777a22a00a09a85de0ca931658f1dd96d4406a34f3748c60", size = 380265, upload-time = "2025-06-22T19:34:12.405Z" },
+]
+
 [[package]]
 name = "billiard"
 version = "4.2.2"
@@ -443,6 +457,15 @@ wheels = [
    { url = "https://files.pythonhosted.org/packages/52/40/9d857001228658f0d59e97ebd4c346fe73e138c6de1bce61dc568a57c7f8/click_repl-0.3.0-py3-none-any.whl", hash = "sha256:fb7e06deb8da8de86180a33a9da97ac316751c094c6899382da7feeeeb51b812", size = 10289, upload-time = "2023-06-15T12:43:48.626Z" },
 ]

+[[package]]
+name = "colorama"
+version = "0.4.6"
+source = { registry = "https://pypi.org/simple" }
+sdist = { url = "https://files.pythonhosted.org/packages/d8/53/6f443c9a4a8358a93a6792e2acffb9d9d5cb0a5cfd8802644b7b1c9a02e4/colorama-0.4.6.tar.gz", hash = "sha256:08695f5cb7ed6e0531a20572697297273c47b8cae5a63ffc6d6ed5c201be6e44", size = 27697, upload-time = "2022-10-25T02:36:22.414Z" }
+wheels = [
+    { url = "https://files.pythonhosted.org/packages/d1/d6/3965ed04c63042e047cb6a3e6ed1a63a35087b6a609aa3a15ed8ac56c221/colorama-0.4.6-py2.py3-none-any.whl", hash = "sha256:4f1d9991f5acc0ca119f9d443620b77f9d6b33703e51011c16baf57afb285fc6", size = 25335, upload-time = "2022-10-25T02:36:20.889Z" },
+]
+
 [[package]]
 name = "concurrent-log-handler"
 version = "0.9.28"
@@ -618,15 +641,6 @@ wheels = [
    { url = "https://files.pythonhosted.org/packages/87/22/f020c047ae1346613db9322638186468238bcfa8849b4668a22b97faad65/dateparser-1.2.2-py3-none-any.whl", hash = "sha256:5a5d7211a09013499867547023a2a0c91d5a27d15dd4dbcea676ea9fe66f2482", size = 315453, upload-time = "2025-06-26T09:29:21.412Z" },
 ]

-[[package]]
-name = "deepmerge"
-version = "2.0"
-source = { registry = "https://pypi.org/simple" }
-sdist = { url = "https://files.pythonhosted.org/packages/a8/3a/b0ba594708f1ad0bc735884b3ad854d3ca3bdc1d741e56e40bbda6263499/deepmerge-2.0.tar.gz", hash = "sha256:5c3d86081fbebd04dd5de03626a0607b809a98fb6ccba5770b62466fe940ff20", size = 19890, upload-time = "2024-08-30T05:31:50.308Z" }
-wheels = [
-    { url = "https://files.pythonhosted.org/packages/2d/82/e5d2c1c67d19841e9edc74954c827444ae826978499bde3dfc1d007c8c11/deepmerge-2.0-py3-none-any.whl", hash = "sha256:6de9ce507115cff0bed95ff0ce9ecc31088ef50cbdf09bc90a09349a318b3d00", size = 13475, upload-time = "2024-08-30T05:31:48.659Z" },
-]
-
 [[package]]
 name = "deprecated"
 version = "1.2.18"
@@ -1045,6 +1059,18 @@ wheels = [
    { url = "https://files.pythonhosted.org/packages/a6/ff/ee2f67c0ff146ec98b5df1df637b2bc2d17beeb05df9f427a67bd7a7d79c/flower-2.0.1-py2.py3-none-any.whl", hash = "sha256:9db2c621eeefbc844c8dd88be64aef61e84e2deb29b271e02ab2b5b9f01068e2", size = 383553, upload-time = "2023-08-13T14:37:41.552Z" },
 ]

+[[package]]
+name = "ghp-import"
+version = "2.1.0"
+source = { registry = "https://pypi.org/simple" }
+dependencies = [
+    { name = "python-dateutil", marker = "sys_platform == 'darwin' or sys_platform == 'linux'" },
+]
+sdist = { url = "https://files.pythonhosted.org/packages/d9/29/d40217cbe2f6b1359e00c6c307bb3fc876ba74068cbab3dde77f03ca0dc4/ghp-import-2.1.0.tar.gz", hash = "sha256:9c535c4c61193c2df8871222567d7fd7e5014d835f97dc7b7439069e2413d343", size = 10943, upload-time = "2022-05-02T15:47:16.11Z" }
+wheels = [
+    { url = "https://files.pythonhosted.org/packages/f7/ec/67fbef5d497f86283db54c22eec6f6140243aae73265799baaaa19cd17fb/ghp_import-2.1.0-py3-none-any.whl", hash = "sha256:8337dd7b50877f163d4c0289bc1f1c7f127550241988d568c1db512c4324a619", size = 11034, upload-time = "2022-05-02T15:47:14.552Z" },
+]
+
 [[package]]
 name = "gotenberg-client"
 version = "0.12.0"
@@ -1617,11 +1643,11 @@ wheels = [

 [[package]]
 name = "markdown"
-version = "3.10.1"
+version = "3.9"
 source = { registry = "https://pypi.org/simple" }
-sdist = { url = "https://files.pythonhosted.org/packages/b7/b1/af95bcae8549f1f3fd70faacb29075826a0d689a27f232e8cee315efa053/markdown-3.10.1.tar.gz", hash = "sha256:1c19c10bd5c14ac948c53d0d762a04e2fa35a6d58a6b7b1e6bfcbe6fefc0001a", size = 365402, upload-time = "2026-01-21T18:09:28.206Z" }
+sdist = { url = "https://files.pythonhosted.org/packages/8d/37/02347f6d6d8279247a5837082ebc26fc0d5aaeaf75aa013fcbb433c777ab/markdown-3.9.tar.gz", hash = "sha256:d2900fe1782bd33bdbbd56859defef70c2e78fc46668f8eb9df3128138f2cb6a", size = 364585, upload-time = "2025-09-04T20:25:22.885Z" }
 wheels = [
-    { url = "https://files.pythonhosted.org/packages/59/1b/6ef961f543593969d25b2afe57a3564200280528caa9bd1082eecdd7b3bc/markdown-3.10.1-py3-none-any.whl", hash = "sha256:867d788939fe33e4b736426f5b9f651ad0c0ae0ecf89df0ca5d1176c70812fe3", size = 107684, upload-time = "2026-01-21T18:09:27.203Z" },
+    { url = "https://files.pythonhosted.org/packages/70/ae/44c4a6a4cbb496d93c6257954260fe3a6e91b7bed2240e5dad2a717f5111/markdown-3.9-py3-none-any.whl", hash = "sha256:9f4d91ed810864ea88a6f32c07ba8bee1346c0cc1f6b1f9f6c822f2a9667d280", size = 107441, upload-time = "2025-09-04T20:25:21.784Z" },
 ]

 [[package]]
@@ -1709,6 +1735,95 @@ wheels = [
