14884 log error on form validation fail

Closes #20492: Disable API token plaintext retrieval

.github/ISSUE_TEMPLATE/01-feature_request.yaml

@@ -1,7 +1,8 @@
 ---
 name: ✨ Feature Request
+type: Feature
 description: Propose a new NetBox feature or enhancement
-labels: ["type: feature"]
+labels: ["type: feature", "status: needs triage"]
 body:
   - type: markdown
     attributes:
@@ -14,7 +15,7 @@ body:
     attributes:
       label: NetBox version
       description: What version of NetBox are you currently running?
-      placeholder: v3.6.9
+      placeholder: v4.4.3
     validations:
       required: true
   - type: dropdown
@@ -24,6 +25,7 @@ body:
         - Data model extension
         - New functionality
         - Change to existing functionality
+        - Other
     validations:
       required: true
   - type: textarea

.github/ISSUE_TEMPLATE/02-bug_report.yaml

@@ -1,29 +1,33 @@
 ---
 name: 🐛 Bug Report
+type: Bug
 description: Report a reproducible bug in the current release of NetBox
-labels: ["type: bug"]
+labels: ["type: bug", "status: needs triage"]
 body:
   - type: markdown
     attributes:
       value: >
         **NOTE:** This form is only for reporting _reproducible bugs_ in a current NetBox
-        installation. If you're having trouble with installation or just looking for
-        assistance with using NetBox, please visit our
+        release. If you're having trouble with installation or just looking for assistance
+        using NetBox, please visit our
         [discussion forum](https://github.com/netbox-community/netbox/discussions) instead.
   - type: dropdown
     attributes:
-      label: Deployment Type
-      description: How are you running NetBox?
+      label: NetBox Edition
+      description: >
+        Users of [NetBox Cloud](https://netboxlabs.com/netbox-cloud/) or
+        [NetBox Enterprise](https://netboxlabs.com/netbox-enterprise/), please contact the
+        [NetBox Labs](https://netboxlabs.com/) support team for assistance to ensure your
+        request receives immediate attention.
       options:
-        - Self-hosted
-        - NetBox Cloud
+        - NetBox Community
     validations:
       required: true
   - type: input
     attributes:
       label: NetBox Version
       description: What version of NetBox are you currently running?
-      placeholder: v3.6.9
+      placeholder: v4.4.3
     validations:
       required: true
   - type: dropdown
@@ -31,10 +35,9 @@ body:
       label: Python Version
       description: What version of Python are you currently running?
       options:
-        - "3.8"
-        - "3.9"
-        - "3.10"
-        - "3.11"
+        - "3.12"
+        - "3.13"
+        - "3.14"
     validations:
       required: true
   - type: textarea

.github/ISSUE_TEMPLATE/03-documentation_change.yaml

@@ -1,7 +1,8 @@
 ---
 name: 📖 Documentation Change
+type: Documentation
 description: Suggest an addition or modification to the NetBox documentation
-labels: ["type: documentation"]
+labels: ["type: documentation", "status: needs triage"]
 body:
   - type: dropdown
     attributes:
@@ -24,9 +25,12 @@ body:
         - Getting started
         - Configuration
         - Customization
+        - Best practices
         - Integrations/API
         - Plugins
         - Administration
+        - Data model
+        - Reference
         - Development
         - Other
     validations:

.github/ISSUE_TEMPLATE/04-translation.yaml

@@ -1,5 +1,6 @@
 ---
 name: 🌍 Translation
+type: Translation
 description: Request support for a new language in the user interface
 labels: ["type: translation"]
 body:

.github/ISSUE_TEMPLATE/05-housekeeping.yaml

@@ -1,5 +1,6 @@
 ---
 name: 🏡 Housekeeping
+type: Housekeeping
 description: A change pertaining to the codebase itself (developers only)
 labels: ["type: housekeeping"]
 body:

.github/ISSUE_TEMPLATE/06-deprecation.yaml

@@ -1,5 +1,6 @@
 ---
 name: 🗑️ Deprecation
+type: Deprecation
 description: The removal of an existing feature or resource
 labels: ["type: deprecation"]
 body:

.github/ISSUE_TEMPLATE/config.yml

@@ -2,14 +2,17 @@
 blank_issues_enabled: false
 contact_links:
   - name: 📖 Contributing Policy
-    url: https://github.com/netbox-community/netbox/blob/develop/CONTRIBUTING.md
+    url: https://github.com/netbox-community/netbox/blob/main/CONTRIBUTING.md
     about: "Please read through our contributing policy before opening an issue or pull request."
   - name: ❓ Discussion
     url: https://github.com/netbox-community/netbox/discussions
     about: "If you're just looking for help, try starting a discussion instead."
-  - name: 💡 Plugin Idea
-    url: https://plugin-ideas.netbox.dev
-    about: "Have an idea for a plugin? Head over to the ideas board!"
+  - name: 👔 Professional Support
+    url: https://netboxlabs.com/netbox-enterprise/
+    about: "Professional support is available for NetBox Enterprise or Cloud."
+  - name: 🌎 Correct a Translation
+    url: https://explore.transifex.com/netbox-community/netbox/
+    about: "Spot an incorrect translation? You can propose a fix on Transifex."
   - name: 💬 Community Slack
     url: https://netdev.chat
     about: "Join #netbox on the NetDev Community Slack for assistance with installation issues and other problems."

.github/codeql/codeql-config.yml

@@ -0,0 +1,11 @@
+paths-ignore:
+  # Ignore compiled JS
+  - netbox/project-static/dist
+
+query-filters:
+  # Exclude py/url-redirection: NetBox uses safe_for_redirect() wrapper function
+  # which validates all redirects via Django's url_has_allowed_host_and_scheme().
+  # CodeQL's taint tracking doesn't recognize wrapper functions without custom
+  # query configuration. See #20484.
+  - exclude:
+      id: py/url-redirection

.github/workflows/ci.yml

@@ -1,7 +1,29 @@
 name: CI
-on: [push, pull_request]
+
+on:
+  push:
+    paths-ignore:
+      - '.github/ISSUE_TEMPLATE/**'
+      - '.github/PULL_REQUEST_TEMPLATE.md'
+      - 'contrib/**'
+      - 'docs/**'
+      - 'netbox/translations/**'
+  pull_request:
+    paths-ignore:
+      - '.github/ISSUE_TEMPLATE/**'
+      - '.github/PULL_REQUEST_TEMPLATE.md'
+      - 'contrib/**'
+      - 'docs/**'
+      - 'netbox/translations/**'
+
 permissions:
   contents: read
+
+# Add concurrency group to control job running
+concurrency:
+  group: ${{ github.event_name }}-${{ github.ref }}-${{ github.actor }}
+  cancel-in-progress: true
+
 jobs:
   build:
     runs-on: ubuntu-latest
@@ -9,8 +31,8 @@ jobs:
       NETBOX_CONFIGURATION: netbox.configuration_testing
     strategy:
       matrix:
-        python-version: ['3.8', '3.9', '3.10', '3.11']
-        node-version: ['14.x']
+        python-version: ['3.12', '3.13']
+        node-version: ['20.x']
     services:
       redis:
         image: redis
@@ -34,12 +56,12 @@ jobs:
       uses: actions/checkout@v4
 
     - name: Set up Python ${{ matrix.python-version }}
-      uses: actions/setup-python@v4
+      uses: actions/setup-python@v5
       with:
         python-version: ${{ matrix.python-version }}
 
     - name: Use Node.js ${{ matrix.node-version }}
-      uses: actions/setup-node@v3
+      uses: actions/setup-node@v4
       with:
         node-version: ${{ matrix.node-version }}
     
@@ -47,7 +69,7 @@ jobs:
       run: npm install -g yarn
     
     - name: Setup Node.js with Yarn Caching
-      uses: actions/setup-node@v3
+      uses: actions/setup-node@v4
       with:
         node-version: ${{ matrix.node-version }}
         cache: yarn
@@ -60,7 +82,7 @@ jobs:
       run: |
         python -m pip install --upgrade pip
         pip install -r requirements.txt
-        pip install pycodestyle coverage tblib
+        pip install ruff coverage tblib
 
     - name: Build documentation
       run: mkdocs build
@@ -68,8 +90,11 @@ jobs:
     - name: Collect static files
       run: python netbox/manage.py collectstatic --no-input
 
+    - name: Check for missing migrations
+      run: python netbox/manage.py makemigrations --check
+
     - name: Check PEP8 compliance
-      run: pycodestyle --ignore=W504,E501 --exclude=node_modules netbox/
+      run: ruff check netbox/
 
     - name: Check UI ESLint, TypeScript, and Prettier Compliance
       run: yarn --cwd netbox/project-static validate
@@ -81,4 +106,4 @@ jobs:
       run: coverage run --source="netbox/" netbox/manage.py test netbox/ --parallel
 
     - name: Show coverage report
-      run: coverage report --skip-covered --omit *migrations*
+      run: coverage report --skip-covered --omit '*/migrations/*,*/tests/*'

.github/workflows/close-incomplete-issues.yml

@@ -0,0 +1,33 @@
+# close-stale-issues (https://github.com/marketplace/actions/close-stale-issues)
+name: Close incomplete issues
+
+on:
+  schedule:
+    - cron: '15 4 * * *'
+  workflow_dispatch:
+
+permissions:
+  actions: write
+  issues: write
+
+jobs:
+  stale:
+    if: github.repository == 'netbox-community/netbox'
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/stale@v9
+        with:
+          close-issue-message: >
+            This issue is being closed as no further information has been provided. If
+            you would like to revisit this topic, please first modify your original post
+            to include all the requested detail, and then ask that the issue be reopened.
+          days-before-stale: 7
+          days-before-close: 7
+          only-issue-labels: 'status: revisions needed'
+          operations-per-run: 100
+          remove-stale-when-updated: false
+          stale-issue-label: 'pending closure'
+          stale-issue-message: >
+            This is a reminder that additional information is needed in order to further
+            triage this issue. If the requested details are not provided, the issue will
+            soon be closed automatically.

.github/workflows/close-stale-issues.yml

@@ -1,5 +1,5 @@
 # close-stale-issues (https://github.com/marketplace/actions/close-stale-issues)
-name: 'Close stale issues/PRs'
+name: Close stale issues/PRs
 
 on:
   schedule:
@@ -7,28 +7,30 @@ on:
   workflow_dispatch:
 
 permissions:
+  actions: write
   issues: write
   pull-requests: write
 
 jobs:
   stale:
-
+    if: github.repository == 'netbox-community/netbox'
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/stale@v8
+      - uses: actions/stale@v9
         with:
+          # General parameters
+          operations-per-run: 200
+          remove-stale-when-updated: false
+
+          # Issue parameters
           close-issue-message: >
             This issue has been automatically closed due to lack of activity. In an
             effort to reduce noise, please do not comment any further. Note that the
             core maintainers may elect to reopen this issue at a later date if deemed
             necessary.
-          close-pr-message: >
-            This PR has been automatically closed due to lack of activity.
-          days-before-stale: 90
-          days-before-close: 30
-          exempt-issue-labels: 'status: accepted,status: blocked,status: needs milestone'
-          operations-per-run: 100
-          remove-stale-when-updated: false
+          days-before-issue-stale: 90
+          days-before-issue-close: 30
+          exempt-issue-labels: 'status: accepted,status: backlog,status: blocked'
           stale-issue-label: 'pending closure'
           stale-issue-message: >
             This issue has been automatically marked as stale because it has not had
@@ -37,7 +39,14 @@ jobs:
             issues may receive direct feedback. **Do not** attempt to circumvent this
             process by "bumping" the issue; doing so will result in its immediate closure
             and you may be barred from participating in any future discussions. Please see
-            our [contributing guide](https://github.com/netbox-community/netbox/blob/develop/CONTRIBUTING.md).
+            our [contributing guide](https://github.com/netbox-community/netbox/blob/main/CONTRIBUTING.md).
+
+          # Pull request parameters
+          close-pr-message: >
+            This PR has been automatically closed due to lack of activity.
+          days-before-pr-stale: 30
+          days-before-pr-close: 15
+          exempt-pr-labels: 'status: blocked'
           stale-pr-label: 'pending closure'
           stale-pr-message: >
             This PR has been automatically marked as stale because it has not had

.github/workflows/codeql.yml

@@ -0,0 +1,42 @@
+name: "CodeQL"
+
+on:
+  push:
+    branches: [ "main", "feature" ]
+  pull_request:
+    branches: [ "main", "feature" ]
+  schedule:
+    - cron: '38 16 * * 4'
+
+jobs:
+  analyze:
+    name: Analyze (${{ matrix.language }})
+    runs-on: ubuntu-latest
+    permissions:
+      security-events: write
+
+    strategy:
+      fail-fast: false
+      matrix:
+        include:
+        - language: actions
+          build-mode: none
+        - language: javascript-typescript
+          build-mode: none
+        - language: python
+          build-mode: none
+    steps:
+    - name: Checkout repository
+      uses: actions/checkout@v4
+
+    - name: Initialize CodeQL
+      uses: github/codeql-action/init@v3
+      with:
+        languages: ${{ matrix.language }}
+        build-mode: ${{ matrix.build-mode }}
+        config-file: .github/codeql/codeql-config.yml
+
+    - name: Perform CodeQL Analysis
+      uses: github/codeql-action/analyze@v3
+      with:
+        category: "/language:${{matrix.language}}"

.github/workflows/lock-threads.yml

@@ -1,5 +1,5 @@
 # lock-threads (https://github.com/marketplace/actions/lock-threads)
-name: 'Lock threads'
+name: Lock threads
 
 on:
   schedule:
@@ -9,13 +9,16 @@ on:
 permissions:
   issues: write
   pull-requests: write
+  discussions: write
 
 jobs:
   lock:
+    if: github.repository == 'netbox-community/netbox'
     runs-on: ubuntu-latest
     steps:
-      - uses: dessant/lock-threads@v4
+      - uses: dessant/lock-threads@1bf7ec25051fe7c00bdd17e6a7cf3d7bfb7dc771 # v5.0.1
         with:
           issue-inactive-days: 90
           pr-inactive-days: 30
+          discussion-inactive-days: 180
           issue-lock-reason: 'resolved'

.github/workflows/update-translation-strings.yml

@@ -0,0 +1,55 @@
+name: Update translation strings
+
+on:
+  schedule:
+    - cron: '0 5 * * *'
+  workflow_dispatch:
+
+permissions:
+  contents: write
+
+env:
+  LOCALE: "en"
+
+jobs:
+  makemessages:
+    if: github.repository == 'netbox-community/netbox'
+    runs-on: ubuntu-latest
+    env:
+      NETBOX_CONFIGURATION: netbox.configuration_testing
+
+    steps:
+    - name: Create app token
+      uses: actions/create-github-app-token@v1
+      id: app-token
+      with:
+        app-id: 1076524
+        private-key: ${{ secrets.HOUSEKEEPING_SECRET_KEY }}
+
+    - name: Check out repo
+      uses: actions/checkout@v4
+      with:
+          token: ${{ steps.app-token.outputs.token }}
+
+    - name: Set up Python
+      uses: actions/setup-python@v5
+      with:
+        python-version: 3.11
+
+    - name: Install system dependencies
+      run: sudo apt install -y gettext
+
+    - name: Install Python dependencies
+      run: |
+        python -m pip install --upgrade pip
+        pip install -r requirements.txt
+
+    - name: Run makemessages
+      run: python netbox/manage.py makemessages -l ${{ env.LOCALE }}
+
+    - name: Commit changes
+      uses: EndBug/add-and-commit@a94899bca583c204427a224a7af87c02f9b325d5 # v9.1.4
+      with:
+        add: 'netbox/translations/'
+        default_author: github_actions
+        message: 'Update source translation strings'

.gitignore

@@ -9,6 +9,7 @@ yarn-error.log*
 /netbox/netbox/configuration.py
 /netbox/netbox/ldap_config.py
 /netbox/local/*
+/netbox/media
 /netbox/reports/*
 !/netbox/reports/__init__.py
 /netbox/scripts/*
@@ -17,12 +18,15 @@ yarn-error.log*
 /venv/
 /*.sh
 local_requirements.txt
+local_settings.py
 !upgrade.sh
 fabfile.py
 gunicorn.py
+uwsgi.ini
 netbox.log
 netbox.pid
 .DS_Store
 .idea
 .coverage
 .vscode
+.python-version

.pre-commit-config.yaml

@@ -0,0 +1,52 @@
+repos:
+- repo: https://github.com/astral-sh/ruff-pre-commit
+  rev: v0.6.9
+  hooks:
+    - id: ruff
+      name: "Ruff linter"
+      args: [ netbox/ ]
+- repo: local
+  hooks:
+    - id: django-check
+      name: "Django system check"
+      description: "Run Django's internal check for common problems"
+      entry: python netbox/manage.py check
+      language: system
+      pass_filenames: false
+      types: [python]
+    - id: django-makemigrations
+      name: "Django migrations check"
+      description: "Check for any missing Django migrations"
+      entry: python netbox/manage.py makemigrations --check
+      language: system
+      pass_filenames: false
+      types: [python]
+    - id: openapi-check
+      name: "Validate OpenAPI schema"
+      description: "Check for any unexpected changes to the OpenAPI schema"
+      files: api/.*\.py$
+      entry: scripts/verify-openapi.sh
+      language: system
+      pass_filenames: false
+      types: [python]
+    - id: mkdocs-build
+      name: "Build documentation"
+      description: "Build the documentation with mkdocs"
+      files: 'docs/'
+      entry: mkdocs build
+      language: system
+      pass_filenames: false
+    - id: yarn-validate
+      name: "Yarn validate"
+      description: "Check UI ESLint, TypeScript, and Prettier compliance"
+      files: 'netbox/project-static/'
+      entry: yarn --cwd netbox/project-static validate
+      language: system
+      pass_filenames: false
+    - id: verify-bundles
+      name: "Verify static asset bundles"
+      description: "Ensure that any modified static assets have been compiled"
+      files: 'netbox/project-static/'
+      entry: scripts/verify-bundles.sh
+      language: system
+      pass_filenames: false

.readthedocs.yaml

@@ -1,8 +1,8 @@
 version: 2
 build:
-  os: ubuntu-20.04
+  os: ubuntu-22.04
   tools:
-    python: "3.9"
+    python: "3.12"
 mkdocs:
   configuration: mkdocs.yml
 python:

.tx/config

@@ -0,0 +1,12 @@
+[main]
+host = https://app.transifex.com
+
+[o:netbox-community:p:netbox:r:034999968a7366ba27a8bdf1ab63bf42]
+file_filter            = netbox/translations/<lang>/LC_MESSAGES/django.po
+source_file            = netbox/translations/en/LC_MESSAGES/django.po
+type                   = PO
+minimum_perc           = 0
+resource_name          = django.po
+replace_edited_strings = false
+keep_translations      = false
+

CONTRIBUTING.md

@@ -8,7 +8,7 @@
   </h3>
   <h3>
     :jigsaw: <a href="#jigsaw-creating-plugins">Create a plugin</a> &middot;
-    :rescue_worker_helmet: <a href="#rescue_worker_helmet-become-a-maintainer">Become a maintainer</a> &middot;
+    :briefcase: <a href="#briefcase-looking-for-a-job">Work with us!</a> &middot;
     :heart: <a href="#heart-other-ways-to-contribute">Other ideas</a>
   </h3>
 </div>
@@ -40,7 +40,7 @@ NetBox users are welcome to participate in either role, on stage or in the crowd
 
 * First, ensure that you're running the [latest stable version](https://github.com/netbox-community/netbox/releases) of NetBox. If you're running an older version, it's likely that the bug has already been fixed.
 
-* Next, search our [issues list](https://github.com/netbox-community/netbox/issues?q=is%3Aissue) to see if the bug you've found has already been reported. If you come across a bug report that seems to match, please click "add a reaction" in the top right corner of the issue and add a thumbs up (:thumbsup:). This will help draw more attention to it. Any comments you can add to provide additional information or context would also be much appreciated.
+* Next, search our [issues list](https://github.com/netbox-community/netbox/issues?q=is%3Aissue) to see if the bug you've found has already been reported. If you come across a bug report that seems to match, please click "add a reaction" in the bottom left corner of the issue and add a thumbs up ( :thumbsup: ). This will help draw more attention to it. Any comments you can add to provide additional information or context would also be much appreciated.
 
 * If you can't find any existing issues (open or closed) that seem to match yours, you're welcome to [submit a new bug report](https://github.com/netbox-community/netbox/issues/new?label=type%3A+bug&template=bug_report.yaml). Be sure to complete the entire report template, including detailed steps that someone triaging your issue can follow to confirm the reported behavior. (If we're not able to replicate the bug based on the information provided, we'll ask for additional detail.)
 
@@ -56,7 +56,9 @@ intake policy](https://github.com/netbox-community/netbox/wiki/Issue-Intake-Poli
 
 ## :bulb: Feature Requests
 
-* First, check the GitHub [issues list](https://github.com/netbox-community/netbox/issues?q=is%3Aissue) to see if the feature you have in mind has already been proposed. If you happen to find an open feature request that matches your idea, click "add a reaction" in the top right corner of the issue and add a thumbs up (:thumbsup:). This ensures that the issue has a better chance of receiving attention. Also feel free to add a comment with any additional justification for the feature.
+* First, check the GitHub [issues list](https://github.com/netbox-community/netbox/issues?q=is%3Aissue) to see if the feature you have in mind has already been proposed. If you happen to find an open feature request that matches your idea, click "add a reaction" in the top right corner of the issue and add a thumbs up ( :thumbsup: ). This ensures that the issue has a better chance of receiving attention. Also feel free to add a comment with any additional justification for the feature.
+
+* Please don't submit duplicate issues! Sometimes we reject feature requests, for various reasons. Even if you disagree with those reasons, please **do not** submit a duplicate feature request. It is very disrepectful of the maintainers' time, and you may be barred from opening future issues.
 
 * If you have a rough idea that's not quite ready for formal submission yet, start a [GitHub discussion](https://github.com/netbox-community/netbox/discussions) instead. This is a great way to test the viability and narrow down the scope of a new feature prior to submitting a formal proposal, and can serve to generate interest in your idea from other community members.
 
@@ -82,16 +84,20 @@ intake policy](https://github.com/netbox-community/netbox/wiki/Issue-Intake-Poli
 
 * It's very important that you not submit a pull request until a relevant issue has been opened **and** assigned to you. Otherwise, you risk wasting time on work that may ultimately not be needed.
 
-* New pull requests should generally be based off of the `develop` branch, rather than `master`. The `develop` branch is used for ongoing development, while `master` is used for tracking stable releases. (If you're developing for an upcoming minor release, use `feature` instead.)
+* New pull requests should generally be based off of the `main` branch. This branch, in keeping with the [trunk-based development](https://trunkbaseddevelopment.com/) approach, is used for ongoing development and bug fixes and always represents the newest stable code, from which releases are periodically branched. (If you're developing for an upcoming minor release, use `feature` instead.)
 
 * In most cases, it is not necessary to add a changelog entry: A maintainer will take care of this when the PR is merged. (This helps avoid merge conflicts resulting from multiple PRs being submitted simultaneously.)
 
-* All code submissions should meet the following criteria (CI will enforce these checks):
+* All code submissions must meet the following criteria (CI will enforce these checks where feasible):
+  * Consist entirely of original work
   * Python syntax is valid
   * All tests pass when run with `./manage.py test`
   * PEP 8 compliance is enforced, with the exception that lines may be
       greater than 80 characters in length
 
+> [!CAUTION]
+> Any contributions which include AI-generated or reproduced content will be rejected.
+
 * Some other tips to keep in mind:
   * If you'd like to volunteer for someone else's issue, please post a comment on that issue letting us know. (This will allow the maintainers to assign it to you.)
   * Check out our [developer docs](https://docs.netbox.dev/en/stable/development/getting-started/) for tips on setting up your development environment.
@@ -103,23 +109,9 @@ Do you have an idea for something you'd like to build in NetBox, but might not b
 
 Check out our [plugin development tutorial](https://github.com/netbox-community/netbox-plugin-tutorial) to get started!
 
-## :rescue_worker_helmet: Become a Maintainer
+## :briefcase: Looking for a Job?
 
-We're always looking for motivated individuals to join the maintainers team and help drive NetBox's long-term development. Some of our most sought-after skills include:
-
-* Python development with a strong focus on the [Django](https://www.djangoproject.com/) framework
-* Expertise working with PostgreSQL databases
-* Javascript & TypeScript proficiency
-* A knack for web application design (HTML & CSS)
-* Familiarity with git and software development best practices
-* Excellent attention to detail
-* Working experience in the field of network operations & engineering
-
-We generally ask that maintainers dedicate around four hours of work to the project each week on average, which includes both hands-on development and project management tasks such as issue triage. Maintainers are also encouraged (but not required) to attend our bi-weekly Zoom call to catch up on recent items.
-
-Many maintainers petition their employer to grant some of their paid time to work on NetBox. In doing so, your employer becomes eligible to be featured as a [NetBox sponsor](https://github.com/netbox-community/netbox/wiki/Sponsorship).
-
-Interested? You can contact our lead maintainer, Jeremy Stretch, at jeremy@netbox.dev or on the [NetDev Community Slack](https://netdev.chat/). We'd love to have you on the team!
+At [NetBox Labs](https://netboxlabs.com/), we're always looking for highly skilled and motivated people to join our team. While NetBox is a core part of our product lineup, we have an ever-expanding suite of solutions serving the network automation space. Check out our [current openings](https://netboxlabs.com/careers/) to see if you might be a fit!
 
 ## :heart: Other Ways to Contribute
 

README.md

@@ -1,43 +1,86 @@
 <div align="center">
-  <img src="https://raw.githubusercontent.com/netbox-community/netbox/develop/docs/netbox_logo.svg" width="400" alt="NetBox logo" />
-  <p>The premier source of truth powering network automation</p>
-  <img src="https://github.com/netbox-community/netbox/workflows/CI/badge.svg?branch=master" alt="CI status" />
-  <p></p>
+  <img src="https://raw.githubusercontent.com/netbox-community/netbox/main/docs/netbox_logo_light.svg" width="400" alt="NetBox logo" />
+  <p><strong>The cornerstone of every automated network</strong></p>
+  <a href="https://github.com/netbox-community/netbox/releases"><img src="https://img.shields.io/github/v/release/netbox-community/netbox" alt="Latest release" /></a>
+  <a href="https://github.com/netbox-community/netbox/blob/main/LICENSE.txt"><img src="https://img.shields.io/badge/license-Apache_2.0-blue.svg" alt="License" /></a>
+  <a href="https://github.com/netbox-community/netbox/graphs/contributors"><img src="https://img.shields.io/github/contributors/netbox-community/netbox?color=blue" alt="Contributors" /></a>
+  <a href="https://github.com/netbox-community/netbox/stargazers"><img src="https://img.shields.io/github/stars/netbox-community/netbox?style=flat" alt="GitHub stars" /></a>
+  <a href="https://explore.transifex.com/netbox-community/netbox/"><img src="https://img.shields.io/badge/languages-15-blue" alt="Languages supported" /></a>
+  <a href="https://github.com/netbox-community/netbox/actions/workflows/ci.yml"><img src="https://github.com/netbox-community/netbox/actions/workflows/ci.yml/badge.svg" alt="CI status" /></a>
+  <p>
+    <strong><a href="https://netboxlabs.com/community/">NetBox Community</a></strong> |
+    <strong><a href="https://netboxlabs.com/netbox-cloud/">NetBox Cloud</a></strong> |
+    <strong><a href="https://netboxlabs.com/netbox-enterprise/">NetBox Enterprise</a></strong>
+  </p>
 </div>
 
-NetBox is the leading solution for modeling and documenting modern networks. By
-combining the traditional disciplines of IP address management (IPAM) and
-datacenter infrastructure management (DCIM) with powerful APIs and extensions,
-NetBox provides the ideal "source of truth" to power network automation.
-Available as open source software under the Apache 2.0 license, NetBox serves
-as the cornerstone for network automation in thousands of organizations.
+NetBox exists to empower network engineers. Since its release in 2016, it has become the go-to solution for modeling and documenting network infrastructure for thousands of organizations worldwide. As a successor to legacy IPAM and DCIM applications, NetBox provides a cohesive, extensive, and accessible data model for all things networked. By providing a single robust user interface and programmable APIs for everything from cable maps to device configurations, NetBox serves as the central source of truth for the modern network.
 
-* **Physical infrastructure:** Accurately model the physical world, from global regions down to individual racks of gear. Then connect everything - network, console, and power!
-* **Modern IPAM:** All the standard IPAM functionality you expect, plus VRF import/export tracking, VLAN management, and overlay support.
-* **Data circuits:** Confidently manage the delivery of critical circuits from various service providers, modeled seamlessly alongside your own infrastructure.
-* **Power tracking:** Map the distribution of power from upstream sources to individual feeds and outlets.
-* **Organization:** Manage tenant and contact assignments natively.
-* **Powerful search:** Easily find anything you need using a single global search function.
-* **Comprehensive logging:** Leverage both automatic change logging and user-submitted journal entries to track your network's growth over time.
-* **Endless customization:** Custom fields, custom links, tags, export templates, custom validation, reports, scripts, and more!
-* **Flexible permissions:** An advanced permissions systems enables very flexible delegation of permissions.
-* **Integrations:** Easily connect NetBox to your other tooling via its REST & GraphQL APIs.
-* **Plugins:** Not finding what you need in the core application? Try one of many community plugins - or build your own!
+<p align="center">
+  <a href="#netboxs-role">NetBox's Role</a> |
+  <a href="#why-netbox">Why NetBox?</a> |
+  <a href="#getting-started">Getting Started</a> |
+  <a href="#get-involved">Get Involved</a> |
+  <a href="#screenshots">Screenshots</a>
+</p>
 
-![Screenshot of NetBox UI](docs/media/screenshots/netbox-ui.png "NetBox UI")
+<p align="center">
+  <img src="docs/media/screenshots/home-light.png" width="600" alt="NetBox user interface screenshot" />
+</p>
+
+## NetBox's Role
+
+NetBox functions as the **source of truth** for your network infrastructure. Its job is to define and validate the _intended state_ of all network components and resources. NetBox does not interact with network nodes directly; rather, it makes this data available programmatically to purpose-built automation, monitoring, and assurance tools. This separation of duties enables the construction of a robust yet flexible automation system.
+
+<p align="center">
+  <img src="docs/media/misc/reference_architecture.png" alt="Reference network automation architecture" />
+</p>
+
+The diagram above illustrates the recommended deployment architecture for an automated network, leveraging NetBox as the central authority for network state. This approach allows your team to swap out individual tools to meet changing needs while retaining a predictable, modular workflow.
+
+## Why NetBox?
+
+### Comprehensive Data Model
+
+Racks, devices, cables, IP addresses, VLANs, circuits, power, VPNs, and lots more: NetBox is built for networks. Its comprehensive and thoroughly inter-linked data model provides for natural and highly structured modeling of myriad network primitives that just isn't possible using general-purpose tools. And there's no need to waste time contemplating how to build out a database: Everything is ready to go upon installation.
+
+### Focused Development
+
+NetBox strives to meet a singular goal: Provide the best available solution for making network infrastructure programmatically accessible. Unlike "all-in-one" tools which awkwardly bolt on half-baked features in an attempt to check every box, NetBox is committed to its core function. NetBox provides the best possible solution for modeling network infrastructure, and provides rich APIs for integrating with tools that excel in other areas of network automation.
+
+### Extensible and Customizable
+
+No two networks are exactly the same. Users are empowered to extend NetBox's native data model with custom fields and tags to best suit their unique needs. You can even write your own plugins to introduce entirely new objects and functionality!
+
+### Flexible Permissions
+
+NetBox includes a fully customizable permission system, which affords administrators incredible granularity when assigning roles to users and groups. Want to restrict certain users to working only with cabling and not be able to change IP addresses? Or maybe each team should have access only to a particular tenant? NetBox enables you to craft roles as you see fit.
+
+### Custom Validation & Protection Rules
+
+The data you put into NetBox is crucial to network operations. In addition to its robust native validation rules, NetBox provides mechanisms for administrators to define their own custom validation rules for objects. Custom validation can be used both to ensure new or modified objects adhere to a set of rules, and to prevent the deletion of objects which don't meet certain criteria. (For example, you might want to prevent the deletion of a device with an "active" status.)
+
+### Device Configuration Rendering
+
+NetBox can render user-created Jinja2 templates to generate device configurations from its own data. Configuration templates can be uploaded individually or pulled automatically from an external source, such as a git repository. Rendered configurations can be retrieved via the REST API for application directly to network devices via a provisioning tool such as Ansible or Salt.
+
+### Custom Scripts
+
+Complex workflows, such as provisioning a new branch office, can be tedious to carry out via the user interface. NetBox allows you to write and upload custom scripts that can be run directly from the UI. Scripts prompt users for input and then automate the necessary tasks to greatly simplify otherwise burdensome processes.
+
+### Automated Events
+
+Users can define event rules to automatically trigger a custom script or outbound webhook in response to a NetBox event. For example, you might want to automatically update a network monitoring service whenever a new device is added to NetBox, or update a DHCP server when an IP range is allocated.
+
+### Comprehensive Change Logging
+
+NetBox automatically logs the creation, modification, and deletion of all managed objects, providing a thorough change history. Changes can be attributed to the executing user, and related changes are grouped automatically by request ID.
+
+> [!NOTE]
+> A complete list of NetBox's myriad features can be found in [the introductory documentation](https://docs.netbox.dev/en/stable/introduction/).
 
