Merge branch 'main' into next-rc

2025-03-02 21:41:46 +00:00 · 2024-06-25 13:10:35 -07:00 · 2024-06-25 13:10:35 -07:00 · 12ac53df1a
commit 12ac53df1a
parent 2c93bcbf24 1b0e773ceb
36 changed files with 181 additions and 220 deletions
--- a/.gitattributes
+++ b/.gitattributes
@ -0,0 +1,3 @@
 * text=auto eol=lf
 *.{cmd,[cC][mM][dD]} text eol=crlf
 *.{bat,[bB][aA][tT]} text eol=crlf
--- a/cmd/defaults.yaml
+++ b/cmd/defaults.yaml
@ -482,7 +482,8 @@ SystemDefaults:
    Verifiers: # ZITADEL_SYSTEMDEFAULTS_PASSWORDHASHER_VERIFIERS
    #   - "argon2"   # verifier for both argon2i and argon2id.
    #   - "bcrypt"
-    #   - "md5"
+    #   - "md5"      # md5Crypt with salt and password shuffling.
    #   - "md5plain" # md5 digest of a password without salt
    #   - "scrypt"
    #   - "pbkdf2"   # verifier for all pbkdf2 hash modes.
  SecretHasher:
--- a/console/src/assets/i18n/bg.json
+++ b/console/src/assets/i18n/bg.json
@ -79,8 +79,8 @@
    },
    "SETTINGS": {
      "INSTANCE": {
-        "TITLE": "Настройки на инстанцията",
+        "TITLE": "Настройките по подразбиране",
-        "DESCRIPTION": "Настройките на инстанцията са настройките по подразбиране за всички организации. С правилните разрешения, някои от тях могат да бъдат пренаписани в настройките на организацията."
+        "DESCRIPTION": "Настройки по подразбиране за всички организации. С правилните разрешения някои от тях могат да бъдат отменени в настройките на организацията."
      },
      "ORG": {
        "TITLE": "Настройки на организацията",
@ -1316,10 +1316,6 @@
    }
  },
  "SETTINGS": {
    "INSTANCE": {
      "TITLE": "Настройки на екземпляра",
      "DESCRIPTION": "Тези настройки ще се прилагат за всички ваши организации, освен ако не са били заменени."
    },
    "LIST": {
      "ORGS": "Организации",
      "FEATURESETTINGS": "Настройки на функциите",
--- a/console/src/assets/i18n/cs.json
+++ b/console/src/assets/i18n/cs.json
@ -79,8 +79,8 @@
    },
    "SETTINGS": {
      "INSTANCE": {
-        "TITLE": "Nastavení instance",
+        "TITLE": "Výchozí nastavení",
-        "DESCRIPTION": "Nastavení instance jsou výchozí nastavení pro všechny organizace. S odpovídajícími oprávněními jsou některá z nich přepisovatelná v nastavení organizace."
+        "DESCRIPTION": "Výchozí nastavení pro všechny organizace. Se správnými oprávněními lze některá z nich přepsat v nastavení organizace."
      },
      "ORG": {
        "TITLE": "Nastavení organizace",
@ -1317,10 +1317,6 @@
    }
  },
  "SETTINGS": {
    "INSTANCE": {
      "TITLE": "Nastavení instance",
      "DESCRIPTION": "Tato nastavení se budou aplikovat na všechny vaše organizace, pokud nebyla přepsána."
    },
    "LIST": {
      "ORGS": "Organizace",
      "FEATURESETTINGS": "Nastavení funkcí",
--- a/console/src/assets/i18n/de.json
+++ b/console/src/assets/i18n/de.json
@ -79,8 +79,8 @@
    },
    "SETTINGS": {
      "INSTANCE": {
-        "TITLE": "Instanzeinstellungen",
+        "TITLE": "Standardeinstellungen",
-        "DESCRIPTION": "Die Instanzeinstellungen sind die Standardeinstellungen für alle Organisationen. Mit den richtigen Berechtigungen sind einige davon in den Organisationseinstellungen überschreibbar."
+        "DESCRIPTION": "Standardeinstellungen für alle Organisationen. Mit den richtigen Berechtigungen können einige davon in den Organisationseinstellungen überschrieben werden."
      },
      "ORG": {
        "TITLE": "Organisationseinstellungen",
@ -1317,10 +1317,6 @@
    }
  },
  "SETTINGS": {
    "INSTANCE": {
      "TITLE": "Instanz Einstellungen",
      "DESCRIPTION": "Diese Einstellungen werden auf all Ihren Organisationen angewandt sofern die Einstellung nicht überschrieben wurde."
    },
    "LIST": {
      "ORGS": "Organisationen",
      "FEATURESETTINGS": "Features",
--- a/console/src/assets/i18n/en.json
+++ b/console/src/assets/i18n/en.json
@ -79,8 +79,8 @@
    },
    "SETTINGS": {
      "INSTANCE": {
-        "TITLE": "Instance Settings",
+        "TITLE": "Default Settings",
-        "DESCRIPTION": "The instance settings are the default settings for all organizations. With the right permissions, some of them are overridable in organization settings."
+        "DESCRIPTION": "Default settings for all organizations. With the right permissions, some of them are overridable in organization settings."
      },
      "ORG": {
        "TITLE": "Organization Settings",
@ -527,7 +527,7 @@
      "TEXT": "All organization settings and tables in console are based on a selected organization. Click this button to switch organization or create a new one."
    },
    "INSTANCE": {
-      "TEXT": "Click here to get to the instance settings. Note that you have only access to this button if you have enhanced permissions."