    { url = "https://files.pythonhosted.org/packages/b3/38/89ba8ad64ae25be8de66a6d463314cf1eb366222074cfda9ee839c56a4b4/mdurl-0.1.2-py3-none-any.whl", hash = "sha256:84008a41e51615a49fc9966191ff91509e3c40b939176e643fd50a5c2196b8f8", size = 9979, upload-time = "2022-08-14T12:40:09.779Z" },
 ]

+[[package]]
+name = "mergedeep"
+version = "1.3.4"
+source = { registry = "https://pypi.org/simple" }
+sdist = { url = "https://files.pythonhosted.org/packages/3a/41/580bb4006e3ed0361b8151a01d324fb03f420815446c7def45d02f74c270/mergedeep-1.3.4.tar.gz", hash = "sha256:0096d52e9dad9939c3d975a774666af186eda617e6ca84df4c94dec30004f2a8", size = 4661, upload-time = "2021-02-05T18:55:30.623Z" }
+wheels = [
+    { url = "https://files.pythonhosted.org/packages/2c/19/04f9b178c2d8a15b076c8b5140708fa6ffc5601fb6f1e975537072df5b2a/mergedeep-1.3.4-py3-none-any.whl", hash = "sha256:70775750742b25c0d8f36c55aed03d24c3384d17c951b3175d898bd778ef0307", size = 6354, upload-time = "2021-02-05T18:55:29.583Z" },
+]
+
+[[package]]
+name = "mkdocs"
+version = "1.6.1"
+source = { registry = "https://pypi.org/simple" }
+dependencies = [
+    { name = "click", marker = "sys_platform == 'darwin' or sys_platform == 'linux'" },
+    { name = "ghp-import", marker = "sys_platform == 'darwin' or sys_platform == 'linux'" },
+    { name = "jinja2", marker = "sys_platform == 'darwin' or sys_platform == 'linux'" },
+    { name = "markdown", marker = "sys_platform == 'darwin' or sys_platform == 'linux'" },
+    { name = "markupsafe", marker = "sys_platform == 'darwin' or sys_platform == 'linux'" },
+    { name = "mergedeep", marker = "sys_platform == 'darwin' or sys_platform == 'linux'" },
+    { name = "mkdocs-get-deps", marker = "sys_platform == 'darwin' or sys_platform == 'linux'" },
+    { name = "packaging", marker = "sys_platform == 'darwin' or sys_platform == 'linux'" },
+    { name = "pathspec", marker = "sys_platform == 'darwin' or sys_platform == 'linux'" },
+    { name = "pyyaml", marker = "sys_platform == 'darwin' or sys_platform == 'linux'" },
+    { name = "pyyaml-env-tag", marker = "sys_platform == 'darwin' or sys_platform == 'linux'" },
+    { name = "watchdog", marker = "sys_platform == 'darwin' or sys_platform == 'linux'" },
+]
+sdist = { url = "https://files.pythonhosted.org/packages/bc/c6/bbd4f061bd16b378247f12953ffcb04786a618ce5e904b8c5a01a0309061/mkdocs-1.6.1.tar.gz", hash = "sha256:7b432f01d928c084353ab39c57282f29f92136665bdd6abf7c1ec8d822ef86f2", size = 3889159, upload-time = "2024-08-30T12:24:06.899Z" }
+wheels = [
+    { url = "https://files.pythonhosted.org/packages/22/5b/dbc6a8cddc9cfa9c4971d59fb12bb8d42e161b7e7f8cc89e49137c5b279c/mkdocs-1.6.1-py3-none-any.whl", hash = "sha256:db91759624d1647f3f34aa0c3f327dd2601beae39a366d6e064c03468d35c20e", size = 3864451, upload-time = "2024-08-30T12:24:05.054Z" },
+]
+
+[[package]]
+name = "mkdocs-get-deps"
+version = "0.2.0"
+source = { registry = "https://pypi.org/simple" }
+dependencies = [
+    { name = "mergedeep", marker = "sys_platform == 'darwin' or sys_platform == 'linux'" },
+    { name = "platformdirs", marker = "sys_platform == 'darwin' or sys_platform == 'linux'" },
+    { name = "pyyaml", marker = "sys_platform == 'darwin' or sys_platform == 'linux'" },
+]
+sdist = { url = "https://files.pythonhosted.org/packages/98/f5/ed29cd50067784976f25ed0ed6fcd3c2ce9eb90650aa3b2796ddf7b6870b/mkdocs_get_deps-0.2.0.tar.gz", hash = "sha256:162b3d129c7fad9b19abfdcb9c1458a651628e4b1dea628ac68790fb3061c60c", size = 10239, upload-time = "2023-11-20T17:51:09.981Z" }
+wheels = [
+    { url = "https://files.pythonhosted.org/packages/9f/d4/029f984e8d3f3b6b726bd33cafc473b75e9e44c0f7e80a5b29abc466bdea/mkdocs_get_deps-0.2.0-py3-none-any.whl", hash = "sha256:2bf11d0b133e77a0dd036abeeb06dec8775e46efa526dc70667d8863eefc6134", size = 9521, upload-time = "2023-11-20T17:51:08.587Z" },
+]
+
+[[package]]
+name = "mkdocs-glightbox"
+version = "0.5.2"
+source = { registry = "https://pypi.org/simple" }
+dependencies = [
+    { name = "selectolax", marker = "sys_platform == 'darwin' or sys_platform == 'linux'" },
+]
+sdist = { url = "https://files.pythonhosted.org/packages/8d/26/c793459622da8e31f954c6f5fb51e8f098143fdfc147b1e3c25bf686f4aa/mkdocs_glightbox-0.5.2.tar.gz", hash = "sha256:c7622799347c32310878e01ccf14f70648445561010911c80590cec0353370ac", size = 510586, upload-time = "2025-10-23T14:55:18.909Z" }
+wheels = [
+    { url = "https://files.pythonhosted.org/packages/4e/ca/03624e017e5ee2d7ce8a08d89f81c1e535eb3c30d7b2dc4a435ea3fbbeae/mkdocs_glightbox-0.5.2-py3-none-any.whl", hash = "sha256:23a431ea802b60b1030c73323db2eed6ba859df1a0822ce575afa43e0ea3f47e", size = 26458, upload-time = "2025-10-23T14:55:17.43Z" },
+]
+
+[[package]]
+name = "mkdocs-material"
+version = "9.7.0"
+source = { registry = "https://pypi.org/simple" }
+dependencies = [
+    { name = "babel", marker = "sys_platform == 'darwin' or sys_platform == 'linux'" },
+    { name = "backrefs", marker = "sys_platform == 'darwin' or sys_platform == 'linux'" },
+    { name = "colorama", marker = "sys_platform == 'darwin' or sys_platform == 'linux'" },