 ## Getting Started
 
-<div align="center">
-
-  [![NetBox logo](https://raw.githubusercontent.com/wiki/netbox-community/netbox/images/deploy/deploy1.png)](https://github.com/netbox-community/netbox)
-  &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
-  [![Docker logo](https://raw.githubusercontent.com/wiki/netbox-community/netbox/images/deploy/deploy2.png)](https://github.com/netbox-community/netbox-docker)
-  &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
-  [![NetBox Labs logo](https://raw.githubusercontent.com/wiki/netbox-community/netbox/images/deploy/deploy3.png)](https://netboxlabs.com/netbox-cloud/)
-
-</div>
-
 * Just want to explore? Check out [our public demo](https://demo.netbox.dev/) right now!
 * The [official documentation](https://docs.netbox.dev) offers a comprehensive introduction.
 * Check out [our wiki](https://github.com/netbox-community/netbox/wiki/Community-Contributions) for even more projects to get the most out of NetBox!
@@ -49,38 +92,25 @@ as the cornerstone for network automation in thousands of organizations.
 * Already a power user? You can [suggest a feature](https://github.com/netbox-community/netbox/issues/new?assignees=&labels=type%3A+feature&template=feature_request.yaml) or [report a bug](https://github.com/netbox-community/netbox/issues/new?assignees=&labels=type%3A+bug&template=bug_report.yaml) on GitHub.
 * Contributions from the community are encouraged and appreciated! Check out our [contributing guide](CONTRIBUTING.md) to get started.
 
-## Project Stats
-
-<div align="center">
-  <a href="https://github.com/netbox-community/netbox/commits"><img src="https://images.repography.com/29023055/netbox-community/netbox/recent-activity/whQtEr_TGD9PhW1BPlhlEQ5jnrgQ0KJpm-LlGtpoGO0/3Kx_iWUSBRJ5-AI4QwJEJWrUDEz3KrX2lvh8aYE0WXY_timeline.svg" alt="Timeline graph"></a>
-  <a href="https://github.com/netbox-community/netbox/issues"><img src="https://images.repography.com/29023055/netbox-community/netbox/recent-activity/whQtEr_TGD9PhW1BPlhlEQ5jnrgQ0KJpm-LlGtpoGO0/3Kx_iWUSBRJ5-AI4QwJEJWrUDEz3KrX2lvh8aYE0WXY_issues.svg" alt="Issues graph"></a>
-  <a href="https://github.com/netbox-community/netbox/pulls"><img src="https://images.repography.com/29023055/netbox-community/netbox/recent-activity/whQtEr_TGD9PhW1BPlhlEQ5jnrgQ0KJpm-LlGtpoGO0/3Kx_iWUSBRJ5-AI4QwJEJWrUDEz3KrX2lvh8aYE0WXY_prs.svg" alt="Pull requests graph"></a>
-  <a href="https://github.com/netbox-community/netbox/graphs/contributors"><img src="https://images.repography.com/29023055/netbox-community/netbox/recent-activity/whQtEr_TGD9PhW1BPlhlEQ5jnrgQ0KJpm-LlGtpoGO0/3Kx_iWUSBRJ5-AI4QwJEJWrUDEz3KrX2lvh8aYE0WXY_users.svg" alt="Top contributors"></a>
-  <br />Stats via <a href="https://repography.com">Repography</a>
-</div>
-
-## Sponsors
-
-<div align="center">
-
-  [![NetBox Labs](https://raw.githubusercontent.com/wiki/netbox-community/netbox/images/sponsors/netbox_labs.png)](https://netboxlabs.com)
-  &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
-  [![DigitalOcean](https://raw.githubusercontent.com/wiki/netbox-community/netbox/images/sponsors/digitalocean.png)](https://try.digitalocean.com/developer-cloud)
-  &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
-  [![Sentry](https://raw.githubusercontent.com/wiki/netbox-community/netbox/images/sponsors/sentry.png)](https://sentry.io)
-  <br />
-  [![Equinix Metal](https://raw.githubusercontent.com/wiki/netbox-community/netbox/images/sponsors/equinix.png)](https://metal.equinix.com)
-  &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
-  [![OneMind Services](https://raw.githubusercontent.com/wiki/netbox-community/netbox/images/sponsors/onemind_services.png)](https://onemindservices.com)
-
-</div>
-
 ## Screenshots
 
-![Screenshot of main page (dark mode)](docs/media/screenshots/home-dark.png "Main page (dark mode)")
-
-![Screenshot of rack elevation](docs/media/screenshots/rack.png "Rack elevation")
-
-![Screenshot of prefixes hierarchy](docs/media/screenshots/prefixes-list.png "Prefixes hierarchy")
-
-![Screenshot of cable trace](docs/media/screenshots/cable-trace.png "Cable tracing")
+<p align="center">
+  <strong>NetBox Dashboard (Light Mode)</strong><br />
+  <img src="docs/media/screenshots/home-light.png" width="600" alt="NetBox dashboard (light mode)" />
+</p>
+<p align="center">
+  <strong>NetBox Dashboard (Dark Mode)</strong><br />
+  <img src="docs/media/screenshots/home-dark.png" width="600" alt="NetBox dashboard (dark mode)" />
+</p>
+<p align="center">
+  <strong>Prefixes List</strong><br />
+  <img src="docs/media/screenshots/prefixes-list.png" width="600" alt="Prefixes list" />
+</p>
+<p align="center">
+  <strong>Rack View</strong><br />
+  <img src="docs/media/screenshots/rack.png" width="600" alt="Rack view" />
+</p>
+<p align="center">
+  <strong>Cable Trace</strong><br />
+  <img src="docs/media/screenshots/cable-trace.png" width="600" alt="Cable trace" />
+</p>

SECURITY.md

@@ -14,9 +14,15 @@ Administrators are encouraged to adhere to industry best practices concerning th
 * Prohibit access to your database from clients other than the NetBox application
 * Keep your deployment updated to the most recent stable release
 
+## Compliance Reporting
+
+Please note that security compliance reports (e.g. SOC 2) are provided by NetBox Labs only to customers using NetBox Cloud or NetBox Enterprise. They are not available to users of self-hosted NetBox Community Edition.
+
+If you would like to consider upgrading to NetBox Cloud or Enterprise, please contact `sales@netboxlabs.com`.
+
 ## Reporting a Suspected Vulnerability
 
-If you believe you've uncovered a security vulnerability and wish to report it confidentially, you may do so via email. Please note that any reported vulnerabilities **MUST** meet all the following conditions:
+If you believe you've uncovered a security vulnerability and wish to report it confidentially, you may do so by emailing `security@netboxlabs.com`. Please ensure that your report meets all the following conditions:
 
 * Affects the most recent stable release of NetBox, or a current beta release
 * Affects a NetBox instance installed and configured per the official documentation
@@ -24,8 +30,8 @@ If you believe you've uncovered a security vulnerability and wish to report it c
 
 Please note that we **DO NOT** accept reports generated by automated tooling which merely suggest that a file or file(s) _may_ be vulnerable under certain conditions, as these are most often innocuous.
 
-If you believe that you've found a vulnerability which meets all of these conditions, please [submit a draft security advisory](https://github.com/netbox-community/netbox/security/advisories/new) on GitHub, or email a brief description of the suspected bug and instructions for reproduction to **security@netbox.dev**. For any security concerns regarding NetBox deployed via Docker, please see the [netbox-docker](https://github.com/netbox-community/netbox-docker) project.
+For any security concerns regarding the community-maintained Docker image for NetBox, please see the [netbox-docker](https://github.com/netbox-community/netbox-docker) project.
 
 ### Bug Bounties
 
-As NetBox is provided as free open source software, we do not offer any monetary compensation for vulnerability or bug reports, however your contributions are greatly appreciated.
+As NetBox is provided as free open source software, we do not offer any monetary compensation for vulnerability or bug reports; however, your contributions are greatly appreciated.

base_requirements.txt

@@ -1,10 +1,10 @@
-# HTML sanitizer
-# https://github.com/mozilla/bleach/blob/main/CHANGES
-bleach
+# Shell text coloring
+# https://github.com/tartley/colorama/blob/master/CHANGELOG.rst
+colorama
 
 # The Python web framework on which NetBox is built
 # https://docs.djangoproject.com/en/stable/releases/
-Django<5.0
+Django==5.2.*
 
 # Django middleware which permits cross-domain API requests
 # https://github.com/adamchainz/django-cors-headers/blob/main/CHANGELOG.rst
@@ -18,14 +18,18 @@ django-debug-toolbar
 # https://github.com/carltongibson/django-filter/blob/main/CHANGES.rst
 django-filter
 
-# Django debug toolbar extension with support for GraphiQL
+# Django Debug Toolbar extension for GraphiQL
 # https://github.com/flavors/django-graphiql-debug-toolbar/blob/main/CHANGES.rst
 django-graphiql-debug-toolbar
 
+# HTMX utilities for Django
+# https://django-htmx.readthedocs.io/en/latest/changelog.html
+django-htmx
+
 # Modified Preorder Tree Traversal (recursive nesting of objects)
-# Pinned to 0.14.0; 0.15.0 requires Python 3.9+
 # https://github.com/django-mptt/django-mptt/blob/main/CHANGELOG.rst
-django-mptt==0.14.0
+# v0.18.0 introduces errant migrations which need to be resolved
+django-mptt==0.17.0
 
 # Context managers for PostgreSQL advisory locks
 # https://github.com/Xof/django-pglocks/blob/master/CHANGES.txt
@@ -47,14 +51,17 @@ django-rich
 # https://github.com/rq/django-rq/blob/master/CHANGELOG.md
 django-rq
 
+# Provides a variety of storage backends
+# https://github.com/jschneier/django-storages/blob/master/CHANGELOG.rst
+django-storages
+
 # Abstraction models for rendering and paginating HTML tables
 # https://github.com/jieter/django-tables2/blob/master/CHANGELOG.md
 django-tables2
 
 # User-defined tags for objects
 # https://github.com/jazzband/django-taggit/blob/master/CHANGELOG.rst
-# TODO: Upgrade to v5.0 for NetBox v3.7 beta
-django-taggit<5.0
+django-taggit
 
 # A Django field for representing time zones
 # https://github.com/mfogel/django-timezone-field/
@@ -62,7 +69,8 @@ django-timezone-field
 
 # A REST API framework for Django projects
 # https://www.django-rest-framework.org/community/release-notes/
-djangorestframework
+# TODO: Re-evaluate the monkey-patch of get_unique_validators() before upgrading
+djangorestframework==3.16.1
 
 # Sane and flexible OpenAPI 3 schema generation for Django REST framework.
 # https://github.com/tfranzel/drf-spectacular/blob/master/CHANGELOG.rst
@@ -76,11 +84,6 @@ drf-spectacular-sidecar
 # https://github.com/kurtmckee/feedparser/blob/develop/CHANGELOG.rst
 feedparser
 
-# Django wrapper for Graphene (GraphQL support)
-# https://github.com/graphql-python/graphene-django/releases
-# Pinned to v3.0.0 for GraphiQL UI issue (see #12762)
-graphene_django==3.0.0
-
 # WSGI HTTP server
 # https://docs.gunicorn.org/en/latest/news.html
 gunicorn
@@ -89,34 +92,42 @@ gunicorn
 # https://jinja.palletsprojects.com/changes/
 Jinja2
 
-# Simple markup language for rendering HTML
-# https://python-markdown.github.io/change_log/
-# mkdocs currently requires Markdown v3.3
-Markdown<3.4
+# JSON schema validation
+# https://github.com/python-jsonschema/jsonschema/blob/main/CHANGELOG.rst
+jsonschema
 
-# File inclusion plugin for Python-Markdown
-# https://github.com/cmacmackin/markdown-include
-markdown-include
+# Simple markup language for rendering HTML
+# https://python-markdown.github.io/changelog/
+Markdown
 
 # MkDocs Material theme (for documentation build)
 # https://squidfunk.github.io/mkdocs-material/changelog/
 mkdocs-material
 
 # Introspection for embedded code
-# https://github.com/mkdocstrings/mkdocstrings/blob/master/CHANGELOG.md
-mkdocstrings[python-legacy]
+# https://github.com/mkdocstrings/mkdocstrings/blob/main/CHANGELOG.md
+mkdocstrings
+
+# Python handler for mkdocstrings
+# https://github.com/mkdocstrings/python/blob/main/CHANGELOG.md
+mkdocstrings-python
 
 # Library for manipulating IP prefixes and addresses
-# https://github.com/netaddr/netaddr/blob/master/CHANGELOG
+# https://github.com/netaddr/netaddr/blob/master/CHANGELOG.rst
 netaddr
 
+# Python bindings to the ammonia HTML sanitization library.
+# https://github.com/messense/nh3
+nh3
+
 # Fork of PIL (Python Imaging Library) for image processing
-# https://github.com/python-pillow/Pillow/blob/main/CHANGES.rst
+# https://github.com/python-pillow/Pillow/releases
+# https://pillow.readthedocs.io/en/stable/releasenotes/
 Pillow
 
 # PostgreSQL database adapter for Python
 # https://github.com/psycopg/psycopg/blob/master/docs/news.rst
-psycopg[binary,pool]
+psycopg[c,pool]
 
 # YAML rendering library
 # https://github.com/yaml/pyyaml/blob/master/CHANGES
@@ -126,20 +137,32 @@ PyYAML
 # https://github.com/psf/requests/blob/main/HISTORY.md
 requests
 
-# Sentry SDK
-# https://github.com/getsentry/sentry-python/blob/master/CHANGELOG.md
-sentry-sdk
-
-# Social authentication framework
-# https://github.com/python-social-auth/social-core/blob/master/CHANGELOG.md
-social-auth-core
+# rq
+# https://github.com/rq/rq/blob/master/CHANGES.md
+rq
 
 # Django app for social-auth-core
 # https://github.com/python-social-auth/social-app-django/blob/master/CHANGELOG.md
 social-auth-app-django
 
+# Social authentication framework
+# https://github.com/python-social-auth/social-core/blob/master/CHANGELOG.md
+social-auth-core
+
+# Image thumbnail generation
+# https://github.com/jazzband/sorl-thumbnail/blob/master/CHANGES.rst
+sorl-thumbnail
+
+# Strawberry GraphQL
+# https://github.com/strawberry-graphql/strawberry/blob/main/CHANGELOG.md
+strawberry-graphql
+
+# Strawberry GraphQL Django extension
+# https://github.com/strawberry-graphql/strawberry-django/releases
+strawberry-graphql-django
+
 # SVG image rendering (used for rack elevations)
-# hhttps://github.com/mozman/svgwrite/blob/master/NEWS.rst
+# https://github.com/mozman/svgwrite/blob/master/NEWS.rst
 svgwrite
 
 # Tabular dataset library (for table-based exports)

contrib/apache.conf

@@ -20,7 +20,7 @@
     Alias /static /opt/netbox/netbox/static
 
     <Directory /opt/netbox/netbox/static>
-        Options Indexes FollowSymLinks MultiViews
+        Options FollowSymLinks MultiViews
         AllowOverride None
         Require all granted
     </Directory>

contrib/generated_schema.json

@@ -1,5 +1,7 @@
 {
     "type": "object",
+    "$id": "urn:devicetype-library:generated-schema",
+    "$schema": "https://json-schema.org/draft/2020-12/schema",
     "additionalProperties": false,
     "definitions": {
         "airflow": {
@@ -10,6 +12,9 @@
                 "left-to-right",
                 "right-to-left",
                 "side-to-rear",
+                "rear-to-side",
+                "bottom-to-top",
+                "top-to-bottom",
                 "passive",
                 "mixed"
             ]
@@ -90,6 +95,7 @@
                         "iec-60320-c8",
                         "iec-60320-c14",
                         "iec-60320-c16",
+                        "iec-60320-c18",
                         "iec-60320-c20",
                         "iec-60320-c22",
                         "iec-60309-p-n-e-4h",
@@ -147,6 +153,7 @@
                         "nema-l15-60p",
                         "nema-l21-20p",
                         "nema-l21-30p",
+                        "nema-l22-20p",
                         "nema-l22-30p",
                         "cs6361c",
                         "cs6365c",
@@ -177,6 +184,9 @@
                         "usb-micro-ab",
                         "usb-3-b",
                         "usb-3-micro-b",
+                        "molex-micro-fit-1x2",
+                        "molex-micro-fit-2x2",
+                        "molex-micro-fit-2x4",
                         "dc-terminal",
                         "saf-d-grid",
                         "neutrik-powercon-20",
@@ -200,6 +210,7 @@
                         "iec-60320-c7",
                         "iec-60320-c13",
                         "iec-60320-c15",
+                        "iec-60320-c17",
                         "iec-60320-c19",
                         "iec-60320-c21",
                         "iec-60309-p-n-e-4h",
@@ -257,6 +268,7 @@
                         "nema-l15-60r",
                         "nema-l21-20r",
                         "nema-l21-30r",
+                        "nema-l22-20r",
                         "nema-l22-30r",
                         "CS6360C",
                         "CS6364C",
@@ -279,7 +291,11 @@
                         "usb-a",
                         "usb-micro-b",
                         "usb-c",
+                        "molex-micro-fit-1x2",
+                        "molex-micro-fit-2x2",
+                        "molex-micro-fit-2x4",
                         "dc-terminal",
+                        "eaton-c39",
                         "hdot-cx",
                         "saf-d-grid",
                         "neutrik-powercon-20a",
@@ -314,43 +330,123 @@
                         "100base-lfx",
                         "100base-tx",
                         "100base-t1",
+                        "1000base-bx10-d",
+                        "1000base-bx10-u",
+                        "1000base-cwdm",
+                        "1000base-cx",
+                        "1000base-dwdm",
+                        "1000base-ex",
+                        "1000base-lsx",
+                        "1000base-lx",
+                        "1000base-lx10",
+                        "1000base-sx",
                         "1000base-t",
+                        "1000base-tx",
+                        "1000base-zx",
                         "2.5gbase-t",
                         "5gbase-t",
-                        "10gbase-t",
+                        "10gbase-br-d",
+                        "10gbase-br-u",
                         "10gbase-cx4",
+                        "10gbase-er",
+                        "10gbase-lr",
+                        "10gbase-lrm",
+                        "10gbase-lx4",
+                        "10gbase-sr",
+                        "10gbase-t",
+                        "10gbase-zr",
+                        "25gbase-cr",
+                        "25gbase-er",
+                        "25gbase-lr",
+                        "25gbase-sr",
+                        "25gbase-t",
+                        "40gbase-cr4",
+                        "40gbase-er4",
+                        "40gbase-fr4",
+                        "40gbase-lr4",
+                        "40gbase-sr4",
+                        "50gbase-cr",
+                        "50gbase-er",
+                        "50gbase-fr",
+                        "50gbase-lr",
+                        "50gbase-sr",
+                        "100gbase-cr1",
+                        "100gbase-cr2",
+                        "100gbase-cr4",
+                        "100gbase-cr10",
+                        "100gbase-cwdm4",
+                        "100gbase-dr",
+                        "100gbase-er4",
+                        "100gbase-fr1",
+                        "100gbase-lr1",
+                        "100gbase-lr4",
+                        "100gbase-sr1",
+                        "100gbase-sr1.2",
+                        "100gbase-sr2",
+                        "100gbase-sr4",
+                        "100gbase-sr10",
+                        "100gbase-zr",
+                        "200gbase-cr2",
+                        "200gbase-cr4",
+                        "200gbase-dr4",
+                        "200gbase-er4",
+                        "200gbase-fr4",
+                        "200gbase-lr4",
+                        "200gbase-sr2",
+                        "200gbase-sr4",
+                        "200gbase-vr2",
+                        "400gbase-cr4",
+                        "400gbase-dr4",
+                        "400gbase-er8",
+                        "400gbase-fr4",
+                        "400gbase-fr8",
+                        "400gbase-lr4",
+                        "400gbase-lr8",
+                        "400gbase-sr4",
+                        "400gbase-sr4_2",
+                        "400gbase-sr8",
+                        "400gbase-sr16",
+                        "400gbase-vr4",
+                        "400gbase-zr",
+                        "800gbase-cr8",
+                        "800gbase-dr8",
+                        "800gbase-sr8",
+                        "800gbase-vr8",
+                        "100base-x-sfp",
                         "1000base-x-gbic",
                         "1000base-x-sfp",
                         "10gbase-x-sfpp",
-                        "10gbase-x-xfp",
                         "10gbase-x-xenpak",
+                        "10gbase-x-xfp",
                         "10gbase-x-x2",
                         "25gbase-x-sfp28",
-                        "50gbase-x-sfp56",
                         "40gbase-x-qsfpp",
                         "50gbase-x-sfp28",
+                        "50gbase-x-sfp56",
                         "100gbase-x-cfp",
                         "100gbase-x-cfp2",
-                        "200gbase-x-cfp2",
-                        "400gbase-x-cfp2",
                         "100gbase-x-cfp4",
                         "100gbase-x-cxp",
                         "100gbase-x-cpak",
                         "100gbase-x-dsfp",
-                        "100gbase-x-sfpdd",
                         "100gbase-x-qsfp28",
                         "100gbase-x-qsfpdd",
+                        "100gbase-x-sfpdd",
+                        "200gbase-x-cfp2",
                         "200gbase-x-qsfp56",
                         "200gbase-x-qsfpdd",
                         "400gbase-x-qsfp112",
                         "400gbase-x-qsfpdd",
+                        "400gbase-x-cdfp",
+                        "400gbase-x-cfp2",
+                        "400gbase-x-cfp8",
                         "400gbase-x-osfp",
                         "400gbase-x-osfp-rhs",
-                        "400gbase-x-cdfp",
-                        "400gbase-x-cfp8",
-                        "800gbase-x-qsfpdd",
                         "800gbase-x-osfp",
+                        "800gbase-x-qsfpdd",
                         "1000base-kx",
+                        "2.5gbase-kx",
+                        "5gbase-kr",
                         "10gbase-kr",
                         "10gbase-kx4",
                         "25gbase-kr",
@@ -366,11 +462,15 @@
                         "ieee802.11ad",
                         "ieee802.11ax",
                         "ieee802.11ay",
+                        "ieee802.11be",
                         "ieee802.15.1",
+                        "ieee802.15.4",
                         "other-wireless",
                         "gsm",
                         "cdma",
                         "lte",
+                        "4g",
+                        "5g",
                         "sonet-oc3",
                         "sonet-oc12",
                         "sonet-oc48",
@@ -384,7 +484,10 @@
                         "8gfc-sfpp",
                         "16gfc-sfpp",
                         "32gfc-sfp28",
+                        "32gfc-sfpp",
                         "64gfc-qsfpp",
+                        "64gfc-sfpdd",
+                        "64gfc-sfpp",
                         "128gfc-qsfp28",
                         "infiniband-sdr",
                         "infiniband-ddr",
@@ -401,12 +504,16 @@
                         "e3",
                         "xdsl",
                         "docsis",
+                        "moca",
+                        "bpon",
+                        "epon",
+                        "10g-epon",
                         "gpon",
                         "xg-pon",
                         "xgs-pon",
                         "ng-pon2",
-                        "epon",
-                        "10g-epon",
+                        "25g-pon",
+                        "50g-pon",
                         "cisco-stackwise",
                         "cisco-stackwise-plus",
                         "cisco-flexstack",
@@ -443,6 +550,13 @@
                         "passive-48v-2pair",
                         "passive-48v-4pair"
                     ]
+                },
+                "rf_role": {
+                    "type": "string",
+                    "enum": [
+                        "ap",
+                        "station"
+                    ]
                 }
             }
         },
@@ -471,6 +585,9 @@
                         "n",
                         "mrj21",
                         "fc",
+                        "fc-pc",
+                        "fc-upc",
+                        "fc-apc",
                         "lc",
                         "lc-pc",
                         "lc-upc",
@@ -498,6 +615,14 @@
                         "urm-p4",
                         "urm-p8",
                         "splice",
+                        "usb-a",
+                        "usb-b",
+                        "usb-c",
+                        "usb-mini-a",
+                        "usb-mini-b",
+                        "usb-micro-a",
+                        "usb-micro-b",
+                        "usb-micro-ab",
                         "other"
                     ]
                 }
@@ -528,6 +653,9 @@
                         "n",
                         "mrj21",
                         "fc",
+                        "fc-pc",
+                        "fc-upc",
+                        "fc-apc",
                         "lc",
                         "lc-pc",
                         "lc-upc",
@@ -555,6 +683,14 @@
                         "urm-p4",
                         "urm-p8",
                         "splice",
+                        "usb-a",
+                        "usb-b",
+                        "usb-c",
+                        "usb-mini-a",
+                        "usb-mini-b",
+                        "usb-micro-a",
+                        "usb-micro-b",
+                        "usb-micro-ab",
                         "other"
                     ]
                 }

contrib/gunicorn.py

@@ -14,3 +14,7 @@ timeout = 120
 # The maximum number of requests a worker can handle before being respawned
 max_requests = 5000
 max_requests_jitter = 500
+
+# Uncomment this line to accept HTTP headers containing underscores, e.g. for remote
+# authentication support. See https://docs.gunicorn.org/en/stable/settings.html#header-map
+# header-map = 'dangerous'

contrib/netbox-housekeeping.service

@@ -1,17 +0,0 @@
-[Unit]
-Description=NetBox Housekeeping Service
-Documentation=https://docs.netbox.dev/
-After=network-online.target
-Wants=network-online.target
-
-[Service]
-Type=simple
-
-User=netbox
-Group=netbox
-WorkingDirectory=/opt/netbox
-
-ExecStart=/opt/netbox/venv/bin/python /opt/netbox/netbox/manage.py housekeeping
-
-[Install]
-WantedBy=multi-user.target

contrib/netbox-housekeeping.sh

@@ -1,9 +0,0 @@
-#!/bin/sh
-# This shell script invokes NetBox's housekeeping management command, which
-# intended to be run nightly. This script can be copied into your system's
-# daily cron directory (e.g. /etc/cron.daily), or referenced directly from
-# within the cron configuration file.
-#
-# If NetBox has been installed into a nonstandard location, update the paths
-# below.
-/opt/netbox/venv/bin/python /opt/netbox/netbox/manage.py housekeeping

contrib/netbox-housekeeping.timer

@@ -1,13 +0,0 @@
-[Unit]
-Description=NetBox Housekeeping Timer
-Documentation=https://docs.netbox.dev/
-After=network-online.target
-Wants=network-online.target
-
-[Timer]
-OnCalendar=daily
-AccuracySec=1h
-Persistent=true
-
-[Install]
-WantedBy=multi-user.target

contrib/netbox.service

@@ -12,8 +12,12 @@ Group=netbox
 PIDFile=/var/tmp/netbox.pid
 WorkingDirectory=/opt/netbox
 
+# Remove the following line if using uWSGI instead of Gunicorn
 ExecStart=/opt/netbox/venv/bin/gunicorn --pid /var/tmp/netbox.pid --pythonpath /opt/netbox/netbox --config /opt/netbox/gunicorn.py netbox.wsgi
 
+# Uncomment the following line if using uWSGI instead of Gunicorn
+#ExecStart=/opt/netbox/venv/bin/uwsgi --ini /opt/netbox/uwsgi.ini
+
 Restart=on-failure
 RestartSec=30
 PrivateTmp=true

contrib/nginx.conf

@@ -14,10 +14,20 @@ server {
     }
 
     location / {
+        # Remove these lines if using uWSGI instead of Gunicorn
         proxy_pass http://127.0.0.1:8001;
         proxy_set_header X-Forwarded-Host $http_host;
         proxy_set_header X-Real-IP $remote_addr;
         proxy_set_header X-Forwarded-Proto $scheme;
+
+        # Uncomment these lines if using uWSGI instead of Gunicorn
+        # include uwsgi_params;
+        # uwsgi_pass  127.0.0.1:8001;
+        # uwsgi_param Host $host;
+        # uwsgi_param X-Real-IP $remote_addr;
+        # uwsgi_param X-Forwarded-For $proxy_add_x_forwarded_for;
+        # uwsgi_param X-Forwarded-Proto $http_x_forwarded_proto;
+
     }
 }
 

contrib/uwsgi.ini

@@ -0,0 +1,34 @@
+[uwsgi]
+; bind to the specified UNIX/TCP socket and port (usually localhost)
+socket = 127.0.0.1:8001
+
+; fail to start if any parameter in the configuration file isn’t explicitly understood by uWSGI.
+strict = true
+
+; re-spawn and pre-fork workers
+master = true
+
+; clear environment on exit
+vacuum = true
+
+; make SIGTERM stop the app (instead of reload)
+die-on-term = true
+
+; exit if no app can be loaded
+need-app = true
+
+; do not use multiple interpreters
+single-interpreter = true
+
+; change to the project directory
+chdir = netbox
+
+; specify the WSGI module to load
+module = netbox.wsgi
+
+; workaround to make uWSGI reloads work with pyuwsgi (not to be used if using uwsgi package instead)
+binary-path = venv/bin/python
+
+; only log internal messages and errors (reverse proxy already logs the requests)
+disable-logging = true
+log-5xx = true

docs/_theme/main.html

@@ -2,8 +2,8 @@
 
 {% block site_meta %}
   {{ super() }}
-  {# Disable search indexing unless we're building for ReadTheDocs (see #10496) #}
-  {% if page.canonical_url != 'https://docs.netbox.dev/' %}
+  {# Disable search indexing unless we're building for public consumption #}
+  {% if not config.extra.build_public %}
     <meta name="robots" content="noindex">
   {% endif %}
 {% endblock %}

docs/_theme/partials/copyright.html

@@ -0,0 +1,18 @@
+<div class="md-copyright">
+  {% if config.copyright %}
+    <div class="md-copyright__highlight">
+      {{ config.copyright }}
+    </div>
+  {% endif %}
+  {% if not config.extra.generator == false %}
+    Made with
+    <a href="https://squidfunk.github.io/mkdocs-material/" target="_blank" rel="noopener">
+      Material for MkDocs
+    </a>
+  {% endif %}
+</div>
+{% if not config.extra.build_public %}
+  <div class="md-copyright">
+    ℹ️ Documentation is being served locally
+  </div>
+{% endif %}

docs/administration/authentication/google.md

@@ -0,0 +1,52 @@
+# Google
+
+This guide explains how to configure single sign-on (SSO) support for NetBox using [Google OAuth2](https://developers.google.com/identity/protocols/oauth2/web-server) as an authentication backend.
+
+## Google OAuth2 Configuration
+
+1. Log into [console.cloud.google.com](https://console.cloud.google.com/).
+2. Create new project for NetBox.
+3. Under "APIs and Services" click "OAuth consent screen" and enter the required information.
+4. Under "Credentials," click "Create Credentials" and select "OAuth 2.0 Client ID." Select type "Web application."
+    - "Authorized JavaScript origins" should follow the format `http[s]://<netbox>[:<port>]`
+    - "Authorized redirect URIs" should follow the format `http[s]://<netbox>[:<port>]/oauth/complete/google-oauth2/`
+5. Copy the "Client ID" and "Client Secret" values somewhere convenient.
+
+!!! note
+    Google requires the NetBox hostname to use a public top-level-domain (e.g. `.com`, `.net`). The use of IP addresses is not permitted (except `127.0.0.1`).
+
+For more information, consult [Google's documentation](https://developers.google.com/identity/protocols/oauth2/web-server#prerequisites).
+
+## NetBox Configuration
+
+### 1. Enter configuration parameters
+
+Enter the following configuration parameters in `configuration.py`, substituting your own values:
+
+```python
+REMOTE_AUTH_BACKEND = 'social_core.backends.google.GoogleOAuth2'
+SOCIAL_AUTH_GOOGLE_OAUTH2_KEY = '{CLIENT_ID}'
+SOCIAL_AUTH_GOOGLE_OAUTH2_SECRET = '{CLIENT_SECRET}'
+```
+
+### 2. Restart NetBox
+
+Restart the NetBox services so that the new configuration takes effect. This is typically done with the command below:
+
+```no-highlight
+sudo systemctl restart netbox
+```
+
+## Testing
+
+Log out of NetBox if already authenticated, and click the "Log In" button at top right. You should see the normal login form as well as an option to authenticate using Google. Click that link.
+
+![NetBox Google login form](../../media/authentication/netbox_google_login.png)
+
+You should be redirected to Google's authentication portal. Enter the username/email and password of your test account to continue. You may also be prompted to grant this application access to your account.
+
+![NetBox Google login form](../../media/authentication/google_login_portal.png)
+
+If successful, you will be redirected back to the NetBox UI, and will be logged in as the Google user. You can verify this by navigating to your profile (using the button at top right).
+
+This user account has been replicated locally to NetBox, and can now be assigned groups and permissions.

docs/administration/authentication/microsoft-entra-id.md

@@ -1,8 +1,8 @@
-# Microsoft Azure AD
+# Microsoft Entra ID
 
-This guide explains how to configure single sign-on (SSO) support for NetBox using [Microsoft Azure Active Directory (AD)](https://azure.microsoft.com/en-us/services/active-directory/) as an authentication backend.
+This guide explains how to configure single sign-on (SSO) support for NetBox using [Microsoft Entra ID](https://www.microsoft.com/en-us/security/business/identity-access/microsoft-entra-id) as an authentication backend.
 
