chore: Jubilee Bridge 3.20.0 changelog.

.gitlab/CODEOWNERS

@@ -1 +1 @@
-* @go/bridge-ppl/devs
+* inbox-desktop-approvers

BUILDS.md

@@ -3,14 +3,14 @@
 ## Prerequisites
 * 64-bit OS:
     - the go-rfc5322 module cannot currently be compiled for 32-bit OSes
-* Go 1.23.4
+* Go 1.24.0
 * Bash with basic build utils: make, gcc, sed, find, grep, ...
   - For Windows, it is recommended to use MinGW 64bit shell from [MSYS2](https://www.msys2.org/)
 * GCC (Linux), msvc (Windows) or Xcode (macOS)
 * Windres (Windows)
 * libglvnd and libsecret development files (Linux)
 * pkg-config (Linux)
-* cmake, ninja-build and Qt 6.4.3 are required to build the graphical user interface. On Linux, 
+* cmake, ninja-build and Qt 6.8.2 are required to build the graphical user interface. On Linux, 
 the Mesa OpenGL development files are also needed.
 
 To enable the sending of crash reports using Sentry please set the
@@ -19,7 +19,7 @@ Otherwise, the sending of crash reports will be disabled.
 
 ## Build
 In order to build Bridge app with Qt interface we are using
-[Qt 6.4.3](https://doc.qt.io/qt-6/gettingstarted.html).
+[Qt 6.8.2](https://doc.qt.io/qt-6/gettingstarted.html).
 
 Please note that qmake path must be in your `PATH` to ensure Qt to be found.
 Also, before you start build **on Windows**, please unset the `MSYSTEM` variable

COPYING_NOTES.md

@@ -141,6 +141,7 @@ Proton Mail Bridge includes the following 3rd party software:
 * [appengine](https://google.golang.org/appengine) available under [license](https://pkg.go.dev/google.golang.org/appengine?tab=licenses) 
 * [genproto](https://google.golang.org/genproto) available under [license](https://pkg.go.dev/google.golang.org/genproto?tab=licenses) 
 * [yaml](https://gopkg.in/yaml.v3) available under [license](https://github.com/go-yaml/yaml/blob/v3.0.1/LICENSE)  available under [license](https://github.com/go-yaml/yaml/blob/v3.0.1/LICENSE) 
+* [go-autostart](https://github.com/ElectroNafta/go-autostart) available under [license](https://github.com/ElectroNafta/go-autostart/blob/master/LICENSE) 
 * [go-message](https://github.com/ProtonMail/go-message) available under [license](https://github.com/ProtonMail/go-message/blob/master/LICENSE) 
 * [go-smtp](https://github.com/ProtonMail/go-smtp) available under [license](https://github.com/ProtonMail/go-smtp/blob/master/LICENSE) 
 * [resty](https://github.com/LBeernaertProton/resty/v2) available under [license](https://github.com/LBeernaertProton/resty/v2/blob/master/LICENSE) 

Changelog.md

@@ -3,6 +3,59 @@
 Changelog [format](http://keepachangelog.com/en/1.0.0/)
 
 
+## Jubilee Bridge 3.20.0
+
+### Added
+* BRIDGE-348: Enable display of BYOE addresses in Bridge.
+* BRIDGE-340: Added additional logging for label operations and related bad events.
+* BRIDGE-324: Log a hash of the vault key on Bridge start.
+
+### Changed
+* BRIDGE-352: Chore: bump go to 1.24.2.
+* BRIDGE-353: Chore: update x/net package to 0.38.0.
+
+### Fixed
+* BRIDGE-351: Allow draft creation and import to BYOE addresses in combined mode.
+* BRIDGE-301: Prevent imports into non-BYOE external addresses.
+* BRIDGE-341: Replaced go-autostart with a fork to support creating autostart shortcuts in directories with Unicode characters on Windows.
+* BRIDGE-332: Strip newline characters from username and password fields in the Bridge GUI.
+* BRIDGE-336: Ensure all remote labels are verified and created in Gluon at Bridge startup.
+* BRIDGE-335: Persist the last successfully used keychain helper as a user preference on Linux.
+* BRIDGE-333: Ignore unknown label IDs during Bridge synchronization.
+
+
+## Infinity Bridge 3.19.0
+
+### Changed
+* BRIDGE-316: Update Qt to latest LTS version 6.8.2.
+
+
+## Helix Bridge 3.18.0
+
+### Changed
+* BRIDGE-309: Revised update logic and structure.
+* BRIDGE-154: Added access token to expiry refresh request.
+
+
+## Grunwald Bridge 3.17.0
+
+### Added
+* BRIDGE-271: Report version file check failure to Sentry.
+* BRIDGE-247: Test: Automate Bridge 0% update rollout.
+* BRIDGE-248: Test: Additional Bridge UI e2e automation tests.
+
+### Changed
+* BRIDGE-73: Update goopenpgp.
+* BRIDGE-287: Update x/net and x/crypto dependencies.
+* BRIDGE-303: Update govulncheck to latest release.
+* BRIDGE-226: Bump Go version to 1.23.4.
+* BRIDGE-288: Extension to synchronization update handler, observability tweaks and gluon update.
+
+### Fixed
+* BRIDGE-291: Use correct field for user plan type.
+* BRIDGE-143: Add missing QML component attribute, cut/paste disabled on read-only text areas.
+
+
 ## Flavien Bridge 3.16.0
 
 ### Added

Makefile

@@ -12,7 +12,7 @@ ROOT_DIR:=$(realpath .)
 .PHONY: build build-gui build-nogui build-launcher versioner hasher
 
 # Keep version hardcoded so app build works also without Git repository.
-BRIDGE_APP_VERSION?=3.16.0+git
+BRIDGE_APP_VERSION?=3.20.0+git
 APP_VERSION:=${BRIDGE_APP_VERSION}
 APP_FULL_NAME:=Proton Mail Bridge
 APP_VENDOR:=Proton AG
@@ -189,7 +189,7 @@ ${RESOURCE_FILE}: ./dist/info.rc ./dist/${SRC_ICO} .FORCE
 
 ## Dev dependencies
 .PHONY: install-devel-tools install-linter install-go-mod-outdated install-git-hooks
-LINTVER:="v1.61.0"
+LINTVER:="v1.64.6"
 LINTSRC:="https://raw.githubusercontent.com/golangci/golangci-lint/master/install.sh"
 
 install-dev-dependencies: install-devel-tools install-linter install-go-mod-outdated

go.mod

@@ -1,15 +1,15 @@
 module github.com/ProtonMail/proton-bridge/v3
 
-go 1.23
+go 1.24
 
-toolchain go1.23.4
+toolchain go1.24.2
 
 require (
 	github.com/0xAX/notificator v0.0.0-20220220101646-ee9b8921e557
 	github.com/Masterminds/semver/v3 v3.2.0
-	github.com/ProtonMail/gluon v0.17.1-0.20250116113909-2ebd96ec0bc2
+	github.com/ProtonMail/gluon v0.17.1-0.20250324123053-2abce471ad71
 	github.com/ProtonMail/go-autostart v0.0.0-20210130080809-00ed301c8e9a
-	github.com/ProtonMail/go-proton-api v0.4.1-0.20250121114701-67bd01ad0bc3
+	github.com/ProtonMail/go-proton-api v0.4.1-0.20250417134000-e624a080f7ba
 	github.com/ProtonMail/gopenpgp/v2 v2.8.2-proton
 	github.com/PuerkitoBio/goquery v1.8.1
 	github.com/abiosoft/ishell v2.0.0+incompatible
@@ -46,10 +46,10 @@ require (
 	github.com/vmihailenco/msgpack/v5 v5.3.5
 	go.uber.org/goleak v1.2.1
 	golang.org/x/exp v0.0.0-20230522175609-2e198f4a06a1
-	golang.org/x/net v0.34.0
+	golang.org/x/net v0.38.0
 	golang.org/x/oauth2 v0.7.0
-	golang.org/x/sys v0.29.0
+	golang.org/x/sys v0.31.0
-	golang.org/x/text v0.21.0
+	golang.org/x/text v0.23.0
 	google.golang.org/api v0.114.0
 	google.golang.org/grpc v1.56.3
 	google.golang.org/protobuf v1.33.0
@@ -121,9 +121,9 @@ require (
 	gitlab.com/c0b/go-ordered-json v0.0.0-20201030195603-febf46534d5a // indirect
 	go.opencensus.io v0.24.0 // indirect
 	golang.org/x/arch v0.3.0 // indirect
-	golang.org/x/crypto v0.32.0 // indirect
+	golang.org/x/crypto v0.36.0 // indirect
 	golang.org/x/mod v0.17.0 // indirect
-	golang.org/x/sync v0.10.0 // indirect
+	golang.org/x/sync v0.12.0 // indirect
 	golang.org/x/tools v0.21.1-0.20240508182429-e35e4ccd0d2d // indirect
 	google.golang.org/appengine v1.6.7 // indirect
 	google.golang.org/genproto v0.0.0-20230410155749-daa745c078e1 // indirect
@@ -131,6 +131,7 @@ require (
 )
 
 replace (
+	github.com/ProtonMail/go-autostart => github.com/ElectroNafta/go-autostart v0.0.0-20250402094843-326608c16033
 	github.com/emersion/go-message => github.com/ProtonMail/go-message v0.13.1-0.20240919135104-3bc88e6a9423
 	github.com/emersion/go-smtp => github.com/ProtonMail/go-smtp v0.0.0-20231109081432-2b3d50599865
 	github.com/go-resty/resty/v2 => github.com/LBeernaertProton/resty/v2 v2.0.0-20231129100320-dddf8030d93a

go.sum

@@ -23,6 +23,8 @@ github.com/0xAX/notificator v0.0.0-20220220101646-ee9b8921e557 h1:l6surSnJ3RP4qA
 github.com/0xAX/notificator v0.0.0-20220220101646-ee9b8921e557/go.mod h1:sTrmvD/TxuypdOERsDOS7SndZg0rzzcCi1b6wQMXUYM=
 github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU=
 github.com/BurntSushi/xgb v0.0.0-20160522181843-27f122750802/go.mod h1:IVnqGOEym/WlBOVXweHU+Q+/VP0lqqI8lqeDx9IjBqo=
+github.com/ElectroNafta/go-autostart v0.0.0-20250402094843-326608c16033 h1:d2RB9rQmSusb0K+qSgB+DAY+8i+AXZ/o+oDHj2vAUaA=
+github.com/ElectroNafta/go-autostart v0.0.0-20250402094843-326608c16033/go.mod h1:o0nKiWcK0e2G/90uL6akWRkzOV4mFcZmvpBPpigJvdw=
 github.com/Kodeworks/golang-image-ico v0.0.0-20141118225523-73f0f4cfade9/go.mod h1:7uhhqiBaR4CpN0k9rMjOtjpcfGd6DG2m04zQxKnWQ0I=
 github.com/LBeernaertProton/resty/v2 v2.0.0-20231129100320-dddf8030d93a h1:eQO/GF/+H8/9udc9QAgieFr+jr1tjXlJo35RAhsUbWY=
 github.com/LBeernaertProton/resty/v2 v2.0.0-20231129100320-dddf8030d93a/go.mod h1:iiP/OpA0CkcL3IGt1O0+/SIItFUbkkyw5BGXiVdTu+A=
@@ -34,10 +36,8 @@ github.com/OneOfOne/xxhash v1.2.2/go.mod h1:HSdplMjZKSmBqAxg5vPj2TmRDmfkzw+cTzAE
 github.com/ProtonMail/bcrypt v0.0.0-20210511135022-227b4adcab57/go.mod h1:HecWFHognK8GfRDGnFQbW/LiV7A3MX3gZVs45vk5h8I=
 github.com/ProtonMail/bcrypt v0.0.0-20211005172633-e235017c1baf h1:yc9daCCYUefEs69zUkSzubzjBbL+cmOXgnmt9Fyd9ug=
 github.com/ProtonMail/bcrypt v0.0.0-20211005172633-e235017c1baf/go.mod h1:o0ESU9p83twszAU8LBeJKFAAMX14tISa0yk4Oo5TOqo=
-github.com/ProtonMail/gluon v0.17.1-0.20250116113909-2ebd96ec0bc2 h1:lDgMidI/9j2eedavcy7YICv8+F73ooVTUoUGBE4dO0s=
+github.com/ProtonMail/gluon v0.17.1-0.20250324123053-2abce471ad71 h1:UC8SLrS6QbBeOUM8FJugyNoeV5gRGoQCwNePAMxuM20=
-github.com/ProtonMail/gluon v0.17.1-0.20250116113909-2ebd96ec0bc2/go.mod h1:0/c03TzZPNiSgY5UDJK1iRDkjlDPwWugxTT6et2qDu8=
+github.com/ProtonMail/gluon v0.17.1-0.20250324123053-2abce471ad71/go.mod h1:0/c03TzZPNiSgY5UDJK1iRDkjlDPwWugxTT6et2qDu8=
-github.com/ProtonMail/go-autostart v0.0.0-20210130080809-00ed301c8e9a h1:D+aZah+k14Gn6kmL7eKxoo/4Dr/lK3ChBcwce2+SQP4=
-github.com/ProtonMail/go-autostart v0.0.0-20210130080809-00ed301c8e9a/go.mod h1:oTGdE7/DlWIr23G0IKW3OXK9wZ5Hw1GGiaJFccTvZi4=
 github.com/ProtonMail/go-crypto v0.0.0-20230321155629-9a39f2531310/go.mod h1:8TI4H3IbrackdNgv+92dI+rhpCaLqM0IfpgCgenFvRE=
 github.com/ProtonMail/go-crypto v1.1.4-proton h1:KIo9uNlk3vzlwI7o5VjhiEjI4Ld1TDixOMnoNZyfpFE=
 github.com/ProtonMail/go-crypto v1.1.4-proton/go.mod h1:zNoyBJW3p/yVWiHNZgfTF9VsjwqYof5YY0M9kt2QaX0=
@@ -45,8 +45,16 @@ github.com/ProtonMail/go-message v0.13.1-0.20240919135104-3bc88e6a9423 h1:p8nBDx
 github.com/ProtonMail/go-message v0.13.1-0.20240919135104-3bc88e6a9423/go.mod h1:NBAn21zgCJ/52WLDyed18YvYFm5tEoeDauubFqLokM4=
 github.com/ProtonMail/go-mime v0.0.0-20230322103455-7d82a3887f2f h1:tCbYj7/299ekTTXpdwKYF8eBlsYsDVoggDAuAjoK66k=
 github.com/ProtonMail/go-mime v0.0.0-20230322103455-7d82a3887f2f/go.mod h1:gcr0kNtGBqin9zDW9GOHcVntrwnjrK+qdJ06mWYBybw=
-github.com/ProtonMail/go-proton-api v0.4.1-0.20250121114701-67bd01ad0bc3 h1:YYnLBVcg7WrEbYVmF1PBr4AEQlob9rCphsMHAmF4CAo=
+github.com/ProtonMail/go-proton-api v0.4.1-0.20250217140732-2e531f21de4c h1:dxnbB+ov77BDj1LC35fKZ14hLoTpU6OTpZySwxarVx0=
-github.com/ProtonMail/go-proton-api v0.4.1-0.20250121114701-67bd01ad0bc3/go.mod h1:RYgagBFkA3zFrSt7/vviFFwjZxBo6pGzcTwFsLwsnyc=
+github.com/ProtonMail/go-proton-api v0.4.1-0.20250217140732-2e531f21de4c/go.mod h1:RYgagBFkA3zFrSt7/vviFFwjZxBo6pGzcTwFsLwsnyc=
+github.com/ProtonMail/go-proton-api v0.4.1-0.20250409092940-13ddc20a05a1 h1:u3G9UB8prOnzOneOf0JFCIVnMRLiK4QgEpPQVu9Y8Q4=
+github.com/ProtonMail/go-proton-api v0.4.1-0.20250409092940-13ddc20a05a1/go.mod h1:RYgagBFkA3zFrSt7/vviFFwjZxBo6pGzcTwFsLwsnyc=
+github.com/ProtonMail/go-proton-api v0.4.1-0.20250409131808-0bbc8e7c32db h1:mOtbY5BB2eNr2QmbZhFn5EnsJcimTntPB6akN2r+AuE=
+github.com/ProtonMail/go-proton-api v0.4.1-0.20250409131808-0bbc8e7c32db/go.mod h1:RYgagBFkA3zFrSt7/vviFFwjZxBo6pGzcTwFsLwsnyc=
+github.com/ProtonMail/go-proton-api v0.4.1-0.20250410050801-92de6e7c8517 h1:70JoDgXxfil4hbDoYGF98rMd47Rld6wXWyFAw4uFOTY=
+github.com/ProtonMail/go-proton-api v0.4.1-0.20250410050801-92de6e7c8517/go.mod h1:RYgagBFkA3zFrSt7/vviFFwjZxBo6pGzcTwFsLwsnyc=
+github.com/ProtonMail/go-proton-api v0.4.1-0.20250417134000-e624a080f7ba h1:DFBngZ7u/f69flRFzPp6Ipo6PKEyflJlA5OCh52yDB4=
+github.com/ProtonMail/go-proton-api v0.4.1-0.20250417134000-e624a080f7ba/go.mod h1:eXIoLyIHxvPo8Kd9e1ygYIrAwbeWJhLi3vgSz2crlK4=
 github.com/ProtonMail/go-smtp v0.0.0-20231109081432-2b3d50599865 h1:EP1gnxLL5Z7xBSymE9nSTM27nRYINuvssAtDmG0suD8=
 github.com/ProtonMail/go-smtp v0.0.0-20231109081432-2b3d50599865/go.mod h1:qm27SGYgoIPRot6ubfQ/GpiPy/g3PaZAVRxiO/sDUgQ=
 github.com/ProtonMail/go-srp v0.0.7 h1:Sos3Qk+th4tQR64vsxGIxYpN3rdnG9Wf9K4ZloC1JrI=
@@ -500,6 +508,8 @@ golang.org/x/crypto v0.7.0/go.mod h1:pYwdfH91IfpZVANVyUOhSIPZaFoJGxTFbZhFTx+dXZU
 golang.org/x/crypto v0.14.0/go.mod h1:MVFd36DqK4CsrnJYDkBA3VC4m2GkXAM0PvzMCn4JQf4=
 golang.org/x/crypto v0.32.0 h1:euUpcYgM8WcP71gNpTqQCn6rC2t6ULUPiOzfWaXVVfc=
 golang.org/x/crypto v0.32.0/go.mod h1:ZnnJkOaASj8g0AjIduWNlq2NRxL0PlBrbKVyZ6V/Ugc=
+golang.org/x/crypto v0.36.0 h1:AnAEvhDddvBdpY+uR+MyHmuZzzNqXSe/GvuDeob5L34=
+golang.org/x/crypto v0.36.0/go.mod h1:Y4J0ReaxCR1IMaabaSMugxJES1EpwhBHhv2bDHklZvc=
 golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
 golang.org/x/exp v0.0.0-20190306152737-a1d7652674e8/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
 golang.org/x/exp v0.0.0-20190510132918-efd6b22b2522/go.mod h1:ZjyILWgesfNpC6sMxTJOJm9Kp84zZh5NQWvqDGG3Qr8=
@@ -557,6 +567,8 @@ golang.org/x/net v0.10.0/go.mod h1:0qNGK6F8kojg2nk9dLZ2mShWaEBan6FAoqfSigmmuDg=
 golang.org/x/net v0.17.0/go.mod h1:NxSsAGuq816PNPmqtQdLE42eU2Fs7NoRIZrHJAlaCOE=
 golang.org/x/net v0.34.0 h1:Mb7Mrk043xzHgnRM88suvJFwzVrRfHEHJEl5/71CKw0=
 golang.org/x/net v0.34.0/go.mod h1:di0qlW3YNM5oh6GqDGQr92MyTozJPmybPK4Ev/Gm31k=
+golang.org/x/net v0.38.0 h1:vRMAPTMaeGqVhG5QyLJHqNDwecKTomGeqbnfZyKlBI8=
+golang.org/x/net v0.38.0/go.mod h1:ivrbrMbzFq5J41QOQh0siUuly180yBYtLp+CKbEaFx8=
 golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
 golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
 golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
@@ -573,6 +585,8 @@ golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJ
 golang.org/x/sync v0.1.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.10.0 h1:3NQrjDixjgGwUOCaF8w2+VYHv0Ve/vGYSbdkTa98gmQ=
 golang.org/x/sync v0.10.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk=
+golang.org/x/sync v0.12.0 h1:MHc5BpPuC30uJk597Ri8TV3CNZcTLu6B6z4lJy+g6Jw=
+golang.org/x/sync v0.12.0/go.mod h1:1dzgHSNfp02xaA81J2MS99Qcpr2w7fw1gpm99rleRqA=
 golang.org/x/sys v0.0.0-20180823144017-11551d06cbcc/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20180905080454-ebe1bf3edb33/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
@@ -613,6 +627,8 @@ golang.org/x/sys v0.8.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.13.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.29.0 h1:TPYlXGxvx1MGTn2GiZDhnjPA9wZzZeGKHHmKhHYvgaU=
 golang.org/x/sys v0.29.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
+golang.org/x/sys v0.31.0 h1:ioabZlmFYtWhL+TRYpcnNlLwhyxaM9kWTDEmfnprqik=
+golang.org/x/sys v0.31.0/go.mod h1:BJP2sWEmIv4KK5OTEluFJCKSidICx8ciO85XgH3Ak8k=
 golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
 golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
 golang.org/x/term v0.5.0/go.mod h1:jMB1sMXY+tzblOD4FWmEbocvup2/aLOaQEp7JmGp78k=
@@ -634,6 +650,8 @@ golang.org/x/text v0.9.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8=
 golang.org/x/text v0.13.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE=
 golang.org/x/text v0.21.0 h1:zyQAAkrwaneQ066sspRyJaG9VNi/YJ1NfzcGB3hZ/qo=
 golang.org/x/text v0.21.0/go.mod h1:4IBbMaMmOPCJ8SecivzSH54+73PCFmPWxNTLm+vZkEQ=
+golang.org/x/text v0.23.0 h1:D71I7dUrlY+VX0gQShAThNGHFxZ13dGLBHQLVl1mJlY=
+golang.org/x/text v0.23.0/go.mod h1:/BLNzu4aZCJ1+kcD0DNRotWKage4q2rGVAg4o22unh4=
 golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
 golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
 golang.org/x/time v0.3.0 h1:rg5rLMjNzMS1RkNLzCG38eapWhnYLFYXDXj2gOlr8j4=

internal/app/migration.go

@@ -138,7 +138,7 @@ func migrateOldAccounts(locations *locations.Locations, keychains *keychain.List
 	if err != nil {
 		return fmt.Errorf("failed to get helper: %w", err)
 	}
-	keychain, err := keychain.NewKeychain(helper, "bridge", keychains.GetHelpers(), keychains.GetDefaultHelper())
+	keychain, _, err := keychain.NewKeychain(helper, "bridge", keychains.GetHelpers(), keychains.GetDefaultHelper())
 	if err != nil {
 		return fmt.Errorf("failed to create keychain: %w", err)
 	}

internal/app/migration_test.go

@@ -134,7 +134,7 @@ func TestKeychainMigration(t *testing.T) {
 func TestUserMigration(t *testing.T) {
 	kcl := keychain.NewTestKeychainsList()
 
-	kc, err := keychain.NewKeychain("mock", "bridge", kcl.GetHelpers(), kcl.GetDefaultHelper())
+	kc, _, err := keychain.NewKeychain("mock", "bridge", kcl.GetHelpers(), kcl.GetDefaultHelper())
 	require.NoError(t, err)
 
 	require.NoError(t, kc.Put("brokenID", "broken"))

internal/app/vault.go

@@ -18,6 +18,8 @@
 package app
 
 import (
+	"crypto/sha256"
+	"encoding/hex"
 	"fmt"
 	"path"
 
@@ -69,9 +71,10 @@ func newVault(reporter *sentry.Reporter, locations *locations.Locations, keychai
 	var (
 		vaultKey       []byte
 		insecure       bool
+		lastUsedHelper string
 	)
 
-	if key, err := loadVaultKey(vaultDir, keychains); err != nil {
+	if key, helper, err := loadVaultKey(vaultDir, keychains); err != nil {
 		if reporter != nil {
 			if rerr := reporter.ReportMessageWithContext("Could not load/create vault key", map[string]any{
 				"keychainDefaultHelper":       keychains.GetDefaultHelper(),
@@ -89,6 +92,8 @@ func newVault(reporter *sentry.Reporter, locations *locations.Locations, keychai
 		vaultDir = path.Join(vaultDir, "insecure")
 	} else {
 		vaultKey = key
+		lastUsedHelper = helper
+		logHashedVaultKey(vaultKey) // Log a hash of the vault key.
 	}
 
 	gluonCacheDir, err := locations.ProvideGluonCachePath()
@@ -96,34 +101,47 @@ func newVault(reporter *sentry.Reporter, locations *locations.Locations, keychai
 		return nil, false, nil, fmt.Errorf("could not provide gluon path: %w", err)
 	}
 
-	vault, corrupt, err := vault.New(vaultDir, gluonCacheDir, vaultKey, panicHandler)
+	userVault, corrupt, err := vault.New(vaultDir, gluonCacheDir, vaultKey, panicHandler)
 	if err != nil {
 		return nil, false, corrupt, fmt.Errorf("could not create vault: %w", err)
 	}
 
-	return vault, insecure, corrupt, nil
+	// Remember the last successfully used keychain and store that as the user preference.
+	if err := vault.SetHelper(vaultDir, lastUsedHelper); err != nil {
+		logrus.WithError(err).Error("Could not store last used keychain helper")
 	}
 
-func loadVaultKey(vaultDir string, keychains *keychain.List) ([]byte, error) {
+	return userVault, insecure, corrupt, nil
-	helper, err := vault.GetHelper(vaultDir)
+}
+
+// loadVaultKey - loads the key used to encrypt the vault alongside the keychain helper used to access it.
+func loadVaultKey(vaultDir string, keychains *keychain.List) (key []byte, keychainHelper string, err error) {
+	keychainHelper, err = vault.GetHelper(vaultDir)
 	if err != nil {
-		return nil, fmt.Errorf("could not get keychain helper: %w", err)
+		return nil, keychainHelper, fmt.Errorf("could not get keychain helper: %w", err)
 	}
 
-	kc, err := keychain.NewKeychain(helper, constants.KeyChainName, keychains.GetHelpers(), keychains.GetDefaultHelper())
+	kc, keychainHelper, err := keychain.NewKeychain(keychainHelper, constants.KeyChainName, keychains.GetHelpers(), keychains.GetDefaultHelper())
 	if err != nil {
-		return nil, fmt.Errorf("could not create keychain: %w", err)
+		return nil, keychainHelper, fmt.Errorf("could not create keychain: %w", err)
 	}
 
