diff --git a/.eslintrc.cjs b/.eslintrc.cjs
index 57c6b19600..cf3ff53b30 100644
--- a/.eslintrc.cjs
+++ b/.eslintrc.cjs
@@ -326,6 +326,7 @@ module.exports = {
     '@typescript-eslint/no-unnecessary-type-arguments': [0],
     '@typescript-eslint/no-unnecessary-type-assertion': [2],
     '@typescript-eslint/no-unnecessary-type-constraint': [2],
+    '@typescript-eslint/no-unnecessary-type-conversion': [2],
     '@typescript-eslint/no-unsafe-argument': [0],
     '@typescript-eslint/no-unsafe-assignment': [0],
     '@typescript-eslint/no-unsafe-call': [0],
@@ -645,7 +646,7 @@ module.exports = {
     'no-multi-str': [2],
     'no-negated-condition': [0],
     'no-nested-ternary': [0],
-    'no-new-func': [2],
+    'no-new-func': [0], // handled by @typescript-eslint/no-implied-eval
     'no-new-native-nonconstructor': [2],
     'no-new-object': [2],
     'no-new-symbol': [2],
diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md
index 11c99d1e3a..96e05c578f 100644
--- a/CONTRIBUTING.md
+++ b/CONTRIBUTING.md
@@ -591,7 +591,7 @@ be reviewed by two maintainers and must pass the automatic tests.
 ## Releasing Gitea
 
 - Let $vmaj, $vmin and $vpat be Major, Minor and Patch version numbers, $vpat should be rc1, rc2, 0, 1, ...... $vmaj.$vmin will be kept the same as milestones on github or gitea in future.
-- Before releasing, confirm all the version's milestone issues or PRs has been resolved. Then discuss the release on Discord channel #maintainers and get agreed with almost all the owners and mergers. Or you can declare the version and if nobody against in about serval hours.
+- Before releasing, confirm all the version's milestone issues or PRs has been resolved. Then discuss the release on Discord channel #maintainers and get agreed with almost all the owners and mergers. Or you can declare the version and if nobody is against it in about several hours.
 - If this is a big version first you have to create PR for changelog on branch `main` with PRs with label `changelog` and after it has been merged do following steps:
   - Create `-dev` tag as `git tag -s -F release.notes v$vmaj.$vmin.0-dev` and push the tag as `git push origin v$vmaj.$vmin.0-dev`.
   - When CI has finished building tag then you have to create a new branch named `release/v$vmaj.$vmin`
diff --git a/Dockerfile b/Dockerfile
index c9e6a2d3db..f852cf4235 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -39,7 +39,6 @@ RUN chmod 755 /tmp/local/usr/bin/entrypoint \
               /tmp/local/etc/s6/.s6-svscan/* \
               /go/src/code.gitea.io/gitea/gitea \
               /go/src/code.gitea.io/gitea/environment-to-ini
-RUN chmod 644 /go/src/code.gitea.io/gitea/contrib/autocompletion/bash_autocomplete
 
 FROM docker.io/library/alpine:3.22
 LABEL maintainer="maintainers@gitea.io"
@@ -83,4 +82,3 @@ CMD ["/usr/bin/s6-svscan", "/etc/s6"]
 COPY --from=build-env /tmp/local /
 COPY --from=build-env /go/src/code.gitea.io/gitea/gitea /app/gitea/gitea
 COPY --from=build-env /go/src/code.gitea.io/gitea/environment-to-ini /usr/local/bin/environment-to-ini
-COPY --from=build-env /go/src/code.gitea.io/gitea/contrib/autocompletion/bash_autocomplete /etc/profile.d/gitea_bash_autocomplete.sh
diff --git a/Dockerfile.rootless b/Dockerfile.rootless
index 558e6cf73b..f955edc667 100644
--- a/Dockerfile.rootless
+++ b/Dockerfile.rootless
@@ -37,7 +37,6 @@ RUN chmod 755 /tmp/local/usr/local/bin/docker-entrypoint.sh \
               /tmp/local/usr/local/bin/gitea \
               /go/src/code.gitea.io/gitea/gitea \
               /go/src/code.gitea.io/gitea/environment-to-ini
-RUN chmod 644 /go/src/code.gitea.io/gitea/contrib/autocompletion/bash_autocomplete
 
 FROM docker.io/library/alpine:3.22
 LABEL maintainer="maintainers@gitea.io"
@@ -72,7 +71,6 @@ RUN chown git:git /var/lib/gitea /etc/gitea
 COPY --from=build-env /tmp/local /
 COPY --from=build-env --chown=root:root /go/src/code.gitea.io/gitea/gitea /app/gitea/gitea
 COPY --from=build-env --chown=root:root /go/src/code.gitea.io/gitea/environment-to-ini /usr/local/bin/environment-to-ini
-COPY --from=build-env /go/src/code.gitea.io/gitea/contrib/autocompletion/bash_autocomplete /etc/profile.d/gitea_bash_autocomplete.sh
 
 # git:git
 USER 1000:1000
diff --git a/cmd/admin_auth_oauth.go b/cmd/admin_auth_oauth.go
index d1aa753500..8848c94fc5 100644
--- a/cmd/admin_auth_oauth.go
+++ b/cmd/admin_auth_oauth.go
@@ -87,6 +87,14 @@ func oauthCLIFlags() []cli.Flag {
 			Value: nil,
 			Usage: "Scopes to request when to authenticate against this OAuth2 source",
 		},
+		&cli.StringFlag{
+			Name:  "ssh-public-key-claim-name",
+			Usage: "Claim name that provides SSH public keys",
+		},
+		&cli.StringFlag{
+			Name:  "full-name-claim-name",
+			Usage: "Claim name that provides user's full name",
+		},
 		&cli.StringFlag{
 			Name:  "required-claim-name",
 			Value: "",
@@ -177,6 +185,8 @@ func parseOAuth2Config(c *cli.Command) *oauth2.Source {
 		RestrictedGroup:               c.String("restricted-group"),
 		GroupTeamMap:                  c.String("group-team-map"),
 		GroupTeamMapRemoval:           c.Bool("group-team-map-removal"),
+		SSHPublicKeyClaimName:         c.String("ssh-public-key-claim-name"),
+		FullNameClaimName:             c.String("full-name-claim-name"),
 	}
 }
 
@@ -268,6 +278,12 @@ func (a *authService) runUpdateOauth(ctx context.Context, c *cli.Command) error
 	if c.IsSet("group-team-map-removal") {
 		oAuth2Config.GroupTeamMapRemoval = c.Bool("group-team-map-removal")
 	}
+	if c.IsSet("ssh-public-key-claim-name") {
+		oAuth2Config.SSHPublicKeyClaimName = c.String("ssh-public-key-claim-name")
+	}
+	if c.IsSet("full-name-claim-name") {
+		oAuth2Config.FullNameClaimName = c.String("full-name-claim-name")
+	}
 
 	// update custom URL mapping
 	customURLMapping := &oauth2.CustomURLMapping{}
diff --git a/cmd/admin_auth_oauth_test.go b/cmd/admin_auth_oauth_test.go
index df1bd9c1a6..bb9da667fd 100644
--- a/cmd/admin_auth_oauth_test.go
+++ b/cmd/admin_auth_oauth_test.go
@@ -88,6 +88,8 @@ func TestAddOauth(t *testing.T) {
 				"--restricted-group", "restricted",
 				"--group-team-map", `{"group1": [1,2]}`,
 				"--group-team-map-removal=true",
+				"--ssh-public-key-claim-name", "attr_ssh_pub_key",
+				"--full-name-claim-name", "attr_full_name",
 			},
 			source: &auth_model.Source{
 				Type:     auth_model.OAuth2,
@@ -104,15 +106,17 @@ func TestAddOauth(t *testing.T) {
 						EmailURL:   "https://example.com/email",
 						Tenant:     "some_tenant",
 					},
-					IconURL:             "https://example.com/icon",
-					Scopes:              []string{"scope1", "scope2"},
-					RequiredClaimName:   "claim_name",
-					RequiredClaimValue:  "claim_value",
-					GroupClaimName:      "group_name",
-					AdminGroup:          "admin",
-					RestrictedGroup:     "restricted",
-					GroupTeamMap:        `{"group1": [1,2]}`,
-					GroupTeamMapRemoval: true,
+					IconURL:               "https://example.com/icon",
+					Scopes:                []string{"scope1", "scope2"},
+					RequiredClaimName:     "claim_name",
+					RequiredClaimValue:    "claim_value",
+					GroupClaimName:        "group_name",
+					AdminGroup:            "admin",
+					RestrictedGroup:       "restricted",
+					GroupTeamMap:          `{"group1": [1,2]}`,
+					GroupTeamMapRemoval:   true,
+					SSHPublicKeyClaimName: "attr_ssh_pub_key",
+					FullNameClaimName:     "attr_full_name",
 				},
 				TwoFactorPolicy: "skip",
 			},
@@ -223,15 +227,17 @@ func TestUpdateOauth(t *testing.T) {
 						EmailURL:   "https://old.example.com/email",
 						Tenant:     "old_tenant",
 					},
-					IconURL:             "https://old.example.com/icon",
-					Scopes:              []string{"old_scope1", "old_scope2"},
-					RequiredClaimName:   "old_claim_name",
-					RequiredClaimValue:  "old_claim_value",
-					GroupClaimName:      "old_group_name",
-					AdminGroup:          "old_admin",
-					RestrictedGroup:     "old_restricted",
-					GroupTeamMap:        `{"old_group1": [1,2]}`,
-					GroupTeamMapRemoval: true,
+					IconURL:               "https://old.example.com/icon",
+					Scopes:                []string{"old_scope1", "old_scope2"},
+					RequiredClaimName:     "old_claim_name",
+					RequiredClaimValue:    "old_claim_value",
+					GroupClaimName:        "old_group_name",
+					AdminGroup:            "old_admin",
+					RestrictedGroup:       "old_restricted",
+					GroupTeamMap:          `{"old_group1": [1,2]}`,
+					GroupTeamMapRemoval:   true,
+					SSHPublicKeyClaimName: "old_ssh_pub_key",
+					FullNameClaimName:     "old_full_name",
 				},
 				TwoFactorPolicy: "",
 			},
@@ -257,6 +263,8 @@ func TestUpdateOauth(t *testing.T) {
 				"--restricted-group", "restricted",
 				"--group-team-map", `{"group1": [1,2]}`,
 				"--group-team-map-removal=false",
+				"--ssh-public-key-claim-name", "new_ssh_pub_key",
+				"--full-name-claim-name", "new_full_name",
 			},
 			authSource: &auth_model.Source{
 				ID:       1,
@@ -274,15 +282,17 @@ func TestUpdateOauth(t *testing.T) {
 						EmailURL:   "https://example.com/email",
 						Tenant:     "new_tenant",
 					},
-					IconURL:             "https://example.com/icon",
-					Scopes:              []string{"scope1", "scope2"},
-					RequiredClaimName:   "claim_name",
-					RequiredClaimValue:  "claim_value",
-					GroupClaimName:      "group_name",
-					AdminGroup:          "admin",
-					RestrictedGroup:     "restricted",
-					GroupTeamMap:        `{"group1": [1,2]}`,
-					GroupTeamMapRemoval: false,
+					IconURL:               "https://example.com/icon",
+					Scopes:                []string{"scope1", "scope2"},
+					RequiredClaimName:     "claim_name",
+					RequiredClaimValue:    "claim_value",
+					GroupClaimName:        "group_name",
+					AdminGroup:            "admin",
+					RestrictedGroup:       "restricted",
+					GroupTeamMap:          `{"group1": [1,2]}`,
+					GroupTeamMapRemoval:   false,
+					SSHPublicKeyClaimName: "new_ssh_pub_key",
+					FullNameClaimName:     "new_full_name",
 				},
 				TwoFactorPolicy: "skip",
 			},
diff --git a/cmd/hook.go b/cmd/hook.go
index 2ce272b411..b741127ca3 100644
--- a/cmd/hook.go
+++ b/cmd/hook.go
@@ -32,6 +32,7 @@ var (
 	CmdHook = &cli.Command{
 		Name:        "hook",
 		Usage:       "(internal) Should only be called by Git",
+		Hidden:      true, // internal commands shouldn't be visible
 		Description: "Delegate commands to corresponding Git hooks",
 		Before:      PrepareConsoleLoggerLevel(log.FATAL),
 		Commands: []*cli.Command{
diff --git a/cmd/keys.go b/cmd/keys.go
index 8710756a81..5ca3b91e15 100644
--- a/cmd/keys.go
+++ b/cmd/keys.go
@@ -19,6 +19,7 @@ import (
 var CmdKeys = &cli.Command{
 	Name:        "keys",
 	Usage:       "(internal) Should only be called by SSH server",
+	Hidden:      true, // internal commands shouldn't not be visible
 	Description: "Queries the Gitea database to get the authorized command for a given ssh key fingerprint",
 	Before:      PrepareConsoleLoggerLevel(log.FATAL),
 	Action:      runKeys,
diff --git a/cmd/main.go b/cmd/main.go
index 3b8a8a9311..3fdaf48ed9 100644
--- a/cmd/main.go
+++ b/cmd/main.go
@@ -6,6 +6,7 @@ package cmd
 import (
 	"context"
 	"fmt"
+	"io"
 	"os"
 	"strings"
 
@@ -15,26 +16,28 @@ import (
 	"github.com/urfave/cli/v3"
 )
 
-// cmdHelp is our own help subcommand with more information
-// Keep in mind that the "./gitea help"(subcommand) is different from "./gitea --help"(flag), the flag doesn't parse the config or output "DEFAULT CONFIGURATION:" information
-func cmdHelp() *cli.Command {
-	c := &cli.Command{
-		Name:      "help",
-		Aliases:   []string{"h"},
-		Usage:     "Shows a list of commands or help for one command",
-		ArgsUsage: "[command]",
-		Action: func(ctx context.Context, c *cli.Command) (err error) {
-			lineage := c.Lineage() // The order is from child to parent: help, doctor, Gitea
-			targetCmdIdx := 0
-			if c.Name == "help" {
-				targetCmdIdx = 1
-			}
-			if lineage[targetCmdIdx] != lineage[targetCmdIdx].Root() {
-				err = cli.ShowCommandHelp(ctx, lineage[targetCmdIdx+1] /* parent cmd */, lineage[targetCmdIdx].Name /* sub cmd */)
-			} else {
-				err = cli.ShowAppHelp(c)
-			}
-			_, _ = fmt.Fprintf(c.Root().Writer, `
+var cliHelpPrinterOld = cli.HelpPrinter
+
+func init() {
+	cli.HelpPrinter = cliHelpPrinterNew
+}
+
+// cliHelpPrinterNew helps to print "DEFAULT CONFIGURATION" for the following cases ( "-c" can apper in any position):
+// * ./gitea -c /dev/null -h
+// * ./gitea -c help /dev/null help
+// * ./gitea help -c /dev/null
+// * ./gitea help -c /dev/null web
+// * ./gitea help web -c /dev/null
+// * ./gitea web help -c /dev/null
+// * ./gitea web -h -c /dev/null
+func cliHelpPrinterNew(out io.Writer, templ string, data any) {
+	cmd, _ := data.(*cli.Command)
+	if cmd != nil {
+		prepareWorkPathAndCustomConf(cmd)
+	}
+	cliHelpPrinterOld(out, templ, data)
+	if setting.CustomConf != "" {
+		_, _ = fmt.Fprintf(out, `
 DEFAULT CONFIGURATION:
    AppPath:    %s
    WorkPath:   %s
@@ -42,77 +45,36 @@ DEFAULT CONFIGURATION:
    ConfigFile: %s
 
 `, setting.AppPath, setting.AppWorkPath, setting.CustomPath, setting.CustomConf)
-			return err
-		},
-	}
-	return c
-}
-
-func appGlobalFlags() []cli.Flag {
-	return []cli.Flag{
-		// make the builtin flags at the top
-		cli.HelpFlag,
-
-		// shared configuration flags, they are for global and for each sub-command at the same time
-		// eg: such command is valid: "./gitea --config /tmp/app.ini web --config /tmp/app.ini", while it's discouraged indeed
-		// keep in mind that the short flags like "-C", "-c" and "-w" are globally polluted, they can't be used for sub-commands anymore.
-		&cli.StringFlag{
-			Name:    "custom-path",
-			Aliases: []string{"C"},
-			Usage:   "Set custom path (defaults to '{WorkPath}/custom')",
-		},
-		&cli.StringFlag{
-			Name:    "config",
-			Aliases: []string{"c"},
-			Value:   setting.CustomConf,
-			Usage:   "Set custom config file (defaults to '{WorkPath}/custom/conf/app.ini')",
-		},
-		&cli.StringFlag{
-			Name:    "work-path",
-			Aliases: []string{"w"},
-			Usage:   "Set Gitea's working path (defaults to the Gitea's binary directory)",
-		},
 	}
 }
 
-func prepareSubcommandWithGlobalFlags(command *cli.Command) {
-	command.Flags = append(append([]cli.Flag{}, appGlobalFlags()...), command.Flags...)
-	command.Action = prepareWorkPathAndCustomConf(command.Action)
-	command.HideHelp = true
-	if command.Name != "help" {
-		command.Commands = append(command.Commands, cmdHelp())
-	}
-	for i := range command.Commands {
-		prepareSubcommandWithGlobalFlags(command.Commands[i])
-	}
-}
-
-// prepareWorkPathAndCustomConf wraps the Action to prepare the work path and custom config
-// It can't use "Before", because each level's sub-command's Before will be called one by one, so the "init" would be done multiple times
-func prepareWorkPathAndCustomConf(action cli.ActionFunc) func(context.Context, *cli.Command) error {
-	return func(ctx context.Context, cmd *cli.Command) error {
-		var args setting.ArgWorkPathAndCustomConf
-		// from children to parent, check the global flags
-		for _, curCtx := range cmd.Lineage() {
-			if curCtx.IsSet("work-path") && args.WorkPath == "" {
-				args.WorkPath = curCtx.String("work-path")
-			}
-			if curCtx.IsSet("custom-path") && args.CustomPath == "" {
-				args.CustomPath = curCtx.String("custom-path")
-			}
-			if curCtx.IsSet("config") && args.CustomConf == "" {
-				args.CustomConf = curCtx.String("config")
-			}
+func prepareSubcommandWithGlobalFlags(originCmd *cli.Command) {
+	originBefore := originCmd.Before
+	originCmd.Before = func(ctx context.Context, cmd *cli.Command) (context.Context, error) {
+		prepareWorkPathAndCustomConf(cmd)
+		if originBefore != nil {
+			return originBefore(ctx, cmd)
 		}
-		setting.InitWorkPathAndCommonConfig(os.Getenv, args)
-		if cmd.Bool("help") || action == nil {
-			// the default behavior of "urfave/cli": "nil action" means "show help"
-			return cmdHelp().Action(ctx, cmd)
-		}
-		return action(ctx, cmd)
+		return ctx, nil
 	}
 }
 
+// prepareWorkPathAndCustomConf tries to prepare the work path, custom path and custom config from various inputs:
+// command line flags, environment variables, config file
+func prepareWorkPathAndCustomConf(cmd *cli.Command) {
+	var args setting.ArgWorkPathAndCustomConf
+	if cmd.IsSet("work-path") {
+		args.WorkPath = cmd.String("work-path")
+	}
+	if cmd.IsSet("custom-path") {
+		args.CustomPath = cmd.String("custom-path")
+	}
+	if cmd.IsSet("config") {
+		args.CustomConf = cmd.String("config")
+	}
+	setting.InitWorkPathAndCommonConfig(os.Getenv, args)
+}
+
 type AppVersion struct {
 	Version string
 	Extra   string
@@ -125,10 +87,29 @@ func NewMainApp(appVer AppVersion) *cli.Command {
 	app.Description = `Gitea program contains "web" and other subcommands. If no subcommand is given, it starts the web server by default. Use "web" subcommand for more web server arguments, use other subcommands for other purposes.`
 	app.Version = appVer.Version + appVer.Extra
 	app.EnableShellCompletion = true
-
-	// these sub-commands need to use config file
+	app.Flags = []cli.Flag{
+		&cli.StringFlag{
+			Name:      "work-path",
+			Aliases:   []string{"w"},
+			TakesFile: true,
+			Usage:     "Set Gitea's working path (defaults to the Gitea's binary directory)",
+		},
+		&cli.StringFlag{
+			Name:      "config",
+			Aliases:   []string{"c"},
+			TakesFile: true,
+			Value:     setting.CustomConf,
+			Usage:     "Set custom config file (defaults to '{WorkPath}/custom/conf/app.ini')",
+		},
+		&cli.StringFlag{
+			Name:      "custom-path",
+			Aliases:   []string{"C"},
+			TakesFile: true,
+			Usage:     "Set custom path (defaults to '{WorkPath}/custom')",
+		},
+	}
+	// these sub-commands need to use a config file
 	subCmdWithConfig := []*cli.Command{
-		cmdHelp(), // the "help" sub-command was used to show the more information for "work path" and "custom config"
 		CmdWeb,
 		CmdServ,
 		CmdHook,
@@ -156,9 +137,6 @@ func NewMainApp(appVer AppVersion) *cli.Command {
 	// but not sure whether it would break Windows users who used to double-click the EXE to run.
 	app.DefaultCommand = CmdWeb.Name
 
-	app.Flags = append(app.Flags, cli.VersionFlag)
-	app.Flags = append(app.Flags, appGlobalFlags()...)
-	app.HideHelp = true // use our own help action to show helps (with more information like default config)
 	app.Before = PrepareConsoleLoggerLevel(log.INFO)
 	for i := range subCmdWithConfig {
 		prepareSubcommandWithGlobalFlags(subCmdWithConfig[i])
diff --git a/cmd/main_test.go b/cmd/main_test.go
index 7dfa87a0ef..d49ebfd4df 100644
--- a/cmd/main_test.go
+++ b/cmd/main_test.go
@@ -74,12 +74,56 @@ func TestCliCmd(t *testing.T) {
 		cmd string
 		exp string
 	}{
-		// main command help
+		// help commands
+		{
+			cmd: "./gitea -h",
+			exp: "DEFAULT CONFIGURATION:",
+		},
 		{
 			cmd: "./gitea help",
 			exp: "DEFAULT CONFIGURATION:",
 		},
 
+		{
+			cmd: "./gitea -c /dev/null -h",
+			exp: "ConfigFile: /dev/null",
+		},
+
+		{
+			cmd: "./gitea -c /dev/null help",
+			exp: "ConfigFile: /dev/null",
+		},
+		{
+			cmd: "./gitea help -c /dev/null",
+			exp: "ConfigFile: /dev/null",
+		},
+
+		{
+			cmd: "./gitea -c /dev/null test-cmd -h",
+			exp: "ConfigFile: /dev/null",
+		},
+		{
+			cmd: "./gitea test-cmd -c /dev/null -h",
+			exp: "ConfigFile: /dev/null",
+		},
+		{
+			cmd: "./gitea test-cmd -h -c /dev/null",
+			exp: "ConfigFile: /dev/null",
+		},
+
+		{
+			cmd: "./gitea -c /dev/null test-cmd help",
+			exp: "ConfigFile: /dev/null",
+		},
+		{
+			cmd: "./gitea test-cmd -c /dev/null help",
+			exp: "ConfigFile: /dev/null",
+		},
+		{
+			cmd: "./gitea test-cmd help -c /dev/null",
+			exp: "ConfigFile: /dev/null",
+		},
+
 		// parse paths
 		{
 			cmd: "./gitea test-cmd",
diff --git a/cmd/serv.go b/cmd/serv.go
index 8c6001e727..38c79f68cd 100644
--- a/cmd/serv.go
+++ b/cmd/serv.go
@@ -41,6 +41,7 @@ var CmdServ = &cli.Command{
 	Name:        "serv",
 	Usage:       "(internal) Should only be called by SSH shell",
 	Description: "Serv provides access auth for repositories",
+	Hidden:      true, // Internal commands shouldn't be visible in help
 	Before:      PrepareConsoleLoggerLevel(log.FATAL),
 	Action:      runServ,
 	Flags: []cli.Flag{
diff --git a/contrib/autocompletion/README b/contrib/autocompletion/README
deleted file mode 100644
index 1defd219d8..0000000000
--- a/contrib/autocompletion/README
+++ /dev/null
@@ -1,17 +0,0 @@
-Bash and Zsh completion
-=======================
-
-From within the gitea root run:
-
-```bash
-source contrib/autocompletion/bash_autocomplete
-```
-
-or for zsh run:
-
-```bash
-source contrib/autocompletion/zsh_autocomplete
-```
-
-These scripts will check if gitea is on the path and if so add autocompletion for `gitea`. Or if not autocompletion will work for `./gitea`.
-If gitea has been installed as a different program pass in the `PROG` environment variable to set the correct program name.
diff --git a/contrib/autocompletion/bash_autocomplete b/contrib/autocompletion/bash_autocomplete
deleted file mode 100755
index 5cb62f26a7..0000000000
--- a/contrib/autocompletion/bash_autocomplete
+++ /dev/null
@@ -1,30 +0,0 @@
-#! /bin/bash
-# Heavily inspired by https://github.com/urfave/cli
-
-_cli_bash_autocomplete() {
-  if [[ "${COMP_WORDS[0]}" != "source" ]]; then
-    local cur opts base
-    COMPREPLY=()
-    cur="${COMP_WORDS[COMP_CWORD]}"
-    if [[ "$cur" == "-"* ]]; then
-      opts=$( ${COMP_WORDS[@]:0:$COMP_CWORD} ${cur} --generate-bash-completion )
-    else
-      opts=$( ${COMP_WORDS[@]:0:$COMP_CWORD} --generate-bash-completion )
-    fi
-    COMPREPLY=( $(compgen -W "${opts}" -- ${cur}) )
-    return 0
-  fi
-}
-
-if [ -z "$PROG" ] && [ ! "$(command -v gitea &> /dev/null)" ] ; then
-  complete -o bashdefault -o default -o nospace -F _cli_bash_autocomplete gitea
-elif [ -z "$PROG" ]; then
-  complete -o bashdefault -o default -o nospace -F _cli_bash_autocomplete ./gitea
-  complete -o bashdefault -o default -o nospace -F _cli_bash_autocomplete "$PWD/gitea"
-else
-  complete -o bashdefault -o default -o nospace -F _cli_bash_autocomplete "$PROG"
-  unset PROG
-fi
-
-
-
diff --git a/contrib/autocompletion/zsh_autocomplete b/contrib/autocompletion/zsh_autocomplete
deleted file mode 100644
index b3b40df503..0000000000
--- a/contrib/autocompletion/zsh_autocomplete
+++ /dev/null
@@ -1,30 +0,0 @@
-#compdef ${PROG:=gitea}
-
-
-# Heavily inspired by https://github.com/urfave/cli
-
-_cli_zsh_autocomplete() {
-
-  local -a opts
-  local cur
-  cur=${words[-1]}
-  if [[ "$cur" == "-"* ]]; then
-    opts=("${(@f)$(_CLI_ZSH_AUTOCOMPLETE_HACK=1 ${words[@]:0:#words[@]-1} ${cur} --generate-bash-completion)}")
-  else
-    opts=("${(@f)$(_CLI_ZSH_AUTOCOMPLETE_HACK=1 ${words[@]:0:#words[@]-1} --generate-bash-completion)}")
-  fi
-
-  if [[ "${opts[1]}" != "" ]]; then
-    _describe 'values' opts
-  else
-    _files
-  fi
-
-  return
-}
-
-if [ -z $PROG ] ; then
-  compdef _cli_zsh_autocomplete gitea
-else
-  compdef _cli_zsh_autocomplete $(basename $PROG)
-fi
diff --git a/go.mod b/go.mod
index afe7c990e4..8b8d61dc65 100644
--- a/go.mod
+++ b/go.mod
@@ -1,6 +1,6 @@
 module code.gitea.io/gitea
 
-go 1.24.4
+go 1.24.5
 
 // rfc5280 said: "The serial number is an integer assigned by the CA to each certificate."
 // But some CAs use negative serial number, just relax the check. related:
diff --git a/models/asymkey/gpg_key_commit_verification.go b/models/asymkey/gpg_key_commit_verification.go
index 39ec893606..b85374e073 100644
--- a/models/asymkey/gpg_key_commit_verification.go
+++ b/models/asymkey/gpg_key_commit_verification.go
@@ -15,25 +15,6 @@ import (
 	"github.com/ProtonMail/go-crypto/openpgp/packet"
 )
 
-//   __________________  ________   ____  __.
-//  /  _____/\______   \/  _____/  |    |/ _|____ ___.__.
-// /   \  ___ |     ___/   \  ___  |      <_/ __ <   |  |
-// \    \_\  \|    |   \    \_\  \ |    |  \  ___/\___  |
-//  \______  /|____|    \______  / |____|__ \___  > ____|
-//         \/                  \/          \/   \/\/
-// _________                        .__  __
-// \_   ___ \  ____   _____   _____ |__|/  |_
-// /    \  \/ /  _ \ /     \ /     \|  \   __\
-// \     \___(  <_> )  Y Y  \  Y Y  \  ||  |
-//  \______  /\____/|__|_|  /__|_|  /__||__|
-//         \/             \/      \/
-// ____   ____           .__  _____.__               __  .__
-// \   \ /   /___________|__|/ ____\__| ____ _____ _/  |_|__| ____   ____
-//  \   Y   // __ \_  __ \  \   __\|  |/ ___\\__  \\   __\  |/  _ \ /    \
-//   \     /\  ___/|  | \/  ||  |  |  \  \___ / __ \|  | |  (  <_> )   |  \
-//    \___/  \___  >__|  |__||__|  |__|\___  >____  /__| |__|\____/|___|  /
-//               \/                        \/     \/                    \/
-
 // This file provides functions relating commit verification
 
 // CommitVerification represents a commit validation of signature
@@ -41,8 +22,8 @@ type CommitVerification struct {
 	Verified       bool
 	Warning        bool
 	Reason         string
-	SigningUser    *user_model.User
-	CommittingUser *user_model.User
+	SigningUser    *user_model.User // if Verified, then SigningUser is non-nil
+	CommittingUser *user_model.User // if Verified, then CommittingUser is non-nil
 	SigningEmail   string
 	SigningKey     *GPGKey
 	SigningSSHKey  *PublicKey
diff --git a/models/asymkey/ssh_key.go b/models/asymkey/ssh_key.go
index 7a18732c32..dd94070fb9 100644
--- a/models/asymkey/ssh_key.go
+++ b/models/asymkey/ssh_key.go
@@ -355,13 +355,13 @@ func AddPublicKeysBySource(ctx context.Context, usr *user_model.User, s *auth.So
 	return sshKeysNeedUpdate
 }
 
-// SynchronizePublicKeys updates a users public keys. Returns true if there are changes.
+// SynchronizePublicKeys updates a user's public keys. Returns true if there are changes.
 func SynchronizePublicKeys(ctx context.Context, usr *user_model.User, s *auth.Source, sshPublicKeys []string) bool {
 	var sshKeysNeedUpdate bool
 
 	log.Trace("synchronizePublicKeys[%s]: Handling Public SSH Key synchronization for user %s", s.Name, usr.Name)
 
-	// Get Public Keys from DB with current LDAP source
+	// Get Public Keys from DB with the current auth source
 	var giteaKeys []string
 	keys, err := db.Find[PublicKey](ctx, FindPublicKeyOptions{
 		OwnerID:       usr.ID,
diff --git a/models/auth/oauth2.go b/models/auth/oauth2.go
index c2b6690116..55af4e9036 100644
--- a/models/auth/oauth2.go
+++ b/models/auth/oauth2.go
@@ -612,8 +612,8 @@ func (err ErrOAuthApplicationNotFound) Unwrap() error {
 	return util.ErrNotExist
 }
 
