+
+Fleet 4.76.0 is now available. See the complete [changelog](https://github.com/fleetdm/fleet/releases/tag/fleet-v4.76.0) or read on for highlights. For upgrade instructions, visit the [upgrade guide](https://fleetdm.com/docs/deploying/upgrading-fleet) in the Fleet docs.
+
+## Highlights
+
+- Self-service scripts
+- Vulnerabilities for Cursor, Windsurf, and JetBrains extensions
+- Improved macOS, iOS, and iPadOS setup experience
+- Android software inventory
+- Lock (Lost Mode) for iOS and iPadOS
+- New Fleet-maintained apps
+
+### Self-service scripts
+
+You can now create custom Linux and Windows packages that include just a script (aka payload-free packages). In Fleet, head to **Software** page and select **Add software > Custom package**. This is perfect for self-service utilities or bundling multiple scripts as part of your out-of-the-box setup experience.
+
+### Vulnerabilities for JetBrains, Cursor, and Windsurf extensions
+
+Vulnerabilities (CVEs) in all Cursor, Windsurf, other VSCode forks, and JetBrains IDE extensions now show up in the **Software**, **Host details**, and **My device** pages. Gain better coverage of high-risk developer tools. Learn more about CVEs in the [vulnerabilities guide](https://fleetdm.com/guides/vulnerability-processing#basic-article).
+
+### Improved macOS, iOS, and iPadOS setup experience
+
+During out-of-the-box macOS setup, if critical software fails to install during setup, Fleet now cancels the process and shows an error. This ensures end users run through setup again and, if they're still running into issues, contact IT before moving forward. This helps avoid misconfigured hosts in production.
+
+For iOS and iPadoS, installing apps on company-owned iPhones and iPads during enrollment is now supported. Perfect for instantly setting up kiosk devices, shared iPads, or Zoom rooms without manual intervention.
+
+Learn more in the [setup experience guide](https://fleetdm.com/guides/macos-setup-experience).
+
+### Android software inventory
+
+You can now see applications installed in the work profile on personally-owned (BYOD) Android hosts. This gives you visibility into the apps users install within their managed workspace.
+
+Learn how to turn on Android MDM features in [this guide](https://fleetdm.com/guides/android-mdm-setup).
+
+### Lock (Lost Mode) for iOS and iPadOS
+
+You can now remotely enable or disable [Lost Mode](https://support.apple.com/guide/security/managed-lost-mode-and-remote-wipe-secc46f3562c/web#:~:text=locked%20or%20erased.-,Managed%20Lost%20Mode,-If%20a%20supervised) on company-owned iPhones and iPads. In Fleet, head to the host's **Host details page** and select **Actions > Lock**. If a host goes missing, you can lock it down fast and protect sensitive data.
+
+### New Fleet-maintained apps
+
+Fleet added [Fleet-maintained apps](https://fleetdm.com/guides/fleet-maintained-apps) for Cursor, 010 Editor, and Linear on macOS and Cursor on Windows. See all Fleet-maintained apps in the [software catelog](https://fleetdm.com/software-catalog).
+
+## Changes
+
+### Security Engineers
+- Added support for software inventory on Android hosts.
+- Added support for npm packages in software inventory and vulnerability matching for macOS and Linux hosts.
+- Added support for JetBrains inventory on hosts.
+- Added vulnerbaility detection in JetBrains plugins.
+- Added support for VSCode fork (Cursor, Windsurf, VSCodium, VSCodium Insiders, and Trae) extensions in software inventory.
+- Added Santa tables to fleetd.
+
+### IT Admins
+- Added ability to install software for iOS and iPadOS hosts during the setup experience.
+- Added ability to specify VPP apps for automatic installation during ADE iOS and iPadOS host enrollment.
+- Added the ability to lock iOS and iPadOS devices through lost mode.
+- Added support for locking and unlocking iOS and iPadOS devices from the UI.
+- Added configuration option to setup experience for macOS hosts to halt if any software install fails.
+- Added `gigs_all_disk_space` vital collection, storage, service, and UI rendering for Linux hosts.
+- Added new server config flag for specifying the cleanup age for completed distributed targets.
+
+### Other improvements and bug fixes
+- Added link component shown in the host column to the host details page.
+- Added flash warning when an unauthorized user tries to access teams settings.
+- Added descriptive error in cases of manual MacOS profile download failure.
+- Updated the MacOS setup experience to use the new web UI.
+- Updated the UI for adding new scripts to the scripts library.
+- Changed display logic for the organization logo component on the My Device page to prevent flickering.
