14884 log error on form validation fail

Closes #20492: Disable API token plaintext retrieval

.github/ISSUE_TEMPLATE/01-feature_request.yaml

@@ -1,5 +1,6 @@
 ---
 name: ✨ Feature Request
+type: Feature
 description: Propose a new NetBox feature or enhancement
 labels: ["type: feature", "status: needs triage"]
 body:
@@ -14,7 +15,7 @@ body:
     attributes:
       label: NetBox version
       description: What version of NetBox are you currently running?
-      placeholder: v4.0.11
+      placeholder: v4.4.3
     validations:
       required: true
   - type: dropdown
@@ -24,6 +25,7 @@ body:
         - Data model extension
         - New functionality
         - Change to existing functionality
+        - Other
     validations:
       required: true
   - type: textarea

.github/ISSUE_TEMPLATE/02-bug_report.yaml

@@ -1,5 +1,6 @@
 ---
 name: 🐛 Bug Report
+type: Bug
 description: Report a reproducible bug in the current release of NetBox
 labels: ["type: bug", "status: needs triage"]
 body:
@@ -7,26 +8,26 @@ body:
     attributes:
       value: >
         **NOTE:** This form is only for reporting _reproducible bugs_ in a current NetBox
-        installation. If you're having trouble with installation or just looking for
-        assistance with using NetBox, please visit our
+        release. If you're having trouble with installation or just looking for assistance
+        using NetBox, please visit our
         [discussion forum](https://github.com/netbox-community/netbox/discussions) instead.
   - type: dropdown
     attributes:
-      label: Deployment Type
+      label: NetBox Edition
       description: >
-        How are you running NetBox? (For issues with the Docker image, please go to the
-        [netbox-docker](https://github.com/netbox-community/netbox-docker) repo.)
+        Users of [NetBox Cloud](https://netboxlabs.com/netbox-cloud/) or
+        [NetBox Enterprise](https://netboxlabs.com/netbox-enterprise/), please contact the
+        [NetBox Labs](https://netboxlabs.com/) support team for assistance to ensure your
+        request receives immediate attention.
       options:
-        - NetBox Cloud
-        - NetBox Enterprise
-        - Self-hosted
+        - NetBox Community
     validations:
       required: true
   - type: input
     attributes:
       label: NetBox Version
       description: What version of NetBox are you currently running?
-      placeholder: v4.0.11
+      placeholder: v4.4.3
     validations:
       required: true
   - type: dropdown
@@ -34,9 +35,9 @@ body:
       label: Python Version
       description: What version of Python are you currently running?
       options:
-        - "3.10"
-        - "3.11"
         - "3.12"
+        - "3.13"
+        - "3.14"
     validations:
       required: true
   - type: textarea

.github/ISSUE_TEMPLATE/03-documentation_change.yaml

@@ -1,5 +1,6 @@
 ---
 name: 📖 Documentation Change
+type: Documentation
 description: Suggest an addition or modification to the NetBox documentation
 labels: ["type: documentation", "status: needs triage"]
 body:
@@ -24,9 +25,12 @@ body:
         - Getting started
         - Configuration
         - Customization
+        - Best practices
         - Integrations/API
         - Plugins
         - Administration
+        - Data model
+        - Reference
         - Development
         - Other
     validations:

.github/ISSUE_TEMPLATE/04-translation.yaml

@@ -1,5 +1,6 @@
 ---
 name: 🌍 Translation
+type: Translation
 description: Request support for a new language in the user interface
 labels: ["type: translation"]
 body:

.github/ISSUE_TEMPLATE/05-housekeeping.yaml

@@ -1,5 +1,6 @@
 ---
 name: 🏡 Housekeeping
+type: Housekeeping
 description: A change pertaining to the codebase itself (developers only)
 labels: ["type: housekeeping"]
 body:

.github/ISSUE_TEMPLATE/06-deprecation.yaml

@@ -1,5 +1,6 @@
 ---
 name: 🗑️ Deprecation
+type: Deprecation
 description: The removal of an existing feature or resource
 labels: ["type: deprecation"]
 body:

.github/ISSUE_TEMPLATE/config.yml

@@ -2,17 +2,17 @@
 blank_issues_enabled: false
 contact_links:
   - name: 📖 Contributing Policy
-    url: https://github.com/netbox-community/netbox/blob/develop/CONTRIBUTING.md
+    url: https://github.com/netbox-community/netbox/blob/main/CONTRIBUTING.md
     about: "Please read through our contributing policy before opening an issue or pull request."
   - name: ❓ Discussion
     url: https://github.com/netbox-community/netbox/discussions
     about: "If you're just looking for help, try starting a discussion instead."
+  - name: 👔 Professional Support
+    url: https://netboxlabs.com/netbox-enterprise/
+    about: "Professional support is available for NetBox Enterprise or Cloud."
   - name: 🌎 Correct a Translation
     url: https://explore.transifex.com/netbox-community/netbox/
     about: "Spot an incorrect translation? You can propose a fix on Transifex."
-  - name: 💡 Plugin Idea
-    url: https://plugin-ideas.netbox.dev
-    about: "Have an idea for a plugin? Head over to the ideas board!"
   - name: 💬 Community Slack
     url: https://netdev.chat
     about: "Join #netbox on the NetDev Community Slack for assistance with installation issues and other problems."

.github/codeql/codeql-config.yml

@@ -0,0 +1,11 @@
+paths-ignore:
+  # Ignore compiled JS
+  - netbox/project-static/dist
+
+query-filters:
+  # Exclude py/url-redirection: NetBox uses safe_for_redirect() wrapper function
+  # which validates all redirects via Django's url_has_allowed_host_and_scheme().
+  # CodeQL's taint tracking doesn't recognize wrapper functions without custom
+  # query configuration. See #20484.
+  - exclude:
+      id: py/url-redirection

.github/workflows/ci.yml

@@ -3,11 +3,15 @@ name: CI
 on:
   push:
     paths-ignore:
+      - '.github/ISSUE_TEMPLATE/**'
+      - '.github/PULL_REQUEST_TEMPLATE.md'
       - 'contrib/**'
       - 'docs/**'
       - 'netbox/translations/**'
   pull_request:
     paths-ignore:
+      - '.github/ISSUE_TEMPLATE/**'
+      - '.github/PULL_REQUEST_TEMPLATE.md'
       - 'contrib/**'
       - 'docs/**'
       - 'netbox/translations/**'
@@ -15,6 +19,11 @@ on:
 permissions:
   contents: read
 
+# Add concurrency group to control job running
+concurrency:
+  group: ${{ github.event_name }}-${{ github.ref }}-${{ github.actor }}
+  cancel-in-progress: true
+
 jobs:
   build:
     runs-on: ubuntu-latest
@@ -22,8 +31,8 @@ jobs:
       NETBOX_CONFIGURATION: netbox.configuration_testing
     strategy:
       matrix:
-        python-version: ['3.10', '3.11', '3.12']
-        node-version: ['18.x']
+        python-version: ['3.12', '3.13']
+        node-version: ['20.x']
     services:
       redis:
         image: redis
@@ -73,7 +82,7 @@ jobs:
       run: |
         python -m pip install --upgrade pip
         pip install -r requirements.txt
-        pip install pycodestyle coverage tblib
+        pip install ruff coverage tblib
 
     - name: Build documentation
       run: mkdocs build
@@ -85,7 +94,7 @@ jobs:
       run: python netbox/manage.py makemigrations --check
 
