fix(pwd) EE-3161 ease the minimum password restrictions to 12 characters (#6920 )

* fix(pwd): EE-3161 ease the minimum password restrictions to 12 characters
bump version to 2.13.1 (#6913 )
2022-05-12 13:16:56 +12:00 · 2022-05-11 13:49:13 +12:00 · 2022-05-10 15:51:15 -03:00 · 2022-05-10 15:33:46 -03:00 · 2022-05-06 15:14:21 +12:00 · 2022-05-06 14:19:22 +12:00
1564 changed files with 23450 additions and 34309 deletions
--- a/.eslintrc.yml
+++ b/.eslintrc.yml
@@ -31,12 +31,7 @@ rules:
    [
      'error',
      {
-        pathGroups:
-          [
-            { pattern: '@@/**', group: 'internal', position: 'after' },
-            { pattern: '@/**', group: 'internal' },
-            { pattern: '{Kubernetes,Portainer,Agent,Azure,Docker}/**', group: 'internal' },
-          ],
+        pathGroups: [{ pattern: '@/**', group: 'internal' }, { pattern: '{Kubernetes,Portainer,Agent,Azure,Docker}/**', group: 'internal' }],
        groups: ['builtin', 'external', 'internal', 'parent', 'sibling', 'index'],
        pathGroupsExcludedImportTypes: ['internal'],
      },
@@ -46,7 +41,6 @@ settings:
  'import/resolver':
    alias:
      map:
-        - ['@@', './app/react/components']
        - ['@', './app']
      extensions: ['.js', '.ts', '.tsx']

@@ -58,7 +52,6 @@ overrides:
    parser: '@typescript-eslint/parser'
    plugins:
      - '@typescript-eslint'
-      - 'regex'
    extends:
      - airbnb
      - airbnb-typescript
@@ -75,14 +68,7 @@ overrides:
        version: 'detect'
    rules:
      import/order:
-        [
-          'error',
-          {
-            pathGroups: [{ pattern: '@@/**', group: 'internal', position: 'after' }, { pattern: '@/**', group: 'internal' }],
-            groups: ['builtin', 'external', 'internal', 'parent', 'sibling', 'index'],
-            'newlines-between': 'always',
-          },
-        ]
+        ['error', { pathGroups: [{ pattern: '@/**', group: 'internal' }], groups: ['builtin', 'external', 'internal', 'parent', 'sibling', 'index'], 'newlines-between': 'always' }]
      func-style: [error, 'declaration']
      import/prefer-default-export: off
      no-use-before-define: ['error', { functions: false }]
@@ -104,7 +90,6 @@ overrides:
      'react/jsx-no-bind': off
      'no-await-in-loop': 'off'
      'react/jsx-no-useless-fragment': ['error', { allowExpressions: true }]
-      'regex/invalid': ['error', [{ 'regex': 'data-feather="(.*)"', 'message': 'Please use `react-feather` package instead' }]]
  - files:
      - app/**/*.test.*
    extends:
--- a/.github/workflows/lint.yml
+++ b/.github/workflows/lint.yml
@@ -34,5 +34,3 @@ jobs:
          prettier_dir: app/
          gofmt: true
          gofmt_dir: api/
-      - name: Typecheck
-        uses: icrawl/action-tsc@v1
--- a/.github/workflows/nightly-security-scan.yml
+++ b/.github/workflows/nightly-security-scan.yml
@@ -1,230 +0,0 @@
-name: Nightly Code Security Scan
-
-on: 
-  schedule:
-    - cron: '0 8 * * *'
-  workflow_dispatch:
-    
-jobs:
-  client-dependencies:
-    name: Client dependency check
-    runs-on: ubuntu-latest
-    if: >- # only run for develop branch
-      github.ref == 'refs/heads/develop' 
-    outputs:
-      js: ${{ steps.set-matrix.outputs.js_result }}
-    steps:
-      - uses: actions/checkout@master
-
-      - name: Run Snyk to check for vulnerabilities
-        uses: snyk/actions/node@master
-        continue-on-error: true # To make sure that artifact upload gets called
-        env:
-          SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
-        with:
-          json: true
-
-      - name: Upload js security scan result as artifact 
-        uses: actions/upload-artifact@v3
-        with:
-          name: js-security-scan-develop-result
-          path: snyk.json
-
-      - name: Export scan result to html file 
-        run: | 
-          $(docker run --rm -v ${{ github.workspace }}:/data oscarzhou/scan-report:0.1.8 summary -report-type=snyk -path="/data/snyk.json" -output-type=table -export -export-filename="/data/js-result")
-
-      - name: Upload js result html file
-        uses: actions/upload-artifact@v3
-        with:
-          name: html-js-result-${{github.run_id}}
-          path: js-result.html
-
-      - name: Analyse the js result
-        id: set-matrix
-        run: | 
-          result=$(docker run --rm -v ${{ github.workspace }}:/data oscarzhou/scan-report:0.1.8 summary -report-type=snyk -path="/data/snyk.json" -output-type=matrix)
-          echo "::set-output name=js_result::${result}"
-
-  server-dependencies:
-    name: Server dependency check
-    runs-on: ubuntu-latest
-    if: >- # only run for develop branch
-      github.ref == 'refs/heads/develop' 
-    outputs:
-      go: ${{ steps.set-matrix.outputs.go_result }}
-    steps:
-      - uses: actions/checkout@master
-
-      - name: Download go modules
-        run: cd ./api && go get -t -v -d ./...
-
-      - name: Run Snyk to check for vulnerabilities
-        uses: snyk/actions/golang@master
-        continue-on-error: true # To make sure that artifact upload gets called
-        env:
-          SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
-        with:
-          args: --file=./api/go.mod
-          json: true
-
-      - name: Upload go security scan result as artifact
-        uses: actions/upload-artifact@v3
-        with:
-          name: go-security-scan-develop-result
-          path: snyk.json
-
-      - name: Export scan result to html file 
-        run: | 
-          $(docker run --rm -v ${{ github.workspace }}:/data oscarzhou/scan-report:0.1.8 summary -report-type=snyk -path="/data/snyk.json" -output-type=table -export -export-filename="/data/go-result")
-
-      - name: Upload go result html file
-        uses: actions/upload-artifact@v3
-        with:
-          name: html-go-result-${{github.run_id}}
-          path: go-result.html
-
-      - name: Analyse the go result
-        id: set-matrix
-        run: | 
-          result=$(docker run --rm -v ${{ github.workspace }}:/data oscarzhou/scan-report:0.1.8 summary -report-type=snyk -path="/data/snyk.json" -output-type=matrix)
-          echo "::set-output name=go_result::${result}"
-
-  image-vulnerability:
-    name: Build docker image and Image vulnerability check
-    runs-on: ubuntu-latest
-    if: >-
-      github.ref == 'refs/heads/develop'
-    outputs:
-      image: ${{ steps.set-matrix.outputs.image_result }}
-    steps:
-      - name: Checkout code
-        uses: actions/checkout@master
-
-      - name: Use golang 1.18
-        uses: actions/setup-go@v3
-        with:
-          go-version: '1.18'
-
-      - name: Use Node.js 12.x
-        uses: actions/setup-node@v1
-        with:
-          node-version: 12.x
-
-      - name: Install packages and build
-        run: yarn install && yarn build
-
-      - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v1
-
-      - name: Build and push
-        uses: docker/build-push-action@v2
-        with:
-          context: .
-          file: build/linux/Dockerfile
-          tags: trivy-portainer:${{ github.sha }}
-          outputs: type=docker,dest=/tmp/trivy-portainer-image.tar
-
-      - name: Load docker image
-        run: |
-          docker load --input /tmp/trivy-portainer-image.tar
-
-      - name: Run Trivy vulnerability scanner
-        uses: docker://docker.io/aquasec/trivy:latest
-        continue-on-error: true 
-        with:
-          args: image --ignore-unfixed=true --vuln-type="os,library" --exit-code=1 --format="json" --output="image-trivy.json" --no-progress trivy-portainer:${{ github.sha }}  
-
-      - name: Upload image security scan result as artifact
-        uses: actions/upload-artifact@v3
-        with:
-          name: image-security-scan-develop-result
-          path: image-trivy.json
-
-      - name: Export scan result to html file 
-        run: | 
-          $(docker run --rm -v ${{ github.workspace }}:/data oscarzhou/scan-report:0.1.8 summary -report-type=trivy -path="/data/image-trivy.json" -output-type=table -export -export-filename="/data/image-result")
-
-      - name: Upload go result html file
-        uses: actions/upload-artifact@v3
-        with:
-          name: html-image-result-${{github.run_id}}
-          path: image-result.html
-
-      - name: Analyse the trivy result
-        id: set-matrix
-        run: | 
-          result=$(docker run --rm -v ${{ github.workspace }}:/data oscarzhou/scan-report:0.1.8 summary -report-type=trivy -path="/data/image-trivy.json" -output-type=matrix)
-          echo "::set-output name=image_result::${result}"
-
-  result-analysis:
-    name: Analyse scan result
-    needs: [client-dependencies, server-dependencies, image-vulnerability]
-    runs-on: ubuntu-latest
-    if: >-
-      github.ref == 'refs/heads/develop'
-    strategy:
-      matrix: 
-        js: ${{fromJson(needs.client-dependencies.outputs.js)}}
-        go: ${{fromJson(needs.server-dependencies.outputs.go)}}
-        image: ${{fromJson(needs.image-vulnerability.outputs.image)}}
-    steps:
-      - name: Display the results of js, go and image
-        run: |
-          echo ${{ matrix.js.status }}
-          echo ${{ matrix.go.status }}
-          echo ${{ matrix.image.status }}
-          echo ${{ matrix.js.summary }}
-          echo ${{ matrix.go.summary }}
-          echo ${{ matrix.image.summary }}
-
-      - name: Send Slack message
-        if: >- 
-          matrix.js.status == 'failure' ||
-          matrix.go.status == 'failure' || 
-          matrix.image.status == 'failure'
-        uses: slackapi/slack-github-action@v1.18.0
-        with:
-          payload: |
-            {
-              "blocks": [
-                {
-                  "type": "section",
-                  "text": {
-                    "type": "mrkdwn",
-                    "text": "Code Scanning Result (*${{ github.repository }}*)\n*<${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}|GitHub Actions Workflow URL>*"
-                  }
-                }
-              ],
-              "attachments": [
-                {
-                  "color": "#FF0000",
-                  "blocks": [
-                    {
-                      "type": "section",
-                      "text": {
-                        "type": "mrkdwn",
-                        "text": "*JS dependency check*: *${{ matrix.js.status }}*\n${{ matrix.js.summary }}"
-                      }
-                    },
-                    {
-                      "type": "section",
-                      "text": {
-                        "type": "mrkdwn",
-                        "text": "*Go dependency check*: *${{ matrix.go.status }}*\n${{ matrix.go.summary }}"
-                      }
-                    },
-                    {
-                      "type": "section",
-                      "text": {
-                        "type": "mrkdwn",
-                        "text": "*Image vulnerability check*: *${{ matrix.image.status }}*\n${{ matrix.image.summary }}\n"
-                      }
-                    }
-                  ]
-                }
-              ]
-            }
-        env:
-          SLACK_WEBHOOK_URL: ${{ secrets.SECURITY_SLACK_WEBHOOK_URL }}
-          SLACK_WEBHOOK_TYPE: INCOMING_WEBHOOK
--- a/.github/workflows/pr-security.yml
+++ b/.github/workflows/pr-security.yml
@@ -1,233 +0,0 @@
-name: PR Code Security Scan
-
-on:
-  pull_request_review:
-    types:
-      - submitted
-      - edited
-    paths:
-      - 'package.json'
-      - 'api/go.mod'
-      - 'gruntfile.js'
-      - 'build/linux/Dockerfile'
-      - 'build/linux/alpine.Dockerfile'
-      - 'build/windows/Dockerfile'
-    
-jobs:
-  client-dependencies:
-    name: Client dependency check
-    runs-on: ubuntu-latest
-    if: >-
-      github.event.pull_request &&
-      github.event.review.body == '/scan'
-    outputs:
-      jsdiff: ${{ steps.set-diff-matrix.outputs.js_diff_result }}
-    steps:
-      - uses: actions/checkout@master
-
-      - name: Run Snyk to check for vulnerabilities
-        uses: snyk/actions/node@master
-        continue-on-error: true # To make sure that artifact upload gets called
-        env:
-          SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
-        with:
-          json: true
-
-      - name: Upload js security scan result as artifact
-        uses: actions/upload-artifact@v3
-        with:
-          name: js-security-scan-feat-result
-          path: snyk.json
-
-      - name: Download artifacts from develop branch
-        env:
-          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-        run: |
-          mv ./snyk.json ./js-snyk-feature.json
-          (gh run download -n js-security-scan-develop-result -R ${{ github.repository }} 2>&1 >/dev/null) || :
-          if [[ -e ./snyk.json ]]; then
-            mv ./snyk.json ./js-snyk-develop.json
-          else
-            echo "null" > ./js-snyk-develop.json
-          fi
-
-      - name: Export scan result to html file 
-        run: | 
-          $(docker run --rm -v ${{ github.workspace }}:/data oscarzhou/scan-report:0.1.8 diff -report-type=snyk -path="/data/js-snyk-feature.json" -compare-to="/data/js-snyk-develop.json" -output-type=table -export -export-filename="/data/js-result")
-
-      - name: Upload js result html file
-        uses: actions/upload-artifact@v3
-        with:
-          name: html-js-result-compare-to-develop-${{github.run_id}}
-          path: js-result.html
-
-      - name: Analyse the js diff result
-        id: set-diff-matrix
-        run: | 
-          result=$(docker run --rm -v ${{ github.workspace }}:/data oscarzhou/scan-report:0.1.8 diff -report-type=snyk -path="/data/js-snyk-feature.json" -compare-to="./data/js-snyk-develop.json" -output-type=matrix)
-          echo "::set-output name=js_diff_result::${result}"
-
-  server-dependencies:
-    name: Server dependency check
-    runs-on: ubuntu-latest
-    if: >-
-      github.event.pull_request &&
-      github.event.review.body == '/scan'
-    outputs:
-      godiff: ${{ steps.set-diff-matrix.outputs.go_diff_result }}
-    steps:
-      - uses: actions/checkout@master
-
-      - name: Download go modules
-        run: cd ./api && go get -t -v -d ./...
-
-      - name: Run Snyk to check for vulnerabilities
-        uses: snyk/actions/golang@master
-        continue-on-error: true # To make sure that artifact upload gets called
-        env:
-          SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
-        with:
-          args: --file=./api/go.mod
-          json: true
-
-      - name: Upload go security scan result as artifact
-        uses: actions/upload-artifact@v3
-        with:
-          name: go-security-scan-feature-result
-          path: snyk.json
-
-      - name: Download artifacts from develop branch
-        env:
-          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-        run: |
-          mv ./snyk.json ./go-snyk-feature.json
-          (gh run download -n go-security-scan-develop-result -R ${{ github.repository }} 2>&1 >/dev/null) || :
-          if [[ -e ./snyk.json ]]; then
-            mv ./snyk.json ./go-snyk-develop.json
-          else
-            echo "null" > ./go-snyk-develop.json
-          fi
-
-      - name: Export scan result to html file 
-        run: | 
-          $(docker run --rm -v ${{ github.workspace }}:/data oscarzhou/scan-report:0.1.8 diff -report-type=snyk -path="/data/go-snyk-feature.json" -compare-to="/data/go-snyk-develop.json" -output-type=table -export -export-filename="/data/go-result")
-
-      - name: Upload go result html file
-        uses: actions/upload-artifact@v3
-        with:
-          name: html-go-result-compare-to-develop-${{github.run_id}}
-          path: go-result.html
-
-      - name: Analyse the go diff result
-        id: set-diff-matrix
-        run: | 
-          result=$(docker run --rm -v ${{ github.workspace }}:/data oscarzhou/scan-report:0.1.8 diff -report-type=snyk -path="/data/go-snyk-feature.json" -compare-to="/data/go-snyk-develop.json" -output-type=matrix)
-          echo "::set-output name=go_diff_result::${result}"
-
-  image-vulnerability:
-    name: Build docker image and Image vulnerability check
-    runs-on: ubuntu-latest
-    if: >-
-      github.event.pull_request &&
-      github.event.review.body == '/scan'
-    outputs:
-      imagediff: ${{ steps.set-diff-matrix.outputs.image_diff_result }}
-    steps:
-      - name: Checkout code
-        uses: actions/checkout@master
-
-      - name: Use golang 1.18
-        uses: actions/setup-go@v3
-        with:
-          go-version: '1.18'
-
-      - name: Use Node.js 12.x
-        uses: actions/setup-node@v1
-        with:
-          node-version: 12.x
-
-      - name: Install packages and build
-        run: yarn install && yarn build
-
-      - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v1
-
-      - name: Build and push
-        uses: docker/build-push-action@v2
-        with:
-          context: .
-          file: build/linux/Dockerfile
-          tags: trivy-portainer:${{ github.sha }}
-          outputs: type=docker,dest=/tmp/trivy-portainer-image.tar
-
-      - name: Load docker image
-        run: |
-          docker load --input /tmp/trivy-portainer-image.tar
-
-      - name: Run Trivy vulnerability scanner
-        uses: docker://docker.io/aquasec/trivy:latest
-        continue-on-error: true 
-        with:
-          args: image --ignore-unfixed=true --vuln-type="os,library" --exit-code=1 --format="json" --output="image-trivy.json" --no-progress trivy-portainer:${{ github.sha }}  
-
-      - name: Upload image security scan result as artifact
-        uses: actions/upload-artifact@v3
-        with:
-          name: image-security-scan-feature-result
-          path: image-trivy.json
-
-      - name: Download artifacts from develop branch
-        env:
-          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-        run: |
-          mv ./image-trivy.json ./image-trivy-feature.json
-          (gh run download -n image-security-scan-develop-result -R ${{ github.repository }} 2>&1 >/dev/null) || :
-          if [[ -e ./image-trivy.json ]]; then
-            mv ./image-trivy.json ./image-trivy-develop.json
-          else
-            echo "null" > ./image-trivy-develop.json
-          fi
-
-      - name: Export scan result to html file 
-        run: | 
-          $(docker run --rm -v ${{ github.workspace }}:/data oscarzhou/scan-report:0.1.8 diff -report-type=trivy -path="/data/image-trivy-feature.json" -compare-to="/data/image-trivy-develop.json" -output-type=table -export -export-filename="/data/image-result")
-
-      - name: Upload image result html file
-        uses: actions/upload-artifact@v3
-        with:
-          name: html-image-result-compare-to-develop-${{github.run_id}}
-          path: image-result.html
-
-      - name: Analyse the image diff result
-        id: set-diff-matrix
-        run: | 
-          result=$(docker run --rm -v ${{ github.workspace }}:/data oscarzhou/scan-report:0.1.8 diff -report-type=trivy -path="/data/image-trivy-feature.json" -compare-to="./data/image-trivy-develop.json" -output-type=matrix)
-          echo "::set-output name=image_diff_result::${result}"
-
-  result-analysis:
-    name: Analyse scan result compared to develop
-    needs: [client-dependencies, server-dependencies, image-vulnerability]
-    runs-on: ubuntu-latest
-    if: >-
-      github.event.pull_request &&
-      github.event.review.body == '/scan'
-    strategy:
-      matrix: 
-        jsdiff: ${{fromJson(needs.client-dependencies.outputs.jsdiff)}}
-        godiff: ${{fromJson(needs.server-dependencies.outputs.godiff)}}
-        imagediff: ${{fromJson(needs.image-vulnerability.outputs.imagediff)}}
-    steps:
-
-      - name: Check job status of diff result
-        if: >-
-          matrix.jsdiff.status == 'failure' ||
-          matrix.godiff.status == 'failure' ||
-          matrix.imagediff.status == 'failure' 
-        run: |
-          echo ${{ matrix.jsdiff.status }}
-          echo ${{ matrix.godiff.status }}
-          echo ${{ matrix.imagediff.status }}
-          echo ${{ matrix.jsdiff.summary }}
-          echo ${{ matrix.godiff.summary }}
-          echo ${{ matrix.imagediff.summary }}
-          exit 1
--- a/.github/workflows/test-client.yaml
+++ b/.github/workflows/test-client.yaml
@@ -0,0 +1,15 @@
+name: Test Frontend
+on: push
+jobs:
+  test:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v2
+      - uses: actions/setup-node@v2
+        with:
+          node-version: '14'
+          cache: 'yarn'
+      - run: yarn install --frozen-lockfile
+
+      - name: Run tests
+        run: yarn test:client
--- a/.github/workflows/test.yaml
+++ b/.github/workflows/test.yaml
@@ -1,29 +0,0 @@
-name: Test
-on: push
-jobs:
-  test-client:
-    runs-on: ubuntu-latest
-
-    steps:
-      - uses: actions/checkout@v2
-      - uses: actions/setup-node@v2
-        with:
-          node-version: '14'
-          cache: 'yarn'
-      - run: yarn --frozen-lockfile
-
-      - name: Run tests
-        run: yarn test:client
-  # test-server:
-  #   runs-on: ubuntu-latest
-  #   env:
-  #     GOPRIVATE: "github.com/portainer"
-  #   steps:
-  #     - uses: actions/checkout@v3
-  #     - uses: actions/setup-go@v3
-  #       with:
-  #         go-version: '1.18'
-  #     - name: Run tests
-  #       run: |
-  #         cd api
-  #         go test ./...
--- a/.storybook/main.js
+++ b/.storybook/main.js
@@ -16,9 +16,6 @@ module.exports = {
            exportLocalsConvention: 'camelCaseOnly',
          },
        },
-        postcssLoaderOptions: {
-          implementation: require('postcss'),
-        },
      },
    },
  ],
--- a/.storybook/preview.js
+++ b/.storybook/preview.js
@@ -3,7 +3,6 @@ import '../app/assets/css';
 import { pushStateLocationPlugin, UIRouter } from '@uirouter/react';
 import { initialize as initMSW, mswDecorator } from 'msw-storybook-addon';
 import { handlers } from '@/setup-tests/server-handlers';
-import { QueryClient, QueryClientProvider } from 'react-query';

 // Initialize MSW
 initMSW({
@@ -32,17 +31,11 @@ export const parameters = {
  },
 };

-const testQueryClient = new QueryClient({
-  defaultOptions: { queries: { retry: false } },
-});
-
 export const decorators = [
  (Story) => (
-    <QueryClientProvider client={testQueryClient}>
-      <UIRouter plugins={[pushStateLocationPlugin]}>
-        <Story />
-      </UIRouter>
-    </QueryClientProvider>
+    <UIRouter plugins={[pushStateLocationPlugin]}>
+      <Story />
+    </UIRouter>
  ),
  mswDecorator,
 ];
--- a/README.md
+++ b/README.md
@@ -22,7 +22,7 @@ Please note that the public demo cluster is **reset every 15min**.

 Portainer CE is updated regularly. We aim to do an update release every couple of months.

-**The latest version of Portainer is 2.13.x**.
+**The latest version of Portainer is 2.9.x**. Portainer is on version 2, the second number denotes the month of release.

 ## Getting started

--- a/api/build/variables.go
+++ b/api/build/variables.go
@@ -1,9 +0,0 @@
-package build
-
-// Variables to be set during the build time
-var BuildNumber string
-var ImageTag string
-var NodejsVersion string
-var YarnVersion string
-var WebpackVersion string
-var GoVersion string
--- a/api/cli/cli.go
+++ b/api/cli/cli.go
@@ -35,7 +35,6 @@ func (*Service) ParseFlags(version string) (*portainer.CLIFlags, error) {
 		TunnelPort:                kingpin.Flag("tunnel-port", "Port to serve the tunnel server").Default(defaultTunnelServerPort).String(),
 		Assets:                    kingpin.Flag("assets", "Path to the assets").Default(defaultAssetsDirectory).Short('a').String(),
 		Data:                      kingpin.Flag("data", "Path to the folder where the data is stored").Default(defaultDataDirectory).Short('d').String(),
-		DemoEnvironment:           kingpin.Flag("demo", "Demo environment").Bool(),
 		EndpointURL:               kingpin.Flag("host", "Environment URL").Short('H').String(),
 		FeatureFlags:              BoolPairs(kingpin.Flag("feat", "List of feature flags").Hidden()),
 		EnableEdgeComputeFeatures: kingpin.Flag("edge-compute", "Enable Edge Compute features").Bool(),
--- a/api/cmd/portainer/main.go
+++ b/api/cmd/portainer/main.go
@@ -16,7 +16,6 @@ import (
 	"github.com/portainer/libhelm"
 	portainer "github.com/portainer/portainer/api"
 	"github.com/portainer/portainer/api/apikey"
-	"github.com/portainer/portainer/api/build"
 	"github.com/portainer/portainer/api/chisel"
 	"github.com/portainer/portainer/api/cli"
 	"github.com/portainer/portainer/api/crypto"
@@ -24,7 +23,6 @@ import (
 	"github.com/portainer/portainer/api/database/boltdb"
 	"github.com/portainer/portainer/api/dataservices"
 	"github.com/portainer/portainer/api/datastore"
-	"github.com/portainer/portainer/api/demo"
 	"github.com/portainer/portainer/api/docker"
 	"github.com/portainer/portainer/api/exec"
 	"github.com/portainer/portainer/api/filesystem"
@@ -574,7 +572,6 @@ func buildServer(flags *portainer.CLIFlags) portainer.Server {
 	openAMTService := openamt.NewService()

 	cryptoService := initCryptoService()
-
 	digitalSignatureService := initDigitalSignatureService()

 	sslService, err := initSSLService(*flags.AddrHTTPS, *flags.SSLCert, *flags.SSLKey, fileService, dataStore, shutdownTrigger)
@@ -610,7 +607,7 @@ func buildServer(flags *portainer.CLIFlags) portainer.Server {

 	kubeClusterAccessService := kubernetes.NewKubeClusterAccessService(*flags.BaseURL, *flags.AddrHTTPS, sslSettings.CertPath)

-	proxyManager := proxy.NewManager(dataStore, digitalSignatureService, reverseTunnelService, dockerClientFactory, kubernetesClientFactory, kubernetesTokenCacheManager, gitService)
+	proxyManager := proxy.NewManager(dataStore, digitalSignatureService, reverseTunnelService, dockerClientFactory, kubernetesClientFactory, kubernetesTokenCacheManager)

 	reverseTunnelService.ProxyManager = proxyManager

@@ -637,14 +634,6 @@ func buildServer(flags *portainer.CLIFlags) portainer.Server {

 	applicationStatus := initStatus(instanceID)

-	demoService := demo.NewService()
-	if *flags.DemoEnvironment {
-		err := demoService.Init(dataStore, cryptoService)
-		if err != nil {
-			log.Fatalf("failed initializing demo environment: %v", err)
-		}
-	}
-
 	err = initEndpoint(flags, dataStore, snapshotService)
 	if err != nil {
 		logrus.Fatalf("Failed initializing environment: %v", err)
@@ -733,7 +722,6 @@ func buildServer(flags *portainer.CLIFlags) portainer.Server {
 		ShutdownCtx:                 shutdownCtx,
 		ShutdownTrigger:             shutdownTrigger,
 		StackDeployer:               stackDeployer,
-		DemoService:                 demoService,
 	}
 }

@@ -744,15 +732,7 @@ func main() {

 	for {
 		server := buildServer(flags)
-		logrus.WithFields(logrus.Fields{
-			"Version":        portainer.APIVersion,
-			"BuildNumber":    build.BuildNumber,
-			"ImageTag":       build.ImageTag,
-			"NodejsVersion":  build.NodejsVersion,
-			"YarnVersion":    build.YarnVersion,
-			"WebpackVersion": build.WebpackVersion,
-			"GoVersion":      build.GoVersion},
-		).Print("[INFO] [cmd,main] Starting Portainer")
+		logrus.Printf("[INFO] [cmd,main] Starting Portainer version %s\n", portainer.APIVersion)
 		err := server.Start()
 		logrus.Printf("[INFO] [cmd,main] Http server exited: %v\n", err)
 	}
--- a/api/database/boltdb/json_test.go
+++ b/api/database/boltdb/json_test.go
@@ -10,7 +10,7 @@ import (
 )

 const (
-	jsonobject = `{"LogoURL":"","BlackListedLabels":[],"AuthenticationMethod":1,"InternalAuthSettings": {"RequiredPasswordLength": 12}"LDAPSettings":{"AnonymousMode":true,"ReaderDN":"","URL":"","TLSConfig":{"TLS":false,"TLSSkipVerify":false},"StartTLS":false,"SearchSettings":[{"BaseDN":"","Filter":"","UserNameAttribute":""}],"GroupSearchSettings":[{"GroupBaseDN":"","GroupFilter":"","GroupAttribute":""}],"AutoCreateUsers":true},"OAuthSettings":{"ClientID":"","AccessTokenURI":"","AuthorizationURI":"","ResourceURI":"","RedirectURI":"","UserIdentifier":"","Scopes":"","OAuthAutoCreateUsers":false,"DefaultTeamID":0,"SSO":true,"LogoutURI":"","KubeSecretKey":"j0zLVtY/lAWBk62ByyF0uP80SOXaitsABP0TTJX8MhI="},"OpenAMTConfiguration":{"Enabled":false,"MPSServer":"","MPSUser":"","MPSPassword":"","MPSToken":"","CertFileContent":"","CertFileName":"","CertFilePassword":"","DomainName":""},"FeatureFlagSettings":{},"SnapshotInterval":"5m","TemplatesURL":"https://raw.githubusercontent.com/portainer/templates/master/templates-2.0.json","EdgeAgentCheckinInterval":5,"EnableEdgeComputeFeatures":false,"UserSessionTimeout":"8h","KubeconfigExpiry":"0","EnableTelemetry":true,"HelmRepositoryURL":"https://charts.bitnami.com/bitnami","KubectlShellImage":"portainer/kubectl-shell","DisplayDonationHeader":false,"DisplayExternalContributors":false,"EnableHostManagementFeatures":false,"AllowVolumeBrowserForRegularUsers":false,"AllowBindMountsForRegularUsers":false,"AllowPrivilegedModeForRegularUsers":false,"AllowHostNamespaceForRegularUsers":false,"AllowStackManagementForRegularUsers":false,"AllowDeviceMappingForRegularUsers":false,"AllowContainerCapabilitiesForRegularUsers":false}`
+	jsonobject = `{"LogoURL":"","BlackListedLabels":[],"AuthenticationMethod":1,"LDAPSettings":{"AnonymousMode":true,"ReaderDN":"","URL":"","TLSConfig":{"TLS":false,"TLSSkipVerify":false},"StartTLS":false,"SearchSettings":[{"BaseDN":"","Filter":"","UserNameAttribute":""}],"GroupSearchSettings":[{"GroupBaseDN":"","GroupFilter":"","GroupAttribute":""}],"AutoCreateUsers":true},"OAuthSettings":{"ClientID":"","AccessTokenURI":"","AuthorizationURI":"","ResourceURI":"","RedirectURI":"","UserIdentifier":"","Scopes":"","OAuthAutoCreateUsers":false,"DefaultTeamID":0,"SSO":true,"LogoutURI":"","KubeSecretKey":"j0zLVtY/lAWBk62ByyF0uP80SOXaitsABP0TTJX8MhI="},"OpenAMTConfiguration":{"Enabled":false,"MPSServer":"","MPSUser":"","MPSPassword":"","MPSToken":"","CertFileContent":"","CertFileName":"","CertFilePassword":"","DomainName":""},"FeatureFlagSettings":{},"SnapshotInterval":"5m","TemplatesURL":"https://raw.githubusercontent.com/portainer/templates/master/templates-2.0.json","EdgeAgentCheckinInterval":5,"EnableEdgeComputeFeatures":false,"UserSessionTimeout":"8h","KubeconfigExpiry":"0","EnableTelemetry":true,"HelmRepositoryURL":"https://charts.bitnami.com/bitnami","KubectlShellImage":"portainer/kubectl-shell","DisplayDonationHeader":false,"DisplayExternalContributors":false,"EnableHostManagementFeatures":false,"AllowVolumeBrowserForRegularUsers":false,"AllowBindMountsForRegularUsers":false,"AllowPrivilegedModeForRegularUsers":false,"AllowHostNamespaceForRegularUsers":false,"AllowStackManagementForRegularUsers":false,"AllowDeviceMappingForRegularUsers":false,"AllowContainerCapabilitiesForRegularUsers":false}`
 	passphrase = "my secret key"
 )

--- a/api/datastore/backup.go
+++ b/api/datastore/backup.go
@@ -103,26 +103,8 @@ func (store *Store) backupWithOptions(options *BackupOptions) (string, error) {
 	store.createBackupFolders()

 	options = store.setupOptions(options)
-	dbPath := store.databasePath()

-	if err := store.Close(); err != nil {
-		return options.BackupPath, fmt.Errorf(
-			"error closing datastore before creating backup: %v",
-			err,
-		)
-	}
-
-	if err := store.copyDBFile(dbPath, options.BackupPath); err != nil {
-		return options.BackupPath, err
-	}
-
-	if _, err := store.Open(); err != nil {
-		return options.BackupPath, fmt.Errorf(
-			"error opening datastore after creating backup: %v",
-			err,
-		)
-	}
-	return options.BackupPath, nil
+	return options.BackupPath, store.copyDBFile(store.databasePath(), options.BackupPath)
 }

 // RestoreWithOptions previously saved backup for the current Edition  with options
--- a/api/datastore/init.go
+++ b/api/datastore/init.go
@@ -47,9 +47,6 @@ func (store *Store) checkOrCreateDefaultSettings() error {
 			EnableTelemetry:      true,
 			AuthenticationMethod: portainer.AuthenticationInternal,
 			BlackListedLabels:    make([]portainer.Pair, 0),
-			InternalAuthSettings: portainer.InternalAuthSettings{
-				RequiredPasswordLength: 12,
-			},
 			LDAPSettings: portainer.LDAPSettings{
 				AnonymousMode:   true,
 				AutoCreateUsers: true,
--- a/api/datastore/migrate_data_test.go
+++ b/api/datastore/migrate_data_test.go
@@ -34,9 +34,9 @@ func TestMigrateData(t *testing.T) {
 		wantPath string
 	}{
 		{
-			testName: "migrate version 24 to latest",
+			testName: "migrate version 24 to 35",
 			srcPath:  "test_data/input_24.json",
-			wantPath: "test_data/output_24_to_latest.json",
+			wantPath: "test_data/output_35.json",
 		},
 	}
 	for _, test := range snapshotTests {
--- a/api/datastore/migrator/migrate_ce.go
+++ b/api/datastore/migrator/migrate_ce.go
@@ -100,12 +100,6 @@ func (m *Migrator) Migrate() error {