-// GetActiveOAuth2SourceByName returns a OAuth2 AuthSource based on the given name
-func GetActiveOAuth2SourceByName(ctx context.Context, name string) (*Source, error) {
+// GetActiveOAuth2SourceByAuthName returns a OAuth2 AuthSource based on the given name
+func GetActiveOAuth2SourceByAuthName(ctx context.Context, name string) (*Source, error) {
 	authSource := new(Source)
 	has, err := db.GetEngine(ctx).Where("name = ? and type = ? and is_active = ?", name, OAuth2, true).Get(authSource)
 	if err != nil {
diff --git a/models/auth/source.go b/models/auth/source.go
index 7d7bc0f03c..08cfc9615b 100644
--- a/models/auth/source.go
+++ b/models/auth/source.go
@@ -334,7 +334,7 @@ func UpdateSource(ctx context.Context, source *Source) error {
 
 	err = registerableSource.RegisterSource()
 	if err != nil {
-		// restore original values since we cannot update the provider it self
+		// restore original values since we cannot update the provider itself
 		if _, err := db.GetEngine(ctx).ID(source.ID).AllCols().Update(originalSource); err != nil {
 			log.Error("UpdateSource: Error while wrapOpenIDConnectInitializeError: %v", err)
 		}
diff --git a/models/git/branch.go b/models/git/branch.go
index 07c94a8ba5..6021e1101f 100644
--- a/models/git/branch.go
+++ b/models/git/branch.go
@@ -472,7 +472,7 @@ type RecentlyPushedNewBranch struct {
 // if opts.CommitAfterUnix is 0, we will find the branches that were committed to in the last 2 hours
 // if opts.ListOptions is not set, we will only display top 2 latest branches.
 // Protected branches will be skipped since they are unlikely to be used to create new PRs.
-func FindRecentlyPushedNewBranches(ctx context.Context, doer *user_model.User, opts *FindRecentlyPushedNewBranchesOptions) ([]*RecentlyPushedNewBranch, error) {
+func FindRecentlyPushedNewBranches(ctx context.Context, doer *user_model.User, opts FindRecentlyPushedNewBranchesOptions) ([]*RecentlyPushedNewBranch, error) {
 	if doer == nil {
 		return []*RecentlyPushedNewBranch{}, nil
 	}
diff --git a/models/repo/repo.go b/models/repo/repo.go
index 34d1bf55f6..2403b3b40b 100644
--- a/models/repo/repo.go
+++ b/models/repo/repo.go
@@ -652,7 +652,13 @@ func (repo *Repository) AllowsPulls(ctx context.Context) bool {
 }
 
 // CanEnableEditor returns true if repository meets the requirements of web editor.
+// FIXME: most CanEnableEditor calls should be replaced with CanContentChange
+// And all other like CanCreateBranch / CanEnablePulls should also be updated
 func (repo *Repository) CanEnableEditor() bool {
+	return repo.CanContentChange()
+}
+
+func (repo *Repository) CanContentChange() bool {
 	return !repo.IsMirror && !repo.IsArchived
 }
 
diff --git a/models/user/user.go b/models/user/user.go
index 7c871bf575..c362cbc6d2 100644
--- a/models/user/user.go
+++ b/models/user/user.go
@@ -1166,12 +1166,6 @@ func ValidateCommitsWithEmails(ctx context.Context, oldCommits []*git.Commit) ([
 
 	for _, c := range oldCommits {
 		user := emailUserMap.GetByEmail(c.Author.Email) // FIXME: why ValidateCommitsWithEmails uses "Author", but ParseCommitsWithSignature uses "Committer"?
-		if user == nil {
-			user = &User{
-				Name:  c.Author.Name,
-				Email: c.Author.Email,
-			}
-		}
 		newCommits = append(newCommits, &UserCommit{
 			User:   user,
 			Commit: c,
@@ -1195,12 +1189,14 @@ func GetUsersByEmails(ctx context.Context, emails []string) (*EmailUserMap, erro
 
 	needCheckEmails := make(container.Set[string])
 	needCheckUserNames := make(container.Set[string])
+	noReplyAddressSuffix := "@" + strings.ToLower(setting.Service.NoReplyAddress)
 	for _, email := range emails {
-		if strings.HasSuffix(email, "@"+setting.Service.NoReplyAddress) {
-			username := strings.TrimSuffix(email, "@"+setting.Service.NoReplyAddress)
-			needCheckUserNames.Add(strings.ToLower(username))
+		emailLower := strings.ToLower(email)
+		if noReplyUserNameLower, ok := strings.CutSuffix(emailLower, noReplyAddressSuffix); ok {
+			needCheckUserNames.Add(noReplyUserNameLower)
+			needCheckEmails.Add(emailLower)
 		} else {
-			needCheckEmails.Add(strings.ToLower(email))
+			needCheckEmails.Add(emailLower)
 		}
 	}
 
diff --git a/models/user/user_test.go b/models/user/user_test.go
index a2597ba3f5..7944fc4b73 100644
--- a/models/user/user_test.go
+++ b/models/user/user_test.go
@@ -85,6 +85,11 @@ func TestUserEmails(t *testing.T) {
 				testGetUserByEmail(t, c.Email, c.UID)
 			})
 		}
+
+		t.Run("NoReplyConflict", func(t *testing.T) {
+			setting.Service.NoReplyAddress = "example.com"
+			testGetUserByEmail(t, "user1-2@example.COM", 1)
+		})
 	})
 }
 
diff --git a/modules/git/commit.go b/modules/git/commit.go
index ed4876e7b3..aae40c575b 100644
--- a/modules/git/commit.go
+++ b/modules/git/commit.go
@@ -22,9 +22,9 @@ import (
 type Commit struct {
 	Tree // FIXME: bad design, this field can be nil if the commit is from "last commit cache"
 
-	ID            ObjectID // The ID of this commit object
-	Author        *Signature
-	Committer     *Signature
+	ID            ObjectID
+	Author        *Signature // never nil
+	Committer     *Signature // never nil
 	CommitMessage string
 	Signature     *CommitSignature
 
diff --git a/modules/git/commit_submodule_file.go b/modules/git/commit_submodule_file.go
index 729401f752..5def80f3bd 100644
--- a/modules/git/commit_submodule_file.go
+++ b/modules/git/commit_submodule_file.go
@@ -6,17 +6,18 @@ package git
 
 import (
 	"context"
+	"strings"
 
 	giturl "code.gitea.io/gitea/modules/git/url"
 )
 
 // CommitSubmoduleFile represents a file with submodule type.
 type CommitSubmoduleFile struct {
-	refURL    string
-	parsedURL *giturl.RepositoryURL
-	parsed    bool
-	refID     string
-	repoLink  string
+	refURL string
+	refID  string
+
+	parsed         bool
+	targetRepoLink string
 }
 
 // NewCommitSubmoduleFile create a new submodule file
@@ -35,20 +36,27 @@ func (sf *CommitSubmoduleFile) SubmoduleWebLink(ctx context.Context, optCommitID
 	}
 	if !sf.parsed {
 		sf.parsed = true
-		parsedURL, err := giturl.ParseRepositoryURL(ctx, sf.refURL)
-		if err != nil {
-			return nil
+		if strings.HasPrefix(sf.refURL, "../") {
+			// FIXME: when handling relative path, this logic is not right. It needs to:
+			// 1. Remember the submodule's full path and its commit's repo home link
+			// 2. Resolve the relative path: targetRepoLink = path.Join(repoHomeLink, path.Dir(submoduleFullPath), refURL)
+			// Not an easy task and need to refactor related code a lot.
+			sf.targetRepoLink = sf.refURL
+		} else {
+			parsedURL, err := giturl.ParseRepositoryURL(ctx, sf.refURL)
+			if err != nil {
+				return nil
+			}
+			sf.targetRepoLink = giturl.MakeRepositoryWebLink(parsedURL)
 		}
-		sf.parsedURL = parsedURL
-		sf.repoLink = giturl.MakeRepositoryWebLink(sf.parsedURL)
 	}
 	var commitLink string
 	if len(optCommitID) == 2 {
-		commitLink = sf.repoLink + "/compare/" + optCommitID[0] + "..." + optCommitID[1]
+		commitLink = sf.targetRepoLink + "/compare/" + optCommitID[0] + "..." + optCommitID[1]
 	} else if len(optCommitID) == 1 {
-		commitLink = sf.repoLink + "/tree/" + optCommitID[0]
+		commitLink = sf.targetRepoLink + "/tree/" + optCommitID[0]
 	} else {
-		commitLink = sf.repoLink + "/tree/" + sf.refID
+		commitLink = sf.targetRepoLink + "/tree/" + sf.refID
 	}
-	return &SubmoduleWebLink{RepoWebLink: sf.repoLink, CommitWebLink: commitLink}
+	return &SubmoduleWebLink{RepoWebLink: sf.targetRepoLink, CommitWebLink: commitLink}
 }
diff --git a/modules/git/commit_submodule_file_test.go b/modules/git/commit_submodule_file_test.go
index 6581fa8712..103e55e920 100644
--- a/modules/git/commit_submodule_file_test.go
+++ b/modules/git/commit_submodule_file_test.go
@@ -10,20 +10,29 @@ import (
 )
 
 func TestCommitSubmoduleLink(t *testing.T) {
-	sf := NewCommitSubmoduleFile("git@github.com:user/repo.git", "aaaa")
-
-	wl := sf.SubmoduleWebLink(t.Context())
-	assert.Equal(t, "https://github.com/user/repo", wl.RepoWebLink)
-	assert.Equal(t, "https://github.com/user/repo/tree/aaaa", wl.CommitWebLink)
-
-	wl = sf.SubmoduleWebLink(t.Context(), "1111")
-	assert.Equal(t, "https://github.com/user/repo", wl.RepoWebLink)
-	assert.Equal(t, "https://github.com/user/repo/tree/1111", wl.CommitWebLink)
-
-	wl = sf.SubmoduleWebLink(t.Context(), "1111", "2222")
-	assert.Equal(t, "https://github.com/user/repo", wl.RepoWebLink)
-	assert.Equal(t, "https://github.com/user/repo/compare/1111...2222", wl.CommitWebLink)
-
-	wl = (*CommitSubmoduleFile)(nil).SubmoduleWebLink(t.Context())
+	wl := (*CommitSubmoduleFile)(nil).SubmoduleWebLink(t.Context())
 	assert.Nil(t, wl)
+
+	t.Run("GitHubRepo", func(t *testing.T) {
+		sf := NewCommitSubmoduleFile("git@github.com:user/repo.git", "aaaa")
+
+		wl := sf.SubmoduleWebLink(t.Context())
+		assert.Equal(t, "https://github.com/user/repo", wl.RepoWebLink)
+		assert.Equal(t, "https://github.com/user/repo/tree/aaaa", wl.CommitWebLink)
+
+		wl = sf.SubmoduleWebLink(t.Context(), "1111")
+		assert.Equal(t, "https://github.com/user/repo", wl.RepoWebLink)
+		assert.Equal(t, "https://github.com/user/repo/tree/1111", wl.CommitWebLink)
+
+		wl = sf.SubmoduleWebLink(t.Context(), "1111", "2222")
+		assert.Equal(t, "https://github.com/user/repo", wl.RepoWebLink)
+		assert.Equal(t, "https://github.com/user/repo/compare/1111...2222", wl.CommitWebLink)
+	})
+
+	t.Run("RelativePath", func(t *testing.T) {
+		sf := NewCommitSubmoduleFile("../../user/repo", "aaaa")
+		wl := sf.SubmoduleWebLink(t.Context())
+		assert.Equal(t, "../../user/repo", wl.RepoWebLink)
+		assert.Equal(t, "../../user/repo/tree/aaaa", wl.CommitWebLink)
+	})
 }
diff --git a/modules/optional/option.go b/modules/optional/option.go
index 6075c6347e..cbecf86987 100644
--- a/modules/optional/option.go
+++ b/modules/optional/option.go
@@ -28,6 +28,13 @@ func FromPtr[T any](v *T) Option[T] {
 	return Some(*v)
 }
 
+func FromMapLookup[K comparable, V any](m map[K]V, k K) Option[V] {
+	if v, ok := m[k]; ok {
+		return Some(v)
+	}
+	return None[V]()
+}
+
 func FromNonDefault[T comparable](v T) Option[T] {
 	var zero T
 	if v == zero {
diff --git a/modules/optional/option_test.go b/modules/optional/option_test.go
index f600ff5a2c..ea80a2e3cb 100644
--- a/modules/optional/option_test.go
+++ b/modules/optional/option_test.go
@@ -56,6 +56,12 @@ func TestOption(t *testing.T) {
 	opt3 := optional.FromNonDefault(1)
 	assert.True(t, opt3.Has())
 	assert.Equal(t, int(1), opt3.Value())
+
+	opt4 := optional.FromMapLookup(map[string]int{"a": 1}, "a")
+	assert.True(t, opt4.Has())
+	assert.Equal(t, 1, opt4.Value())
+	opt4 = optional.FromMapLookup(map[string]int{"a": 1}, "b")
+	assert.False(t, opt4.Has())
 }
 
 func Test_ParseBool(t *testing.T) {
diff --git a/modules/setting/oauth2.go b/modules/setting/oauth2.go
index 0d3e63e0b4..1a88f3cb08 100644
--- a/modules/setting/oauth2.go
+++ b/modules/setting/oauth2.go
@@ -12,7 +12,7 @@ import (
 	"code.gitea.io/gitea/modules/log"
 )
 
-// OAuth2UsernameType is enum describing the way gitea 'name' should be generated from oauth2 data
+// OAuth2UsernameType is enum describing the way gitea generates its 'username' from oauth2 data
 type OAuth2UsernameType string
 
 const (
diff --git a/modules/structs/repo.go b/modules/structs/repo.go
index 46177d0204..d9a5407a79 100644
--- a/modules/structs/repo.go
+++ b/modules/structs/repo.go
@@ -59,7 +59,7 @@ type Repository struct {
 	Fork        bool   `json:"fork"`
 	Template    bool   `json:"template"`
 	// the original repository if the repository in the parameter is a fork; else empty
-	Parent        *Repository `json:"parent"`
+	Parent        *Repository `json:"parent,omitempty"`
 	Mirror        bool        `json:"mirror"`
 	Size          int         `json:"size"`
 	Language      string      `json:"language"`
@@ -116,7 +116,7 @@ type Repository struct {
 	ObjectFormatName string `json:"object_format_name"`
 	// swagger:strfmt date-time
 	MirrorUpdated time.Time     `json:"mirror_updated"`
-	RepoTransfer  *RepoTransfer `json:"repo_transfer"`
+	RepoTransfer  *RepoTransfer `json:"repo_transfer,omitempty"`
 	Topics        []string      `json:"topics"`
 	Licenses      []string      `json:"licenses"`
 }
diff --git a/options/locale/locale_cs-CZ.ini b/options/locale/locale_cs-CZ.ini
index 17ee12af79..d58940f503 100644
--- a/options/locale/locale_cs-CZ.ini
+++ b/options/locale/locale_cs-CZ.ini
@@ -128,7 +128,6 @@ pin=Připnout
 unpin=Odepnout
 
 artifacts=Artefakty
-confirm_delete_artifact=Jste si jisti, že chcete odstranit artefakt „%s“?
 
 archived=Archivováno
 
@@ -168,7 +167,6 @@ internal_error_skipped=Došlo k vnitřní chybě, ale je přeskočena: %s
 search=Hledat...
 type_tooltip=Druh vyhledávání
 fuzzy=Fuzzy
-fuzzy_tooltip=Zahrnout výsledky, které také úzce odpovídají hledanému výrazu
 exact=Přesně
 exact_tooltip=Zahrnout pouze výsledky, které přesně odpovídají hledanému výrazu
 repo_kind=Hledat repozitáře...
@@ -490,7 +488,6 @@ activate_email.text=Pro aktivaci vašeho účtu do <b>%s</b> klikněte na násle
 
 register_notify=Vítejte v %s
 register_notify.title=%[1]s vítejte v %[2]s
-register_notify.text_1=toto je váš potvrzovací e-mail pro %s!
 register_notify.text_2=Nyní se můžete přihlásit přes uživatelské jméno: %s.
 register_notify.text_3=Pokud pro vás byl vytvořen tento účet, nejprve <a href="%s">nastavte své heslo</a>.
 
@@ -977,7 +974,6 @@ webauthn_alternative_tip=Možná budete chtít nakonfigurovat další metodu ov
 
 manage_account_links=Správa propojených účtů
 manage_account_links_desc=Tyto externí účty jsou propojeny s vaším Gitea účtem.
-account_links_not_available=K vašemu Gitea účtu nejsou aktuálně připojené žádné externí účty.
 link_account=Propojit účet
 remove_account_link=Odstranit propojený účet
 remove_account_link_desc=Odstraněním propojeného účtu zrušíte jeho přístup k vašemu Gitea účtu. Pokračovat?
@@ -1014,8 +1010,6 @@ new_repo_helper=Repozitář obsahuje všechny projektové soubory, včetně hist
 owner=Vlastník
 owner_helper=Některé organizace se nemusejí v seznamu zobrazit kvůli maximálnímu dosaženému počtu repozitářů.
 repo_name=Název repozitáře
-repo_name_profile_public_hint=.profile je speciální repozitář, který můžete použít k přidání souboru README.md do svého veřejného profilu organizace, který je viditelný pro každého. Ujistěte se, že je veřejný, a pro začátek jej inicializujte pomocí README v adresáři profilu.
-repo_name_profile_private_hint=.profile-private je speciální repozitář, který můžete použít k přidání souboru README.md do profilu člena organizace, který je viditelný pouze pro členy organizace. Ujistěte se, že je soukromý, a pro začátek jej inicializujte pomocí README v adresáři profilu.
 repo_name_helper=Dobrá jména repozitářů používají krátká, zapamatovatelná a unikátní klíčová slova. Repozitář s názvem „.profile“ nebo „.profile-private“ lze použít k přidání README.md pro uživatelský/organizační profil.
 repo_size=Velikost repozitáře
 template=Šablona
@@ -1037,7 +1031,6 @@ fork_branch=Větev, která má být klonována pro fork
 all_branches=Všechny větve
 view_all_branches=Zobrazit všechny větve
 view_all_tags=Zobrazit všechny značky
-fork_no_valid_owners=Tento repozitář nemůže být rozštěpen, protože neexistují žádní platní vlastníci.
 fork.blocked_user=Nelze rozštěpit repozitář, protože jste blokováni majitelem repozitáře.
 use_template=Použít tuto šablonu
 open_with_editor=Otevřít pomocí %s
@@ -1705,7 +1698,6 @@ issues.due_date_form=rrrr-mm-dd
 issues.due_date_form_add=Přidat termín dokončení
 issues.due_date_form_edit=Upravit
 issues.due_date_form_remove=Odstranit
-issues.due_date_not_writer=Potřebujete přístup k zápisu do tohoto repozitáře, abyste mohli aktualizovat datum dokončení úkolu.
 issues.due_date_not_set=Žádný termín dokončení.
 issues.due_date_added=přidal/a termín dokončení %s %s
 issues.due_date_modified=upravil/a termín termínu z %[2]s na %[1]s %[3]s
@@ -2070,7 +2062,6 @@ activity.title.releases_1=%d Vydání
 activity.title.releases_n=%d Vydání
 activity.title.releases_published_by=%s publikoval %s
 activity.published_release_label=Publikováno
-activity.no_git_activity=V tomto období nebyla žádná aktivita při odevzdání.
 activity.git_stats_exclude_merges=Při vyloučení slučování,
 activity.git_stats_author_1=%d autor
 activity.git_stats_author_n=%d autoři
diff --git a/options/locale/locale_de-DE.ini b/options/locale/locale_de-DE.ini
index b989fc5473..5f584443e2 100644
--- a/options/locale/locale_de-DE.ini
+++ b/options/locale/locale_de-DE.ini
@@ -117,7 +117,6 @@ files=Dateien
 
 error=Fehler
 error404=Die Seite, die Du versuchst aufzurufen, <strong>existiert nicht</strong> oder <strong>Du bist nicht berechtigt</strong>, diese anzusehen.
-error503=Der Server konnte deine Anfrage nicht abschließen. Bitte versuche es später erneut.
 go_back=Zurück
 invalid_data=Ungültige Daten: %v
 
@@ -131,7 +130,6 @@ unpin=Loslösen
 
 artifacts=Artefakte
 expired=Abgelaufen
-confirm_delete_artifact=Bist du sicher, dass du das Artefakt '%s' löschen möchtest?
 
 archived=Archiviert
 
@@ -171,7 +169,6 @@ internal_error_skipped=Ein interner Fehler ist aufgetreten, wurde aber überspru
 search=Suche ...
 type_tooltip=Suchmodus
 fuzzy=Ähnlich
-fuzzy_tooltip=Ergebnisse einbeziehen, die dem Suchbegriff ähnlich sind
 words=Wörter
 words_tooltip=Nur Suchbegriffe einbeziehen, die den Suchbegriffen exakt entsprechen
 regexp=Regexp
@@ -505,7 +502,6 @@ activate_email.text=Bitte klicke innerhalb von <b>%s</b> auf folgenden Link, um
 
 register_notify=Willkommen bei %s
 register_notify.title=%[1]s, willkommen bei %[2]s
-register_notify.text_1=dies ist deine Bestätigungs-E-Mail für %s!
 register_notify.text_2=Du kannst dich jetzt mit dem Benutzernamen "%s" anmelden.
 register_notify.text_3=Wenn dieser Account von dir erstellt wurde, musst du zuerst <a href="%s">dein Passwort setzen</a>.
 
@@ -997,7 +993,6 @@ webauthn_alternative_tip=Möglicherweise möchtest du eine zusätzliche Authenti
 
 manage_account_links=Verknüpfte Accounts verwalten
 manage_account_links_desc=Diese externen Accounts sind mit deinem Gitea-Account verknüpft.
-account_links_not_available=Es sind keine externen Accounts mit diesem Gitea-Account verknüpft.
 link_account=Account verbinden
 remove_account_link=Verknüpften Account entfernen
 remove_account_link_desc=Wenn du den verknüpften Account entfernst, wirst du darüber nicht mehr auf deinen Gitea-Account zugreifen können. Fortfahren?
@@ -1034,8 +1029,6 @@ new_repo_helper=Ein Repository enthält alle Projektdateien, einschließlich des
 owner=Besitzer
 owner_helper=Einige Organisationen könnten in der Dropdown-Liste nicht angezeigt werden, da die Anzahl an Repositories begrenzt ist.
 repo_name=Repository-Name
-repo_name_profile_public_hint=.profile ist ein spezielles Repository, mit dem du die README.md zu deinem öffentlichen Organisationsprofil hinzufügen kannst, das für jeden sichtbar ist. Stelle sicher, dass es öffentlich ist und initialisiere es mit einer README im Profilverzeichnis, um loszulegen.
-repo_name_profile_private_hint=.profile ist ein spezielles Repository, mit dem du die README.md zu deinem privaten Organisationsprofil hinzufügen kannst, das nur für Organisationsmitglieder sichtbar ist. Stelle sicher, dass es privat ist und initialisiere es mit einer README im Profilverzeichnis, um loszulegen.
 repo_name_helper=Ein guter Repository-Name besteht normalerweise aus kurzen, unvergesslichen und einzigartigen Schlagwörtern. Ein Repository namens ".profile" or ".profile-private" kann verwendet werden, um die README.md auf dem Benutzer- oder Organisationsprofil anzuzeigen.
 repo_size=Repository-Größe
 template=Template
@@ -1057,7 +1050,6 @@ fork_branch=Branch, der zum Fork geklont werden soll
 all_branches=Alle Branches
 view_all_branches=Alle Branches anzeigen
 view_all_tags=Alle Tags anzeigen
-fork_no_valid_owners=Dieses Repository kann nicht geforkt werden, da keine gültigen Besitzer vorhanden sind.
 fork.blocked_user=Das Repository kann nicht geforkt werden, da du vom Repository-Eigentümer blockiert wurdest.
 use_template=Dieses Template verwenden
 open_with_editor=Mit %s öffnen
@@ -1739,7 +1731,6 @@ issues.due_date_form=JJJJ-MM-TT
 issues.due_date_form_add=Fälligkeitsdatum hinzufügen
 issues.due_date_form_edit=Bearbeiten
 issues.due_date_form_remove=Entfernen
-issues.due_date_not_writer=Du musst Schreibrechte für dieses Repository haben, um das Fälligkeitsdatum zu ändern.
 issues.due_date_not_set=Kein Fälligkeitsdatum gesetzt.
 issues.due_date_added=hat %[2]s das Fälligkeitsdatum %[1]s hinzugefügt
 issues.due_date_modified=ändert das Abgabedatum von %[2]s auf %[1]s %[3]s s
@@ -2106,7 +2097,6 @@ activity.title.releases_1=%d Release
 activity.title.releases_n=%d Releases
 activity.title.releases_published_by=%s von %s veröffentlicht
 activity.published_release_label=Veröffentlicht
-activity.no_git_activity=In diesem Zeitraum sind keine Commit-Aktivität vorhanden.
 activity.git_stats_exclude_merges=Merges ausgenommen,
 activity.git_stats_author_1=%d Autor
 activity.git_stats_author_n=%d Autoren
diff --git a/options/locale/locale_el-GR.ini b/options/locale/locale_el-GR.ini
index 0411686084..e1dbee84a9 100644
--- a/options/locale/locale_el-GR.ini
+++ b/options/locale/locale_el-GR.ini
@@ -427,7 +427,6 @@ activate_email.title=%s, παρακαλώ επαληθεύστε τη διεύθ
 activate_email.text=Παρακαλώ κάντε κλικ στον παρακάτω σύνδεσμο για να επαληθεύσετε τη διεύθυνση email σας στο <b>%s</b>:
 
 register_notify.title=%[1]s, καλώς ήρθατε στο %[2]s
-register_notify.text_1=αυτό είναι το email επιβεβαίωσης εγγραφής για το %s!
 register_notify.text_2=Τώρα μπορείτε να συνδεθείτε μέσω του ονόματος χρήστη: %s.
 register_notify.text_3=Εάν αυτός ο λογαριασμός έχει δημιουργηθεί για εσάς, παρακαλώ <a href="%s">ορίστε πρώτα τον κωδικό πρόσβασής σας</a>.
 
@@ -871,7 +870,6 @@ webauthn_alternative_tip=Μπορεί να θέλετε να ρυθμίσετε
 
 manage_account_links=Διαχείριση Συνδεδεμένων Λογαριασμών
 manage_account_links_desc=Αυτοί οι εξωτερικοί λογαριασμοί είναι συνδεδεμένοι στον Gitea λογαριασμό σας.
-account_links_not_available=Προς το παρόν δεν υπάρχουν εξωτερικοί λογαριασμοί συνδεδεμένοι με τον λογαριασμό σας στο Gitea.
 link_account=Σύνδεση Λογαριασμού
 remove_account_link=Αφαίρεση Συνδεδεμένου Λογαριασμού
 remove_account_link_desc=Η κατάργηση ενός συνδεδεμένου λογαριασμού θα ανακαλέσει την πρόσβασή του στο λογαριασμό σας στο Gitea. Συνέχεια;
@@ -926,7 +924,6 @@ fork_to_different_account=Fork σε διαφορετικό λογαριασμό
 fork_visibility_helper=Η ορατότητα ενός fork αποθετηρίου δεν μπορεί να αλλάξει.
 fork_branch=Κλάδος που θα κλωνοποιηθεί στο fork
 all_branches=Όλοι οι κλάδοι
-fork_no_valid_owners=Αυτό το αποθετήριο δεν μπορεί να γίνει fork επειδή δεν υπάρχουν έγκυροι ιδιοκτήτες.
 use_template=Χρήση αυτού του πρότυπου
 download_zip=Λήψη ZIP
 download_tar=Λήψη TAR.GZ
@@ -1537,7 +1534,6 @@ issues.due_date_form=εεεε-μμ-ηη
 issues.due_date_form_add=Προσθήκη ημερομηνίας παράδοσης
 issues.due_date_form_edit=Επεξεργασία
 issues.due_date_form_remove=Διαγραφή
-issues.due_date_not_writer=Χρειάζεστε πρόσβαση εγγραφής στο αποθετήριο για να ενημερώσετε την ημερομηνία λήξης ενός προβλήματος.
 issues.due_date_not_set=Δεν ορίστηκε ημερομηνία παράδοσης.
 issues.due_date_added=πρόσθεσε την ημερομηνία παράδοσης %s %s
 issues.due_date_modified=τροποποίησε την ημερομηνία παράδοσης από %[2]s σε %[1]s %[3]s
@@ -1875,7 +1871,6 @@ activity.title.releases_1=%d Κυκλοφορία
 activity.title.releases_n=%d Εκδόσεις
 activity.title.releases_published_by=%s δημοσιεύτηκε από %s
 activity.published_release_label=Δημοσιεύθηκε
-activity.no_git_activity=Δεν έχει υπάρξει καμία δραστηριότητα υποβολών σε αυτήν την περίοδο.
 activity.git_stats_exclude_merges=Εκτός τις συγχωνεύσεις,
 activity.git_stats_author_1=%d συγγραφέας
 activity.git_stats_author_n=%d συγγραφείς
diff --git a/options/locale/locale_en-US.ini b/options/locale/locale_en-US.ini
index 9a2591e9ee..ff32c94ff9 100644
--- a/options/locale/locale_en-US.ini
+++ b/options/locale/locale_en-US.ini
@@ -117,7 +117,7 @@ files = Files
 
 error = Error
 error404 = The page you are trying to reach either <strong>does not exist</strong> or <strong>you are not authorized</strong> to view it.
-error503 = The server was unable to complete your request. Please try again later.
+error503 = The server could not complete your request. Please try again later.
 go_back = Go Back
 invalid_data = Invalid data: %v
 
@@ -131,7 +131,7 @@ unpin = Unpin
 
 artifacts = Artifacts
 expired = Expired
-confirm_delete_artifact = Are you sure you want to delete the artifact '%s' ?
+confirm_delete_artifact = Are you sure you want to delete the artifact '%s'?
 
 archived = Archived
 
@@ -171,7 +171,7 @@ internal_error_skipped = Internal error occurred but is skipped: %s
 search = Search...
 type_tooltip = Search type
 fuzzy = Fuzzy
-fuzzy_tooltip = Include results that also match the search term closely
+fuzzy_tooltip = Include results that closely match the search term
 words = Words
 words_tooltip = Include only results that match the search term words
 regexp = Regexp
@@ -506,7 +506,7 @@ activate_email.text = Please click the following link to verify your email addre
 
 register_notify = Welcome to %s
 register_notify.title = %[1]s, welcome to %[2]s
-register_notify.text_1 = this is your registration confirmation email for %s!
+register_notify.text_1 = This is your registration confirmation email for %s!
 register_notify.text_2 = You can now login via username: %s.
 register_notify.text_3 = If this account has been created for you, please <a href="%s">set your password</a> first.
 