+      "TEXT": "Click here to get to the default settings. Note that you have only access to this button if you have enhanced permissions."
    },
    "PROFILE": {
      "TEXT": "Here you can switch between your user accounts and manage your sessions and profile."
@ -1317,10 +1317,6 @@
    }
  },
  "SETTINGS": {
    "INSTANCE": {
      "TITLE": "Instance Settings",
      "DESCRIPTION": "These settings will apply to all your organizations unless they have been overridden."
    },
    "LIST": {
      "ORGS": "Organizations",
      "FEATURESETTINGS": "Features",
--- a/console/src/assets/i18n/es.json
+++ b/console/src/assets/i18n/es.json
@ -79,8 +79,8 @@
    },
    "SETTINGS": {
      "INSTANCE": {
-        "TITLE": "Configuración de la Instancia",
+        "TITLE": "Configuración por defecto",
-        "DESCRIPTION": "Las configuraciones de la instancia son las configuraciones predeterminadas para todas las organizaciones. Con los permisos adecuados, algunas de ellas pueden ser sobrescritas en la configuración de la organización."
+        "DESCRIPTION": "Configuraciones predeterminadas para todas las organizaciones. Con los permisos adecuados, algunas de ellas se pueden anular en la configuración de la organización."
      },
      "ORG": {
        "TITLE": "Configuración de la Organización",
@ -1318,10 +1318,6 @@
    }
  },
  "SETTINGS": {
    "INSTANCE": {
      "TITLE": "Ajustes de instancia",
      "DESCRIPTION": "Estos ajustes se aplicará a todas tus organizaciones a menos que éstas los sobrescriban."
    },
    "LIST": {
      "ORGS": "Organizaciones",
      "FEATURESETTINGS": "Ajustes de funcionalidades",
--- a/console/src/assets/i18n/fr.json
+++ b/console/src/assets/i18n/fr.json
@ -79,8 +79,8 @@
    },
    "SETTINGS": {
      "INSTANCE": {
-        "TITLE": "Paramètres de l'Instance",
+        "TITLE": "Paramètres par défaut",
-        "DESCRIPTION": "Les paramètres de l'instance sont les paramètres par défaut pour toutes les organisations. Avec les bonnes permissions, certains d'entre eux peuvent être remplacés dans les paramètres de l'organisation."
+        "DESCRIPTION": "Paramètres par défaut pour toutes les organisations. Avec les autorisations appropriées, certaines d’entre elles peuvent être remplacées dans les paramètres de l’organisation."
      },
      "ORG": {
        "TITLE": "Paramètres de l'Organisation",
@ -1317,10 +1317,6 @@
    }
  },
  "SETTINGS": {
    "INSTANCE": {
      "TITLE": "Paramètres de l'instance",
      "DESCRIPTION": "Ces paramètres s'appliqueront à toutes vos organisations, sauf s'ils ont été remplacés."
    },
    "LIST": {
      "ORGS": "Organisations",
      "FEATURESETTINGS": "Paramètres de fonctionnalité",
--- a/console/src/assets/i18n/it.json
+++ b/console/src/assets/i18n/it.json
@ -79,8 +79,8 @@
    },
    "SETTINGS": {
      "INSTANCE": {
-        "TITLE": "Impostazioni dell'Istanza",
+        "TITLE": "Impostazioni predefinite",
-        "DESCRIPTION": "Le impostazioni dell'istanza sono le impostazioni predefinite per tutte le organizzazioni. Con i permessi adeguati, alcune di esse possono essere sovrascritte nelle impostazioni dell'organizzazione."
+        "DESCRIPTION": "Impostazioni predefinite per tutte le organizzazioni. Con le giuste autorizzazioni, alcuni di essi sono sovrascrivibili nelle impostazioni dell'organizzazione."
      },
      "ORG": {
        "TITLE": "Impostazioni dell'Organizzazione",
@ -1317,10 +1317,6 @@
    }
  },
  "SETTINGS": {
    "INSTANCE": {
      "TITLE": "Impostazioni dell'istanza",
      "DESCRIPTION": "Queste impostazioni si applicheranno a tutte le tue organizzazioni a meno che l'impostazione non venga sovrascritta."
    },
    "LIST": {
      "ORGS": "Organizzazioni",
      "FEATURESETTINGS": "Impostazioni delle funzionalità",
--- a/console/src/assets/i18n/ja.json
+++ b/console/src/assets/i18n/ja.json
@ -79,8 +79,8 @@
    },
    "SETTINGS": {
      "INSTANCE": {
-        "TITLE": "インスタンス設定",
+        "TITLE": "デフォルトの設定",
-        "DESCRIPTION": "インスタンス設定は、すべての組織のデフォルト設定です。適切な権限があれば、いくつかは組織の設定で上書き可能です。"
+        "DESCRIPTION": "すべての組織のデフォルト設定。適切な権限があれば、一部の権限は組織設定で上書きできます。"
      },
      "ORG": {
        "TITLE": "組織設定",
@ -1317,10 +1317,6 @@
    }
  },
  "SETTINGS": {
    "INSTANCE": {
      "TITLE": "インスタンス設定",
      "DESCRIPTION": "これらの設定は上書きされていない限り、すべての組織に適用されます。"
    },
    "LIST": {
      "ORGS": "組織",
      "FEATURESETTINGS": "機能設定",
--- a/console/src/assets/i18n/mk.json
+++ b/console/src/assets/i18n/mk.json
@ -79,8 +79,8 @@
    },
    "SETTINGS": {
      "INSTANCE": {
-        "TITLE": "Поставки на инстанцата",
+        "TITLE": "Стандардни поставки",
-        "DESCRIPTION": "Поставките на инстанцата се стандардни поставки за сите организации. Со соодветни дозволи, некои од нив може да се променат во поставките на организацијата."
