From 499f3a9ec950ae3ae7df286fe0b3e13287c2a8c0 Mon Sep 17 00:00:00 2001
From: Wei Zhou <weizhou@apache.org>
Date: Tue, 2 Sep 2025 10:57:09 +0200
Subject: [PATCH 01/10] Resize volume: add pool capacity disablethreshold for
 resize and allow volume auto migration (#443)

---
 source/_static/images/resize-volume.png | Bin 10420 -> 40174 bytes
 source/adminguide/storage.rst           |  11 ++++++++++-
 2 files changed, 10 insertions(+), 1 deletion(-)

diff --git a/source/_static/images/resize-volume.png b/source/_static/images/resize-volume.png
index 75c63ab7a96331bacd6e302522c767fd3940871d..17b21d19951a268c84d927043ba9c524ecd39248 100644
GIT binary patch
literal 40174
zcmeFZWmuJM+bxQZk1ZggA|UWMQAA1U5{!vTD@d0j-6b79qJjb<CDJMiN-7;9D$*q_
zEhQi&ExpF=`+e&;_OHEvtRH)=z2_T>%z4l2zT!N`ImS5e2Uip?QSN5gO+i6HDRY^u
zOhNHCnS$c4qMd)?UmWM^?%<DIwwE;>C@7eGiT`a08lEwtp!kPEhJ5atOUy)%iOaQH
zE1NU!e4&O-?pyc&bB*=t0h%wmI<{N3yy7XW{;c(j`qZfbtt&ch<=h7UvY!%qd;8e|
znr$4_TBe$QXZOpx{d4bF=wri>vCSR6v3-`+hU_PI^k!T-kyPi&W~)0AYSV1lm21`V
z`YJIZisTofuCs=Cxkqdvem1#yQz*K)xVWomFY%)YKZ9>+W3M3b_mA{*=F@*Z^xblw
zG4U_2_utr#KW?9*`QQJ?vCbljvpqkpW)*Th?BpNOzkH#1>L;0Xe?L#Z+ZY|!pnJ{1
zcl#%rdsQ(5I(`CFz6r$^6xYUHUfo#sx2z0v)81pE*QdbDNLqi<`H~Zp;=ldIc9EOL
z(eE?0pCmo3I$mxnxPO?(?%a#^hjm8_!j;X};!`#pA8<0TZRxer!6!a$^XJ_f6FDmu
z`A$>WUup9&<3FJ*)htCdt+C{k<#_%*idBVsJ073x2v1r%CSC12c%1vK!X7L@{uLVI
z+x)gK&s%pLyVpu0{VU10WL}U^GMdAslOrg%@!`U5#Rq<0{;s@#GURaQ&sW49{1P*L
zs+nWn`tTq}lz4KZ>HFg1t$+PBFfb4j5>oz%sjJ9&I+wGdHSDCy!-o&=+_{r$)zzja
znC&lU(e{4jX9{VyMMWu)K`^<v#%zzYAm5LhC({qoj4_bn6`ydQi__CK2_K6dPWp=`
znB9AMLa8ZMVk-rOt+m*wrSZjtcd4nVWzCP6&lKLQcyy3Mt=p-~YHp-qY1Z5~GLhrd
zsp{%#c{Y_UZ^u>pjYr%eCK*CCY0-)&B5M+i>d3pA<3A01i7gw3tht7+Jw9<Fkk2z~
z&E1Vd6=&}INuN)@>V*5)yL@&~D_*|*>(}R)n3yx}i|k#j7Xx<g*<%sDqSbV+G(aUo
zuXtr)yxqmy)6?_DjT;v)-fuO}>6&Em`1Nm4Py=g_MAPEI0n*G`Lx?6fsYzU?O)+F&
z-~AIJ<Xoew=b<DLjTc{T1bJ0hVx%~FC^5(W*UKaPmHtJBz0cY*7%3>8x#FVd&Yc?@
z8zU)eX}NV-<+<*ctFEcZv+OVsik3bmDq2t+65zPTJGa`mxzTuu#cImb%xvuQy*(wX
zQ{ptPOFhm>im{z(+IhJgie&O3ZXHtr22T$SnW6Jf)Q_il(b7Dak5~wezRWj05fR}e
zBfY*kxx7l{`h%K}b=h07*}|w*gg#SQUPv=jWh11U{2iy;R4(CSVDjtN?A+W!k@Dm1
z8S#>yg{#6{g@uKbj6&=(i4G(6m?qN{+32rS>zVZlqobonHBWTi#$J&IY(*rOheC5R
zZj63?F5GQf`m4XRYa^l27~7xyW(_kvXK>&^MT+}y6^qh|$lm@YR(bLlgNTX`5yNjN
zm8K4`2kE=Jt@><DQ|H6kxb*)0dp3or14oW<l2lby<2@H6qt7ik6?vB4r^IdV4}Sdk
z@h)06Q-P=-iq>0yQt^{sG>>h}CrO>`y7cIXS)YOJx#XP6CpSr?GoOdrE_yO&aSSiV
zOOx5=pJYeQ4(bmjjfDuQSWlcJ%}yxUzc1`R-W;lwAvC9_HLga5ZL&*BszfG~?Ib1N
z^73;1Re?ayg;w>lvNF=Z__#RYVey81`M$h6k9zBBY3udehKGk0;@*01ZYV?xO?G6B
z3{{0{rRAz5DYol4)WvVEjnv1A3%h>ku<Xq?Yj*DQjEIcX)YWA=eE2XUqdTsw6em&O
zzBEOt=(Ri?!NI|?;I=*(B$YnlI$gYE@8F=#DJ~@Bv^dc*qG5h>x@6N!P3?(ax9do3
z9c6!KzTM!)`l|F$hWC2PIISk<le%bO@72k?$jC^{)b71|C)(1wZnf(Q-}>3|@oZ4r
zMSO++hn1fkG?5anvqllRZNKlf>wD`iQ~wI`UMnq_liFNvFp2kMBVn~EDJgq!vXkPy
z+~!9cS5{W?^YepQFDXU~DJ)z3+iKqP_C_h*`y@KrB1emM|Ne_X%xA1RvwtvLXjor8
z5NzY{#hi{NvMH}$mXDOV@>qmic)v39>cD!R6cu?@u9`A)>CDOWa3#K>Pbr%t`=w&L
zV~$NH%DBc(oDBKbF0LJc=<6vGiDX?kmWUlFa^%t09aLm#X<fUrgOv3hStdbzg%=YV
z16ZU!F!@%C=<dA1#?P<P;rH;NxoxE(-x+MkXki<t9?h#)?S6g#q?)3J$(hDXS@_7!
z&dp7KSe=TAIWiL0+1ZJ(mYtoAwQ+7s)m-ZHE*W2r_ug2Z8LaTRb0_A;kJagtzG8Q0
zf1{<zu6DuN80j~4%fAPMq>piOPJG(IV(HOhoK-yEB=_potD{GcDoM=Tb=dsixytPI
zyZ`g&^CNLlQBeq<vEt6@8t(>{N8*=Wa_Azc%#Ll{zSoqm7AaR@*|Xq&WNIqsaI#r*
z;+e&7H@os|oSBnTQ)??Le-HTc^m=c4^6+H1PZtXd3brnc+LWv>PUiKc>l9?3ixUm%
z8)@%I5-y*&92kAKn<m&oY*Rnv>S&I=0$qoT24B>}Z>)tiMP?+D)DI#XpY{EU*n!Zp
zB<?h^FL<&m@6yGK<rNj;LB>W#>xemOxxSQ)Kipn3y^*XvKu5<h{fWe9Sh=tLf?CS0
zAGMK1PLunCKYsj(Q+Vw7am}>0_0=VgW*$zh>`GICUWbM=^>UntYR)WmCmf5k$S8I~
zROs*T-|ll%P;g;9qa?S(GNX7=t36$}B8X)=@#U7S+yCAssN?;mrbaHQ+11_Mrl+vg
z;2nEXtlXPAdSUDCJv{HP3q?z9uFdUWc6nyUQ?Bo|{3<*98rk~&%taH5%W`r>>x*6E
zKYx;6;w0TH4;bq%aBy{9#@6=y{&9=XCtIAQ55GR|5$<)l>Ax+;|3tip{pQB{#>NIh
z+Gx`&xpU_}VXM~~&%L`@afnAx=gO7GQBj=*4kH+@q=?Axug@<?t^M*T?Z2#`plY8u
zCpj{MEq-%5O)ziqJeAGB=-`E+DUO$NwzR(XDP;1UD02aZ`MxL5TMU$B0fJ2TVDEBr
zaL6esIg1=2BASDJ*6i#o&xhaV>E%LWV!HDi6N_Jq)V8#>ZD9Vr`tQ;0-R|S}<;xfO
zNWQX#yX|`J3a+sVii%$A3+=I!Lc)C>bFt37t`$tqVPRn}U%o`F5v=d4pq5&*ogckQ
zvs|OUF*_8hBxWOs>EJ0@v!CiNAkEf`Pv=wfE9CmJAL7(_b}aIf&kk{I`}*{jA9wHH
zr(%)x0QkFi@80U-WYKIj2V=}L$I<=4L@Z=v3pJ~c5tR*zJbkkq3GhX8?1rx$@=%6W
zj(Ot?X{Vy~suS_=*Jf+91@BGwl}L$-E+f?j`1xH~#2px|%#V>W&6?SUEAH)~b8~m+
zxYUjvc>U8~G#&3<vn-xs2PgT3(MywGL`6EKDv_I4+fAxJ7|;Zd7YW+6D4o!~^YX3M
zqj>X~Ii#viMW3p=M1|-dwjx57-=4kylDj%@MCmxci$chzSE3-;Zm^sZ_wxPYztj@H
zZZ~nA5)pCf$TZrrWlQ~@l#~?pG_B*LfB*g02Aju+*%Sc4V>n!${KY!2WTu?4ex074
zzWU-In;-7<*ohOD$mGBO{+oSz-Q*{3NGH!a*6$b_TjI-?B7Kz&>DPo~PQE&Kf`jHw
zS{k;Xjr2>Uc***09&PEm+RDl#(gk0tSSjxh{8jA6wNIaad4OyROcT?{8h?_7B|bvm
zt0U5oZ20xrxq7x#EVlRBAWQwU0y$AJHrYeBqobqRo7e2#bn_LSCXc6P6BQnjzaDfi
zh5J>$P3JrHZmij0t29}$#l=k<X;bK#y!D~|`$<I3MBqcV3FY(D)X>l<Qqpfbdx@Ig
z$jE31qo~L4Ux;f~LeYMvIh|J%E~e?1d_eL_r}LVt6VA!WA@RA+4pmlGmOFpI76=Uq
zAsbdaVrp$oIuSFwB(+{%=(X-v)YJPtB*&tCW44CJqAhi1Zce;;2WGgYhNpy+1aQNl
zmU`uWR=nIB>$NH868{GeXlP6#gpx8!Hne06>OZoQsvmpO6d(jgz3-ps$O@-2)6TQD
zTFZ&K1ZZa6JsbMeMT|0lNj&%5*Znj`Mn`>1uc|nR9g10+R#~RDSePjAKEv(Z%U-1D
z=XdN<RrJj-DUqAgVmvf7?pgdSNF3SJ$l(uYPn^o|-nMPq3B{OwH2V5|_=o@6DZI3Y
z4z-P!?5CyG-8AmQos{|0O@DiL6Za69G-*#o%OYZX-9cD=HmJv1NlyHX^b`U>c;Kz^
zwjP(kz>_CWt}achD~A$OnC1QuJ4j;V_aK#TX+?#}^6W5WZ#%IwvbEBhXwow?mFYhZ
zznnkaJmx6e;~1J*VeoDZJB75Lfx!*wSlG4n?c29QLxwbO($m!n`*T8&IfQ!Y85oi+
z=O;S8P<WVZ;7ZlyuA7qKx47iYwI!~Shh`=R_B~jPc*Q!Lq8-i5o4_vo@G@;m8$wOC
zxRE`-39EcX<cHLMA4wV;4}5tLB)Rf>JkE1<kxM6^m!F@XhsUNaN|2c9+4Cc*I!b32
zTKF3znukQI`=+JIk(?T2x1}jh#FqD~Q$?hZ@bHD7DH(tbDadXY?(e0?sRP1e44SaH
z>g2Roywsb*8M3lA*C5RN#op;vp)f$wE4gnY@!mwV63<Y*7^36cbE{s%l=pC0CqskS
zWb&mTX4%W^Cr^$wCk34ljJfygSK|F|n-Lbm=ab4QV@K9k11Q6~Pn{IZb$JoiUe#|;
z6O3D>*3}j%c&jy3BC`uOYVth6H?llEf8b$jih9G-(}N%X-HN~!jbnR>#dE0BAi>s&
z1%TFcCQg>;Y*|8(WM`I1!*ET6c;ADR<m6oIp2Az>YDQMikW)T(sC|8bcpS-ZqNb|)
zpmKewZ`zVtl;>4pBf=E&)62v}ug&!(K|#UlQ>TFq3YugrXNRf+ZAQJ0(~n$LS}}?h
zY@gvZnSAdZf2P!M#O}1#v9xR4K~AfUKQ{FSxWgX!O^6-6rA8CX5g9>`VqXHVk+=?@
zXQZFN)9%#4EBa4qf^XlxjR6KR3fEuf9U2<yM!IM5`hCNv@jyNI4Qk2X*Zu2GQfkSu
z0W+F4y#!`K>PA*<@TFo>=DS^Gs8#HC%iR2Dl%PeF<#E$z>FL%0G_vdr$e~!Jt|7A#
z<z&WCHU(J)1;I#peb0sP5WO%-V;UNo`d&u@-=<iyPx9Bj$;hy=-RQ7e?65e4wK&qK
zD=EQF%H&G9$J@+B7Lun4yd3d_;a7}B`(BGTTXvwL32bd`wd&5l>M9x#6qMIti6h4w
zDbFZu{eGcMTfF5hz3P2>ng@>_d2K9@giD_Qj*18gc~KiZF(e;|+-4P;B3zi%Xu7h5
z+~K{6yo+U6Um4HP_n0X|t{b!!L3VnNCF`;&=~-u*a9VxuIv3W@uC9Blb*@3GuR9X(
z*Z~N1z1yLIKCqliJ6AqVLX?&D0{s-9b+<_S_I)NCp?uFZ9bzu^EdA}^v|?@@M?tOq
zq`nO2%Gc?jRBVf;k!PZWghsaYiC_7NSw#toEG+wJcFlxa6vnv!iw!pt*kj%I_J&W>
zJN9G847>B~sC)-Ysih=t{S5nb{TskN@<X>Bo51)eEk*um#96>2_AZ;^g*K#F-5@>t
zs^it=y~Xa)MHk%M+_bc`G&Lg~lyr3g1<RGB)`#4*E?=&s6z+Z;62fQG`~J}MShi{7
z3j|3;a-q}YN~c9e!PwbbPOoy=|M}-SC>l~Gzz)jc2B}S*j%l%=NWZ_gZM!wrBu&On
zjv9{`KEj^SXd2_-FId$f*)}xMdh6D$ILCFdOIXqt3nLvHn&3Msv!Av&n?za8HlAA^
zefG2`SE@Lg?cf55)Epx1{UnsYF4+%p^kwO<r3SqHI=<lL<%RvD+-n@fBDH}V&UOym
zyi|7MBKb!{d`4}tMOFup#rK#7Su*0p3rmmLsuK!MR>>I|@uChtTHdG-z|UkKgP?iK
z-CeZC4RMo4{+ar@RI*u|*}rm5L94)i7+{-+^!)jAn-9y0tEYub)RRwy^%?<q;&20=
z&<5jRU>1c%CY?)GWBpJUVDhr7Ry}Y&tKGdzyw<y={2fdK9livo=zFi{e7e?{_FV9T
zl8H}kNNiF>tXY$D!R#+*{5SJVMu&rJ;B0q8Qr@(s+oA}v=;Aw*hPe58M>7FWO)~il
zazgladZX`d?rLM_dv35DJ2nKIb1k>Ixw+4M`pn4lb3WTo&aD}nm~76)Z(4dx0;+!Z
zIOojG^5)CItd2EoVc`!$zARo>gu+y1qvjUc^*6`$H}}&N>uut9Me)ZcQsoxDAasSx
zr1T-T3|0imB^c9}VLOF+N7Y2|NI8yP@kv1WSugr2td+lKv@yXq^PTJ5kL_owPn|ji
zusY#7W0EHLp@I9H{pv7@G<?gx;?O(6ED`wz-bRZur4whO=^4~*Lg}N+OlfE|e~CYE
z5FSB}JR4nISGSI-PqU<E6iWSMPCDZ@e`Vt@ZW2ll9(H!q@s+3-Q@pIC1O#g#%cq&^
zNCH1bM#QPl%+>PCI()-INx3gh0NH+<bc(KX8mbJ&usnbF`w|6toXfzjk>k$YcD|Vs
zU$t$DbFP27gZjq5%pkAJ|KUUBKQHo^hKA_|?+pis1w&)wjY%7Cm5TxLPkEoed})Yk
zAJ}5~?aBHd{#op;7i8V4>go>C05$=m3rQxaXXqiRMEJF|wkm+D7_JWA?sJZ8Zeby{
zI+688CFztxAS?I)Ve6RHAUQ?Fsg^gPeqm3Z)IU89Vu=ai7u7w!AX30gSyA!P>QUhl
zISY^YAnM?kmuZ4yD~6xjMCo0~a?W2H;g*R$c_wN%zo0S5x5WrQzr6~N-M7aq`v8k(
zQ?-xPgoK7>AP<#~=zuDy?wb#<stXe?UwqZJi$Z68ecGES9<8jbJU!R%Y}=!jruAx~
zWFoUh&viH)J0m|meF{^#xv@GOPQz5MXdo7A4Md$jr@1iNc=OYpZAi~yrTrRte-akB
z5ukxAhp@c7B{`nr157;=F=`-^>K~Ly0)qreZG2N0e)sNOwM#fLX|yL4b#g5u_or|C
zu8_Ka_pX3z6ko$9BtCO<^Fv%(2r#5#y=jkqH1wkOLocNLwbn#XWp3MZs5X+n!aOH2
zDXAeww0U6^yADO)N;#uV%$Q2do3`JQ>&4*P3T^}*Xss;VE2?}nrCjixth@$)v-^=Z
zkHvE@KRHK!Y4Y@aEBW=`sDD@xdl-c*uO#xwUA}zyv;o<{<PiwM7cXAq=YKQg0|@o%
z%r=`8FNpl9ZA?DK&0Q}V-T~sIJwtz5V!lFZ1DHM#)muVSuR)Ghc)KP>`TT;f*UDH@
zU^D~Za-sdO?1)8rkF|P80Hy}igpgII0D^Fv%R@{AEvBUY^f86S(<;DhCULH8$B&nZ
zy7fjH0s|7YepuLnr9F)zs2kRhDY0Lidgz&%H%1eJKA@<v5?YeR=4jl=bP92#+E3G=
zPb%@&@9pgStl?cIzB*h;4F>WXg{HX79nbptQtS(@d&um3Xa7N_So=L=t@rK!N@_(5
zS=pycH**V2uFhB`e)zEQ{gV&yxmt=Ki8K%*$8BcUUxO%KTU%RQEsJ~g^YeT8@)&jB
zkFF0bb1AQ16AJ>Ik7$fTYid`k<gk19Zjh$te31qQ2H1}cHFutx^aG6y-{PChYA!A#
zzf^f9Kf#f(-{@?r%leYkhq|Mp;j{4u;EeCJCfyA13mD~=yCl@*1}^sNBG6It-j$_=
zg#}y9S_}jbi-SwFs;UY{%5vdUwB5VA^xq};x`u{(G9?zgql_H&2>$wC<(p3?s_*-l
zzgQohu^2w&%zuf<Ac8)hzQ>rmf`zH>z8Y6qU+={2a~cIv?s9_nO<aicU~8p=RLu`o
z12eaOzc!2QsG5wZidBF65;DU_*NacL)IVq>=^qJA(+p8Re&6lQYg%ucG1{YNN{40-
z7v%ao+B7TP!S~S7eEy?Ls21)s=ErSN*wT<{@dw3~<Nx)G|NqB7v!RQv<K9lp424O+
z6TneOJumG<j!fzjvqlkfTI+v*$>#q6)#?AyErg^O?=gK)b<97a(r?`8*Y~Usmz<oO
zpe`VsT)%$(+O?MB5jq2tlRdu$d`oW#Fi4X#+AUDFW)RDMc6|KT4YrcAixV{ZeOWvC
z5BVD*k0L9IdadP;Z-C<KFZGrB{oM!L<wkr^bpwm2{YyVi-NO0%jMgF*pAqONvXiO$
z>NrI-$j3-)@);@V>2YGWeuf;Ei;)4NcqyUL50qKmkGklJ0QxLs-Z?D}eCT#=^HFW%
zBUFv1iZ+*|A1a<mS71-S1oC=g4d9E09=s$F5O~>nx8fe_hN`ONiL8cRltZAQQLkM`
zHbD8N!acLFP>lHehl!Ptq9Lw4r+{jqv*`Y2c;v|-N$v<8l6Ms6*6n_NwI9@{iZ89`
zo+>NL^zyOXJeSTya$s?E2%4CfK+y;w37E1l?Y-$fNJ~_>$fo|4FJ(fJCtJjnfS4$r
z9lZ7aN#ytIGM69EJ1$=;oF8M&>p8V+X8(7d8s(wYNrOE9c)dbrXYU|_5It&D9zd@U
z$BRl0;get#fM7>9i9u3ie|SV^EOsj-?3J?Wao1&K4fY}@nTv@Y@73Ivo?O~sixrpg
zc<++K+me)?uGsM!_1IJlXqz27cKF`C+tS`XzTiglCN)*3!2XpV!IJ<CkupI~l=@N^
zZKi5l7aSK7YFkbyGay(QfCA7!rg>fBw|)vZj($a5^85F1m-*ksNF<tP3L^#Ix&=P1
z%al?$Byp66hFLG$dAhgDx=4YXUb3<BN-jc3l*ZwvtE(%eF@LnU^Avciv5jQVCX3U3
z`W=$?LzOY24$vwXW18`1)N^SzeIJ<HsB!sc(o7jf<*mLfRk;~MlLrTEE7wjKH9G8{
zYRoo9@umv6PQ@(oyT`dNke=VTI_xCwK%GImzES~XN!9U){HaD$0kPQh?Cg2G=U}j2
zv74xk_LVEP5Y1x6Zk^)g{RJ|Gh0oAWEu|;VrVmS~s-YnQ9U_oX7#lF&jFPy^sFr`V
zjU~0XEZVD>@@nqRVAlCJ<H>hx2E1jiJU*cwFJfl^juK>1{TWol;N=gC*nSsm*J(C<
zYu3%z{1SB*F{>v|oZ#cL$JVPaGe-h@2blzF6qa{sqNCZ>OGc&&HIBc(KT+l!|BE;t
zBF;>=Vk5WiFq#y55D<1cL7II2yy0gTQLpp8I{p2WI4koVCh<KGbk1#3N&%LlW?2A*
z?mQSM{OE}2tPi#1+YU<;t%!~fEgpye+Y4a%VI<Do-rj!RZ5<5tlsq34A1us)U_z=8
ztn#}oFJFr_ArFCssjsdUYgPgZqxkyr5rgqxf4$UJFYtaOQc<TA!ya*bv*8XuS0C&5
z;7iQQ&?eMVHBNi3%u9N%m~IrERnXJx&1#T@>@}2`$=6^rYAeF*Ip5gQaxL&;mdngQ
z4R=wk>nOfNO$fzz&+pFwWv3Wr2|<y<c1rB$)5tGVnU-Ul6En><Sq(8|u^yhD8AVft
z<LO0;<Wn3R&Xb)BAX~gagc)a{Tpvs?n$jxqDppHb7*Yc}{(_I?BP#uifegcL1m+<P
z3=c0L6bQMdMMOko8jfg65C`*ixtRG=GbU7x5HX435}%m@qz2_>WN2vFQ@8-+YB|$M
z2-F}XNPI@sVc>d%MBIM1oTPczH92J>1x`rJca|9VTKpc~+OY8OG|jBU7cUGx-`#}`
z?;1KnzI3SsoG5lE7!GLQ)~9RNew9);NX!NJ?PZp5>HmB$Q0Ypi6HqO)+vri@B^g3w
zK8Y(*<U4Nx0pbd|Px_dMNPYpzDj?Fv#ztvr>FqwB)_bU!!~~qDbfW8?Jbn5!B&2C5
zSrGe>q^zwi?zQGZEuQvgFVQjG`s=pCJ}}gDbSFpv)PEvFHZY>me93B#zG95XX^S?_
zgvP_n%pVNO9)AD+olQxFZ7VNBAh-f6kL=Xci3ca*G(LDNgOg|&)g;CyF!I-4eiEPO
ziX+WQF0NR96GedaL0WJuAO&x}(;yqxK0RI6GlHGXZ&J_6#nn2#fWp+7*8M&;%hbro
z36fj{x0S@;93vR@v7~rz-NLZb{J8MPW&0cVBXJ@HMMX8qP7~iwo434%TmjxHGcyyS
z802@<?v9vX?OaP5g13k2o>3L8!TAJi!4YvM`K0Dz$TkliJUD**cm?B|*RS^lfBpJZ
zd@BC}Sy@GekV8iT8V>mnr{(poeD|Ry8-BdKh2WFAJP0K7ahuYAa)H{_t5-2GsoB{A
z!Xta34U9FtlHAm-W&;z7vXzwSIM&2yo!<`>9(qE_dd3Hldk*Bbzh9lP`{;9DXhUoy
zNlD2FJ-0V-05m3C3eToxVcG2WWhpN&k6TS3R_F1aTYpi|?4qXLMCL%@QgWm8KEAL$
zU7sN^5fr;OL>agz+?l1WrnC~|x<z}s=XhG)?mc_Jhb2uc&CM}Nd96XZx^Uq_!(at*
zO}c_TxklxHYpUnY{rl-UmOIGL@ABo#egOfNtxC03RYaohu%x1<p6<%a(95uC4I*xw