@@ -998,7 +998,7 @@ webauthn_alternative_tip = You may want to configure an additional authenticatio
 
 manage_account_links = Manage Linked Accounts
 manage_account_links_desc = These external accounts are linked to your Gitea account.
-account_links_not_available = There are currently no external accounts linked to your Gitea account.
+account_links_not_available = No external accounts are currently linked to your Gitea account.
 link_account = Link Account
 remove_account_link = Remove Linked Account
 remove_account_link_desc = Removing a linked account will revoke its access to your Gitea account. Continue?
@@ -1035,8 +1035,8 @@ new_repo_helper = A repository contains all project files, including revision hi
 owner = Owner
 owner_helper = Some organizations may not show up in the dropdown due to a maximum repository count limit.
 repo_name = Repository Name
-repo_name_profile_public_hint= .profile is a special repository that you can use to add README.md to your public organization profile, visible to anyone. Make sure it’s public and initialize it with a README in the profile directory to get started.
-repo_name_profile_private_hint = .profile-private is a special repository that you can use to add a README.md to your organization member profile, visible only to organization members. Make sure it’s private and initialize it with a README in the profile directory to get started.
+repo_name_profile_public_hint= .profile is a special repository that you can use to add README.md to your public organization profile, visible to anyone. Make sure it's public and initialize it with a README in the profile directory to get started.
+repo_name_profile_private_hint = .profile-private is a special repository that you can use to add a README.md to your organization member profile, visible only to organization members. Make sure it's private and initialize it with a README in the profile directory to get started.
 repo_name_helper = Good repository names use short, memorable and unique keywords. A repository named ".profile" or ".profile-private" could be used to add a README.md for the user/organization profile.
 repo_size = Repository Size
 template = Template
@@ -1058,7 +1058,7 @@ fork_branch = Branch to be cloned to the fork
 all_branches = All branches
 view_all_branches = View all branches
 view_all_tags = View all tags
-fork_no_valid_owners = This repository can not be forked because there are no valid owners.
+fork_no_valid_owners = This repository cannot be forked because there are no valid owners.
 fork.blocked_user = Cannot fork the repository because you are blocked by the repository owner.
 use_template = Use this template
 open_with_editor = Open with %s
@@ -1755,7 +1755,7 @@ issues.due_date_form = "yyyy-mm-dd"
 issues.due_date_form_add = "Add due date"
 issues.due_date_form_edit = "Edit"
 issues.due_date_form_remove = "Remove"
-issues.due_date_not_writer = "You need write access to this repository in order to update the due date of an issue."
+issues.due_date_not_writer = "You need write access to this repository to update the due date of an issue."
 issues.due_date_not_set = "No due date set."
 issues.due_date_added = "added the due date %s %s"
 issues.due_date_modified = "modified the due date from %[2]s to %[1]s %[3]s"
@@ -2123,7 +2123,7 @@ activity.title.releases_1 = %d Release
 activity.title.releases_n = %d Releases
 activity.title.releases_published_by = %s published by %s
 activity.published_release_label = Published
-activity.no_git_activity = There has not been any commit activity in this period.
+activity.no_git_activity = There has been no commit activity in this period.
 activity.git_stats_exclude_merges = Excluding merges,
 activity.git_stats_author_1 = %d author
 activity.git_stats_author_n = %d authors
@@ -3251,6 +3251,8 @@ auths.oauth2_required_claim_name_helper = Set this name to restrict login from t
 auths.oauth2_required_claim_value = Required Claim Value
 auths.oauth2_required_claim_value_helper = Set this value to restrict login from this source to users with a claim with this name and value
 auths.oauth2_group_claim_name = Claim name providing group names for this source. (Optional)
+auths.oauth2_full_name_claim_name = Full Name Claim Name. (Optional, if set, the user's full name will always be synchronized with this claim)
+auths.oauth2_ssh_public_key_claim_name = SSH Public Key Claim Name
 auths.oauth2_admin_group = Group Claim value for administrator users. (Optional - requires claim name above)
 auths.oauth2_restricted_group = Group Claim value for restricted users. (Optional - requires claim name above)
 auths.oauth2_map_group_to_team = Map claimed groups to Organization teams. (Optional - requires claim name above)
diff --git a/options/locale/locale_es-ES.ini b/options/locale/locale_es-ES.ini
index 9359bacc04..5bc4be0ca7 100644
--- a/options/locale/locale_es-ES.ini
+++ b/options/locale/locale_es-ES.ini
@@ -424,7 +424,6 @@ activate_email.title=%s, por favor verifique su dirección de correo electrónic
 activate_email.text=Por favor, haga clic en el siguiente enlace para verificar su dirección de correo electrónico dentro de <b>%s</b>:
 
 register_notify.title=%[1]s, bienvenido a %[2]s
-register_notify.text_1=este es tu correo de confirmación de registro para %s!
 register_notify.text_2=Ahora puede iniciar sesión vía nombre de usuario: %s.
 register_notify.text_3=Si esta cuenta ha sido creada para usted, por favor <a href="%s">establezca su contraseña</a> primero.
 
@@ -862,7 +861,6 @@ webauthn_delete_key_desc=Si elimina una llave de seguridad ya no podrá utilizar
 
 manage_account_links=Administrar cuentas vinculadas
 manage_account_links_desc=Estas cuentas externas están vinculadas a su cuenta de Gitea.
-account_links_not_available=Actualmente no hay cuentas externas vinculadas a su cuenta de Gitea.
 link_account=Enlazar cuenta
 remove_account_link=Eliminar cuenta vinculada
 remove_account_link_desc=Eliminar una cuenta vinculada revocará su acceso a su cuenta de Gitea. ¿Continuar?
@@ -916,7 +914,6 @@ fork_to_different_account=Forkear a una cuenta diferente
 fork_visibility_helper=La visibilidad de un repositorio del cual se ha hecho fork no puede ser cambiada.
 fork_branch=Rama a clonar en la bifurcación
 all_branches=Todas las ramas
-fork_no_valid_owners=Este repositorio no puede ser bifurcado porque no hay propietarios válidos.
 use_template=Utilizar esta plantilla
 download_zip=Descargar ZIP
 download_tar=Descargar TAR.GZ
@@ -1527,7 +1524,6 @@ issues.due_date_form=aaaa-mm-dd
 issues.due_date_form_add=Añadir fecha de vencimiento
 issues.due_date_form_edit=Editar
 issues.due_date_form_remove=Eliminar
-issues.due_date_not_writer=Necesita acceso de escritura a este repositorio para actualizar la fecha límite de de una incidencia.
 issues.due_date_not_set=Sin fecha de vencimiento.
 issues.due_date_added=añadió la fecha de vencimiento %s %s
 issues.due_date_modified=modificó la fecha de vencimiento de %[2]s a %[1]s %[3]s
@@ -1859,7 +1855,6 @@ activity.title.releases_1=%d Lanzamiento
 activity.title.releases_n=%d Lanzamientos
 activity.title.releases_published_by=%s publicado por %s
 activity.published_release_label=Publicado
-activity.no_git_activity=No ha habido ningún commit en este período.
 activity.git_stats_exclude_merges=Excluyendo fusiones,
 activity.git_stats_author_1=%d autor
 activity.git_stats_author_n=%d autores
diff --git a/options/locale/locale_fa-IR.ini b/options/locale/locale_fa-IR.ini
index c201973a09..d529ace470 100644
--- a/options/locale/locale_fa-IR.ini
+++ b/options/locale/locale_fa-IR.ini
@@ -332,7 +332,6 @@ activate_email=نشانی ایمیل خود را تایید کنید
 activate_email.text=لطفاً روی پیوند زیر کلیک کنید تا رایانامه‌ی خود را در <b>%s</b> تأیید کنید:
 
 register_notify.title=%[1]s، به %[2]s خوش‌آمدید
-register_notify.text_1=این رایانامه‌ی تأیید عضویت شما در %s است!
 register_notify.text_2=حالا شما می‌توانید با نام کاربری وارد شوید: %s.
 register_notify.text_3=اگر این حساب برای شما ایجاد شده، لطفاً ابتدا <a href="%s">گذرواژه‌ی خود را تنظیم کنید</a>.
 
@@ -675,7 +674,6 @@ twofa_failed_get_secret=خطا در دریافت رمز.
 
 manage_account_links=مدیریت حساب های مرتبط شده
 manage_account_links_desc=این حساب های خارجی به حساب Gitea ارتباط دارد.
-account_links_not_available=اکنون دیگر هیچ پیوند حساب‌های کاربری خارجی به حساب کاربری شما وجود ندارد.
 link_account=پیوند به حساب
 remove_account_link=حذف حساب پیوند خرده
 remove_account_link_desc=با حذف پیوند خارجی حساب کاربری دسترسی شما به حساب کابریتان توسط آن از بین میرود. آیا ادامه می‌دهید؟
@@ -1437,7 +1435,6 @@ activity.title.releases_1=%d انتشار
 activity.title.releases_n=%d انتشار
 activity.title.releases_published_by=%s منشتر شده توسط %s
 activity.published_release_label=منتشر شده
-activity.no_git_activity=در این دوره فعالیت کامیتی ارسال نشده است.
 activity.git_stats_exclude_merges=به استثنای ادغام‎ها ،
 activity.git_stats_author_1=%d بانی
 activity.git_stats_author_n=%d بانی
diff --git a/options/locale/locale_fr-FR.ini b/options/locale/locale_fr-FR.ini
index b72eb2bb7f..a9e09e2f27 100644
--- a/options/locale/locale_fr-FR.ini
+++ b/options/locale/locale_fr-FR.ini
@@ -117,7 +117,6 @@ files=Fichiers
 
 error=Erreur
 error404=La page que vous essayez d'atteindre <strong>n'existe pas</strong> ou <strong>vous n'êtes pas autorisé</strong> à la voir.
-error503=Le serveur n’a pas pu répondre à votre requête. Veuillez réessayer plus tard.
 go_back=Retour
 invalid_data=Données invalides : %v
 
@@ -131,7 +130,6 @@ unpin=Désépingler
 
 artifacts=Artefacts
 expired=Expiré
-confirm_delete_artifact=Êtes-vous sûr de vouloir supprimer l‘artefact « %s » ?
 
 archived=Archivé
 
@@ -171,7 +169,6 @@ internal_error_skipped=Une erreur interne est survenue, mais ignorée : %s
 search=Rechercher…
 type_tooltip=Type de recherche
 fuzzy=Approximative
-fuzzy_tooltip=Inclure également les résultats proches de la recherche
 words=Mots
 words_tooltip=Inclure uniquement les résultats qui correspondent exactement aux mots recherchés
 regexp=Regexp
@@ -506,7 +503,6 @@ activate_email.text=Veuillez cliquer sur le lien suivant pour vérifier votre ad
 
 register_notify=Bienvenue sur %s
 register_notify.title=%[1]s, bienvenue à %[2]s
-register_notify.text_1=ceci est votre courriel de confirmation d'inscription pour %s!
 register_notify.text_2=Vous pouvez maintenant vous connecter avec le nom d'utilisateur : %s.
 register_notify.text_3=Si ce compte a été créé pour vous, veuillez <a href="%s">définir votre mot de passe</a> d'abord.
 
@@ -998,7 +994,6 @@ webauthn_alternative_tip=Vous devriez configurer une méthode d’authentificati
 
 manage_account_links=Gérer les comptes liés
 manage_account_links_desc=Ces comptes externes sont liés à votre compte Gitea.
-account_links_not_available=Il n'y a pour l'instant pas de compte externe connecté à votre compte Gitea.
 link_account=Lier un Compte
 remove_account_link=Supprimer un compte lié
 remove_account_link_desc=La suppression d'un compte lié révoquera son accès à votre compte Gitea. Continuer ?
@@ -1035,8 +1030,6 @@ new_repo_helper=Un dépôt contient tous les fichiers d’un projet, ainsi que l
 owner=Propriétaire
 owner_helper=Certaines organisations peuvent ne pas apparaître dans la liste déroulante en raison d'une limite maximale du nombre de dépôts.
 repo_name=Nom du dépôt
-repo_name_profile_public_hint=.profile est un dépôt spécial que vous pouvez utiliser pour ajouter un README.md à votre profil public d’organisation, visible à tout le monde. Assurez-vous qu’il soit public et initialisez-le avec un README dans le répertoire de profil pour commencer.
-repo_name_profile_private_hint=.profile-private est un dépôt spécial que vous pouvez utiliser pour ajouter un README.md à votre profil d’organisation, visible uniquement aux membres de l’organisation. Assurez-vous qu’il soit privé et initialisez-le avec un README dans le répertoire de profil pour commencer.
 repo_name_helper=Idéalement, le nom d’un dépôt devrait être court, mémorisable et unique. Vous pouvez personnaliser votre profil ou celui de votre organisation en créant un dépôt nommé « .profile » ou « .profile-private » et contenant un README.md.
 repo_size=Taille du dépôt
 template=Modèle
@@ -1058,7 +1051,6 @@ fork_branch=Branche à cloner sur la bifurcation
 all_branches=Toutes les branches
 view_all_branches=Voir toutes les branches
 view_all_tags=Voir toutes les étiquettes
-fork_no_valid_owners=Ce dépôt ne peut pas être bifurqué car il n’a pas de propriétaire valide.
 fork.blocked_user=Impossible de bifurquer le dépôt car vous êtes bloqué par son propriétaire.
 use_template=Utiliser ce modèle
 open_with_editor=Ouvrir avec %s
@@ -1755,7 +1747,6 @@ issues.due_date_form=aaaa-mm-jj
 issues.due_date_form_add=Ajouter une échéance
 issues.due_date_form_edit=Éditer
 issues.due_date_form_remove=Supprimer
-issues.due_date_not_writer=Vous avez besoin d’un accès en écriture à ce dépôt pour modifier l’échéance de ses tickets.
 issues.due_date_not_set=Aucune échéance n'a été définie.
 issues.due_date_added=a ajouté l'échéance %s %s
 issues.due_date_modified=a modifié l'échéance de %[2]s à %[1]s %[3]s
@@ -2123,7 +2114,6 @@ activity.title.releases_1=%d publication
 activity.title.releases_n=%d publications
 activity.title.releases_published_by=%s publiée par %s
 activity.published_release_label=Publiée
-activity.no_git_activity=Il n'y a pas eu de nouvelle révision dans cette période.
 activity.git_stats_exclude_merges=En excluant les fusions,
 activity.git_stats_author_1=%d auteur
 activity.git_stats_author_n=%d auteurs
diff --git a/options/locale/locale_ga-IE.ini b/options/locale/locale_ga-IE.ini
index 965cce0c68..14fe7fbe8f 100644
--- a/options/locale/locale_ga-IE.ini
+++ b/options/locale/locale_ga-IE.ini
@@ -117,7 +117,6 @@ files=Comhaid
 
 error=Earráid
 error404=Níl an leathanach atá tú ag iarraidh a bhaint amach <strong>ann</strong> nó <strong>níl tú údaraithe</strong> chun é a fheiceáil.
-error503=Níorbh fhéidir leis an bhfreastalaí d'iarratas a chur i gcrích. Bain triail eile as ar ball.
 go_back=Ar ais
 invalid_data=Sonraí neamhbhailí: %v
 
@@ -131,7 +130,6 @@ unpin=Díphoráil
 
 artifacts=Déantáin
 expired=Imithe in éag
-confirm_delete_artifact=An bhfuil tú cinnte gur mhaith leat an déantán '%s' a scriosadh?
 
 archived=Cartlann
 
@@ -171,7 +169,6 @@ internal_error_skipped=Tharla earráid inmheánach ach éirithe as: %s
 search=Cuardaigh...
 type_tooltip=Cineál cuardaigh
 fuzzy=Doiléir
-fuzzy_tooltip=Cuir san áireamh torthaí a mheaitseálann an téarma cuardaigh go dlúth freisin
 words=Focail
 words_tooltip=Ná cuir san áireamh ach torthaí a mheaitseálann na focail téarma cuardaigh
 regexp=Nathanna Rialta
@@ -506,7 +503,6 @@ activate_email.text=Cliceáil ar an nasc seo a leanas le do sheoladh ríomhphois
 
 register_notify=Fáilte go dtí %s
 register_notify.title=%[1]s, fáilte go %[2]s
-register_notify.text_1=is é seo do ríomhphost deimhnithe clárúcháin do %s!
 register_notify.text_2=Is féidir leat logáil isteach anois trí ainm úsáideora: %s.
 register_notify.text_3=Má cruthaíodh an cuntas seo duit, <a href="%s">socraigh do phasfhocal</a> ar dtús.
 
@@ -998,7 +994,6 @@ webauthn_alternative_tip=B'fhéidir gur mhaith leat modh fíordheimhnithe breise
 
 manage_account_links=Bainistigh Cuntais Nasctha
 manage_account_links_desc=Tá na cuntais sheachtracha seo nasctha le do chuntas Gitea.
-account_links_not_available=Níl aon chuntais sheachtracha nasctha le do chuntas Gitea faoi láthair.
 link_account=Cuntas Nasc
 remove_account_link=Bain Cuntas Nasctha
 remove_account_link_desc=Ag baint cuntas nasctha, cuirfear a rochtain ar do chuntas Gitea a chúlghairm. Lean ar aghaidh?
@@ -1035,8 +1030,6 @@ new_repo_helper=Tá gach comhad tionscadail i stór, lena n-áirítear stair ath
 owner=Úinéir
 owner_helper=B'fhéidir nach dtaispeánfar roinnt eagraíochtaí sa anuas mar gheall ar theorainn uasta comhaireamh stórais.
 repo_name=Ainm Stórais
-repo_name_profile_public_hint=Is stóras speisialta é .profile is féidir leat a úsáid chun README.md a chur le do phróifíl eagraíochta poiblí, le feiceáil ag aon duine. Cinntigh go bhfuil sé poiblí agus tosaigh é le README san eolaire próifíle le tosú.
-repo_name_profile_private_hint=Is stóras speisialta é .profile-private is féidir leat a úsáid chun README.md a chur le do phróifíl bhall eagraíochta, nach féidir a fheiceáil ach ag baill eagraíochta. Cinntigh go bhfuil sé príobháideach agus tosaigh le README sa eolaire próifíle chun tús a chur leis.
 repo_name_helper=Úsáideann ainmneacha maith stóras focail eochair gairide, áithnid agus uathúla. D'fhéadfaí stóras darbh ainm '.profile' nó '.profile-private' a úsáid chun README.md a chur leis an bpróifíl úsáideora/eagraíochta.
 repo_size=Méid an Stóras
 template=Teimpléad
@@ -1058,7 +1051,6 @@ fork_branch=Brainse le clónú chuig an bhforc
 all_branches=Gach brainse
 view_all_branches=Féach ar gach brainse
 view_all_tags=Féach ar gach clib
-fork_no_valid_owners=Ní féidir an stór seo a fhorcáil toisc nach bhfuil úinéirí bailí ann.
 fork.blocked_user=Ní féidir an stór a fhorcáil toisc go bhfuil úinéir an stórais bac ort.
 use_template=Úsáid an teimpléad seo
 open_with_editor=Oscail le %s
@@ -1755,7 +1747,6 @@ issues.due_date_form=bbbb-mm-ll
 issues.due_date_form_add=Cuir dáta dlite leis
 issues.due_date_form_edit=Cuir in eagar
 issues.due_date_form_remove=Bain
-issues.due_date_not_writer=Ní mór duit rochtain scríofa ar an stór seo d'fhonn dáta dlite eisiúna a nuashonrú.
 issues.due_date_not_set=Níl aon dáta dlite socraithe.
 issues.due_date_added=cuireadh an dáta dlite %s %s
 issues.due_date_modified=d'athraigh an dáta dlite ó %[2]s go %[1]s %[3]s
@@ -2123,7 +2114,6 @@ activity.title.releases_1=Scaoileadh %d
 activity.title.releases_n=Eisiúintí %d
 activity.title.releases_published_by=%s foilsithe ag %s
 activity.published_release_label=Foilsithe
-activity.no_git_activity=Níor rinneadh aon ghníomhaíocht tiomanta sa tréimhse seo.
 activity.git_stats_exclude_merges=Gan cumaisc a áireamh,
 activity.git_stats_author_1=%d údar
 activity.git_stats_author_n=%d údair
diff --git a/options/locale/locale_hu-HU.ini b/options/locale/locale_hu-HU.ini
index e823b325a5..90df4eb22d 100644
--- a/options/locale/locale_hu-HU.ini
+++ b/options/locale/locale_hu-HU.ini
@@ -1017,7 +1017,6 @@ activity.title.releases_1=%d Kiadás
 activity.title.releases_n=%d Kiadások
 activity.title.releases_published_by=%s publikálta %s
 activity.published_release_label=Publikálva
-activity.no_git_activity=Nem voltak commit-ok ebben az időszakban.
 activity.git_stats_commit_1=%d commit
 activity.git_stats_commit_n=%d commit
 activity.git_stats_file_n=%d fájl
diff --git a/options/locale/locale_id-ID.ini b/options/locale/locale_id-ID.ini
index 10b600128d..3724fe5a99 100644
--- a/options/locale/locale_id-ID.ini
+++ b/options/locale/locale_id-ID.ini
@@ -117,7 +117,6 @@ pin=Sematkan
 unpin=Lepas sematan
 
 artifacts=Artefak
-confirm_delete_artifact=Apakah Anda yakin ingin menghapus artefak '%s' ?
 
 archived=Diarsipkan
 
@@ -147,7 +146,6 @@ no_results_found=Hasil tidak ditemukan.
 [search]
 search=Cari...
 type_tooltip=Tipe pencarian
-fuzzy_tooltip=Termasuk juga hasil yang mendekati kata pencarian
 exact_tooltip=Hanya menampilkan hasil yang cocok dengan istilah pencarian
 repo_kind=Cari repo...
 user_kind=Telusuri pengguna...
@@ -561,7 +559,6 @@ passcode_invalid=Kode sandi salah. Coba lagi.
 
 manage_account_links=Kelola akun tertaut
 manage_account_links_desc=Semua akun eksternal ini sementara tertaut dengan akun Gitea Anda.
-account_links_not_available=Saat ini tidak ada akun eksternal yang tertaut ke akun Gitea ini.
 link_account=Tautan Akun
 remove_account_link=Hapus Akun Tertaut
 remove_account_link_desc=Menghapus akun tertaut akan membuat akun itu tidak bisa mengakses akun Gitea Anda. Lanjutkan?
diff --git a/options/locale/locale_is-IS.ini b/options/locale/locale_is-IS.ini
index 3b4c605801..7d6214e37b 100644
--- a/options/locale/locale_is-IS.ini
+++ b/options/locale/locale_is-IS.ini
@@ -298,7 +298,6 @@ activate_email=Staðfestu netfangið þitt
 activate_email.text=Vinsamlegast smelltu á eftirfarandi tengil til að staðfesta netfangið þitt innan <b>%s</b>:
 
 register_notify.title=%[1]s, velkomin(n) í %[2]s
-register_notify.text_1=þetta er staðfestingarpóstur þinn fyrir skráningu á %s!
 register_notify.text_2=Þú getur nú skráð þig inn með notandanafni: %s.
 register_notify.text_3=Ef þessi reikningur hefur verið búinn til fyrir þig, vinsamlegast <a href="%s">stilltu lykilorðið þitt</a> fyrst.
 
diff --git a/options/locale/locale_it-IT.ini b/options/locale/locale_it-IT.ini
index 52fb0a3a50..61d7067028 100644
--- a/options/locale/locale_it-IT.ini
+++ b/options/locale/locale_it-IT.ini
@@ -356,7 +356,6 @@ activate_email=Verifica il tuo indirizzo e-mail
 activate_email.text=Clicca sul seguente link per verificare il tuo indirizzo email entro <b>%s</b>:
 
 register_notify.title=%[1]s, benvenuto in %[2]s
-register_notify.text_1=questa è la tua email di conferma di registrazione per %s!
 register_notify.text_2=Ora è possibile accedere tramite nome utente: %s.
 register_notify.text_3=Se questo account è stato creato per te, per favore <a href="%s">imposta prima la tua password</a>.
 
@@ -725,7 +724,6 @@ webauthn_delete_key_desc=Se si rimuove una chiave di sicurezza non è più possi
 
 manage_account_links=Gestisci gli account collegati
 manage_account_links_desc=Questi account esterni sono collegati al tuo account Gitea.
-account_links_not_available=Attualmente non è collegato alcun account esterno al tuo account Gitea.
 link_account=Collega Account
 remove_account_link=Rimuovi account collegato
 remove_account_link_desc=Rimuovere un account collegato ne revoca l'accesso al tuo account Gitea. Continuare?
@@ -1555,7 +1553,6 @@ activity.title.releases_1=%d Release
 activity.title.releases_n=%d Release
 activity.title.releases_published_by=%s pubblicata da %s
 activity.published_release_label=Pubblicata
-activity.no_git_activity=In questo periodo non c'è stata alcuna attività di commit.
 activity.git_stats_exclude_merges=Escludendo i merge,
 activity.git_stats_author_1=%d autore
 activity.git_stats_author_n=%d autori
diff --git a/options/locale/locale_ja-JP.ini b/options/locale/locale_ja-JP.ini
index face088116..171d674c49 100644
--- a/options/locale/locale_ja-JP.ini
+++ b/options/locale/locale_ja-JP.ini
@@ -117,7 +117,6 @@ files=ファイル
 
 error=エラー
 error404=アクセスしようとしたページは<strong>存在しない</strong>か、閲覧が<strong>許可されていません</strong>。
-error503=サーバーはリクエストを完了できませんでした。 後でもう一度お試しください。
 go_back=戻る
 invalid_data=無効なデータ: %v
 
@@ -131,7 +130,6 @@ unpin=ピン留め解除
 
 artifacts=成果物
 expired=期限切れ
-confirm_delete_artifact=アーティファクト %s を削除してよろしいですか？
 
 archived=アーカイブ
 
@@ -171,7 +169,6 @@ internal_error_skipped=内部エラーが発生しましたがスキップされ
 search=検索…
 type_tooltip=検索タイプ
 fuzzy=あいまい
-fuzzy_tooltip=検索語におおよそ一致する結果も含めます
 words=単語
 words_tooltip=検索語と一致する結果だけを含めます
 regexp=正規表現
@@ -506,7 +503,6 @@ activate_email.text=あなたのメールアドレスを確認するため、<b>
 
 register_notify=%s へようこそ
 register_notify.title=%[1]s さん、%[2]s にようこそ
-register_notify.text_1=これは %s への登録確認メールです！
 register_notify.text_2=あなたはユーザー名 %s でログインできるようになりました。
 register_notify.text_3=このアカウントがあなたに作成されたものであれば、最初に<a href="%s">パスワードを設定</a>してください。
 
@@ -998,7 +994,6 @@ webauthn_alternative_tip=もうひとつ別の認証方法も設定しておく
 
 manage_account_links=連携アカウントの管理
 manage_account_links_desc=これらの外部アカウントがGiteaアカウントと連携されています。
-account_links_not_available=現在このGiteaアカウントが連携している外部アカウントはありません。
 link_account=アカウントをリンク
 remove_account_link=連携アカウントの削除
 remove_account_link_desc=連携アカウントを削除し、Giteaアカウントへのアクセス権を取り消します。 続行しますか？
@@ -1035,8 +1030,6 @@ new_repo_helper=リポジトリには、プロジェクトのすべてのファ
 owner=オーナー
 owner_helper=リポジトリ数の上限により、一部の組織はドロップダウンに表示されない場合があります。
 repo_name=リポジトリ名
-repo_name_profile_public_hint=.profile は特別なリポジトリで、これを使用して、あなたの組織の公開プロフィール(誰でも閲覧可能)に README.md を追加することができます。 利用を開始するには、必ず公開リポジトリとし、プロフィールディレクトリにREADMEを追加して初期化してください。
-repo_name_profile_private_hint=.profile-private は特別なリポジトリで、これを使用して、あなたの組織のメンバー向けプロフィール(組織メンバーのみ閲覧可能)に README.md を追加することができます。 利用を開始するには、必ずプライベートリポジトリとし、プロフィールディレクトリにREADMEを追加して初期化してください。
 repo_name_helper=リポジトリ名は、短く、覚えやすく、他と重複しないキーワードを使用しましょう。 リポジトリ名を ".profile" または ".profile-private" にして README.md を追加すると、ユーザーや組織のプロフィールとなります。
 repo_size=リポジトリサイズ
 template=テンプレート
@@ -1058,7 +1051,6 @@ fork_branch=フォークにクローンされるブランチ
 all_branches=すべてのブランチ
 view_all_branches=すべてのブランチを表示
 view_all_tags=すべてのタグを表示
-fork_no_valid_owners=このリポジトリには有効なオーナーがいないため、フォークできません。
 fork.blocked_user=リポジトリのオーナーがあなたをブロックしているため、リポジトリをフォークできません。
 use_template=このテンプレートを使用
 open_with_editor=%s で開く
@@ -1746,7 +1738,6 @@ issues.due_date_form=yyyy-mm-dd
 issues.due_date_form_add=期日の追加
 issues.due_date_form_edit=変更
 issues.due_date_form_remove=削除
-issues.due_date_not_writer=イシューの期日を変更するには、リポジトリへの書き込み権限が必要です。
 issues.due_date_not_set=期日は設定されていません。
 issues.due_date_added=が期日 %s を追加 %s
 issues.due_date_modified=が期日を %[2]s から %[1]s に変更 %[3]s
@@ -2113,7 +2104,6 @@ activity.title.releases_1=%d件のリリース
 activity.title.releases_n=%d件のリリース
 activity.title.releases_published_by=%sが%sによって発行されました
 activity.published_release_label=発行
-activity.no_git_activity=この期間にはコミットのアクティビティがありません。
 activity.git_stats_exclude_merges=マージを除くと、
 activity.git_stats_author_1=%d人の作成者
 activity.git_stats_author_n=%d人の作成者
diff --git a/options/locale/locale_ko-KR.ini b/options/locale/locale_ko-KR.ini
index 4d6156e93f..1728408410 100644
--- a/options/locale/locale_ko-KR.ini
+++ b/options/locale/locale_ko-KR.ini
@@ -510,7 +510,6 @@ twofa_enrolled=당신의 계정에 2단계 인증이 설정되었습니다. 스
 
 manage_account_links=연결된 계정 관리
 manage_account_links_desc=Gitea 계정에 연결된 외부 계정입니다.
-account_links_not_available=현재 Gitea 계정에 연결된 외부 계정이 없습니다.
 link_account=계정 연결
 remove_account_link=연결된 계정 제거
 remove_account_link_desc=해당 계정을 연결해제 하는 경우 Gitea 계정에 대한 접근 권한이 사라지게 됩니다. 계속하시겠습니까?
diff --git a/options/locale/locale_lv-LV.ini b/options/locale/locale_lv-LV.ini
index 2e430ff399..7f1c52ff73 100644
--- a/options/locale/locale_lv-LV.ini
+++ b/options/locale/locale_lv-LV.ini
@@ -430,7 +430,6 @@ activate_email.title=%s, apstipriniet savu e-pasta adresi
 activate_email.text=Nospiediet uz saites, lai apstiprinātu savu e-pasta adresi lapā <b>%s</b>:
 
 register_notify.title=%[1]s, esat reģistrējies %[2]s
-register_notify.text_1=šis ir reģistrācijas apstiprinājuma e-pasts lapai %s!
 register_notify.text_2=Tagad varat autorizēties ar lietotāja vārdu: %s.
 register_notify.text_3=Ja šis konts Jums tika izveidots, tad obligāti <a href="%s">nomainiet citu paroli</a>.
 
@@ -876,7 +875,6 @@ webauthn_alternative_tip=Ir vēlams uzstādīt papildu autentifikācijas veidu.
 
 manage_account_links=Pārvaldīt saistītos kontus
 manage_account_links_desc=Šādi ārējie konti ir piesaistīti Jūsu Gitea kontam.
-account_links_not_available=Pašlaik nav neviena ārējā konta piesaistīta šim kontam.
 link_account=Sasaistīt kontu
 remove_account_link=Noņemt saistīto kontu
 remove_account_link_desc=Noņemot saistīto kontu, tam tiks liegta piekļuve Jūsu Gitea kontam. Vai turpināt?
@@ -931,7 +929,6 @@ fork_to_different_account=Atdalīt uz citu kontu
 fork_visibility_helper=Atdalītam repozitorijam nav iespējams mainīt tā redzamību.
 fork_branch=Atzars, ko klonēt atdalītajā repozitorijā
 all_branches=Visi atzari
-fork_no_valid_owners=Šim repozitorijam nevar izveidot atdalītu repozitoriju, jo tam nav spēkā esošu īpašnieku.
 use_template=Izmantot šo sagatavi
 download_zip=Lejupielādēt ZIP
 download_tar=Lejupielādēt TAR.GZ
@@ -1543,7 +1540,6 @@ issues.due_date_form=dd.mm.yyyy
 issues.due_date_form_add=Pievienot izpildes termiņu
 issues.due_date_form_edit=Labot
 issues.due_date_form_remove=Noņemt
-issues.due_date_not_writer=Ir nepieciešama rakstīšanas piekļuve šim repozitorijam, lai varētu mainīt problēmas plānoto izpildes datumu.
 issues.due_date_not_set=Izpildes termiņš nav uzstādīts.
 issues.due_date_added=pievienoja izpildes termiņu %s %s
 issues.due_date_modified=mainīja termiņa datumu no %[2]s uz %[1]s %[3]s
@@ -1881,7 +1877,6 @@ activity.title.releases_1=%d versiju
 activity.title.releases_n=%d versijas
 activity.title.releases_published_by=%s publicēja %s
 activity.published_release_label=Publicēts
-activity.no_git_activity=Šajā laika periodā nav notikušas nekādas izmaiņas.
 activity.git_stats_exclude_merges=Neskaitot sapludināšanas revīzijas,
 activity.git_stats_author_1=%d autors
 activity.git_stats_author_n=%d autori
diff --git a/options/locale/locale_nl-NL.ini b/options/locale/locale_nl-NL.ini
index 01e279f91a..3607d71279 100644
--- a/options/locale/locale_nl-NL.ini
+++ b/options/locale/locale_nl-NL.ini
@@ -355,7 +355,6 @@ activate_email=Verifieer uw e-mailadres
 activate_email.text=Klik op de volgende link om je e-mailadres te bevestigen in <b>%s</b>:
 
 register_notify.title=%[1]s, welkom bij %[2]s
-register_notify.text_1=dit is uw registratie bevestigingsemail voor %s!
 register_notify.text_2=U kunt nu inloggen via de gebruikersnaam: %s.
 register_notify.text_3=Als dit account voor u is aangemaakt, kunt u eerst <a href="%s">uw wachtwoord instellen</a>.
 