 		// Portainer 2.13
 		newMigration(40, m.migrateDBVersionToDB40),
-
-		// Portainer 2.14
-		newMigration(50, m.migrateDBVersionToDB50),
-
-		// Portainer 2.15
-		newMigration(60, m.migrateDBVersionToDB60),
 	}

 	var lastDbVersion int
--- a/api/datastore/migrator/migrate_dbversion31.go
+++ b/api/datastore/migrator/migrate_dbversion31.go
@@ -4,7 +4,6 @@ import (
 	"fmt"
 	"log"

-	"github.com/docker/docker/api/types/volume"
 	"github.com/portainer/portainer/api/dataservices/errors"

 	portainer "github.com/portainer/portainer/api"
@@ -211,14 +210,14 @@ func (m *Migrator) updateVolumeResourceControlToDB32() error {
 			continue
 		}

-		volumesData := snapshot.SnapshotRaw.Volumes
-		if volumesData.Volumes == nil {
-			log.Println("[DEBUG] [volume migration] [message: no volume data found]")
-			continue
+		if volumesData, done := snapshot.SnapshotRaw.Volumes.(map[string]interface{}); done {
+			if volumesData["Volumes"] == nil {
+				log.Println("[DEBUG] [volume migration] [message: no volume data found]")
+				continue
+			}
+
+			findResourcesToUpdateForDB32(endpointDockerID, volumesData, toUpdate, volumeResourceControls)
 		}
-
-		findResourcesToUpdateForDB32(endpointDockerID, volumesData, toUpdate, volumeResourceControls)
-
 	}

 	for _, resourceControl := range volumeResourceControls {
@@ -241,11 +240,18 @@ func (m *Migrator) updateVolumeResourceControlToDB32() error {
 	return nil
 }

-func findResourcesToUpdateForDB32(dockerID string, volumesData volume.VolumeListOKBody, toUpdate map[portainer.ResourceControlID]string, volumeResourceControls map[string]*portainer.ResourceControl) {
-	volumes := volumesData.Volumes
-	for _, volume := range volumes {
-		volumeName := volume.Name
-		createTime := volume.CreatedAt
+func findResourcesToUpdateForDB32(dockerID string, volumesData map[string]interface{}, toUpdate map[portainer.ResourceControlID]string, volumeResourceControls map[string]*portainer.ResourceControl) {
+	volumes := volumesData["Volumes"].([]interface{})
+	for _, volumeMeta := range volumes {
+		volume := volumeMeta.(map[string]interface{})
+		volumeName, nameExist := volume["Name"].(string)
+		if !nameExist {
+			continue
+		}
+		createTime, createTimeExist := volume["CreatedAt"].(string)
+		if !createTimeExist {
+			continue
+		}

 		oldResourceID := fmt.Sprintf("%s%s", volumeName, createTime)
 		resourceControl, ok := volumeResourceControls[oldResourceID]
--- a/api/datastore/migrator/migrate_dbversion50.go
+++ b/api/datastore/migrator/migrate_dbversion50.go
@@ -1,20 +0,0 @@
-package migrator
-
-import (
-	"github.com/pkg/errors"
-)
-
-func (m *Migrator) migrateDBVersionToDB50() error {
-	return m.migratePasswordLengthSettings()
-}
-
-func (m *Migrator) migratePasswordLengthSettings() error {
-	migrateLog.Info("Updating required password length")
-	s, err := m.settingsService.Settings()
-	if err != nil {
-		return errors.Wrap(err, "unable to retrieve settings")
-	}
-
-	s.InternalAuthSettings.RequiredPasswordLength = 12
-	return m.settingsService.UpdateSettings(s)
-}
--- a/api/datastore/migrator/migrate_dbversion60.go
+++ b/api/datastore/migrator/migrate_dbversion60.go
@@ -1,30 +0,0 @@
-package migrator
-
-import portainer "github.com/portainer/portainer/api"
-
-func (m *Migrator) migrateDBVersionToDB60() error {
-	if err := m.addGpuInputFieldDB60(); err != nil {
-		return err
-	}
-
-	return nil
-}
-
-func (m *Migrator) addGpuInputFieldDB60() error {
-	migrateLog.Info("- add gpu input field")
-	endpoints, err := m.endpointService.Endpoints()
-	if err != nil {
-		return err
-	}
-
-	for _, endpoint := range endpoints {
-		endpoint.Gpus = []portainer.Pair{}
-		err = m.endpointService.UpdateEndpoint(endpoint.ID, &endpoint)
-		if err != nil {
-			return err
-		}
-
-	}
-
-	return nil
-}
--- a/api/datastore/test_data/output_24_to_latest.json
+++ b/api/datastore/test_data/output_24_to_latest.json
@@ -35,15 +35,8 @@
        "TenantID": ""
      },
      "ComposeSyntaxMaxVersion": "",
-      "Edge": {
-        "AsyncMode": false,
-        "CommandInterval": 0,
-        "PingInterval": 0,
-        "SnapshotInterval": 0
-      },
      "EdgeCheckinInterval": 0,
      "EdgeKey": "",
-      "Gpus": [],
      "GroupId": 1,
      "Id": 1,
      "IsEdgeDevice": false,
@@ -77,107 +70,12 @@
          "DockerSnapshotRaw": {
            "Containers": null,
            "Images": null,
-            "Info": {
-              "Architecture": "",
-              "BridgeNfIp6tables": false,
-              "BridgeNfIptables": false,
-              "CPUSet": false,
-              "CPUShares": false,
-              "CgroupDriver": "",
-              "ContainerdCommit": {
-                "Expected": "",
-                "ID": ""
-              },
-              "Containers": 0,
-              "ContainersPaused": 0,
-              "ContainersRunning": 0,
-              "ContainersStopped": 0,
-              "CpuCfsPeriod": false,
-              "CpuCfsQuota": false,
-              "Debug": false,
-              "DefaultRuntime": "",
-              "DockerRootDir": "",
-              "Driver": "",
-              "DriverStatus": null,
-              "ExperimentalBuild": false,
-              "GenericResources": null,
-              "HttpProxy": "",
-              "HttpsProxy": "",
-              "ID": "",
-              "IPv4Forwarding": false,
-              "Images": 0,
-              "IndexServerAddress": "",
-              "InitBinary": "",
-              "InitCommit": {
-                "Expected": "",
-                "ID": ""
-              },
-              "Isolation": "",
-              "KernelMemory": false,
-              "KernelMemoryTCP": false,
-              "KernelVersion": "",
-              "Labels": null,
-              "LiveRestoreEnabled": false,
-              "LoggingDriver": "",
-              "MemTotal": 0,
-              "MemoryLimit": false,
-              "NCPU": 0,
-              "NEventsListener": 0,
-              "NFd": 0,
-              "NGoroutines": 0,
-              "Name": "",
-              "NoProxy": "",
-              "OSType": "",
-              "OSVersion": "",
-              "OomKillDisable": false,
-              "OperatingSystem": "",
-              "PidsLimit": false,
-              "Plugins": {
-                "Authorization": null,
-                "Log": null,
-                "Network": null,
-                "Volume": null
-              },
-              "RegistryConfig": null,
-              "RuncCommit": {
-                "Expected": "",
-                "ID": ""
-              },
-              "Runtimes": null,
-              "SecurityOptions": null,
-              "ServerVersion": "",
-              "SwapLimit": false,
-              "Swarm": {
-                "ControlAvailable": false,
-                "Error": "",
-                "LocalNodeState": "",
-                "NodeAddr": "",
-                "NodeID": "",
-                "RemoteManagers": null
-              },
-              "SystemTime": "",
-              "Warnings": null
-            },
+            "Info": null,
            "Networks": null,
-            "Version": {
-              "ApiVersion": "",
-              "Arch": "",
-              "GitCommit": "",
-              "GoVersion": "",
-              "Os": "",
-              "Platform": {
-                "Name": ""
-              },
-              "Version": ""
-            },
-            "Volumes": {
-              "Volumes": null,
-              "Warnings": null
-            }
+            "Version": null,
+            "Volumes": null
          },
          "DockerVersion": "20.10.13",
-          "GpuUseAll": false,
-          "GpuUseList": null,
          "HealthyContainerCount": 0,
          "ImageCount": 9,
          "NodeCount": 0,
@@ -691,12 +589,6 @@
    "BlackListedLabels": [],
    "DisplayDonationHeader": false,
    "DisplayExternalContributors": false,
-    "Edge": {
-      "AsyncMode": false,
-      "CommandInterval": 0,
-      "PingInterval": 0,
-      "SnapshotInterval": 0
-    },
    "EdgeAgentCheckinInterval": 5,
    "EdgePortainerUrl": "",
    "EnableEdgeComputeFeatures": false,
@@ -705,9 +597,6 @@
    "EnforceEdgeID": false,
    "FeatureFlagSettings": null,
    "HelmRepositoryURL": "https://charts.bitnami.com/bitnami",
-    "InternalAuthSettings": {
-      "RequiredPasswordLength": 12
-    },
    "KubeconfigExpiry": "0",
    "KubectlShellImage": "portainer/kubectl-shell",
    "LDAPSettings": {
@@ -793,7 +682,6 @@
      "IsComposeFormat": false,
      "Name": "alpine",
      "Namespace": "",
-      "Option": null,
      "ProjectPath": "/home/prabhat/portainer/data/ce1.25/compose/2",
      "ResourceControl": null,
      "Status": 1,
@@ -816,7 +704,6 @@
      "IsComposeFormat": false,
      "Name": "redis",
      "Namespace": "",
-      "Option": null,
      "ProjectPath": "/home/prabhat/portainer/data/ce1.25/compose/5",
      "ResourceControl": null,
      "Status": 1,
@@ -839,7 +726,6 @@
      "IsComposeFormat": false,
      "Name": "nginx",
      "Namespace": "",
-      "Option": null,
      "ProjectPath": "/home/prabhat/portainer/data/ce1.25/compose/6",
      "ResourceControl": null,
      "Status": 1,
@@ -916,7 +802,7 @@
  ],
  "version": {
    "DB_UPDATING": "false",
-    "DB_VERSION": "60",
+    "DB_VERSION": "35",
    "INSTANCE_ID": "null"
  }
 }
--- a/api/demo/demo.go
+++ b/api/demo/demo.go
@@ -1,118 +0,0 @@
-package demo
-
-import (
-	"log"
-
-	"github.com/pkg/errors"
-	portainer "github.com/portainer/portainer/api"
-	"github.com/portainer/portainer/api/dataservices"
-)
-
-type EnvironmentDetails struct {
-	Enabled      bool                   `json:"enabled"`
-	Users        []portainer.UserID     `json:"users"`
-	Environments []portainer.EndpointID `json:"environments"`
-}
-
-type Service struct {
-	details EnvironmentDetails
-}
-
-func NewService() *Service {
-	return &Service{}
-}
-
-func (service *Service) Details() EnvironmentDetails {
-	return service.details
-}
-
-func (service *Service) Init(store dataservices.DataStore, cryptoService portainer.CryptoService) error {
-	log.Print("[INFO] [main] Starting demo environment")
-
-	isClean, err := isCleanStore(store)
-	if err != nil {
-		return errors.WithMessage(err, "failed checking if store is clean")
-	}
-
-	if !isClean {
-		return errors.New(" Demo environment can only be initialized on a clean database")
-	}
-
-	id, err := initDemoUser(store, cryptoService)
-	if err != nil {
-		return errors.WithMessage(err, "failed creating demo user")
-	}
-
-	endpointIds, err := initDemoEndpoints(store)
-	if err != nil {
-		return errors.WithMessage(err, "failed creating demo endpoint")
-	}
-
-	err = initDemoSettings(store)
-	if err != nil {
-		return errors.WithMessage(err, "failed updating demo settings")
-	}
-
-	service.details = EnvironmentDetails{
-		Enabled: true,
-		Users:   []portainer.UserID{id},
-		// endpoints 2,3 are created after deployment of portainer
-		Environments: endpointIds,
-	}
-
-	return nil
-}
-
-func isCleanStore(store dataservices.DataStore) (bool, error) {
-	endpoints, err := store.Endpoint().Endpoints()
-	if err != nil {
-		return false, err
-	}
-
-	if len(endpoints) > 0 {
-		return false, nil
-	}
-
-	users, err := store.User().Users()
-	if err != nil {
-		return false, err
-	}
-
-	if len(users) > 0 {
-		return false, nil
-	}
-
-	return true, nil
-}
-
-func (service *Service) IsDemo() bool {
-	return service.details.Enabled
-}
-
-func (service *Service) IsDemoEnvironment(environmentID portainer.EndpointID) bool {
-	if !service.IsDemo() {
-		return false
-	}
-
-	for _, demoEndpointID := range service.details.Environments {
-		if environmentID == demoEndpointID {
-			return true
-		}
-	}
-
-	return false
-}
-
-func (service *Service) IsDemoUser(userID portainer.UserID) bool {
-	if !service.IsDemo() {
-		return false
-	}
-
-	for _, demoUserID := range service.details.Users {
-		if userID == demoUserID {
-			return true
-		}
-	}
-
-	return false
-}
--- a/api/demo/init.go
+++ b/api/demo/init.go
@@ -1,79 +0,0 @@
-package demo
-
-import (
-	"github.com/pkg/errors"
-	portainer "github.com/portainer/portainer/api"
-	"github.com/portainer/portainer/api/dataservices"
-)
-
-func initDemoUser(
-	store dataservices.DataStore,
-	cryptoService portainer.CryptoService,
-) (portainer.UserID, error) {
-
-	password, err := cryptoService.Hash("tryportainer")
-	if err != nil {
-		return 0, errors.WithMessage(err, "failed creating password hash")
-	}
-
-	admin := &portainer.User{
-		Username: "admin",
-		Password: password,
-		Role:     portainer.AdministratorRole,
-	}
-
-	err = store.User().Create(admin)
-	return admin.ID, errors.WithMessage(err, "failed creating user")
-}
-
-func initDemoEndpoints(store dataservices.DataStore) ([]portainer.EndpointID, error) {
-	localEndpointId, err := initDemoLocalEndpoint(store)
-	if err != nil {
-		return nil, err
-	}
-
-	// second and third endpoints are going to be created with docker-compose as a part of the demo environment set up.
-	// ref: https://github.com/portainer/portainer-demo/blob/master/docker-compose.yml
-	return []portainer.EndpointID{localEndpointId, localEndpointId + 1, localEndpointId + 2}, nil
-}
-
-func initDemoLocalEndpoint(store dataservices.DataStore) (portainer.EndpointID, error) {
-	id := portainer.EndpointID(store.Endpoint().GetNextIdentifier())
-	localEndpoint := &portainer.Endpoint{
-		ID:        id,
-		Name:      "local",
-		URL:       "unix:///var/run/docker.sock",
-		PublicURL: "demo.portainer.io",
-		Type:      portainer.DockerEnvironment,
-		GroupID:   portainer.EndpointGroupID(1),
-		TLSConfig: portainer.TLSConfiguration{
-			TLS: false,
-		},
-		AuthorizedUsers:    []portainer.UserID{},
-		AuthorizedTeams:    []portainer.TeamID{},
-		UserAccessPolicies: portainer.UserAccessPolicies{},
-		TeamAccessPolicies: portainer.TeamAccessPolicies{},
-		TagIDs:             []portainer.TagID{},
-		Status:             portainer.EndpointStatusUp,
-		Snapshots:          []portainer.DockerSnapshot{},
-		Kubernetes:         portainer.KubernetesDefault(),
-	}
-
-	err := store.Endpoint().Create(localEndpoint)
-	return id, errors.WithMessage(err, "failed creating local endpoint")
-}
-
-func initDemoSettings(
-	store dataservices.DataStore,
-) error {
-	settings, err := store.Settings().Settings()
-	if err != nil {
-		return errors.WithMessage(err, "failed fetching settings")
-	}
-
-	settings.EnableTelemetry = false
-	settings.LogoURL = ""
-
-	err = store.Settings().UpdateSettings(settings)
-	return errors.WithMessage(err, "failed updating settings")
-}
--- a/api/docker/snapshot.go
+++ b/api/docker/snapshot.go
@@ -7,10 +7,9 @@ import (
 	"time"

 	"github.com/docker/docker/api/types"
-	_container "github.com/docker/docker/api/types/container"
 	"github.com/docker/docker/api/types/filters"
 	"github.com/docker/docker/client"
-	portainer "github.com/portainer/portainer/api"
+	"github.com/portainer/portainer/api"
 )

 // Snapshotter represents a service used to create environment(endpoint) snapshots
@@ -155,35 +154,11 @@ func snapshotContainers(snapshot *portainer.DockerSnapshot, cli *client.Client)
 	healthyContainers := 0
 	unhealthyContainers := 0
 	stacks := make(map[string]struct{})
-	gpuUseSet := make(map[string]struct{})
-	gpuUseAll := false
 	for _, container := range containers {
 		if container.State == "exited" {
 			stoppedContainers++
 		} else if container.State == "running" {
 			runningContainers++
-
-			// snapshot GPUs
-			response, err := cli.ContainerInspect(context.Background(), container.ID)
-			if err != nil {
-				return err
-			}
-
-			var gpuOptions *_container.DeviceRequest = nil
-			for _, deviceRequest := range response.HostConfig.Resources.DeviceRequests {
-				if deviceRequest.Driver == "nvidia" || deviceRequest.Capabilities[0][0] == "gpu" {
-					gpuOptions = &deviceRequest
-				}
-			}
-
-			if gpuOptions != nil {
-				if gpuOptions.Count == -1 {
-					gpuUseAll = true
-				}
-				for _, id := range gpuOptions.DeviceIDs {
-					gpuUseSet[id] = struct{}{}
-				}
-			}
 		}

 		if strings.Contains(container.Status, "(healthy)") {
@@ -199,14 +174,6 @@ func snapshotContainers(snapshot *portainer.DockerSnapshot, cli *client.Client)
 		}
 	}

-	gpuUseList := make([]string, 0, len(gpuUseSet))
-	for gpuUse := range gpuUseSet {
-		gpuUseList = append(gpuUseList, gpuUse)
-	}
-
-	snapshot.GpuUseAll = gpuUseAll
-	snapshot.GpuUseList = gpuUseList
-
 	snapshot.RunningContainerCount = runningContainers
 	snapshot.StoppedContainerCount = stoppedContainers
 	snapshot.HealthyContainerCount = healthyContainers
--- a/api/exec/compose_stack.go
+++ b/api/exec/compose_stack.go
@@ -6,6 +6,7 @@ import (
 	"io"
 	"os"
 	"path"
+	"regexp"
 	"strings"

 	"github.com/pkg/errors"
@@ -13,6 +14,7 @@ import (
 	libstack "github.com/portainer/docker-compose-wrapper"
 	"github.com/portainer/docker-compose-wrapper/compose"

+	"github.com/docker/cli/cli/compose/loader"
 	portainer "github.com/portainer/portainer/api"
 	"github.com/portainer/portainer/api/http/proxy"
 	"github.com/portainer/portainer/api/http/proxy/factory"
@@ -54,13 +56,13 @@ func (manager *ComposeStackManager) Up(ctx context.Context, stack *portainer.Sta
 		defer proxy.Close()
 	}

-	envFile, err := createEnvFile(stack)
+	envFilePath, err := createEnvFile(stack)
 	if err != nil {
 		return errors.Wrap(err, "failed to create env file")
 	}

 	filePaths := stackutils.GetStackFilePaths(stack)
-	err = manager.deployer.Deploy(ctx, stack.ProjectPath, url, stack.Name, filePaths, envFile, forceRereate)
+	err = manager.deployer.Deploy(ctx, stack.ProjectPath, url, stack.Name, filePaths, envFilePath, forceRereate)
 	return errors.Wrap(err, "failed to deploy a stack")
 }

@@ -74,14 +76,12 @@ func (manager *ComposeStackManager) Down(ctx context.Context, stack *portainer.S
 		defer proxy.Close()
 	}

-	envFile, err := createEnvFile(stack)
-	if err != nil {
-		return errors.Wrap(err, "failed to create env file")
+	if err := updateNetworkEnvFile(stack); err != nil {
+		return err
 	}

 	filePaths := stackutils.GetStackFilePaths(stack)
-
-	err = manager.deployer.Remove(ctx, stack.ProjectPath, url, stack.Name, filePaths, envFile)
+	err = manager.deployer.Remove(ctx, stack.ProjectPath, url, stack.Name, filePaths)
 	return errors.Wrap(err, "failed to remove a stack")
 }

@@ -103,42 +103,200 @@ func (manager *ComposeStackManager) fetchEndpointProxy(endpoint *portainer.Endpo
 	return fmt.Sprintf("tcp://127.0.0.1:%d", proxy.Port), proxy, nil
 }

-// createEnvFile creates a file that would hold both "in-place" and default environment variables.
-// It will return the name of the file if the stack has "in-place" env vars, otherwise empty string.
 func createEnvFile(stack *portainer.Stack) (string, error) {
+	// workaround for EE-1862. It will have to be removed when
+	// docker/compose upgraded to v2.x.
+	if err := createNetworkEnvFile(stack); err != nil {
+		return "", errors.Wrap(err, "failed to create network env file")
+	}
+
 	if stack.Env == nil || len(stack.Env) == 0 {
 		return "", nil
 	}

 	envFilePath := path.Join(stack.ProjectPath, "stack.env")
+
 	envfile, err := os.OpenFile(envFilePath, os.O_WRONLY|os.O_CREATE|os.O_TRUNC, 0600)
 	if err != nil {
 		return "", err
 	}
-	defer envfile.Close()
-
-	copyDefaultEnvFile(stack, envfile)

 	for _, v := range stack.Env {
 		envfile.WriteString(fmt.Sprintf("%s=%s\n", v.Name, v.Value))
 	}
+	envfile.Close()

 	return "stack.env", nil
 }

-// copyDefaultEnvFile copies the default .env file if it exists to the provided writer
-func copyDefaultEnvFile(stack *portainer.Stack, w io.Writer) {
-	defaultEnvFile, err := os.Open(path.Join(path.Join(stack.ProjectPath, path.Dir(stack.EntryPoint)), ".env"))
-	if err != nil {
-		// If cannot open a default file, then don't need to copy it.
-		// We could as well stat it and check if it exists, but this is more efficient.
-		return
+func fileNotExist(filePath string) bool {
+	if _, err := os.Stat(filePath); errors.Is(err, os.ErrNotExist) {
+		return true
 	}

-	defer defaultEnvFile.Close()
-
-	if _, err = io.Copy(w, defaultEnvFile); err == nil {
-		io.WriteString(w, "\n")
-	}
-	// If couldn't copy the .env file, then ignore the error and try to continue
+	return false
+}
+
+func updateNetworkEnvFile(stack *portainer.Stack) error {
+	envFilePath := path.Join(stack.ProjectPath, ".env")
+	stackFilePath := path.Join(stack.ProjectPath, "stack.env")
+	if fileNotExist(envFilePath) {
+		if fileNotExist(stackFilePath) {
+			return nil
+		}
+
+		flags := os.O_WRONLY | os.O_SYNC | os.O_CREATE
+		envFile, err := os.OpenFile(envFilePath, flags, 0666)
+		if err != nil {
+			return err
+		}
+
+		defer envFile.Close()
+
+		stackFile, err := os.Open(stackFilePath)
+		if err != nil {
+			return err
+		}
+
+		defer stackFile.Close()
+
+		_, err = io.Copy(envFile, stackFile)
+		return err
+	}
+
+	return nil
+}
+
+func createNetworkEnvFile(stack *portainer.Stack) error {
+	networkNameSet := NewStringSet()
+
+	for _, filePath := range stackutils.GetStackFilePaths(stack) {
+		networkNames, err := extractNetworkNames(filePath)
+		if err != nil {
+			return errors.Wrap(err, "failed to extract network name")
+		}
+
+		if networkNames == nil || networkNames.Len() == 0 {
+			continue
+		}
+
+		networkNameSet.Union(networkNames)
+	}
+
+	for _, s := range networkNameSet.List() {
+		if _, ok := os.LookupEnv(s); ok {
+			networkNameSet.Remove(s)
+		}
+	}
+
+	if networkNameSet.Len() == 0 && stack.Env == nil {
+		return nil
+	}
+
+	envfile, err := os.OpenFile(path.Join(stack.ProjectPath, ".env"),
+		os.O_WRONLY|os.O_CREATE|os.O_TRUNC, 0600)
+	if err != nil {
+		return errors.Wrap(err, "failed to open env file")
+	}
+
+	defer envfile.Close()
+
+	var scanEnvSettingFunc = func(name string) (string, bool) {
+		if stack.Env != nil {
+			for _, v := range stack.Env {
+				if name == v.Name {
+					return v.Value, true
+				}
+			}
+		}
+
+		return "", false
+	}
+
+	for _, s := range networkNameSet.List() {
+		if _, ok := scanEnvSettingFunc(s); !ok {
+			stack.Env = append(stack.Env, portainer.Pair{
+				Name:  s,
+				Value: "None",
+			})
+		}
+	}
+
+	if stack.Env != nil {
+		for _, v := range stack.Env {
+			envfile.WriteString(
+				fmt.Sprintf("%s=%s\n", v.Name, v.Value))
+		}
+	}
+
+	return nil
+}
+
+func extractNetworkNames(filePath string) (StringSet, error) {
+	if info, err := os.Stat(filePath); errors.Is(err,
+		os.ErrNotExist) || info.IsDir() {
+		return nil, nil
+	}
+
+	stackFileContent, err := os.ReadFile(filePath)
+	if err != nil {
+		return nil, errors.Wrap(err, "failed to open yaml file")
+	}
+
+	config, err := loader.ParseYAML(stackFileContent)
+	if err != nil {
+		// invalid stack file
+		return nil, errors.Wrap(err, "invalid stack file")
+	}
+
+	var version string
+	if _, ok := config["version"]; ok {
+		version, _ = config["version"].(string)
+	}
+
+	var networks map[string]interface{}
+	if value, ok := config["networks"]; ok {
+		if value == nil {
+			return nil, nil
+		}
+
+		if networks, ok = value.(map[string]interface{}); !ok {
+			return nil, nil
+		}
+	} else {
+		return nil, nil
+	}
+
+	networkContent, err := loader.LoadNetworks(networks, version)
+	if err != nil {
+		return nil, nil // skip the error
+	}
+
+	re := regexp.MustCompile(`^\$\{?([^\}]+)\}?$`)
+	networkNames := NewStringSet()
+
+	for _, v := range networkContent {
+		matched := re.FindAllStringSubmatch(v.Name, -1)
+		if matched != nil && matched[0] != nil {
+			if strings.Contains(matched[0][1], ":-") {
+				continue
+			}
+
+			if strings.Contains(matched[0][1], "?") {
+				continue
+			}
+
+			if strings.Contains(matched[0][1], "-") {
+				continue
+			}
+
+			networkNames.Add(matched[0][1])
+		}
+	}
+
+	if networkNames.Len() == 0 {
+		return nil, nil
+	}
+
+	return networkNames, nil
 }
--- a/api/exec/compose_stack_integration_test.go
+++ b/api/exec/compose_stack_integration_test.go
@@ -11,7 +11,6 @@ import (
 	"testing"

 	portainer "github.com/portainer/portainer/api"
-	"github.com/portainer/portainer/api/internal/testhelpers"
 )

 const composeFile = `version: "3.9"
@@ -42,8 +41,6 @@ func setup(t *testing.T) (*portainer.Stack, *portainer.Endpoint) {

 func Test_UpAndDown(t *testing.T) {

-	testhelpers.IntegrationTest(t)
-
 	stack, endpoint := setup(t)

 	w, err := NewComposeStackManager("", "", nil)
--- a/api/exec/compose_stack_test.go
+++ b/api/exec/compose_stack_test.go
@@ -65,22 +65,56 @@ func Test_createEnvFile(t *testing.T) {
 	}
 }

-func Test_createEnvFile_mergesDefultAndInplaceEnvVars(t *testing.T) {
+func Test_createNetworkEnvFile(t *testing.T) {
 	dir := t.TempDir()
-	os.WriteFile(path.Join(dir, ".env"), []byte("VAR1=VAL1\nVAR2=VAL2\n"), 0600)
-	stack := &portainer.Stack{
+	buf := []byte(`
+version: '3.6'
+services:
+  nginx-example:
+    image: nginx:latest
+networks:
+  default:
+    name: ${test}
+    driver: bridge
+`)
+	if err := ioutil.WriteFile(path.Join(dir,
+		"docker-compose.yml"), buf, 0644); err != nil {
+		t.Fatalf("Failed to create yaml file: %s", err)
+	}
+
+	stackWithoutEnv := &portainer.Stack{
 		ProjectPath: dir,
+		EntryPoint:  "docker-compose.yml",
+		Env:         []portainer.Pair{},
+	}
+
+	if err := createNetworkEnvFile(stackWithoutEnv); err != nil {
+		t.Fatalf("Failed to create network env file: %s", err)
+	}
+
+	content, err := ioutil.ReadFile(path.Join(dir, ".env"))
+	if err != nil {
+		t.Fatalf("Failed to read network env file: %s", err)
+	}
+
+	assert.Equal(t, "test=None\n", string(content))
+
+	stackWithEnv := &portainer.Stack{
+		ProjectPath: dir,
+		EntryPoint:  "docker-compose.yml",
 		Env: []portainer.Pair{
-			{Name: "VAR1", Value: "NEW_VAL1"},
-			{Name: "VAR3", Value: "VAL3"},
+			{Name: "test", Value: "test-value"},
 		},
 	}
-	result, err := createEnvFile(stack)
-	assert.Equal(t, "stack.env", result)
-	assert.NoError(t, err)
-	assert.FileExists(t, path.Join(dir, "stack.env"))
-	f, _ := os.Open(path.Join(dir, "stack.env"))
-	content, _ := ioutil.ReadAll(f)

-	assert.Equal(t, []byte("VAR1=VAL1\nVAR2=VAL2\n\nVAR1=NEW_VAL1\nVAR3=VAL3\n"), content)
+	if err := createNetworkEnvFile(stackWithEnv); err != nil {
+		t.Fatalf("Failed to create network env file: %s", err)
+	}
+
+	content, err = ioutil.ReadFile(path.Join(dir, ".env"))
+	if err != nil {
+		t.Fatalf("Failed to read network env file: %s", err)
+	}
+
+	assert.Equal(t, "test=test-value\n", string(content))
 }
--- a/api/git/azure.go
+++ b/api/git/azure.go
@@ -108,12 +108,12 @@ func (a *azureDownloader) latestCommitID(ctx context.Context, options fetchOptio
 		return "", errors.WithMessage(err, "failed to parse url")
 	}

-	rootItemUrl, err := a.buildRootItemUrl(config, options.referenceName)
+	refsUrl, err := a.buildRefsUrl(config, options.referenceName)
 	if err != nil {
-		return "", errors.WithMessage(err, "failed to build azure root item url")
+		return "", errors.WithMessage(err, "failed to build azure refs url")
 	}

-	req, err := http.NewRequestWithContext(ctx, "GET", rootItemUrl, nil)
+	req, err := http.NewRequestWithContext(ctx, "GET", refsUrl, nil)
 	if options.username != "" || options.password != "" {
 		req.SetBasicAuth(options.username, options.password)
 	} else if config.username != "" || config.password != "" {
@@ -131,24 +131,26 @@ func (a *azureDownloader) latestCommitID(ctx context.Context, options fetchOptio
 	defer resp.Body.Close()

 	if resp.StatusCode != http.StatusOK {
-		return "", fmt.Errorf("failed to get repository root item with a status \"%v\"", resp.Status)
+		return "", fmt.Errorf("failed to get repository refs with a status \"%v\"", resp.Status)
 	}

-	var items struct {
+	var refs struct {
 		Value []struct {
-			CommitId string `json:"commitId"`
+			Name     string `json:"name"`
+			ObjectId string `json:"objectId"`
+		}
+	}
+	if err := json.NewDecoder(resp.Body).Decode(&refs); err != nil {
+		return "", errors.Wrap(err, "could not parse Azure Refs response")
+	}
+
+	for _, ref := range refs.Value {
+		if strings.EqualFold(ref.Name, options.referenceName) {
+			return ref.ObjectId, nil
 		}
 	}

-	if err := json.NewDecoder(resp.Body).Decode(&items); err != nil {
-		return "", errors.Wrap(err, "could not parse Azure items response")
-	}
-
-	if len(items.Value) == 0 || items.Value[0].CommitId == "" {
-		return "", errors.Errorf("failed to get latest commitID in the repository")
-	}
-
-	return items.Value[0].CommitId, nil
+	return "", errors.Errorf("could not find ref %q in the repository", options.referenceName)
 }

 func parseUrl(rawUrl string) (*azureOptions, error) {
@@ -234,10 +236,8 @@ func (a *azureDownloader) buildDownloadUrl(config *azureOptions, referenceName s
 	// scopePath=/&download=true&versionDescriptor.version=main&$format=zip&recursionLevel=full&api-version=6.0
 	q.Set("scopePath", "/")
 	q.Set("download", "true")
-	if referenceName != "" {
-		q.Set("versionDescriptor.versionType", getVersionType(referenceName))
-		q.Set("versionDescriptor.version", formatReferenceName(referenceName))
-	}
+	q.Set("versionDescriptor.versionType", getVersionType(referenceName))
+	q.Set("versionDescriptor.version", formatReferenceName(referenceName))
 	q.Set("$format", "zip")
 	q.Set("recursionLevel", "full")
 	q.Set("api-version", "6.0")
@@ -246,8 +246,8 @@ func (a *azureDownloader) buildDownloadUrl(config *azureOptions, referenceName s
 	return u.String(), nil
 }

-func (a *azureDownloader) buildRootItemUrl(config *azureOptions, referenceName string) (string, error) {
-	rawUrl := fmt.Sprintf("%s/%s/%s/_apis/git/repositories/%s/items",
+func (a *azureDownloader) buildRefsUrl(config *azureOptions, referenceName string) (string, error) {
+	rawUrl := fmt.Sprintf("%s/%s/%s/_apis/git/repositories/%s/refs",
 		a.baseUrl,
 		url.PathEscape(config.organisation),
 		url.PathEscape(config.project),
@@ -255,15 +255,12 @@ func (a *azureDownloader) buildRootItemUrl(config *azureOptions, referenceName s
 	u, err := url.Parse(rawUrl)

 	if err != nil {
-		return "", errors.Wrapf(err, "failed to parse root item url path %s", rawUrl)
+		return "", errors.Wrapf(err, "failed to parse refs url path %s", rawUrl)
 	}