z`#hcWQ{wZs{RO-y@F)KEiS_?DEZmgiyk!d6P+e6uvd%cP$}q31tLO-B_WO%LMAGr`
z@xeg|(=Xb`yNY5qpZ`I)7if=AT>|s=>ALCkd17K>4ly$`)6hI`H0>;U+zjVSRYOBY
zMh0Cl4$sGrXQia1($u<orT?r3Q*@o0y1F_zJ6&Bal3TIl(WB3c{l(H)??+-sKYX}5
zO^uO`Ze)78uXmWZ_P&HhjceBovpS$-<JDPoB$!HM3y50q())rHW5t3E@vhrcpZofx
zxVaU{@PH_=skle5Hf<>l;8O(M1cD@^*n;@-U*2o$>png{(l7B<#TGPUw{MhN3i)5Y
za^;FU-5+#vbXZ!~)y&43iMy7aOO45@NthS|LF;ndjr_q*yWhq2R{m$=-$ot9Xx?>L
zPU`wy-m#ZBs&GC0FD#LC-RZs-PB;~n_M5&{NoaI&&50QZvnYQ5UVx#l!!zBN#qm-7
ztNJ$E*&&(ex<ibNDQl)#9psl*)ma*xkf4mSI{Iy0+}#0kyuCMnC_0H8aVjdF**GM}
zb@JrQ>?}-2V$=t*&%Ynh`F;Z=;u!=i1?HwPM@W3Z!NG{Ey}iAGO5X|`k~%CQd^*6;
zQ$O!O%_6CztUNG1?Tt7bZ`Wuts`FD~S}{(-6#_K?(QpOiIo%?s2bHfP^g7*aHsRyS
z&;R}90WH{VN~-0RmGUoNjvYHT>PWfyhVIZIh~<K=7t++mr>9wHXc_^1%IVr#S`HjI
zko}VuOZJhL&PJF&rBzE+H9R~Va4Eg1scDgW<oxw_8c6LR$-wJ&8nZwvUYhE0|NZNR
zNeFJwK2asKDl9&}1Rp3Dt)Rr7)76cQjxIt7hgo6!B``6`&0`?ME#GO>*RT?+H=*;L
zi+^{qUSGl`>X9HQQN~%3@`;!z_)wtF15*cHZ2nF?iMqfzOEaTA&$ZYjaj+#aHrDE$
z2J9XEmUX{oXTc%t4`%E7P_JucH3=CiRV~Hu?;Sgw$C{2yNa!p(LWa}SbcLXVAgRUq
z1R$6Ch{)S2o0F$cH#RghEGN_fAJ!c_co4U1oVA?S=fx;s`q;wx-0?J2BSt1BOVE1+
z<Mv?0arx|@1JqKiGA~^Lu_Y@j%g4{pM0Lr{ZROcHA02(C(9qDXx8+&w=YFQ9rE#4)
zHM_Woh0JnD%E*|$y=AM`811CfDsou(v1Z(|NuSWYiwV2-5HAjpN42%t9hPAEkWKUl
zSMT1tck)4v>iP5M)zs7wN2?4^adQ)V;CLe_rjg-cj2OK6@qhmL?jc2#MH2QiPW&p+
zW9O%Ow8@AU*4EbU5eWv>d33b2&D$NA*%7nDw_Kf>nV}2`Ncr|n!${~3@KI>h(DHiG
zt?@+5YpSY(B16N&uew9MiSso%`oc8Qjt6I)UR+OExhX}RCrvG70yOJet+Y>{J`oB`
zDDGcIMn+otUZd#&8XKEw1fZu+4-01*7XT@#Y`3|Km#=S;RENPkm@?GW)Y{tH-C=WB
zS-F4zKJt*z;gH^E^*?|9#88%;krSwQ?Xv5+$$MB<PR_!@0-A47kdmpXsg6!eP*Bhb
z>f<D~&@tGRNc$193j54+4jnk)ciGV~J8K)OlvJN_)=7P66q;scZ$f1L`s*(cOP@b~
zmRKfZ8)#^-6Zx>G2*r-Qhlhuq-Mf+!Z){UUPG9O*t>(AHVq49vB#y@UeJLwDc<2xg
zS(723tCtccBj(awdYa&G-@g6)X^xtd_b`c-H9QvByPESxJ?~AvNF0-}!-Iyrhrv97
ztNgKc!OJ0RLy@!}s_nqOWngiT&g^px9AROgx<bRkhN3bUTHvaRjffc8_@R~7MsFN;
z^a7T(J^}Fr#uLcFC}~cgK0ReK>>)sdveD}6NHshrWq)tqj$m@&05AvCH<%A`0NZzP
za&tcl41~I7;~%e~s%j(@U6z&m3~zw`=@M6WfGt#Jth6nkHp*V9SWh1>)Y$_W%(%I<
ze}U}=JhC#9lkM+Emh<uP1zb!}Oakq>lZvX%Jm+G<X$&SeS4db`n4P^+@TS1Cz4bJ~
zzkdDlT3;#f-ptiX+d<8Y?F)0tu3fuivl_r<V;(pU`SZO`Do~%puE5URE*^eQ1tk|2
z71BuCn5_sgY2~0(^WovMv9UqsL1s`<2@MYJ@4s_OHcQ^$N+CTnD+^f>t|lzzyqhOT
z=^HnmHyu8R6v)IhxiL#1$<jLKsh{$p0c8eNm6iL5jkvu|K@qAxu<8k=xMKv2$lmiA
z-VTTElISWY1-8)Hzj~6CSVmTh_g{CK?!}nE@JG47<L2U0?G0dMW#xf8>QF=w955=K
ze?#P(_Si#BMMbr1myCi!PKPCYQ@VwYX0x3j9Plb%rDhU)nLP(@QNiMG<q&yg<q&=;
zh+EQ^E^VUP+wRj3`5BI)`gCW7OszDivQ6@PE;{@iA1?xs%Q8_Ku7HE#_3PJ!xsz#G
zYcGF2edw8q?;{tjt<%R1EvhYz5z(EBdfMCbz&r;=L|w(zv0Yl*+7Q>&qSA??(R!aT
znH<A2Zv8o+=}pyw;XTEq@z#`xCY$7{JrH2u9E-#^z<P5iG$3m)!t1jwC)n9vLp~CV
z<p#zti_XVJRc26fTlhKL$(gWM`~j?K`<Mk76sCKNQTQ0;XvxXSGSm*Y-gej(!5`HQ
z^OK<Ix!I*9YD!AM!+R;kW(8$-xi{6mY=F<r^-gGM{}nY^tG9hQDcW17PH;FdC#R=N
zCa4hwMhqQ}6b*bC1ESbBdU|?JMQ2!96X2>qKCHjdXDw!cnEWa!N&Lto7&qm(3%-ON
zV<pKpKP>J4R^sgqFP3iC#VCu%c7wlX2CLcE5EzT<qjgkN5?&^<jRTtE1@8?1;k{Ep
zCLa0)U*?h#P#KnTRH7;+mTw7&viH6DWO^j&*|TTmD$+Z)Z!g?_t*FNuWW6t@K@3F<
z3|G-Q&&rqI*V|yk6jl#-SqElKHhzd5c!1(v0pe#}U5*AP)Fy({K7018i;D}HOa|Hw
zJy~YR$0X)>*>w`fgPDz<h6wePlxaAwZ{CPHjy^{4$9|%w4hjg6XjWAKj>1(=k%+J=
zsk_@mDGfCl+ljL(g|BkHDGpd>+0RW1whisQKDC-vVDI&$!&0)M>I(>f=6s)+I%AYv
z`Fw9raB)pS^0HnVcS!5kAx!%pJC4@+<-gA;ve6!GON-9SbJo*~o1N9t{`0zW<vVCL
zpa767+Z8Bf4`1mNhC&zirci?Oq^PLqi4!A$64-V9wnz_n4G#_dUR`w_Z%ZpXdi){c
zHrzrFF5|`rnXT)0n(!X(?tW?KowhwjB|WxrH@~%_Q{T@Qwp8J#83F@K<)L}$oVY_9
zj8N#(<X$IJl@9d)p(Q;%9h-7yx_)_QoWOCwknitVG3wNZ-v;(AVp*Mkw!BGBPJaKs
z`#LZC);_L75Ig=<eA|8u4h&$khDSx=j@&1{y?gtXmpYmzTgwU%3-zuZs;H}15wCI3
zq`#O7KpoQNJk(BgQvv#}l<oK1J=RMzGX;>g7=+zKvI6<2Din@SNxiO9t8zTZzz`K5
z&qD$X2#iQHlW>k4sWV77xOp>NNfZKl^gnJ+!Y~qi6eZRAmG-lrI<=n$z^dwDAVVOV
z0P(s;Mg+`U^zX1#JM_gd@B*X{&=fSmfGLTIi3s^9%k`Z)jN;l8Tg?+*ya+qZCA)eS
z>r>iaSyeTLY#;4xn$o%g0|9CUNGhN%Qmg(RJ|f0)<cLQi|L%PI?MIDzN3uRN&|`Pa
zEiUG2a3U}v#YrVFTgN%{=2rbUX)>t9;VFi#&~4#c^2S*JW;vt+GVY^CfG-Ao6c!n=
zDP25V`ZCzdFqYVaD+lV|(i}MOa&Nb~SagntvYD9~EWCWJPebG5^?`lDT7>`wlpR8k
zP*o6sMo$$WK%u^clT=SJSZI)#0@4)FNmw+dJlw(deRN2@c;H18pFE^P{?eKslLSSg
zC!!|2M?HG^qn3$-HBwW?Yz!tKI5w7xBo<r0-sD>y6^`ItAL$nx^SrE1f0UM%Haubj
z!fx*GCVe;&V0Vm&Xutm5cif~v^V>1_Xf^jIA(C0QQJ~nD6<0>|A3QpN=+DW?S=-Pc
zg(X`xk9F7|)A%gRfsTbG!^2TivjfAAj#le3<U^nlu8fT1jjpRMp)@o8EIcw7H<n6>
zGa@|P52sF78=S0XVWRSFH5X(EMBJ@Ddm!*4k;lDyO2L0jOjs86#KpyVjlGHxix$Ur
z3m^OJC>9&7XO7T@WtWkY%j&S?auON`DS=|H%s@s-X&PQ4hrcfy8NK4WTUvMi365NK
zDJZ~-va-m!ALXUZ_^zfIPJjR|t~&FaslJlF9Ll5@FV34yeI0X@-Rj4P&?y^~0aPN~
zG4{UMQ~-Jxj9!2=JRBS;si^^v9zA;auxWe&)rE0Z0k$3J6yT@ofWP4QuKM>P?j-$m
zZNKfe$wjamO-;(LoHegqyB3<JEt|TqxG1@FPaNmb_7L|&0_B7maYPS|j{{@$9lBJ5
zdS~fp>o_(KiWwmNg{39PZ-UWv7Za|!s!yT1U!`HiGT7PKVJY!V_<#JpE*3H+Gb5w6
zj*gC=-Uo*f#p7J4h&je1*~0~#(=uNMWcGJkuW=Hjtg<rBaS)TZ@t=Bwao@i0gM%vS
z>PdzYI1Uh#TS9XtOG`_Ul=g1FfQm$0Vp#%rs}7+WGC)mD4NfFHbl6&rI`@j*7R)oH
zG$5Tv2krbrKiGu&hG~A+;HCxZTdZ^7M&fC_9|bs^?uf&H7yTYO7%?UfD+5@Dq_#Y=
z2Kp57-i7b}2Lyf;?Wh}Ix<GQbHWnJkik6g=G;NWO<X0d=K}8gYUfW=2bWpvTw1msR
z<*v*Yt+wdv>$^1CSXxST4a*Cz2<crdB`5Gw>FV#_FmVDaGfR09A3s+i0YC#e6_GGc
zL@Aa7V;mo6M9l_ducP)(D^0dW9^`333)t)1S&1`-3PHJ!LzOf%V~7OqbOVp74EY!W
zg`yS442ER7$~5^I0-=(k;_B)W=jDC7@Z+4CR%DpK{(bvw6RC6Dm#h;Szae&_*3VJC
z$7L^aq`KWGuM167=q=H<G2Os~q89wGqBO6G&`TZVnMMNFNmh}fmp**>F!Ijo%Nf+c
zx%46ZgM-a3u7?_KO?C<*y90hOl>%Mv+PTv-y8m~zV{i44Jw9(rN4IKeETaD+Az{JI
z6Whr@D_)lZBT&`VO=}-dNJ!`^I)uCPr@OIz#P?#tSVvZp-_VaAxz1c^imv5xXWR=l
z^A6xbX@R^xb8LXHFudZNXb%54PvotuS7|U=Pv)+m1b=q=^WOR-u=3krlJ)P`c@1kl
zdWE`c9|1z$&i(W^g-E=kSPu*?T}2Pu!r^r8J&r4%z55^8@zj54s%NryiMop-nf!;f
z`oH@T1czyk)_)j`o%q=8`(bpqhF=x;+{))21lvKvicISM&)=Xd?!D*d_>nikg9pR^
z@87^+y_UD_1@R$}L?jYmB-)Sun`{ZoL&;3bz|h&7Lws~_a*~Oj{v-*fZipD_GaqoO
z*l48v^z?6<(I0k%h9(ev$23FK<M{ZD`SLv|rg!hgY>fYNGk_SQ|HD@EG{h3*=k)YL
zFaX6re*CppI<^fRN62`9#$rPR&ojF7b7?6ni3FVJPG_&RgOdLtM6cxJQ;2wckrPht
z?hypVr{jq805;vz!vi=>tn!$#B9qu3hVQI{SU17;|1TzW{ulE@nV>R&cfungwA0#f
z9;bSW5U2%Rk-cF}BoXK55sSG{G}j@2wG<>F6KCJTLb0Nrslh?4h3BI(5rB1&?r$*-
z>FL}80@={OP%v573o`^#`CdqBMqMoA{Af;&mIfRi56>(YW~AlZe+Xe?BV%L2*io`J
z3q;}6)0d<a5B*6#N<b!|F@H)w%eW5RR?>zDn5fQ2W*fa%yZYcR?@m$AfVVKFhv_~Q
zla{iwJ!B}jXH`a&A7KC7g83KZOr{2B`YKW^dVi$)>}$ACC<kT~4m{)txH!nN@yi#6
z#;mF?a1rn#u_D)!A)OQ(R_%{f+_sE!N%8nmcbz5dPYAVZV3@;>CA6ByPLKOiv&2bx
zZ|FMrw0^JKxMTQE10Jgfgl35r9p$+8zP>*CRup*g?o$PbD$H>7$WKp18I}jJY@&lC
zgrFLqk(dN(UnV8-XuSPsop(uE`po)#v((1#n;>5P-MRy9Mp+)qv&aS4$b`2B7cLCn
z4FsN#xgz{`vP(;kF&OA5_|+*Aii;pLtKb)4u=4;Iirtq8pD^^ZeZjyjXo=!tWi6c(
zXWV-q)DMS@F~BD=Eje0N9A~y+KwlZaxVoZcDNW7d`t|Q{u3CRs{y{J*-nO>C2)i6+
z0K-xtw`J(-U%B#?VH>PTCQ#tyo^YB4M!QditLrU8bs!JH4%kBoHMkfsu8b&Rx`4qK
zKf)ax$$yCq%sW*yEt$|bT4hDKy)=NH9}F5NsX0->9d}B9ia1oQW6v_)BIVNsgS#)Q
zs1TO?IX%5u$qLfF&UkgEf~Bi4KQ|;IVhN2DewV@Hpt}X0`=%i?v_kahZ?34*oaE&6
z0I9F_KFuPeV6I-Aj#K07^-)6feYTs)G2m{~=PT;!?cKWo+u#38PQlrYaxasDzJ^<0
zM9x)JJxEXQS|`|!wu$2c0xb(M=wj(H<WqRcdoHP&OSez}Jz__X-oQk{irtZGrEP4C
zI`s?sJ?Msqa8(Zs1u#9Y$4T4HZU*!Tgc8c_7w{G^Yt{wBPqqu&gp~HXz%EIN7Lx!*
zVQ$cObyXbd>DgVABtGvAkEPJ$9`DU{RF5EBHE|YFHM6>Fb$>(|P8E#AL4SW%7KKoC
z`_UVp`;kxzCqS`+ZF}?PP4(Ny+d)%Ht&Ar8;NHZ9(Q)f&sHhBf&owJarJ+}(?BT%(
z9s36kBjVHVRdjWGfI;c>J>I>3eVGgi>>6Ym!^+2m=QXmfmfo0<hGCP$<`R~a+<5Lw
zRJ=~TBUoikI7JCBaE88=F!ivlNSxcxH_*QyRAL<_C9C`@(am*&1mOrX;^=LB_UuQf
zhwAA%X1s^Nxe7uBXH#-e;DdgP&HQAwiy+XMG<QrI3*9W=OLIE9t{D*liYhov6nEpx
z!$A_Wem&Olr*B@Am8~8q^WTJ_?%`#0W%g|>=9Qn|(auc;@ggbdRr&ZRbV&F(ogGF{
z0${ezp0uojA>s*V0fbNTm+QO|vz4q<BL&0>3qR)2=edN=w1#z7Y*?scewEnK9ZiD|
z{UB87bO1cqgr3M}i>zSrjyXnb(wy;UT>PkZynlV#5y7o%o}+~*hR%yM<&;*~+9(h6
zUPnWT&vr`t5>8{B7`WkEz&8$8z(7DO47_JzpnTEF2bce(o4uFUhE-nABD#g#TwPn+
z+lyGvzL@9GhLxPCPR>AwZ@w9HCKu`)%58*f!FG{3NU-U8#ad*d#SO<X_c!Ix$Os1`
zQMk_-(%7|yMn`uUcGMq3u;zF9bzNzSaO^u8GG!ZGB!jRoHg8Qv<06Mtr)4e{i10Ds
zjH4mJ>-)bu5W=F17I9Xc*y!(N<!KD2{Izu}i|Y`Lkr)rmipC!w3_vBeXWLN*|8c4%
zSXM#TDwx1G(Te9+xwbraMuv~1tg8CT(j|YzgiOA>zchwU?BsaW5lIh?lvc3qSsfD4
zTB%3Q5Ys7^`iRl^PY(|G_VpjpHbhi~sNO5u)@LbX1Isb2-m>RSEwQkai{O`}J51No
zy~_@&=d<YbogFj|1eD}p1mp;8(0}hTldPIT9(t1$r(D?J`q_~0BxC)n^F0prY2Eoo
zW}rY2#oNXlu^FzO*M(7MoU4%-M0OxmXI(8Q>d)XHu=A#DMF6{q4T7z~a>lL2;GG0)
ztvJ_cuf5<SXR_}H4&Z;D3jp?%aRNO!Dngux<a{pF#|%CP#k1W#M)UQ|(@0`pL>9?+
zE7rF?%{rH8w_@G|LNQFq#@<aBURo%cW?%eh5M$QSokKKw!Z$%h&qw&%<01$c;mFQZ
zXq33+PkrWy*aEZUNQ2~Rs$vptFkuamoD0y>!U{FK-YcwdJg_w2)Ag^W0+3M-2BSZ?
zV2q*tENY2xN@^Y?q{}{gboVIA$k3lQxa;?OWrbTalk9pIJz+nFhFmlV!^qc0$1l8D
zR$aMh$szW2UF@?)Q=+?9A(Bs;jJ+WzC)f41kRLe_y{g_H5Mn_EfXIGV!3=~Hr}GUt
z2q%%I1M1I-5yE9%U9PIG+xq?M<D(aleWgUaC%W>c;j3ULp$efsGyk~5a&c$_-+lH{
zGfinNma`9b45GWvvm_NXfqcj7)KtsR!uoRXHz(wu?nAxHsTBF-$s!y{uJ+F_CIC7F
z_!+_kj$Vu@C86lLc#qi!ejw|q83bOJMfcfNFjZH^&(F`}rreeP=WQm`T0_DKQ`L-e
zAe#2zbg7?NVtVXgolPXmF$<{F;NRnP#G%c<lKO@aI_VV|i%1e9;i_El1!8BJxP?HJ
z_xiYg^=K6OL(Xc(qWYq^67lG;F?u7*{rq;)Xl5E#!C}!iB)Ws@h(?i9n%`PKwYP1_
z5BVL>Tg?F$M8Otkbxhna$%1lU8+S&V3|@J<aGZOD{8u_i3AFws*FI@OBMfx+(o#2&
z9f<0$EgRycN?yONEZsw-0;(6R_vwrEO3>10BprtC+y>;cnkQT^Sp!#tIOxW*z)#?S
z+{h4k5s1v_x9=%JU(q!DfgtOSopq+b5bY|+2#10RjDWv*A(sP4hna0pPDv>Nu!y$#
zAbR|`G#L;%f=9o1fFzm@sXn3BSWQz?6wQCsJLYiz6innDu~Dwr%z*m{4DYK9JHZnH
zrZC3S9yowbU7iKtmB|`$izW1n5N)DhyRci)XPgQYGlj<u%(~5#(Sc5$1>p?zLZ|0~
zo=m-8i^R)GcOetJG5je8KCdLs%)mr{2Cc1NPLTr99d=6g{-51s8F{rE_>X8}!Lt$=
zco@)j=2XL#2Sds&NRE@rU7FyTycRo5pp8mQTLSx{-KQU@DUeBAO_K|)V(c;~ljo=V
zHUTc$k<9B!F!ul`Ap?bPBf3BpM#4;qFRMs0doLh+3Gf!HS5sXL$q2<CN?8!0VDQ}A
zTdB~Ki=Yp!Emh3|m<|Nu`3o1iirDe-XP&SB`BOan-kj)hy-sU1usLHAk~=12CTsRw
zhwIy+YTa`Oq@|zeK4J0AB;lbC)u#%XU#ASDuN>6Wr9Qil+Hu>qE$4zS{5nhC_czV8
zXJ4DPo;owy(<H9IS0crH_-50SL!E3}r`uT=*qUAAYJ+P{;!NWH<!G2R#v>~5G?f2*
z`PcvQ>FWN+r~Ci;A9<YBzk6T{L!P<@wGXZ<K*yFAjWo3+*8|dK!&<Q9Mar{5euDA{
z(?PnfINBW5(us^>dqd@#>MducdTE3Zux9_!Z%SD{ovzCEN^V3?Yqmu@H|RWG-mkj1
zh(+K&Cbow^IT>{cv$zwdl$3tk`_l{Ud;#PBYKiQ!a1dU*230y<`xNnJ9bQLT<7=vE
zZ{C1;YpAPJRc(FOx$uf1QbR}ESmJ0C0M>KhN0dI+Z;1EXZuxrY=~dMnL}s8(^BnVo
zPlC&(K1zX3v=my6@+f|f{}kWbhlt#!WpPX47E&GJx{>s&7wn4k<$^!6`9M;EX8?KY
ztV&$*tDq7!f2JGm4kym3NH?a6H~9)2jxA{x!k|mCxZ#tSbt#{zrH!nnKfklxrFrFm
z^aFqYJ=E0Ba$~r_?Q~bir@^<xfmuMvdRXOksXmXY`w?e%1_VY_cJ}PUS+p9VfnS;(
zoh2^vv<gs3z$|yG5(Mxwl{iM@Y@tYWZrUZDyU0%B7D@-29C`l@W!n)Mu@`<~QKsEb
zO%N@`9Y?>XHz7(=oSFT~%W9#jtW4lFbj^T_Nbaeru{gWA1+A4M1;6fmz5_gj1@<xc
z^;iPZEuKR{cjU;#lmGho7hcwsYr4AYNCldlhdOd<`x?Bje?IG7lGS&#`Ea;u`0CPR
zMr!hWj0BKZ=;O!N`69cO{|r}ryR-T;>*Qo0L^GL-JJCner-MKHr$<;A89DC0O>wd^
zG+Fu~=3hn<Zz0BNx;JPKzt)bd7cWSn=8?(CpzcQcifU!B5g;H>eEhM}!jK1|{?y5n
zcItoT^Mi}p(?$lFrsn3Hr#FP6iyWt#_Lton>n^htve;%8$ZuWCk1D}Iy^)xF;>|SY
zUnfUJM{8?ool3aZV;$u0Z&5IS2^*%^%G}few^sJEXCDI(;_VdkpM5?DJRyNk$)Pe1
zW@7dE%SS8ytI#<s*lMx|bU2z<b`m=K*_$p`aM{Ylrx<oxpLzs0SJS83tJm__(+*a?
z%Ze<5a9;Gzk$5MM1V`=8qlkuR8M?O*vP@S+(Lv_o{g~~^L2QP51NGbK72sV4T<X>(
zJPRM2U1gs(Mv)b%4H8jJ-p`}9xtH{T{o(#z$!?q=H=-t@h^tlk8~|cip8dR}ULtTz
znu;mt^$Fud!TS8X2Z_*K0$&jawD7y;jf<+P{$(%9c7;~8hz+kqc?>6r_IQ;B80Kj8
z=n~a2zLEUY&T=o(N~4=cj@Hwexuuk>pva;-fn^4Eas_zH?ME);r!-XkpUkr!@^c*n
zg`K8SSW>b%y;SRRR*C-)Yh$Yxx8GRc;R{nG&(jP6X=>@?3C7)(*MH?t5@nAILy)-H
z;>=8=o_hPWJjLgNt%7MPS6D^U|By(xW}or0y1T9)t-Y3~{M7DL<>Vy)AF}RysswxO
zWw5!O<3HQXdEdNF{i;`VrfTP(Z~VHGna&uXFsB`M2F!qrnaucsmdlSgh$%W7E5Th0
zFN0}DmVKty^H{QKD{bV7Z0}PKo0^Wtg@ccA{<G#vBj;{hO!Ry9?4PtyRS<7i?d;?t
zw6Ez*2pq_Cp9`omd|^an4-pRP-TVXc4{a@DWTc+7HQh^mnV9WJqksnMpHqK=l^8MA
zJD;;Zgm`q9#MDq}+Q_ISD=VjD7$>6p^vdW>;xeQ6lJ3$+k`74IB%Ahq@VtKgnLHho
z=CA!<o^UL+`;;*3-OeRmwR=r3QVl1vJ6*S^jfW1O`^prwlmAiwIktz0ZCpAC884aS
zY#!LFG&e)GKj6zgs1^ByJ#PyFTAB_CA9$w1Ok*sd^?D~IC9ypg8$6|^Yj`ScdNXJD
z>|Wf=?0YW#V~M@>{Wih44ohpiqevFY7{z>9*5`o7cIOd{j&cjt8}iW~@cHzN{rs|5
zd%cQLQdCM9{@-b$^ZCxQ>sR(ZJU3V_X^ho@87fWZPm0&aCWsMpJNa;6WTYJhVL~JO
zrlv*Oy4(1ZnC{RK{kE#^P<@*o^j96+@%g!C;=&xD{3s~+Dns*}{lvl*&xP?OG&bG)
zbbY58V-uR%((KC3bF8~QOpY!GzKn^ATbW$6f_0a=j<1>}%1BEe@B`Imx3a*W+kOZJ
zCcV@wlPx*9lZbs*PSHKqu+qv@$>323LPd4PSv7c40L`xT9ozGESvSr4%gJIsc!YTx