+        "DESCRIPTION": "Стандардни поставки за сите организации. Со вистинските дозволи, некои од нив може да се надминат во поставките на организацијата."
      },
      "ORG": {
        "TITLE": "Поставки за организацијата",
@ -1318,10 +1318,6 @@
    }
  },
  "SETTINGS": {
    "INSTANCE": {
      "TITLE": "Подесувања за инстанца",
      "DESCRIPTION": "Овие подесувања ќе се применуваат на сите ваши организации, освен ако не се пребришани."
    },
    "LIST": {
      "ORGS": "Организации",
      "FEATURESETTINGS": "Подесувања на функцијата",
--- a/console/src/assets/i18n/nl.json
+++ b/console/src/assets/i18n/nl.json
@ -79,8 +79,8 @@
    },
    "SETTINGS": {
      "INSTANCE": {
-        "TITLE": "Instellingsinstellingen",
+        "TITLE": "Standaard instellingen",
-        "DESCRIPTION": "De instellingsinstellingen zijn de standaardinstellingen voor alle organisaties. Met de juiste toestemmingen kunnen sommige hiervan worden overschreven in organisatie-instellingen."
+        "DESCRIPTION": "Standaardinstellingen voor alle organisaties. Met de juiste machtigingen kunnen sommige ervan worden overschreven in de organisatie-instellingen."
      },
      "ORG": {
        "TITLE": "Organisatie-instellingen",
@ -1317,10 +1317,6 @@
    }
  },
  "SETTINGS": {
    "INSTANCE": {
      "TITLE": "Instantie Instellingen",
      "DESCRIPTION": "Deze instellingen zijn van toepassing op al uw organisaties, tenzij ze zijn overschreven."
    },
    "LIST": {
      "ORGS": "Organisaties",
      "FEATURESETTINGS": "Functie-instellingen",
--- a/console/src/assets/i18n/pl.json
+++ b/console/src/assets/i18n/pl.json
@ -79,8 +79,8 @@
    },
    "SETTINGS": {
      "INSTANCE": {
-        "TITLE": "Ustawienia instancji",
+        "TITLE": "Ustawienia domyślne",
-        "DESCRIPTION": "Ustawienia instancji są domyślnymi ustawieniami dla wszystkich organizacji. Z odpowiednimi uprawnieniami niektóre z nich mogą być nadpisywane w ustawieniach organizacji."
+        "DESCRIPTION": "Ustawienia domyślne dla wszystkich organizacji. Przy odpowiednich uprawnieniach niektóre z nich można zastąpić w ustawieniach organizacji."
      },
      "ORG": {
        "TITLE": "Ustawienia organizacji",
@ -1316,10 +1316,6 @@
    }
  },
  "SETTINGS": {
    "INSTANCE": {
      "TITLE": "Ustawienia instancji",
      "DESCRIPTION": "Te ustawienia będą dotyczyć wszystkich twoich organizacji, chyba że zostaną zastąpione."
    },
    "LIST": {
      "ORGS": "Organizacje",
      "FEATURESETTINGS": "Ustawienia funkcji",
--- a/console/src/assets/i18n/pt.json
+++ b/console/src/assets/i18n/pt.json
@ -79,8 +79,8 @@
    },
    "SETTINGS": {
      "INSTANCE": {
-        "TITLE": "Configurações da Instância",
+        "TITLE": "Configurações padrão",
-        "DESCRIPTION": "As configurações da instância são as configurações padrão para todas as organizações. Com as permissões corretas, algumas delas podem ser sobrescritas nas configurações da organização."
+        "DESCRIPTION": "Configurações padrão para todas as organizações. Com as permissões corretas, algumas delas podem ser substituídas nas configurações da organização."
      },
      "ORG": {
        "TITLE": "Configurações da Organização",
@ -1318,10 +1318,6 @@
    }
  },
  "SETTINGS": {
    "INSTANCE": {
      "TITLE": "Configurações da Instância",
      "DESCRIPTION": "Essas configurações serão aplicadas a todas as suas organizações, a menos que tenham sido substituídas."
    },
    "LIST": {
      "ORGS": "Organizações",
      "FEATURESETTINGS": "Configurações de Recursos",
--- a/console/src/assets/i18n/ru.json
+++ b/console/src/assets/i18n/ru.json
@ -79,8 +79,8 @@
    },
    "SETTINGS": {
      "INSTANCE": {
-        "TITLE": "Настройки инстанции",
+        "TITLE": "Настройки по умолчанию",
-        "DESCRIPTION": "Настройки инстанции являются стандартными настройками для всех организаций. С правильными разрешениями, некоторые из них могут быть переопределены в настройках организации."
+        "DESCRIPTION": "Настройки по умолчанию для всех организаций. При наличии соответствующих разрешений некоторые из них можно переопределить в настройках организации."
      },
      "ORG": {
        "TITLE": "Настройки организации",
@ -1360,10 +1360,6 @@
    }
  },
  "SETTINGS": {
    "INSTANCE": {
      "TITLE": "Настройки экземпляра",
      "DESCRIPTION": "Данные настройки будут применяться ко всем вашим организациям, в случае, если они не были переопределены."