+    { name = "jinja2", marker = "sys_platform == 'darwin' or sys_platform == 'linux'" },
+    { name = "markdown", marker = "sys_platform == 'darwin' or sys_platform == 'linux'" },
+    { name = "mkdocs", marker = "sys_platform == 'darwin' or sys_platform == 'linux'" },
+    { name = "mkdocs-material-extensions", marker = "sys_platform == 'darwin' or sys_platform == 'linux'" },
+    { name = "paginate", marker = "sys_platform == 'darwin' or sys_platform == 'linux'" },
+    { name = "pygments", marker = "sys_platform == 'darwin' or sys_platform == 'linux'" },
+    { name = "pymdown-extensions", marker = "sys_platform == 'darwin' or sys_platform == 'linux'" },
+    { name = "requests", marker = "sys_platform == 'darwin' or sys_platform == 'linux'" },
+]
+sdist = { url = "https://files.pythonhosted.org/packages/9c/3b/111b84cd6ff28d9e955b5f799ef217a17bc1684ac346af333e6100e413cb/mkdocs_material-9.7.0.tar.gz", hash = "sha256:602b359844e906ee402b7ed9640340cf8a474420d02d8891451733b6b02314ec", size = 4094546, upload-time = "2025-11-11T08:49:09.73Z" }
+wheels = [
+    { url = "https://files.pythonhosted.org/packages/04/87/eefe8d5e764f4cf50ed91b943f8e8f96b5efd65489d8303b7a36e2e79834/mkdocs_material-9.7.0-py3-none-any.whl", hash = "sha256:da2866ea53601125ff5baa8aa06404c6e07af3c5ce3d5de95e3b52b80b442887", size = 9283770, upload-time = "2025-11-11T08:49:06.26Z" },
+]
+
+[[package]]
+name = "mkdocs-material-extensions"
+version = "1.3.1"
+source = { registry = "https://pypi.org/simple" }
+sdist = { url = "https://files.pythonhosted.org/packages/79/9b/9b4c96d6593b2a541e1cb8b34899a6d021d208bb357042823d4d2cabdbe7/mkdocs_material_extensions-1.3.1.tar.gz", hash = "sha256:10c9511cea88f568257f960358a467d12b970e1f7b2c0e5fb2bb48cab1928443", size = 11847, upload-time = "2023-11-22T19:09:45.208Z" }
+wheels = [
+    { url = "https://files.pythonhosted.org/packages/5b/54/662a4743aa81d9582ee9339d4ffa3c8fd40a4965e033d77b9da9774d3960/mkdocs_material_extensions-1.3.1-py3-none-any.whl", hash = "sha256:adff8b62700b25cb77b53358dad940f3ef973dd6db797907c49e3c2ef3ab4e31", size = 8728, upload-time = "2023-11-22T19:09:43.465Z" },
+]
+
 [[package]]
 name = "msgpack"
 version = "1.1.1"
@@ -1989,9 +2104,18 @@ wheels = [
    { url = "https://files.pythonhosted.org/packages/20/12/38679034af332785aac8774540895e234f4d07f7545804097de4b666afd8/packaging-25.0-py3-none-any.whl", hash = "sha256:29572ef2b1f17581046b3a2227d5c611fb25ec70ca1ba8554b24b0e69331a484", size = 66469, upload-time = "2025-04-19T11:48:57.875Z" },
 ]

+[[package]]
+name = "paginate"
+version = "0.5.7"
+source = { registry = "https://pypi.org/simple" }
+sdist = { url = "https://files.pythonhosted.org/packages/ec/46/68dde5b6bc00c1296ec6466ab27dddede6aec9af1b99090e1107091b3b84/paginate-0.5.7.tar.gz", hash = "sha256:22bd083ab41e1a8b4f3690544afb2c60c25e5c9a63a30fa2f483f6c60c8e5945", size = 19252, upload-time = "2024-08-25T14:17:24.139Z" }
+wheels = [
+    { url = "https://files.pythonhosted.org/packages/90/96/04b8e52da071d28f5e21a805b19cb9390aa17a47462ac87f5e2696b9566d/paginate-0.5.7-py2.py3-none-any.whl", hash = "sha256:b885e2af73abcf01d9559fd5216b57ef722f8c42affbb63942377668e35c7591", size = 13746, upload-time = "2024-08-25T14:17:22.55Z" },
+]
+
 [[package]]
 name = "paperless-ngx"
-version = "2.20.8"
+version = "2.20.3"
 source = { virtual = "." }
 dependencies = [
    { name = "babel", marker = "sys_platform == 'darwin' or sys_platform == 'linux'" },
@@ -2072,6 +2196,8 @@ dev = [
    { name = "daphne", marker = "sys_platform == 'darwin' or sys_platform == 'linux'" },
    { name = "factory-boy", marker = "sys_platform == 'darwin' or sys_platform == 'linux'" },
    { name = "imagehash", marker = "sys_platform == 'darwin' or sys_platform == 'linux'" },
+    { name = "mkdocs-glightbox", marker = "sys_platform == 'darwin' or sys_platform == 'linux'" },
+    { name = "mkdocs-material", marker = "sys_platform == 'darwin' or sys_platform == 'linux'" },
    { name = "pre-commit", marker = "sys_platform == 'darwin' or sys_platform == 'linux'" },
    { name = "pre-commit-uv", marker = "sys_platform == 'darwin' or sys_platform == 'linux'" },
    { name = "pytest", marker = "sys_platform == 'darwin' or sys_platform == 'linux'" },
@@ -2084,10 +2210,10 @@ dev = [
    { name = "pytest-sugar", marker = "sys_platform == 'darwin' or sys_platform == 'linux'" },
    { name = "pytest-xdist", marker = "sys_platform == 'darwin' or sys_platform == 'linux'" },
    { name = "ruff", marker = "sys_platform == 'darwin' or sys_platform == 'linux'" },
-    { name = "zensical", marker = "sys_platform == 'darwin' or sys_platform == 'linux'" },
 ]
 docs = [
-    { name = "zensical", marker = "sys_platform == 'darwin' or sys_platform == 'linux'" },
+    { name = "mkdocs-glightbox", marker = "sys_platform == 'darwin' or sys_platform == 'linux'" },
+    { name = "mkdocs-material", marker = "sys_platform == 'darwin' or sys_platform == 'linux'" },
 ]
 lint = [
    { name = "pre-commit", marker = "sys_platform == 'darwin' or sys_platform == 'linux'" },