     - name: Check PEP8 compliance
-      run: pycodestyle --ignore=W504,E501 --exclude=node_modules netbox/
+      run: ruff check netbox/
 
     - name: Check UI ESLint, TypeScript, and Prettier Compliance
       run: yarn --cwd netbox/project-static validate

.github/workflows/close-incomplete-issues.yml

@@ -12,6 +12,7 @@ permissions:
 
 jobs:
   stale:
+    if: github.repository == 'netbox-community/netbox'
     runs-on: ubuntu-latest
     steps:
       - uses: actions/stale@v9

.github/workflows/close-stale-issues.yml

@@ -13,12 +13,13 @@ permissions:
 
 jobs:
   stale:
+    if: github.repository == 'netbox-community/netbox'
     runs-on: ubuntu-latest
     steps:
       - uses: actions/stale@v9
         with:
           # General parameters
-          operations-per-run: 100
+          operations-per-run: 200
           remove-stale-when-updated: false
 
           # Issue parameters
@@ -38,13 +39,14 @@ jobs:
             issues may receive direct feedback. **Do not** attempt to circumvent this
             process by "bumping" the issue; doing so will result in its immediate closure
             and you may be barred from participating in any future discussions. Please see
-            our [contributing guide](https://github.com/netbox-community/netbox/blob/develop/CONTRIBUTING.md).
+            our [contributing guide](https://github.com/netbox-community/netbox/blob/main/CONTRIBUTING.md).
 
           # Pull request parameters
           close-pr-message: >
             This PR has been automatically closed due to lack of activity.
-          days-before-pr-stale: 15
+          days-before-pr-stale: 30
           days-before-pr-close: 15
+          exempt-pr-labels: 'status: blocked'
           stale-pr-label: 'pending closure'
           stale-pr-message: >
             This PR has been automatically marked as stale because it has not had

.github/workflows/codeql.yml

@@ -0,0 +1,42 @@
+name: "CodeQL"
+
+on:
+  push:
+    branches: [ "main", "feature" ]
+  pull_request:
+    branches: [ "main", "feature" ]
+  schedule:
+    - cron: '38 16 * * 4'
+
+jobs:
+  analyze:
+    name: Analyze (${{ matrix.language }})
+    runs-on: ubuntu-latest
+    permissions:
+      security-events: write
+
+    strategy:
+      fail-fast: false
+      matrix:
+        include:
+        - language: actions
+          build-mode: none
+        - language: javascript-typescript
+          build-mode: none
+        - language: python
+          build-mode: none
+    steps:
+    - name: Checkout repository
+      uses: actions/checkout@v4
+
+    - name: Initialize CodeQL
+      uses: github/codeql-action/init@v3
+      with:
+        languages: ${{ matrix.language }}
+        build-mode: ${{ matrix.build-mode }}
+        config-file: .github/codeql/codeql-config.yml
+
+    - name: Perform CodeQL Analysis
+      uses: github/codeql-action/analyze@v3
+      with:
+        category: "/language:${{matrix.language}}"

.github/workflows/lock-threads.yml

@@ -13,9 +13,10 @@ permissions:
 
 jobs:
   lock:
+    if: github.repository == 'netbox-community/netbox'
     runs-on: ubuntu-latest
     steps:
-      - uses: dessant/lock-threads@v5
+      - uses: dessant/lock-threads@1bf7ec25051fe7c00bdd17e6a7cf3d7bfb7dc771 # v5.0.1
         with:
           issue-inactive-days: 90
           pr-inactive-days: 30

.github/workflows/update-translation-strings.yml

@@ -13,13 +13,23 @@ env:
 
 jobs:
   makemessages:
+    if: github.repository == 'netbox-community/netbox'
     runs-on: ubuntu-latest
     env:
       NETBOX_CONFIGURATION: netbox.configuration_testing
 
     steps:
+    - name: Create app token
+      uses: actions/create-github-app-token@v1
+      id: app-token
+      with:
+        app-id: 1076524
+        private-key: ${{ secrets.HOUSEKEEPING_SECRET_KEY }}
+
     - name: Check out repo
       uses: actions/checkout@v4
+      with:
+          token: ${{ steps.app-token.outputs.token }}
 
     - name: Set up Python
       uses: actions/setup-python@v5
@@ -38,7 +48,7 @@ jobs:
       run: python netbox/manage.py makemessages -l ${{ env.LOCALE }}
 
     - name: Commit changes
-      uses: EndBug/add-and-commit@v9
+      uses: EndBug/add-and-commit@a94899bca583c204427a224a7af87c02f9b325d5 # v9.1.4
       with:
         add: 'netbox/translations/'
         default_author: github_actions

.gitignore

@@ -9,6 +9,7 @@ yarn-error.log*
 /netbox/netbox/configuration.py
 /netbox/netbox/ldap_config.py
 /netbox/local/*
+/netbox/media
 /netbox/reports/*
 !/netbox/reports/__init__.py
 /netbox/scripts/*

.pre-commit-config.yaml

@@ -0,0 +1,52 @@
+repos:
+- repo: https://github.com/astral-sh/ruff-pre-commit
+  rev: v0.6.9
+  hooks:
+    - id: ruff
+      name: "Ruff linter"
+      args: [ netbox/ ]
+- repo: local
+  hooks:
+    - id: django-check
+      name: "Django system check"
+      description: "Run Django's internal check for common problems"
+      entry: python netbox/manage.py check
+      language: system
+      pass_filenames: false
+      types: [python]
+    - id: django-makemigrations
+      name: "Django migrations check"
+      description: "Check for any missing Django migrations"
+      entry: python netbox/manage.py makemigrations --check
+      language: system
+      pass_filenames: false
+      types: [python]
+    - id: openapi-check
+      name: "Validate OpenAPI schema"
+      description: "Check for any unexpected changes to the OpenAPI schema"
+      files: api/.*\.py$
+      entry: scripts/verify-openapi.sh
+      language: system
+      pass_filenames: false
+      types: [python]
+    - id: mkdocs-build
+      name: "Build documentation"
+      description: "Build the documentation with mkdocs"
+      files: 'docs/'
+      entry: mkdocs build
+      language: system
+      pass_filenames: false
+    - id: yarn-validate
+      name: "Yarn validate"
+      description: "Check UI ESLint, TypeScript, and Prettier compliance"
+      files: 'netbox/project-static/'
+      entry: yarn --cwd netbox/project-static validate
+      language: system
+      pass_filenames: false
+    - id: verify-bundles
+      name: "Verify static asset bundles"
+      description: "Ensure that any modified static assets have been compiled"
+      files: 'netbox/project-static/'
+      entry: scripts/verify-bundles.sh
+      language: system
+      pass_filenames: false

.tx/config

@@ -0,0 +1,12 @@
+[main]
+host = https://app.transifex.com
+
+[o:netbox-community:p:netbox:r:034999968a7366ba27a8bdf1ab63bf42]
+file_filter            = netbox/translations/<lang>/LC_MESSAGES/django.po
+source_file            = netbox/translations/en/LC_MESSAGES/django.po
+type                   = PO
+minimum_perc           = 0
+resource_name          = django.po
+replace_edited_strings = false
+keep_translations      = false
+

CONTRIBUTING.md

@@ -8,7 +8,7 @@
   </h3>
   <h3>
     :jigsaw: <a href="#jigsaw-creating-plugins">Create a plugin</a> &middot;
-    :rescue_worker_helmet: <a href="#rescue_worker_helmet-become-a-maintainer">Become a maintainer</a> &middot;
+    :briefcase: <a href="#briefcase-looking-for-a-job">Work with us!</a> &middot;
     :heart: <a href="#heart-other-ways-to-contribute">Other ideas</a>
   </h3>
 </div>
@@ -84,7 +84,7 @@ intake policy](https://github.com/netbox-community/netbox/wiki/Issue-Intake-Poli
 
 * It's very important that you not submit a pull request until a relevant issue has been opened **and** assigned to you. Otherwise, you risk wasting time on work that may ultimately not be needed.
 