-	key, err := vault.GetVaultKey(kc)
+	key, err = vault.GetVaultKey(kc)
 	if err != nil {
 		if keychain.IsErrKeychainNoItem(err) {
 			logrus.WithError(err).Warn("no vault key found, generating new")
-			return vault.NewVaultKey(kc)
+			key, err := vault.NewVaultKey(kc)
+			return key, keychainHelper, err
 		}
 
-		return nil, fmt.Errorf("could not check for vault key: %w", err)
+		return nil, keychainHelper, fmt.Errorf("could not check for vault key: %w", err)
 	}
 
-	return key, nil
+	return key, keychainHelper, nil
+}
+
+// logHashedVaultKey - computes a sha256 hash and encodes it to base 64. The resulting string is logged.
+func logHashedVaultKey(vaultKey []byte) {
+	hashedKey := sha256.Sum256(vaultKey)
+	logrus.WithField("hashedKey", hex.EncodeToString(hashedKey[:])).Info("Found vault key")
 }

internal/bridge/bridge.go

@@ -55,6 +55,7 @@ import (
 	"github.com/ProtonMail/proton-bridge/v3/internal/vault"
 	"github.com/ProtonMail/proton-bridge/v3/pkg/keychain"
 	"github.com/bradenaw/juniper/xslices"
+	"github.com/elastic/go-sysinfo/types"
 	"github.com/go-resty/resty/v2"
 	"github.com/sirupsen/logrus"
 )
@@ -82,6 +83,7 @@ type Bridge struct {
 
 	// updater is the bridge's updater.
 	updater         Updater
+	installChLegacy chan installJobLegacy
 	installCh       chan installJob
 
 	// heartbeat is the telemetry heartbeat for metrics.
@@ -149,6 +151,9 @@ type Bridge struct {
 
 	// notificationStore is used for notification deduplication
 	notificationStore *notifications.Store
+
+	// getHostVersion primarily used for testing the update logic - it should return an OS version
+	getHostVersion func(host types.Host) string
 }
 
 var logPkg = logrus.WithField("pkg", "bridge") //nolint:gochecknoglobals
@@ -284,6 +289,7 @@ func newBridge(
 		imapEventCh: imapEventCh,
 
 		updater:         updater,
+		installChLegacy: make(chan installJobLegacy),
 		installCh:       make(chan installJob),
 
 		curVersion:     curVersion,
@@ -316,6 +322,8 @@ func newBridge(
 		observabilityService: observabilityService,
 
 		notificationStore: notifications.NewStore(locator.ProvideNotificationsCachePath),
+
+		getHostVersion: func(host types.Host) string { return host.Info().OS.Version },
 	}
 
 	bridge.serverManager = imapsmtpserver.NewService(context.Background(),
@@ -436,8 +444,17 @@ func (bridge *Bridge) init(tlsReporter TLSReporter) error {
 	// Check for updates when triggered.
 	bridge.goUpdate = bridge.tasks.PeriodicOrTrigger(constants.UpdateCheckInterval, 0, func(ctx context.Context) {
 		logPkg.Info("Checking for updates")
+		var versionLegacy updater.VersionInfoLegacy
+		var version updater.VersionInfo
+		var err error
+
+		useOldUpdateLogic := bridge.GetFeatureFlagValue(unleash.UpdateUseNewVersionFileStructureDisabled)
+		if useOldUpdateLogic {
+			versionLegacy, err = bridge.updater.GetVersionInfoLegacy(ctx, bridge.api, bridge.vault.GetUpdateChannel())
+		} else {
+			version, err = bridge.updater.GetVersionInfo(ctx, bridge.api)
+		}
 
-		version, err := bridge.updater.GetVersionInfo(ctx, bridge.api, bridge.vault.GetUpdateChannel())
 		if err != nil {
 			bridge.publish(events.UpdateCheckFailed{Error: err})
 			if errors.Is(err, updater.ErrVersionFileDownloadOrVerify) {
@@ -449,13 +466,24 @@ func (bridge *Bridge) init(tlsReporter TLSReporter) error {
 					logPkg.WithError(reporterErr).Error("Failed to report version file check error")
 				}
 			}
+		} else {
+			if useOldUpdateLogic {
+				bridge.handleUpdateLegacy(versionLegacy)
 			} else {
 				bridge.handleUpdate(version)
 			}
+		}
 	})
 	defer bridge.goUpdate()
 
-	// Install updates when available.
+	// Install updates when available - based on old update logic
+	bridge.tasks.Once(func(ctx context.Context) {
+		async.RangeContext(ctx, bridge.installChLegacy, func(job installJobLegacy) {
+			bridge.installUpdateLegacy(ctx, job)
+		})
+	})
+
+	// Install updates when available - based on new update logic
 	bridge.tasks.Once(func(ctx context.Context) {
 		async.RangeContext(ctx, bridge.installCh, func(job installJob) {
 			bridge.installUpdate(ctx, job)
@@ -692,13 +720,13 @@ func (bridge *Bridge) verifyUsernameChange() {
 func GetUpdatedCachePath(gluonDBPath, gluonCachePath string) string {
 	// If gluon cache is moved to an external drive; regex find will fail; as is expected
 	cachePathMatches := usernameChangeRegex.FindStringSubmatch(gluonCachePath)
-	if cachePathMatches == nil || len(cachePathMatches) < 2 {
+	if len(cachePathMatches) < 2 {
 		return ""
 	}
 
 	cacheUsername := cachePathMatches[1]
 	dbPathMatches := usernameChangeRegex.FindStringSubmatch(gluonDBPath)
-	if dbPathMatches == nil || len(dbPathMatches) < 2 {
+	if len(dbPathMatches) < 2 {
 		return ""
 	}
 
@@ -740,3 +768,19 @@ func (bridge *Bridge) ReportMessageWithContext(message string, messageCtx report
 func (bridge *Bridge) GetUsers() map[string]*user.User {
 	return bridge.users
 }
+
+// SetCurrentVersionTest - sets the current version of bridge; should only be used for tests.
+func (bridge *Bridge) SetCurrentVersionTest(version *semver.Version) {
+	bridge.curVersion = version
+	bridge.newVersion = version
+}
+
+// SetHostVersionGetterTest - sets the OS version helper func; only used for testing.
+func (bridge *Bridge) SetHostVersionGetterTest(fn func(host types.Host) string) {
+	bridge.getHostVersion = fn
+}
+
+// SetRolloutPercentageTest - sets the rollout percentage; should only be used for testing.
+func (bridge *Bridge) SetRolloutPercentageTest(rollout float64) error {
+	return bridge.vault.SetUpdateRollout(rollout)
+}

internal/bridge/bridge_test.go

@@ -45,6 +45,7 @@ import (
 	"github.com/ProtonMail/proton-bridge/v3/internal/focus"
 	"github.com/ProtonMail/proton-bridge/v3/internal/locations"
 	"github.com/ProtonMail/proton-bridge/v3/internal/services/imapsmtpserver"
+	"github.com/ProtonMail/proton-bridge/v3/internal/unleash"
 	"github.com/ProtonMail/proton-bridge/v3/internal/updater"
 	"github.com/ProtonMail/proton-bridge/v3/internal/user"
 	"github.com/ProtonMail/proton-bridge/v3/internal/useragent"
@@ -383,9 +384,14 @@ func TestBridge_Cookies(t *testing.T) {
 	})
 }
 
-func TestBridge_CheckUpdate(t *testing.T) {
+func TestBridge_CheckUpdate_Legacy(t *testing.T) {
 	withEnv(t, func(ctx context.Context, s *server.Server, netCtl *proton.NetCtl, locator bridge.Locator, vaultKey []byte) {
+		unleash.ModifyPollPeriodAndJitter(500*time.Millisecond, 0)
+		s.PushFeatureFlag(unleash.UpdateUseNewVersionFileStructureDisabled)
+
 		withBridge(ctx, t, s.GetHostURL(), netCtl, locator, vaultKey, func(bridge *bridge.Bridge, mocks *bridge.Mocks) {
+			// Wait for FF poll.
+			time.Sleep(600 * time.Millisecond)
 			// Disable autoupdate for this test.
 			require.NoError(t, bridge.SetAutoUpdate(false))
 
@@ -400,7 +406,7 @@ func TestBridge_CheckUpdate(t *testing.T) {
 			require.Equal(t, events.UpdateNotAvailable{}, <-noUpdateCh)
 
 			// Simulate a new version being available.
-			mocks.Updater.SetLatestVersion(v2_4_0, v2_3_0)
+			mocks.Updater.SetLatestVersionLegacy(v2_4_0, v2_3_0)
 
 			// Get a stream of update available events.
 			updateCh, done := bridge.GetEvents(events.UpdateAvailable{})
@@ -411,7 +417,7 @@ func TestBridge_CheckUpdate(t *testing.T) {
 
 			// We should receive an event indicating that an update is available.
 			require.Equal(t, events.UpdateAvailable{
-				Version: updater.VersionInfo{
+				VersionLegacy: updater.VersionInfoLegacy{
 					Version:           v2_4_0,
 					MinAuto:           v2_3_0,
 					RolloutProportion: 1.0,
@@ -423,25 +429,30 @@ func TestBridge_CheckUpdate(t *testing.T) {
 	})
 }
 
-func TestBridge_AutoUpdate(t *testing.T) {
+func TestBridge_AutoUpdate_Legacy(t *testing.T) {
 	withEnv(t, func(ctx context.Context, s *server.Server, netCtl *proton.NetCtl, locator bridge.Locator, vaultKey []byte) {
-		withBridge(ctx, t, s.GetHostURL(), netCtl, locator, vaultKey, func(bridge *bridge.Bridge, mocks *bridge.Mocks) {
+		unleash.ModifyPollPeriodAndJitter(500*time.Millisecond, 0)
+		s.PushFeatureFlag(unleash.UpdateUseNewVersionFileStructureDisabled)
+
+		withBridge(ctx, t, s.GetHostURL(), netCtl, locator, vaultKey, func(b *bridge.Bridge, mocks *bridge.Mocks) {
+			// Wait for FF poll.
+			time.Sleep(600 * time.Millisecond)
 			// Enable autoupdate for this test.
-			require.NoError(t, bridge.SetAutoUpdate(true))
+			require.NoError(t, b.SetAutoUpdate(true))
 
 			// Get a stream of update events.
-			updateCh, done := bridge.GetEvents(events.UpdateInstalled{})
+			updateCh, done := b.GetEvents(events.UpdateInstalled{})
 			defer done()
 
 			// Simulate a new version being available.
-			mocks.Updater.SetLatestVersion(v2_4_0, v2_3_0)
+			mocks.Updater.SetLatestVersionLegacy(v2_4_0, v2_3_0)
 
 			// Check for updates.
-			bridge.CheckForUpdates()
+			b.CheckForUpdates()
 
 			// We should receive an event indicating that the update was silently installed.
 			require.Equal(t, events.UpdateInstalled{
-				Version: updater.VersionInfo{
+				VersionLegacy: updater.VersionInfoLegacy{
 					Version:           v2_4_0,
 					MinAuto:           v2_3_0,
 					RolloutProportion: 1.0,
@@ -452,9 +463,14 @@ func TestBridge_AutoUpdate(t *testing.T) {
 	})
 }
 
-func TestBridge_ManualUpdate(t *testing.T) {
+func TestBridge_ManualUpdate_Legacy(t *testing.T) {
 	withEnv(t, func(ctx context.Context, s *server.Server, netCtl *proton.NetCtl, locator bridge.Locator, vaultKey []byte) {
+		unleash.ModifyPollPeriodAndJitter(500*time.Millisecond, 0)
+		s.PushFeatureFlag(unleash.UpdateUseNewVersionFileStructureDisabled)
+
 		withBridge(ctx, t, s.GetHostURL(), netCtl, locator, vaultKey, func(bridge *bridge.Bridge, mocks *bridge.Mocks) {
+			// Wait for FF poll.
+			time.Sleep(600 * time.Millisecond)
 			// Disable autoupdate for this test.
 			require.NoError(t, bridge.SetAutoUpdate(false))
 
@@ -463,14 +479,14 @@ func TestBridge_ManualUpdate(t *testing.T) {
 			defer done()
 
 			// Simulate a new version being available, but it's too new for us.
-			mocks.Updater.SetLatestVersion(v2_4_0, v2_4_0)
+			mocks.Updater.SetLatestVersionLegacy(v2_4_0, v2_4_0)
 
 			// Check for updates.
 			bridge.CheckForUpdates()
 
 			// We should receive an event indicating an update is available, but we can't install it.
 			require.Equal(t, events.UpdateAvailable{
-				Version: updater.VersionInfo{
+				VersionLegacy: updater.VersionInfoLegacy{
 					Version:           v2_4_0,
 					MinAuto:           v2_4_0,
 					RolloutProportion: 1.0,
@@ -484,7 +500,12 @@ func TestBridge_ManualUpdate(t *testing.T) {
 
 func TestBridge_ForceUpdate(t *testing.T) {
 	withEnv(t, func(ctx context.Context, s *server.Server, netCtl *proton.NetCtl, locator bridge.Locator, vaultKey []byte) {
+		unleash.ModifyPollPeriodAndJitter(500*time.Millisecond, 0)
+		s.PushFeatureFlag(unleash.UpdateUseNewVersionFileStructureDisabled)
+
 		withBridge(ctx, t, s.GetHostURL(), netCtl, locator, vaultKey, func(bridge *bridge.Bridge, _ *bridge.Mocks) {
+			// Wait for FF poll.
+			time.Sleep(600 * time.Millisecond)
 			// Get a stream of update events.
 			updateCh, done := bridge.GetEvents(events.UpdateForced{})
 			defer done()
@@ -597,7 +618,7 @@ func TestBridge_AddressWithoutKeys(t *testing.T) {
 			require.NoError(t, err)
 
 			// Create an additional address for the user; it will not have keys.
-			aliasAddrID, err := s.CreateAddress(userID, "alias@pm.me", []byte("password"))
+			aliasAddrID, err := s.CreateAddress(userID, "alias@pm.me", []byte("password"), true)
 			require.NoError(t, err)
 
 			// Create an API client so we can remove the address keys.
@@ -764,7 +785,7 @@ func TestBridge_ChangeAddressOrder(t *testing.T) {
 		require.NoError(t, err)
 
 		// Create a second address for the user.
-		aliasID, err := s.CreateAddress(userID, "alias@"+s.GetDomain(), password)
+		aliasID, err := s.CreateAddress(userID, "alias@"+s.GetDomain(), password, true)
 		require.NoError(t, err)
 
 		// Create 10 messages for the user.

internal/bridge/mocks.go

@@ -119,13 +119,14 @@ func (provider *TestLocationsProvider) UserCache() string {
 }
 
 type TestUpdater struct {
-	latest updater.VersionInfo
+	latest   updater.VersionInfoLegacy
+	releases updater.VersionInfo
 	lock     sync.RWMutex
 }
 
 func NewTestUpdater(version, minAuto *semver.Version) *TestUpdater {
 	return &TestUpdater{
-		latest: updater.VersionInfo{
+		latest: updater.VersionInfoLegacy{
 			Version: version,
 			MinAuto: minAuto,
 
@@ -134,11 +135,11 @@ func NewTestUpdater(version, minAuto *semver.Version) *TestUpdater {
 	}
 }
 
-func (testUpdater *TestUpdater) SetLatestVersion(version, minAuto *semver.Version) {
+func (testUpdater *TestUpdater) SetLatestVersionLegacy(version, minAuto *semver.Version) {
 	testUpdater.lock.Lock()
 	defer testUpdater.lock.Unlock()
 
-	testUpdater.latest = updater.VersionInfo{
+	testUpdater.latest = updater.VersionInfoLegacy{
 		Version: version,
 		MinAuto: minAuto,
 
@@ -146,17 +147,35 @@ func (testUpdater *TestUpdater) SetLatestVersion(version, minAuto *semver.Versio
 	}
 }
 
-func (testUpdater *TestUpdater) GetVersionInfo(_ context.Context, _ updater.Downloader, _ updater.Channel) (updater.VersionInfo, error) {
+func (testUpdater *TestUpdater) GetVersionInfoLegacy(_ context.Context, _ updater.Downloader, _ updater.Channel) (updater.VersionInfoLegacy, error) {
 	testUpdater.lock.RLock()
 	defer testUpdater.lock.RUnlock()
 
 	return testUpdater.latest, nil
 }
 
-func (testUpdater *TestUpdater) InstallUpdate(_ context.Context, _ updater.Downloader, _ updater.VersionInfo) error {
+func (testUpdater *TestUpdater) InstallUpdateLegacy(_ context.Context, _ updater.Downloader, _ updater.VersionInfoLegacy) error {
 	return nil
 }
 
 func (testUpdater *TestUpdater) RemoveOldUpdates() error {
 	return nil
 }
+
+func (testUpdater *TestUpdater) SetLatestVersion(releases updater.VersionInfo) {
+	testUpdater.lock.Lock()
+	defer testUpdater.lock.Unlock()
+
+	testUpdater.releases = releases
+}
+
+func (testUpdater *TestUpdater) GetVersionInfo(_ context.Context, _ updater.Downloader) (updater.VersionInfo, error) {
+	testUpdater.lock.RLock()
+	defer testUpdater.lock.RUnlock()
+
+	return testUpdater.releases, nil
+}
+
+func (testUpdater *TestUpdater) InstallUpdate(_ context.Context, _ updater.Downloader, _ updater.Release) error {
+	return nil
+}

internal/bridge/observability_test.go

@@ -127,9 +127,9 @@ func TestBridge_Observability_UserMetric(t *testing.T) {
 	}
 
 	withEnv(t, func(ctx context.Context, s *server.Server, netCtl *proton.NetCtl, locator bridge.Locator, vaultKey []byte) {
-		userMetricPeriod := time.Millisecond * 200
+		userMetricPeriod := time.Millisecond * 600
 		heartbeatPeriod := time.Second * 10
-		throttlePeriod := time.Millisecond * 100
+		throttlePeriod := time.Millisecond * 300
 		observability.ModifyUserMetricInterval(userMetricPeriod)
 		observability.ModifyThrottlePeriod(throttlePeriod)
 

internal/bridge/sync_test.go

@@ -355,7 +355,7 @@ func TestBridge_CanProcessEventsDuringSync(t *testing.T) {
 
 			// Create a new address
 			newAddress := "foo@proton.ch"
-			addrID, err := s.CreateAddress(userID, newAddress, password)
+			addrID, err := s.CreateAddress(userID, newAddress, password, true)
 			require.NoError(t, err)
 
 			event := <-addressCreatedCh
@@ -430,7 +430,7 @@ func TestBridge_EventReplayAfterSyncHasFinished(t *testing.T) {
 			createNumMessages(ctx, t, c, addrID, labelID, numMsg)
 		})
 
-		addrID1, err := s.CreateAddress(userID, "foo@proton.ch", password)
+		addrID1, err := s.CreateAddress(userID, "foo@proton.ch", password, true)
 		require.NoError(t, err)
 
 		var allowSyncToProgress atomic.Bool
@@ -469,7 +469,7 @@ func TestBridge_EventReplayAfterSyncHasFinished(t *testing.T) {
 			})
 
 			// User AddrID2 event as a check point to see when the new address was created.
-			addrID2, err := s.CreateAddress(userID, "bar@proton.ch", password)
+			addrID2, err := s.CreateAddress(userID, "bar@proton.ch", password, true)
 			require.NoError(t, err)
 
 			allowSyncToProgress.Store(true)
@@ -552,7 +552,7 @@ func TestBridge_MessageCreateDuringSync(t *testing.T) {
 			})
 
 			// User AddrID2 event as a check point to see when the new address was created.
-			addrID, err := s.CreateAddress(userID, "bar@proton.ch", password)
+			addrID, err := s.CreateAddress(userID, "bar@proton.ch", password, true)
 			require.NoError(t, err)
 
 			// At most two events can be published, one for the first address, then for the second.
@@ -663,7 +663,7 @@ func TestBridge_AddressOrderChangeDuringSyncInCombinedModeDoesNotTriggerBadEvent
 			require.Equal(t, 1, len(info.Addresses))
 			require.Equal(t, info.Addresses[0], "user@proton.local")
 
-			addrID2, err := s.CreateAddress(userID, "foo@"+s.GetDomain(), password)
+			addrID2, err := s.CreateAddress(userID, "foo@"+s.GetDomain(), password, true)
 			require.NoError(t, err)
 
 			require.NoError(t, s.SetAddressOrder(userID, []string{addrID2, addrID}))

internal/bridge/types.go

@@ -52,7 +52,9 @@ type Autostarter interface {
 }
 
 type Updater interface {
-	GetVersionInfo(context.Context, updater.Downloader, updater.Channel) (updater.VersionInfo, error)
+	GetVersionInfoLegacy(context.Context, updater.Downloader, updater.Channel) (updater.VersionInfoLegacy, error)
-	InstallUpdate(context.Context, updater.Downloader, updater.VersionInfo) error
+	InstallUpdateLegacy(context.Context, updater.Downloader, updater.VersionInfoLegacy) error
 	RemoveOldUpdates() error
+	GetVersionInfo(context.Context, updater.Downloader) (updater.VersionInfo, error)
+	InstallUpdate(context.Context, updater.Downloader, updater.Release) error
 }

internal/bridge/updates.go

@@ -21,22 +21,168 @@ import (
 	"context"
 	"errors"
 
+	"github.com/Masterminds/semver/v3"
 	"github.com/ProtonMail/gluon/reporter"
 	"github.com/ProtonMail/proton-bridge/v3/internal/events"
 	"github.com/ProtonMail/proton-bridge/v3/internal/safe"
 	"github.com/ProtonMail/proton-bridge/v3/internal/updater"
+	"github.com/elastic/go-sysinfo"
 	"github.com/sirupsen/logrus"
+	"golang.org/x/exp/slices"
 )
 
 func (bridge *Bridge) CheckForUpdates() {
 	bridge.goUpdate()
 }
 
-func (bridge *Bridge) InstallUpdate(version updater.VersionInfo) {
+func (bridge *Bridge) InstallUpdateLegacy(version updater.VersionInfoLegacy) {
-	bridge.installCh <- installJob{version: version, silent: false}
+	bridge.installChLegacy <- installJobLegacy{version: version, silent: false}
+}
+
+func (bridge *Bridge) InstallUpdate(release updater.Release) {
+	bridge.installCh <- installJob{Release: release, Silent: false}
 }
 
 func (bridge *Bridge) handleUpdate(version updater.VersionInfo) {
+	updateChannel := bridge.vault.GetUpdateChannel()
+	updateRollout := bridge.vault.GetUpdateRollout()
+	autoUpdateEnabled := bridge.vault.GetAutoUpdate()
+
+	checkSystemVersion := true
+	hostInfo, err := sysinfo.Host()
+	// If we're unable to get host system information we skip the update's minimum/maximum OS version checks
+	if err != nil {
+		checkSystemVersion = false
+		logrus.WithError(err).Error("Failed to obtain host system info while handling updates")
+		if reporterErr := bridge.reporter.ReportMessageWithContext(
+			"Failed to obtain host system info while handling updates",
+			reporter.Context{"error": err},
+		); reporterErr != nil {
+			logrus.WithError(reporterErr).Error("Failed to report update error")
+		}
+	}
+
+	if len(version.Releases) > 0 {
+		// Update latest is only used to update the release notes and landing page URL
+		bridge.publish(events.UpdateLatest{Release: version.Releases[0]})
+	}
+
+	// minAutoUpdateEvent - used to determine the highest compatible update that satisfies the Minimum Bridge version
+	minAutoUpdateEvent := events.UpdateAvailable{
+		Release:    updater.Release{Version: &semver.Version{}},
+		Compatible: false,
+		Silent:     false,
+	}
+
+	// We assume that the version file is always created in descending order
+	// where newer versions are prepended to the top of the releases
+	// The logic for checking update eligibility is as follows:
+	// 1. Check release channel.
+	// 2. Check whether release version is greater.
+	// 3. Check if rollout is larger.
+	// 4. Check OS Version restrictions (provided that restrictions are provided, and we can extract the OS version).
+	// 5. Check Minimum Compatible Bridge Version.
+	// 6. Check if an update package is provided.
+	// 7. Check auto-update.
+	for _, release := range version.Releases {
+		log := logrus.WithFields(logrus.Fields{
+			"current":               bridge.curVersion,
+			"channel":               updateChannel,
+			"update_version":        release.Version,
+			"update_channel":        release.ReleaseCategory,
+			"update_min_auto":       release.MinAuto,
+			"update_rollout":        release.RolloutProportion,
+			"update_min_os_version": release.SystemVersion.Minimum,
+			"update_max_os_version": release.SystemVersion.Maximum,
+		})
+
+		log.Debug("Checking update release")
+
+		if !release.ReleaseCategory.UpdateEligible(updateChannel) {
+			log.Debug("Update does not satisfy update channel requirement")
+			continue
+		}
+
+		if !release.Version.GreaterThan(bridge.curVersion) {
+			log.Debug("Update version is not greater than current version")
+			continue
+		}
+
+		if release.RolloutProportion < updateRollout {
+			log.Debug("Update has not been rolled out yet")
+			continue
+		}
+
+		if checkSystemVersion {
+			shouldContinue, err := release.SystemVersion.IsHostVersionEligible(log, hostInfo, bridge.getHostVersion)
+			if err != nil && shouldContinue {
+				log.WithError(err).Error(
+					"Failed to verify host system version compatibility during release check." +
+						"Error is non-fatal continuing with checks",
+				)
+			} else if err != nil {
+				log.WithError(err).Error("Failed to verify host system version compatibility during update check")
+				continue
+			}
+
+			if !shouldContinue {
+				log.Debug("Host version does not satisfy system requirements for update")
+				continue
+			}
+		}
+
+		if release.MinAuto != nil && bridge.curVersion.LessThan(release.MinAuto) {
+			log.Debug("Update is available but is incompatible with this Bridge version")
+			if release.Version.GreaterThan(minAutoUpdateEvent.Release.Version) {
+				minAutoUpdateEvent.Release = release
+			}
+			continue
+		}
+
+		// Check if we have a provided installer package
+		if found := slices.IndexFunc(release.File, func(file updater.File) bool {
+			return file.Identifier == updater.PackageIdentifier
+		}); found == -1 {
+			log.Error("Update is available but does not contain update package")
+
+			if reporterErr := bridge.reporter.ReportMessageWithContext(
+				"Available update does not contain update package",
+				reporter.Context{"update_version": release.Version},
+			); reporterErr != nil {
+				log.WithError(reporterErr).Error("Failed to report update error")
+			}
+
+			continue
+		}
+
+		if !autoUpdateEnabled {
+			log.Info("An update is available but auto-update is disabled")
+			bridge.publish(events.UpdateAvailable{
+				Release:    release,
+				Compatible: true,
+				Silent:     false,
+			})
+			return
+		}
+
+		// If we've gotten to this point that means an automatic update is available and we should install it
+		safe.RLock(func() {
+			bridge.installCh <- installJob{Release: release, Silent: true}
+		}, bridge.newVersionLock)
+
+		return
+	}
+
+	// If there's a release with a minAuto requirement that we satisfy (alongside all other checks)
+	// then notify the user that a manual update is needed
+	if !minAutoUpdateEvent.Release.Version.Equal(&semver.Version{}) {
+		bridge.publish(minAutoUpdateEvent)
+	}
+
+	bridge.publish(events.UpdateNotAvailable{})
+}
+
+func (bridge *Bridge) handleUpdateLegacy(version updater.VersionInfoLegacy) {
 	log := logrus.WithFields(logrus.Fields{
 		"version": version.Version,
 		"current": bridge.curVersion,
@@ -44,7 +190,7 @@ func (bridge *Bridge) handleUpdate(version updater.VersionInfo) {
 	})
 
 	bridge.publish(events.UpdateLatest{
-		Version: version,
+		VersionLegacy: version,
 	})
 
 	switch {
@@ -62,7 +208,7 @@ func (bridge *Bridge) handleUpdate(version updater.VersionInfo) {
 		log.Info("An update is available but is incompatible with this version")
 
 		bridge.publish(events.UpdateAvailable{
-			Version:    version,
+			VersionLegacy: version,
 			Compatible:    false,
 			Silent:        false,
 		})
@@ -71,24 +217,24 @@ func (bridge *Bridge) handleUpdate(version updater.VersionInfo) {
 		log.Info("An update is available but auto-update is disabled")
 
 		bridge.publish(events.UpdateAvailable{
-			Version:    version,
+			VersionLegacy: version,
 			Compatible:    true,
 			Silent:        false,
 		})
 
 	default:
 		safe.RLock(func() {
-			bridge.installCh <- installJob{version: version, silent: true}
+			bridge.installChLegacy <- installJobLegacy{version: version, silent: true}
 		}, bridge.newVersionLock)
 	}
 }
 