zuJazI1Q5C|aCmsUIkxtI&-i7Ev}f?0!a|#-LXc**pMGJZ-o3)~Z89mrzs|a*s!B#t
zF}E{SD7q)T^VL*i&!GF_?%jLE#tmw!YxV~nQIu0^KJSk?uxN=gQWUOVdsnJ02YnlH
zj_`fl%fv-*?+K{5M{md0go`@(V|*P};C#U<v<kNJHN;qdq%ps8{fc2lB~?ESQH8LC
zzMn*^cw)J-3Orw-?tC2LDXH(}sZRaFa*{PP;8?T~()PMBeQ4DI78a#xJne|$dp8jX
zxnt{&%)xO1JEx19)00;7P#d$XUBixlH$55r{kMEYz5y@0)@?iWkkg0vf^<W5wJ<wt
z-gxKF7@uN{GZpp5k6g>sJFSGYp|P&Ko4<4CujsmTX@<#+?0X_?v|Qzt?OG=M6~|b$
zUin16U<V$++(BR9QYWNs+ta_0nqsEVrW+sN#Hv7m1}_3MxVn~&E#FICpB%Hb{~`KR
zD<C*cpmR?<E|aRs_Rl~6fOrM6#^W@&-gywWV=(yO#>JL+lOxlwf)ONl@7@C>3XvHy
zghF7Man`Qq=8@#_^FKNhQinqVVB)SaoQ2L6DbH8_^#BnU1$d|_`Cp_<47$VzykFHX
zXAHD8kF@*8W?ibMWFjayaiPM1IIgxE62i4ReI;0r+!s-4_&cUAG~oA{S`jf?l_RsY
zktaJX`X75}trL$6fd!wL$@oj;F;<-@(-=Patv4>_zhp?-PJb?h_^o4Qb7{a(Cpn?m
z_Wg99nE-!3@BZ5=Z)pT7@k<J^q#$0_jc?@UkKRlL_YWmeT=?^$c{$-57wsPk3<S}a
z=NOfb37#g#lz)Acv)1%y4R88Sc|qdS^NJZaE;c`13B7?IZtn@2D&0%`#Xs~@&z}f)
z+u_`Q1P{6Y=pTjurGNat<ww1#^s@;XX>Cza3`g(6GnSW^SCrE1mQBqJ@o=heG^EEG
zKBxWXQOTpIb5`Fm0vCO?b)LRu-&WIIaGWG33mNO1U(b+(q*htUdw4I7Hx3xF?bQ0(
zzNZh?7`($XZ}8#bjI$Kh&x4*s5)>{T-2xayJbfbCvmgAJZWd2gL8@+%n%A#^0R!ju
zVL*fI+FE(%_80F67FYc{(Lg^{D8T4xb!V=BMdnh#;nTL?KjK;)x~gJIbPc(49-yw6
z(9{9K{8pPNQDDNn_)BVYIcV?;gh4#zrpLCFlA3tT54EIAvx4yO$Vi@sk+w{1eD=Xw
zRI?ZqVGbX*-=cHaai1|@1Kfo?`Y`jXLb0sN8NzSD=nuxZPno4})BA=NTcX7mycrH;
zK@m6I8-Ej89hdm|&#Pp*0+h%ETX23SU@Zz$wDmatY^mxA|LeAYFjZlsRZk&-mEksp
z_W{ZR+Om`+mkqNxmx;$6WE#n3aVFoxLwgp-+m&|q4-ao}g@=S>y3Am523|PLSl-z)
z9jfONKRN)Q2XktFnCgf1MeU<xWHvOe7o#~g|BZQFYQ55K3g-Itq)L+o^tJCix}B1t
z1%-M`OAG9(lAtNsLaTZf%qc-P!Zn{?1Sc|G2FlK6Gg;InklObdpvtC`523l`sZ8<9
zBd)iOlZR&-T_|+t_c97i5DzBX_aZyn5j6W$IvvG#lB%{ghrZ5bne7yg)y?S1S)W&l
zu7e_t6{7)@4&neUrm1*N7Kj_?SXVG+2*z~hCFZ|gP_zjT3*!W1w3BEag<xc2Y@Du{
z^#iLMJY63xthCb(5AxB&6X`nRk%oz94}i;u$MV<GQqZGE%xF6v?2>_sgT8~9$B%7W
zRn;f)xQT_It-x2?eV#*r#u84!<F)TaZZ2rz9JD16Pr!r{0q)4UXi}&`zXIE+>X9u-
zI+&sybi51<1_)+0E)F$TFD4Dm>DZBLMc}Z}O#`hJke9=x>+OvTT3Vg(6-PaO{MNSr
zGsNWRx*sKL!#t2l!UtQwS?1z_2gabI(aa6o2?{3!U+7u1Z1OvI?P`38NBYD$xsPKX
zf+6rlFL)q}lwS06j1#?Z#1SzzPVBM9Lu>}o`wYov8d~wMhskMay4j`(#P+%c_5TQ`
zykH065tO?h%^ida1<C`~VE-~0E1lrA=*0m*?vol%)WnC%3_t^d^t=$$yF%zkAtA7T
zW@}$XdlP8qQ+Lrwf4|H?6Gi~+U-+>~KYvay_z{IJkgG!b@qi?c`Nm7wHn7nE`k*Ls
z)cw7jdc4t3;mXyk?{EXKBH_6S;8q?ni4z9}l(~&EzcK65j-y{dZ{S&vLt7T00NHeA
zkAZkQ?+2d%R2ySdmbbV!(W(J=uadkx_8Yu}kAi|&#GO(ljxcP>yaH8a-JO3L%2Q1Z
zE@O@k>|5y$N6C0J3Mdrfp)|M|9Dy$t6-2ic0+M1@@$!#oFjW`?xSuE~Z!g$laGPw3
zF)pBb1>Tkq3H7|YiRYx<|6_87_n8HHA>18<QdiLh2$pFL(t|Xa3=Pq&HCYv8GAtj=
zm_ay1Kq9Bq;rU8^prGN<)KG0jN6F$?vk7P?LJqMQR#gQjl#)9M|J5zTo`s1H2Z)Ja
z&!7V`ir79I_dS!xq!F{MMsSxfiGZ44LEl)ch#iTYeH0zz1sK0OSi}*1!CMv9wUTYe
zumi0@5TL^@y?C(`O^(FF0Sw+%=6%>$8SnF2RoHnNt%;Cc#Wp3Rq`dKU=lyVSy%8e(
z>3HDXoa`xD!ZYTk@<S&&b1de5)WNz0hX&3CY~5ecj{glHSS$kW`J>Cx$`Er9Ik5V6
zP#^3Us1EafhkNcx7JB<7&zvcS5uMObbt3-p)|o0^(z8+!^HLUlb$W+1YY@*#Vc{h_
zphxU~wD+aqRIdNO_OD%OAQc%Bo63+3nKGre&_ISvnJY6<<|)*UGFIl9GS)IxEOS(f
z%tZ*HLP7{hhB%+w{{LT}>s;44=Q=Nr7klq^%UaKRo_qLyKhuq@3ygYm^C66_m6_OT
z@kcX%e9UFU%`v`pGn8Fg6b>=GsV~r3e+FRa;p_6SD|F7)jl#6Q1nZ`N|4CT)y#)5|
zHG{85A&>;V0p3PTMH%9`lE1`DJ7-C<Jj3ji1<y6Xtb!g{#BXI85ln@hglr`tjnEVU
zk0Z$%r6~|<U`{6DRgfKFPm)^E0SZ7E(}_xRtQ;hJgyA9p?w*Gkpofll7caZIh{NXu
zT?=BDz9!h^6GC$MCHAr@pqFL%x7OLS#8AY$;m<!wXbD<2+*mQorU%Zd0g%7qnvcuM
zhK7Z?CVZmg<a+@b9Ucc5D*yf2It1pqCuHMZlJGL0YTE>|n_&k+mEUu6+ienr01yI7
zVxQ&dI;RGb5(tMHr;N*M8#QPHk$X3jmFUox#V+Gw4cnDMAVA}fPa1_HcW&Iuq5*L~
zuIDH|M@_}!+v7S=uAI!w7-}-o`;Q#)LFSA?Aa<c45OEPBR};{}0gKKxESX$gnOaTy
z83U?Ndctg^EQYQBPdIqNqwsFtygBJhP+(vj63L+3XEP~%_v`oHw1<EXAvhL6KMwC7
zU4Q~oZB{)_gdnUMj7o`T_4OB;#9B)oE-Gn~_(yQf2D|Bsud5%}f&qWg*SD(D=J{K}
zk`FU@m6V#M&Kwo`CS?3wl1v<Qx$#^C_C74iAI|@J>beN9S5QE}o9qlo=RoA6^fbQk
z65L`&dVwwoaYEo?W>%KW8R!OZs|Sc3u~U6t!jp*@A!8Y<mL%NGFm~xS$CD)}4z3`?
z0CNCFxOeo<CxX-9vTU~ze+}_9KHnWvM@_;HcTOH;4OE!8h^xr8=rJ5ATNffW5KIEV
znk@|rEyJ|vh<VLE%qF48?65EAPCDOhQpnXh=io4j^<ovFAux1J#TYs`CR<@O!E#eD
z+j@sxn)}8$;tB~mpQkf&eIv)+)Oie7TuzkUXLe|C<gmUY@y{^{cHfbv_*o2T8J}ll
z@S#RQFO~r7qn7%S{ot77eXuNnb8|~Dm0B+S)>old@z0lEr-q|$ZVTqwW2z7cGagX<
z#?hP^_%&yzrxDfXjIm}>;6!7+<Bmi80{C4qQBi*e16eo(%}jh3EOI)^VLOB$bR{X4
zory^T6A#P0Lw}_{?IG`<m)7c!;R=$81j;yo0UZd&^3$OR6=;O3kaJ1wfVhbz{a$3J
z!w6y1dV{1t;?aQ_SQYk0Ik{yl{cAVRegZz(E{q}Q;feRKL7)I;5o2sfkT8KhgK<0K
zH)F>rGEZYpeZfPofcFyuH_X3&FbiPTy4-z!5atxC9Ef<LeGLzH#74Ndw4|r4O;T3N
z%F5s+CW{A32~I{vGGLI0WQ%$R!+?k%K#UBxu0lA0A7(*=eg1Kh_6C4T-B@R^YoVZ!
zcOBCPVowMq>?AB<wYWQ;)1P0#vP-@vmR9i0AD;1+f4aFF3V_6<q^qc@;QXj70f2zr
zexvjqNsMTIG|9^8j<Da5xZ<r_RZpMx!k8x<iQnqd03sMcUOF^&+C*TJWZbn&4I2@*
zZ%73}?aO(5{|E|%!*eK{1S?^KEcxK1g4zWB31$RdV#WcJ1Xmz~hOVsh?7GDB(7s?k
zq`tZcX*HqQU`x1E(hC~}v?>w!UTVm71f5SzFn-T?CblK$nfgeGi4|gGVFZq1ykWn^
zU`4%f6k)7z1|y)vpao4d$JOtDdzQPQ{`!r`pK-hr=ypT20C{hx;RXmNyN~sJ=Zyv%
zWLDC<^kY=)!V7;mBvACv_j?z>lZDNq96Dom;U6u~cBHt{v5F31vOwmmg)$7clu(C+
z^|GZl%u1gi)FxEUB#PI45}`1kP?SqNYFhz;h;Dtu#*HYT`q0KgbO{IMFH|4owm`W7
z<(^%BSyp$6F(xLcWvHz-(6f6$e1UOG$0mM~b{Y{e0BO!>Mxj(AF?S&Up$f)mF)hBN
z4_F-ZnHT(Kc6G6R4%P5I)3ZzcH3CYv2u>!9(|&w16cBIc5{H)E&o^W0ppb;1a|x;w
zSZBz3hcqCliVPl|{~N<-kNb!F&D|N%?HNAbk{|?h1#u3w<BXme)^kw}_?U)s{gz1G
zU0hs@M}bxg9{!vURP-xQOL~3(_;(o>OwyzR0U?P69C4QN2%JU5>9;bQN)4#|*<&Xf
zzdWk$mmuRxS=L8srq}N=NS9sQZmB)+_uGs?J1p2JCQ2z301?UZK3*6%U}jM+EuzMe
zvf!YxX6v|d1bIYIV-kk>%$YFBX_Bk}KnN8*=&7VHei&S4u%TSMXvFNg{L68nlL%eD
zFJnxOqd7vu2vq`4DkW<HZPM^E!fLBq4Hj;3c%5uPcJUBYy7olOy~nv0_5Z^&B?fsY
zgb_7KsAb7%Bq7B(?_y%A=SOXi6(Kk%$P@J_tSOQscy=g|g{_E(zG#$;s3a*&D?HJM
z6x)(s5X?F{#+4qAua0B=cA+do<ij)2Q*t>~avDpI(`R%Zd#un-_2Tl;FhxZ~e3tr+
zRU4%mKA(twcAMy7+Cc>sh>wN0J-I)k_W>TplNkzy+-uwx6rGrau1STJmCG=vhXw@^
zfhowBb*@k*`{C;oW4}Qp)EnYFJeDXFd!pbbwuiU5xcPAl*6q&DyutjL;aCOwD|P>^
z1u$(G#j~-irD_k<A(Hed1Shz`(5fZC1|;QYYfH%;dZ3xkJ|80^;p&IXDuJPwq!qrs
zMO{T@ysx69-M7@TnN7NIoQKeo!-k0PyYwqkX4fLwX?G>0q;R00+_`i1*}84kJ5l!J
zG-FNJ6I%%0w@W?h?%lt5<*@@feL{D5dt*T)62GKZ5&p3!J2oc9#I-{Q-yF}~v?lez
z!(IodVw|{Qjospl_tsCEgPy*783~nd9;OWVtv<b~@^d5#VOjfm5pvw-2!X&5K!Ju5
zOc-N(uflK7dP+Vc{~A^g>L@Tr>~Od7@R72CEZ?%cq^wCZx~toy!VPC3S!&Nh@>j!p
zUvz|4zh}|R+6{1F6)sESD@mYGNG*kddFj$O)Y|N;u!X5YE1U0ZZwwuK<CI_gW}@@Q
zZ^bHA!j0bZ0|Gl<9-c3qhL>IQqJIu@`_YdrWzexRo{_17N#R2RLI|7=K1OQ>M~TxH
zVl2-U*hypLIXQe6D>_kR&>jNoRM+VLBsvQLq2sjgDr1CA9SXZ4W<>wGKf70ZWwEQe
zVb?0DFYyz;g>+MUmfRZq9TWl~?y)HdV1P2*<Yh;~%y<#B*f||+EG)msQ!;5r(G{V$
zd3+YhYFfoS{K4F^Oz7x;jCI(d*qV8gpHAWzs$PS5`qd6RbE5yLA?-8?0Dsu%?cq`S
zt(xRo;8Qp3f-YIOAnWq`N6#HfWUKa<%)AcYYcY%!9f^{B{&7-{X`MNSn`vo1uxT<X
zJ%;en=X=Wl<QAE8im|Spli#u5oM3m4#v-chz%~)Y-TWkGY!=&XL(64Uk{Rv8pD>${
zF{VWu9urfHUifCLv%}JHn1S}*k^5XKpnT%QHV(OSv|LmB?+*E#fWXKD?Qe3-cN{TL
zfB!rN%I}+Y4{UmiCnDA5N6%Sf<E>QTJ#xf2k?(ROs6M~3huQ41m7BO$uzoZu7+2g~
zzhQ%IpBa?1yGsY5pgvheOG|qtsUKAa%FMN%O2*Z;hI1&Xq>rq%6DObO*<$erB1Pg;
zEE*WI;{hZcm{+gMmchuxqlCbz&LLhQ5L<Rvl}U5eI+8$lTcFumyg|4KcEWB0p@b@@
z1b0rmO+@ip^FC0_5C((>%NWq{E7hy>tL#=#6|8hsuVnI_hTXE$kz~C=_6qaD=)#}y
z8hrY>JgYsjw)SGuIoZiizub9yJ^+HPBS4YDDn~Zcj184t_yTZf4Um)S`{g}B?P{p~
zfw<u!#WL(4I~2CEie}&f@~0a3EFPa@TTt`_PYU^-l-k?L5@c0eNznJr@98nfUa7l{
zbaYv+mw1p&EG%Dt=)&UZ;^LC*2TY7NRd3K5q6;**_P@HB4dy3_{!gpw?%^0x!Ny(X
zYV~LPYl;9TB&U%Y1Q*53Pu{#c-PrAh8XTYQF{0hh#I(QSsx{SCxkvCYTNyu-lH*t@
z5R1L)?~3w2HB)28_RXL3^Yg2_luM*F-&ou_U7Z}3YVZ(@)fHvjzVZ1#$j^^i1$`aW
z>xi`x+<=WGbS$21?tllBP4+_HaHW~$$(_jJKP&o#WceC67SzOGmaUhKLsZM)k4`ir
zWDID9;a1m6r=nLuyT*6;u%5RaI!6MIj31iBAV?n9*ob=T+~bRDL8Ob#8YU(}?kDYM
zQU2}c;n~bp<ZPGil$<3#MgJjFg}JL&1$r!tTZa~ycoRyU5`6H`^9>=RJf-|uM(+}O
zDR{mQu<Pcs_c{Ym?D2_4hgg<1d{fu?2w#HN)%t{`rKJjbIv_G%7AH2-gpHKVH@)8d
z2e^l3OXqSWDs(3(+f`1TBBEFJI!?P?Gfqw@)yA*tB??{sBAxT*jYhVq?!<I#ezkH>
zlI@Xn(Fc?RIeG(+j-pAtt(PSMBi)tX*Si2+z!_m>ZjQ~5`^b^snAtr?s^&Trk@?K+
z52$vIx`lP?hKfFukt4&mckI{!=)?_33c3QjqnAjAIYS!eYtN}`#XaM_$FQHF=5fEY
z(^@EhFr!|Fje$X9<Z{`SbKc}}W=!l*b1yszjsz70NLBk~8Jo5hjgjw;Pxc(MGj9)e
z`1R<l&KwG6$gQpNE+ik9tB(|%xO#+_H@mXZi1zX20r@VKIR)D8Pz_u-T>Ks)k}E-=
z9j-&@IgeOHta$)lvDSMFVQEGyQ28anP6)o!4Y#G5r7u@(IG}H6m>3g-7?Q_?p+D*?
z2mc5^f4wa=xV-ozW|eX58we;0yK||sL0|f>kMBNrP)24EJAMz#?lT6`%~f}(e|F`$
z0b^PCOoA2xL>R4Rz!yP#Kkr=kd&3c3ctNngg;h3mYUfK_9-H2O*bWbTOil>t|1CW(
zTWRK|--tveBmmm1-pmDe{usNAGBQssW^aOEKj10xv`WRO=Lhl~Y7f2{7^to)Y55dW
zhjQ5S?Ad{f$>kN+M#7y~AZ$oqj|D3!zZCK05Q9BAq=O)#D25jfC5M;4r`8(LJq5;t
za(4;64+)gVksjy|usSd+;J^eEL%k<b5dSUaCpWf7A+{o?gECxesW~9yK4z+!ZE2)3
z_giP(h}Dds{;iwIH7jq9tuhEMSSuawy3i39v(w(fcEWp(*!Ilg9!{Nq*bY<<(fL3(
z_+>xt!4eIrEgF(lsEaOFOcbNPmiXZJC8@+XIr<<!KY<t!GW4lvFI-tz9qYI<ite2q
zFu{o!Us)^@+&8*Cy}j4Q_|%@*&ezfH-<Hm)T<NnlpjwD&`xG&eQ1!9Zl*?s*&=}eE
zzZ+C>=v>^;^6+vjB7i_(rHA$C50p5AbAEM^^fRemWBi5PS3B2BzHw{}cl)AgI!^(Y
zv5?jh5|Gd4oYm{mBc0TFz3!Ax`*?0G`Xk&_o~0Qo;;Y~$z&AntHabvUO`+T#91%Ze
zVhNbj8#@|XT;8GMzm0$$;%FL}!+J3{P*wplj!sO>;R_xV3mDn}XEKG-xp04o4U=gk
z#@t*tw|(JK1MY7Akc`c}<M)hst@_LoE&QzS-K5h#3z?bcIf<La>ponaZSFZ1;M%5~
zB)c&<jVQ>71{YU{MY#g=XOFZKD06_Zh+Ewwf7JsSp>)d&(wAkso<2rzglaOXt9sqK
zb;I_b$-@9t4dD!+S++WpD`$T5*!1rytx8wjMM*w<*k-uYg46CmS6-Hc7C4Ta>x_98
zYLWFB#*WUzE;Scw*nZ{Pg=TS>KA{%t+tSmh$sHm`6f`XDAzH$LutUfJidFyl3)<nL
zTfEjsnP#LDZ_gf{u}ykwy>-(jej%Ywhd#H6_;`L(@h_TU%`IJBhp}cOTwqRf+u6Oc
z)u%|qk6ICp4I-P8QglZbX=4{(b5bxlNRO6fdS)H8eg%~?4TO{hmI4sUiIWAf5`(M}
z-%OGC;_T!!6vnDHw87S6{PpjQmQ?j_$Fy#VK?A4#M{|p<$|GcF^*MQa4lW%}E;6|Q
zUNb*^OJIz2Zjl{3nADyldV;XBLTG-D-Wy9x5g>6QNB#1}7fl;B`Y}}HK7Q|wdevwT
zK{On1&f&K_O_b-OQGKIZG<F}?r++tD^Z=76d!!tjfYHDs?wOjKw{A81Nv_>pSwDlj
zlQ>Ri+&(NHVikbhx&y6|<H6AbuC6AHvaM6)xW7(RD=Vw6h5W%cj5KewQ>18~5#c#f
z7X06Em`&LNUYVgkFP;A&>A`Q`3gy_Fz0dd5hp3`E&7U>b8{ev7+WIYqXNtF*Y8N~1
zN<|fkYW1*_H0kf%yFLISP_xQcpq=2lX7%(ukDeX~sbn82)=bOh1S&$Nl~d>%IbZFO
zb%Xx=b+(r5Z&lk^n&GF}YG@iQB-ng=N<OHMHI;-7s3&B2c17%zexV50L9+WR^o|Yr
z{B%=~o2f_N@yo~<n7HN_2#0-0K+s57wdrs!T5)Fhru?t??7CkBXb7#YBQohmuIdm!
zIA%{5hcF)&0tjnu)r&59+_8<Z=dC{xi0B(g2b%fop{j*@Z}Y9&eqa$q#om=U6<;2h
zEK<Wlu>x|yxK|x4GaerwyK;|pTZ3bxyxU3<jn;q(f$o3}5ww3M)hRa|#a+GY`k3hG
zvdK$M>JP+9l1AK(weASV$2&Vak5}#(aWOndBOb(ilht#)8bKM!>ncwI`dMgCUD@aV
zx~VCuCWH1?h_hOCDUKon@|(Zqt<WKv6_M9<%eb9+fT3+x5WFG1XoWVLP2Si++KIhm
zdHHI#X12BtN!8lx-5w-19~~@~w|X1*l{ziHrz_NLFnI7KaaZndN<BJ2{Q*SC4%z&;
zF_+D)7E!0?qu;{>AzD*NV2&NTrZts?tQzUcR-hEd-mecL>HKF?zVolWVU=uSQkN2n
z?0Y5a@}-&|0L4j8BthX$>L#UE?vJOw4uX!2LwHX5*6;h%@C~wic>~lp5NczW^U$C_
zFLCiD?Zn;O*+|J~b_!{I-&JvoL%DmEFhi)b3B{4b`JNP5N+G*o=4hDPXEN@e?iyuZ
zhG!;tZsdpvS@w-WQqUJLd<O90B*Oq;&nWd^cjYZl6t?3x`XSpDYAvH4uR0|#!v6D+
zI>OBOXPah*8;yH)h;;~(@+!b|J@h;$9Ff9dLbZ)<Zz3me+3^Z3Bzho3%+p6BGB%dC
zeQLqFZJJzkHxoJ5%Ozm}Y07ua#{YO$HeD)0UUEW$K&mx|*OO%FNa3P<YY=KP-m`$2
z-zW#wH#C$Zbr~%1N3VvozR=Q3-A_;%yxxsy?yhR&schy-@%h;euak9`s5+oW1PU)O
z#1Xaiq}N3P1z6OQgEp|MrpCnRnwa<k8^#K)?k#`Z3|VoFzOy;Hc}~mQn;RPm9axmQ
z%kyu&w#j?OC<;Imn%}w(45s0h4WV>6SAX5=l+8rX2xM?(`(|8devM;iJt8!3-#ZXV
zn)W2M7FZV9rAL655f<;KDn~_M6)qYET_xH>=bv5M(DTEe;fbsU379FUI^eegb1Pa}
z%a){Wg+%Jwc=$_H^sMp+IAxk4^zQ$`?T;2H4qp){W&i^a5c^-F-$ouC6|aX60WwHP
zhT%7(`T?q5MERbjo{A>*pBpzgy}sVRdDKR$56bo@VohMof4yQhwMHy@JHe*Q(uTy&
zwlo729$G<?TNAR2?Y$tfWS<k*w@-0*V8L*4^1j`C$O@TYQN#Qt^dA;pn~;uvU{1D}
zKp-e_1wfR%0Js8ON5$jTmT@Y-t0i$>gjoR|uoFvFXLVeGjiXm(Qb1@p7t(dqE{`?X
zjLCoDf-&WSl4fv7$W-Ydece-Qh`(nph@!acDZC+6@lAB0C<nk){j^gra7P5M({%+j
za=0T&4w!bAvdb@Ux7n)kPAzp$vQE|Mp&cDqU2*4niSw?0qPDay^8!@qN`G?$3UtT$
zCL&ERSpZgIRO1ZuL<Vjo&|TE&P$7-t=n#B5@0kR2@SJe+!-1{4@)`!jo{69QT3HZ>
zGplv=!SbEQ7fhjGqJwO$@_<ZS4ms=n{ry{*g(`t5;oJ_Z=7c#yi{rBatUyQWPy+fC
z{+otu!}3N%&%?zJH+dDgmD&6Xfe5RCEhjrOQ{qcoI*iopI+9{y1QnPCtBa=y#2VHr
zE2;r#rB#%)pkrnG{o8@mB4iKs1xe$>@i5@Uor)f#5zENT^ug7F74NR{@xFSs63gW2
z)4|IVXaHw{l6C%4cdwy4Y|Tk&$$t+JgxHJ_Dh`BF3`RU+65g-@B(8SKd1D-gKr%9G
z+*gU$0!fB^!oq%_^+1`W!w3d9GGb&8AUzvfKHX94;UtMh1Ip!{a_D=Jeh3toBrhI?
zc@b-&jt<P0!wU`QU|PNC-RYN(N5ZBv+yOiq*?maKB$h(J45*c{n=~G>LW<f*b0RaO
zD4ps(`@m;<W0L@s-jB+ABj?peXlu}agE__*c<^m;1|QX!eIW@f;9Y_dz}zDPlo)b<