-## Azure AD Configuration
+## Entra ID Configuration
 
 ### 1. Create a test user (optional)
 
@@ -25,7 +25,7 @@ Once finished, make note of the application (client) ID; this will be used when
 ![Completed app registration](../../media/authentication/azure_ad_app_registration_created.png)
 
 !!! tip "Multitenant authentication"
-    NetBox also supports multitenant authentication via Azure AD, however it requires a different backend and an additional configuration parameter. Please see the [`python-social-auth` documentation](https://python-social-auth.readthedocs.io/en/latest/backends/azuread.html#tenant-support) for details concerning multitenant authentication.
+    NetBox also supports multitenant authentication via Azure AD; however, it requires a different backend and an additional configuration parameter. Please see the [`python-social-auth` documentation](https://python-social-auth.readthedocs.io/en/latest/backends/azuread.html#tenant-support) for details concerning multitenant authentication.
 
 ### 3. Create a secret
 
@@ -73,7 +73,7 @@ You should be redirected to Microsoft's authentication portal. Enter the usernam
 
 If successful, you will be redirected back to the NetBox UI, and will be logged in as the AD user. You can verify this by navigating to your profile (using the button at top right).
 
-This user account has been replicated locally to NetBox, and can now be assigned groups and permissions within the NetBox admin UI.
+This user account has been replicated locally to NetBox, and can now be assigned groups and permissions.
 
 ## Troubleshooting
 

docs/administration/authentication/okta.md

@@ -67,4 +67,4 @@ You should be redirected to Okta's authentication portal. Enter the username/ema
 
 If successful, you will be redirected back to the NetBox UI, and will be logged in as the Okta user. You can verify this by navigating to your profile (using the button at top right).
 
-This user account has been replicated locally to NetBox, and can now be assigned groups and permissions within the NetBox admin UI.
+This user account has been replicated locally to NetBox, and can now be assigned groups and permissions.

docs/administration/authentication/overview.md

@@ -2,9 +2,9 @@
 
 ## Local Authentication
 
-Local user accounts and groups can be created in NetBox under the "Authentication and Authorization" section of the administrative user interface. This interface is available only to users with the "staff" permission enabled.
+Local user accounts and groups can be created in NetBox under the "Authentication" section in the "Admin" menu.
 
-At a minimum, each user account must have a username and password set. User accounts may also denote a first name, last name, and email address. [Permissions](../permissions.md) may also be assigned to users and/or groups within the admin UI.
+At a minimum, each user account must have a username and password set. User accounts may also denote a first name, last name, and email address. [Permissions](../permissions.md) may also be assigned to individual users and/or groups as needed.
 
 ## Remote Authentication
 
@@ -26,7 +26,10 @@ REMOTE_AUTH_BACKEND = 'netbox.authentication.RemoteUserBackend'
 
 Another option for remote authentication in NetBox is to enable HTTP header-based user assignment. The front end HTTP server (e.g. nginx or Apache) performs client authentication as a process external to NetBox, and passes information about the authenticated user via HTTP headers. By default, the user is assigned via the `REMOTE_USER` header, but this can be customized via the `REMOTE_AUTH_HEADER` configuration parameter.
 
-Optionally, user profile information can be supplied by `REMOTE_USER_FIRST_NAME`, `REMOTE_USER_LAST_NAME` and `REMOTE_USER_EMAIL` headers. These are saved to the users profile during the authentication process. These headers can be customized like the `REMOTE_USER` header.
+Optionally, user profile information can be supplied by `REMOTE_USER_FIRST_NAME`, `REMOTE_USER_LAST_NAME` and `REMOTE_USER_EMAIL` headers. These are saved to the user's profile during the authentication process. These headers can be customized like the `REMOTE_USER` header.
+
+!!! warning Verify Header Compatibility
+    Some WSGI servers may drop headers which contain unsupported characters. For instance, gunicorn v22.0 and later silently drops HTTP headers containing underscores. This behavior can be disabled by changing gunicorn's [`header_map`](https://docs.gunicorn.org/en/stable/settings.html#header-map) setting to `dangerous`.
 
 ### Single Sign-On (SSO)
 
@@ -37,3 +40,23 @@ REMOTE_AUTH_BACKEND = 'social_core.backends.google.GoogleOAuth2'
 NetBox supports single sign-on authentication via the [python-social-auth](https://github.com/python-social-auth) library. To enable SSO, specify the path to the desired authentication backend within the `social_core` Python package. Please see the complete list of [supported authentication backends](https://github.com/python-social-auth/social-core/tree/master/social_core/backends) for the available options.
 
 Most remote authentication backends require some additional configuration through settings prefixed with `SOCIAL_AUTH_`. These will be automatically imported from NetBox's `configuration.py` file. Additionally, the [authentication pipeline](https://python-social-auth.readthedocs.io/en/latest/pipeline.html) can be customized via the `SOCIAL_AUTH_PIPELINE` parameter. (NetBox's default pipeline is defined in `netbox/settings.py` for your reference.)
+
+#### Configuring the SSO module's appearance
+
+The way a remote authentication backend is displayed to the user on the login
+page may be adjusted via the `SOCIAL_AUTH_BACKEND_ATTRS` parameter, defaulting
+to an empty dictionary. This dictionary maps a `social_core` module's name (ie.
+`REMOTE_AUTH_BACKEND.name`) to a couple of parameters, `(display_name, icon)`.
+
+The `display_name` is the name displayed to the user on the login page. The
+icon may either be the URL of an icon; refer to a [Material Design
+Icons](https://github.com/google/material-design-icons) icon's name; or be
+`None` for no icon.
+
+For instance, the OIDC backend may be customized with
+
+```python
+SOCIAL_AUTH_BACKEND_ATTRS = {
+    'oidc': ("My awesome SSO", "login"),
+}
+```

docs/administration/error-reporting.md

@@ -4,27 +4,15 @@
 
 ### Enabling Error Reporting
 
-NetBox supports native integration with [Sentry](https://sentry.io/) for automatic error reporting. To enable this functionality, simply set `SENTRY_ENABLED` to True in `configuration.py`. Errors will be sent to a Sentry ingestor maintained by the NetBox team for analysis.
-
-```python
-SENTRY_ENABLED = True
-```
-
-### Using a Custom DSN
-
-If you prefer instead to use your own Sentry ingestor, you'll need to first create a new project under your Sentry account to represent your NetBox deployment and obtain its corresponding data source name (DSN). This looks like a URL similar to the example below:
-
-```
-https://examplePublicKey@o0.ingest.sentry.io/0
-```
-
-Once you have obtained a DSN, configure Sentry in NetBox's `configuration.py` file with the following parameters:
+NetBox supports native integration with [Sentry](https://sentry.io/) for automatic error reporting. To enable this functionality, set `SENTRY_ENABLED` to `True` and define your unique [data source name (DSN)](https://docs.sentry.io/product/sentry-basics/concepts/dsn-explainer/) in `configuration.py`.
 
 ```python
 SENTRY_ENABLED = True
 SENTRY_DSN = "https://examplePublicKey@o0.ingest.sentry.io/0"
 ```
 
+Setting `SENTRY_ENABLED` to False will disable the Sentry integration.
+
 ### Assigning Tags
 
 You can optionally attach one or more arbitrary tags to the outgoing error reports if desired by setting the `SENTRY_TAGS` parameter:

docs/administration/housekeeping.md

@@ -1,49 +0,0 @@
-# Housekeeping
-
-NetBox includes a `housekeeping` management command that should be run nightly. This command handles:
-
-* Clearing expired authentication sessions from the database
-* Deleting changelog records older than the configured [retention time](../configuration/miscellaneous.md#changelog_retention)
-* Deleting job result records older than the configured [retention time](../configuration/miscellaneous.md#job_retention)
-* Check for new NetBox releases (if [`RELEASE_CHECK_URL`](../configuration/miscellaneous.md#release_check_url) is set)
-
-This command can be invoked directly, or by using the shell script provided at `/opt/netbox/contrib/netbox-housekeeping.sh`.
-
-## Scheduling
-
-### Using Cron
-
-This script can be linked from your cron scheduler's daily jobs directory (e.g. `/etc/cron.daily`) or referenced directly within the cron configuration file.
-
-```shell
-sudo ln -s /opt/netbox/contrib/netbox-housekeeping.sh /etc/cron.daily/netbox-housekeeping
-```
-
-!!! note
-    On Debian-based systems, be sure to omit the `.sh` file extension when linking to the script from within a cron directory. Otherwise, the task may not run.
-
-### Using Systemd
-
-First, create symbolic links for the systemd service and timer files. Link the existing service and timer files from the `/opt/netbox/contrib/` directory to the `/etc/systemd/system/` directory:
-
-```bash
-sudo ln -s /opt/netbox/contrib/netbox-housekeeping.service /etc/systemd/system/netbox-housekeeping.service
-sudo ln -s /opt/netbox/contrib/netbox-housekeeping.timer /etc/systemd/system/netbox-housekeeping.timer
-```
-
-Then, reload the systemd configuration and enable the timer to start automatically at boot:
-
-```bash
-sudo systemctl daemon-reload
-sudo systemctl enable --now netbox-housekeeping.timer
-```
-
-Check the status of your timer by running:
-
-```bash
-sudo systemctl list-timers --all
-```
-
-This command will show a list of all timers, including your `netbox-housekeeping.timer`. Make sure the timer is active and properly scheduled.
-
-That's it! Your NetBox housekeeping service is now configured to run daily using systemd.

docs/administration/netbox-shell.md

@@ -106,7 +106,7 @@ This approach can span multiple levels of relations. For example, the following
 ```
 
 !!! note
-    While the above query is functional, it's not very efficient. There are ways to optimize such requests, however they are out of scope for this document. For more information, see the [Django queryset method reference](https://docs.djangoproject.com/en/stable/ref/models/querysets/) documentation.
+    While the above query is functional, it's not very efficient. There are ways to optimize such requests; however, they are out of scope for this document. For more information, see the [Django queryset method reference](https://docs.djangoproject.com/en/stable/ref/models/querysets/) documentation.
 
 Reverse relationships can be traversed as well. For example, the following will find all devices with an interface named "em0":
 

docs/administration/permissions.md

@@ -70,8 +70,6 @@ The `$user` token can be used only as a constraint value, or as an item within a
 
 ### Default Permissions
 
-!!! info "This feature was introduced in NetBox v3.6."
-
 While permissions are typically assigned to specific groups and/or users, it is also possible to define a set of default permissions that are applied to _all_ authenticated users. This is done using the [`DEFAULT_PERMISSIONS`](../configuration/security.md#default_permissions) configuration parameter. Note that statically configuring permissions for specific users or groups is **not** supported.
 
 ### Example Constraint Definitions

docs/administration/replicating-netbox.md

@@ -18,10 +18,10 @@ pg_dump --username netbox --password --host localhost netbox > netbox.sql
 !!! note
     You may need to change the username, host, and/or database in the command above to match your installation.
 
-When replicating a production database for development purposes, you may find it convenient to exclude changelog data, which can easily account for the bulk of a database's size. To do this, exclude the `extras_objectchange` table data from the export. The table will still be included in the output file, but will not be populated with any data.
+When replicating a production database for development purposes, you may find it convenient to exclude changelog data, which can easily account for the bulk of a database's size. To do this, exclude the `core_objectchange` table data from the export. The table will still be included in the output file, but will not be populated with any data.
 
 ```no-highlight
-pg_dump ... --exclude-table-data=extras_objectchange netbox > netbox.sql
+pg_dump ... --exclude-table-data=core_objectchange netbox > netbox.sql
 ```
 
 ### Load an Exported Database
@@ -54,7 +54,7 @@ pg_dump --username netbox --password --host localhost -s netbox > netbox_schema.
 By default, NetBox stores uploaded files (such as image attachments) in its media directory. To fully replicate an instance of NetBox, you'll need to copy both the database and the media files.
 
 !!! note
-    These operations are not necessary if your installation is utilizing a [remote storage backend](../configuration/system.md#storage_backend).
+    These operations are not necessary if your installation is utilizing a [remote storage backend](../configuration/system.md#storages).
 
 ### Archive the Media Directory
 

docs/best-practices/modeling-pluggable-transceivers.md

@@ -0,0 +1,74 @@
+# Modeling Pluggable Transceivers
+
+## Use Case
+
+Many network devices utilize field-swappable [small-form factor pluggable transceivers (SFPs)](https://en.wikipedia.org/wiki/Small_Form-factor_Pluggable) to enable changing the physical media type of a fixed interface. For example, a 10 Gigabit Ethernet interface might be connected using copper, multimode fiber, or single-mode fiber, each of which requires a different type of SFP+ transceiver.
+
+It can be challenging to model SFPs given their dynamic nature. This guide intends to capture the recommended strategy for modeling SFPs on NetBox v4.4 and later.
+
+## Modeling Strategy
+
+Pluggable transceivers are most accurately represented in NetBox as discrete [modules](../models/dcim/module.md) which are installed within [module bays](../models/dcim/modulebay.md). A module can deliver one or more [interfaces](../models/dcim/interface.md) (or other components) to the device in which it is installed. This approach ensures that a new interface is automatically created on the device when the module is installed, and deleted when the module is removed.
+
+```mermaid
+flowchart BT
+    interface1[Interface 1/1]--> module1[SFP]
+    interface2[Interface 2/1]--> module2[SFP]
+    interface3[Interface 3/1] & interface4[Interface 3/2]--> module3[SFP]
+    module1 --> modulebay1[Module Bay 1]
+    module2 --> modulebay2[Module Bay 2]
+    module3 --> modulebay3[Module Bay 3]
+    modulebay1 & modulebay2 & modulebay3 --> device[Device]
+```
+
+### 1. Create an SFP Module Type Profile
+
+If one has not already been defined, create a [module type profile](../models/dcim/moduletypeprofile.md) for SFPs. This profile will be assigned for all module types which represent a pluggable transceiver. Typically, you will need only one profile for all pluggable transceivers.
+
+You might opt to define custom attributes for the profile by defining a custom [JSON schema](https://json-schema.org/). Profile attributes might be used to define characteristics unique to transceivers, such as optical wavelength and power ranges. Adding profile attributes is optional, and can be done at a later point.
+
+!!! note
+    Creating a module type profile is optional, but recommended as it allows for defining custom module attributes.
+
+### 2. Create a Module Type for Each SFP Model in Inventory
+
+Next, create a [module type](../models/dcim/moduletype.md) to represent each unique SFP model present in your network. Each module type should define a manufacturer and a unique model name, and may also include a part number. For example, you might create a module type for each of the following transceivers:
+
+| Manufacturer | Model            | Media Type |
+|--------------|------------------|------------|
+| Cisco        | SFP-10G-SR       | 10GE MMF   |
+| Cisco        | SFP-10G-LR       | 10GE SMF   |
+| Juniper      | QFX-QSFP-40G-SR4 | 40GE MMF   |
+| Juniper      | JNP-QSFP-DAC-5M  | 40GE DAC   |
+
+### 3. Add an Interface to the Module Type
+
+After creating each module type, create an interface template on it to represent its physical interface. The definition of this interface template will depend on the transceiver's physical media type. (Reference the table above for examples.) When a new module is "installed" within a module bay on a device, its templated interface(s) will be automatically instantiated on that device as child interfaces of the module.
+
+Determining which name to use for the transceiver's interface can be tricky, as the interface name might depend on the type of device in which the SFP is installed. To avoid having to rename interfaces, consider using the `{module}` token in place of a static interface name. The interface's name will inherit the position of the bay in which its parent module is installed. If creating multiple interfaces on a module, be sure to append a unique ID (e.g. `{module}:1`) to ensure each interface gets assigned a unique name.
+
+### 4. Create Device Types
+
+If you haven't already, create a [device type](../models/dcim/devicetype.md) to represent each unique device model in your network.
+
+!!! note
+    Skip this step if you've already created the necessary device types.
+
+### 5. Add Module Bays to the Device Type
+
+Once you've created a device type, add the appropriate number of module bays on each device type to represent its SFP slots. For example, a Juniper QFX5110 would have module bays numbered `0/0/0` through `0/0/55`: 48 SFP+ bays and 8 QSFP28 bays (56 total).
+
+Be sure to define both the name **and position** of each module bay with a unique value. The module bay's position will be used to automatically name SFP interfaces.
+
+### 6. Create a Device
+
+Create a new device using the device type added in the previous step. The module bays (and any other components) defined on the device type will be instantiated on the new device automatically.
+
+!!! note
+    If you've already created the necessary devices in NetBox, you'll need to add their module bays manually. You can add multiple module bays at once by selecting the desired devices from the device list and selecting **Add Components > Module Bays** at the bottom of the page.
+
+### 7. Add the SFP Modules
+
+Finally, create each SFP in the new device by "installing" a new module of the appropriate type in each module bay. The interface(s) defined on the selected module type will be automatically populated on the new module. If present, the `{module}` token in the name of each interface template will be replaced with the position of the bay in which the module is being installed. For example, an interface template with the name `et-{module}` being created on a module installed in a bay with position `0/0/14` will create an interface named `et-0/0/14`.
+
+When adding many modules at once, you may find it helpful to utilize NetBox's bulk import functionality. This allows you to create many modules at once from CSV, JSON, or YAML data.

docs/best-practices/performance-handbook.md

@@ -0,0 +1,187 @@
+# Performance Handbook
+
+The purpose of this handbook is to help users and administrators use NetBox efficiently. It contains assorted recommendations and best practices compiled over time, intending to serve a wide variety of use cases. 
+
+## Server Configuration
+
+### WSGI Server Configuration
+
+NetBox operates as a [Web Server Gateway Interface (WSGI)](https://en.wikipedia.org/wiki/Web_Server_Gateway_Interface) application, which sits behind a frontend HTTP server such as nginx or Apache. The HTTP server handles low-level HTTP request processing and serving static assets, and forwards application-level requests to NetBox via WSGI.
+
+A backend WSGI server (typically [Gunicorn](https://gunicorn.org/) or [uWSGI](https://uwsgi-docs.readthedocs.io/en/latest/)) is responsible for running the NetBox application. This is accomplished by initializing a number of WSGI worker processes which accept WSGI requests relayed from the frontend HTTP server.
+
+Tuning your WSGI server is crucial to realizing optimal performance from NetBox. Below are some recommended configuration parameters.
+
+#### Provision Multiple Workers
+
+General guidance is to set the number of worker processes to double the number of CPU cores available, plus one (`2 * CPUs + 1`).
+
+#### Limit the Worker Lifetime
+
+Set a maximum number of requests that a worker can service before being respawned. This helps protect against potential memory leaks.
+
+#### Set a Request Timeout
+
+Limit the time a worker may spend processing any request. This prevents a long-running request from tying up a worker beyond an acceptable threshold. We suggest a limit of 120 seconds as a reasonable safeguard.
+
+#### Bind Using a Unix Socket
+
+When running the HTTP frontend and WSGI server on the same machine, binding via a Unix socket (instead of a TCP socket) may yield slight performance gains.
+
+### NetBox Configuration
+
+NetBox ships with a reasonable default configuration for most environments, but administrators are encouraged to explore all the [available parameters](../configuration/index.md) to tune their installation. Some of the most notable parameters impacting performance are called out below.
+
+#### Reduce the Maximum Page Size
+
+NetBox paginates large result sets to reduce the overall response size. The [`MAX_PAGE_SIZE`](../configuration/miscellaneous.md#max_page_size) parameter specifies the maximum number of results per page that a client can request. This is set to 1,000 by default. Consider lowering this number if you find that API clients are frequently requesting very large result sets.
+
+#### Limit GraphQL Aliases
+
+By default, NetBox restricts a GraphQL query to 10 aliases. Consider reducing this number by setting [`GRAPHQL_MAX_ALIASES`](../configuration/graphql-api.md#graphql_max_aliases) to a lower value.
+
+#### Designate Isolated Deployments
+
+If your NetBox installation does not have Internet access, set [`ISOLATED_DEPLOYMENT`](../configuration/system.md#isolated_deployment) to True. This will prevent the application from attempting routine external requests.
+
+#### Reduce Sentry Sampling
+
+If [Sentry](https://sentry.io/) has been enabled for error reporting and analytics, consider lowering its sampling rate. This can be accomplished by modifying the values for `sample_rate` and `traces_sample_rate` under [`SENTRY_CONFIG`](../configuration/error-reporting.md#sentry_config).
+
+#### Remove Unneeded Event Handlers
+
+Check whether any custom event handlers have been added under [`EVENTS_PIPELINE`](../configuration/miscellaneous.md#events_pipeline). Remove any that are no longer needed.
+
+### Background Task Workers
+
+NetBox defers the execution of certain tasks to background workers via Redis queues serviced by one or more background workers. These workers operate asynchronously from the frontend WSGI workers, and process tasks in the order they are enqueued.
+
+NetBox creates three default queues for background tasks: `high`, `default`, and `low`. Additional queues can be configured via the [`QUEUE_MAPPINGS`](../configuration/miscellaneous.md#queue_mappings) configuration parameter.
+
+By default, a background worker (spawned via `manage.py rqworker`) will listen to all available queues. To improve responsiveness to high-priority background tasks, consider dedicating one or more workers to service the `high` queue only:
+
+```
+$ ./manage.py rqworker high
+19:31:20 Worker 861be45b32214afc95c235beeb19c9fa: started with PID 2300029, version 2.6.0
+19:31:20 Worker 861be45b32214afc95c235beeb19c9fa: subscribing to channel rq:pubsub:861be45b32214afc95c235beeb19c9fa
+19:31:20 *** Listening on high...
+19:31:20 Worker 861be45b32214afc95c235beeb19c9fa: cleaning registries for queue: high
+19:31:20 Scheduler for high started with PID 2300096
+```
+
+## API Clients
+
+### REST API
+
+NetBox's [REST API](../integrations/rest-api.md) is the primary means of integration with external systems, allowing full create, read, update, and delete (CRUD) operations. There are a few performance considerations to keep in mind when dealing with very large data sets.
+
+#### Use "Brief" Mode for Simple Lists
+
+In cases where you need to retrieve only a minimal representation of objects, append `?brief=True` to the URL. This instructs NetBox to omit all fields except the following:
+
+* ID
+* URL
+* Display text
+* Name (or similar identifier)
+* Slug (if present)
+* Description
+* Counts of notable related objects (where applicable)
+
+For example, a site fetched using brief mode returns only the following:
+
+```json
+{
+    "id": 2,
+    "url": "https://netbox/api/dcim/sites/2/",
+    "display": "DM-Akron",
+    "name": "DM-Akron",
+    "slug": "dm-akron",
+    "description": ""
+}
+```
+
+Omitting all other fields (especially those which fetch and return related objects) often results in much faster queries.
+
+#### Declare Selected Fields
+
+If you need more flexibility regarding the fields to be returned for an object type, you can specify a list of fields to include using the `fields` query parameter. For example, a request for `/api/dcim/sites/?fields=id,name,status,region` will return the following:
+
+```json
+{
+    "id": 2,
+    "name": "DM-Akron",
+    "status": {
+        "value": "active",
+        "label": "Active"
+    },
+    "region": {
+        "id": 51,
+        "url": "https://netbox/api/dcim/regions/51/",
+        "display": "Ohio",
+        "name": "Ohio",
+        "slug": "us-oh",
+        "description": "",
+        "site_count": 0,
+        "_depth": 2
+    }
+}
+```
+
+Like brief mode, this approach can significantly reduce the response time of an API request by omitting unneeded data.
+
+#### Employ Pagination
+
+Like the user interface, the REST API employs pagination to limit the number of objects returned in a single response. If a page size is not specified by the request (i.e. by passing `?limit=10`), NetBox will use the default size defined by [`PAGINATE_COUNT`](../configuration/default-values.md#paginate_count). The default page size is 50.
+
+For some requests, especially those using brief mode or a minimal selection of fields, it may be desirable to specify a higher page size, so that fewer requests are needed to retrieve all objects. Appending `?limit=0` to the request effectively seeks to disable pagination. (Note, however, that the requested page size cannot exceed the value of [`MAX_PAGE_SIZE`](../configuration/miscellaneous.md#max_page_size), which defaults to 1,000.)
+
+Complex API requests, which pull in many related objects, generate a relatively high load on the application, and generally benefit from reduced page size. If you find that your API requests are taking an inordinate amount of time, try reducing the page size from the default value so that fewer objects need to be returned for each request.
+
+### GraphQL API
+
+NetBox's read-only [GraphQL API](../integrations/graphql-api.md) offers an alternative to its REST API, and provides a very flexible means of retrieving data. GraphQL enables the client to request any object from a single endpoint, specifying only the desired attributes and relations. Many users prefer this to the more rigid structure of the REST API, but it's important to understand the trade-offs of crafting complex queries.
+
+#### Request Only the Necessary Fields
+
+For optimal performance, craft your GraphQL queries to return only the fields needed by the client. This will reduce the overall query time, especially when omitting related objects.
+
+#### Avoid Overly Complex Queries
+
+The primary benefit of the GraphQL API is that it allows the client to offload to the server the work of stitching together various related objects, which would require the client to make multiple requests to different endpoints if using the REST API. However, this advantage does not come for free: The more information that is requested in a single query, the more work the server needs to do to fetch the raw data from the database and render it into a GraphQL response. Very complex queries can yield dozens or hundreds of SQL queries on the backend, which increase the time it takes to render a response.
+
+While it can be tempting to pack as much data as possible into a single GraphQL query, realize that there is a balance to be struck between minimizing the number of queries needed and avoiding complexity in the interest of performance. For example, while it is possible to retrieve via a single GraphQL API request all the IP addresses and all attached cables for every device in a site, it is probably more efficient (often _much_ more efficient) to make two or three separate requests and correlate the data locally.
+
+#### Use Filters
+
+You can specify filters when making a GraphQL query to limit the set of objects returned. This works a bit differently from the REST API, as filters are declared inside the query statement rather than appended to the URL, but the concept is the same. For example, to return only active sites:
+
+```graphql
+query {
+  site_list(
+    filters: {
+      status: STATUS_ACTIVE
+    }
+  ) {
+    name
+  }
+}
+```
+
+This returns only sites with a status of "active" and avoid needing to parse through all the others. For further information about filters, see the [GraphQL API documentation](../integrations/graphql-api.md).
+
+#### Employ Pagination
+
+Like the REST API, the GraphQL API supports pagination. Queries which return a large number of objects should employ pagination to limit the size of each response.
+
+```graphql
+{
+  device_list(
+    pagination: {limit: 100}
+  ) {
+    id
+    name
+    serial
+    status
+  }
+}
+```

docs/configuration/data-validation.md

@@ -17,7 +17,7 @@ CUSTOM_VALIDATORS = {
         },
         "my_plugin.validators.Validator1"
     ],
-    "dim.device": [
+    "dcim.device": [
         "my_plugin.validators.Validator1"
     ]
 }
@@ -87,3 +87,24 @@ The following colors are supported:
 * `gray`
 * `black`
 * `white`
+
+---
+
+## PROTECTION_RULES
+
+!!! tip "Dynamic Configuration Parameter"
+
+This is a mapping of models to [custom validators](../customization/custom-validation.md) against which an object is evaluated immediately prior to its deletion. If validation fails, the object is not deleted. An example is provided below:
+
+```python
+PROTECTION_RULES = {
+    "dcim.site": [
+        {
+            "status": {
+                "eq": "decommissioning"
+            }
+        },
+        "my_plugin.validators.Validator1",
+    ]
+}
+```

docs/configuration/date-time.md

@@ -1,20 +0,0 @@
-# Date & Time Parameters
-
-## TIME_ZONE
-
-Default: UTC
-
-The time zone NetBox will use when dealing with dates and times. It is recommended to use UTC time unless you have a specific need to use a local time zone. Please see the [list of available time zones](https://en.wikipedia.org/wiki/List_of_tz_database_time_zones).
-
-## Date and Time Formatting
-
-You may define custom formatting for date and times. For detailed instructions on writing format strings, please see [the Django documentation](https://docs.djangoproject.com/en/stable/ref/templates/builtins/#date). Default formats are listed below.
-
-```python
-DATE_FORMAT = 'N j, Y'               # June 26, 2016
-SHORT_DATE_FORMAT = 'Y-m-d'          # 2016-06-26
-TIME_FORMAT = 'g:i a'                # 1:23 p.m.
-SHORT_TIME_FORMAT = 'H:i:s'          # 13:23:00
-DATETIME_FORMAT = 'N j, Y g:i a'     # June 26, 2016 1:23 p.m.
-SHORT_DATETIME_FORMAT = 'Y-m-d H:i'  # 2016-06-26 13:23
-```

docs/configuration/default-values.md

@@ -4,7 +4,7 @@
 
 This parameter controls the content and layout of user's default dashboard. Once the dashboard has been created, the user is free to customize it as they please by adding, removing, and reconfiguring widgets.
 
-This parameter must specify an iterable of dictionaries, each representing a discrete dashboard widget and its configuration. The follow widget attributes are supported:
+This parameter must specify an iterable of dictionaries, each representing a discrete dashboard widget and its configuration. The following widget attributes are supported:
 
 * `widget`: Dotted path to the Python class (required)
 * `width`: Default widget width (between 1 and 12, inclusive)
@@ -63,13 +63,15 @@ DEFAULT_USER_PREFERENCES = {
 
 For a complete list of available preferences, log into NetBox and navigate to `/user/preferences/`. A period in a preference name indicates a level of nesting in the JSON data. The example above maps to `pagination.per_page`.
 
+See also: [Clearing table preferences](../features/user-preferences.md#clearing-table-preferences) for resolving errors caused by saved table columns or ordering.
+
 ---
 
 ## PAGINATE_COUNT
 
 !!! tip "Dynamic Configuration Parameter"
 
-Default: 50
+Default: `50`
 
 The default maximum number of objects to display per page within each list of objects.
 
@@ -79,7 +81,7 @@ The default maximum number of objects to display per page within each list of ob
 
 !!! tip "Dynamic Configuration Parameter"
 
-Default: 15
+Default: `15`
 
 The default value for the `amperage` field when creating new power feeds.
 
@@ -89,7 +91,7 @@ The default value for the `amperage` field when creating new power feeds.
 
 !!! tip "Dynamic Configuration Parameter"
 
-Default: 80
+Default: `80`
 
 The default value (percentage) for the `max_utilization` field when creating new power feeds.
 
@@ -99,7 +101,7 @@ The default value (percentage) for the `max_utilization` field when creating new
 
 !!! tip "Dynamic Configuration Parameter"
 
-Default: 120
+Default: `120`
 
 The default value for the `voltage` field when creating new power feeds.
 
@@ -109,7 +111,7 @@ The default value for the `voltage` field when creating new power feeds.
 
 !!! tip "Dynamic Configuration Parameter"
 
-Default: 22
+Default: `22`
 
 Default height (in pixels) of a unit within a rack elevation. For best results, this should be approximately one tenth of `RACK_ELEVATION_DEFAULT_UNIT_WIDTH`.
 
@@ -119,6 +121,6 @@ Default height (in pixels) of a unit within a rack elevation. For best results,
 
 !!! tip "Dynamic Configuration Parameter"
 
-Default: 220
+Default: `220`
 
 Default width (in pixels) of a unit within a rack elevation.

docs/configuration/development.md

@@ -2,10 +2,10 @@
 
 ## DEBUG
 
-Default: False
+Default: `False`
 
 This setting enables debugging. Debugging should be enabled only during development or troubleshooting. Note that only
-clients which access NetBox from a recognized [internal IP address](#internal_ips) will see debugging tools in the user
+clients which access NetBox from a recognized [internal IP address](./system.md#internal_ips) will see debugging tools in the user
 interface.
 
 !!! warning
@@ -16,6 +16,6 @@ interface.
 
 ## DEVELOPER
 
-Default: False
+Default: `False`
 
 This parameter serves as a safeguard to prevent some potentially dangerous behavior, such as generating new database schema migrations. Additionally, enabling this setting disables the debug warning banner in the UI. Set this to `True` **only** if you are actively developing the NetBox code base.

docs/configuration/error-reporting.md

@@ -1,10 +1,35 @@
 # Error Reporting Settings
 
+## SENTRY_CONFIG
+
+A dictionary mapping keyword arguments to values, to be passed to `sentry_sdk.init()`. See the [Sentry Python SDK documentation](https://docs.sentry.io/platforms/python/) for more information on supported parameters.
+
+The default configuration is shown below:
+
+```python
+{
+    "sample_rate": 1.0,
+    "send_default_pii": False,
+    "traces_sample_rate": 0,
+}
+```
+
+Additionally, `http_proxy` and `https_proxy` are set to the HTTP and HTTPS proxies, respectively, configured for NetBox (if any).
+
 ## SENTRY_DSN
 
-Default: None
+!!! warning "This parameter will be removed in NetBox v4.5."
+    Set this using `SENTRY_CONFIG` instead:
 
-Defines a Sentry data source name (DSN) for automated error reporting. `SENTRY_ENABLED` must be True for this parameter to take effect. For example:
+    ```
+    SENTRY_CONFIG = {
+        "dsn": "https://examplePublicKey@o0.ingest.sentry.io/0",
+    }
+    ```
+
+Default: `None`
+
+Defines a Sentry data source name (DSN) for automated error reporting. `SENTRY_ENABLED` must be `True` for this parameter to take effect. For example:
 
 ```
 SENTRY_DSN = "https://examplePublicKey@o0.ingest.sentry.io/0"
@@ -14,20 +39,52 @@ SENTRY_DSN = "https://examplePublicKey@o0.ingest.sentry.io/0"
 
 ## SENTRY_ENABLED
 
-Default: False
+Default: `False`
 
-Set to True to enable automatic error reporting via [Sentry](https://sentry.io/).
+Set to `True` to enable automatic error reporting via [Sentry](https://sentry.io/).
+
+!!! note
+    The `sentry-sdk` Python package is required to enable Sentry integration.
 