-type installJob struct {
+type installJobLegacy struct {
-	version updater.VersionInfo
+	version updater.VersionInfoLegacy
 	silent  bool
 }
 
-func (bridge *Bridge) installUpdate(ctx context.Context, job installJob) {
+func (bridge *Bridge) installUpdateLegacy(ctx context.Context, job installJobLegacy) {
 	safe.Lock(func() {
 		log := logrus.WithFields(logrus.Fields{
 			"version": job.version.Version,
@@ -103,17 +249,12 @@ func (bridge *Bridge) installUpdate(ctx context.Context, job installJob) {
 		log.WithField("silent", job.silent).Info("An update is available")
 
 		bridge.publish(events.UpdateAvailable{
-			Version:    job.version,
+			VersionLegacy: job.version,
 			Compatible:    true,
 			Silent:        job.silent,
 		})
 
-		bridge.publish(events.UpdateInstalling{
+		err := bridge.updater.InstallUpdateLegacy(ctx, bridge.api, job.version)
-			Version: job.version,
-			Silent:  job.silent,
-		})
-
-		err := bridge.updater.InstallUpdate(ctx, bridge.api, job.version)
 
 		switch {
 		case errors.Is(err, updater.ErrDownloadVerify):
@@ -134,7 +275,7 @@ func (bridge *Bridge) installUpdate(ctx context.Context, job installJob) {
 			log.WithError(err).Error("The update could not be installed")
 
 			bridge.publish(events.UpdateFailed{
-				Version: job.version,
+				VersionLegacy: job.version,
 				Silent:        job.silent,
 				Error:         err,
 			})
@@ -143,7 +284,7 @@ func (bridge *Bridge) installUpdate(ctx context.Context, job installJob) {
 			log.Info("The update was installed successfully")
 
 			bridge.publish(events.UpdateInstalled{
-				Version: job.version,
+				VersionLegacy: job.version,
 				Silent:        job.silent,
 			})
 
@@ -152,6 +293,77 @@ func (bridge *Bridge) installUpdate(ctx context.Context, job installJob) {
 	}, bridge.newVersionLock)
 }
 
+type installJob struct {
+	Release updater.Release
+	Silent  bool
+}
+
+func (bridge *Bridge) installUpdate(ctx context.Context, job installJob) {
+	safe.Lock(func() {
+		log := logrus.WithFields(logrus.Fields{
+			"version": job.Release.Version,
+			"current": bridge.curVersion,
+			"channel": bridge.vault.GetUpdateChannel(),
+		})
+
+		if !job.Release.Version.GreaterThan(bridge.newVersion) {
+			return
+		}
+
+		log.WithField("silent", job.Silent).Info("An update is available")
+
+		bridge.publish(events.UpdateAvailable{
+			Release:    job.Release,
+			Compatible: true,
+			Silent:     job.Silent,
+		})
+
+		err := bridge.updater.InstallUpdate(ctx, bridge.api, job.Release)
+		switch {
+		case errors.Is(err, updater.ErrReleaseUpdatePackageMissing):
+			log.WithError(err).Error("The update could not be installed but we will fail silently")
+			if reporterErr := bridge.reporter.ReportExceptionWithContext(
+				"Cannot download update, update package is missing",
+				reporter.Context{"error": err},
+			); reporterErr != nil {
+				log.WithError(reporterErr).Error("Failed to report update error")
+			}
+		case errors.Is(err, updater.ErrDownloadVerify):
+			// BRIDGE-207: if download or verification fails, we do not want to trigger a manual update. We report in the log and to Sentry
+			// and we fail silently.
+			log.WithError(err).Error("The update could not be installed, but we will fail silently")
+			if reporterErr := bridge.reporter.ReportMessageWithContext(
+				"Cannot download or verify update",
+				reporter.Context{"error": err},
+			); reporterErr != nil {
+				log.WithError(reporterErr).Error("Failed to report update error")
+			}
+
+		case errors.Is(err, updater.ErrUpdateAlreadyInstalled):
+			log.Info("The update was already installed")
+
+		case err != nil:
+			log.WithError(err).Error("The update could not be installed")
+
+			bridge.publish(events.UpdateFailed{
+				Release: job.Release,
+				Silent:  job.Silent,
+				Error:   err,
+			})
+
+		default:
+			log.Info("The update was installed successfully")
+
+			bridge.publish(events.UpdateInstalled{
+				Release: job.Release,
+				Silent:  job.Silent,
+			})
+
+			bridge.newVersion = job.Release.Version
+		}
+	}, bridge.newVersionLock)
+}
+
 func (bridge *Bridge) RemoveOldUpdates() {
 	if err := bridge.updater.RemoveOldUpdates(); err != nil {
 		logrus.WithError(err).Error("Remove old updates fails")

internal/bridge/updates_test.go

@@ -0,0 +1,700 @@
+// Copyright (c) 2025 Proton AG
+//
+// This file is part of Proton Mail Bridge.
+//
+// Proton Mail Bridge is free software: you can redistribute it and/or modify
+// it under the terms of the GNU General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// Proton Mail Bridge is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License
+// along with Proton Mail Bridge. If not, see <https://www.gnu.org/licenses/>.
+
+package bridge_test
+
+import (
+	"context"
+	"runtime"
+	"testing"
+	"time"
+
+	"github.com/Masterminds/semver/v3"
+	"github.com/ProtonMail/go-proton-api"
+	"github.com/ProtonMail/go-proton-api/server"
+	bridgePkg "github.com/ProtonMail/proton-bridge/v3/internal/bridge"
+	"github.com/ProtonMail/proton-bridge/v3/internal/events"
+	"github.com/ProtonMail/proton-bridge/v3/internal/updater"
+	"github.com/ProtonMail/proton-bridge/v3/internal/updater/versioncompare"
+	"github.com/elastic/go-sysinfo/types"
+	"github.com/stretchr/testify/require"
+)
+
+// NOTE: we always assume the highest version is always the first in the release json array
+
+func Test_Update_BetaEligible(t *testing.T) {
+	withEnv(t, func(ctx context.Context, s *server.Server, netCtl *proton.NetCtl, locator bridgePkg.Locator, vaultKey []byte) {
+		withBridge(ctx, t, s.GetHostURL(), netCtl, locator, vaultKey, func(bridge *bridgePkg.Bridge, mocks *bridgePkg.Mocks) {
+			updateCh, done := bridge.GetEvents(events.UpdateInstalled{})
+			defer done()
+
+			err := bridge.SetUpdateChannel(updater.EarlyChannel)
+			require.NoError(t, err)
+
+			bridge.SetCurrentVersionTest(semver.MustParse("2.1.1"))
+
+			expectedRelease := updater.Release{
+				ReleaseCategory:   updater.EarlyAccessReleaseCategory,
+				Version:           semver.MustParse("2.1.2"),
+				SystemVersion:     versioncompare.SystemVersion{},
+				RolloutProportion: 1.0,
+				MinAuto:           &semver.Version{},
+				File: []updater.File{
+					{
+						URL:        "RANDOM_INSTALLER_URL",
+						Identifier: updater.InstallerIdentifier,
+					},
+					{
+						URL:        "RANDOM_PACKAGE_URL",
+						Identifier: updater.PackageIdentifier,
+					},
+				},
+			}
+
+			updaterData := updater.VersionInfo{Releases: []updater.Release{
+				expectedRelease,
+			}}
+
+			go func() {
+				time.Sleep(1 * time.Second)
+				mocks.Updater.SetLatestVersion(updaterData)
+				bridge.CheckForUpdates()
+			}()
+
+			select {
+			case update := <-updateCh:
+				require.Equal(t, events.UpdateInstalled{
+					Release: expectedRelease,
+					Silent:  true,
+				}, update)
+			case <-time.After(2 * time.Second):
+				t.Fatal("timeout waiting for update")
+			}
+		})
+	})
+}
+
+func Test_Update_Stable(t *testing.T) {
+	withEnv(t, func(ctx context.Context, s *server.Server, netCtl *proton.NetCtl, locator bridgePkg.Locator, vaultKey []byte) {
+		withBridge(ctx, t, s.GetHostURL(), netCtl, locator, vaultKey, func(bridge *bridgePkg.Bridge, mocks *bridgePkg.Mocks) {
+			updateCh, done := bridge.GetEvents(events.UpdateInstalled{})
+			defer done()
+
+			err := bridge.SetUpdateChannel(updater.StableChannel)
+			require.NoError(t, err)
+
+			bridge.SetCurrentVersionTest(semver.MustParse("2.1.1"))
+
+			expectedRelease := updater.Release{
+				ReleaseCategory:   updater.StableReleaseCategory,
+				Version:           semver.MustParse("2.1.3"),
+				SystemVersion:     versioncompare.SystemVersion{},
+				RolloutProportion: 1.0,
+				MinAuto:           &semver.Version{},
+				File: []updater.File{
+					{
+						URL:        "RANDOM_INSTALLER_URL",
+						Identifier: updater.InstallerIdentifier,
+					},
+					{
+						URL:        "RANDOM_PACKAGE_URL",
+						Identifier: updater.PackageIdentifier,
+					},
+				},
+			}
+
+			updaterData := updater.VersionInfo{Releases: []updater.Release{
+				{
+					ReleaseCategory:   updater.EarlyAccessReleaseCategory,
+					Version:           semver.MustParse("2.1.4"),
+					SystemVersion:     versioncompare.SystemVersion{},
+					RolloutProportion: 1.0,
+					MinAuto:           &semver.Version{},
+					File: []updater.File{
+						{
+							URL:        "RANDOM_INSTALLER_URL",
+							Identifier: updater.InstallerIdentifier,
+						},
+						{
+							URL:        "RANDOM_PACKAGE_URL",
+							Identifier: updater.PackageIdentifier,
+						},
+					},
+				},
+				expectedRelease,
+			}}
+
+			mocks.Updater.SetLatestVersion(updaterData)
+
+			bridge.CheckForUpdates()
+
+			require.Equal(t, events.UpdateInstalled{
+				Release: expectedRelease,
+				Silent:  true,
+			}, <-updateCh)
+		})
+	})
+}
+
+func Test_Update_CurrentReleaseNewest(t *testing.T) {
+	withEnv(t, func(ctx context.Context, s *server.Server, netCtl *proton.NetCtl, locator bridgePkg.Locator, vaultKey []byte) {
+		withBridge(ctx, t, s.GetHostURL(), netCtl, locator, vaultKey, func(bridge *bridgePkg.Bridge, mocks *bridgePkg.Mocks) {
+			updateCh, done := bridge.GetEvents(events.UpdateNotAvailable{})
+			defer done()
+
+			err := bridge.SetUpdateChannel(updater.StableChannel)
+			require.NoError(t, err)
+
+			bridge.SetCurrentVersionTest(semver.MustParse("2.1.5"))
+
+			expectedRelease := updater.Release{
+				ReleaseCategory:   updater.StableReleaseCategory,
+				Version:           semver.MustParse("2.1.3"),
+				SystemVersion:     versioncompare.SystemVersion{},
+				RolloutProportion: 1.0,
+				MinAuto:           &semver.Version{},
+				File: []updater.File{
+					{
+						URL:        "RANDOM_INSTALLER_URL",
+						Identifier: updater.InstallerIdentifier,
+					},
+					{
+						URL:        "RANDOM_PACKAGE_URL",
+						Identifier: updater.PackageIdentifier,
+					},
+				},
+			}
+
+			updaterData := updater.VersionInfo{Releases: []updater.Release{
+				{
+					ReleaseCategory:   updater.EarlyAccessReleaseCategory,
+					Version:           semver.MustParse("2.1.4"),
+					SystemVersion:     versioncompare.SystemVersion{},
+					RolloutProportion: 1.0,
+					MinAuto:           &semver.Version{},
+					File: []updater.File{
+						{
+							URL:        "RANDOM_INSTALLER_URL",
+							Identifier: updater.InstallerIdentifier,
+						},
+						{
+							URL:        "RANDOM_PACKAGE_URL",
+							Identifier: updater.PackageIdentifier,
+						},
+					},
+				},
+				expectedRelease,
+			}}
+
+			mocks.Updater.SetLatestVersion(updaterData)
+			bridge.CheckForUpdates()
+
+			require.Equal(t, events.UpdateNotAvailable{}, <-updateCh)
+		})
+	})
+}
+
+func Test_Update_NotRolledOutYet(t *testing.T) {
+	withEnv(t, func(ctx context.Context, s *server.Server, netCtl *proton.NetCtl, locator bridgePkg.Locator, vaultKey []byte) {
+		withBridge(ctx, t, s.GetHostURL(), netCtl, locator, vaultKey, func(bridge *bridgePkg.Bridge, mocks *bridgePkg.Mocks) {
+			require.NoError(t, bridge.SetUpdateChannel(updater.EarlyChannel))
+			bridge.SetCurrentVersionTest(semver.MustParse("2.0.0"))
+			require.NoError(t, bridge.SetRolloutPercentageTest(1.0))
+
+			updaterData := updater.VersionInfo{Releases: []updater.Release{
+				{
+					ReleaseCategory:   updater.StableReleaseCategory,
+					Version:           semver.MustParse("2.1.5"),
+					SystemVersion:     versioncompare.SystemVersion{},
+					RolloutProportion: 0.5,
+					MinAuto:           &semver.Version{},
+					File: []updater.File{
+						{
+							URL:        "RANDOM_INSTALLER_URL",
+							Identifier: updater.InstallerIdentifier,
+						},
+						{
+							URL:        "RANDOM_PACKAGE_URL",
+							Identifier: updater.PackageIdentifier,
+						},
+					},
+				},
+				{
+					ReleaseCategory:   updater.StableReleaseCategory,
+					Version:           semver.MustParse("2.1.4"),
+					SystemVersion:     versioncompare.SystemVersion{},
+					RolloutProportion: 0.5,
+					MinAuto:           &semver.Version{},
+					File: []updater.File{
+						{
+							URL:        "RANDOM_INSTALLER_URL",
+							Identifier: updater.InstallerIdentifier,
+						},
+						{
+							URL:        "RANDOM_PACKAGE_URL",
+							Identifier: updater.PackageIdentifier,
+						},
+					},
+				},
+			}}
+
+			mocks.Updater.SetLatestVersion(updaterData)
+
+			updateCh, done := bridge.GetEvents(events.UpdateNotAvailable{})
+			defer done()
+
+			bridge.CheckForUpdates()
+
+			require.Equal(t, events.UpdateNotAvailable{}, <-updateCh)
+		})
+	})
+}
+
+func Test_Update_CheckOSVersion_NoUpdate(t *testing.T) {
+	withEnv(t, func(ctx context.Context, s *server.Server, netCtl *proton.NetCtl, locator bridgePkg.Locator, vaultKey []byte) {
+		withBridge(ctx, t, s.GetHostURL(), netCtl, locator, vaultKey, func(bridge *bridgePkg.Bridge, mocks *bridgePkg.Mocks) {
+			require.NoError(t, bridge.SetAutoUpdate(true))
+			require.NoError(t, bridge.SetUpdateChannel(updater.StableChannel))
+
+			currentBridgeVersion := semver.MustParse("2.1.5")
+			bridge.SetCurrentVersionTest(currentBridgeVersion)
+
+			// Override the OS version check
+			bridge.SetHostVersionGetterTest(func(_ types.Host) string {
+				return "10.0.0"
+			})
+
+			updateNotAvailableCh, done := bridge.GetEvents(events.UpdateNotAvailable{})
+			defer done()
+
+			updateCh, updateChDone := bridge.GetEvents(events.UpdateInstalled{})
+			defer updateChDone()
+
+			expectedRelease := updater.Release{
+				ReleaseCategory: updater.StableReleaseCategory,
+				Version:         semver.MustParse("2.4.0"),
+				SystemVersion: versioncompare.SystemVersion{
+					Minimum: "12.0.0",
+					Maximum: "13.0.0",
+				},
+				RolloutProportion: 1.0,
+				File: []updater.File{
+					{
+						URL:        "RANDOM_INSTALLER_URL",
+						Identifier: updater.InstallerIdentifier,
+					},
+					{
+						URL:        "RANDOM_PACKAGE_URL",
+						Identifier: updater.PackageIdentifier,
+					},
+				},
+			}
+
+			updaterData := updater.VersionInfo{Releases: []updater.Release{
+				expectedRelease,
+				{
+					ReleaseCategory: updater.StableReleaseCategory,
+					Version:         semver.MustParse("2.3.0"),
+					SystemVersion: versioncompare.SystemVersion{
+						Minimum: "10.1.0",
+						Maximum: "11.5",
+					},
+					RolloutProportion: 1.0,
+					File: []updater.File{
+						{
+							URL:        "RANDOM_INSTALLER_URL",
+							Identifier: updater.InstallerIdentifier,
+						},
+						{
+							URL:        "RANDOM_PACKAGE_URL",
+							Identifier: updater.PackageIdentifier,
+						},
+					},
+				},
+			}}
+
+			mocks.Updater.SetLatestVersion(updaterData)
+
+			bridge.CheckForUpdates()
+
+			if runtime.GOOS == "darwin" {
+				require.Equal(t, events.UpdateNotAvailable{}, <-updateNotAvailableCh)
+			} else {
+				require.Equal(t, events.UpdateInstalled{
+					Release: expectedRelease,
+					Silent:  true,
+				}, <-updateCh)
+			}
+		})
+	})
+}
+
+func Test_Update_CheckOSVersion_HasUpdate(t *testing.T) {
+	withEnv(t, func(ctx context.Context, s *server.Server, netCtl *proton.NetCtl, locator bridgePkg.Locator, vaultKey []byte) {
+		withBridge(ctx, t, s.GetHostURL(), netCtl, locator, vaultKey, func(bridge *bridgePkg.Bridge, mocks *bridgePkg.Mocks) {
+			require.NoError(t, bridge.SetAutoUpdate(true))
+			require.NoError(t, bridge.SetUpdateChannel(updater.StableChannel))
+
+			updateCh, done := bridge.GetEvents(events.UpdateInstalled{})
+			defer done()
+
+			currentBridgeVersion := semver.MustParse("2.1.5")
+			bridge.SetCurrentVersionTest(currentBridgeVersion)
+
+			// Override the OS version check
+			bridge.SetHostVersionGetterTest(func(_ types.Host) string {
+				return "10.0.0"
+			})
+
+			expectedUpdateRelease := updater.Release{
+				ReleaseCategory: updater.StableReleaseCategory,
+				Version:         semver.MustParse("2.2.0"),
+				SystemVersion: versioncompare.SystemVersion{
+					Minimum: "10.0.0",
+					Maximum: "10.1.12",
+				},
+				RolloutProportion: 1.0,
+				File: []updater.File{
+					{
+						URL:        "RANDOM_INSTALLER_URL",
+						Identifier: updater.InstallerIdentifier,
+					},
+					{
+						URL:        "RANDOM_PACKAGE_URL",
+						Identifier: updater.PackageIdentifier,
+					},
+				},
+			}
+
+			expectedUpdateReleaseWindowsLinux := updater.Release{
+				ReleaseCategory: updater.StableReleaseCategory,
+				Version:         semver.MustParse("2.4.0"),
+				SystemVersion: versioncompare.SystemVersion{
+					Minimum: "12.0.0",
+				},
+				RolloutProportion: 1.0,
+				File: []updater.File{
+					{
+						URL:        "RANDOM_INSTALLER_URL",
+						Identifier: updater.InstallerIdentifier,
+					},
+					{
+						URL:        "RANDOM_PACKAGE_URL",
+						Identifier: updater.PackageIdentifier,
+					},
+				},
+			}
+
+			updaterData := updater.VersionInfo{Releases: []updater.Release{
+				expectedUpdateReleaseWindowsLinux,
+				{
+					ReleaseCategory: updater.StableReleaseCategory,
+					Version:         semver.MustParse("2.3.0"),
+					SystemVersion: versioncompare.SystemVersion{
+						Minimum: "11.0.0",
+					},
+					RolloutProportion: 1.0,
+					File: []updater.File{
+						{
+							URL:        "RANDOM_INSTALLER_URL",
+							Identifier: updater.InstallerIdentifier,
+						},
+						{
+							URL:        "RANDOM_PACKAGE_URL",
+							Identifier: updater.PackageIdentifier,
+						},
+					},
+				},
+				expectedUpdateRelease,
+				{
+					ReleaseCategory:   updater.StableReleaseCategory,
+					Version:           semver.MustParse("2.1.0"),
+					SystemVersion:     versioncompare.SystemVersion{},
+					RolloutProportion: 1.0,
+					File: []updater.File{
+						{
+							URL:        "RANDOM_INSTALLER_URL",
+							Identifier: updater.InstallerIdentifier,
+						},
+						{
+							URL:        "RANDOM_PACKAGE_URL",
+							Identifier: updater.PackageIdentifier,
+						},
+					},
+				},
+			}}
+
+			mocks.Updater.SetLatestVersion(updaterData)
+
+			bridge.CheckForUpdates()
+
+			if runtime.GOOS == "darwin" {
+				require.Equal(t, events.UpdateInstalled{
+					Release: expectedUpdateRelease,
+					Silent:  true,
+				}, <-updateCh)
+			} else {
+				require.Equal(t, events.UpdateInstalled{
+					Release: expectedUpdateReleaseWindowsLinux,
+					Silent:  true,
+				}, <-updateCh)
+			}
+		})
+	})
+}
+
+func Test_Update_UpdateFromMinVer_UpdateAvailable(t *testing.T) {
+	withEnv(t, func(ctx context.Context, s *server.Server, netCtl *proton.NetCtl, locator bridgePkg.Locator, vaultKey []byte) {
+		withBridge(ctx, t, s.GetHostURL(), netCtl, locator, vaultKey, func(bridge *bridgePkg.Bridge, mocks *bridgePkg.Mocks) {
+			require.NoError(t, bridge.SetAutoUpdate(true))
+			require.NoError(t, bridge.SetUpdateChannel(updater.StableChannel))
+
+			currentBridgeVersion := semver.MustParse("2.1.5")
+			bridge.SetCurrentVersionTest(currentBridgeVersion)
+
+			updateCh, done := bridge.GetEvents(events.UpdateInstalled{})
+			defer done()
+
+			expectedUpdateRelease := updater.Release{
+				ReleaseCategory:   updater.StableReleaseCategory,
+				Version:           semver.MustParse("2.2.0"),
+				SystemVersion:     versioncompare.SystemVersion{},
+				RolloutProportion: 1.0,
+				MinAuto:           currentBridgeVersion,
+				File: []updater.File{
+					{
+						URL:        "RANDOM_INSTALLER_URL",
+						Identifier: updater.InstallerIdentifier,
+					},
+					{
+						URL:        "RANDOM_PACKAGE_URL",
+						Identifier: updater.PackageIdentifier,
+					},
+				},
+			}
+
+			updaterData := updater.VersionInfo{Releases: []updater.Release{
+				{
+					ReleaseCategory:   updater.StableReleaseCategory,
+					Version:           semver.MustParse("2.3.0"),
+					SystemVersion:     versioncompare.SystemVersion{},
+					RolloutProportion: 1.0,
+					MinAuto:           semver.MustParse("2.2.1"),
+					File: []updater.File{
+						{
+							URL:        "RANDOM_INSTALLER_URL",
+							Identifier: updater.InstallerIdentifier,
+						},
+						{
+							URL:        "RANDOM_PACKAGE_URL",
+							Identifier: updater.PackageIdentifier,
+						},
+					},
+				},
+				{
+					ReleaseCategory:   updater.StableReleaseCategory,
+					Version:           semver.MustParse("2.2.1"),
+					SystemVersion:     versioncompare.SystemVersion{},
+					RolloutProportion: 1.0,
+					MinAuto:           semver.MustParse("2.2.0"),
+					File: []updater.File{
+						{
+							URL:        "RANDOM_INSTALLER_URL",
+							Identifier: updater.InstallerIdentifier,
+						},
+						{
+							URL:        "RANDOM_PACKAGE_URL",
+							Identifier: updater.PackageIdentifier,
+						},
+					},
+				},
+				expectedUpdateRelease,
+			}}
+
+			mocks.Updater.SetLatestVersion(updaterData)
+
+			bridge.CheckForUpdates()
+
+			require.Equal(t, events.UpdateInstalled{
+				Release: expectedUpdateRelease,
+				Silent:  true,
+			}, <-updateCh)
+		})
+	})
+}
+
+// Test_Update_UpdateFromMinVer_NoCompatibleVersionForceManual -
+// if we have an update, but we don't satisfy minVersion, a manual update to the highest possible version should be performed.
+func Test_Update_UpdateFromMinVer_NoCompatibleVersionForceManual(t *testing.T) {
+	withEnv(t, func(ctx context.Context, s *server.Server, netCtl *proton.NetCtl, locator bridgePkg.Locator, vaultKey []byte) {
+		withBridge(ctx, t, s.GetHostURL(), netCtl, locator, vaultKey, func(bridge *bridgePkg.Bridge, mocks *bridgePkg.Mocks) {
+			require.NoError(t, bridge.SetAutoUpdate(true))
+			require.NoError(t, bridge.SetUpdateChannel(updater.StableChannel))
+
+			currentBridgeVersion := semver.MustParse("2.1.5")
+			bridge.SetCurrentVersionTest(currentBridgeVersion)
+
+			updateCh, done := bridge.GetEvents(events.UpdateAvailable{})
+			defer done()
+
+			expectedUpdateRelease := updater.Release{
+				ReleaseCategory:   updater.StableReleaseCategory,
+				Version:           semver.MustParse("2.3.0"),
+				SystemVersion:     versioncompare.SystemVersion{},
+				RolloutProportion: 1.0,
+				MinAuto:           semver.MustParse("2.2.1"),
+				File: []updater.File{
+					{
+						URL:        "RANDOM_INSTALLER_URL",
+						Identifier: updater.InstallerIdentifier,
+					},
+					{
+						URL:        "RANDOM_PACKAGE_URL",
+						Identifier: updater.PackageIdentifier,
+					},
+				},
+			}
+
+			updaterData := updater.VersionInfo{Releases: []updater.Release{
+				{
+					ReleaseCategory:   updater.StableReleaseCategory,
+					Version:           semver.MustParse("2.2.1"),
+					SystemVersion:     versioncompare.SystemVersion{},
+					RolloutProportion: 1.0,
+					MinAuto:           semver.MustParse("2.2.0"),
+					File: []updater.File{
+						{
+							URL:        "RANDOM_INSTALLER_URL",
+							Identifier: updater.InstallerIdentifier,
+						},
+						{
+							URL:        "RANDOM_PACKAGE_URL",
+							Identifier: updater.PackageIdentifier,
+						},
+					},
+				},
+				{
+					ReleaseCategory:   updater.StableReleaseCategory,
+					Version:           semver.MustParse("2.2.0"),
+					SystemVersion:     versioncompare.SystemVersion{},
+					RolloutProportion: 1.0,
+					MinAuto:           semver.MustParse("2.1.6"),
+					File: []updater.File{
+						{
+							URL:        "RANDOM_INSTALLER_URL",
+							Identifier: updater.InstallerIdentifier,
+						},
+						{
+							URL:        "RANDOM_PACKAGE_URL",
+							Identifier: updater.PackageIdentifier,
+						},
+					},
+				},
+				expectedUpdateRelease,
+			}}
+
+			mocks.Updater.SetLatestVersion(updaterData)
+
+			bridge.CheckForUpdates()
+
+			require.Equal(t, events.UpdateAvailable{
+				Release:    expectedUpdateRelease,
+				Silent:     false,
+				Compatible: false,
+			}, <-updateCh)
+		})
+	})
+}
+
+// Test_Update_UpdateFromMinVer_NoCompatibleVersionForceManual_BetaMismatch - only Beta updates are available
+// nor do we satisfy the minVersion, we can't do anything in this case.
+func Test_Update_UpdateFromMinVer_NoCompatibleVersionForceManual_BetaMismatch(t *testing.T) {
+	withEnv(t, func(ctx context.Context, s *server.Server, netCtl *proton.NetCtl, locator bridgePkg.Locator, vaultKey []byte) {
+		withBridge(ctx, t, s.GetHostURL(), netCtl, locator, vaultKey, func(bridge *bridgePkg.Bridge, mocks *bridgePkg.Mocks) {
+			require.NoError(t, bridge.SetAutoUpdate(true))
+			require.NoError(t, bridge.SetUpdateChannel(updater.StableChannel))
+
+			currentBridgeVersion := semver.MustParse("2.1.5")
+			bridge.SetCurrentVersionTest(currentBridgeVersion)
+
+			updateCh, done := bridge.GetEvents(events.UpdateNotAvailable{})
+			defer done()
+
+			expectedUpdateRelease := updater.Release{
+				ReleaseCategory:   updater.EarlyAccessReleaseCategory,
+				Version:           semver.MustParse("2.3.0"),
+				SystemVersion:     versioncompare.SystemVersion{},
+				RolloutProportion: 1.0,
+				MinAuto:           semver.MustParse("2.2.1"),
+				File: []updater.File{
+					{
+						URL:        "RANDOM_INSTALLER_URL",
+						Identifier: updater.InstallerIdentifier,
+					},
+					{
+						URL:        "RANDOM_PACKAGE_URL",
+						Identifier: updater.PackageIdentifier,
+					},
+				},
+			}
+
+			updaterData := updater.VersionInfo{Releases: []updater.Release{
+				{
+					ReleaseCategory:   updater.EarlyAccessReleaseCategory,
+					Version:           semver.MustParse("2.2.1"),
+					SystemVersion:     versioncompare.SystemVersion{},
+					RolloutProportion: 1.0,
+					MinAuto:           semver.MustParse("2.2.0"),
+					File: []updater.File{
+						{
+							URL:        "RANDOM_INSTALLER_URL",
+							Identifier: updater.InstallerIdentifier,
+						},
+						{
+							URL:        "RANDOM_PACKAGE_URL",
+							Identifier: updater.PackageIdentifier,
+						},
+					},
+				},
+				{
+					ReleaseCategory:   updater.EarlyAccessReleaseCategory,
+					Version:           semver.MustParse("2.2.0"),
+					SystemVersion:     versioncompare.SystemVersion{},
+					RolloutProportion: 1.0,
+					MinAuto:           semver.MustParse("2.1.6"),
+					File: []updater.File{
+						{
+							URL:        "RANDOM_INSTALLER_URL",
+							Identifier: updater.InstallerIdentifier,
+						},
+						{
+							URL:        "RANDOM_PACKAGE_URL",
+							Identifier: updater.PackageIdentifier,
+						},
+					},
+				},
+				expectedUpdateRelease,
+			}}
+
+			mocks.Updater.SetLatestVersion(updaterData)
+
+			bridge.CheckForUpdates()
+
+			require.Equal(t, events.UpdateNotAvailable{}, <-updateCh)
+		})
+	})
+}