@@ -723,7 +722,6 @@ webauthn_delete_key_desc=Als u een beveiligingssleutel verwijdert, kunt u er nie
 
 manage_account_links=Gekoppelde accounts beheren
 manage_account_links_desc=Deze externe accounts zijn gekoppeld aan je Gitea-account.
-account_links_not_available=Er zijn momenteel geen externe accounts aan je Gitea-account gelinkt.
 link_account=Account koppelen
 remove_account_link=Gekoppeld account verwijderen
 remove_account_link_desc=Als je een gekoppeld account verwijdert, verliest dit account toegang tot je Gitea-account. Doorgaan?
@@ -1550,7 +1548,6 @@ activity.title.releases_1=%d Release
 activity.title.releases_n=%d Releases
 activity.title.releases_published_by=%s gepubliceerd door %s
 activity.published_release_label=Gepubliceerd
-activity.no_git_activity=Er is in deze periode geen sprake geweest van een commit activiteit.
 activity.git_stats_exclude_merges=Exclusief merges,
 activity.git_stats_author_1=%d auteur
 activity.git_stats_author_n=%d auteurs
diff --git a/options/locale/locale_pl-PL.ini b/options/locale/locale_pl-PL.ini
index cccbe47f9d..92e8790e3c 100644
--- a/options/locale/locale_pl-PL.ini
+++ b/options/locale/locale_pl-PL.ini
@@ -348,7 +348,6 @@ activate_email=Potwierdź swój adres e-mail
 activate_email.text=Aby zweryfikować swój adres e-mail, w ciągu następnych <b>%s</b> kliknij poniższy link:
 
 register_notify.title=%[1]s, witaj w %[2]s
-register_notify.text_1=to jest Twój e-mail z potwierdzeniem rejestracji dla %s!
 register_notify.text_2=Możesz teraz zalogować się za pomocą nazwy użytkownika: %s.
 register_notify.text_3=Jeśli to konto zostało utworzone dla Ciebie, <a href="%s">ustaw swoje hasło</a>.
 
@@ -682,7 +681,6 @@ webauthn_delete_key_desc=Jeżeli usuniesz klucz bezpieczeństwa, utracisz możli
 
 manage_account_links=Zarządzaj powiązanymi kontami
 manage_account_links_desc=Te konta zewnętrzne są powiązane z Twoim kontem Gitea.
-account_links_not_available=Obecnie nie ma żadnych zewnętrznych kont powiązanych z tym kontem Gitea.
 link_account=Powiąż konto
 remove_account_link=Usuń powiązane konto
 remove_account_link_desc=Usunięcie powiązanego konta unieważni jego dostęp do Twojego konta Gitea. Kontynuować?
@@ -1405,7 +1403,6 @@ activity.title.releases_1=%d Wydanie
 activity.title.releases_n=%d Wydań
 activity.title.releases_published_by=%s opublikowane przez %s
 activity.published_release_label=Opublikowane
-activity.no_git_activity=Nie było żadnej aktywności w tym okresie czasu.
 activity.git_stats_exclude_merges=Wykluczając scalenia,
 activity.git_stats_author_1=%d autor
 activity.git_stats_author_n=%d autorzy
diff --git a/options/locale/locale_pt-BR.ini b/options/locale/locale_pt-BR.ini
index 3f7eb73a52..2e38290aee 100644
--- a/options/locale/locale_pt-BR.ini
+++ b/options/locale/locale_pt-BR.ini
@@ -123,7 +123,6 @@ pin=Fixar
 unpin=Desfixar
 
 artifacts=Artefatos
-confirm_delete_artifact=Tem certeza que deseja excluir o artefato '%s' ?
 
 archived=Arquivado
 
@@ -428,7 +427,6 @@ activate_email.title=%s, por favor verifique o seu endereço de e-mail
 activate_email.text=Por favor clique no link a seguir para verificar o seu endereço de e-mail em <b>%s</b>:
 
 register_notify.title=%[1]s, bem-vindo(a) a %[2]s
-register_notify.text_1=este é o seu e-mail de confirmação de registro para %s!
 register_notify.text_2=Agora você pode entrar com o nome de usuário: %s.
 register_notify.text_3=Se esta conta foi criada para você, <a href="%s">defina sua senha</a> primeiro.
 
@@ -871,7 +869,6 @@ webauthn_alternative_tip=Você pode querer configurar um método de autenticaç
 
 manage_account_links=Gerenciar contas vinculadas
 manage_account_links_desc=Estas contas externas estão vinculadas a sua conta de Gitea.
-account_links_not_available=Não existem contas externas atualmente vinculadas a esta conta.
 link_account=Vincular Conta
 remove_account_link=Remover conta vinculada
 remove_account_link_desc=A exclusão da chave SSH revogará o acesso à sua conta. Continuar?
@@ -926,7 +923,6 @@ fork_to_different_account=Faça um fork para uma conta diferente
 fork_visibility_helper=A visibilidade do fork de um repositório não pode ser alterada.
 fork_branch=Branch a ser clonado para o fork
 all_branches=Todos os branches
-fork_no_valid_owners=Não é possível fazer um fork desse repositório porque não há proprietários validos.
 use_template=Usar este modelo
 download_zip=Baixar ZIP
 download_tar=Baixar TAR.GZ
@@ -1536,7 +1532,6 @@ issues.due_date_form=dd/mm/aaaa
 issues.due_date_form_add=Adicionar data limite
 issues.due_date_form_edit=Editar
 issues.due_date_form_remove=Remover
-issues.due_date_not_writer=Você precisa de acesso de gravação a esse repositório para atualizar a data limite de uma issue.
 issues.due_date_not_set=Data limite não informada.
 issues.due_date_added=adicionou a data limite %s %s
 issues.due_date_modified=modificou a data limite de %[2]s para %[1]s %[3]s
@@ -1874,7 +1869,6 @@ activity.title.releases_1=%d Versão
 activity.title.releases_n=%d Versões
 activity.title.releases_published_by=%s publicada(s) por %s
 activity.published_release_label=Publicado
-activity.no_git_activity=Não houve nenhuma atividade de commit neste período.
 activity.git_stats_exclude_merges=Excluindo merges,
 activity.git_stats_author_1=%d autor
 activity.git_stats_author_n=%d autores
diff --git a/options/locale/locale_pt-PT.ini b/options/locale/locale_pt-PT.ini
index f10bef0687..4e42b8b4b4 100644
--- a/options/locale/locale_pt-PT.ini
+++ b/options/locale/locale_pt-PT.ini
@@ -117,7 +117,6 @@ files=Ficheiros
 
 error=Erro
 error404=A página que pretende aceder <strong>não existe</strong> ou <strong>não tem autorização</strong> para a ver.
-error503=O servidor não conseguiu concluir o seu pedido. Tente novamente mais tarde.
 go_back=Voltar
 invalid_data=Dados inválidos: %v
 
@@ -131,7 +130,6 @@ unpin=Desafixar
 
 artifacts=Artefactos
 expired=Expirado
-confirm_delete_artifact=Tem a certeza que quer eliminar este artefacto "%s"?
 
 archived=Arquivado
 
@@ -171,7 +169,6 @@ internal_error_skipped=Ocorreu um erro interno mas foi ignorado: %s
 search=Pesquisar...
 type_tooltip=Tipo de pesquisa
 fuzzy=Aproximada
-fuzzy_tooltip=Incluir também os resultados que estejam próximos do termo de pesquisa
 words=Palavras
 words_tooltip=Incluir apenas os resultados que correspondam às palavras do termo de pesquisa
 regexp=Regexp
@@ -506,7 +503,6 @@ activate_email.text=Por favor clique na seguinte ligação para validar o seu en
 
 register_notify=Bem-vindo(a) a %s
 register_notify.title=%[1]s, bem-vindo(a) a %[2]s
-register_notify.text_1=este é o seu email de confirmação de registo para %s!
 register_notify.text_2=Agora pode iniciar a sessão com o nome de utilizador: %s.
 register_notify.text_3=Se esta conta foi criada para si, <a href="%s">defina a sua senha</a> primeiro.
 
@@ -998,7 +994,6 @@ webauthn_alternative_tip=Poderá querer configurar um método de autenticação
 
 manage_account_links=Gerir contas vinculadas
 manage_account_links_desc=Estas contas externas estão vinculadas à sua conta do Gitea.
-account_links_not_available=Neste momento não existem contas externas vinculadas à sua conta do Gitea.
 link_account=Vincular conta
 remove_account_link=Remover conta vinculada
 remove_account_link_desc=A remoção de uma conta vinculada revogará o acesso dessa conta à sua conta do Gitea. Quer continuar?
@@ -1035,8 +1030,6 @@ new_repo_helper=Um repositório contém todos os ficheiros do trabalho, incluind
 owner=Proprietário(a)
 owner_helper=Algumas organizações podem não aparecer na lista suspensa devido a um limite máximo de contagem de repositórios.
 repo_name=Nome do repositório
-repo_name_profile_public_hint=.profile é um repositório especial que pode usar para adicionar README.md ao seu perfil público da organização, visível para qualquer pessoa. Certifique-se que é público e inicialize-o com um README na pasta do perfil para começar.
-repo_name_profile_private_hint=.profile-private é um repositório especial que pode usar para adicionar um README.md ao seu perfil de membro da organização, visível apenas para membros da organização. Certifique-se que é privado e inicialize-o com um README na pasta de perfil para começar.
 repo_name_helper=Bons nomes de repositórios usam palavras-chave curtas, memorizáveis e únicas. Um repositório chamado ".profile" ou ".profile-private" pode ser usado para adicionar um README.md ao perfil do utilizador ou da organização.
 repo_size=Tamanho do repositório
 template=Modelo
@@ -1058,7 +1051,6 @@ fork_branch=Ramo a ser clonado para a derivação
 all_branches=Todos os ramos
 view_all_branches=Ver todos os ramos
 view_all_tags=Ver todas as etiquetas
-fork_no_valid_owners=Não pode fazer uma derivação deste repositório porque não existem proprietários válidos.
 fork.blocked_user=Não pode derivar o repositório porque foi bloqueado/a pelo/a proprietário/a do repositório.
 use_template=Usar este modelo
 open_with_editor=Abrir com %s
@@ -1755,7 +1747,6 @@ issues.due_date_form=yyyy-mm-dd
 issues.due_date_form_add=Adicionar data de vencimento
 issues.due_date_form_edit=Editar
 issues.due_date_form_remove=Remover
-issues.due_date_not_writer=Tem que ter acesso de escrita neste repositório para poder modificar a data de vencimento de uma questão.
 issues.due_date_not_set=Sem data de vencimento definida.
 issues.due_date_added=adicionou a data de vencimento %s %s
 issues.due_date_modified=modificou a data de vencimento de %[2]s para %[1]s %[3]s
@@ -2123,7 +2114,6 @@ activity.title.releases_1=%d lançamento
 activity.title.releases_n=%d Lançamentos
 activity.title.releases_published_by=%s publicado por %s
 activity.published_release_label=Publicado
-activity.no_git_activity=Não houve quaisquer cometimentos feitos durante este período.
 activity.git_stats_exclude_merges=Excluindo integrações,
 activity.git_stats_author_1=%d autor
 activity.git_stats_author_n=%d autores
diff --git a/options/locale/locale_ru-RU.ini b/options/locale/locale_ru-RU.ini
index bfaf7143bd..82f6f398dc 100644
--- a/options/locale/locale_ru-RU.ini
+++ b/options/locale/locale_ru-RU.ini
@@ -425,7 +425,6 @@ activate_email.title=%s, пожалуйста, подтвердите ваш а
 activate_email.text=Пожалуйста, перейдите по ссылке, чтобы подтвердить ваш адрес электронной почты в течение <b>%s</b>:
 
 register_notify.title=%[1]s, добро пожаловать в %[2]s
-register_notify.text_1=это письмо с вашим подтверждением регистрации в %s!
 register_notify.text_2=Теперь вы можете войти через логин: %s.
 register_notify.text_3=Если эта учётная запись была создана для вас, пожалуйста, сначала <a href="%s">установите пароль</a>.
 
@@ -864,7 +863,6 @@ webauthn_key_loss_warning=В случае утраты ключей безопа
 
 manage_account_links=Управление привязанными аккаунтами
 manage_account_links_desc=Эти внешние аккаунты привязаны к вашему аккаунту Gitea.
-account_links_not_available=В настоящее время нет внешних аккаунтов, привязанных к вашему аккаунту Gitea.
 link_account=Привязать аккаунт
 remove_account_link=Удалить привязанный аккаунт
 remove_account_link_desc=Удаление привязанной учётной записи отменит её доступ к вашей учётной записи Gitea. Продолжить?
@@ -1836,7 +1834,6 @@ activity.title.releases_1=%d релиз
 activity.title.releases_n=%d релизов
 activity.title.releases_published_by=%s опубликованы %s
 activity.published_release_label=Опубликовано
-activity.no_git_activity=В этот период не было новых коммитов.
 activity.git_stats_exclude_merges=За исключением слияний,
 activity.git_stats_author_1=%d автор
 activity.git_stats_author_n=%d автора(ов)
diff --git a/options/locale/locale_si-LK.ini b/options/locale/locale_si-LK.ini
index 6a15dae3f2..4514f1820a 100644
--- a/options/locale/locale_si-LK.ini
+++ b/options/locale/locale_si-LK.ini
@@ -322,7 +322,6 @@ activate_email=ඔබගේ විද්යුත් තැපැල් ලි
 activate_email.text=තුළ ඔබගේ විද්යුත් තැපැල් ලිපිනය සත්යාපනය කිරීමට පහත සබැඳිය ක්ලික් කරන්න <b>%s</b>:
 
 register_notify.title=%[1]s, %[2]s වෙත සාදරයෙන් පිළිගනිමු
-register_notify.text_1=මෙය %sසඳහා ඔබගේ ලියාපදිංචි තහවුරු කිරීමේ විද්යුත් තැපෑලයි!
 register_notify.text_2=ඔබට දැන් පරිශීලක නාමය හරහා පිවිසිය හැකිය: %s.
 register_notify.text_3=මෙම ගිණුම ඔබ වෙනුවෙන් නිර්මාණය කර තිබේ නම්, කරුණාකර <a href="%s">ඔබගේ මුරපදය</a> පළමු සකසන්න.
 
@@ -664,7 +663,6 @@ twofa_failed_get_secret=රහස්ය වීමට අසමත් විය.
 
 manage_account_links=සම්බන්ධිත ගිණුම් කළමනාකරණය කරන්න
 manage_account_links_desc=මෙම බාහිර ගිණුම් ඔබගේ Gitea ගිණුමට සම්බන්ධ කර ඇත.
-account_links_not_available=දැනට ඔබගේ Gitea ගිණුමට සම්බන්ධ බාහිර ගිණුම් නොමැත.
 link_account=ගිණුම සබැඳින්න
 remove_account_link=සම්බන්ධිත ගිණුම ඉවත් කරන්න
 remove_account_link_desc=සම්බන්ධිත ගිණුමක් ඉවත් කිරීම ඔබගේ Gitea ගිණුමට එහි ප්රවේශය අවලංගු කරනු ඇත. දිගටම?
@@ -1401,7 +1399,6 @@ activity.title.releases_1=නිකුතු %d
 activity.title.releases_n=නිකුතු %d
 activity.title.releases_published_by=%s විසින් ප්රකාශයට පත් කර %s
 activity.published_release_label=ප්රකාශයට පත්
-activity.no_git_activity=මෙම කාලය තුළ කිසිදු කැපවීමක් සිදු වී නොමැත.
 activity.git_stats_exclude_merges=ඒකාබද්ධ කිරීම හැර,
 activity.git_stats_author_1=%d කර්තෘ
 activity.git_stats_author_n=%d කතුවරුන්
diff --git a/options/locale/locale_sk-SK.ini b/options/locale/locale_sk-SK.ini
index 61afb9546f..a3dc642bb2 100644
--- a/options/locale/locale_sk-SK.ini
+++ b/options/locale/locale_sk-SK.ini
@@ -411,7 +411,6 @@ activate_email=Overte svoju e-mailovú adresu
 activate_email.text=Pre overenie vašej e-mailovej adresy kliknite, prosím, na nasledovný odkaz do <b>%s</b>:
 
 register_notify.title=%[1]s, vitajte v %[2]s
-register_notify.text_1=toto je e-mail potvrdzujúci vašu registráciu pre %s!
 register_notify.text_2=Teraz sa môžete prihlásiť s používateľským menom: %s.
 register_notify.text_3=Ak bol tento účet vytvorený pre vás, nastavte prosím najskôr <a href="%s">svoje heslo</a>.
 
@@ -788,7 +787,6 @@ webauthn_delete_key_desc=Ak odstránite bezpečnostný kľúč, už sa s ním ne
 
 manage_account_links=Spravovať prepojené kontá
 manage_account_links_desc=Tieto externé účty sú prepojené s vaším účtom Gitea.
-account_links_not_available=V súčasnosti nie sú s vaším účtom Gitea prepojené žiadne externé účty.
 link_account=Pripojiť účet
 remove_account_link=Odstrániť prepojený účet
 remove_account_link_desc=Odstránenie prepojeného účtu zruší jeho prístup k vášmu účtu Gitea. Pokračovať?
diff --git a/options/locale/locale_sv-SE.ini b/options/locale/locale_sv-SE.ini
index da4b1ba6fd..0c82239487 100644
--- a/options/locale/locale_sv-SE.ini
+++ b/options/locale/locale_sv-SE.ini
@@ -573,7 +573,6 @@ passcode_invalid=Koden är ogiltig. Försök igen.
 
 manage_account_links=Hantera Länkade Konton
 manage_account_links_desc=Dessa externa konton är länkade till ditt Gitea-konto.
-account_links_not_available=Det finns för närvarande inga externa konton länkade till ditt Gitea-konto.
 link_account=Länka konto
 remove_account_link=Ta Bort Länkat Konto
 remove_account_link_desc=Borttagning av länkade konton kommer häva dess åtkomst till ditt Gitea-konto. Vill du fortsätta?
@@ -1182,7 +1181,6 @@ activity.title.releases_1=%d release
 activity.title.releases_n=%d releaser
 activity.title.releases_published_by=%s publicerad av %s
 activity.published_release_label=Publicerad
-activity.no_git_activity=Det har inte gjorts några commit under den här perioden.
 activity.git_stats_exclude_merges=Exkludera merger,
 activity.git_stats_author_1=%d författare
 activity.git_stats_author_n=%d författare
diff --git a/options/locale/locale_tr-TR.ini b/options/locale/locale_tr-TR.ini
index 25773f43c7..4675b8a623 100644
--- a/options/locale/locale_tr-TR.ini
+++ b/options/locale/locale_tr-TR.ini
@@ -117,7 +117,6 @@ files=Dosyalar
 
 error=Hata
 error404=Ulaşmaya çalıştığınız sayfa <strong>mevcut değil</strong> veya <strong>görüntüleme yetkiniz yok</strong>.
-error503=Sunucu isteğinizi gerçekleştiremedi. Lütfen daha sonra tekrar deneyin.
 go_back=Geri Git
 invalid_data=Geçersiz veri: %v
 
@@ -131,7 +130,6 @@ unpin=Sabitlemeyi kaldır
 
 artifacts=Yapılar
 expired=Süresi doldu
-confirm_delete_artifact=%s yapısını silmek istediğinizden emin misiniz?
 
 archived=Arşivlenmiş
 
@@ -171,7 +169,6 @@ internal_error_skipped=Dahili bir hata oluştu ama atlandı: %s
 search=Ara...
 type_tooltip=Arama türü
 fuzzy=Bulanık
-fuzzy_tooltip=Arama terimine benzeyen sonuçları da içer
 words=Kelimeler
 words_tooltip=Sadece arama terimi kelimeleriyle eşleşen sonuçları içer
 regexp=Regexp
@@ -506,7 +503,6 @@ activate_email.text=E posta adresinizi doğrulamak için lütfen <b>%s</b> için
 
 register_notify=%s'ya Hoş Geldiniz
 register_notify.title=%[1]s, %[2]s e hoşgeldiniz
-register_notify.text_1=bu %s için kayıt onay e postanızdır!
 register_notify.text_2=Artık %s kullanıcı adı ile oturum açabilirsiniz.
 register_notify.text_3=Eğer bu hesap sizin için oluşturulduysa, lütfen önce <a href="%s">şifrenizi</a> ayarlayın.
 
@@ -998,7 +994,6 @@ webauthn_alternative_tip=Ek bir kimlik doğrulama yöntemi ayarlamak isteyebilir
 
 manage_account_links=Bağlı Hesapları Yönet
 manage_account_links_desc=Bu harici hesaplar Gitea hesabınızla bağlantılı.
-account_links_not_available=Şu anda Gitea hesabınıza bağlı harici bir hesap yok.
 link_account=Hesap Bağla
 remove_account_link=Bağlantılı Hesabı Kaldır
 remove_account_link_desc=Bağlantılı bir hesabı kaldırmak, onunla Gitea hesabınıza erişimi iptal edecektir. Devam edilsin mi?
@@ -1035,8 +1030,6 @@ new_repo_helper=Bir depo, sürüm geçmişi dahil tüm proje dosyalarını içer
 owner=Sahibi
 owner_helper=Bazı organizasyonlar, en çok depo sayısı sınırı nedeniyle açılır menüde görünmeyebilir.
 repo_name=Depo İsmi
-repo_name_profile_public_hint=.profile herkese açık organizasyonunuzun profiline herkesin görüntüleyebileceği bir README.md dosyası eklemek için kullanabileceğiniz özel bir depodur. Başlamak için herkese açık olduğundan ve profile dizininde README ile başladığınızdan emin olun.
-repo_name_profile_private_hint=.profile-private organizasyonunuzun üye profiline sadece organizasyon üyelerinin görüntüleyebileceği bir README.md eklemek için kullanabileceğiniz özel bir depodur. Başlamak için özel olduğundan ve profil dizininde README ile başladığınızdan emin olun.
 repo_name_helper=İyi depo isimleri kısa, akılda kalıcı ve benzersiz anahtar kelimeler kullanır. “.profile” veya ‘.profile-private’ adlı bir depo, kullanıcı/kuruluş profili için bir README.md eklemek için kullanılabilir.
 repo_size=Depo Boyutu
 template=Şablon
@@ -1058,7 +1051,6 @@ fork_branch=Çatala klonlanacak dal
 all_branches=Tüm dallar
 view_all_branches=Tüm dalları görüntüle
 view_all_tags=Tüm etiketleri görüntüle
-fork_no_valid_owners=Geçerli bir sahibi olmadığı için bu depo çatallanamaz.
 fork.blocked_user=Depo çatallanamıyor, depo sahibi tarafından engellenmişsiniz.
 use_template=Bu şablonu kullan
 open_with_editor=%s ile aç
@@ -1748,7 +1740,6 @@ issues.due_date_form=yyyy-aa-gg
 issues.due_date_form_add=Bitiş tarihi ekle
 issues.due_date_form_edit=Düzenle
 issues.due_date_form_remove=Kaldır
-issues.due_date_not_writer=Bir konunun bitiş tarihini güncellemek için bu depoda yazma iznine ihtiyacınız var.
 issues.due_date_not_set=Bitiş tarihi atanmadı.
 issues.due_date_added=bitiş tarihini %s olarak %s ekledi
 issues.due_date_modified=bitiş tarihini %[2]s iken %[1]s olarak %[3]s değiştirdi
@@ -2107,7 +2098,6 @@ activity.title.releases_1=%d Sürüm
 activity.title.releases_n=%d Sürüm
 activity.title.releases_published_by=%s %s tarafından yayınlandı
 activity.published_release_label=Yayınlandı
-activity.no_git_activity=Bu dönemde herhangi bir işleme yapılmamıştır.
 activity.git_stats_exclude_merges=Birleştirmeler hariç,
 activity.git_stats_author_1=%d yazar
 activity.git_stats_author_n=%d yazar
diff --git a/options/locale/locale_uk-UA.ini b/options/locale/locale_uk-UA.ini
index 6d7721537b..d9952cec6f 100644
--- a/options/locale/locale_uk-UA.ini
+++ b/options/locale/locale_uk-UA.ini
@@ -116,7 +116,6 @@ files=Файли
 
 error=Помилка
 error404=Сторінка, яку ви намагаєтеся відкрити, <strong>не існує</strong> або <strong>ви не маєте права</strong> на її перегляд.
-error503=Сервер не зміг виконати ваш запит. Будь ласка, спробуйте пізніше.
 go_back=Назад
 invalid_data=Недійсні дані: %v
 
@@ -130,7 +129,6 @@ unpin=Відкріпити
 
 artifacts=Артефакти
 expired=Прострочено
-confirm_delete_artifact=Справді видалити артефакт '%s' ?
 
 archived=Архівовано
 
@@ -168,7 +166,6 @@ internal_error_skipped=Трапилась внутрішня помилка, а
 search=Пошук...
 type_tooltip=Тип пошуку
 fuzzy=Неточний
-fuzzy_tooltip=Включити результати, які також близько відповідають пошуковому запиту
 words=Слова
 words_tooltip=Включати тільки результати, які відповідають пошуковим словам
 regexp=Регулярний вираз
@@ -497,7 +494,6 @@ activate_email.text=Будь ласка, перейдіть за наступн
 
 register_notify=Ласкаво просимо до %s
 register_notify.title=%[1]s, ласкаво просимо до %[2]s
-register_notify.text_1=це лист з підтвердженням реєстрації на %s!
 register_notify.text_2=Тепер ви можете увійти як: %s.
 register_notify.text_3=Якщо цей обліковий запис створено для вас, будь ласка, спершу <a href="%s">встановіть пароль</a>.
 
@@ -980,7 +976,6 @@ webauthn_alternative_tip=Ви можете налаштувати додатко
 
 manage_account_links=Керування прив'язаними обліковими записами
 manage_account_links_desc=Ці зовнішні облікові записи прив'язані до вашого облікового запису Gitea.
-account_links_not_available=Наразі немає зовнішніх облікових записів, пов'язаних із вашим обліковим записом Gitea.
 link_account=Прив'язати обліковий запис
 remove_account_link=Видалити обліковий запис
 remove_account_link_desc=Видалення пов'язаного облікового запису відкликає його доступ до вашого облікового запису Gitea. Продовжити?
@@ -1016,7 +1011,6 @@ new_repo_helper=Сховище містить усі файли проєкту,
 owner=Власник
 owner_helper=Деякі організації можуть не відображатися у списку через обмеження на максимальну кількість сховищ.
 repo_name=Назва сховища
-repo_name_profile_public_hint=.profile - це спеціальне сховище, за допомогою якого ви можете додати README.md до профілю вашої публічної організації, який буде видимим для всіх. Переконайтеся, що він є публічним, та ініціалізуйте його за допомогою README у каталозі профілю.
 repo_name_helper=У хороших назвах сховищ використовуються короткі ключові слова, які легко запам'ятовуються та є унікальними. Сховище з назвою «.profile» або «.profile-private» можна використовувати для додавання README.md для профілю користувача/організації.
 repo_size=Розмір сховища
 template=Шаблон
@@ -1690,7 +1684,6 @@ issues.due_date_form=рррр-мм-дд
 issues.due_date_form_add=Додати дату завершення
 issues.due_date_form_edit=Редагувати
 issues.due_date_form_remove=Видалити
-issues.due_date_not_writer=Вам потрібен доступ на запис до цього сховища, щоб оновити дату виконання задачі.
 issues.due_date_not_set=Термін виконання не встановлений.
 issues.due_date_added=додав(ла) дату завершення %s %s
 issues.due_date_modified=змінив(-ла) термін виконання з %[2]s на %[1]s %[3]s
@@ -2024,7 +2017,6 @@ activity.title.releases_1=%d Реліз
 activity.title.releases_n=%d Релізів
 activity.title.releases_published_by=%s опубліковано %s
 activity.published_release_label=Опубліковано
-activity.no_git_activity=За цей період не було жодної активності комітів.
 activity.git_stats_exclude_merges=Не враховуючи об'єднання,
 activity.git_stats_author_1=%d автор
 activity.git_stats_author_n=%d автори
diff --git a/options/locale/locale_zh-CN.ini b/options/locale/locale_zh-CN.ini
index f2a3d29bec..0be185cd4f 100644
--- a/options/locale/locale_zh-CN.ini
+++ b/options/locale/locale_zh-CN.ini
@@ -117,7 +117,6 @@ files=文件
 
 error=错误
 error404=您正尝试访问的页面 <strong>不存在</strong> 或 <strong>您尚未被授权</strong> 查看该页面。
-error503=服务器无法完成您的请求，请稍后重试。
 go_back=返回
 invalid_data=无效数据： %v
 
@@ -131,7 +130,6 @@ unpin=取消置顶
 
 artifacts=产物
 expired=已过期
-confirm_delete_artifact=您确定要删除产物「%s」吗？
 
 archived=已归档
 
@@ -171,7 +169,6 @@ internal_error_skipped=发生内部错误，但已跳过： %s
 search=搜索...
 type_tooltip=搜索类型
 fuzzy=模糊
-fuzzy_tooltip=包含近似匹配搜索词的结果
 words=词
 words_tooltip=仅包含匹配搜索词的结果
 regexp=正则表达式
@@ -506,7 +503,6 @@ activate_email.text=请在 <b>%s</b> 时间内，点击以下链接，以验证
 
 register_notify=欢迎来到 %s
 register_notify.title=%[1]s，欢迎来到 %[2]s
-register_notify.text_1=这是您的 %s 注册确认邮件 ！
 register_notify.text_2=您现在可以以用户名 %s 登录。
 register_notify.text_3=如果此账户已为您创建，请先 <a href="%s">设置您的密码</a>。
 
@@ -998,7 +994,6 @@ webauthn_alternative_tip=您可能想要配置额外的身份验证方法。
 
 manage_account_links=管理绑定过的账号
 manage_account_links_desc=这些外部帐户已经绑定到您的 Gitea 帐户。
-account_links_not_available=当前没有与您的 Gitea 帐户绑定的外部帐户。
 link_account=链接账户
 remove_account_link=删除已绑定的账号
 remove_account_link_desc=删除已绑定帐户将吊销其对您的 Gitea 帐户的访问权限。继续？
@@ -1035,8 +1030,6 @@ new_repo_helper=代码仓库包含了所有的项目文件，包括版本历史
 owner=拥有者
 owner_helper=由于最大仓库数量限制，一些组织可能不会显示在下拉列表中。
 repo_name=仓库名称
-repo_name_profile_public_hint=.profile 是一个特殊的仓库，您可以使用它将 README.md 添加到您的公共组织资料中，任何人都可以看到。请确保它是公开的，并使用个人资料目录中的 README 对其进行初始化以开始使用。
-repo_name_profile_private_hint=.profile-private 是一个特殊的仓库，您可以使用它向您的组织成员个人资料添加 README.md，仅对组织成员可见。请确保它是私有的，并使用个人资料目录中的 README 对其进行初始化以开始使用。
 repo_name_helper=理想的仓库名称应由简短、有意义和独特的关键词组成。「.profile」和「.profile-private」可用于为用户/组织添加 README.md。
 repo_size=仓库大小
 template=模板
@@ -1058,7 +1051,6 @@ fork_branch=要克隆为派生的分支
 all_branches=所有分支
 view_all_branches=查看所有分支
 view_all_tags=查看所有标签
-fork_no_valid_owners=这个代码仓库无法被派生，因为没有有效的所有者。
 fork.blocked_user=无法克隆仓库，因为您被仓库所有者屏蔽。
 use_template=使用此模板
 open_with_editor=用 %s 打开
@@ -1756,7 +1748,6 @@ issues.due_date_form=yyyy年mm月dd日
 issues.due_date_form_add=设置到期时间
 issues.due_date_form_edit=编辑
 issues.due_date_form_remove=删除
-issues.due_date_not_writer=您需要该仓库的写权限才能更新工单的到期日期。
 issues.due_date_not_set=未设置到期时间。
 issues.due_date_added=于 %[2]s 设置到期时间为 %[1]s
 issues.due_date_modified=将到期日从 %[2]s 修改为 %[1]s %[3]s
@@ -2124,7 +2115,6 @@ activity.title.releases_1=%d 个发布
 activity.title.releases_n=%d 个发布
 activity.title.releases_published_by=%[2]s 发布了 %[1]s
 activity.published_release_label=已发布
-activity.no_git_activity=在此期间没有任何提交活动。
 activity.git_stats_exclude_merges=排除合并后，
 activity.git_stats_author_1=%d 位作者
 activity.git_stats_author_n=%d 位作者
diff --git a/options/locale/locale_zh-TW.ini b/options/locale/locale_zh-TW.ini
index de0a4ed8a8..8ae16dd11f 100644
--- a/options/locale/locale_zh-TW.ini
+++ b/options/locale/locale_zh-TW.ini
@@ -128,7 +128,6 @@ pin=固定
 unpin=取消固定
 
 artifacts=檔案或工件
-confirm_delete_artifact=你確定要刪除這個檔案 '%s' 嗎？
 
 archived=已封存
 
@@ -167,7 +166,6 @@ internal_error_skipped=已略過內部錯誤：%s
 search=搜尋…
 type_tooltip=搜尋類型
 fuzzy=模糊
-fuzzy_tooltip=包含與搜尋詞接近的結果
 exact=精確
 exact_tooltip=只包含完全符合關鍵字的結果
 repo_kind=搜尋儲存庫…
@@ -487,7 +485,6 @@ activate_email.text=請在 <b>%s</b>內點擊下列連結以驗證您的電子
 
 register_notify=歡迎來到 Gitea
 register_notify.title=%[1]s，歡迎來到 %[2]s
-register_notify.text_1=這是您在 %s 的註冊確認信！
 register_notify.text_2=您現在可以用帳號 %s 登入。
 register_notify.text_3=如果這是由管理員為您建立的帳戶，請先<a href="%s">設定您的密碼</a>。
 