z(EH#MNSwWv7D60w+5!l`m|8=J-cvYw=owIA<SvmK7|95rj)6zwiq+9Mf=ncs1&RUo
zCA)>CrD{B2WaXa#c#YUj9I=)DR06_-h4=b(gAZ7@&ECDs5b|o~&GBu`u&rZs85AK<
zi12IdBbVC#9q~edya~StMT<J527tz(q(zb-RxYloYY@&71;OB7he;L>;UduG@}_uP
zL}(>S$|FQ~ri&aDu=Q$38kBFdv+mvvCSn<E7>)_)0B$ZMAb<#f$fM>4R<E7g-wlqV
z-6E$6#RwXLDy>8%fd!%=dmT>S0Hspdl2SwShJ~X`bQXQ;W-dHN=gw#M_=2ytrNK&x
zgv8;O<X(cp0+kVU$9w^x5QZd%`0$TPbACz5pAe+HtG)X+<qbH5SS(Sb5Jm$DMh0kx
zjK}wT6bg{vg@5U=e9Oh$5gd&15u@Vjmv}1#xH2#@l6VCuO2A9v;d;*urH9{HCI`ge
zMeHmr=k)c<uo6PFG1*-RK+h6DJGndPnS}h`Kd}gL+XM^;oPl1&gglNC=`S%8XT!k3
z;@b+Hc|8vD0W=MYiy!%9xWD2yZ6K`@T>b;ijj(Vt5s*|_(Su;U5wc4#I4q2cXeWC1
z_f$JQR7cj<U$MZU%P<~!MspjWK>4L^(K3Xv&7cOuIK(7`wnh2p1-nfIGwb~m7ANx9
zKrUitLU!#7h8Ki85aXXXCjfJ7%dUggO|)uf`ZyEDa99Z8!7v5v#o5~1+T12Tcw*~}
ztQSZBi!Uq_5WFaFqXh=zD{wPb3EL=4Wt`;$LLbryn9Ko&l73E@DfJF`jY^0M(AiQb
zS(%wOjhrBp2rP{`UFe%;+3mKr(i}7@eT0z-jVBI4ggzZ-2O7e5xl>&Z(8=cRkMV%X
z->=WXI)`;K38Vp9?%&JH5DDMf%1TZqlf#X2+EB+EDLHrnnHDRs^S!LCZMYYaoV*7S
zEtsEhi@mftKb)1H#4}-*Vg^bK8UR+2^Vib&05XwL;rQAA`FR$kH;;AXBvbb6*zp8*
zW^m*k=Au||ksv4buX`3^hy3G`z=H%~j{+h9&Sh7~enCM&VPRo3{ovC~%@&1HbRusH
zBQAoRhX9`Uk|Z-T^HdL20Kfq^H=$+Z#CJYh&}doIRy+cw%@N2K0D~Z54gD6I{O(8R
z4uZ173XU`jHN78#YxWx?$6@&)e9lPvqFe){9EDGwIG~@$AeER=hiHrl+SE@YyrI=g
zIgMiL=2rabA{g{5PpcJf7a@<e$<i5NAA8L@q`{+LAu8>#oxmOgSVU{1aWfLU)YbJE
zGjX2*^jP0NT`to~efNw<Lq`HoFE4K$Tw{1lBO;y7TJyJ@H4F?Al9CV|(vSWUwZI}r
z0#{3Mp~NZFv^b*U)Ttn(93c{}(!Goodlx5CG_YU8p#<u7j&A-#8v3FOCB2|jK>&p*
zW98g4?p^LsgAt5$SRwy&rB^N_XIG9?u7j|y1_U&=Wbhuz44(lKpc#YQ13jv>2iF;6
z>9B!1xzm^$P~PBgkY0A_(xsX`d02<d_v#Sj%ypc{9}kz1<nU9$^2?tc54Hw?6|M=W
zAPZtCzDZnen+Cjz6&ZDXFWL`I&Z&I)UK$}5X3My;Yd&zzLcsfban9K%#v1R0kY|vL
z*w?!;;JXDo*4^7eKzHQf;NZ*=8IQi&u-#}S`2F95{ssstwrh;h@=YZh{03M4m@W0T
zd?SLT8Co3s_m4iIHgGAITL3iFP~m0Nsz&on6CVM66hOy9=qM(FA{7EL$5H01(7r``
z0*&9i4g<|K<@=s`R-ol9MB^_>B2=Icd+ZbFO^|`+gUty~ESgz18)x33Z>ITpedw=h
z=)^$661@sgWHdnFZHV>?=_g9G)8PLa=Yr;lxZl9i1rZ)I)zB1Rssog*2gley+J_$2
zxWbc}W=ssbG}^^#tdLlquCVRy!l5kjRw?1fY1Ywv{8VbC91BZXSFZjnN(9g_Fg)zq
zwTlx&Vfk0B96viv2KaY4Lcf8(6FhkE$J`v<wrxn{evK^%y}MyrDfvqbbae3UOL2FZ
zGccbJuZ+d#fxa?)_fP-Z{WTd+1iAPAUs1pQU(@75X8UXbL-+vl<JKb0a1>nr!-oi?
zQJdupZfl@o#E8bLg35&)6SyEYZ2Whg5wQh)e3A8lGBzob6oM&-#vhvlu#=ld|1pcO
z`K`T{4FkavOgk_%RE*&lXpBy}>>}2!+*~=gZ|5MU$@MfFE3jbcV$M_5jDivhV-o(%
z5^eHgNSb+?9#9MrB#1yJfLj!b8FgGmLiBNIag&Ea2B~f_HNg*jI7=Sh$N${BBa%+B
zMYDeKVp@l7$AN=;!~CxKojVr?m#xHtm!~%l_}s#U1~`w}IhHU6>Fx6JazpTGCCwz!
zP`h_F7Fdh1b%`c6Pg2Mg+_OvJur!~;x5IjbP+6(S3)=VHz`z@JIY2sPWsJn9;px!9
zcwW(HF@J{q>8v^aU?f^Hb8t-lYnw8j{VK9|9Kh{cRLu)L4kbAX$W=Nr=mi0mI3#UM
z!`MB*@C9q2zxp1>lYm`NSxKoZXU!*+4V}5Qy(nJtS@lM!hN96WBLJ(do{vcoQiO}*
zc31JYrH5LvRpFe|=f-Q^9<QPM7nD0G85u*UP!KN;!-Gx*R+MWi>!34fasISEU_Is<
zvOhPx`pD&3dtT(nc$cu0)O*4I`gLgNbsv_OFQP<3n#dEo`0CWvXa3h$e66aFXB|3_
zb6|d|*Hm9;RN4~(SG-(Y&&@^4GS@EGeJeEEecC!_PM>az2xUM@XH^;g{bHc?sHCJW
z?FGGwp4Tmt&8`R!b9+Ga_9)VrEsN+afi5_`6V=f{2wY3Gdwe7YLTRZ~_x0wvhY}8&
z|AOxSy4ZZCb4Ai6A`l~Dcc|u)r2FWH%>BXRZDmMO>D=7LW(C(93fnLFX=Ff<7sHmJ
zBXRg}365-4-cr%W!OYy{^y(G%_CGerWfUS{)CQ@nyUDo_aN%qWU=>tC+hVt;iCb2A
z!}<+Wqx<&%^dJe)`c;{3*4)~u7(jc8+vDz;L%3{%>H;BSgNz&T=?@$<4Fv9*S&6v=
zdUP{ebETQA8O=~s0l3`Eg#lD@$6Y|qYd`LGZ(XlL$(C2ibfO9P!5Ujea*=4RWfPx^
zL{JjPOI1KGbeB2%H>>+-GVZVRDIJHXU!2@Fxp>%xV3UZ~@V{EAidN4s`wg5*-OZ|Y
zNsgCyp7Hc7+pR(-sLONsb|@6w?~t85kq=!P<|GyxPB@qUzR3#ip}c~)FYt+hB7^T)
zuxX{w{j#Ns4313cS#gTFuiqW=>T`?}xsiLO14Z_-zqrw1$z)}45+NIg*)HJk2BzYt
zuccW2mnEyw^kfJP4f~Z-ihpa%?QgPXRC=4Tcu}0iFwdy#M008Q^N)_b#8~!SoWs5C
z+u&gOQ!F$N$qIH9JA>?d%1%a`@Ry(xVZ8b|vv@r2p+ly~p!VI~UaK{G-7|epjks_a
zHK|=4c^&7^YU<yA>gFA>eeKilZHKK3ajLcjA;Ft*HzL|1I{6=jv+EI)*)<tYqd0&X
zZ%wR*&8Z5qK@<wFsJiv4He+U{iktxa=l@!@Qd;2iQ{7Ig0NxxdWNDv2#|V`?D1C3k
zXFmT0#u>#%VxhRA%fSds2ji#rQjxv~^D?)bId#Tnlsf@x`FDLf<U6=L!)<3!&}0Om
zL#rf{68<*ra8XoLOv-CH$8wSTZ|ca~yxF3@Nla9UFPK~VE$Sb{ea8!J-B5GCCP+|k
zvS6bhQaBCVBA9+X70n}&o>+JDOoi}!_hez=Vz0TO%7}H&pcDavr(|RLcMNA`Wuv*{
zr`N2diVA8vti$4FP^O4qIF>EP-DF*)u^oX@7%CH~OTPWFrgsM_EryvHzpYwS9}j7o
z(xiB9v6U<A{(x7wN8>1Rny(>N0jyku{#clf8(m65^cb<CYWmOo&QH#6P?ON($3G|D
zQ;%;CetwUI@kVW!PZOSwnVFeknFjgTY77D?*B@sYUm-^v%?2a`D}|i~OLLuq(q+7@
z)wz*nyw&~XuWYFY=>3lus*aDa-gy27S*~y-+U_S0&TEAKf^vH1mK)C*+9b*G$_9g>
z9kzYNKD}>ecb}4$I5O8e(VMF~4!>8_QSrv2D&+SOcR}WwD?R&P?QXmI8EqZv+B*16
z5~-kt-4PLyC>Y@YYqpHtiL|R7i`%w3?EH{1%p4nq`(f%}lJfk#2pdq!=hh+(UD>kn
z{2RK$X$<}bB!tq~F#8~`?c+b6Fi>gl%RK5;Kf#>X7X#H+Qqm==zP)6HF;%56y`paZ
z8xtdoOXsVY=-B-n(n&EXSpmCn54s*mG$uJDEtuUZiLn%60Y3+Q&%kC2GSQe>V0`_o
zn(??-ePkD|udo*;QN+&W*ikG}r2DSzeRuEKz1O$H_q^DPol8}o$FmnPwr9dJVG2FK
zJ8!P*rmOE6&#rw;{;V<&>nX`bY~hQ|qCAoO^71MD7Wf1JlvosvWD=#nu!g*H0;!t&
z?I6Ni2HGrlHjL6{2-Zz+io5LyA72s8VE#VXfWaxFWf&VC?nqm|c8wzB8t<&R#*C@G
zmx=+i{xBowmq;cWhlux>+H7%D<$+nNfC^vODdnQm8^x3~Q5)dik>I&}MsoWue#AB<
z)pykSi#+RuasnwJmPrADi1qf_EjmlR?VpC4oJFWCdkt-hnDg;A=L%JkPl^r)h!z+o
z!;2(w^4Y7}oi(8kj<!nmtL(*s$;7w|c69{lBGNR04Ys+R3LT<BodHeM6Z(z&S<zy_
zu0B2vk(qhueSTt`vNqvhvs5(pteuu;^_;H`J<Rs$o#^1P{zboXzi!UGXU6ZmBGdKb
zvZn*QuAa(LTOG4fHc3_UvQB%)IlAy<Ne#t|X%%(7;94kJ93ji|l}S07ra-Y%%BA9O
zr7Yq$ya>H=N<xiJ^q;i|ov(MZZ?V=>gOt5Lc??vyTU)-ku#YDD{9fz3<mS4lab8ef
zejJo_eO1PZPEhTSoB#e&ERukS7;Rp1iiO%WhPK;XTw95rztN9-`!4o^QAfNjewpTL
zvPn&7)}cAx8uBM*j=o!K(RR$dH!9Y4IGT}vM938$i(Ok%X<UN-{~!P7ccb!yF?lrV
znmBpEz`*wLIW)@H%PVqj$gphPfboQ&NjSI1$Gz!Qe(|5kl{t7e_~lz}O{2bVOz$!o
zOt+iuI&}ZyS>Zz>FZ!r9o0W8Q+`I6G&ziM$1o`;*P%XGCy@Aq38cDO7QOYfs9|y(y
zGF+bAnY7YbcQ252)91HbFY3NdQpD*mV8k9HM>s=vsSt>@4tw6>!UAiUjC5kfYZ!S@
z$zv*k3*z#}!A)4O*cM9Cb%RZv)T?y^G#LNRl|Hkba)42XR*9Bt@m5H4<Ok!-+D|DM
zCRZK{pasa!mt+gW;YPuTZ`rzaU%dx8(1nHNJs=^3I09e8yuvK4UH+tUG|<$^Z<}!N
zU-eQN0o-c5tUCA~uLLUkjM9}!h{m-L11wFNn&E3&4V251`Sfg!Xd$2jQV7JGpzgV8
zwIZR{w5l1{o;_|IXrxpyu{~(PA^(&agC%Z|(wTl<a%V?IMkdSe*`V&|Ewb6`kF%R?
zJX+?r(dxWmY(Ga~pfIRxE3e=PJ4XDB%o0cu@Tc9p*~wk$iqO!_$lZ_s;8%i9qD`os
z(J9kYig?6JAJlW49+7-4`~hC(AZ7pf3<a*QW}S*_wS+qF2{#EADgL(oSS`5xn=S1;
ziW_=#A2tUlWL3R5a9A(>kdy-%5MOtY$3b&V=-<QA{@4B(5&Q3yG>X&CQF?DrvDIR{
zA>t*VJayAjS7$*%Gio+<g8N^GW<sQG$wQs}l+3daezt23t!`C*#d~a;PIs%T%bl|V
zo3&LkHMZ8?ZJ877Hqm_08MTGW|7{(^JCj2!iPb;L706Awas%Z|XlN)5j5<2FhwX4F
zk&UwAZ1cmcEF=Non+g|%jQh8nXyxnf+N2}FrZ{k0eov1Fb#DGZ!Q;$f!-yF>`;KgF
zm4N31xxaqN{=Q$&7b+ioASz)o#)y3C#$S9dKBoUkEzqIU^;Yp?Q+Icqz|rtD4)Z`{
zFZEYS6Utz<=Akw8LXbo+LY`HTbFq0GF-Cbfw@m~p>rFd97{_*+6&%pXIW1E%=k=qf
zINf`(<k0W?yyyPTEMM%J36MQKBe0oK;@$bpSFX-KtzN(S@Wi<QrHN@vW0ib9#+aG)
zT_qI{{jM>5whk|y-Wjgf9l@!*ZEdZ~%b-xkK-Db+5*|9rq=ev7v_Naqh#b`_?PQJ~
z4Z8F#CC9&p+de#-qcX+9DDEBAJ)*iQ9C9W~-@jX(PoZcQ=eWsz{j&1Mom}A$9vK=E
zUIHfaVfs&0MGNj6O*Y@L<>i^w;1`sbCBE{thi6TPk09(N0?+~&03#8i1}+1jkNyns
z+7S^UKpr4Tc#SjgK9JGnW#!f~-WG57*7V37s?1|Z>*0}?`b(E{`>mM(h8O0HPitNl
ztz5hmYCUe{arxr=8>vkBss|-E1f=>rw(2qG`MHHbVL3v8Cyyy}ZceG<wTL*<DUR8Z
z&^?QYGHBDGK3yQuQar3&im(>~3^PT*5VTudF9CDGyzt?iPSU!Lv!2H8Q+_7By0p{1
z{L`^apW`R8BSRU|YI%MpGtT>PW#uw6Q57^_3YZ=DzSX0XllkeD%>MYN(w}S9Pl;Bq
zo%mB!3hgJTeOfN?0ai_M7sNXc(IRAlh)Dt%D3pA|l6-1T;B5Lk-72Y`T)wm>ZU+;A
zh%MtO6N!VLtAza-Uexh@S?<W~lyvC|(TeDf=Ev6>whB7R%v??Yo1#*3Ky+2<XjbA@
zSGq<4L@OPZkwKeXV%OC&3JnZ}gc<?=L3M)a0LTSEKZxz0LVcWca|^LXLM9I!0S5&D
z6Rtpw`Qd|+k|t^%=r4NURFMg3sjnwdhsw&zKqRZH{ajpr!1A-3m336c3f=*<n`oUt
zPk^#S&7EI9MnMlRX&+{EMY)cp{HDhyuKph3HWjvn*&LT?opKgd!J94;bM|_^57H*P
z%_H<Zd@6P?t*7NGwg{9x9B6Ae+hx?XHe>}G9o9}*R|o`%M*>RaX2JJPdCjl>mv%om
z_-N8kxE+Z_4xl1AtQT!?7NjZ<p`ZmfDWIE+g#BvCBZ7kVsG2}Z%^jKlFnA7&njw&J
zD2~{fQ=+1NfOQ~_4a|TZMI9YI@av9)%5{$KF)wDot->kl7Z2h4D>;Yf4_G3vKK}Nx
z+sY(`Pg!{j*UR@Q^0#~`W*f5i&FYkwdPhFGYi>kVZyJNn`bb_2dL;ag=v%opuS2U1
zn&46I1bo;a=&&A%vxR|C0i}l;wz;Kch1kVl&&aMOx-`%&cp~I%V~`mD(0#%F0T?EB
zQ_LR-nVsxgR)4SloRr|Bh_w#>TK&QFXL;G3d)Ln=>26Hs8{;#KR#A%UiHrN1e{p|$
z^l4G5p=<?HSjA=4uv5W#s-lKG6$uaV!EvW__QmL2uoCA_%ddT8rorCKV$2j~UMBuJ
zbGVI;?u>hCq3~@R{bR=%zrPu1%^4gWVNYqVV{R=-?Va*<2eGjohSj%7-oq$BnhZIX
z5I<|sHakDD^&u!$gT$IazXdi#MphP}G6_V6)q?&O2~3s!m9kY;t0TJm5ck=xhsBF0
zQtLD|d40Ho9=~oln7DP5m~E?TX7!SuUu5~pEk|yrj~Ay}=?z~5yZ+~Zg9q8Nt_5}U
z^iVj#6F9TS#zsd!q$I?}k?_hBlATFV2^`;cMBB&+Y{W2`Ejk^4r*|O%SGT}q&#0h2
z&SMK^5`eIUW9tSStj<x-ixtZ&f}f9%q>lZF1S3dd+(7D&xxtg!TY}S$l{ArwHn&ep
zL*qMGs1piZh?qndfFJOu2x^*gDyxOc!|IStVUp$cvTvJ$LaTb5{yNxI`6<bKb{&6>
zV$}6h%8D!6?Y&cUaqMF0WrO3o=P+hy&R?AS+5etl9~ajrw}K9FbU=9YfP9rBLe(^*
zkW{vP(}o*2l<$rD*}-zLF0mS1w^x@2*3Y3K=zF-h>2H}qSh7y|4%`pWU;nr^H0_}{
zgmVPf4sVC=YMZT20p=%U+KNAlb_VP)yDUzr@S+|vY3tduYrECAkDaAyC->F+Yi|$#
zT&<Rnnr5@|vqGnL)Snbd*MgWv#c%~B-g#+!;1c$H()#@u<7T?W*TYWwc{lv#y1JOY
zPF0t2biziWv=2wTS${&K7A>GRmb1k=!R^zF_1pE!T}IzTSQdJM{v=B=a{20(&D&4s
z4%dc!-4^C*5<;Ql^tL?5bfi8iDf)CtlpOzK-Qf}?8ytF1J?58tG0{=)fSmo>9OKc=
zI9@w4+gI;{an<MG4%z{%ubJ5(BwW269hrU^bT+KK2<CixquFxzIVlEOkEbTv<8e00
zn-}Z4?)>zS^Q|^j6f&(^hKGS(@WcD}eB34lB^4F2$UObY+47!yceRw6qE=0?O<ZQl
z#x@)=%~BZX^3#U9W-G_i9P2{YAUC(S@N2O$QQ_vrkdAs`&Qb@_UPdvxUx~j6TEU|W
z*Rn4|yqt3dF+f3f{P%B;;51MRt}ZTHz3cDIC2S1#XFY<{RAlKb_j9t=>XP|mdeo_&
zZ>w09ug!RPk<@}OMQ6*esP`|!8x8-d+IY52F~hR-vDvEQX<yIJwbQKv=EDc;Per8;
zy;_|w@$oAiIwV^wHfvkHmgT0J3pXU}MxC9VkT%&RNY02)q6CFlR2<e{97*`*L;#|o
zr@9MItcpYFARvI#`t-q`3B`_sCWYN^rBq<os5h(3=?UHa5Uzc}H&Lknd#88W35#^O
zi5+?riRQM!O?CWV429&g=H^%Uj#CX471bo^R$AY*7yO=i*&MlYZ@HbTyZY~gJf7ZX
z8caW&ab2Nr54}*{m$s7>k>_6^*;#d9Wf;OLEQx!g<iIBOPB_@w8j#dPqiSCt2rsxJ
zqNC^FDaDkaKgh0caQ-T!(W*R=6w1Uzjk*xxy%BGTpCH93tp89X{Zd=`>N0n$ai&Ox
zQOS2P{g)}boy4nb{+J6f677rL9UQG8>RDe`mxmJHPA%&cep@VDp4}W&B2X=O+VJ-Z
z^@?BU#gL~JbBFnK$(h!1SKv8}tJ-=D$+K@31h*6aI!3mlIb=g>*;+?;(%(`thdJ>^
zL}*}XpTqC-ABAGfpzxUM79F@MrkYreZ&q6Bfn-LcbEsvD2@0O6G88%g0QDCbDspzk
zUb(&>KTTH!^m>#OS3VUaZE45x9{LkDT?&W04BjaGLG4ZdS#(5R_)E}wF~uQux|yT)
zX5|ajdiC*^+ru}C*%$2MdAKs3&_JKSy|yl%x*H$AKq8b+;!rVc@3)LQbMN2(1VVo2
zb{JlKe|!Bl&zORg-cn-$mNlTTqjg>%S#QC(5cnF*KboBlJ{bi)xdqxh+>4#!=%-}h
zm%JA-F)@MS4R{;AiDm_JFs1&d*^bVa4&hG|+nAe+Z2w3dd%A1#!8Uhs|K4%!%Y~f-
zTHk-inHH!sg;zaVUJiNOFPB??lp`wTUf}D25!uZnJ?}VL6^{hn|94i`U}yf}a2MqZ
z)>}^a^$H8Mrs}M1Y!)D1z@Brz^|kPU14KbKm&3i0xI<a4qbco&diUhJQJg7Yng^~o
zSuGm|BZ!yKh7Da+QhEhM{{T0v2G*cQ0_9+lTRdL~i7AdSR5~pwApvKs;q_z36uDUs
z%IK6^oCpYfJ-?%A<EqeLGp`m$Q&GI)&NI}6{YQIO`WJt+rDoLWM?c~*+&1vFo;AHZ
zfA?YLaQCjvme5U<r^fE9tf4ohNh(?-7vvQ1Ka*5b#P;?eNDy4g*|TW{(d^y7aJCN2
zYB=na$4LhVoq?}}0JbGbnjC;xVI%|q+N}Z$8t7}N8{q!lx!uOWp{1pT<3!%)!NC&n
zlsI+bP8~Vi86{=wrz@D!a48roLdHUZg2(nJtBpWkhKDvfzl4L2aKH?)qs@8kW@G#D
zw*#v2cS~2&x~HmRZksHW=tP{4WR9(?E|oLs$l&GMv@WZ)Xu)Fq!ot-n>T!IQiCf>x
zT0eNooblHQ-J^fii>X$7TK-%V)l7F$9XRvvfQ!J!3ju_Vwl-RdjN)S54KG<jULhRi
zGt?e9bZ2Y1E%16&InTk)fS>opIfUB}#j7GL0YW4kPoGbr*xK8pa&6lf8dd|_C$X?X
zm;@<_q`3H3UVF)2)Ea2#pi+Al0s9z{j;p20PfUBrrR?6DjNTs-ghvn|P3xRbSQuoI
zo{UKqjIK@=9u<3;@j+FTYW!p>Eh>r0bTzP~l<FtVtzy+M|9PKZ%q2rES@r%rgWb_P
zsF6i@bc%|pSFn@wEKGSl?a#{MNo~#M!<kLENDh|WH^(L?^K)`=fCVlPVgNQ*t2oE6
zqoWTC3g(x7!<Y-9f>*)YNB_Bg3}>UYjuaZ?K|HnCL!)JJ@Un<mmwCsRRqww}O}d}X
zRVu&XL^b~4USu=ISXyjBu@hnQA_ZjDwVF?*d4l?Q(kD#X7g}DudL?-7(fNb>as1v;
z-O;_2(Ypzs4okf1drrV&8k(*DqFK-G{tIsXZ~tRjLieRz;a8;OI+&h&d=*yn3)*`!
ztV2;TF_i7h#sr?3zF4<Ar0u!(06t^I4B#&mfq$mom?rf(aF)H_c2;|PThoMo97WBQ
zN%;h6%Qeqj-sp~ODpw^Djy-$!%oua;dH$axO?;6W>7&Oq6&0N}kr^~Eb*qMpyRWa$
zx7v>~{!eduwFLM|wUO8RQ{y>{;>4dco%`CSCt0XFv{}tjr}i3w^wJVKY|p5v?Fxre
zD%@)8%c*$~V1Xx{oSq<ArR=*8eRuJ}eOtwMpE0+6TWs;X`!;`m(>cC`T3HY@Z(%{z
z(b>Iw_qyxX0ucg)9}tYUWwP0|xEVJiYkJ|Td}=E%H>AkeC&3DvvyC2JJoXpE=77%M
zhrU$S9pp|6iaRNJcyz!&t&b&WzNYBApM0Oy<8#W%q2j~j;rvAzMK)Ct(rhhTSXAH=
z#VKoPeCapi&x^drQ39MX?rMfAExpz&{lTZgQ-#I`%Ehh4NCuigo|bXCCRrqp6>Ygy
z;}ycUR?$5DltbAN_nSQcn_>TJoZ0DBeI4)TmTr^K+1r~_JzQOsaJ1@D{;0U|gt+U5
zxD$K1Bdoi=@KBs1-_gy!*p?Nbq^KE%<bS2Iu4+z#5Cys=WIb*Tb%Z?paZ%Y^sLZCh
zcn(at2V&uq>kpFAmX?e_n-$?VES>KMaNeK=$2%6}gC5_<dfy5g`myZRr297Jj7W{~
zq%>)OPhi<P6LVQflQE~mYf3#jXiazUA>#zw_WNNjm)n*u)NVK9*4Cj5PzVp;oV1+?
zJ@6#(A3UsiX4(D!HJ<BFKHow<nfw3H_@?<kHgo>>zO(9)BS*B13BO5GYQMU%etze<
U%s(GWlRuwQQd7)VIRDT80BVscrT_o{