internal/bridge/user_event_test.go

@@ -304,7 +304,7 @@ func TestBridge_User_AddressEvents_NoBadEvent(t *testing.T) {
 		withBridge(ctx, t, s.GetHostURL(), netCtl, locator, storeKey, func(bridge *bridge.Bridge, _ *bridge.Mocks) {
 			userLoginAndSync(ctx, t, bridge, "user", password)
 
-			addrID, err = s.CreateAddress(userID, "other@pm.me", password)
+			addrID, err = s.CreateAddress(userID, "other@pm.me", password, true)
 			require.NoError(t, err)
 			userContinueEventProcess(ctx, t, s, bridge)
 
@@ -312,7 +312,7 @@ func TestBridge_User_AddressEvents_NoBadEvent(t *testing.T) {
 			userContinueEventProcess(ctx, t, s, bridge)
 		})
 
-		otherID, err := s.CreateAddress(userID, "another@pm.me", password)
+		otherID, err := s.CreateAddress(userID, "another@pm.me", password, true)
 		require.NoError(t, err)
 		require.NoError(t, s.RemoveAddress(userID, otherID))
 
@@ -328,6 +328,87 @@ func TestBridge_User_AddressEvents_NoBadEvent(t *testing.T) {
 	})
 }
 
+func TestBridge_User_AddressEvents_BYOEAddressAdded(t *testing.T) {
+	withEnv(t, func(ctx context.Context, s *server.Server, netCtl *proton.NetCtl, locator bridge.Locator, storeKey []byte) {
+		// Create a user.
+		userID, addrID, err := s.CreateUser("user", password)
+		require.NoError(t, err)
+
+		withBridge(ctx, t, s.GetHostURL(), netCtl, locator, storeKey, func(bridge *bridge.Bridge, _ *bridge.Mocks) {
+			userLoginAndSync(ctx, t, bridge, "user", password)
+
+			// Create an additional proton address
+			addrID, err = s.CreateAddress(userID, "other@pm.me", password, true)
+			require.NoError(t, err)
+			userContinueEventProcess(ctx, t, s, bridge)
+			require.NoError(t, s.AddAddressCreatedEvent(userID, addrID))
+			userContinueEventProcess(ctx, t, s, bridge)
+
+			userInfo, err := bridge.GetUserInfo(userID)
+			require.NoError(t, err)
+			require.Equal(t, 2, len(userInfo.Addresses))
+
+			// Create an external address with sending disabled.
+			externalID, err := s.CreateExternalAddress(userID, "another@yahoo.com", password, false)
+			require.NoError(t, err)
+			userContinueEventProcess(ctx, t, s, bridge)
+			require.NoError(t, s.AddAddressCreatedEvent(userID, externalID))
+			userContinueEventProcess(ctx, t, s, bridge)
+
+			// User addresses should still return 2, as we ignore the external address.
+			userInfo, err = bridge.GetUserInfo(userID)
+			require.NoError(t, err)
+			require.Equal(t, 2, len(userInfo.Addresses))
+
+			// Create an external address w. sending enabled. This is considered a BYOE address.
+			BYOEAddrID, err := s.CreateExternalAddress(userID, "other@yahoo.com", password, true)
+			require.NoError(t, err)
+			userContinueEventProcess(ctx, t, s, bridge)
+			require.NoError(t, s.AddAddressCreatedEvent(userID, BYOEAddrID))
+			userContinueEventProcess(ctx, t, s, bridge)
+
+			userInfo, err = bridge.GetUserInfo(userID)
+			require.NoError(t, err)
+			require.Equal(t, 3, len(userInfo.Addresses))
+		})
+	})
+}
+
+func TestBridge_User_AddressEvents_ExternalAddressSendChanged(t *testing.T) {
+	withEnv(t, func(ctx context.Context, s *server.Server, netCtl *proton.NetCtl, locator bridge.Locator, storeKey []byte) {
+		userID, _, err := s.CreateUser("user", password)
+		require.NoError(t, err)
+
+		withBridge(ctx, t, s.GetHostURL(), netCtl, locator, storeKey, func(bridge *bridge.Bridge, _ *bridge.Mocks) {
+			userLoginAndSync(ctx, t, bridge, "user", password)
+
+			// Create an additional external address.
+			externalID, err := s.CreateExternalAddress(userID, "other@yahoo.me", password, false)
+			require.NoError(t, err)
+			userContinueEventProcess(ctx, t, s, bridge)
+			require.NoError(t, s.AddAddressCreatedEvent(userID, externalID))
+			userContinueEventProcess(ctx, t, s, bridge)
+
+			// We expect only one address, the external one without sending should not be considered a valid address.
+			userInfo, err := bridge.GetUserInfo(userID)
+			require.NoError(t, err)
+			require.Equal(t, 1, len(userInfo.Addresses))
+
+			// Change it to allow sending such that it becomes a BYOE address.
+			err = s.ChangeAddressAllowSend(userID, externalID, true)
+			require.NoError(t, err)
+			userContinueEventProcess(ctx, t, s, bridge)
+			require.NoError(t, s.AddAddressUpdatedEvent(userID, externalID))
+			userContinueEventProcess(ctx, t, s, bridge)
+
+			// We should now have 2 usable addresses listed.
+			userInfo, err = bridge.GetUserInfo(userID)
+			require.NoError(t, err)
+			require.Equal(t, 2, len(userInfo.Addresses))
+		})
+	})
+}
+
 func TestBridge_User_AddressEventUpdatedForAddressThatDoesNotExist_NoBadEvent(t *testing.T) {
 	withEnv(t, func(ctx context.Context, s *server.Server, netCtl *proton.NetCtl, locator bridge.Locator, storeKey []byte) {
 		// Create a user.
@@ -694,7 +775,7 @@ func TestBridge_User_DisableEnableAddress(t *testing.T) {
 		require.NoError(t, err)
 
 		// Create an additional address for the user.
-		aliasID, err := s.CreateAddress(userID, "alias@"+s.GetDomain(), password)
+		aliasID, err := s.CreateAddress(userID, "alias@"+s.GetDomain(), password, true)
 		require.NoError(t, err)
 
 		withBridge(ctx, t, s.GetHostURL(), netCtl, locator, storeKey, func(bridge *bridge.Bridge, _ *bridge.Mocks) {
@@ -745,7 +826,7 @@ func TestBridge_User_CreateDisabledAddress(t *testing.T) {
 		require.NoError(t, err)
 
 		// Create an additional address for the user.
-		aliasID, err := s.CreateAddress(userID, "alias@"+s.GetDomain(), password)
+		aliasID, err := s.CreateAddress(userID, "alias@"+s.GetDomain(), password, true)
 		require.NoError(t, err)
 
 		// Immediately disable the address.

internal/bridge/user_test.go

@@ -658,7 +658,7 @@ func TestBridge_UserInfo_Alias(t *testing.T) {
 			require.NoError(t, err)
 
 			// Give the new user an alias.
-			require.NoError(t, getErr(s.CreateAddress(userID, "alias@pm.me", []byte("password"))))
+			require.NoError(t, getErr(s.CreateAddress(userID, "alias@pm.me", []byte("password"), true)))
 
 			// Login the user.
 			require.NoError(t, getErr(bridge.LoginFull(ctx, "primary", []byte("password"), nil, nil)))
@@ -706,7 +706,7 @@ func TestBridge_User_GetAddresses(t *testing.T) {
 		// Create a user.
 		userID, _, err := s.CreateUser("user", password)
 		require.NoError(t, err)
-		addrID2, err := s.CreateAddress(userID, "user@external.com", []byte("password"))
+		addrID2, err := s.CreateAddress(userID, "user@external.com", password, false)
 		require.NoError(t, err)
 		require.NoError(t, s.ChangeAddressType(userID, addrID2, proton.AddressTypeExternal))
 
@@ -720,6 +720,29 @@ func TestBridge_User_GetAddresses(t *testing.T) {
 	})
 }
 
+func TestBridge_User_GetAddresses_BYOE(t *testing.T) {
+	withEnv(t, func(ctx context.Context, s *server.Server, netCtl *proton.NetCtl, locator bridge.Locator, storeKey []byte) {
+		// Create a user.
+		userID, _, err := s.CreateUser("user", password)
+		require.NoError(t, err)
+		// Add a non-sending external address.
+		_, err = s.CreateExternalAddress(userID, "user@external.com", password, false)
+		require.NoError(t, err)
+		// Add a BYOE address.
+		_, err = s.CreateExternalAddress(userID, "user2@external.com", password, true)
+		require.NoError(t, err)
+
+		withBridge(ctx, t, s.GetHostURL(), netCtl, locator, storeKey, func(bridge *bridge.Bridge, _ *bridge.Mocks) {
+			userLoginAndSync(ctx, t, bridge, "user", password)
+			info, err := bridge.GetUserInfo(userID)
+			require.NoError(t, err)
+			require.Equal(t, 2, len(info.Addresses))
+			require.Equal(t, info.Addresses[0], "user@proton.local")
+			require.Equal(t, info.Addresses[1], "user2@external.com")
+		})
+	})
+}
+
 // getErr returns the error that was passed to it.
 func getErr[T any](_ T, err error) error {
 	return err

internal/dialer/dialer_pinning_test.go

@@ -91,13 +91,12 @@ func TestTLSSignedCertWrongPublicKey(t *testing.T) {
 	r.Error(t, err, "expected dial to fail because of wrong public key")
 }
 
-// GODT-2293 bump badssl cert and re enable this.
+func TestTLSSignedCertTrustedPublicKey(t *testing.T) {
-func _TestTLSSignedCertTrustedPublicKey(t *testing.T) { //nolint:unused,deadcode
 	skipIfProxyIsSet(t)
 
 	_, dialer, _, checker, _ := createClientWithPinningDialer("")
 	copyTrustedPins(checker)
-	checker.trustedPins = append(checker.trustedPins, `pin-sha256="LwnIKjNLV3z243ap8y0yXNPghsqE76J08Eq3COvUt2E="`)
+	checker.trustedPins = append(checker.trustedPins, `pin-sha256="hgraU1+uoS6kjiJaH5G+BiqQoyiIml1Nat+2FiUAcII="`)
 	_, err := dialer.DialTLSContext(context.Background(), "tcp", "rsa4096.badssl.com:443")
 	r.NoError(t, err, "expected dial to succeed because public key is known and cert is signed by CA")
 }

internal/events/update.go

@@ -24,14 +24,35 @@ import (
 )
 
 // UpdateLatest is published when the latest version of bridge is known.
+// It is only used for updating the release notes and landing page URLs.
 type UpdateLatest struct {
 	eventBase
 
-	Version updater.VersionInfo
+	// VersionLegacy - holds Update version information; corresponding to the old update structure and logic;
+	VersionLegacy updater.VersionInfoLegacy
+
+	// Release - holds Release version data; part of the new update logic as of BRIDGE-309.
+	Release updater.Release
+}
+
+func (event UpdateLatest) GetLatestVersion() string {
+	var latestVersion string
+	if !event.VersionLegacy.IsEmpty() {
+		latestVersion = event.VersionLegacy.Version.String()
+	} else if !event.Release.IsEmpty() {
+		latestVersion = event.Release.Version.String()
+	}
+	return latestVersion
 }
 
 func (event UpdateLatest) String() string {
-	return fmt.Sprintf("UpdateLatest: Version: %s", event.Version.Version)
+	if !event.VersionLegacy.IsEmpty() {
+		return fmt.Sprintf("UpdateLatest: Version: %s", event.VersionLegacy.Version)
+	}
+	if !event.Release.IsEmpty() {
+		return fmt.Sprintf("UpdateLatest: Version: %s", event.Release.Version)
+	}
+	return ""
 }
 
 // UpdateAvailable is published when an update is available.
@@ -40,7 +61,11 @@ func (event UpdateLatest) String() string {
 type UpdateAvailable struct {
 	eventBase
 
-	Version updater.VersionInfo
+	// VersionLegacy - holds Update version information; corresponding to the old update structure and logic;
+	VersionLegacy updater.VersionInfoLegacy
+
+	// Release - holds Release version data; part of the new update logic as of BRIDGE-309.
+	Release updater.Release
 
 	// Compatible is true if the update can be installed automatically.
 	Compatible bool
@@ -49,8 +74,23 @@ type UpdateAvailable struct {
 	Silent bool
 }
 
+func (event UpdateAvailable) GetLatestVersion() string {
+	var latestVersion string
+	if !event.VersionLegacy.IsEmpty() {
+		latestVersion = event.VersionLegacy.Version.String()
+	} else if !event.Release.IsEmpty() {
+		latestVersion = event.Release.Version.String()
+	}
+	return latestVersion
+}
+
 func (event UpdateAvailable) String() string {
-	return fmt.Sprintf("UpdateAvailable: Version %s, Compatible: %t, Silent: %t", event.Version.Version, event.Compatible, event.Silent)
+	if !event.Release.IsEmpty() {
+		return fmt.Sprintf("UpdateAvailable: Version %s, Compatible: %t, Silent: %t", event.Release.Version, event.Compatible, event.Silent)
+	} else if !event.VersionLegacy.IsEmpty() {
+		return fmt.Sprintf("UpdateAvailable: Version %s, Compatible: %t, Silent: %t", event.VersionLegacy.Version, event.Compatible, event.Silent)
+	}
+	return ""
 }
 
 // UpdateNotAvailable is published when no update is available.
@@ -62,45 +102,70 @@ func (event UpdateNotAvailable) String() string {
 	return "UpdateNotAvailable"
 }
 
-// UpdateInstalling is published when bridge begins installing an update.
-type UpdateInstalling struct {
-	eventBase
-
-	Version updater.VersionInfo
-
-	Silent bool
-}
-
-func (event UpdateInstalling) String() string {
-	return fmt.Sprintf("UpdateInstalling: Version %s, Silent: %t", event.Version.Version, event.Silent)
-}
-
 // UpdateInstalled is published when an update has been installed.
 type UpdateInstalled struct {
 	eventBase
 
-	Version updater.VersionInfo
+	// VersionLegacy - holds Update version information; corresponding to the old update structure and logic;
+	VersionLegacy updater.VersionInfoLegacy
+
+	// Release - holds Release version data; part of the new update logic as of BRIDGE-309.
+	Release updater.Release
 
 	Silent bool
 }
 
+func (event UpdateInstalled) GetLatestVersion() string {
+	var latestVersion string
+	if !event.VersionLegacy.IsEmpty() {
+		latestVersion = event.VersionLegacy.Version.String()
+	} else if !event.Release.IsEmpty() {
+		latestVersion = event.Release.Version.String()
+	}
+	return latestVersion
+}
+
 func (event UpdateInstalled) String() string {
-	return fmt.Sprintf("UpdateInstalled: Version %s, Silent: %t", event.Version.Version, event.Silent)
+	if !event.Release.IsEmpty() {
+		return fmt.Sprintf("UpdateInstalled: Version %s, Silent: %t", event.Release.Version, event.Silent)
+	} else if !event.VersionLegacy.IsEmpty() {
+		return fmt.Sprintf("UpdateInstalled: Version %s, Silent: %t", event.VersionLegacy.Version, event.Silent)
+	}
+	return ""
 }
 
 // UpdateFailed is published when an update fails to be installed.
 type UpdateFailed struct {
 	eventBase
 
-	Version updater.VersionInfo
+	// VersionLegacy - holds Update version information; corresponding to the old update structure and logic;
+	VersionLegacy updater.VersionInfoLegacy
+
+	// Release - holds Release version data; part of the new update logic as of BRIDGE-309.
+	Release updater.Release
 
 	Silent bool
 
 	Error error
 }
 
+func (event UpdateFailed) GetLatestVersion() string {
+	var latestVersion string
+	if !event.VersionLegacy.IsEmpty() {
+		latestVersion = event.VersionLegacy.Version.String()
+	} else if !event.Release.IsEmpty() {
+		latestVersion = event.Release.Version.String()
+	}
+	return latestVersion
+}
+
 func (event UpdateFailed) String() string {
-	return fmt.Sprintf("UpdateFailed: Version %s, Silent: %t, Error: %s", event.Version.Version, event.Silent, event.Error)
+	if !event.Release.IsEmpty() {
+		return fmt.Sprintf("UpdateFailed: Version %s, Silent: %t, Error: %s", event.Release.Version, event.Silent, event.Error)
+	} else if !event.VersionLegacy.IsEmpty() {
+		return fmt.Sprintf("UpdateFailed: Version %s, Silent: %t, Error: %s", event.VersionLegacy.Version, event.Silent, event.Error)
+	}
+	return ""
 }
 
 // UpdateForced is published when the bridge version is too old and must be updated.

internal/frontend/bridge-gui/bridge-gui/BridgeApp.cpp

@@ -29,7 +29,7 @@ using namespace bridgepp;
 //****************************************************************************************************************************************************
 BridgeApp::BridgeApp(int &argc, char **argv)
     : QApplication(argc, argv) {
-
+        setAttribute(Qt::AA_DontShowIconsInMenus, false);
 }
 
 

internal/frontend/bridge-gui/bridge-gui/DeployDarwin.cmake

@@ -24,15 +24,33 @@ cmake_minimum_required(VERSION 3.22)
 install(SCRIPT ${deploy_script})
 
 # QML
-install(DIRECTORY "${QT_DIR}/qml/Qt"
+install(DIRECTORY "${QT_DIR}/qml/Qt/labs/platform"
-        DESTINATION "${CMAKE_INSTALL_PREFIX}/bridge-gui.app/Contents/MacOS")
+        DESTINATION "${CMAKE_INSTALL_PREFIX}/bridge-gui.app/Contents/MacOS/Qt/labs")
 install(DIRECTORY "${QT_DIR}/qml/QtQml"
         DESTINATION "${CMAKE_INSTALL_PREFIX}/bridge-gui.app/Contents/MacOS")
 install(DIRECTORY "${QT_DIR}/qml/QtQuick"
-        DESTINATION "${CMAKE_INSTALL_PREFIX}/bridge-gui.app/Contents/MacOS")
+        DESTINATION "${CMAKE_INSTALL_PREFIX}/bridge-gui.app/Contents/MacOS"
+        PATTERN "VirtualKeyboard" EXCLUDE
+        PATTERN "Effects" EXCLUDE
+        PATTERN "LocalStorage" EXCLUDE
+        PATTERN "NativeStyle" EXCLUDE
+        PATTERN "Particles" EXCLUDE
+        PATTERN "Scene2D" EXCLUDE
+        PATTERN "Scene3D" EXCLUDE
+        PATTERN "Shapes" EXCLUDE
+        PATTERN "Timeline" EXCLUDE
+        PATTERN "VectorImage" EXCLUDE
+
+        PATTERN "Controls/FluentWinUI3" EXCLUDE
+        PATTERN "Controls/designer" EXCLUDE
+        PATTERN "Controls/Fusion" EXCLUDE
+        PATTERN "Controls/Imagine" EXCLUDE
+        PATTERN "Controls/Material" EXCLUDE
+        PATTERN "Controls/Universal" EXCLUDE
+        PATTERN "Controls/iOS" EXCLUDE
+        PATTERN "Controls/macOS" EXCLUDE)
+
 # FRAMEWORKS
-install(DIRECTORY "${QT_DIR}/lib/QtQmlWorkerScript.framework"
-        DESTINATION "${CMAKE_INSTALL_PREFIX}/bridge-gui.app/Contents/Frameworks")
 install(DIRECTORY "${QT_DIR}/lib/QtQuickControls2Impl.framework"
         DESTINATION "${CMAKE_INSTALL_PREFIX}/bridge-gui.app/Contents/Frameworks")
 install(DIRECTORY "${QT_DIR}/lib/QtQuickLayouts.framework"
@@ -43,6 +61,14 @@ install(DIRECTORY "${QT_DIR}/lib/QtQuickDialogs2QuickImpl.framework"
         DESTINATION "${CMAKE_INSTALL_PREFIX}/bridge-gui.app/Contents/Frameworks")
 install(DIRECTORY "${QT_DIR}/lib/QtQuickDialogs2Utils.framework"
         DESTINATION "${CMAKE_INSTALL_PREFIX}/bridge-gui.app/Contents/Frameworks")
+# ADDITIONAL FRAMEWORKS FOR Qt 6.8
+install(DIRECTORY "${QT_DIR}/lib/QtQuickControls2Basic.framework"
+        DESTINATION "${CMAKE_INSTALL_PREFIX}/bridge-gui.app/Contents/Frameworks")
+install(DIRECTORY "${QT_DIR}/lib/QtLabsPlatform.framework"
+        DESTINATION "${CMAKE_INSTALL_PREFIX}/bridge-gui.app/Contents/Frameworks")
+install(DIRECTORY "${QT_DIR}/lib/QtQuickControls2BasicStyleImpl.framework"
+        DESTINATION "${CMAKE_INSTALL_PREFIX}/bridge-gui.app/Contents/Frameworks")
+
 # PLUGINS
 install(FILES "${QT_DIR}/plugins/imageformats/libqsvg.dylib"
         DESTINATION "${CMAKE_INSTALL_PREFIX}/bridge-gui.app/Contents/PlugIns/imageformats")

internal/frontend/bridge-gui/bridge-gui/DeployLinux.cmake

@@ -54,9 +54,9 @@ AppendQt6Lib("libQt6Gui.so.6")
 AppendQt6Lib("libQt6Core.so.6")
 AppendQt6Lib("libQt6QuickTemplates2.so.6")
 AppendQt6Lib("libQt6DBus.so.6")
-AppendQt6Lib("libicui18n.so.56")
+AppendQt6Lib("libicui18n.so.73")
-AppendQt6Lib("libicuuc.so.56")
+AppendQt6Lib("libicuuc.so.73")
-AppendQt6Lib("libicudata.so.56")
+AppendQt6Lib("libicudata.so.73")
 AppendQt6Lib("libQt6XcbQpa.so.6")
 AppendQt6Lib("libQt6WaylandClient.so.6")
 AppendQt6Lib("libQt6WlShellIntegration.so.6")
@@ -68,6 +68,10 @@ AppendQt6Lib("libQt6PrintSupport.so.6")
 AppendQt6Lib("libQt6Xml.so.6")
 AppendQt6Lib("libQt6OpenGLWidgets.so.6")
 AppendQt6Lib("libQt6QuickWidgets.so.6")
+AppendQt6Lib("libQt6QmlMeta.so.6")
+AppendQt6Lib("libQt6LabsPlatform.so.6")
+AppendQt6Lib("libQt6QuickControls2Basic.so.6")
+AppendQt6Lib("libQt6QuickControls2BasicStyleImpl.so.6")
 