+- Improved performance of `/api/latest/fleet/os_versions` endpoint, especially for deployments with Linux hosts.
+- Optimized MySQL queries on `/api/latest/fleet/vulnerabilities` and `/api/latest/fleet/software/versions` to improve performance for Fleet UI use cases.
+- Optimized `/config` API endpoint to use the primary DB node for both persisting changes and fetching modified app config.
+- Improved live query response times by adding a new server config flag for specifying the cleanup age for completed distributed targets.
+- Improved query performance by using a lighter-weight query for checking if a team is enabled for conditional access.
+- Changed license warning to only show one time during GitOps runs.
+- Updated to allow setting an org support url to use the "file" protocol in the url.
+- Changed the default name of Host Identity CA to 'Fleet Host Identity CA' to avoid conflict with Fleet's Apple MDM CA.
+- Updated host details run script user flows to include a confirmation step.
+- Applied singular word form to GitOps log messages when a single entity is referenced in the message.
+- Updated the "Setting up your device" page to show status of setup script run.
+- Deprecate `browser` in favor of `extension_for` in API responses and JSON/YAML outputs.
+- Added migration to clear the `platform` field on all _builtin_ labels.
+- Added migration to relink missing SCIM user data to hosts.
+- Updated host certificate renewal flow for NDES, Smallstep, custom scep proxy CAs to support $FLEET_VAR_SCEP_RENEWAL_ID in the OU field rather than CN.
+- Updated device mapping API to allow an "idp" source to manually set IDP user mappings.
+- Updated styling to be more consistent in edit policies view for FireFox.
+- Replaced outdated Firefox icon with a new one that follows brand guidelines.
+- Allowed testing a new or edited policy query via live query while in GitOps Mode.
+- Fixed missing "failed" VPP app install activities when installation is canceled due to MDM being turned off for a host.
+- Fixed bug where uploading a software installer failed because it was "not found in the datastore".
+- Fixed missing aboslute timestamp tooltips on script creation date in script list, query modification date in query list.
+- Fixed bug with the ChangeManagement component where the GitOps checkbox local UI state was being reset due to GET request after PATCH request.
+- Fixed MySQL deadlocks when multiple hosts are updating their certificates in host vitals at the same time.
+- Fixed an issue where longer variable names ($FLEET_VAR_HOST_END_USER_IDP_USERNAME_LOCAL_PART) with the same base ($FLEET_VAR_HOST_END_USER_IDP_USERNAME) was not processed in the right order.
+- Fixed UI bug where "Show disk encryption key" option was incorrectly displayed for hosts enrolled with a third-party MDM solution.
+- Fixed WhatsApp and VS Code icons not displaying correctly
+- Fixed bad software ingestion debug message and added filter for invalid software with missing names.
+- Fixed a bug where a software installer could be installed in the same team and same platform (macOS) where an App Store app already existed for the same software title, and vice-versa (App Store app added when a sofware package already existed, this one was only possible just via `fleetctl gitops`).
+- Fixed listing hosts with `populate_software` not returning hash_sha256 for macos apps.
+- Fixed bug where batch setting MDM profiles could cause a nil pointer dereference when processing an invalid profile (e.g., cannot parse mobileconfig because it is bad xml).
+- Fixed bug hiding the UI elements post install script output in Software Install Details modal.
+- Fixed software title host count mismatch that was caused by including software installers in the count.
+- Fixed a scenario where a wiped Windows host re-enrolled as a distinct host row in Fleet and the previous host's page could not be loaded successfully.
+- Fixed an issue where a host transfer on `mdm_enrolled` activity would be reversed by orbit enroll.
+- Fixed a bug in live queries that caused `livequery:{$CAMPAIGN_ID}` Redis keys to not be cleaned up or expire.
+- Fixed inconsistency in GitOps for App store apps if no VPP token was found, so that both dry run and actual run fails.
+- Fixed the software title counts by status to be consistent with the status reported in the host's software list and filter by status.
+- Fixed outdated tooltip on dark background logo URL field in Organization info settings.
+- Fixed `fleetctl generate-gitops` when MDM is not turned on.
+
+## Ready to upgrade?
+
+Visit our [Upgrade guide](https://fleetdm.com/docs/deploying/upgrading-fleet) in the Fleet docs to update to Fleet 4.76.0.