literal 10420
zcmch7XH-+&wl=;f2!<viy;rHBw*Vqdlz@neh?LNg5<)Mb3DOckK<R==vjWn43nU;V
z0wPH0y;mVY+TEP@d}Dk+?zm^%aqm5AjIhIAd#|iD=Unr7=A0|`o}nHMH5)Y<85xcK
zZSDJHWPfp!kzJs_Oaa`XpSzv`TrPUu(tmInXvoWUF~I+<-a3!HP2djRelSmaGDml~
zo4tgWt*5=cyO$H(dyBk99e7CQ{2?t*dziN~+@0rvvzt8`6z*;Z3*eEK;nDQ)bav&D
z0n149faO(W6;;4WJolhH`X&zoM~AUwWISa0+L{mivo|K-Xn`fz)ZrGbqjHr(mAF|$
z<5j^oqF3`?LI2$My_jb+)u}Vu{7L)fgIL@8S)ORxep(f!i!022`n+WkDm_xvnxG#i
z-Fdv+>$GSN(E?7nB%T|B;X^;K)Mu-j$NM{*`VU&HRPx;w7%}I_?PBZS>~C6rGm-Ho
zXJON`-XZGfh%A2Mg9d)@NAk^+#lsOtU!c)5Ffgoik0BIqYHMqANm6t3@$n6cy`Ve4
z{klCmCMM?hof$2lFR*Z%7wBucPXb;^vb=!=x^9<VQwO>VO#er(ecGRM56f1c8jrNf
z!Q4%oSx~%=%W1x>@f$%hV^&9;`V)lt_=E``whouSy%OPgX^NXj4gwopZj8|n9;XTL
z&^R;SuCsa(x-U<X<&HR;!Aq)#F504ObB`X9j;xe7AH~IV=~tKMB>JkfqIw9FAjY0@
zkK+sZuozn|sG7ydV6}vgpWMQREc*<NSi7_4`glOOzyU=s=0;~*N{<hx8)1OUM>S|S
z|IBV+E$Kw*_y>^_a@NTm9{Pt86}CHQPpZ+F2xZsNo}V}0DMMkbldopp9Jz0LDMegJ
z)Ma-iCJ1Ri^?IfFS_Qv|6RT9KEcLf?3fyF<yXC!Vg%JO1Mu^>$W4Od~oW@blc5f#E
z*HTwU^74DXP}~fczPOhb5{$qzhZdYw1M8S*I^OMR1U|>pbf-K<YWqLPt@hqNf~?!v
zsM03PP1ka1z5;jO>V0-c-O8;`uYH>e67f;Qc~j{jlVJS94%jXc?%sZ;V0AHeVtVK2
z_2Uk>c$Aqs@e``0rK(Da*sDX@YV1^Nm;tnEm{6P>k{KUQ(|o)jwfASOlw0Wx_$!;$
zH#$11v^#wP2VTOIS%^OwYl80;@o+|6%!%gK?Fi_cG=5d`EjFJF@3Zqf#`w{_tsHS%
zh_C=b?Ox%<hHytbj`MoZx6kQ9<hQ0Uds-AbuNF*nL5;1Q@2MS*uy>w)E648sHExc3
zvKY|I^Lq!93y#a^opK2)<fGwu?j5=T<(jGGcc@9Y2AT+~eD+~CU2}OR@Ir*Q?v={D
zY=3&mRZi%8T9D?%+MXn_u(TbgQ5pJv0e<E}`ksG}hB=o`tzM~m4Sw7@n<EvxuP%C(
zA!+iWX6xbJQozg$=FzdSdLN{V3yRs&KYVWq&v>!z&g!Nb(t9tN?MhE`z}rmv7t)2S
zNd`i8T8R!E4EBmviEf&Z+aK01tOz(>jZPm%ulAS3SoFU{7~i{gNk>|cyPjn<Qj6Pm
zfNT)V_r;ZBB~o9dwd6iU#PQ87im(;R+TM)UL6gf+ed7%Oyqcgen`>7KnI64*X-}18
zk)*?mS%J|sS<zJZ--O6gMNxf)gL6ATdRi3vu}mO+U9R5yx+^*Eg-6Iqd&_!ITQQOQ
zsN+y)3p>Y-!si~zxw>z(2$AHD4{9byv`{f!ajvee+b^V$;cwn>=7gRGR99C6E1o@E
z%5`*fjFv*qTmc^VT(HT6KXh_ljT?(BS$n^vJolMQ3N|g?zvQgDA!IN_f29@CRUgNb
zbuZz5W4+zvlgNn6Qx`mLA1_P#WR4#6{rWtC_E*7C3wM-UxcNqS-tFci0TQ-v7t8tZ
zWr`_7zG}3wL2j#lSKQUVLU$h6Yuf(-`Bms;Bwgp!OiiIc1w!zccE@ywSFkwT(Qvq|
zP4b^~vT&V;y7N^!Il|&xQmyHDmefm3lKl~ot*fEii)~azK}(*E-mD=je$#bZ6QO;=
z{Zdhu+S>DWDxs$kyc&_C<-nx{>#9IL{iSAdwr(kB?)Y$cBdcsSCov9j?dnBd7>o2B
zv2_vtTy50bfxh&<Hk#v3ykbT|#PB23B#m%Kjf>Du%;!-J4lh4W`(&`7fPSM+DJ9K9
zW&8GD5L>GkN)AvTkH){swzZ<G#YOyjBo?O+YyRqN6md4l6&W>uAI^R0v0L}=7|Yhw
zHP4`=moIF?VL^%!xW4?<OKw44I(@)WP6AeTZJKdjQw_^hfQKDgh!xJ^x%`);MSVx%
z-8BD$UycE@vBHm@EX4(>Ly|pj+1+~mB9f6&in`3tNKpbhV%*7Ph+Jx-^$wd!HYoNt
z)4d*TAd~39!Wd19eN(eO@S3XoT05eAsgrQ8>bqfd?U3M?4VB0DKQ6pb+K9BF%`unB
zibx~Xl(-VEi=)UtMMK$BQa9i0S{|64{>C=zLPqx{SB@k()Dgc6d$wgacc*vy`Z}8c
zNC?`m#(a=PQx%h!SMqc{??jEsfx(xtUNUEritMzS5FwV~UM!V9<Sp!*Qe~>uRG)sz
z4GSfq9U@UTUFdO0zc?aossX(*r+P!j_=4=We%s1ou{JrVQ&vQij0F@Gi?}TdxA^(R
zCgrOC^imUsE|{bFI8@3?A*g0DVRnsjDJ~|at9uu4O(xea8EKrzkyZRcqnM>iDv9|m
zRK-zxklnnlF5hTggT&Sq5n-az;Xv7r9u;}9z2(nnO9dm_T}hsV6V;GXzio>whg8{y
zQeqQyT2;=zty09<f;-fRE`r_vaUU9KmB+bYr)wK{F}nW~_$!T5R#RJHUN+~cD{)CP
z*RQ2zha6>z1~7pVAH4FZ$Fvf;^2y^ck(mg%?e5CDy6!7djjfDEkhTiEdJpgka=FyI
zxVU<7XW6F;#fk;JiGp;yOYT?3CSP{Rkzs*~EHXWmcT6o72%x#C7Q3CFj#McA=<;zT
z-PvvSFuHMIi3%|}9Yvm9T~q=O$?PPIaCSx-ux_N9J?uqg3rK9Tg=M#5J{H;OL@<($
zq8~Rh@K0H@>2(~U50Sb#+UO$A5XkJKC6u%E_xpH1mvRratdic_yR7y}DYQ`rnZ#w$
zIy$;PjX}Y)$2Lw2TcMXEn-JUMZ>APJSK>P_{>U95HpawcKQ=cvZzRp4*4Nj!$Gz}h
zzkY4QVkyqIoT{qodB;)eG*@9x+SnK<nZ6<O<s!;7cSgvd_(q7LAiJ)1M7rzG+41qv
z39f<;u4`t!JRnv>wru}fY~oY7P3Z<7R?-vspYzn7u#STuMMh5yVgVs>Ue(c>-2q{~
z()Iru?V;NF994w4e4>g8*HOwzrsG_Nz`(b=#G+xA>)dRfd=!$sgX=%JxcWu-cWAze
z3vuC>+h0Kt%H^b;xA>rFsnaf-sf1h-jsGbfocqix*AnRqXb<J0e#*PyF3RVb%%p>G
zvG17_tZKM04|tDvB5|*O1Umrk(os;bhjI{q_S5EY9dI~{Uh4<0NG~sG++0=`ii_?N
z9Ya#eT5XM~De2|WL0_K^9qw)#b5K~T&BGqLV5BroOG|=}&r|Vl>hx){#*`V@_0d`X
z9?tbohBy4DrsZT~&OHJka}e!*K#S`fe*6IV&(Gw+fcgB}IN<*Q<NQMwm6-X<uKlz6
zs;Buk@0-(g{%tYN<QouMdjDF>+bSBXe}ILmr$1s>S2$xb4?PL+-3&C=xvrv=5HVNl
zui0h&>Ls3VVrtJDl5X7OSV+_9Z!j<(B%39}&lO2J=Q`+eR!Vm%li5bW^j;CHbofJQ
zeWA+JNHb~J@?=nO5FwKe`MkCu=p{i1U{iU+k%?cvbmp=H$UHl3aVsXA(I^9dWmjAX
zyjWn|<z)1{48lD{EK8{U@KBwH<9g-kOII0Q_DlEBm-D-u-<p^*ec`;SB2?rCyJs>Y
z<i2d3DYQsF>^@7O-VBFv^vwYp%=TaVB=Q?udJ3&R?YqQvxPtdwwB7PN;XdXp30^S&
z9K2)d|C>@Fb<&naC<+Esz3!{hS#|53fbC*2i6VV6rbBf$N<rEA$&8Q*cBb#~oRVEh
zrwBUME7#eM{CiaxY@C+WLN9tpT`MA-QLtm{6X+bK>;=`hT`*QN<8Wlse*9TiyvA|p
zv~Y9Gj?`&)UYjkeqf+Y{b<x7?k`NsNL$$wosSoW<KieQ_$-=PYHC8D2(0~uV@?94Y
zt0H;S4Cl!WhgNXe`#n~96mPE6(}6xl$kHNx61(i$GoieQ3PMQ<Un2i4eCM8)u310>
z^x++PhX?zwl&C#0=(vQH?}E4ejvn8!k>V>A-Sxk@9OOUqvKtxNv&ILb|5MxGhT!1v
z>v~|T2y8s+&#wKr{t+v?BgNB;iKh`7-TPL^aCUQ|S=h|<=)IBs<P?b^|BhZZaL(&%
zEA-5%zi)Z>rld=2mH$xnXwDg#u2s7G%mYHXsw_W^E}AE&#6U$p#(n(w{@XQtS?sRz
zuy+^~s?PFKmPg`_Lki0$4(VQEWlIJF?$S>lK|ICXwHI-&>0rO;f;lSw20kdZCOYin
zE7<)Rtnva<SKV9sP5KJb;Qd#21_tFzkFKk`A7`Dlj)k73d=5TV?mzYKtSX&^{{epu
zD=|A*LuySthbb!+g|CpblY)4jR_gRRIWTbVzJoW=8h9Okk9D>l9Nc^aU$0(0z*AVW
zpcp5_`CZ5d<yxg_Km>lS!<s;&>rB;3`Do+m+0khHRm2>X^Zbkw?LaH;qu9r+jrTpt
zSXx&9>rt>7+FRLySY$v=B7nNF70JrnWQm~ABt7@j;EiJ7y44VwN&)_CKhO%J*L#JC
zw4wm%@$+pZ<fR0*i-;{ZO1JS=Jb+@tstaxPOZ5o@Ha3&C@LOu7&TE<Brt8XM1DT5(
zGh7%fK!a|2!3&FG^{djoY{EAJM(3WtqmJcxAIDm?F{?g`HU*4t^38a#`dD0m+w|zc
z;7}2B3Z8n9z6cSf*aatozso>z^twv+y1re1o)W6^MAIavzI>y0O<SnqwoA8G;@>SV
zXxz^*VcOxvh|zVi%6Pa4A!4>D(bOm<c1|}=fZ2$7+hFwMGr)?-TW9X3X8y)^)Z-D0
zwn9M)f661!h-`W~-bCTM<WURJwHxT2-w76KW6u!-)7oun(R2hK>9yy(>IcjLJbP$_
zs-28PdY{9!l*m>~#2a8}z2%O`#1fa4`qX;S?zxvv<FmrjcTGpCWe1fC-?OQxtOn?y
zUU<3qcXrS)Ga9_nyfqrHzbE*iHSV@ev?wb$vp3z8X;@r1!RC&O_SFeo3E$?+Jo6M9
zlelL);=|&Oe<mB=P2`s3yDhzXm>=H_IP?c9yfgXvceI|4@Us;fsHQ39CSQs+umfA%
zsu4`2B$eQJKJApF7tGoO6Vz743m?ne7)lT_z+J$K+sd(kdyBj^v2q%&^50<M@AM64
zf1;x=<Zxd#TJ+ZAWN5sQCoMSH@Z%>9i=EdC05z1E&Y@&HnCPW!JZ95jy(-HUt>_oz
z_Mzworq<@30qZD^pbqGd=y@wpeSWg?+962n@`0-?eAZvG2xje+3#1>EFI`hNWMU-9
zWEd6K9GtxU)RiJ_0fu<%e+3Lr{~auCs0g?f+330qV#I(w+8OfO20~YIfKE}7zjG6E
z>wuj98wrbN!4EIN;qW~yJN&y3=SYc#`9pbN08j0oBO}tF2!K+09<2X*JzS9t#a7qU
z9AXul+w|0T8MuPhzrI!v0~|0%{Kkfxf}&zw;J#??@w~9<!KtM_$$x*?RM~HngZp$l
zI<ejfkdN6{G1HQ=s;bTuBlWuET~nE*xs95s#T^{CmCgY0ljSx`_}t>PdSdhTg)aig
z@mfSgm3*H)6CjoN{v5T2!Nbfumx1U0%S26JEk@5=x^xT^YMED(lZ1cvsOF{qc~JD^
z*TE{WG+$I`UPou*xjms4rak{e?9*2Xukt~D=wF`&HMUHOK-l3vZUb>byDzf6i{Rzf
zBMwc^)Edl-K%~_-JkvD}yx1H(vX*eiWO2STyWY92vTP!3`4NGASE<O!w^RWv!H%P2
zz33N83#j?X$EID+q@du1CYVLK^6i&9MJduc+4P?!L&v!>wy$VBfK8Ao-G}RV2u;==
zMO`VgV8+Xt9<`TX(Syms!Ey&-h*_x*HMZ&r-HSq&EYjW*=<1?u!;EXR2<u5nzB~GV
zp-Nnw7fpob(7m@~gZFNJ0JJ9a!zbR}j0L-^Xf)y@2aRweoG7eI8r~*3rKicKrcJJ{
zl!<4JYD_+ouw|hD{F*<*SC^D{tO0edKp7diD$6*CPwa<JWsy;~ZqTYsDn*XFy2I1V
zi_W(y*=NPCs2-#~Z4zk%8@R%6%1P-jF_C&om;k~zJ6L!Zc~Ft7_Iv!r73M(qfr&RS
zw_!Fc-+wYmT<;0NyQ3ltXk(k=x+@FZq1ik(Ea|;_R72%OvK;LLmqUqy1c?xg)S^6;
zyl76EMMp_*SOVrB8De<9-}yNiDnW)bnLuS`N6zUZ4ZGj_L6w|vaG8Q(GC3#PU0sN)
z=A!;_jvA2A3U`LF_K@Rp#4?z@JoF;zMuY5FR`=-{l)GICi+zey1tn|bP3%4vQ}v4i
z%Djw*G{+*XABEAgXyl~$o0wny!gjJL*7UN}pjD(nGCCuRH{V~|`jLT9g*k@7LOy@}
z={w_FnY4%o)?c-dLH(R+H!X_+aaFS=yCDk4beaCE?=VqPV?bv+Yr>{;%m)`$@TR>}
zah`jt=cb>fzMhF;*IjbF-{zVjz%Qp{@es^HPnt7<K)&ln@I2hL&k0z}uyy_ADO|8b
zUdEr?Tgb9xP?6s5eVIaw&kuiv@S7#x-H@V6E1R!y$0kZ~YE*OjWuh1x(xBCY5<PCN
z$oPV`)6Os+m(+A0N*<9~5<w0p6%}@NR5PooCNPWNc*~3Te4-)byCuQr?MB)6%3CgP
z6C_UHe>#>wIMCjVXf29~-ODoWroKJ2{4?^G3b%9@5t6COQ?~U%A22L52-Aw-0K)Rf
zC5fnSQowaiDZ2lXvZ1grl8lA6O@!A;EUr5pa@T3@)y$?+cQY>;<4~CImNcegee8r$
znvhwZZQSoNRuuko<~H+CH76&<-7`WULxhYyBrfBS*LWGW)lgE%QGBgRN3L?K?oJOk
z*xTUgNc%F|H^eukOJb<aba**Q@nhC?cU_R!ZI+`}h^^9uRSBoPfTHkQUudT|H={6(
zexPF=Fx$bWwI1PDm?iH$9B$4vddDcU?nybs%Tfr+PW61$MBI;FUbLMRC{|FT$d9yJ
zmV9Hh8}j2JO|_SYvn1K|QxV(j$WcH-EV3UCK!1K*3Rs}`ml)~}22q;P=D0|xJON#S
z(_7aF+6R|~j3_v*J~R4-?bEODGir}opa=1f7uor~eF}K3*qp%C8}%jmYbwB(4|DGQ
zd4>igr%Y8xC`&p8gmf`JbETjIt*f0=A+q+~M{uaT^I%-79rqj-pq>9JX-Yb4lZI8n
z7$U$1^2o~WKEA+RO%A4|Jt9lkf;}2K$y*9RU1vx#fdvP1;t(Dj(fj);^0i+_x-WCP
zbqmDCR%Dldbk2<W*p=Q3J)YKdbQHJ5ZZy7IQ5g%wD&=x>csdhKq()Uko3%!Kyxp`O
zE*9*h*D-;W>{6Xf(5%c%P)cukpCMT0&keM75GsHz>h85Cy~4^3ClEJfUUodKp`Dv!
zfxfQsBRMxcLT@+DgiZLdy4kSV=gXo)kqG1a@-)zg$;|Q`%ap6`C%+WDcEyX!$@`9g
z4XFcQhx9pq%(-JN-k=}b1$KPUPcpiJm0i7VKxjiTzN55cc4469TkTHwx3gB|f?XRd
zsEI}xj9_kfV(X09%qT<D-->ld30m8XT~AOHn5e<5a7uWn^+JTjo@MrT_-g4!EWp0~
zrX*FQ>vO%-z3yfqE#=74jQ{@2k2n9ltxR7A^cfqb9YHCO<k$5w86frrzJ`_ttV=X+
zoNZMv>^PknmiTZ@WqLeISEy!B);_fe@&Ur8&5?{ZK+Bi>{o2%WMmG1b*O>X}<%-Bq
zq{^Mx^*MJG5Kp>3I+WC4#YlQaC)9VPzvBf!{cu|O{Kid33iNEg)f;}mK*s@?7a#}H
zUPm$jRG8exNdAAoHhiZYH#Wwm=sy1VpTI~U5X2@5Tm@(58k*M{Y6JIIMdPjmFESCv
z$Dgh+4+3!cw9!B5lWD2v!Z#)WrcI4soFnsB0GUgk*0m3RGOhF9nf<nE)-7aP<{zdw
z=^s(DR_nVlCi?Nbu)$y1+?)VoIUl3K5nu8-=k-5oAxZX?V?Y%5e^>?iuOeWT=51qq
zM&FvcsEtAfcr9NP;1B^uVjymbJ%|uB^67{$TGuY<>P-_NbTaFH9#QJ=pmk!8^PfR0
zCp3eB?iLb{q2t&6g;s^<;<z@;-V(e%OX!j&!y223^}yP=6vVD@`>5N2-M43@1Js3R
zB^I4~3qnE{p5!EM1wGaq{1)*Mc~eQ;>4f)}-7N*`w=4|0DGii4Dvs&Bh!k{}rSaT(
zKuz}3)Wo$<ytE9HowOxRt1NB#`}D3t6GJTVw8!jYxBd{dVulPY9LtX5^^(wq8Dt+B
zqzR(j4Q1}EJg0KDE_sgt41gOXwt5JbHgH<pBgZfuv3&2B(KQZRI*deobz~_LIN;l@
z=S$Q=D)PbKc597$c&^n8(e2E!LIWNv`+ZE;=F)t+$u4uj$-!h12qzo!tvW$06xV&4
zUDMwe#^_zc#>gS0HxC-msaE|qLnrxXQQpgXb``6wD6Y4kupP=5^|1mpZ*O<SHJK{R
z=SL2*CN13Xb9ioU+Gi7$((u~rlkTE^Z#u8pD(7YD{YDC0r<rH*obo;V)@5!^A9Vpq
zwsr91z+AxY)@$miiu+@nrD1j>^B8(5mY4kp#0VDO+X`F^O0)?Y0-mZLgT<`bRHS&>
zNwo>VPNmObFADr59P=b>bY+1+M4X1&4FGh>Qk)#v*_mjUS;8i3VBXl8$L83Zy1)q-
z!Y{|FyKc}#O@+d2D2p=9A(&5+*qrx8O)8MFC(?I|z)3#Rl6D$N6s3GGj81;uAAgy4
zMN^uFe9YHbipEV36<ep6AxE>wW1C&5t*fcfOq5pw<U;o;<lwLjLSbgOUUhA#JWZ77
zl2K%PnLk^GUsZsAw1nnio%h4L4<A`Kj0VxE@Rui%E1`AOp*b>ciS--j3Kaij{>*&X
zkHhTuZSk!~kJVJWSa4K3^t=9t<z_u}2m<Te3g?g=;qQ2<c^mfl=NG{iU9gQ)U-#hL
zWm8~?V%)QKJy}7{$jE%OvzhS-lf63M8?(rWhhI{f*cla{8i0K$s9=gheQBRDU-^<p
z^X^cfg=7~W>d5!R=BE#`C29K+EIJ%sMzZMqX(j^Rh2fCL97-y?g&mU4GfomFZ}+&F
ztOd?_S&M688UBA^kG72-W6>O$ZK^aIh{eIAp2s#*Dz~7%Wtl;%6qao`unf4iF3*3|
zP7@j!fNAb-f3Fz>a?t-f#nAuM4OBJ9-I@wm;<OCfkT0=l@C}VOvs%jMJ`q{!e`Bsw
z0qnZ@i;saoW20(>G>TKl0xfu=28b_en)fBt_dghYd1nU9)bp>;cB2bpRW3mNl1xEC
zVY8tIcvahwx$p3Qucj+T#qHwa;_Bu$K@0|x!=Fn_=NmT9XBeqe0W_~4FPiuIRT~e+
zT!<%vh_$sf<nMg$h4DHsy$Jz8MasO7uAbMFwQ2K}|2?(npNS0@0NEe`tO%HkS6r@7
za2YA#^z$-&wZHEJ!c5P0qO#S34!*CQo_yM_IJ<hf%vtN3kE3WdT65V}TbfQggCIA%
zL)O&Kmp24|4UBcw6$m5a;mC+Y<UBv*VAR$xxb21WgS%v8l*i|10o2jJkNp}SpI;sR
zgxpQZefno>Z_Db1RHFwdUR6}JmDPVo_=tw*JT*-B!PF}FwbxSr&J0~BsW!{=okgAJ
zi!Wa!a*(^zghP!Zd;hr&Tc;n!W8tVNnzI?lqfhs}00DB{hqs(4Bx;<J5Q=jhsz4pg
zVnjmCZ#9Clm9@71c;}HWP}QI3^_j!c{QUWw&0oq9pL5cRk6sBXi90Q21d#AwmiUoi
zADZFDBDGE5anwdCdlt<IJjA`x%VT4$UzKKL3(`E{8C)?_={8!pF$@&PPgX?Zx?cfI
z4E&Wd*MokV1vg&efK~bwi<O>4)GWAHvja<#4%uw+f6g6ZLvz}~e(b(~U4v-8z3MmR
zPNEAwr8*^UHDh!CER|8+#1W6FB0`A)DWN3D@!0TOVAxS{4!|%1JfNCv#n-+-!DxM5
z1}?$5?(7`m7nMSl?5#7dki9w__-sl(s)ZJl_H+6O8nV|iiB<MKi%+O<oLb-x4T+dK
z@hcYd4+{iDI3F&5Z7v(jm7D<a4b`iOk~~EytjQ_YbV{8r2ZRt6XG%|J`fTCta79Pb
z>y}-Xvpu5Q&fG9IoZ#!;*e3-c!ni^gK%x7uL$Z+9&JRk=x5>#mRJ}->q~)TldeHgG
z*=*p4#3*f>^=<2^#{7QPc$iXoh7t9*`U?a{rMLqS!CTJ0-%h32y{*!sy^Re2SAEnk
zI|J!bXBu`Kibc2IV$7=?d2F&o8k+D4`SV)U5(mdfo!~f6J9F#Xip5BOCcOxyd(7%*
z45zaVj-=Sqb=tOUNj6_Vxs-#$^6{{_Cw_JBzob8;2$AFKzDnV%m9y|5sMOg3jT3YL
z^CVCzLEHR2kK&4M#|q2)D)B*WDK_0JokRvBpNAPM2%-2ti}FikGC?+;LH6fW8k;da
zBXl`OV~VAi7qXE3uAB(P$r+O=_^w9q7XPtTOG|g5An^^wxmE94*VBULHk&|2IFD;H
z%GZmWXLK(ZnoCcm(TP7Fh-t0*>Y4~HbI!{8^q@Xje{vdR!-vPpNo4c1SG>(yGB8h^
z`HqnRfqHo3o@RRXJI8V_jo@$AR8$geTwJ1|KLe0PB=Bhpj)c?rBhqr><G&b<-?iF5
zej~1@bIvb!twH4Vn_NPv)ekD3|7t99W@l@44L4U4qFBtiXv;?7z430m{#~1pH=S;F
z^|R$M<(0B=ugZMcUK810K6_YNNMJnOjz}mHR~Ns}p1s7NKs<0qI>nEi(UI0#$V0bE
zS&zq;Cg*$3mM-=G{<X~i_WbA!T}PSQXZQZb3rl5rX+;81uWi0}nvrg)b`i(wE-C_d
z(kVt6^sjo<B;}^8yG&7>{$|Z-zOc~zH6~%}gk(m_*CUNhZtrZk9QUR5mtQ&_yz5B%
z;E3N#X&KpBQ#9-mPrF3Z06<g3S0u6_FPrP>BZ3c#f7tuh1}K)Fj(`kPaiv5>9Ufbg
zeRXB8kj%)9v*<`|INp~J!H-VEgI8(XUHwpf?bWL8Pq#?sMx{Hu-0dR=Pp5(%qetMU
z!Fx<3D+T=SUg&`v*G9|A7V5lC1>r$i)5H2@XFpq8%FFq5x+a6;;D(~|pn3<xVP9{k
zPSQf}Rxve3@Hfq3fUdE8rG=Ko;=Dbj;q7HP10X6}0i3Oa<-JWq61eqkzFPOpeB#Vj
zh<&^xV6s9Q+q9E)iioozKh`tF#63(XGOFe1$gkxjt;I9yOR+`=K3i3S9D3z%dv>H0
z_@JYnk(^junf|!C2OR4`_KsImL5RH%?3%{IMlY9gG`c(9%39FT8Hvn(SwoRJca@gR
z;8>|G-5|Y)ANwZUUiG3eC5v@H?ExAogFyvz70eaVSsewFzV^w7%v5kM-aS*^<|Iv+
zPUAu-CAT;|1MFyi9uN_(!B<Xa7AlV0LjzKoEh7~J-3}vE&yjAdI+7U(D7L?em2PL?
zk&Cri2vLp$`2N7z4hvfaU+Kxl>FQt^Kqvn75i73y0Hy+Iz&kA*1$saT^tm*&%&*A5
zVCm!+(?6U&Km_IhFu_fr8R1@DjF`vG!H1n&W8p*1uufVezAl9O*5Ceqru|ZhWz)CU
zVy2^$lj@s`*-F50PXS0dkC<lKUlfiU=W_=!_qTpHa;ULTB%HRK`nQ~&RCTAvbZM>r
z*<X9w;2W<vg-ih;=$wj-Lsg7{{OGUI(dqUV=ch-+n-*244ryD6e^kykT7q9`1TKL_
zj0V{ElVnj`iJ`x3w|47<m4CCEYW`zFRTUMO{k4&)qxR@=AkuSj>7k@PM`GfHUy%F2
zfQr{5=zMLx8K?E|b05lO0~D44Nsu>D)1G$%a@jh(-yCwH0<5E0vTGyiqaJr~<;e7f
uzYD9fP$eL3`me$4U+dt1e9Y~PyI}9h!PP%E<$x1~WcoUW+9kKFpZ^DP{o+jk