 # QML dependencies
 AppendQt6Lib("libQt6QmlWorkerScript.so.6")

internal/frontend/bridge-gui/bridge-gui/DeployWindows.cmake

@@ -57,20 +57,36 @@ AppendVCPKGLib("re2.dll")
 AppendVCPKGLib("sentry.dll")
 AppendVCPKGLib("zlib1.dll")
 # QML DLLs
-AppendQt6Lib("Qt6QmlWorkerScript.dll")
 AppendQt6Lib("Qt6Widgets.dll")
 AppendQt6Lib("Qt6QuickControls2Impl.dll")
 AppendQt6Lib("Qt6QuickLayouts.dll")
 AppendQt6Lib("Qt6QuickDialogs2.dll")
 AppendQt6Lib("Qt6QuickDialogs2QuickImpl.dll")
 AppendQt6Lib("Qt6QuickDialogs2Utils.dll")
+AppendQt6Lib("Qt6LabsPlatform.dll")
+AppendQt6Lib("Qt6QuickControls2.dll")
+AppendQt6Lib("Qt6QuickControls2Basic.dll")
 
 install(FILES ${DEPLOY_LIBS} DESTINATION "${CMAKE_INSTALL_PREFIX}")
 
 # QML PlugIns
 install(DIRECTORY ${QT_DIR}/qml/Qt/labs/platform DESTINATION "${CMAKE_INSTALL_PREFIX}/Qt/labs/")
 install(DIRECTORY ${QT_DIR}/qml/QtQml DESTINATION "${CMAKE_INSTALL_PREFIX}")
-install(DIRECTORY ${QT_DIR}/qml/QtQuick DESTINATION "${CMAKE_INSTALL_PREFIX}")
+install(DIRECTORY ${QT_DIR}/qml/QtQuick DESTINATION "${CMAKE_INSTALL_PREFIX}"
+        PATTERN "Effects" EXCLUDE
+        PATTERN "LocalStorage" EXCLUDE
+        PATTERN "NativeStyle" EXCLUDE
+        PATTERN "Particles" EXCLUDE
+        PATTERN "Shapes" EXCLUDE
+        PATTERN "VectorImage" EXCLUDE
+
+        PATTERN "Controls/designer" EXCLUDE
+        PATTERN "Controls/FluentWinUI3" EXCLUDE
+        PATTERN "Controls/Fusion" EXCLUDE
+        PATTERN "Controls/Imagine" EXCLUDE
+        PATTERN "Controls/Material" EXCLUDE
+        PATTERN "Controls/Universal" EXCLUDE
+        PATTERN "Controls/Windows" EXCLUDE)
 
 # crash handler utils
 install(PROGRAMS "${VCPKG_INSTALLED_DIR}/${VCPKG_TARGET_TRIPLET}/tools/sentry-native/crashpad_handler.exe" DESTINATION "${CMAKE_INSTALL_PREFIX}")

internal/frontend/bridge-gui/bridge-gui/qml/ConfigurationItem.qml

@@ -58,9 +58,9 @@ Item {
             }
             ColorImage {
                 color: root.colorScheme.text_norm
-                height: root.colorScheme.body_font_size
+                height: ProtonStyle.body_font_size
                 source: "/qml/icons/ic-copy.svg"
-                sourceSize.height: root.colorScheme.body_font_size
+                sourceSize.height: ProtonStyle.body_font_size
 
                 MouseArea {
                     anchors.fill: parent

internal/frontend/bridge-gui/bridge-gui/qml/GeneralSettings.qml

@@ -86,9 +86,9 @@ SettingsView {
         ColorImage {
             Layout.alignment: Qt.AlignCenter
             color: root.colorScheme.interaction_norm
-            height: root.colorScheme.body_font_size
+            height: ProtonStyle.body_font_size
             source: root._isAdvancedShown ? "/qml/icons/ic-chevron-down.svg" : "/qml/icons/ic-chevron-right.svg"
-            sourceSize.height: root.colorScheme.body_font_size
+            sourceSize.height: ProtonStyle.body_font_size
 
             MouseArea {
                 anchors.fill: parent

internal/frontend/bridge-gui/bridge-gui/qml/Proton/Toggle.qml

@@ -72,9 +72,9 @@ Item {
             ColorImage {
                 anchors.centerIn: parent
                 color: root.colorScheme.background_norm
-                height: root.colorScheme.body_font_size
+                height: ProtonStyle.body_font_size
                 source: "/qml/icons/ic-check.svg"
-                sourceSize.height: root.colorScheme.body_font_size
+                sourceSize.height: ProtonStyle.body_font_size
                 visible: root.checked
             }
         }
@@ -82,9 +82,9 @@ Item {
             id: loader
             anchors.centerIn: parent
             color: root.colorScheme.text_norm
-            height: root.colorScheme.body_font_size
+            height: ProtonStyle.body_font_size
             source: "/qml/icons/Loader_16.svg"
-            sourceSize.height: root.colorScheme.body_font_size
+            sourceSize.height: ProtonStyle.body_font_size
             visible: root.loading
 
             RotationAnimation {

internal/frontend/bridge-gui/bridge-gui/qml/SetupWizard/Login.qml

@@ -271,7 +271,10 @@ FocusScope {
                         usernameTextField.enabled = false;
                         passwordTextField.enabled = false;
                         loading = true;
-                        Backend.login(usernameTextField.text, Qt.btoa(passwordTextField.text));
+
+                        let usernameTextFiltered = usernameTextField.text.replace(/[\n\r]+$/, "");
+                        let passwordTextFiltered = passwordTextField.text.replace(/[\n\r]+$/, "");
+                        Backend.login(usernameTextFiltered, Qt.btoa(passwordTextFiltered));
                     }
 
                     Layout.fillWidth: true

internal/frontend/cli/frontend.go

@@ -482,16 +482,16 @@ func (f *frontendCLI) watchEvents(eventCh <-chan events.Event) { // nolint:gocyc
 
 		case events.UpdateAvailable:
 			if !event.Compatible {
-				f.Printf("A new version (%v) is available but it cannot be installed automatically.\n", event.Version.Version)
+				f.Printf("A new version (%v) is available but it cannot be installed automatically.\n", event.GetLatestVersion())
 			} else if !event.Silent {
-				f.Printf("A new version (%v) is available.\n", event.Version.Version)
+				f.Printf("A new version (%v) is available.\n", event.GetLatestVersion())
 			}
 
 		case events.UpdateInstalled:
-			f.Printf("A new version (%v) was installed.\n", event.Version.Version)
+			f.Printf("A new version (%v) was installed.\n", event.GetLatestVersion())
 
 		case events.UpdateFailed:
-			f.Printf("A new version (%v) failed to be installed (%v).\n", event.Version.Version, event.Error)
+			f.Printf("A new version (%v) failed to be installed (%v).\n", event.GetLatestVersion(), event.Error)
 
 		case events.UpdateForced:
 			f.notifyNeedUpgrade()

internal/frontend/grpc/service.go

@@ -78,10 +78,12 @@ type Service struct { // nolint:structcheck
 	eventCh      <-chan events.Event
 	quitCh       <-chan struct{}
 
-	latest     updater.VersionInfo
+	latestLegacy updater.VersionInfoLegacy
+	latest       updater.Release
 	latestLock   safe.RWMutex
 
-	target     updater.VersionInfo
+	targetLegacy updater.VersionInfoLegacy
+	target       updater.Release
 	targetLock   safe.RWMutex
 
 	authClient              *proton.Client
@@ -168,10 +170,12 @@ func NewService(
 		eventCh:      eventCh,
 		quitCh:       quitCh,
 
-		latest:     updater.VersionInfo{},
+		latestLegacy: updater.VersionInfoLegacy{},
+		latest:       updater.Release{},
 		latestLock:   safe.NewRWMutex(),
 
-		target:     updater.VersionInfo{},
+		targetLegacy: updater.VersionInfoLegacy{},
+		target:       updater.Release{},
 		targetLock:   safe.NewRWMutex(),
 
 		log:                logrus.WithField("pkg", "grpc"),
@@ -354,10 +358,11 @@ func (s *Service) watchEvents() {
 
 		case events.UpdateLatest:
 			safe.RLock(func() {
-				s.latest = event.Version
+				s.latestLegacy = event.VersionLegacy
+				s.latest = event.Release
 			}, s.latestLock)
 
-			_ = s.SendEvent(NewUpdateVersionChangedEvent())
+			_ = s.SendEvent(NewUpdateVersionChangedEvent()) // This updates the release notes page and landing page.
 
 		case events.UpdateAvailable:
 			switch {
@@ -366,10 +371,11 @@ func (s *Service) watchEvents() {
 
 			case !event.Silent:
 				safe.RLock(func() {
-					s.target = event.Version
+					s.targetLegacy = event.VersionLegacy
+					s.target = event.Release
 				}, s.targetLock)
 
-				_ = s.SendEvent(NewUpdateManualReadyEvent(event.Version.Version.String()))
+				_ = s.SendEvent(NewUpdateManualReadyEvent(event.GetLatestVersion()))
 			}
 
 		case events.UpdateInstalled:
@@ -391,8 +397,10 @@ func (s *Service) watchEvents() {
 
 			if s.latest.Version != nil {
 				latest = s.latest.Version.String()
-			} else if version, ok := s.checkLatestVersion(); ok {
+			} else if s.latestLegacy.Version != nil {
-				latest = version.Version.String()
+				latest = s.latestLegacy.Version.String()
+			} else if latestVersion, ok := s.checkLatestVersion(); ok {
+				latest = latestVersion
 			} else {
 				latest = "unknown"
 			}
@@ -517,7 +525,7 @@ func (s *Service) triggerReset() {
 	s.bridge.FactoryReset(context.Background())
 }
 
-func (s *Service) checkLatestVersion() (updater.VersionInfo, bool) {
+func (s *Service) checkLatestVersion() (string, bool) {
 	updateCh, done := s.bridge.GetEvents(events.UpdateLatest{})
 	defer done()
 
@@ -526,14 +534,13 @@ func (s *Service) checkLatestVersion() (updater.VersionInfo, bool) {
 	select {
 	case event := <-updateCh:
 		if latest, ok := event.(events.UpdateLatest); ok {
-			return latest.Version, true
+			return latest.GetLatestVersion(), true
 		}
-
 	case <-time.After(5 * time.Second):
 		// ...
 	}
 
-	return updater.VersionInfo{}, false
+	return "", false
 }
 
 func newTLSConfig() (*tls.Config, []byte, error) {

internal/frontend/grpc/service_methods.go

@@ -298,7 +298,14 @@ func (s *Service) ReleaseNotesPageLink(_ context.Context, _ *emptypb.Empty) (*wr
 		s.latestLock.RUnlock()
 	}()
 
-	return wrapperspb.String(s.latest.ReleaseNotesPage), nil
+	var releaseNotesPage string
+	if !s.latestLegacy.IsEmpty() {
+		releaseNotesPage = s.latestLegacy.ReleaseNotesPage
+	} else if !s.latest.IsEmpty() {
+		releaseNotesPage = s.latest.ReleaseNotesPage
+	}
+
+	return wrapperspb.String(releaseNotesPage), nil
 }
 
 func (s *Service) LandingPageLink(_ context.Context, _ *emptypb.Empty) (*wrapperspb.StringValue, error) {
@@ -308,7 +315,14 @@ func (s *Service) LandingPageLink(_ context.Context, _ *emptypb.Empty) (*wrapper
 		s.latestLock.RUnlock()
 	}()
 
-	return wrapperspb.String(s.latest.LandingPage), nil
+	var landingPage string
+	if !s.latestLegacy.IsEmpty() {
+		landingPage = s.latestLegacy.LandingPage
+	} else if !s.latest.IsEmpty() {
+		landingPage = s.latest.LandingPage
+	}
+
+	return wrapperspb.String(landingPage), nil
 }
 
 func (s *Service) SetColorSchemeName(_ context.Context, name *wrapperspb.StringValue) (*emptypb.Empty, error) {
@@ -617,7 +631,11 @@ func (s *Service) InstallUpdate(_ context.Context, _ *emptypb.Empty) (*emptypb.E
 		defer async.HandlePanic(s.panicHandler)
 
 		safe.RLock(func() {
+			if !s.targetLegacy.IsEmpty() {
+				s.bridge.InstallUpdateLegacy(s.targetLegacy)
+			} else if !s.target.IsEmpty() {
 				s.bridge.InstallUpdate(s.target)
+			}
 		}, s.targetLock)
 	}()
 

internal/logging/pruning.go

@@ -212,7 +212,7 @@ func buildSessionInfoList(dir string) (map[SessionID]*sessionInfo, error) {
 		}
 		rx := regexp.MustCompile(`^(\d{8}_\d{9})_.*\.log$`)
 		match := rx.FindStringSubmatch(entry.Name())
-		if match == nil || len(match) < 2 {
+		if len(match) < 2 {
 			continue
 		}
 

internal/services/imapservice/connector.go

@@ -257,7 +257,7 @@ func (s *Connector) DeleteMailbox(ctx context.Context, _ connector.IMAPStateWrit
 	wLabels := s.labels.Write()
 	defer wLabels.Close()
 
-	wLabels.Delete(string(mboxID))
+	wLabels.Delete(string(mboxID), "connectorDeleteMailbox")
 
 	return nil
 }
@@ -555,7 +555,7 @@ func (s *Connector) createLabel(ctx context.Context, name []string) (imap.Mailbo
 	wLabels := s.labels.Write()
 	defer wLabels.Close()
 
-	wLabels.SetLabel(label.ID, label)
+	wLabels.SetLabel(label.ID, label, "connectorCreateLabel")
 
 	return toIMAPMailbox(label, s.flags, s.permFlags, s.attrs), nil
 }
@@ -593,7 +593,7 @@ func (s *Connector) createFolder(ctx context.Context, name []string) (imap.Mailb
 	}
 
 	// Add label to list so subsequent sub folder create requests work correct.
-	wLabels.SetLabel(label.ID, label)
+	wLabels.SetLabel(label.ID, label, "connectorCreateFolder")
 
 	return toIMAPMailbox(label, s.flags, s.permFlags, s.attrs), nil
 }
@@ -619,7 +619,7 @@ func (s *Connector) updateLabel(ctx context.Context, labelID imap.MailboxID, nam
 	wLabels := s.labels.Write()
 	defer wLabels.Close()
 
-	wLabels.SetLabel(label.ID, update)
+	wLabels.SetLabel(label.ID, update, "connectorUpdateLabel")
 
 	return nil
 }
@@ -660,7 +660,7 @@ func (s *Connector) updateFolder(ctx context.Context, labelID imap.MailboxID, na
 		return err
 	}
 
-	wLabels.SetLabel(label.ID, update)
+	wLabels.SetLabel(label.ID, update, "connectorUpdateFolder")
 
 	return nil
 }
@@ -680,7 +680,7 @@ func (s *Connector) importMessage(
 	}
 
 	isDraft := slices.Contains(labelIDs, proton.DraftsLabel)
-	addr, err := s.getImportAddress(p, isDraft)
+	addr, err := getImportAddress(p, isDraft, s.addrID, s)
 	if err != nil {
 		return imap.Message{}, nil, err
 	}
@@ -871,45 +871,6 @@ func equalAddresses(a, b string) bool {
 	return strings.EqualFold(stripPlusAlias(a), stripPlusAlias(b))
 }
 
-func (s *Connector) getImportAddress(p *parser.Parser, isDraft bool) (proton.Address, error) {
-	// addr is primary for combined mode or active for split mode
-	address, ok := s.identityState.GetAddress(s.addrID)
-	if !ok {
-		return proton.Address{}, errors.New("could not find account address")
-	}
-
-	inCombinedMode := s.addressMode == usertypes.AddressModeCombined
-	if !inCombinedMode {
-		return address, nil
-	}
-
-	senderAddr, err := s.getSenderProtonAddress(p)
-	if err != nil {
-		if !errors.Is(err, errNoSenderAddressMatch) {
-			s.log.WithError(err).Warn("Could not get import address")
-		}
-
-		// We did not find a match, so we use the default address.
-		return address, nil
-	}
-
-	if senderAddr.ID == address.ID {
-		return address, nil
-	}
-
-	// GODT-3185 / BRIDGE-120 In combined mode, in certain cases we adapt the address used for encryption.
-	// - draft with non-default address in combined mode: using sender address
-	// - import with non-default address in combined mode: using sender address
-	// - import with non-default disabled address in combined mode: using sender address
-
-	isSenderAddressDisabled := (!bool(senderAddr.Send)) || (senderAddr.Status != proton.AddressStatusEnabled)
-	if isDraft && isSenderAddressDisabled {
-		return address, nil
-	}
-
-	return senderAddr, nil
-}
-
 func (s *Connector) getSenderProtonAddress(p *parser.Parser) (proton.Address, error) {
 	// Step 1: extract sender email address from message
 	if (p == nil) || (p.Root() == nil) || (p.Root().Header.Len() == 0) {

internal/services/imapservice/connector_test.go

@@ -43,7 +43,7 @@ func TestFixGODT3003Labels(t *testing.T) {
 		Path:     []string{"bar", "Foo"},
 		Color:    "",
 		Type:     proton.LabelTypeFolder,
-	})
+	}, "")
 
 	wr.SetLabel("0", proton.Label{
 		ID:       "0",
@@ -52,7 +52,7 @@ func TestFixGODT3003Labels(t *testing.T) {
 		Path:     []string{"Inbox"},
 		Color:    "",
 		Type:     proton.LabelTypeSystem,
-	})
+	}, "")
 
 	wr.SetLabel("bar", proton.Label{
 		ID:       "bar",
@@ -61,7 +61,7 @@ func TestFixGODT3003Labels(t *testing.T) {
 		Path:     []string{"bar"},
 		Color:    "",
 		Type:     proton.LabelTypeFolder,
-	})
+	}, "")
 
 	wr.SetLabel("my_label", proton.Label{
 		ID:       "my_label",
@@ -70,7 +70,7 @@ func TestFixGODT3003Labels(t *testing.T) {
 		Path:     []string{"MyLabel"},
 		Color:    "",
 		Type:     proton.LabelTypeLabel,
-	})
+	}, "")
 
 	wr.SetLabel("my_label2", proton.Label{
 		ID:       "my_label2",
@@ -79,7 +79,7 @@ func TestFixGODT3003Labels(t *testing.T) {
 		Path:     []string{labelPrefix, "MyLabel2"},
 		Color:    "",
 		Type:     proton.LabelTypeLabel,
-	})
+	}, "")
 	wr.Close()
 
 	mboxs := []imap.MailboxNoAttrib{
@@ -133,7 +133,7 @@ func TestFixGODT3003Labels_Noop(t *testing.T) {
 		Path:     []string{folderPrefix, "bar", "Foo"},
 		Color:    "",
 		Type:     proton.LabelTypeFolder,
-	})
+	}, "")
 
 	wr.SetLabel("0", proton.Label{
 		ID:       "0",
@@ -142,7 +142,7 @@ func TestFixGODT3003Labels_Noop(t *testing.T) {
 		Path:     []string{"Inbox"},
 		Color:    "",
 		Type:     proton.LabelTypeSystem,
-	})
+	}, "")
 
 	wr.SetLabel("bar", proton.Label{
 		ID:       "bar",
@@ -151,7 +151,7 @@ func TestFixGODT3003Labels_Noop(t *testing.T) {
 		Path:     []string{folderPrefix, "bar"},
 		Color:    "",
 		Type:     proton.LabelTypeFolder,
-	})
+	}, "")
 
 	wr.SetLabel("my_label", proton.Label{
 		ID:       "my_label",
@@ -160,7 +160,7 @@ func TestFixGODT3003Labels_Noop(t *testing.T) {
 		Path:     []string{labelPrefix, "MyLabel"},
 		Color:    "",
 		Type:     proton.LabelTypeLabel,
-	})
+	}, "")
 
 	wr.SetLabel("my_label2", proton.Label{
 		ID:       "my_label2",
@@ -169,7 +169,7 @@ func TestFixGODT3003Labels_Noop(t *testing.T) {
 		Path:     []string{labelPrefix, "MyLabel2"},
 		Color:    "",
 		Type:     proton.LabelTypeLabel,
-	})
+	}, "")
 	wr.Close()
 
 	mboxs := []imap.MailboxNoAttrib{

internal/services/imapservice/server_manager.go

@@ -34,6 +34,8 @@ type IMAPServerManager interface {
 	) error
 
 	RemoveIMAPUser(ctx context.Context, deleteData bool, provider GluonIDProvider, addrID ...string) error
+
+	LogRemoteLabelIDs(ctx context.Context, provider GluonIDProvider, addrID ...string) error
 }
 
 type NullIMAPServerManager struct{}
@@ -57,6 +59,14 @@ func (n NullIMAPServerManager) RemoveIMAPUser(
 	return nil
 }
 
+func (n NullIMAPServerManager) LogRemoteLabelIDs(
+	_ context.Context,
+	_ GluonIDProvider,
+	_ ...string,
+) error {
+	return nil
+}
+
 func NewNullIMAPServerManager() *NullIMAPServerManager {
 	return &NullIMAPServerManager{}
 }

internal/services/imapservice/service.go

@@ -355,6 +355,12 @@ func (s *Service) run(ctx context.Context) { //nolint gocyclo
 
 			case *onBadEventReq:
 				s.log.Debug("Bad Event Request")
+				// // Log remote label IDs stored in the local labelMap.
+				s.labels.LogLabels()
+				// Log the remote label IDs store in Gluon.
+				if err := s.logRemoteMailboxIDsFromServer(ctx, s.connectors); err != nil {
+					s.log.Warnf("Could not obtain remote mailbox IDs from server: %v", err)
+				}
 				err := s.removeConnectorsFromServer(ctx, s.connectors, false)
 				req.Reply(ctx, nil, err)
 
@@ -572,6 +578,16 @@ func (s *Service) addConnectorsToServer(ctx context.Context, connectors map[stri
 	return nil
 }
 
+func (s *Service) logRemoteMailboxIDsFromServer(ctx context.Context, connectors map[string]*Connector) error {
+	addrIDs := make([]string, 0, len(connectors))
+
+	for _, c := range connectors {
+		addrIDs = append(addrIDs, c.addrID)
+	}
+
+	return s.serverManager.LogRemoteLabelIDs(ctx, s.gluonIDProvider, addrIDs...)
+}
+
 func (s *Service) removeConnectorsFromServer(ctx context.Context, connectors map[string]*Connector, deleteData bool) error {
 	addrIDs := make([]string, 0, len(connectors))
 

internal/services/imapservice/service_label_events.go

@@ -85,7 +85,7 @@ func onLabelCreated(ctx context.Context, s *Service, event proton.LabelEvent) []
 	wr := s.labels.Write()
 	defer wr.Close()
 
-	wr.SetLabel(event.Label.ID, event.Label)
+	wr.SetLabel(event.Label.ID, event.Label, "onLabelCreated")
 
 	for _, updateCh := range maps.Values(s.connectors) {
 		update := newMailboxCreatedUpdate(imap.MailboxID(event.ID), GetMailboxName(event.Label))
@@ -121,7 +121,7 @@ func onLabelUpdated(ctx context.Context, s *Service, event proton.LabelEvent) ([
 
 		// Only update the label if it exists; we don't want to create it as a client may have just deleted it.
 		if _, ok := wr.GetLabel(label.ID); ok {
-			wr.SetLabel(label.ID, event.Label)
+			wr.SetLabel(label.ID, event.Label, "onLabelUpdatedLabelEventID")
 		}
 
 		// API doesn't notify us that the path has changed. We need to fetch it again.
@@ -134,7 +134,7 @@ func onLabelUpdated(ctx context.Context, s *Service, event proton.LabelEvent) ([
 		}
 
 		// Update the label in the map.
-		wr.SetLabel(apiLabel.ID, apiLabel)
+		wr.SetLabel(apiLabel.ID, apiLabel, "onLabelUpdatedApiID")
 
 		// Notify the IMAP clients.
 		for _, updateCh := range maps.Values(s.connectors) {
@@ -176,7 +176,7 @@ func onLabelDeleted(ctx context.Context, s *Service, event proton.LabelEvent) []
 	wr := s.labels.Write()
 	wr.Close()
 
-	wr.Delete(event.ID)
+	wr.Delete(event.ID, "onLabelDeleted")
 
 	s.eventPublisher.PublishEvent(ctx, events.UserLabelDeleted{
 		UserID:  s.identityState.UserID(),

internal/services/imapservice/service_message_events.go

@@ -257,7 +257,7 @@ func onMessageUpdateDraftOrSent(ctx context.Context, s *Service, event proton.Me
 			res.update.MailboxIDs,
 			res.update.ParsedMessage,
 			true,       // Is the message doesn't exist, silently create it.
-			false,
+			duringSync, // Ignore unknown labelIDs during sync.
 		)
 
 		didPublish, err := safePublishMessageUpdate(ctx, s, full.AddressID, update, duringSync)

internal/services/imapservice/service_sync_events.go

@@ -113,7 +113,7 @@ func (s syncMessageEventHandler) HandleMessageEvents(ctx context.Context, events
 			if err := waitOnIMAPUpdates(ctx, updates); gluon.IsNoSuchMessage(err) {
 				logrus.WithError(err).Error("Failed to handle update message event in gluon, will try creating it (sync)")
 