+
+
+
+
+
+
+
diff --git a/website/assets/images/articles/fleet-4.76.0-1600x900@2x.png b/website/assets/images/articles/fleet-4.76.0-1600x900@2x.png
new file mode 100644
index 0000000000000000000000000000000000000000..e04666c2d208679bce599df04d23ff20f90bfe0c
GIT binary patch
literal 52593
zcmeFZXH=726E=DSQWO+;0OKp&r=f0Q!p`m%i}!VHUld^05RZ!xc*PO|^^qdg(n
ze?H27fC&Hdk&4UrKcArbzg=tlvu;LlV_|6iS^zt*6{st|jilc^fAdDN
zR_8D*hPStG!6NhOSJ%>_GOeM}V!gJ7^1`#s#5NFCZ_kDU;+re=2
zn{mj?Dgpbo+0FLv;jd1dx>dRA_+#oEt9KX=dWuFd_w!~C`SD)Z#R>keg9rygD*P_N
ztMBv)_Wyi@T29LT_v0%X-~WF6mkT2J&*z&;|JR{L#0Tiaf4==Y@n2E@1()o9ECTv#
zPJbQ9UzhneNc_hq$o>rye}lx|An_lIfc~<~zr6ZyCh<3E`;Slfo2LFv%>REZMMw}q
zP~rsz{b8CiE|-Q%e@`P52ivO#<1kXQtl5u8wqEVEYRF{!)2+lx`qQoK6rBxjH;MB*`>Y&O0VnOK%^Gtr^kE+1DkbT>`E)PTM5v4
zU(1=92{dZjqY>(VTlAc*D$S8TBc_CRZ`V=7&WN_AsUzODkx$`*G4f87?Fraw(?e;;
zU*+3RDQZeb=V#J+mmA2Ra9DWN(Dk51YBuxG?lKj=v@`L|
z0NKw7KB-X4Puq{jpI+aazmZc`a#`tFr5bYT19AE=BCM|K3SQP`PK&&^Jx=WY8jrilTBaZrZUNlyuvJq`!i5^=Gs)Hw5!~O29D-A_(rHERjuS`f%VcS
zKA&>tbImywrOuv9qie1L!V+g6(ylA6rf4aynx+F7VV^`^45yX-EhTfHayao7ZX?hB
zFjLRth9&j0x_D+u1_UZEvhTeHwJ+_to7B&!GAE{)O71pc|o%2cGv1H#}VF}+>4pCsFU2oFTLU049$;HuiHLd6%7`jO>
zaF(gfx+spvv}O7o4+Oozrrx(7O&3Vpw}sg@uFPg}M{%IIIU+bnzQzJ5Up{nOdtZKs
zM^WvHpV!WzN7n6-kv#E$)iD-R#{<*!WW;C;eyr3>81Y8vQ+tEGQ~SN{Eoie1xqOiQ
zvXtQoTaYbfC2dD2Ye;UI@rm5sA7#c{s2c9{mCwP(6RuTMtd3=W#AJaLlZE`@I@fUJ
z+4dVVI+1&(meFJUj(RW+t$G-G&QCfsZz)T+gk8q|YgC+TXN~1;4ikul0aU5mS(EPlYY`6MjeQ&HoA!#A)9|Y|eg{EJFtB3M;
zVecsZbfoqLZ!d@wvd}zVJA*DYCTzmbWq@(x*-IH73$iq-p-hUsWDs
zh4H6dNsp(O)gY4v>vr;4n}!u}M5JA+eXHZ*m3M#KnEIyF!F8cDt0S7^9PeU@;D54h
zM%n6IZNn~k&O|mDZTVS{@ZtwK!VaPiHqIv5SR~g=2h>ukevR5^q`>;hLgEAQCrbAe
z2k(W3HH@7`&^v!~tsBi0#@B&;bFr@V39V{<jKcJvg07_K7#Z=IGH~Sn3ZCe1%y>8B!he!i(8g@E>0=f_1M{J{+uAew2=!-Bg>P#8Jmv>t8b<^Y@yv
z3v7t*OqEUG_XfD9^%kb!li&L`8kTl+(3FAPv3eosX0v3t+z&UizN8BM9NAa5b0ao6
z@J%o{?vv<+wF@0miN!`ANCUnzDt_>;a6P(;$o#3<+9}ANd0S