diff --git a/source/adminguide/storage.rst b/source/adminguide/storage.rst
index e6fd6c3ebf..2a225ee031 100644
--- a/source/adminguide/storage.rst
+++ b/source/adminguide/storage.rst
@@ -897,6 +897,13 @@ Before you try to resize a volume, consider the following:
    Therefore, resize any partitions or file systems before you shrink a
    data disk so that all the data is moved off from that disk.
 
+-  In Apache CloudStack 4.20 and before, resizing volume will fail if 
+   the current storage pool does not have enough capacity for new volume size.
+   Since Apache CloudStack 4.21, it becomes possible if zone setting
+   volume.resize.allowed.beyond.allocation is set to true, and the new volume size
+   does not cross the resize threshold (pool.storage.allocated.resize.capacity.disablethreshold) of storage pool.
+   These two zone settings are configurable by ROOT admin.
+
 To resize a volume:
 
 #. Log in to the CloudStack UI as a user or admin.
@@ -913,7 +920,7 @@ To resize a volume:
 
    |resize-volume.png|
 
-   #. If you select Custom Disk, specify a custom size.
+   #. Specify a custom size.
 
    #. Click Shrink OK to confirm that you are reducing the size of a
       volume.
@@ -922,6 +929,8 @@ To resize a volume:
       which might lead to the risk of data loss. You must sign off that
       you know what you are doing.
 
+   #. Check if you wish to auto migrate volume to another storage pool if required.
+
 #. Click OK.
 
 Root Volume size defined via Service Offering

From ce026c0439ab3d545e9fbc7625b97ae31426ec8a Mon Sep 17 00:00:00 2001
From: Vishesh <8760112+vishesh92@users.noreply.github.com>
Date: Tue, 7 Oct 2025 12:49:25 +0530
Subject: [PATCH 02/10] Update compatability matrix for OpenSUSE (#573)

---
 source/installguide/hypervisor/kvm.rst | 8 +++-----
 source/releasenotes/compat.rst         | 4 ++--
 2 files changed, 5 insertions(+), 7 deletions(-)

diff --git a/source/installguide/hypervisor/kvm.rst b/source/installguide/hypervisor/kvm.rst
index e8181481b4..3d1e07440e 100644
--- a/source/installguide/hypervisor/kvm.rst
+++ b/source/installguide/hypervisor/kvm.rst
@@ -24,13 +24,11 @@ KVM is included with a variety of Linux-based operating systems.
 Although you are not required to run these distributions, the following
 are recommended:
 
--  CentOS / RHEL: 7.X
+-  CentOS / RHEL / Binary-compatible variants: 8.X or 9.X
 
--  CentOS / RHEL / Binary-compatible variants: 8.X
+-  Ubuntu: 22.04 +
 
--  Ubuntu: 18.04 +
-
--  openSUSE / SLES: 15.2 +
+-  openSUSE / SLES: 15.6 +
 
 The main requirement for KVM hypervisors is the libvirt and Qemu
 version. No matter what Linux distribution you are using, make sure the
diff --git a/source/releasenotes/compat.rst b/source/releasenotes/compat.rst
index 7e601a23ea..e77e2a06a8 100644
--- a/source/releasenotes/compat.rst
+++ b/source/releasenotes/compat.rst
@@ -28,7 +28,7 @@ CloudStack Management Server.
 -  Alma Linux 8, 9
 -  RHEL versions 8, 9
 -  Experimental support for RHEL 10
--  openSUSE Leap 15 (not widely tested and used by the community, tested to work in past CloudStack versions)
+-  openSUSE Leap 15 (not widely tested and used by the community, tested to work openSUSE Leap 15.6)
 -  SUSE Linux Enterprise Server 15 (not tested, but expected to work same as with openSUSE 15 but likely require workarounds)
 -  Debian 12, 13 (not tested, but expected to work same as Ubuntu)
 
@@ -52,7 +52,7 @@ and VMware with vSphere.
 -  Alma Linux 8, 9 with KVM
 -  RHEL 8, 9 with KVM
 -  Experimental support for RHEL 10 with KVM
--  openSUSE Leap 15 with KVM (not widely tested and used by the community, tested to work in past CloudStack versions)
+-  openSUSE Leap 15 with KVM (not widely tested and used by the community, tested to work openSUSE Leap 15.6)
 -  SUSE Linux Enterprise Server 15 with KVM (not tested, but expected to work same as with openSUSE 15 but likely require workarounds)
 -  XCP-ng 8.2.0
 -  XCP-ng 8.3.0

From 5f003697d30bd7fec1d27aa0c563356781ce37f6 Mon Sep 17 00:00:00 2001
From: Wei Zhou <weizhou@apache.org>
Date: Wed, 22 Oct 2025 11:48:49 +0200
Subject: [PATCH 03/10] Clarification of Network ACL rules and Security group
 rules (#568)

---
 source/adminguide/networking/security_groups.rst             | 5 +++++
 .../adminguide/networking/virtual_private_cloud_config.rst   | 2 ++
 2 files changed, 7 insertions(+)

diff --git a/source/adminguide/networking/security_groups.rst b/source/adminguide/networking/security_groups.rst
index 241ef1c1ff..e17a878f91 100644
--- a/source/adminguide/networking/security_groups.rst
+++ b/source/adminguide/networking/security_groups.rst
@@ -216,6 +216,11 @@ Adding Ingress and Egress Rules to a Security Group
 #. Click Add.
 
 
+.. note::
+- If there is no Egress rule in a Security Group, all the outgoing traffic will be allowed
+- If there are Egress rules in a Security Group, only the outgoing traffic which match a Egress rule will be allowed
+- Only the incoming traffic which match a Ingress rule will be allowed
+
 .. |httpaccess.png| image:: /_static/images/http-access.png
    :alt: allows inbound HTTP access from anywhere.
 
diff --git a/source/adminguide/networking/virtual_private_cloud_config.rst b/source/adminguide/networking/virtual_private_cloud_config.rst
index 9edcc5c591..c656128bd8 100644
--- a/source/adminguide/networking/virtual_private_cloud_config.rst
+++ b/source/adminguide/networking/virtual_private_cloud_config.rst
@@ -355,6 +355,8 @@ Afterwards traffic can be white- or blacklisted.
 - ACL rules for ingress and egress are not correlating. For example a
   egress "deny all" won't affect traffic in response to an allowed ingress
   connection
+- The incoming traffic which does not match any ACL rules will be denied
+- The outgoing traffic which does not match any ACL rules will be allowed
   
 
 Creating ACLs

From 851b10edb985ae29eaf80970610972a5a4b2d92d Mon Sep 17 00:00:00 2001
From: Wei Zhou <weizhou@apache.org>
Date: Wed, 22 Oct 2025 11:49:20 +0200
Subject: [PATCH 04/10] CKS: update doc of creating ISO (#565)

---
 .../plugins/cloudstack-kubernetes-service.rst | 33 ++++++++++++-------
 1 file changed, 22 insertions(+), 11 deletions(-)

diff --git a/source/plugins/cloudstack-kubernetes-service.rst b/source/plugins/cloudstack-kubernetes-service.rst
index d8f59ed558..f60f1cb953 100644
--- a/source/plugins/cloudstack-kubernetes-service.rst
+++ b/source/plugins/cloudstack-kubernetes-service.rst
@@ -61,26 +61,37 @@ Eg: To generate the latest kubernetes iso
 
 .. parsed-literal::
 
-   1.27.2,  kubernetes version, see https://github.com/kubernetes/kubernetes/releases
-   1.3.0, CNI version, see https://github.com/containernetworking/plugins/releases
-   1.27.0, cri-tools version, see https://github.com/kubernetes-sigs/cri-tools/releases
-   1.11, weave addon for kubernetes, see https://github.com/weaveworks/weave/tree/master/prog/weave-kube
-   2.7.0, kubernetes dashboard version, see https://github.com/kubernetes/dashboard/release
+   1.30.1,  kubernetes version, see https://github.com/kubernetes/kubernetes/releases
+   1.5.0,   CNI version, see https://github.com/containernetworking/plugins/releases
+   1.30.0,  cri-tools version, see https://github.com/kubernetes-sigs/cri-tools/releases
+   3.28.0,  CNI addon for kubernetes, see https://raw.githubusercontent.com/projectcalico/calico/v3.28.0/manifests/calico.yaml
+   2.7.0,   kubernetes dashboard version, see https://github.com/kubernetes/dashboard/releases
 
 Usage:
 
-.. parsed-literal::
+::
 
-   # ./create-kubernetes-binaries-iso.sh OUTPUT_PATH KUBERNETES_VERSION CNI_VERSION CRICTL_VERSION WEAVENET_NETWORK_YAML_CONFIG DASHBOARD_YAML_CONFIG [OPTIONAL_OUTPUT_FILENAME]
+   # ./create-kubernetes-binaries-iso.sh OUTPUT_PATH \
+        KUBERNETES_VERSION CNI_VERSION CRICTL_VERSION \
+        CNI_NETWORK_YAML_CONFIG \
+        DASHBOARD_YAML_CONFIG \
+        [OPTIONAL_OUTPUT_FILENAME]
 
 Eg:
 
-.. parsed-literal::
+::
 
-   # ./create-kubernetes-binaries-iso.sh ./ 1.27.2 1.3.0 1.27.0 https://raw.githubusercontent.com/weaveworks/weave/master/prog/weave-kube/weave-daemonset-k8s-1.11.yaml https://raw.githubusercontent.com/kubernetes/dashboard/v2.7.0/aio/deploy/recommended.yaml setup-v1.27.2
+   # ./create-kubernetes-binaries-iso.sh ./ \
+        1.30.1 1.5.0 1.30.0 \
+        https://raw.githubusercontent.com/projectcalico/calico/v3.28.0/manifests/calico.yaml \
+        https://raw.githubusercontent.com/kubernetes/dashboard/v2.7.0/aio/deploy/recommended.yaml \
+        setup-1.30.1-calico-3.28.0
+
+.. note::
+   From ACS 4.16 onwards, Kubernetes versions >= 1.20.x are only supported (https://endoflife.date/kubernetes).
+.. note::
+   Kubernetes dashboard versions >= 7.0.0 are not supported, as they support only Helm-based installation.
 
-**NOTE:**
-From ACS 4.16 onwards, Kubernetes versions >= 1.20.x are only supported (https://endoflife.date/kubernetes).
 
 Working with Kubernetes supported version
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

From 24e969cd8839234ed539af343fc7bf9dfd3c542f Mon Sep 17 00:00:00 2001
From: prashanthr2 <prashanthreddy748@gmail.com>
Date: Wed, 22 Oct 2025 19:33:36 +0100
Subject: [PATCH 05/10] adding nmcli commands to configure Oracle Linux host
 (#570)

Add initial nmcli examples for KVM host setup, including Oracle Linux. Current docs lack references to NetworkManager usage, and with most Linux distros moving to NetworkManager by default, these commands provide a starting point for users.
---
 source/installguide/hypervisor/kvm.rst | 64 ++++++++++++++++++++++++++
 1 file changed, 64 insertions(+)

diff --git a/source/installguide/hypervisor/kvm.rst b/source/installguide/hypervisor/kvm.rst
index 3d1e07440e..d450a459fa 100644
--- a/source/installguide/hypervisor/kvm.rst
+++ b/source/installguide/hypervisor/kvm.rst
@@ -876,6 +876,38 @@ although a reboot is recommended to see if everything works properly.
    in case you made a configuration error and the network stops functioning!
 
 
+Configure Oracle Linux for Basic Networks using nmcli
+'''''''''''''''''''''''''''''''''''''''''''''''''''''
+All the required packages were installed when you installed libvirt, so
+we only have to configure the network.
+
+Disable IP settings on physical NIC first
+
+.. parsed-literal::
+   nmcli con mod eth0 ipv4.method disabled ipv6.method ignore
+  
+Configure cloudbr0 and include the Management IP of the hypervisor.
+
+.. parsed-literal::
+   nmcli con add type bridge ifname cloudbr0 con-name cloudbr0
+   nmcli con add type ethernet ifname eth0 master cloudbr0 slave-type bridge con-name cloudbr0-eth0
+   nmcli con modify cloudbr0 ipv4.addresses  192.168.42.11/24 ipv4.gateway 192.168.42.1 ipv4.method manual ipv6.method ignore
+
+
+Configure cloudbr1 as a plain bridge without an IP address
+
+.. parsed-literal::
+   nmcli con add type bridge ifname cloudbr1 con-name cloudbr1 ipv4.method disabled  ipv6.method ignore
+   nmcli con add type vlan ifname eth0.20 dev eth0 id 20 master cloudbr1 con-name vlan20
+
+With this configuration you should be able to restart the network,
+although a reboot is recommended to see if everything works properly.
+
+.. warning::
+   Make sure you have an alternative way like IPMI or ILO to reach the machine
+   in case you made a configuration error and the network stops functioning!
+
+
 
 Network Example for Advanced Networks
 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
@@ -1182,6 +1214,38 @@ although a reboot is recommended to see if everything works properly.
    in case you made a configuration error and the network stops functioning!
 
 
+Configure Oracle Linux for Advance Networks using nmcli
+'''''''''''''''''''''''''''''''''''''''''''''''''''''
+All the required packages were installed when you installed libvirt, so
+we only have to configure the network.
+
+Disable IP settings on physical NICs first
+
+.. parsed-literal::
+   nmcli con mod eth0 ipv4.method disabled ipv6.method ignore
+   nmcli con mod eth1 ipv4.method disabled ipv6.method ignore
+  
+Configure cloudbr0 and include the Management IP of the hypervisor.
+
+.. parsed-literal::
+   nmcli con add type bridge ifname cloudbr0 con-name cloudbr0 ipv4.addresses 192.168.42.11/24 ipv4.gateway 192.168.42.1 ipv4.method manual ipv6.method ignore
+   nmcli con add type ethernet ifname eth0 master cloudbr0 slave-type bridge con-name cloudbr0-eth0
+
+Configure cloudbr1 as a plain bridge without an IP address
+
+.. parsed-literal::
+   nmcli con add type bridge ifname cloudbr1 con-name cloudbr1 ipv4.method disabled ipv6.method ignore
+   nmcli con add type ethernet ifname eth1 master cloudbr1 slave-type bridge con-name cloudbr1-eth1
+
+With this configuration you should be able to restart the network,
+although a reboot is recommended to see if everything works properly.
+
+.. warning::
+   Make sure you have an alternative way like IPMI or ILO to reach the machine
+   in case you made a configuration error and the network stops functioning!
+
+
+
 Configure the network using OpenVswitch
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

From ae00f36f6028fd9ad02352638c2d0733864f5aba Mon Sep 17 00:00:00 2001
From: Wei Zhou <weizhou@apache.org>
Date: Wed, 22 Oct 2025 20:33:50 +0200
Subject: [PATCH 06/10] systemvm: Update patch systemvm support matrix (#382)

* systemvm: Update patch systemvm support matrix

* add note for VR memory upgrade to 512 MiB

* Add notes for VR live-patch

* Update source/upgrading/upgrade/_sysvm_restart.rst

Co-authored-by: Pearl Dsilva <pearl1594@gmail.com>

---------

Co-authored-by: Pearl Dsilva <pearl1594@gmail.com>
---
 source/upgrading/upgrade/_sysvm_restart.rst | 33 +++++++++++++--------
 1 file changed, 20 insertions(+), 13 deletions(-)

diff --git a/source/upgrading/upgrade/_sysvm_restart.rst b/source/upgrading/upgrade/_sysvm_restart.rst
index 30f32282fb..77c40456ef 100644
--- a/source/upgrading/upgrade/_sysvm_restart.rst
+++ b/source/upgrading/upgrade/_sysvm_restart.rst
@@ -35,19 +35,26 @@ This will update the software packages, which were previously bundled in the sys
 agent.zip and cloud-scripts.tgz and restart the services that are present in the /var/cache/cloud/enabled_svcs file
 in the System VMs.
 