-* New pull requests should generally be based off of the `develop` branch, rather than `master`. The `develop` branch is used for ongoing development, while `master` is used for tracking stable releases. (If you're developing for an upcoming minor release, use `feature` instead.)
+* New pull requests should generally be based off of the `main` branch. This branch, in keeping with the [trunk-based development](https://trunkbaseddevelopment.com/) approach, is used for ongoing development and bug fixes and always represents the newest stable code, from which releases are periodically branched. (If you're developing for an upcoming minor release, use `feature` instead.)
 
 * In most cases, it is not necessary to add a changelog entry: A maintainer will take care of this when the PR is merged. (This helps avoid merge conflicts resulting from multiple PRs being submitted simultaneously.)
 
@@ -109,21 +109,9 @@ Do you have an idea for something you'd like to build in NetBox, but might not b
 
 Check out our [plugin development tutorial](https://github.com/netbox-community/netbox-plugin-tutorial) to get started!
 
-## :rescue_worker_helmet: Become a Maintainer
+## :briefcase: Looking for a Job?
 
-We're always looking for motivated individuals to join the maintainers team and help drive NetBox's long-term development. Some of our most sought-after skills include:
-
-* Python development with a strong focus on the [Django](https://www.djangoproject.com/) framework
-* Expertise working with PostgreSQL databases
-* Javascript & TypeScript proficiency
-* A knack for web application design (HTML & CSS)
-* Familiarity with git and software development best practices
-* Excellent attention to detail
-* Working experience in the field of network operations & engineering
-
-We generally ask that maintainers dedicate around four hours of work to the project each week on average, which includes both hands-on development and project management tasks such as issue triage. Maintainers are also encouraged (but not required) to attend our bi-weekly Zoom call to catch up on recent items.
-
-Interested? You can contact our lead maintainer, Jeremy Stretch, at jeremy@netbox.dev or on the [NetDev Community Slack](https://netdev.chat/). We'd love to have you on the team!
+At [NetBox Labs](https://netboxlabs.com/), we're always looking for highly skilled and motivated people to join our team. While NetBox is a core part of our product lineup, we have an ever-expanding suite of solutions serving the network automation space. Check out our [current openings](https://netboxlabs.com/careers/) to see if you might be a fit!
 
 ## :heart: Other Ways to Contribute
 

README.md

@@ -1,13 +1,17 @@
 <div align="center">
-  <img src="https://raw.githubusercontent.com/netbox-community/netbox/develop/docs/netbox_logo.svg" width="400" alt="NetBox logo" />
+  <img src="https://raw.githubusercontent.com/netbox-community/netbox/main/docs/netbox_logo_light.svg" width="400" alt="NetBox logo" />
   <p><strong>The cornerstone of every automated network</strong></p>
   <a href="https://github.com/netbox-community/netbox/releases"><img src="https://img.shields.io/github/v/release/netbox-community/netbox" alt="Latest release" /></a>
-  <a href="https://github.com/netbox-community/netbox/blob/master/LICENSE.txt"><img src="https://img.shields.io/badge/license-Apache_2.0-blue.svg" alt="License" /></a>
+  <a href="https://github.com/netbox-community/netbox/blob/main/LICENSE.txt"><img src="https://img.shields.io/badge/license-Apache_2.0-blue.svg" alt="License" /></a>
   <a href="https://github.com/netbox-community/netbox/graphs/contributors"><img src="https://img.shields.io/github/contributors/netbox-community/netbox?color=blue" alt="Contributors" /></a>
   <a href="https://github.com/netbox-community/netbox/stargazers"><img src="https://img.shields.io/github/stars/netbox-community/netbox?style=flat" alt="GitHub stars" /></a>
   <a href="https://explore.transifex.com/netbox-community/netbox/"><img src="https://img.shields.io/badge/languages-15-blue" alt="Languages supported" /></a>
-  <a href="https://github.com/netbox-community/netbox/actions/workflows/ci.yml"><img src="https://github.com/netbox-community/netbox/workflows/CI/badge.svg?branch=master" alt="CI status" /></a>
-  <p></p>
+  <a href="https://github.com/netbox-community/netbox/actions/workflows/ci.yml"><img src="https://github.com/netbox-community/netbox/actions/workflows/ci.yml/badge.svg" alt="CI status" /></a>
+  <p>
+    <strong><a href="https://netboxlabs.com/community/">NetBox Community</a></strong> |
+    <strong><a href="https://netboxlabs.com/netbox-cloud/">NetBox Cloud</a></strong> |
+    <strong><a href="https://netboxlabs.com/netbox-enterprise/">NetBox Enterprise</a></strong>
+  </p>
 </div>
 
 NetBox exists to empower network engineers. Since its release in 2016, it has become the go-to solution for modeling and documenting network infrastructure for thousands of organizations worldwide. As a successor to legacy IPAM and DCIM applications, NetBox provides a cohesive, extensive, and accessible data model for all things networked. By providing a single robust user interface and programmable APIs for everything from cable maps to device configurations, NetBox serves as the central source of truth for the modern network.
@@ -81,18 +85,12 @@ NetBox automatically logs the creation, modification, and deletion of all manage
 * The [official documentation](https://docs.netbox.dev) offers a comprehensive introduction.
 * Check out [our wiki](https://github.com/netbox-community/netbox/wiki/Community-Contributions) for even more projects to get the most out of NetBox!
 
-<p align="center">
-  <a href="https://netboxlabs.com/netbox-cloud/"><img src="docs/media/misc/netbox_cloud.png" alt="NetBox Cloud" /></a><br />
-  Looking for a managed solution? Check out <strong><a href="https://netboxlabs.com/netbox-cloud/">NetBox Cloud</a></strong> or <strong><a href="https://netboxlabs.com/netbox-enterprise/">NetBox Enterprise</a></strong>!
-</p>
-
 ## Get Involved
 
 * Follow [@NetBoxOfficial](https://twitter.com/NetBoxOfficial) on Twitter!
 * Join the conversation on [the discussion forum](https://github.com/netbox-community/netbox/discussions) and [Slack](https://netdev.chat/)!
 * Already a power user? You can [suggest a feature](https://github.com/netbox-community/netbox/issues/new?assignees=&labels=type%3A+feature&template=feature_request.yaml) or [report a bug](https://github.com/netbox-community/netbox/issues/new?assignees=&labels=type%3A+bug&template=bug_report.yaml) on GitHub.
 * Contributions from the community are encouraged and appreciated! Check out our [contributing guide](CONTRIBUTING.md) to get started.
-* [Share your idea](https://plugin-ideas.netbox.dev/) for a new plugin, or [learn how to build one](https://github.com/netbox-community/netbox-plugin-tutorial) yourself!
 