zVjmR|j3N@PU6hw{QR{a|6h-7+!llP4#+>>K4<9vL4wqsp|2;$cC*PLc$HJy?zr_wU
zFlplHwZ#=V2%NdGk%fd?cb+k+&K>rLbZsyo15#U$qv}tO@t*Q^7*>9*}^RifF
z62(HvCoFm11KPDY6w1@&CK(8p;hxIqKc4CeP9sY;+K~9$$o?HUk&ZA{iZI@(O=@43
z;pxqNR03WLETI_Li2VjwF5(U2HD>Sr5OXHX=F@vy0-)sHx5hbtN`S9l;+pQ9*DY$E
zm93RE8<(rBJ{J{2&^*0)RyNGkLj8Yj1CNKz)mZqhS&DL}pKxG#iD5BGtFaL@AeX*TdK
zH8tyb3aO%N>&OcJ8*XxpknMg7E4_!Y=p+k`3&lJpo_=>Q>r6896FUdCUPlcVB>!dR#80rlXOe|%ZGWjj7Jf3f^X9APZ(-16)HUS;Rmxhuu&V!0e)
zPn>3TAVx7BgNcY+jk0Dd_x1N>^Jaz5#}4{Lon5#I?8e
zu%@oXX)JIf@I(s2!+Grs=>I3^=Hk}5-6F3=90;h9_v@O5$08Wnagj&!CcwNye>AUP
zxbXvb7pg9d4Dlkl-NKBOAx~@(#}B=4mlm=fpdaWZG0egr5~&@RFNHT^?NUq@mL&AiNrz+^k=
za&lH{AxhQU$+`aVoqQjAj@M6)j5SC5`7#jr@l7va#=rldY%2hy2jLQz771J5T&AxF
zz)VdB1gjf(eItTTyScrpilcYV>Y(u*Z{Ncx_mfJ7VTRuQA5_2mx!)>-$<{Ud^*WiI
z^HRGWE^J3t3P&sU*B)dRT{+rt#^XrE3>R@PpEaPF<9$Hq+!dt%c8to@Wh`l>@1L7-
zUe4QrN#B*;53@ejFXCPJv?|IMo;7wL&v!hvYyno`>N4m^TRDKlo*LWJBLhLQtt*c7
zTaB27`=@uTzRbI{Rv`k2dqs3+n8Z7D&ZbdUOxquqxP*0ym*lDJr^LsD(satU4vN3+
zs;Sa7Txv{Gc&t7M6#6S~PV2G!uMlU;Up=3LlUqyA?#Q7_(JXioXkdNMPYm#iT_ze+
z(=H$MHw=9im3y-#ETKc)T%KitdjGJV#{eZ~px&O#r`I3!Z(3?{7b{T}vSEH9b9NVx
z;hu1e)^7d|YUt0`6ihP%7}PC0ysRq!c>DXyMc(<)Gz>*6&VVz~h3Eu{CDGkdzd|U^
zg7CU_h?lB*5O#?42Q8`hPu#DERUuGC$*sJ4GVsd7^@S^@-y2~KwYM}hcnHBz=le5*
zSI!6jk;ZMGWrN3H1+qrWfi|%vHsOLg74xlNQ2MP^%#ulQPVr;q@@QX6Uel=zj5PgXAy3CC|6c2cewpmp8KIMx{hu_)%7CpBZe}
zf^r$>-_s!0n2);V)B5eq-g8D6)tLN_&Z7AP%Qslq-!^u2)Edd1iWS%xis$w>S~gz(
zxi}SsvP{ZShzb0Kmid;VPTh=w>l~0#DG2f=AtM#y3NVI{T=NVu$sdQ=i%IE4TzG}0
z-Ns<{^=)c|6-y}(N#JVe_XDNnaORF9%`27}WE_C*o^`cutGFbPoz7Xg^|G=UI5w*F
zR?hH-HR;&yY`+io+cEP;TMPIBQzbC|L*=%AU91tv0)O|(2K9ym6clK}gFMGxyPy8_
zLZlOnp;@>f1^aL4QNmB2cv
z&sxvefj)x)PfTVFTEhrWhimm-4#~#+W_z*goSV*ds>vo~_YbO1Wbm`7#s$pQfO{N2
zeLPMo47)u>d9n?@DILrXGm$i3yTsvH^9J4bk1%;l-tflOyg#V>fwjT&%Qh=P3FY}0T|(ep
zrEs>OPUGI+2_fX3aMR_f6Wp5D0MByQHI5jZpGx)~U0;8nC$K5d)X_8l03_*jQ_5E1