+.. note::
+   The System VM template has been upgrade to Debian 12.x in Apache CloudStack 4.20.0.0.
+   Due to it, the memory size of default system offerings has been changed to 512 MiB.
+   If you use custom system offerings, please check the memory size of the offerings.
+   If memory size is small (for example 256 MiB), the System VMs and virtual routers might have the "kernel panic" issue on boot.
+
 .. note::
 
    The following services will be restarted once a system VM is live patched:
 
-            +---------------------+-------------------------------+
-            | **System VM**       |         **Services**          |
-            +---------------------+-------------------------------+
-            | SSVM                | cloud, apache2, portmap       |
-            +---------------------+-------------------------------+
-            | CPVM                | cloud                         |
-            +---------------------+-------------------------------+
-            | VRs                 | haproxy, apache2, dnsmasq     |
-            +---------------------+-------------------------------+
+            +---------------------+-------------------------------+---------------------------------------------------+
+            | **System VM**       |         **Services**          |  **Note**                                         |
+            +---------------------+-------------------------------+---------------------------------------------------+
+            | SSVM                | cloud, apache2, portmap       |                                                   |
+            +---------------------+-------------------------------+---------------------------------------------------+
+            | CPVM                | cloud                         |                                                   |
+            +---------------------+-------------------------------+---------------------------------------------------+
+            | VRs                 | haproxy, apache2, dnsmasq     | Please set setting `minreq.sysvmtemplate.version` |
+            |                     |                               | to proper value before live-patching              |
+            +---------------------+-------------------------------+---------------------------------------------------+
 
    With respect to VRs, a Network restart without cleanup is initiated to during live patching to ensure all rules
    are re-applied. 
@@ -64,12 +71,12 @@ Following matrix lists the versions of CloudStack that support live patching.
          +---------------------+-------------------------+--------------------------------+------------------------------------------+
          | **ACS Version**     |  **Upgrade Version**    |   **Live Patching Support**    |     **Reason / Comment**                 |
          +---------------------+-------------------------+--------------------------------+------------------------------------------+
-         | <=4.13              | 4.17+                   |  No                            | Update in the openJDK version            |
+         | <=4.15              | 4.20+                   |  No                            | Debian 10 (buster) is EOL on 2024-06-30  |
          +---------------------+-------------------------+--------------------------------+------------------------------------------+
-         | 4.14                | 4.17+                   |Yes                             | May notice some issue with remove access |
-         |                     |                         |                                | VPN due to older version of Strongswan   |
+         | >=4.16              | 4.19                    | Yes                            |       N/A                                |
          +---------------------+-------------------------+--------------------------------+------------------------------------------+
-         | >=4.15              | 4.17+                   |Yes                             |       N/A                                |
+         | >=4.16              | 4.20                    | Yes                            | May notice some issues due to Debian |
+         |                     |                         |                                | upgrade from 11(bullseye) to 12(bookworm)|
          +---------------------+-------------------------+--------------------------------+------------------------------------------+
 
 In addition to the support for live patching, users still have the facility to follow the legacy workflow

From 1b8f2ca33c83bbf5d0cb6931c4971d4ec678734e Mon Sep 17 00:00:00 2001
From: Wei Zhou <weizhou@apache.org>
Date: Mon, 27 Oct 2025 09:22:48 +0100
Subject: [PATCH 07/10] 4.20.2 release note (#583)

---
 source/_global.rst                  |  24 +-
 source/conf.py                      |   2 +-
 source/releasenotes/about.rst       |  22 +-
 source/releasenotes/api-changes.rst |  30 ++
 source/releasenotes/changes.rst     | 525 +++++++++++++++++++++++++++-
 5 files changed, 587 insertions(+), 16 deletions(-)

diff --git a/source/_global.rst b/source/_global.rst
index 98a4083f6a..ea5a78a8f8 100644
--- a/source/_global.rst
+++ b/source/_global.rst
@@ -25,20 +25,20 @@
 
 .. Latest version systemvm template name
 
-.. |sysvm64-version|     replace:: 4.20.1
-.. |sysvm64-name-xen|    replace:: systemvm-xenserver-4.20.1-x86_64
-.. |sysvm64-name-kvm|    replace:: systemvm-kvm-4.20.1-x86_64
-.. |sysvm64-name-vmware| replace:: systemvm-vmware-4.20.1-x86_64
-.. |sysvm64-name-hyperv| replace:: systemvm-hyperv-4.20.1-x86_64
-.. |sysvm64-name-ovm|    replace:: systemvm-ovm-4.20.1-x86_64
+.. |sysvm64-version|     replace:: 4.20.2
+.. |sysvm64-name-xen|    replace:: systemvm-xenserver-4.20.2-x86_64
+.. |sysvm64-name-kvm|    replace:: systemvm-kvm-4.20.2-x86_64
+.. |sysvm64-name-vmware| replace:: systemvm-vmware-4.20.2-x86_64
+.. |sysvm64-name-hyperv| replace:: systemvm-hyperv-4.20.2-x86_64
+.. |sysvm64-name-ovm|    replace:: systemvm-ovm-4.20.2-x86_64
 
 .. Latest version systemvm template URL
-.. |sysvm64-url-xen|            replace:: http://download.cloudstack.org/systemvm/4.20/systemvmtemplate-4.20.1-x86_64-xen.vhd.bz2
-.. |sysvm64-url-kvm|            replace:: http://download.cloudstack.org/systemvm/4.20/systemvmtemplate-4.20.1-x86_64-kvm.qcow2.bz2
-.. |sysvm64-url-kvm-aarch64|    replace:: http://download.cloudstack.org/systemvm/4.20/systemvmtemplate-4.20.1-aarch64-kvm.qcow2.bz2
-.. |sysvm64-url-vmware|         replace:: http://download.cloudstack.org/systemvm/4.20/systemvmtemplate-4.20.1-x86_64-vmware.ova
-.. |sysvm64-url-hyperv|         replace:: http://download.cloudstack.org/systemvm/4.20/systemvmtemplate-4.20.1-x86_64-hyperv.vhd.zip
-.. |sysvm64-url-ovm|            replace:: http://download.cloudstack.org/systemvm/4.20/systemvmtemplate-4.20.1-x86_64-ovm.raw.bz2
+.. |sysvm64-url-xen|            replace:: http://download.cloudstack.org/systemvm/4.20/systemvmtemplate-4.20.2-x86_64-xen.vhd.bz2
+.. |sysvm64-url-kvm|            replace:: http://download.cloudstack.org/systemvm/4.20/systemvmtemplate-4.20.2-x86_64-kvm.qcow2.bz2
+.. |sysvm64-url-kvm-aarch64|    replace:: http://download.cloudstack.org/systemvm/4.20/systemvmtemplate-4.20.2-aarch64-kvm.qcow2.bz2
+.. |sysvm64-url-vmware|         replace:: http://download.cloudstack.org/systemvm/4.20/systemvmtemplate-4.20.2-x86_64-vmware.ova
+.. |sysvm64-url-hyperv|         replace:: http://download.cloudstack.org/systemvm/4.20/systemvmtemplate-4.20.2-x86_64-hyperv.vhd.zip
+.. |sysvm64-url-ovm|            replace:: http://download.cloudstack.org/systemvm/4.20/systemvmtemplate-4.20.2-x86_64-ovm.raw.bz2
 
 .. Images
 
diff --git a/source/conf.py b/source/conf.py
index 5bf1867ea2..e04c02c6f5 100644
--- a/source/conf.py
+++ b/source/conf.py
@@ -26,7 +26,7 @@
 # The short X.Y version
 version = '4.20'
 # The full version, including alpha/beta/rc tags
-release = '4.20.1.0'
+release = '4.20.2.0'
 
 rst_epilog = """
 .. include:: /_global.rst 
diff --git a/source/releasenotes/about.rst b/source/releasenotes/about.rst
index bc86fad7b8..81cbb6076f 100644
--- a/source/releasenotes/about.rst
+++ b/source/releasenotes/about.rst
@@ -17,7 +17,27 @@
 What's New in |release|
 =======================
 
-Apache CloudStack |release| is a 4.20 LTS minor release with over 150 fixes
+Apache CloudStack |release| is a 4.20 LTS minor release with around 150 fixes
+and improvements since the 4.20.1.0 release. Some of the highlights include:
+
+• Improvements for Vmware to KVM Migration
+• Fix: Potential remote code execution on Javascript engine defined rules
+• Fix: Lack of user permission validation leading to data leak for few APIs
+• Optimise VNC console performance
+• Some network related fixes and improvements
+• ScaleIO/PowerFlex smoke tests improvements and fixes
+• Some CloudStack Kubernetes Service (CKS) related fixes and improvements
+• Several UI fixes and improvements
+• Systemvm templates now built on Debian 12.12.0
+
+
+The full list of new features can be found in the project release notes at
+https://docs.cloudstack.apache.org/en/4.20.2.0/releasenotes/changes.html
+
+What's New in 4.20.1.0
+=======================
+
+Apache CloudStack 4.20.1.0 is a 4.20 LTS minor release with over 150 fixes
 and improvements since the 4.20.0.0 release. Some of the highlights include:
 
 • Improvements to multi-architecture support in CloudStack
diff --git a/source/releasenotes/api-changes.rst b/source/releasenotes/api-changes.rst
index be62c99603..b23a01bcf8 100644
--- a/source/releasenotes/api-changes.rst
+++ b/source/releasenotes/api-changes.rst
@@ -13,6 +13,36 @@
    specific language governing permissions and limitations
    under the License.
 
+API Changes Introduced in 4.20.2.0
+==================================
+
+For the complete list of API commands and params consult the `CloudStack Apidocs`_.
+
+Parameters Changed API Commands
+-------------------------------
+
+.. cssclass:: table-striped table-bordered table-hover
+
++---------------------------------------------+--------------------------------------------------------------------------------+
+| Name                                        | Description                                                                    |
++=============================================+================================================================================+
+| ``createTemplate``                          | **Request:**                                                                   |
+|                                             |                                                                                |
+|                                             | *New Parameters:*                                                              |
+|                                             |                                                                                |
+|                                             | - ``arch``                                                                     |
+|                                             |                                                                                |
++---------------------------------------------+--------------------------------------------------------------------------------+
+| ``listCapabilities``                        | **Response:**                                                                  |
+|                                             |                                                                                |
+|                                             | *New Parameters:*                                                              |
+|                                             |                                                                                |
+|                                             | - ``dynamicscalingenabled``                                                    |
+|                                             | - ``additionalconfigenabled``                                                  |
+|                                             |                                                                                |
++---------------------------------------------+--------------------------------------------------------------------------------+
+
+
 API Changes Introduced in 4.20.1.0
 ==================================
 
diff --git a/source/releasenotes/changes.rst b/source/releasenotes/changes.rst
index 56bb2e1505..bd6802e3d0 100644
--- a/source/releasenotes/changes.rst
+++ b/source/releasenotes/changes.rst
@@ -13,7 +13,528 @@
    specific language governing permissions and limitations
    under the License.
 