 ## Screenshots
 

SECURITY.md

@@ -14,6 +14,12 @@ Administrators are encouraged to adhere to industry best practices concerning th
 * Prohibit access to your database from clients other than the NetBox application
 * Keep your deployment updated to the most recent stable release
 
+## Compliance Reporting
+
+Please note that security compliance reports (e.g. SOC 2) are provided by NetBox Labs only to customers using NetBox Cloud or NetBox Enterprise. They are not available to users of self-hosted NetBox Community Edition.
+
+If you would like to consider upgrading to NetBox Cloud or Enterprise, please contact `sales@netboxlabs.com`.
+
 ## Reporting a Suspected Vulnerability
 
 If you believe you've uncovered a security vulnerability and wish to report it confidentially, you may do so by emailing `security@netboxlabs.com`. Please ensure that your report meets all the following conditions:
@@ -28,4 +34,4 @@ For any security concerns regarding the community-maintained Docker image for Ne
 
 ### Bug Bounties
 
-As NetBox is provided as free open source software, we do not offer any monetary compensation for vulnerability or bug reports, however your contributions are greatly appreciated.
+As NetBox is provided as free open source software, we do not offer any monetary compensation for vulnerability or bug reports; however, your contributions are greatly appreciated.

base_requirements.txt

@@ -1,6 +1,10 @@
+# Shell text coloring
+# https://github.com/tartley/colorama/blob/master/CHANGELOG.rst
+colorama
+
 # The Python web framework on which NetBox is built
 # https://docs.djangoproject.com/en/stable/releases/
-Django<5.1
+Django==5.2.*
 
 # Django middleware which permits cross-domain API requests
 # https://github.com/adamchainz/django-cors-headers/blob/main/CHANGELOG.rst
@@ -8,21 +12,24 @@ django-cors-headers
 
 # Runtime UI tool for debugging Django
 # https://github.com/jazzband/django-debug-toolbar/blob/main/docs/changes.rst
-# Pinned for DNS looukp bug; see https://github.com/netbox-community/netbox/issues/16454
-# and https://github.com/jazzband/django-debug-toolbar/issues/1927
 django-debug-toolbar
 
 # Library for writing reusable URL query filters
 # https://github.com/carltongibson/django-filter/blob/main/CHANGES.rst
 django-filter
 
+# Django Debug Toolbar extension for GraphiQL
+# https://github.com/flavors/django-graphiql-debug-toolbar/blob/main/CHANGES.rst
+django-graphiql-debug-toolbar
+
 # HTMX utilities for Django
 # https://django-htmx.readthedocs.io/en/latest/changelog.html
 django-htmx
 
 # Modified Preorder Tree Traversal (recursive nesting of objects)
 # https://github.com/django-mptt/django-mptt/blob/main/CHANGELOG.rst
-django-mptt
+# v0.18.0 introduces errant migrations which need to be resolved
+django-mptt==0.17.0
 
 # Context managers for PostgreSQL advisory locks
 # https://github.com/Xof/django-pglocks/blob/master/CHANGES.txt
@@ -44,6 +51,10 @@ django-rich
 # https://github.com/rq/django-rq/blob/master/CHANGELOG.md
 django-rq
 
+# Provides a variety of storage backends
+# https://github.com/jschneier/django-storages/blob/master/CHANGELOG.rst
+django-storages
+
 # Abstraction models for rendering and paginating HTML tables
 # https://github.com/jieter/django-tables2/blob/master/CHANGELOG.md
 django-tables2
@@ -58,7 +69,8 @@ django-timezone-field
 
 # A REST API framework for Django projects
 # https://www.django-rest-framework.org/community/release-notes/
-djangorestframework
+# TODO: Re-evaluate the monkey-patch of get_unique_validators() before upgrading
+djangorestframework==3.16.1
 
 # Sane and flexible OpenAPI 3 schema generation for Django REST framework.
 # https://github.com/tfranzel/drf-spectacular/blob/master/CHANGELOG.rst
@@ -80,21 +92,25 @@ gunicorn
 # https://jinja.palletsprojects.com/changes/
 Jinja2
 
+# JSON schema validation
+# https://github.com/python-jsonschema/jsonschema/blob/main/CHANGELOG.rst
+jsonschema
+
 # Simple markup language for rendering HTML
 # https://python-markdown.github.io/changelog/
 Markdown
 
-# File inclusion plugin for Python-Markdown
-# https://github.com/cmacmackin/markdown-include
-markdown-include
-
 # MkDocs Material theme (for documentation build)
 # https://squidfunk.github.io/mkdocs-material/changelog/
 mkdocs-material
 
 # Introspection for embedded code
 # https://github.com/mkdocstrings/mkdocstrings/blob/main/CHANGELOG.md
-mkdocstrings[python-legacy]
+mkdocstrings
+
+# Python handler for mkdocstrings
+# https://github.com/mkdocstrings/python/blob/main/CHANGELOG.md
+mkdocstrings-python
 
 # Library for manipulating IP prefixes and addresses
 # https://github.com/netaddr/netaddr/blob/master/CHANGELOG.rst
@@ -105,7 +121,8 @@ netaddr
 nh3
 
 # Fork of PIL (Python Imaging Library) for image processing
-# https://github.com/python-pillow/Pillow/blob/main/CHANGES.rst
+# https://github.com/python-pillow/Pillow/releases
+# https://pillow.readthedocs.io/en/stable/releasenotes/
 Pillow
 
 # PostgreSQL database adapter for Python
@@ -120,14 +137,22 @@ PyYAML
 # https://github.com/psf/requests/blob/main/HISTORY.md
 requests
 
-# Social authentication framework
-# https://github.com/python-social-auth/social-core/blob/master/CHANGELOG.md
-social-auth-core
+# rq
+# https://github.com/rq/rq/blob/master/CHANGES.md
+rq
 
 # Django app for social-auth-core
 # https://github.com/python-social-auth/social-app-django/blob/master/CHANGELOG.md
 social-auth-app-django
 
+# Social authentication framework
+# https://github.com/python-social-auth/social-core/blob/master/CHANGELOG.md
+social-auth-core
+
+# Image thumbnail generation
+# https://github.com/jazzband/sorl-thumbnail/blob/master/CHANGES.rst
+sorl-thumbnail
+
 # Strawberry GraphQL
 # https://github.com/strawberry-graphql/strawberry/blob/main/CHANGELOG.md
 strawberry-graphql

contrib/apache.conf

@@ -20,7 +20,7 @@
     Alias /static /opt/netbox/netbox/static
 
     <Directory /opt/netbox/netbox/static>
-        Options Indexes FollowSymLinks MultiViews
+        Options FollowSymLinks MultiViews
         AllowOverride None
         Require all granted
     </Directory>