-				updates, err := onMessageCreated(ctx, s.service, event.Message, false, true)
+				updates, err := onMessageCreated(ctx, s.service, event.Message, true, true)
 				if err != nil {
 					s.service.observabilitySender.AddDistinctMetrics(
 						observability.SyncError,

internal/services/imapservice/shared_labels.go

@@ -22,6 +22,8 @@ import (
 
 	"github.com/ProtonMail/go-proton-api"
 	"github.com/ProtonMail/proton-bridge/v3/internal/usertypes"
+	"github.com/bradenaw/juniper/xslices"
+	"github.com/sirupsen/logrus"
 	"golang.org/x/exp/maps"
 )
 
@@ -42,8 +44,8 @@ type labelsRead interface {
 
 type labelsWrite interface {
 	labelsRead
-	SetLabel(id string, label proton.Label)
+	SetLabel(id string, label proton.Label, actionSource string)
-	Delete(id string)
+	Delete(id string, actionSource string)
 }
 
 type rwLabels struct {
@@ -51,6 +53,22 @@ type rwLabels struct {
 	labels labelMap
 }
 
+func (r *rwLabels) LogLabels() {
+	r.lock.RLock()
+	defer r.lock.RUnlock()
+
+	remoteLabelIDs := make([]string, len(r.labels))
+	i := 0
+	for labelID := range r.labels {
+		remoteLabelIDs[i] = labelID
+		i++
+	}
+
+	logrus.WithFields(logrus.Fields{
+		"remoteLabelIDs": remoteLabelIDs,
+	}).Debug("Logging remote label IDs stored in labelMap")
+}
+
 func (r *rwLabels) Read() labelsRead {
 	r.lock.RLock()
 	return &rwLabelsRead{rw: r}
@@ -75,6 +93,15 @@ func (r *rwLabels) SetLabels(labels []proton.Label) {
 	r.lock.Lock()
 	defer r.lock.Unlock()
 
+	labelIDs := xslices.Map(labels, func(label proton.Label) string {
+		return label.ID
+	})
+
+	logrus.WithFields(logrus.Fields{
+		"pkg":      "rwLabels",
+		"labelIDs": labelIDs,
+	}).Info("Setting labels")
+
 	r.labels = usertypes.GroupBy(labels, func(label proton.Label) string { return label.ID })
 }
 
@@ -123,10 +150,20 @@ func (r rwLabelsWrite) GetLabels() []proton.Label {
 	return r.rw.getLabelsUnsafe()
 }
 
-func (r rwLabelsWrite) SetLabel(id string, label proton.Label) {
+func (r rwLabelsWrite) SetLabel(id string, label proton.Label, actionSource string) {
+	logAction("SetLabel", actionSource, label.ID)
 	r.rw.labels[id] = label
 }
 
-func (r rwLabelsWrite) Delete(id string) {
+func (r rwLabelsWrite) Delete(id string, actionSource string) {
+	logAction("Delete", actionSource, id)
 	delete(r.rw.labels, id)
 }
+
+func logAction(actionType, actionSource, labelID string) {
+	logrus.WithFields(logrus.Fields{
+		"pkg":          "rwLabelsWrite",
+		"actionSource": actionSource,
+		"labelID":      labelID,
+	}).Debug(actionType)
+}

internal/services/imapservice/sync_update_applier.go

@@ -111,39 +111,6 @@ func (s *SyncUpdateApplier) ApplySyncUpdates(ctx context.Context, updates []sync
 	return nil
 }
 
-func (s *SyncUpdateApplier) SyncSystemLabelsOnly(ctx context.Context, labels map[string]proton.Label) error {
-	request := func(ctx context.Context, _ usertypes.AddressMode, connectors map[string]*Connector) ([]imap.Update, error) {
-		updates := make([]imap.Update, 0, len(labels)*len(connectors))
-		for _, label := range labels {
-			if !WantLabel(label) {
-				continue
-			}
-
-			if label.Type != proton.LabelTypeSystem {
-				continue
-			}
-
-			for _, c := range connectors {
-				update := newSystemMailboxCreatedUpdate(imap.MailboxID(label.ID), label.Name)
-				updates = append(updates, update)
-				c.publishUpdate(ctx, update)
-			}
-		}
-		return updates, nil
-	}
-
-	updates, err := s.sendRequest(ctx, request)
-	if err != nil {
-		return err
-	}
-
-	if err := waitOnIMAPUpdates(ctx, updates); err != nil {
-		return fmt.Errorf("could not sync system labels: %w", err)
-	}
-
-	return nil
-}
-
 func (s *SyncUpdateApplier) SyncLabels(ctx context.Context, labels map[string]proton.Label) error {
 	request := func(ctx context.Context, _ usertypes.AddressMode, connectors map[string]*Connector) ([]imap.Update, error) {
 		return syncLabels(ctx, labels, maps.Values(connectors))

internal/services/imapservice/utils.go

@@ -0,0 +1,100 @@
+// Copyright (c) 2025 Proton AG
+//
+// This file is part of Proton Mail Bridge.
+//
+// Proton Mail Bridge is free software: you can redistribute it and/or modify
+// it under the terms of the GNU General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// Proton Mail Bridge is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License
+// along with Proton Mail Bridge.  If not, see <https://www.gnu.org/licenses/>.
+
+package imapservice
+
+import (
+	"errors"
+
+	"github.com/ProtonMail/go-proton-api"
+	"github.com/ProtonMail/proton-bridge/v3/internal/usertypes"
+	"github.com/ProtonMail/proton-bridge/v3/pkg/message/parser"
+)
+
+type connectorInterface interface {
+	getSenderProtonAddress(p *parser.Parser) (proton.Address, error)
+	getAddress(id string) (proton.Address, bool)
+	getPrimaryAddress() (proton.Address, error)
+	getAddressMode() usertypes.AddressMode
+	logError(err error, errMsg string)
+}
+
+func (s *Connector) logError(err error, errMsg string) {
+	s.log.WithError(err).Warn(errMsg)
+}
+
+func (s *Connector) getAddressMode() usertypes.AddressMode {
+	return s.addressMode
+}
+
+func (s *Connector) getPrimaryAddress() (proton.Address, error) {
+	return s.identityState.GetPrimaryAddress()
+}
+
+func (s *Connector) getAddress(id string) (proton.Address, bool) {
+	return s.identityState.GetAddress(id)
+}
+
+func getImportAddress(p *parser.Parser, isDraft bool, id string, conn connectorInterface) (proton.Address, error) {
+	// addr is primary for combined mode or active for split mode
+	address, ok := conn.getAddress(id)
+	if !ok {
+		return proton.Address{}, errors.New("could not find account address")
+	}
+
+	// If the address is external and not BYOE - with sending enabled, then use the primary address as an import target.
+	if address.Type == proton.AddressTypeExternal && !address.Send {
+		var err error
+		address, err = conn.getPrimaryAddress()
+		if err != nil {
+			return proton.Address{}, errors.New("could not get primary account address")
+		}
+	}
+
+	inCombinedMode := conn.getAddressMode() == usertypes.AddressModeCombined
+	if !inCombinedMode {
+		return address, nil
+	}
+
+	senderAddr, err := conn.getSenderProtonAddress(p)
+	if err != nil {
+		if !errors.Is(err, errNoSenderAddressMatch) {
+			conn.logError(err, "Could not get import address")
+		}
+
+		// We did not find a match, so we use the default address.
+		return address, nil
+	}
+
+	if senderAddr.ID == address.ID {
+		return address, nil
+	}
+
+	// GODT-3185 / BRIDGE-120 In combined mode, in certain cases we adapt the address used for encryption.
+	// - draft with non-default address in combined mode: using sender address
+	// - import with non-default address in combined mode: using sender address
+	// - import with non-default disabled address in combined mode: using sender address
+	isSenderAddressDisabled := (!bool(senderAddr.Send)) || (senderAddr.Status != proton.AddressStatusEnabled)
+	isSenderExternalNonBYOE := senderAddr.Type == proton.AddressTypeExternal && !bool(senderAddr.Send)
+
+	// Forbid drafts/imports for external non-BYOE addresses
+	if isSenderExternalNonBYOE || (isDraft && isSenderAddressDisabled) {
+		return address, nil
+	}
+
+	return senderAddr, nil
+}

internal/services/imapservice/utils_test.go

@@ -0,0 +1,380 @@
+// Copyright (c) 2025 Proton AG
+//
+// This file is part of Proton Mail Bridge.
+//
+// Proton Mail Bridge is free software: you can redistribute it and/or modify
+// it under the terms of the GNU General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// Proton Mail Bridge is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License
+// along with Proton Mail Bridge.  If not, see <https://www.gnu.org/licenses/>.
+
+package imapservice
+
+import (
+	"errors"
+	"testing"
+
+	"github.com/ProtonMail/go-proton-api"
+	"github.com/ProtonMail/proton-bridge/v3/internal/usertypes"
+	"github.com/ProtonMail/proton-bridge/v3/pkg/message/parser"
+	"github.com/stretchr/testify/require"
+)
+
+type testConnector struct {
+	addressMode        usertypes.AddressMode
+	primaryAddress     proton.Address
+	senderAddress      proton.Address
+	imapAddress        proton.Address
+	senderAddressError error
+}
+
+func (t *testConnector) getSenderProtonAddress(_ *parser.Parser) (proton.Address, error) {
+	return t.senderAddress, t.senderAddressError
+}
+
+func (t *testConnector) getAddress(_ string) (proton.Address, bool) {
+	return t.imapAddress, true
+}
+
+func (t *testConnector) getPrimaryAddress() (proton.Address, error) {
+	return t.primaryAddress, nil
+}
+
+func (t *testConnector) getAddressMode() usertypes.AddressMode {
+	return t.addressMode
+}
+
+func (t *testConnector) logError(_ error, _ string) {
+}
+
+func Test_GetImportAddress_SplitMode(t *testing.T) {
+	primaryAddress := proton.Address{
+		ID:      "1",
+		Email:   "primary@proton.me",
+		Send:    true,
+		Receive: true,
+		Type:    proton.AddressTypeOriginal,
+		Status:  proton.AddressStatusEnabled,
+	}
+
+	imapAddressProton := proton.Address{
+		ID:      "2",
+		Email:   "imap@proton.me",
+		Send:    true,
+		Receive: true,
+		Type:    proton.AddressTypeOriginal,
+	}
+
+	testConn := &testConnector{
+		addressMode:    usertypes.AddressModeSplit,
+		primaryAddress: primaryAddress,
+		imapAddress:    imapAddressProton,
+	}
+
+	// Import address is internal, we're creating a draft.
+	// Expected: returned address is internal.
+	addr, err := getImportAddress(nil, true, imapAddressProton.ID, testConn)
+	require.NoError(t, err)
+	require.Equal(t, imapAddressProton.ID, addr.ID)
+	require.Equal(t, imapAddressProton.Email, addr.Email)
+
+	// Import address is internal, we're attempting to import a message.
+	// Expected: returned address is internal.
+	addr, err = getImportAddress(nil, false, imapAddressProton.ID, testConn)
+	require.NoError(t, err)
+	require.Equal(t, imapAddressProton.ID, addr.ID)
+	require.Equal(t, imapAddressProton.Email, addr.Email)
+
+	imapAddressBYOE := proton.Address{
+		ID:      "3",
+		Email:   "byoe@external.com",
+		Send:    true,
+		Receive: true,
+		Type:    proton.AddressTypeExternal,
+	}
+
+	// IMAP address is BYOE, we're creating a draft
+	// Expected: returned address is BYOE.
+	testConn.imapAddress = imapAddressBYOE
+	addr, err = getImportAddress(nil, true, imapAddressBYOE.ID, testConn)
+	require.NoError(t, err)
+	require.Equal(t, imapAddressBYOE.ID, addr.ID)
+	require.Equal(t, imapAddressBYOE.Email, addr.Email)
+	// IMAP address is BYOE, we're importing a message
+	// Expected: returned address is BYOE.
+	addr, err = getImportAddress(nil, false, imapAddressBYOE.ID, testConn)
+	require.NoError(t, err)
+	require.Equal(t, imapAddressBYOE.ID, addr.ID)
+	require.Equal(t, imapAddressBYOE.Email, addr.Email)
+
+	imapAddressExternal := proton.Address{
+		ID:      "4",
+		Email:   "external@external.com",
+		Send:    false,
+		Receive: false,
+		Type:    proton.AddressTypeExternal,
+	}
+
+	// IMAP address is external, we're creating a draft.
+	// Expected: returned address is primary.
+	testConn.imapAddress = imapAddressExternal
+	addr, err = getImportAddress(nil, true, imapAddressExternal.ID, testConn)
+	require.NoError(t, err)
+	require.Equal(t, primaryAddress.ID, addr.ID)
+	require.Equal(t, primaryAddress.Email, addr.Email)
+	// IMAP address is external, we're trying to import.
+	// Expected: returned address is primary.
+	addr, err = getImportAddress(nil, false, imapAddressExternal.ID, testConn)
+	require.NoError(t, err)
+	require.Equal(t, primaryAddress.ID, addr.ID)
+	require.Equal(t, primaryAddress.Email, addr.Email)
+}
+
+func Test_GetImportAddress_CombinedMode_ProtonAddresses(t *testing.T) {
+	primaryAddress := proton.Address{
+		ID:      "1",
+		Email:   "primary@proton.me",
+		Send:    true,
+		Receive: true,
+		Type:    proton.AddressTypeOriginal,
+		Status:  proton.AddressStatusEnabled,
+	}
+
+	imapAddressProton := proton.Address{
+		ID:      "2",
+		Email:   "imap@proton.me",
+		Send:    true,
+		Receive: true,
+		Type:    proton.AddressTypeOriginal,
+	}
+
+	senderAddress := proton.Address{
+		ID:      "3",
+		Email:   "sender@proton.me",
+		Send:    true,
+		Receive: true,
+		Type:    proton.AddressTypeOriginal,
+		Status:  proton.AddressStatusEnabled,
+	}
+
+	testConn := &testConnector{
+		addressMode:    usertypes.AddressModeCombined,
+		primaryAddress: primaryAddress,
+		imapAddress:    imapAddressProton,
+		senderAddress:  senderAddress,
+	}
+
+	// Both the sender address and the imap address are the same. We're creating a draft.
+	// Expected: IMAP address is returned.
+	testConn.senderAddress = imapAddressProton
+	testConn.imapAddress = imapAddressProton
+	addr, err := getImportAddress(nil, true, imapAddressProton.ID, testConn)
+	require.NoError(t, err)
+	require.Equal(t, imapAddressProton.ID, addr.ID)
+	require.Equal(t, imapAddressProton.Email, addr.Email)
+	// Both the sender address and the imap address are the same. We're trying to import
+	// Expected: IMAP address is returned.
+	addr, err = getImportAddress(nil, false, imapAddressProton.ID, testConn)
+	require.NoError(t, err)
+	require.Equal(t, imapAddressProton.ID, addr.ID)
+	require.Equal(t, imapAddressProton.Email, addr.Email)
+
+	// Sender address and imap address are different. Sender address is enabled and has sending enabled.
+	// We're creating a draft.
+	// Expected: Sender address is returned.
+	testConn.senderAddress = senderAddress
+	testConn.imapAddress = imapAddressProton
+	addr, err = getImportAddress(nil, true, imapAddressProton.ID, testConn)
+	require.NoError(t, err)
+	require.Equal(t, senderAddress.ID, addr.ID)
+	require.Equal(t, senderAddress.Email, addr.Email)
+	// Sender address and imap address are different. Sender address is enabled and has sending enabled.
+	// We're importing a message.
+	// Expected: Sender address is returned.
+	addr, err = getImportAddress(nil, false, imapAddressProton.ID, testConn)
+	require.NoError(t, err)
+	require.Equal(t, senderAddress.ID, addr.ID)
+	require.Equal(t, senderAddress.Email, addr.Email)
+
+	// Sender address and imap address are different. Sender address is disabled, but has sending enabled.
+	// We're creating a draft message.
+	// Expected: IMAP address is returned.
+	senderAddress.Status = proton.AddressStatusDisabled
+	testConn.senderAddress = senderAddress
+	addr, err = getImportAddress(nil, true, imapAddressProton.ID, testConn)
+	require.NoError(t, err)
+	require.Equal(t, imapAddressProton.ID, addr.ID)
+	require.Equal(t, imapAddressProton.Email, addr.Email)
+	// Sender address and imap address are different. Sender address is disabled, but has sending enabled.
+	// We're importing a message.
+	// Expected: IMAP address is returned.
+	addr, err = getImportAddress(nil, false, imapAddressProton.ID, testConn)
+	require.NoError(t, err)
+	require.Equal(t, senderAddress.ID, addr.ID)
+	require.Equal(t, senderAddress.Email, addr.Email)
+
+	// Sender address and imap address are different. Sender address is enabled, but has sending disabled.
+	// We're creating a draft.
+	// Expected: IMAP address is returned.
+	senderAddress.Status = proton.AddressStatusEnabled
+	senderAddress.Send = false
+	testConn.senderAddress = senderAddress
+	addr, err = getImportAddress(nil, true, imapAddressProton.ID, testConn)
+	require.NoError(t, err)
+	require.Equal(t, imapAddressProton.ID, addr.ID)
+	require.Equal(t, imapAddressProton.Email, addr.Email)
+	// Sender address and imap address are different. Sender address is enabled, but has sending disabled.
+	// We're importing a message.
+	// Expected: IMAP address is returned.
+	addr, err = getImportAddress(nil, false, imapAddressProton.ID, testConn)
+	require.NoError(t, err)
+	require.Equal(t, senderAddress.ID, addr.ID)
+	require.Equal(t, senderAddress.Email, addr.Email)
+
+	// Sender address and imap address are different. But sender address is not an associated proton address.
+	// We're creating a draft.
+	// Expected: Sender address is returned.
+	testConn.senderAddressError = errors.New("sender address is not associated with the account")
+	addr, err = getImportAddress(nil, true, imapAddressProton.ID, testConn)
+	require.NoError(t, err)
+	require.Equal(t, imapAddressProton.ID, addr.ID)
+	require.Equal(t, imapAddressProton.Email, addr.Email)
+	// Sender address and imap address are different. But sender address is not an associated proton address.
+	// We're importing a message.
+	// Expected: Sender address is returned.
+	addr, err = getImportAddress(nil, false, imapAddressProton.ID, testConn)
+	require.NoError(t, err)
+	require.Equal(t, imapAddressProton.ID, addr.ID)
+	require.Equal(t, imapAddressProton.Email, addr.Email)
+}
+
+func Test_GetImportAddress_CombinedMode_ExternalAddresses(t *testing.T) {
+	primaryAddress := proton.Address{
+		ID:      "1",
+		Email:   "primary@proton.me",
+		Send:    true,
+		Receive: true,
+		Type:    proton.AddressTypeOriginal,
+		Status:  proton.AddressStatusEnabled,
+	}
+
+	imapAddressProton := proton.Address{
+		ID:      "2",
+		Email:   "imap@proton.me",
+		Send:    true,
+		Receive: true,
+		Type:    proton.AddressTypeOriginal,
+	}
+
+	senderAddressExternal := proton.Address{
+		ID:      "3",
+		Email:   "sender@external.me",
+		Send:    false,
+		Receive: false,
+		Type:    proton.AddressTypeExternal,
+		Status:  proton.AddressStatusEnabled,
+	}
+
+	senderAddressExternalSecondary := proton.Address{
+		ID:      "4",
+		Email:   "sender2@external.me",
+		Send:    false,
+		Receive: false,
+		Type:    proton.AddressTypeExternal,
+		Status:  proton.AddressStatusEnabled,
+	}
+
+	testConn := &testConnector{
+		addressMode:    usertypes.AddressModeCombined,
+		primaryAddress: primaryAddress,
+		imapAddress:    imapAddressProton,
+		senderAddress:  senderAddressExternal,
+	}
+
+	// Sender address is external, and we're creating a draft.
+	// Expected: IMAP address is returned.
+	testConn.senderAddress = senderAddressExternal
+	testConn.imapAddress = imapAddressProton
+	addr, err := getImportAddress(nil, true, imapAddressProton.ID, testConn)
+	require.NoError(t, err)
+	require.Equal(t, imapAddressProton.ID, addr.ID)
+	require.Equal(t, imapAddressProton.Email, addr.Email)
+	// Sender address is external, and we're importing a message.
+	// Expected: IMAP address is returned.
+	addr, err = getImportAddress(nil, false, imapAddressProton.ID, testConn)
+	require.NoError(t, err)
+	require.Equal(t, imapAddressProton.ID, addr.ID)
+	require.Equal(t, imapAddressProton.Email, addr.Email)
+
+	// Sender and IMAP address are external, and we're trying to import.
+	// Expected: Primary address is returned.
+	testConn.imapAddress = senderAddressExternalSecondary
+	addr, err = getImportAddress(nil, false, imapAddressProton.ID, testConn)
+	require.NoError(t, err)
+	require.Equal(t, primaryAddress.ID, addr.ID)
+	require.Equal(t, primaryAddress.Email, addr.Email)
+	// Sender and IMAP address are external, and we're trying to create a draft.
+	// Expected: Primary address is returned.
+	addr, err = getImportAddress(nil, true, imapAddressProton.ID, testConn)
+	require.NoError(t, err)
+	require.Equal(t, primaryAddress.ID, addr.ID)
+	require.Equal(t, primaryAddress.Email, addr.Email)
+}
+
+func Test_GetImportAddress_CombinedMode_BYOEAddresses(t *testing.T) {
+	primaryAddress := proton.Address{
+		ID:      "1",
+		Email:   "primary@proton.me",
+		Send:    true,
+		Receive: true,
+		Type:    proton.AddressTypeOriginal,
+		Status:  proton.AddressStatusEnabled,
+	}
+
+	imapAddressProton := proton.Address{
+		ID:      "2",
+		Email:   "imap@proton.me",
+		Send:    true,
+		Receive: true,
+		Type:    proton.AddressTypeOriginal,
+	}
+
+	senderAddressBYOE := proton.Address{
+		ID:      "3",
+		Email:   "sender@external.me",
+		Send:    true,
+		Receive: true,
+		Type:    proton.AddressTypeExternal,
+		Status:  proton.AddressStatusEnabled,
+	}
+
+	testConn := &testConnector{
+		addressMode:    usertypes.AddressModeCombined,
+		primaryAddress: primaryAddress,
+		imapAddress:    imapAddressProton,
+		senderAddress:  senderAddressBYOE,
+	}
+
+	// Sender address is BYOE, and we're creating a draft.
+	// Expected: BYOE address is returned.
+	testConn.senderAddress = senderAddressBYOE
+	testConn.imapAddress = imapAddressProton
+	addr, err := getImportAddress(nil, true, imapAddressProton.ID, testConn)
+	require.NoError(t, err)
+	require.Equal(t, senderAddressBYOE.ID, addr.ID)
+	require.Equal(t, senderAddressBYOE.Email, addr.Email)
+
+	// Sender address is BYOE, and we're importing a message.
+	// Expected: BYOE address is returned.
+	addr, err = getImportAddress(nil, false, imapAddressProton.ID, testConn)
+	require.NoError(t, err)
+	require.Equal(t, senderAddressBYOE.ID, addr.ID)
+	require.Equal(t, senderAddressBYOE.Email, addr.Email)
+}

internal/services/imapsmtpserver/service.go

@@ -170,6 +170,14 @@ func (sm *Service) SetGluonDir(ctx context.Context, gluonDir string) error {
 	return err
 }
 
+func (sm *Service) LogRemoteLabelIDs(ctx context.Context, provider imapservice.GluonIDProvider, addrID ...string) error {
+	_, err := sm.requests.Send(ctx, &smRequestLogRemoteMailboxIDs{
+		addrID:     addrID,
+		idProvider: provider,
+	})
+	return err
+}
+
 func (sm *Service) RemoveIMAPUser(ctx context.Context, deleteData bool, provider imapservice.GluonIDProvider, addrID ...string) error {
 	_, err := sm.requests.Send(ctx, &smRequestRemoveIMAPUser{
 		withData:   deleteData,
@@ -244,6 +252,10 @@ func (sm *Service) run(ctx context.Context, subscription events.Subscription) {
 					sm.handleLoadedUserCountChange(ctx)
 				}
 
+			case *smRequestLogRemoteMailboxIDs:
+				err := sm.logRemoteLabelIDsFromServer(ctx, r.addrID, r.idProvider)
+				request.Reply(ctx, nil, err)
+
 			case *smRequestRemoveIMAPUser:
 				err := sm.handleRemoveIMAPUser(ctx, r.withData, r.idProvider, r.addrID...)
 				request.Reply(ctx, nil, err)
@@ -311,6 +323,35 @@ func (sm *Service) handleAddIMAPUser(ctx context.Context,
 	return sm.handleAddIMAPUserImpl(ctx, connector, addrID, idProvider, syncStateProvider)
 }
 
+func (sm *Service) logRemoteLabelIDsFromServer(ctx context.Context, addrIDs []string, idProvider imapservice.GluonIDProvider) error {
+	if sm.imapServer == nil {
+		return fmt.Errorf("no imap server instance running")
+	}
+
+	for _, addrID := range addrIDs {
+		gluonID, ok := idProvider.GetGluonID(addrID)
+		if !ok {
+			sm.log.Warnf("Could not find Gluon ID for addrID %v", addrID)
+			continue
+		}
+
+		log := sm.log.WithFields(logrus.Fields{
+			"addrID":  addrID,
+			"gluonID": gluonID,
+		})
+
+		remoteLabelIDs, err := sm.imapServer.GetAllMailboxRemoteIDsForUser(ctx, gluonID)
+		if err != nil {
+			log.WithError(err).Error("Could not obtain remote label IDs for user")
+			continue
+		}
+
+		log.WithField("remoteLabelIDs", remoteLabelIDs).Debug("Logging Gluon remote Label IDs")
+	}
+
+	return nil
+}
+
 func (sm *Service) handleAddIMAPUserImpl(ctx context.Context,
 	connector connector.Connector,
 	addrID string,
@@ -723,3 +764,8 @@ type smRequestAddSMTPAccount struct {
 type smRequestRemoveSMTPAccount struct {
 	account *bridgesmtp.Service
 }
+
+type smRequestLogRemoteMailboxIDs struct {
+	addrID     []string
+	idProvider imapservice.GluonIDProvider
+}

internal/services/smtp/service.go

@@ -253,7 +253,6 @@ type sendMailReq struct {
 func (s *Service) sendMail(ctx context.Context, req *sendMailReq) error {
 	defer async.HandlePanic(s.panicHandler)
 	start := time.Now()
-	s.log.Debug("Received send mail request")
 	defer func() {
 		end := time.Now()
 		s.log.Debugf("Send mail request finished in %v", end.Sub(start))

internal/services/syncservice/handler.go

@@ -138,11 +138,10 @@ func (t *Handler) run(ctx context.Context,
 	}
 
 	if syncStatus.IsComplete() {
-		t.log.Info("Sync already complete, only system labels will be updated")
+		t.log.Info("Sync already complete, updating labels")
-
-		if err := updateApplier.SyncSystemLabelsOnly(ctx, labels); err != nil {
-			t.log.WithError(err).Error("Failed to sync system labels")
 