@@ -973,7 +970,6 @@ webauthn_alternative_tip=您可能需要設定其他的驗證方法。
 
 manage_account_links=管理已連結的帳戶
 manage_account_links_desc=這些外部帳戶已連結到您的 Gitea 帳戶。
-account_links_not_available=目前沒有連結到您的 Gitea 帳戶的外部帳戶
 link_account=連結帳戶
 remove_account_link=刪除已連結的帳戶
 remove_account_link_desc=刪除連結帳戶將撤銷其對 Gitea 帳戶的存取權限。是否繼續？
@@ -1030,7 +1026,6 @@ fork_branch=要克隆到 fork 的分支
 all_branches=所有分支
 view_all_branches=查看所有分支
 view_all_tags=查看所有標籤
-fork_no_valid_owners=此儲存庫無法 fork，因為沒有有效的擁有者。
 fork.blocked_user=無法 fork 儲存庫，因為您被儲存庫擁有者封鎖。
 use_template=使用此範本
 open_with_editor=以 %s 開啟
@@ -1690,7 +1685,6 @@ issues.due_date_form=yyyy年mm月dd日
 issues.due_date_form_add=新增截止日期
 issues.due_date_form_edit=編輯
 issues.due_date_form_remove=移除
-issues.due_date_not_writer=您需要對此儲存庫的寫入權限才能更新問題的截止日期。
 issues.due_date_not_set=未設定截止日期。
 issues.due_date_added=新增了截止日期 %s %s
 issues.due_date_modified=將截止日期從 %[2]s 修改為 %[1]s %[3]s
@@ -2051,7 +2045,6 @@ activity.title.releases_1=%d 個版本
 activity.title.releases_n=%d 個版本
 activity.title.releases_published_by=%[2]s發布了 %[1]s
 activity.published_release_label=已發布
-activity.no_git_activity=期間內沒有任何提交動態
 activity.git_stats_exclude_merges=不計合併，
 activity.git_stats_author_1=%d 位作者
 activity.git_stats_author_n=%d 位作者
diff --git a/routers/api/v1/admin/user.go b/routers/api/v1/admin/user.go
index 8a267cc418..494bace585 100644
--- a/routers/api/v1/admin/user.go
+++ b/routers/api/v1/admin/user.go
@@ -240,7 +240,7 @@ func EditUser(ctx *context.APIContext) {
 		Description:             optional.FromPtr(form.Description),
 		IsActive:                optional.FromPtr(form.Active),
 		IsAdmin:                 user_service.UpdateOptionFieldFromPtr(form.Admin),
-		Visibility:              optional.FromNonDefault(api.VisibilityModes[form.Visibility]),
+		Visibility:              optional.FromMapLookup(api.VisibilityModes, form.Visibility),
 		AllowGitHook:            optional.FromPtr(form.AllowGitHook),
 		AllowImportLocal:        optional.FromPtr(form.AllowImportLocal),
 		MaxRepoCreation:         optional.FromPtr(form.MaxRepoCreation),
diff --git a/routers/api/v1/org/org.go b/routers/api/v1/org/org.go
index 05744ba155..cd67686065 100644
--- a/routers/api/v1/org/org.go
+++ b/routers/api/v1/org/org.go
@@ -391,7 +391,7 @@ func Edit(ctx *context.APIContext) {
 		Description:               optional.Some(form.Description),
 		Website:                   optional.Some(form.Website),
 		Location:                  optional.Some(form.Location),
-		Visibility:                optional.FromNonDefault(api.VisibilityModes[form.Visibility]),
+		Visibility:                optional.FromMapLookup(api.VisibilityModes, form.Visibility),
 		RepoAdminChangeTeamAccess: optional.FromPtr(form.RepoAdminChangeTeamAccess),
 	}
 	if err := user_service.UpdateUser(ctx, ctx.Org.Organization.AsUser(), opts); err != nil {
diff --git a/routers/api/v1/repo/action.go b/routers/api/v1/repo/action.go
index 9a61e5d38d..1605a4781c 100644
--- a/routers/api/v1/repo/action.go
+++ b/routers/api/v1/repo/action.go
@@ -747,7 +747,7 @@ func (Action) ListWorkflowRuns(ctx *context.APIContext) {
 	//   type: integer
 	// responses:
 	//   "200":
-	//     "$ref": "#/responses/ArtifactsList"
+	//     "$ref": "#/responses/WorkflowRunsList"
 	//   "400":
 	//     "$ref": "#/responses/error"
 	//   "404":
diff --git a/routers/web/admin/auths.go b/routers/web/admin/auths.go
index 0f6f31b884..56c384b970 100644
--- a/routers/web/admin/auths.go
+++ b/routers/web/admin/auths.go
@@ -199,6 +199,9 @@ func parseOAuth2Config(form forms.AuthenticationForm) *oauth2.Source {
 		AdminGroup:                    form.Oauth2AdminGroup,
 		GroupTeamMap:                  form.Oauth2GroupTeamMap,
 		GroupTeamMapRemoval:           form.Oauth2GroupTeamMapRemoval,
+
+		SSHPublicKeyClaimName: form.Oauth2SSHPublicKeyClaimName,
+		FullNameClaimName:     form.Oauth2FullNameClaimName,
 	}
 }
 
diff --git a/routers/web/auth/2fa.go b/routers/web/auth/2fa.go
index d15d33dfd4..1f087a7897 100644
--- a/routers/web/auth/2fa.go
+++ b/routers/web/auth/2fa.go
@@ -14,7 +14,6 @@ import (
 	"code.gitea.io/gitea/modules/templates"
 	"code.gitea.io/gitea/modules/web"
 	"code.gitea.io/gitea/services/context"
-	"code.gitea.io/gitea/services/externalaccount"
 	"code.gitea.io/gitea/services/forms"
 )
 
@@ -75,7 +74,7 @@ func TwoFactorPost(ctx *context.Context) {
 		}
 
 		if ctx.Session.Get("linkAccount") != nil {
-			err = externalaccount.LinkAccountFromStore(ctx, ctx.Session, u)
+			err = linkAccountFromContext(ctx, u)
 			if err != nil {
 				ctx.ServerError("UserSignIn", err)
 				return
diff --git a/routers/web/auth/auth.go b/routers/web/auth/auth.go
index 94f75f69ff..13cd083771 100644
--- a/routers/web/auth/auth.go
+++ b/routers/web/auth/auth.go
@@ -329,6 +329,7 @@ func handleSignInFull(ctx *context.Context, u *user_model.User, remember, obeyRe
 		"twofaUid",
 		"twofaRemember",
 		"linkAccount",
+		"linkAccountData",
 	}, map[string]any{
 		session.KeyUID:                  u.ID,
 		session.KeyUname:                u.Name,
@@ -519,7 +520,7 @@ func SignUpPost(ctx *context.Context) {
 		Passwd: form.Password,
 	}
 
-	if !createAndHandleCreatedUser(ctx, tplSignUp, form, u, nil, nil, false) {
+	if !createAndHandleCreatedUser(ctx, tplSignUp, form, u, nil, nil) {
 		// error already handled
 		return
 	}
@@ -530,22 +531,22 @@ func SignUpPost(ctx *context.Context) {
 
 // createAndHandleCreatedUser calls createUserInContext and
 // then handleUserCreated.
-func createAndHandleCreatedUser(ctx *context.Context, tpl templates.TplName, form any, u *user_model.User, overwrites *user_model.CreateUserOverwriteOptions, gothUser *goth.User, allowLink bool) bool {
-	if !createUserInContext(ctx, tpl, form, u, overwrites, gothUser, allowLink) {
+func createAndHandleCreatedUser(ctx *context.Context, tpl templates.TplName, form any, u *user_model.User, overwrites *user_model.CreateUserOverwriteOptions, possibleLinkAccountData *LinkAccountData) bool {
+	if !createUserInContext(ctx, tpl, form, u, overwrites, possibleLinkAccountData) {
 		return false
 	}
-	return handleUserCreated(ctx, u, gothUser)
+	return handleUserCreated(ctx, u, possibleLinkAccountData)
 }
 
 // createUserInContext creates a user and handles errors within a given context.
-// Optionally a template can be specified.
-func createUserInContext(ctx *context.Context, tpl templates.TplName, form any, u *user_model.User, overwrites *user_model.CreateUserOverwriteOptions, gothUser *goth.User, allowLink bool) (ok bool) {
+// Optionally, a template can be specified.
+func createUserInContext(ctx *context.Context, tpl templates.TplName, form any, u *user_model.User, overwrites *user_model.CreateUserOverwriteOptions, possibleLinkAccountData *LinkAccountData) (ok bool) {
 	meta := &user_model.Meta{
 		InitialIP:        ctx.RemoteAddr(),
 		InitialUserAgent: ctx.Req.UserAgent(),
 	}
 	if err := user_model.CreateUser(ctx, u, meta, overwrites); err != nil {
-		if allowLink && (user_model.IsErrUserAlreadyExist(err) || user_model.IsErrEmailAlreadyUsed(err)) {
+		if possibleLinkAccountData != nil && (user_model.IsErrUserAlreadyExist(err) || user_model.IsErrEmailAlreadyUsed(err)) {
 			switch setting.OAuth2Client.AccountLinking {
 			case setting.OAuth2AccountLinkingAuto:
 				var user *user_model.User
@@ -561,15 +562,15 @@ func createUserInContext(ctx *context.Context, tpl templates.TplName, form any,
 				}
 
 				// TODO: probably we should respect 'remember' user's choice...
-				linkAccount(ctx, user, *gothUser, true)
+				oauth2LinkAccount(ctx, user, possibleLinkAccountData, true)
 				return false // user is already created here, all redirects are handled
 			case setting.OAuth2AccountLinkingLogin:
-				showLinkingLogin(ctx, *gothUser)
+				showLinkingLogin(ctx, &possibleLinkAccountData.AuthSource, possibleLinkAccountData.GothUser)
 				return false // user will be created only after linking login
 			}
 		}
 
-		// handle error without template
+		// handle error without a template
 		if len(tpl) == 0 {
 			ctx.ServerError("CreateUser", err)
 			return false
@@ -610,7 +611,7 @@ func createUserInContext(ctx *context.Context, tpl templates.TplName, form any,
 // handleUserCreated does additional steps after a new user is created.
 // It auto-sets admin for the only user, updates the optional external user and
 // sends a confirmation email if required.
-func handleUserCreated(ctx *context.Context, u *user_model.User, gothUser *goth.User) (ok bool) {
+func handleUserCreated(ctx *context.Context, u *user_model.User, possibleLinkAccountData *LinkAccountData) (ok bool) {
 	// Auto-set admin for the only user.
 	hasUsers, err := user_model.HasUsers(ctx)
 	if err != nil {
@@ -631,8 +632,8 @@ func handleUserCreated(ctx *context.Context, u *user_model.User, gothUser *goth.
 	}
 
 	// update external user information
-	if gothUser != nil {
-		if err := externalaccount.EnsureLinkExternalToUser(ctx, u, *gothUser); err != nil {
+	if possibleLinkAccountData != nil {
+		if err := externalaccount.EnsureLinkExternalToUser(ctx, possibleLinkAccountData.AuthSource.ID, u, possibleLinkAccountData.GothUser); err != nil {
 			log.Error("EnsureLinkExternalToUser failed: %v", err)
 		}
 	}
diff --git a/routers/web/auth/linkaccount.go b/routers/web/auth/linkaccount.go
index b3c61946b9..cf1aa302c4 100644
--- a/routers/web/auth/linkaccount.go
+++ b/routers/web/auth/linkaccount.go
@@ -5,7 +5,6 @@ package auth
 
 import (
 	"errors"
-	"fmt"
 	"net/http"
 	"strings"
 
@@ -21,8 +20,6 @@ import (
 	"code.gitea.io/gitea/services/context"
 	"code.gitea.io/gitea/services/externalaccount"
 	"code.gitea.io/gitea/services/forms"
-
-	"github.com/markbates/goth"
 )
 
 var tplLinkAccount templates.TplName = "user/auth/link_account"
@@ -52,28 +49,28 @@ func LinkAccount(ctx *context.Context) {
 	ctx.Data["SignInLink"] = setting.AppSubURL + "/user/link_account_signin"
 	ctx.Data["SignUpLink"] = setting.AppSubURL + "/user/link_account_signup"
 
-	gothUser, ok := ctx.Session.Get("linkAccountGothUser").(goth.User)
+	linkAccountData := oauth2GetLinkAccountData(ctx)
 
 	// If you'd like to quickly debug the "link account" page layout, just uncomment the blow line
 	// Don't worry, when the below line exists, the lint won't pass: ineffectual assignment to gothUser (ineffassign)
-	// gothUser, ok = goth.User{Email: "invalid-email", Name: "."}, true // intentionally use invalid data to avoid pass the registration check
+	// linkAccountData = &LinkAccountData{authSource, gothUser} // intentionally use invalid data to avoid pass the registration check
 
-	if !ok {
+	if linkAccountData == nil {
 		// no account in session, so just redirect to the login page, then the user could restart the process
 		ctx.Redirect(setting.AppSubURL + "/user/login")
 		return
 	}
 
-	if missingFields, ok := gothUser.RawData["__giteaAutoRegMissingFields"].([]string); ok {
-		ctx.Data["AutoRegistrationFailedPrompt"] = ctx.Tr("auth.oauth_callback_unable_auto_reg", gothUser.Provider, strings.Join(missingFields, ","))
+	if missingFields, ok := linkAccountData.GothUser.RawData["__giteaAutoRegMissingFields"].([]string); ok {
+		ctx.Data["AutoRegistrationFailedPrompt"] = ctx.Tr("auth.oauth_callback_unable_auto_reg", linkAccountData.GothUser.Provider, strings.Join(missingFields, ","))
 	}
 
-	uname, err := extractUserNameFromOAuth2(&gothUser)
+	uname, err := extractUserNameFromOAuth2(&linkAccountData.GothUser)
 	if err != nil {
 		ctx.ServerError("UserSignIn", err)
 		return
 	}
-	email := gothUser.Email
+	email := linkAccountData.GothUser.Email
 	ctx.Data["user_name"] = uname
 	ctx.Data["email"] = email
 
@@ -152,8 +149,8 @@ func LinkAccountPostSignIn(ctx *context.Context) {
 	ctx.Data["SignInLink"] = setting.AppSubURL + "/user/link_account_signin"
 	ctx.Data["SignUpLink"] = setting.AppSubURL + "/user/link_account_signup"
 
-	gothUser := ctx.Session.Get("linkAccountGothUser")
-	if gothUser == nil {
+	linkAccountData := oauth2GetLinkAccountData(ctx)
+	if linkAccountData == nil {
 		ctx.ServerError("UserSignIn", errors.New("not in LinkAccount session"))
 		return
 	}
@@ -169,11 +166,14 @@ func LinkAccountPostSignIn(ctx *context.Context) {
 		return
 	}
 
-	linkAccount(ctx, u, gothUser.(goth.User), signInForm.Remember)
+	oauth2LinkAccount(ctx, u, linkAccountData, signInForm.Remember)
 }
 
-func linkAccount(ctx *context.Context, u *user_model.User, gothUser goth.User, remember bool) {
-	updateAvatarIfNeed(ctx, gothUser.AvatarURL, u)
+func oauth2LinkAccount(ctx *context.Context, u *user_model.User, linkAccountData *LinkAccountData, remember bool) {
+	oauth2SignInSync(ctx, &linkAccountData.AuthSource, u, linkAccountData.GothUser)
+	if ctx.Written() {
+		return
+	}
 
 	// If this user is enrolled in 2FA, we can't sign the user in just yet.
 	// Instead, redirect them to the 2FA authentication page.
@@ -185,7 +185,7 @@ func linkAccount(ctx *context.Context, u *user_model.User, gothUser goth.User, r
 			return
 		}
 
-		err = externalaccount.LinkAccountToUser(ctx, u, gothUser)
+		err = externalaccount.LinkAccountToUser(ctx, linkAccountData.AuthSource.ID, u, linkAccountData.GothUser)
 		if err != nil {
 			ctx.ServerError("UserLinkAccount", err)
 			return
@@ -243,17 +243,11 @@ func LinkAccountPostRegister(ctx *context.Context) {
 	ctx.Data["SignInLink"] = setting.AppSubURL + "/user/link_account_signin"
 	ctx.Data["SignUpLink"] = setting.AppSubURL + "/user/link_account_signup"
 
-	gothUserInterface := ctx.Session.Get("linkAccountGothUser")
-	if gothUserInterface == nil {
+	linkAccountData := oauth2GetLinkAccountData(ctx)
+	if linkAccountData == nil {
 		ctx.ServerError("UserSignUp", errors.New("not in LinkAccount session"))
 		return
 	}
-	gothUser, ok := gothUserInterface.(goth.User)
-	if !ok {
-		ctx.ServerError("UserSignUp", fmt.Errorf("session linkAccountGothUser type is %t but not goth.User", gothUserInterface))
-		return
-	}
-
 	if ctx.HasError() {
 		ctx.HTML(http.StatusOK, tplLinkAccount)
 		return
@@ -296,31 +290,33 @@ func LinkAccountPostRegister(ctx *context.Context) {
 		}
 	}
 
-	authSource, err := auth.GetActiveOAuth2SourceByName(ctx, gothUser.Provider)
-	if err != nil {
-		ctx.ServerError("CreateUser", err)
-		return
-	}
-
 	u := &user_model.User{
 		Name:        form.UserName,
 		Email:       form.Email,
 		Passwd:      form.Password,
 		LoginType:   auth.OAuth2,
-		LoginSource: authSource.ID,
-		LoginName:   gothUser.UserID,
+		LoginSource: linkAccountData.AuthSource.ID,
+		LoginName:   linkAccountData.GothUser.UserID,
 	}
 
-	if !createAndHandleCreatedUser(ctx, tplLinkAccount, form, u, nil, &gothUser, false) {
+	if !createAndHandleCreatedUser(ctx, tplLinkAccount, form, u, nil, linkAccountData) {
 		// error already handled
 		return
 	}
 
-	source := authSource.Cfg.(*oauth2.Source)
-	if err := syncGroupsToTeams(ctx, source, &gothUser, u); err != nil {
+	source := linkAccountData.AuthSource.Cfg.(*oauth2.Source)
+	if err := syncGroupsToTeams(ctx, source, &linkAccountData.GothUser, u); err != nil {
 		ctx.ServerError("SyncGroupsToTeams", err)
 		return
 	}
 
 	handleSignIn(ctx, u, false)
 }
+
+func linkAccountFromContext(ctx *context.Context, user *user_model.User) error {
+	linkAccountData := oauth2GetLinkAccountData(ctx)
+	if linkAccountData == nil {
+		return errors.New("not in LinkAccount session")
+	}
+	return externalaccount.LinkAccountToUser(ctx, linkAccountData.AuthSource.ID, user, linkAccountData.GothUser)
+}
diff --git a/routers/web/auth/oauth.go b/routers/web/auth/oauth.go
index a13b987aab..3df2734bb6 100644
--- a/routers/web/auth/oauth.go
+++ b/routers/web/auth/oauth.go
@@ -20,7 +20,6 @@ import (
 	"code.gitea.io/gitea/modules/optional"
 	"code.gitea.io/gitea/modules/session"
 	"code.gitea.io/gitea/modules/setting"
-	"code.gitea.io/gitea/modules/templates"
 	"code.gitea.io/gitea/modules/web/middleware"
 	source_service "code.gitea.io/gitea/services/auth/source"
 	"code.gitea.io/gitea/services/auth/source/oauth2"
@@ -35,9 +34,8 @@ import (
 
 // SignInOAuth handles the OAuth2 login buttons
 func SignInOAuth(ctx *context.Context) {
-	provider := ctx.PathParam("provider")
-
-	authSource, err := auth.GetActiveOAuth2SourceByName(ctx, provider)
+	authName := ctx.PathParam("provider")
+	authSource, err := auth.GetActiveOAuth2SourceByAuthName(ctx, authName)
 	if err != nil {
 		ctx.ServerError("SignIn", err)
 		return
@@ -74,8 +72,6 @@ func SignInOAuth(ctx *context.Context) {
 
 // SignInOAuthCallback handles the callback from the given provider
 func SignInOAuthCallback(ctx *context.Context) {
-	provider := ctx.PathParam("provider")
-
 	if ctx.Req.FormValue("error") != "" {
 		var errorKeyValues []string
 		for k, vv := range ctx.Req.Form {
@@ -88,7 +84,8 @@ func SignInOAuthCallback(ctx *context.Context) {
 	}
 
 	// first look if the provider is still active
-	authSource, err := auth.GetActiveOAuth2SourceByName(ctx, provider)
+	authName := ctx.PathParam("provider")
+	authSource, err := auth.GetActiveOAuth2SourceByAuthName(ctx, authName)
 	if err != nil {
 		ctx.ServerError("SignIn", err)
 		return
@@ -133,7 +130,7 @@ func SignInOAuthCallback(ctx *context.Context) {
 	if u == nil {
 		if ctx.Doer != nil {
 			// attach user to the current signed-in user
-			err = externalaccount.LinkAccountToUser(ctx, ctx.Doer, gothUser)
+			err = externalaccount.LinkAccountToUser(ctx, authSource.ID, ctx.Doer, gothUser)
 			if err != nil {
 				ctx.ServerError("UserLinkAccount", err)
 				return
@@ -174,12 +171,11 @@ func SignInOAuthCallback(ctx *context.Context) {
 					gothUser.RawData = make(map[string]any)
 				}
 				gothUser.RawData["__giteaAutoRegMissingFields"] = missingFields
-				showLinkingLogin(ctx, gothUser)
+				showLinkingLogin(ctx, authSource, gothUser)
 				return
 			}
 			u = &user_model.User{
 				Name:        uname,
-				FullName:    gothUser.Name,
 				Email:       gothUser.Email,
 				LoginType:   auth.OAuth2,
 				LoginSource: authSource.ID,
@@ -196,7 +192,11 @@ func SignInOAuthCallback(ctx *context.Context) {
 			u.IsAdmin = isAdmin.ValueOrDefault(user_service.UpdateOptionField[bool]{FieldValue: false}).FieldValue
 			u.IsRestricted = isRestricted.ValueOrDefault(setting.Service.DefaultUserIsRestricted)
 
-			if !createAndHandleCreatedUser(ctx, templates.TplName(""), nil, u, overwriteDefault, &gothUser, setting.OAuth2Client.AccountLinking != setting.OAuth2AccountLinkingDisabled) {
+			linkAccountData := &LinkAccountData{*authSource, gothUser}
+			if setting.OAuth2Client.AccountLinking == setting.OAuth2AccountLinkingDisabled {
+				linkAccountData = nil
+			}
+			if !createAndHandleCreatedUser(ctx, "", nil, u, overwriteDefault, linkAccountData) {
 				// error already handled
 				return
 			}
@@ -207,7 +207,7 @@ func SignInOAuthCallback(ctx *context.Context) {
 			}
 		} else {
 			// no existing user is found, request attach or new account
-			showLinkingLogin(ctx, gothUser)
+			showLinkingLogin(ctx, authSource, gothUser)
 			return
 		}
 	}
@@ -271,9 +271,22 @@ func getUserAdminAndRestrictedFromGroupClaims(source *oauth2.Source, gothUser *g
 	return isAdmin, isRestricted
 }
 
-func showLinkingLogin(ctx *context.Context, gothUser goth.User) {
+type LinkAccountData struct {
+	AuthSource auth.Source
+	GothUser   goth.User
+}
+
+func oauth2GetLinkAccountData(ctx *context.Context) *LinkAccountData {
+	v, ok := ctx.Session.Get("linkAccountData").(LinkAccountData)
+	if !ok {
+		return nil
+	}
+	return &v
+}
+
+func showLinkingLogin(ctx *context.Context, authSource *auth.Source, gothUser goth.User) {
 	if err := updateSession(ctx, nil, map[string]any{
-		"linkAccountGothUser": gothUser,
+		"linkAccountData": LinkAccountData{*authSource, gothUser},
 	}); err != nil {
 		ctx.ServerError("updateSession", err)
 		return
@@ -281,7 +294,7 @@ func showLinkingLogin(ctx *context.Context, gothUser goth.User) {
 	ctx.Redirect(setting.AppSubURL + "/user/link_account")
 }
 
-func updateAvatarIfNeed(ctx *context.Context, url string, u *user_model.User) {
+func oauth2UpdateAvatarIfNeed(ctx *context.Context, url string, u *user_model.User) {
 	if setting.OAuth2Client.UpdateAvatar && len(url) > 0 {
 		resp, err := http.Get(url)
 		if err == nil {
@@ -299,11 +312,14 @@ func updateAvatarIfNeed(ctx *context.Context, url string, u *user_model.User) {
 	}
 }
 
-func handleOAuth2SignIn(ctx *context.Context, source *auth.Source, u *user_model.User, gothUser goth.User) {
-	updateAvatarIfNeed(ctx, gothUser.AvatarURL, u)
+func handleOAuth2SignIn(ctx *context.Context, authSource *auth.Source, u *user_model.User, gothUser goth.User) {
+	oauth2SignInSync(ctx, authSource, u, gothUser)
+	if ctx.Written() {
+		return
+	}
 
 	needs2FA := false
-	if !source.TwoFactorShouldSkip() {
+	if !authSource.TwoFactorShouldSkip() {
 		_, err := auth.GetTwoFactorByUID(ctx, u.ID)
 		if err != nil && !auth.IsErrTwoFactorNotEnrolled(err) {
 			ctx.ServerError("UserSignIn", err)
@@ -312,7 +328,7 @@ func handleOAuth2SignIn(ctx *context.Context, source *auth.Source, u *user_model
 		needs2FA = err == nil
 	}
 
-	oauth2Source := source.Cfg.(*oauth2.Source)
+	oauth2Source := authSource.Cfg.(*oauth2.Source)
 	groupTeamMapping, err := auth_module.UnmarshalGroupTeamMapping(oauth2Source.GroupTeamMap)
 	if err != nil {
 		ctx.ServerError("UnmarshalGroupTeamMapping", err)
@@ -338,7 +354,7 @@ func handleOAuth2SignIn(ctx *context.Context, source *auth.Source, u *user_model
 		}
 	}
 
-	if err := externalaccount.EnsureLinkExternalToUser(ctx, u, gothUser); err != nil {
+	if err := externalaccount.EnsureLinkExternalToUser(ctx, authSource.ID, u, gothUser); err != nil {
 		ctx.ServerError("EnsureLinkExternalToUser", err)
 		return
 	}
diff --git a/routers/web/auth/oauth_signin_sync.go b/routers/web/auth/oauth_signin_sync.go
new file mode 100644
index 0000000000..787ea9223c
--- /dev/null
+++ b/routers/web/auth/oauth_signin_sync.go
@@ -0,0 +1,88 @@
+// Copyright 2025 The Gitea Authors. All rights reserved.
+// SPDX-License-Identifier: MIT
+
+package auth
+
+import (
+	"fmt"
+
+	asymkey_model "code.gitea.io/gitea/models/asymkey"
+	"code.gitea.io/gitea/models/auth"
+	user_model "code.gitea.io/gitea/models/user"
+	"code.gitea.io/gitea/modules/log"
+	"code.gitea.io/gitea/modules/util"
+	asymkey_service "code.gitea.io/gitea/services/asymkey"
+	"code.gitea.io/gitea/services/auth/source/oauth2"
+	"code.gitea.io/gitea/services/context"
+
+	"github.com/markbates/goth"
+)
+
+func oauth2SignInSync(ctx *context.Context, authSource *auth.Source, u *user_model.User, gothUser goth.User) {
+	oauth2UpdateAvatarIfNeed(ctx, gothUser.AvatarURL, u)
+
+	oauth2Source, _ := authSource.Cfg.(*oauth2.Source)
+	if !authSource.IsOAuth2() || oauth2Source == nil {
+		ctx.ServerError("oauth2SignInSync", fmt.Errorf("source %s is not an OAuth2 source", gothUser.Provider))
+		return
+	}
+
+	// sync full name
+	fullNameKey := util.IfZero(oauth2Source.FullNameClaimName, "name")
+	fullName, _ := gothUser.RawData[fullNameKey].(string)
+	fullName = util.IfZero(fullName, gothUser.Name)
+
+	// need to update if the user has no full name set
+	shouldUpdateFullName := u.FullName == ""
+	// force to update if the attribute is set
+	shouldUpdateFullName = shouldUpdateFullName || oauth2Source.FullNameClaimName != ""
+	// only update if the full name is different
+	shouldUpdateFullName = shouldUpdateFullName && u.FullName != fullName
+	if shouldUpdateFullName {
+		u.FullName = fullName
+		if err := user_model.UpdateUserCols(ctx, u, "full_name"); err != nil {
+			log.Error("Unable to sync OAuth2 user full name %s: %v", gothUser.Provider, err)
+		}
+	}
+
+	err := oauth2UpdateSSHPubIfNeed(ctx, authSource, &gothUser, u)
+	if err != nil {
+		log.Error("Unable to sync OAuth2 SSH public key %s: %v", gothUser.Provider, err)
+	}
+}
+
+func oauth2SyncGetSSHKeys(source *oauth2.Source, gothUser *goth.User) ([]string, error) {
+	value, exists := gothUser.RawData[source.SSHPublicKeyClaimName]
+	if !exists {
+		return []string{}, nil
+	}
+	rawSlice, ok := value.([]any)
+	if !ok {
+		return nil, fmt.Errorf("invalid SSH public key value type: %T", value)
+	}
+
+	sshKeys := make([]string, 0, len(rawSlice))
+	for _, v := range rawSlice {
+		str, ok := v.(string)
+		if !ok {
+			return nil, fmt.Errorf("invalid SSH public key value item type: %T", v)
+		}
+		sshKeys = append(sshKeys, str)
+	}
+	return sshKeys, nil
+}
+
+func oauth2UpdateSSHPubIfNeed(ctx *context.Context, authSource *auth.Source, gothUser *goth.User, user *user_model.User) error {
+	oauth2Source, _ := authSource.Cfg.(*oauth2.Source)
+	if oauth2Source == nil || oauth2Source.SSHPublicKeyClaimName == "" {
+		return nil
+	}
+	sshKeys, err := oauth2SyncGetSSHKeys(oauth2Source, gothUser)
+	if err != nil {
+		return err
+	}
+	if !asymkey_model.SynchronizePublicKeys(ctx, user, authSource, sshKeys) {
+		return nil
+	}
+	return asymkey_service.RewriteAllPublicKeys(ctx)
+}
diff --git a/routers/web/auth/openid.go b/routers/web/auth/openid.go
index 2ef4a86022..4ef4c96ccc 100644
--- a/routers/web/auth/openid.go
+++ b/routers/web/auth/openid.go
@@ -361,7 +361,7 @@ func RegisterOpenIDPost(ctx *context.Context) {
 		Email:  form.Email,
 		Passwd: password,
 	}
-	if !createUserInContext(ctx, tplSignUpOID, form, u, nil, nil, false) {
+	if !createUserInContext(ctx, tplSignUpOID, form, u, nil, nil) {
 		// error already handled
 		return
 	}
diff --git a/routers/web/auth/webauthn.go b/routers/web/auth/webauthn.go
index 78f6c3b58e..dacb6be225 100644
--- a/routers/web/auth/webauthn.go
+++ b/routers/web/auth/webauthn.go
@@ -15,7 +15,6 @@ import (
 	"code.gitea.io/gitea/modules/setting"
 	"code.gitea.io/gitea/modules/templates"
 	"code.gitea.io/gitea/services/context"
-	"code.gitea.io/gitea/services/externalaccount"
 