 ---
 
 ## SENTRY_SAMPLE_RATE
 
-Default: 1.0 (all)
+!!! warning "This parameter will be removed in NetBox v4.5."
+    Set this using `SENTRY_CONFIG` instead:
+
+    ```
+    SENTRY_CONFIG = {
+        "sample_rate": 0.2,
+    }
+    ```
+
+Default: `1.0` (all)
 
 The sampling rate for errors. Must be a value between 0 (disabled) and 1.0 (report on all errors).
 
 ---
 
+## SENTRY_SEND_DEFAULT_PII
+
+!!! warning "This parameter will be removed in NetBox v4.5."
+    Set this using `SENTRY_CONFIG` instead:
+
+    ```
+    SENTRY_CONFIG = {
+        "send_default_pii": True,
+    }
+    ```
+
+Default: `False`
+
+Maps to the Sentry SDK's [`send_default_pii`](https://docs.sentry.io/platforms/python/configuration/options/#send-default-pii) parameter. If enabled, certain personally identifiable information (PII) is added.
+
+!!! warning "Sensitive data"
+    If you enable this option, be aware that sensitive data such as cookies and authentication tokens will be logged.
+
+---
+
 ## SENTRY_TAGS
 
 An optional dictionary of tag names and values to apply to Sentry error reports.For example:
@@ -46,7 +103,16 @@ SENTRY_TAGS = {
 
 ## SENTRY_TRACES_SAMPLE_RATE
 
-Default: 0 (disabled)
+!!! warning "This parameter will be removed in NetBox v4.5."
+    Set this using `SENTRY_CONFIG` instead:
+
+    ```
+    SENTRY_CONFIG = {
+        "traces_sample_rate": 0.2,
+    }
+    ```
+
+Default: `0` (disabled)
 
 The sampling rate for transactions. Must be a value between 0 (disabled) and 1.0 (report on all transactions).
 

docs/configuration/graphql-api.md

@@ -0,0 +1,17 @@
+# GraphQL API Parameters
+
+## GRAPHQL_ENABLED
+
+!!! tip "Dynamic Configuration Parameter"
+
+Default: `True`
+
+Setting this to `False` will disable the GraphQL API.
+
+---
+
+## GRAPHQL_MAX_ALIASES
+
+Default: `10`
+
+The maximum number of queries that a GraphQL API request may contain.

docs/configuration/index.md

@@ -25,7 +25,7 @@ Some configuration parameters are primarily controlled via NetBox's admin interf
 * [`CUSTOM_VALIDATORS`](./data-validation.md#custom_validators)
 * [`DEFAULT_USER_PREFERENCES`](./default-values.md#default_user_preferences)
 * [`ENFORCE_GLOBAL_UNIQUE`](./miscellaneous.md#enforce_global_unique)
-* [`GRAPHQL_ENABLED`](./miscellaneous.md#graphql_enabled)
+* [`GRAPHQL_ENABLED`](./graphql-api.md#graphql_enabled)
 * [`JOB_RETENTION`](./miscellaneous.md#job_retention)
 * [`MAINTENANCE_MODE`](./miscellaneous.md#maintenance_mode)
 * [`MAPS_URL`](./miscellaneous.md#maps_url)
@@ -46,4 +46,4 @@ The configuration file may be modified at any time. However, the WSGI service (e
 $ sudo systemctl restart netbox
 ```
 
-Configuration parameters which are set via the admin UI (those listed under "dynamic settings") take effect immediately.
+Dynamic configuration parameters (those which can be modified via the UI) take effect immediately.

docs/configuration/miscellaneous.md

@@ -33,9 +33,6 @@ This defines custom content to be displayed on the login page above the login fo
 
 !!! tip "Dynamic Configuration Parameter"
 
-!!! note
-    This parameter was added in NetBox v3.5.
-
 This adds a banner to the top of every page when maintenance mode is enabled. HTML is allowed.
 
 ---
@@ -58,9 +55,9 @@ Sets content for the top banner in the user interface.
 
 ## CENSUS_REPORTING_ENABLED
 
-Default: True
+Default: `True`
 
-Enables anonymous census reporting. To opt out of census reporting, set this to False.
+Enables anonymous census reporting. To opt out of census reporting, set this to `False`.
 
 This data enables the project maintainers to estimate how many NetBox deployments exist and track the adoption of new versions over time. Census reporting effects a single HTTP request each time a worker starts. The only data reported by this function are the NetBox version, Python version, and a pseudorandom unique identifier.
 
@@ -70,7 +67,7 @@ This data enables the project maintainers to estimate how many NetBox deployment
 
 !!! tip "Dynamic Configuration Parameter"
 
-Default: 90
+Default: `90`
 
 The number of days to retain logged changes (object creations, updates, and deletions). Set this to `0` to retain
 changes in the database indefinitely.
@@ -80,6 +77,17 @@ changes in the database indefinitely.
 
 ---
 
+## CHANGELOG_SKIP_EMPTY_CHANGES
+
+Default: `True`
+
+If enabled, a change log record will not be created when an object is updated without any changes to its existing field values.
+
+!!! note
+    The object's `last_updated` field will always reflect the time of the most recent update, regardless of this parameter.
+
+---
+
 ## DATA_UPLOAD_MAX_MEMORY_SIZE
 
 Default: `2621440` (2.5 MB)
@@ -92,9 +100,17 @@ The maximum size (in bytes) of an incoming HTTP request (i.e. `GET` or `POST` da
 
 !!! tip "Dynamic Configuration Parameter"
 
-Default: False
+Default: `True`
 
-By default, NetBox will permit users to create duplicate prefixes and IP addresses in the global table (that is, those which are not assigned to any VRF). This behavior can be disabled by setting `ENFORCE_GLOBAL_UNIQUE` to True.
+By default, NetBox will prevent the creation of duplicate prefixes and IP addresses in the global table (that is, those which are not assigned to any VRF). This validation can be disabled by setting `ENFORCE_GLOBAL_UNIQUE` to `False`.
+
+---
+
+## EVENTS_PIPELINE
+
+Default: `['extras.events.process_event_queue',]`
+
+NetBox will call dotted paths to the functions listed here for events (create, update, delete) on models as well as when custom EventRules are fired.
 
 ---
 
@@ -106,24 +122,11 @@ The maximum amount (in bytes) of uploaded data that will be held in memory befor
 
 ---
 
-## GRAPHQL_ENABLED
-
-!!! tip "Dynamic Configuration Parameter"
-
-Default: True
-
-Setting this to False will disable the GraphQL API.
-
----
-
 ## JOB_RETENTION
 
 !!! tip "Dynamic Configuration Parameter"
 
-!!! note
-    This parameter was renamed from `JOBRESULT_RETENTION` in NetBox v3.5.
-
-Default: 90
+Default: `90`
 
 The number of days to retain job results (scripts and reports). Set this to `0` to retain job results in the database indefinitely.
 
@@ -136,9 +139,9 @@ The number of days to retain job results (scripts and reports). Set this to `0`
 
 !!! tip "Dynamic Configuration Parameter"
 
-Default: False
+Default: `False`
 
-Setting this to True will display a "maintenance mode" banner at the top of every page. Additionally, NetBox will no longer update a user's "last active" time upon login. This is to allow new logins when the database is in a read-only state. Recording of login times will resume when maintenance mode is disabled.
+Setting this to `True` will display a "maintenance mode" banner at the top of every page. Additionally, NetBox will no longer update a user's "last active" time upon login. This is to allow new logins when the database is in a read-only state. Recording of login times will resume when maintenance mode is disabled.
 
 ---
 
@@ -156,7 +159,7 @@ This specifies the URL to use when presenting a map of a physical location by st
 
 !!! tip "Dynamic Configuration Parameter"
 
-Default: 1000
+Default: `1000`
 
 A web user or API consumer can request an arbitrary number of objects by appending the "limit" parameter to the URL (e.g. `?limit=1000`). This parameter defines the maximum acceptable limit. Setting this to `0` or `None` will allow a client to retrieve _all_ matching objects at once with no limit by specifying `?limit=0`.
 
@@ -164,7 +167,7 @@ A web user or API consumer can request an arbitrary number of objects by appendi
 
 ## METRICS_ENABLED
 
-Default: False
+Default: `False`
 
 Toggle the availability Prometheus-compatible metrics at `/metrics`. See the [Prometheus Metrics](../integrations/prometheus-metrics.md) documentation for more details.
 
@@ -174,9 +177,9 @@ Toggle the availability Prometheus-compatible metrics at `/metrics`. See the [Pr
 
 !!! tip "Dynamic Configuration Parameter"
 
-Default: False
+Default: `False`
 
-When determining the primary IP address for a device, IPv6 is preferred over IPv4 by default. Set this to True to prefer IPv4 instead.
+When determining the primary IP address for a device, IPv6 is preferred over IPv4 by default. Set this to `True` to prefer IPv4 instead.
 
 ---
 
@@ -198,7 +201,7 @@ If no queue is defined the queue named `default` will be used.
 
 ## RELEASE_CHECK_URL
 
-Default: None (disabled)
+Default: `None` (disabled)
 
 This parameter defines the URL of the repository that will be checked for new NetBox releases. When a new release is detected, a message will be displayed to administrative users on the home page. This can be set to the official repository (`'https://api.github.com/repos/netbox-community/netbox/releases'`) or a custom fork. Set this to `None` to disable automatic update checks.
 
@@ -217,9 +220,6 @@ The maximum execution time of a background task (such as running a custom script
 
 ## RQ_RETRY_INTERVAL
 
-!!! note
-    This parameter was added in NetBox v3.5.
-
 Default: `60`
 
 This parameter controls how frequently a failed job is retried, up to the maximum number of times specified by `RQ_RETRY_MAX`. This must be either an integer specifying the number of seconds to wait between successive attempts, or a list of such values. For example, `[60, 300, 3600]` will retry the task after 1 minute, 5 minutes, and 1 hour.
@@ -228,9 +228,18 @@ This parameter controls how frequently a failed job is retried, up to the maximu
 
 ## RQ_RETRY_MAX
 
-!!! note
-    This parameter was added in NetBox v3.5.
-
 Default: `0` (retries disabled)
 
 The maximum number of times a background task will be retried before being marked as failed.
+
+## DISK_BASE_UNIT
+
+Default: `1000`
+
+The base unit for disk sizes. Set this to `1024` to use binary prefixes (MiB, GiB, etc.) instead of decimal prefixes (MB, GB, etc.).
+
+## RAM_BASE_UNIT
+
+Default: `1000`
+
+The base unit for RAM sizes. Set this to `1024` to use binary prefixes (MiB, GiB, etc.) instead of decimal prefixes (MB, GB, etc.).

docs/configuration/plugins.md

@@ -2,7 +2,7 @@
 
 ## PLUGINS
 
-Default: Empty
+Default: `[]`
 
 A list of installed [NetBox plugins](../plugins/index.md) to enable. Plugins will not take effect unless they are listed here.
 
@@ -13,7 +13,7 @@ A list of installed [NetBox plugins](../plugins/index.md) to enable. Plugins wil
 
 ## PLUGINS_CONFIG
 
-Default: Empty
+Default: `[]`
 
 This parameter holds configuration settings for individual NetBox plugins. It is defined as a dictionary, with each key using the name of an installed plugin. The specific parameters supported are unique to each plugin: Reference the plugin's documentation to determine the supported parameters. An example configuration is shown below:
 
@@ -33,3 +33,21 @@ Note that a plugin must be listed in `PLUGINS` for its configuration to take eff
 
 ---
 
+## PLUGINS_CATALOG_CONFIG
+
+Default: `{}` (Empty)
+
+This parameter controls how individual plugins are displayed in the plugins catalog under Admin > System > Plugins. Adding a plugin to the `hidden` list will omit that plugin from the catalog. Adding a plugin to the `static` list will display the plugin, but not link to the plugin details or upgrade instructions.
+
+An example configuration is shown below:
+
+```python
+PLUGINS_CATALOG_CONFIG = {
+    'hidden': [
+        'plugin1',
+    ],
+    'static': [
+        'plugin2',
+    ],
+}
+```

docs/configuration/remote-authentication.md

@@ -1,6 +1,6 @@
 # Remote Authentication Settings
 
-The configuration parameters listed here control remote authentication for NetBox. Note that `REMOTE_AUTH_ENABLED` must be true in order for these settings to take effect.
+The configuration parameters listed here control remote authentication for NetBox. Note that `REMOTE_AUTH_ENABLED` must be `True` in order for these settings to take effect.
 
 ---
 
@@ -8,7 +8,7 @@ The configuration parameters listed here control remote authentication for NetBo
 
 Default: `False`
 
-If true, NetBox will automatically create groups specified in the `REMOTE_AUTH_GROUP_HEADER` header if they don't already exist. (Requires `REMOTE_AUTH_ENABLED`.)
+If `True`, NetBox will automatically create groups specified in the `REMOTE_AUTH_GROUP_HEADER` header if they don't already exist. (Requires `REMOTE_AUTH_ENABLED`.)
 
 ---
 
@@ -16,7 +16,7 @@ If true, NetBox will automatically create groups specified in the `REMOTE_AUTH_G
 
 Default: `False`
 
-If true, NetBox will automatically create local accounts for users authenticated via a remote service. (Requires `REMOTE_AUTH_ENABLED`.)
+If `True`, NetBox will automatically create local accounts for users authenticated via a remote service. (Requires `REMOTE_AUTH_ENABLED`.)
 
 ---
 
@@ -43,7 +43,7 @@ The list of groups to assign a new user account when created using remote authen
 
 Default: `{}` (Empty dictionary)
 
-A mapping of permissions to assign a new user account when created using remote authentication. Each key in the dictionary should be set to a dictionary of the attributes to be applied to the permission, or `None` to allow all objects. (Requires `REMOTE_AUTH_ENABLED` as True and `REMOTE_AUTH_GROUP_SYNC_ENABLED` as False.)
+A mapping of permissions to assign a new user account when created using remote authentication. Each key in the dictionary should be set to a dictionary of the attributes to be applied to the permission, or `None` to allow all objects. (Requires `REMOTE_AUTH_ENABLED` as `True` and `REMOTE_AUTH_GROUP_SYNC_ENABLED` as `False`.)
 
 ---
 
@@ -67,7 +67,7 @@ When remote user authentication is in use, this is the name of the HTTP header w
 
 Default: `|` (Pipe)
 
-The Seperator upon which `REMOTE_AUTH_GROUP_HEADER` gets split into individual Groups. This needs to be coordinated with your authentication Proxy. (Requires `REMOTE_AUTH_ENABLED` and `REMOTE_AUTH_GROUP_SYNC_ENABLED` )
+The Separator upon which `REMOTE_AUTH_GROUP_HEADER` gets split into individual Groups. This needs to be coordinated with your authentication Proxy. (Requires `REMOTE_AUTH_ENABLED` and `REMOTE_AUTH_GROUP_SYNC_ENABLED` )
 
 ---
 
@@ -85,6 +85,9 @@ Default: `'HTTP_REMOTE_USER'`
 
 When remote user authentication is in use, this is the name of the HTTP header which informs NetBox of the currently authenticated user. For example, to use the request header `X-Remote-User` it needs to be set to `HTTP_X_REMOTE_USER`. (Requires `REMOTE_AUTH_ENABLED`.)
 
+!!! warning Verify Header Compatibility
+    Some WSGI servers may drop headers which contain unsupported characters. For instance, gunicorn v22.0 and later silently drops HTTP headers containing underscores. This behavior can be disabled by changing gunicorn's [`header_map`](https://docs.gunicorn.org/en/stable/settings.html#header-map) setting to `dangerous`.
+
 ---
 
 ## REMOTE_AUTH_USER_EMAIL
@@ -124,19 +127,3 @@ The list of groups that promote an remote User to Superuser on Login. If group i
 Default: `[]` (Empty list)
 
 The list of users that get promoted to Superuser on Login. If user isn't present in list on next Login, the Role gets revoked. (Requires `REMOTE_AUTH_ENABLED` and `REMOTE_AUTH_GROUP_SYNC_ENABLED` )
-
----
-
-## REMOTE_AUTH_STAFF_GROUPS
-
-Default: `[]` (Empty list)
-
-The list of groups that promote an remote User to Staff on Login. If group isn't present on next Login, the Role gets revoked. (Requires `REMOTE_AUTH_ENABLED` and `REMOTE_AUTH_GROUP_SYNC_ENABLED` )
-
----
-
-## REMOTE_AUTH_STAFF_USERS
-
-Default: `[]` (Empty list)
-
-The list of users that get promoted to Staff on Login. If user isn't present in list on next Login, the Role gets revoked. (Requires `REMOTE_AUTH_ENABLED` and `REMOTE_AUTH_GROUP_SYNC_ENABLED` )

docs/configuration/required-parameters.md

@@ -2,12 +2,12 @@
 
 ## ALLOWED_HOSTS
 
-This is a list of valid fully-qualified domain names (FQDNs) and/or IP addresses that can be used to reach the NetBox service. Usually this is the same as the hostname for the NetBox server, but can also be different; for example, when using a reverse proxy serving the NetBox website under a different FQDN than the hostname of the NetBox server. To help guard against [HTTP Host header attackes](https://docs.djangoproject.com/en/3.0/topics/security/#host-headers-virtual-hosting), NetBox will not permit access to the server via any other hostnames (or IPs).
+This is a list of valid fully-qualified domain names (FQDNs) and/or IP addresses that can be used to reach the NetBox service. Usually this is the same as the hostname for the NetBox server, but can also be different; for example, when using a reverse proxy serving the NetBox website under a different FQDN than the hostname of the NetBox server. To help guard against [HTTP Host header attacks](https://docs.djangoproject.com/en/stable/topics/security/#host-headers-virtual-hosting), NetBox will not permit access to the server via any other hostnames (or IPs).
 
 !!! note
     This parameter must always be defined as a list or tuple, even if only a single value is provided.
 
-The value of this option is also used to set `CSRF_TRUSTED_ORIGINS`, which restricts POST requests to the same set of hosts (more about this [here](https://docs.djangoproject.com/en/stable/ref/settings/#std:setting-CSRF_TRUSTED_ORIGINS)). Keep in mind that NetBox, by default, sets `USE_X_FORWARDED_HOST` to true, which means that if you're using a reverse proxy, it's the FQDN used to reach that reverse proxy which needs to be in this list (more about this [here](https://docs.djangoproject.com/en/stable/ref/settings/#allowed-hosts)).
+The value of this option is also used to set `CSRF_TRUSTED_ORIGINS`, which restricts POST requests to the same set of hosts (more about this [here](https://docs.djangoproject.com/en/stable/ref/settings/#std:setting-CSRF_TRUSTED_ORIGINS)). Keep in mind that NetBox, by default, sets `USE_X_FORWARDED_HOST` to `True`, which means that if you're using a reverse proxy, it's the FQDN used to reach that reverse proxy which needs to be in this list (more about this [here](https://docs.djangoproject.com/en/stable/ref/settings/#allowed-hosts)).
 
 Example:
 
@@ -23,9 +23,55 @@ ALLOWED_HOSTS = ['*']
 
 ---
 
+## API_TOKEN_PEPPERS
+
+!!! info "This parameter was introduced in NetBox v4.5."
+
+[Cryptographic peppers](https://en.wikipedia.org/wiki/Pepper_(cryptography)) are employed to generate hashes of sensitive values on the server. This parameter defines the peppers used to hash v2 API tokens in NetBox. You must define at least one pepper before creating a v2 API token. See the [API documentation](../integrations/rest-api.md#authentication) for further information about how peppers are used.
+
+```python
+API_TOKEN_PEPPERS = {
+    # DO NOT USE THIS EXAMPLE PEPPER IN PRODUCTION
+    1: 'kp7ht*76fiQAhUi5dHfASLlYUE_S^gI^(7J^K5M!LfoH@vl&b_',
+}
+```
+
+!!! warning "Peppers are sensitive"
+    Treat pepper values as extremely sensitive. Consider populating peppers from environment variables at initialization time rather than defining them in the configuration file, if feasible. 
+
+Peppers must be at least 50 characters in length and should comprise a random string with a diverse character set. Consider using the Python script at `$INSTALL_ROOT/netbox/generate_secret_key.py` to generate a pepper value.
+
+It is recommended to start with a pepper ID of `1`. Additional peppers can be introduced later as needed to begin rotating token hashes.
+
+!!! tip
+    Although NetBox will run without `API_TOKEN_PEPPERS` defined, the use of v2 API tokens will be unavailable.
+
+---
+
 ## DATABASE
 
-NetBox requires access to a PostgreSQL 12 or later database service to store data. This service can run locally on the NetBox server or on a remote system. The following parameters must be defined within the `DATABASE` dictionary:
+!!! warning "Legacy Configuration Parameter"
+    The `DATABASE` configuration parameter is deprecated and will be removed in a future release. Users are advised to adopt the new `DATABASES` (plural) parameter, which allows for the configuration of multiple databases.
+
+See the [`DATABASES`](#databases) configuration below for usage.
+
+---
+
+## DATABASES
+
+NetBox requires access to a PostgreSQL 14 or later database service to store data. This service can run locally on the NetBox server or on a remote system. Databases are defined as named dictionaries:
+
+```python
+DATABASES = {
+    'default': {...},
+    'external1': {...},
+    'external2': {...},
+}
+```
+
+NetBox itself requires only that a `default` database is defined. However, certain plugins may require the configuration of additional databases. (Consider also configuring the [`DATABASE_ROUTERS`](./system.md#database_routers) parameter when multiple databases are in use.)
+
+The following parameters must be defined for each database:
 
 * `NAME` - Database name
 * `USER` - PostgreSQL username
@@ -38,14 +84,16 @@ NetBox requires access to a PostgreSQL 12 or later database service to store dat
 Example:
 
 ```python
-DATABASE = {
-    'ENGINE': 'django.db.backends.postgresql',
-    'NAME': 'netbox',               # Database name
-    'USER': 'netbox',               # PostgreSQL username
-    'PASSWORD': 'J5brHrAXFLQSif0K', # PostgreSQL password
-    'HOST': 'localhost',            # Database server
-    'PORT': '',                     # Database port (leave blank for default)
-    'CONN_MAX_AGE': 300,            # Max database connection age
+DATABASES = {
+    'default': {
+        'ENGINE': 'django.db.backends.postgresql',
+        'NAME': 'netbox',               # Database name
+        'USER': 'netbox',               # PostgreSQL username
+        'PASSWORD': 'J5brHrAXFLQSif0K', # PostgreSQL password
+        'HOST': 'localhost',            # Database server
+        'PORT': '',                     # Database port (leave blank for default)
+        'CONN_MAX_AGE': 300,            # Max database connection age
+    }
 }
 ```
 
@@ -53,16 +101,13 @@ DATABASE = {
     NetBox supports all PostgreSQL database options supported by the underlying Django framework. For a complete list of available parameters, please see [the Django documentation](https://docs.djangoproject.com/en/stable/ref/settings/#databases).
 
 !!! warning
-    Make sure to use a PostgreSQL-compatible backend for the ENGINE setting. If you don't specify an ENGINE, the default will be django.db.backends.postgresql.
+    The `ENGINE` parameter must specify a PostgreSQL-compatible database backend. If not defined, the default engine `django.db.backends.postgresql` will be used.
 
 ---
 
 ## REDIS
 
-[Redis](https://redis.io/) is an in-memory data store similar to memcached. While Redis has been an optional component of
-NetBox since the introduction of webhooks in version 2.4, it is required starting in 2.6 to support NetBox's caching
-functionality (as well as other planned features). In 2.7, the connection settings were broken down into two sections for
-task queuing and caching, allowing the user to connect to different Redis instances/databases per feature.
+[Redis](https://redis.io/) is a lightweight in-memory data store similar to memcached. NetBox employs Redis for background task queuing and other features.
 
 Redis is configured using a configuration setting similar to `DATABASE` and these settings are the same for both of the `tasks` and `caching` subsections:
 
@@ -81,7 +126,7 @@ REDIS = {
     'tasks': {
         'HOST': 'redis.example.com',
         'PORT': 1234,
-        'USERNAME': 'netbox'
+        'USERNAME': 'netbox',
         'PASSWORD': 'foobar',
         'DATABASE': 0,
         'SSL': False,
@@ -89,7 +134,7 @@ REDIS = {
     'caching': {
         'HOST': 'localhost',
         'PORT': 6379,
-        'USERNAME': ''
+        'USERNAME': '',
         'PASSWORD': '',
         'DATABASE': 1,
         'SSL': False,
@@ -97,15 +142,25 @@ REDIS = {
 }
 ```
 
-!!! note
-    If you are upgrading from a NetBox release older than v2.7.0, please note that the Redis connection configuration
-    settings have changed. Manual modification to bring the `REDIS` section inline with the above specification is
-    necessary
-
 !!! warning
     It is highly recommended to keep the task and cache databases separate. Using the same database number on the
     same Redis instance for both may result in queued background tasks being lost during cache flushing events.
 
+### UNIX Socket Support
+
+Redis may alternatively be configured by specifying a complete URL instead of individual components. This approach supports the use of a UNIX socket connection. For example:
+
+```python
+REDIS = {
+    'tasks': {
+        'URL': 'unix:///run/redis-netbox/redis.sock?db=0'
+    },
+    'caching': {
+        'URL': 'unix:///run/redis-netbox/redis.sock?db=1'
+    },
+}
+```
+
 ### Using Redis Sentinel
 
 If you are using [Redis Sentinel](https://redis.io/topics/sentinel) for high-availability purposes, there is minimal 

docs/configuration/security.md

@@ -1,13 +1,5 @@
 # Security & Authentication Parameters
 
-## ALLOW_TOKEN_RETRIEVAL
-
-Default: True
-
-If disabled, the values of API tokens will not be displayed after each token's initial creation. A user **must** record the value of a token prior to its creation, or it will be lost. Note that this affects _all_ users, regardless of assigned permissions.
-
----
-
 ## ALLOWED_URL_SCHEMES
 
 !!! tip "Dynamic Configuration Parameter"
@@ -20,26 +12,36 @@ A list of permitted URL schemes referenced when rendering links within NetBox. N
 
 ## AUTH_PASSWORD_VALIDATORS
 
-This parameter acts as a pass-through for configuring Django's built-in password validators for local user accounts. If configured, these will be applied whenever a user's password is updated to ensure that it meets minimum criteria such as length or complexity. An example is provided below. For more detail on the available options, please see [the Django documentation](https://docs.djangoproject.com/en/stable/topics/auth/passwords/#password-validation).
+This parameter acts as a pass-through for configuring Django's built-in password validators for local user accounts. These rules are applied whenever a user's password is created or updated to ensure that it meets minimum criteria such as length or complexity. The default configuration is shown below.
 
 ```python
 AUTH_PASSWORD_VALIDATORS = [
     {
-        'NAME': 'django.contrib.auth.password_validation.MinimumLengthValidator',
-        'OPTIONS': {
-            'min_length': 10,
-        }
+        "NAME": "django.contrib.auth.password_validation.MinimumLengthValidator",
+        "OPTIONS": {
+            "min_length": 12,
+        },
+    },
+    {
+        "NAME": "utilities.password_validation.AlphanumericPasswordValidator",
     },
 ]
 ```
 
+The default configuration enforces the follow criteria:
+
+* A password must be at least 12 characters in length.
+* A password must have at least one uppercase letter, one lowercase letter, and one numeric digit.
+
+Although it is not recommended, the default validation rules can be disabled by setting `AUTH_PASSWORD_VALIDATORS = []` in the configuration file. For more detail on customizing password validation, please see [the Django documentation](https://docs.djangoproject.com/en/stable/topics/auth/passwords/#password-validation).
+
 ---
 
 ## CORS_ORIGIN_ALLOW_ALL
 
-Default: False
+Default: `False`
 
-If True, cross-origin resource sharing (CORS) requests will be accepted from all origins. If False, a whitelist will be used (see below).
+If `True`, cross-origin resource sharing (CORS) requests will be accepted from all origins. If False, a whitelist will be used (see below).
 
 ---
 
@@ -49,7 +51,7 @@ If True, cross-origin resource sharing (CORS) requests will be accepted from all
 
 These settings specify a list of origins that are authorized to make cross-site API requests. Use
 `CORS_ORIGIN_WHITELIST` to define a list of exact hostnames, or `CORS_ORIGIN_REGEX_WHITELIST` to define a set of regular 
-expressions. (These settings have no effect if `CORS_ORIGIN_ALLOW_ALL` is True.) For example:
+expressions. (These settings have no effect if `CORS_ORIGIN_ALLOW_ALL` is `True`.) For example:
 
 ```python
 CORS_ORIGIN_WHITELIST = [
@@ -69,9 +71,9 @@ The name of the cookie to use for the cross-site request forgery (CSRF) authenti
 
 ## CSRF_COOKIE_SECURE
 
-Default: False
+Default: `False`
 
-If true, the cookie employed for cross-site request forgery (CSRF) protection will be marked as secure, meaning that it can only be sent across an HTTPS connection.
+If `True`, the cookie employed for cross-site request forgery (CSRF) protection will be marked as secure, meaning that it can only be sent across an HTTPS connection.
 
 ---
 
@@ -79,7 +81,7 @@ If true, the cookie employed for cross-site request forgery (CSRF) protection wi
 
 Default: `[]`
 
-Defines a list of trusted origins for unsafe (e.g. `POST`) requests. This is a pass-through to Django's [`CSRF_TRUSTED_ORIGINS`](https://docs.djangoproject.com/en/4.0/ref/settings/#std:setting-CSRF_TRUSTED_ORIGINS) setting. Note that each host listed must specify a scheme (e.g. `http://` or `https://).
+Defines a list of trusted origins for unsafe (e.g. `POST`) requests. This is a pass-through to Django's [`CSRF_TRUSTED_ORIGINS`](https://docs.djangoproject.com/en/stable/ref/settings/#csrf-trusted-origins) setting. Note that each host listed must specify a scheme (e.g. `http://` or `https://).
 