contrib/generated_schema.json

@@ -12,6 +12,9 @@
                 "left-to-right",
                 "right-to-left",
                 "side-to-rear",
+                "rear-to-side",
+                "bottom-to-top",
+                "top-to-bottom",
                 "passive",
                 "mixed"
             ]
@@ -92,6 +95,7 @@
                         "iec-60320-c8",
                         "iec-60320-c14",
                         "iec-60320-c16",
+                        "iec-60320-c18",
                         "iec-60320-c20",
                         "iec-60320-c22",
                         "iec-60309-p-n-e-4h",
@@ -149,6 +153,7 @@
                         "nema-l15-60p",
                         "nema-l21-20p",
                         "nema-l21-30p",
+                        "nema-l22-20p",
                         "nema-l22-30p",
                         "cs6361c",
                         "cs6365c",
@@ -205,6 +210,7 @@
                         "iec-60320-c7",
                         "iec-60320-c13",
                         "iec-60320-c15",
+                        "iec-60320-c17",
                         "iec-60320-c19",
                         "iec-60320-c21",
                         "iec-60309-p-n-e-4h",
@@ -262,6 +268,7 @@
                         "nema-l15-60r",
                         "nema-l21-20r",
                         "nema-l21-30r",
+                        "nema-l22-20r",
                         "nema-l22-30r",
                         "CS6360C",
                         "CS6364C",
@@ -288,6 +295,7 @@
                         "molex-micro-fit-2x2",
                         "molex-micro-fit-2x4",
                         "dc-terminal",
+                        "eaton-c39",
                         "hdot-cx",
                         "saf-d-grid",
                         "neutrik-powercon-20a",
@@ -322,43 +330,120 @@
                         "100base-lfx",
                         "100base-tx",
                         "100base-t1",
+                        "1000base-bx10-d",
+                        "1000base-bx10-u",
+                        "1000base-cwdm",
+                        "1000base-cx",
+                        "1000base-dwdm",
+                        "1000base-ex",
+                        "1000base-lsx",
+                        "1000base-lx",
+                        "1000base-lx10",
+                        "1000base-sx",
                         "1000base-t",
                         "1000base-tx",
+                        "1000base-zx",
                         "2.5gbase-t",
                         "5gbase-t",
-                        "10gbase-t",
+                        "10gbase-br-d",
+                        "10gbase-br-u",
                         "10gbase-cx4",
+                        "10gbase-er",
+                        "10gbase-lr",
+                        "10gbase-lrm",
+                        "10gbase-lx4",
+                        "10gbase-sr",
+                        "10gbase-t",
+                        "10gbase-zr",
+                        "25gbase-cr",
+                        "25gbase-er",
+                        "25gbase-lr",
+                        "25gbase-sr",
+                        "25gbase-t",
+                        "40gbase-cr4",
+                        "40gbase-er4",
+                        "40gbase-fr4",
+                        "40gbase-lr4",
+                        "40gbase-sr4",
+                        "50gbase-cr",
+                        "50gbase-er",
+                        "50gbase-fr",
+                        "50gbase-lr",
+                        "50gbase-sr",
+                        "100gbase-cr1",
+                        "100gbase-cr2",
+                        "100gbase-cr4",
+                        "100gbase-cr10",
+                        "100gbase-cwdm4",
+                        "100gbase-dr",
+                        "100gbase-er4",
+                        "100gbase-fr1",
+                        "100gbase-lr1",
+                        "100gbase-lr4",
+                        "100gbase-sr1",
+                        "100gbase-sr1.2",
+                        "100gbase-sr2",
+                        "100gbase-sr4",
+                        "100gbase-sr10",
+                        "100gbase-zr",
+                        "200gbase-cr2",
+                        "200gbase-cr4",
+                        "200gbase-dr4",
+                        "200gbase-er4",
+                        "200gbase-fr4",
+                        "200gbase-lr4",
+                        "200gbase-sr2",
+                        "200gbase-sr4",
+                        "200gbase-vr2",
+                        "400gbase-cr4",
+                        "400gbase-dr4",
+                        "400gbase-er8",
+                        "400gbase-fr4",
+                        "400gbase-fr8",
+                        "400gbase-lr4",
+                        "400gbase-lr8",
+                        "400gbase-sr4",
+                        "400gbase-sr4_2",
+                        "400gbase-sr8",
+                        "400gbase-sr16",
+                        "400gbase-vr4",
+                        "400gbase-zr",
+                        "800gbase-cr8",
+                        "800gbase-dr8",
+                        "800gbase-sr8",
+                        "800gbase-vr8",
+                        "100base-x-sfp",
                         "1000base-x-gbic",
                         "1000base-x-sfp",
                         "10gbase-x-sfpp",
-                        "10gbase-x-xfp",
                         "10gbase-x-xenpak",
+                        "10gbase-x-xfp",
                         "10gbase-x-x2",
                         "25gbase-x-sfp28",
-                        "50gbase-x-sfp56",
                         "40gbase-x-qsfpp",
                         "50gbase-x-sfp28",
+                        "50gbase-x-sfp56",
                         "100gbase-x-cfp",
                         "100gbase-x-cfp2",
-                        "200gbase-x-cfp2",
-                        "400gbase-x-cfp2",
                         "100gbase-x-cfp4",
                         "100gbase-x-cxp",
                         "100gbase-x-cpak",
                         "100gbase-x-dsfp",
-                        "100gbase-x-sfpdd",
                         "100gbase-x-qsfp28",
                         "100gbase-x-qsfpdd",
+                        "100gbase-x-sfpdd",
+                        "200gbase-x-cfp2",
                         "200gbase-x-qsfp56",
                         "200gbase-x-qsfpdd",
                         "400gbase-x-qsfp112",
                         "400gbase-x-qsfpdd",
+                        "400gbase-x-cdfp",
+                        "400gbase-x-cfp2",
+                        "400gbase-x-cfp8",
                         "400gbase-x-osfp",
                         "400gbase-x-osfp-rhs",
-                        "400gbase-x-cdfp",
-                        "400gbase-x-cfp8",
-                        "800gbase-x-qsfpdd",
                         "800gbase-x-osfp",
+                        "800gbase-x-qsfpdd",
                         "1000base-kx",
                         "2.5gbase-kx",
                         "5gbase-kr",
@@ -379,6 +464,7 @@
                         "ieee802.11ay",
                         "ieee802.11be",
                         "ieee802.15.1",
+                        "ieee802.15.4",
                         "other-wireless",
                         "gsm",
                         "cdma",
@@ -418,6 +504,7 @@
                         "e3",
                         "xdsl",
                         "docsis",
+                        "moca",
                         "bpon",
                         "epon",
                         "10g-epon",
@@ -463,6 +550,13 @@
                         "passive-48v-2pair",
                         "passive-48v-4pair"
                     ]
+                },
+                "rf_role": {
+                    "type": "string",
+                    "enum": [
+                        "ap",
+                        "station"
+                    ]
                 }
             }
         },
@@ -491,6 +585,9 @@
                         "n",
                         "mrj21",
                         "fc",
+                        "fc-pc",
+                        "fc-upc",
+                        "fc-apc",
                         "lc",
                         "lc-pc",
                         "lc-upc",
@@ -518,6 +615,14 @@
                         "urm-p4",
                         "urm-p8",
                         "splice",
+                        "usb-a",
+                        "usb-b",
+                        "usb-c",
+                        "usb-mini-a",
+                        "usb-mini-b",
+                        "usb-micro-a",
+                        "usb-micro-b",
+                        "usb-micro-ab",
                         "other"
                     ]
                 }
@@ -548,6 +653,9 @@
                         "n",
                         "mrj21",
                         "fc",
+                        "fc-pc",
+                        "fc-upc",
+                        "fc-apc",
                         "lc",
                         "lc-pc",
                         "lc-upc",
@@ -575,6 +683,14 @@
                         "urm-p4",
                         "urm-p8",
                         "splice",
+                        "usb-a",
+                        "usb-b",
+                        "usb-c",
+                        "usb-mini-a",
+                        "usb-mini-b",
+                        "usb-micro-a",
+                        "usb-micro-b",
+                        "usb-micro-ab",
                         "other"
                     ]
                 }

contrib/netbox-housekeeping.service

@@ -1,17 +0,0 @@
-[Unit]
-Description=NetBox Housekeeping Service
-Documentation=https://docs.netbox.dev/
-After=network-online.target
-Wants=network-online.target
-
-[Service]
-Type=simple
-
-User=netbox
-Group=netbox
-WorkingDirectory=/opt/netbox
-
-ExecStart=/opt/netbox/venv/bin/python /opt/netbox/netbox/manage.py housekeeping
-
-[Install]
-WantedBy=multi-user.target