@@ -2200,6 +2326,8 @@ dev = [
    { name = "daphne" },
    { name = "factory-boy", specifier = "~=3.3.1" },
    { name = "imagehash" },
+    { name = "mkdocs-glightbox", specifier = "~=0.5.1" },
+    { name = "mkdocs-material", specifier = "~=9.7.0" },
    { name = "pre-commit", specifier = "~=4.4.0" },
    { name = "pre-commit-uv", specifier = "~=4.2.0" },
    { name = "pytest", specifier = "~=8.4.1" },
@@ -2212,9 +2340,11 @@ dev = [
    { name = "pytest-sugar" },
    { name = "pytest-xdist" },
    { name = "ruff", specifier = "~=0.14.0" },
-    { name = "zensical", specifier = ">=0.0.21" },
 ]
-docs = [{ name = "zensical", specifier = ">=0.0.21" }]
+docs = [
+    { name = "mkdocs-glightbox", specifier = "~=0.5.1" },
+    { name = "mkdocs-material", specifier = "~=9.7.0" },
+]
 lint = [
    { name = "pre-commit", specifier = "~=4.4.0" },
    { name = "pre-commit-uv", specifier = "~=4.2.0" },
@@ -2668,15 +2798,15 @@ crypto = [

 [[package]]
 name = "pymdown-extensions"
-version = "10.20.1"
+version = "10.16.1"
 source = { registry = "https://pypi.org/simple" }
 dependencies = [
    { name = "markdown", marker = "sys_platform == 'darwin' or sys_platform == 'linux'" },
    { name = "pyyaml", marker = "sys_platform == 'darwin' or sys_platform == 'linux'" },
 ]
-sdist = { url = "https://files.pythonhosted.org/packages/1e/6c/9e370934bfa30e889d12e61d0dae009991294f40055c238980066a7fbd83/pymdown_extensions-10.20.1.tar.gz", hash = "sha256:e7e39c865727338d434b55f1dd8da51febcffcaebd6e1a0b9c836243f660740a", size = 852860, upload-time = "2026-01-24T05:56:56.758Z" }
+sdist = { url = "https://files.pythonhosted.org/packages/55/b3/6d2b3f149bc5413b0a29761c2c5832d8ce904a1d7f621e86616d96f505cc/pymdown_extensions-10.16.1.tar.gz", hash = "sha256:aace82bcccba3efc03e25d584e6a22d27a8e17caa3f4dd9f207e49b787aa9a91", size = 853277, upload-time = "2025-07-28T16:19:34.167Z" }
 wheels = [
-    { url = "https://files.pythonhosted.org/packages/40/6d/b6ee155462a0156b94312bdd82d2b92ea56e909740045a87ccb98bf52405/pymdown_extensions-10.20.1-py3-none-any.whl", hash = "sha256:24af7feacbca56504b313b7b418c4f5e1317bb5fea60f03d57be7fcc40912aa0", size = 268768, upload-time = "2026-01-24T05:56:54.537Z" },
+    { url = "https://files.pythonhosted.org/packages/e4/06/43084e6cbd4b3bc0e80f6be743b2e79fbc6eed8de9ad8c629939fa55d972/pymdown_extensions-10.16.1-py3-none-any.whl", hash = "sha256:d6ba157a6c03146a7fb122b2b9a121300056384eafeec9c9f9e584adfdb2a32d", size = 266178, upload-time = "2025-07-28T16:19:31.401Z" },
 ]

 [[package]]
@@ -3014,6 +3144,18 @@ wheels = [
    { url = "https://files.pythonhosted.org/packages/da/92/1446574745d74df0c92e6aa4a7b0b3130706a4142b2d1a5869f2eaa423c6/pyyaml-6.0.3-cp314-cp314t-musllinux_1_2_x86_64.whl", hash = "sha256:16249ee61e95f858e83976573de0f5b2893b3677ba71c9dd36b9cf8be9ac6d65", size = 829923, upload-time = "2025-09-25T21:32:54.537Z" },
 ]

+[[package]]
+name = "pyyaml-env-tag"
+version = "1.1"
+source = { registry = "https://pypi.org/simple" }
+dependencies = [
+    { name = "pyyaml", marker = "sys_platform == 'darwin' or sys_platform == 'linux'" },
+]
+sdist = { url = "https://files.pythonhosted.org/packages/eb/2e/79c822141bfd05a853236b504869ebc6b70159afc570e1d5a20641782eaa/pyyaml_env_tag-1.1.tar.gz", hash = "sha256:2eb38b75a2d21ee0475d6d97ec19c63287a7e140231e4214969d0eac923cd7ff", size = 5737, upload-time = "2025-05-13T15:24:01.64Z" }
+wheels = [
+    { url = "https://files.pythonhosted.org/packages/04/11/432f32f8097b03e3cd5fe57e88efb685d964e2e5178a48ed61e841f7fdce/pyyaml_env_tag-1.1-py3-none-any.whl", hash = "sha256:17109e1a528561e32f026364712fee1264bc2ea6715120891174ed1b980d2e04", size = 4722, upload-time = "2025-05-13T15:23:59.629Z" },
+]
+
 [[package]]
 name = "pyzbar"
 version = "0.1.9"
@@ -3543,6 +3685,46 @@ wheels = [
    { url = "https://files.pythonhosted.org/packages/fd/c2/e276a237acb09824822b0ada11b028ed4067fdc367a946730979feacb870/scipy-1.16.2-cp314-cp314t-musllinux_1_2_x86_64.whl", hash = "sha256:b0348d8ddb55be2a844c518cd8cc8deeeb8aeba707cf834db5758fc89b476a2c", size = 38790088, upload-time = "2025-09-11T17:44:53.011Z" },
 ]

+[[package]]
+name = "selectolax"
+version = "0.3.29"
+source = { registry = "https://pypi.org/simple" }
+sdist = { url = "https://files.pythonhosted.org/packages/df/b9/b5a23e29d5e54c590eaad18bdbb1ced13b869b111e03d12ee0ae9eecf9b8/selectolax-0.3.29.tar.gz", hash = "sha256:28696fa4581765c705e15d05dfba464334f5f9bcb3eac9f25045f815aec6fbc1", size = 4691626, upload-time = "2025-04-30T15:17:37.98Z" }
+wheels = [
+    { url = "https://files.pythonhosted.org/packages/a1/8f/bf3d58ecc0e187806299324e2ad77646e837ff20400880f6fc0cbd14fb66/selectolax-0.3.29-cp310-cp310-macosx_10_9_universal2.whl", hash = "sha256:85aeae54f055cf5451828a21fbfecac99b8b5c27ec29fd10725b631593a7c9a3", size = 3643657, upload-time = "2025-04-30T15:15:40.734Z" },
+    { url = "https://files.pythonhosted.org/packages/de/b0/6d90a4d0eacb8253d88a9fcbcb8758b667900f45dcdb4a11c5fbd0d31599/selectolax-0.3.29-cp310-cp310-macosx_10_9_x86_64.whl", hash = "sha256:6ff48efe4364c8148a553a4105773a0accee9cc25e0f2a40ddac44d18a5a3000", size = 2089380, upload-time = "2025-04-30T15:15:42.928Z" },