+	// filterContains=main&api-version=6.0
 	q := u.Query()
-	q.Set("scopePath", "/")
-	if referenceName != "" {
-		q.Set("versionDescriptor.versionType", getVersionType(referenceName))
-		q.Set("versionDescriptor.version", formatReferenceName(referenceName))
-	}
+	q.Set("filterContains", formatReferenceName(referenceName))
 	q.Set("api-version", "6.0")
 	u.RawQuery = q.Encode()

--- a/api/git/azure_test.go
+++ b/api/git/azure_test.go
@@ -28,15 +28,15 @@ func Test_buildDownloadUrl(t *testing.T) {
 	}
 }

-func Test_buildRootItemUrl(t *testing.T) {
+func Test_buildRefsUrl(t *testing.T) {
 	a := NewAzureDownloader(nil)
-	u, err := a.buildRootItemUrl(&azureOptions{
+	u, err := a.buildRefsUrl(&azureOptions{
 		organisation: "organisation",
 		project:      "project",
 		repository:   "repository",
 	}, "refs/heads/main")

-	expectedUrl, _ := url.Parse("https://dev.azure.com/organisation/project/_apis/git/repositories/repository/items?scopePath=/&api-version=6.0&versionDescriptor.version=main&versionDescriptor.versionType=branch")
+	expectedUrl, _ := url.Parse("https://dev.azure.com/organisation/project/_apis/git/repositories/repository/refs?filterContains=main&api-version=6.0")
 	actualUrl, _ := url.Parse(u)
 	assert.NoError(t, err)
 	assert.Equal(t, expectedUrl.Host, actualUrl.Host)
@@ -270,17 +270,63 @@ func Test_azureDownloader_downloadZipFromAzureDevOps(t *testing.T) {
 func Test_azureDownloader_latestCommitID(t *testing.T) {
 	server := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
 		response := `{
-		  "count": 1,
-		  "value": [
-			{
-			  "objectId": "1a5630f017127db7de24d8771da0f536ff98fc9b",
-			  "gitObjectType": "tree",
-			  "commitId": "27104ad7549d9e66685e115a497533f18024be9c",
-			  "path": "/",
-			  "isFolder": true,
-			  "url": "https://dev.azure.com/simonmeng0474/4b546a97-c481-4506-bdd5-976e9592f91a/_apis/git/repositories/a22247ad-053f-43bc-88a7-62ff4846bb97/items?path=%2F&versionType=Branch&versionOptions=None"
-			}
-		  ]
+			"value": [
+				{
+					"name": "refs/heads/feature/calcApp",
+					"objectId": "ffe9cba521f00d7f60e322845072238635edb451",
+					"creator": {
+						"displayName": "Normal Paulk",
+						"url": "https://vssps.dev.azure.com/fabrikam/_apis/Identities/ac5aaba6-a66a-4e1d-b508-b060ec624fa9",
+						"_links": {
+							"avatar": {
+								"href": "https://dev.azure.com/fabrikam/_apis/GraphProfile/MemberAvatars/aad.YmFjMGYyZDctNDA3ZC03OGRhLTlhMjUtNmJhZjUwMWFjY2U5"
+							}
+						},
+						"id": "ac5aaba6-a66a-4e1d-b508-b060ec624fa9",
+						"uniqueName": "dev@mailserver.com",
+						"imageUrl": "https://dev.azure.com/fabrikam/_api/_common/identityImage?id=ac5aaba6-a66a-4e1d-b508-b060ec624fa9",
+						"descriptor": "aad.YmFjMGYyZDctNDA3ZC03OGRhLTlhMjUtNmJhZjUwMWFjY2U5"
+					},
+					"url": "https://dev.azure.com/fabrikam/7484f783-66a3-4f27-b7cd-6b08b0b077ed/_apis/git/repositories/d3d1760b-311c-4175-a726-20dfc6a7f885/refs?filter=heads%2Ffeature%2FcalcApp"
+				},
+				{
+					"name": "refs/heads/feature/replacer",
+					"objectId": "917131a709996c5cfe188c3b57e9a6ad90e8b85c",
+					"creator": {
+						"displayName": "Normal Paulk",
+						"url": "https://vssps.dev.azure.com/fabrikam/_apis/Identities/ac5aaba6-a66a-4e1d-b508-b060ec624fa9",
+						"_links": {
+							"avatar": {
+								"href": "https://dev.azure.com/fabrikam/_apis/GraphProfile/MemberAvatars/aad.YmFjMGYyZDctNDA3ZC03OGRhLTlhMjUtNmJhZjUwMWFjY2U5"
+							}
+						},
+						"id": "ac5aaba6-a66a-4e1d-b508-b060ec624fa9",
+						"uniqueName": "dev@mailserver.com",
+						"imageUrl": "https://dev.azure.com/fabrikam/_api/_common/identityImage?id=ac5aaba6-a66a-4e1d-b508-b060ec624fa9",
+						"descriptor": "aad.YmFjMGYyZDctNDA3ZC03OGRhLTlhMjUtNmJhZjUwMWFjY2U5"
+					},
+					"url": "https://dev.azure.com/fabrikam/7484f783-66a3-4f27-b7cd-6b08b0b077ed/_apis/git/repositories/d3d1760b-311c-4175-a726-20dfc6a7f885/refs?filter=heads%2Ffeature%2Freplacer"
+				},
+				{
+					"name": "refs/heads/master",
+					"objectId": "ffe9cba521f00d7f60e322845072238635edb451",
+					"creator": {
+						"displayName": "Normal Paulk",
+						"url": "https://vssps.dev.azure.com/fabrikam/_apis/Identities/ac5aaba6-a66a-4e1d-b508-b060ec624fa9",
+						"_links": {
+							"avatar": {
+								"href": "https://dev.azure.com/fabrikam/_apis/GraphProfile/MemberAvatars/aad.YmFjMGYyZDctNDA3ZC03OGRhLTlhMjUtNmJhZjUwMWFjY2U5"
+							}
+						},
+						"id": "ac5aaba6-a66a-4e1d-b508-b060ec624fa9",
+						"uniqueName": "dev@mailserver.com",
+						"imageUrl": "https://dev.azure.com/fabrikam/_api/_common/identityImage?id=ac5aaba6-a66a-4e1d-b508-b060ec624fa9",
+						"descriptor": "aad.YmFjMGYyZDctNDA3ZC03OGRhLTlhMjUtNmJhZjUwMWFjY2U5"
+					},
+					"url": "https://dev.azure.com/fabrikam/7484f783-66a3-4f27-b7cd-6b08b0b077ed/_apis/git/repositories/d3d1760b-311c-4175-a726-20dfc6a7f885/refs?filter=heads%2Fmaster"
+				}
+			],
+			"count": 3
 		}`
 		w.Header().Set("Content-Type", "application/json")
 		w.Write([]byte(response))
@@ -301,11 +347,19 @@ func Test_azureDownloader_latestCommitID(t *testing.T) {
 		{
 			name: "should be able to parse response",
 			args: fetchOptions{
-				referenceName: "",
+				referenceName: "refs/heads/master",
 				repositoryUrl: "https://dev.azure.com/Organisation/Project/_git/Repository"},
-			want:    "27104ad7549d9e66685e115a497533f18024be9c",
+			want:    "ffe9cba521f00d7f60e322845072238635edb451",
 			wantErr: false,
 		},
+		{
+			name: "should be able to parse response",
+			args: fetchOptions{
+				referenceName: "refs/heads/unknown",
+				repositoryUrl: "https://dev.azure.com/Organisation/Project/_git/Repository"},
+			want:    "",
+			wantErr: true,
+		},
 	}

 	for _, tt := range tests {
--- a/api/git/git.go
+++ b/api/git/git.go
@@ -82,17 +82,8 @@ func (c gitClient) latestCommitID(ctx context.Context, opt fetchOptions) (string
 		return "", errors.Wrap(err, "failed to list repository refs")
 	}

-	referenceName := opt.referenceName
-	if referenceName == "" {
-		for _, ref := range refs {
-			if strings.EqualFold(ref.Name().String(), "HEAD") {
-				referenceName = ref.Target().String()
-			}
-		}
-	}
-
 	for _, ref := range refs {
-		if strings.EqualFold(ref.Name().String(), referenceName) {
+		if strings.EqualFold(ref.Name().String(), opt.referenceName) {
 			return ref.Hash().String(), nil
 		}
 	}
--- a/api/go.mod
+++ b/api/go.mod
@@ -1,6 +1,6 @@
 module github.com/portainer/portainer/api

-go 1.18
+go 1.17

 require (
 	github.com/Microsoft/go-winio v0.5.1
@@ -11,7 +11,7 @@ require (
 	github.com/coreos/go-semver v0.3.0
 	github.com/dchest/uniuri v0.0.0-20160212164326-8902c56451e9
 	github.com/docker/cli v20.10.9+incompatible
-	github.com/docker/docker v20.10.16+incompatible
+	github.com/docker/docker v20.10.9+incompatible
 	github.com/fvbommel/sortorder v1.0.2
 	github.com/fxamacker/cbor/v2 v2.3.0
 	github.com/g07cha/defender v0.0.0-20180505193036-5665c627c814
@@ -20,7 +20,7 @@ require (
 	github.com/go-playground/validator/v10 v10.10.1
 	github.com/gofrs/uuid v4.0.0+incompatible
 	github.com/golang-jwt/jwt v3.2.2+incompatible
-	github.com/google/go-cmp v0.5.8
+	github.com/google/go-cmp v0.5.6
 	github.com/gorilla/handlers v1.5.1
 	github.com/gorilla/mux v1.7.3
 	github.com/gorilla/securecookie v1.1.1
@@ -32,8 +32,8 @@ require (
 	github.com/koding/websocketproxy v0.0.0-20181220232114-7ed82d81a28c
 	github.com/orcaman/concurrent-map v0.0.0-20190826125027-8c72a8bb44f6
 	github.com/pkg/errors v0.9.1
-	github.com/portainer/docker-compose-wrapper v0.0.0-20220708023447-a69a4ebaa021
-	github.com/portainer/libcrypto v0.0.0-20220506221303-1f4fb3b30f9a
+	github.com/portainer/docker-compose-wrapper v0.0.0-20220407011010-3c7408969ad3
+	github.com/portainer/libcrypto v0.0.0-20210422035235-c652195c5c3a
 	github.com/portainer/libhelm v0.0.0-20210929000907-825e93d62108
 	github.com/portainer/libhttp v0.0.0-20211208103139-07a5f798eb3f
 	github.com/rkl-/digest v0.0.0-20180419075440-8316caa4a777
@@ -43,7 +43,6 @@ require (
 	github.com/viney-shih/go-lock v1.1.1
 	go.etcd.io/bbolt v1.3.6
 	golang.org/x/crypto v0.0.0-20211215153901-e495a2d5b3d3
-	golang.org/x/exp v0.0.0-20220613132600-b0d781184e0d
 	golang.org/x/oauth2 v0.0.0-20210819190943-2bc19b11175f
 	golang.org/x/sync v0.0.0-20210220032951-036812b2e83c
 	gopkg.in/alecthomas/kingpin.v2 v2.2.6
@@ -62,6 +61,7 @@ require (
 	github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.1 // indirect
 	github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.0.1 // indirect
 	github.com/aws/smithy-go v1.9.0 // indirect
+	github.com/containerd/containerd v1.6.1 // indirect
 	github.com/davecgh/go-spew v1.1.1 // indirect
 	github.com/docker/distribution v2.8.0+incompatible // indirect
 	github.com/docker/go-connections v0.4.0 // indirect
@@ -95,9 +95,6 @@ require (
 	github.com/moby/term v0.0.0-20210619224110-3f7ff695adc6 // indirect
 	github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect
 	github.com/modern-go/reflect2 v1.0.2 // indirect
-	github.com/morikuni/aec v1.0.0 // indirect
-	github.com/onsi/ginkgo v1.16.4 // indirect
-	github.com/onsi/gomega v1.15.0 // indirect
 	github.com/opencontainers/go-digest v1.0.0 // indirect
 	github.com/opencontainers/image-spec v1.0.2 // indirect
 	github.com/pmezard/go-difflib v1.0.0 // indirect
@@ -115,11 +112,12 @@ require (
 	golang.org/x/text v0.3.7 // indirect
 	golang.org/x/time v0.0.0-20210723032227-1f47c861a9ac // indirect
 	google.golang.org/appengine v1.6.7 // indirect
+	google.golang.org/genproto v0.0.0-20211208223120-3a66f561d7aa // indirect
+	google.golang.org/grpc v1.43.0 // indirect
 	google.golang.org/protobuf v1.27.1 // indirect
 	gopkg.in/inf.v0 v0.9.1 // indirect
 	gopkg.in/warnings.v0 v0.1.2 // indirect
 	gopkg.in/yaml.v2 v2.4.0 // indirect
-	gotest.tools/v3 v3.0.3 // indirect
 	k8s.io/klog/v2 v2.30.0 // indirect
 	k8s.io/kube-openapi v0.0.0-20211109043538-20434351676c // indirect
 	k8s.io/utils v0.0.0-20210930125809-cb0fa318a74b // indirect
--- a/api/go.sum
+++ b/api/go.sum
--- a/api/http/errors/errors.go
+++ b/api/http/errors/errors.go
@@ -9,6 +9,4 @@ var (
 	ErrUnauthorized = errors.New("Unauthorized")
 	// ErrResourceAccessDenied Access denied to resource error
 	ErrResourceAccessDenied = errors.New("Access denied to resource")
-	// ErrNotAvailableInDemo feature is not allowed in demo
-	ErrNotAvailableInDemo = errors.New("This feature is not available in the demo version of Portainer")
 )
--- a/api/http/handler/auth/authenticate.go
+++ b/api/http/handler/auth/authenticate.go
@@ -13,6 +13,7 @@ import (
 	portainer "github.com/portainer/portainer/api"
 	httperrors "github.com/portainer/portainer/api/http/errors"
 	"github.com/portainer/portainer/api/internal/authorization"
+	"github.com/portainer/portainer/api/internal/passwordutils"
 )

 type authenticatePayload struct {
@@ -100,7 +101,7 @@ func (handler *Handler) authenticateInternal(w http.ResponseWriter, user *portai
 		return &httperror.HandlerError{http.StatusUnprocessableEntity, "Invalid credentials", httperrors.ErrUnauthorized}
 	}

-	forceChangePassword := !handler.passwordStrengthChecker.Check(password)
+	forceChangePassword := !passwordutils.StrengthCheck(password)
 	return handler.writeToken(w, user, forceChangePassword)
 }

--- a/api/http/handler/auth/handler.go
+++ b/api/http/handler/auth/handler.go
@@ -22,14 +22,12 @@ type Handler struct {
 	OAuthService                portainer.OAuthService
 	ProxyManager                *proxy.Manager
 	KubernetesTokenCacheManager *kubernetes.TokenCacheManager
-	passwordStrengthChecker     security.PasswordStrengthChecker
 }

 // NewHandler creates a handler to manage authentication operations.
-func NewHandler(bouncer *security.RequestBouncer, rateLimiter *security.RateLimiter, passwordStrengthChecker security.PasswordStrengthChecker) *Handler {
+func NewHandler(bouncer *security.RequestBouncer, rateLimiter *security.RateLimiter) *Handler {
 	h := &Handler{
-		Router:                  mux.NewRouter(),
-		passwordStrengthChecker: passwordStrengthChecker,
+		Router: mux.NewRouter(),
 	}

 	h.Handle("/auth/oauth/validate",
--- a/api/http/handler/backup/backup_test.go
+++ b/api/http/handler/backup/backup_test.go
@@ -18,7 +18,6 @@ import (
 	"github.com/docker/docker/pkg/ioutils"
 	"github.com/portainer/portainer/api/adminmonitor"
 	"github.com/portainer/portainer/api/crypto"
-	"github.com/portainer/portainer/api/demo"
 	"github.com/portainer/portainer/api/http/offlinegate"
 	i "github.com/portainer/portainer/api/internal/testhelpers"
 	"github.com/stretchr/testify/assert"
@@ -50,7 +49,7 @@ func Test_backupHandlerWithoutPassword_shouldCreateATarballArchive(t *testing.T)
 	gate := offlinegate.NewOfflineGate()
 	adminMonitor := adminmonitor.New(time.Hour, nil, context.Background())

-	handlerErr := NewHandler(nil, i.NewDatastore(), gate, "./test_assets/handler_test", func() {}, adminMonitor, &demo.Service{}).backup(w, r)
+	handlerErr := NewHandler(nil, i.NewDatastore(), gate, "./test_assets/handler_test", func() {}, adminMonitor).backup(w, r)
 	assert.Nil(t, handlerErr, "Handler should not fail")

 	response := w.Result()
@@ -87,7 +86,7 @@ func Test_backupHandlerWithPassword_shouldCreateEncryptedATarballArchive(t *test
 	gate := offlinegate.NewOfflineGate()
 	adminMonitor := adminmonitor.New(time.Hour, nil, nil)

-	handlerErr := NewHandler(nil, i.NewDatastore(), gate, "./test_assets/handler_test", func() {}, adminMonitor, &demo.Service{}).backup(w, r)
+	handlerErr := NewHandler(nil, i.NewDatastore(), gate, "./test_assets/handler_test", func() {}, adminMonitor).backup(w, r)
 	assert.Nil(t, handlerErr, "Handler should not fail")

 	response := w.Result()
--- a/api/http/handler/backup/handler.go
+++ b/api/http/handler/backup/handler.go
@@ -9,8 +9,6 @@ import (
 	portainer "github.com/portainer/portainer/api"
 	"github.com/portainer/portainer/api/adminmonitor"
 	"github.com/portainer/portainer/api/dataservices"
-	"github.com/portainer/portainer/api/demo"
-	"github.com/portainer/portainer/api/http/middlewares"
 	"github.com/portainer/portainer/api/http/offlinegate"
 	"github.com/portainer/portainer/api/http/security"
 )
@@ -27,17 +25,7 @@ type Handler struct {
 }

 // NewHandler creates an new instance of backup handler
-func NewHandler(
-	bouncer *security.RequestBouncer,
-	dataStore dataservices.DataStore,
-	gate *offlinegate.OfflineGate,
-	filestorePath string,
-	shutdownTrigger context.CancelFunc,
-	adminMonitor *adminmonitor.Monitor,
-	demoService *demo.Service,
-
-) *Handler {
-
+func NewHandler(bouncer *security.RequestBouncer, dataStore dataservices.DataStore, gate *offlinegate.OfflineGate, filestorePath string, shutdownTrigger context.CancelFunc, adminMonitor *adminmonitor.Monitor) *Handler {
 	h := &Handler{
 		Router:          mux.NewRouter(),
 		bouncer:         bouncer,
@@ -48,11 +36,8 @@ func NewHandler(
 		adminMonitor:    adminMonitor,
 	}

-	demoRestrictedRouter := h.NewRoute().Subrouter()
-	demoRestrictedRouter.Use(middlewares.RestrictDemoEnv(demoService.IsDemo))
-
-	demoRestrictedRouter.Handle("/backup", bouncer.RestrictedAccess(adminAccess(httperror.LoggerHandler(h.backup)))).Methods(http.MethodPost)
-	demoRestrictedRouter.Handle("/restore", bouncer.PublicAccess(httperror.LoggerHandler(h.restore))).Methods(http.MethodPost)
+	h.Handle("/backup", bouncer.RestrictedAccess(adminAccess(httperror.LoggerHandler(h.backup)))).Methods(http.MethodPost)
+	h.Handle("/restore", bouncer.PublicAccess(httperror.LoggerHandler(h.restore))).Methods(http.MethodPost)

 	return h
 }
@@ -65,7 +50,7 @@ func adminAccess(next http.Handler) http.Handler {
 		}

 		if !securityContext.IsAdmin {
-			httperror.WriteError(w, http.StatusUnauthorized, "User is not authorized to perform the action", nil)
+			httperror.WriteError(w, http.StatusUnauthorized, "User is not authorized to perfom the action", nil)
 		}

 		next.ServeHTTP(w, r)
--- a/api/http/handler/backup/restore_test.go
+++ b/api/http/handler/backup/restore_test.go
@@ -14,7 +14,6 @@ import (

 	portainer "github.com/portainer/portainer/api"
 	"github.com/portainer/portainer/api/adminmonitor"
-	"github.com/portainer/portainer/api/demo"
 	"github.com/portainer/portainer/api/http/offlinegate"
 	i "github.com/portainer/portainer/api/internal/testhelpers"
 	"github.com/stretchr/testify/assert"
@@ -52,7 +51,7 @@ func Test_restoreArchive_usingCombinationOfPasswords(t *testing.T) {
 			datastore := i.NewDatastore(i.WithUsers([]portainer.User{}), i.WithEdgeJobs([]portainer.EdgeJob{}))
 			adminMonitor := adminmonitor.New(time.Hour, datastore, context.Background())

-			h := NewHandler(nil, datastore, offlinegate.NewOfflineGate(), "./test_assets/handler_test", func() {}, adminMonitor, &demo.Service{})
+			h := NewHandler(nil, datastore, offlinegate.NewOfflineGate(), "./test_assets/handler_test", func() {}, adminMonitor)

 			//backup
 			archive := backup(t, h, test.backupPassword)
@@ -75,7 +74,7 @@ func Test_restoreArchive_shouldFailIfSystemWasAlreadyInitialized(t *testing.T) {
 	datastore := i.NewDatastore(i.WithUsers([]portainer.User{admin}), i.WithEdgeJobs([]portainer.EdgeJob{}))
 	adminMonitor := adminmonitor.New(time.Hour, datastore, context.Background())

-	h := NewHandler(nil, datastore, offlinegate.NewOfflineGate(), "./test_assets/handler_test", func() {}, adminMonitor, &demo.Service{})
+	h := NewHandler(nil, datastore, offlinegate.NewOfflineGate(), "./test_assets/handler_test", func() {}, adminMonitor)

 	//backup
 	archive := backup(t, h, "password")
--- a/api/http/handler/customtemplates/customtemplate_create.go
+++ b/api/http/handler/customtemplates/customtemplate_create.go
@@ -1,7 +1,6 @@
 package customtemplates

 import (
-	"encoding/json"
 	"errors"
 	"log"
 	"net/http"
@@ -116,8 +115,6 @@ type customTemplateFromFileContentPayload struct {
 	Type portainer.StackType `example:"1" enums:"1,2,3" validate:"required"`
 	// Content of stack file
 	FileContent string `validate:"required"`
-	// Definitions of variables in the stack file
-	Variables []portainer.CustomTemplateVariableDefinition
 }

 func (payload *customTemplateFromFileContentPayload) Validate(r *http.Request) error {
@@ -139,12 +136,6 @@ func (payload *customTemplateFromFileContentPayload) Validate(r *http.Request) e
 	if !isValidNote(payload.Note) {
 		return errors.New("Invalid note. <img> tag is not supported")
 	}
-
-	err := validateVariablesDefinitions(payload.Variables)
-	if err != nil {
-		return err
-	}
-
 	return nil
 }

@@ -173,7 +164,6 @@ func (handler *Handler) createCustomTemplateFromFileContent(r *http.Request) (*p
 		Platform:    (payload.Platform),
 		Type:        (payload.Type),
 		Logo:        payload.Logo,
-		Variables:   payload.Variables,
 	}

 	templateFolder := strconv.Itoa(customTemplateID)
@@ -214,8 +204,6 @@ type customTemplateFromGitRepositoryPayload struct {
 	RepositoryPassword string `example:"myGitPassword"`
 	// Path to the Stack file inside the Git repository
 	ComposeFilePathInRepository string `example:"docker-compose.yml" default:"docker-compose.yml"`
-	// Definitions of variables in the stack file
-	Variables []portainer.CustomTemplateVariableDefinition
 }

 func (payload *customTemplateFromGitRepositoryPayload) Validate(r *http.Request) error {
@@ -248,12 +236,6 @@ func (payload *customTemplateFromGitRepositoryPayload) Validate(r *http.Request)
 	if !isValidNote(payload.Note) {
 		return errors.New("Invalid note. <img> tag is not supported")
 	}
-
-	err := validateVariablesDefinitions(payload.Variables)
-	if err != nil {
-		return err
-	}
-
 	return nil
 }

@@ -274,7 +256,6 @@ func (handler *Handler) createCustomTemplateFromGitRepository(r *http.Request) (
 		Platform:    payload.Platform,
 		Type:        payload.Type,
 		Logo:        payload.Logo,
-		Variables:   payload.Variables,
 	}

 	projectPath := handler.FileService.GetCustomTemplateProjectPath(strconv.Itoa(customTemplateID))
@@ -335,8 +316,6 @@ type customTemplateFromFileUploadPayload struct {
 	Platform    portainer.CustomTemplatePlatform
 	Type        portainer.StackType
 	FileContent []byte
-	// Definitions of variables in the stack file
-	Variables []portainer.CustomTemplateVariableDefinition
 }

 func (payload *customTemplateFromFileUploadPayload) Validate(r *http.Request) error {
@@ -382,17 +361,6 @@ func (payload *customTemplateFromFileUploadPayload) Validate(r *http.Request) er
 	}
 	payload.FileContent = composeFileContent

-	varsString, _ := request.RetrieveMultiPartFormValue(r, "Variables", true)
-	err = json.Unmarshal([]byte(varsString), &payload.Variables)
-	if err != nil {
-		return errors.New("Invalid variables. Ensure that the variables are valid JSON")
-	}
-
-	err = validateVariablesDefinitions(payload.Variables)
-	if err != nil {
-		return err
-	}
-
 	return nil
 }

@@ -413,7 +381,6 @@ func (handler *Handler) createCustomTemplateFromFileUpload(r *http.Request) (*po
 		Type:        payload.Type,
 		Logo:        payload.Logo,
 		EntryPoint:  filesystem.ComposeFileDefaultName,
-		Variables:   payload.Variables,
 	}

 	templateFolder := strconv.Itoa(customTemplateID)
--- a/api/http/handler/customtemplates/customtemplate_update.go
+++ b/api/http/handler/customtemplates/customtemplate_update.go
@@ -31,8 +31,6 @@ type customTemplateUpdatePayload struct {
 	Type portainer.StackType `example:"1" enums:"1,2,3" validate:"required"`
 	// Content of stack file
 	FileContent string `validate:"required"`
-	// Definitions of variables in the stack file
-	Variables []portainer.CustomTemplateVariableDefinition
 }

 func (payload *customTemplateUpdatePayload) Validate(r *http.Request) error {
@@ -54,12 +52,6 @@ func (payload *customTemplateUpdatePayload) Validate(r *http.Request) error {
 	if !isValidNote(payload.Note) {
 		return errors.New("Invalid note. <img> tag is not supported")
 	}
-
-	err := validateVariablesDefinitions(payload.Variables)
-	if err != nil {
-		return err
-	}
-
 	return nil
 }

@@ -132,7 +124,6 @@ func (handler *Handler) customTemplateUpdate(w http.ResponseWriter, r *http.Requ
 	customTemplate.Note = payload.Note
 	customTemplate.Platform = payload.Platform
 	customTemplate.Type = payload.Type
-	customTemplate.Variables = payload.Variables