    },
    "ORG": {
      "TITLE": "Настройки организации",
      "DESCRIPTION": "Данные настройки расширяют и перезаписывают настройки вашего экземпляра."
--- a/console/src/assets/i18n/sv.json
+++ b/console/src/assets/i18n/sv.json
@ -79,8 +79,8 @@
    },
    "SETTINGS": {
      "INSTANCE": {
-        "TITLE": "Instansinställningar",
+        "TITLE": "Standardinställningar",
-        "DESCRIPTION": "Instansinställningarna är standardinställningarna för alla organisationer. Med rätt behörigheter kan vissa av dem åsidosättas i organisationsinställningarna."
+        "DESCRIPTION": "Standardinställningar för alla organisationer. Med rätt behörigheter kan vissa av dem åsidosättas i organisationsinställningar."
      },
      "ORG": {
        "TITLE": "Organisationsinställningar",
--- a/console/src/assets/i18n/zh.json
+++ b/console/src/assets/i18n/zh.json
@ -79,8 +79,8 @@
    },
    "SETTINGS": {
      "INSTANCE": {
-        "TITLE": "实例设置",
+        "TITLE": "默认设置",
-        "DESCRIPTION": "实例设置是所有组织的默认设置。有适当的权限，其中一些可以在组织设置中被覆盖。"
+        "DESCRIPTION": "所有组织的默认设置。有了正确的权限，其中一些权限在组织设置中是可以覆盖的。"
      },
      "ORG": {
        "TITLE": "组织设置",
@ -1317,10 +1317,6 @@
    }
  },
  "SETTINGS": {
    "INSTANCE": {
      "TITLE": "实例设置",
      "DESCRIPTION": "这些设置将应用于您的所有组织，除非它们已被覆盖。"
    },
    "LIST": {
      "ORGS": "组织",
      "FEATURESETTINGS": "功能设置",
--- a/docs/docs/apis/openidoauth/scopes.md
+++ b/docs/docs/apis/openidoauth/scopes.md
@ -8,11 +8,12 @@ ZITADEL supports the usage of scopes as way of requesting information from the I
 ## Standard Scopes
 | Scopes         | Description                                                                    |
-| :------------- | ------------------------------------------------------------------------------ |
+|:---------------|--------------------------------------------------------------------------------|
 | openid         | When using openid connect this is a mandatory scope                            |
 | profile        | Optional scope to request the profile of the subject                           |
 | email          | Optional scope to request the email of the subject                             |
 | address        | Optional scope to request the address of the subject                           |
 | phone          | Optional scope to request the phone of the subject                             |
 | offline_access | Optional scope to request a refresh_token (only possible when using code flow) |
 ## Custom Scopes
--- a/docs/docs/apis/v3.mdx
+++ b/docs/docs/apis/v3.mdx
@ -2,34 +2,35 @@
 title: APIs V3 (Preview)
 ---
-import DocCardList from '@theme/DocCardList';
+import DocCardList from "@theme/DocCardList";
-import CodeBlock from '@theme/CodeBlock';
+import CodeBlock from "@theme/CodeBlock";
-import ActionServiceProto from '!!raw-loader!./_v3_action_service.proto'
+import ActionServiceProto from "!!raw-loader!./_v3_action_service.proto";
-import ActionExecutionProto from '!!raw-loader!./_v3_action_execution.proto'
+import ActionExecutionProto from "!!raw-loader!./_v3_action_execution.proto";
-import ActionTargetProto from '!!raw-loader!./_v3_action_target.proto'
+import ActionTargetProto from "!!raw-loader!./_v3_action_target.proto";
-import ActionSearchProto from '!!raw-loader!./_v3_action_search.proto'
+import ActionSearchProto from "!!raw-loader!./_v3_action_search.proto";
-import IDPServiceProto from '!!raw-loader!./_v3_idp_service.proto'
+import IDPServiceProto from "!!raw-loader!./_v3_idp_service.proto";
-import IDPProto from '!!raw-loader!./_v3_idp.proto'
+import IDPProto from "!!raw-loader!./_v3_idp.proto";
-import IDPSearchProto from '!!raw-loader!./_v3_idp_search.proto'
+import IDPSearchProto from "!!raw-loader!./_v3_idp_search.proto";
-import IDPGitLabProto from '!!raw-loader!./_v3_idp_gitlab.proto'
+import IDPGitLabProto from "!!raw-loader!./_v3_idp_gitlab.proto";
-import LanguageServiceProto from '!!raw-loader!./_v3_language_service.proto'
+import LanguageServiceProto from "!!raw-loader!./_v3_language_service.proto";
-import LanguageProto from '!!raw-loader!./_v3_language.proto'
+import LanguageProto from "!!raw-loader!./_v3_language.proto";
-import ObjectProto from '!!raw-loader!./_v3_object.proto'
+import ObjectProto from "!!raw-loader!./_v3_object.proto";
-import ResourceObjectProto from '!!raw-loader!./_v3_resource_object.proto'
+import ResourceObjectProto from "!!raw-loader!./_v3_resource_object.proto";
-import SettingsObjectProto from '!!raw-loader!./_v3_settings_object.proto'
+import SettingsObjectProto from "!!raw-loader!./_v3_settings_object.proto";
-The APIs described in this section are currently either in *Preview* stage or not implemented, yet.
+The APIs described in this section are currently either in _Preview_ stage or not implemented, yet.
 Before using these APIs, pleases consider the [API release policy below](#api-release-policy)
 ## We Appreciate your Help
 We invite you to...