 	"github.com/go-webauthn/webauthn/protocol"
 	"github.com/go-webauthn/webauthn/webauthn"
@@ -150,7 +149,7 @@ func WebAuthnPasskeyLogin(ctx *context.Context) {
 
 	// Now handle account linking if that's requested
 	if ctx.Session.Get("linkAccount") != nil {
-		if err := externalaccount.LinkAccountFromStore(ctx, ctx.Session, user); err != nil {
+		if err := linkAccountFromContext(ctx, user); err != nil {
 			ctx.ServerError("LinkAccountFromStore", err)
 			return
 		}
@@ -268,7 +267,7 @@ func WebAuthnLoginAssertionPost(ctx *context.Context) {
 
 	// Now handle account linking if that's requested
 	if ctx.Session.Get("linkAccount") != nil {
-		if err := externalaccount.LinkAccountFromStore(ctx, ctx.Session, user); err != nil {
+		if err := linkAccountFromContext(ctx, user); err != nil {
 			ctx.ServerError("LinkAccountFromStore", err)
 			return
 		}
diff --git a/routers/web/repo/common_recentbranches.go b/routers/web/repo/common_recentbranches.go
new file mode 100644
index 0000000000..c2083dec73
--- /dev/null
+++ b/routers/web/repo/common_recentbranches.go
@@ -0,0 +1,73 @@
+// Copyright 2025 The Gitea Authors. All rights reserved.
+// SPDX-License-Identifier: MIT
+
+package repo
+
+import (
+	git_model "code.gitea.io/gitea/models/git"
+	access_model "code.gitea.io/gitea/models/perm/access"
+	unit_model "code.gitea.io/gitea/models/unit"
+	"code.gitea.io/gitea/modules/log"
+	"code.gitea.io/gitea/services/context"
+	repo_service "code.gitea.io/gitea/services/repository"
+)
+
+type RecentBranchesPromptDataStruct struct {
+	RecentlyPushedNewBranches []*git_model.RecentlyPushedNewBranch
+}
+
+func prepareRecentlyPushedNewBranches(ctx *context.Context) {
+	if ctx.Doer == nil {
+		return
+	}
+	if err := ctx.Repo.Repository.GetBaseRepo(ctx); err != nil {
+		log.Error("GetBaseRepo: %v", err)
+		return
+	}
+
+	opts := git_model.FindRecentlyPushedNewBranchesOptions{
+		Repo:     ctx.Repo.Repository,
+		BaseRepo: ctx.Repo.Repository,
+	}
+	if ctx.Repo.Repository.IsFork {
+		opts.BaseRepo = ctx.Repo.Repository.BaseRepo
+	}
+
+	baseRepoPerm, err := access_model.GetUserRepoPermission(ctx, opts.BaseRepo, ctx.Doer)
+	if err != nil {
+		log.Error("GetUserRepoPermission: %v", err)
+		return
+	}
+	if !opts.Repo.CanContentChange() || !opts.BaseRepo.CanContentChange() {
+		return
+	}
+	if !opts.BaseRepo.UnitEnabled(ctx, unit_model.TypePullRequests) || !baseRepoPerm.CanRead(unit_model.TypePullRequests) {
+		return
+	}
+
+	var finalBranches []*git_model.RecentlyPushedNewBranch
+	branches, err := git_model.FindRecentlyPushedNewBranches(ctx, ctx.Doer, opts)
+	if err != nil {
+		log.Error("FindRecentlyPushedNewBranches failed: %v", err)
+		return
+	}
+
+	for _, branch := range branches {
+		divergingInfo, err := repo_service.GetBranchDivergingInfo(ctx,
+			branch.BranchRepo, branch.BranchName, // "base" repo for diverging info
+			opts.BaseRepo, opts.BaseRepo.DefaultBranch, // "head" repo for diverging info
+		)
+		if err != nil {
+			log.Error("GetBranchDivergingInfo failed: %v", err)
+			continue
+		}
+		branchRepoHasNewCommits := divergingInfo.BaseHasNewCommits
+		baseRepoCommitsBehind := divergingInfo.HeadCommitsBehind
+		if branchRepoHasNewCommits || baseRepoCommitsBehind > 0 {
+			finalBranches = append(finalBranches, branch)
+		}
+	}
+	if len(finalBranches) > 0 {
+		ctx.Data["RecentBranchesPromptData"] = RecentBranchesPromptDataStruct{finalBranches}
+	}
+}
diff --git a/routers/web/repo/issue_list.go b/routers/web/repo/issue_list.go
index b55f4bcc90..fd34422cfc 100644
--- a/routers/web/repo/issue_list.go
+++ b/routers/web/repo/issue_list.go
@@ -767,6 +767,10 @@ func Issues(ctx *context.Context) {
 		}
 		ctx.Data["Title"] = ctx.Tr("repo.pulls")
 		ctx.Data["PageIsPullList"] = true
+		prepareRecentlyPushedNewBranches(ctx)
+		if ctx.Written() {
+			return
+		}
 	} else {
 		MustEnableIssues(ctx)
 		if ctx.Written() {
diff --git a/routers/web/repo/view_home.go b/routers/web/repo/view_home.go
index c7396d44e3..5482780c98 100644
--- a/routers/web/repo/view_home.go
+++ b/routers/web/repo/view_home.go
@@ -15,7 +15,6 @@ import (
 
 	"code.gitea.io/gitea/models/db"
 	git_model "code.gitea.io/gitea/models/git"
-	access_model "code.gitea.io/gitea/models/perm/access"
 	repo_model "code.gitea.io/gitea/models/repo"
 	unit_model "code.gitea.io/gitea/models/unit"
 	user_model "code.gitea.io/gitea/models/user"
@@ -196,56 +195,6 @@ func prepareUpstreamDivergingInfo(ctx *context.Context) {
 	ctx.Data["UpstreamDivergingInfo"] = upstreamDivergingInfo
 }
 
-func prepareRecentlyPushedNewBranches(ctx *context.Context) {
-	if ctx.Doer != nil {
-		if err := ctx.Repo.Repository.GetBaseRepo(ctx); err != nil {
-			ctx.ServerError("GetBaseRepo", err)
-			return
-		}
-
-		opts := &git_model.FindRecentlyPushedNewBranchesOptions{
-			Repo:     ctx.Repo.Repository,
-			BaseRepo: ctx.Repo.Repository,
-		}
-		if ctx.Repo.Repository.IsFork {
-			opts.BaseRepo = ctx.Repo.Repository.BaseRepo
-		}
-
-		baseRepoPerm, err := access_model.GetUserRepoPermission(ctx, opts.BaseRepo, ctx.Doer)
-		if err != nil {
-			ctx.ServerError("GetUserRepoPermission", err)
-			return
-		}
-
-		if !opts.Repo.IsMirror && !opts.BaseRepo.IsMirror &&
-			opts.BaseRepo.UnitEnabled(ctx, unit_model.TypePullRequests) &&
-			baseRepoPerm.CanRead(unit_model.TypePullRequests) {
-			var finalBranches []*git_model.RecentlyPushedNewBranch
-			branches, err := git_model.FindRecentlyPushedNewBranches(ctx, ctx.Doer, opts)
-			if err != nil {
-				log.Error("FindRecentlyPushedNewBranches failed: %v", err)
-			}
-
-			for _, branch := range branches {
-				divergingInfo, err := repo_service.GetBranchDivergingInfo(ctx,
-					branch.BranchRepo, branch.BranchName, // "base" repo for diverging info
-					opts.BaseRepo, opts.BaseRepo.DefaultBranch, // "head" repo for diverging info
-				)
-				if err != nil {
-					log.Error("GetBranchDivergingInfo failed: %v", err)
-					continue
-				}
-				branchRepoHasNewCommits := divergingInfo.BaseHasNewCommits
-				baseRepoCommitsBehind := divergingInfo.HeadCommitsBehind
-				if branchRepoHasNewCommits || baseRepoCommitsBehind > 0 {
-					finalBranches = append(finalBranches, branch)
-				}
-			}
-			ctx.Data["RecentlyPushedNewBranches"] = finalBranches
-		}
-	}
-}
-
 func updateContextRepoEmptyAndStatus(ctx *context.Context, empty bool, status repo_model.RepositoryStatus) {
 	if ctx.Repo.Repository.IsEmpty == empty && ctx.Repo.Repository.Status == status {
 		return
diff --git a/routers/web/user/notification.go b/routers/web/user/notification.go
index 610a9b8076..aaf9d435c0 100644
--- a/routers/web/user/notification.go
+++ b/routers/web/user/notification.go
@@ -4,10 +4,8 @@
 package user
 
 import (
-	"errors"
 	"fmt"
 	"net/http"
-	"net/url"
 	"strings"
 
 	activities_model "code.gitea.io/gitea/models/activities"
@@ -34,58 +32,42 @@ const (
 	tplNotificationSubscriptions templates.TplName = "user/notification/notification_subscriptions"
 )
 
-// Notifications is the notifications page
+// Notifications is the notification list page
 func Notifications(ctx *context.Context) {
-	getNotifications(ctx)
+	prepareUserNotificationsData(ctx)
 	if ctx.Written() {
 		return
 	}
 	if ctx.FormBool("div-only") {
-		ctx.Data["SequenceNumber"] = ctx.FormString("sequence-number")
 		ctx.HTML(http.StatusOK, tplNotificationDiv)
 		return
 	}
 	ctx.HTML(http.StatusOK, tplNotification)
 }
 
-func getNotifications(ctx *context.Context) {
-	var (
-		keyword = ctx.FormTrim("q")
-		status  activities_model.NotificationStatus
-		page    = ctx.FormInt("page")
-		perPage = ctx.FormInt("perPage")
-	)
-	if page < 1 {
-		page = 1
-	}
-	if perPage < 1 {
-		perPage = 20
-	}
-
-	switch keyword {
-	case "read":
-		status = activities_model.NotificationStatusRead
-	default:
-		status = activities_model.NotificationStatusUnread
-	}
+func prepareUserNotificationsData(ctx *context.Context) {
+	pageType := ctx.FormString("type", ctx.FormString("q")) // "q" is the legacy query parameter for "page type"
+	page := max(1, ctx.FormInt("page"))
+	perPage := util.IfZero(ctx.FormInt("perPage"), 20) // this value is never used or exposed ....
+	queryStatus := util.Iif(pageType == "read", activities_model.NotificationStatusRead, activities_model.NotificationStatusUnread)
 
 	total, err := db.Count[activities_model.Notification](ctx, activities_model.FindNotificationOptions{
 		UserID: ctx.Doer.ID,
-		Status: []activities_model.NotificationStatus{status},
+		Status: []activities_model.NotificationStatus{queryStatus},
 	})
 	if err != nil {
 		ctx.ServerError("ErrGetNotificationCount", err)
 		return
 	}
 
-	// redirect to last page if request page is more than total pages
 	pager := context.NewPagination(int(total), perPage, page, 5)
 	if pager.Paginater.Current() < page {
-		ctx.Redirect(fmt.Sprintf("%s/notifications?q=%s&page=%d", setting.AppSubURL, url.QueryEscape(ctx.FormString("q")), pager.Paginater.Current()))
-		return
+		// use the last page if the requested page is more than total pages
+		page = pager.Paginater.Current()
+		pager = context.NewPagination(int(total), perPage, page, 5)
 	}
 
-	statuses := []activities_model.NotificationStatus{status, activities_model.NotificationStatusPinned}
+	statuses := []activities_model.NotificationStatus{queryStatus, activities_model.NotificationStatusPinned}
 	nls, err := db.Find[activities_model.Notification](ctx, activities_model.FindNotificationOptions{
 		ListOptions: db.ListOptions{
 			PageSize: perPage,
@@ -142,51 +124,37 @@ func getNotifications(ctx *context.Context) {
 	}
 
 	ctx.Data["Title"] = ctx.Tr("notifications")
-	ctx.Data["Keyword"] = keyword
-	ctx.Data["Status"] = status
+	ctx.Data["PageType"] = pageType
 	ctx.Data["Notifications"] = notifications
-
+	ctx.Data["Link"] = setting.AppSubURL + "/notifications"
+	ctx.Data["SequenceNumber"] = ctx.FormString("sequence-number")
 	pager.AddParamFromRequest(ctx.Req)
 	ctx.Data["Page"] = pager
 }
 
 // NotificationStatusPost is a route for changing the status of a notification
 func NotificationStatusPost(ctx *context.Context) {
-	var (
-		notificationID = ctx.FormInt64("notification_id")
-		statusStr      = ctx.FormString("status")
-		status         activities_model.NotificationStatus
-	)
-
-	switch statusStr {
-	case "read":
-		status = activities_model.NotificationStatusRead
-	case "unread":
-		status = activities_model.NotificationStatusUnread
-	case "pinned":
-		status = activities_model.NotificationStatusPinned
+	notificationID := ctx.FormInt64("notification_id")
+	var newStatus activities_model.NotificationStatus
+	switch ctx.FormString("notification_action") {
+	case "mark_as_read":
+		newStatus = activities_model.NotificationStatusRead
+	case "mark_as_unread":
+		newStatus = activities_model.NotificationStatusUnread
+	case "pin":
+		newStatus = activities_model.NotificationStatusPinned
 	default:
-		ctx.ServerError("InvalidNotificationStatus", errors.New("Invalid notification status"))
-		return
+		return // ignore user's invalid input
 	}
-
-	if _, err := activities_model.SetNotificationStatus(ctx, notificationID, ctx.Doer, status); err != nil {
+	if _, err := activities_model.SetNotificationStatus(ctx, notificationID, ctx.Doer, newStatus); err != nil {
 		ctx.ServerError("SetNotificationStatus", err)
 		return
 	}
 
-	if !ctx.FormBool("noredirect") {
-		url := fmt.Sprintf("%s/notifications?page=%s", setting.AppSubURL, url.QueryEscape(ctx.FormString("page")))
-		ctx.Redirect(url, http.StatusSeeOther)
-	}
-
-	getNotifications(ctx)
+	prepareUserNotificationsData(ctx)
 	if ctx.Written() {
 		return
 	}
-	ctx.Data["Link"] = setting.AppSubURL + "/notifications"
-	ctx.Data["SequenceNumber"] = ctx.Req.PostFormValue("sequence-number")
-
 	ctx.HTML(http.StatusOK, tplNotificationDiv)
 }
 
diff --git a/routers/web/user/setting/account.go b/routers/web/user/setting/account.go
index b124d5e1de..6b17da50e5 100644
--- a/routers/web/user/setting/account.go
+++ b/routers/web/user/setting/account.go
@@ -35,7 +35,7 @@ const (
 
 // Account renders change user's password, user's email and user suicide page
 func Account(ctx *context.Context) {
-	if user_model.IsFeatureDisabledWithLoginType(ctx.Doer, setting.UserFeatureManageCredentials, setting.UserFeatureDeletion) && !setting.Service.EnableNotifyMail {
+	if user_model.IsFeatureDisabledWithLoginType(ctx.Doer, setting.UserFeatureManageCredentials, setting.UserFeatureDeletion) {
 		ctx.NotFound(errors.New("account setting are not allowed to be changed"))
 		return
 	}
@@ -43,7 +43,6 @@ func Account(ctx *context.Context) {
 	ctx.Data["Title"] = ctx.Tr("settings.account")
 	ctx.Data["PageIsSettingsAccount"] = true
 	ctx.Data["Email"] = ctx.Doer.Email
-	ctx.Data["EnableNotifyMail"] = setting.Service.EnableNotifyMail
 
 	loadAccountData(ctx)
 
@@ -61,7 +60,6 @@ func AccountPost(ctx *context.Context) {
 	ctx.Data["Title"] = ctx.Tr("settings")
 	ctx.Data["PageIsSettingsAccount"] = true
 	ctx.Data["Email"] = ctx.Doer.Email
-	ctx.Data["EnableNotifyMail"] = setting.Service.EnableNotifyMail
 
 	if ctx.HasError() {
 		loadAccountData(ctx)
@@ -112,7 +110,6 @@ func EmailPost(ctx *context.Context) {
 	ctx.Data["Title"] = ctx.Tr("settings")
 	ctx.Data["PageIsSettingsAccount"] = true
 	ctx.Data["Email"] = ctx.Doer.Email
-	ctx.Data["EnableNotifyMail"] = setting.Service.EnableNotifyMail
 
 	// Make email address primary.
 	if ctx.FormString("_method") == "PRIMARY" {
@@ -172,30 +169,6 @@ func EmailPost(ctx *context.Context) {
 		ctx.Redirect(setting.AppSubURL + "/user/settings/account")
 		return
 	}
-	// Set Email Notification Preference
-	if ctx.FormString("_method") == "NOTIFICATION" {
-		preference := ctx.FormString("preference")
-		if !(preference == user_model.EmailNotificationsEnabled ||
-			preference == user_model.EmailNotificationsOnMention ||
-			preference == user_model.EmailNotificationsDisabled ||
-			preference == user_model.EmailNotificationsAndYourOwn) {
-			log.Error("Email notifications preference change returned unrecognized option %s: %s", preference, ctx.Doer.Name)
-			ctx.ServerError("SetEmailPreference", errors.New("option unrecognized"))
-			return
-		}
-		opts := &user.UpdateOptions{
-			EmailNotificationsPreference: optional.Some(preference),
-		}
-		if err := user.UpdateUser(ctx, ctx.Doer, opts); err != nil {
-			log.Error("Set Email Notifications failed: %v", err)
-			ctx.ServerError("UpdateUser", err)
-			return
-		}
-		log.Trace("Email notifications preference made %s: %s", preference, ctx.Doer.Name)
-		ctx.Flash.Success(ctx.Tr("settings.email_preference_set_success"))
-		ctx.Redirect(setting.AppSubURL + "/user/settings/account")
-		return
-	}
 
 	if ctx.HasError() {
 		loadAccountData(ctx)
@@ -267,7 +240,6 @@ func DeleteAccount(ctx *context.Context) {
 	ctx.Data["Title"] = ctx.Tr("settings")
 	ctx.Data["PageIsSettingsAccount"] = true
 	ctx.Data["Email"] = ctx.Doer.Email
-	ctx.Data["EnableNotifyMail"] = setting.Service.EnableNotifyMail
 
 	if _, _, err := auth.UserSignIn(ctx, ctx.Doer.Name, ctx.FormString("password")); err != nil {
 		switch {
@@ -342,7 +314,6 @@ func loadAccountData(ctx *context.Context) {
 		emails[i] = &email
 	}
 	ctx.Data["Emails"] = emails
-	ctx.Data["EmailNotificationsPreference"] = ctx.Doer.EmailNotificationsPreference
 	ctx.Data["ActivationsPending"] = pendingActivation
 	ctx.Data["CanAddEmails"] = !pendingActivation || !setting.Service.RegisterEmailConfirm
 	ctx.Data["UserDisabledFeatures"] = user_model.DisabledFeaturesWithLoginType(ctx.Doer)
diff --git a/routers/web/user/setting/notifications.go b/routers/web/user/setting/notifications.go
new file mode 100644
index 0000000000..16e58a0481
--- /dev/null
+++ b/routers/web/user/setting/notifications.go
@@ -0,0 +1,62 @@
+// Copyright 2025 The Gitea Authors. All rights reserved.
+// SPDX-License-Identifier: MIT
+
+package setting
+
+import (
+	"errors"
+	"net/http"
+
+	user_model "code.gitea.io/gitea/models/user"
+	"code.gitea.io/gitea/modules/log"
+	"code.gitea.io/gitea/modules/optional"
+	"code.gitea.io/gitea/modules/setting"
+	"code.gitea.io/gitea/modules/templates"
+	"code.gitea.io/gitea/services/context"
+	"code.gitea.io/gitea/services/user"
+)
+
+const tplSettingsNotifications templates.TplName = "user/settings/notifications"
+
+// Notifications render user's notifications settings
+func Notifications(ctx *context.Context) {
+	if !setting.Service.EnableNotifyMail {
+		ctx.NotFound(nil)
+		return
+	}
+
+	ctx.Data["Title"] = ctx.Tr("notifications")
+	ctx.Data["PageIsSettingsNotifications"] = true
+	ctx.Data["EmailNotificationsPreference"] = ctx.Doer.EmailNotificationsPreference
+
+	ctx.HTML(http.StatusOK, tplSettingsNotifications)
+}
+
+// NotificationsEmailPost set user's email notification preference
+func NotificationsEmailPost(ctx *context.Context) {
+	if !setting.Service.EnableNotifyMail {
+		ctx.NotFound(nil)
+		return
+	}
+
+	preference := ctx.FormString("preference")
+	if !(preference == user_model.EmailNotificationsEnabled ||
+		preference == user_model.EmailNotificationsOnMention ||
+		preference == user_model.EmailNotificationsDisabled ||
+		preference == user_model.EmailNotificationsAndYourOwn) {
+		log.Error("Email notifications preference change returned unrecognized option %s: %s", preference, ctx.Doer.Name)
+		ctx.ServerError("SetEmailPreference", errors.New("option unrecognized"))
+		return
+	}
+	opts := &user.UpdateOptions{
+		EmailNotificationsPreference: optional.Some(preference),
+	}
+	if err := user.UpdateUser(ctx, ctx.Doer, opts); err != nil {
+		log.Error("Set Email Notifications failed: %v", err)
+		ctx.ServerError("UpdateUser", err)
+		return
+	}
+	log.Trace("Email notifications preference made %s: %s", preference, ctx.Doer.Name)
+	ctx.Flash.Success(ctx.Tr("settings.email_preference_set_success"))
+	ctx.Redirect(setting.AppSubURL + "/user/settings/notifications")
+}
diff --git a/routers/web/web.go b/routers/web/web.go
index ddea468d17..b9c7013f63 100644
--- a/routers/web/web.go
+++ b/routers/web/web.go
@@ -595,6 +595,10 @@ func registerWebRoutes(m *web.Router) {
 			m.Post("/hidden_comments", user_setting.UpdateUserHiddenComments)
 			m.Post("/theme", web.Bind(forms.UpdateThemeForm{}), user_setting.UpdateUIThemePost)
 		})
+		m.Group("/notifications", func() {
+			m.Get("", user_setting.Notifications)
+			m.Post("/email", user_setting.NotificationsEmailPost)
+		})
 		m.Group("/security", func() {
 			m.Get("", security.Security)
 			m.Group("/two_factor", func() {
@@ -682,7 +686,7 @@ func registerWebRoutes(m *web.Router) {
 			m.Get("", user_setting.BlockedUsers)
 			m.Post("", web.Bind(forms.BlockUserForm{}), user_setting.BlockedUsersPost)
 		})
-	}, reqSignIn, ctxDataSet("PageIsUserSettings", true, "EnablePackages", setting.Packages.Enabled))
+	}, reqSignIn, ctxDataSet("PageIsUserSettings", true, "EnablePackages", setting.Packages.Enabled, "EnableNotifyMail", setting.Service.EnableNotifyMail))
 
 	m.Group("/user", func() {
 		m.Get("/activate", auth.Activate)
diff --git a/services/agit/agit.go b/services/agit/agit.go
index b27dfc8ecd..0ea8bbfa5d 100644
--- a/services/agit/agit.go
+++ b/services/agit/agit.go
@@ -5,6 +5,7 @@ package agit
 
 import (
 	"context"
+	"encoding/base64"
 	"fmt"
 	"os"
 	"strings"
@@ -18,17 +19,30 @@ import (
 	"code.gitea.io/gitea/modules/log"
 	"code.gitea.io/gitea/modules/private"
 	"code.gitea.io/gitea/modules/setting"
+	"code.gitea.io/gitea/modules/util"
 	notify_service "code.gitea.io/gitea/services/notify"
 	pull_service "code.gitea.io/gitea/services/pull"
 )
 
+func parseAgitPushOptionValue(s string) string {
+	if base64Value, ok := strings.CutPrefix(s, "{base64}"); ok {
+		decoded, err := base64.StdEncoding.DecodeString(base64Value)
+		return util.Iif(err == nil, string(decoded), s)
+	}
+	return s
+}
+
 // ProcReceive handle proc receive work
 func ProcReceive(ctx context.Context, repo *repo_model.Repository, gitRepo *git.Repository, opts *private.HookOptions) ([]private.HookProcReceiveRefResult, error) {
 	results := make([]private.HookProcReceiveRefResult, 0, len(opts.OldCommitIDs))
 	forcePush := opts.GitPushOptions.Bool(private.GitPushOptionForcePush)
 	topicBranch := opts.GitPushOptions["topic"]
-	title := strings.TrimSpace(opts.GitPushOptions["title"])
-	description := strings.TrimSpace(opts.GitPushOptions["description"])
+
+	// some options are base64-encoded with "{base64}" prefix if they contain new lines
+	// other agit push options like "issue", "reviewer" and "cc" are not supported
+	title := parseAgitPushOptionValue(opts.GitPushOptions["title"])
+	description := parseAgitPushOptionValue(opts.GitPushOptions["description"])
+
 	objectFormat := git.ObjectFormatFromName(repo.ObjectFormatName)
 	userName := strings.ToLower(opts.UserName)
 
diff --git a/services/agit/agit_test.go b/services/agit/agit_test.go
new file mode 100644
index 0000000000..feaf7dca9b
--- /dev/null
+++ b/services/agit/agit_test.go
@@ -0,0 +1,16 @@
+// Copyright 2025 The Gitea Authors. All rights reserved.
+// SPDX-License-Identifier: MIT
+
+package agit
+
+import (
+	"testing"
+
+	"github.com/stretchr/testify/assert"
+)
+
+func TestParseAgitPushOptionValue(t *testing.T) {
+	assert.Equal(t, "a", parseAgitPushOptionValue("a"))
+	assert.Equal(t, "a", parseAgitPushOptionValue("{base64}YQ=="))
+	assert.Equal(t, "{base64}invalid value", parseAgitPushOptionValue("{base64}invalid value"))
+}
diff --git a/services/asymkey/commit.go b/services/asymkey/commit.go
index 148f51fd10..773e7ca83c 100644
--- a/services/asymkey/commit.go
+++ b/services/asymkey/commit.go
@@ -24,47 +24,43 @@ import (
 
 // ParseCommitWithSignature check if signature is good against keystore.
 func ParseCommitWithSignature(ctx context.Context, c *git.Commit) *asymkey_model.CommitVerification {
-	var committer *user_model.User
-	if c.Committer != nil {
-		var err error
-		// Find Committer account
-		committer, err = user_model.GetUserByEmail(ctx, c.Committer.Email) // This finds the user by primary email or activated email so commit will not be valid if email is not
-		if err != nil {                                                    // Skipping not user for committer
-			committer = &user_model.User{
-				Name:  c.Committer.Name,
-				Email: c.Committer.Email,
-			}
-			// We can expect this to often be an ErrUserNotExist. in the case
-			// it is not, however, it is important to log it.
-			if !user_model.IsErrUserNotExist(err) {
-				log.Error("GetUserByEmail: %v", err)
-				return &asymkey_model.CommitVerification{
-					CommittingUser: committer,
-					Verified:       false,
-					Reason:         "gpg.error.no_committer_account",
-				}
-			}
+	committer, err := user_model.GetUserByEmail(ctx, c.Committer.Email)
+	if err != nil && !user_model.IsErrUserNotExist(err) {
+		log.Error("GetUserByEmail: %v", err)
+		return &asymkey_model.CommitVerification{
+			Verified: false,
+			Reason:   "gpg.error.no_committer_account", // this error is not right, but such error should seldom happen
 		}
 	}
-
 	return ParseCommitWithSignatureCommitter(ctx, c, committer)
 }
 
+// ParseCommitWithSignatureCommitter parses a commit's GPG or SSH signature.
+// If the commit is singed by an instance key, then committer can be nil.
+// If the signature exists, even if committer is nil, the returned CommittingUser will be a non-nil fake user.
 func ParseCommitWithSignatureCommitter(ctx context.Context, c *git.Commit, committer *user_model.User) *asymkey_model.CommitVerification {
-	// If no signature just report the committer
+	// If no signature, just report the committer
 	if c.Signature == nil {
 		return &asymkey_model.CommitVerification{
 			CommittingUser: committer,
-			Verified:       false,                         // Default value
-			Reason:         "gpg.error.not_signed_commit", // Default value
+			Verified:       false,
+			Reason:         "gpg.error.not_signed_commit",
 		}
 	}
-
-	// If this a SSH signature handle it differently
-	if strings.HasPrefix(c.Signature.Signature, "-----BEGIN SSH SIGNATURE-----") {
-		return ParseCommitWithSSHSignature(ctx, c, committer)
+	// to support instance key, we need a fake committer user (not really needed, but legacy code accesses the committer without nil-check)
+	if committer == nil {
+		committer = &user_model.User{
+			Name:  c.Committer.Name,
+			Email: c.Committer.Email,
+		}
 	}
+	if strings.HasPrefix(c.Signature.Signature, "-----BEGIN SSH SIGNATURE-----") {
+		return parseCommitWithSSHSignature(ctx, c, committer)
+	}
+	return parseCommitWithGPGSignature(ctx, c, committer)
+}
 
+func parseCommitWithGPGSignature(ctx context.Context, c *git.Commit, committer *user_model.User) *asymkey_model.CommitVerification {
 	// Parsing signature
 	sig, err := asymkey_model.ExtractSignature(c.Signature.Signature)
 	if err != nil { // Skipping failed to extract sign
@@ -165,7 +161,7 @@ func ParseCommitWithSignatureCommitter(ctx context.Context, c *git.Commit, commi
 		}
 		if err := gpgSettings.LoadPublicKeyContent(); err != nil {
 			log.Error("Error getting default signing key: %s %v", gpgSettings.KeyID, err)
-		} else if commitVerification := VerifyWithGPGSettings(ctx, &gpgSettings, sig, c.Signature.Payload, committer, keyID); commitVerification != nil {
+		} else if commitVerification := verifyWithGPGSettings(ctx, &gpgSettings, sig, c.Signature.Payload, committer, keyID); commitVerification != nil {
 			if commitVerification.Reason == asymkey_model.BadSignature {
 				defaultReason = asymkey_model.BadSignature
 			} else {
@@ -180,7 +176,7 @@ func ParseCommitWithSignatureCommitter(ctx context.Context, c *git.Commit, commi
 	} else if defaultGPGSettings == nil {
 		log.Warn("Unable to get defaultGPGSettings for unattached commit: %s", c.ID.String())
 	} else if defaultGPGSettings.Sign {
-		if commitVerification := VerifyWithGPGSettings(ctx, defaultGPGSettings, sig, c.Signature.Payload, committer, keyID); commitVerification != nil {
+		if commitVerification := verifyWithGPGSettings(ctx, defaultGPGSettings, sig, c.Signature.Payload, committer, keyID); commitVerification != nil {
 			if commitVerification.Reason == asymkey_model.BadSignature {
 				defaultReason = asymkey_model.BadSignature
 			} else {
@@ -295,7 +291,7 @@ func HashAndVerifyForKeyID(ctx context.Context, sig *packet.Signature, payload s
 	}
 }
 
-func VerifyWithGPGSettings(ctx context.Context, gpgSettings *git.GPGSettings, sig *packet.Signature, payload string, committer *user_model.User, keyID string) *asymkey_model.CommitVerification {
+func verifyWithGPGSettings(ctx context.Context, gpgSettings *git.GPGSettings, sig *packet.Signature, payload string, committer *user_model.User, keyID string) *asymkey_model.CommitVerification {
 	// First try to find the key in the db
 	if commitVerification := HashAndVerifyForKeyID(ctx, sig, payload, committer, gpgSettings.KeyID, gpgSettings.Name, gpgSettings.Email); commitVerification != nil {
 		return commitVerification
@@ -375,8 +371,8 @@ func verifySSHCommitVerificationByInstanceKey(c *git.Commit, committerUser, sign
 	return verifySSHCommitVerification(c.Signature.Signature, c.Signature.Payload, sshPubKey, committerUser, signerUser, committerGitEmail)
 }
 