 	err = handler.DataStore.CustomTemplate().UpdateCustomTemplate(customTemplate.ID, customTemplate)
 	if err != nil {
--- a/api/http/handler/customtemplates/utils.go
+++ b/api/http/handler/customtemplates/utils.go
@@ -1,19 +0,0 @@
-package customtemplates
-
-import (
-	"errors"
-
-	portainer "github.com/portainer/portainer/api"
-)
-
-func validateVariablesDefinitions(variables []portainer.CustomTemplateVariableDefinition) error {
-	for _, variable := range variables {
-		if variable.Name == "" {
-			return errors.New("variable name is required")
-		}
-		if variable.Label == "" {
-			return errors.New("variable label is required")
-		}
-	}
-	return nil
-}
--- a/api/http/handler/edgestacks/edgestack_status_delete.go
+++ b/api/http/handler/edgestacks/edgestack_status_delete.go
@@ -1,64 +0,0 @@
-package edgestacks
-
-import (
-	"net/http"
-
-	httperror "github.com/portainer/libhttp/error"
-	"github.com/portainer/libhttp/request"
-	"github.com/portainer/libhttp/response"
-	portainer "github.com/portainer/portainer/api"
-	"github.com/portainer/portainer/api/http/middlewares"
-)
-
-func (handler *Handler) handlerDBErr(err error, msg string) *httperror.HandlerError {
-	httpErr := &httperror.HandlerError{http.StatusInternalServerError, msg, err}
-
-	if handler.DataStore.IsErrObjectNotFound(err) {
-		httpErr.StatusCode = http.StatusNotFound
-	}
-
-	return httpErr
-}
-
-// @id EdgeStackStatusDelete
-// @summary Delete an EdgeStack status
-// @description Authorized only if the request is done by an Edge Environment(Endpoint)
-// @tags edge_stacks
-// @produce json
-// @param id path string true "EdgeStack Id"
-// @success 200 {object} portainer.EdgeStack
-// @failure 500
-// @failure 400
-// @failure 404
-// @failure 403
-// @router /edge_stacks/{id}/status/{endpoint_id} [delete]
-func (handler *Handler) edgeStackStatusDelete(w http.ResponseWriter, r *http.Request) *httperror.HandlerError {
-	stackID, err := request.RetrieveNumericRouteVariableValue(r, "id")
-	if err != nil {
-		return &httperror.HandlerError{http.StatusBadRequest, "Invalid stack identifier route variable", err}
-	}
-
-	endpoint, err := middlewares.FetchEndpoint(r)
-	if err != nil {
-		return &httperror.HandlerError{http.StatusInternalServerError, "Unable to retrieve a valid endpoint from the handler context", err}
-	}
-
-	err = handler.requestBouncer.AuthorizedEdgeEndpointOperation(r, endpoint)
-	if err != nil {
-		return &httperror.HandlerError{http.StatusForbidden, "Permission denied to access environment", err}
-	}
-
-	stack, err := handler.DataStore.EdgeStack().EdgeStack(portainer.EdgeStackID(stackID))
-	if err != nil {
-		return handler.handlerDBErr(err, "Unable to find a stack with the specified identifier inside the database")
-	}
-
-	delete(stack.Status, endpoint.ID)
-
-	err = handler.DataStore.EdgeStack().UpdateEdgeStack(stack.ID, stack)
-	if err != nil {
-		return &httperror.HandlerError{http.StatusInternalServerError, "Unable to persist the stack changes inside the database", err}
-	}
-
-	return response.JSON(w, stack)
-}
--- a/api/http/handler/edgestacks/edgestack_test.go
+++ b/api/http/handler/edgestacks/edgestack_test.go
@@ -1,924 +0,0 @@
-package edgestacks
-
-import (
-	"bytes"
-	"encoding/json"
-	"errors"
-	"fmt"
-	"net/http"
-	"net/http/httptest"
-	"os"
-	"reflect"
-	"strconv"
-	"testing"
-	"time"
-
-	portainer "github.com/portainer/portainer/api"
-	"github.com/portainer/portainer/api/apikey"
-	"github.com/portainer/portainer/api/dataservices"
-	"github.com/portainer/portainer/api/datastore"
-	"github.com/portainer/portainer/api/filesystem"
-	"github.com/portainer/portainer/api/http/security"
-	"github.com/portainer/portainer/api/jwt"
-)
-
-type gitService struct {
-	cloneErr error
-	id       string
-}
-
-func (g *gitService) CloneRepository(destination, repositoryURL, referenceName, username, password string) error {
-	return g.cloneErr
-}
-
-func (g *gitService) LatestCommitID(repositoryURL, referenceName, username, password string) (string, error) {
-	return g.id, nil
-}
-
-// Helpers
-func setupHandler(t *testing.T) (*Handler, string, func()) {
-	t.Helper()
-
-	_, store, storeTeardown := datastore.MustNewTestStore(true, true)
-
-	jwtService, err := jwt.NewService("1h", store)
-	if err != nil {
-		storeTeardown()
-		t.Fatal(err)
-	}
-
-	user := &portainer.User{ID: 2, Username: "admin", Role: portainer.AdministratorRole}
-	err = store.User().Create(user)
-	if err != nil {
-		storeTeardown()
-		t.Fatal(err)
-	}
-
-	apiKeyService := apikey.NewAPIKeyService(store.APIKeyRepository(), store.User())
-	rawAPIKey, _, err := apiKeyService.GenerateApiKey(*user, "test")
-	if err != nil {
-		storeTeardown()
-		t.Fatal(err)
-	}
-
-	handler := NewHandler(
-		security.NewRequestBouncer(store, jwtService, apiKeyService),
-		store,
-	)
-
-	tmpDir, err := os.MkdirTemp(os.TempDir(), "portainer-test")
-	if err != nil {
-		storeTeardown()
-		t.Fatal(err)
-	}
-
-	fs, err := filesystem.NewService(tmpDir, "")
-	if err != nil {
-		storeTeardown()
-		t.Fatal(err)
-	}
-	handler.FileService = fs
-
-	settings, err := handler.DataStore.Settings().Settings()
-	if err != nil {
-		t.Fatal(err)
-	}
-	settings.EnableEdgeComputeFeatures = true
-
-	err = handler.DataStore.Settings().UpdateSettings(settings)
-	if err != nil {
-		t.Fatal(err)
-	}
-
-	handler.GitService = &gitService{errors.New("Clone error"), "git-service-id"}
-
-	return handler, rawAPIKey, storeTeardown
-}
-
-func createEndpoint(t *testing.T, store dataservices.DataStore) portainer.Endpoint {
-	t.Helper()
-
-	endpointID := portainer.EndpointID(5)
-	endpoint := portainer.Endpoint{
-		ID:              endpointID,
-		Name:            "test-endpoint-" + strconv.Itoa(int(endpointID)),
-		Type:            portainer.EdgeAgentOnDockerEnvironment,
-		URL:             "https://portainer.io:9443",
-		EdgeID:          "edge-id",
-		LastCheckInDate: time.Now().Unix(),
-	}
-
-	err := store.Endpoint().Create(&endpoint)
-	if err != nil {
-		t.Fatal(err)
-	}
-
-	return endpoint
-}
-
-func createEdgeStack(t *testing.T, store dataservices.DataStore, endpointID portainer.EndpointID) portainer.EdgeStack {
-	t.Helper()
-
-	edgeGroup := portainer.EdgeGroup{
-		ID:           1,
-		Name:         "EdgeGroup 1",
-		Dynamic:      false,
-		TagIDs:       nil,
-		Endpoints:    []portainer.EndpointID{endpointID},
-		PartialMatch: false,
-	}
-
-	err := store.EdgeGroup().Create(&edgeGroup)
-	if err != nil {
-		t.Fatal(err)
-	}
-
-	edgeStackID := portainer.EdgeStackID(14)
-	edgeStack := portainer.EdgeStack{
-		ID:   edgeStackID,
-		Name: "test-edge-stack-" + strconv.Itoa(int(edgeStackID)),
-		Status: map[portainer.EndpointID]portainer.EdgeStackStatus{
-			endpointID: {Type: portainer.StatusOk, Error: "", EndpointID: endpointID},
-		},
-		CreationDate:   time.Now().Unix(),
-		EdgeGroups:     []portainer.EdgeGroupID{edgeGroup.ID},
-		ProjectPath:    "/project/path",
-		EntryPoint:     "entrypoint",
-		Version:        237,
-		ManifestPath:   "/manifest/path",
-		DeploymentType: portainer.EdgeStackDeploymentKubernetes,
-	}
-
-	endpointRelation := portainer.EndpointRelation{
-		EndpointID: endpointID,
-		EdgeStacks: map[portainer.EdgeStackID]bool{
-			edgeStack.ID: true,
-		},
-	}
-
-	err = store.EdgeStack().Create(edgeStack.ID, &edgeStack)
-	if err != nil {
-		t.Fatal(err)
-	}
-
-	err = store.EndpointRelation().Create(&endpointRelation)
-	if err != nil {
-		t.Fatal(err)
-	}
-
-	return edgeStack
-}
-
-// Inspect
-func TestInspectInvalidEdgeID(t *testing.T) {
-	handler, rawAPIKey, teardown := setupHandler(t)
-	defer teardown()
-
-	cases := []struct {
-		Name               string
-		EdgeStackID        string
-		ExpectedStatusCode int
-	}{
-		{"Invalid EdgeStackID", "x", 400},
-		{"Non-existing EdgeStackID", "5", 404},
-	}
-
-	for _, tc := range cases {
-		t.Run(tc.Name, func(t *testing.T) {
-			req, err := http.NewRequest(http.MethodGet, "/edge_stacks/"+tc.EdgeStackID, nil)
-			if err != nil {
-				t.Fatal("request error:", err)
-			}
-
-			req.Header.Add("x-api-key", rawAPIKey)
-			rec := httptest.NewRecorder()
-			handler.ServeHTTP(rec, req)
-
-			if rec.Code != tc.ExpectedStatusCode {
-				t.Fatalf(fmt.Sprintf("expected a %d response, found: %d", tc.ExpectedStatusCode, rec.Code))
-			}
-		})
-	}
-}
-
-// Create
-func TestCreateAndInspect(t *testing.T) {
-	handler, rawAPIKey, teardown := setupHandler(t)
-	defer teardown()
-
-	// Create Endpoint, EdgeGroup and EndpointRelation
-	endpoint := createEndpoint(t, handler.DataStore)
-	edgeGroup := portainer.EdgeGroup{
-		ID:           1,
-		Name:         "EdgeGroup 1",
-		Dynamic:      false,
-		TagIDs:       nil,
-		Endpoints:    []portainer.EndpointID{endpoint.ID},
-		PartialMatch: false,
-	}
-
-	err := handler.DataStore.EdgeGroup().Create(&edgeGroup)
-	if err != nil {
-		t.Fatal(err)
-	}
-
-	endpointRelation := portainer.EndpointRelation{
-		EndpointID: endpoint.ID,
-		EdgeStacks: map[portainer.EdgeStackID]bool{},
-	}
-
-	err = handler.DataStore.EndpointRelation().Create(&endpointRelation)
-	if err != nil {
-		t.Fatal(err)
-	}
-
-	payload := swarmStackFromFileContentPayload{
-		Name:             "Test Stack",
-		StackFileContent: "stack content",
-		EdgeGroups:       []portainer.EdgeGroupID{1},
-		DeploymentType:   portainer.EdgeStackDeploymentCompose,
-	}
-
-	jsonPayload, err := json.Marshal(payload)
-	if err != nil {
-		t.Fatal("JSON marshal error:", err)
-	}
-	r := bytes.NewBuffer(jsonPayload)
-
-	// Create EdgeStack
-	req, err := http.NewRequest(http.MethodPost, "/edge_stacks?method=string", r)
-	if err != nil {
-		t.Fatal("request error:", err)
-	}
-	req.Header.Add("x-api-key", rawAPIKey)
-	rec := httptest.NewRecorder()
-	handler.ServeHTTP(rec, req)
-
-	if rec.Code != http.StatusOK {
-		t.Fatalf(fmt.Sprintf("expected a %d response, found: %d", http.StatusOK, rec.Code))
-	}
-
-	data := portainer.EdgeStack{}
-	err = json.NewDecoder(rec.Body).Decode(&data)
-	if err != nil {
-		t.Fatal("error decoding response:", err)
-	}
-
-	// Inspect
-	req, err = http.NewRequest(http.MethodGet, fmt.Sprintf("/edge_stacks/%d", data.ID), nil)
-	if err != nil {
-		t.Fatal("request error:", err)
-	}
-
-	req.Header.Add("x-api-key", rawAPIKey)
-	rec = httptest.NewRecorder()
-	handler.ServeHTTP(rec, req)
-
-	if rec.Code != http.StatusOK {
-		t.Fatalf(fmt.Sprintf("expected a %d response, found: %d", http.StatusOK, rec.Code))
-	}
-
-	data = portainer.EdgeStack{}
-	err = json.NewDecoder(rec.Body).Decode(&data)
-	if err != nil {
-		t.Fatal("error decoding response:", err)
-	}
-
-	if payload.Name != data.Name {
-		t.Fatalf(fmt.Sprintf("expected EdgeStack Name %s, found %s", payload.Name, data.Name))
-	}
-}
-
-func TestCreateWithInvalidPayload(t *testing.T) {
-	handler, rawAPIKey, teardown := setupHandler(t)
-	defer teardown()
-
-	endpoint := createEndpoint(t, handler.DataStore)
-	edgeStack := createEdgeStack(t, handler.DataStore, endpoint.ID)
-
-	cases := []struct {
-		Name               string
-		Payload            interface{}
-		QueryString        string
-		ExpectedStatusCode int
-	}{
-		{
-			Name:               "Invalid query string parameter",
-			Payload:            swarmStackFromFileContentPayload{},
-			QueryString:        "invalid=query-string",
-			ExpectedStatusCode: 400,
-		},
-		{
-			Name:               "Invalid creation method",
-			Payload:            swarmStackFromFileContentPayload{},
-			QueryString:        "method=invalid-creation-method",
-			ExpectedStatusCode: 500,
-		},
-		{
-			Name:               "Empty swarmStackFromFileContentPayload with string method",
-			Payload:            swarmStackFromFileContentPayload{},
-			QueryString:        "method=string",
-			ExpectedStatusCode: 500,
-		},
-		{
-			Name:               "Empty swarmStackFromFileContentPayload with repository method",
-			Payload:            swarmStackFromFileContentPayload{},
-			QueryString:        "method=repository",
-			ExpectedStatusCode: 500,
-		},
-		{
-			Name:               "Empty swarmStackFromFileContentPayload with file method",
-			Payload:            swarmStackFromFileContentPayload{},
-			QueryString:        "method=file",
-			ExpectedStatusCode: 500,
-		},
-		{
-			Name: "Duplicated EdgeStack Name",
-			Payload: swarmStackFromFileContentPayload{
-				Name:             edgeStack.Name,
-				StackFileContent: "content",
-				EdgeGroups:       edgeStack.EdgeGroups,
-				DeploymentType:   edgeStack.DeploymentType,
-			},
-			QueryString:        "method=string",
-			ExpectedStatusCode: 500,
-		},
-		{
-			Name: "Empty EdgeStack Groups",
-			Payload: swarmStackFromFileContentPayload{
-				Name:             edgeStack.Name,
-				StackFileContent: "content",
-				EdgeGroups:       []portainer.EdgeGroupID{},
-				DeploymentType:   edgeStack.DeploymentType,
-			},
-			QueryString:        "method=string",
-			ExpectedStatusCode: 500,
-		},
-		{
-			Name: "EdgeStackDeploymentKubernetes with Docker endpoint",
-			Payload: swarmStackFromFileContentPayload{
-				Name:             "Stack name",
-				StackFileContent: "content",
-				EdgeGroups:       []portainer.EdgeGroupID{1},
-				DeploymentType:   portainer.EdgeStackDeploymentKubernetes,
-			},
-			QueryString:        "method=string",
-			ExpectedStatusCode: 500,
-		},
-		{
-			Name: "Empty Stack File Content",
-			Payload: swarmStackFromFileContentPayload{
-				Name:             "Stack name",
-				StackFileContent: "",
-				EdgeGroups:       []portainer.EdgeGroupID{1},
-				DeploymentType:   portainer.EdgeStackDeploymentCompose,
-			},
-			QueryString:        "method=string",
-			ExpectedStatusCode: 500,
-		},
-		{
-			Name: "Clone Git respository error",
-			Payload: swarmStackFromGitRepositoryPayload{
-				Name:                     "Stack name",
-				RepositoryURL:            "github.com/portainer/portainer",
-				RepositoryReferenceName:  "ref name",
-				RepositoryAuthentication: false,
-				RepositoryUsername:       "",
-				RepositoryPassword:       "",
-				FilePathInRepository:     "/file/path",
-				EdgeGroups:               []portainer.EdgeGroupID{1},
-				DeploymentType:           portainer.EdgeStackDeploymentCompose,
-			},
-			QueryString:        "method=repository",
-			ExpectedStatusCode: 500,
-		},
-	}
-
-	for _, tc := range cases {
-		t.Run(tc.Name, func(t *testing.T) {
-			jsonPayload, err := json.Marshal(tc.Payload)
-			if err != nil {
-				t.Fatal("JSON marshal error:", err)
-			}
-			r := bytes.NewBuffer(jsonPayload)
-
-			// Create EdgeStack
-			req, err := http.NewRequest(http.MethodPost, fmt.Sprintf("/edge_stacks?%s", tc.QueryString), r)
-			if err != nil {
-				t.Fatal("request error:", err)
-			}
-
-			req.Header.Add("x-api-key", rawAPIKey)
-			rec := httptest.NewRecorder()
-			handler.ServeHTTP(rec, req)
-
-			if rec.Code != tc.ExpectedStatusCode {
-				t.Fatalf(fmt.Sprintf("expected a %d response, found: %d", tc.ExpectedStatusCode, rec.Code))
-			}
-		})
-	}
-}
-
-// Delete
-func TestDeleteAndInspect(t *testing.T) {
-	handler, rawAPIKey, teardown := setupHandler(t)
-	defer teardown()
-
-	// Create
-	endpoint := createEndpoint(t, handler.DataStore)
-	edgeStack := createEdgeStack(t, handler.DataStore, endpoint.ID)
-
-	// Inspect
-	req, err := http.NewRequest(http.MethodGet, fmt.Sprintf("/edge_stacks/%d", edgeStack.ID), nil)
-	if err != nil {
-		t.Fatal("request error:", err)
-	}
-
-	req.Header.Add("x-api-key", rawAPIKey)
-	rec := httptest.NewRecorder()
-	handler.ServeHTTP(rec, req)
-
-	if rec.Code != http.StatusOK {
-		t.Fatalf(fmt.Sprintf("expected a %d response, found: %d", http.StatusOK, rec.Code))
-	}
-
-	data := portainer.EdgeStack{}
-	err = json.NewDecoder(rec.Body).Decode(&data)
-	if err != nil {
-		t.Fatal("error decoding response:", err)
-	}
-
-	if data.ID != edgeStack.ID {
-		t.Fatalf(fmt.Sprintf("expected EdgeStackID %d, found %d", int(edgeStack.ID), data.ID))
-	}
-
-	// Delete
-	req, err = http.NewRequest(http.MethodDelete, fmt.Sprintf("/edge_stacks/%d", edgeStack.ID), nil)
-	if err != nil {
-		t.Fatal("request error:", err)
-	}
-
-	req.Header.Add("x-api-key", rawAPIKey)
-	rec = httptest.NewRecorder()
-	handler.ServeHTTP(rec, req)
-
-	if rec.Code != http.StatusNoContent {
-		t.Fatalf(fmt.Sprintf("expected a %d response, found: %d", http.StatusNoContent, rec.Code))
-	}
-
-	// Inspect
-	req, err = http.NewRequest(http.MethodGet, fmt.Sprintf("/edge_stacks/%d", edgeStack.ID), nil)
-	if err != nil {
-		t.Fatal("request error:", err)
-	}
-
-	req.Header.Add("x-api-key", rawAPIKey)
-	rec = httptest.NewRecorder()
-	handler.ServeHTTP(rec, req)
-
-	if rec.Code != http.StatusNotFound {
-		t.Fatalf(fmt.Sprintf("expected a %d response, found: %d", http.StatusNotFound, rec.Code))
-	}
-}
-
-func TestDeleteInvalidEdgeStack(t *testing.T) {
-	handler, rawAPIKey, teardown := setupHandler(t)
-	defer teardown()
-
-	cases := []struct {
-		Name               string
-		URL                string
-		ExpectedStatusCode int
-	}{
-		{Name: "Non-existing EdgeStackID", URL: "/edge_stacks/-1", ExpectedStatusCode: http.StatusNotFound},
-		{Name: "Invalid EdgeStackID", URL: "/edge_stacks/aaaaaaa", ExpectedStatusCode: http.StatusBadRequest},
-	}
-
-	for _, tc := range cases {
-		t.Run(tc.Name, func(t *testing.T) {
-			req, err := http.NewRequest(http.MethodDelete, tc.URL, nil)
-			if err != nil {
-				t.Fatal("request error:", err)
-			}
-
-			req.Header.Add("x-api-key", rawAPIKey)
-			rec := httptest.NewRecorder()
-			handler.ServeHTTP(rec, req)
-
-			if rec.Code != tc.ExpectedStatusCode {
-				t.Fatalf(fmt.Sprintf("expected a %d response, found: %d", tc.ExpectedStatusCode, rec.Code))
-			}
-		})
-	}
-}
-
-// Update
-func TestUpdateAndInspect(t *testing.T) {
-	handler, rawAPIKey, teardown := setupHandler(t)
-	defer teardown()
-
-	endpoint := createEndpoint(t, handler.DataStore)
-	edgeStack := createEdgeStack(t, handler.DataStore, endpoint.ID)
-
-	// Update edge stack: create new Endpoint, EndpointRelation and EdgeGroup
-	endpointID := portainer.EndpointID(6)
-	newEndpoint := portainer.Endpoint{
-		ID:              endpointID,
-		Name:            "test-endpoint-" + strconv.Itoa(int(endpointID)),
-		Type:            portainer.EdgeAgentOnDockerEnvironment,
-		URL:             "https://portainer.io:9443",
-		EdgeID:          "edge-id",
-		LastCheckInDate: time.Now().Unix(),
-	}
-
-	err := handler.DataStore.Endpoint().Create(&newEndpoint)
-	if err != nil {
-		t.Fatal(err)
-	}
-
-	endpointRelation := portainer.EndpointRelation{
-		EndpointID: endpointID,
-		EdgeStacks: map[portainer.EdgeStackID]bool{
-			edgeStack.ID: true,
-		},
-	}
-
-	err = handler.DataStore.EndpointRelation().Create(&endpointRelation)
-	if err != nil {
-		t.Fatal(err)
-	}
-
-	newEdgeGroup := portainer.EdgeGroup{
-		ID:           2,
-		Name:         "EdgeGroup 2",
-		Dynamic:      false,
-		TagIDs:       nil,
-		Endpoints:    []portainer.EndpointID{newEndpoint.ID},
-		PartialMatch: false,
-	}
-
-	err = handler.DataStore.EdgeGroup().Create(&newEdgeGroup)
-	if err != nil {
-		t.Fatal(err)
-	}
-
-	newVersion := 238
-	payload := updateEdgeStackPayload{
-		StackFileContent: "update-test",
-		Version:          &newVersion,
-		EdgeGroups:       append(edgeStack.EdgeGroups, newEdgeGroup.ID),
-		DeploymentType:   portainer.EdgeStackDeploymentCompose,
-	}
-
-	jsonPayload, err := json.Marshal(payload)
-	if err != nil {
-		t.Fatal("request error:", err)
-	}
-
-	r := bytes.NewBuffer(jsonPayload)
-	req, err := http.NewRequest(http.MethodPut, fmt.Sprintf("/edge_stacks/%d", edgeStack.ID), r)
-	if err != nil {
-		t.Fatal("request error:", err)
-	}
-
-	req.Header.Add("x-api-key", rawAPIKey)
-	rec := httptest.NewRecorder()
-	handler.ServeHTTP(rec, req)
-
-	if rec.Code != http.StatusOK {
-		t.Fatalf(fmt.Sprintf("expected a %d response, found: %d", http.StatusOK, rec.Code))
-	}
-
-	// Get updated edge stack
-	req, err = http.NewRequest(http.MethodGet, fmt.Sprintf("/edge_stacks/%d", edgeStack.ID), nil)
-	if err != nil {
-		t.Fatal("request error:", err)
-	}
-
-	req.Header.Add("x-api-key", rawAPIKey)
-	rec = httptest.NewRecorder()
-	handler.ServeHTTP(rec, req)
-
-	if rec.Code != http.StatusOK {
-		t.Fatalf(fmt.Sprintf("expected a %d response, found: %d", http.StatusOK, rec.Code))
-	}
-
-	data := portainer.EdgeStack{}
-	err = json.NewDecoder(rec.Body).Decode(&data)
-	if err != nil {
-		t.Fatal("error decoding response:", err)
-	}
-
-	if data.Version != *payload.Version {
-		t.Fatalf(fmt.Sprintf("expected EdgeStackID %d, found %d", edgeStack.Version, data.Version))
-	}
-
-	if data.DeploymentType != payload.DeploymentType {
-		t.Fatalf(fmt.Sprintf("expected DeploymentType %d, found %d", edgeStack.DeploymentType, data.DeploymentType))
-	}
-
-	if !reflect.DeepEqual(data.EdgeGroups, payload.EdgeGroups) {
-		t.Fatalf("expected EdgeGroups to be equal")
-	}
-}
-
-func TestUpdateWithInvalidEdgeGroups(t *testing.T) {
-	handler, rawAPIKey, teardown := setupHandler(t)
-	defer teardown()
-
-	endpoint := createEndpoint(t, handler.DataStore)
-	edgeStack := createEdgeStack(t, handler.DataStore, endpoint.ID)
-
-	//newEndpoint := createEndpoint(t, handler.DataStore)
-	newEdgeGroup := portainer.EdgeGroup{
-		ID:           2,
-		Name:         "EdgeGroup 2",
-		Dynamic:      false,
-		TagIDs:       nil,
-		Endpoints:    []portainer.EndpointID{8889},
-		PartialMatch: false,
-	}
-
-	handler.DataStore.EdgeGroup().Create(&newEdgeGroup)
-
-	newVersion := 238
-	cases := []struct {
-		Name               string
-		Payload            updateEdgeStackPayload
-		ExpectedStatusCode int
-	}{
-		{
-			"Update with non-existing EdgeGroupID",
-			updateEdgeStackPayload{
-				StackFileContent: "error-test",
-				Version:          &newVersion,
-				EdgeGroups:       []portainer.EdgeGroupID{9999},
-				DeploymentType:   edgeStack.DeploymentType,
-			},
-			http.StatusInternalServerError,
-		},
-		{
-			"Update with invalid EdgeGroup (non-existing Endpoint)",
-			updateEdgeStackPayload{
-				StackFileContent: "error-test",
-				Version:          &newVersion,
-				EdgeGroups:       []portainer.EdgeGroupID{2},
-				DeploymentType:   edgeStack.DeploymentType,
-			},
-			http.StatusInternalServerError,
-		},
-		{
-			"Update DeploymentType from Docker to Kubernetes",
-			updateEdgeStackPayload{
-				StackFileContent: "error-test",
-				Version:          &newVersion,
-				EdgeGroups:       []portainer.EdgeGroupID{1},
-				DeploymentType:   portainer.EdgeStackDeploymentKubernetes,
-			},
-			http.StatusBadRequest,
-		},
-	}
-
-	for _, tc := range cases {
-		t.Run(tc.Name, func(t *testing.T) {
-			jsonPayload, err := json.Marshal(tc.Payload)
-			if err != nil {
-				t.Fatal("JSON marshal error:", err)
-			}
-
-			r := bytes.NewBuffer(jsonPayload)
-			req, err := http.NewRequest(http.MethodPut, fmt.Sprintf("/edge_stacks/%d", edgeStack.ID), r)
-			if err != nil {
-				t.Fatal("request error:", err)
-			}
-
-			req.Header.Add("x-api-key", rawAPIKey)
-			rec := httptest.NewRecorder()
-			handler.ServeHTTP(rec, req)
-
-			if rec.Code != tc.ExpectedStatusCode {
-				t.Fatalf(fmt.Sprintf("expected a %d response, found: %d", tc.ExpectedStatusCode, rec.Code))
-			}
-		})
-	}
-}
-
-func TestUpdateWithInvalidPayload(t *testing.T) {
-	handler, rawAPIKey, teardown := setupHandler(t)
-	defer teardown()
-
-	endpoint := createEndpoint(t, handler.DataStore)
-	edgeStack := createEdgeStack(t, handler.DataStore, endpoint.ID)
-
-	newVersion := 238
-	cases := []struct {
-		Name               string
-		Payload            updateEdgeStackPayload
-		ExpectedStatusCode int
-	}{
-		{
-			"Update with empty StackFileContent",
-			updateEdgeStackPayload{
-				StackFileContent: "",
-				Version:          &newVersion,
-				EdgeGroups:       edgeStack.EdgeGroups,
-				DeploymentType:   edgeStack.DeploymentType,
-			},
-			http.StatusBadRequest,
-		},
-		{
-			"Update with empty EdgeGroups",
-			updateEdgeStackPayload{
-				StackFileContent: "error-test",
-				Version:          &newVersion,
-				EdgeGroups:       []portainer.EdgeGroupID{},
-				DeploymentType:   edgeStack.DeploymentType,
-			},
-			http.StatusBadRequest,
-		},
-	}
-
-	for _, tc := range cases {
-		t.Run(tc.Name, func(t *testing.T) {
-			jsonPayload, err := json.Marshal(tc.Payload)
-			if err != nil {
-				t.Fatal("request error:", err)
-			}
-
-			r := bytes.NewBuffer(jsonPayload)
-			req, err := http.NewRequest(http.MethodPut, fmt.Sprintf("/edge_stacks/%d", edgeStack.ID), r)
-			if err != nil {
-				t.Fatal("request error:", err)
-			}
-
-			req.Header.Add("x-api-key", rawAPIKey)
-			rec := httptest.NewRecorder()
-			handler.ServeHTTP(rec, req)
-
-			if rec.Code != tc.ExpectedStatusCode {
-				t.Fatalf(fmt.Sprintf("expected a %d response, found: %d", tc.ExpectedStatusCode, rec.Code))
-			}
-		})
-	}
-}
-
-// Update Status
-func TestUpdateStatusAndInspect(t *testing.T) {
-	handler, rawAPIKey, teardown := setupHandler(t)
-	defer teardown()
-
-	endpoint := createEndpoint(t, handler.DataStore)
-	edgeStack := createEdgeStack(t, handler.DataStore, endpoint.ID)
-
-	// Update edge stack status
-	newStatus := portainer.StatusError
-	payload := updateStatusPayload{
-		Error:      "test-error",
-		Status:     &newStatus,
-		EndpointID: &endpoint.ID,
-	}
-
-	jsonPayload, err := json.Marshal(payload)
-	if err != nil {
-		t.Fatal("request error:", err)
-	}
-
-	r := bytes.NewBuffer(jsonPayload)
-	req, err := http.NewRequest(http.MethodPut, fmt.Sprintf("/edge_stacks/%d/status", edgeStack.ID), r)
-	if err != nil {
-		t.Fatal("request error:", err)
-	}
-
-	req.Header.Set(portainer.PortainerAgentEdgeIDHeader, endpoint.EdgeID)
-	rec := httptest.NewRecorder()
-	handler.ServeHTTP(rec, req)
-
-	if rec.Code != http.StatusOK {
-		t.Fatalf(fmt.Sprintf("expected a %d response, found: %d", http.StatusOK, rec.Code))
-	}
-
-	// Get updated edge stack
-	req, err = http.NewRequest(http.MethodGet, fmt.Sprintf("/edge_stacks/%d", edgeStack.ID), nil)
-	if err != nil {
-		t.Fatal("request error:", err)
-	}
-
-	req.Header.Add("x-api-key", rawAPIKey)
-	rec = httptest.NewRecorder()
-	handler.ServeHTTP(rec, req)
-
-	if rec.Code != http.StatusOK {
-		t.Fatalf(fmt.Sprintf("expected a %d response, found: %d", http.StatusOK, rec.Code))
-	}
-
-	data := portainer.EdgeStack{}
-	err = json.NewDecoder(rec.Body).Decode(&data)
-	if err != nil {
-		t.Fatal("error decoding response:", err)
-	}
-
-	if data.Status[endpoint.ID].Type != *payload.Status {
-		t.Fatalf(fmt.Sprintf("expected EdgeStackStatusType %d, found %d", payload.Status, data.Status[endpoint.ID].Type))
-	}
-
-	if data.Status[endpoint.ID].Error != payload.Error {
-		t.Fatalf(fmt.Sprintf("expected EdgeStackStatusError %s, found %s", payload.Error, data.Status[endpoint.ID].Error))
-	}
-
-	if data.Status[endpoint.ID].EndpointID != *payload.EndpointID {
-		t.Fatalf(fmt.Sprintf("expected EndpointID %d, found %d", payload.EndpointID, data.Status[endpoint.ID].EndpointID))
-	}
-}
-func TestUpdateStatusWithInvalidPayload(t *testing.T) {
-	handler, _, teardown := setupHandler(t)
-	defer teardown()
-
-	endpoint := createEndpoint(t, handler.DataStore)
-	edgeStack := createEdgeStack(t, handler.DataStore, endpoint.ID)
-
-	// Update edge stack status
-	statusError := portainer.StatusError
-	statusOk := portainer.StatusOk
-	cases := []struct {
-		Name                 string
-		Payload              updateStatusPayload
-		ExpectedErrorMessage string
-		ExpectedStatusCode   int
-	}{
-		{
-			"Update with nil Status",
-			updateStatusPayload{
-				Error:      "test-error",
-				Status:     nil,
-				EndpointID: &endpoint.ID,
-			},
-			"Invalid status",
-			400,
-		},
-		{
-			"Update with error status and empty error message",
-			updateStatusPayload{
-				Error:      "",
-				Status:     &statusError,
-				EndpointID: &endpoint.ID,
-			},
-			"Error message is mandatory when status is error",
-			400,
-		},
-		{
-			"Update with nil EndpointID",
-			updateStatusPayload{
-				Error:      "",
-				Status:     &statusOk,
-				EndpointID: nil,
-			},
-			"Invalid EnvironmentID",
-			400,
-		},
-	}
-
-	for _, tc := range cases {
-		t.Run(tc.Name, func(t *testing.T) {
-			jsonPayload, err := json.Marshal(tc.Payload)
-			if err != nil {
-				t.Fatal("request error:", err)
-			}
-
-			r := bytes.NewBuffer(jsonPayload)
-			req, err := http.NewRequest(http.MethodPut, fmt.Sprintf("/edge_stacks/%d/status", edgeStack.ID), r)
-			if err != nil {
-				t.Fatal("request error:", err)
-			}
-
-			req.Header.Set(portainer.PortainerAgentEdgeIDHeader, endpoint.EdgeID)
-			rec := httptest.NewRecorder()
-			handler.ServeHTTP(rec, req)
-
-			if rec.Code != tc.ExpectedStatusCode {
-				t.Fatalf(fmt.Sprintf("expected a %d response, found: %d", tc.ExpectedStatusCode, rec.Code))
-			}
-		})
-	}
-}
-
-// Delete Status
-func TestDeleteStatus(t *testing.T) {
-	handler, _, teardown := setupHandler(t)
-	defer teardown()
-
-	endpoint := createEndpoint(t, handler.DataStore)
-	edgeStack := createEdgeStack(t, handler.DataStore, endpoint.ID)
-
-	req, err := http.NewRequest(http.MethodDelete, fmt.Sprintf("/edge_stacks/%d/status/%d", edgeStack.ID, endpoint.ID), nil)
-	if err != nil {
-		t.Fatal("request error:", err)
-	}
-
-	req.Header.Set(portainer.PortainerAgentEdgeIDHeader, endpoint.EdgeID)
-	rec := httptest.NewRecorder()
-	handler.ServeHTTP(rec, req)
-
-	if rec.Code != http.StatusOK {
-		t.Fatalf(fmt.Sprintf("expected a %d response, found: %d", http.StatusOK, rec.Code))
-	}
-}
--- a/api/http/handler/edgestacks/handler.go
+++ b/api/http/handler/edgestacks/handler.go
@@ -10,7 +10,6 @@ import (
 	portainer "github.com/portainer/portainer/api"
 	"github.com/portainer/portainer/api/dataservices"
 	"github.com/portainer/portainer/api/filesystem"
-	"github.com/portainer/portainer/api/http/middlewares"
 	"github.com/portainer/portainer/api/http/security"
 )

@@ -25,11 +24,10 @@ type Handler struct {
 }

 // NewHandler creates a handler to manage environment(endpoint) group operations.
-func NewHandler(bouncer *security.RequestBouncer, dataStore dataservices.DataStore) *Handler {
+func NewHandler(bouncer *security.RequestBouncer) *Handler {
 	h := &Handler{
 		Router:         mux.NewRouter(),
 		requestBouncer: bouncer,
-		DataStore:      dataStore,
 	}
 	h.Handle("/edge_stacks",
 		bouncer.AdminAccess(bouncer.EdgeComputeOperation(httperror.LoggerHandler(h.edgeStackCreate)))).Methods(http.MethodPost)
@@ -45,12 +43,6 @@ func NewHandler(bouncer *security.RequestBouncer, dataStore dataservices.DataSto
 		bouncer.AdminAccess(bouncer.EdgeComputeOperation(httperror.LoggerHandler(h.edgeStackFile)))).Methods(http.MethodGet)
 	h.Handle("/edge_stacks/{id}/status",
 		bouncer.PublicAccess(httperror.LoggerHandler(h.edgeStackStatusUpdate))).Methods(http.MethodPut)
-
-	edgeStackStatusRouter := h.NewRoute().Subrouter()
-	edgeStackStatusRouter.Use(middlewares.WithEndpoint(h.DataStore.Endpoint(), "endpoint_id"))
-
-	edgeStackStatusRouter.PathPrefix("/edge_stacks/{id}/status/{endpoint_id}").Handler(bouncer.PublicAccess(httperror.LoggerHandler(h.edgeStackStatusDelete))).Methods(http.MethodDelete)
-
 	return h
 }