+		if err := updateApplier.SyncLabels(ctx, labels); err != nil {
+			t.log.WithError(err).Error("Failed to sync labels")
 			return err
 		}
 

internal/services/syncservice/handler_test.go

@@ -74,8 +74,7 @@ func TestTask_NoStateAndSucceeds(t *testing.T) {
 	}
 
 	{
-		call1 := tt.updateApplier.EXPECT().SyncLabels(gomock.Any(), gomock.Eq(labels)).Times(1).Return(nil)
+		tt.updateApplier.EXPECT().SyncLabels(gomock.Any(), gomock.Eq(labels)).Times(2).Return(nil)
-		tt.updateApplier.EXPECT().SyncSystemLabelsOnly(gomock.Any(), gomock.Eq(labels)).After(call1).Times(1).Return(nil)
 	}
 
 	{
@@ -203,7 +202,7 @@ func TestTask_StateHasSyncedState(t *testing.T) {
 		}, nil
 	})
 
-	tt.updateApplier.EXPECT().SyncSystemLabelsOnly(gomock.Any(), gomock.Eq(labels)).Return(nil)
+	tt.updateApplier.EXPECT().SyncLabels(gomock.Any(), gomock.Eq(labels)).Return(nil)
 
 	err := tt.task.run(context.Background(), tt.syncReporter, labels, tt.updateApplier, tt.messageBuilder)
 	require.NoError(t, err)

internal/services/syncservice/interfaces.go

@@ -80,7 +80,6 @@ type MessageBuilder interface {
 
 type UpdateApplier interface {
 	ApplySyncUpdates(ctx context.Context, updates []BuildResult) error
-	SyncSystemLabelsOnly(ctx context.Context, labels map[string]proton.Label) error
 	SyncLabels(ctx context.Context, labels map[string]proton.Label) error
 }
 

internal/services/syncservice/mocks_test.go

@@ -548,20 +548,6 @@ func (mr *MockUpdateApplierMockRecorder) SyncLabels(arg0, arg1 interface{}) *gom
 	return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "SyncLabels", reflect.TypeOf((*MockUpdateApplier)(nil).SyncLabels), arg0, arg1)
 }
 
-// SyncSystemLabelsOnly mocks base method.
-func (m *MockUpdateApplier) SyncSystemLabelsOnly(arg0 context.Context, arg1 map[string]proton.Label) error {
-	m.ctrl.T.Helper()
-	ret := m.ctrl.Call(m, "SyncSystemLabelsOnly", arg0, arg1)
-	ret0, _ := ret[0].(error)
-	return ret0
-}
-
-// SyncSystemLabelsOnly indicates an expected call of SyncSystemLabelsOnly.
-func (mr *MockUpdateApplierMockRecorder) SyncSystemLabelsOnly(arg0, arg1 interface{}) *gomock.Call {
-	mr.mock.ctrl.T.Helper()
-	return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "SyncSystemLabelsOnly", reflect.TypeOf((*MockUpdateApplier)(nil).SyncSystemLabelsOnly), arg0, arg1)
-}
-
 // MockMessageBuilder is a mock of MessageBuilder interface.
 type MockMessageBuilder struct {
 	ctrl     *gomock.Controller

internal/unleash/service.go

@@ -40,6 +40,7 @@ const (
 	EventLoopNotificationDisabled            = "InboxBridgeEventLoopNotificationDisabled"
 	IMAPAuthenticateCommandDisabled          = "InboxBridgeImapAuthenticateCommandDisabled"
 	UserRemovalGluonDataCleanupDisabled      = "InboxBridgeUserRemovalGluonDataCleanupDisabled"
+	UpdateUseNewVersionFileStructureDisabled = "InboxBridgeUpdateWithOsFilterDisabled"
 )
 
 type requestFeaturesFn func(ctx context.Context) (proton.FeatureFlagResult, error)

internal/updater/types_test.go

@@ -0,0 +1,255 @@
+// Copyright (c) 2025 Proton AG
+//
+// This file is part of Proton Mail Bridge.
+//
+// Proton Mail Bridge is free software: you can redistribute it and/or modify
+// it under the terms of the GNU General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// Proton Mail Bridge is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License
+// along with Proton Mail Bridge. If not, see <https://www.gnu.org/licenses/>.
+
+package updater
+
+import (
+	"encoding/json"
+	"testing"
+
+	"github.com/stretchr/testify/require"
+)
+
+func Test_ReleaseCategory_UpdateEligible(t *testing.T) {
+	// If release is beta only beta users can update
+	require.True(t, EarlyAccessReleaseCategory.UpdateEligible(EarlyChannel))
+	require.False(t, EarlyAccessReleaseCategory.UpdateEligible(StableChannel))
+
+	// If the release is stable and is the newest then both beta and stable users can update
+	require.True(t, StableReleaseCategory.UpdateEligible(EarlyChannel))
+	require.True(t, StableReleaseCategory.UpdateEligible(StableChannel))
+}
+
+func Test_ReleaseCategory_JsonUnmarshal(t *testing.T) {
+	tests := []struct {
+		input    string
+		expected ReleaseCategory
+		wantErr  bool
+	}{
+		{
+			input:    `{"ReleaseCategory": "EarlyAccess"}`,
+			expected: EarlyAccessReleaseCategory,
+		},
+		{
+			input:    `{"ReleaseCategory": "Earlyaccess"}`,
+			expected: EarlyAccessReleaseCategory,
+		},
+		{
+			input:    `{"ReleaseCategory": "earlyaccess"}`,
+			expected: EarlyAccessReleaseCategory,
+		},
+		{
+			input:    `{"ReleaseCategory": "   earlyaccess   "}`,
+			expected: EarlyAccessReleaseCategory,
+		},
+		{
+			input:    `{"ReleaseCategory": "Stable"}`,
+			expected: StableReleaseCategory,
+		},
+		{
+			input:    `{"ReleaseCategory": "Stable   "}`,
+			expected: StableReleaseCategory,
+		},
+		{
+			input:    `{"ReleaseCategory": "stable"}`,
+			expected: StableReleaseCategory,
+		},
+		{
+			input:   `{"ReleaseCategory": "invalid"}`,
+			wantErr: true,
+		},
+	}
+
+	var data struct {
+		ReleaseCategory ReleaseCategory
+	}
+
+	for _, test := range tests {
+		err := json.Unmarshal([]byte(test.input), &data)
+		if err != nil && !test.wantErr {
+			t.Errorf("json.Unmarshal() error = %v, wantErr %v", err, test.wantErr)
+			return
+		}
+
+		if test.wantErr && err == nil {
+			t.Errorf("expected err got nil")
+		}
+
+		if !test.wantErr && data.ReleaseCategory != test.expected {
+			t.Errorf("got %v, want %v", data.ReleaseCategory, test.expected)
+		}
+	}
+}
+
+func Test_ReleaseCategory_JsonMarshal(t *testing.T) {
+	tests := []struct {
+		input struct {
+			ReleaseCategory ReleaseCategory `json:"ReleaseCategory"`
+		}
+		expectedOutput string
+		wantErr        bool
+	}{
+		{
+			input: struct {
+				ReleaseCategory ReleaseCategory `json:"ReleaseCategory"`
+			}{ReleaseCategory: StableReleaseCategory},
+			expectedOutput: `{"ReleaseCategory":"Stable"}`,
+		},
+		{
+			input: struct {
+				ReleaseCategory ReleaseCategory `json:"ReleaseCategory"`
+			}{ReleaseCategory: EarlyAccessReleaseCategory},
+			expectedOutput: `{"ReleaseCategory":"EarlyAccess"}`,
+		},
+		{
+			input: struct {
+				ReleaseCategory ReleaseCategory `json:"ReleaseCategory"`
+			}{ReleaseCategory: 4},
+			wantErr: true,
+		},
+	}
+
+	for _, test := range tests {
+		output, err := json.Marshal(test.input)
+
+		if test.wantErr {
+			if err == nil && len(output) == 0 {
+				t.Errorf("expected error or non-empty output for invalid category")
+				return
+			}
+		} else {
+			if err != nil {
+				t.Errorf("unexpected error: %v", err)
+				return
+			}
+
+			if string(output) != test.expectedOutput {
+				t.Errorf("json.Marshal() = %v, want %v", string(output), test.expectedOutput)
+			}
+		}
+	}
+}
+
+func Test_FileIdentifier_JsonUnmarshal(t *testing.T) {
+	tests := []struct {
+		input    string
+		expected FileIdentifier
+		wantErr  bool
+	}{
+		{
+			input:    `{"Identifier": "package"}`,
+			expected: PackageIdentifier,
+		},
+		{
+			input:    `{"Identifier": "Package"}`,
+			expected: PackageIdentifier,
+		},
+		{
+			input:    `{"Identifier": "pACKage"}`,
+			expected: PackageIdentifier,
+		},
+		{
+			input:    `{"Identifier": "pACKage    "}`,
+			expected: PackageIdentifier,
+		},
+		{
+			input:    `{"Identifier": "installer"}`,
+			expected: InstallerIdentifier,
+		},
+		{
+			input:    `{"Identifier": "Installer"}`,
+			expected: InstallerIdentifier,
+		},
+		{
+			input:    `{"Identifier": "iNSTaller  "}`,
+			expected: InstallerIdentifier,
+		},
+		{
+			input:   `{"Identifier": "error"}`,
+			wantErr: true,
+		},
+	}
+
+	var data struct {
+		Identifier FileIdentifier
+	}
+
+	for _, test := range tests {
+		err := json.Unmarshal([]byte(test.input), &data)
+		if err != nil && !test.wantErr {
+			t.Errorf("json.Unmarshal() error = %v, wantErr %v", err, test.wantErr)
+			return
+		}
+
+		if test.wantErr && err == nil {
+			t.Errorf("expected err got nil")
+		}
+
+		if !test.wantErr && data.Identifier != test.expected {
+			t.Errorf("got %v, want %v", data.Identifier, test.expected)
+		}
+	}
+}
+
+func Test_FileIdentifier_JsonMarshal(t *testing.T) {
+	tests := []struct {
+		input struct {
+			Identifier FileIdentifier
+		}
+		expectedOutput string
+		wantErr        bool
+	}{
+		{
+			input: struct {
+				Identifier FileIdentifier
+			}{Identifier: PackageIdentifier},
+			expectedOutput: `{"Identifier":"package"}`,
+		},
+		{
+			input: struct {
+				Identifier FileIdentifier
+			}{Identifier: InstallerIdentifier},
+			expectedOutput: `{"Identifier":"installer"}`,
+		},
+		{
+			input: struct {
+				Identifier FileIdentifier
+			}{Identifier: 4},
+			wantErr: true,
+		},
+	}
+
+	for _, test := range tests {
+		output, err := json.Marshal(test.input)
+
+		if test.wantErr {
+			if err == nil && len(output) == 0 {
+				t.Errorf("expected error or non-empty output for invalid identifier")
+				return
+			}
+		} else {
+			if err != nil {
+				t.Errorf("unexpected error: %v", err)
+				return
+			}
+
+			if string(output) != test.expectedOutput {
+				t.Errorf("json.Marshal() = %v, want %v", string(output), test.expectedOutput)
+			}
+		}
+	}
+}

internal/updater/types_version.go

@@ -0,0 +1,135 @@
+// Copyright (c) 2025 Proton AG
+//
+// This file is part of Proton Mail Bridge.
+//
+// Proton Mail Bridge is free software: you can redistribute it and/or modify
+// it under the terms of the GNU General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// Proton Mail Bridge is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License
+// along with Proton Mail Bridge. If not, see <https://www.gnu.org/licenses/>.
+
+package updater
+
+import (
+	"encoding/json"
+	"fmt"
+	"strings"
+)
+
+type ReleaseCategory uint8
+type FileIdentifier uint8
+
+const (
+	EarlyAccessReleaseCategory ReleaseCategory = iota
+	StableReleaseCategory
+)
+
+const (
+	PackageIdentifier FileIdentifier = iota
+	InstallerIdentifier
+)
+
+var (
+	releaseCategoryName = map[uint8]string{ //nolint:gochecknoglobals
+		0: "EarlyAccess",
+		1: "Stable",
+	}
+	releaseCategoryValue = map[string]uint8{ //nolint:gochecknoglobals
+		"earlyaccess": 0,
+		"stable":      1,
+	}
+	fileIdentifierName = map[uint8]string{ //nolint:gochecknoglobals
+		0: "package",
+		1: "installer",
+	}
+	fileIdentifierValue = map[string]uint8{ //nolint:gochecknoglobals
+		"package":   0,
+		"installer": 1,
+	}
+)
+
+func ParseFileIdentifier(s string) (FileIdentifier, error) {
+	s = strings.TrimSpace(strings.ToLower(s))
+	val, ok := fileIdentifierValue[s]
+	if !ok {
+		return FileIdentifier(0), fmt.Errorf("%s is not a valid file identifier", s)
+	}
+
+	return FileIdentifier(val), nil
+}
+
+func (fi FileIdentifier) String() string {
+	return fileIdentifierName[uint8(fi)]
+}
+
+func (fi FileIdentifier) MarshalJSON() ([]byte, error) {
+	return json.Marshal(fi.String())
+}
+
+func (fi *FileIdentifier) UnmarshalJSON(data []byte) (err error) {
+	var fileIdentifier string
+	if err := json.Unmarshal(data, &fileIdentifier); err != nil {
+		return err
+	}
+
+	parsedFileIdentifier, err := ParseFileIdentifier(fileIdentifier)
+	if err != nil {
+		return err
+	}
+
+	*fi = parsedFileIdentifier
+	return nil
+}
+
+func ParseReleaseCategory(s string) (ReleaseCategory, error) {
+	s = strings.TrimSpace(strings.ToLower(s))
+	val, ok := releaseCategoryValue[s]
+	if !ok {
+		return ReleaseCategory(0), fmt.Errorf("%s is not a valid release category", s)
+	}
+
+	return ReleaseCategory(val), nil
+}
+
+func (rc ReleaseCategory) String() string {
+	return releaseCategoryName[uint8(rc)]
+}
+
+func (rc ReleaseCategory) MarshalJSON() ([]byte, error) {
+	return json.Marshal(rc.String())
+}
+
+func (rc *ReleaseCategory) UnmarshalJSON(data []byte) (err error) {
+	var releaseCat string
+	if err := json.Unmarshal(data, &releaseCat); err != nil {
+		return err
+	}
+
+	parsedCat, err := ParseReleaseCategory(releaseCat)
+	if err != nil {
+		return err
+	}
+
+	*rc = parsedCat
+
+	return nil
+}
+
+func (rc ReleaseCategory) UpdateEligible(channel Channel) bool {
+	if channel == StableChannel && rc == StableReleaseCategory {
+		return true
+	}
+
+	if channel == EarlyChannel && rc == EarlyAccessReleaseCategory || rc == StableReleaseCategory {
+		return true
+	}
+
+	return false
+}

internal/updater/updater.go

@@ -29,13 +29,17 @@ import (
 	"github.com/ProtonMail/proton-bridge/v3/internal/versioner"
 	"github.com/pkg/errors"
 	"github.com/sirupsen/logrus"
+	"golang.org/x/exp/slices"
 )
 
+const updateFileVersion = 1
+
 var (
 	ErrDownloadVerify              = errors.New("failed to download or verify the update")
 	ErrInstall                     = errors.New("failed to install the update")
 	ErrUpdateAlreadyInstalled      = errors.New("update is already installed")
 	ErrVersionFileDownloadOrVerify = errors.New("failed to download or verify the version file")
+	ErrReleaseUpdatePackageMissing = errors.New("release update package is missing")
 )
 
 type Downloader interface {
@@ -53,6 +57,7 @@ type Updater struct {
 	verifier  *crypto.KeyRing
 	product   string
 	platform  string
+	version   uint
 }
 
 func NewUpdater(ver *versioner.Versioner, verifier *crypto.KeyRing, product, platform string) *Updater {
@@ -62,10 +67,36 @@ func NewUpdater(ver *versioner.Versioner, verifier *crypto.KeyRing, product, pla
 		verifier:  verifier,
 		product:   product,
 		platform:  platform,
+		version:   updateFileVersion,
 	}
 }
 
-func (u *Updater) GetVersionInfo(ctx context.Context, downloader Downloader, channel Channel) (VersionInfo, error) {
+func (u *Updater) GetVersionInfoLegacy(ctx context.Context, downloader Downloader, channel Channel) (VersionInfoLegacy, error) {
+	b, err := downloader.DownloadAndVerify(
+		ctx,
+		u.verifier,
+		u.getVersionFileURLLegacy(),
+		u.getVersionFileURLLegacy()+".sig",
+	)
+	if err != nil {
+		return VersionInfoLegacy{}, fmt.Errorf("%w: %w", ErrVersionFileDownloadOrVerify, err)
+	}
+
+	var versionMap VersionMap
+
+	if err := json.Unmarshal(b, &versionMap); err != nil {
+		return VersionInfoLegacy{}, err
+	}
+
+	version, ok := versionMap[channel]
+	if !ok {
+		return VersionInfoLegacy{}, errors.New("no updates available for this channel")
+	}
+
+	return version, nil
+}
+
+func (u *Updater) GetVersionInfo(ctx context.Context, downloader Downloader) (VersionInfo, error) {
 	b, err := downloader.DownloadAndVerify(
 		ctx,
 		u.verifier,
@@ -76,21 +107,16 @@ func (u *Updater) GetVersionInfo(ctx context.Context, downloader Downloader, cha
 		return VersionInfo{}, fmt.Errorf("%w: %w", ErrVersionFileDownloadOrVerify, err)
 	}
 
-	var versionMap VersionMap
+	var releases VersionInfo
 
-	if err := json.Unmarshal(b, &versionMap); err != nil {
+	if err := json.Unmarshal(b, &releases); err != nil {
 		return VersionInfo{}, err
 	}
 
-	version, ok := versionMap[channel]
+	return releases, nil
-	if !ok {
-		return VersionInfo{}, errors.New("no updates available for this channel")
 }
 
-	return version, nil
+func (u *Updater) InstallUpdateLegacy(ctx context.Context, downloader Downloader, update VersionInfoLegacy) error {
-}
-
-func (u *Updater) InstallUpdate(ctx context.Context, downloader Downloader, update VersionInfo) error {
 	if u.installer.IsAlreadyInstalled(update.Version) {
 		return ErrUpdateAlreadyInstalled
 	}
@@ -113,13 +139,64 @@ func (u *Updater) InstallUpdate(ctx context.Context, downloader Downloader, upda
 	return nil
 }
 
+func (u *Updater) InstallUpdate(ctx context.Context, downloader Downloader, release Release) error {
+	if u.installer.IsAlreadyInstalled(release.Version) {
+		return ErrUpdateAlreadyInstalled
+	}
+
+	// Find update package
+	idx := slices.IndexFunc(release.File, func(file File) bool {
+		return file.Identifier == PackageIdentifier
+	})
+
+	if idx == -1 {
+		logrus.WithFields(logrus.Fields{
+			"release_version": release.Version,
+		}).Error("Update release does not contain update package")
+		return ErrReleaseUpdatePackageMissing
+	}
+
+	releaseUpdatePackage := release.File[idx]
+
+	b, err := downloader.DownloadAndVerify(
+		ctx,
+		u.verifier,
+		releaseUpdatePackage.URL,
+		releaseUpdatePackage.URL+".sig",
+	)
+	if err != nil {
+		return fmt.Errorf("%w: %w", ErrDownloadVerify, err)
+	}
+
+	if err := u.installer.InstallUpdate(release.Version, bytes.NewReader(b)); err != nil {
+		logrus.WithError(err).Error("Failed to install update")
+		return ErrInstall
+	}
+
+	return nil
+}
+
 func (u *Updater) RemoveOldUpdates() error {
 	return u.versioner.RemoveOldVersions()
 }
 
-// getVersionFileURL returns the URL of the version file.
+// getVersionFileURLLegacy returns the URL of the version file.
 // For example:
 //   - https://protonmail.com/download/bridge/version_linux.json
-func (u *Updater) getVersionFileURL() string {
+func (u *Updater) getVersionFileURLLegacy() string {
 	return fmt.Sprintf("%v/%v/version_%v.json", Host, u.product, u.platform)
 }
+
+// getVersionFileURL returns the URL of the version file.
+// For example:
+//   - https://protonmail.com/download/windows/x86/v1/version.json
+//   - https://protonmail.com/download/linux/x86/v1/version.json
+//   - https://protonmail.com/download/darwin/universal/v1/version.json
+func (u *Updater) getVersionFileURL() string {
+	switch u.platform {
+	case "darwin":
+		return fmt.Sprintf("%v/%v/%v/universal/v%v/version.json", Host, u.product, u.platform, u.version)
+	default:
+		return fmt.Sprintf("%v/%v/%v/x86/v%v/version.json", Host, u.product, u.platform, u.version)
+	}
+}

internal/updater/version.go

@@ -19,10 +19,36 @@ package updater
 
 import (
 	"github.com/Masterminds/semver/v3"
+	"github.com/ProtonMail/proton-bridge/v3/internal/updater/versioncompare"
 )
 
-// VersionInfo is information about one version of the app.
+type File struct {
+	URL            string         `json:"Url"`
+	Sha512CheckSum string         `json:"Sha512CheckSum,omitempty"`
+	Identifier     FileIdentifier `json:"Identifier"`
+}
+
+type Release struct {
+	ReleaseCategory   ReleaseCategory `json:"CategoryName"`
+	Version           *semver.Version
+	SystemVersion     versioncompare.SystemVersion `json:"SystemVersion,omitempty"`
+	RolloutProportion float64
+	MinAuto           *semver.Version `json:"MinAuto,omitempty"`
+	ReleaseNotesPage  string
+	LandingPage       string
+	File              []File `json:"File"`
+}
+
+func (rel Release) IsEmpty() bool {
+	return rel.Version == nil && len(rel.File) == 0
+}
+
 type VersionInfo struct {
+	Releases []Release `json:"Releases"`
+}
+
+// VersionInfoLegacy is information about one version of the app.
+type VersionInfoLegacy struct {
 	// Version is the semantic version of the release.
 	Version *semver.Version
 
@@ -46,6 +72,10 @@ type VersionInfo struct {
 	RolloutProportion float64
 }
 
+func (verInfo VersionInfoLegacy) IsEmpty() bool {
+	return verInfo.Version == nil && verInfo.ReleaseNotesPage == ""
+}
+
 // VersionMap represents the structure of the version.json file.
 // It looks like this:
 //
@@ -79,4 +109,4 @@ type VersionInfo struct {
 //	  }
 //	}.
 