-Changes in |release| since 4.20.0.0
+Changes in 4.20.2.0 since 4.20.1.0
+===================================
+
+Apache CloudStack uses GitHub https://github.com/apache/cloudstack/milestone/39?closed=1
+to track its issues.
+
+
+
+.. cssclass:: table-striped table-bordered table-hover
+
+
++-------------------------+--------------------+------------------------------------------------------------+
+| Version                 | Github             | Description                                                |
++=========================+====================+============================================================+
++-------------------------+--------------------+------------------------------------------------------------+
+| 4.20.2.0                | `#11318`_          | cloudutils: fix warning, error during kvm agent            |
+|                         |                    | installation                                               |
++-------------------------+--------------------+------------------------------------------------------------+
+| 4.20.2.0                | `#11823`_          | systemvm: fix duplicated "en_US.UTF-8 UTF-8" in            |
+|                         |                    | /etc/locale.gen                                            |
++-------------------------+--------------------+------------------------------------------------------------+
+| 4.20.2.0                | `#11624`_          | Routed: fix create network exception when auto-allocation  |
+|                         |                    | is disabled                                                |
++-------------------------+--------------------+------------------------------------------------------------+
+| 4.20.2.0                | `#11822`_          | agent: increase timeout for host arch retrieval            |
++-------------------------+--------------------+------------------------------------------------------------+
+| 4.20.2.0                | `#11811`_          | importvm: fix IP address allocation on Shared networks     |
++-------------------------+--------------------+------------------------------------------------------------+
+| 4.20.2.0                | `#11782`_          | Delete template from storage pool instantly if no volume   |
+|                         |                    | is using it                                                |
++-------------------------+--------------------+------------------------------------------------------------+
+| 4.20.2.0                | `#11793`_          | update jetty                                               |
++-------------------------+--------------------+------------------------------------------------------------+
+| 4.20.2.0                | `#11773`_          | storage: change storage pool to Up state when cancel       |
+|                         |                    | storage migration                                          |
++-------------------------+--------------------+------------------------------------------------------------+
+| 4.20.2.0                | `#11801`_          | Sanitize the rbd file cmd parameter logs during qemu-img   |
+|                         |                    | convert (through Script)                                   |
++-------------------------+--------------------+------------------------------------------------------------+
+| 4.20.2.0                | `#11760`_          | UI: Fix primary storage for datastore cluster and retain   |
+|                         |                    | traffic labels during zone deployment                      |
++-------------------------+--------------------+------------------------------------------------------------+
+| 4.20.2.0                | `#10533`_          | Deal with crosssite api call after login.                  |
++-------------------------+--------------------+------------------------------------------------------------+
+| 4.20.2.0                | `#11778`_          | systemvmtemplate: Bump Debian version to 12.12.0           |
++-------------------------+--------------------+------------------------------------------------------------+
+| 4.20.2.0                | `#11722`_          | Fix to not enable the disabled local storage(s) on host    |
+|                         |                    | connection                                                 |
++-------------------------+--------------------+------------------------------------------------------------+
+| 4.20.2.0                | `#11228`_          | server: add user.password.reset.smtp.useStartTLS and       |
+|                         |                    | enabledSecurityProtocols for password reset                |
++-------------------------+--------------------+------------------------------------------------------------+
+| 4.20.2.0                | `#11787`_          | linstor: use sparse/discard qemu-img convert on thin       |
+|                         |                    | devices                                                    |
++-------------------------+--------------------+------------------------------------------------------------+
+| 4.20.2.0                | `#10641`_          | VMware: match nic mac for ip address fetch                 |
++-------------------------+--------------------+------------------------------------------------------------+
+| 4.20.2.0                | `#11735`_          | CKS: fix CKS creation on an existing Shared or Routed      |
+|                         |                    | network                                                    |
++-------------------------+--------------------+------------------------------------------------------------+
+| 4.20.2.0                | `#11751`_          | Consider Instance in Starting state as well for allocation |
+|                         |                    | algorithm                                                  |
++-------------------------+--------------------+------------------------------------------------------------+
+| 4.20.2.0                | `#11639`_          | CKS: generate a random UUID as password of CKS user in     |
+|                         |                    | project                                                    |
++-------------------------+--------------------+------------------------------------------------------------+
+| 4.20.2.0                | `#11719`_          | UI support for extraconfig in deploy and update instance   |
++-------------------------+--------------------+------------------------------------------------------------+
+| 4.20.2.0                | `#11753`_          | Fix importing unmanaged instances due to incorrect         |
+|                         |                    | internal name                                              |
++-------------------------+--------------------+------------------------------------------------------------+
+| 4.20.2.0                | `#10962`_          | systemvm: fix failed to get script version when patch      |
+|                         |                    | system vm or router                                        |
++-------------------------+--------------------+------------------------------------------------------------+
+| 4.20.2.0                | `#11198`_          | server: set download volume format to qcow2 for KVM        |
+|                         |                    | volumes                                                    |
++-------------------------+--------------------+------------------------------------------------------------+
+| 4.20.2.0                | `#11687`_          | KVM: fix delete vm snapshot if it does not exist with a    |
+|                         |                    | Stopped vm                                                 |
++-------------------------+--------------------+------------------------------------------------------------+
+| 4.20.2.0                | `#11696`_          | LDAP: honour nested groups for MSAD                        |
++-------------------------+--------------------+------------------------------------------------------------+
+| 4.20.2.0                | `#11686`_          | Fix vpclimit count for listAcccount API response           |
++-------------------------+--------------------+------------------------------------------------------------+
+| 4.20.2.0                | `#11530`_          | server: set VirtualMachineTO arch from template if present |
++-------------------------+--------------------+------------------------------------------------------------+
+| 4.20.2.0                | `#11640`_          | honor templateId passed in importVM API                    |
++-------------------------+--------------------+------------------------------------------------------------+
+| 4.20.2.0                | `#11666`_          | Mount the disabled storage pools by default                |
++-------------------------+--------------------+------------------------------------------------------------+
+| 4.20.2.0                | `#11659`_          | Fix VM import DB sequence issue on import failure          |
++-------------------------+--------------------+------------------------------------------------------------+
+| 4.20.2.0                | `#8452`_           | Cleanup allocated snapshots / vm snapshots, and update     |
+|                         |                    | pending ones to Error on MS start                          |
++-------------------------+--------------------+------------------------------------------------------------+
+| 4.20.2.0                | `#11506`_          | Update gson date format for serializing/deserializing Date |
+|                         |                    | in MS stats                                                |
++-------------------------+--------------------+------------------------------------------------------------+
+| 4.20.2.0                | `#11681`_          | VR: consider NICs for remote access VPN when apply dhcp    |
+|                         |                    | entry                                                      |
++-------------------------+--------------------+------------------------------------------------------------+
+| 4.20.2.0                | `#11670`_          | use /prod/stat to get uptime instead of the uptime command |
++-------------------------+--------------------+------------------------------------------------------------+
+| 4.20.2.0                | `#11632`_          | Fix for No VMs start after Renew Host Security Keys due to |
+|                         |                    | wrong qemu group reading                                   |
++-------------------------+--------------------+------------------------------------------------------------+
+| 4.20.2.0                | `#11602`_          | [UI] Fix group disable action for  compute and disk        |
+|                         |                    | offering                                                   |
++-------------------------+--------------------+------------------------------------------------------------+
+| 4.20.2.0                | `#11590`_          | ui: fix tab name in query params                           |
++-------------------------+--------------------+------------------------------------------------------------+
+| 4.20.2.0                | `#11389`_          | Fix NPE during VM IP fetch for shared networks             |
++-------------------------+--------------------+------------------------------------------------------------+
+| 4.20.2.0                | `#11576`_          | ui: searchview change should only remove related query     |
+|                         |                    | params                                                     |
++-------------------------+--------------------+------------------------------------------------------------+
+| 4.20.2.0                | `#11558`_          | server: check limit on correct store during snapshot       |
+|                         |                    | allocation                                                 |
++-------------------------+--------------------+------------------------------------------------------------+
+| 4.20.2.0                | `#11554`_          | ScaleIO/PowerFlex smoke tests improvements, and some fixes |
++-------------------------+--------------------+------------------------------------------------------------+
+| 4.20.2.0                | `#11614`_          | fix qemu-img path in cloudstack sudoers                    |
++-------------------------+--------------------+------------------------------------------------------------+
+| 4.20.2.0                | `#10735`_          | ssvm: use mgmt network if no storage network               |
++-------------------------+--------------------+------------------------------------------------------------+
+| 4.20.2.0                | `#11598`_          | Fix transition exception when scaling Stopped k8s clusters |
++-------------------------+--------------------+------------------------------------------------------------+
+| 4.20.2.0                | `#11610`_          | Fix NPE in case host UEFI detail is not set on agent       |
+|                         |                    | connection                                                 |
++-------------------------+--------------------+------------------------------------------------------------+
+| 4.20.2.0                | `#11507`_          | Import KVM VM: Autodetect vlan id from bridge name         |
++-------------------------+--------------------+------------------------------------------------------------+
+| 4.20.2.0                | `#10970`_          | IPv6 firewall: accept packets from related and established |
+|                         |                    | connections                                                |
++-------------------------+--------------------+------------------------------------------------------------+
+| 4.20.2.0                | `#9305`_           | server: allow migration of vm with snapshots for vmware    |
++-------------------------+--------------------+------------------------------------------------------------+
+| 4.20.2.0                | `#10869`_          | Change log level of AgentHandler#processRequest()          |
++-------------------------+--------------------+------------------------------------------------------------+
+| 4.20.2.0                | `#11556`_          | server: allow adding non-overlapping ipv6 ranges in same   |
+|                         |                    | vlan                                                       |
++-------------------------+--------------------+------------------------------------------------------------+
+| 4.20.2.0                | `#11528`_          | CKS: Validate network offering from network if provided    |
+|                         |                    | rather than global setting                                 |
++-------------------------+--------------------+------------------------------------------------------------+
+| 4.20.2.0                | `#11575`_          | ui: donot remove account, domain from query on public ip   |
+|                         |                    | filter change                                              |
++-------------------------+--------------------+------------------------------------------------------------+
+| 4.20.2.0                | `#11314`_          | server: prevent vm schedule update failure for time when   |
+|                         |                    | not changed                                                |
++-------------------------+--------------------+------------------------------------------------------------+
+| 4.20.2.0                | `#11218`_          | server,kvm: detect boot options for vm import              |
++-------------------------+--------------------+------------------------------------------------------------+
+| 4.20.2.0                | `#10734`_          | 2fa: log error on totp mismatch                            |
++-------------------------+--------------------+------------------------------------------------------------+
+| 4.20.2.0                | `#11487`_          | Delete session after key expiration                        |
++-------------------------+--------------------+------------------------------------------------------------+
+| 4.20.2.0                | `#11361`_          | Make logout function more robust to prevent session issues |
++-------------------------+--------------------+------------------------------------------------------------+
+| 4.20.2.0                | `#11553`_          | [UI] Fix display of disk size and IOPS fields in the scale |
+|                         |                    | VM form                                                    |
++-------------------------+--------------------+------------------------------------------------------------+
+| 4.20.2.0                | `#11557`_          | kvm: add ssvm storage nic null uri check during plug       |
++-------------------------+--------------------+------------------------------------------------------------+
+| 4.20.2.0                | `#11543`_          | systemvm template: update URLs of debian ISOs              |
++-------------------------+--------------------+------------------------------------------------------------+
+| 4.20.2.0                | `#11536`_          | ui: show multiple domains as links in list view            |
++-------------------------+--------------------+------------------------------------------------------------+
+| 4.20.2.0                | `#11329`_          | server: remove extra chars when template status is error   |
+|                         |                    | string                                                     |
++-------------------------+--------------------+------------------------------------------------------------+
+| 4.20.2.0                | `#10865`_          | ui: do not filter edge zones while registering             |
+|                         |                    | directdownload iso                                         |
++-------------------------+--------------------+------------------------------------------------------------+
+| 4.20.2.0                | `#11230`_          | Added events for snapshots, vmsnapshots, internalLB        |
+|                         |                    | operations                                                 |
++-------------------------+--------------------+------------------------------------------------------------+
+| 4.20.2.0                | `#11542`_          | test: fix test_04_rvpc_network_garbage_collector_nics      |
+|                         |                    | failure                                                    |
++-------------------------+--------------------+------------------------------------------------------------+
+| 4.20.2.0                | `#11550`_          | [UI] Use update offering APIs to disable compute and disk  |
+|                         |                    | offerings                                                  |
++-------------------------+--------------------+------------------------------------------------------------+
+| 4.20.2.0                | `#11537`_          | api: use single quote instead of double quote in           |
+|                         |                    | StatsResponse                                              |
++-------------------------+--------------------+------------------------------------------------------------+
+| 4.20.2.0                | `#11532`_          | kvm: fix vm deployment with direct-download iso            |
++-------------------------+--------------------+------------------------------------------------------------+
+| 4.20.2.0                | `#10152`_          | Add response object required by go SDK for parsing         |
+|                         |                    | response                                                   |
++-------------------------+--------------------+------------------------------------------------------------+
+| 4.20.2.0                | `#11243`_          | SG: Apply rules for both ipv4/ipv6 of VMs with associated  |
+|                         |                    | account/SG                                                 |
++-------------------------+--------------------+------------------------------------------------------------+
+| 4.20.2.0                | `#11518`_          | VPC VR: return UNKNOWN redundant state if no guest nics    |
++-------------------------+--------------------+------------------------------------------------------------+
+| 4.20.2.0                | `#11466`_          | UI: Prevent restriction of changeOfferingForVolume API to  |
+|                         |                    | Admin role                                                 |
++-------------------------+--------------------+------------------------------------------------------------+
+| 4.20.2.0                | `#11516`_          | Fix for live migration of VM with config drive, on KVM     |
++-------------------------+--------------------+------------------------------------------------------------+
+| 4.20.2.0                | `#11457`_          | Fix deployment of CKS clusters in Basic zone               |
++-------------------------+--------------------+------------------------------------------------------------+
+| 4.20.2.0                | `#11463`_          | Remove non-existent network service provider from UI       |
++-------------------------+--------------------+------------------------------------------------------------+
+| 4.20.2.0                | `#11448`_          | Fix snapshot physical size listing                         |
++-------------------------+--------------------+------------------------------------------------------------+
+| 4.20.2.0                | `#11397`_          | linstor: fix getVolumeStats if multiple Linstor primary    |
+|                         |                    | storages are used                                          |
++-------------------------+--------------------+------------------------------------------------------------+
+| 4.20.2.0                | `#11401`_          | UI: fix addHost error in zone creation wizard              |
++-------------------------+--------------------+------------------------------------------------------------+
+| 4.20.2.0                | `#11393`_          | ui: make vpc cidr required when not showing cidrsize       |
++-------------------------+--------------------+------------------------------------------------------------+
+| 4.20.2.0                | `#11062`_          | api: fix scale or upgrade systemvm                         |
++-------------------------+--------------------+------------------------------------------------------------+
+| 4.20.2.0                | `#11242`_          | server: fix vm deployment without networkid in a zone with |
+|                         |                    | shared networks                                            |
++-------------------------+--------------------+------------------------------------------------------------+
+| 4.20.2.0                | `#11388`_          | Fix create statement for safer upgrades                    |
++-------------------------+--------------------+------------------------------------------------------------+
+| 4.20.2.0                | `#11373`_          | juniper-contrail: publish events only for the module       |
++-------------------------+--------------------+------------------------------------------------------------+
+| 4.20.2.0                | `#11366`_          | fix storage pool capacity threshold flag                   |
++-------------------------+--------------------+------------------------------------------------------------+
+| 4.20.2.0                | `#11197`_          | Handle project delete in details view                      |
++-------------------------+--------------------+------------------------------------------------------------+
+| 4.20.2.0                | `#11315`_          | ui: pass validated storagepolicy for swift store           |
++-------------------------+--------------------+------------------------------------------------------------+
+| 4.20.2.0                | `#11380`_          | plugin-swift: handle null cache store                      |
++-------------------------+--------------------+------------------------------------------------------------+
+| 4.20.2.0                | `#11372`_          | cloud.spec: provide option between tzdata-java and         |
+|                         |                    | timezone-java                                              |
++-------------------------+--------------------+------------------------------------------------------------+
+| 4.20.2.0                | `#11369`_          | ui: update project menu on projects change                 |
++-------------------------+--------------------+------------------------------------------------------------+
+| 4.20.2.0                | `#11291`_          | Update System VM template Guest OS version                 |
++-------------------------+--------------------+------------------------------------------------------------+
+| 4.20.2.0                | `#10946`_          | Find system VM templates for CKS clusters and SharedFS     |
+|                         |                    | honouring the preferred architecture                       |
++-------------------------+--------------------+------------------------------------------------------------+
+| 4.20.2.0                | `#11337`_          | ui: fix delete traffic type                                |
++-------------------------+--------------------+------------------------------------------------------------+
+| 4.20.2.0                | `#11352`_          | API: Set Object name when expunging VM                     |
++-------------------------+--------------------+------------------------------------------------------------+
+| 4.20.2.0                | `#11142`_          | UI: Display NSX Provider only when NSX is the selected     |
+|                         |                    | Isolation method                                           |
++-------------------------+--------------------+------------------------------------------------------------+
+| 4.20.2.0                | `#11316`_          | Fix listCapacity sort by usage                             |
++-------------------------+--------------------+------------------------------------------------------------+
+| 4.20.2.0                | `#11342`_          | kvm: fix regression                                        |
+|                         |                    | 5a52ca78ae5e165211c618525613c3d62cfd1b28                   |
++-------------------------+--------------------+------------------------------------------------------------+
+| 4.20.2.0                | `#11245`_          | kvm, ui: fix interface when using vlan subnet for storage  |
+|                         |                    | traffic type                                               |
++-------------------------+--------------------+------------------------------------------------------------+
+| 4.20.2.0                | `#11306`_          | ui: fix advance setting behaviour in autoscale form        |
++-------------------------+--------------------+------------------------------------------------------------+
+| 4.20.2.0                | `#11310`_          | server: fix IllegalMonitorStateException on cluster        |
+|                         |                    | managedstate change                                        |
++-------------------------+--------------------+------------------------------------------------------------+
+| 4.20.2.0                | `#11328`_          | ui: fix volume size not showing                            |
++-------------------------+--------------------+------------------------------------------------------------+
+| 4.20.2.0                | `#11068`_          | [Multi-Arch] Select Template Arch when creating template   |
+|                         |                    | from volume                                                |
++-------------------------+--------------------+------------------------------------------------------------+
+| 4.20.2.0                | `#11244`_          | Prevent infinite autoscaling                               |
++-------------------------+--------------------+------------------------------------------------------------+
+| 4.20.2.0                | `#11237`_          | Prevent multi-select dropdown menu from floating on        |
+|                         |                    | scrolling through the form                                 |
++-------------------------+--------------------+------------------------------------------------------------+
+| 4.20.2.0                | `#11195`_          | [UI] Add dedicated account field dropdown on zone creation |
++-------------------------+--------------------+------------------------------------------------------------+
+| 4.20.2.0                | `#11220`_          | Mark LDAP user query timeout as incorrect login instead of |
+|                         |                    | disabling user immediately                                 |
++-------------------------+--------------------+------------------------------------------------------------+
+| 4.20.2.0                | `#11210`_          | Allow custom NTP servers for CPVM                          |
++-------------------------+--------------------+------------------------------------------------------------+
+| 4.20.2.0                | `#11053`_          | linstor: Use template's uuid if pool's downloadPath is     |
+|                         |                    | null as resour…                                            |
++-------------------------+--------------------+------------------------------------------------------------+
+| 4.20.2.0                | `#11264`_          | Validate qcow2 file during import operation                |
++-------------------------+--------------------+------------------------------------------------------------+
+| 4.20.2.0                | `#10975`_          | [Vmware to KVM Migration] Preserve boot type and boot mode |
+|                         |                    | of instances to be migrated                                |
++-------------------------+--------------------+------------------------------------------------------------+
+| 4.20.2.0                | `#10856`_          | polish: Fix some inconsistencies in object names and       |
+|                         |                    | messages                                                   |
++-------------------------+--------------------+------------------------------------------------------------+
+| 4.20.2.0                | `#11221`_          | console: optimise buffer sizes for faster console          |
+|                         |                    | performance                                                |
++-------------------------+--------------------+------------------------------------------------------------+
+| 4.20.2.0                | `#11102`_          | UI: Fix missing labels                                     |
++-------------------------+--------------------+------------------------------------------------------------+
+| 4.20.2.0                | `#11087`_          | list only own zones for resource admin                     |
++-------------------------+--------------------+------------------------------------------------------------+
+| 4.20.2.0                | `#11086`_          | Fix for dynamic scaling toggle for instance                |
++-------------------------+--------------------+------------------------------------------------------------+
+| 4.20.2.0                | `#11258`_          | Fix restore from NAS backup when datadisk is older than    |
+|                         |                    | the root disk.                                             |
++-------------------------+--------------------+------------------------------------------------------------+
+| 4.20.2.0                | `#11204`_          | NAS backup provider: Support backup and restore with       |
+|                         |                    | Shared mount point primary storage.                        |
++-------------------------+--------------------+------------------------------------------------------------+
+| 4.20.2.0                | `#10857`_          | Add special Icon to Shared FileSystem Instances            |
++-------------------------+--------------------+------------------------------------------------------------+
+| 4.20.2.0                | `#11211`_          | Fix to create instances with smaller templates (< 1 GB) on |
+|                         |                    | PowerFlex/ScaleIO storage                                  |
++-------------------------+--------------------+------------------------------------------------------------+
+| 4.20.2.0                | `#11214`_          | Add format and physicalsize in listIsoOs api response      |
++-------------------------+--------------------+------------------------------------------------------------+
+| 4.20.2.0                | `#10879`_          | Handle exception for decoder while uploading ISO from      |
+|                         |                    | local                                                      |
++-------------------------+--------------------+------------------------------------------------------------+
+| 4.20.2.0                | `#11138`_          | Fix update resource count failure for domains              |
++-------------------------+--------------------+------------------------------------------------------------+
+| 4.20.2.0                | `#11054`_          | npe guard for get host info on vmware                      |
++-------------------------+--------------------+------------------------------------------------------------+
+| 4.20.2.0                | `#10917`_          | kvm: consider Debian same as Ubuntu                        |
++-------------------------+--------------------+------------------------------------------------------------+
+| 4.20.2.0                | `#11179`_          | List templates and ISOs by domain                          |
++-------------------------+--------------------+------------------------------------------------------------+
+| 4.20.2.0                | `#11099`_          | PowerFlex/ScaleIO - Wait after SDC service                 |
+|                         |                    | start/restart/stop, and retry to fetch SDC id/guid         |
++-------------------------+--------------------+------------------------------------------------------------+
+| 4.20.2.0                | `#11128`_          | systemvm: build 4.20.2 template with 'depmod -a'           |
++-------------------------+--------------------+------------------------------------------------------------+
+| 4.20.2.0                | `#10848`_          | Remove unfinished usage job entries of the host on start   |
++-------------------------+--------------------+------------------------------------------------------------+
+| 4.20.2.0                | `#11171`_          | schema: fix missing columns index                          |
++-------------------------+--------------------+------------------------------------------------------------+
+| 4.20.2.0                | `#11170`_          | Improve error when a template to owned by non root-admin   |
+|                         |                    | is registered for all zones.                               |
++-------------------------+--------------------+------------------------------------------------------------+
+| 4.20.2.0                | `#11158`_          | .github: restrict codecov in UI build to apache/cloudstack |
+|                         |                    | repo                                                       |
++-------------------------+--------------------+------------------------------------------------------------+
+| 4.20.2.0                | `#11168`_          | UI: Fix volumes `SearchView`                               |
++-------------------------+--------------------+------------------------------------------------------------+
+| 4.20.2.0                | `#11091`_          | [Vmware to KVM Migration] Fix issue with vCenter           |
+|                         |                    | Standalone hosts for VM listing                            |
++-------------------------+--------------------+------------------------------------------------------------+
+| 4.20.2.0                | `#11113`_          | directdownload: fix keytool importcert                     |
++-------------------------+--------------------+------------------------------------------------------------+
+| 4.20.2.0                | `#10778`_          | Normalize naming of Kubernetes clusters                    |
++-------------------------+--------------------+------------------------------------------------------------+
+| 4.20.2.0                | `#11003`_          | [VMware to KVM Migration] Fix for converted instance NPE   |
+|                         |                    | issue when source VMware instance OVF is exported from     |
+|                         |                    | management server                                          |
++-------------------------+--------------------+------------------------------------------------------------+
+| 4.20.2.0                | `#11116`_          | ui: fix handler for deploy button menu                     |
++-------------------------+--------------------+------------------------------------------------------------+
+| 4.20.2.0                | `#11095`_          | server: fix orphan db transaction issue                    |
++-------------------------+--------------------+------------------------------------------------------------+
+| 4.20.2.0                | `#11085`_          | Corrected quota type indexes                               |
++-------------------------+--------------------+------------------------------------------------------------+
+| 4.20.2.0                | `#11106`_          | Do not rely on Memory engine in DB setup scripts           |
++-------------------------+--------------------+------------------------------------------------------------+
+| 4.20.2.0                | `#11004`_          | Block volume shrink on Xen                                 |
++-------------------------+--------------------+------------------------------------------------------------+
+| 4.20.2.0                | `#11019`_          | [Vmware to KVM Migration] Display virt-v2v and ovftool     |
+|                         |                    | versions for supported hosts for migration                 |
++-------------------------+--------------------+------------------------------------------------------------+
+| 4.20.2.0                | `#11035`_          | [Vmware to KVM Migration] Improve the Force MS option text |
++-------------------------+--------------------+------------------------------------------------------------+
+| 4.20.2.0                | `#11055`_          | Add check for ldap truststore password                     |
++-------------------------+--------------------+------------------------------------------------------------+
+| 4.20.2.0                | `#10663`_          | Accept case insensitive values in boolean settings         |
++-------------------------+--------------------+------------------------------------------------------------+
+| 4.20.2.0                | `#10814`_          | ui: show deploy/create button on right info pane           |
++-------------------------+--------------------+------------------------------------------------------------+
+
+145 Issues listed
+
+.. _`#11318`: https://github.com/apache/cloudstack/pull/11318 
+.. _`#11823`: https://github.com/apache/cloudstack/pull/11823 
+.. _`#11624`: https://github.com/apache/cloudstack/pull/11624 
+.. _`#11822`: https://github.com/apache/cloudstack/pull/11822 
+.. _`#11811`: https://github.com/apache/cloudstack/pull/11811 
+.. _`#11782`: https://github.com/apache/cloudstack/pull/11782 
+.. _`#11793`: https://github.com/apache/cloudstack/pull/11793 
+.. _`#11773`: https://github.com/apache/cloudstack/pull/11773 
+.. _`#11801`: https://github.com/apache/cloudstack/pull/11801 
+.. _`#11760`: https://github.com/apache/cloudstack/pull/11760 
+.. _`#10533`: https://github.com/apache/cloudstack/pull/10533 
+.. _`#11778`: https://github.com/apache/cloudstack/pull/11778 
+.. _`#11722`: https://github.com/apache/cloudstack/pull/11722 
+.. _`#11228`: https://github.com/apache/cloudstack/pull/11228 
+.. _`#11787`: https://github.com/apache/cloudstack/pull/11787 
+.. _`#10641`: https://github.com/apache/cloudstack/pull/10641 
+.. _`#11735`: https://github.com/apache/cloudstack/pull/11735 
+.. _`#11751`: https://github.com/apache/cloudstack/pull/11751 
+.. _`#11639`: https://github.com/apache/cloudstack/pull/11639 
+.. _`#11719`: https://github.com/apache/cloudstack/pull/11719 
+.. _`#11753`: https://github.com/apache/cloudstack/pull/11753 
+.. _`#10962`: https://github.com/apache/cloudstack/pull/10962 
+.. _`#11198`: https://github.com/apache/cloudstack/pull/11198 
+.. _`#11687`: https://github.com/apache/cloudstack/pull/11687 
+.. _`#11696`: https://github.com/apache/cloudstack/pull/11696 
+.. _`#11686`: https://github.com/apache/cloudstack/pull/11686 
+.. _`#11530`: https://github.com/apache/cloudstack/pull/11530 
+.. _`#11640`: https://github.com/apache/cloudstack/pull/11640 
+.. _`#11666`: https://github.com/apache/cloudstack/pull/11666 
+.. _`#11659`: https://github.com/apache/cloudstack/pull/11659 
+.. _`#8452`: https://github.com/apache/cloudstack/pull/8452 
+.. _`#11506`: https://github.com/apache/cloudstack/pull/11506 
+.. _`#11681`: https://github.com/apache/cloudstack/pull/11681 
+.. _`#11670`: https://github.com/apache/cloudstack/pull/11670 
+.. _`#11632`: https://github.com/apache/cloudstack/pull/11632 
+.. _`#11602`: https://github.com/apache/cloudstack/pull/11602 
+.. _`#11590`: https://github.com/apache/cloudstack/pull/11590 
+.. _`#11389`: https://github.com/apache/cloudstack/pull/11389 
+.. _`#11576`: https://github.com/apache/cloudstack/pull/11576 
+.. _`#11558`: https://github.com/apache/cloudstack/pull/11558 
+.. _`#11554`: https://github.com/apache/cloudstack/pull/11554 
+.. _`#11614`: https://github.com/apache/cloudstack/pull/11614 
+.. _`#10735`: https://github.com/apache/cloudstack/pull/10735 
+.. _`#11598`: https://github.com/apache/cloudstack/pull/11598 
+.. _`#11610`: https://github.com/apache/cloudstack/pull/11610 
+.. _`#11507`: https://github.com/apache/cloudstack/pull/11507 
+.. _`#10970`: https://github.com/apache/cloudstack/pull/10970 
+.. _`#9305`: https://github.com/apache/cloudstack/pull/9305 
+.. _`#10869`: https://github.com/apache/cloudstack/pull/10869 
+.. _`#11556`: https://github.com/apache/cloudstack/pull/11556 
+.. _`#11528`: https://github.com/apache/cloudstack/pull/11528 
+.. _`#11575`: https://github.com/apache/cloudstack/pull/11575 
+.. _`#11314`: https://github.com/apache/cloudstack/pull/11314 
+.. _`#11218`: https://github.com/apache/cloudstack/pull/11218 
+.. _`#10734`: https://github.com/apache/cloudstack/pull/10734 
+.. _`#11487`: https://github.com/apache/cloudstack/pull/11487 
+.. _`#11361`: https://github.com/apache/cloudstack/pull/11361 
+.. _`#11553`: https://github.com/apache/cloudstack/pull/11553 
+.. _`#11557`: https://github.com/apache/cloudstack/pull/11557 
+.. _`#11543`: https://github.com/apache/cloudstack/pull/11543 
+.. _`#11536`: https://github.com/apache/cloudstack/pull/11536 
+.. _`#11329`: https://github.com/apache/cloudstack/pull/11329 
+.. _`#10865`: https://github.com/apache/cloudstack/pull/10865 
+.. _`#11230`: https://github.com/apache/cloudstack/pull/11230 
+.. _`#11542`: https://github.com/apache/cloudstack/pull/11542 
+.. _`#11550`: https://github.com/apache/cloudstack/pull/11550 
+.. _`#11537`: https://github.com/apache/cloudstack/pull/11537 
+.. _`#11532`: https://github.com/apache/cloudstack/pull/11532 
+.. _`#10152`: https://github.com/apache/cloudstack/pull/10152 
+.. _`#11243`: https://github.com/apache/cloudstack/pull/11243 
+.. _`#11518`: https://github.com/apache/cloudstack/pull/11518 
+.. _`#11466`: https://github.com/apache/cloudstack/pull/11466 
+.. _`#11516`: https://github.com/apache/cloudstack/pull/11516 
+.. _`#11457`: https://github.com/apache/cloudstack/pull/11457 
+.. _`#11463`: https://github.com/apache/cloudstack/pull/11463 
+.. _`#11448`: https://github.com/apache/cloudstack/pull/11448 
+.. _`#11397`: https://github.com/apache/cloudstack/pull/11397 
+.. _`#11401`: https://github.com/apache/cloudstack/pull/11401 
+.. _`#11393`: https://github.com/apache/cloudstack/pull/11393 
+.. _`#11062`: https://github.com/apache/cloudstack/pull/11062 
+.. _`#11242`: https://github.com/apache/cloudstack/pull/11242 
+.. _`#11388`: https://github.com/apache/cloudstack/pull/11388 
+.. _`#11373`: https://github.com/apache/cloudstack/pull/11373 
+.. _`#11366`: https://github.com/apache/cloudstack/pull/11366 
+.. _`#11197`: https://github.com/apache/cloudstack/pull/11197 
+.. _`#11315`: https://github.com/apache/cloudstack/pull/11315 
+.. _`#11380`: https://github.com/apache/cloudstack/pull/11380 
+.. _`#11372`: https://github.com/apache/cloudstack/pull/11372 
+.. _`#11369`: https://github.com/apache/cloudstack/pull/11369 
+.. _`#11291`: https://github.com/apache/cloudstack/pull/11291 
+.. _`#10946`: https://github.com/apache/cloudstack/pull/10946 
+.. _`#11337`: https://github.com/apache/cloudstack/pull/11337 
+.. _`#11352`: https://github.com/apache/cloudstack/pull/11352 
+.. _`#11142`: https://github.com/apache/cloudstack/pull/11142 
+.. _`#11316`: https://github.com/apache/cloudstack/pull/11316 
+.. _`#11342`: https://github.com/apache/cloudstack/pull/11342 
+.. _`#11245`: https://github.com/apache/cloudstack/pull/11245 
+.. _`#11306`: https://github.com/apache/cloudstack/pull/11306 
+.. _`#11310`: https://github.com/apache/cloudstack/pull/11310 
+.. _`#11328`: https://github.com/apache/cloudstack/pull/11328 
+.. _`#11068`: https://github.com/apache/cloudstack/pull/11068 
+.. _`#11244`: https://github.com/apache/cloudstack/pull/11244 
+.. _`#11237`: https://github.com/apache/cloudstack/pull/11237 
+.. _`#11195`: https://github.com/apache/cloudstack/pull/11195 
+.. _`#11220`: https://github.com/apache/cloudstack/pull/11220 
+.. _`#11210`: https://github.com/apache/cloudstack/pull/11210 
+.. _`#11053`: https://github.com/apache/cloudstack/pull/11053 
+.. _`#11264`: https://github.com/apache/cloudstack/pull/11264 
+.. _`#10975`: https://github.com/apache/cloudstack/pull/10975 
+.. _`#10856`: https://github.com/apache/cloudstack/pull/10856 
+.. _`#11221`: https://github.com/apache/cloudstack/pull/11221 
+.. _`#11102`: https://github.com/apache/cloudstack/pull/11102 
+.. _`#11087`: https://github.com/apache/cloudstack/pull/11087 
+.. _`#11086`: https://github.com/apache/cloudstack/pull/11086 
+.. _`#11258`: https://github.com/apache/cloudstack/pull/11258 
+.. _`#11204`: https://github.com/apache/cloudstack/pull/11204 
+.. _`#10857`: https://github.com/apache/cloudstack/pull/10857 
+.. _`#11211`: https://github.com/apache/cloudstack/pull/11211 
+.. _`#11214`: https://github.com/apache/cloudstack/pull/11214 
+.. _`#10879`: https://github.com/apache/cloudstack/pull/10879 
+.. _`#11138`: https://github.com/apache/cloudstack/pull/11138 
+.. _`#11054`: https://github.com/apache/cloudstack/pull/11054 
+.. _`#10917`: https://github.com/apache/cloudstack/pull/10917 
+.. _`#11179`: https://github.com/apache/cloudstack/pull/11179 
+.. _`#11099`: https://github.com/apache/cloudstack/pull/11099 
+.. _`#11128`: https://github.com/apache/cloudstack/pull/11128 
+.. _`#10848`: https://github.com/apache/cloudstack/pull/10848 
+.. _`#11171`: https://github.com/apache/cloudstack/pull/11171 
+.. _`#11170`: https://github.com/apache/cloudstack/pull/11170 
+.. _`#11158`: https://github.com/apache/cloudstack/pull/11158 
+.. _`#11168`: https://github.com/apache/cloudstack/pull/11168 
+.. _`#11091`: https://github.com/apache/cloudstack/pull/11091 
+.. _`#11113`: https://github.com/apache/cloudstack/pull/11113 
+.. _`#10778`: https://github.com/apache/cloudstack/pull/10778 
+.. _`#11003`: https://github.com/apache/cloudstack/pull/11003 
+.. _`#11116`: https://github.com/apache/cloudstack/pull/11116 
+.. _`#11095`: https://github.com/apache/cloudstack/pull/11095 
+.. _`#11085`: https://github.com/apache/cloudstack/pull/11085 
+.. _`#11106`: https://github.com/apache/cloudstack/pull/11106 
+.. _`#11004`: https://github.com/apache/cloudstack/pull/11004 
+.. _`#11019`: https://github.com/apache/cloudstack/pull/11019 
+.. _`#11035`: https://github.com/apache/cloudstack/pull/11035 
+.. _`#11055`: https://github.com/apache/cloudstack/pull/11055 
+.. _`#10663`: https://github.com/apache/cloudstack/pull/10663 
+.. _`#10814`: https://github.com/apache/cloudstack/pull/10814 
+
+
+Changes in 4.20.1.0 since 4.20.0.0
 ===================================
 
 Apache CloudStack uses GitHub https://github.com/apache/cloudstack/milestone/36?closed=1
@@ -545,7 +1066,7 @@ to track its issues.
 .. _`#10418`: https://github.com/apache/cloudstack/pull/10418 
 
 
-Changes in |release| since 4.19.1.0
+Changes in 4.20.0.0 since 4.19.1.0
 ===================================
 
 Apache CloudStack uses GitHub https://github.com/apache/cloudstack/milestone/30?closed=1

From 9a5fb9dbaf67d2d8bfed51e8d9228994db19e140 Mon Sep 17 00:00:00 2001
From: Harikrishna <harikrishna.patnala@gmail.com>
Date: Wed, 10 Dec 2025 17:07:45 +0530
Subject: [PATCH 08/10] Log4j file details (#607)

---
 .../upgrading/upgrade/_log4j_file_check.rst   | 26 +++++++++++++++++++
 source/upgrading/upgrade/upgrade-4.20.rst     |  2 ++
 2 files changed, 28 insertions(+)
 create mode 100644 source/upgrading/upgrade/_log4j_file_check.rst

diff --git a/source/upgrading/upgrade/_log4j_file_check.rst b/source/upgrading/upgrade/_log4j_file_check.rst
new file mode 100644
index 0000000000..c8aa002165
--- /dev/null
+++ b/source/upgrading/upgrade/_log4j_file_check.rst
@@ -0,0 +1,26 @@
+.. Licensed to the Apache Software Foundation (ASF) under one
+   or more contributor license agreements.  See the NOTICE file
+   distributed with this work for additional information#
+   regarding copyright ownership.  The ASF licenses this file
+   to you under the Apache License, Version 2.0 (the
+   "License"); you may not use this file except in compliance
+   with the License.  You may obtain a copy of the License at
+   http://www.apache.org/licenses/LICENSE-2.0
+   Unless required by applicable law or agreed to in writing,
+   software distributed under the License is distributed on an
+   "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+   KIND, either express or implied.  See the License for the
+   specific language governing permissions and limitations
+   under the License.
+
+.. sub-section included in upgrade notes.
+
+.. note::
+
+   During upgrades from versions prior to 4.20, the logging configuration file may not be migrated automatically to the new Log4j2 format - especially if the original log4j configuration file was manually customized or modified.
+
+   It is strongly recommended to verify **before starting the Management Server and the Usage Server** that the configuration file (e.g. `log4j-cloud.xml`) under `/etc/cloudstack/management` and `/etc/cloudstack/usage` respectively uses the Log4j2 format.
+
+   If the file still uses legacy Log4j (version 1) syntax or structure, **manually replace or update** the configuration using the default Log4j2 configuration supplied with the latest package.
+
+   Failure to update may result in missing or incomplete log generation after upgrade.
\ No newline at end of file
diff --git a/source/upgrading/upgrade/upgrade-4.20.rst b/source/upgrading/upgrade/upgrade-4.20.rst
index 8a1073fc04..c55bafd036 100644
--- a/source/upgrading/upgrade/upgrade-4.20.rst
+++ b/source/upgrading/upgrade/upgrade-4.20.rst
@@ -207,6 +207,8 @@ Setup the GPG public key if you wish to enable ``gpgcheck=1``:
 
       $ sudo yum upgrade cloudstack-usage
 
+.. include:: _log4j_file_check.rst
+
 .. _upg_hyp_414:
 
 Upgrade Hypervisors

From 53173a118c6add1206f2b33d7e0c72cee727d910 Mon Sep 17 00:00:00 2001
From: Wei Zhou <weizhou@apache.org>
Date: Thu, 18 Dec 2025 08:52:15 +0100
Subject: [PATCH 09/10] Debian: add instruction for MySQL python connector
 (#610)

Co-authored-by: Jonathan de Jong <jonathandejong02@gmail.com>
---
 .../management-server/_pkg_install.rst           | 16 ++++++++++++++++
 1 file changed, 16 insertions(+)

diff --git a/source/installguide/management-server/_pkg_install.rst b/source/installguide/management-server/_pkg_install.rst
index ad8aed59cd..e44ddcaac3 100644
--- a/source/installguide/management-server/_pkg_install.rst
+++ b/source/installguide/management-server/_pkg_install.rst
@@ -53,3 +53,19 @@ Install on Ubuntu
 
    sudo apt install cloudstack-management
 
+Install on Debian
+^^^^^^^^^^^^^^^^^
+
+.. note::
+   The MySQL Python connector is not available in Debian's package repository sources, please add MySQL's own package repository:
+
+   .. code:: bash
+
+       wget https://dev.mysql.com/get/mysql-apt-config_0.8.36-1_all.deb -O /tmp/mysql-apt-config_0.8.36-1_all.deb
+       sudo apt install -y /tmp/mysql-apt-config_0.8.36-1_all.deb
+       sudo apt update
+
+.. parsed-literal::
+
+   sudo apt install cloudstack-management
+

From 2437b2a851d608341144ccfadae5cd9c08a795c0 Mon Sep 17 00:00:00 2001
From: Abhisar Sinha <63767682+abh1sar@users.noreply.github.com>
Date: Thu, 15 Jan 2026 13:51:15 +0530
Subject: [PATCH 10/10] Warning about VM with VMHA not restarting  when primary
 storage is put on maintenance (#619)

---
 source/adminguide/storage.rst | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/source/adminguide/storage.rst b/source/adminguide/storage.rst
index 2a225ee031..8cfc02a6d1 100644
--- a/source/adminguide/storage.rst
+++ b/source/adminguide/storage.rst
@@ -259,6 +259,10 @@ The CloudStack will bring the device back online and attempt to start
 all guests that were running at the time of the entry into maintenance
 mode.
 
+.. note::
+   HA-Enabled Instances will also be stopped when the primary storage is put into maintenance mode.
+   It is recommended to migrate any business-critical Instances to alternate primary storage before initiating maintenance.
+
 Browsing files on a primary storage
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~