--- a/api/http/handler/endpointedge/endpoint_edgestatus_inspect_test.go
+++ b/api/http/handler/endpointedge/endpoint_edgestatus_inspect_test.go
@@ -1,445 +0,0 @@
-package endpointedge
-
-import (
-	"context"
-	"encoding/json"
-	"fmt"
-	"net/http"
-	"net/http/httptest"
-	"os"
-	"testing"
-	"time"
-
-	portainer "github.com/portainer/portainer/api"
-	"github.com/portainer/portainer/api/apikey"
-	"github.com/portainer/portainer/api/chisel"
-	"github.com/portainer/portainer/api/datastore"
-	"github.com/portainer/portainer/api/filesystem"
-	"github.com/portainer/portainer/api/http/security"
-	"github.com/portainer/portainer/api/jwt"
-
-	"github.com/stretchr/testify/assert"
-)
-
-type endpointTestCase struct {
-	endpoint           portainer.Endpoint
-	endpointRelation   portainer.EndpointRelation
-	expectedStatusCode int
-}
-
-var endpointTestCases = []endpointTestCase{
-	{
-		portainer.Endpoint{},
-		portainer.EndpointRelation{},
-		http.StatusNotFound,
-	},
-	{
-		portainer.Endpoint{
-			ID:     -1,
-			Name:   "endpoint-id--1",
-			Type:   portainer.EdgeAgentOnDockerEnvironment,
-			URL:    "https://portainer.io:9443",
-			EdgeID: "edge-id",
-		},
-		portainer.EndpointRelation{
-			EndpointID: -1,
-		},
-		http.StatusNotFound,
-	},
-	{
-		portainer.Endpoint{
-			ID:     2,
-			Name:   "endpoint-id-2",
-			Type:   portainer.EdgeAgentOnDockerEnvironment,
-			URL:    "https://portainer.io:9443",
-			EdgeID: "",
-		},
-		portainer.EndpointRelation{
-			EndpointID: 2,
-		},
-		http.StatusBadRequest,
-	},
-	{
-		portainer.Endpoint{
-			ID:     4,
-			Name:   "endpoint-id-4",
-			Type:   portainer.EdgeAgentOnDockerEnvironment,
-			URL:    "https://portainer.io:9443",
-			EdgeID: "edge-id",
-		},
-		portainer.EndpointRelation{
-			EndpointID: 4,
-		},
-		http.StatusOK,
-	},
-}
-
-func setupHandler() (*Handler, func(), error) {
-	tmpDir, err := os.MkdirTemp(os.TempDir(), "portainer-test")
-	if err != nil {
-		return nil, nil, fmt.Errorf("could not create a tmp dir: %w", err)
-	}
-
-	fs, err := filesystem.NewService(tmpDir, "")
-	if err != nil {
-		return nil, nil, fmt.Errorf("could not start a new filesystem service: %w", err)
-	}
-
-	_, store, storeTeardown := datastore.MustNewTestStore(true, true)
-
-	ctx := context.Background()
-	shutdownCtx, cancelFn := context.WithCancel(ctx)
-
-	teardown := func() {
-		cancelFn()
-		storeTeardown()
-	}
-
-	jwtService, err := jwt.NewService("1h", store)
-	if err != nil {
-		teardown()
-		return nil, nil, fmt.Errorf("could not start a new jwt service: %w", err)
-	}
-
-	apiKeyService := apikey.NewAPIKeyService(nil, nil)
-
-	settings, err := store.Settings().Settings()
-	if err != nil {
-		teardown()
-		return nil, nil, fmt.Errorf("could not create new settings: %w", err)
-	}
-	settings.TrustOnFirstConnect = true
-
-	err = store.Settings().UpdateSettings(settings)
-	if err != nil {
-		teardown()
-		return nil, nil, fmt.Errorf("could not update settings: %w", err)
-	}
-
-	handler := NewHandler(
-		security.NewRequestBouncer(store, jwtService, apiKeyService),
-		store,
-		fs,
-		chisel.NewService(store, shutdownCtx),
-	)
-
-	handler.ReverseTunnelService = chisel.NewService(store, shutdownCtx)
-
-	return handler, teardown, nil
-}
-
-func createEndpoint(handler *Handler, endpoint portainer.Endpoint, endpointRelation portainer.EndpointRelation) (err error) {
-	// Avoid setting ID below 0 to generate invalid test cases
-	if endpoint.ID <= 0 {
-		return nil
-	}
-
-	err = handler.DataStore.Endpoint().Create(&endpoint)
-	if err != nil {
-		return err
-	}
-
-	return handler.DataStore.EndpointRelation().Create(&endpointRelation)
-}
-
-func TestMissingEdgeIdentifier(t *testing.T) {
-	handler, teardown, err := setupHandler()
-	defer teardown()
-
-	if err != nil {
-		t.Fatal(err)
-	}
-
-	endpointID := portainer.EndpointID(45)
-	err = createEndpoint(handler, portainer.Endpoint{
-		ID:     endpointID,
-		Name:   "endpoint-id-45",
-		Type:   portainer.EdgeAgentOnDockerEnvironment,
-		URL:    "https://portainer.io:9443",
-		EdgeID: "edge-id",
-	}, portainer.EndpointRelation{EndpointID: endpointID})
-
-	if err != nil {
-		t.Fatal(err)
-	}
-
-	req, err := http.NewRequest(http.MethodGet, fmt.Sprintf("/%d/edge/status", endpointID), nil)
-	if err != nil {
-		t.Fatal("request error:", err)
-	}
-
-	rec := httptest.NewRecorder()
-	handler.ServeHTTP(rec, req)
-
-	if rec.Code != http.StatusForbidden {
-		t.Fatalf(fmt.Sprintf("expected a %d response, found: %d without Edge identifier", http.StatusForbidden, rec.Code))
-	}
-}
-
-func TestWithEndpoints(t *testing.T) {
-	handler, teardown, err := setupHandler()
-	defer teardown()
-
-	if err != nil {
-		t.Fatal(err)
-	}
-
-	for _, test := range endpointTestCases {
-		err = createEndpoint(handler, test.endpoint, test.endpointRelation)
-		if err != nil {
-			t.Fatal(err)
-		}
-
-		req, err := http.NewRequest(http.MethodGet, fmt.Sprintf("/%d/edge/status", test.endpoint.ID), nil)
-		if err != nil {
-			t.Fatal("request error:", err)
-		}
-		req.Header.Set(portainer.PortainerAgentEdgeIDHeader, "edge-id")
-
-		rec := httptest.NewRecorder()
-		handler.ServeHTTP(rec, req)
-
-		if rec.Code != test.expectedStatusCode {
-			t.Fatalf(fmt.Sprintf("expected a %d response, found: %d for endpoint ID: %d", test.expectedStatusCode, rec.Code, test.endpoint.ID))
-		}
-	}
-}
-
-func TestLastCheckInDateIncreases(t *testing.T) {
-	handler, teardown, err := setupHandler()
-	defer teardown()
-
-	if err != nil {
-		t.Fatal(err)
-	}
-
-	endpointID := portainer.EndpointID(56)
-	endpoint := portainer.Endpoint{
-		ID:              endpointID,
-		Name:            "test-endpoint-56",
-		Type:            portainer.EdgeAgentOnDockerEnvironment,
-		URL:             "https://portainer.io:9443",
-		EdgeID:          "edge-id",
-		LastCheckInDate: time.Now().Unix(),
-	}
-
-	endpointRelation := portainer.EndpointRelation{
-		EndpointID: endpoint.ID,
-	}
-
-	err = createEndpoint(handler, endpoint, endpointRelation)
-	if err != nil {
-		t.Fatal(err)
-	}
-
-	time.Sleep(1 * time.Second)
-
-	req, err := http.NewRequest(http.MethodGet, fmt.Sprintf("/%d/edge/status", endpoint.ID), nil)
-	if err != nil {
-		t.Fatal("request error:", err)
-	}
-	req.Header.Set(portainer.PortainerAgentEdgeIDHeader, "edge-id")
-
-	rec := httptest.NewRecorder()
-	handler.ServeHTTP(rec, req)
-
-	if rec.Code != http.StatusOK {
-		t.Fatalf(fmt.Sprintf("expected a %d response, found: %d", http.StatusOK, rec.Code))
-	}
-
-	updatedEndpoint, err := handler.DataStore.Endpoint().Endpoint(endpoint.ID)
-	if err != nil {
-		t.Fatal(err)
-	}
-
-	assert.Greater(t, updatedEndpoint.LastCheckInDate, endpoint.LastCheckInDate)
-}
-
-func TestEmptyEdgeIdWithAgentPlatformHeader(t *testing.T) {
-	handler, teardown, err := setupHandler()
-	defer teardown()
-
-	if err != nil {
-		t.Fatal(err)
-	}
-
-	endpointID := portainer.EndpointID(44)
-	edgeId := "edge-id"
-	endpoint := portainer.Endpoint{
-		ID:     endpointID,
-		Name:   "test-endpoint-44",
-		Type:   portainer.EdgeAgentOnDockerEnvironment,
-		URL:    "https://portainer.io:9443",
-		EdgeID: "",
-	}
-	endpointRelation := portainer.EndpointRelation{
-		EndpointID: endpoint.ID,
-	}
-
-	err = createEndpoint(handler, endpoint, endpointRelation)
-	if err != nil {
-		t.Fatal(err)
-	}
-
-	req, err := http.NewRequest(http.MethodGet, fmt.Sprintf("/%d/edge/status", endpoint.ID), nil)
-	if err != nil {
-		t.Fatal("request error:", err)
-	}
-	req.Header.Set(portainer.PortainerAgentEdgeIDHeader, edgeId)
-	req.Header.Set(portainer.HTTPResponseAgentPlatform, "1")
-
-	rec := httptest.NewRecorder()
-	handler.ServeHTTP(rec, req)
-
-	if rec.Code != http.StatusOK {
-		t.Fatalf(fmt.Sprintf("expected a %d response, found: %d with empty edge ID", http.StatusOK, rec.Code))
-	}
-
-	updatedEndpoint, err := handler.DataStore.Endpoint().Endpoint(endpoint.ID)
-	if err != nil {
-		t.Fatal(err)
-	}
-
-	assert.Equal(t, updatedEndpoint.EdgeID, edgeId)
-}
-
-func TestEdgeStackStatus(t *testing.T) {
-	handler, teardown, err := setupHandler()
-	defer teardown()
-
-	if err != nil {
-		t.Fatal(err)
-	}
-
-	endpointID := portainer.EndpointID(7)
-	endpoint := portainer.Endpoint{
-		ID:              endpointID,
-		Name:            "test-endpoint-7",
-		Type:            portainer.EdgeAgentOnDockerEnvironment,
-		URL:             "https://portainer.io:9443",
-		EdgeID:          "edge-id",
-		LastCheckInDate: time.Now().Unix(),
-	}
-
-	edgeStackID := portainer.EdgeStackID(17)
-	edgeStack := portainer.EdgeStack{
-		ID:   edgeStackID,
-		Name: "test-edge-stack-17",
-		Status: map[portainer.EndpointID]portainer.EdgeStackStatus{
-			endpointID: {Type: portainer.StatusOk, Error: "", EndpointID: endpoint.ID},
-		},
-		CreationDate:   time.Now().Unix(),
-		EdgeGroups:     []portainer.EdgeGroupID{1, 2},
-		ProjectPath:    "/project/path",
-		EntryPoint:     "entrypoint",
-		Version:        237,
-		ManifestPath:   "/manifest/path",
-		DeploymentType: 1,
-	}
-
-	endpointRelation := portainer.EndpointRelation{
-		EndpointID: endpoint.ID,
-		EdgeStacks: map[portainer.EdgeStackID]bool{
-			edgeStack.ID: true,
-		},
-	}
-	handler.DataStore.EdgeStack().Create(edgeStack.ID, &edgeStack)
-
-	err = createEndpoint(handler, endpoint, endpointRelation)
-	if err != nil {
-		t.Fatal(err)
-	}
-
-	req, err := http.NewRequest(http.MethodGet, fmt.Sprintf("/%d/edge/status", endpoint.ID), nil)
-	if err != nil {
-		t.Fatal("request error:", err)
-	}
-	req.Header.Set(portainer.PortainerAgentEdgeIDHeader, "edge-id")
-
-	rec := httptest.NewRecorder()
-	handler.ServeHTTP(rec, req)
-
-	if rec.Code != http.StatusOK {
-		t.Fatalf(fmt.Sprintf("expected a %d response, found: %d", http.StatusOK, rec.Code))
-	}
-
-	var data endpointEdgeStatusInspectResponse
-	err = json.NewDecoder(rec.Body).Decode(&data)
-	if err != nil {
-		t.Fatal("error decoding response:", err)
-	}
-
-	assert.Len(t, data.Stacks, 1)
-	assert.Equal(t, edgeStack.ID, data.Stacks[0].ID)
-	assert.Equal(t, edgeStack.Version, data.Stacks[0].Version)
-}
-
-func TestEdgeJobsResponse(t *testing.T) {
-	handler, teardown, err := setupHandler()
-	defer teardown()
-
-	if err != nil {
-		t.Fatal(err)
-	}
-
-	endpointID := portainer.EndpointID(77)
-	endpoint := portainer.Endpoint{
-		ID:              endpointID,
-		Name:            "test-endpoint-77",
-		Type:            portainer.EdgeAgentOnDockerEnvironment,
-		URL:             "https://portainer.io:9443",
-		EdgeID:          "edge-id",
-		LastCheckInDate: time.Now().Unix(),
-	}
-
-	endpointRelation := portainer.EndpointRelation{
-		EndpointID: endpoint.ID,
-	}
-
-	err = createEndpoint(handler, endpoint, endpointRelation)
-	if err != nil {
-		t.Fatal(err)
-	}
-
-	path, err := handler.FileService.StoreEdgeJobFileFromBytes("test-script", []byte("pwd"))
-	if err != nil {
-		t.Fatal(err)
-	}
-
-	edgeJobID := portainer.EdgeJobID(35)
-	edgeJob := portainer.EdgeJob{
-		ID:             edgeJobID,
-		Created:        time.Now().Unix(),
-		CronExpression: "* * * * *",
-		Name:           "test-edge-job",
-		ScriptPath:     path,
-		Recurring:      true,
-		Version:        57,
-	}
-
-	handler.ReverseTunnelService.AddEdgeJob(endpoint.ID, &edgeJob)
-
-	req, err := http.NewRequest(http.MethodGet, fmt.Sprintf("/%d/edge/status", endpoint.ID), nil)
-	if err != nil {
-		t.Fatal("request error:", err)
-	}
-	req.Header.Set(portainer.PortainerAgentEdgeIDHeader, "edge-id")
-
-	rec := httptest.NewRecorder()
-	handler.ServeHTTP(rec, req)
-
-	if rec.Code != http.StatusOK {
-		t.Fatalf(fmt.Sprintf("expected a %d response, found: %d", http.StatusOK, rec.Code))
-	}
-
-	var data endpointEdgeStatusInspectResponse
-	err = json.NewDecoder(rec.Body).Decode(&data)
-	if err != nil {
-		t.Fatal("error decoding response:", err)
-	}
-
-	assert.Len(t, data.Schedules, 1)
-	assert.Equal(t, edgeJob.ID, data.Schedules[0].ID)
-	assert.Equal(t, edgeJob.CronExpression, data.Schedules[0].CronExpression)
-	assert.Equal(t, edgeJob.Version, data.Schedules[0].Version)
-}
--- a/api/http/handler/endpoints/endpoint_association_delete.go
+++ b/api/http/handler/endpoints/endpoint_association_delete.go
@@ -23,7 +23,7 @@ import (
 // @tags endpoints
 // @produce json
 // @param id path int true "Environment(Endpoint) identifier"
-// @success 204 "Success"
+// @success 200 {object} portainer.Endpoint "Success"
 // @failure 400 "Invalid request"
 // @failure 404 "Environment(Endpoint) not found"
 // @failure 500 "Server error"
@@ -61,7 +61,7 @@ func (handler *Handler) endpointAssociationDelete(w http.ResponseWriter, r *http

 	handler.ReverseTunnelService.SetTunnelStatusToIdle(endpoint.ID)

-	return response.Empty(w)
+	return response.JSON(w, endpoint)
 }

 func (handler *Handler) updateEdgeKey(edgeKey string) (string, error) {
--- a/api/http/handler/endpoints/endpoint_create.go
+++ b/api/http/handler/endpoints/endpoint_create.go
@@ -25,7 +25,6 @@ type endpointCreatePayload struct {
 	URL                    string
 	EndpointCreationType   endpointCreationEnum
 	PublicURL              string
-	Gpus                   []portainer.Pair
 	GroupID                int
 	TLS                    bool
 	TLSSkipVerify          bool
@@ -143,13 +142,6 @@ func (payload *endpointCreatePayload) Validate(r *http.Request) error {
 		payload.PublicURL = publicURL
 	}

-	gpus := make([]portainer.Pair, 0)
-	err = request.RetrieveMultiPartFormJSONValue(r, "Gpus", &gpus, true)
-	if err != nil {
-		return errors.New("Invalid Gpus parameter")
-	}
-	payload.Gpus = gpus
-
 	checkinInterval, _ := request.RetrieveNumericMultiPartFormValue(r, "CheckinInterval", true)
 	payload.EdgeCheckinInterval = checkinInterval

@@ -195,15 +187,6 @@ func (handler *Handler) endpointCreate(w http.ResponseWriter, r *http.Request) *
 		return &httperror.HandlerError{http.StatusBadRequest, "Invalid request payload", err}
 	}

-	isUnique, err := handler.isNameUnique(payload.Name, 0)
-	if err != nil {
-		return httperror.InternalServerError("Unable to check if name is unique", err)
-	}
-
-	if !isUnique {
-		return httperror.NewError(http.StatusConflict, "Name is not unique", nil)
-	}
-
 	endpoint, endpointCreationError := handler.createEndpoint(payload)
 	if endpointCreationError != nil {
 		return endpointCreationError
@@ -298,7 +281,6 @@ func (handler *Handler) createAzureEndpoint(payload *endpointCreatePayload) (*po
 		Type:               portainer.AzureEnvironment,
 		GroupID:            portainer.EndpointGroupID(payload.GroupID),
 		PublicURL:          payload.PublicURL,
-		Gpus:               payload.Gpus,
 		UserAccessPolicies: portainer.UserAccessPolicies{},
 		TeamAccessPolicies: portainer.TeamAccessPolicies{},
 		AzureCredentials:   credentials,
@@ -332,7 +314,6 @@ func (handler *Handler) createEdgeAgentEndpoint(payload *endpointCreatePayload)
 		URL:     portainerHost,
 		Type:    portainer.EdgeAgentOnDockerEnvironment,
 		GroupID: portainer.EndpointGroupID(payload.GroupID),
-		Gpus:    payload.Gpus,
 		TLSConfig: portainer.TLSConfiguration{
 			TLS: false,
 		},
@@ -388,7 +369,6 @@ func (handler *Handler) createUnsecuredEndpoint(payload *endpointCreatePayload)
 		Type:      endpointType,
 		GroupID:   portainer.EndpointGroupID(payload.GroupID),
 		PublicURL: payload.PublicURL,
-		Gpus:      payload.Gpus,
 		TLSConfig: portainer.TLSConfiguration{
 			TLS: false,
 		},
@@ -423,7 +403,6 @@ func (handler *Handler) createKubernetesEndpoint(payload *endpointCreatePayload)
 		Type:      portainer.KubernetesLocalEnvironment,
 		GroupID:   portainer.EndpointGroupID(payload.GroupID),
 		PublicURL: payload.PublicURL,
-		Gpus:      payload.Gpus,
 		TLSConfig: portainer.TLSConfiguration{
 			TLS:           payload.TLS,
 			TLSSkipVerify: payload.TLSSkipVerify,
@@ -453,7 +432,6 @@ func (handler *Handler) createTLSSecuredEndpoint(payload *endpointCreatePayload,
 		Type:      endpointType,
 		GroupID:   portainer.EndpointGroupID(payload.GroupID),
 		PublicURL: payload.PublicURL,
-		Gpus:      payload.Gpus,
 		TLSConfig: portainer.TLSConfiguration{
 			TLS:           payload.TLS,
 			TLSSkipVerify: payload.TLSSkipVerify,
--- a/api/http/handler/endpoints/endpoint_create_global_key_test.go
+++ b/api/http/handler/endpoints/endpoint_create_global_key_test.go
@@ -12,7 +12,6 @@ import (
 func TestEmptyGlobalKey(t *testing.T) {
 	handler := NewHandler(
 		helper.NewTestRequestBouncer(),
-		nil,
 	)

 	req, err := http.NewRequest(http.MethodPost, "https://portainer.io:9443/endpoints/global-key", nil)
--- a/api/http/handler/endpoints/endpoint_delete.go
+++ b/api/http/handler/endpoints/endpoint_delete.go
@@ -8,7 +8,6 @@ import (
 	"github.com/portainer/libhttp/request"
 	"github.com/portainer/libhttp/response"
 	portainer "github.com/portainer/portainer/api"
-	httperrors "github.com/portainer/portainer/api/http/errors"
 )

 // @id EndpointDelete
@@ -30,10 +29,6 @@ func (handler *Handler) endpointDelete(w http.ResponseWriter, r *http.Request) *
 		return &httperror.HandlerError{http.StatusBadRequest, "Invalid environment identifier route variable", err}
 	}

-	if handler.demoService.IsDemoEnvironment(portainer.EndpointID(endpointID)) {
-		return &httperror.HandlerError{http.StatusForbidden, httperrors.ErrNotAvailableInDemo.Error(), httperrors.ErrNotAvailableInDemo}
-	}
-
 	endpoint, err := handler.DataStore.Endpoint().Endpoint(portainer.EndpointID(endpointID))
 	if handler.DataStore.IsErrObjectNotFound(err) {
 		return &httperror.HandlerError{http.StatusNotFound, "Unable to find an environment with the specified identifier inside the database", err}
--- a/api/http/handler/endpoints/endpoint_list.go
+++ b/api/http/handler/endpoints/endpoint_list.go
@@ -4,14 +4,24 @@ import (
 	"net/http"
 	"sort"
 	"strconv"
+	"strings"
 	"time"

 	"github.com/portainer/libhttp/request"
-	portainer "github.com/portainer/portainer/api"
-	"github.com/portainer/portainer/api/http/security"

 	httperror "github.com/portainer/libhttp/error"
 	"github.com/portainer/libhttp/response"
+	portainer "github.com/portainer/portainer/api"
+	"github.com/portainer/portainer/api/http/security"
+	"github.com/portainer/portainer/api/internal/endpointutils"
+	"github.com/portainer/portainer/api/internal/utils"
+)
+
+const (
+	EdgeDeviceFilterAll       = "all"
+	EdgeDeviceFilterTrusted   = "trusted"
+	EdgeDeviceFilterUntrusted = "untrusted"
+	EdgeDeviceFilterNone      = "none"
 )

 const (
@@ -24,7 +34,7 @@ var endpointGroupNames map[portainer.EndpointGroupID]string
 // @id EndpointList
 // @summary List environments(endpoints)
 // @description List all environments(endpoints) based on the current user authorizations. Will
-// @description return all environments(endpoints) if using an administrator or team leader account otherwise it will
+// @description return all environments(endpoints) if using an administrator account otherwise it will
 // @description only return authorized environments(endpoints).
 // @description **Access policy**: restricted
 // @tags endpoints
@@ -32,20 +42,14 @@ var endpointGroupNames map[portainer.EndpointGroupID]string
 // @security jwt
 // @produce json
 // @param start query int false "Start searching from"
-// @param limit query int false "Limit results to this value"
-// @param sort query int false "Sort results by this value"
-// @param order query int false "Order sorted results by desc/asc" Enum("asc", "desc")
 // @param search query string false "Search query"
-// @param groupIds query []int false "List environments(endpoints) of these groups"
-// @param status query []int false "List environments(endpoints) by this status"
+// @param groupId query int false "List environments(endpoints) of this group"
+// @param limit query int false "Limit results to this value"
 // @param types query []int false "List environments(endpoints) of this type"
 // @param tagIds query []int false "search environments(endpoints) with these tags (depends on tagsPartialMatch)"
 // @param tagsPartialMatch query bool false "If true, will return environment(endpoint) which has one of tagIds, if false (or missing) will return only environments(endpoints) that has all the tags"
 // @param endpointIds query []int false "will return only these environments(endpoints)"
-// @param provisioned query bool false "If true, will return environment(endpoint) that were provisioned"
-// @param edgeDevice query bool false "if exists true show only edge devices, false show only regular edge endpoints. if missing, will show both types (relevant only for edge endpoints)"
-// @param edgeDeviceUntrusted query bool false "if true, show only untrusted endpoints, if false show only trusted (relevant only for edge devices, and if edgeDevice is true)"
-// @param name query string false "will return only environments(endpoints) with this name"
+// @param edgeDeviceFilter query string false "will return only these edge environments, none will return only regular edge environments" Enum("all", "trusted", "untrusted", "none")
 // @success 200 {array} portainer.Endpoint "Endpoints"
 // @failure 500 "Server error"
 // @router /endpoints [get]
@@ -55,43 +59,105 @@ func (handler *Handler) endpointList(w http.ResponseWriter, r *http.Request) *ht
 		start--
 	}

+	search, _ := request.RetrieveQueryParameter(r, "search", true)
+	if search != "" {
+		search = strings.ToLower(search)
+	}
+
+	groupID, _ := request.RetrieveNumericQueryParameter(r, "groupId", true)
 	limit, _ := request.RetrieveNumericQueryParameter(r, "limit", true)
 	sortField, _ := request.RetrieveQueryParameter(r, "sort", true)
 	sortOrder, _ := request.RetrieveQueryParameter(r, "order", true)

+	var endpointTypes []int
+	request.RetrieveJSONQueryParameter(r, "types", &endpointTypes, true)
+
+	var tagIDs []portainer.TagID
+	request.RetrieveJSONQueryParameter(r, "tagIds", &tagIDs, true)
+
+	tagsPartialMatch, _ := request.RetrieveBooleanQueryParameter(r, "tagsPartialMatch", true)
+
+	var endpointIDs []portainer.EndpointID
+	request.RetrieveJSONQueryParameter(r, "endpointIds", &endpointIDs, true)
+
+	var statuses []int
+	request.RetrieveJSONQueryParameter(r, "status", &statuses, true)
+
+	var groupIDs []int
+	request.RetrieveJSONQueryParameter(r, "groupIds", &groupIDs, true)
+
 	endpointGroups, err := handler.DataStore.EndpointGroup().EndpointGroups()
 	if err != nil {
-		return httperror.InternalServerError("Unable to retrieve environment groups from the database", err)
+		return &httperror.HandlerError{http.StatusInternalServerError, "Unable to retrieve environment groups from the database", err}
+	}
+
+	// create endpoint groups as a map for more convenient access
+	endpointGroupNames = make(map[portainer.EndpointGroupID]string, 0)
+	for _, group := range endpointGroups {
+		endpointGroupNames[group.ID] = group.Name
 	}

 	endpoints, err := handler.DataStore.Endpoint().Endpoints()
 	if err != nil {
-		return httperror.InternalServerError("Unable to retrieve environments from the database", err)
+		return &httperror.HandlerError{http.StatusInternalServerError, "Unable to retrieve environments from the database", err}
 	}

 	settings, err := handler.DataStore.Settings().Settings()
 	if err != nil {
-		return httperror.InternalServerError("Unable to retrieve settings from the database", err)
+		return &httperror.HandlerError{http.StatusInternalServerError, "Unable to retrieve settings from the database", err}
 	}

 	securityContext, err := security.RetrieveRestrictedRequestContext(r)
 	if err != nil {
-		return httperror.InternalServerError("Unable to retrieve info from request context", err)
-	}
-
-	query, err := parseQuery(r)
-	if err != nil {
-		return httperror.BadRequest("Invalid query parameters", err)
+		return &httperror.HandlerError{http.StatusInternalServerError, "Unable to retrieve info from request context", err}
 	}

 	filteredEndpoints := security.FilterEndpoints(endpoints, endpointGroups, securityContext)
+	totalAvailableEndpoints := len(filteredEndpoints)

-	filteredEndpoints, totalAvailableEndpoints, err := handler.filterEndpointsByQuery(filteredEndpoints, query, endpointGroups, settings)
-	if err != nil {
-		return httperror.InternalServerError("Unable to filter endpoints", err)
+	if groupID != 0 {
+		filteredEndpoints = filterEndpointsByGroupIDs(filteredEndpoints, []int{groupID})
 	}

-	sortEndpointsByField(filteredEndpoints, endpointGroups, sortField, sortOrder == "desc")
+	if endpointIDs != nil {
+		filteredEndpoints = filteredEndpointsByIds(filteredEndpoints, endpointIDs)
+	}
+
+	if len(groupIDs) > 0 {
+		filteredEndpoints = filterEndpointsByGroupIDs(filteredEndpoints, groupIDs)
+	}
+
+	edgeDeviceFilter, _ := request.RetrieveQueryParameter(r, "edgeDeviceFilter", false)
+	if edgeDeviceFilter != "" {
+		filteredEndpoints = filterEndpointsByEdgeDevice(filteredEndpoints, edgeDeviceFilter)
+	}
+
+	if len(statuses) > 0 {
+		filteredEndpoints = filterEndpointsByStatuses(filteredEndpoints, statuses, settings)
+	}
+
+	if search != "" {
+		tags, err := handler.DataStore.Tag().Tags()
+		if err != nil {
+			return &httperror.HandlerError{http.StatusInternalServerError, "Unable to retrieve tags from the database", err}
+		}
+		tagsMap := make(map[portainer.TagID]string)
+		for _, tag := range tags {
+			tagsMap[tag.ID] = tag.Name
+		}
+		filteredEndpoints = filterEndpointsBySearchCriteria(filteredEndpoints, endpointGroups, tagsMap, search)
+	}
+
+	if endpointTypes != nil {
+		filteredEndpoints = filterEndpointsByTypes(filteredEndpoints, endpointTypes)
+	}
+
+	if tagIDs != nil {
+		filteredEndpoints = filteredEndpointsByTags(filteredEndpoints, tagIDs, endpointGroups, tagsPartialMatch)
+	}
+
+	// Sort endpoints by field
+	sortEndpointsByField(filteredEndpoints, sortField, sortOrder == "desc")

 	filteredEndpointCount := len(filteredEndpoints)

@@ -130,7 +196,65 @@ func paginateEndpoints(endpoints []portainer.Endpoint, start, limit int) []porta
 	return endpoints[start:end]
 }

-func sortEndpointsByField(endpoints []portainer.Endpoint, endpointGroups []portainer.EndpointGroup, sortField string, isSortDesc bool) {
+func filterEndpointsByGroupIDs(endpoints []portainer.Endpoint, endpointGroupIDs []int) []portainer.Endpoint {
+	filteredEndpoints := make([]portainer.Endpoint, 0)
+
+	for _, endpoint := range endpoints {
+		if utils.Contains(endpointGroupIDs, int(endpoint.GroupID)) {
+			filteredEndpoints = append(filteredEndpoints, endpoint)
+		}
+	}
+
+	return filteredEndpoints
+}
+
+func filterEndpointsBySearchCriteria(endpoints []portainer.Endpoint, endpointGroups []portainer.EndpointGroup, tagsMap map[portainer.TagID]string, searchCriteria string) []portainer.Endpoint {
+	filteredEndpoints := make([]portainer.Endpoint, 0)
+
+	for _, endpoint := range endpoints {
+		endpointTags := convertTagIDsToTags(tagsMap, endpoint.TagIDs)
+		if endpointMatchSearchCriteria(&endpoint, endpointTags, searchCriteria) {
+			filteredEndpoints = append(filteredEndpoints, endpoint)
+			continue
+		}
+
+		if endpointGroupMatchSearchCriteria(&endpoint, endpointGroups, tagsMap, searchCriteria) {
+			filteredEndpoints = append(filteredEndpoints, endpoint)
+		}
+	}
+
+	return filteredEndpoints
+}
+
+func filterEndpointsByStatuses(endpoints []portainer.Endpoint, statuses []int, settings *portainer.Settings) []portainer.Endpoint {
+	filteredEndpoints := make([]portainer.Endpoint, 0)
+
+	for _, endpoint := range endpoints {
+		status := endpoint.Status
+		if endpointutils.IsEdgeEndpoint(&endpoint) {
+			isCheckValid := false
+			edgeCheckinInterval := endpoint.EdgeCheckinInterval
+			if endpoint.EdgeCheckinInterval == 0 {
+				edgeCheckinInterval = settings.EdgeAgentCheckinInterval
+			}
+			if edgeCheckinInterval != 0 && endpoint.LastCheckInDate != 0 {
+				isCheckValid = time.Now().Unix()-endpoint.LastCheckInDate <= int64(edgeCheckinInterval*EdgeDeviceIntervalMultiplier+EdgeDeviceIntervalAdd)
+			}
+			status = portainer.EndpointStatusDown // Offline
+			if isCheckValid {
+				status = portainer.EndpointStatusUp // Online
+			}
+		}
+
+		if utils.Contains(statuses, int(status)) {
+			filteredEndpoints = append(filteredEndpoints, endpoint)
+		}
+	}
+
+	return filteredEndpoints
+}
+
+func sortEndpointsByField(endpoints []portainer.Endpoint, sortField string, isSortDesc bool) {

 	switch sortField {
 	case "Name":
@@ -141,20 +265,10 @@ func sortEndpointsByField(endpoints []portainer.Endpoint, endpointGroups []porta
 		}

 	case "Group":
-		endpointGroupNames = make(map[portainer.EndpointGroupID]string, 0)
-		for _, group := range endpointGroups {
-			endpointGroupNames[group.ID] = group.Name
-		}
-
-		endpointsByGroup := EndpointsByGroup{
-			endpointGroupNames: endpointGroupNames,
-			endpoints:          endpoints,
-		}
-
 		if isSortDesc {
-			sort.Stable(sort.Reverse(endpointsByGroup))
+			sort.Stable(sort.Reverse(EndpointsByGroup(endpoints)))
 		} else {
-			sort.Stable(endpointsByGroup)
+			sort.Stable(EndpointsByGroup(endpoints))
 		}

 	case "Status":
@@ -170,6 +284,123 @@ func sortEndpointsByField(endpoints []portainer.Endpoint, endpointGroups []porta
 	}
 }