 ```python
 CSRF_TRUSTED_ORIGINS = (
@@ -92,8 +94,6 @@ CSRF_TRUSTED_ORIGINS = (
 
 ## DEFAULT_PERMISSIONS
 
-!!! info "This parameter was introduced in NetBox v3.6."
-
 Default:
 
 ```python
@@ -124,7 +124,7 @@ DEFAULT_PERMISSIONS = {
 
 ## EXEMPT_VIEW_PERMISSIONS
 
-Default: Empty list
+Default: `[]` (Empty list)
 
 A list of NetBox models to exempt from the enforcement of view permissions. Models listed here will be viewable by all users, both authenticated and anonymous.
 
@@ -151,9 +151,9 @@ EXEMPT_VIEW_PERMISSIONS = ['*']
 
 ## LOGIN_PERSISTENCE
 
-Default: False
+Default: `False`
 
-If true, the lifetime of a user's authentication session will be automatically reset upon each valid request. For example, if [`LOGIN_TIMEOUT`](#login_timeout) is configured to 14 days (the default), and a user whose session is due to expire in five days makes a NetBox request (with a valid session cookie), the session's lifetime will be reset to 14 days.
+If `True`, the lifetime of a user's authentication session will be automatically reset upon each valid request. For example, if [`LOGIN_TIMEOUT`](#login_timeout) is configured to 14 days (the default), and a user whose session is due to expire in five days makes a NetBox request (with a valid session cookie), the session's lifetime will be reset to 14 days.
 
 Note that enabling this setting causes NetBox to update a user's session in the database (or file, as configured per [`SESSION_FILE_PATH`](#session_file_path)) with each request, which may introduce significant overhead in very active environments. It also permits an active user to remain authenticated to NetBox indefinitely.
 
@@ -161,20 +161,34 @@ Note that enabling this setting causes NetBox to update a user's session in the
 
 ## LOGIN_REQUIRED
 
-Default: False
+Default: `True`
 
-Setting this to True will permit only authenticated users to access any part of NetBox. By default, anonymous users are permitted to access most data in NetBox but not make any changes.
+When enabled, only authenticated users are permitted to access any part of NetBox. Disabling this will allow unauthenticated users to access most areas of NetBox (but not make any changes).
+
+!!! info "Changed in NetBox v4.0.2"
+    Prior to NetBox v4.0.2, this setting was disabled by default.
 
 ---
 
 ## LOGIN_TIMEOUT
 
-Default: 1209600 seconds (14 days)
+Default: `1209600` seconds (14 days)
 
 The lifetime (in seconds) of the authentication cookie issued to a NetBox user upon login.
 
 ---
 
+## LOGIN_FORM_HIDDEN
+
+Default: `False`
+
+Option to hide the login form when only SSO authentication is in use. 
+
+!!! warning
+    If the SSO provider is unreachable, login to NetBox will be impossible if this option is enabled. The only recourse is to disable it in the local configuration and restart the NetBox service.
+
+---
+
 ## LOGOUT_REDIRECT_URL
 
 Default: `'home'`
@@ -183,11 +197,35 @@ The view name or URL to which a user is redirected after logging out.
 
 ---
 
+## SECURE_HSTS_INCLUDE_SUBDOMAINS
+
+Default: `False`
+
+If `True`, the `includeSubDomains` directive will be included in the HTTP Strict Transport Security (HSTS) header. This directive instructs the browser to apply the HSTS policy to all subdomains of the current domain.
+
+---
+
+## SECURE_HSTS_PRELOAD
+
+Default: `False`
+
+If `True`, the `preload` directive will be included in the HTTP Strict Transport Security (HSTS) header. This directive instructs the browser to preload the site in HTTPS. Browsers that use the HSTS preload list will force the site to be accessed via HTTPS even if the user types HTTP in the address bar.
+
+---
+
+## SECURE_HSTS_SECONDS
+
+Default: `0`
+
+If set to a non-zero integer value, the SecurityMiddleware sets the HTTP Strict Transport Security (HSTS) header on all responses that do not already have it. This will instruct the browser that the website must be accessed via HTTPS, blocking any HTTP request.
+
+---
+
 ## SECURE_SSL_REDIRECT
 
-Default: False
+Default: `False`
 
-If true, all non-HTTPS requests will be automatically redirected to use HTTPS.
+If `True`, all non-HTTPS requests will be automatically redirected to use HTTPS.
 
 !!! warning
     Ensure that your frontend HTTP daemon has been configured to forward the HTTP scheme correctly before enabling this option. An incorrectly configured frontend may result in a looping redirect.
@@ -204,14 +242,14 @@ The name used for the session cookie. See the [Django documentation](https://doc
 
 ## SESSION_COOKIE_SECURE
 
-Default: False
+Default: `False`
 
-If true, the cookie employed for session authentication will be marked as secure, meaning that it can only be sent across an HTTPS connection.
+If `True`, the cookie employed for session authentication will be marked as secure, meaning that it can only be sent across an HTTPS connection.
 
 ---
 
 ## SESSION_FILE_PATH
 
-Default: None
+Default: `None`
 
 HTTP session data is used to track authenticated users when they access NetBox. By default, NetBox stores session data in its PostgreSQL database. However, this inhibits authentication to a standby instance of NetBox without write access to the database. Alternatively, a local file path may be specified here and NetBox will store session data as files instead of using the database. Note that the NetBox system user must have read and write permissions to this path.

docs/configuration/system.md

@@ -2,7 +2,7 @@
 
 ## BASE_PATH
 
-Default: None
+Default: `None`
 
 The base URL path to use when accessing NetBox. Do not include the scheme or domain name. For example, if installed at https://example.com/netbox/, set:
 
@@ -12,14 +12,19 @@ BASE_PATH = 'netbox/'
 
 ---
 
+## DATABASE_ROUTERS
+
+Default: `[]` (empty list)
+
+An iterable of [database routers](https://docs.djangoproject.com/en/stable/topics/db/multi-db/) to use for automatically selecting the appropriate database(s) for a query. This is useful only when [multiple databases](./required-parameters.md#databases) have been configured.
+
+---
+
 ## DEFAULT_LANGUAGE
 
 Default: `en-us` (US English)
 
-Defines the default preferred language/locale for requests that do not specify one. This is used to alter e.g. the display of dates and numbers to fit the user's locale. See [this list](http://www.i18nguy.com/unicode/language-identifiers.html) of standard language codes. (This parameter maps to Django's [`LANGUAGE_CODE`](https://docs.djangoproject.com/en/stable/ref/settings/#language-code) internal setting.)
-
-!!! note
-    Altering this parameter will *not* change the language used in NetBox. We hope to provide translation support in a future NetBox release.
+Defines the default preferred language/locale for requests that do not specify one. (This parameter maps to Django's [`LANGUAGE_CODE`](https://docs.djangoproject.com/en/stable/ref/settings/#language-code) internal setting.)
 
 ---
 
@@ -65,25 +70,19 @@ Email is sent from NetBox only for critical events or if configured for [logging
 
 ---
 
-## ENABLE_LOCALIZATION
+## HOSTNAME
 
-Default: False
+!!! info "This parameter was introduced in NetBox v4.4."
 
-Determines if localization features are enabled or not. This should only be enabled for development or testing purposes as netbox is not yet fully localized. Turning this on will localize numeric and date formats (overriding what is set for DATE_FORMAT) based on the browser locale as well as translate certain strings from third party modules.
+Default: System hostname
 
----
-
-## GIT_PATH
-
-Default: `git`
-
-The system path to the `git` executable, used by the synchronization backend for remote git repositories.
+The hostname displayed in the user interface identifying the system on which NetBox is running. If not defined, this defaults to the system hostname as reported by Python's `platform.node()`.
 
 ---
 
 ## HTTP_PROXIES
 
-Default: None
+Default: `None`
 
 A dictionary of HTTP proxies to use for outbound requests originating from NetBox (e.g. when sending webhook requests). Proxies should be specified by schema (HTTP and HTTPS) as per the [Python requests library documentation](https://requests.readthedocs.io/en/latest/user/advanced/#proxies). For example:
 
@@ -94,6 +93,8 @@ HTTP_PROXIES = {
 }
 ```
 
+If more flexibility is needed in determining which proxy to use for a given request, consider implementing one or more custom proxy routers via the [`PROXY_ROUTERS`](#proxy_routers) parameter.
+
 ---
 
 ## INTERNAL_IPS
@@ -102,7 +103,18 @@ Default: `('127.0.0.1', '::1')`
 
 A list of IP addresses recognized as internal to the system, used to control the display of debugging output. For
 example, the debugging toolbar will be viewable only when a client is accessing NetBox from one of the listed IP
-addresses (and [`DEBUG`](#debug) is true).
+addresses (and [`DEBUG`](./development.md#debug) is `True`).
+
+---
+
+## ISOLATED_DEPLOYMENT
+
+Default: `False`
+
+Set this configuration parameter to `True` for NetBox deployments which do not have Internet access. This will disable miscellaneous functionality which depends on access to the Internet.
+
+!!! note
+    If Internet access is available via a proxy, set [`HTTP_PROXIES`](#http_proxies) instead.
 
 ---
 
@@ -110,7 +122,7 @@ addresses (and [`DEBUG`](#debug) is true).
 
 Default: `{}`
 
-A dictionary of custom jinja2 filters with the key being the filter name and the value being a callable. For more information see the [Jinja2 documentation](https://jinja.palletsprojects.com/en/3.1.x/api/#custom-filters). For example:
+A dictionary of custom Jinja2 filters with the key being the filter name and the value being a callable. For more information see the [Jinja2 documentation](https://jinja.palletsprojects.com/en/3.1.x/api/#custom-filters). For example:
 
 ```python
 def uppercase(x):
@@ -125,7 +137,7 @@ JINJA2_FILTERS = {
 
 ## LOGGING
 
-By default, all messages of INFO severity or higher will be logged to the console. Additionally, if [`DEBUG`](#debug) is False and email access has been configured, ERROR and CRITICAL messages will be emailed to the users defined in [`ADMINS`](#admins).
+By default, all messages of INFO severity or higher will be logged to the console. Additionally, if [`DEBUG`](./development.md#debug) is False and email access has been configured, ERROR and CRITICAL messages will be emailed to the users defined in [`ADMINS`](./miscellaneous.md#admins).
 
 The Django framework on which NetBox runs allows for the customization of logging format and destination. Please consult the [Django logging documentation](https://docs.djangoproject.com/en/stable/topics/logging/) for more information on configuring this setting. Below is an example which will write all INFO and higher messages to a local file:
 
@@ -154,6 +166,8 @@ LOGGING = {
 * `netbox.<app>.<model>` - Generic form for model-specific log messages
 * `netbox.auth.*` - Authentication events
 * `netbox.api.views.*` - Views which handle business logic for the REST API
+* `netbox.event_rules` - Event rules
+* `netbox.jobs.*` - Background jobs
 * `netbox.reports.*` - Report execution (`module.name`)
 * `netbox.scripts.*` - Custom script execution (`module.name`)
 * `netbox.views.*` - Views which handle business logic for the web UI
@@ -162,12 +176,22 @@ LOGGING = {
 
 ## MEDIA_ROOT
 
-Default: $INSTALL_ROOT/netbox/media/
+Default: `$INSTALL_ROOT/netbox/media/`
 
 The file path to the location where media files (such as image attachments) are stored. By default, this is the `netbox/media/` directory within the base NetBox installation path.
 
 ---
 
+## PROXY_ROUTERS
+
+Default: `["utilities.proxy.DefaultProxyRouter"]`
+
+A list of Python classes responsible for determining which proxy server(s) to use for outbound HTTP requests. Each item in the list can be the class itself or the dotted path to the class.
+
+The `route()` method on each class must return a dictionary of candidate proxies arranged by protocol (e.g. `http` and/or `https`), or None if no viable proxy can be determined. The default class, `DefaultProxyRouter`, simply returns the content of [`HTTP_PROXIES`](#http_proxies).
+
+---
+
 ## REPORTS_ROOT
 
 Default: `$INSTALL_ROOT/netbox/reports/`
@@ -192,22 +216,99 @@ The dotted path to the desired search backend class. `CachedValueSearchBackend`
 
 ---
 
-## STORAGE_BACKEND
+## STORAGES
 
-Default: None (local storage)
+The backend storage engine for handling uploaded files such as [image attachments](../models/extras/imageattachment.md) and [custom scripts](../customization/custom-scripts.md). NetBox integrates with the [`django-storages`](https://django-storages.readthedocs.io/en/stable/) and [`django-storage-swift`](https://github.com/dennisv/django-storage-swift) libraries, which provide backends for several popular file storage services. If not configured, local filesystem storage will be used.
 
-The backend storage engine for handling uploaded files (e.g. image attachments). NetBox supports integration with the [`django-storages`](https://django-storages.readthedocs.io/en/stable/) package, which provides backends for several popular file storage services. If not configured, local filesystem storage will be used.
+By default, the following configuration is used:
 
-The configuration parameters for the specified storage backend are defined under the `STORAGE_CONFIG` setting.
+```python
+STORAGES = {
+    "default": {
+        "BACKEND": "django.core.files.storage.FileSystemStorage",
+    },
+    "staticfiles": {
+        "BACKEND": "django.contrib.staticfiles.storage.StaticFilesStorage",
+    },
+    "scripts": {
+        "BACKEND": "extras.storage.ScriptFileSystemStorage",
+    },
+}
+```
+
+Within the `STORAGES` dictionary, `"default"` is used for image uploads, "staticfiles" is for static files and `"scripts"` is used for custom scripts.
+
+If using a remote storage like S3, define the config as `STORAGES[key]["OPTIONS"]` for each storage item as needed. For example:
+
+```python
+STORAGES = { 
+    "scripts": { 
+        "BACKEND": "storages.backends.s3boto3.S3Boto3Storage", 
+        "OPTIONS": { 
+            'access_key': 'access key', 
+            'secret_key': 'secret key',
+        }
+    }, 
+}
+```
+
+The specific configuration settings for each storage backend can be found in the [django-storages documentation](https://django-storages.readthedocs.io/en/latest/index.html).
+
+!!! note
+    Any keys defined in the `STORAGES` configuration parameter replace those in the default configuration. It is only necessary to define keys within the `STORAGES` for the specific backend(s) you wish to configure.
+
+### Environment Variables and Third-Party Libraries
+
+NetBox uses an explicit Python configuration approach rather than automatic environment variable detection. While this provides clear configuration management and version control capabilities, it affects how some third-party libraries like `django-storages` function within NetBox's context.
+
+Many Django libraries (including `django-storages`) expect to automatically detect environment variables like `AWS_STORAGE_BUCKET_NAME` or `AWS_S3_ACCESS_KEY_ID`. However, NetBox's configuration processing prevents this automatic detection from working as documented in some of these libraries.
+
+When using third-party libraries that rely on environment variable detection, you may need to explicitly read environment variables in your NetBox `configuration.py`:
+
+```python
+import os
+
+STORAGES = {
+    'default': {
+        'BACKEND': 'storages.backends.s3.S3Storage',
+        'OPTIONS': {
+            'bucket_name': os.environ.get('AWS_STORAGE_BUCKET_NAME'),
+            'access_key': os.environ.get('AWS_S3_ACCESS_KEY_ID'),
+            'secret_key': os.environ.get('AWS_S3_SECRET_ACCESS_KEY'),
+            'endpoint_url': os.environ.get('AWS_S3_ENDPOINT_URL'),
+            'location': 'media/',
+        }
+    },
+    'staticfiles': {
+        'BACKEND': 'storages.backends.s3.S3Storage',
+        'OPTIONS': {
+            'bucket_name': os.environ.get('AWS_STORAGE_BUCKET_NAME'),
+            'access_key': os.environ.get('AWS_S3_ACCESS_KEY_ID'),
+            'secret_key': os.environ.get('AWS_S3_SECRET_ACCESS_KEY'),
+            'endpoint_url': os.environ.get('AWS_S3_ENDPOINT_URL'),
+            'location': 'static/',
+        }
+    },
+}
+```
+
+This approach works because the environment variables are resolved during NetBox's configuration processing, before the third-party library attempts its own environment variable detection.
+
+!!! warning "Configuration Behavior"
+    Simply setting environment variables like `AWS_STORAGE_BUCKET_NAME` without explicitly reading them in your configuration will not work. The variables must be read using `os.environ.get()` within your `configuration.py` file.
 
 ---
 
-## STORAGE_CONFIG
+## TIME_ZONE
 
-Default: Empty
+Default: `"UTC"`
 
-A dictionary of configuration parameters for the storage backend configured as `STORAGE_BACKEND`. The specific parameters to be used here are specific to each backend; see the [`django-storages` documentation](https://django-storages.readthedocs.io/en/stable/) for more detail.
-
-If `STORAGE_BACKEND` is not defined, this setting will be ignored.
+The time zone NetBox will use when dealing with dates and times. It is recommended to use UTC time unless you have a specific need to use a local time zone. Please see the [list of available time zones](https://en.wikipedia.org/wiki/List_of_tz_database_time_zones).
 
 ---
+
+## TRANSLATION_ENABLED
+
+Default: `True`
+
+Enables language translation for the user interface. (This parameter maps to Django's [USE_I18N](https://docs.djangoproject.com/en/stable/ref/settings/#std-setting-USE_I18N) setting.)

docs/customization/custom-fields.md

@@ -40,14 +40,20 @@ Related custom fields can be grouped together within the UI by assigning each th
 
 This parameter has no effect on the API representation of custom field data.
 
-### Visibility
+### Visibility & Editing
 
-When creating a custom field, there are three options for UI visibility. These control how and whether the custom field is displayed within the NetBox UI.
+When creating a custom field, users can control the conditions under which it may be displayed and edited within the NetBox user interface. The following choices are available for controlling the display of a custom field on an object:
 
-* **Read/write** (default): The custom field is included when viewing and editing objects.
-* **Read-only**: The custom field is displayed when viewing an object, but it cannot be edited via the UI. (It will appear in the form as a read-only field.)
+* **Always** (default): The custom field is included when viewing an object.
+* **If Set**: The custom field is included only if a value has been defined for the object.
 * **Hidden**: The custom field will never be displayed within the UI. This option is recommended for fields which are not intended for use by human users.
 
+Additionally, the following options are available for controlling whether custom field values can be altered within the NetBox UI:
+
+* **Yes** (default): The custom field's value may be modified when editing an object.
+* **No**: The custom field is displayed for reference when editing an object, but its value may not be modified.
+* **Hidden**: The custom field is not displayed when editing an object.
+
 Note that this setting has no impact on the REST or GraphQL APIs: Custom field data will always be available via either API.
 
 ### Validation
@@ -68,6 +74,8 @@ If a default value is specified for a selection field, it must exactly match one
 
 An object or multi-object custom field can be used to refer to a particular NetBox object or objects as the "value" for a custom field. These custom fields must define an `object_type`, which determines the type of object to which custom field instances point.
 
+By default, an object choice field will make all objects of that type available for selection in the drop-down. The list choices can be filtered to show only objects with certain values by providing a `query_params` dict in the Related Object Filter field, as a JSON value. More information about `query_params` can be found [here](./custom-scripts.md#objectvar).
+
 ## Custom Fields in Templates
 
 Several features within NetBox, such as export templates and webhooks, utilize Jinja2 templating. For convenience, objects which support custom field assignment expose custom field data through the `cf` property. This is a bit cleaner than accessing custom field data through the actual field (`custom_field_data`).

docs/customization/custom-links.md

@@ -2,7 +2,7 @@
 
 Custom links allow users to display arbitrary hyperlinks to external content within NetBox object views. These are helpful for cross-referencing related records in systems outside NetBox. For example, you might create a custom link on the device view which links to the current device in a Network Monitoring System (NMS).
 
-Custom links are created by navigating to Customization > Custom Links. Each link is associated with a particular NetBox object type (site, device, prefix, etc.) and will be displayed on relevant views. Each link has display text and a URL, and data from the NetBox item being viewed can be included in the link using [Jinja2 template code](https://jinja2docs.readthedocs.io/en/stable/) through the variable `object`, and custom fields through `object.cf`.
+Custom links are created by navigating to Customization > Custom Links. Each link is associated with a particular NetBox object type (site, device, prefix, etc.) and will be displayed on relevant views. Each link has display text and a URL, and data from the NetBox item being viewed can be included in the link using [Jinja template code](https://jinja.palletsprojects.com/en/stable/) through the variable `object`, and custom fields through `object.cf`.
 
 For example, you might define a link like this:
 

docs/customization/custom-scripts.md

@@ -5,8 +5,20 @@ Custom scripting was introduced to provide a way for users to execute custom log
 * Automatically populate new devices and cables in preparation for a new site deployment
 * Create a range of new reserved prefixes or IP addresses
 * Fetch data from an external source and import it to NetBox
+* Update objects with invalid or incomplete data
 
-Custom scripts are Python code and exist outside of the official NetBox code base, so they can be updated and changed without interfering with the core NetBox installation. And because they're completely custom, there is no inherent limitation on what a script can accomplish.
+They can also be used as a mechanism for validating the integrity of data within NetBox. Script authors can define test to check object against specific rules and conditions. For example, you can write script to check that:
+
+* All top-of-rack switches have a console connection
+* Every router has a loopback interface with an IP address assigned
+* Each interface description conforms to a standard format
+* Every site has a minimum set of VLANs defined
+* All IP addresses have a parent prefix
+
+Custom scripts are Python code which exists outside the NetBox code base, so they can be updated and changed without interfering with the core NetBox installation. And because they're completely custom, there is no inherent limitation on what a script can accomplish.
+
+!!! danger "Only install trusted scripts"
+    Custom scripts have unrestricted access to change anything in the databse and are inherently unsafe and should only be installed and run from trusted sources.  You should also review and set permissions for who can run scripts if the script can modify any data.
 
 ## Writing Custom Scripts
 
@@ -56,16 +68,13 @@ class AnotherCustomScript(Script):
 script_order = (MyCustomScript, AnotherCustomScript)
 ```
 
-## Module Attributes
-
-### `name`
-
-You can define `name` within a script module (the Python file which contains one or more scripts) to set the module name. If `name` is not defined, the module's file name will be used.
-
 ## Script Attributes
 
 Script attributes are defined under a class named `Meta` within the script. These are optional, but encouraged.
 
+!!! warning
+    These are also defined and used as properties on the base custom script class, so don't use the same names as variables or override them in your custom script.
+
 ### `name`
 
 This is the human-friendly names of your script. If omitted, the class name will be used.
@@ -122,26 +131,79 @@ self.log_info(f"Running as user {username} (IP: {ip_address})...")
 
 For a complete list of available request parameters, please see the [Django documentation](https://docs.djangoproject.com/en/stable/ref/request-response/).
 
-## Reading Data from Files
-
-The Script class provides two convenience methods for reading data from files:
-
-* `load_yaml`
-* `load_json`
-
-These two methods will load data in YAML or JSON format, respectively, from files within the local path (i.e. `SCRIPTS_ROOT`).
-
 ## Logging
 
 The Script object provides a set of convenient functions for recording messages at different severity levels:
 
-* `log_debug`
-* `log_success`
-* `log_info`
-* `log_warning`
-* `log_failure`
+* `log_debug(message=None, obj=None)`
+* `log_success(message=None, obj=None)`
+* `log_info(message=None, obj=None)`
+* `log_warning(message=None, obj=None)`
+* `log_failure(message=None, obj=None)`
 
-Log messages are returned to the user upon execution of the script. Markdown rendering is supported for log messages.
+Log messages are returned to the user upon execution of the script. Markdown rendering is supported for log messages. A message may optionally be associated with a particular object by passing it as the second argument to the logging method.
+
+## Test Methods
+
+A script can define one or more test methods to report on certain conditions. All test methods must have a name beginning with `test_` and accept no arguments beyond `self`.
+
+These methods are detected and run automatically when the script is executed, unless its `run()` method has been overridden. (When overriding `run()`, `run_tests()` can be called to run all test methods present in the script.)
+
+Calling any of these logging methods without a message will increment the relevant counter, but will not generate an output line in the script's log.
+
+!!! info
+    This functionality was ported from [legacy reports](./reports.md) in NetBox v4.0.
+
+### Example
+
+```
+from dcim.choices import DeviceStatusChoices
+from dcim.models import ConsolePort, Device, PowerPort
+from extras.scripts import Script
+
+
+class DeviceConnectionsReport(Script):
+    description = "Validate the minimum physical connections for each device"
+
+    def test_console_connection(self):
+
+        # Check that every console port for every active device has a connection defined.
+        active = DeviceStatusChoices.STATUS_ACTIVE
+        for console_port in ConsolePort.objects.prefetch_related('device').filter(device__status=active):
+            if not console_port.connected_endpoints:
+                self.log_failure(
+                    f"No console connection defined for {console_port.name}",
+                    console_port.device,
+                )
+            elif not console_port.connection_status:
+                self.log_warning(
+                    f"Console connection for {console_port.name} marked as planned",
+                    console_port.device,
+                )
+            else:
+                self.log_success("Passed", console_port.device)
+
+    def test_power_connections(self):
+
+        # Check that every active device has at least two connected power supplies.
+        for device in Device.objects.filter(status=DeviceStatusChoices.STATUS_ACTIVE):
+            connected_ports = 0
+            for power_port in PowerPort.objects.filter(device=device):
+                if power_port.connected_endpoints:
+                    connected_ports += 1
+                    if not power_port.path.is_active:
+                        self.log_warning(
+                            f"Power connection for {power_port.name} marked as planned",
+                            device,
+                        )
+            if connected_ports < 2:
+                self.log_failure(
+                    f"{connected_ports} connected power supplies found (2 needed)",
+                    device,
+                )
+            else:
+                self.log_success("Passed", device)
+```
 
 ## Change Logging
 
@@ -202,6 +264,15 @@ Stores a numeric integer. Options include:
 * `min_value` - Minimum value
 * `max_value` - Maximum value
 
+### DecimalVar
+
+Stores a numeric decimal. Options include:
+
+* `min_value` - Minimum value
+* `max_value` - Maximum value
+* `max_digits` - Maximum number of digits, including decimal places
+* `decimal_places` - Number of decimal places
+
 ### BooleanVar
 
 A true/false flag. This field has no options beyond the defaults listed above.
@@ -235,7 +306,9 @@ A particular object within NetBox. Each ObjectVar must specify a particular mode
 
 * `model` - The model class
 * `query_params` - A dictionary of query parameters to use when retrieving available options (optional)
+* `context` - A custom dictionary mapping template context variables to fields, used when rendering `<option>` elements within the dropdown menu (optional; see below)
 * `null_option` - A label representing a "null" or empty choice (optional)
+* `selector` - A boolean that, when True, includes an advanced object selection widget to assist the user in identifying the desired object (optional; False by default)
 
 To limit the selections available within the list, additional query parameters can be passed as the `query_params` dictionary. For example, to show only devices with an "active" status:
 
@@ -262,6 +335,22 @@ site = ObjectVar(
 )
 ```
 
+#### Context Variables
+
+Custom context variables can be passed to override the default attribute names or to display additional information, such as a parent object.
+
+| Name          | Default         | Description                                                                  |
+|---------------|-----------------|------------------------------------------------------------------------------|
+| `value`       | `"id"`          | The attribute which contains the option's value                              |
+| `label`       | `"display"`     | The attribute used as the option's human-friendly label                      |
+| `description` | `"description"` | The attribute to use as a description                                        |
+| `depth`[^1]   | `"_depth"`      | The attribute which indicates an object's depth within a recursive hierarchy |
+| `disabled`    | --              | The attribute which, if true, signifies that the option should be disabled   |
+| `parent`      | --              | The attribute which represents the object's parent object                    |
+| `count`[^1]   | --              | The attribute which contains a numeric count of related objects              |
+
+[^1]: The value of this attribute must be a positive integer
+
 ### MultiObjectVar
 
 Similar to `ObjectVar`, but allows for the selection of multiple objects.
@@ -285,12 +374,20 @@ An IPv4 or IPv6 network with a mask. Returns a `netaddr.IPNetwork` object. Two a
 * `min_prefix_length` - Minimum length of the mask
 * `max_prefix_length` - Maximum length of the mask
 
+### DateVar
+
+A calendar date. Returns a `datetime.date` object.
+
+### DateTimeVar
+
+A complete date & time. Returns a `datetime.datetime` object.
+
 ## Running Custom Scripts
 
 !!! note
-    To run a custom script, a user must be assigned via permissions for `Extras > Script`, `Extras > ScriptModule`, and `Core > ManagedFile` objects. They must also be assigned the `extras.run_script` permission. This is achieved by assigning the user (or group) a permission on the Script object and specifying the `run` action in the admin UI as shown below.
+    To run a custom script, a user must be assigned permissions for `Extras > Script`, `Extras > Script Module`, and `Core > Managed File` objects. They must also be assigned the `extras.run_script` permission. This is achieved by assigning the user (or group) a permission on the Script object and specifying the `run` action in "Permissions" as shown below.
 
-    ![Adding the run action to a permission](../media/admin_ui_run_permission.png)
+    ![Adding the run action to a permission](../media/run_permission.png)
 
 ### Via the Web UI
 

docs/customization/custom-validation.md

@@ -4,7 +4,7 @@ NetBox validates every object prior to it being written to the database to ensur
 
 ## Custom Validation Rules
 
-Custom validation rules are expressed as a mapping of model attributes to a set of rules to which that attribute must conform. For example:
+Custom validation rules are expressed as a mapping of object attributes to a set of rules to which that attribute must conform. For example:
 
 ```json
 {
@@ -17,6 +17,8 @@ Custom validation rules are expressed as a mapping of model attributes to a set
 
 This defines a custom validator which checks that the length of the `name` attribute for an object is at least five characters long, and no longer than 30 characters. This validation is executed _after_ NetBox has performed its own internal validation.
 
+### Validation Types
+
 The `CustomValidator` class supports several validation types:
 
 * `min`: Minimum value
@@ -26,6 +28,8 @@ The `CustomValidator` class supports several validation types:
 * `regex`: Application of a [regular expression](https://en.wikipedia.org/wiki/Regular_expression)
 * `required`: A value must be specified
 * `prohibited`: A value must _not_ be specified
+* `eq`: A value must be equal to the specified value
+* `neq`: A value must _not_ be equal to the specified value
 
 The `min` and `max` types should be defined for numeric values, whereas `min_length`, `max_length`, and `regex` are suitable for character strings (text values). The `required` and `prohibited` validators may be used for any field, and should be passed a value of `True`.
 
@@ -34,14 +38,14 @@ The `min` and `max` types should be defined for numeric values, whereas `min_len
 
 ### Custom Validation Logic
 
-There may be instances where the provided validation types are insufficient. NetBox provides a `CustomValidator` class which can be extended to enforce arbitrary validation logic by overriding its `validate()` method, and calling `fail()` when an unsatisfactory condition is detected.
+There may be instances where the provided validation types are insufficient. NetBox provides a `CustomValidator` class which can be extended to enforce arbitrary validation logic by overriding its `validate()` method, and calling `fail()` when an unsatisfactory condition is detected. The `validate()` method should accept an instance (the object being saved) as well as the current request effecting the change.
 
 ```python
 from extras.validators import CustomValidator
 
 class MyValidator(CustomValidator):
 
-    def validate(self, instance):
+    def validate(self, instance, request):
         if instance.status == 'active' and not instance.description:
             self.fail("Active sites must have a description set!", field='status')
 ```
@@ -80,7 +84,38 @@ CUSTOM_VALIDATORS = {
 }
 ```
 
-### Dotted Path
+#### Referencing Related Object Attributes
+
+The attributes of a related object can be referenced by specifying a dotted path. For example, to reference the name of a region to which a site is assigned, use `region.name`:
+
+```python
+CUSTOM_VALIDATORS = {
+    "dcim.site": [
+        {
+            "region.name": {
+                "neq": "New York"
+            }
+        }
+    ]
+}
+```
+
+#### Validating Request Parameters
+
+In addition to validating object attributes, custom validators can also match against parameters of the current request (where available). For example, the following rule will permit only the user named "admin" to modify an object:
+
+```json
+{
+  "request.user.username": {
+    "eq": "admin"
+  }
+}
+```
+
+!!! tip
+    Custom validation should generally not be used to enforce permissions. NetBox provides a robust [object-based permissions](../administration/permissions.md) mechanism which should be used for this purpose.
+
+### Dotted Path to Class
 
 In instances where a custom validator class is needed, it can be referenced by its Python path (relative to NetBox's working directory):
 

docs/customization/export-templates.md

@@ -25,6 +25,7 @@ Height: {{ rack.u_height }}U
 To access custom fields of an object within a template, use the `cf` attribute. For example, `{{ obj.cf.color }}` will return the value (if any) for a custom field named `color` on `obj`.
 
 If you need to use the config context data in an export template, you'll should use the function `get_config_context` to get all the config context data. For example:
+
 ```
 {% for server in queryset %}
 {% set data = server.get_config_context() %}

docs/customization/reports.md

@@ -1,167 +1,63 @@
 # NetBox Reports
 
-A NetBox report is a mechanism for validating the integrity of data within NetBox. Running a report allows the user to verify that the objects defined within NetBox meet certain arbitrary conditions. For example, you can write reports to check that:
-
-* All top-of-rack switches have a console connection
-* Every router has a loopback interface with an IP address assigned
-* Each interface description conforms to a standard format
-* Every site has a minimum set of VLANs defined
-* All IP addresses have a parent prefix
-
-...and so on. Reports are completely customizable, so there's practically no limit to what you can test for.
-
-## Writing Reports
-
-Reports must be saved as files in the [`REPORTS_ROOT`](../configuration/system.md#reports_root) path (which defaults to `netbox/reports/`). Each file created within this path is considered a separate module. Each module holds one or more reports (Python classes), each of which performs a certain function. The logic of each report is broken into discrete test methods, each of which applies a small portion of the logic comprising the overall test.
-
 !!! warning
-    The reports path includes a file named `__init__.py`, which registers the path as a Python module. Do not delete this file.
+    Reports are deprecated beginning with NetBox v4.0, and their functionality has been merged with [custom scripts](./custom-scripts.md). While backward compatibility has been maintained, users are advised to convert legacy reports into custom scripts soon, as support for legacy reports will be removed in a future release.
 