-type VersionMap map[Channel]VersionInfo
+type VersionMap map[Channel]VersionInfoLegacy

internal/updater/version_test.go

@@ -0,0 +1,205 @@
+// Copyright (c) 2025 Proton AG
+//
+// This file is part of Proton Mail Bridge.
+//
+// Proton Mail Bridge is free software: you can redistribute it and/or modify
+// it under the terms of the GNU General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// Proton Mail Bridge is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License
+// along with Proton Mail Bridge. If not, see <https://www.gnu.org/licenses/>.
+
+package updater
+
+import (
+	"encoding/json"
+	"testing"
+
+	"github.com/Masterminds/semver/v3"
+	"github.com/ProtonMail/proton-bridge/v3/internal/updater/versioncompare"
+)
+
+var mockJSONData = `
+{
+  "Releases": [
+    {
+      "CategoryName": "Stable",
+      "Version": "2.1.0",
+      "ReleaseDate": "2025-01-15T08:00:00Z",
+      "File": [
+        {
+          "Url": "https://downloads.example.com/v2.1.0/MyApp-2.1.0.pkg",
+          "Sha512CheckSum": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855",
+          "Identifier": "package"
+        },
+        {
+          "Url": "https://downloads.example.com/v2.1.0/MyApp-2.1.0.dmg",
+          "Sha512CheckSum": "cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce",
+          "Identifier": "installer"
+        }
+      ],
+      "RolloutProportion": 0.5,
+      "MinAuto": "2.0.0",
+      "Commit": "8f52d45c9f8c31aa391315ea24e40c4a7e0b2c1d",
+      "ReleaseNotesPage": "https://example.com/releases/2.1.0/notes",
+      "LandingPage": "https://example.com/releases/2.1.0"
+    },
+    {
+      "CategoryName": "EarlyAccess",
+      "Version": "2.2.0-beta.1",
+      "ReleaseDate": "2025-01-20T10:00:00Z",
+      "File": [
+        {
+          "Url": "https://downloads.example.com/beta/v2.2.0-beta.1/MyApp-2.2.0-beta.1.pkg",
+          "Sha512CheckSum": "a9f0e44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855",
+          "Identifier": "package"
+        }
+      ],
+      "SystemVersion": {
+        "Minimum": "13"
+      },
+      "RolloutProportion": 0.25,
+      "MinAuto": "2.1.0",
+      "Commit": "3e72d45c9f8c31aa391315ea24e40c4a7e0b2c1d",
+      "ReleaseNotesPage": "https://example.com/releases/2.2.0-beta.1/notes",
+      "LandingPage": "https://example.com/releases/2.2.0-beta.1"
+    },
+    {
+      "CategoryName": "Stable",
+      "Version": "2.0.0",
+      "ReleaseDate": "2024-12-01T09:00:00Z",
+      "File": [
+        {
+          "Url": "https://downloads.example.com/v2.0.0/MyApp-2.0.0.pkg",
+          "Sha512CheckSum": "b5f0e44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855",
+          "Identifier": "package"
+        },
+        {
+          "Url": "https://downloads.example.com/v2.0.0/MyApp-2.0.0.dmg",
+          "Sha512CheckSum": "d583e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce",
+          "Identifier": "installer"
+        }
+      ],
+      "SystemVersion": {
+			"Maximum": "12.0.0",
+			"Minimum": "1.0.0"
+		},
+      "RolloutProportion": 1.0,
+      "MinAuto": "1.9.0",
+      "Commit": "2a42d45c9f8c31aa391315ea24e40c4a7e0b2c1d",
+      "ReleaseNotesPage": "https://example.com/releases/2.0.0/notes",
+      "LandingPage": "https://example.com/releases/2.0.0"
+    }
+  ]
+}
+`
+
+var expectedVersionInfo = VersionInfo{
+	Releases: []Release{
+		{
+			ReleaseCategory:   StableReleaseCategory,
+			Version:           semver.MustParse("2.1.0"),
+			RolloutProportion: 0.5,
+			MinAuto:           semver.MustParse("2.0.0"),
+			File: []File{
+				{
+					URL:        "https://downloads.example.com/v2.1.0/MyApp-2.1.0.pkg",
+					Identifier: PackageIdentifier,
+				},
+				{
+					URL:        "https://downloads.example.com/v2.1.0/MyApp-2.1.0.dmg",
+					Identifier: InstallerIdentifier,
+				},
+			},
+		},
+		{
+			ReleaseCategory:   EarlyAccessReleaseCategory,
+			Version:           semver.MustParse("2.2.0-beta.1"),
+			RolloutProportion: 0.25,
+			MinAuto:           semver.MustParse("2.1.0"),
+			File: []File{
+				{
+					URL:        "https://downloads.example.com/beta/v2.2.0-beta.1/MyApp-2.2.0-beta.1.pkg",
+					Identifier: PackageIdentifier,
+				},
+			},
+			SystemVersion: versioncompare.SystemVersion{Minimum: "13"},
+		},
+		{
+			ReleaseCategory:   StableReleaseCategory,
+			Version:           semver.MustParse("2.0.0"),
+			RolloutProportion: 1.0,
+			MinAuto:           semver.MustParse("1.9.0"),
+			SystemVersion:     versioncompare.SystemVersion{Maximum: "12.0.0", Minimum: "1.0.0"},
+			File: []File{
+				{
+					URL:        "https://downloads.example.com/v2.0.0/MyApp-2.0.0.pkg",
+					Identifier: PackageIdentifier,
+				},
+				{
+					URL:        "https://downloads.example.com/v2.0.0/MyApp-2.0.0.dmg",
+					Identifier: InstallerIdentifier,
+				},
+			},
+		},
+	},
+}
+
+func Test_Releases_JsonParse(t *testing.T) {
+	var versionInfo VersionInfo
+	if err := json.Unmarshal([]byte(mockJSONData), &versionInfo); err != nil {
+		t.Fatalf("Failed to parse JSON: %v", err)
+	}
+
+	if len(expectedVersionInfo.Releases) != len(versionInfo.Releases) {
+		t.Fatalf("expected %d releases, parsed %d releases", len(expectedVersionInfo.Releases), len(versionInfo.Releases))
+	}
+
+	for i, expectedRelease := range expectedVersionInfo.Releases {
+		release := versionInfo.Releases[i]
+
+		if release.ReleaseCategory != expectedRelease.ReleaseCategory {
+			t.Errorf("Release %d: expected category %v, got %v", i, expectedRelease.ReleaseCategory, release.ReleaseCategory)
+		}
+
+		if release.Version.String() != expectedRelease.Version.String() {
+			t.Errorf("Release %d: expected version %s, got %s", i, expectedRelease.Version, release.Version)
+		}
+
+		if release.RolloutProportion != expectedRelease.RolloutProportion {
+			t.Errorf("Release %d: expected rollout proportion %f, got %f", i, expectedRelease.RolloutProportion, release.RolloutProportion)
+		}
+
+		if expectedRelease.MinAuto != nil && release.MinAuto.String() != expectedRelease.MinAuto.String() {
+			t.Errorf("Release %d: expected min auto %s, got %s", i, expectedRelease.MinAuto, release.MinAuto)
+		}
+
+		if expectedRelease.SystemVersion.Minimum != release.SystemVersion.Minimum {
+			t.Errorf("Release %d: expected system version minimum %s, got %s", i, expectedRelease.SystemVersion.Minimum, release.SystemVersion.Minimum)
+		}
+
+		if expectedRelease.SystemVersion.Maximum != release.SystemVersion.Maximum {
+			t.Errorf("Release %d: expected system version minimum %s, got %s", i, expectedRelease.SystemVersion.Maximum, release.SystemVersion.Maximum)
+		}
+
+		if len(release.File) != len(expectedRelease.File) {
+			t.Errorf("Release %d: expected %d files, got %d", i, len(expectedRelease.File), len(release.File))
+		}
+
+		for j, expectedFile := range expectedRelease.File {
+			file := release.File[j]
+			if file.URL != expectedFile.URL {
+				t.Errorf("Release %d, File %d: expected URL %s, got %s", i, j, expectedFile.URL, file.URL)
+			}
+			if file.Identifier != expectedFile.Identifier {
+				t.Errorf("Release %d, File %d: expected Identifier %v, got %v", i, j, expectedFile.Identifier, file.Identifier)
+			}
+		}
+	}
+}

internal/updater/versioncompare/compare_darwin.go

@@ -0,0 +1,134 @@
+// Copyright (c) 2025 Proton AG
+//
+// This file is part of Proton Mail Bridge.
+//
+// Proton Mail Bridge is free software: you can redistribute it and/or modify
+// it under the terms of the GNU General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// Proton Mail Bridge is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License
+// along with Proton Mail Bridge. If not, see <https://www.gnu.org/licenses/>.
+
+//go:build darwin
+
+package versioncompare
+
+import (
+	"fmt"
+	"strconv"
+	"strings"
+
+	"github.com/elastic/go-sysinfo/types"
+	"github.com/sirupsen/logrus"
+)
+
+func (sysVer SystemVersion) IsHostVersionEligible(log *logrus.Entry, host types.Host, getHostOSVersion func(host types.Host) string) (bool, error) {
+	if sysVer.Minimum == "" && sysVer.Maximum == "" {
+		return true, nil
+	}
+
+	// We use getHostOSVersion simply for testing; It's passed via Bridge.
+	var hostVersion string
+	if getHostOSVersion == nil {
+		hostVersion = host.Info().OS.Version
+	} else {
+		hostVersion = getHostOSVersion(host)
+	}
+
+	log.Debugf("Checking host OS and update system version requirements. Host: %s; Maximum: %s; Minimum: %s",
+		hostVersion, sysVer.Maximum, sysVer.Minimum)
+
+	hostVersionArr := strings.Split(hostVersion, ".")
+	if len(hostVersionArr) == 0 || hostVersion == "" {
+		return true, fmt.Errorf("could not get host version: %v", hostVersion)
+	}
+
+	hostVersionArrInt := make([]int, len(hostVersionArr))
+	for i := 0; i < len(hostVersionArr); i++ {
+		hostNum, err := strconv.Atoi(hostVersionArr[i])
+		if err != nil {
+			// If we receive an alphanumeric version - we should continue with the update and stop checking for
+			// OS version requirements.
+			return true, fmt.Errorf("invalid host version number: %s - %s", hostVersionArr[i], hostVersion)
+		}
+		hostVersionArrInt[i] = hostNum
+	}
+
+	if sysVer.Minimum != "" {
+		pass, err := compareMinimumVersion(hostVersionArrInt, sysVer.Minimum)
+		if err != nil {
+			return false, err
+		}
+
+		if !pass {
+			return false, fmt.Errorf("host version is below minimum: hostVersion %v - minimumVersion %v", hostVersion, sysVer.Minimum)
+		}
+	}
+
+	if sysVer.Maximum != "" {
+		pass, err := compareMaximumVersion(hostVersionArrInt, sysVer.Maximum)
+		if err != nil {
+			return false, err
+		}
+
+		if !pass {
+			return false, fmt.Errorf("host version is above maximum version: hostVersion %v - minimumVersion %v", hostVersion, sysVer.Maximum)
+		}
+	}
+
+	return true, nil
+}
+
+func compareMinimumVersion(hostVersionArr []int, minVersion string) (bool, error) {
+	minVersionArr := strings.Split(minVersion, ".")
+	iterationDepth := min(len(hostVersionArr), len(minVersionArr))
+
+	for i := 0; i < iterationDepth; i++ {
+		hostNum := hostVersionArr[i]
+
+		minNum, err := strconv.Atoi(minVersionArr[i])
+		if err != nil {
+			return false, fmt.Errorf("invalid minimum version number: %s - %s", minVersionArr[i], minVersion)
+		}
+
+		if hostNum < minNum {
+			return false, nil
+		}
+
+		if hostNum > minNum {
+			return true, nil
+		}
+	}
+
+	return true, nil // minVersion is inclusive
+}
+
+func compareMaximumVersion(hostVersionArr []int, maxVersion string) (bool, error) {
+	maxVersionArr := strings.Split(maxVersion, ".")
+	iterationDepth := min(len(maxVersionArr), len(hostVersionArr))
+
+	for i := 0; i < iterationDepth; i++ {
+		hostNum := hostVersionArr[i]
+
+		maxNum, err := strconv.Atoi(maxVersionArr[i])
+		if err != nil {
+			return false, fmt.Errorf("invalid maximum version number: %s - %s", maxVersionArr[i], maxVersion)
+		}
+
+		if hostNum > maxNum {
+			return false, nil
+		}
+
+		if hostNum < maxNum {
+			return true, nil
+		}
+	}
+
+	return true, nil // maxVersion is inclusive
+}

internal/updater/versioncompare/compare_darwin_test.go

@@ -0,0 +1,105 @@
+// Copyright (c) 2025 Proton AG
+//
+// This file is part of Proton Mail Bridge.
+//
+// Proton Mail Bridge is free software: you can redistribute it and/or modify
+// it under the terms of the GNU General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// Proton Mail Bridge is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License
+// along with Proton Mail Bridge. If not, see <https://www.gnu.org/licenses/>.
+
+//go:build darwin
+
+package versioncompare
+
+import (
+	"testing"
+
+	"github.com/elastic/go-sysinfo"
+	"github.com/elastic/go-sysinfo/types"
+	"github.com/sirupsen/logrus"
+	"github.com/stretchr/testify/require"
+)
+
+func Test_IsHost_EligibleDarwin(t *testing.T) {
+	host, err := sysinfo.Host()
+	require.NoError(t, err)
+
+	testData := []struct {
+		sysVer             SystemVersion
+		getHostOsVersionFn func(host types.Host) string
+		shouldContinue     bool
+		wantErr            bool
+	}{
+		{
+			sysVer:             SystemVersion{Minimum: "9.5", Maximum: "12.0"},
+			getHostOsVersionFn: func(_ types.Host) string { return "10.0" },
+			shouldContinue:     true,
+		},
+		{
+			sysVer:             SystemVersion{Minimum: "9.5.5.5", Maximum: "10.1.1.0"},
+			getHostOsVersionFn: func(_ types.Host) string { return "10.0" },
+			shouldContinue:     true,
+		},
+		{
+			sysVer:             SystemVersion{Minimum: "10.0.1", Maximum: "12.0"},
+			getHostOsVersionFn: func(_ types.Host) string { return "10.0" },
+			shouldContinue:     true,
+		},
+		{
+			sysVer:             SystemVersion{Minimum: "11.0", Maximum: "12.0"},
+			getHostOsVersionFn: func(_ types.Host) string { return "10.0" },
+			shouldContinue:     false,
+			wantErr:            true,
+		},
+		{
+			sysVer:             SystemVersion{Minimum: "11.1.0", Maximum: "12.0.0"},
+			getHostOsVersionFn: func(_ types.Host) string { return "11.0.0" },
+			shouldContinue:     false,
+			wantErr:            true,
+		},
+		{
+			sysVer:             SystemVersion{Minimum: "10.0", Maximum: "12.0"},
+			getHostOsVersionFn: func(_ types.Host) string { return "12.0" },
+			shouldContinue:     true,
+		},
+		{
+			sysVer:             SystemVersion{Minimum: "11.1.0", Maximum: "12.0.0"},
+			getHostOsVersionFn: func(_ types.Host) string { return "" },
+			shouldContinue:     true,
+			wantErr:            true,
+		},
+		{
+			sysVer:             SystemVersion{Minimum: "11.1.0", Maximum: "12.0.0"},
+			getHostOsVersionFn: func(_ types.Host) string { return "a.b.c" },
+			shouldContinue:     true,
+			wantErr:            true,
+		},
+		{
+			sysVer:             SystemVersion{},
+			getHostOsVersionFn: func(_ types.Host) string { return "1.2.3" },
+			shouldContinue:     true,
+			wantErr:            false,
+		},
+	}
+
+	for _, test := range testData {
+		l := logrus.WithField("test", "test")
+		shouldContinue, err := test.sysVer.IsHostVersionEligible(l, host, test.getHostOsVersionFn)
+
+		if test.wantErr {
+			require.Error(t, err)
+		} else {
+			require.NoError(t, err)
+		}
+
+		require.Equal(t, test.shouldContinue, shouldContinue)
+	}
+}

internal/updater/versioncompare/compare_linux.go

@@ -0,0 +1,31 @@
+// Copyright (c) 2025 Proton AG
+//
+// This file is part of Proton Mail Bridge.
+//
+// Proton Mail Bridge is free software: you can redistribute it and/or modify
+// it under the terms of the GNU General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// Proton Mail Bridge is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License
+// along with Proton Mail Bridge. If not, see <https://www.gnu.org/licenses/>.
+
+//go:build linux
+
+package versioncompare
+
+import (
+	"github.com/elastic/go-sysinfo/types"
+	"github.com/sirupsen/logrus"
+)
+
+// IsHostVersionEligible - Checks whether host OS version is eligible for update. Defaults to true on Linux.
+func (sysVer SystemVersion) IsHostVersionEligible(log *logrus.Entry, _ types.Host, _ func(host types.Host) string) (bool, error) {
+	log.Info("Checking host OS version on Linux. Defaulting to true.")
+	return true, nil
+}

internal/updater/versioncompare/compare_windows.go

@@ -0,0 +1,31 @@
+// Copyright (c) 2025 Proton AG
+//
+// This file is part of Proton Mail Bridge.
+//
+// Proton Mail Bridge is free software: you can redistribute it and/or modify
+// it under the terms of the GNU General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// Proton Mail Bridge is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License
+// along with Proton Mail Bridge. If not, see <https://www.gnu.org/licenses/>.
+
+//go:build windows
+
+package versioncompare
+
+import (
+	"github.com/elastic/go-sysinfo/types"
+	"github.com/sirupsen/logrus"
+)
+
+// IsHostVersionEligible - Checks whether host OS version is eligible for update. Defaults to true on Linux.
+func (sysVer SystemVersion) IsHostVersionEligible(log *logrus.Entry, _ types.Host, _ func(host types.Host) string) (bool, error) {
+	log.Info("Checking host OS version on Windows. Defaulting to true.")
+	return true, nil
+}

internal/updater/versioncompare/types.go

@@ -0,0 +1,29 @@
+// Copyright (c) 2025 Proton AG
+//
+// This file is part of Proton Mail Bridge.
+//
+// Proton Mail Bridge is free software: you can redistribute it and/or modify
+// it under the terms of the GNU General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// Proton Mail Bridge is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License
+// along with Proton Mail Bridge. If not, see <https://www.gnu.org/licenses/>.
+
+package versioncompare
+
+import "fmt"
+
+type SystemVersion struct {
+	Minimum string `json:"Minimum,omitempty"`
+	Maximum string `json:"Maximum,omitempty"`
+}
+
+func (sysVer SystemVersion) String() string {
+	return fmt.Sprintf("SystemVersion: Maximum %s, Minimum %s", sysVer.Maximum, sysVer.Minimum)
+}

internal/user/user.go

@@ -739,7 +739,7 @@ func (user *User) protonAddresses() []proton.Address {
 	}
 
 	addresses := xslices.Filter(maps.Values(apiAddrs), func(addr proton.Address) bool {
-		return addr.Status == proton.AddressStatusEnabled && addr.Type != proton.AddressTypeExternal
+		return addr.Status == proton.AddressStatusEnabled && (addr.IsBYOEAddress() || addr.Type != proton.AddressTypeExternal)
 	})
 
 	slices.SortFunc(addresses, func(a, b proton.Address) bool {

internal/user/user_test.go

@@ -110,7 +110,7 @@ func withAccount(tb testing.TB, s *server.Server, username, password string, ali
 	addrIDs := []string{addrID}
 
 	for _, email := range aliases {
-		addrID, err := s.CreateAddress(userID, email, []byte(password))
+		addrID, err := s.CreateAddress(userID, email, []byte(password), true)
 		require.NoError(tb, err)
 		require.NoError(tb, s.ChangeAddressDisplayName(userID, addrID, email+" (Display Name)"))
 

internal/vault/helper.go

@@ -63,6 +63,10 @@ func GetHelper(vaultDir string) (string, error) {
 }
 
 func SetHelper(vaultDir, helper string) error {
+	if helper == "" {
+		return nil
+	}
+
 	settings, err := LoadKeychainSettings(vaultDir)
 	if err != nil {
 		return err

pkg/keychain/keychain.go

@@ -82,11 +82,11 @@ func (kcl *List) GetDefaultHelper() string {
 	return kcl.defaultHelper
 }
 
-// NewKeychain creates a new native keychain.
+// NewKeychain creates a new native keychain. It also returns the keychain helper used to access the keychain.
-func NewKeychain(preferred, keychainName string, helpers Helpers, defaultHelper string) (*Keychain, error) {
+func NewKeychain(preferred, keychainName string, helpers Helpers, defaultHelper string) (kc *Keychain, usedKeychainHelper string, err error) {
 	// There must be at least one keychain helper available.
 	if len(helpers) < 1 {
-		return nil, ErrNoKeychain
+		return nil, "", ErrNoKeychain
 	}
 
 	// If the preferred keychain is unsupported, fallback to the default one.
@@ -97,16 +97,16 @@ func NewKeychain(preferred, keychainName string, helpers Helpers, defaultHelper
 	// Load the user's preferred keychain helper.
 	helperConstructor, ok := helpers[preferred]
 	if !ok {
-		return nil, ErrNoKeychain
+		return nil, "", ErrNoKeychain
 	}
 
 	// Construct the keychain helper.
 	helper, err := helperConstructor(hostURL(keychainName))
 	if err != nil {
-		return nil, err
+		return nil, preferred, err
 	}
 
-	return newKeychain(helper, hostURL(keychainName)), nil
+	return newKeychain(helper, hostURL(keychainName)), preferred, nil
 }
 
 func newKeychain(helper credentials.Helper, url string) *Keychain {

pkg/keychain/keychain_test.go

@@ -120,7 +120,7 @@ func TestIsErrKeychainNoItem(t *testing.T) {
 	helpers := NewList().GetHelpers()
 
 	for helperName := range helpers {
-		kc, err := NewKeychain(helperName, "bridge-test", helpers, helperName)
+		kc, _, err := NewKeychain(helperName, "bridge-test", helpers, helperName)
 		r.NoError(err)
 
 		_, _, err = kc.Get("non-existing")

tests/api_test.go

@@ -36,6 +36,8 @@ type API interface {
 	GetDomain() string
 	GetAppVersion() string
 
+	PushFeatureFlag(string)
+
 	Close()
 }
 
@@ -61,6 +63,10 @@ func (api *fakeAPI) GetAppVersion() string {
 	return proton.DefaultAppVersion
 }
 
+func (api *fakeAPI) PushFeatureFlag(flagName string) {
+	api.Server.PushFeatureFlag(flagName)
+}
+
 type liveAPI struct {
 	*server.Server
 

tests/bridge_test.go

@@ -32,6 +32,7 @@ import (
 	"github.com/ProtonMail/proton-bridge/v3/internal/bridge"
 	"github.com/ProtonMail/proton-bridge/v3/internal/events"
 	"github.com/ProtonMail/proton-bridge/v3/internal/kb"
+	"github.com/ProtonMail/proton-bridge/v3/internal/unleash"
 	"github.com/ProtonMail/proton-bridge/v3/internal/vault"
 	"github.com/cucumber/godog"
 	"github.com/golang/mock/gomock"
@@ -55,7 +56,7 @@ func (s *scenario) bridgeStops() error {
 
 func (s *scenario) bridgeVersionIsAndTheLatestAvailableVersionIsReachableFrom(current, latest, minAuto string) error {
 	s.t.version = semver.MustParse(current)
-	s.t.mocks.Updater.SetLatestVersion(semver.MustParse(latest), semver.MustParse(minAuto))
+	s.t.mocks.Updater.SetLatestVersionLegacy(semver.MustParse(latest), semver.MustParse(minAuto))
 	return nil
 }
 
@@ -361,8 +362,8 @@ func (s *scenario) bridgeSendsAnUpdateAvailableEventForVersion(version string) e
 		return errors.New("expected update event to be installable")
 	}
 
-	if !event.Version.Version.Equal(semver.MustParse(version)) {
+	if !event.VersionLegacy.Version.Equal(semver.MustParse(version)) {
-		return fmt.Errorf("expected update event for version %s, got %s", version, event.Version.Version)
+		return fmt.Errorf("expected update event for version %s, got %s", version, event.VersionLegacy.Version)
 	}
 
 	return nil
@@ -378,8 +379,8 @@ func (s *scenario) bridgeSendsAManualUpdateEventForVersion(version string) error
 		return errors.New("expected update event to not be installable")
 	}
 
-	if !event.Version.Version.Equal(semver.MustParse(version)) {
+	if !event.VersionLegacy.Version.Equal(semver.MustParse(version)) {
-		return fmt.Errorf("expected update event for version %s, got %s", version, event.Version.Version)
+		return fmt.Errorf("expected update event for version %s, got %s", version, event.VersionLegacy.Version)
 	}
 
 	return nil
@@ -391,8 +392,8 @@ func (s *scenario) bridgeSendsAnUpdateInstalledEventForVersion(version string) e
 		return errors.New("expected update installed event, got none")
 	}
 
-	if !event.Version.Version.Equal(semver.MustParse(version)) {
+	if !event.VersionLegacy.Version.Equal(semver.MustParse(version)) {
-		return fmt.Errorf("expected update installed event for version %s, got %s", version, event.Version.Version)
+		return fmt.Errorf("expected update installed event for version %s, got %s", version, event.VersionLegacy.Version)
 	}
 
 	return nil
@@ -483,3 +484,25 @@ func (s *scenario) bridgeSMTPPortIs(expectedPort int) error {
 
 	return nil
 }
+
+func (s *scenario) bridgeLegacyUpdateKillSwitchEnabled() error {
+	unleash.ModifyPollPeriodAndJitter(5*time.Second, 0)
+	s.t.api.PushFeatureFlag(unleash.UpdateUseNewVersionFileStructureDisabled)
+	return nil
+}
+
+func (s *scenario) bridgeLegacyUpdateEnabled() error {
+	return eventually(func() error {
+		res := s.t.bridge.GetFeatureFlagValue(unleash.UpdateUseNewVersionFileStructureDisabled)
+		fmt.Println("RES", res)
+		if res != true {
+			return fmt.Errorf("expected the %v kill-switch to be enabled", unleash.UpdateUseNewVersionFileStructureDisabled)
+		}
+		return nil
+	})
+}
+
+func (s *scenario) bridgeChecksForUpdates() error {
+	s.t.bridge.CheckForUpdates()
+	return nil
+}

tests/features/bridge/updates_legacy.feature

@@ -1,23 +1,34 @@
 Feature: Bridge checks for updates
+  Background:
+    Given the legacy update kill switch is enabled
+
   Scenario: Update not available
     Given bridge is version "2.3.0" and the latest available version is "2.3.0" reachable from "2.3.0"
     When bridge starts
+    And bridge verifies that the legacy update is enabled
+    And bridge checks for updates
     Then bridge sends an update not available event
 
   Scenario: Update available without automatic updates enabled
     Given bridge is version "2.3.0" and the latest available version is "2.4.0" reachable from "2.3.0"
     And the user has disabled automatic updates
     When bridge starts
+    And bridge verifies that the legacy update is enabled
+    And bridge checks for updates
     Then bridge sends an update available event for version "2.4.0"
 
   Scenario: Update available with automatic updates enabled
     Given bridge is version "2.3.0" and the latest available version is "2.4.0" reachable from "2.3.0"
     When bridge starts
+    And bridge verifies that the legacy update is enabled
+    And bridge checks for updates
     Then bridge sends an update installed event for version "2.4.0"
 
   Scenario: Manual update available with automatic updates enabled
     Given bridge is version "2.3.0" and the latest available version is "2.4.0" reachable from "2.4.0"
     When bridge starts
+    And bridge verifies that the legacy update is enabled
+    And bridge checks for updates
     Then bridge sends a manual update event for version "2.4.0"
 
   Scenario: Update is required to continue using bridge

tests/steps_test.go

@@ -99,6 +99,9 @@ func (s *scenario) steps(ctx *godog.ScenarioContext) {
 	ctx.Step(`^bridge reports a message with "([^"]*)"$`, s.bridgeReportsMessage)
 	ctx.Step(`^bridge telemetry feature is enabled$`, s.bridgeTelemetryFeatureEnabled)
 	ctx.Step(`^bridge telemetry feature is disabled$`, s.bridgeTelemetryFeatureDisabled)
+	ctx.Step(`^the legacy update kill switch is enabled$`, s.bridgeLegacyUpdateKillSwitchEnabled)
+	ctx.Step(`^bridge verifies that the legacy update is enabled$`, s.bridgeLegacyUpdateEnabled)
+	ctx.Step(`^bridge checks for updates$`, s.bridgeChecksForUpdates)
 
 	// ==== FRONTEND ====
 	ctx.Step(`^frontend sees that bridge is version "([^"]*)"$`, s.frontendSeesThatBridgeIsVersion)

utils/credits.sh

@@ -30,7 +30,7 @@ egrep $'^\t[^=>]*$' $LOCKFILE  | sed -r 's/\t([^ ]*) v.*/\1/g' > $TEMPFILE1
 egrep $'^\t.*=>.*v.*$' $LOCKFILE  | sed -r 's/^.*=> ([^ ]*)( v.*)?/\1/g' >> $TEMPFILE1
 cat $TEMPFILE1 | egrep -v 'therecipe/qt/internal|therecipe/env_.*_512|protontech' | sort | uniq > $TEMPFILE2
 # Add non vendor credits
-echo -e "\nQt 6.4.3 by Qt group\n" >> $TEMPFILE2
+echo -e "\nQt 6.8.2 by Qt group\n" >> $TEMPFILE2
 # join lines
 sed -i -e ':a' -e 'N' -e '$!ba' -e 's|\n|;|g' $TEMPFILE2
 

utils/govulncheck.sh

@@ -28,6 +28,8 @@ main(){
     jq -r '.finding | select( (.osv != null) and (.trace[0].function != null) ) | .osv ' < vulns.json > vulns_osv_ids.txt
 
     ignore GO-2023-2328 "GODT-3124 RESTY race condition"
+    ignore GO-2025-3563 "BRIDGE-346 net/http request smuggling"
+
     has_vulns
 
     echo

utils/versioner/main.go

@@ -31,7 +31,7 @@ import (
 )
 
 type versionInfo struct {
-	updater.VersionInfo
+	updater.VersionInfoLegacy
 
 	Commit string
 }