+func endpointMatchSearchCriteria(endpoint *portainer.Endpoint, tags []string, searchCriteria string) bool {
+	if strings.Contains(strings.ToLower(endpoint.Name), searchCriteria) {
+		return true
+	}
+
+	if strings.Contains(strings.ToLower(endpoint.URL), searchCriteria) {
+		return true
+	}
+
+	if endpoint.Status == portainer.EndpointStatusUp && searchCriteria == "up" {
+		return true
+	} else if endpoint.Status == portainer.EndpointStatusDown && searchCriteria == "down" {
+		return true
+	}
+	for _, tag := range tags {
+		if strings.Contains(strings.ToLower(tag), searchCriteria) {
+			return true
+		}
+	}
+
+	return false
+}
+
+func endpointGroupMatchSearchCriteria(endpoint *portainer.Endpoint, endpointGroups []portainer.EndpointGroup, tagsMap map[portainer.TagID]string, searchCriteria string) bool {
+	for _, group := range endpointGroups {
+		if group.ID == endpoint.GroupID {
+			if strings.Contains(strings.ToLower(group.Name), searchCriteria) {
+				return true
+			}
+			tags := convertTagIDsToTags(tagsMap, group.TagIDs)
+			for _, tag := range tags {
+				if strings.Contains(strings.ToLower(tag), searchCriteria) {
+					return true
+				}
+			}
+		}
+	}
+
+	return false
+}
+
+func filterEndpointsByTypes(endpoints []portainer.Endpoint, endpointTypes []int) []portainer.Endpoint {
+	filteredEndpoints := make([]portainer.Endpoint, 0)
+
+	typeSet := map[portainer.EndpointType]bool{}
+	for _, endpointType := range endpointTypes {
+		typeSet[portainer.EndpointType(endpointType)] = true
+	}
+
+	for _, endpoint := range endpoints {
+		if typeSet[endpoint.Type] {
+			filteredEndpoints = append(filteredEndpoints, endpoint)
+		}
+	}
+	return filteredEndpoints
+}
+
+func filterEndpointsByEdgeDevice(endpoints []portainer.Endpoint, edgeDeviceFilter string) []portainer.Endpoint {
+	filteredEndpoints := make([]portainer.Endpoint, 0)
+
+	for _, endpoint := range endpoints {
+		if shouldReturnEdgeDevice(endpoint, edgeDeviceFilter) {
+			filteredEndpoints = append(filteredEndpoints, endpoint)
+		}
+	}
+	return filteredEndpoints
+}
+
+func shouldReturnEdgeDevice(endpoint portainer.Endpoint, edgeDeviceFilter string) bool {
+	// none - return all endpoints that are not edge devices
+	if edgeDeviceFilter == EdgeDeviceFilterNone && !endpoint.IsEdgeDevice {
+		return true
+	}
+
+	if !endpointutils.IsEdgeEndpoint(&endpoint) {
+		return false
+	}
+
+	switch edgeDeviceFilter {
+	case EdgeDeviceFilterAll:
+		return true
+	case EdgeDeviceFilterTrusted:
+		return endpoint.UserTrusted
+	case EdgeDeviceFilterUntrusted:
+		return !endpoint.UserTrusted
+	}
+
+	return false
+}
+
+func convertTagIDsToTags(tagsMap map[portainer.TagID]string, tagIDs []portainer.TagID) []string {
+	tags := make([]string, 0)
+	for _, tagID := range tagIDs {
+		tags = append(tags, tagsMap[tagID])
+	}
+	return tags
+}
+
+func filteredEndpointsByTags(endpoints []portainer.Endpoint, tagIDs []portainer.TagID, endpointGroups []portainer.EndpointGroup, partialMatch bool) []portainer.Endpoint {
+	filteredEndpoints := make([]portainer.Endpoint, 0)
+
+	for _, endpoint := range endpoints {
+		endpointGroup := getEndpointGroup(endpoint.GroupID, endpointGroups)
+		endpointMatched := false
+		if partialMatch {
+			endpointMatched = endpointPartialMatchTags(endpoint, endpointGroup, tagIDs)
+		} else {
+			endpointMatched = endpointFullMatchTags(endpoint, endpointGroup, tagIDs)
+		}
+
+		if endpointMatched {
+			filteredEndpoints = append(filteredEndpoints, endpoint)
+		}
+	}
+	return filteredEndpoints
+}
+
 func getEndpointGroup(groupID portainer.EndpointGroupID, groups []portainer.EndpointGroup) portainer.EndpointGroup {
 	var endpointGroup portainer.EndpointGroup
 	for _, group := range groups {
@@ -180,3 +411,57 @@ func getEndpointGroup(groupID portainer.EndpointGroupID, groups []portainer.Endp
 	}
 	return endpointGroup
 }
+
+func endpointPartialMatchTags(endpoint portainer.Endpoint, endpointGroup portainer.EndpointGroup, tagIDs []portainer.TagID) bool {
+	tagSet := make(map[portainer.TagID]bool)
+	for _, tagID := range tagIDs {
+		tagSet[tagID] = true
+	}
+	for _, tagID := range endpoint.TagIDs {
+		if tagSet[tagID] {
+			return true
+		}
+	}
+	for _, tagID := range endpointGroup.TagIDs {
+		if tagSet[tagID] {
+			return true
+		}
+	}
+	return false
+}
+
+func endpointFullMatchTags(endpoint portainer.Endpoint, endpointGroup portainer.EndpointGroup, tagIDs []portainer.TagID) bool {
+	missingTags := make(map[portainer.TagID]bool)
+	for _, tagID := range tagIDs {
+		missingTags[tagID] = true
+	}
+	for _, tagID := range endpoint.TagIDs {
+		if missingTags[tagID] {
+			delete(missingTags, tagID)
+		}
+	}
+	for _, tagID := range endpointGroup.TagIDs {
+		if missingTags[tagID] {
+			delete(missingTags, tagID)
+		}
+	}
+	return len(missingTags) == 0
+}
+
+func filteredEndpointsByIds(endpoints []portainer.Endpoint, ids []portainer.EndpointID) []portainer.Endpoint {
+	filteredEndpoints := make([]portainer.Endpoint, 0)
+
+	idsSet := make(map[portainer.EndpointID]bool)
+	for _, id := range ids {
+		idsSet[id] = true
+	}
+
+	for _, endpoint := range endpoints {
+		if idsSet[endpoint.ID] {
+			filteredEndpoints = append(filteredEndpoints, endpoint)
+		}
+	}
+
+	return filteredEndpoints
+
+}
--- a/api/http/handler/endpoints/endpoint_list_test.go
+++ b/api/http/handler/endpoints/endpoint_list_test.go
@@ -16,64 +16,66 @@ import (
 	"github.com/stretchr/testify/assert"
 )

-type endpointListTest struct {
+type endpointListEdgeDeviceTest struct {
 	title    string
 	expected []portainer.EndpointID
+	filter   string
 }

-func Test_endpointList_edgeDeviceFilter(t *testing.T) {
+func Test_endpointList(t *testing.T) {
+	var err error
+	is := assert.New(t)

-	trustedEdgeDevice := portainer.Endpoint{ID: 1, UserTrusted: true, IsEdgeDevice: true, GroupID: 1, Type: portainer.EdgeAgentOnDockerEnvironment}
-	untrustedEdgeDevice := portainer.Endpoint{ID: 2, UserTrusted: false, IsEdgeDevice: true, GroupID: 1, Type: portainer.EdgeAgentOnDockerEnvironment}
+	_, store, teardown := datastore.MustNewTestStore(true, true)
+	defer teardown()
+
+	trustedEndpoint := portainer.Endpoint{ID: 1, UserTrusted: true, IsEdgeDevice: true, GroupID: 1, Type: portainer.EdgeAgentOnDockerEnvironment}
+	untrustedEndpoint := portainer.Endpoint{ID: 2, UserTrusted: false, IsEdgeDevice: true, GroupID: 1, Type: portainer.EdgeAgentOnDockerEnvironment}
 	regularUntrustedEdgeEndpoint := portainer.Endpoint{ID: 3, UserTrusted: false, IsEdgeDevice: false, GroupID: 1, Type: portainer.EdgeAgentOnDockerEnvironment}
 	regularTrustedEdgeEndpoint := portainer.Endpoint{ID: 4, UserTrusted: true, IsEdgeDevice: false, GroupID: 1, Type: portainer.EdgeAgentOnDockerEnvironment}
 	regularEndpoint := portainer.Endpoint{ID: 5, UserTrusted: false, IsEdgeDevice: false, GroupID: 1, Type: portainer.DockerEnvironment}

-	handler, teardown := setup(t, []portainer.Endpoint{
-		trustedEdgeDevice,
-		untrustedEdgeDevice,
+	endpoints := []portainer.Endpoint{
+		trustedEndpoint,
+		untrustedEndpoint,
 		regularUntrustedEdgeEndpoint,
 		regularTrustedEdgeEndpoint,
 		regularEndpoint,
-	})
-
-	defer teardown()
-
-	type endpointListEdgeDeviceTest struct {
-		endpointListTest
-		edgeDevice          *bool
-		edgeDeviceUntrusted bool
 	}

+	for _, endpoint := range endpoints {
+		err = store.Endpoint().Create(&endpoint)
+		is.NoError(err, "error creating environment")
+	}
+
+	err = store.User().Create(&portainer.User{Username: "admin", Role: portainer.AdministratorRole})
+	is.NoError(err, "error creating a user")
+
+	bouncer := helper.NewTestRequestBouncer()
+	h := NewHandler(bouncer)
+	h.DataStore = store
+	h.ComposeStackManager = testhelpers.NewComposeStackManager()
+
 	tests := []endpointListEdgeDeviceTest{
 		{
-			endpointListTest: endpointListTest{
-				"should show all endpoints expect of the untrusted devices",
-				[]portainer.EndpointID{trustedEdgeDevice.ID, regularUntrustedEdgeEndpoint.ID, regularTrustedEdgeEndpoint.ID, regularEndpoint.ID},
-			},
-			edgeDevice: nil,
+			"should show all edge endpoints",
+			[]portainer.EndpointID{trustedEndpoint.ID, untrustedEndpoint.ID, regularUntrustedEdgeEndpoint.ID, regularTrustedEdgeEndpoint.ID},
+			EdgeDeviceFilterAll,
 		},
 		{
-			endpointListTest: endpointListTest{
-				"should show only trusted edge devices and regular endpoints",
-				[]portainer.EndpointID{trustedEdgeDevice.ID, regularEndpoint.ID},
-			},
-			edgeDevice: BoolAddr(true),
+			"should show only trusted edge devices",
+			[]portainer.EndpointID{trustedEndpoint.ID, regularTrustedEdgeEndpoint.ID},
+			EdgeDeviceFilterTrusted,
 		},
 		{
-			endpointListTest: endpointListTest{
-				"should show only untrusted edge devices and regular endpoints",
-				[]portainer.EndpointID{untrustedEdgeDevice.ID, regularEndpoint.ID},
-			},
-			edgeDevice:          BoolAddr(true),
-			edgeDeviceUntrusted: true,
+			"should show only untrusted edge devices",
+			[]portainer.EndpointID{untrustedEndpoint.ID, regularUntrustedEdgeEndpoint.ID},
+			EdgeDeviceFilterUntrusted,
 		},
 		{
-			endpointListTest: endpointListTest{
-				"should show no edge devices",
-				[]portainer.EndpointID{regularEndpoint.ID, regularUntrustedEdgeEndpoint.ID, regularTrustedEdgeEndpoint.ID},
-			},
-			edgeDevice: BoolAddr(false),
+			"should show no edge devices",
+			[]portainer.EndpointID{regularEndpoint.ID, regularUntrustedEdgeEndpoint.ID, regularTrustedEdgeEndpoint.ID},
+			EdgeDeviceFilterNone,
 		},
 	}

@@ -81,13 +83,8 @@ func Test_endpointList_edgeDeviceFilter(t *testing.T) {
 		t.Run(test.title, func(t *testing.T) {
 			is := assert.New(t)

-			query := fmt.Sprintf("edgeDeviceUntrusted=%v&", test.edgeDeviceUntrusted)
-			if test.edgeDevice != nil {
-				query += fmt.Sprintf("edgeDevice=%v&", *test.edgeDevice)
-			}
-
-			req := buildEndpointListRequest(query)
-			resp, err := doEndpointListRequest(req, handler, is)
+			req := buildEndpointListRequest(test.filter)
+			resp, err := doEndpointListRequest(req, h, is)
 			is.NoError(err)

 			is.Equal(len(test.expected), len(resp))
@@ -103,28 +100,8 @@ func Test_endpointList_edgeDeviceFilter(t *testing.T) {
 	}
 }

-func setup(t *testing.T, endpoints []portainer.Endpoint) (handler *Handler, teardown func()) {
-	is := assert.New(t)
-	_, store, teardown := datastore.MustNewTestStore(true, true)
-
-	for _, endpoint := range endpoints {
-		err := store.Endpoint().Create(&endpoint)
-		is.NoError(err, "error creating environment")
-	}
-
-	err := store.User().Create(&portainer.User{Username: "admin", Role: portainer.AdministratorRole})
-	is.NoError(err, "error creating a user")
-
-	bouncer := helper.NewTestRequestBouncer()
-	handler = NewHandler(bouncer, nil)
-	handler.DataStore = store
-	handler.ComposeStackManager = testhelpers.NewComposeStackManager()
-
-	return handler, teardown
-}
-
-func buildEndpointListRequest(query string) *http.Request {
-	req := httptest.NewRequest(http.MethodGet, fmt.Sprintf("/endpoints?%s", query), nil)
+func buildEndpointListRequest(filter string) *http.Request {
+	req := httptest.NewRequest(http.MethodGet, fmt.Sprintf("/endpoints?edgeDeviceFilter=%s", filter), nil)

 	ctx := security.StoreTokenData(req, &portainer.TokenData{ID: 1, Username: "admin", Role: 1})
 	req = req.WithContext(ctx)
--- a/api/http/handler/endpoints/endpoint_update.go
+++ b/api/http/handler/endpoints/endpoint_update.go
@@ -22,8 +22,6 @@ type endpointUpdatePayload struct {
 	// URL or IP address where exposed containers will be reachable.\
 	// Defaults to URL if not specified
 	PublicURL *string `example:"docker.mydomain.tld:2375"`
-	// GPUs information
-	Gpus []portainer.Pair
 	// Group identifier
 	GroupID *int `example:"1"`
 	// Require TLS to connect against this environment(endpoint)
@@ -90,18 +88,7 @@ func (handler *Handler) endpointUpdate(w http.ResponseWriter, r *http.Request) *
 	}

 	if payload.Name != nil {
-		name := *payload.Name
-		isUnique, err := handler.isNameUnique(name, endpoint.ID)
-		if err != nil {
-			return httperror.InternalServerError("Unable to check if name is unique", err)
-		}
-
-		if !isUnique {
-			return httperror.NewError(http.StatusConflict, "Name is not unique", nil)
-		}
-
-		endpoint.Name = name
-
+		endpoint.Name = *payload.Name
 	}

 	if payload.URL != nil {
@@ -112,10 +99,6 @@ func (handler *Handler) endpointUpdate(w http.ResponseWriter, r *http.Request) *
 		endpoint.PublicURL = *payload.PublicURL
 	}

-	if payload.Gpus != nil {
-		endpoint.Gpus = payload.Gpus
-	}
-
 	if payload.EdgeCheckinInterval != nil {
 		endpoint.EdgeCheckinInterval = *payload.EdgeCheckinInterval
 	}
@@ -271,7 +254,7 @@ func (handler *Handler) endpointUpdate(w http.ResponseWriter, r *http.Request) *
 		}
 	}

-	if (payload.URL != nil && *payload.URL != endpoint.URL) || (payload.TLS != nil && endpoint.TLSConfig.TLS != *payload.TLS) || endpoint.Type == portainer.AzureEnvironment {
+	if payload.URL != nil || payload.TLS != nil || endpoint.Type == portainer.AzureEnvironment {
 		handler.ProxyManager.DeleteEndpointProxy(endpoint.ID)
 		_, err = handler.ProxyManager.CreateAndRegisterEndpointProxy(endpoint)
 		if err != nil {
--- a/api/http/handler/endpoints/filter.go
+++ b/api/http/handler/endpoints/filter.go
@@ -1,415 +0,0 @@
-package endpoints
-
-import (
-	"fmt"
-	"net/http"
-	"strconv"
-	"strings"
-	"time"
-
-	"github.com/pkg/errors"
-	"github.com/portainer/libhttp/request"
-	portainer "github.com/portainer/portainer/api"
-	"github.com/portainer/portainer/api/internal/endpointutils"
-	"golang.org/x/exp/slices"
-)
-
-type EnvironmentsQuery struct {
-	search              string
-	types               []portainer.EndpointType
-	tagIds              []portainer.TagID
-	endpointIds         []portainer.EndpointID
-	tagsPartialMatch    bool
-	groupIds            []portainer.EndpointGroupID
-	status              []portainer.EndpointStatus
-	edgeDevice          *bool
-	edgeDeviceUntrusted bool
-	name                string
-}
-
-func parseQuery(r *http.Request) (EnvironmentsQuery, error) {
-	search, _ := request.RetrieveQueryParameter(r, "search", true)
-	if search != "" {
-		search = strings.ToLower(search)
-	}
-
-	status, err := getNumberArrayQueryParameter[portainer.EndpointStatus](r, "status")
-	if err != nil {
-		return EnvironmentsQuery{}, err
-	}
-
-	groupIDs, err := getNumberArrayQueryParameter[portainer.EndpointGroupID](r, "groupIds")
-	if err != nil {
-		return EnvironmentsQuery{}, err
-	}
-
-	endpointTypes, err := getNumberArrayQueryParameter[portainer.EndpointType](r, "types")
-	if err != nil {
-		return EnvironmentsQuery{}, err
-	}
-
-	tagIDs, err := getNumberArrayQueryParameter[portainer.TagID](r, "tagIds")
-	if err != nil {
-		return EnvironmentsQuery{}, err
-	}
-
-	tagsPartialMatch, _ := request.RetrieveBooleanQueryParameter(r, "tagsPartialMatch", true)
-
-	endpointIDs, err := getNumberArrayQueryParameter[portainer.EndpointID](r, "endpointIds")
-	if err != nil {
-		return EnvironmentsQuery{}, err
-	}
-
-	name, _ := request.RetrieveQueryParameter(r, "name", true)
-
-	edgeDeviceParam, _ := request.RetrieveQueryParameter(r, "edgeDevice", true)
-
-	var edgeDevice *bool
-	if edgeDeviceParam != "" {
-		edgeDevice = BoolAddr(edgeDeviceParam == "true")
-	}
-
-	edgeDeviceUntrusted, _ := request.RetrieveBooleanQueryParameter(r, "edgeDeviceUntrusted", true)
-
-	return EnvironmentsQuery{
-		search:              search,
-		types:               endpointTypes,
-		tagIds:              tagIDs,
-		endpointIds:         endpointIDs,
-		tagsPartialMatch:    tagsPartialMatch,
-		groupIds:            groupIDs,
-		status:              status,
-		edgeDevice:          edgeDevice,
-		edgeDeviceUntrusted: edgeDeviceUntrusted,
-		name:                name,
-	}, nil
-}
-
-func (handler *Handler) filterEndpointsByQuery(filteredEndpoints []portainer.Endpoint, query EnvironmentsQuery, groups []portainer.EndpointGroup, settings *portainer.Settings) ([]portainer.Endpoint, int, error) {
-	totalAvailableEndpoints := len(filteredEndpoints)
-
-	if len(query.endpointIds) > 0 {
-		filteredEndpoints = filteredEndpointsByIds(filteredEndpoints, query.endpointIds)
-	}
-
-	if len(query.groupIds) > 0 {
-		filteredEndpoints = filterEndpointsByGroupIDs(filteredEndpoints, query.groupIds)
-	}
-
-	if query.name != "" {
-		filteredEndpoints = filterEndpointsByName(filteredEndpoints, query.name)
-	}
-
-	if query.edgeDevice != nil {
-		filteredEndpoints = filterEndpointsByEdgeDevice(filteredEndpoints, *query.edgeDevice, query.edgeDeviceUntrusted)
-	} else {
-		// If the edgeDevice parameter is not set, we need to filter out the untrusted edge devices
-		filteredEndpoints = filter(filteredEndpoints, func(endpoint portainer.Endpoint) bool {
-			return !endpoint.IsEdgeDevice || endpoint.UserTrusted
-		})
-	}
-
-	if len(query.status) > 0 {
-		filteredEndpoints = filterEndpointsByStatuses(filteredEndpoints, query.status, settings)
-	}
-
-	if query.search != "" {
-		tags, err := handler.DataStore.Tag().Tags()
-		if err != nil {
-			return nil, 0, errors.WithMessage(err, "Unable to retrieve tags from the database")
-		}
-
-		tagsMap := make(map[portainer.TagID]string)
-		for _, tag := range tags {
-			tagsMap[tag.ID] = tag.Name
-		}
-
-		filteredEndpoints = filterEndpointsBySearchCriteria(filteredEndpoints, groups, tagsMap, query.search)
-	}
-
-	if len(query.types) > 0 {
-		filteredEndpoints = filterEndpointsByTypes(filteredEndpoints, query.types)
-	}
-
-	if len(query.tagIds) > 0 {
-		filteredEndpoints = filteredEndpointsByTags(filteredEndpoints, query.tagIds, groups, query.tagsPartialMatch)
-	}
-
-	return filteredEndpoints, totalAvailableEndpoints, nil
-}
-
-func filterEndpointsByGroupIDs(endpoints []portainer.Endpoint, endpointGroupIDs []portainer.EndpointGroupID) []portainer.Endpoint {
-	filteredEndpoints := make([]portainer.Endpoint, 0)
-
-	for _, endpoint := range endpoints {
-		if slices.Contains(endpointGroupIDs, endpoint.GroupID) {
-			filteredEndpoints = append(filteredEndpoints, endpoint)
-		}
-	}
-
-	return filteredEndpoints
-}
-
-func filterEndpointsBySearchCriteria(endpoints []portainer.Endpoint, endpointGroups []portainer.EndpointGroup, tagsMap map[portainer.TagID]string, searchCriteria string) []portainer.Endpoint {
-	filteredEndpoints := make([]portainer.Endpoint, 0)
-
-	for _, endpoint := range endpoints {
-		endpointTags := convertTagIDsToTags(tagsMap, endpoint.TagIDs)
-		if endpointMatchSearchCriteria(&endpoint, endpointTags, searchCriteria) {
-			filteredEndpoints = append(filteredEndpoints, endpoint)
-			continue
-		}
-
-		if endpointGroupMatchSearchCriteria(&endpoint, endpointGroups, tagsMap, searchCriteria) {
-			filteredEndpoints = append(filteredEndpoints, endpoint)
-		}
-	}
-
-	return filteredEndpoints
-}
-
-func filterEndpointsByStatuses(endpoints []portainer.Endpoint, statuses []portainer.EndpointStatus, settings *portainer.Settings) []portainer.Endpoint {
-	filteredEndpoints := make([]portainer.Endpoint, 0)
-
-	for _, endpoint := range endpoints {
-		status := endpoint.Status
-		if endpointutils.IsEdgeEndpoint(&endpoint) {
-			isCheckValid := false
-			edgeCheckinInterval := endpoint.EdgeCheckinInterval
-			if endpoint.EdgeCheckinInterval == 0 {
-				edgeCheckinInterval = settings.EdgeAgentCheckinInterval
-			}
-
-			if edgeCheckinInterval != 0 && endpoint.LastCheckInDate != 0 {
-				isCheckValid = time.Now().Unix()-endpoint.LastCheckInDate <= int64(edgeCheckinInterval*EdgeDeviceIntervalMultiplier+EdgeDeviceIntervalAdd)
-			}
-
-			status = portainer.EndpointStatusDown // Offline
-			if isCheckValid {
-				status = portainer.EndpointStatusUp // Online
-			}
-		}
-
-		if slices.Contains(statuses, status) {
-			filteredEndpoints = append(filteredEndpoints, endpoint)
-		}
-	}
-
-	return filteredEndpoints
-}
-
-func endpointMatchSearchCriteria(endpoint *portainer.Endpoint, tags []string, searchCriteria string) bool {
-	if strings.Contains(strings.ToLower(endpoint.Name), searchCriteria) {
-		return true
-	}
-
-	if strings.Contains(strings.ToLower(endpoint.URL), searchCriteria) {
-		return true
-	}
-
-	if endpoint.Status == portainer.EndpointStatusUp && searchCriteria == "up" {
-		return true
-	} else if endpoint.Status == portainer.EndpointStatusDown && searchCriteria == "down" {
-		return true
-	}
-	for _, tag := range tags {
-		if strings.Contains(strings.ToLower(tag), searchCriteria) {
-			return true
-		}
-	}
-
-	return false
-}
-
-func endpointGroupMatchSearchCriteria(endpoint *portainer.Endpoint, endpointGroups []portainer.EndpointGroup, tagsMap map[portainer.TagID]string, searchCriteria string) bool {
-	for _, group := range endpointGroups {
-		if group.ID == endpoint.GroupID {
-			if strings.Contains(strings.ToLower(group.Name), searchCriteria) {
-				return true
-			}
-			tags := convertTagIDsToTags(tagsMap, group.TagIDs)
-			for _, tag := range tags {
-				if strings.Contains(strings.ToLower(tag), searchCriteria) {
-					return true
-				}
-			}
-		}
-	}
-
-	return false
-}
-
-func filterEndpointsByTypes(endpoints []portainer.Endpoint, endpointTypes []portainer.EndpointType) []portainer.Endpoint {
-	filteredEndpoints := make([]portainer.Endpoint, 0)
-
-	typeSet := map[portainer.EndpointType]bool{}
-	for _, endpointType := range endpointTypes {
-		typeSet[portainer.EndpointType(endpointType)] = true
-	}
-
-	for _, endpoint := range endpoints {
-		if typeSet[endpoint.Type] {
-			filteredEndpoints = append(filteredEndpoints, endpoint)
-		}
-	}
-	return filteredEndpoints
-}
-
-func filterEndpointsByEdgeDevice(endpoints []portainer.Endpoint, edgeDevice bool, untrusted bool) []portainer.Endpoint {
-	filteredEndpoints := make([]portainer.Endpoint, 0)
-
-	for _, endpoint := range endpoints {
-		if shouldReturnEdgeDevice(endpoint, edgeDevice, untrusted) {
-			filteredEndpoints = append(filteredEndpoints, endpoint)
-		}
-	}
-	return filteredEndpoints
-}
-
-func shouldReturnEdgeDevice(endpoint portainer.Endpoint, edgeDeviceParam bool, untrustedParam bool) bool {
-	if !endpointutils.IsEdgeEndpoint(&endpoint) {
-		return true
-	}
-
-	if !edgeDeviceParam {
-		return !endpoint.IsEdgeDevice
-	}
-
-	return endpoint.IsEdgeDevice && endpoint.UserTrusted == !untrustedParam
-}
-
-func convertTagIDsToTags(tagsMap map[portainer.TagID]string, tagIDs []portainer.TagID) []string {
-	tags := make([]string, 0)
-	for _, tagID := range tagIDs {
-		tags = append(tags, tagsMap[tagID])
-	}
-	return tags
-}
-
-func filteredEndpointsByTags(endpoints []portainer.Endpoint, tagIDs []portainer.TagID, endpointGroups []portainer.EndpointGroup, partialMatch bool) []portainer.Endpoint {
-	filteredEndpoints := make([]portainer.Endpoint, 0)
-
-	for _, endpoint := range endpoints {
-		endpointGroup := getEndpointGroup(endpoint.GroupID, endpointGroups)
-		endpointMatched := false
-		if partialMatch {
-			endpointMatched = endpointPartialMatchTags(endpoint, endpointGroup, tagIDs)
-		} else {
-			endpointMatched = endpointFullMatchTags(endpoint, endpointGroup, tagIDs)
-		}
-
-		if endpointMatched {
-			filteredEndpoints = append(filteredEndpoints, endpoint)
-		}
-	}
-	return filteredEndpoints
-}
-
-func endpointPartialMatchTags(endpoint portainer.Endpoint, endpointGroup portainer.EndpointGroup, tagIDs []portainer.TagID) bool {
-	tagSet := make(map[portainer.TagID]bool)
-	for _, tagID := range tagIDs {
-		tagSet[tagID] = true
-	}
-	for _, tagID := range endpoint.TagIDs {
-		if tagSet[tagID] {
-			return true
-		}
-	}
-	for _, tagID := range endpointGroup.TagIDs {
-		if tagSet[tagID] {
-			return true
-		}
-	}
-	return false
-}
-
-func endpointFullMatchTags(endpoint portainer.Endpoint, endpointGroup portainer.EndpointGroup, tagIDs []portainer.TagID) bool {
-	missingTags := make(map[portainer.TagID]bool)
-	for _, tagID := range tagIDs {
-		missingTags[tagID] = true
-	}
-	for _, tagID := range endpoint.TagIDs {
-		if missingTags[tagID] {
-			delete(missingTags, tagID)
-		}
-	}
-	for _, tagID := range endpointGroup.TagIDs {
-		if missingTags[tagID] {
-			delete(missingTags, tagID)
-		}
-	}
-	return len(missingTags) == 0
-}
-
-func filteredEndpointsByIds(endpoints []portainer.Endpoint, ids []portainer.EndpointID) []portainer.Endpoint {
-	filteredEndpoints := make([]portainer.Endpoint, 0)
-
-	idsSet := make(map[portainer.EndpointID]bool)
-	for _, id := range ids {
-		idsSet[id] = true
-	}
-
-	for _, endpoint := range endpoints {
-		if idsSet[endpoint.ID] {
-			filteredEndpoints = append(filteredEndpoints, endpoint)
-		}
-	}
-
-	return filteredEndpoints
-
-}
-
-func filterEndpointsByName(endpoints []portainer.Endpoint, name string) []portainer.Endpoint {
-	if name == "" {
-		return endpoints
-	}
-
-	filteredEndpoints := make([]portainer.Endpoint, 0)
-
-	for _, endpoint := range endpoints {
-		if endpoint.Name == name {
-			filteredEndpoints = append(filteredEndpoints, endpoint)
-		}
-	}
-	return filteredEndpoints
-}
-
-func filter(endpoints []portainer.Endpoint, predicate func(endpoint portainer.Endpoint) bool) []portainer.Endpoint {
-	filteredEndpoints := make([]portainer.Endpoint, 0)
-
-	for _, endpoint := range endpoints {
-		if predicate(endpoint) {
-			filteredEndpoints = append(filteredEndpoints, endpoint)
-		}
-	}
-	return filteredEndpoints
-}
-
-func getArrayQueryParameter(r *http.Request, parameter string) []string {
-	list, exists := r.Form[fmt.Sprintf("%s[]", parameter)]
-	if !exists {
-		list = []string{}
-	}
-
-	return list
-}
-
-func getNumberArrayQueryParameter[T ~int](r *http.Request, parameter string) ([]T, error) {
-	list := getArrayQueryParameter(r, parameter)
-	if list == nil {
-		return []T{}, nil
-	}
-
-	var result []T
-	for _, item := range list {
-		number, err := strconv.Atoi(item)
-		if err != nil {
-			return nil, errors.Wrapf(err, "Unable to parse parameter %s", parameter)
-
-		}
-
-		result = append(result, T(number))
-	}
-
-	return result, nil
-}
--- a/api/http/handler/endpoints/filter_test.go
+++ b/api/http/handler/endpoints/filter_test.go
@@ -1,119 +0,0 @@
-package endpoints
-
-import (
-	"testing"
-
-	portainer "github.com/portainer/portainer/api"
-	"github.com/portainer/portainer/api/datastore"
-	"github.com/portainer/portainer/api/internal/testhelpers"
-	helper "github.com/portainer/portainer/api/internal/testhelpers"
-	"github.com/stretchr/testify/assert"
-)
-
-type filterTest struct {
-	title    string
-	expected []portainer.EndpointID
-	query    EnvironmentsQuery
-}
-
-func Test_Filter_edgeDeviceFilter(t *testing.T) {
-
-	trustedEdgeDevice := portainer.Endpoint{ID: 1, UserTrusted: true, IsEdgeDevice: true, GroupID: 1, Type: portainer.EdgeAgentOnDockerEnvironment}
-	untrustedEdgeDevice := portainer.Endpoint{ID: 2, UserTrusted: false, IsEdgeDevice: true, GroupID: 1, Type: portainer.EdgeAgentOnDockerEnvironment}
-	regularUntrustedEdgeEndpoint := portainer.Endpoint{ID: 3, UserTrusted: false, IsEdgeDevice: false, GroupID: 1, Type: portainer.EdgeAgentOnDockerEnvironment}
-	regularTrustedEdgeEndpoint := portainer.Endpoint{ID: 4, UserTrusted: true, IsEdgeDevice: false, GroupID: 1, Type: portainer.EdgeAgentOnDockerEnvironment}
-	regularEndpoint := portainer.Endpoint{ID: 5, GroupID: 1, Type: portainer.DockerEnvironment}
-
-	endpoints := []portainer.Endpoint{
-		trustedEdgeDevice,
-		untrustedEdgeDevice,
-		regularUntrustedEdgeEndpoint,
-		regularTrustedEdgeEndpoint,
-		regularEndpoint,
-	}
-
-	handler, teardown := setupFilterTest(t, endpoints)
-
-	defer teardown()
-
-	tests := []filterTest{
-		{
-			"should show all edge endpoints except of the untrusted devices",
-			[]portainer.EndpointID{trustedEdgeDevice.ID, regularUntrustedEdgeEndpoint.ID, regularTrustedEdgeEndpoint.ID},
-			EnvironmentsQuery{
-				types: []portainer.EndpointType{portainer.EdgeAgentOnDockerEnvironment, portainer.EdgeAgentOnKubernetesEnvironment},
-			},
-		},
-		{
-			"should show only trusted edge devices and other regular endpoints",
-			[]portainer.EndpointID{trustedEdgeDevice.ID, regularEndpoint.ID},
-			EnvironmentsQuery{
-				edgeDevice: BoolAddr(true),
-			},
-		},
-		{
-			"should show only untrusted edge devices and other regular endpoints",
-			[]portainer.EndpointID{untrustedEdgeDevice.ID, regularEndpoint.ID},
-			EnvironmentsQuery{
-				edgeDevice:          BoolAddr(true),
-				edgeDeviceUntrusted: true,
-			},
-		},
-		{
-			"should show no edge devices",
-			[]portainer.EndpointID{regularEndpoint.ID, regularUntrustedEdgeEndpoint.ID, regularTrustedEdgeEndpoint.ID},
-			EnvironmentsQuery{
-				edgeDevice: BoolAddr(false),
-			},
-		},
-	}
-
-	runTests(tests, t, handler, endpoints)
-}
-
-func runTests(tests []filterTest, t *testing.T, handler *Handler, endpoints []portainer.Endpoint) {
-	for _, test := range tests {
-		t.Run(test.title, func(t *testing.T) {
-			runTest(t, test, handler, endpoints)
-		})
-	}
-}
-
-func runTest(t *testing.T, test filterTest, handler *Handler, endpoints []portainer.Endpoint) {
-	is := assert.New(t)
-
-	filteredEndpoints, _, err := handler.filterEndpointsByQuery(endpoints, test.query, []portainer.EndpointGroup{}, &portainer.Settings{})
-
-	is.NoError(err)
-
-	is.Equal(len(test.expected), len(filteredEndpoints))
-
-	respIds := []portainer.EndpointID{}
-
-	for _, endpoint := range filteredEndpoints {
-		respIds = append(respIds, endpoint.ID)
-	}
-
-	is.ElementsMatch(test.expected, respIds)
-
-}
-
-func setupFilterTest(t *testing.T, endpoints []portainer.Endpoint) (handler *Handler, teardown func()) {
-	is := assert.New(t)
-	_, store, teardown := datastore.MustNewTestStore(true, true)
-
-	for _, endpoint := range endpoints {
-		err := store.Endpoint().Create(&endpoint)
-		is.NoError(err, "error creating environment")
-	}
-
-	err := store.User().Create(&portainer.User{Username: "admin", Role: portainer.AdministratorRole})
-	is.NoError(err, "error creating a user")
-
-	bouncer := helper.NewTestRequestBouncer()
-	handler = NewHandler(bouncer, nil)
-	handler.DataStore = store
-	handler.ComposeStackManager = testhelpers.NewComposeStackManager()
-
-	return handler, teardown
-}
--- a/api/http/handler/endpoints/handler.go
+++ b/api/http/handler/endpoints/handler.go
@@ -4,7 +4,6 @@ import (
 	httperror "github.com/portainer/libhttp/error"
 	portainer "github.com/portainer/portainer/api"
 	"github.com/portainer/portainer/api/dataservices"
-	"github.com/portainer/portainer/api/demo"
 	"github.com/portainer/portainer/api/http/proxy"
 	"github.com/portainer/portainer/api/internal/authorization"
 	"github.com/portainer/portainer/api/kubernetes/cli"
@@ -36,7 +35,6 @@ type requestBouncer interface {
 type Handler struct {
 	*mux.Router
 	requestBouncer       requestBouncer
-	demoService          *demo.Service
 	DataStore            dataservices.DataStore
 	FileService          portainer.FileService
 	ProxyManager         *proxy.Manager
@@ -50,11 +48,10 @@ type Handler struct {
 }