-For example, we can create a module named `devices.py` to hold all of our reports which pertain to devices in NetBox. Within that module, we might define several reports. Each report is defined as a Python class inheriting from `extras.reports.Report`.
+## Converting Reports to Scripts
 
-```
+### Step 1: Update Class Definition
+
+Change the parent class from `Report` to `Script`:
+
+```python title="Old code"
 from extras.reports import Report
 
-class DeviceConnectionsReport(Report):
-    description = "Validate the minimum physical connections for each device"
-
-class DeviceIPsReport(Report):
-    description = "Check that every device has a primary IP address assigned"
+class MyReport(Report):
 ```
 
-Within each report class, we'll create a number of test methods to execute our report's logic. In DeviceConnectionsReport, for instance, we want to ensure that every live device has a console connection, an out-of-band management connection, and two power connections.
+```python title="New code"
+from extras.scripts import Script
 
-```
-from dcim.choices import DeviceStatusChoices
-from dcim.models import ConsolePort, Device, PowerPort
-from extras.reports import Report
-
-
-class DeviceConnectionsReport(Report):
-    description = "Validate the minimum physical connections for each device"
-
-    def test_console_connection(self):
-
-        # Check that every console port for every active device has a connection defined.
-        active = DeviceStatusChoices.STATUS_ACTIVE
-        for console_port in ConsolePort.objects.prefetch_related('device').filter(device__status=active):
-            if not console_port.connected_endpoints:
-                self.log_failure(
-                    console_port.device,
-                    "No console connection defined for {}".format(console_port.name)
-                )
-            elif not console_port.connection_status:
-                self.log_warning(
-                    console_port.device,
-                    "Console connection for {} marked as planned".format(console_port.name)
-                )
-            else:
-                self.log_success(console_port.device)
-
-    def test_power_connections(self):
-
-        # Check that every active device has at least two connected power supplies.
-        for device in Device.objects.filter(status=DeviceStatusChoices.STATUS_ACTIVE):
-            connected_ports = 0
-            for power_port in PowerPort.objects.filter(device=device):
-                if power_port.connected_endpoints:
-                    connected_ports += 1
-                    if not power_port.path.is_active:
-                        self.log_warning(
-                            device,
-                            "Power connection for {} marked as planned".format(power_port.name)
-                        )
-            if connected_ports < 2:
-                self.log_failure(
-                    device,
-                    "{} connected power supplies found (2 needed)".format(connected_ports)
-                )
-            else:
-                self.log_success(device)
+class MyReport(Script):
 ```
 
-As you can see, reports are completely customizable. Validation logic can be as simple or as complex as needed. Also note that the `description` attribute support markdown syntax. It will be rendered in the report list page.
+### Step 2: Update Logging Calls
 
-!!! warning
-    Reports should never alter data: If you find yourself using the `create()`, `save()`, `update()`, or `delete()` methods on objects within reports, stop and re-evaluate what you're trying to accomplish. Note that there are no safeguards against the accidental alteration or destruction of data.
+Reports and scripts both provide logging methods, however their signatures differ. All script logging methods accept a message as the first parameter, and accept an object as an optional second parameter.
 
-## Report Attributes
+Additionally, the Report class' generic `log()` method is **not** available on Script. Users are advised to replace calls of this method with `log_info()`.
 
-### `description`
+Use the table below as a reference when updating these methods.
 
-A human-friendly description of what your report does.
+| Report (old)                  | Script (New)                |
+|-------------------------------|-----------------------------|
+| `log(message)`                | `log_info(message)`         |
+| `log_debug(obj, message)`[^1] | `log_debug(message, obj)`   |
+| `log_info(obj, message)`      | `log_info(message, obj)`    |
+| `log_success(obj, message)`   | `log_success(message, obj)` |
+| `log_warning(obj, message)`   | `log_warning(message, obj)` |
+| `log_failure(obj, message)`   | `log_failure(message, obj)` |
 
-### `scheduling_enabled`
+[^1]: `log_debug()` was added to the Report class in v4.0 to avoid confusion with the same method on Script
 
-By default, a report can be scheduled for execution at a later time. Setting `scheduling_enabled` to False disables this ability: Only immediate execution will be possible. (This also disables the ability to set a recurring execution interval.)
-
-### `job_timeout`
-
-Set the maximum allowed runtime for the report. If not set, `RQ_DEFAULT_TIMEOUT` will be used.
-
-## Logging
-
-The following methods are available to log results within a report:
-
-* log(message)
-* log_success(object, message=None)
-* log_info(object, message)
-* log_warning(object, message)
-* log_failure(object, message)
-
-The recording of one or more failure messages will automatically flag a report as failed. It is advised to log a success for each object that is evaluated so that the results will reflect how many objects are being reported on. (The inclusion of a log message is optional for successes.) Messages recorded with `log()` will appear in a report's results but are not associated with a particular object or status. Log messages also support using markdown syntax and will be rendered on the report result page.
-
-To perform additional tasks, such as sending an email or calling a webhook, before or after a report is run, extend the `pre_run()` and/or `post_run()` methods, respectively.
-
-By default, reports within a module are ordered alphabetically in the reports list page. To return reports in a specific order, you can define the `report_order` variable at the end of your module. The `report_order` variable is a tuple which contains each Report class in the desired order. Any reports that are omitted from this list will be listed last.
-
-```
-from extras.reports import Report
-
-class DeviceConnectionsReport(Report)
-    pass
-
-class DeviceIPsReport(Report)
-    pass
-
-report_order = (DeviceIPsReport, DeviceConnectionsReport)
+```python title="Old code"
+self.log_failure(
+    console_port.device,
+    f"No console connection defined for {console_port.name}"
+)
 ```
 
-Once you have created a report, it will appear in the reports list. Initially, reports will have no results associated with them. To generate results, run the report.
-
-## Running Reports
-
-!!! note
-    To run a report, a user must be assigned via permissions for `Extras > Report`, `Extras > ReportModule`, and `Core > ManagedFile` objects. They must also be assigned the `extras.run_report` permission. This is achieved by assigning the user (or group) a permission on the Report object and specifying the `run` action in the admin UI as shown below.
-
-    ![Adding the run action to a permission](../media/admin_ui_run_permission.png)
-
-### Via the Web UI
-
-Reports can be run via the web UI by navigating to the report and clicking the "run report" button at top right. Once a report has been run, its associated results will be included in the report view. It is possible to schedule a report to be executed at specified time in the future. A scheduled report can be canceled by deleting the associated job result object.
-
-### Via the API
-
-To run a report via the API, simply issue a POST request to its `run` endpoint. Reports are identified by their module and class name.
-
-```
-    POST /api/extras/reports/<module>.<name>/run/
+```python title="New code"
+self.log_failure(
+    f"No console connection defined for {console_port.name}",
+    obj=console_port.device,
+)
 ```
 
-Our example report above would be called as:
+### Other Notes
 
-```
-    POST /api/extras/reports/devices.DeviceConnectionsReport/run/
-```
+Existing reports will be converted to scripts automatically upon upgrading to NetBox v4.0, and previous job history will be retained. However, users are advised to convert legacy reports into custom scripts at the earliest opportunity, as support for legacy reports will be removed in a future release.
 
-Optionally `schedule_at` can be passed in the form data with a datetime string to schedule a script at the specified date and time.
+The `pre_run()` and `post_run()` Report methods have been carried over to Script. These are called automatically by Script's `run()` method. (Note that if you opt to override this method, you are responsible for calling `pre_run()` and `post_run()` where applicable.)
 
-### Via the CLI
-
-Reports can be run on the CLI by invoking the management command:
-
-```
-python3 manage.py runreport <module>
-```
-
-where ``<module>`` is the name of the python file in the ``reports`` directory without the ``.py`` extension.  One or more report modules may be specified.
+The `is_valid()` method on Report is no longer needed and has been removed.

docs/development/adding-models.md

@@ -8,7 +8,7 @@ Each model should define, at a minimum:
 
 * A `Meta` class specifying a deterministic ordering (if ordered by fields other than the primary ID)
 * A `__str__()` method returning a user-friendly string representation of the instance
-* A `get_absolute_url()` method returning an instance's direct URL (using `reverse()`)
+* A `get_absolute_url()` method if necessary; a standard version of the method is defined in the `NetBoxFeatureSet` base class, but you will need to provide your own (returning an instance's direct URL using `reverse()`) if not subclassing that base class
 
 ## 2. Define field choices
 
@@ -71,15 +71,18 @@ Add the relevant navigation menu items in `netbox/netbox/navigation/menu.py`.
 Create the following for each model:
 
 * Detailed (full) model serializer in `api/serializers.py`
-* Nested serializer in `api/nested_serializers.py`
 * API view in `api/views.py`
 * Endpoint route in `api/urls.py`
 
 ## 13. GraphQL API components
 
-Create a Graphene object type for the model in `graphql/types.py` by subclassing the appropriate class from `netbox.graphql.types`.
+Create the following for each model:
 
-Also extend the schema class defined in `graphql/schema.py` with the individual object and object list fields per the established convention.
+* GraphQL object type for the model in `graphql/types.py` (subclass the appropriate class from `netbox.graphql.types`)
+* Add a GraphQL filter for the model in `graphql/filters.py`
+* Extend the query class for the app in `graphql/schema.py` with the individual object and object list fields
+
+**Note:** GraphQL unit tests may fail citing null values on a non-nullable field if related objects are prefetched. You may need to fix this by setting the type annotation to be `= strawberry_django.field(select_related=["foo"])` or similar.
 
 ## 14. Add tests
 

docs/development/application-registry.md

@@ -22,33 +22,30 @@ Stores registration made using `netbox.denormalized.register()`. For each model,
 
 ### `model_features`
 
-A dictionary of particular features (e.g. custom fields) mapped to the NetBox models which support them, arranged by app. For example:
+A dictionary of model features (e.g. custom fields, tags, etc.) mapped to the functions used to qualify a model as supporting each feature. Model features are registered using the `register_model_feature()` function in `netbox.utils`.
 
-```python
-{
-    'custom_fields': {
-        'circuits': ['provider', 'circuit'],
-        'dcim': ['site', 'rack', 'devicetype', ...],
-        ...
-    },
-    'webhooks': {
-        'extras': ['configcontext', 'tag', ...],
-        'dcim': ['site', 'rack', 'devicetype', ...],
-    },
-    ...
-}
-```
+Core model features are listed in the [features matrix](./models.md#features-matrix).
 
-Supported model features are listed in the [features matrix](./models.md#features-matrix).
+### `models`
+
+This key lists all models which have been registered in NetBox which are not designated for private use. (Setting `_netbox_private` to True on a model excludes it from this list.) As with individual features under `model_features`, models are organized by app label.
 
 ### `plugins`
 
 This store maintains all registered items for plugins, such as navigation menus, template extensions, etc.
 
+### `request_processors`
+
+A list of context managers to invoke when processing a request e.g. in middleware or when executing a background job. Request processors can be registered with the `@register_request_processor` decorator.
+
 ### `search`
 
 A dictionary mapping each model (identified by its app and label) to its search index class, if one has been registered for it.
 
+### `tables`
+
+A dictionary mapping table classes to lists of extra columns that have been registered by plugins using the `register_table_column()` utility function. Each column is defined as a tuple of name and column instance.
+
 ### `views`
 
 A hierarchical mapping of registered views for each model. Mappings are added using the `register_model_view()` decorator, and URLs paths can be generated from these using `get_model_urls()`.

docs/development/extending-models.md

@@ -2,12 +2,25 @@
 
 Below is a list of tasks to consider when adding a new field to a core model.
 
-## 1. Generate and run database migrations
+## 1. Add the field to the model class
+
+Add the field to the model, taking care to address any of the following conditions.
+
+* When adding a GenericForeignKey field, you may need add an index under `Meta` for its two concrete fields. (This is required only for non-unique GFK relationships, as the unique constraint introduces its own index.) For example:
+
+    ```python
+    class Meta:
+        indexes = (
+            models.Index(fields=('object_type', 'object_id')),
+        )
+    ```
+
+## 2. Generate and run database migrations
 
 [Django migrations](https://docs.djangoproject.com/en/stable/topics/migrations/) are used to express changes to the database schema. In most cases, Django can generate these automatically, however very complex changes may require manual intervention. Always remember to specify a short but descriptive name when generating a new migration.
 
 ```
-./manage.py makemigrations <app> -n <name>
+./manage.py makemigrations <app> -n <name> --no-header
 ./manage.py migrate
 ```
 
@@ -16,7 +29,7 @@ Where possible, try to merge related changes into a single migration. For exampl
 !!! warning "Do not alter existing migrations"
     Migrations can only be merged within a release. Once a new release has been published, its migrations cannot be altered (other than for the purpose of correcting a bug).
 
-## 2. Add validation logic to `clean()`
+## 3. Add validation logic to `clean()`
 
 If the new field introduces additional validation requirements (beyond what's included with the field itself), implement them in the model's `clean()` method. Remember to call the model's original method using `super()` before or after your custom validation as appropriate:
 
@@ -31,15 +44,15 @@ class Foo(models.Model):
             raise ValidationError()
 ```
 
-## 3. Update relevant querysets
+## 4. Update relevant querysets
 
 If you're adding a relational field (e.g. `ForeignKey`) and intend to include the data when retrieving a list of objects, be sure to include the field using `prefetch_related()` as appropriate. This will optimize the view and avoid extraneous database queries.
 
-## 4. Update API serializer
+## 5. Update API serializer
 
-Extend the model's API serializer in `<app>.api.serializers` to include the new field. In most cases, it will not be necessary to also extend the nested serializer, which produces a minimal representation of the model.
+Extend the model's API serializer in `<app>.api.serializers` to include the new field.
 
-## 5. Add fields to forms
+## 6. Add fields to forms
 
 Extend any forms to include the new field(s) as appropriate. These are found under the `forms/` directory within each app. Common forms include:
 
@@ -48,23 +61,23 @@ Extend any forms to include the new field(s) as appropriate. These are found und
 * **CSV import** - The form used when bulk importing objects in CSV format
 * **Filter** - Displays the options available for filtering a list of objects (both UI and API)
 
-## 6. Extend object filter set
+## 7. Extend object filter set
 
 If the new field should be filterable, add it to the `FilterSet` for the model. If the field should be searchable, remember to query it in the FilterSet's `search()` method.
 
-## 7. Add column to object table
+## 8. Add column to object table
 
 If the new field will be included in the object list view, add a column to the model's table. For simple fields, adding the field name to `Meta.fields` will be sufficient. More complex fields may require declaring a custom column. Also add the field name to `default_columns` if the column should be present in the table by default.
 
-## 8. Update the SearchIndex
+## 9. Update the SearchIndex
 
 Where applicable, add the new field to the model's SearchIndex for inclusion in global search.
 
-## 9. Update the UI templates
+## 10. Update the UI templates
 
 Edit the object's view template to display the new field. There may also be a custom add/edit form template that needs to be updated.
 
-## 10. Create/extend test cases
+## 11. Create/extend test cases
 
 Create or extend the relevant test cases to verify that the new field and any accompanying validation logic perform as expected. This is especially important for relational fields. NetBox incorporates various test suites, including:
 
@@ -74,8 +87,8 @@ Create or extend the relevant test cases to verify that the new field and any ac
 * Model tests
 * View tests
 
-Be diligent to ensure all of the relevant test suites are adapted or extended as necessary to test any new functionality.
+Be diligent to ensure all the relevant test suites are adapted or extended as necessary to test any new functionality.
 
-## 11. Update the model's documentation
+## 12. Update the model's documentation
 
 Each model has a dedicated page in the documentation, at `models/<app>/<model>.md`. Update this file to include any relevant information about the new field.

docs/development/getting-started.md

@@ -7,7 +7,7 @@ Getting started with NetBox development is pretty straightforward, and should fe
 * A Linux system or compatible environment
 * A PostgreSQL server, which can be installed locally [per the documentation](../installation/1-postgresql.md)
 * A Redis server, which can also be [installed locally](../installation/2-redis.md)
-* Python 3.8 or later
+* Python 3.12 or later
 
 ### 1. Fork the Repo
 
@@ -37,16 +37,12 @@ CHANGELOG.md           CONTRIBUTING.md  LICENSE.txt  netbox      README.md  scri
 
 ### 2. Create a New Branch
 
-The NetBox project utilizes three persistent git branches to track work:
+The NetBox project utilizes two persistent git branches to track work:
 
-* `master` - Serves as a snapshot of the current stable release
-* `develop` - All development on the upcoming stable (patch) release occurs here
-* `feature` - Tracks work on an upcoming minor release
+* `main` - All development on the upcoming stable (patch) release occurs here. Releases are published from this branch.
+* `feature` - All work planned for the upcoming minor release is done here.
 
-Typically, you'll base pull requests off of the `develop` branch, or off of `feature` if you're working on a new major release. For example, assume that the current NetBox release is v3.3.5. Work applied to the `develop` branch will appear in v3.3.6, and work done under the `feature` branch will be included in the next minor release (v3.4.0).
-
-!!! warning
-    **Never** merge pull requests into the `master` branch: This branch only ever merges pull requests from the `develop` branch, to effect a new release.
+Typically, you'll base pull requests off of the `main` branch, or off of `feature` if you're working on the upcoming minor or major release. For example, assume that the current NetBox release is v4.2.3. Work applied to the `main` branch will appear in v4.2.4, and work done under the `feature` branch will be included in the next minor release (v4.3.0).
 
 To create a new branch, first ensure that you've checked out the desired base branch, then run:
 
@@ -62,22 +58,7 @@ $issue-$description
 
 The description should be just two or three words to imply the focus of the work being performed. For example, bug #1234 to fix a TypeError exception when creating a device might be named `1234-device-typerror`. This ensures that branches are always follow some logical ordering (e.g. when running `git branch -a`) and helps other developers quickly identify the purpose of each.
 
-### 3. Enable Pre-Commit Hooks
-
-NetBox ships with a [git pre-commit hook](https://githooks.com/) script that automatically checks for style compliance and missing database migrations prior to committing changes. This helps avoid erroneous commits that result in CI test failures. You are encouraged to enable it by creating a link to `scripts/git-hooks/pre-commit`:
-
-```no-highlight
-cd .git/hooks/
-ln -s ../../scripts/git-hooks/pre-commit
-```
-For the pre-commit hooks to work, you will also need to install the pycodestyle package:
-
-```no-highlight
-python -m pip install pycodestyle
-```
-...and set up the yarn packages as shown in the [Web UI Development Guide](web-ui.md)
-
-### 4. Create a Python Virtual Environment
+### 3. Create a Python Virtual Environment
 
 A [virtual environment](https://docs.python.org/3/tutorial/venv.html) (or "venv" for short) is like a container for a set of Python packages. These allow you to build environments suited to specific projects without interfering with system packages or other projects. When installed per the documentation, NetBox uses a virtual environment in production.
 
@@ -101,7 +82,7 @@ source ~/.venv/netbox/bin/activate
 
 Notice that the console prompt changes to indicate the active environment. This updates the necessary system environment variables to ensure that any Python scripts are run within the virtual environment.
 
-### 5. Install Required Packages
+### 4. Install Required Packages
 
 With the virtual environment activated, install the project's required Python packages using the `pip` module. Required packages are defined in `requirements.txt`. Each line in this file specifies the name and specific version of a required package.
 
@@ -109,12 +90,32 @@ With the virtual environment activated, install the project's required Python pa
 python -m pip install -r requirements.txt
 ```
 
+### 5. Install Pre-Commit
+
+NetBox uses [`pre-commit`](https://pre-commit.com/) to automatically validate code when commiting new changes. This includes the following operations:
+
+* Run the `ruff` Python linter
+* Run Django's internal system check
+* Check for missing database migrations
+* Validate any changes to the documentation with `mkdocs`
+* Validate Typescript & Sass styling with `yarn`
+* Ensure that any modified static front end assets have been recompiled
+
+Enable `pre-commit` with the following commands _prior_ to commiting any changes:
+
+```no-highlight
+python -m pip install ruff pre-commit
+pre-commit install
+```
+
+You may also need to set up the yarn packages as shown in the [Web UI Development Guide](web-ui.md).
+
 ### 6. Configure NetBox
 
 Within the `netbox/netbox/` directory, copy `configuration_example.py` to `configuration.py` and update the following parameters:
 
 * `ALLOWED_HOSTS`: This can be set to `['*']` for development purposes
-* `DATABASE`: PostgreSQL database connection parameters
+* `DATABASES`: PostgreSQL database connection parameters
 * `REDIS`: Redis configuration (if different from the defaults)
 * `SECRET_KEY`: Set to a random string (use `generate_secret_key.py` in the parent directory to generate a suitable key)
 * `DEBUG`: Set to `True`
@@ -146,7 +147,7 @@ For UI development you will need to review the [Web UI Development Guide](web-ui
 
 ## Populating Demo Data
 
-Once you have your development environment up and running, it might be helpful to populate some "dummy" data to make interacting with the UI and APIs more convenient. Check out the [netbox-demo-data](https://github.com/netbox-community/netbox-demo-data) repo on GitHub, which houses a collection of sample data that can be easily imported to any new NetBox deployment. (This sample data is used to populate the public demo instance at <https://demo.netbox.dev>.)
+Once you have your development environment up and running, it might be helpful to populate some "dummy" data to make interacting with the UI and APIs more convenient. Check out the [netbox-demo-data](https://github.com/netbox-community/netbox-demo-data) repo on GitHub, which houses a collection of sample data that can be easily imported to any new NetBox deployment. This sample data is used to populate the [public demo instance](https://demo.netbox.dev).
 
 The demo data is provided in JSON format and loaded into an empty database using Django's `loaddata` management command. Consult the demo data repo's `README` file for complete instructions on populating the data.
 

docs/development/git-cheat-sheet.md

@@ -128,7 +128,7 @@ Fast-forward
 ```
 
 !!! warning "Avoid Merging Remote Branches"
-    You generally want to avoid merging branches that exist on the remote (upstream) repository, such as `develop` and `feature`: Merges into these branches should be done via a pull request on GitHub. Only merge branches when it is necessary to consolidate work you've done locally.
+    You generally want to avoid merging branches that exist on the remote (upstream) repository, namely `main` and `feature`: Merges into these branches should be done via a pull request on GitHub. Only merge branches when it is necessary to consolidate work you've done locally.
 
 ### Show Pending Changes
 
@@ -196,7 +196,7 @@ index 93e125079..4344fb514 100644
 +and here too
 +
  <div align="center">
-   <img src="https://raw.githubusercontent.com/netbox-community/netbox/develop/docs/netbox_logo.svg" width="400" alt="NetBox logo" />
+   <img src="https://raw.githubusercontent.com/netbox-community/netbox/main/docs/netbox_logo.svg" width="400" alt="NetBox logo" />
  </div>
 diff --git a/foo.py b/foo.py
 new file mode 100644

docs/development/index.md

@@ -8,11 +8,10 @@ NetBox and many of its related projects are maintained on [GitHub](https://githu
 
 ![GitHub](../media/development/github.png)
 
-There are three permanent branches in the repository:
+There are two permanent branches in the repository:
 
-* `master` - The current stable release. Individual changes should never be pushed directly to this branch, but rather merged from `develop`.
-* `develop` - Active development for the upcoming patch release. Pull requests will typically be based on this branch unless they introduce breaking changes that must be deferred until the next minor release.
-* `feature` - New feature work to be introduced in the next minor release (e.g. from v3.3 to v3.4).
+* `main` - Active development for the upcoming patch release. Pull requests will typically be based on this branch unless they introduce breaking changes that must be deferred until the next minor release.
+* `feature` - New feature work to be introduced in the next minor release (e.g. from v4.2 to v4.3).
 
 NetBox components are arranged into Django apps. Each app holds the models, views, and other resources relevant to a particular function:
 
@@ -57,4 +56,4 @@ NetBox follows the [benevolent dictator](http://oss-watch.ac.uk/resources/benevo
 
 ## Licensing
 
-The entire NetBox project is licensed as open source under the [Apache 2.0 license](https://github.com/netbox-community/netbox/blob/master/LICENSE.txt). This is a very permissive license which allows unlimited redistribution of all code within the project. Note that all submissions to the project are subject to the same license.
+The entire NetBox project is licensed as open source under the [Apache 2.0 license](https://github.com/netbox-community/netbox/blob/main/LICENSE.txt). This is a very permissive license which allows unlimited redistribution of all code within the project. Note that all submissions to the project are subject to the same license.

docs/development/internationalization.md

@@ -62,10 +62,11 @@ class Circuit(PrimaryModel):
 
 1. Import `gettext_lazy` as `_`.
 2. All form fields must specify a `label` wrapped with `gettext_lazy()`.
-3. All headers under a form's `fieldsets` property must be wrapped with `gettext_lazy()`.
+3. The name of each FieldSet on a form must be wrapped with `gettext_lazy()`.
 
 ```python
 from django.utils.translation import gettext_lazy as _
+from utilities.forms.rendering import FieldSet
 
 class CircuitBulkEditForm(NetBoxModelBulkEditForm):
     description = forms.CharField(
@@ -74,7 +75,7 @@ class CircuitBulkEditForm(NetBoxModelBulkEditForm):
     )
 
     fieldsets = (
-        (_('Circuit'), ('provider', 'type', 'status', 'description')),
+        FieldSet('provider', 'type', 'status', 'description', name=_('Circuit')),
     )
 ```
 

docs/development/models.md

@@ -10,19 +10,26 @@ The Django [content types](https://docs.djangoproject.com/en/stable/ref/contrib/
 
 Depending on its classification, each NetBox model may support various features which enhance its operation. Each feature is enabled by inheriting from its designated mixin class, and some features also make use of the [application registry](./application-registry.md#model_features).
 
-| Feature                                                    | Feature Mixin           | Registry Key       | Description                                                                    |
-|------------------------------------------------------------|-------------------------|--------------------|--------------------------------------------------------------------------------|
-| [Change logging](../features/change-logging.md)            | `ChangeLoggingMixin`    | -                  | Changes to these objects are automatically recorded in the change log          |
-| Cloning                                                    | `CloningMixin`          | -                  | Provides the `clone()` method to prepare a copy                                |
-| [Custom fields](../customization/custom-fields.md)         | `CustomFieldsMixin`     | `custom_fields`    | These models support the addition of user-defined fields                       |
-| [Custom links](../customization/custom-links.md)           | `CustomLinksMixin`      | `custom_links`     | These models support the assignment of custom links                            |
-| [Custom validation](../customization/custom-validation.md) | `CustomValidationMixin` | -                  | Supports the enforcement of custom validation rules                            |
-| [Export templates](../customization/export-templates.md)   | `ExportTemplatesMixin`  | `export_templates` | Users can create custom export templates for these models                      |
-| [Job results](../features/background-jobs.md)              | `JobsMixin`             | `jobs`             | Users can create custom export templates for these models                      |
-| [Journaling](../features/journaling.md)                    | `JournalingMixin`       | `journaling`       | These models support persistent historical commentary                          |
-| [Synchronized data](../integrations/synchronized-data.md)  | `SyncedDataMixin`       | `synced_data`      | Certain model data can be automatically synchronized from a remote data source |
-| [Tagging](../models/extras/tag.md)                         | `TagsMixin`             | `tags`             | The models can be tagged with user-defined tags                                |
-| [Webhooks](../integrations/webhooks.md)                    | `WebhooksMixin`         | `webhooks`         | NetBox is capable of generating outgoing webhooks for these objects            |
+| Feature                                                    | Feature Mixin           | Registry Key        | Description                                                                             |
+|------------------------------------------------------------|-------------------------|---------------------|-----------------------------------------------------------------------------------------|
+| [Bookmarks](../features/customization.md#bookmarks)        | `BookmarksMixin`        | `bookmarks`         | These models can be bookmarked natively in the user interface                           |
+| [Change logging](../features/change-logging.md)            | `ChangeLoggingMixin`    | `change_logging`    | Changes to these objects are automatically recorded in the change log                   |
+| Cloning                                                    | `CloningMixin`          | `cloning`           | Provides the `clone()` method to prepare a copy                                         |
+| [Contacts](../features/contacts.md)                        | `ContactsMixin`         | `contacts`          | Contacts can be associated with these models                                            |
+| [Custom fields](../customization/custom-fields.md)         | `CustomFieldsMixin`     | `custom_fields`     | These models support the addition of user-defined fields                                |
+| [Custom links](../customization/custom-links.md)           | `CustomLinksMixin`      | `custom_links`      | These models support the assignment of custom links                                     |
+| [Custom validation](../customization/custom-validation.md) | `CustomValidationMixin` | -                   | Supports the enforcement of custom validation rules                                     |
+| [Event rules](../features/event-rules.md)                  | `EventRulesMixin`       | `event_rules`       | Event rules can send webhooks or run custom scripts automatically in response to events |
+| [Export templates](../customization/export-templates.md)   | `ExportTemplatesMixin`  | `export_templates`  | Users can create custom export templates for these models                               |
+| [Image attachments](../models/extras/imageattachment.md)   | `ImageAttachmentsMixin` | `image_attachments` | Image uploads can be attached to these models                                           |
+| [Jobs](../features/background-jobs.md)                     | `JobsMixin`             | `jobs`              | Background jobs can be scheduled for these models                                       |
+| [Journaling](../features/journaling.md)                    | `JournalingMixin`       | `journaling`        | These models support persistent historical commentary                                   |
+| [Notifications](../features/notifications.md)              | `NotificationsMixin`    | `notifications`     | These models support user notifications                                                 |
+| [Synchronized data](../integrations/synchronized-data.md)  | `SyncedDataMixin`       | `synced_data`       | Certain model data can be automatically synchronized from a remote data source          |
+| [Tagging](../models/extras/tag.md)                         | `TagsMixin`             | `tags`              | The models can be tagged with user-defined tags                                         |
+
+!!! note
+    The above listed features are supported natively by NetBox. Beginning with NetBox v4.4.0, plugins can register their own model features as well.
 
 ## Models Index
 
@@ -34,7 +41,9 @@ These are considered the "core" application models which are used to model netwo
 * [circuits.Provider](../models/circuits/provider.md)
 * [circuits.ProviderAccount](../models/circuits/provideraccount.md)
 * [circuits.ProviderNetwork](../models/circuits/providernetwork.md)
+* [core.DataFile](../models/core/datafile.md)
 * [core.DataSource](../models/core/datasource.md)
+* [core.Job](../models/core/job.md)
 * [dcim.Cable](../models/dcim/cable.md)
 * [dcim.Device](../models/dcim/device.md)
 * [dcim.DeviceType](../models/dcim/devicetype.md)
@@ -44,15 +53,16 @@ These are considered the "core" application models which are used to model netwo
 * [dcim.PowerPanel](../models/dcim/powerpanel.md)
 * [dcim.Rack](../models/dcim/rack.md)
 * [dcim.RackReservation](../models/dcim/rackreservation.md)
+* [dcim.RackType](../models/dcim/racktype.md)
 * [dcim.Site](../models/dcim/site.md)
 * [dcim.VirtualChassis](../models/dcim/virtualchassis.md)
 * [dcim.VirtualDeviceContext](../models/dcim/virtualdevicecontext.md)
 * [ipam.Aggregate](../models/ipam/aggregate.md)
 * [ipam.ASN](../models/ipam/asn.md)
 * [ipam.FHRPGroup](../models/ipam/fhrpgroup.md)
+* [ipam.FHRPGroupAssignment](../models/ipam/fhrpgroupassignment.md)
 * [ipam.IPAddress](../models/ipam/ipaddress.md)
 * [ipam.IPRange](../models/ipam/iprange.md)
-* [ipam.L2VPN](../models/ipam/l2vpn.md)
 * [ipam.Prefix](../models/ipam/prefix.md)
 * [ipam.RouteTarget](../models/ipam/routetarget.md)
 * [ipam.Service](../models/ipam/service.md)
@@ -63,6 +73,13 @@ These are considered the "core" application models which are used to model netwo
 * [tenancy.Tenant](../models/tenancy/tenant.md)
 * [virtualization.Cluster](../models/virtualization/cluster.md)
 * [virtualization.VirtualMachine](../models/virtualization/virtualmachine.md)
+* [vpn.IKEPolicy](../models/vpn/ikepolicy.md)
+* [vpn.IKEProposal](../models/vpn/ikeproposal.md)
+* [vpn.IPSecPolicy](../models/vpn/ipsecpolicy.md)
+* [vpn.IPSecProfile](../models/vpn/ipsecprofile.md)
+* [vpn.IPSecProposal](../models/vpn/ipsecproposal.md)
+* [vpn.L2VPN](../models/vpn/l2vpn.md)
+* [vpn.Tunnel](../models/vpn/tunnel.md)
 * [wireless.WirelessLAN](../models/wireless/wirelesslan.md)
 * [wireless.WirelessLink](../models/wireless/wirelesslink.md)
 
@@ -70,17 +87,20 @@ These are considered the "core" application models which are used to model netwo
 
 Organization models are used to organize and classify primary models.
 
+* [circuits.CircuitGroup](../models/circuits/circuitgroup.md)
 * [circuits.CircuitType](../models/circuits/circuittype.md)
 * [dcim.DeviceRole](../models/dcim/devicerole.md)
 * [dcim.Manufacturer](../models/dcim/manufacturer.md)
 * [dcim.Platform](../models/dcim/platform.md)
 * [dcim.RackRole](../models/dcim/rackrole.md)
+* [ipam.ASNRange](../models/ipam/asnrange.md)
 * [ipam.RIR](../models/ipam/rir.md)
 * [ipam.Role](../models/ipam/role.md)
 * [ipam.VLANGroup](../models/ipam/vlangroup.md)
 * [tenancy.ContactRole](../models/tenancy/contactrole.md)
 * [virtualization.ClusterGroup](../models/virtualization/clustergroup.md)
 * [virtualization.ClusterType](../models/virtualization/clustertype.md)
+* [vpn.TunnelGroup](../models/vpn/tunnelgroup.md)
 
 ### Nested Group Models
 
@@ -107,11 +127,12 @@ Component models represent individual physical or virtual components belonging t
 * [dcim.PowerOutlet](../models/dcim/poweroutlet.md)
 * [dcim.PowerPort](../models/dcim/powerport.md)
 * [dcim.RearPort](../models/dcim/rearport.md)
+* [virtualization.VirtualDisk](../models/virtualization/virtualdisk.md)
 * [virtualization.VMInterface](../models/virtualization/vminterface.md)
 
 ### Component Template Models
 
-These function as templates to effect the replication of device and virtual machine components. Component template models support a limited feature set, including change logging, custom validation, and webhooks.
+These function as templates to effect the replication of device and virtual machine components. Component template models support a limited feature set, including change logging, custom validation, and event rules.
 
 * [dcim.ConsolePortTemplate](../models/dcim/consoleporttemplate.md)
 * [dcim.ConsoleServerPortTemplate](../models/dcim/consoleserverporttemplate.md)
@@ -123,3 +144,10 @@ These function as templates to effect the replication of device and virtual mach
 * [dcim.PowerOutletTemplate](../models/dcim/poweroutlettemplate.md)
 * [dcim.PowerPortTemplate](../models/dcim/powerporttemplate.md)
 * [dcim.RearPortTemplate](../models/dcim/rearporttemplate.md)
+
+### Connection Models
+
+Connection models are used to model the connections, or connection endpoints between models.
+
+* [circuits.CircuitTermination](../models/circuits/circuittermination.md)
+* [vpn.TunnelTermination](../models/vpn/tunneltermination.md)

docs/development/release-checklist.md

@@ -1,12 +1,14 @@
 # Release Checklist
 
-This documentation describes the process of packaging and publishing a new NetBox release. There are three types of release:
+This documentation describes the process of packaging and publishing a new NetBox release. There are three types of releases:
 
-* Major release (e.g. v2.11 to v3.0)
-* Minor release (e.g. v3.2 to v3.3)
-* Patch release (e.g. v3.3.0 to v3.3.1)
+* Major release (e.g. v3.7.8 to v4.0.0)
+* Minor release (e.g. v4.0.10 to v4.1.0)
+* Patch release (e.g. v4.1.0 to v4.1.1)
 
-While major releases generally introduce some very substantial change to the application, they are typically treated the same as minor version increments for the purpose of release packaging.
+While major releases generally introduce some very substantial changes to the application, they are typically treated the same as minor version increments for the purpose of release packaging.
+
+For patch releases (e.g. upgrading from v4.2.2 to v4.2.3), begin at the [patch releases](#patch-releases) heading below. For minor or major releases, complete the entire checklist.
 
 ## Minor Version Releases
 
@@ -19,7 +21,7 @@ Sometimes it becomes necessary to constrain dependencies to a particular version
 djangorestframework==3.8.1
 ```
 