zvr)=TPMiMdGP*mk(Z{@D22~T~^Ci<9mUvu3XlzYdU4OF^rFkOP*sJaP{xma;elC)B
zku6khwkg;BveD!Rp9@TU+Vv^Nnn?%aBaR9Z*YAjHshSj(L`NKl?Cq9
zcXr;%WH;K~w5^05HmoJz)!HVdbBNw1ijYHD|5Ofuw4ll5R{
zZ_Zk|u>y{Ia_EJO%0&LcClS@2*d0I<<SiEG;LKi-SCm`%fI<%3^jSv>z37Hr7R%
zQDe1ui(pa2-Sv@);MgkOCUq^~?ZSWcfdTi`ShUgd6neb8(izWcxZYyCAmqDi<+41b
z$n3)cWPwlD>>MyA20?CGd6SCvbi0`M;HhrG`Wk5Boy`$S&%V2T@i`thoeH>l!pzqu
zGuI2U$7%mFT&Mo=BEFExpw_}GnPX9?6udW{#)bxH;&hP@I;;5i?6!c63^i^(NR|!P
zQM;xIfs8}b`BU2B4URn_4AUsF57efF&@)xR@Z&!00_5zNx56&nu6=(}I(AWveL}LQ
zL&KHp(TB;ajo~YM_Lz27uVA-phD&R`ee%LJluGK~;*__C_a|uz
z81D|Loa;Z_={NTB;=r^5kFN#R8$#;!FrUS;Ok#ZHAkpJ^ApX6zK7cR;GX$X<$IzrY
z8sqM@tAQ|r5V!hwVN~am3Jc*Xkt0mv>i3>WIff{tKZR?1-Z$fL(pkUY$Qi(lcDwL|
zz2&=Ff2CZzw?zNz(Zncq4=43z9-7b;TjQS^EP~F-_3U5nr8B5>o}msm^yMDe94tP4
z>D#WKYK|KM-?_>VmmySt5b72bb_7@r4i=hIjZUElpXjOPcwp9>=+jr~L
z>fHr}^3@}1|8&X=#9%1
zNc@W)ck>x_R2`}ay0*x=#r0V}1g$4(
zCLzh(B9xu)kV8SK?5e`iU=vZ$%Ie!}e8QBt`Az{0c>D9sOc-et!5f3oGCk&I9g9qu
zWhJwxt5s<2&=GQAbHKYmGonifrOQnA{7pM7y{e9^)h#Ts=a9?ICr4z_e-~_H}pn5O)~VH7w(?nj`=)(pntqGDDD=aPUT7Il6T{(4~9Xs}*iCPOYB$J&E^@eLu0x#8?)Ltwp%;n&$|uaU?~JPeTJU3pJ8O8XOj(0j1dNWMktn{PqREc>;hvq(rET_l>ECOGhlAo|ka=2DE?W;8tHlILbZ
z6-|z@rL5$LC&Je0DTU{i{e{!(c?n~z{T)@hf1<(;Csq%w0K0nRzUq1;x;}XeyQ(K8
z3mfABU|NTdkZzo@vWX2MHXau>v%mTfHE(b7hNHK;(K2gdqWBf<{(}`UXRLq(MyfOG
zdRVh46Gc@OHH^W_+2RaW+my8`e?R;68~L!H4mP-vvlJ$uGo7B$y@z+Of$Z3|G?J&g
z_FZR>n=T172p4r(3C$hKTM5i@ZR(r+wRW
zKjMVEHq7PPWZSP7={B7$60m6tddX^!FIF4(pnlRC-Frc1}RJw
zOI(&HIZ9qBT6Aqo?q09e<3zD|uZ6+XfBtk4^CDyi%GYuBKsKTD
zJ-oDDKivs0THcRFoMPZTIvNHLw0Iu!)@vp}n+(JDFwgNcnSxNQj1JqdM$p*^QM9SX
zw+{T40-YDrdr|gBR?S^ES`Evrfi1h++^e>mM;cUxq&?Vc
zuuM*0#6(r>b0z^J{Z5hL6S8B*O;r_)wo4<-@&%8(X==)rP~J=K`@elZYQ7|%J^VwJa0kVST49l`SGR&SDYXR=-pL|BzfOkj8czq*LcB?M7(gLEF==Q2oOwb@1|IHJN|
zX23HcFtlDaF>ykc;kE{uuTzKAA9MbQ^$PhPpqs|FwBOFjR}*MYwQP4N47SI(+uVKc
zbsaBz+%6M+$F3Mc&q%I*;+NB39%nOk-Fcsar_%iSn8*#8TkWnAnTOuvE2lN>_pTAg
z%ZY*qN8<Gw63bT&Q{4|?