 // NewHandler creates a handler to manage environment(endpoint) operations.
-func NewHandler(bouncer requestBouncer, demoService *demo.Service) *Handler {
+func NewHandler(bouncer requestBouncer) *Handler {
 	h := &Handler{
 		Router:         mux.NewRouter(),
 		requestBouncer: bouncer,
-		demoService:    demoService,
 	}

 	h.Handle("/endpoints",
--- a/api/http/handler/endpoints/sort.go
+++ b/api/http/handler/endpoints/sort.go
@@ -21,26 +21,23 @@ func (e EndpointsByName) Less(i, j int) bool {
 	return sortorder.NaturalLess(strings.ToLower(e[i].Name), strings.ToLower(e[j].Name))
 }

-type EndpointsByGroup struct {
-	endpointGroupNames map[portainer.EndpointGroupID]string
-	endpoints          []portainer.Endpoint
-}
+type EndpointsByGroup []portainer.Endpoint

 func (e EndpointsByGroup) Len() int {
-	return len(e.endpoints)
+	return len(e)
 }

 func (e EndpointsByGroup) Swap(i, j int) {
-	e.endpoints[i], e.endpoints[j] = e.endpoints[j], e.endpoints[i]
+	e[i], e[j] = e[j], e[i]
 }

 func (e EndpointsByGroup) Less(i, j int) bool {
-	if e.endpoints[i].GroupID == e.endpoints[j].GroupID {
+	if e[i].GroupID == e[j].GroupID {
 		return false
 	}

-	groupA := endpointGroupNames[e.endpoints[i].GroupID]
-	groupB := endpointGroupNames[e.endpoints[j].GroupID]
+	groupA := endpointGroupNames[e[i].GroupID]
+	groupB := endpointGroupNames[e[j].GroupID]

 	return sortorder.NaturalLess(strings.ToLower(groupA), strings.ToLower(groupB))
 }
--- a/api/http/handler/endpoints/unique_name.go
+++ b/api/http/handler/endpoints/unique_name.go
@@ -1,18 +0,0 @@
-package endpoints
-
-import portainer "github.com/portainer/portainer/api"
-
-func (handler *Handler) isNameUnique(name string, endpointID portainer.EndpointID) (bool, error) {
-	endpoints, err := handler.DataStore.Endpoint().Endpoints()
-	if err != nil {
-		return false, err
-	}
-
-	for _, endpoint := range endpoints {
-		if endpoint.Name == name && (endpointID == 0 || endpoint.ID != endpointID) {
-			return false, nil
-		}
-	}
-
-	return true, nil
-}
--- a/api/http/handler/endpoints/utils.go
+++ b/api/http/handler/endpoints/utils.go
@@ -1,6 +0,0 @@
-package endpoints
-
-func BoolAddr(b bool) *bool {
-	boolVar := b
-	return &boolVar
-}
--- a/api/http/handler/handler.go
+++ b/api/http/handler/handler.go
@@ -80,7 +80,7 @@ type Handler struct {
 }

 // @title PortainerCE API
-// @version 2.15.0
+// @version 2.13.1
 // @description.markdown api-description.md
 // @termsOfService

--- a/api/http/handler/helm/handler.go
+++ b/api/http/handler/helm/handler.go
@@ -2,6 +2,7 @@ package helm

 import (
 	"net/http"
+	"strings"

 	"github.com/gorilla/mux"
 	"github.com/portainer/libhelm"
@@ -107,7 +108,7 @@ func (handler *Handler) getHelmClusterAccess(r *http.Request) (*options.Kubernet

 	hostURL := "localhost"
 	if !sslSettings.SelfSigned {
-		hostURL = r.Host
+		hostURL = strings.Split(r.Host, ":")[0]
 	}

 	kubeConfigInternal := handler.kubeClusterAccessService.GetData(hostURL, endpoint.ID)
--- a/api/http/handler/kubernetes/kubernetes_config.go
+++ b/api/http/handler/kubernetes/kubernetes_config.go
@@ -4,6 +4,7 @@ import (
 	"errors"
 	"fmt"
 	"net/http"
+	"strings"

 	httperror "github.com/portainer/libhttp/error"
 	"github.com/portainer/libhttp/request"
@@ -144,7 +145,8 @@ func (handler *Handler) buildConfig(r *http.Request, tokenData *portainer.TokenD
 }

 func (handler *Handler) buildCluster(r *http.Request, endpoint portainer.Endpoint) clientV1.NamedCluster {
-	kubeConfigInternal := handler.kubeClusterAccessService.GetData(r.Host, endpoint.ID)
+	hostURL := strings.Split(r.Host, ":")[0]
+	kubeConfigInternal := handler.kubeClusterAccessService.GetData(hostURL, endpoint.ID)
 	return clientV1.NamedCluster{
 		Name: buildClusterName(endpoint.Name),
 		Cluster: clientV1.Cluster{
--- a/api/http/handler/settings/handler.go
+++ b/api/http/handler/settings/handler.go
@@ -7,7 +7,6 @@ import (
 	httperror "github.com/portainer/libhttp/error"
 	portainer "github.com/portainer/portainer/api"
 	"github.com/portainer/portainer/api/dataservices"
-	"github.com/portainer/portainer/api/demo"
 	"github.com/portainer/portainer/api/http/security"
 )

@@ -25,14 +24,12 @@ type Handler struct {
 	JWTService      dataservices.JWTService
 	LDAPService     portainer.LDAPService
 	SnapshotService portainer.SnapshotService
-	demoService     *demo.Service
 }

 // NewHandler creates a handler to manage settings operations.
-func NewHandler(bouncer *security.RequestBouncer, demoService *demo.Service) *Handler {
+func NewHandler(bouncer *security.RequestBouncer) *Handler {
 	h := &Handler{
-		Router:      mux.NewRouter(),
-		demoService: demoService,
+		Router: mux.NewRouter(),
 	}
 	h.Handle("/settings",
 		bouncer.AdminAccess(httperror.LoggerHandler(h.settingsInspect))).Methods(http.MethodGet)
--- a/api/http/handler/settings/settings_public.go
+++ b/api/http/handler/settings/settings_public.go
@@ -14,8 +14,6 @@ type publicSettingsResponse struct {
 	LogoURL string `json:"LogoURL" example:"https://mycompany.mydomain.tld/logo.png"`
 	// Active authentication method for the Portainer instance. Valid values are: 1 for internal, 2 for LDAP, or 3 for oauth
 	AuthenticationMethod portainer.AuthenticationMethod `json:"AuthenticationMethod" example:"1"`
-	// The minimum required length for a password of any user when using internal auth mode
-	RequiredPasswordLength int `json:"RequiredPasswordLength" example:"1"`
 	// Whether edge compute features are enabled
 	EnableEdgeComputeFeatures bool `json:"EnableEdgeComputeFeatures" example:"true"`
 	// Supported feature flags
@@ -28,21 +26,6 @@ type publicSettingsResponse struct {
 	EnableTelemetry bool `json:"EnableTelemetry" example:"true"`
 	// The expiry of a Kubeconfig
 	KubeconfigExpiry string `example:"24h" default:"0"`
-	// Whether team sync is enabled
-	TeamSync bool `json:"TeamSync" example:"true"`
-
-	Edge struct {
-		// Whether the device has been started in edge async mode
-		AsyncMode bool
-		// The ping interval for edge agent - used in edge async mode [seconds]
-		PingInterval int `json:"PingInterval" example:"60"`
-		// The snapshot interval for edge agent - used in edge async mode [seconds]
-		SnapshotInterval int `json:"SnapshotInterval" example:"60"`
-		// The command list interval for edge agent - used in edge async mode [seconds]
-		CommandInterval int `json:"CommandInterval" example:"60"`
-		// The check in interval for edge agent (in seconds) - used in non async mode [seconds]
-		CheckinInterval int `example:"60"`
-	}
 }

 // @id SettingsPublic
@@ -68,19 +51,11 @@ func generatePublicSettings(appSettings *portainer.Settings) *publicSettingsResp
 	publicSettings := &publicSettingsResponse{
 		LogoURL:                   appSettings.LogoURL,
 		AuthenticationMethod:      appSettings.AuthenticationMethod,
-		RequiredPasswordLength:    appSettings.InternalAuthSettings.RequiredPasswordLength,
 		EnableEdgeComputeFeatures: appSettings.EnableEdgeComputeFeatures,
 		EnableTelemetry:           appSettings.EnableTelemetry,
 		KubeconfigExpiry:          appSettings.KubeconfigExpiry,
 		Features:                  appSettings.FeatureFlagSettings,
 	}
-
-	publicSettings.Edge.AsyncMode = appSettings.Edge.AsyncMode
-	publicSettings.Edge.PingInterval = appSettings.Edge.PingInterval
-	publicSettings.Edge.SnapshotInterval = appSettings.Edge.SnapshotInterval
-	publicSettings.Edge.CommandInterval = appSettings.Edge.CommandInterval
-	publicSettings.Edge.CheckinInterval = appSettings.EdgeAgentCheckinInterval
-
 	//if OAuth authentication is on, compose the related fields from application settings
 	if publicSettings.AuthenticationMethod == portainer.AuthenticationOAuth {
 		publicSettings.OAuthLogoutURI = appSettings.OAuthSettings.LogoutURI
@@ -94,11 +69,5 @@ func generatePublicSettings(appSettings *portainer.Settings) *publicSettingsResp
 			publicSettings.OAuthLoginURI += "&prompt=login"
 		}
 	}
-	//if LDAP authentication is on, compose the related fields from application settings
-	if publicSettings.AuthenticationMethod == portainer.AuthenticationLDAP && appSettings.LDAPSettings.GroupSearchSettings != nil {
-		if len(appSettings.LDAPSettings.GroupSearchSettings) > 0 {
-			publicSettings.TeamSync = len(appSettings.LDAPSettings.GroupSearchSettings[0].GroupBaseDN) > 0
-		}
-	}
 	return publicSettings
 }
--- a/api/http/handler/settings/settings_update.go
+++ b/api/http/handler/settings/settings_update.go
@@ -22,10 +22,9 @@ type settingsUpdatePayload struct {
 	// A list of label name & value that will be used to hide containers when querying containers
 	BlackListedLabels []portainer.Pair
 	// Active authentication method for the Portainer instance. Valid values are: 1 for internal, 2 for LDAP, or 3 for oauth
-	AuthenticationMethod *int                            `example:"1"`
-	InternalAuthSettings *portainer.InternalAuthSettings `example:""`
-	LDAPSettings         *portainer.LDAPSettings         `example:""`
-	OAuthSettings        *portainer.OAuthSettings        `example:""`
+	AuthenticationMethod *int                     `example:"1"`
+	LDAPSettings         *portainer.LDAPSettings  `example:""`
+	OAuthSettings        *portainer.OAuthSettings `example:""`
 	// The interval in which environment(endpoint) snapshots are created
 	SnapshotInterval *string `example:"5m"`
 	// URL to the templates that will be displayed in the UI when navigating to App Templates
@@ -114,11 +113,6 @@ func (handler *Handler) settingsUpdate(w http.ResponseWriter, r *http.Request) *
 		return &httperror.HandlerError{http.StatusInternalServerError, "Unable to retrieve the settings from the database", err}
 	}

-	if handler.demoService.IsDemo() {
-		payload.EnableTelemetry = nil
-		payload.LogoURL = nil
-	}
-
 	if payload.AuthenticationMethod != nil {
 		settings.AuthenticationMethod = portainer.AuthenticationMethod(*payload.AuthenticationMethod)
 	}
@@ -154,10 +148,6 @@ func (handler *Handler) settingsUpdate(w http.ResponseWriter, r *http.Request) *
 		settings.BlackListedLabels = payload.BlackListedLabels
 	}

-	if payload.InternalAuthSettings != nil {
-		settings.InternalAuthSettings.RequiredPasswordLength = payload.InternalAuthSettings.RequiredPasswordLength
-	}
-
 	if payload.LDAPSettings != nil {
 		ldapReaderDN := settings.LDAPSettings.ReaderDN
 		ldapPassword := settings.LDAPSettings.Password
--- a/api/http/handler/stacks/create_compose_stack.go
+++ b/api/http/handler/stacks/create_compose_stack.go
@@ -177,6 +177,9 @@ func (payload *composeStackFromGitRepositoryPayload) Validate(r *http.Request) e
 	if govalidator.IsNull(payload.RepositoryURL) || !govalidator.IsURL(payload.RepositoryURL) {
 		return errors.New("Invalid repository URL. Must correspond to a valid URL format")
 	}
+	if govalidator.IsNull(payload.RepositoryReferenceName) {
+		payload.RepositoryReferenceName = defaultGitReferenceName
+	}
 	if payload.RepositoryAuthentication && govalidator.IsNull(payload.RepositoryPassword) {
 		return errors.New("Invalid repository credentials. Password must be specified when authentication is enabled")
 	}
--- a/api/http/handler/stacks/create_kubernetes_stack.go
+++ b/api/http/handler/stacks/create_kubernetes_stack.go
@@ -70,6 +70,9 @@ func (payload *kubernetesGitDeploymentPayload) Validate(r *http.Request) error {
 	if govalidator.IsNull(payload.ManifestFile) {
 		return errors.New("Invalid manifest file in repository")
 	}
+	if govalidator.IsNull(payload.RepositoryReferenceName) {
+		payload.RepositoryReferenceName = defaultGitReferenceName
+	}
 	if err := validateStackAutoUpdate(payload.AutoUpdate); err != nil {
 		return err
 	}
--- a/api/http/handler/stacks/create_swarm_stack.go
+++ b/api/http/handler/stacks/create_swarm_stack.go
@@ -144,6 +144,9 @@ func (payload *swarmStackFromGitRepositoryPayload) Validate(r *http.Request) err
 	if govalidator.IsNull(payload.RepositoryURL) || !govalidator.IsURL(payload.RepositoryURL) {
 		return errors.New("Invalid repository URL. Must correspond to a valid URL format")
 	}
+	if govalidator.IsNull(payload.RepositoryReferenceName) {
+		payload.RepositoryReferenceName = defaultGitReferenceName
+	}
 	if payload.RepositoryAuthentication && govalidator.IsNull(payload.RepositoryPassword) {
 		return errors.New("Invalid repository credentials. Password must be specified when authentication is enabled")
 	}
--- a/api/http/handler/stacks/handler.go
+++ b/api/http/handler/stacks/handler.go
@@ -21,6 +21,8 @@ import (
 	"github.com/portainer/portainer/api/stacks"
 )

+const defaultGitReferenceName = "refs/heads/master"
+
 var (
 	errStackAlreadyExists     = errors.New("A stack already exists with this name")
 	errWebhookIDAlreadyExists = errors.New("A webhook ID already exists")
--- a/api/http/handler/stacks/stack_update_git.go
+++ b/api/http/handler/stacks/stack_update_git.go
@@ -4,6 +4,7 @@ import (
 	"net/http"
 	"time"

+	"github.com/asaskevich/govalidator"
 	"github.com/pkg/errors"
 	httperror "github.com/portainer/libhttp/error"
 	"github.com/portainer/libhttp/request"
@@ -18,7 +19,6 @@ import (
 type stackGitUpdatePayload struct {
 	AutoUpdate               *portainer.StackAutoUpdate
 	Env                      []portainer.Pair
-	Prune                    bool
 	RepositoryReferenceName  string
 	RepositoryAuthentication bool
 	RepositoryUsername       string
@@ -26,6 +26,10 @@ type stackGitUpdatePayload struct {
 }

 func (payload *stackGitUpdatePayload) Validate(r *http.Request) error {
+	if govalidator.IsNull(payload.RepositoryReferenceName) {
+		payload.RepositoryReferenceName = defaultGitReferenceName
+	}
+
 	if err := validateStackAutoUpdate(payload.AutoUpdate); err != nil {
 		return err
 	}
@@ -132,12 +136,6 @@ func (handler *Handler) stackUpdateGit(w http.ResponseWriter, r *http.Request) *
 	stack.UpdatedBy = user.Username
 	stack.UpdateDate = time.Now().Unix()

-	if stack.Type == portainer.DockerSwarmStack {
-		stack.Option = &portainer.StackOption{
-			Prune: payload.Prune,
-		}
-	}
-
 	if payload.RepositoryAuthentication {
 		password := payload.RepositoryPassword
 		if password == "" && stack.GitConfig != nil && stack.GitConfig.Authentication != nil {
--- a/api/http/handler/stacks/stack_update_git_redeploy.go
+++ b/api/http/handler/stacks/stack_update_git_redeploy.go
@@ -6,6 +6,7 @@ import (
 	"net/http"
 	"time"

+	"github.com/asaskevich/govalidator"
 	"github.com/pkg/errors"
 	httperror "github.com/portainer/libhttp/error"
 	"github.com/portainer/libhttp/request"
@@ -24,10 +25,12 @@ type stackGitRedployPayload struct {
 	RepositoryUsername       string
 	RepositoryPassword       string
 	Env                      []portainer.Pair
-	Prune                    bool
 }

 func (payload *stackGitRedployPayload) Validate(r *http.Request) error {
+	if govalidator.IsNull(payload.RepositoryReferenceName) {
+		payload.RepositoryReferenceName = defaultGitReferenceName
+	}
 	return nil
 }

@@ -119,11 +122,6 @@ func (handler *Handler) stackGitRedeploy(w http.ResponseWriter, r *http.Request)

 	stack.GitConfig.ReferenceName = payload.RepositoryReferenceName
 	stack.Env = payload.Env
-	if stack.Type == portainer.DockerSwarmStack {
-		stack.Option = &portainer.StackOption{
-			Prune: payload.Prune,
-		}
-	}

 	backupProjectPath := fmt.Sprintf("%s-old", stack.ProjectPath)
 	err = filesystem.MoveDirectory(stack.ProjectPath, backupProjectPath)
@@ -193,11 +191,7 @@ func (handler *Handler) stackGitRedeploy(w http.ResponseWriter, r *http.Request)
 func (handler *Handler) deployStack(r *http.Request, stack *portainer.Stack, endpoint *portainer.Endpoint) *httperror.HandlerError {
 	switch stack.Type {
 	case portainer.DockerSwarmStack:
-		prune := false
-		if stack.Option != nil {
-			prune = stack.Option.Prune
-		}
-		config, httpErr := handler.createSwarmDeployConfig(r, stack, endpoint, prune)
+		config, httpErr := handler.createSwarmDeployConfig(r, stack, endpoint, false)
 		if httpErr != nil {
 			return httpErr
 		}
--- a/api/http/handler/stacks/update_kubernetes_stack.go
+++ b/api/http/handler/stacks/update_kubernetes_stack.go
@@ -38,6 +38,9 @@ func (payload *kubernetesFileStackUpdatePayload) Validate(r *http.Request) error
 }

 func (payload *kubernetesGitStackUpdatePayload) Validate(r *http.Request) error {
+	if govalidator.IsNull(payload.RepositoryReferenceName) {
+		payload.RepositoryReferenceName = defaultGitReferenceName
+	}
 	if err := validateStackAutoUpdate(payload.AutoUpdate); err != nil {
 		return err
 	}
--- a/api/http/handler/status/handler.go
+++ b/api/http/handler/status/handler.go
@@ -5,29 +5,26 @@ import (

 	"github.com/gorilla/mux"
 	httperror "github.com/portainer/libhttp/error"
-	portainer "github.com/portainer/portainer/api"
-	"github.com/portainer/portainer/api/demo"
+	"github.com/portainer/portainer/api"
 	"github.com/portainer/portainer/api/http/security"
 )

 // Handler is the HTTP handler used to handle status operations.
 type Handler struct {
 	*mux.Router
-	Status      *portainer.Status
-	demoService *demo.Service
+	Status *portainer.Status
 }

 // NewHandler creates a handler to manage status operations.
-func NewHandler(bouncer *security.RequestBouncer, status *portainer.Status, demoService *demo.Service) *Handler {
+func NewHandler(bouncer *security.RequestBouncer, status *portainer.Status) *Handler {
 	h := &Handler{
-		Router:      mux.NewRouter(),
-		Status:      status,
-		demoService: demoService,
+		Router: mux.NewRouter(),
+		Status: status,
 	}
 	h.Handle("/status",
 		bouncer.PublicAccess(httperror.LoggerHandler(h.statusInspect))).Methods(http.MethodGet)
 	h.Handle("/status/version",
-		bouncer.AuthenticatedAccess(http.HandlerFunc(h.version))).Methods(http.MethodGet)
+		bouncer.AuthenticatedAccess(http.HandlerFunc(h.statusInspectVersion))).Methods(http.MethodGet)

 	return h
 }
--- a/api/http/handler/status/status_inspect.go
+++ b/api/http/handler/status/status_inspect.go
@@ -5,26 +5,16 @@ import (

 	httperror "github.com/portainer/libhttp/error"
 	"github.com/portainer/libhttp/response"
-	portainer "github.com/portainer/portainer/api"
-	"github.com/portainer/portainer/api/demo"
 )

-type status struct {
-	*portainer.Status
-	DemoEnvironment demo.EnvironmentDetails
-}
-
 // @id StatusInspect
 // @summary Check Portainer status
 // @description Retrieve Portainer status
 // @description **Access policy**: public
 // @tags status
 // @produce json
-// @success 200 {object} status "Success"
+// @success 200 {object} portainer.Status "Success"
 // @router /status [get]
 func (handler *Handler) statusInspect(w http.ResponseWriter, r *http.Request) *httperror.HandlerError {
-	return response.JSON(w, &status{
-		Status:          handler.Status,
-		DemoEnvironment: handler.demoService.Details(),
-	})
+	return response.JSON(w, handler.Status)
 }
--- a/api/http/handler/status/status_inspect_version.go
+++ b/api/http/handler/status/status_inspect_version.go
@@ -0,0 +1,62 @@
+package status
+
+import (
+	"encoding/json"
+	"net/http"
+
+	"github.com/coreos/go-semver/semver"
+
+	portainer "github.com/portainer/portainer/api"
+	"github.com/portainer/portainer/api/http/client"
+
+	"github.com/portainer/libhttp/response"
+)
+
+type inspectVersionResponse struct {
+	// Whether portainer has an update available
+	UpdateAvailable bool `json:"UpdateAvailable" example:"false"`
+	// The latest version available
+	LatestVersion string `json:"LatestVersion" example:"2.0.0"`
+}
+
+type githubData struct {
+	TagName string `json:"tag_name"`
+}
+
+// @id StatusInspectVersion
+// @summary Check for portainer updates
+// @description Check if portainer has an update available
+// @description **Access policy**: authenticated
+// @security ApiKeyAuth
+// @security jwt
+// @tags status
+// @produce json
+// @success 200 {object} inspectVersionResponse "Success"
+// @router /status/version [get]
+func (handler *Handler) statusInspectVersion(w http.ResponseWriter, r *http.Request) {
+	motd, err := client.Get(portainer.VersionCheckURL, 5)
+	if err != nil {
+		response.JSON(w, &inspectVersionResponse{UpdateAvailable: false})
+		return
+	}
+
+	var data githubData
+	err = json.Unmarshal(motd, &data)
+	if err != nil {
+		response.JSON(w, &inspectVersionResponse{UpdateAvailable: false})
+		return
+	}
+
+	resp := inspectVersionResponse{
+		UpdateAvailable: false,
+	}
+
+	currentVersion := semver.New(portainer.APIVersion)
+	latestVersion := semver.New(data.TagName)
+	if currentVersion.LessThan(*latestVersion) {
+		resp.UpdateAvailable = true
+		resp.LatestVersion = data.TagName
+	}
+
+	response.JSON(w, &resp)
+}
--- a/api/http/handler/status/version.go
+++ b/api/http/handler/status/version.go
@@ -1,105 +0,0 @@
-package status
-
-import (
-	"encoding/json"
-	"net/http"
-	"strconv"
-
-	"github.com/coreos/go-semver/semver"
-
-	portainer "github.com/portainer/portainer/api"
-	"github.com/portainer/portainer/api/build"
-	"github.com/portainer/portainer/api/http/client"
-
-	"github.com/portainer/libhttp/response"
-	log "github.com/sirupsen/logrus"
-)
-
-type versionResponse struct {
-	// Whether portainer has an update available
-	UpdateAvailable bool `json:"UpdateAvailable" example:"false"`
-	// The latest version available
-	LatestVersion string `json:"LatestVersion" example:"2.0.0"`
-
-	ServerVersion   string
-	DatabaseVersion string
-	Build           BuildInfo
-}
-
-type BuildInfo struct {
-	BuildNumber    string
-	ImageTag       string
-	NodejsVersion  string
-	YarnVersion    string
-	WebpackVersion string
-	GoVersion      string
-}
-
-// @id Version
-// @summary Check for portainer updates
-// @description Check if portainer has an update available
-// @description **Access policy**: authenticated
-// @security ApiKeyAuth
-// @security jwt
-// @tags status
-// @produce json
-// @success 200 {object} versionResponse "Success"
-// @router /status/version [get]
-func (handler *Handler) version(w http.ResponseWriter, r *http.Request) {
-	result := &versionResponse{
-		ServerVersion:   portainer.APIVersion,
-		DatabaseVersion: strconv.Itoa(portainer.DBVersion),
-		Build: BuildInfo{
-			BuildNumber:    build.BuildNumber,
-			ImageTag:       build.ImageTag,
-			NodejsVersion:  build.NodejsVersion,
-			YarnVersion:    build.YarnVersion,
-			WebpackVersion: build.WebpackVersion,
-			GoVersion:      build.GoVersion,
-		},
-	}
-
-	latestVersion := getLatestVersion()
-	if hasNewerVersion(portainer.APIVersion, latestVersion) {
-		result.UpdateAvailable = true
-		result.LatestVersion = latestVersion
-	}
-
-	response.JSON(w, &result)
-}
-
-func getLatestVersion() string {
-	motd, err := client.Get(portainer.VersionCheckURL, 5)
-	if err != nil {
-		log.WithError(err).Debug("couldn't fetch latest Portainer release version")
-		return ""
-	}
-
-	var data struct {
-		TagName string `json:"tag_name"`
-	}
-
-	err = json.Unmarshal(motd, &data)
-	if err != nil {
-		log.WithError(err).Debug("couldn't parse latest Portainer version")
-		return ""
-	}
-
-	return data.TagName
-}
-
-func hasNewerVersion(currentVersion, latestVersion string) bool {
-	currentVersionSemver, err := semver.NewVersion(currentVersion)
-	if err != nil {
-		log.WithField("version", currentVersion).Debug("current Portainer version isn't a semver")
-		return false
-	}
-
-	latestVersionSemver, err := semver.NewVersion(latestVersion)
-	if err != nil {
-		log.WithField("version", latestVersion).Debug("latest Portainer version isn't a semver")
-		return false
-	}
-
-	return currentVersionSemver.LessThan(*latestVersionSemver)
-}
--- a/api/http/handler/teammemberships/handler.go
+++ b/api/http/handler/teammemberships/handler.go
@@ -21,13 +21,14 @@ func NewHandler(bouncer *security.RequestBouncer) *Handler {
 	h := &Handler{
 		Router: mux.NewRouter(),
 	}
-
-	h.Use(bouncer.TeamLeaderAccess)
-
-	h.Handle("/team_memberships", httperror.LoggerHandler(h.teamMembershipCreate)).Methods(http.MethodPost)
-	h.Handle("/team_memberships", httperror.LoggerHandler(h.teamMembershipList)).Methods(http.MethodGet)
-	h.Handle("/team_memberships/{id}", httperror.LoggerHandler(h.teamMembershipUpdate)).Methods(http.MethodPut)
-	h.Handle("/team_memberships/{id}", httperror.LoggerHandler(h.teamMembershipDelete)).Methods(http.MethodDelete)
+	h.Handle("/team_memberships",
+		bouncer.AdminAccess(httperror.LoggerHandler(h.teamMembershipCreate))).Methods(http.MethodPost)
+	h.Handle("/team_memberships",
+		bouncer.AdminAccess(httperror.LoggerHandler(h.teamMembershipList))).Methods(http.MethodGet)
+	h.Handle("/team_memberships/{id}",
+		bouncer.AdminAccess(httperror.LoggerHandler(h.teamMembershipUpdate))).Methods(http.MethodPut)
+	h.Handle("/team_memberships/{id}",
+		bouncer.AdminAccess(httperror.LoggerHandler(h.teamMembershipDelete))).Methods(http.MethodDelete)

 	return h
 }
--- a/api/http/handler/teammemberships/teammembership_list.go
+++ b/api/http/handler/teammemberships/teammembership_list.go
@@ -5,6 +5,8 @@ import (

 	httperror "github.com/portainer/libhttp/error"
 	"github.com/portainer/libhttp/response"
+	"github.com/portainer/portainer/api/http/errors"
+	"github.com/portainer/portainer/api/http/security"
 )

 // @id TeamMembershipList
@@ -21,6 +23,15 @@ import (
 // @failure 500 "Server error"
 // @router /team_memberships [get]
 func (handler *Handler) teamMembershipList(w http.ResponseWriter, r *http.Request) *httperror.HandlerError {
+	securityContext, err := security.RetrieveRestrictedRequestContext(r)
+	if err != nil {
+		return &httperror.HandlerError{http.StatusInternalServerError, "Unable to retrieve info from request context", err}
+	}
+
+	if !securityContext.IsAdmin && !securityContext.IsTeamLeader {
+		return &httperror.HandlerError{http.StatusForbidden, "Permission denied to list team memberships", errors.ErrResourceAccessDenied}
+	}
+
 	memberships, err := handler.DataStore.TeamMembership().TeamMemberships()
 	if err != nil {
 		return &httperror.HandlerError{http.StatusInternalServerError, "Unable to retrieve team memberships from the database", err}
--- a/api/http/handler/teammemberships/teammembership_update.go
+++ b/api/http/handler/teammemberships/teammembership_update.go
@@ -36,8 +36,8 @@ func (payload *teamMembershipUpdatePayload) Validate(r *http.Request) error {

 // @id TeamMembershipUpdate
 // @summary Update a team membership
-// @description Update a team membership. Access is only available to administrators or leaders of the associated team.
-// @description **Access policy**: administrator or leaders of the associated team
+// @description Update a team membership. Access is only available to administrators leaders of the associated team.
+// @description **Access policy**: administrator
 // @tags team_memberships
 // @security ApiKeyAuth
 // @security jwt
@@ -63,6 +63,15 @@ func (handler *Handler) teamMembershipUpdate(w http.ResponseWriter, r *http.Requ
 		return &httperror.HandlerError{http.StatusBadRequest, "Invalid request payload", err}
 	}

+	securityContext, err := security.RetrieveRestrictedRequestContext(r)
+	if err != nil {
+		return &httperror.HandlerError{http.StatusInternalServerError, "Unable to retrieve info from request context", err}
+	}
+
+	if !security.AuthorizedTeamManagement(portainer.TeamID(payload.TeamID), securityContext) {
+		return &httperror.HandlerError{http.StatusForbidden, "Permission denied to update the membership", httperrors.ErrResourceAccessDenied}
+	}
+
 	membership, err := handler.DataStore.TeamMembership().TeamMembership(portainer.TeamMembershipID(membershipID))
 	if handler.DataStore.IsErrObjectNotFound(err) {
 		return &httperror.HandlerError{http.StatusNotFound, "Unable to find a team membership with the specified identifier inside the database", err}
@@ -70,15 +79,8 @@ func (handler *Handler) teamMembershipUpdate(w http.ResponseWriter, r *http.Requ
 		return &httperror.HandlerError{http.StatusInternalServerError, "Unable to find a team membership with the specified identifier inside the database", err}
 	}

-	securityContext, err := security.RetrieveRestrictedRequestContext(r)
-	if err != nil {
-		return &httperror.HandlerError{http.StatusInternalServerError, "Unable to retrieve info from request context", err}
-	}
-
-	isLeadingBothTeam := security.AuthorizedTeamManagement(portainer.TeamID(payload.TeamID), securityContext) &&
-		security.AuthorizedTeamManagement(membership.TeamID, securityContext)
-	if !(securityContext.IsAdmin || isLeadingBothTeam) {
-		return &httperror.HandlerError{http.StatusForbidden, "Permission denied to update the membership", httperrors.ErrResourceAccessDenied}
+	if securityContext.IsTeamLeader && membership.Role != portainer.MembershipRole(payload.Role) {
+		return &httperror.HandlerError{http.StatusForbidden, "Permission denied to update the role of membership", httperrors.ErrResourceAccessDenied}
 	}

 	membership.UserID = portainer.UserID(payload.UserID)
--- a/api/http/handler/teams/handler.go
+++ b/api/http/handler/teams/handler.go
@@ -20,22 +20,18 @@ func NewHandler(bouncer *security.RequestBouncer) *Handler {
 	h := &Handler{
 		Router: mux.NewRouter(),
 	}
-
-	adminRouter := h.NewRoute().Subrouter()
-	adminRouter.Use(bouncer.AdminAccess)
-
-	restrictedRouter := h.NewRoute().Subrouter()
-	restrictedRouter.Use(bouncer.RestrictedAccess)
-
-	teamLeaderRouter := h.NewRoute().Subrouter()
-	teamLeaderRouter.Use(bouncer.TeamLeaderAccess)
-
-	adminRouter.Handle("/teams", httperror.LoggerHandler(h.teamCreate)).Methods(http.MethodPost)
-	restrictedRouter.Handle("/teams", httperror.LoggerHandler(h.teamList)).Methods(http.MethodGet)
-	teamLeaderRouter.Handle("/teams/{id}", httperror.LoggerHandler(h.teamInspect)).Methods(http.MethodGet)
-	adminRouter.Handle("/teams/{id}", httperror.LoggerHandler(h.teamUpdate)).Methods(http.MethodPut)
-	adminRouter.Handle("/teams/{id}", httperror.LoggerHandler(h.teamDelete)).Methods(http.MethodDelete)
-	teamLeaderRouter.Handle("/teams/{id}/memberships", httperror.LoggerHandler(h.teamMemberships)).Methods(http.MethodGet)
+	h.Handle("/teams",
+		bouncer.AdminAccess(httperror.LoggerHandler(h.teamCreate))).Methods(http.MethodPost)
+	h.Handle("/teams",
+		bouncer.RestrictedAccess(httperror.LoggerHandler(h.teamList))).Methods(http.MethodGet)
+	h.Handle("/teams/{id}",
+		bouncer.AdminAccess(httperror.LoggerHandler(h.teamInspect))).Methods(http.MethodGet)
+	h.Handle("/teams/{id}",
+		bouncer.AdminAccess(httperror.LoggerHandler(h.teamUpdate))).Methods(http.MethodPut)
+	h.Handle("/teams/{id}",
+		bouncer.AdminAccess(httperror.LoggerHandler(h.teamDelete))).Methods(http.MethodDelete)
+	h.Handle("/teams/{id}/memberships",
+		bouncer.AdminAccess(httperror.LoggerHandler(h.teamMemberships))).Methods(http.MethodGet)

 	return h
 }
--- a/api/http/handler/teams/team_create.go
+++ b/api/http/handler/teams/team_create.go
@@ -14,8 +14,6 @@ import (
 type teamCreatePayload struct {
 	// Name
 	Name string `example:"developers" validate:"required"`
-	// TeamLeaders
-	TeamLeaders []portainer.UserID `example:"3,5"`
 }

 func (payload *teamCreatePayload) Validate(r *http.Request) error {
@@ -64,18 +62,5 @@ func (handler *Handler) teamCreate(w http.ResponseWriter, r *http.Request) *http
 		return &httperror.HandlerError{http.StatusInternalServerError, "Unable to persist the team inside the database", err}
 	}