 - ... [discuss the concept with the ZITADEL community on GitHub](https://github.com/zitadel/zitadel/discussions/8125).
 - ... try the implementations and provide feedback [by filing issues on GitHub](https://github.com/zitadel/zitadel/issues/new/choose).
 ## The Ideas behind the New V3 APIs
-The current ZITADEL *GA* APIs are structured around contexts like System, Admin, Management, and Auth.
+The current ZITADEL _GA_ APIs are structured around contexts like System, Admin, Management, and Auth.
 This structure leads to duplicate methods and makes it hard to find the right API for the right task.
 Especially interacting with resources from multiple organizations is cumbersome.
 Also, the APIs evolved over time, which lead to inconsistencies and a lack of flexibility in development.
@ -53,7 +54,7 @@ Also, it allows for faster development and independent versioning of the APIs.
 To improve managing and reusing resources and settings in multitenancy scenarios, we define some rules for the new APIs:
- Single properties from instance settings are overridable (patchable) in organizations.
+- Single properties from default settings are overridable (patchable) in organizations.
 - Some settings support user-defined custom properties that are also overridable in organizations.
 - Improved experience with reusing resources in multiple organizations and instances.
 - Resources are searchable over all organizations with a single call by default.
@ -61,6 +62,7 @@ To improve managing and reusing resources and settings in multitenancy scenarios
 ### HTTP and gRPC Consistency
 To make the APIs more consistent and easier to use, we follow the same patterns in all Proto files.
 - Patching is favored over updating resources and settings.
 - HTTP calls are mapped so that query parameters can be used as much as possible. We avoid the annotation `body: "*"`.
 - For search performance, we enforce query limits.
@ -93,9 +95,9 @@ Reusable resources have the same behavior as standard resources with the followi
 - Reusable resources can be created in a given context level (system, instance, org).
 - For requests, that require a resource ID, no request context is needed.
- Reusable resources are available in child contexts, even if their state is *inactive*.
+- Reusable resources are available in child contexts, even if their state is _inactive_.
 - The child context can control if an inherited resource should be active or inactive for itself using a state policy.
- In child contexts, the state policy of a reused resource is *inherit* by default and can be changed to *activate*, *deactivate* or back to *inherit*.
+- In child contexts, the state policy of a reused resource is _inherit_ by default and can be changed to _activate_, _deactivate_ or back to _inherit_.
 - In child contexts, a reused resources configuration is read-only.
 - Child contexts can read at least the following properties of reused resources:
  - ID
@ -252,7 +254,7 @@ These properties are inherited to from parent-contexts (instance) to child-conte
 Settings behave like this:
- Setting and retrieving settings is always context-aware. By default, the context is the instance discovered by the requests *Host* header.
+- Setting and retrieving settings is always context-aware. By default, the context is the instance discovered by the requests _Host_ header.
 - All settings properties can be partially overridden in child-contexts.
 - All settings properties can be partially reset in child-contexts, so their values default to the parent contexts property values.
 - All settings properties returned by queries contain the value and if it is inherited, the context where it is inherited from.
@ -326,9 +328,9 @@ Replaces secret generators
 ## API Release Policy
 - Defined but not yet implemented APIs are subject to change without further notice.
- Once an API definition is implemented, it is released as *Preview* and is available for testing.
+- Once an API definition is implemented, it is released as _Preview_ and is available for testing.
- When a *Preview* API is tested enough so the concepts are proven to work, a new *Beta* API is released.
+- When a _Preview_ API is tested enough so the concepts are proven to work, a new _Beta_ API is released.
- When an API is feature-complete and stable enough, a new *GA* (General Availability) API is released.
+- When an API is feature-complete and stable enough, a new _GA_ (General Availability) API is released.
 - In all stages, changes to already implemented APIs are done in a backwards-compatible way, if possible.
 - When we release a new stage for an API, we deprecate the previous stage and keep it available for a smooth transition.
--- a/docs/docs/concepts/architecture/secrets.md
+++ b/docs/docs/concepts/architecture/secrets.md
@ -68,7 +68,8 @@ The following hash algorithms are supported:
 - argon2i / id[^1]
 - bcrypt (Default)
- md5[^2]
+- md5: implementation of md5Crypt with salt and password shuffling [^2]
 - md5plain: md5 digest of a password without salt [^2]
 - scrypt
 - pbkdf2
--- a/docs/docs/concepts/features/audit-trail.md
+++ b/docs/docs/concepts/features/audit-trail.md
@ -36,7 +36,7 @@ The same view is available on several other objects such as organization or proj
 ### Event View
 Administrators can see all events across an instance and filter them directly in [Console](/docs/guides/manage/console/overview).
-Go to your instance settings and then click on the Tab **Events** to open the Event Viewer or browse to $CUSTOM-DOMAIN/ui/console/events  
+Go to your default settings and then click on the Tab **Events** to open the Event Viewer or browse to $CUSTOM-DOMAIN/ui/console/events
 ![Event viewer](/img/concepts/audit-trail/event-viewer.png)
--- a/docs/docs/guides/integrate/login-ui/typescript-repo.mdx
+++ b/docs/docs/guides/integrate/login-ui/typescript-repo.mdx
@ -132,7 +132,7 @@ After your domain has been verified, you can reconfigure your DNS settings in or
 To deploy your own version on Vercel, navigate to your instance and create a service user.
 Copy its id from the overview and set it as `ZITADEL_SERVICE_USER_ID`.