+    { url = "https://files.pythonhosted.org/packages/f4/21/394b51998ef99f13f98da063fc71b8edf7191bb30aca06bcbc8a55d5a9ad/selectolax-0.3.29-cp310-cp310-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:25cfccfefc41361ab8a07f15a224524a4a8b77dfa7d253b34bbd397e45856734", size = 5505065, upload-time = "2025-04-30T15:15:44.986Z" },
+    { url = "https://files.pythonhosted.org/packages/dd/57/e38775b672f910e80742cbf7c3def5c670c1b6f9b05e8587b2fa8dc044c3/selectolax-0.3.29-cp310-cp310-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:2f5c3523ad5199a4fb9b95b6e24ff9222d3605023ca394b23f7dd910e7536daf", size = 5529205, upload-time = "2025-04-30T15:15:47.149Z" },
+    { url = "https://files.pythonhosted.org/packages/ec/0f/f6e3030107b486b6a4870f8471a675d435c4c34b8f9de3374652ed53004b/selectolax-0.3.29-cp310-cp310-manylinux_2_5_i686.manylinux1_i686.manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:cfb803d6bbe0ef3c8847cf5a01167cc428c0d9179946e1c994cc6178b5332d1a", size = 5146713, upload-time = "2025-04-30T15:15:49.332Z" },
+    { url = "https://files.pythonhosted.org/packages/d8/8d/b4fd119c216e8615ca6747f8f336643572178241921f33f5ffa4b074dc44/selectolax-0.3.29-cp310-cp310-musllinux_1_2_aarch64.whl", hash = "sha256:db734ba4ef44fa3b57ad9374fd7ccfc7815c0ae5cfcbd5ee25fe8587092618d1", size = 5416352, upload-time = "2025-04-30T15:15:50.909Z" },
+    { url = "https://files.pythonhosted.org/packages/d7/e7/94e694d14ae44bddc0d9b144647d5adbec0210d8e2c57d72ad9a133d9469/selectolax-0.3.29-cp310-cp310-musllinux_1_2_i686.whl", hash = "sha256:2bfe4327215a20af4197c5b7e3729a9552fb324bb57250dc7e7abfa0f848a463", size = 5140689, upload-time = "2025-04-30T15:15:52.477Z" },
+    { url = "https://files.pythonhosted.org/packages/90/62/79ba965daa1f12e5477b2ec08b289f8289dfc705928b08923d9c4b60c867/selectolax-0.3.29-cp310-cp310-musllinux_1_2_x86_64.whl", hash = "sha256:0a98c3f3d8fffb175456cb06096bc78103ddf6a209bea6392e0e4ea4e25aca71", size = 5481428, upload-time = "2025-04-30T15:15:54.371Z" },
+    { url = "https://files.pythonhosted.org/packages/2a/5d/ca72f7adddae4b2b128394a7559739a6a12c156d29b55968cfcfe07fac4d/selectolax-0.3.29-cp311-cp311-macosx_10_9_universal2.whl", hash = "sha256:d6a1cd0518fa7656ea1683c4b2d3b5a98306753f364da9f673517847e1680a3e", size = 3649215, upload-time = "2025-04-30T15:15:59.57Z" },
+    { url = "https://files.pythonhosted.org/packages/08/c6/ca984f90b12fb10790cc56c2670f1b5f09884ed2f2012a219094b38cbcb4/selectolax-0.3.29-cp311-cp311-macosx_10_9_x86_64.whl", hash = "sha256:3e5354d805dd76b4b38002f58e6ae2e7b429ac311bf3601992a6662d2bc86911", size = 2091848, upload-time = "2025-04-30T15:16:01.73Z" },
+    { url = "https://files.pythonhosted.org/packages/98/7f/c999ae6d9bfbaac3e8dea3dbb5ca6bdf61c220828e80a6c339e89f9db777/selectolax-0.3.29-cp311-cp311-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:7073e3bcdc60ebdb5f8777c79b465471ec000ab556134da4e00f037d3321a2ec", size = 5638593, upload-time = "2025-04-30T15:16:03.594Z" },
+    { url = "https://files.pythonhosted.org/packages/d6/32/ffd89376a888c24ecaf01fcffc5fe97b82ae03ab163158f51a559f1ebad5/selectolax-0.3.29-cp311-cp311-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:47587db7cef411d22f8224cf2926aacdb326c4c838d386035229f16ccc2d8d26", size = 5668207, upload-time = "2025-04-30T15:16:05.564Z" },
+    { url = "https://files.pythonhosted.org/packages/3a/5c/2de0c7b8be75ad52d44706c67946181b972f27641ab4f6a1f27f46d2a603/selectolax-0.3.29-cp311-cp311-manylinux_2_5_i686.manylinux1_i686.manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:21de62b5093b1cb6c5d4cab0bef5f708b9ee1483b640d42be9d955becfcd287a", size = 5276654, upload-time = "2025-04-30T15:16:07.143Z" },
+    { url = "https://files.pythonhosted.org/packages/29/29/152bb745b24072d3eecd3b395c756e74763111b9bbd265604f5b96b9a1aa/selectolax-0.3.29-cp311-cp311-musllinux_1_2_aarch64.whl", hash = "sha256:af5cd03298cd75cb0fbf712d6ae4f8aca9c13a226d2821ca82f51cc9b33b032f", size = 5543731, upload-time = "2025-04-30T15:16:09.733Z" },
+    { url = "https://files.pythonhosted.org/packages/04/1d/df65baaf16ece393f9f1a7c55f015510634adbb163ce72adcafaddf5cf9c/selectolax-0.3.29-cp311-cp311-musllinux_1_2_i686.whl", hash = "sha256:3f58dca53d2d3dc18dfd2cb9210a5625f32598db24e3f857f5be58f21a8f3b88", size = 5275005, upload-time = "2025-04-30T15:16:11.958Z" },
+    { url = "https://files.pythonhosted.org/packages/5d/74/e56fd6f9b3087947b812f3862df3265bf5e21396d9673d076e999b1086cf/selectolax-0.3.29-cp311-cp311-musllinux_1_2_x86_64.whl", hash = "sha256:d0a6d8e02c6b9ba951d7b5a5dd2788a1d4bbdedc89782a4de165f1a87c4168ac", size = 5617441, upload-time = "2025-04-30T15:16:14.15Z" },
+    { url = "https://files.pythonhosted.org/packages/30/ac/ca4332eecc19124782f6f0d7cb28c331da2e9d9cf25287ba2b3b6a00cea1/selectolax-0.3.29-cp312-cp312-macosx_10_13_universal2.whl", hash = "sha256:6d3f373efd1db18ac9b2222de2668aaa366a1f0b560241eab128f3ca68e8add1", size = 3656166, upload-time = "2025-04-30T15:16:19.907Z" },