-These version constraints are added to `base_requirements.txt` to ensure that newer packages are not installed when updating the pinned dependencies in `requirements.txt` (see the [Update Requirements](#update-requirements) section below). Before each new minor version of NetBox is released, all such constraints on dependent packages should be addressed if feasible. This guards against the collection of stale constraints over time.
+These version constraints are added to `base_requirements.txt` to ensure that newer packages are not installed when updating the pinned dependencies in `requirements.txt` (see the [Update Requirements](#update-python-dependencies) section below). Before each new minor version of NetBox is released, all such constraints on dependent packages should be addressed if feasible. This guards against the collection of stale constraints over time.
 
 ### Close the Release Milestone
 
@@ -29,6 +31,17 @@ Close the [release milestone](https://github.com/netbox-community/netbox/milesto
 
 Check that a link to the release notes for the new version is present in the navigation menu (defined in `mkdocs.yml`), and that a summary of all major new features has been added to `docs/index.md`.
 
+### Update System Requirements
+
+If a new Django release is adopted or other major dependencies (Python, PostgreSQL, Redis) change:
+
+* Update the installation guide (`docs/installation/index.md`) with the new minimum versions.
+* Update the upgrade guide (`docs/installation/upgrading.md`) for the current version.
+    * Update the minimum versions for each dependency.
+    * Add a new row to the release history table. Bold any version changes for clarity.
+* Update the minimum PostgreSQL version in the programming error template (`netbox/templates/exceptions/programming_error.html`).
+* Update the minimum and supported Python versions in the project metadata file (`pyproject.toml`)
+
 ### Manually Perform a New Install
 
 Start the documentation server and navigate to the current version of the installation docs:
@@ -37,11 +50,25 @@ Start the documentation server and navigate to the current version of the instal
 mkdocs serve
 ```
 
-Follow these instructions to perform a new installation of NetBox in a temporary environment. This process must not be automated: The goal of this step is to catch any errors or omissions in the documentation, and ensure that it is kept up-to-date for each release. Make any necessary changes to the documentation before proceeding with the release.
+Follow these instructions to perform a new installation of NetBox in a temporary environment. This process must not be automated: The goal of this step is to catch any errors or omissions in the documentation and ensure that it is kept up to date for each release. Make any necessary changes to the documentation before proceeding with the release.
 
-### Merge the Release Branch
+### Test Upgrade Paths
 
-Submit a pull request to merge the `feature` branch into the `develop` branch in preparation for its release. Once it has been merged, continue with the section for patch releases below.
+Upgrading from a previous version typically involves database migrations, which must work without errors.
+Test the following supported upgrade paths:
+
+- From one minor version to another within the same major version (e.g. 4.0 to 4.1).
+- From the latest patch version of the previous minor version (e.g. 3.7 to 4.0 or 4.1).
+
+Prior to release, test all these supported paths by loading demo data from the source version and performing:
+
+```no-highlight
+./manage.py migrate
+```
+
+### Merge the `feature` Branch
+
+Submit a pull request to merge the `feature` branch into the `main` branch in preparation for its release. Once it has been merged, continue with the section for the patch releases below.
 
 ### Rebuild Demo Data (After Release)
 
@@ -51,6 +78,15 @@ After the release of a new minor version, generate a new demo data snapshot comp
 
 ## Patch Releases
 
+### Create a Release Branch
+
+Begin by creating a new branch (based on `main`) to effect the release. This will comprise the changes listed below.
+
+```
+git checkout main
+git checkout -B release-vX.Y.Z
+```
+
 ### Notify netbox-docker Project of Any Relevant Changes
 
 Notify the [`netbox-docker`](https://github.com/netbox-community/netbox-docker) maintainers (in **#netbox-docker**) of any changes that may be relevant to their build process, including:
@@ -59,7 +95,7 @@ Notify the [`netbox-docker`](https://github.com/netbox-community/netbox-docker)
 * Increases in minimum versions for service dependencies (PostgreSQL, Redis, etc.)
 * Any changes to the reference installation
 
-### Update Requirements
+### Update Python Dependencies
 
 Before each release, update each of NetBox's Python dependencies to its most recent stable version. These are defined in `requirements.txt`, which is updated from `base_requirements.txt` using `pip`. To do this:
 
@@ -70,6 +106,50 @@ Before each release, update each of NetBox's Python dependencies to its most rec
 
 In cases where upgrading a dependency to its most recent release is breaking, it should be constrained to its current minor version in `base_requirements.txt` with an explanatory comment and revisited for the next major NetBox release (see the [Address Constrained Dependencies](#address-constrained-dependencies) section above).
 
+### Update UI Dependencies
+
+Check whether any UI dependencies (JavaScript packages, fonts, etc.) need to be updated by running `yarn outdated` from within the `project-static/` directory. [Upgrade these dependencies](./web-ui.md#updating-dependencies) as necessary, then run `yarn bundle` to generate the necessary files for distribution:
+
+```
+$ yarn bundle
+yarn run v1.22.19
+$ node bundle.js
+✅ Bundled source file 'styles/external.scss' to 'netbox-external.css'
+✅ Bundled source file 'styles/netbox.scss' to 'netbox.css'
+✅ Bundled source file 'styles/svg/rack_elevation.scss' to 'rack_elevation.css'
+✅ Bundled source file 'styles/svg/cable_trace.scss' to 'cable_trace.css'
+✅ Bundled source file 'index.ts' to 'netbox.js'
+✅ Copied graphiql files
+Done in 1.00s.
+```
+
+### Update & Compile Translations
+
+Updated language translations should be pulled from [Transifex](https://app.transifex.com/netbox-community/netbox/dashboard/) and re-compiled for each new release. First, retrieve any updated translation files using the Transifex CLI client:
+
+```no-highlight
+tx pull --force
+```
+
+Then, compile these portable (`.po`) files for use in the application:
+
+```no-highlight
+./manage.py compilemessages
+```
+
+!!! tip
+    Consult the translation documentation for more detail on [updating translated strings](./translations.md#updating-translated-strings) if you've not set up the Transifex client already.
+
+### Update Version and Changelog
+
+* Update the version number and published date in `netbox/release.yaml`. Add or remove the designation (e.g. `beta1`) if applicable.
+* Copy the version number from `release.yaml` to `pyproject.toml` in the project root.
+* Update the example version numbers in the feature request and bug report templates under `.github/ISSUE_TEMPLATES/`.
+* Add a section for this release at the top of the changelog page for the minor version (e.g. `docs/release-notes/version-4.2.md`) listing all relevant changes made in this release.
+
+!!! tip
+    Put yourself in the shoes of the user when recording change notes. Focus on the effect that each change has for the end user, rather than the specific bits of code that were modified in a PR. Ensure that each message conveys meaning absent context of the initial feature request or bug report. Remember to include keywords or phrases (such as exception names) that can be easily searched.
+
 ### Rebuild the Device Type Definition Schema
 
 Run the following command to update the device type definition validation schema:
@@ -80,41 +160,30 @@ Run the following command to update the device type definition validation schema
 
 This will automatically update the schema file at `contrib/generated_schema.json`.
 
-### Update Version and Changelog
+### Update the OpenAPI Schema
 
-* Update the `VERSION` constant in `settings.py` to the new release version.
-* Update the example version numbers in the feature request and bug report templates under `.github/ISSUE_TEMPLATES/`.
-* Replace the "FUTURE" placeholder in the release notes with the current date.
+Update the static OpenAPI schema definition at `contrib/openapi.json` with the management command below. If the schema file is up-to-date, only the NetBox version will be changed.
 
-Commit these changes to the `develop` branch and push upstream.
-
-### Verify CI Build Status
-
-Ensure that continuous integration testing on the `develop` branch is completing successfully. If it fails, take action to correct the failure before proceding with the release.
+```nohighlight
+./manage.py spectacular --format openapi-json > ../contrib/openapi.json
+```
 
 ### Submit a Pull Request
 
-Submit a pull request titled **"Release vX.Y.Z"** to merge the `develop` branch into `master`. Copy the documented release notes into the pull request's body.
+Commit the above changes and submit a pull request titled **"Release vX.Y.Z"** to merge the current release branch (e.g. `release-vX.Y.Z`) into `main`. Copy the documented release notes into the pull request's body.
 
-Once CI has completed on the PR, merge it. This effects a new release in the `master` branch.
+Once CI has completed and a colleague has reviewed the PR, merge it. This effects a new release in the `main` branch.
+
+!!! warning
+    To ensure a streamlined review process, the pull request for a release **must** be limited to the changes outlined in this document. A release PR must never include functional changes to the application: Any unrelated "cleanup" needs to be captured in a separate PR prior to the release being shipped.
 
 ### Create a New Release
 
 Create a [new release](https://github.com/netbox-community/netbox/releases/new) on GitHub with the following parameters.
 
-* **Tag:** Current version (e.g. `v3.3.1`)
-* **Target:** `master`
-* **Title:** Version and date (e.g. `v3.3.1 - 2022-08-25`)
-* **Description:** Copy from the pull request body
+* **Tag:** Current version (e.g. `v4.2.1`)
+* **Target:** `main`
+* **Title:** Version and date (e.g. `v4.2.1 - 2025-01-17`)
+* **Description:** Copy from the pull request body, then promote the `###` headers to `##` ones
 
 Once created, the release will become available for users to install.
-
-### Update the Development Version
-
-On the `develop` branch, update `VERSION` in `settings.py` to point to the next release. For example, if you just released v3.3.1, set:
-
-```
-VERSION = 'v3.3.2-dev'
-```
-
-Commit this change with the comment "PRVB" (for _post-release version bump_) and push the commit upstream.

docs/development/search.md

@@ -17,6 +17,7 @@ class MyModelIndex(SearchIndex):
         ('description', 500),
         ('comments', 5000),
     )
+    display_attrs = ('site', 'device', 'status', 'description')
 ```
 
 A SearchIndex subclass defines both its model and a list of two-tuples specifying which model fields to be indexed and the weight (precedence) associated with each. Guidance on weight assignment for fields is provided below.

docs/development/signals.md

@@ -9,3 +9,27 @@ This signal is sent by models which inherit from `CustomValidationMixin` at the
 ### Receivers
 
 * `extras.signals.run_custom_validators()`
+
+## core.job_start
+
+This signal is sent whenever a [background job](../features/background-jobs.md) is started.
+
+### Receivers
+
+* `extras.signals.process_job_start_event_rules()`
+
+## core.job_end
+
+This signal is sent whenever a [background job](../features/background-jobs.md) is terminated.
+
+### Receivers
+
+* `extras.signals.process_job_end_event_rules()`
+
+## core.pre_sync
+
+This signal is sent when the [DataSource](../models/core/datasource.md) model's `sync()` method is called.
+
+## core.post_sync
+
+This signal is sent when a [DataSource](../models/core/datasource.md) finishes synchronizing.

docs/development/style-guide.md

@@ -1,6 +1,6 @@
 # Style Guide
 
-NetBox generally follows the [Django style guide](https://docs.djangoproject.com/en/stable/internals/contributing/writing-code/coding-style/), which is itself based on [PEP 8](https://www.python.org/dev/peps/pep-0008/). [Pycodestyle](https://github.com/pycqa/pycodestyle) is used to validate code formatting, ignoring certain violations.
+NetBox generally follows the [Django style guide](https://docs.djangoproject.com/en/stable/internals/contributing/writing-code/coding-style/), which is itself based on [PEP 8](https://www.python.org/dev/peps/pep-0008/). [ruff](https://docs.astral.sh/ruff/) is used for linting (with certain [exceptions](#linter-exceptions)).
 
 ## Code
 
@@ -20,32 +20,32 @@ NetBox generally follows the [Django style guide](https://docs.djangoproject.com
 
 * Nested API serializers generate minimal representations of an object. These are stored separately from the primary serializers to avoid circular dependencies. Always import nested serializers from other apps directly. For example, from within the DCIM app you would write `from ipam.api.nested_serializers import NestedIPAddressSerializer`.
 
-### PEP 8 Exceptions
+### Linting
 
-NetBox ignores certain PEP8 assertions. These are listed below.
+The [ruff](https://docs.astral.sh/ruff/) linter is used to enforce code style, and is run automatically by [pre-commit](./getting-started.md#5-install-pre-commit). To invoke `ruff` manually, run:
 
-#### Wildcard Imports
+```
+ruff check netbox/
+```
+
+#### Linter Exceptions
+
+The following rules are ignored when linting.
+
+##### [E501](https://docs.astral.sh/ruff/rules/line-too-long/): Line too long
+
+NetBox does not enforce a hard restriction on line length, although a maximum length of 120 characters is strongly encouraged for Python code where possible. The maximum length does not apply to HTML templates or to automatically generated code (e.g. database migrations).
+
+##### [F403](https://docs.astral.sh/ruff/rules/undefined-local-with-import-star/): Undefined local with import star
 
 Wildcard imports (for example, `from .constants import *`) are acceptable under any of the following conditions:
 
 * The library being import contains only constant declarations (e.g. `constants.py`)
 * The library being imported explicitly defines `__all__`
 
-#### Maximum Line Length (E501)
+##### [F405](https://docs.astral.sh/ruff/rules/undefined-local-with-import-star-usage/): Undefined local with import star usage
 
-NetBox does not restrict lines to a maximum length of 79 characters. We use a maximum line length of 120 characters, however this is not enforced by CI. The maximum length does not apply to HTML templates or to automatically generated code (e.g. database migrations).
-
-#### Line Breaks Following Binary Operators (W504)
-
-Line breaks are permitted following binary operators.
-
-### Enforcing Code Style
-
-The [`pycodestyle`](https://pypi.org/project/pycodestyle/) utility (formerly `pep8`) is used by the CI process to enforce code style. A [pre-commit hook](./getting-started.md#2-enable-pre-commit-hooks) which runs this automatically is included with NetBox. To invoke `pycodestyle` manually, run:
-
-```
-pycodestyle --ignore=W504,E501 netbox/
-```
+The justification for ignoring this rule is the same as F403 above.
 
 ### Introducing New Dependencies
 
@@ -76,4 +76,4 @@ When adding a new dependency, a short description of the package and the URL of
 
 * When referring to NetBox in writing, use the proper form "NetBox," with the letters N and B capitalized. The lowercase form "netbox" should be used in code, filenames, etc. but never "Netbox" or any other deviation.
 
-* There is an SVG form of the NetBox logo at [docs/netbox_logo.svg](../netbox_logo.svg). It is preferred to use this logo for all purposes as it scales to arbitrary sizes without loss of resolution. If a raster image is required, the SVG logo should be converted to a PNG image of the prescribed size.
+* There are SVG forms of the NetBox logo for both [light mode](../netbox_logo_light.svg) and [dark mode](../netbox_logo_dark.svg) available. It is preferred to use the SVG logo for all purposes as it scales to arbitrary sizes without loss of resolution. If a raster image is required, the SVG logo should be converted to a PNG image of the desired size.

docs/development/translations.md

@@ -0,0 +1,61 @@
+# Translations
+
+NetBox coordinates all translation work using the [Transifex](https://explore.transifex.com/netbox-community/netbox/) platform. Signing up for a Transifex account is free.
+
+All language translations in NetBox are generated from the source file found at `netbox/translations/en/LC_MESSAGES/django.po`. This file contains the original English strings with empty mappings, and is generated as part of NetBox's release process. Transifex updates source strings from this file on a recurring basis, so new translation strings will appear in the platform automatically as it is updated in the code base.
+
+Reviewers log into Transifex and navigate to their designated language(s) to translate strings. The initial translation for most strings will be machine-generated via the AWS Translate service. Human reviewers are responsible for reviewing these translations and making corrections where necessary.
+
+## Updating Translation Sources
+
+To update the English `.po` file from which all translations are derived, use the `makemessages` management command (ignoring the `project-static/` directory):
+
+```nohighlight
+./manage.py makemessages -l en -i "project-static/*"
+```
+
+Then, commit the change and push to the `main` branch on GitHub. Any new strings will appear for translation on Transifex automatically.
+
+!!! note
+    It is typically not necessary to update source strings manually, as this is done nightly by a [GitHub action](https://github.com/netbox-community/netbox/blob/main/.github/workflows/update-translation-strings.yml).
+
+## Updating Translated Strings
+
+Typically, translated strings need to be updated only as part of the NetBox [release process](./release-checklist.md).
+
+Check the Transifex dashboard for languages that are not marked _ready for use_, being sure to click _Show all languages_ if it appears at the bottom of the list. Use machine translation to round out any not-ready languages. It's not necessary to review the machine translation immediately as the translation teams will handle that aspect; the goal at this stage is to get translations included in the Transifex pull request.
+
+To download translated strings automatically, you'll need to:
+
+1. Install the [Transifex CLI client](https://github.com/transifex/cli)
+2. Generate a [Transifex API token](https://app.transifex.com/user/settings/api/)
+
+Once you have the client set up, run the following command from the project root (e.g. `/opt/netbox/`):
+
+```no-highlight
+TX_TOKEN=$TOKEN tx pull --force
+```
+
+This will download all portable (`.po`) translation files from Transifex, updating them locally as needed. (The `--force` argument instructs the client to disregard the timestamps of local translation files.)
+
+Once retrieved, the updated strings need to be compiled into new `.mo` files so they can be used by the application. Run Django's [`compilemessages`](https://docs.djangoproject.com/en/stable/ref/django-admin/#django-admin-compilemessages) management command to compile them:
+
+```no-highlight
+./manage.py compilemessages
+```
+
+Once any new `.mo` files have been generated, they need to be committed and pushed back up to GitHub. (Again, this is typically done as part of publishing a new NetBox release.)
+
+!!! tip
+    Run `git status` to check that both `*.mo` & `*.po` files have been updated as expected.
+
+## Proposing New Languages
+
+If you'd like to add support for a new language to NetBox, the first step is to [submit a GitHub issue](https://github.com/netbox-community/netbox/issues/new?assignees=&labels=type%3A+translation&projects=&template=translation.yaml) to capture the proposal. While we'd like to add as many languages as possible, we do need to limit the rate at which new languages are added. New languages will be selected according to community interest and the number of volunteers who sign up as translators.
+
+Once a proposed language has been approved, a NetBox maintainer will:
+
+* Add it to the Transifex platform
+* Designate one or more reviewers
+* Create the initial machine-generated translations for review
+* Add it to the list of supported languages

docs/development/user-preferences.md

@@ -2,6 +2,8 @@
 
 The `users.UserConfig` model holds individual preferences for each user in the form of JSON data. This page serves as a manifest of all recognized user preferences in NetBox.
 
+For end‑user guidance on resetting saved table layouts, see [Features > User Preferences](../features/user-preferences.md#clearing-table-preferences).
+
 ## Available Preferences
 
 | Name                     | Description                                                   |
@@ -11,4 +13,3 @@ The `users.UserConfig` model holds individual preferences for each user in the f
 | pagination.placement     | Where to display the paginator controls relative to the table |
 | tables.${table}.columns  | The ordered list of columns to display when viewing the table |
 | tables.${table}.ordering | A list of column names by which the table should be ordered   |
-| ui.colormode             | Light or dark mode in the user interface                      |

docs/development/web-ui.md

@@ -1,25 +1,37 @@
 # Web UI Development
 
+## Code Structure
+
+Most static resources for the NetBox UI are housed within the `netbox/project-static/` directory.
+
+| Path      | Description                                        |
+|-----------|----------------------------------------------------|
+| `dist/`   | Destination path for installed dependencies        |
+| `docs/`   | Local build path for documentation                 |
+| `img/`    | Image files                                        |
+| `js/`     | Miscellaneous JavaScript resources served directly |
+| `src/`    | TypeScript resources (to be compiled into JS)      |
+| `styles/` | Sass resources (to be compiled into CSS)           |
+
 ## Front End Technologies
 
-The NetBox UI is built on languages and frameworks:
+Front end scripting is written in [TypeScript](https://www.typescriptlang.org/), which is a strongly-typed extension to JavaScript. TypeScript is "transpiled" into JavaScript resources which are served to and executed by the client web browser.
 
-### Styling & HTML Elements
+All UI styling is written in [Sass](https://sass-lang.com/), which is an extension to browser-native [Cascading Stylesheets (CSS)](https://developer.mozilla.org/en-US/docs/Web/CSS). Similar to how TypeScript content is transpiled to JavaScript, Sass resources (`.scss` files) are compiled to CSS.
 
-#### [Bootstrap](https://getbootstrap.com/) 5
+## Dependencies
 
-The majority of the NetBox UI is made up of stock Bootstrap components, with some styling modifications and custom components added on an as-needed basis. Bootstrap uses [Sass](https://sass-lang.com/), and NetBox extends Bootstrap's core Sass files for theming and customization.
+The following software is employed by the NetBox user interface.
 
-### Client-side Scripting
-
-#### [TypeScript](https://www.typescriptlang.org/)
-
-All client-side scripting is transpiled from TypeScript to JavaScript and served by Django. In development, TypeScript is an _extremely_ effective tool for accurately describing and checking the code, which leads to significantly fewer bugs, a better development experience, and more predictable/readable code.
-
-As part of the [bundling](#bundling) process, Bootstrap's JavaScript plugins are imported and bundled alongside NetBox's front-end code.
-
-!!! danger "NetBox is jQuery-free"
-    Following the Bootstrap team's deprecation of jQuery in Bootstrap 5, NetBox also no longer uses jQuery in front-end code.
+* [Bootstrap 5](https://getbootstrap.com/) - A popular CSS & JS framework
+* [clipboard.js](https://clipboardjs.com/) - A lightweight package for enabling copy-to-clipboard functionality
+* [flatpickr](https://flatpickr.js.org/) - A lightweight date & time selection widget
+* [gridstack.js](https://gridstackjs.com/) - Enables interactive grid layouts (for the dashboard)
+* [HTMX](https://htmx.org/) - Enables dynamic web interfaces through the use of HTML element attributes
+* [Material Design Icons](https://pictogrammers.com/library/mdi/) - An extensive open source collection of graphical icons, delivered as a web font
+* [query-string](https://www.npmjs.com/package/query-string) - Assists with parsing URL query strings
+* [Tabler](https://tabler.io/) - A web application UI toolkit & theme based on Bootstrap 5
+* [Tom Select](https://tom-select.js.org/) - Provides dynamic selection form fields
 
 ## Guidance
 
@@ -54,6 +66,41 @@ $ yarn
 !!! warning "Check Your Working Directory"
     You need to be in the `netbox/project-static` directory to run the below `yarn` commands.
 
+### Updating Dependencies
+
+Run `yarn outdated` to identify outdated dependencies.
+
+```
+$ yarn outdated
+yarn outdated v1.22.19
+info Color legend :
+ "<red>"    : Major Update backward-incompatible updates
+ "<yellow>" : Minor Update backward-compatible features
+ "<green>"  : Patch Update backward-compatible bug fixes
+Package                          Current Wanted  Latest Workspace Package Type    URL
+bootstrap                        5.3.1   5.3.1   5.3.3  netbox    dependencies    https://getbootstrap.com/
+```
+
+Run `yarn upgrade --latest` to automatically upgrade these packages to their most recent versions.
+
+```
+$ yarn upgrade bootstrap --latest
+yarn upgrade v1.22.19
+[1/4] Resolving packages...
+[2/4] Fetching packages...
+[3/4] Linking dependencies...
+[4/4] Rebuilding all packages...
+success Saved lockfile.
+success Saved 1 new dependency.
+info Direct dependencies
+└─ bootstrap@5.3.3
+info All dependencies
+└─ bootstrap@5.3.3
+Done in 0.95s.
+```
+
+`package.json` will be updated to reflect the new package versions automatically.
+
 ### Bundling
 
 In order for the TypeScript and Sass (SCSS) source files to be usable by a browser, they must first be transpiled (TypeScript → JavaScript, Sass → CSS), bundled, and minified. After making changes to TypeScript or Sass source files, run `yarn bundle`.

docs/extra.css

@@ -5,6 +5,10 @@ img {
     margin-right: auto;
 }
 
+.md-content img {
+    background-color: rgba(255, 255, 255, 0.64);
+}
+
 /* Tables */
 table {
     margin-bottom: 24px;

docs/features/api-integration.md

@@ -8,7 +8,7 @@ NetBox's REST API, powered by the [Django REST Framework](https://www.django-res
 
 ```no-highlight
 curl -s -X POST \
--H "Authorization: Token $TOKEN" \
+-H "Authorization: Bearer $TOKEN" \
 -H "Content-Type: application/json" \
 http://netbox/api/ipam/prefixes/ \
 --data '{"prefix": "192.0.2.0/24", "site": {"name": "Branch 12"}}'
@@ -26,9 +26,9 @@ To learn more about this feature, check out the [GraphQL API documentation](../i
 
 ## Webhooks
 
-A webhook is a mechanism for conveying to some external system a change that took place in NetBox. For example, you may want to notify a monitoring system whenever the status of a device is updated in NetBox. This can be done by creating a webhook for the device model in NetBox and identifying the webhook receiver. When NetBox detects a change to a device, an HTTP request containing the details of the change and who made it be sent to the specified receiver. Webhooks are an excellent mechanism for building event-based automation processes.
+A webhook is a mechanism for conveying to some external system a change that has taken place in NetBox. For example, you may want to notify a monitoring system whenever the status of a device is updated in NetBox. To do this, first create a [webhook](../models/extras/webhook.md) identifying the remote receiver (URL), HTTP method, and any other necessary parameters. Then, define an [event rule](../models/extras/eventrule.md) which is triggered by device changes to transmit the webhook.
 
-To learn more about this feature, check out the [webhooks documentation](../integrations/webhooks.md).
+When NetBox detects a change to a device, an HTTP request containing the details of the change and who made it be sent to the specified receiver. Webhooks are an excellent mechanism for building event-based automation processes. To learn more about this feature, check out the [webhooks documentation](../integrations/webhooks.md).
 
 ## Prometheus Metrics
 

docs/features/authentication-permissions.md

@@ -41,7 +41,7 @@ NetBox integrates with the open source [python-social-auth](https://github.com/p
 * Google
 * Hashicorp Vault
 * Keycloak
-* Microsoft Azure AD
+* Microsoft Entra ID
 * Microsoft Graph
 * Okta
 * OIDC

docs/features/background-jobs.md

@@ -2,9 +2,9 @@
 
 NetBox includes the ability to execute certain functions as background tasks. These include:
 
-* [Report](../customization/reports.md) execution
 * [Custom script](../customization/custom-scripts.md) execution
 * Synchronization of [remote data sources](../integrations/synchronized-data.md)
+* Housekeeping tasks
 
 Additionally, NetBox plugins can enqueue their own background tasks. This is accomplished using the [Job model](../models/core/job.md). Background tasks are executed by the `rqworker` process(es).
 

docs/features/change-logging.md

@@ -8,6 +8,12 @@ When a request is made, a UUID is generated and attached to any change records r
 
 Change records are exposed in the API via the read-only endpoint `/api/extras/object-changes/`. They may also be exported via the web UI in CSV format.
 
+## User Messages
+
+!!! info "This feature was introduced in NetBox v4.4."
+
+When creating, modifying, or deleting an object in NetBox, a user has the option of recording an arbitrary message that will appear in the change record. This can be helpful to capture additional context, such as the reason for the change.
+
 ## Correlating Changes by Request
 
 Every request made to NetBox is assigned a random unique ID that can be used to correlate change records. For example, if you change the status of three sites using the UI's bulk edit feature, you will see three new change records (one for each site) all referencing the same request ID. This shows that all three changes were made as part of the same request.

docs/features/configuration-rendering.md

@@ -39,7 +39,7 @@ When rendered for a specific NetBox device, the template's `device` variable wil
 
 ### Context Data
 
-The objet for which the configuration is being rendered is made available as template context as `device` or `virtualmachine` for devices and virtual machines, respectively. Additionally, NetBox model classes can be accessed by the app or plugin in which they reside. For example:
+The object for which the configuration is being rendered is made available as template context as `device` or `virtualmachine` for devices and virtual machines, respectively. Additionally, NetBox model classes can be accessed by the app or plugin in which they reside. For example:
 
 ```
 There are {{ dcim.Site.objects.count() }} sites.
@@ -70,6 +70,11 @@ This request will trigger resolution of the device's preferred config template i
 
 If no config template has been assigned to any of these three objects, the request will fail.
 