-	for _, teamLeader := range payload.TeamLeaders {
-		membership := &portainer.TeamMembership{
-			UserID: teamLeader,
-			TeamID: team.ID,
-			Role:   portainer.TeamLeader,
-		}
-
-		err = handler.DataStore.TeamMembership().Create(membership)
-		if err != nil {
-			return &httperror.HandlerError{http.StatusInternalServerError, "Unable to persist team leadership inside the database", err}
-		}
-	}
-
 	return response.JSON(w, team)
 }
--- a/api/http/handler/users/admin_init.go
+++ b/api/http/handler/users/admin_init.go
@@ -9,6 +9,7 @@ import (
 	"github.com/portainer/libhttp/request"
 	"github.com/portainer/libhttp/response"
 	portainer "github.com/portainer/portainer/api"
+	"github.com/portainer/portainer/api/internal/passwordutils"
 )

 type adminInitPayload struct {
@@ -57,7 +58,7 @@ func (handler *Handler) adminInit(w http.ResponseWriter, r *http.Request) *httpe
 		return &httperror.HandlerError{http.StatusConflict, "Unable to create administrator user", errAdminAlreadyInitialized}
 	}

-	if !handler.passwordStrengthChecker.Check(payload.Password) {
+	if !passwordutils.StrengthCheck(payload.Password) {
 		return &httperror.HandlerError{http.StatusBadRequest, "Password does not meet the requirements", nil}
 	}

--- a/api/http/handler/users/handler.go
+++ b/api/http/handler/users/handler.go
@@ -8,7 +8,6 @@ import (

 	"github.com/portainer/portainer/api/apikey"
 	"github.com/portainer/portainer/api/dataservices"
-	"github.com/portainer/portainer/api/demo"
 	"github.com/portainer/portainer/api/http/security"

 	"net/http"
@@ -31,51 +30,43 @@ func hideFields(user *portainer.User) {
 // Handler is the HTTP handler used to handle user operations.
 type Handler struct {
 	*mux.Router
-	bouncer                 *security.RequestBouncer
-	apiKeyService           apikey.APIKeyService
-	demoService             *demo.Service
-	DataStore               dataservices.DataStore
-	CryptoService           portainer.CryptoService
-	passwordStrengthChecker security.PasswordStrengthChecker
+	bouncer       *security.RequestBouncer
+	apiKeyService apikey.APIKeyService
+	DataStore     dataservices.DataStore
+	CryptoService portainer.CryptoService
 }

 // NewHandler creates a handler to manage user operations.
-func NewHandler(bouncer *security.RequestBouncer, rateLimiter *security.RateLimiter, apiKeyService apikey.APIKeyService, demoService *demo.Service, passwordStrengthChecker security.PasswordStrengthChecker) *Handler {
+func NewHandler(bouncer *security.RequestBouncer, rateLimiter *security.RateLimiter, apiKeyService apikey.APIKeyService) *Handler {
 	h := &Handler{
-		Router:                  mux.NewRouter(),
-		bouncer:                 bouncer,
-		apiKeyService:           apiKeyService,
-		demoService:             demoService,
-		passwordStrengthChecker: passwordStrengthChecker,
+		Router:        mux.NewRouter(),
+		bouncer:       bouncer,
+		apiKeyService: apiKeyService,
 	}
-
-	adminRouter := h.NewRoute().Subrouter()
-	adminRouter.Use(bouncer.AdminAccess)
-
-	teamLeaderRouter := h.NewRoute().Subrouter()
-	teamLeaderRouter.Use(bouncer.TeamLeaderAccess)
-
-	restrictedRouter := h.NewRoute().Subrouter()
-	restrictedRouter.Use(bouncer.RestrictedAccess)
-
-	authenticatedRouter := h.NewRoute().Subrouter()
-	authenticatedRouter.Use(bouncer.AuthenticatedAccess)
-
-	publicRouter := h.NewRoute().Subrouter()
-	publicRouter.Use(bouncer.PublicAccess)
-
-	adminRouter.Handle("/users", httperror.LoggerHandler(h.userCreate)).Methods(http.MethodPost)
-	restrictedRouter.Handle("/users", httperror.LoggerHandler(h.userList)).Methods(http.MethodGet)
-	restrictedRouter.Handle("/users/{id}", httperror.LoggerHandler(h.userInspect)).Methods(http.MethodGet)
-	authenticatedRouter.Handle("/users/{id}", httperror.LoggerHandler(h.userUpdate)).Methods(http.MethodPut)
-	adminRouter.Handle("/users/{id}", httperror.LoggerHandler(h.userDelete)).Methods(http.MethodDelete)
-	restrictedRouter.Handle("/users/{id}/tokens", httperror.LoggerHandler(h.userGetAccessTokens)).Methods(http.MethodGet)
-	restrictedRouter.Handle("/users/{id}/tokens", rateLimiter.LimitAccess(httperror.LoggerHandler(h.userCreateAccessToken))).Methods(http.MethodPost)
-	restrictedRouter.Handle("/users/{id}/tokens/{keyID}", httperror.LoggerHandler(h.userRemoveAccessToken)).Methods(http.MethodDelete)
-	restrictedRouter.Handle("/users/{id}/memberships", httperror.LoggerHandler(h.userMemberships)).Methods(http.MethodGet)
-	authenticatedRouter.Handle("/users/{id}/passwd", rateLimiter.LimitAccess(httperror.LoggerHandler(h.userUpdatePassword))).Methods(http.MethodPut)
-	publicRouter.Handle("/users/admin/check", httperror.LoggerHandler(h.adminCheck)).Methods(http.MethodGet)
-	publicRouter.Handle("/users/admin/init", httperror.LoggerHandler(h.adminInit)).Methods(http.MethodPost)
+	h.Handle("/users",
+		bouncer.AdminAccess(httperror.LoggerHandler(h.userCreate))).Methods(http.MethodPost)
+	h.Handle("/users",
+		bouncer.RestrictedAccess(httperror.LoggerHandler(h.userList))).Methods(http.MethodGet)
+	h.Handle("/users/{id}",
+		bouncer.RestrictedAccess(httperror.LoggerHandler(h.userInspect))).Methods(http.MethodGet)
+	h.Handle("/users/{id}",
+		bouncer.AuthenticatedAccess(httperror.LoggerHandler(h.userUpdate))).Methods(http.MethodPut)
+	h.Handle("/users/{id}",
+		bouncer.AdminAccess(httperror.LoggerHandler(h.userDelete))).Methods(http.MethodDelete)
+	h.Handle("/users/{id}/tokens",
+		bouncer.RestrictedAccess(httperror.LoggerHandler(h.userGetAccessTokens))).Methods(http.MethodGet)
+	h.Handle("/users/{id}/tokens",
+		rateLimiter.LimitAccess(bouncer.RestrictedAccess(httperror.LoggerHandler(h.userCreateAccessToken)))).Methods(http.MethodPost)
+	h.Handle("/users/{id}/tokens/{keyID}",
+		bouncer.RestrictedAccess(httperror.LoggerHandler(h.userRemoveAccessToken))).Methods(http.MethodDelete)
+	h.Handle("/users/{id}/memberships",
+		bouncer.RestrictedAccess(httperror.LoggerHandler(h.userMemberships))).Methods(http.MethodGet)
+	h.Handle("/users/{id}/passwd",
+		rateLimiter.LimitAccess(bouncer.AuthenticatedAccess(httperror.LoggerHandler(h.userUpdatePassword)))).Methods(http.MethodPut)
+	h.Handle("/users/admin/check",
+		bouncer.PublicAccess(httperror.LoggerHandler(h.adminCheck))).Methods(http.MethodGet)
+	h.Handle("/users/admin/init",
+		bouncer.PublicAccess(httperror.LoggerHandler(h.adminInit))).Methods(http.MethodPost)

 	return h
 }
--- a/api/http/handler/users/user_create.go
+++ b/api/http/handler/users/user_create.go
@@ -9,6 +9,9 @@ import (
 	"github.com/portainer/libhttp/request"
 	"github.com/portainer/libhttp/response"
 	portainer "github.com/portainer/portainer/api"
+	httperrors "github.com/portainer/portainer/api/http/errors"
+	"github.com/portainer/portainer/api/http/security"
+	"github.com/portainer/portainer/api/internal/passwordutils"
 )

 type userCreatePayload struct {
@@ -32,7 +35,8 @@ func (payload *userCreatePayload) Validate(r *http.Request) error {
 // @id UserCreate
 // @summary Create a new user
 // @description Create a new Portainer user.
-// @description Only administrators can create users.
+// @description Only team leaders and administrators can create users.
+// @description Only administrators can create an administrator user account.
 // @description **Access policy**: restricted
 // @tags users
 // @security ApiKeyAuth
@@ -53,6 +57,19 @@ func (handler *Handler) userCreate(w http.ResponseWriter, r *http.Request) *http
 		return &httperror.HandlerError{http.StatusBadRequest, "Invalid request payload", err}
 	}

+	securityContext, err := security.RetrieveRestrictedRequestContext(r)
+	if err != nil {
+		return &httperror.HandlerError{http.StatusInternalServerError, "Unable to retrieve info from request context", err}
+	}
+
+	if !securityContext.IsAdmin && !securityContext.IsTeamLeader {
+		return &httperror.HandlerError{http.StatusForbidden, "Permission denied to create user", httperrors.ErrResourceAccessDenied}
+	}
+
+	if securityContext.IsTeamLeader && payload.Role == 1 {
+		return &httperror.HandlerError{http.StatusForbidden, "Permission denied to create administrator user", httperrors.ErrResourceAccessDenied}
+	}
+
 	user, err := handler.DataStore.User().UserByUsername(payload.Username)
 	if err != nil && !handler.DataStore.IsErrObjectNotFound(err) {
 		return &httperror.HandlerError{http.StatusInternalServerError, "Unable to retrieve users from the database", err}
@@ -78,7 +95,7 @@ func (handler *Handler) userCreate(w http.ResponseWriter, r *http.Request) *http
 	}

 	if settings.AuthenticationMethod == portainer.AuthenticationInternal {
-		if !handler.passwordStrengthChecker.Check(payload.Password) {
+		if !passwordutils.StrengthCheck(payload.Password) {
 			return &httperror.HandlerError{http.StatusBadRequest, "Password does not meet the requirements", nil}
 		}

--- a/api/http/handler/users/user_create_access_token_test.go
+++ b/api/http/handler/users/user_create_access_token_test.go
@@ -39,9 +39,8 @@ func Test_userCreateAccessToken(t *testing.T) {
 	apiKeyService := apikey.NewAPIKeyService(store.APIKeyRepository(), store.User())
 	requestBouncer := security.NewRequestBouncer(store, jwtService, apiKeyService)
 	rateLimiter := security.NewRateLimiter(10, 1*time.Second, 1*time.Hour)
-	passwordChecker := security.NewPasswordStrengthChecker(store.SettingsService)

-	h := NewHandler(requestBouncer, rateLimiter, apiKeyService, nil, passwordChecker)
+	h := NewHandler(requestBouncer, rateLimiter, apiKeyService)
 	h.DataStore = store

 	// generate standard and admin user tokens
--- a/api/http/handler/users/user_delete_test.go
+++ b/api/http/handler/users/user_delete_test.go
@@ -31,9 +31,8 @@ func Test_deleteUserRemovesAccessTokens(t *testing.T) {
 	apiKeyService := apikey.NewAPIKeyService(store.APIKeyRepository(), store.User())
 	requestBouncer := security.NewRequestBouncer(store, jwtService, apiKeyService)
 	rateLimiter := security.NewRateLimiter(10, 1*time.Second, 1*time.Hour)
-	passwordChecker := security.NewPasswordStrengthChecker(store.SettingsService)

-	h := NewHandler(requestBouncer, rateLimiter, apiKeyService, nil, passwordChecker)
+	h := NewHandler(requestBouncer, rateLimiter, apiKeyService)
 	h.DataStore = store

 	t.Run("standard user deletion removes all associated access tokens", func(t *testing.T) {
--- a/api/http/handler/users/user_get_access_tokens_test.go
+++ b/api/http/handler/users/user_get_access_tokens_test.go
@@ -38,9 +38,8 @@ func Test_userGetAccessTokens(t *testing.T) {
 	apiKeyService := apikey.NewAPIKeyService(store.APIKeyRepository(), store.User())
 	requestBouncer := security.NewRequestBouncer(store, jwtService, apiKeyService)
 	rateLimiter := security.NewRateLimiter(10, 1*time.Second, 1*time.Hour)
-	passwordChecker := security.NewPasswordStrengthChecker(store.SettingsService)

-	h := NewHandler(requestBouncer, rateLimiter, apiKeyService, nil, passwordChecker)
+	h := NewHandler(requestBouncer, rateLimiter, apiKeyService)
 	h.DataStore = store

 	// generate standard and admin user tokens
--- a/api/http/handler/users/user_remove_access_token_test.go
+++ b/api/http/handler/users/user_remove_access_token_test.go
@@ -36,9 +36,8 @@ func Test_userRemoveAccessToken(t *testing.T) {
 	apiKeyService := apikey.NewAPIKeyService(store.APIKeyRepository(), store.User())
 	requestBouncer := security.NewRequestBouncer(store, jwtService, apiKeyService)
 	rateLimiter := security.NewRateLimiter(10, 1*time.Second, 1*time.Hour)
-	passwordChecker := security.NewPasswordStrengthChecker(store.SettingsService)

-	h := NewHandler(requestBouncer, rateLimiter, apiKeyService, nil, passwordChecker)
+	h := NewHandler(requestBouncer, rateLimiter, apiKeyService)
 	h.DataStore = store

 	// generate standard and admin user tokens
--- a/api/http/handler/users/user_update.go
+++ b/api/http/handler/users/user_update.go
@@ -57,10 +57,6 @@ func (handler *Handler) userUpdate(w http.ResponseWriter, r *http.Request) *http
 		return &httperror.HandlerError{http.StatusBadRequest, "Invalid user identifier route variable", err}
 	}

-	if handler.demoService.IsDemoUser(portainer.UserID(userID)) {
-		return &httperror.HandlerError{http.StatusForbidden, httperrors.ErrNotAvailableInDemo.Error(), httperrors.ErrNotAvailableInDemo}
-	}
-
 	tokenData, err := security.RetrieveTokenData(r)
 	if err != nil {
 		return &httperror.HandlerError{http.StatusInternalServerError, "Unable to retrieve user authentication token", err}
--- a/api/http/handler/users/user_update_password.go
+++ b/api/http/handler/users/user_update_password.go
@@ -12,6 +12,7 @@ import (
 	portainer "github.com/portainer/portainer/api"
 	httperrors "github.com/portainer/portainer/api/http/errors"
 	"github.com/portainer/portainer/api/http/security"
+	"github.com/portainer/portainer/api/internal/passwordutils"
 )

 type userUpdatePasswordPayload struct {
@@ -54,10 +55,6 @@ func (handler *Handler) userUpdatePassword(w http.ResponseWriter, r *http.Reques
 		return &httperror.HandlerError{http.StatusBadRequest, "Invalid user identifier route variable", err}
 	}

-	if handler.demoService.IsDemoUser(portainer.UserID(userID)) {
-		return &httperror.HandlerError{http.StatusForbidden, httperrors.ErrNotAvailableInDemo.Error(), httperrors.ErrNotAvailableInDemo}
-	}
-
 	tokenData, err := security.RetrieveTokenData(r)
 	if err != nil {
 		return &httperror.HandlerError{http.StatusInternalServerError, "Unable to retrieve user authentication token", err}
@@ -82,10 +79,10 @@ func (handler *Handler) userUpdatePassword(w http.ResponseWriter, r *http.Reques

 	err = handler.CryptoService.CompareHashAndData(user.Password, payload.Password)
 	if err != nil {
-		return &httperror.HandlerError{http.StatusForbidden, "Current password doesn't match", errors.New("Current password does not match the password provided. Please try again")}
+		return &httperror.HandlerError{http.StatusForbidden, "Specified password do not match actual password", httperrors.ErrUnauthorized}
 	}

-	if !handler.passwordStrengthChecker.Check(payload.NewPassword) {
+	if !passwordutils.StrengthCheck(payload.NewPassword) {
 		return &httperror.HandlerError{http.StatusBadRequest, "Password does not meet the requirements", nil}
 	}

--- a/api/http/handler/users/user_update_test.go
+++ b/api/http/handler/users/user_update_test.go
@@ -31,9 +31,8 @@ func Test_updateUserRemovesAccessTokens(t *testing.T) {
 	apiKeyService := apikey.NewAPIKeyService(store.APIKeyRepository(), store.User())
 	requestBouncer := security.NewRequestBouncer(store, jwtService, apiKeyService)
 	rateLimiter := security.NewRateLimiter(10, 1*time.Second, 1*time.Hour)
-	passwordChecker := security.NewPasswordStrengthChecker(store.SettingsService)

-	h := NewHandler(requestBouncer, rateLimiter, apiKeyService, nil, passwordChecker)
+	h := NewHandler(requestBouncer, rateLimiter, apiKeyService)
 	h.DataStore = store

 	t.Run("standard user deletion removes all associated access tokens", func(t *testing.T) {
--- a/api/http/middlewares/demo.go
+++ b/api/http/middlewares/demo.go
@@ -1,23 +0,0 @@
-package middlewares
-
-import (
-	"net/http"
-
-	"github.com/gorilla/mux"
-	httperror "github.com/portainer/libhttp/error"
-	"github.com/portainer/portainer/api/http/errors"
-)
-
-// restrict functionality on demo environments
-func RestrictDemoEnv(isDemo func() bool) mux.MiddlewareFunc {
-	return func(next http.Handler) http.Handler {
-		return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
-			if !isDemo() {
-				next.ServeHTTP(w, r)
-				return
-			}
-
-			httperror.WriteError(w, http.StatusBadRequest, errors.ErrNotAvailableInDemo.Error(), errors.ErrNotAvailableInDemo)
-		})
-	}
-}
--- a/api/http/middlewares/demo_test.go
+++ b/api/http/middlewares/demo_test.go
@@ -1,41 +0,0 @@
-package middlewares
-
-import (
-	"io"
-	"net/http"
-	"net/http/httptest"
-	"strings"
-	"testing"
-
-	"github.com/stretchr/testify/assert"
-)
-
-func Test_demoEnvironment_shouldFail(t *testing.T) {
-	r := httptest.NewRequest(http.MethodPost, "/", strings.NewReader(`{}`))
-	w := httptest.NewRecorder()
-
-	h := http.HandlerFunc(func(rw http.ResponseWriter, r *http.Request) {})
-
-	RestrictDemoEnv(func() bool { return true }).Middleware(h).ServeHTTP(w, r)
-
-	response := w.Result()
-	defer response.Body.Close()
-
-	assert.Equal(t, http.StatusBadRequest, response.StatusCode)
-
-	body, _ := io.ReadAll(response.Body)
-	assert.Contains(t, string(body), "This feature is not available in the demo version of Portainer")
-}
-
-func Test_notDemoEnvironment_shouldSucceed(t *testing.T) {
-	r := httptest.NewRequest(http.MethodPost, "/", strings.NewReader(`{}`))
-	w := httptest.NewRecorder()
-
-	h := http.HandlerFunc(func(rw http.ResponseWriter, r *http.Request) {})
-
-	RestrictDemoEnv(func() bool { return false }).Middleware(h).ServeHTTP(w, r)
-
-	response := w.Result()
-	assert.Equal(t, http.StatusOK, response.StatusCode)
-
-}
--- a/api/http/proxy/factory/docker.go
+++ b/api/http/proxy/factory/docker.go
@@ -64,7 +64,7 @@ func (factory *ProxyFactory) newDockerHTTPProxy(endpoint *portainer.Endpoint) (h
 		DockerClientFactory:  factory.dockerClientFactory,
 	}

-	dockerTransport, err := docker.NewTransport(transportParameters, httpTransport, factory.gitService)
+	dockerTransport, err := docker.NewTransport(transportParameters, httpTransport)
 	if err != nil {
 		return nil, err
 	}
--- a/api/http/proxy/factory/docker/networks.go
+++ b/api/http/proxy/factory/docker/networks.go
@@ -86,7 +86,7 @@ func findSystemNetworkResourceControl(networkObject map[string]interface{}) *por
 	networkID := networkObject[networkObjectIdentifier].(string)
 	networkName := networkObject[networkObjectName].(string)

-	if networkName == "bridge" || networkName == "host" || networkName == "ingress" || networkName == "nat" || networkName == "none" {
+	if networkName == "bridge" || networkName == "host" || networkName == "none" {
 		return authorization.NewSystemResourceControl(networkID, portainer.NetworkResourceControl)
 	}

--- a/api/http/proxy/factory/docker/registry.go
+++ b/api/http/proxy/factory/docker/registry.go
@@ -23,7 +23,7 @@ type (
 	}

 	portainerRegistryAuthenticationHeader struct {
-		RegistryId *portainer.RegistryID `json:"registryId"`
+		RegistryId portainer.RegistryID `json:"registryId"`
 	}
 )

--- a/api/http/proxy/factory/docker/transport.go
+++ b/api/http/proxy/factory/docker/transport.go
@@ -35,7 +35,6 @@ type (
 		signatureService     portainer.DigitalSignatureService
 		reverseTunnelService portainer.ReverseTunnelService
 		dockerClientFactory  *docker.ClientFactory
-		gitService           portainer.GitService
 	}

 	// TransportParameters is used to create a new Transport
@@ -63,7 +62,7 @@ type (
 )

 // NewTransport returns a pointer to a new Transport instance.
-func NewTransport(parameters *TransportParameters, httpTransport *http.Transport, gitService portainer.GitService) (*Transport, error) {
+func NewTransport(parameters *TransportParameters, httpTransport *http.Transport) (*Transport, error) {
 	transport := &Transport{
 		endpoint:             parameters.Endpoint,
 		dataStore:            parameters.DataStore,
@@ -71,7 +70,6 @@ func NewTransport(parameters *TransportParameters, httpTransport *http.Transport
 		reverseTunnelService: parameters.ReverseTunnelService,
 		dockerClientFactory:  parameters.DockerClientFactory,
 		HTTPTransport:        httpTransport,
-		gitService:           gitService,
 	}

 	return transport, nil
@@ -383,31 +381,9 @@ func (transport *Transport) proxyTaskRequest(request *http.Request) (*http.Respo
 }

 func (transport *Transport) proxyBuildRequest(request *http.Request) (*http.Response, error) {
-	err := transport.updateDefaultGitBranch(request)
-	if err != nil {
-		return nil, err
-	}
 	return transport.interceptAndRewriteRequest(request, buildOperation)
 }

-func (transport *Transport) updateDefaultGitBranch(request *http.Request) error {
-	remote := request.URL.Query().Get("remote")
-	if strings.HasSuffix(remote, ".git") {
-		repositoryURL := remote[:len(remote)-4]
-		latestCommitID, err := transport.gitService.LatestCommitID(repositoryURL, "", "", "")
-		if err != nil {
-			return err
-		}
-		newRemote := fmt.Sprintf("%s#%s", remote, latestCommitID)
-
-		q := request.URL.Query()
-		q.Set("remote", newRemote)
-		request.URL.RawQuery = q.Encode()
-	}
-
-	return nil
-}
-
 func (transport *Transport) proxyImageRequest(request *http.Request) (*http.Response, error) {
 	switch requestPath := request.URL.Path; requestPath {
 	case "/images/create":
@@ -446,20 +422,7 @@ func (transport *Transport) decorateRegistryAuthenticationHeader(request *http.R
 			return err
 		}

-		// delete header and exist function without error if Front End
-		// passes empty json. This is to restore original behavior which
-		// never originally passed this header
-		if string(decodedHeaderData) == "{}" {
-			request.Header.Del("X-Registry-Auth")
-			return nil
-		}
-
-		// only set X-Registry-Auth if registryId is defined
-		if originalHeaderData.RegistryId == nil {
-			return nil
-		}
-
-		authenticationHeader, err := createRegistryAuthenticationHeader(transport.dataStore, *originalHeaderData.RegistryId, accessContext)
+		authenticationHeader, err := createRegistryAuthenticationHeader(transport.dataStore, originalHeaderData.RegistryId, accessContext)
 		if err != nil {
 			return err
 		}
--- a/api/http/proxy/factory/docker/transport_test.go
+++ b/api/http/proxy/factory/docker/transport_test.go
@@ -1,73 +0,0 @@
-package docker
-
-import (
-	portainer "github.com/portainer/portainer/api"
-	"github.com/stretchr/testify/assert"
-	"net/http"
-	"net/http/httptest"
-	"testing"
-)
-
-type noopGitService struct{}
-
-func (s *noopGitService) CloneRepository(destination string, repositoryURL, referenceName, username, password string) error {
-	return nil
-}
-func (s *noopGitService) LatestCommitID(repositoryURL, referenceName, username, password string) (string, error) {
-	return "my-latest-commit-id", nil
-}
-
-func TestTransport_updateDefaultGitBranch(t *testing.T) {
-	type fields struct {
-		gitService portainer.GitService
-	}
-
-	type args struct {
-		request *http.Request
-	}
-
-	defaultFields := fields{
-		gitService: &noopGitService{},
-	}
-
-	tests := []struct {
-		name          string
-		fields        fields
-		args          args
-		wantErr       bool
-		expectedQuery string
-	}{
-		{
-			name:   "append commit ID",
-			fields: defaultFields,
-			args: args{
-				request: httptest.NewRequest(http.MethodPost, "http://unixsocket/build?dockerfile=Dockerfile&remote=https://my-host.com/my-user/my-repo.git&t=my-image", nil),
-			},
-			wantErr:       false,
-			expectedQuery: "dockerfile=Dockerfile&remote=https%3A%2F%2Fmy-host.com%2Fmy-user%2Fmy-repo.git%23my-latest-commit-id&t=my-image",
-		},
-		{
-			name:   "not append commit ID",
-			fields: defaultFields,
-			args: args{
-				request: httptest.NewRequest(http.MethodPost, "http://unixsocket/build?dockerfile=Dockerfile&remote=https://my-host.com/my-user/my-repo/my-file&t=my-image", nil),
-			},
-			wantErr:       false,
-			expectedQuery: "dockerfile=Dockerfile&remote=https://my-host.com/my-user/my-repo/my-file&t=my-image",
-		},
-	}
-	for _, tt := range tests {
-		t.Run(tt.name, func(t *testing.T) {
-			transport := &Transport{
-				gitService: tt.fields.gitService,
-			}
-			err := transport.updateDefaultGitBranch(tt.args.request)
-			if (err != nil) != tt.wantErr {
-				t.Errorf("updateDefaultGitBranch() error = %v, wantErr %v", err, tt.wantErr)
-				return
-			}
-
-			assert.Equal(t, tt.expectedQuery, tt.args.request.URL.RawQuery)
-		})
-	}
-}
--- a/api/http/proxy/factory/docker_unix.go
+++ b/api/http/proxy/factory/docker_unix.go
@@ -22,7 +22,7 @@ func (factory ProxyFactory) newOSBasedLocalProxy(path string, endpoint *portaine

 	proxy := &dockerLocalProxy{}

-	dockerTransport, err := docker.NewTransport(transportParameters, newSocketTransport(path), factory.gitService)
+	dockerTransport, err := docker.NewTransport(transportParameters, newSocketTransport(path))
 	if err != nil {
 		return nil, err
 	}
--- a/api/http/proxy/factory/docker_windows.go
+++ b/api/http/proxy/factory/docker_windows.go
@@ -23,7 +23,7 @@ func (factory ProxyFactory) newOSBasedLocalProxy(path string, endpoint *portaine

 	proxy := &dockerLocalProxy{}

-	dockerTransport, err := docker.NewTransport(transportParameters, newNamedPipeTransport(path), factory.gitService)
+	dockerTransport, err := docker.NewTransport(transportParameters, newNamedPipeTransport(path))
 	if err != nil {
 		return nil, err
 	}
--- a/api/http/proxy/factory/factory.go
+++ b/api/http/proxy/factory/factory.go
@@ -23,12 +23,11 @@ type (
 		dockerClientFactory         *docker.ClientFactory
 		kubernetesClientFactory     *cli.ClientFactory
 		kubernetesTokenCacheManager *kubernetes.TokenCacheManager
-		gitService                  portainer.GitService
 	}
 )

 // NewProxyFactory returns a pointer to a new instance of a ProxyFactory
-func NewProxyFactory(dataStore dataservices.DataStore, signatureService portainer.DigitalSignatureService, tunnelService portainer.ReverseTunnelService, clientFactory *docker.ClientFactory, kubernetesClientFactory *cli.ClientFactory, kubernetesTokenCacheManager *kubernetes.TokenCacheManager, gitService portainer.GitService) *ProxyFactory {
+func NewProxyFactory(dataStore dataservices.DataStore, signatureService portainer.DigitalSignatureService, tunnelService portainer.ReverseTunnelService, clientFactory *docker.ClientFactory, kubernetesClientFactory *cli.ClientFactory, kubernetesTokenCacheManager *kubernetes.TokenCacheManager) *ProxyFactory {
 	return &ProxyFactory{
 		dataStore:                   dataStore,
 		signatureService:            signatureService,
@@ -36,7 +35,6 @@ func NewProxyFactory(dataStore dataservices.DataStore, signatureService portaine
 		dockerClientFactory:         clientFactory,
 		kubernetesClientFactory:     kubernetesClientFactory,
 		kubernetesTokenCacheManager: kubernetesTokenCacheManager,
-		gitService:                  gitService,
 	}
 }

--- a/Show More
+++ b/Show More
Author	SHA1	Message	Date
cong meng	d1a1832654	fix(pwd) EE-3161 ease the minimum password restrictions to 12 characters (#6920 ) * fix(pwd): EE-3161 ease the minimum password restrictions to 12 characters	2022-05-12 13:16:56 +12:00
Prabhat Khera	578bacdcac	bump version to 2.13.1 (#6913 )	2022-05-11 13:49:13 +12:00
Dmitry Salakhov	af14db5112	fix(settings): allow empty edge url (#6908 )	2022-05-10 15:51:15 -03:00
andres-portainer	790fd5f7d2	fix(tls): downgrade minimum version to TLS 1.2 to avoid proxy problems EE-3152 (#6910 )	2022-05-10 15:33:46 -03:00
itsconquest	b3fd62bd96	fix(extension): always restart the backend [EE-3093] (#6889 )	2022-05-06 15:14:21 +12:00
itsconquest	6efc7084cd	fix(extension): add missing labels [EE-3068] (#6878 )	2022-05-06 14:19:22 +12:00
Dakota Walsh	4c747bfd11	fix(extension): extend JWT auth token expiration for extension EE-3065 (#6880 ) The default expiration time of 8 hours does not make sense in the context of the docker desktop extension. This adds a new feature flag which can be enabled with `export DOCKER_EXTENSION=1` and when present will set the expiration time to 99 years. I've set this flag in the docker-compose.yml we use when building our docker extension.	2022-05-06 09:53:15 +12:00
Chaim Lev-Ari	c273d3b787	fix(edge): allow more options for url [EE-2975] (#6883 )	2022-05-05 10:03:22 +03:00
Chaim Lev-Ari	4e91ca4b1f	fix(edge/aeec): add explanation about PORTAINER_EDGE_ID [EE-3056] (#6873 )	2022-05-05 10:02:41 +03:00
Matt Hook	6423a7bd17	switch natural sort lib for a better one (#6863 ) Switched to better natural sorting package	2022-05-02 12:37:37 +12:00
Richard Wei	8214119137	fix selector css (#6859 )	2022-04-29 15:06:38 +12:00
itsconquest	fe3aeab115	fix(home): fix styles of edit button [EE-3006] (#6802 ) * fix(home): fix styles of edit button [EE-3006] * fix(home): EE-3006 fix styles of edit button Co-authored-by: Simon Meng <simon.meng@portainer.io>	2022-04-29 11:01:02 +12:00
itsconquest	5e25f8fe7d	fix(edge): fix formatting of scripts for release [EE-2987] (#6785 ) * fix(edge) fix formatting for release [EE-2987] * fix(edge) EE-2987 fix edge agent command formatting Co-authored-by: Simon Meng <simon.meng@portainer.io>	2022-04-29 09:44:30 +12:00
Richard Wei	8471d2ae26	fix clear all button text vertical align (#6834 )	2022-04-28 10:18:41 +12:00
Prabhat Khera	eb7875290d	pass tagsPartialMatch query param on home screen (#6843 )	2022-04-27 17:27:39 +12:00
Prabhat Khera	26649219b3	fix status filter (#6828 )	2022-04-27 11:59:42 +12:00
itsconquest	c1072da667	fix(settings): fix logic for showing https section [EE-3008](#6804 )	2022-04-27 10:48:25 +12:00
cong meng	a992cdbe53	fix: EE-3019 add space on top copy button (#6818 )	2022-04-27 10:10:33 +12:00
Chaim Lev-Ari	175fddff8e	fix(edge): show edge environment in edge views [EE-2997] (#6796 )	2022-04-26 14:25:28 +03:00
Prabhat Khera	8034966ea3	fix(home): home page filters EE-2972 (#6787 )	2022-04-26 11:57:50 +12:00
andres-portainer	4af28d59cf	fix(aeec): enforce non-empty EdgeIDs for global key environment retrieval EE-3013 (#6809 )	2022-04-25 11:35:23 -03:00
Richard Wei	6a77e8cfa3	fix add rewrite annotation should not available for traefik (#6800 )	2022-04-22 20:02:56 +12:00
Chaim Lev-Ari	79c16700dd	test push	2022-04-22 10:16:24 +03:00
itsconquest	c1a2ca5a51	fix(user-settings): prevent autofocus on access tokens for release [EE-2978] (#6786 )	2022-04-22 11:44:59 +12:00