zr01shEMnn=doUahijyBpg8N-k)w5eR}(4e+#bJr>lh?BQ&00}M33VU
zc?^p`nk$4|HoR%}UA5*MU~U9AK2{+VG2_zU5y9Z`B?~Z}LMlS>{9S~dI_-~VEj2Zv
zVm7y{Ron`uPqXXkDdJ-Y|JGeyuxD%go&;L{2^Fg3#;_M%#8wca`v<7`Tqs($T4kX4
z_h;_B|LPXEZfk*+2WS@Ycgf^TVT|V>2RpzaBbn|enr*zqtQPz5v*3mom{cC8XBiMs
zQ&6N1eaC-ZjK3-1<4=J8<95&)IUFvnN*IJ)h0LE!X7?s88m+CdQkmUp3?UN?}-gw&I<{6
zn}GO7a04=e)jHi{V_g#ZVrgg`D`o9$p5%lNT_NCSOCu*PLK*uK1sPL{EtLC51QvE`~kDZSe#OhTF0F
zZWrbUUKjCwokeU+W`b-Y?O>z%
z{F;ZIb>OK0R+i$?cr$_WUttGj;BpC1C+3i7d9M{7E|@O-=!2WS(<{K_{saL?8%OU#
zRE-tuFVa`RCFDu;8#US21U+UE3-4s*Nc0`>(Dv2Dk*3d<8}ob3OUX$KGHyHXw4qP`
zG_ueooB3Qw>xesY-7?&z&@=go>x{=b9dMc1p@K9g@p+m(v
z)-Qfq7~h397`yPBj1kQu5os-JO_-H;87s>5hDaSv34jzJ*+OtjU|}4Qb(WBTX}GV7
z^SG<;M;v|Zdy*g_F^1+!PP()(8J?rpdz3QJ{3KfQ(ur4-;gO>WFR7dEok=56`G!mGEr{=
zJzCia8SS^$3)TW>@u3_FN;)j+0=*?_70qB8F(sU$GbPm?&_Kq3{cN
z$1gtSwNyD!W^DOdK0rp{2-(qlogM1Dcz|@RPY2<9>PvJIx`36)z&6_(UNtuU<*0IH
zfeHSNwPL(qu_>ou^|VzJi=O9U^EAy^4yF2_N=EWkQ^V0uEnM+yJN->;hPViqxQSKB
z=g4b8Q>ZQP^({)5`W2M4stKcJOTW(S?5mIbMjP$|3&kz#vv360PG#=JAe-rg_Lr(c
zC@Cn>!T~yJNr`858~G&dyV}%Jo>Jy>xi2%xA6;&9
z5V2J;KHytS@c2?_BiNj?{yf^ELnkNfzIXdw@%3l#q`rO0IFHrd{1rlWKwrL=qm>mJ
z#1q87^qt5BOiNWxFG{hg1)#FgC6pqm?~}m6FSPVd2J%t)e!2!V;9o%(45m`w1D(Po
zq@l#`4zk|c9r3Be(tX*8!m}HD?bVxyK9b9DcJvyj_v&5&i*AC{{*3~|o4dqwOeQH*
z3m?B$3KK2}kU`5}5LdF2$6Cs3O%bcR==7|;<)|`awecT?#McBP
z1c9k)vzu;JJD#yI=x#&=Mb7CC^|8O0Acaf|Y>x7}cJmDC!#$A}A78qNdQwDta8Ji0
zJuD68AkRYoX{s^;mw@Y8aV&cs0pWopZ0V(McPO9t%rLbU^mx~}GvPQwq6yZ0|3pp<
z8e8Z968Q^M7#c9isrmD)mSjuB>NB`^!bB5$g(O+7Yd1~KE-0MX(Hu^Uz8ynVaKGZ}
zhtrt4_NLf|2{w!PB^+(7_$IYYE>m1LnV5=4!oDs=cyMmZ-YjIAK4>S{fmbCdGCaH1
zvK_U^-QSJ!d!dwvV6XSUMt5HaEJMGe
zJ5#!9HZ6YdCw;bX@z|q<#fzdJ!#Ouswm%);;|scmS;hR#Rdkf#>o?}M7uieF8+fgvft|EZh|I{YVn{G!&9zO-qJ#0msts|;LF;h>FmwYm5XhnA
z1^3q5ZN0O1n%CN<%01fKN%}9hdRSz7Ty6$Mw#U-g@G2V{LV?vzfX10rgYDn3ma&hv
z`_d`14Aycw8bQU6WX4RoAbK0eXO^)%7=rlkQl!z}@wSuhP?Sm0-T3fOx#8UL&B9Eq