+    { url = "https://files.pythonhosted.org/packages/b8/46/2dcae03a94f80f3e0d339c149de8110b5abe1230668b015fd338d9e71a27/selectolax-0.3.29-cp312-cp312-macosx_10_13_x86_64.whl", hash = "sha256:97b9971bb37b54ef4440134f22792d15c9ee12d890a526a7fe0b376502240143", size = 2095991, upload-time = "2025-04-30T15:16:21.654Z" },
+    { url = "https://files.pythonhosted.org/packages/1e/bd/95f15396e5f30898227d84a7ec6a39d9a9b34005f0e9f8f38e7fee21ab66/selectolax-0.3.29-cp312-cp312-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:bd99ff0f5a6c017c471635d4ee45b61d25f24689331e407147b2cf5e36892480", size = 5844493, upload-time = "2025-04-30T15:16:23.268Z" },
+    { url = "https://files.pythonhosted.org/packages/36/25/64c60da9aec81f2992355b0a3ce00ea1ed99e6f5499868016d6972bd4948/selectolax-0.3.29-cp312-cp312-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:8377c317bf1d5fd6ccc56dfb5a0928bbcbea3e800b7af54761cfbbb99dc94cb9", size = 5881062, upload-time = "2025-04-30T15:16:24.891Z" },
+    { url = "https://files.pythonhosted.org/packages/b6/81/94105217f91f7c6a98ac3164210cba0c6aa8da91cb85405292a6d70e39c3/selectolax-0.3.29-cp312-cp312-manylinux_2_5_i686.manylinux1_i686.manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:5388c56456272b2c241fc1906db9cc993984cafdad936cb5e061e3af0c44144e", size = 5470368, upload-time = "2025-04-30T15:16:26.457Z" },
+    { url = "https://files.pythonhosted.org/packages/51/6e/40bc259f13e5d3dd0bb8ddd1d55ef099244db2568ffb82fd9d489984d61a/selectolax-0.3.29-cp312-cp312-musllinux_1_2_aarch64.whl", hash = "sha256:e9e4690894f406863e25ba49da27e1a6fda9bfc21b0b315c399d3093be080e81", size = 5693476, upload-time = "2025-04-30T15:16:28.386Z" },
+    { url = "https://files.pythonhosted.org/packages/58/bd/2668ee1d5471ad88daf83ca484515ba46774fc9c951d6c4c0beffea89952/selectolax-0.3.29-cp312-cp312-musllinux_1_2_i686.whl", hash = "sha256:deeab93386b6c9a75052515f5b9e7e3dd623c585871c0c2b3126970ff902603b", size = 5449747, upload-time = "2025-04-30T15:16:30.626Z" },
+    { url = "https://files.pythonhosted.org/packages/a1/b5/1c61839ae5af70a8291c643982a99f051b543df90b220b98db1b26bd4899/selectolax-0.3.29-cp312-cp312-musllinux_1_2_x86_64.whl", hash = "sha256:6abdd8357f1c105c1add01a9f0373511fa832548b2e2778b00a8ba2a4508d6ed", size = 5786843, upload-time = "2025-04-30T15:16:32.231Z" },
+    { url = "https://files.pythonhosted.org/packages/c0/a7/083a00aa9cb6bef0317baba4269841c366652558d77189275bed2da6aa81/selectolax-0.3.29-cp313-cp313-macosx_10_13_universal2.whl", hash = "sha256:e3112f05a34bf36d36ecc51520b1d98c4667b54a3f123dffef5072273e89a360", size = 3651407, upload-time = "2025-04-30T15:16:37.282Z" },
+    { url = "https://files.pythonhosted.org/packages/7e/cd/6c89ac27961ef5f5e9b40eda0d0653b9c95c93485fb8a554bf093eac1c77/selectolax-0.3.29-cp313-cp313-macosx_10_13_x86_64.whl", hash = "sha256:38462ae369897f71da287f1282079c11f1b878b99a4d1d509d1116ce05226d88", size = 2092649, upload-time = "2025-04-30T15:16:38.817Z" },
+    { url = "https://files.pythonhosted.org/packages/3e/12/82710124b7b52613fdb9d5c14494a41785eb83e1c93ec7e1d1814c2ce292/selectolax-0.3.29-cp313-cp313-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:bdd1e63735f2fb8485fb6b9f4fe30d6c030930f438f46a4a62bd9886ab3c7fd9", size = 5821738, upload-time = "2025-04-30T15:16:40.747Z" },
+    { url = "https://files.pythonhosted.org/packages/8b/08/8ceb3eb7fee9743026a4481fccb771f257c82b2c853a1a30271902234eab/selectolax-0.3.29-cp313-cp313-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:ea52e0c128e8e89f98ab0ccaabbc853677de5730729a3351da595976131b66e0", size = 5856069, upload-time = "2025-04-30T15:16:42.496Z" },
+    { url = "https://files.pythonhosted.org/packages/47/6c/ec2b7aff0f6202e4157415d76bd588108cc518374bf53afa81c122691780/selectolax-0.3.29-cp313-cp313-manylinux_2_5_i686.manylinux1_i686.manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:0933659b4250b91317ccd78167e6804389cdaf7ed86c5d034b058a550d23110f", size = 5443255, upload-time = "2025-04-30T15:16:44.083Z" },
+    { url = "https://files.pythonhosted.org/packages/cd/90/d5fea46ff191d02c2380a779b119ea6799751b79fcddb2bb230b21b38fc5/selectolax-0.3.29-cp313-cp313-musllinux_1_2_aarch64.whl", hash = "sha256:b0c9005e9089a6b0c6fb6a9f691ddbbb10a3a23ebeff54393980340f3dbcdb99", size = 5637529, upload-time = "2025-04-30T15:16:46.175Z" },
+    { url = "https://files.pythonhosted.org/packages/9d/83/7f876a515f5af31f7b948cf10951be896fe6deeff2b9b713640c8ec82fd3/selectolax-0.3.29-cp313-cp313-musllinux_1_2_i686.whl", hash = "sha256:ac940963c52f13cdf5d7266a979744949b660d367ce669efa073b557f6e09a18", size = 5379121, upload-time = "2025-04-30T15:16:47.909Z" },
+    { url = "https://files.pythonhosted.org/packages/57/cb/7dc739a484b1a17ccf92a23dfe558ae615c232bd81e78a72049c25d1ff66/selectolax-0.3.29-cp313-cp313-musllinux_1_2_x86_64.whl", hash = "sha256:484274f73839f9a143f4c13ce1b0a0123b5d64be22f967a1dc202a9a78687d67", size = 5727944, upload-time = "2025-04-30T15:16:49.52Z" },
+]
+