contrib/netbox-housekeeping.sh

@@ -1,9 +0,0 @@
-#!/bin/sh
-# This shell script invokes NetBox's housekeeping management command, which
-# intended to be run nightly. This script can be copied into your system's
-# daily cron directory (e.g. /etc/cron.daily), or referenced directly from
-# within the cron configuration file.
-#
-# If NetBox has been installed into a nonstandard location, update the paths
-# below.
-/opt/netbox/venv/bin/python /opt/netbox/netbox/manage.py housekeeping

contrib/netbox-housekeeping.timer

@@ -1,13 +0,0 @@
-[Unit]
-Description=NetBox Housekeeping Timer
-Documentation=https://docs.netbox.dev/
-After=network-online.target
-Wants=network-online.target
-
-[Timer]
-OnCalendar=daily
-AccuracySec=1h
-Persistent=true
-
-[Install]
-WantedBy=multi-user.target

docs/_theme/partials/copyright.html

@@ -0,0 +1,18 @@
+<div class="md-copyright">
+  {% if config.copyright %}
+    <div class="md-copyright__highlight">
+      {{ config.copyright }}
+    </div>
+  {% endif %}
+  {% if not config.extra.generator == false %}
+    Made with
+    <a href="https://squidfunk.github.io/mkdocs-material/" target="_blank" rel="noopener">
+      Material for MkDocs
+    </a>
+  {% endif %}
+</div>
+{% if not config.extra.build_public %}
+  <div class="md-copyright">
+    ℹ️ Documentation is being served locally
+  </div>
+{% endif %}

docs/administration/authentication/google.md

@@ -0,0 +1,52 @@
+# Google
+
+This guide explains how to configure single sign-on (SSO) support for NetBox using [Google OAuth2](https://developers.google.com/identity/protocols/oauth2/web-server) as an authentication backend.
+
+## Google OAuth2 Configuration
+
+1. Log into [console.cloud.google.com](https://console.cloud.google.com/).
+2. Create new project for NetBox.
+3. Under "APIs and Services" click "OAuth consent screen" and enter the required information.
+4. Under "Credentials," click "Create Credentials" and select "OAuth 2.0 Client ID." Select type "Web application."
+    - "Authorized JavaScript origins" should follow the format `http[s]://<netbox>[:<port>]`
+    - "Authorized redirect URIs" should follow the format `http[s]://<netbox>[:<port>]/oauth/complete/google-oauth2/`
+5. Copy the "Client ID" and "Client Secret" values somewhere convenient.
+
+!!! note
+    Google requires the NetBox hostname to use a public top-level-domain (e.g. `.com`, `.net`). The use of IP addresses is not permitted (except `127.0.0.1`).
+
+For more information, consult [Google's documentation](https://developers.google.com/identity/protocols/oauth2/web-server#prerequisites).
+
+## NetBox Configuration
+
+### 1. Enter configuration parameters
+
+Enter the following configuration parameters in `configuration.py`, substituting your own values:
+
+```python
+REMOTE_AUTH_BACKEND = 'social_core.backends.google.GoogleOAuth2'
+SOCIAL_AUTH_GOOGLE_OAUTH2_KEY = '{CLIENT_ID}'
+SOCIAL_AUTH_GOOGLE_OAUTH2_SECRET = '{CLIENT_SECRET}'
+```
+
+### 2. Restart NetBox
+
+Restart the NetBox services so that the new configuration takes effect. This is typically done with the command below:
+
+```no-highlight
+sudo systemctl restart netbox
+```
+
+## Testing
+
+Log out of NetBox if already authenticated, and click the "Log In" button at top right. You should see the normal login form as well as an option to authenticate using Google. Click that link.
+
+![NetBox Google login form](../../media/authentication/netbox_google_login.png)
+
+You should be redirected to Google's authentication portal. Enter the username/email and password of your test account to continue. You may also be prompted to grant this application access to your account.
+
+![NetBox Google login form](../../media/authentication/google_login_portal.png)
+
+If successful, you will be redirected back to the NetBox UI, and will be logged in as the Google user. You can verify this by navigating to your profile (using the button at top right).
+
+This user account has been replicated locally to NetBox, and can now be assigned groups and permissions.

docs/administration/authentication/microsoft-entra-id.md

@@ -1,8 +1,8 @@
-# Microsoft Azure AD
+# Microsoft Entra ID
 
-This guide explains how to configure single sign-on (SSO) support for NetBox using [Microsoft Azure Active Directory (AD)](https://azure.microsoft.com/en-us/services/active-directory/) as an authentication backend.
+This guide explains how to configure single sign-on (SSO) support for NetBox using [Microsoft Entra ID](https://www.microsoft.com/en-us/security/business/identity-access/microsoft-entra-id) as an authentication backend.
 
-## Azure AD Configuration
+## Entra ID Configuration
 
 ### 1. Create a test user (optional)
 
@@ -25,7 +25,7 @@ Once finished, make note of the application (client) ID; this will be used when
 ![Completed app registration](../../media/authentication/azure_ad_app_registration_created.png)
 
 !!! tip "Multitenant authentication"
-    NetBox also supports multitenant authentication via Azure AD, however it requires a different backend and an additional configuration parameter. Please see the [`python-social-auth` documentation](https://python-social-auth.readthedocs.io/en/latest/backends/azuread.html#tenant-support) for details concerning multitenant authentication.
+    NetBox also supports multitenant authentication via Azure AD; however, it requires a different backend and an additional configuration parameter. Please see the [`python-social-auth` documentation](https://python-social-auth.readthedocs.io/en/latest/backends/azuread.html#tenant-support) for details concerning multitenant authentication.
 
 ### 3. Create a secret
 

docs/administration/authentication/overview.md

@@ -2,7 +2,7 @@
 
 ## Local Authentication
 
-Local user accounts and groups can be created in NetBox under the "Authentication" section in the "Admin" menu. This section is available only to users with the "staff" permission enabled.
+Local user accounts and groups can be created in NetBox under the "Authentication" section in the "Admin" menu.
 
 At a minimum, each user account must have a username and password set. User accounts may also denote a first name, last name, and email address. [Permissions](../permissions.md) may also be assigned to individual users and/or groups as needed.
 
@@ -54,6 +54,7 @@ Icons](https://github.com/google/material-design-icons) icon's name; or be
 `None` for no icon.
 
 For instance, the OIDC backend may be customized with
+
 ```python
 SOCIAL_AUTH_BACKEND_ATTRS = {
     'oidc': ("My awesome SSO", "login"),

docs/administration/error-reporting.md

@@ -4,7 +4,7 @@
 
 ### Enabling Error Reporting
 
-NetBox supports native integration with [Sentry](https://sentry.io/) for automatic error reporting. To enable this functionality, set `SENTRY_ENABLED` to True and define your unique [data source name (DSN)](https://docs.sentry.io/product/sentry-basics/concepts/dsn-explainer/) in `configuration.py`.
+NetBox supports native integration with [Sentry](https://sentry.io/) for automatic error reporting. To enable this functionality, set `SENTRY_ENABLED` to `True` and define your unique [data source name (DSN)](https://docs.sentry.io/product/sentry-basics/concepts/dsn-explainer/) in `configuration.py`.
 