-Then create a personal access token (PAT), copy and set it as `ZITADEL_SERVICE_USER_TOKEN`, then navigate to your instance settings and make sure it gets `IAM_OWNER` permissions.
+Then create a personal access token (PAT), copy and set it as `ZITADEL_SERVICE_USER_TOKEN`, then navigate to Default settings and make sure it gets `IAM_OWNER` permissions.
 Finally set your instance url as `ZITADEL_API_URL`. Make sure to set it without trailing slash.
 ![Deploy to Vercel](/img/deploy-to-vercel.png)
--- a/docs/docs/guides/manage/console/default-settings.mdx
+++ b/docs/docs/guides/manage/console/default-settings.mdx
@ -366,4 +366,4 @@ The following secrets can be configured:
  width="400px"
 />
-If your done with your instance settings, you can proceed setting up your organizations. Again, make sure you get an understanding on how your project is structured and then continue.
+If your done with your default settings, you can proceed setting up your organizations. Again, make sure you get an understanding on how your project is structured and then continue.
--- a/docs/docs/guides/manage/console/organizations.mdx
+++ b/docs/docs/guides/manage/console/organizations.mdx
@ -71,7 +71,7 @@ ZITADEL will notify users affected by this change.
 ## Verify your domain name
 :::info
-You can also disable domain verification with DNS challenge in the [instance settings](/docs/guides/manage/console/default-settings#domain-settings).
+You can also disable domain verification with DNS challenge in the [default settings](/docs/guides/manage/console/default-settings#domain-settings).
 :::
 1. Browse to your organization settings
@ -100,10 +100,10 @@ Do not delete the verification code, as ZITADEL will re-check the ownership of y
 ## Organization Settings
-In organizations you also have settings that have higher priority then on your instance, and therefore override its instance.
+In organizations you also have settings that have higher priority than on your default settings, and therefore override them.
-Those settings are the same as on your instance.
+Those settings are the same as your default settings.
-> Note: that the following links, redirect to instance settings to omit redundancy.
+> Note: that the following links, redirect to default settings to omit redundancy.
 - [**Login Behavior and Access**](./default-settings#login-behaviour-and-access): Multifactor Authentication Options and Enforcement, Define whether Passwordless authentication methods are allowed or not, Set Login Lifetimes and advanced behavour for the login interface.
 - [**Identity Providers**](./default-settings#identity-providers): Define IDPs which are available for all organizations
@ -135,7 +135,7 @@ Read more about the [scopes](/docs/apis/openidoauth/scopes#reserved-scopes) or t
 ## Default organization
-On the instance settings page ($YOUR_DOMAIN//ui/console/orgs) you can set an organization as default organization.
+On the Default settings page ($YOUR_DOMAIN//ui/console/orgs) you can set an organization as default organization.
 Click the "..." on the right hand side of the table and select "Set as default organization".
 The current default organization is marked by a label "Default".
--- a/docs/docs/guides/manage/console/overview.mdx
+++ b/docs/docs/guides/manage/console/overview.mdx
@ -21,7 +21,7 @@ Depending on your use case, multiple organizations can be created (B2B) or you c
  width="400px"
 />
-If your new to console, you'll probably want to set some settings initially. Continue reading instance settings on the next page.
+If your new to console, you'll probably want to set some settings initially. Continue reading Default settings on the next page.
 ## Prevent console access
--- a/docs/docs/guides/migrate/sources/zitadel.md
+++ b/docs/docs/guides/migrate/sources/zitadel.md
@ -5,22 +5,22 @@ sidebar_label: From ZITADEL
 This guide explains how to migrate from ZITADEL, this includes
-* ZITADEL Cloud to self-hosted
+- ZITADEL Cloud to self-hosted
-* ZITADEL self-hosted to ZITADEL Cloud
+- ZITADEL self-hosted to ZITADEL Cloud
-* ZITADEL v1 (deprecated) to ZITADEL v2.x
+- ZITADEL v1 (deprecated) to ZITADEL v2.x
 ## Considerations
 The following scripts don't include:
-* Global policies
+- Global policies
-* IAM members
+- IAM members
-* Global IDPs
+- Global IDPs
-* Global second/multi factors
+- Global second/multi factors
-* Machine keys
+- Machine keys
-* Personal Access Tokens
+- Personal Access Tokens
-* Application keys
+- Application keys
-* Passwordless authentication
+- Passwordless authentication
 Which results in that if you want to import, and you have no defined organization-specific custom policies, the experience for your users will not be exactly like in your old instance.
@ -37,7 +37,7 @@ You need a PAT from a service user with IAM Owner permissions in both the source
 1. Go to your default organization
 2. Create a service user "import_user" with Access Token Type "Bearer"
 3. Create a [personal access token](/docs/guides/integrate/service-users/personal-access-token)
-4. Go to the global instance settings
+4. Go to the Default settings
 5. Add the import_user as [manager](/docs/guides/manage/console/managers) with the role "IAM Owner"
 Save the PAT to the environment variabel `PAT_EXPORT_TOKEN` and the source domain as `ZITADEL_EXPORT_DOMAIN` to run the following scripts.
@ -47,7 +47,7 @@ Save the PAT to the environment variabel `PAT_EXPORT_TOKEN` and the source domai
 1. Go to your default organization
 2. Create a service user "export_user" with Access Token Type "Bearer"
 3. Create a [personal access token](/docs/guides/integrate/service-users/personal-access-token)
-4. Go to the global instance settings
+4. Go to the Default settings
 5. Add the export_user as [manager](/docs/guides/manage/console/managers) with the role "IAM Owner"
 Save the PAT to the environment variabel `PAT_IMPORT_TOKEN` and the source domain as `ZITADEL_IMPORT_DOMAIN` to run the following scripts.