 [[package]]
 name = "service-identity"
 version = "24.2.0"
@@ -4196,33 +4378,6 @@ wheels = [
    { url = "https://files.pythonhosted.org/packages/1f/f6/a933bd70f98e9cf3e08167fc5cd7aaaca49147e48411c0bd5ae701bb2194/wrapt-1.17.3-py3-none-any.whl", hash = "sha256:7171ae35d2c33d326ac19dd8facb1e82e5fd04ef8c6c0e394d7af55a55051c22", size = 23591, upload-time = "2025-08-12T05:53:20.674Z" },
 ]

-[[package]]
-name = "zensical"
-version = "0.0.21"
-source = { registry = "https://pypi.org/simple" }
-dependencies = [
-    { name = "click", marker = "sys_platform == 'darwin' or sys_platform == 'linux'" },
-    { name = "deepmerge", marker = "sys_platform == 'darwin' or sys_platform == 'linux'" },
-    { name = "markdown", marker = "sys_platform == 'darwin' or sys_platform == 'linux'" },
-    { name = "pygments", marker = "sys_platform == 'darwin' or sys_platform == 'linux'" },
-    { name = "pymdown-extensions", marker = "sys_platform == 'darwin' or sys_platform == 'linux'" },
-    { name = "pyyaml", marker = "sys_platform == 'darwin' or sys_platform == 'linux'" },
-    { name = "tomli", marker = "(python_full_version < '3.11' and sys_platform == 'darwin') or (python_full_version < '3.11' and sys_platform == 'linux')" },
-]
-sdist = { url = "https://files.pythonhosted.org/packages/8a/50/2655b5f72d0c72f4366be580f5e2354ff05280d047ea986fe89570e44589/zensical-0.0.21.tar.gz", hash = "sha256:c13563836fa63a3cabeffd83fe3a770ca740cfa5ae7b85df85d89837e31b3b4a", size = 3819731, upload-time = "2026-02-04T17:47:59.396Z" }
-wheels = [
-    { url = "https://files.pythonhosted.org/packages/1d/98/90710d232cb35b633815fa7b493da542391b89283b6103a5bb4ae9fc0dd9/zensical-0.0.21-cp310-abi3-macosx_10_12_x86_64.whl", hash = "sha256:67404cc70c330246dfb7269bcdb60a25be0bb60a212a09c9c50229a1341b1f84", size = 12237120, upload-time = "2026-02-04T17:47:28.615Z" },
-    { url = "https://files.pythonhosted.org/packages/97/fb/4280b3781157e8f051711732192f949bf29beeafd0df3e33c1c8bf9b7a1a/zensical-0.0.21-cp310-abi3-macosx_11_0_arm64.whl", hash = "sha256:d4fd253ccfbf5af56434124f13bac01344e456c020148369b18d8836b6537c3c", size = 12118047, upload-time = "2026-02-04T17:47:31.369Z" },
-    { url = "https://files.pythonhosted.org/packages/74/b3/b7f85ae9cf920cf9f17bf157ae6c274919477148feb7716bf735636caa0e/zensical-0.0.21-cp310-abi3-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:440e40cdc30a29bf7466bcd6f43ed7bd1c54ea3f1a0fefca65619358b481a5bc", size = 12473440, upload-time = "2026-02-04T17:47:33.577Z" },
-    { url = "https://files.pythonhosted.org/packages/d8/ac/1dc6e98f79ed19b9f103c88a0bd271f9140565d7d26b64bc1542b3ef6d91/zensical-0.0.21-cp310-abi3-manylinux_2_17_armv7l.manylinux2014_armv7l.whl", hash = "sha256:368e832fc8068e75dc45cab59379db4cefcd81eb116f48d058db8fb7b7aa8d14", size = 12412588, upload-time = "2026-02-04T17:47:36.491Z" },
-    { url = "https://files.pythonhosted.org/packages/bd/76/16a580f6dd32b387caa4a41615451e7dddd1917a2ff2e5b08744f41b4e11/zensical-0.0.21-cp310-abi3-manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:f4ab962d47f9dd73510eed168469326c7a452554dfbfdb9cdf85efc7140244df", size = 12749438, upload-time = "2026-02-04T17:47:38.969Z" },
-    { url = "https://files.pythonhosted.org/packages/95/30/4baaa1c910eee61db5f49d0d45f2e550a0027218c618f3dd7f8da966a019/zensical-0.0.21-cp310-abi3-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:b846d53dfce007f056ff31848f87f3f2a388228e24d4851c0cafdce0fa204c9b", size = 12514504, upload-time = "2026-02-04T17:47:41.31Z" },
-    { url = "https://files.pythonhosted.org/packages/76/77/931fccae5580b94409a0448a26106f922dcfa7822e7b93cacd2876dd63a8/zensical-0.0.21-cp310-abi3-musllinux_1_2_aarch64.whl", hash = "sha256:daac1075552d230d52d621d2e4754ba24d5afcaa201a7a991f1a8d57e320c9de", size = 12647832, upload-time = "2026-02-04T17:47:44.073Z" },
-    { url = "https://files.pythonhosted.org/packages/5b/82/3cf75de64340829d55c87c36704f4d1d8c952bd2cdc8a7bc48cbfb8ab333/zensical-0.0.21-cp310-abi3-musllinux_1_2_armv7l.whl", hash = "sha256:7b380f545adb6d40896f9bd698eb0e1540ed4258d35b83f55f91658d0fdae312", size = 12678537, upload-time = "2026-02-04T17:47:46.899Z" },
-    { url = "https://files.pythonhosted.org/packages/77/91/6f4938dceeaa241f78bbfaf58a94acef10ba18be3468795173e3087abeb6/zensical-0.0.21-cp310-abi3-musllinux_1_2_i686.whl", hash = "sha256:5c2227fdab64616bea94b40b8340bafe00e2e23631cc58eeea1e7267167e6ac5", size = 12822164, upload-time = "2026-02-04T17:47:49.231Z" },
-    { url = "https://files.pythonhosted.org/packages/a2/4e/a9c9d25ef0766f767db7b4f09da68da9b3d8a28c3d68cfae01f8e3f9e297/zensical-0.0.21-cp310-abi3-musllinux_1_2_x86_64.whl", hash = "sha256:2e0f5154d236ed0f98662ee68785b67e8cd2138ea9d5e26070649e93c22eeee0", size = 12785632, upload-time = "2026-02-04T17:47:52.613Z" },
-]
-
 [[package]]
 name = "zope-interface"
 version = "8.0.1"
--- a/zensical.toml
+++ b/zensical.toml
@@ -1,128 +0,0 @@
-[project]
-
-site_name = "Paperless-ngx"
-site_description = "Documentation for the Paperless-ngx document management system software."