zeSs$RC*VOm9k@|TN9jCM2Q<4QFRIQx;8tyAA72}@gup6cj#u9DFmovhDfxe=b{5
zd2Y@`Qkx7cxY9mwb3nm;iQfC@43ETlEz27R883)w|wanS4$1J=0S35u5=+5B6E=BC>F;b{d6Kjmxh-|Q+
z_5Sf<&XtO6QA2)wD=}QF#Hmaj^j)6A$Qz4xVh-ls-Q;`?;6_7;QZ(?vYFU@XSgx~U
zhqW{0#7>{+e-gp3zEYAcYE$a|#7S_HGT?TA?7}tN!Gj^}cvxfWk*!y2q&L!{Zm`$F
zD1^`9zIWp~{+<(zqAMYAg5$8pt_5nYAhN_E51T^+5~d=37#YsbB6#BG#dcyaKoPMh
zUudsoJT7sbcfvSlz(W+jQl^t5_(uexpC`{n5R0PW&*2O%o3?vH)y_Ls*oDh-9jitn
zXpJ=UH9>^u>SAb`_SUxKuSvxN!T=qRo9?wSzjZ@nIeB98F)Ud*1AB$(IxT<(v|DDM
zQWTApc$vzko9s>T+3sm)w&2{cL?lj?ozxWR-AWpk@g#@$dxVQIXGY~u){TW`sY}fKeGR;0+zp%_&ddcCQ>gxQPS?SANnRBg)i|-uD
z>9J_Rl2{0O6Xp6`G(#!UG^+8Zt+yzqy2UNA_{97w)3bg}r@f7X^5PWai&~OVK;x|C
zbJx51dI@<=-^@)thF3^pmxil;0FBRFIqKV`P!qk#%q=76ZuG%>_M(9M#>oP|(Q+CO
z8F-;}!#lf%|LZLe*uw)A;sr
z(={(XCTj8D{w`o{kK^v^C_YYbwy`zVY%k3PX$EOB&2
zw~zy4iEh~}*Ara&zOKJSe_K`B2PJFK)S4|<^uv;SFa5{u;UI2O{R9;5jFoavOP|VO3@*mO(sfw)Ne%D=!eN13uE<5;Pujm&w@3-kEj>#DO3XiO-Zl3Lraq_1)x
zeJ~rg*D>7RfVMWYblx*Y05Auk4-T@Y(okrFL-XA>0w`afi-g2MOgdHw)vt{9T+aDk
zw}5P;x_QQC+@-B{h{}@-Y?PzeasSlfSB}Mt&c9+>7k7WmT*mqU2%KF5^>W88dyc=T
z8ZQx$K@JTSlEB9@*-o@rx5dYS@fFS-%(AXXwg_wOs5_{5BLez{cbOzIkEVXbugrU|
z4ZqP>zS!U6Jzn*B$I<0!d01XM)>%VoSfaxH#_FherJx|kYR)z(HJA9`*jxF2kgVku
z;4Hf?3X(+aM#byThfE327#*U+k-bL2d{G;(ojGF
z+HXjs7adfPeL80wGv3cBq_i1FTC=;4Iesfk8xqbRJGl&VzgxBQhS{QBP>$!s=F9jM
z5Em;oTMRWMi8P>#{w(1(V^mcGrS22!CEn-4^(2WBGd83%-tXr8Zc+~UI>lALM46yV
z9`GHt)`MA;`8ydveNXYlUiHaG&Tyw2RF!aMd0JcZoDj61E{320g+hdS$w>~=dCoc*
zqnBZV2Q#ROaA89PD5uEvPIn$i6ZP+IZ_X;D1CJv&GYofN9o;?B0bb@k@SO!yug*n)
zGQi8UE<(cm`y?_xYlmt%J4La^GqyhGmk69PtRz~kXEv)mke+#5_d-k5I%vrN=*6yM
zxJ+VoD;p|xxcsr!;oS0~Q5ze25(Wj_?gf(=4t_hR(Ssvwwq*8}TiFt-bSgQte~*!-
zv7(y!HQr=LbG~Vsi6liAzG~;*K1=00xiKHiY}C@B)v!mhjfW6>Q#R;T>0dr1
zSmPah@p?7V(Wf|L$47jXi?V0z23Q0G3nqFeeoOlYm6{$XTe#}Y3D~{b_D(p4%HF9w
zD4FO?8<~&jcP(_tUsz3ZKq>|>ZAf%MT?5udS28Nl>h}tL)pK~r%oD83z>ynFy!wOx
z_h6WgMp?Hs)ZWtgsVrXqG6m3p9Rt>xUDqyjH2z!*bH2_F@n20FK}FW}Yp_(a@orN!