+The configuration can be rendered as JSON or as plaintext by setting the `Accept:` HTTP header. For example:
+
+* `Accept: application/json`
+* `Accept: text/plain`
+
 ### General Purpose Use
 
 NetBox config templates can also be rendered without being tied to any specific device, using a separate general purpose REST API endpoint. Any data included with a POST request to this endpoint will be passed as context data for the template.

docs/features/customization.md

@@ -2,6 +2,8 @@
 
 While NetBox strives to meet the needs of every network, the needs of users to cater to their own unique environments cannot be ignored. NetBox was built with this in mind, and can be customized in many ways to better suit your particular needs.
 
+For end‑user personalization topics (bookmarks, table preferences, language, CSV delimiter, and more), see [Features > User Preferences](../features/user-preferences.md).
+
 ## Tags
 
 Most objects in NetBox can be assigned user-created tags to aid with organization and filtering. Tag values are completely arbitrary: They may be used to store data in key-value pairs, or they may be employed simply as labels against which objects can be filtered. Each tag can also be assigned a color for quicker differentiation in the user interface.
@@ -18,12 +20,6 @@ The `tag` filter can be specified multiple times to match only objects which hav
 GET /api/dcim/devices/?tag=monitored&tag=deprecated
 ```
 
-## Bookmarks
-
-!!! info "This feature was introduced in NetBox v3.6."
-
-Users can bookmark their most commonly visited objects for convenient access. Bookmarks are listed under a user's profile, and can be displayed with custom filtering and ordering on the user's personal dashboard.
-
 ## Custom Fields
 
 While NetBox provides a rather extensive data model out of the box, the need may arise to store certain additional data associated with NetBox objects. For example, you might need to record the invoice ID alongside an installed device, or record an approving authority when creating a new IP prefix. NetBox administrators can create custom fields on built-in objects to meet these needs.
@@ -40,7 +36,7 @@ Custom links allow you to conveniently reference external resources related to N
 http://server.local/vms/?name={{ object.name }}
 ```
 
-Now, when viewing a virtual machine in NetBox, a user will see a handy button with the chosen title and link (complete with the name of the VM being viewed). Both the text and URL of custom links can be templatized in this manner, and custom links can be grouped together into dropdowns for more efficient display.
+Now, when viewing a virtual machine in NetBox, a user will see a handy button with the chosen title and link (complete with the name of the VM being viewed). Both the text and URL of custom links can be templatized in this manner, and custom links can be grouped together into dropdowns for a more efficient display.
 
 To learn more about this feature, check out the [custom link documentation](../customization/custom-links.md).
 

docs/features/event-rules.md

@@ -0,0 +1,32 @@
+# Event Rules
+
+NetBox includes the ability to automatically perform certain functions in response to internal events. These include:
+
+* Executing a [custom script](../customization/custom-scripts.md)
+* Sending a [webhook](../integrations/webhooks.md)
+* Generating [user notifications](../features/notifications.md)
+
+For example, suppose you want to automatically configure a monitoring system to start monitoring a device when its operational status is changed to active, and remove it from monitoring for any other status. You can create a webhook in NetBox for the device model and craft its content and destination URL to effect the desired change on the receiving system. You can then associate an event rule with this webhook and the webhook will be sent automatically by NetBox whenever the configured constraints are met.
+
+Each event must be associated with at least one NetBox object type and at least one event (e.g. create, update, or delete).
+
+## Conditional Event Rules
+
+An event rule may include a set of conditional logic expressed in JSON used to control whether an event triggers for a specific object. For example, you may wish to trigger an event for devices only when the `status` field of an object is "active":
+
+```json
+{
+  "and": [
+    {
+      "attr": "status.value",
+      "value": "active"
+    }
+  ]
+}
+```
+
+For more detail, see the reference documentation for NetBox's [conditional logic](../reference/conditions.md).
+
+## Event Rule Processing
+
+When a change is detected, any resulting events are placed into a Redis queue for processing. This allows the user's request to complete without needing to wait for the outgoing event(s) to be processed. The events are then extracted from the queue by the `rqworker` process. The current event queue and any failed events can be inspected under System > Background Tasks.

docs/features/facilities.md

@@ -46,7 +46,7 @@ Regions will always be listed alphabetically by name within each parent, and the
 
 Like regions, site groups can be arranged in a recursive hierarchy for grouping sites. However, whereas regions are intended for geographic organization, site groups may be used for functional grouping. For example, you might classify sites as corporate, branch, or customer sites in addition to where they are physically located.
 
-The use of both regions and site groups affords to independent but complementary dimensions across which sites can be organized.
+The use of both regions and site groups affords two independent but complementary dimensions across which sites can be organized.
 
 ## Sites
 
@@ -56,6 +56,10 @@ A site typically represents a building within a region and/or site group. Each s
 
 A location can be any logical subdivision within a building, such as a floor or room. Like regions and site groups, locations can be nested into a self-recursive hierarchy for maximum flexibility. And like sites, each location has an operational status assigned to it.
 
+## Rack Types
+
+A rack type represents a unique specification of a rack which exists in the real world. Each rack type can be setup with weight, height, and unit ordering. New racks of this type can then be created in NetBox, and any associated specifications will be automatically replicated from the device type.
+
 ## Racks
 
 Finally, NetBox models each equipment rack as a discrete object within a site and location. These are physical objects into which devices are installed. Each rack can be assigned an operational status, type, facility ID, and other attributes related to inventory tracking. Each rack also must define a height (in rack units) and width, and may optionally specify its physical dimensions.

docs/features/ipam.md

@@ -62,8 +62,8 @@ VRF modeling in NetBox very closely follows what you find in real-world network
 
 An often overlooked component of IPAM, NetBox also tracks autonomous system (AS) numbers and their assignment to sites. Both 16- and 32-bit AS numbers are supported, and like aggregates each ASN is assigned to an authoritative RIR.
 
-## Service Mapping
+## Application Service Mapping
 
 NetBox models network applications as discrete service objects associated with devices and/or virtual machines, and optionally with specific IP addresses attached to those parent objects. These can be used to catalog the applications running on your network for reference by other objects or integrated tools.
 
-To model services in NetBox, begin by creating a service template defining the name, protocol, and port number(s) on which the service listens. This template can then be easily instantiated to "attach" new services to a device or virtual machine. It's also possible to create new services by hand, without a template, however this approach can be tedious.
+To model application services in NetBox, begin by creating an application service template defining the name, protocol, and port number(s) on which the service listens. This template can then be easily instantiated to "attach" new services to a device or virtual machine. It's also possible to create new application services by hand, without a template, however this approach can be tedious.

docs/features/notifications.md

@@ -0,0 +1,8 @@
+# Notifications
+
+NetBox includes a system for generating user notifications, which can be marked as read or deleted by individual users. There are two built-in mechanisms for generating a notification:
+
+* A user can subscribe to an object. When that object is modified, a notification is created to inform the user of the change.
+* An [event rule](./event-rules.md) can be defined to automatically generate a notification for one or more users in response to specific system events.
+
+Additionally, NetBox plugins can generate notifications for their own purposes.

docs/features/synchronized-data.md

@@ -1,6 +1,6 @@
 # Synchronized Data
 
-Several models in NetBox support the automatic synchronization of local data from a designated remote source. For example, [configuration templates](./configuration-rendering.md) defined in NetBox can source their content from text files stored in a remote git repository. This accomplished using the core [data source](../models/core/datasource.md) and [data file](../models/core/datafile.md) models.
+Several models in NetBox support the automatic synchronization of local data from a designated remote source. For example, [configuration templates](./configuration-rendering.md) defined in NetBox can source their content from text files stored in a remote git repository. This is accomplished using the core [data source](../models/core/datasource.md) and [data file](../models/core/datafile.md) models.
 
 To enable remote data synchronization, the NetBox administrator first designates one or more remote data sources. NetBox currently supports the following source types:
 
@@ -13,6 +13,9 @@ To enable remote data synchronization, the NetBox administrator first designates
 !!! info
     Data backends which connect to external sources typically require the installation of one or more supporting Python libraries. The Git backend requires the [`dulwich`](https://www.dulwich.io/) package, and the S3 backend requires the [`boto3`](https://boto3.amazonaws.com/v1/documentation/api/latest/index.html) package. These must be installed within NetBox's environment to enable these backends.
 
+!!! info
+    If you are configuring Git and have `HTTP_PROXIES` configured to use the SOCKS protocol, you will also need to install the [`python_socks`](https://pypi.org/project/python-socks/) Python library.
+
 Each type of remote source has its own configuration parameters. For instance, a git source will ask the user to specify a branch and authentication credentials. Once the source has been created, a synchronization job is run to automatically replicate remote files in the local database.
 
 The following NetBox models can be associated with replicated data files:

docs/features/user-preferences.md

@@ -0,0 +1,60 @@
+# User Preferences
+
+NetBox stores per‑user options that control aspects of the web interface and data display. Preferences persist across sessions and can be managed under **User → Preferences**.
+
+## Table configurations
+
+When a list view is configured using **Configure**, NetBox records the selected columns and ordering as per‑user table preferences for that table. These preferences are applied automatically on subsequent visits.
+
+### Clearing table preferences
+
+Saved table preferences may need to be reset, for example, if a table fails to render or after an upgrade that changes available columns.
+
+To clear saved preferences for one or more tables:
+
+1. Click the username in the top‑right corner.
+2. Select **Preferences** from the dropdown.
+3. Scroll to the **Table Configurations** section.
+4. Select the tables to reset.
+5. Click **Submit** to clear the selected preferences.
+
+After clearing preferences, reopen the list view and use **Configure** to set the desired columns and ordering.
+
+!!! note
+    Per‑user table preferences are distinct from **Table Configs**, which are named, reusable configurations managed under *Customization → Table Configs*. Clearing preferences does not delete any Table Configs. See [Table Configs](../models/extras/tableconfig.md) for details.
+
+## Other preferences
+
+### Language
+Selects the user interface language from installed translations (subject to system configuration).
+
+### Page length
+Sets the default number of rows displayed on paginated tables.
+
+### Paginator placement
+Controls where pagination controls are rendered relative to a table.
+
+### Striped table rows
+Toggles alternating row backgrounds on tables.
+
+### Data format (raw views)
+Sets the default format (JSON or YAML) when rendering raw data blocks.
+
+### CSV delimiter
+Overrides the delimiter used when exporting CSV data.
+
+## Bookmarks
+
+Users can bookmark frequently visited objects for convenient access. Bookmarks appear under the user menu and can be displayed on the personal dashboard using the bookmarks' widget. See [Bookmark](../models/extras/bookmark.md) for model details.
+
+## Notifications and subscriptions
+
+Users may subscribe to objects to receive notifications when changes occur. Notifications are listed under the user menu and can be marked as read or deleted. See [Features > Notifications](notifications.md) and the data‑model references for [Subscription](../models/extras/subscription.md) and [Notification](../models/extras/notification.md).
+
+## Admin defaults
+
+Administrators can define defaults for new users via [`DEFAULT_USER_PREFERENCES`](../configuration/default-values.md#default_user_preferences). Users may override these values under their own preferences.
+
+## See also
+
+- [Development > User Preferences](../development/user-preferences.md) (manifest of recognized preference keys)

docs/features/vpn-tunnels.md

@@ -0,0 +1,49 @@
+# Tunnels
+
+NetBox can model private tunnels formed among virtual termination points across your network. Typical tunnel implementations include GRE, IP-in-IP, and IPSec. A tunnel may be terminated to two or more device or virtual machine interfaces. For convenient organization, tunnels may be assigned to user-defined groups.
+
+```mermaid
+flowchart TD
+    Termination1[TunnelTermination]
+    Termination2[TunnelTermination]
+    Interface1[Interface]
+    Interface2[Interface]
+    Tunnel --> Termination1 & Termination2
+    Termination1 --> Interface1
+    Termination2 --> Interface2
+    Interface1 --> Device
+    Interface2 --> VirtualMachine
+
+click Tunnel "../../models/vpn/tunnel/"
+click TunnelTermination1 "../../models/vpn/tunneltermination/"
+click TunnelTermination2 "../../models/vpn/tunneltermination/"
+```
+
+# IPSec & IKE
+
+NetBox includes robust support for modeling IPSec & IKE policies. These are used to define encryption and authentication parameters for IPSec tunnels.
+
+```mermaid
+flowchart TD
+    subgraph IKEProposals[Proposals]
+    IKEProposal1[IKEProposal]
+    IKEProposal2[IKEProposal]
+    end
+    subgraph IPSecProposals[Proposals]
+    IPSecProposal1[IPSecProposal]
+    IPSecProposal2[IPSecProposal]
+    end
+    IKEProposals --> IKEPolicy
+    IPSecProposals --> IPSecPolicy
+    IKEPolicy & IPSecPolicy--> IPSecProfile
+    IPSecProfile --> Tunnel
+
+click IKEProposal1 "../../models/vpn/ikeproposal/"
+click IKEProposal2 "../../models/vpn/ikeproposal/"
+click IKEPolicy "../../models/vpn/ikepolicy/"
+click IPSecProposal1 "../../models/vpn/ipsecproposal/"
+click IPSecProposal2 "../../models/vpn/ipsecproposal/"
+click IPSecPolicy "../../models/vpn/ipsecpolicy/"
+click IPSecProfile "../../models/vpn/ipsecprofile/"
+click Tunnel "../../models/vpn/tunnel/"
+```

docs/getting-started/planning.md

@@ -17,7 +17,7 @@ Dedicate some time to take stock of your own sources of truth for your infrastru
 
 * **Multiple conflicting sources** for a given domain. For example, there may be multiple versions of a spreadsheet circulating, each of which asserts a conflicting set of data.
 * **Sources with no domain defined.** You may encounter that different teams within your organization use different tools for the same purpose, with no normal definition of when either should be used.
-* **Inaccessible data formatting.** Some tools are better suited for programmatic usage than others. For example, spreadsheets are generally very easy to parse and export, however free-form notes on wiki or similar application are much more difficult to consume.
+* **Inaccessible data formatting.** Some tools are better suited for programmatic usage than others. For example, spreadsheets are generally very easy to parse and export; however, free-form notes on wiki or similar application are much more difficult to consume.
 * **There is no source of truth.** Sometimes you'll find that a source of truth simply doesn't exist for a domain. For example, when assigning IP addresses, operators may be just using any (presumed) available IP from a subnet without ever recording its usage.
 
 See if you can identify each domain of infrastructure data for your organization, and the source of truth for each. Once you have these compiled, you'll need to determine what belongs in NetBox.

docs/index.md

@@ -1,14 +1,15 @@
-![NetBox](netbox_logo.svg "NetBox logo"){style="height: 100px; margin-bottom: 3em"}
+![NetBox](netbox_logo_light.svg#only-light "NetBox logo"){style="height: 100px; margin-bottom: 3em; background: none;"}
+![NetBox](netbox_logo_dark.svg#only-dark "NetBox logo"){style="height: 100px; margin-bottom: 3em; background: none;"}
 
 # The Premier Network Source of Truth
 
 NetBox is the leading solution for modeling and documenting modern networks. By combining the traditional disciplines of IP address management (IPAM) and datacenter infrastructure management (DCIM) with powerful APIs and extensions, NetBox provides the ideal "source of truth" to power network automation. Read on to discover why thousands of organizations worldwide put NetBox at the heart of their infrastructure.
 
-[![NetBox UI](./media/screenshots/netbox-ui.png)](./media/screenshots/netbox-ui.png)
+[![NetBox UI](./media/screenshots/home-light.png)](./media/screenshots/home-light.png)
 
 ## :material-server-network: Built for Networks
 
-Unlike general-purpose CMDBs, NetBox has curated a data model which caters specifically to the needs of network engineers and operators. It delivers a wide assortment of object types carefully crafted to best serve the needs of infrastructure design and documentation. These cover all facets of network technology, from IP address managements to cabling to overlays and more:
+Unlike general-purpose configuration management databases (CMDBs), NetBox has curated a data model which caters specifically to the needs of network engineers and operators. It delivers a wide assortment of object types carefully crafted to best serve the needs of infrastructure design and documentation. These cover all facets of network technology, from IP address managements to cabling to overlays and more:
 
 * Hierarchical regions, sites, and locations
 * Racks, devices, and device components
@@ -32,7 +33,7 @@ In addition to its expansive and robust data model, NetBox offers myriad mechani
 * Custom fields
 * Custom model validation
 * Export templates
-* Webhooks
+* Event rules
 * Plugins
 * REST & GraphQL APIs
 

docs/installation/1-postgresql.md

@@ -2,40 +2,17 @@
 
 This section entails the installation and configuration of a local PostgreSQL database. If you already have a PostgreSQL database service in place, skip to [the next section](2-redis.md).
 
-!!! warning "PostgreSQL 12 or later required"
-    NetBox requires PostgreSQL 12 or later. Please note that MySQL and other relational databases are **not** supported.
+!!! warning "PostgreSQL 14 or later required"
+    NetBox requires PostgreSQL 14 or later. Please note that MySQL and other relational databases are **not** supported.
 
 ## Installation
 
-=== "Ubuntu"
+```no-highlight
+sudo apt update
+sudo apt install -y postgresql
+```
 
-    ```no-highlight
-    sudo apt update
-    sudo apt install -y postgresql
-    ```
-
-=== "CentOS"
-
-    ```no-highlight
-    sudo yum install -y postgresql-server
-    sudo postgresql-setup --initdb
-    ```
-
-    CentOS configures ident host-based authentication for PostgreSQL by default. Because NetBox will need to authenticate using a username and password, modify `/var/lib/pgsql/data/pg_hba.conf` to support MD5 authentication by changing `ident` to `md5` for the lines below:
-
-    ```no-highlight
-    host    all             all             127.0.0.1/32            md5
-    host    all             all             ::1/128                 md5
-    ```
-
-    Once PostgreSQL has been installed, start the service and enable it to run at boot:
-
-    ```no-highlight
-    sudo systemctl start postgresql
-    sudo systemctl enable postgresql
-    ```
-
-Before continuing, verify that you have installed PostgreSQL 12 or later:
+Before continuing, verify that you have installed PostgreSQL 14 or later:
 
 ```no-highlight
 psql -V
@@ -63,6 +40,9 @@ GRANT CREATE ON SCHEMA public TO netbox;
 !!! danger "Use a strong password"
     **Do not use the password from the example.** Choose a strong, random password to ensure secure database authentication for your NetBox installation.
 
+!!! danger "Use UTF8 encoding"
+    Make sure that your database uses `UTF8` encoding (the default for new installations). Especially do not use `SQL_ASCII` encoding, as it can lead to unpredictable and unrecoverable errors. Enter `\l` to check your encoding.
+
 Once complete, enter `\q` to exit the PostgreSQL shell.
 
 ## Verify Service Status

docs/installation/2-redis.md

@@ -4,19 +4,9 @@
 
 [Redis](https://redis.io/) is an in-memory key-value store which NetBox employs for caching and queuing. This section entails the installation and configuration of a local Redis instance. If you already have a Redis service in place, skip to [the next section](3-netbox.md).
 
-=== "Ubuntu"
-
-    ```no-highlight
-    sudo apt install -y redis-server
-    ```
-
-=== "CentOS"
-
-    ```no-highlight
-    sudo yum install -y redis
-    sudo systemctl start redis
-    sudo systemctl enable redis
-    ```
+```no-highlight
+sudo apt install -y redis-server
+```
 
 Before continuing, verify that your installed version of Redis is at least v4.0:
 

docs/installation/3-netbox.md

@@ -6,22 +6,16 @@ This section of the documentation discusses installing and configuring the NetBo
 
 Begin by installing all system packages required by NetBox and its dependencies.
 
-!!! warning "Python 3.8 or later required"
-    NetBox requires Python 3.8, 3.9, 3.10 or 3.11.
+!!! warning "Python 3.12 or later required"
+    NetBox supports only Python 3.12 or later.
 
-=== "Ubuntu"
+```no-highlight
+sudo apt install -y python3 python3-pip python3-venv python3-dev \
+build-essential libxml2-dev libxslt1-dev libffi-dev libpq-dev \
+libssl-dev zlib1g-dev
+```
 
-    ```no-highlight
-    sudo apt install -y python3 python3-pip python3-venv python3-dev build-essential libxml2-dev libxslt1-dev libffi-dev libpq-dev libssl-dev zlib1g-dev
-    ```
-
-=== "CentOS"
-
-    ```no-highlight
-    sudo yum install -y gcc libxml2-devel libxslt-devel libffi-devel libpq-devel openssl-devel redhat-rpm-config
-    ```
-
-Before continuing, check that your installed Python version is at least 3.8:
+Before continuing, check that your installed Python version is at least 3.12:
 
 ```no-highlight
 python3 -V
@@ -29,7 +23,7 @@ python3 -V
 
 ## Download NetBox
 
-This documentation provides two options for installing NetBox: from a downloadable archive, or from the git repository. Installing from a package (option A below) requires manually fetching and extracting the archive for every future update, whereas installation via git (option B) allows for seamless upgrades by re-pulling the `master` branch.
+This documentation provides two options for installing NetBox: from a downloadable archive, or from the git repository. Installing from a package (option A below) requires manually fetching and extracting the archive for every future update, whereas installation via git (option B) allows for seamless upgrades by checking out the latest release tag.
 
 ### Option A: Download a Release Archive
 
@@ -55,28 +49,17 @@ cd /opt/netbox/
 
 If `git` is not already installed, install it:
 
-=== "Ubuntu"
-
-    ```no-highlight
-    sudo apt install -y git
-    ```
-
-=== "CentOS"
-
-    ```no-highlight
-    sudo yum install -y git
-    ```
-
-Next, clone the **master** branch of the NetBox GitHub repository into the current directory. (This branch always holds the current stable release.)
-
 ```no-highlight
-sudo git clone -b master --depth 1 https://github.com/netbox-community/netbox.git .
+sudo apt install -y git
 ```
 
-!!! note
-    The `git clone` command above utilizes a "shallow clone" to retrieve only the most recent commit. If you need to download the entire history, omit the `--depth 1` argument.
+Next, clone the git repository:
 
-The `git clone` command should generate output similar to the following:
+```no-highlight
+sudo git clone https://github.com/netbox-community/netbox.git .
+```
+
+This command should generate output similar to the following:
 
 ```
 Cloning into '.'...
@@ -88,31 +71,24 @@ Receiving objects: 100% (996/996), 4.26 MiB | 9.81 MiB/s, done.
 Resolving deltas: 100% (148/148), done.
 ```
 
-!!! note
-    Installation via git also allows you to easily try out different versions of NetBox. To check out a [specific NetBox release](https://github.com/netbox-community/netbox/releases), use the `git checkout` command with the desired release tag. For example, `git checkout v3.0.8`.
+Finally, check out the tag for the desired release. You can find these on our [releases page](https://github.com/netbox-community/netbox/releases). Replace `vX.Y.Z` with your selected release tag below.
+
+```
+sudo git checkout vX.Y.Z
+```
+
+Using this installation method enables easy upgrades in the future by simply checking out the latest release tag.
 
 ## Create the NetBox System User
 
 Create a system user account named `netbox`. We'll configure the WSGI and HTTP services to run under this account. We'll also assign this user ownership of the media directory. This ensures that NetBox will be able to save uploaded files.
 
-=== "Ubuntu"
-
-    ```
-    sudo adduser --system --group netbox
-    sudo chown --recursive netbox /opt/netbox/netbox/media/
-    sudo chown --recursive netbox /opt/netbox/netbox/reports/
-    sudo chown --recursive netbox /opt/netbox/netbox/scripts/
-    ```
-
-=== "CentOS"
-
-    ```
-    sudo groupadd --system netbox
-    sudo adduser --system -g netbox netbox
-    sudo chown --recursive netbox /opt/netbox/netbox/media/
-    sudo chown --recursive netbox /opt/netbox/netbox/reports/
-    sudo chown --recursive netbox /opt/netbox/netbox/scripts/
-    ```
+```
+sudo adduser --system --group netbox
+sudo chown --recursive netbox /opt/netbox/netbox/media/
+sudo chown --recursive netbox /opt/netbox/netbox/reports/
+sudo chown --recursive netbox /opt/netbox/netbox/scripts/
+```
 
 ## Configuration
 
@@ -126,13 +102,13 @@ sudo cp configuration_example.py configuration.py
 Open `configuration.py` with your preferred editor to begin configuring NetBox. NetBox offers [many configuration parameters](../configuration/index.md), but only the following four are required for new installations:
 
 * `ALLOWED_HOSTS`
-* `DATABASE`
+* `DATABASES` (or `DATABASE`)
 * `REDIS`
 * `SECRET_KEY`
 
 ### ALLOWED_HOSTS
 
-This is a list of the valid hostnames and IP addresses by which this server can be reached. You must specify at least one name or IP address. (Note that this does not restrict the locations from which NetBox may be accessed: It is merely for [HTTP host header validation](https://docs.djangoproject.com/en/3.0/topics/security/#host-headers-virtual-hosting).)
+This is a list of the valid hostnames and IP addresses by which this server can be reached. You must specify at least one name or IP address. (Note that this does not restrict the locations from which NetBox may be accessed: It is merely for [HTTP host header validation](https://docs.djangoproject.com/en/stable/topics/security/#host-headers-virtual-hosting).)
 
 ```python
 ALLOWED_HOSTS = ['netbox.example.com', '192.0.2.123']
@@ -144,18 +120,39 @@ If you are not yet sure what the domain name and/or IP address of the NetBox ins
 ALLOWED_HOSTS = ['*']
 ```
 
-### DATABASE
+### API_TOKEN_PEPPERS
 
-This parameter holds the database configuration details. You must define the username and password used when you configured PostgreSQL. If the service is running on a remote host, update the `HOST` and `PORT` parameters accordingly. See the [configuration documentation](../configuration/required-parameters.md#database) for more detail on individual parameters.
+Define at least one random cryptographic pepper, identified by a numeric ID starting at 1. This will be used to generate SHA256 checksums for API tokens.
 
 ```python
-DATABASE = {
-    'NAME': 'netbox',               # Database name
-    'USER': 'netbox',               # PostgreSQL username
-    'PASSWORD': 'J5brHrAXFLQSif0K', # PostgreSQL password
-    'HOST': 'localhost',            # Database server
-    'PORT': '',                     # Database port (leave blank for default)
-    'CONN_MAX_AGE': 300,            # Max database connection age (seconds)
+API_TOKEN_PEPPERS = {
+    # DO NOT USE THIS EXAMPLE PEPPER IN PRODUCTION
+    1: 'kp7ht*76fiQAhUi5dHfASLlYUE_S^gI^(7J^K5M!LfoH@vl&b_',
+}
+```
+
+!!! tip
+    As with [`SECRET_KEY`](#secret_key) below, you can use the `generate_secret_key.py` script to generate a random pepper:
+    ```no-highlight
+    python3 ../generate_secret_key.py
+    ```
+
+### DATABASES
+
+This parameter holds the PostgreSQL database configuration details. The default database must be defined; additional databases may be defined as needed e.g. by plugins.
+
+A username and password must be defined for the default database. If the service is running on a remote host, update the `HOST` and `PORT` parameters accordingly. See the [configuration documentation](../configuration/required-parameters.md#databases) for more detail on individual parameters.
+
+```python
+DATABASES = {
+    'default': {
+        'NAME': 'netbox',               # Database name
+        'USER': 'netbox',               # PostgreSQL username
+        'PASSWORD': 'J5brHrAXFLQSif0K', # PostgreSQL password
+        'HOST': 'localhost',            # Database server
+        'PORT': '',                     # Database port (leave blank for default)
+        'CONN_MAX_AGE': 300,            # Max database connection age (seconds)
+    }
 }
 ```
 
@@ -205,7 +202,7 @@ All Python packages required by NetBox are listed in `requirements.txt` and will
 
 ### Remote File Storage
 
-By default, NetBox will use the local filesystem to store uploaded files. To use a remote filesystem, install the [`django-storages`](https://django-storages.readthedocs.io/en/stable/) library and configure your [desired storage backend](../configuration/system.md#storage_backend) in `configuration.py`.
+By default, NetBox will use the local filesystem to store uploaded files. To use a remote filesystem, install the [`django-storages`](https://django-storages.readthedocs.io/en/stable/) library and configure your [desired storage backend](../configuration/system.md#storages) in `configuration.py`.
 
 ```no-highlight
 sudo sh -c "echo 'django-storages' >> /opt/netbox/local_requirements.txt"
@@ -227,13 +224,24 @@ sudo sh -c "echo 'boto3' >> /opt/netbox/local_requirements.txt"
 !!! info
     These packages were previously required in NetBox v3.5 but now are optional.
 
+### Sentry Integration
+
+NetBox may be configured to send error reports to [Sentry](../administration/error-reporting.md) for analysis. This integration requires installation of the `sentry-sdk` Python library.
+
+```no-highlight
+sudo sh -c "echo 'sentry-sdk' >> /opt/netbox/local_requirements.txt"
+```
+
+!!! info
+    Sentry integration was previously included by default in NetBox v3.6 but is now optional.
+
 ## Run the Upgrade Script
 
 Once NetBox has been configured, we're ready to proceed with the actual installation. We'll run the packaged upgrade script (`upgrade.sh`) to perform the following actions:
 
 * Create a Python virtual environment
 * Installs all required Python packages
-* Run database schema migrations
+* Run database schema migrations (skip with `--readonly`)
 * Builds the documentation locally (for offline use)
 * Aggregate static resource files on disk
 
@@ -244,15 +252,18 @@ Once NetBox has been configured, we're ready to proceed with the actual installa
 sudo /opt/netbox/upgrade.sh
 ```
 
-Note that **Python 3.8 or later is required** for NetBox v3.2 and later releases. If the default Python installation on your server is set to a lesser version,  pass the path to the supported installation as an environment variable named `PYTHON`. (Note that the environment variable must be passed _after_ the `sudo` command.)
+Note that **Python 3.12 or later is required** for NetBox v4.5 and later releases. If the default Python installation on your server is set to a lesser version,  pass the path to the supported installation as an environment variable named `PYTHON`. (Note that the environment variable must be passed _after_ the `sudo` command.)
 
 ```no-highlight
-sudo PYTHON=/usr/bin/python3.8 /opt/netbox/upgrade.sh
+sudo PYTHON=/usr/bin/python3.12 /opt/netbox/upgrade.sh
 ```
 
 !!! note
     Upon completion, the upgrade script may warn that no existing virtual environment was detected. As this is a new installation, this warning can be safely ignored.
 
+!!! note
+    To run the script on a node connected to a database in read-only mode, include the `--readonly` parameter. This will skip the application of any database migrations.
+
 ## Create a Super User
 
 NetBox does not come with any predefined user accounts. You'll need to create a super user (administrative account) to be able to log into NetBox. First, enter the Python virtual environment created by the upgrade script:
@@ -270,18 +281,6 @@ cd /opt/netbox/netbox
 python3 manage.py createsuperuser
 ```
 
-## Schedule the Housekeeping Task
-
-NetBox includes a `housekeeping` management command that handles some recurring cleanup tasks, such as clearing out old sessions and expired change records. Although this command may be run manually, it is recommended to configure a scheduled job using the system's `cron` daemon or a similar utility.
-
-A shell script which invokes this command is included at `contrib/netbox-housekeeping.sh`. It can be copied to or linked from your system's daily cron task directory, or included within the crontab directly. (If installing NetBox into a nonstandard path, be sure to update the system paths within this script first.)
-
-```shell
-sudo ln -s /opt/netbox/contrib/netbox-housekeeping.sh /etc/cron.daily/netbox-housekeeping
-```
-
-See the [housekeeping documentation](../administration/housekeeping.md) for further details.
-
 ## Test the Application
 
 At this point, we should be able to run NetBox's development server for testing. We can check by starting a development instance locally.
@@ -308,13 +307,6 @@ Quit the server with CONTROL-C.
 
 Next, connect to the name or IP of the server (as defined in `ALLOWED_HOSTS`) on port 8000; for example, <http://127.0.0.1:8000/>. You should be greeted with the NetBox home page. Try logging in using the username and password specified when creating a superuser.
 
-!!! note
-    By default RHEL based distros will likely block your testing attempts with firewalld. The development server port can be opened with `firewall-cmd` (add `--permanent` if you want the rule to survive server restarts):
-
-    ```no-highlight
-    firewall-cmd --zone=public --add-port=8000/tcp
-    ```
-
 !!! danger "Not for production use"
     The development server is for development and testing purposes only. It is neither performant nor secure enough for production use. **Do not use it in production.**