-// ParseCommitWithSSHSignature check if signature is good against keystore.
-func ParseCommitWithSSHSignature(ctx context.Context, c *git.Commit, committerUser *user_model.User) *asymkey_model.CommitVerification {
+// parseCommitWithSSHSignature check if signature is good against keystore.
+func parseCommitWithSSHSignature(ctx context.Context, c *git.Commit, committerUser *user_model.User) *asymkey_model.CommitVerification {
 	// Now try to associate the signature with the committer, if present
 	if committerUser.ID != 0 {
 		keys, err := db.Find[asymkey_model.PublicKey](ctx, asymkey_model.FindPublicKeyOptions{
diff --git a/services/asymkey/commit_test.go b/services/asymkey/commit_test.go
index 0438209a61..6bcb6997f4 100644
--- a/services/asymkey/commit_test.go
+++ b/services/asymkey/commit_test.go
@@ -41,7 +41,7 @@ Initial commit with signed file
 			Name:  "User Two",
 			Email: "user2@example.com",
 		}
-		ret := ParseCommitWithSSHSignature(t.Context(), commit, committingUser)
+		ret := parseCommitWithSSHSignature(t.Context(), commit, committingUser)
 		require.NotNil(t, ret)
 		assert.True(t, ret.Verified)
 		assert.False(t, ret.Warning)
diff --git a/services/auth/source/oauth2/providers.go b/services/auth/source/oauth2/providers.go
index f2c1bb4894..75ed41ba66 100644
--- a/services/auth/source/oauth2/providers.go
+++ b/services/auth/source/oauth2/providers.go
@@ -27,6 +27,7 @@ type Provider interface {
 	DisplayName() string
 	IconHTML(size int) template.HTML
 	CustomURLSettings() *CustomURLSettings
+	SupportSSHPublicKey() bool
 }
 
 // GothProviderCreator provides a function to create a goth.Provider
diff --git a/services/auth/source/oauth2/providers_base.go b/services/auth/source/oauth2/providers_base.go
index 9d4ab106e5..d34597d6d9 100644
--- a/services/auth/source/oauth2/providers_base.go
+++ b/services/auth/source/oauth2/providers_base.go
@@ -14,6 +14,13 @@ import (
 type BaseProvider struct {
 	name        string
 	displayName string
+
+	// TODO: maybe some providers also support SSH public keys, then they can set this to true
+	supportSSHPublicKey bool
+}
+
+func (b *BaseProvider) SupportSSHPublicKey() bool {
+	return b.supportSSHPublicKey
 }
 
 // Name provides the technical name for this provider
diff --git a/services/auth/source/oauth2/providers_openid.go b/services/auth/source/oauth2/providers_openid.go
index 285876d5ac..e86dc48232 100644
--- a/services/auth/source/oauth2/providers_openid.go
+++ b/services/auth/source/oauth2/providers_openid.go
@@ -17,6 +17,10 @@ import (
 // OpenIDProvider is a GothProvider for OpenID
 type OpenIDProvider struct{}
 
+func (o *OpenIDProvider) SupportSSHPublicKey() bool {
+	return true
+}
+
 // Name provides the technical name for this provider
 func (o *OpenIDProvider) Name() string {
 	return "openidConnect"
diff --git a/services/auth/source/oauth2/source.go b/services/auth/source/oauth2/source.go
index 08837de377..00d89b3481 100644
--- a/services/auth/source/oauth2/source.go
+++ b/services/auth/source/oauth2/source.go
@@ -27,6 +27,9 @@ type Source struct {
 	GroupTeamMap        string
 	GroupTeamMapRemoval bool
 	RestrictedGroup     string
+
+	SSHPublicKeyClaimName string
+	FullNameClaimName     string
 }
 
 // FromDB fills up an OAuth2Config from serialized format.
diff --git a/services/convert/repository.go b/services/convert/repository.go
index 614eb58a88..a364591bb8 100644
--- a/services/convert/repository.go
+++ b/services/convert/repository.go
@@ -251,7 +251,7 @@ func innerToRepo(ctx context.Context, repo *repo_model.Repository, permissionInR
 		RepoTransfer:                  transfer,
 		Topics:                        util.SliceNilAsEmpty(repo.Topics),
 		ObjectFormatName:              repo.ObjectFormatName,
-		Licenses:                      repoLicenses.StringList(),
+		Licenses:                      util.SliceNilAsEmpty(repoLicenses.StringList()),
 	}
 }
 
diff --git a/services/externalaccount/link.go b/services/externalaccount/link.go
deleted file mode 100644
index ab853140cb..0000000000
--- a/services/externalaccount/link.go
+++ /dev/null
@@ -1,30 +0,0 @@
-// Copyright 2021 The Gitea Authors. All rights reserved.
-// SPDX-License-Identifier: MIT
-
-package externalaccount
-
-import (
-	"context"
-	"errors"
-
-	user_model "code.gitea.io/gitea/models/user"
-
-	"github.com/markbates/goth"
-)
-
-// Store represents a thing that stores things
-type Store interface {
-	Get(any) any
-	Set(any, any) error
-	Release() error
-}
-
-// LinkAccountFromStore links the provided user with a stored external user
-func LinkAccountFromStore(ctx context.Context, store Store, user *user_model.User) error {
-	gothUser := store.Get("linkAccountGothUser")
-	if gothUser == nil {
-		return errors.New("not in LinkAccount session")
-	}
-
-	return LinkAccountToUser(ctx, user, gothUser.(goth.User))
-}
diff --git a/services/externalaccount/user.go b/services/externalaccount/user.go
index b53e33654a..1eddc4a5df 100644
--- a/services/externalaccount/user.go
+++ b/services/externalaccount/user.go
@@ -8,7 +8,6 @@ import (
 	"strconv"
 	"strings"
 
-	"code.gitea.io/gitea/models/auth"
 	issues_model "code.gitea.io/gitea/models/issues"
 	repo_model "code.gitea.io/gitea/models/repo"
 	user_model "code.gitea.io/gitea/models/user"
@@ -17,15 +16,11 @@ import (
 	"github.com/markbates/goth"
 )
 
-func toExternalLoginUser(ctx context.Context, user *user_model.User, gothUser goth.User) (*user_model.ExternalLoginUser, error) {
-	authSource, err := auth.GetActiveOAuth2SourceByName(ctx, gothUser.Provider)
-	if err != nil {
-		return nil, err
-	}
+func toExternalLoginUser(authSourceID int64, user *user_model.User, gothUser goth.User) *user_model.ExternalLoginUser {
 	return &user_model.ExternalLoginUser{
 		ExternalID:        gothUser.UserID,
 		UserID:            user.ID,
-		LoginSourceID:     authSource.ID,
+		LoginSourceID:     authSourceID,
 		RawData:           gothUser.RawData,
 		Provider:          gothUser.Provider,
 		Email:             gothUser.Email,
@@ -40,15 +35,12 @@ func toExternalLoginUser(ctx context.Context, user *user_model.User, gothUser go
 		AccessTokenSecret: gothUser.AccessTokenSecret,
 		RefreshToken:      gothUser.RefreshToken,
 		ExpiresAt:         gothUser.ExpiresAt,
-	}, nil
+	}
 }
 
 // LinkAccountToUser link the gothUser to the user
-func LinkAccountToUser(ctx context.Context, user *user_model.User, gothUser goth.User) error {
-	externalLoginUser, err := toExternalLoginUser(ctx, user, gothUser)
-	if err != nil {
-		return err
-	}
+func LinkAccountToUser(ctx context.Context, authSourceID int64, user *user_model.User, gothUser goth.User) error {
+	externalLoginUser := toExternalLoginUser(authSourceID, user, gothUser)
 
 	if err := user_model.LinkExternalToUser(ctx, user, externalLoginUser); err != nil {
 		return err
@@ -72,12 +64,8 @@ func LinkAccountToUser(ctx context.Context, user *user_model.User, gothUser goth
 }
 
 // EnsureLinkExternalToUser link the gothUser to the user
-func EnsureLinkExternalToUser(ctx context.Context, user *user_model.User, gothUser goth.User) error {
-	externalLoginUser, err := toExternalLoginUser(ctx, user, gothUser)
-	if err != nil {
-		return err
-	}
-
+func EnsureLinkExternalToUser(ctx context.Context, authSourceID int64, user *user_model.User, gothUser goth.User) error {
+	externalLoginUser := toExternalLoginUser(authSourceID, user, gothUser)
 	return user_model.EnsureLinkExternalToUser(ctx, externalLoginUser)
 }
 
diff --git a/services/forms/auth_form.go b/services/forms/auth_form.go
index a8f97572b1..886110236c 100644
--- a/services/forms/auth_form.go
+++ b/services/forms/auth_form.go
@@ -18,45 +18,54 @@ type AuthenticationForm struct {
 	Type            int    `binding:"Range(2,7)"`
 	Name            string `binding:"Required;MaxSize(30)"`
 	TwoFactorPolicy string
+	IsActive        bool
+	IsSyncEnabled   bool
 
-	Host                          string
-	Port                          int
-	BindDN                        string
-	BindPassword                  string
-	UserBase                      string
-	UserDN                        string
-	AttributeUsername             string
-	AttributeName                 string
-	AttributeSurname              string
-	AttributeMail                 string
-	AttributeSSHPublicKey         string
-	AttributeAvatar               string
-	AttributesInBind              bool
-	UsePagedSearch                bool
-	SearchPageSize                int
-	Filter                        string
-	AdminFilter                   string
-	GroupsEnabled                 bool
-	GroupDN                       string
-	GroupFilter                   string
-	GroupMemberUID                string
-	UserUID                       string
-	RestrictedFilter              string
-	AllowDeactivateAll            bool
-	IsActive                      bool
-	IsSyncEnabled                 bool
-	SMTPAuth                      string
-	SMTPHost                      string
-	SMTPPort                      int
-	AllowedDomains                string
-	SecurityProtocol              int `binding:"Range(0,2)"`
-	TLS                           bool
-	SkipVerify                    bool
-	HeloHostname                  string
-	DisableHelo                   bool
-	ForceSMTPS                    bool
-	PAMServiceName                string
-	PAMEmailDomain                string
+	// LDAP
+	Host                  string
+	Port                  int
+	BindDN                string
+	BindPassword          string
+	UserBase              string
+	UserDN                string
+	AttributeUsername     string
+	AttributeName         string
+	AttributeSurname      string
+	AttributeMail         string
+	AttributeSSHPublicKey string
+	AttributeAvatar       string
+	AttributesInBind      bool
+	UsePagedSearch        bool
+	SearchPageSize        int
+	Filter                string
+	AdminFilter           string
+	GroupsEnabled         bool
+	GroupDN               string
+	GroupFilter           string
+	GroupMemberUID        string
+	UserUID               string
+	RestrictedFilter      string
+	AllowDeactivateAll    bool
+	GroupTeamMap          string `binding:"ValidGroupTeamMap"`
+	GroupTeamMapRemoval   bool
+
+	// SMTP
+	SMTPAuth         string
+	SMTPHost         string
+	SMTPPort         int
+	AllowedDomains   string
+	SecurityProtocol int `binding:"Range(0,2)"`
+	TLS              bool
+	SkipVerify       bool
+	HeloHostname     string
+	DisableHelo      bool
+	ForceSMTPS       bool
+
+	// PAM
+	PAMServiceName string
+	PAMEmailDomain string
+
+	// Oauth2 & OIDC
 	Oauth2Provider                string
 	Oauth2Key                     string
 	Oauth2Secret                  string
@@ -76,13 +85,15 @@ type AuthenticationForm struct {
 	Oauth2RestrictedGroup         string
 	Oauth2GroupTeamMap            string `binding:"ValidGroupTeamMap"`
 	Oauth2GroupTeamMapRemoval     bool
-	SSPIAutoCreateUsers           bool
-	SSPIAutoActivateUsers         bool
-	SSPIStripDomainNames          bool
-	SSPISeparatorReplacement      string `binding:"AlphaDashDot;MaxSize(5)"`
-	SSPIDefaultLanguage           string
-	GroupTeamMap                  string `binding:"ValidGroupTeamMap"`
-	GroupTeamMapRemoval           bool
+	Oauth2SSHPublicKeyClaimName   string
+	Oauth2FullNameClaimName       string
+
+	// SSPI
+	SSPIAutoCreateUsers      bool
+	SSPIAutoActivateUsers    bool
+	SSPIStripDomainNames     bool
+	SSPISeparatorReplacement string `binding:"AlphaDashDot;MaxSize(5)"`
+	SSPIDefaultLanguage      string
 }
 
 // Validate validates fields
diff --git a/services/git/commit.go b/services/git/commit.go
index 2e0e8a5096..e4755ef93d 100644
--- a/services/git/commit.go
+++ b/services/git/commit.go
@@ -35,13 +35,6 @@ func ParseCommitsWithSignature(ctx context.Context, repo *repo_model.Repository,
 
 	for _, c := range oldCommits {
 		committerUser := emailUsers.GetByEmail(c.Committer.Email) // FIXME: why ValidateCommitsWithEmails uses "Author", but ParseCommitsWithSignature uses "Committer"?
-		if committerUser == nil {
-			committerUser = &user_model.User{
-				Name:  c.Committer.Name,
-				Email: c.Committer.Email,
-			}
-		}
-
 		signCommit := &asymkey_model.SignCommit{
 			UserCommit:   c,
 			Verification: asymkey_service.ParseCommitWithSignatureCommitter(ctx, c.Commit, committerUser),
diff --git a/templates/admin/auth/edit.tmpl b/templates/admin/auth/edit.tmpl
index 781f514af4..7b96b4e94f 100644
--- a/templates/admin/auth/edit.tmpl
+++ b/templates/admin/auth/edit.tmpl
@@ -301,19 +301,30 @@
 						<input id="oauth2_tenant" name="oauth2_tenant" value="{{if $cfg.CustomURLMapping}}{{$cfg.CustomURLMapping.Tenant}}{{end}}">
 					</div>
 
-					{{range .OAuth2Providers}}{{if .CustomURLSettings}}
+					{{range .OAuth2Providers}}
+						<input id="{{.Name}}_SupportSSHPublicKey" value="{{.SupportSSHPublicKey}}" type="hidden">
+						{{if .CustomURLSettings}}
 						<input id="{{.Name}}_customURLSettings" type="hidden" data-required="{{.CustomURLSettings.Required}}" data-available="true">
 						<input id="{{.Name}}_token_url" value="{{.CustomURLSettings.TokenURL.Value}}" data-available="{{.CustomURLSettings.TokenURL.Available}}" data-required="{{.CustomURLSettings.TokenURL.Required}}" type="hidden">
 						<input id="{{.Name}}_auth_url" value="{{.CustomURLSettings.AuthURL.Value}}" data-available="{{.CustomURLSettings.AuthURL.Available}}" data-required="{{.CustomURLSettings.AuthURL.Required}}" type="hidden">
 						<input id="{{.Name}}_profile_url" value="{{.CustomURLSettings.ProfileURL.Value}}" data-available="{{.CustomURLSettings.ProfileURL.Available}}" data-required="{{.CustomURLSettings.ProfileURL.Required}}" type="hidden">
 						<input id="{{.Name}}_email_url" value="{{.CustomURLSettings.EmailURL.Value}}" data-available="{{.CustomURLSettings.EmailURL.Available}}" data-required="{{.CustomURLSettings.EmailURL.Required}}" type="hidden">
 						<input id="{{.Name}}_tenant" value="{{.CustomURLSettings.Tenant.Value}}" data-available="{{.CustomURLSettings.Tenant.Available}}" data-required="{{.CustomURLSettings.Tenant.Required}}" type="hidden">
-					{{end}}{{end}}
+						{{end}}
+				{{end}}
 
 					<div class="field">
 						<label for="oauth2_scopes">{{ctx.Locale.Tr "admin.auths.oauth2_scopes"}}</label>
 						<input id="oauth2_scopes" name="oauth2_scopes" value="{{if $cfg.Scopes}}{{StringUtils.Join $cfg.Scopes ","}}{{end}}">
 					</div>
+					<div class="field">
+						<label>{{ctx.Locale.Tr "admin.auths.oauth2_full_name_claim_name"}}</label>
+						<input name="oauth2_full_name_claim_name" value="{{$cfg.FullNameClaimName}}" placeholder="name">
+					</div>
+					<div class="field oauth2_ssh_public_key_claim_name">
+						<label>{{ctx.Locale.Tr "admin.auths.oauth2_ssh_public_key_claim_name"}}</label>
+						<input name="oauth2_ssh_public_key_claim_name" value="{{$cfg.SSHPublicKeyClaimName}}" placeholder="sshpubkey">
+					</div>
 					<div class="field">
 						<label for="oauth2_required_claim_name">{{ctx.Locale.Tr "admin.auths.oauth2_required_claim_name"}}</label>
 						<input id="oauth2_required_claim_name" name="oauth2_required_claim_name" value="{{$cfg.RequiredClaimName}}">
diff --git a/templates/admin/auth/source/oauth.tmpl b/templates/admin/auth/source/oauth.tmpl
index f02c5bdf30..69590635e4 100644
--- a/templates/admin/auth/source/oauth.tmpl
+++ b/templates/admin/auth/source/oauth.tmpl
@@ -63,19 +63,31 @@
 		<input id="oauth2_tenant" name="oauth2_tenant" value="{{.oauth2_tenant}}">
 	</div>
 
-	{{range .OAuth2Providers}}{{if .CustomURLSettings}}
+	{{range .OAuth2Providers}}
+		<input id="{{.Name}}_SupportSSHPublicKey" value="{{.SupportSSHPublicKey}}" type="hidden">
+		{{if .CustomURLSettings}}
 		<input id="{{.Name}}_customURLSettings" type="hidden" data-required="{{.CustomURLSettings.Required}}" data-available="true">
 		<input id="{{.Name}}_token_url" value="{{.CustomURLSettings.TokenURL.Value}}" data-available="{{.CustomURLSettings.TokenURL.Available}}" data-required="{{.CustomURLSettings.TokenURL.Required}}" type="hidden">
 		<input id="{{.Name}}_auth_url" value="{{.CustomURLSettings.AuthURL.Value}}" data-available="{{.CustomURLSettings.AuthURL.Available}}" data-required="{{.CustomURLSettings.AuthURL.Required}}" type="hidden">
 		<input id="{{.Name}}_profile_url" value="{{.CustomURLSettings.ProfileURL.Value}}" data-available="{{.CustomURLSettings.ProfileURL.Available}}" data-required="{{.CustomURLSettings.ProfileURL.Required}}" type="hidden">
 		<input id="{{.Name}}_email_url" value="{{.CustomURLSettings.EmailURL.Value}}" data-available="{{.CustomURLSettings.EmailURL.Available}}" data-required="{{.CustomURLSettings.EmailURL.Required}}" type="hidden">
 		<input id="{{.Name}}_tenant" value="{{.CustomURLSettings.Tenant.Value}}" data-available="{{.CustomURLSettings.Tenant.Available}}" data-required="{{.CustomURLSettings.Tenant.Required}}" type="hidden">
-	{{end}}{{end}}
+		{{end}}
+	{{end}}
 
 	<div class="field">
 		<label for="oauth2_scopes">{{ctx.Locale.Tr "admin.auths.oauth2_scopes"}}</label>
 		<input id="oauth2_scopes" name="oauth2_scopes" value="{{.oauth2_scopes}}">
 	</div>
+
+	<div class="field">
+		<label>{{ctx.Locale.Tr "admin.auths.oauth2_full_name_claim_name"}}</label>
+		<input name="oauth2_full_name_claim_name" value="{{.oauth2_full_name_claim_name}}" placeholder="name">
+	</div>
+	<div class="field oauth2_ssh_public_key_claim_name">
+		<label>{{ctx.Locale.Tr "admin.auths.oauth2_ssh_public_key_claim_name"}}</label>
+		<input name="oauth2_ssh_public_key_claim_name" value="{{.oauth2_ssh_public_key_claim_name}}" placeholder="sshpubkey">
+	</div>
 	<div class="field">
 		<label for="oauth2_required_claim_name">{{ctx.Locale.Tr "admin.auths.oauth2_required_claim_name"}}</label>
 		<input id="oauth2_required_claim_name" name="oauth2_required_claim_name" value="{{.oauth2_required_claim_name}}">
diff --git a/templates/repo/code/recently_pushed_new_branches.tmpl b/templates/repo/code/recently_pushed_new_branches.tmpl
index 4a864ba756..8569bd6c13 100644
--- a/templates/repo/code/recently_pushed_new_branches.tmpl
+++ b/templates/repo/code/recently_pushed_new_branches.tmpl
@@ -1,12 +1,18 @@
-{{range .RecentlyPushedNewBranches}}
-	<div class="ui positive message tw-flex tw-items-center tw-gap-2">
-		<div class="tw-flex-1 tw-break-anywhere">
-			{{$timeSince := DateUtils.TimeSince .CommitTime}}
-			{{$branchLink := HTMLFormat `<a href="%s">%s</a>` .BranchLink .BranchDisplayName}}
+{{/* Template Attributes:
+* RecentBranchesPromptData
+*/}}
+{{$data := .RecentBranchesPromptData}}
+{{if $data}}
+	{{range $recentBranch := $data.RecentlyPushedNewBranches}}
+	<div class="ui positive message flex-text-block">
+		<div class="tw-flex-1">
+			{{$timeSince := DateUtils.TimeSince $recentBranch.CommitTime}}
+			{{$branchLink := HTMLFormat `<a href="%s">%s</a>` $recentBranch.BranchLink .BranchDisplayName}}
 			{{ctx.Locale.Tr "repo.pulls.recently_pushed_new_branches" $branchLink $timeSince}}
 		</div>
-		<a role="button" class="ui compact green button tw-m-0" href="{{QueryBuild .BranchCompareURL "expand" 1}}">
+		<a role="button" class="ui compact green button" href="{{QueryBuild $recentBranch.BranchCompareURL "expand" 1}}">
 			{{ctx.Locale.Tr "repo.pulls.compare_changes"}}
 		</a>
 	</div>
+	{{end}}
 {{end}}
diff --git a/templates/repo/commit_page.tmpl b/templates/repo/commit_page.tmpl
index 46f641824b..68ccf9d275 100644
--- a/templates/repo/commit_page.tmpl
+++ b/templates/repo/commit_page.tmpl
@@ -147,7 +147,7 @@
 			<div class="flex-text-inline">
 				{{if or (ne .Commit.Committer.Name .Commit.Author.Name) (ne .Commit.Committer.Email .Commit.Author.Email)}}
 					<span class="text grey">{{ctx.Locale.Tr "repo.diff.committed_by"}}</span>
-					{{if ne .Verification.CommittingUser.ID 0}}
+					{{if and .Verification.CommittingUser .Verification.CommittingUser.ID}}
 						{{ctx.AvatarUtils.Avatar .Verification.CommittingUser 20}}
 						<a href="{{.Verification.CommittingUser.HomeLink}}"><strong>{{.Commit.Committer.Name}}</strong></a>
 					{{else}}
diff --git a/templates/repo/commits_list.tmpl b/templates/repo/commits_list.tmpl
index 9dae6594b9..959f2a9398 100644
--- a/templates/repo/commits_list.tmpl
+++ b/templates/repo/commits_list.tmpl
@@ -16,7 +16,7 @@
 					<td class="author">
 						<div class="tw-flex">
 							{{$userName := .Author.Name}}
-							{{if and .User (gt .User.ID 0)}} /* User with id == 0 is a fake user from git author */
+							{{if .User}}
 								{{if and .User.FullName DefaultShowFullName}}
 									{{$userName = .User.FullName}}
 								{{end}}
diff --git a/templates/repo/home.tmpl b/templates/repo/home.tmpl
index f86b90502d..2a6c0d2fe5 100644
--- a/templates/repo/home.tmpl
+++ b/templates/repo/home.tmpl
@@ -15,7 +15,7 @@
 			</div>
 		{{end}}
 
-		{{template "repo/code/recently_pushed_new_branches" .}}
+		{{template "repo/code/recently_pushed_new_branches" dict "RecentBranchesPromptData" .RecentBranchesPromptData}}
 
 		<div class="{{Iif $showSidebar "repo-grid-filelist-sidebar" "repo-grid-filelist-only"}}">
 			<div class="repo-home-filelist">
diff --git a/templates/repo/issue/list.tmpl b/templates/repo/issue/list.tmpl
index 0ab761e038..1fe220e1b8 100644
--- a/templates/repo/issue/list.tmpl
+++ b/templates/repo/issue/list.tmpl
@@ -4,6 +4,8 @@
 	<div class="ui container">
 	{{template "base/alert" .}}
 
+	{{template "repo/code/recently_pushed_new_branches" dict "RecentBranchesPromptData" .RecentBranchesPromptData}}
+
 	{{if .PinnedIssues}}
 		<div id="issue-pins" {{if .IsRepoAdmin}}data-is-repo-admin{{end}}>
 			{{range .PinnedIssues}}
diff --git a/templates/repo/view.tmpl b/templates/repo/view.tmpl
index 85d09d03a1..f99fe2f57a 100644
--- a/templates/repo/view.tmpl
+++ b/templates/repo/view.tmpl
@@ -14,7 +14,7 @@
 			</div>
 		{{end}}
 
-		{{template "repo/code/recently_pushed_new_branches" .}}
+		{{template "repo/code/recently_pushed_new_branches" dict "RecentBranchesPromptData" .RecentBranchesPromptData}}
 
 		<div class="repo-view-container">
 			<div class="tw-flex tw-flex-col repo-view-file-tree-container not-mobile {{if not .UserSettingCodeViewShowFileTree}}tw-hidden{{end}}" {{if .IsSigned}}data-user-is-signed-in{{end}}>
diff --git a/templates/swagger/v1_json.tmpl b/templates/swagger/v1_json.tmpl
index b656e7b2a7..71a8662b52 100644
--- a/templates/swagger/v1_json.tmpl
+++ b/templates/swagger/v1_json.tmpl
@@ -5165,7 +5165,7 @@
         ],
         "responses": {
           "200": {
-            "$ref": "#/responses/ArtifactsList"
+            "$ref": "#/responses/WorkflowRunsList"
           },
           "400": {
             "$ref": "#/responses/error"
diff --git a/templates/user/notification/notification_div.tmpl b/templates/user/notification/notification_div.tmpl
index b8655a84a4..b9faba2b90 100644
--- a/templates/user/notification/notification_div.tmpl
+++ b/templates/user/notification/notification_div.tmpl
@@ -1,124 +1,96 @@
 <div role="main" aria-label="{{.Title}}" class="page-content user notification" id="notification_div" data-sequence-number="{{.SequenceNumber}}">
 	<div class="ui container">
+		{{$statusUnread := 1}}{{$statusRead := 2}}{{$statusPinned := 3}}
 		{{$notificationUnreadCount := call .PageGlobalData.GetNotificationUnreadCount}}
-		<div class="tw-flex tw-items-center tw-justify-between tw-mb-[--page-spacing]">
+		{{$pageTypeIsRead := eq $.PageType "read"}}
+		<div class="flex-text-block tw-justify-between tw-mb-[--page-spacing]">
 			<div class="small-menu-items ui compact tiny menu">
-				<a class="{{if eq .Status 1}}active {{end}}item" href="{{AppSubUrl}}/notifications?q=unread">
+				<a class="{{if not $pageTypeIsRead}}active{{end}} item" href="{{AppSubUrl}}/notifications?type=unread">
 					{{ctx.Locale.Tr "notification.unread"}}
 					<div class="notifications-unread-count ui label {{if not $notificationUnreadCount}}tw-hidden{{end}}">{{$notificationUnreadCount}}</div>
 				</a>
-				<a class="{{if eq .Status 2}}active {{end}}item" href="{{AppSubUrl}}/notifications?q=read">
+				<a class="{{if $pageTypeIsRead}}active{{end}} item" href="{{AppSubUrl}}/notifications?type=read">
 					{{ctx.Locale.Tr "notification.read"}}
 				</a>
 			</div>
-			{{if and (eq .Status 1)}}
+			{{if and (not $pageTypeIsRead) $notificationUnreadCount}}
 				<form action="{{AppSubUrl}}/notifications/purge" method="post">
 					{{$.CsrfTokenHtml}}
-					<div class="{{if not $notificationUnreadCount}}tw-hidden{{end}}">
-						<button class="ui mini button primary tw-mr-0" title="{{ctx.Locale.Tr "notification.mark_all_as_read"}}">
-							{{svg "octicon-checklist"}}
-						</button>
-					</div>
+					<button class="ui mini button primary tw-mr-0" title="{{ctx.Locale.Tr "notification.mark_all_as_read"}}">
+						{{svg "octicon-checklist"}}
+					</button>
 				</form>
 			{{end}}
 		</div>
-		<div class="tw-p-0">
-			<div id="notification_table">
-				{{if not .Notifications}}
-					<div class="tw-flex tw-items-center tw-flex-col tw-p-4">
-						{{svg "octicon-inbox" 56 "tw-mb-4"}}
-						{{if eq .Status 1}}
-							{{ctx.Locale.Tr "notification.no_unread"}}
+		<div id="notification_table">
+			{{range $one := .Notifications}}
+				<div class="notifications-item" id="notification_{{$one.ID}}" data-status="{{$one.Status}}">
+					<div class="tw-self-start tw-mt-[2px]">
+						{{if $one.Issue}}
+							{{template "shared/issueicon" $one.Issue}}
 						{{else}}
-							{{ctx.Locale.Tr "notification.no_read"}}
+							{{svg "octicon-repo" 16 "text grey"}}
 						{{end}}
 					</div>
-				{{else}}
-					{{range $notification := .Notifications}}
-						<div class="notifications-item tw-flex tw-items-center tw-flex-wrap tw-gap-2 tw-p-2" id="notification_{{.ID}}" data-status="{{.Status}}">
-							<div class="notifications-icon tw-ml-2 tw-mr-1 tw-self-start tw-mt-1">
-								{{if .Issue}}
-									{{template "shared/issueicon" .Issue}}
-								{{else}}
-									{{svg "octicon-repo" 16 "text grey"}}
-								{{end}}
-							</div>
-							<a class="notifications-link tw-flex tw-flex-1 tw-flex-col silenced" href="{{.Link ctx}}">
-								<div class="notifications-top-row tw-text-13 tw-break-anywhere">
-									{{.Repository.FullName}} {{if .Issue}}<span class="text light-3">#{{.Issue.Index}}</span>{{end}}
-									{{if eq .Status 3}}
-										{{svg "octicon-pin" 13 "text blue tw-mt-0.5 tw-ml-1"}}
-									{{end}}
-								</div>
-								<div class="notifications-bottom-row tw-text-16 tw-py-0.5">
-									<span class="issue-title tw-break-anywhere">
-										{{if .Issue}}
-											{{.Issue.Title | ctx.RenderUtils.RenderIssueSimpleTitle}}
-										{{else}}
-											{{.Repository.FullName}}
-										{{end}}
-									</span>
-								</div>
-							</a>
-							<div class="notifications-updated tw-items-center tw-mr-2">
-								{{if .Issue}}
-									{{DateUtils.TimeSince .Issue.UpdatedUnix}}
-								{{else}}
-									{{DateUtils.TimeSince .UpdatedUnix}}
-								{{end}}
-							</div>
-							<div class="notifications-buttons tw-items-center tw-justify-end tw-gap-1 tw-px-1">
-								{{if ne .Status 3}}
-									<form action="{{AppSubUrl}}/notifications/status" method="post">
-										{{$.CsrfTokenHtml}}
-										<input type="hidden" name="notification_id" value="{{.ID}}">
-										<input type="hidden" name="status" value="pinned">
-										<button class="btn interact-bg tw-p-2" title="{{ctx.Locale.Tr "notification.pin"}}"
-											data-url="{{AppSubUrl}}/notifications/status"
-											data-status="pinned"
-											data-page="{{$.Page.Paginater.Current}}"
-											data-notification-id="{{.ID}}"
-											data-q="{{$.Keyword}}">
-											{{svg "octicon-pin"}}
-										</button>
-									</form>
-								{{end}}
-								{{if or (eq .Status 1) (eq .Status 3)}}
-									<form action="{{AppSubUrl}}/notifications/status" method="post">
-										{{$.CsrfTokenHtml}}
-										<input type="hidden" name="notification_id" value="{{.ID}}">
-										<input type="hidden" name="status" value="read">
-										<input type="hidden" name="page" value="{{$.Page.Paginater.Current}}">
-										<button class="btn interact-bg tw-p-2" title="{{ctx.Locale.Tr "notification.mark_as_read"}}"
-											data-url="{{AppSubUrl}}/notifications/status"
-											data-status="read"
-											data-page="{{$.Page.Paginater.Current}}"
-											data-notification-id="{{.ID}}"
-											data-q="{{$.Keyword}}">
-											{{svg "octicon-check"}}
-										</button>
-									</form>
-								{{else if eq .Status 2}}
-									<form action="{{AppSubUrl}}/notifications/status" method="post">
-										{{$.CsrfTokenHtml}}
-										<input type="hidden" name="notification_id" value="{{.ID}}">
-										<input type="hidden" name="status" value="unread">
-										<input type="hidden" name="page" value="{{$.Page.Paginater.Current}}">
-										<button class="btn interact-bg tw-p-2" title="{{ctx.Locale.Tr "notification.mark_as_unread"}}"
-											data-url="{{AppSubUrl}}/notifications/status"
-											data-status="unread"
-											data-page="{{$.Page.Paginater.Current}}"
-											data-notification-id="{{.ID}}"
-											data-q="{{$.Keyword}}">
-											{{svg "octicon-bell"}}
-										</button>
-									</form>
-								{{end}}
-							</div>
+					<a class="notifications-link silenced tw-flex-1" href="{{$one.Link ctx}}">
+						<div class="flex-text-block tw-text-[0.95em]">
+							{{$one.Repository.FullName}} {{if $one.Issue}}<span class="text light-3">#{{$one.Issue.Index}}</span>{{end}}
+							{{if eq $one.Status $statusPinned}}
+								{{svg "octicon-pin" 13 "text blue"}}
+							{{end}}
 						</div>
+						<div class="tw-text-16 tw-py-0.5">
+							{{if $one.Issue}}
+								{{$one.Issue.Title | ctx.RenderUtils.RenderIssueSimpleTitle}}
+							{{else}}
+								{{$one.Repository.FullName}}
+							{{end}}
+						</div>
+					</a>
+					<div class="notifications-updated flex-text-inline">
+						{{if $one.Issue}}
+							{{DateUtils.TimeSince $one.Issue.UpdatedUnix}}
+						{{else}}
+							{{DateUtils.TimeSince $one.UpdatedUnix}}
+						{{end}}
+					</div>
+					<form class="notifications-buttons" action="{{AppSubUrl}}/notifications/status?type={{$.PageType}}&page={{$.Page.Paginater.Current}}&perPage={{$.Page.Paginater.PagingNum}}" method="post"
+								hx-boost="true" hx-target="#notification_div" hx-swap="outerHTML"
+					>
+						{{$.CsrfTokenHtml}}
+						<input type="hidden" name="notification_id" value="{{$one.ID}}">
+						{{if ne $one.Status $statusPinned}}
+							<button class="btn interact-bg tw-p-2" data-tooltip-content="{{ctx.Locale.Tr "notification.pin"}}"
+											name="notification_action" value="pin"
+							>
+								{{svg "octicon-pin"}}
+							</button>
+						{{end}}
+						{{if or (eq $one.Status $statusUnread) (eq $one.Status $statusPinned)}}
+							<button class="btn interact-bg tw-p-2" data-tooltip-content="{{ctx.Locale.Tr "notification.mark_as_read"}}"
+											name="notification_action" value="mark_as_read"
+							>
+								{{svg "octicon-check"}}
+							</button>
+						{{else if eq $one.Status $statusRead}}
+							<button class="btn interact-bg tw-p-2" data-tooltip-content="{{ctx.Locale.Tr "notification.mark_as_unread"}}"
+											name="notification_action" value="mark_as_unread"
+							>
+								{{svg "octicon-bell"}}
+							</button>
+						{{end}}
+					</form>
+				</div>
+			{{else}}
+				<div class="empty-placeholder">
+					{{svg "octicon-inbox" 56 "tw-mb-4"}}
+					{{if $pageTypeIsRead}}
+						{{ctx.Locale.Tr "notification.no_read"}}
+					{{else}}
+						{{ctx.Locale.Tr "notification.no_unread"}}
 					{{end}}
-				{{end}}
-			</div>
+				</div>
+			{{end}}
 		</div>
 		{{template "base/paginate" .}}
 	</div>
diff --git a/templates/user/settings/account.tmpl b/templates/user/settings/account.tmpl
index 2c01c88d47..7dbac0ebd4 100644
--- a/templates/user/settings/account.tmpl
+++ b/templates/user/settings/account.tmpl
@@ -35,37 +35,12 @@
 			{{end}}
 		</div>
 