z=jSPfrtQxbX*(h<<=Mqm(j`b4QeR2?U|KZ>EtGEoU!?P7h^c`Y(
z?;3b*#phss;M*wjGNAr7SO`9MT+M1<-<3qrXlyTvx>6i^F%v;zQsVVGy*reX;dOa@
zCpOTjx@7+{%LbGYe`;NZ^>t6SO}T)OrFwplh1gDP!5Y?dw2RhcR`PM$41f&XOcEx(@E19UkZD=s}vDOF*`8auDWpvwUB+n9D%ktj^X{G`lqb6Jsn4#sl
z2nv7o7ElH;64NL+np#Nr$VlPL$N0lAV~u1r6
z4Y-#Yb|yXCO#20lBAw&M$%)}s~@>kFE@t2#Bl>(#07e
z$3%ZIXQM5_QDnN2P7ScnQwWNWnELN0aK@JU6op#Ou{jbFU;*By=xkcrD=9Pr(PTh+
zgY$-lyHt8^e1N11@$2#B#e)-Y=u{fpiIT6Y=dNJ@hU2r(znOMq?IA(*P}oYfnHJW>rj$aH}Dip
z@B?1zFr6UXZ
z5_uLEN!;-0*Bvx|P|=WU{TbkjI}eX5+La1)WNMJ^9W8@intUZXZP{E^i&R1lS@)63
ztn9O>&I1A!y}=EqQDx1Z7)2lI{3CxiH5vumo$jqF$1Kd}>rdIzR
z2(mM(E^xLacJ=WNA4Uz;=ls_Pd#;OWy@fk%emhGw&n-??ZfH1MX!#gY@hA8L({N6FqG?I_yfVZR~pE&fs3M~i=+6zM7h?#!G&
zR(tBi;6a}hwe0px+{BzzafS#Ph3w;pWzKh&g=8_OD5*?XhilFD6Sd9;2YikID(^;n
zO~8^b(>|)=M!JQZAaoYbz?@YDr*wIl}J2Rp0
zkNn93zmBKKD%Q)QQglEX8s{K@l>AVVh~1&e-P29P(2iO`A-Gkw{Dz0!wCI40hy_#C
z(1>UUoXqn`qorRBq=0@M(T|Bzzfd50Rt``xWtBuurB?o><-4$7I|ip95Td{jfH1>0
zOkF=iIx_%O!=79=oNcNHos)nx|
z5>$I$d9bN+Wq&^ntdCm~yLX;^U6zsTaW84e*PCr6vyoMzfR45)y7Iva`;WSc^eMYc
zV1!${t1oif3Y^yE^PcW3RwhmpL$y}FzYT9knNnaDdRO9CtBqUlbz?sMy$$HiI+fJXi)oJ@XF1ymSEhHQX
z`Yxmf!V8y&7$G};5R@R6DV`2Tc?FMlFLi3FumG11D4|0_
zxN{)m^xisLGg(y;`XuHcZCa=L5X0i{(d~cmQ!09dEG#~ZL{Ooi#EXoCB}dV{d%GYP
z@5J3hD|FK)YCc!N%}xZZPpkEsUoI|ADeDQP(NLfD+uoX1>u8*OpyfvrA?2!eA%Tik
zahG^TUpXDIBL~gAoeUSJZ&3)UzfZw9etEPW##qgj{3F1Iuebm;8Z>7
zd)iMC;<$wk#Y#S){6}r!RA^{c9!c&VKx30q`#pK8#8F(z6hU7>?SnGI
zcBJR9`k-{X_knWv)dgD3L1yRp@4^nIkgAvHwzSE&k_LxruNB1~V)NPAUMQ`CYbe1O
zpTqihC_jtC)$KB$3Xz~hpNbE=HMa@~4gj%c;Xll&0jKB3assn<*|vKuzu_OQ3bqIkCe~pJf$BAi7ot76OIyFZJ{+-Pl7l{-S|-659XR+e
zI31u}wRr0GWL63+e7J9$IJ3aK@xufDOk`qJ4GZ!SL$L(P-epWvQ_ag2(my3)PyB_gKV5Ky;pAw?Ux8QlG|y
zQaC>g3C%NxyE->jXOOkTFr-zr-Gg0q;p>4artb8}^WmANv@KV9gw8Oc67zcNPLlsv
zkujlZm~8I6E`9etrN0SThT8P{_caX?c)-Fy-&2W{1cPAQyhk@4jJ8kjxM_nDlrpRBfT
zH(of}uAV(|l9%#nm@}?rupR}1$iW!{`V(}n!`oO18+G1Na-&}Wr{>g^=2
z7Pd(E)y4oem{^b{>FsfzbV*!rur~6MpO;mN2bD>$>EhF6>uvDyx5lxE-JoC@
z)?gV4E-(wb85L%ho48rTtb6t*s+DNM2omcUH3J(-x)&bZyJkF0LY+paJqK`?J?aD$rtCehD`F{