@ -79,7 +79,7 @@ curl  --request POST \
 ```
 | Field            | Type            | Description                                                                                                                                                        |
-| --- | --- | --- |
+| ---------------- | --------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------ |
 | org_ids          | list of strings | provide a list of organizationIDs to select which organizations should be exported (eg, `[ "70669144072186707", "70671105999825752" ]`); leave empty to export all |
 | excluded_org_ids | list of strings | to exclude several organization, if for example no organizations are selected                                                                                      |
 | with_passwords   | bool            | to include the hashed_passwords of the users in the export                                                                                                         |
@ -107,7 +107,7 @@ curl --request POST \
 ```
 | Field       | Type            | Description                             |
-| --- | --- | --- |
+| ----------- | --------------- | --------------------------------------- |
 | timeout     | duration string | timeout of the call to import the data  |
 | data_orgsv1 | string          | data which was exported from ZITADEL V1 |
@ -142,7 +142,7 @@ curl  --request POST \
 ```
 | Field            | Type                    | Description                                                                                                                                                        |
-| --- | --- | --- |
+| ---------------- | ----------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------ |
 | org_ids          | list of strings         | provide a list of organizationIDs to select which organizations should be exported (eg, `[ "70669144072186707", "70671105999825752" ]`); leave empty to export all |
 | excluded_org_ids | list of strings         | to exclude several organization, if for example no organizations are selected                                                                                      |
 | with_passwords   | bool                    | to include the hashed_passwords of the users in the export                                                                                                         |
@ -153,7 +153,7 @@ curl  --request POST \
 data_orgsv1_gcs object:
 | Field               | Type   | Description                                                       |
-| --- | --- | --- |
+| ------------------- | ------ | ----------------------------------------------------------------- |
 | path                | string | path to the output file on GCS                                    |
 | bucket              | string | used bucket for output on GCS                                     |
 | serviceaccount_json | string | base64-encoded serviceaccount.json used to output the file on GCS |
@ -183,14 +183,14 @@ curl --request POST \
 ```
 | Field           | Type                    | Description                            |
-| --- | --- | --- |
+| --------------- | ----------------------- | -------------------------------------- |
 | timeout         | duration string         | timeout of the call to import the data |
 | data_orgsv1_gcs | object(data_orgsv1_gcs) | to read the export from GCS directly   |
 data_orgsv1_gcs object:
 | Field               | Type   | Description                                                       |
-| --- | --- | --- |
+| ------------------- | ------ | ----------------------------------------------------------------- |
 | path                | string | path to the exported file on GCS                                  |
 | bucket              | string | used bucket to read from GCS                                      |
 | serviceaccount_json | string | base64-encoded serviceaccount.json used to read the file from GCS |
--- a/docs/docs/self-hosting/deploy/docker-compose-sa.yaml
+++ b/docs/docs/self-hosting/deploy/docker-compose-sa.yaml
@ -44,8 +44,6 @@ services:
      timeout: '30s'
      retries: 5
      start_period: '20s'
    ports:
      - '5432:5432'
 networks:
  zitadel:
--- a/docs/docs/self-hosting/deploy/docker-compose.yaml
+++ b/docs/docs/self-hosting/deploy/docker-compose.yaml
@ -39,8 +39,6 @@ services:
      timeout: '30s'
      retries: 5
      start_period: '20s'
    ports:
      - '5432:5432'
 networks:
  zitadel:
--- a/docs/docs/self-hosting/deploy/loadbalancing-example/docker-compose.yaml
+++ b/docs/docs/self-hosting/deploy/loadbalancing-example/docker-compose.yaml
@ -31,8 +31,6 @@ services:
    environment:
      - POSTGRES_USER=root
      - POSTGRES_PASSWORD=postgres
    ports:
      - '5432:5432'
    networks:
      - 'zitadel'
    healthcheck:
--- a/docs/docs/self-hosting/manage/configure/docker-compose.yaml
+++ b/docs/docs/self-hosting/manage/configure/docker-compose.yaml
@ -20,8 +20,6 @@ services:
    environment:
      - POSTGRES_USER=root
      - POSTGRES_PASSWORD=postgres
    ports:
      - '5432:5432'
    networks:
      - 'zitadel'
    healthcheck:
--- a/docs/docs/self-hosting/manage/reverseproxy/docker-compose.yaml
+++ b/docs/docs/self-hosting/manage/reverseproxy/docker-compose.yaml
@ -133,8 +133,6 @@ services:
      timeout: 60s
      retries: 10
      start_period: 5s
    ports:
      - '5432:5432'
    networks:
      - 'zitadel'
    volumes:
--- a/go.mod
+++ b/go.mod
@ -59,7 +59,7 @@ require (
 	github.com/ttacon/libphonenumber v1.2.1
 	github.com/zitadel/logging v0.6.0
 	github.com/zitadel/oidc/v3 v3.25.0
-	github.com/zitadel/passwap v0.5.0
+	github.com/zitadel/passwap v0.6.0
 	github.com/zitadel/saml v0.1.3
 	github.com/zitadel/schema v1.3.0
 	go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.52.0
--- a/go.sum
+++ b/go.sum
@ -731,8 +731,8 @@ github.com/zitadel/logging v0.6.0 h1:t5Nnt//r+m2ZhhoTmoPX+c96pbMarqJvW1Vq6xFTank
 github.com/zitadel/logging v0.6.0/go.mod h1:Y4CyAXHpl3Mig6JOszcV5Rqqsojj+3n7y2F591Mp/ow=
 github.com/zitadel/oidc/v3 v3.25.0 h1:DosOUc31IPM9ZtKaT58+0iNicwDFTFk5Ctt7mgYtsA8=
 github.com/zitadel/oidc/v3 v3.25.0/go.mod h1:UDwD+PRFbUBzabyPd9JORrakty3/wec7VpKZYi9Ahh0=
-github.com/zitadel/passwap v0.5.0 h1:kFMoRyo0GnxtOz7j9+r/CsRwSCjHGRaAKoUe69NwPvs=
+github.com/zitadel/passwap v0.6.0 h1:m9F3epFC0VkBXu25rihSLGyHvWiNlCzU5kk8RoI+SXQ=
-github.com/zitadel/passwap v0.5.0/go.mod h1:uqY7D3jqdTFcKsW0Q3Pcv5qDMmSHpVTzUZewUKC1KZA=
+github.com/zitadel/passwap v0.6.0/go.mod h1:kqAiJ4I4eZvm3Y6oAk6hlEqlZZOkjMHraGXF90GG7LI=
 github.com/zitadel/saml v0.1.3 h1:LI4DOCVyyU1qKPkzs3vrGcA5J3H4pH3+CL9zr9ShkpM=
 github.com/zitadel/saml v0.1.3/go.mod h1:MdkjyU3mwnTuh4lNnhPG+RyZL/VfzD72wUG/eWWBaXc=
 github.com/zitadel/schema v1.3.0 h1:kQ9W9tvIwZICCKWcMvCEweXET1OcOyGEuFbHs4o5kg0=
--- a/internal/crypto/passwap.go
+++ b/internal/crypto/passwap.go
@ -1,7 +1,9 @@
 package crypto
 import (
 	"encoding/hex"
 	"fmt"
 	"slices"
 	"strings"
 	"github.com/mitchellh/mapstructure"
@ -9,6 +11,7 @@ import (
 	"github.com/zitadel/passwap/argon2"
 	"github.com/zitadel/passwap/bcrypt"
 	"github.com/zitadel/passwap/md5"
 	"github.com/zitadel/passwap/md5plain"
 	"github.com/zitadel/passwap/pbkdf2"
 	"github.com/zitadel/passwap/scrypt"
 	"github.com/zitadel/passwap/verifier"
@ -19,6 +22,7 @@ import (
 type Hasher struct {
 	*passwap.Swapper
 	Prefixes     []string
 	HexSupported bool
 }
 func (h *Hasher) EncodingSupported(encodedHash string) bool {
@ -27,6 +31,12 @@ func (h *Hasher) EncodingSupported(encodedHash string) bool {
 			return true
 		}
 	}
 	if h.HexSupported {
 		_, err := hex.DecodeString(encodedHash)
 		if err == nil {
 			return true
 		}
 	}
 	return false
 }
@ -38,6 +48,7 @@ const (
 	HashNameArgon2id HashName = "argon2id" // hash only
 	HashNameBcrypt   HashName = "bcrypt"   // hash and verify
 	HashNameMd5      HashName = "md5"      // verify only, as hashing with md5 is insecure and deprecated
 	HashNameMd5Plain HashName = "md5plain" // verify only, as hashing with md5 is insecure and deprecated
 	HashNameScrypt   HashName = "scrypt"   // hash and verify
 	HashNamePBKDF2   HashName = "pbkdf2"   // hash and verify
 )
@ -71,6 +82,7 @@ func (c *HashConfig) NewHasher() (*Hasher, error) {
 	return &Hasher{
 		Swapper:      passwap.NewSwapper(hasher, verifiers...),
 		Prefixes:     append(hPrefixes, vPrefixes...),
 		HexSupported: slices.Contains(c.Verifiers, HashNameMd5Plain),
 	}, nil
 }
@ -95,6 +107,10 @@ var knowVerifiers = map[HashName]prefixVerifier{
 		prefixes: []string{md5.Prefix},
 		verifier: md5.Verifier,
 	},
 	HashNameMd5Plain: {
 		prefixes: nil, // hex encoded without identifier or prefix
 		verifier: md5plain.Verifier,
 	},
 	HashNameScrypt: {
 		prefixes: []string{scrypt.Prefix, scrypt.Prefix_Linux},
 		verifier: scrypt.Verifier,
--- a/internal/idp/providers/ldap/session.go
+++ b/internal/idp/providers/ldap/session.go
@ -10,6 +10,7 @@ import (
 	"time"
 	"github.com/go-ldap/ldap/v3"
 	"github.com/zitadel/logging"
 	"golang.org/x/text/language"
 	"github.com/zitadel/zitadel/internal/domain"
@ -172,12 +173,14 @@ func trySearchAndUserBind(
 		return nil, err
 	}
 	if len(sr.Entries) != 1 {
 		logging.WithFields("entries", len(sr.Entries)).Info("ldap: no single user found")
 		return nil, ErrNoSingleUser
 	}
 	user := sr.Entries[0]
 	// Bind as the user to verify their password
 	if err = conn.Bind(user.DN, password); err != nil {
 		logging.WithFields("userDN", user.DN).WithError(err).Info("ldap user bind failed")
 		return nil, ErrFailedLogin
 	}
 	return user, nil
--- a/release-channels.yaml
+++ b/release-channels.yaml
@ -1 +1 @@
-stable: "v2.48.5"
+stable: "v2.49.5"