-		{{if not (and ($.UserDisabledFeatures.Contains "manage_credentials") (not $.EnableNotifyMail))}}
+		{{if not ($.UserDisabledFeatures.Contains "manage_credentials")}}
 		<h4 class="ui top attached header">
 			{{ctx.Locale.Tr "settings.manage_emails"}}
 		</h4>
 		<div class="ui attached segment">
 			<div class="ui list flex-items-block">
-				{{if $.EnableNotifyMail}}
-				<div class="item">
-					<form class="ui form tw-w-full" action="{{AppSubUrl}}/user/settings/account/email" method="post">
-						{{$.CsrfTokenHtml}}
-						<input name="_method" type="hidden" value="NOTIFICATION">
-						<div class="field">
-							<label>{{ctx.Locale.Tr "settings.email_desc"}}</label>
-							<div class="ui selection dropdown">
-								<input name="preference" type="hidden" value="{{.EmailNotificationsPreference}}">
-								{{svg "octicon-triangle-down" 14 "dropdown icon"}}
-								<div class="text"></div>
-								<div class="menu">
-									<div data-value="enabled" class="{{if eq .EmailNotificationsPreference "enabled"}}active selected {{end}}item">{{ctx.Locale.Tr "settings.email_notifications.enable"}}</div>
-									<div data-value="andyourown" class="{{if eq .EmailNotificationsPreference "andyourown"}}active selected {{end}}item">{{ctx.Locale.Tr "settings.email_notifications.andyourown"}}</div>
-									<div data-value="onmention" class="{{if eq .EmailNotificationsPreference "onmention"}}active selected {{end}}item">{{ctx.Locale.Tr "settings.email_notifications.onmention"}}</div>
-									<div data-value="disabled" class="{{if eq .EmailNotificationsPreference "disabled"}}active selected {{end}}item">{{ctx.Locale.Tr "settings.email_notifications.disable"}}</div>
-								</div>
-							</div>
-						</div>
-						<div class="field">
-							<button class="ui primary button">{{ctx.Locale.Tr "settings.email_notifications.submit"}}</button>
-						</div>
-					</form>
-				</div>
-				{{end}}
 				{{if not ($.UserDisabledFeatures.Contains "manage_credentials")}}
 					{{range .Emails}}
 						<div class="item tw-flex-wrap">
diff --git a/templates/user/settings/navbar.tmpl b/templates/user/settings/navbar.tmpl
index c6c15512ab..34e089a68a 100644
--- a/templates/user/settings/navbar.tmpl
+++ b/templates/user/settings/navbar.tmpl
@@ -4,11 +4,16 @@
 		<a class="{{if .PageIsSettingsProfile}}active {{end}}item" href="{{AppSubUrl}}/user/settings">
 			{{ctx.Locale.Tr "settings.profile"}}
 		</a>
-		{{if not (and ($.UserDisabledFeatures.Contains "manage_credentials" "deletion") (not $.EnableNotifyMail))}}
+		{{if not ($.UserDisabledFeatures.Contains "manage_credentials" "deletion")}}
 		<a class="{{if .PageIsSettingsAccount}}active {{end}}item" href="{{AppSubUrl}}/user/settings/account">
 			{{ctx.Locale.Tr "settings.account"}}
 		</a>
 		{{end}}
+		{{if $.EnableNotifyMail}}
+		<a class="{{if .PageIsSettingsNotifications}}active {{end}}item" href="{{AppSubUrl}}/user/settings/notifications">
+			{{ctx.Locale.Tr "notifications"}}
+		</a>
+		{{end}}
 		<a class="{{if .PageIsSettingsAppearance}}active {{end}}item" href="{{AppSubUrl}}/user/settings/appearance">
 			{{ctx.Locale.Tr "settings.appearance"}}
 		</a>
diff --git a/templates/user/settings/notifications.tmpl b/templates/user/settings/notifications.tmpl
new file mode 100644
index 0000000000..4694bbb30a
--- /dev/null
+++ b/templates/user/settings/notifications.tmpl
@@ -0,0 +1,34 @@
+{{template "user/settings/layout_head" (dict "ctxData" . "pageClass" "user settings")}}
+	<div class="user-setting-content">
+		<h4 class="ui top attached header">
+			{{ctx.Locale.Tr "notifications"}}
+		</h4>
+		<div class="ui attached segment">
+			<div class="ui list flex-items-block">
+				<div class="item">
+					<form class="ui form tw-w-full" action="{{AppSubUrl}}/user/settings/notifications/email" method="post">
+						{{$.CsrfTokenHtml}}
+						<div class="field">
+							<label>{{ctx.Locale.Tr "settings.email_desc"}}</label>
+							<div class="ui selection dropdown">
+								<input name="preference" type="hidden" value="{{.EmailNotificationsPreference}}">
+								{{svg "octicon-triangle-down" 14 "dropdown icon"}}
+								<div class="text"></div>
+								<div class="menu">
+									<div data-value="enabled" class="{{if eq .EmailNotificationsPreference "enabled"}}active selected {{end}}item">{{ctx.Locale.Tr "settings.email_notifications.enable"}}</div>
+									<div data-value="andyourown" class="{{if eq .EmailNotificationsPreference "andyourown"}}active selected {{end}}item">{{ctx.Locale.Tr "settings.email_notifications.andyourown"}}</div>
+									<div data-value="onmention" class="{{if eq .EmailNotificationsPreference "onmention"}}active selected {{end}}item">{{ctx.Locale.Tr "settings.email_notifications.onmention"}}</div>
+									<div data-value="disabled" class="{{if eq .EmailNotificationsPreference "disabled"}}active selected {{end}}item">{{ctx.Locale.Tr "settings.email_notifications.disable"}}</div>
+								</div>
+							</div>
+						</div>
+						<div class="field">
+							<button class="ui primary button">{{ctx.Locale.Tr "settings.email_notifications.submit"}}</button>
+						</div>
+					</form>
+				</div>
+			</div>
+		</div>
+	</div>
+
+{{template "user/settings/layout_footer" .}}
diff --git a/tests/integration/oauth_test.go b/tests/integration/oauth_test.go
index f8bc33c32a..a2247801f7 100644
--- a/tests/integration/oauth_test.go
+++ b/tests/integration/oauth_test.go
@@ -9,9 +9,11 @@ import (
 	"fmt"
 	"io"
 	"net/http"
+	"net/http/httptest"
 	"strings"
 	"testing"
 
+	asymkey_model "code.gitea.io/gitea/models/asymkey"
 	auth_model "code.gitea.io/gitea/models/auth"
 	"code.gitea.io/gitea/models/db"
 	"code.gitea.io/gitea/models/unittest"
@@ -20,9 +22,13 @@ import (
 	"code.gitea.io/gitea/modules/setting"
 	api "code.gitea.io/gitea/modules/structs"
 	"code.gitea.io/gitea/modules/test"
+	"code.gitea.io/gitea/modules/util"
+	"code.gitea.io/gitea/services/auth/source/oauth2"
 	"code.gitea.io/gitea/services/oauth2_provider"
 	"code.gitea.io/gitea/tests"
 
+	"github.com/markbates/goth"
+	"github.com/markbates/goth/gothic"
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
 )
@@ -931,3 +937,107 @@ func testOAuth2WellKnown(t *testing.T) {
 	defer test.MockVariableValue(&setting.OAuth2.Enabled, false)()
 	MakeRequest(t, NewRequest(t, "GET", urlOpenidConfiguration), http.StatusNotFound)
 }
+
+func addOAuth2Source(t *testing.T, authName string, cfg oauth2.Source) {
+	cfg.Provider = util.IfZero(cfg.Provider, "gitea")
+	err := auth_model.CreateSource(db.DefaultContext, &auth_model.Source{
+		Type:     auth_model.OAuth2,
+		Name:     authName,
+		IsActive: true,
+		Cfg:      &cfg,
+	})
+	require.NoError(t, err)
+}
+
+func TestSignInOauthCallbackSyncSSHKeys(t *testing.T) {
+	defer tests.PrepareTestEnv(t)()
+
+	var mockServer *httptest.Server
+	mockServer = httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		switch r.URL.Path {
+		case "/.well-known/openid-configuration":
+			_, _ = w.Write([]byte(`{
+				"issuer": "` + mockServer.URL + `",
+				"authorization_endpoint": "` + mockServer.URL + `/authorize",
+				"token_endpoint": "` + mockServer.URL + `/token",
+				"userinfo_endpoint": "` + mockServer.URL + `/userinfo"
+			}`))
+		default:
+			http.NotFound(w, r)
+		}
+	}))
+	defer mockServer.Close()
+
+	ctx := t.Context()
+	oauth2Source := oauth2.Source{
+		Provider:                      "openidConnect",
+		ClientID:                      "test-client-id",
+		SSHPublicKeyClaimName:         "sshpubkey",
+		FullNameClaimName:             "name",
+		OpenIDConnectAutoDiscoveryURL: mockServer.URL + "/.well-known/openid-configuration",
+	}
+	addOAuth2Source(t, "test-oidc-source", oauth2Source)
+	authSource, err := auth_model.GetActiveOAuth2SourceByAuthName(ctx, "test-oidc-source")
+	require.NoError(t, err)
+
+	sshKey1 := "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICV0MGX/W9IvLA4FXpIuUcdDcbj5KX4syHgsTy7soVgf"
+	sshKey2 := "sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIE7kM1R02+4ertDKGKEDcKG0s+2vyDDcIvceJ0Gqv5f1AAAABHNzaDo="
+	sshKey3 := "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEHjnNEfE88W1pvBLdV3otv28x760gdmPao3lVD5uAt9"
+	cases := []struct {
+		testName           string
+		mockFullName       string
+		mockRawData        map[string]any
+		expectedSSHPubKeys []string
+	}{
+		{
+			testName:           "Login1",
+			mockFullName:       "FullName1",
+			mockRawData:        map[string]any{"sshpubkey": []any{sshKey1 + " any-comment"}},
+			expectedSSHPubKeys: []string{sshKey1},
+		},
+		{
+			testName:           "Login2",
+			mockFullName:       "FullName2",
+			mockRawData:        map[string]any{"sshpubkey": []any{sshKey2 + " any-comment", sshKey3}},
+			expectedSSHPubKeys: []string{sshKey2, sshKey3},
+		},
+		{
+			testName:           "Login3",
+			mockFullName:       "FullName3",
+			mockRawData:        map[string]any{},
+			expectedSSHPubKeys: []string{},
+		},
+	}
+
+	session := emptyTestSession(t)
+	for _, c := range cases {
+		t.Run(c.testName, func(t *testing.T) {
+			defer test.MockVariableValue(&setting.OAuth2Client.Username, "")()
+			defer test.MockVariableValue(&setting.OAuth2Client.EnableAutoRegistration, true)()
+			defer test.MockVariableValue(&gothic.CompleteUserAuth, func(res http.ResponseWriter, req *http.Request) (goth.User, error) {
+				return goth.User{
+					Provider: authSource.Cfg.(*oauth2.Source).Provider,
+					UserID:   "oidc-userid",
+					Email:    "oidc-email@example.com",
+					RawData:  c.mockRawData,
+					Name:     c.mockFullName,
+				}, nil
+			})()
+			req := NewRequest(t, "GET", "/user/oauth2/test-oidc-source/callback?code=XYZ&state=XYZ")
+			session.MakeRequest(t, req, http.StatusSeeOther)
+			user := unittest.AssertExistsAndLoadBean(t, &user_model.User{Name: "oidc-userid"})
+			keys, _, err := db.FindAndCount[asymkey_model.PublicKey](ctx, asymkey_model.FindPublicKeyOptions{
+				ListOptions:   db.ListOptionsAll,
+				OwnerID:       user.ID,
+				LoginSourceID: authSource.ID,
+			})
+			require.NoError(t, err)
+			var sshPubKeys []string
+			for _, key := range keys {
+				sshPubKeys = append(sshPubKeys, key.Content)
+			}
+			assert.ElementsMatch(t, c.expectedSSHPubKeys, sshPubKeys)
+			assert.Equal(t, c.mockFullName, user.FullName)
+		})
+	}
+}
diff --git a/tests/integration/repo_commits_test.go b/tests/integration/repo_commits_test.go
index 0097a7f62e..b8f086e2b1 100644
--- a/tests/integration/repo_commits_test.go
+++ b/tests/integration/repo_commits_test.go
@@ -24,39 +24,59 @@ import (
 
 func TestRepoCommits(t *testing.T) {
 	defer tests.PrepareTestEnv(t)()
-
 	session := loginUser(t, "user2")
 
-	// Request repository commits page
-	req := NewRequest(t, "GET", "/user2/repo1/commits/branch/master")
-	resp := session.MakeRequest(t, req, http.StatusOK)
+	t.Run("CommitList", func(t *testing.T) {
+		req := NewRequest(t, "GET", "/user2/repo16/commits/branch/master")
+		resp := session.MakeRequest(t, req, http.StatusOK)
 
-	doc := NewHTMLParser(t, resp.Body)
-	commitURL, exists := doc.doc.Find("#commits-table .commit-id-short").Attr("href")
-	assert.True(t, exists)
-	assert.NotEmpty(t, commitURL)
-}
-
-func Test_ReposGitCommitListNotMaster(t *testing.T) {
-	defer tests.PrepareTestEnv(t)()
-	session := loginUser(t, "user2")
-	req := NewRequest(t, "GET", "/user2/repo16/commits/branch/master")
-	resp := session.MakeRequest(t, req, http.StatusOK)
-
-	doc := NewHTMLParser(t, resp.Body)
-	var commits []string
-	doc.doc.Find("#commits-table .commit-id-short").Each(func(i int, s *goquery.Selection) {
-		commitURL, _ := s.Attr("href")
-		commits = append(commits, path.Base(commitURL))
+		var commits, userHrefs []string
+		doc := NewHTMLParser(t, resp.Body)
+		doc.doc.Find("#commits-table .commit-id-short").Each(func(i int, s *goquery.Selection) {
+			commits = append(commits, path.Base(s.AttrOr("href", "")))
+		})
+		doc.doc.Find("#commits-table .author-wrapper").Each(func(i int, s *goquery.Selection) {
+			userHrefs = append(userHrefs, s.AttrOr("href", ""))
+		})
+		assert.Equal(t, []string{"69554a64c1e6030f051e5c3f94bfbd773cd6a324", "27566bd5738fc8b4e3fef3c5e72cce608537bd95", "5099b81332712fe655e34e8dd63574f503f61811"}, commits)
+		assert.Equal(t, []string{"/user2", "/user21", "/user2"}, userHrefs)
 	})
-	assert.Equal(t, []string{"69554a64c1e6030f051e5c3f94bfbd773cd6a324", "27566bd5738fc8b4e3fef3c5e72cce608537bd95", "5099b81332712fe655e34e8dd63574f503f61811"}, commits)
 
-	var userHrefs []string
-	doc.doc.Find("#commits-table .author-wrapper").Each(func(i int, s *goquery.Selection) {
-		userHref, _ := s.Attr("href")
-		userHrefs = append(userHrefs, userHref)
+	t.Run("LastCommit", func(t *testing.T) {
+		req := NewRequest(t, "GET", "/user2/repo16")
+		resp := session.MakeRequest(t, req, http.StatusOK)
+		doc := NewHTMLParser(t, resp.Body)
+		commitHref := doc.doc.Find(".latest-commit .commit-id-short").AttrOr("href", "")
+		authorHref := doc.doc.Find(".latest-commit .author-wrapper").AttrOr("href", "")
+		assert.Equal(t, "/user2/repo16/commit/69554a64c1e6030f051e5c3f94bfbd773cd6a324", commitHref)
+		assert.Equal(t, "/user2", authorHref)
+	})
+
+	t.Run("CommitListNonExistingCommiter", func(t *testing.T) {
+		// check the commit list for a repository with no gitea user
+		// * commit 985f0301dba5e7b34be866819cd15ad3d8f508ee (branch2)
+		// * Author: 6543 <6543@obermui.de>
+		req := NewRequest(t, "GET", "/user2/repo1/commits/branch/branch2")
+		resp := session.MakeRequest(t, req, http.StatusOK)
+
+		doc := NewHTMLParser(t, resp.Body)
+		commitHref := doc.doc.Find("#commits-table tr:first-child .commit-id-short").AttrOr("href", "")
+		assert.Equal(t, "/user2/repo1/commit/985f0301dba5e7b34be866819cd15ad3d8f508ee", commitHref)
+		authorElem := doc.doc.Find("#commits-table tr:first-child .author-wrapper")
+		assert.Equal(t, "6543", authorElem.Text())
+		assert.Equal(t, "span", authorElem.Nodes[0].Data)
+	})
+
+	t.Run("LastCommitNonExistingCommiter", func(t *testing.T) {
+		req := NewRequest(t, "GET", "/user2/repo1/src/branch/branch2")
+		resp := session.MakeRequest(t, req, http.StatusOK)
+		doc := NewHTMLParser(t, resp.Body)
+		commitHref := doc.doc.Find(".latest-commit .commit-id-short").AttrOr("href", "")
+		assert.Equal(t, "/user2/repo1/commit/985f0301dba5e7b34be866819cd15ad3d8f508ee", commitHref)
+		authorElem := doc.doc.Find(".latest-commit .author-wrapper")
+		assert.Equal(t, "6543", authorElem.Text())
+		assert.Equal(t, "span", authorElem.Nodes[0].Data)
 	})
-	assert.Equal(t, []string{"/user2", "/user21", "/user2"}, userHrefs)
 }
 
 func doTestRepoCommitWithStatus(t *testing.T, state string, classes ...string) {
diff --git a/tests/integration/signin_test.go b/tests/integration/signin_test.go
index 67af5b5877..aa1571c163 100644
--- a/tests/integration/signin_test.go
+++ b/tests/integration/signin_test.go
@@ -9,6 +9,7 @@ import (
 	"strings"
 	"testing"
 
+	auth_model "code.gitea.io/gitea/models/auth"
 	"code.gitea.io/gitea/models/db"
 	"code.gitea.io/gitea/models/unittest"
 	user_model "code.gitea.io/gitea/models/user"
@@ -17,6 +18,7 @@ import (
 	"code.gitea.io/gitea/modules/translation"
 	"code.gitea.io/gitea/modules/web"
 	"code.gitea.io/gitea/routers"
+	"code.gitea.io/gitea/routers/web/auth"
 	"code.gitea.io/gitea/services/context"
 	"code.gitea.io/gitea/tests"
 
@@ -103,8 +105,9 @@ func TestEnablePasswordSignInFormAndEnablePasskeyAuth(t *testing.T) {
 	defer tests.PrepareTestEnv(t)()
 
 	mockLinkAccount := func(ctx *context.Context) {
+		authSource := auth_model.Source{ID: 1}
 		gothUser := goth.User{Email: "invalid-email", Name: "."}
-		_ = ctx.Session.Set("linkAccountGothUser", gothUser)
+		_ = ctx.Session.Set("linkAccountData", auth.LinkAccountData{AuthSource: authSource, GothUser: gothUser})
 	}
 
 	t.Run("EnablePasswordSignInForm=false", func(t *testing.T) {
diff --git a/web_src/css/repo/home-file-list.css b/web_src/css/repo/home-file-list.css
index f2ab052a54..6aa9e4bca3 100644
--- a/web_src/css/repo/home-file-list.css
+++ b/web_src/css/repo/home-file-list.css
@@ -71,7 +71,7 @@
 
 #repo-files-table .repo-file-cell.name .entry-name {
   flex-shrink: 1;
-  min-width: 3em;
+  min-width: 1ch; /* leave about one letter space when shrinking, need to fine tune the "shrinks" in this grid in the future */
 }
 
 @media (max-width: 767.98px) {
diff --git a/web_src/css/user.css b/web_src/css/user.css
index caabf1834c..d42e8688fb 100644
--- a/web_src/css/user.css
+++ b/web_src/css/user.css
@@ -114,6 +114,14 @@
   border-radius: var(--border-radius);
 }
 
+.notifications-item {
+  display: flex;
+  align-items: center;
+  flex-wrap: wrap;
+  gap: 0.5em;
+  padding: 0.5em 1em;
+}
+
 .notifications-item:hover {
   background: var(--color-hover);
 }
@@ -129,6 +137,9 @@
 
 .notifications-item:hover .notifications-buttons {
   display: flex;
+  align-items: center;
+  justify-content: end;
+  gap: 0.25em;
 }
 
 .notifications-item:hover .notifications-updated {
diff --git a/web_src/js/features/admin/common.ts b/web_src/js/features/admin/common.ts
index 4ed5d62eee..dd5b1f464d 100644
--- a/web_src/js/features/admin/common.ts
+++ b/web_src/js/features/admin/common.ts
@@ -102,6 +102,9 @@ function initAdminAuthentication() {
         break;
       }
     }
+
+    const supportSshPublicKey = document.querySelector<HTMLInputElement>(`#${provider}_SupportSSHPublicKey`)?.value === 'true';
+    toggleElem('.field.oauth2_ssh_public_key_claim_name', supportSshPublicKey);
     onOAuth2UseCustomURLChange(applyDefaultValues);
   }
 
diff --git a/web_src/js/features/notification.ts b/web_src/js/features/notification.ts
index dc0acb0244..4a1aa3ede9 100644
--- a/web_src/js/features/notification.ts
+++ b/web_src/js/features/notification.ts
@@ -1,40 +1,13 @@
 import {GET} from '../modules/fetch.ts';
-import {toggleElem, type DOMEvent, createElementFromHTML} from '../utils/dom.ts';
+import {toggleElem, createElementFromHTML} from '../utils/dom.ts';
 import {logoutFromWorker} from '../modules/worker.ts';
 
 const {appSubUrl, notificationSettings, assetVersionEncoded} = window.config;
 let notificationSequenceNumber = 0;
 
-export function initNotificationsTable() {
-  const table = document.querySelector('#notification_table');
-  if (!table) return;
-
-  // when page restores from bfcache, delete previously clicked items
-  window.addEventListener('pageshow', (e) => {
-    if (e.persisted) { // page was restored from bfcache
-      const table = document.querySelector('#notification_table');
-      const unreadCountEl = document.querySelector<HTMLElement>('.notifications-unread-count');
-      let unreadCount = parseInt(unreadCountEl.textContent);
-      for (const item of table.querySelectorAll('.notifications-item[data-remove="true"]')) {
-        item.remove();
-        unreadCount -= 1;
-      }
-      unreadCountEl.textContent = String(unreadCount);
-    }
-  });
-
-  // mark clicked unread links for deletion on bfcache restore
-  for (const link of table.querySelectorAll<HTMLAnchorElement>('.notifications-item[data-status="1"] .notifications-link')) {
-    link.addEventListener('click', (e: DOMEvent<MouseEvent>) => {
-      e.target.closest('.notifications-item').setAttribute('data-remove', 'true');
-    });
-  }
-}
-
-async function receiveUpdateCount(event: MessageEvent) {
+async function receiveUpdateCount(event: MessageEvent<{type: string, data: string}>) {
   try {
-    const data = JSON.parse(event.data);
-
+    const data = JSON.parse(event.data.data);
     for (const count of document.querySelectorAll('.notification_count')) {
       count.classList.toggle('tw-hidden', data.Count === 0);
       count.textContent = `${data.Count}`;
@@ -71,7 +44,7 @@ export function initNotificationCount() {
       type: 'start',
       url: `${window.location.origin}${appSubUrl}/user/events`,
     });
-    worker.port.addEventListener('message', (event: MessageEvent) => {
+    worker.port.addEventListener('message', (event: MessageEvent<{type: string, data: string}>) => {
       if (!event.data || !event.data.type) {
         console.error('unknown worker message event', event);
         return;
@@ -144,11 +117,11 @@ async function updateNotificationCountWithCallback(callback: (timeout: number, n
 }
 
 async function updateNotificationTable() {
-  const notificationDiv = document.querySelector('#notification_div');
+  let notificationDiv = document.querySelector('#notification_div');
   if (notificationDiv) {
     try {
       const params = new URLSearchParams(window.location.search);
-      params.set('div-only', String(true));
+      params.set('div-only', 'true');
       params.set('sequence-number', String(++notificationSequenceNumber));
       const response = await GET(`${appSubUrl}/notifications?${params.toString()}`);
 
@@ -160,7 +133,8 @@ async function updateNotificationTable() {
       const el = createElementFromHTML(data);
       if (parseInt(el.getAttribute('data-sequence-number')) === notificationSequenceNumber) {
         notificationDiv.outerHTML = data;
-        initNotificationsTable();
+        notificationDiv = document.querySelector('#notification_div');
+        window.htmx.process(notificationDiv); // when using htmx, we must always remember to process the new content changed by us
       }
     } catch (error) {
       console.error(error);
diff --git a/web_src/js/index-domready.ts b/web_src/js/index-domready.ts
index ca18d1e828..770c7fc00c 100644
--- a/web_src/js/index-domready.ts
+++ b/web_src/js/index-domready.ts
@@ -15,7 +15,7 @@ import {initTableSort} from './features/tablesort.ts';
 import {initAdminUserListSearchForm} from './features/admin/users.ts';
 import {initAdminConfigs} from './features/admin/config.ts';
 import {initMarkupAnchors} from './markup/anchors.ts';
-import {initNotificationCount, initNotificationsTable} from './features/notification.ts';
+import {initNotificationCount} from './features/notification.ts';
 import {initRepoIssueContentHistory} from './features/repo-issue-content.ts';
 import {initStopwatch} from './features/stopwatch.ts';
 import {initFindFileInRepo} from './features/repo-findfile.ts';
@@ -117,7 +117,6 @@ const initPerformanceTracer = callInitFunctions([
   initDashboardRepoList,
 
   initNotificationCount,
-  initNotificationsTable,
 
   initOrgTeam,
 
diff --git a/web_src/js/modules/toast.ts b/web_src/js/modules/toast.ts
index ed807a4977..087103cbd8 100644
--- a/web_src/js/modules/toast.ts
+++ b/web_src/js/modules/toast.ts
@@ -44,7 +44,7 @@ type ToastifyElement = HTMLElement & {_giteaToastifyInstance?: Toast };
 
 // See https://github.com/apvarun/toastify-js#api for options
 function showToast(message: string, level: Intent, {gravity, position, duration, useHtmlBody, preventDuplicates = true, ...other}: ToastOpts = {}): Toast {
-  const body = useHtmlBody ? String(message) : htmlEscape(message);
+  const body = useHtmlBody ? message : htmlEscape(message);
   const parent = document.querySelector('.ui.dimmer.active') ?? document.body;
   const duplicateKey = preventDuplicates ? (preventDuplicates === true ? `${level}-${body}` : preventDuplicates) : '';
 
diff --git a/web_src/js/utils/dom.ts b/web_src/js/utils/dom.ts
index 9cdf6f5005..6d6a3735da 100644
--- a/web_src/js/utils/dom.ts
+++ b/web_src/js/utils/dom.ts
@@ -283,7 +283,7 @@ export function isElemVisible(el: HTMLElement): boolean {
   // This function DOESN'T account for all possible visibility scenarios, its behavior is covered by the tests of "querySingleVisibleElem"
   if (!el) return false;
   // checking el.style.display is not necessary for browsers, but it is required by some tests with happy-dom because happy-dom doesn't really do layout
-  return !el.classList.contains('tw-hidden') && Boolean((el.offsetWidth || el.offsetHeight || el.getClientRects().length) && el.style.display !== 'none');
+  return !el.classList.contains('tw-hidden') && (el.offsetWidth || el.offsetHeight || el.getClientRects().length) && el.style.display !== 'none';
 }
 
 // replace selected text in a textarea while preserving editor history, e.g. CTRL-Z works after this