 ```python
 SENTRY_ENABLED = True

docs/administration/housekeeping.md

@@ -1,49 +0,0 @@
-# Housekeeping
-
-NetBox includes a `housekeeping` management command that should be run nightly. This command handles:
-
-* Clearing expired authentication sessions from the database
-* Deleting changelog records older than the configured [retention time](../configuration/miscellaneous.md#changelog_retention)
-* Deleting job result records older than the configured [retention time](../configuration/miscellaneous.md#job_retention)
-* Check for new NetBox releases (if [`RELEASE_CHECK_URL`](../configuration/miscellaneous.md#release_check_url) is set)
-
-This command can be invoked directly, or by using the shell script provided at `/opt/netbox/contrib/netbox-housekeeping.sh`.
-
-## Scheduling
-
-### Using Cron
-
-This script can be linked from your cron scheduler's daily jobs directory (e.g. `/etc/cron.daily`) or referenced directly within the cron configuration file.
-
-```shell
-sudo ln -s /opt/netbox/contrib/netbox-housekeeping.sh /etc/cron.daily/netbox-housekeeping
-```
-
-!!! note
-    On Debian-based systems, be sure to omit the `.sh` file extension when linking to the script from within a cron directory. Otherwise, the task may not run.
-
-### Using Systemd
-
-First, create symbolic links for the systemd service and timer files. Link the existing service and timer files from the `/opt/netbox/contrib/` directory to the `/etc/systemd/system/` directory:
-
-```bash
-sudo ln -s /opt/netbox/contrib/netbox-housekeeping.service /etc/systemd/system/netbox-housekeeping.service
-sudo ln -s /opt/netbox/contrib/netbox-housekeeping.timer /etc/systemd/system/netbox-housekeeping.timer
-```
-
-Then, reload the systemd configuration and enable the timer to start automatically at boot:
-
-```bash
-sudo systemctl daemon-reload
-sudo systemctl enable --now netbox-housekeeping.timer
-```
-
-Check the status of your timer by running:
-
-```bash
-sudo systemctl list-timers --all
-```
-
-This command will show a list of all timers, including your `netbox-housekeeping.timer`. Make sure the timer is active and properly scheduled.
-
-That's it! Your NetBox housekeeping service is now configured to run daily using systemd.

docs/administration/netbox-shell.md

@@ -106,7 +106,7 @@ This approach can span multiple levels of relations. For example, the following
 ```
 
 !!! note
-    While the above query is functional, it's not very efficient. There are ways to optimize such requests, however they are out of scope for this document. For more information, see the [Django queryset method reference](https://docs.djangoproject.com/en/stable/ref/models/querysets/) documentation.
+    While the above query is functional, it's not very efficient. There are ways to optimize such requests; however, they are out of scope for this document. For more information, see the [Django queryset method reference](https://docs.djangoproject.com/en/stable/ref/models/querysets/) documentation.
 
 Reverse relationships can be traversed as well. For example, the following will find all devices with an interface named "em0":
 

docs/administration/replicating-netbox.md

@@ -18,10 +18,10 @@ pg_dump --username netbox --password --host localhost netbox > netbox.sql
 !!! note
     You may need to change the username, host, and/or database in the command above to match your installation.
 
-When replicating a production database for development purposes, you may find it convenient to exclude changelog data, which can easily account for the bulk of a database's size. To do this, exclude the `extras_objectchange` table data from the export. The table will still be included in the output file, but will not be populated with any data.
+When replicating a production database for development purposes, you may find it convenient to exclude changelog data, which can easily account for the bulk of a database's size. To do this, exclude the `core_objectchange` table data from the export. The table will still be included in the output file, but will not be populated with any data.
 