-site_author = "the Paperless-ngx team"
-
-site_url = "https://docs.paperless-ngx.com/"
-
-copyright = """
-Copyright &copy; 2016 - 2026 Daniel Quinn, Jonas Winkler, and the Paperless-ngx team
-"""
-
-repo_url = "https://github.com/paperless-ngx/paperless-ngx"
-repo_name = "paperless-ngx/paperless-ngx"
-
-nav = [
-  "index.md",
-  "setup.md",
-  "usage.md",
-  "configuration.md",
-  "administration.md",
-  "advanced_usage.md",
-  "api.md",
-  "development.md",
-  "faq.md",
-  "troubleshooting.md",
-  "changelog.md",
-]
-
-edit_uri = "blob/main/docs/"
-
-extra_css = ["assets/extra.css"]
-
-[project.theme]
-
-logo = "assets/logo.svg"
-favicon = "assets/favicon.png"
-
-language = "en"
-
-features = [
-    "announce.dismiss",
-    "content.code.annotate",
-    "content.code.copy",
-    "content.code.select",
-    "content.footnote.tooltips",
-    "navigation.footer",
-    "navigation.instant",
-    "navigation.instant.prefetch",
-    "navigation.path",
-    "navigation.sections",
-    "navigation.tabs",
-    "navigation.top",
-    "navigation.tracking",
-    "search.highlight",
-    "toc.integrate",
-]
-
-# Palette toggle for automatic mode
-[[project.theme.palette]]
-media = "(prefers-color-scheme)"
-primary = "green"
-accent = "green"
-toggle.icon = "lucide/sun-moon"
-toggle.name = "Switch to light mode"
-
-# Palette toggle for light mode
-[[project.theme.palette]]
-media = "(prefers-color-scheme: light)"
-scheme = "default"
-primary = "green"
-accent = "green"
-toggle.icon = "lucide/sun"
-toggle.name = "Switch to dark mode"
-
-# Palette toggle for dark mode
-[[project.theme.palette]]
-media = "(prefers-color-scheme: dark)"
-scheme = "slate"
-primary = "green"
-accent = "green"
-toggle.icon = "lucide/moon"
-toggle.name = "Switch to system preference"
-
-[project.theme.font]
-text = "Roboto"
-code = "Roboto Mono"
-
-# Extras
-[[project.extra.social]]
-icon = "fontawesome/brands/github"
-link = "https://github.com/paperless-ngx/paperless-ngx"
-
-[[project.extra.social]]
-icon = "fontawesome/brands/docker"
-link = "https://hub.docker.com/r/paperlessngx/paperless-ngx"
-
-[[project.extra.social]]
-icon = "material/chat"
-link = "https://matrix.to/#/#paperless:matrix.org"
-
-# Extensions
-[project.markdown_extensions.attr_list]
-[project.markdown_extensions.md_in_html]
-[project.markdown_extensions.pymdownx.blocks.caption]
-[project.markdown_extensions.def_list]
-
-[project.markdown_extensions.pymdownx.highlight]
-anchor_linenums = true
-
-[project.markdown_extensions.pymdownx.inlinehilite]
-
-[project.markdown_extensions.pymdownx.tilde]
-
-[project.markdown_extensions.pymdownx.snippets]
-
-[project.markdown_extensions.admonition]
-
-[project.markdown_extensions.pymdownx.details]
-
-[project.markdown_extensions.pymdownx.superfences]
-custom_fences = [
-  { name = "mermaid", class = "mermaid", format = "pymdownx.superfences.fence_code_format" }
-]
-
-[project.markdown_extensions.pymdownx.emoji]
-emoji_index = "zensical.extensions.emoji.twemoji"
-emoji_generator = "zensical.extensions.emoji.to_svg"
Author	SHA1	Message	Date
shamoon	e0eb6ea576	Normalize and casefold input in TitleContentFilter	2026-01-07 13:02:43 -08:00
shamoon	9d489200d9	Consolidate	2026-01-05 11:19:35 -08:00
shamoon	99294d93f9	Normalize filenames and titles to NFC	2026-01-05 11:17:16 -08:00
shamoon	d40f7b7e91	Normalize text to NFC for search and indexing	2026-01-05 11:10:21 -08:00
shamoon	8a14548434	Normalize Unicode in workflow filename matching	2026-01-05 11:03:50 -08:00
dependabot[bot]	b145878d50	Chore(deps): Bump the actions group with 4 updates (#11695 ) Bumps the actions group with 4 updates: [actions/upload-artifact](https://github.com/actions/upload-artifact), [actions/cache](https://github.com/actions/cache), [actions/download-artifact](https://github.com/actions/download-artifact) and [dessant/lock-threads](https://github.com/dessant/lock-threads). Updates `actions/upload-artifact` from 5 to 6 - [Release notes](https://github.com/actions/upload-artifact/releases) - [Commits](https://github.com/actions/upload-artifact/compare/v5...v6) Updates `actions/cache` from 4 to 5 - [Release notes](https://github.com/actions/cache/releases) - [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md) - [Commits](https://github.com/actions/cache/compare/v4...v5) Updates `actions/download-artifact` from 6 to 7 - [Release notes](https://github.com/actions/download-artifact/releases) - [Commits](https://github.com/actions/download-artifact/compare/v6...v7) Updates `dessant/lock-threads` from 5 to 6 - [Release notes](https://github.com/dessant/lock-threads/releases) - [Changelog](https://github.com/dessant/lock-threads/blob/main/CHANGELOG.md) - [Commits](https://github.com/dessant/lock-threads/compare/v5...v6) --- updated-dependencies: - dependency-name: actions/upload-artifact dependency-version: '6' dependency-type: direct:production update-type: version-update:semver-major dependency-group: actions - dependency-name: actions/cache dependency-version: '5' dependency-type: direct:production update-type: version-update:semver-major dependency-group: actions - dependency-name: actions/download-artifact dependency-version: '7' dependency-type: direct:production update-type: version-update:semver-major dependency-group: actions - dependency-name: dessant/lock-threads dependency-version: '6' dependency-type: direct:production update-type: version-update:semver-major dependency-group: actions ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2026-01-05 08:14:15 -08:00
GitHub Actions	72fd05501b	Auto translate strings	2025-12-29 14:50:09 +00:00
shamoon	a3c19b1e2d	Fix: validate cf integer values within PostgreSQL range (#11666 )	2025-12-29 06:48:31 -08:00
shamoon	2e6458dbcc	Fix environment variable reference in workflow	2025-12-28 20:50:04 -08:00
shamoon	8471507115	Fix ref injection in translate-strings workflow	2025-12-28 20:47:44 -08:00
shamoon	99724a25a2	Fix: support ordering by storage path name (#11661 )	2025-12-28 16:05:21 -08:00
shamoon	504c824cfe	Fix: propagate metadata override created value (#11659 )	2025-12-27 19:42:45 -08:00
shamoon	01c7a345cb	Merge branch 'main' into dev	2025-12-26 11:03:55 -08:00
GitHub Actions	890c2d6757	Auto translate strings	2025-12-24 05:28:28 +00:00
shamoon	00cf026524	Feature: Indonesian translation (#11641 )	2025-12-23 21:26:53 -08:00
shamoon	7604a0b583	Fix: prevent ASN collisions for merge operations (#11634 )	2025-12-19 20:05:34 -08:00
shamoon	4e789acf2d	Chore: mark test_error_skip_rule as flaky	2025-12-18 10:15:04 -08:00
shamoon	d9459d04ea	Chore: refactor preview URL variable naming and safeUrl usage	2025-12-18 09:59:14 -08:00