 ```no-highlight
-pg_dump ... --exclude-table-data=extras_objectchange netbox > netbox.sql
+pg_dump ... --exclude-table-data=core_objectchange netbox > netbox.sql
 ```
 
 ### Load an Exported Database
@@ -54,7 +54,7 @@ pg_dump --username netbox --password --host localhost -s netbox > netbox_schema.
 By default, NetBox stores uploaded files (such as image attachments) in its media directory. To fully replicate an instance of NetBox, you'll need to copy both the database and the media files.
 
 !!! note
-    These operations are not necessary if your installation is utilizing a [remote storage backend](../configuration/system.md#storage_backend).
+    These operations are not necessary if your installation is utilizing a [remote storage backend](../configuration/system.md#storages).
 
 ### Archive the Media Directory
 

docs/best-practices/modeling-pluggable-transceivers.md

@@ -0,0 +1,74 @@
+# Modeling Pluggable Transceivers
+
+## Use Case
+
+Many network devices utilize field-swappable [small-form factor pluggable transceivers (SFPs)](https://en.wikipedia.org/wiki/Small_Form-factor_Pluggable) to enable changing the physical media type of a fixed interface. For example, a 10 Gigabit Ethernet interface might be connected using copper, multimode fiber, or single-mode fiber, each of which requires a different type of SFP+ transceiver.
+
+It can be challenging to model SFPs given their dynamic nature. This guide intends to capture the recommended strategy for modeling SFPs on NetBox v4.4 and later.
+
+## Modeling Strategy
+
+Pluggable transceivers are most accurately represented in NetBox as discrete [modules](../models/dcim/module.md) which are installed within [module bays](../models/dcim/modulebay.md). A module can deliver one or more [interfaces](../models/dcim/interface.md) (or other components) to the device in which it is installed. This approach ensures that a new interface is automatically created on the device when the module is installed, and deleted when the module is removed.
+
+```mermaid
+flowchart BT
+    interface1[Interface 1/1]--> module1[SFP]
+    interface2[Interface 2/1]--> module2[SFP]
+    interface3[Interface 3/1] & interface4[Interface 3/2]--> module3[SFP]
+    module1 --> modulebay1[Module Bay 1]
+    module2 --> modulebay2[Module Bay 2]
+    module3 --> modulebay3[Module Bay 3]
+    modulebay1 & modulebay2 & modulebay3 --> device[Device]
+```
+
+### 1. Create an SFP Module Type Profile
+
+If one has not already been defined, create a [module type profile](../models/dcim/moduletypeprofile.md) for SFPs. This profile will be assigned for all module types which represent a pluggable transceiver. Typically, you will need only one profile for all pluggable transceivers.
+
+You might opt to define custom attributes for the profile by defining a custom [JSON schema](https://json-schema.org/). Profile attributes might be used to define characteristics unique to transceivers, such as optical wavelength and power ranges. Adding profile attributes is optional, and can be done at a later point.
+
+!!! note
+    Creating a module type profile is optional, but recommended as it allows for defining custom module attributes.
+
+### 2. Create a Module Type for Each SFP Model in Inventory
+
+Next, create a [module type](../models/dcim/moduletype.md) to represent each unique SFP model present in your network. Each module type should define a manufacturer and a unique model name, and may also include a part number. For example, you might create a module type for each of the following transceivers:
+
+| Manufacturer | Model            | Media Type |
+|--------------|------------------|------------|
+| Cisco        | SFP-10G-SR       | 10GE MMF   |
+| Cisco        | SFP-10G-LR       | 10GE SMF   |
+| Juniper      | QFX-QSFP-40G-SR4 | 40GE MMF   |
+| Juniper      | JNP-QSFP-DAC-5M  | 40GE DAC   |
+
+### 3. Add an Interface to the Module Type
+
+After creating each module type, create an interface template on it to represent its physical interface. The definition of this interface template will depend on the transceiver's physical media type. (Reference the table above for examples.) When a new module is "installed" within a module bay on a device, its templated interface(s) will be automatically instantiated on that device as child interfaces of the module.
+
+Determining which name to use for the transceiver's interface can be tricky, as the interface name might depend on the type of device in which the SFP is installed. To avoid having to rename interfaces, consider using the `{module}` token in place of a static interface name. The interface's name will inherit the position of the bay in which its parent module is installed. If creating multiple interfaces on a module, be sure to append a unique ID (e.g. `{module}:1`) to ensure each interface gets assigned a unique name.
+
+### 4. Create Device Types
+
+If you haven't already, create a [device type](../models/dcim/devicetype.md) to represent each unique device model in your network.
+
+!!! note
+    Skip this step if you've already created the necessary device types.
+
+### 5. Add Module Bays to the Device Type
+
+Once you've created a device type, add the appropriate number of module bays on each device type to represent its SFP slots. For example, a Juniper QFX5110 would have module bays numbered `0/0/0` through `0/0/55`: 48 SFP+ bays and 8 QSFP28 bays (56 total).
+
+Be sure to define both the name **and position** of each module bay with a unique value. The module bay's position will be used to automatically name SFP interfaces.
+
+### 6. Create a Device
+
+Create a new device using the device type added in the previous step. The module bays (and any other components) defined on the device type will be instantiated on the new device automatically.
+
+!!! note
+    If you've already created the necessary devices in NetBox, you'll need to add their module bays manually. You can add multiple module bays at once by selecting the desired devices from the device list and selecting **Add Components > Module Bays** at the bottom of the page.
+
+### 7. Add the SFP Modules
+
+Finally, create each SFP in the new device by "installing" a new module of the appropriate type in each module bay. The interface(s) defined on the selected module type will be automatically populated on the new module. If present, the `{module}` token in the name of each interface template will be replaced with the position of the bay in which the module is being installed. For example, an interface template with the name `et-{module}` being created on a module installed in a bay with position `0/0/14` will create an interface named `et-0/0/14`.
+
+When adding many modules at once, you may find it helpful to utilize NetBox's bulk import functionality. This allows you to create many modules at once from CSV, JSON, or YAML data.

docs/best-practices/performance-handbook.md

@@ -0,0 +1,187 @@
+# Performance Handbook
+
+The purpose of this handbook is to help users and administrators use NetBox efficiently. It contains assorted recommendations and best practices compiled over time, intending to serve a wide variety of use cases. 
+
+## Server Configuration
+
+### WSGI Server Configuration
+
+NetBox operates as a [Web Server Gateway Interface (WSGI)](https://en.wikipedia.org/wiki/Web_Server_Gateway_Interface) application, which sits behind a frontend HTTP server such as nginx or Apache. The HTTP server handles low-level HTTP request processing and serving static assets, and forwards application-level requests to NetBox via WSGI.
+
+A backend WSGI server (typically [Gunicorn](https://gunicorn.org/) or [uWSGI](https://uwsgi-docs.readthedocs.io/en/latest/)) is responsible for running the NetBox application. This is accomplished by initializing a number of WSGI worker processes which accept WSGI requests relayed from the frontend HTTP server.
+
+Tuning your WSGI server is crucial to realizing optimal performance from NetBox. Below are some recommended configuration parameters.
+
+#### Provision Multiple Workers
+
+General guidance is to set the number of worker processes to double the number of CPU cores available, plus one (`2 * CPUs + 1`).
+
+#### Limit the Worker Lifetime
+
+Set a maximum number of requests that a worker can service before being respawned. This helps protect against potential memory leaks.
+
+#### Set a Request Timeout
+
+Limit the time a worker may spend processing any request. This prevents a long-running request from tying up a worker beyond an acceptable threshold. We suggest a limit of 120 seconds as a reasonable safeguard.
+
+#### Bind Using a Unix Socket
+
+When running the HTTP frontend and WSGI server on the same machine, binding via a Unix socket (instead of a TCP socket) may yield slight performance gains.
+
+### NetBox Configuration
+
+NetBox ships with a reasonable default configuration for most environments, but administrators are encouraged to explore all the [available parameters](../configuration/index.md) to tune their installation. Some of the most notable parameters impacting performance are called out below.
+
+#### Reduce the Maximum Page Size
+
+NetBox paginates large result sets to reduce the overall response size. The [`MAX_PAGE_SIZE`](../configuration/miscellaneous.md#max_page_size) parameter specifies the maximum number of results per page that a client can request. This is set to 1,000 by default. Consider lowering this number if you find that API clients are frequently requesting very large result sets.
+
+#### Limit GraphQL Aliases
+
+By default, NetBox restricts a GraphQL query to 10 aliases. Consider reducing this number by setting [`GRAPHQL_MAX_ALIASES`](../configuration/graphql-api.md#graphql_max_aliases) to a lower value.
+
+#### Designate Isolated Deployments
+
+If your NetBox installation does not have Internet access, set [`ISOLATED_DEPLOYMENT`](../configuration/system.md#isolated_deployment) to True. This will prevent the application from attempting routine external requests.
+
+#### Reduce Sentry Sampling
+
+If [Sentry](https://sentry.io/) has been enabled for error reporting and analytics, consider lowering its sampling rate. This can be accomplished by modifying the values for `sample_rate` and `traces_sample_rate` under [`SENTRY_CONFIG`](../configuration/error-reporting.md#sentry_config).
+
+#### Remove Unneeded Event Handlers
+
+Check whether any custom event handlers have been added under [`EVENTS_PIPELINE`](../configuration/miscellaneous.md#events_pipeline). Remove any that are no longer needed.
+
+### Background Task Workers
+
+NetBox defers the execution of certain tasks to background workers via Redis queues serviced by one or more background workers. These workers operate asynchronously from the frontend WSGI workers, and process tasks in the order they are enqueued.
+
+NetBox creates three default queues for background tasks: `high`, `default`, and `low`. Additional queues can be configured via the [`QUEUE_MAPPINGS`](../configuration/miscellaneous.md#queue_mappings) configuration parameter.
+
+By default, a background worker (spawned via `manage.py rqworker`) will listen to all available queues. To improve responsiveness to high-priority background tasks, consider dedicating one or more workers to service the `high` queue only:
+
+```
+$ ./manage.py rqworker high
+19:31:20 Worker 861be45b32214afc95c235beeb19c9fa: started with PID 2300029, version 2.6.0
+19:31:20 Worker 861be45b32214afc95c235beeb19c9fa: subscribing to channel rq:pubsub:861be45b32214afc95c235beeb19c9fa
+19:31:20 *** Listening on high...
+19:31:20 Worker 861be45b32214afc95c235beeb19c9fa: cleaning registries for queue: high
+19:31:20 Scheduler for high started with PID 2300096
+```
+
+## API Clients
+
+### REST API
+
+NetBox's [REST API](../integrations/rest-api.md) is the primary means of integration with external systems, allowing full create, read, update, and delete (CRUD) operations. There are a few performance considerations to keep in mind when dealing with very large data sets.
+
+#### Use "Brief" Mode for Simple Lists
+
+In cases where you need to retrieve only a minimal representation of objects, append `?brief=True` to the URL. This instructs NetBox to omit all fields except the following:
+
+* ID
+* URL
+* Display text
+* Name (or similar identifier)
+* Slug (if present)
+* Description
+* Counts of notable related objects (where applicable)
+
+For example, a site fetched using brief mode returns only the following:
+
+```json
+{
+    "id": 2,
+    "url": "https://netbox/api/dcim/sites/2/",
+    "display": "DM-Akron",
+    "name": "DM-Akron",
+    "slug": "dm-akron",
+    "description": ""
+}
+```
+
+Omitting all other fields (especially those which fetch and return related objects) often results in much faster queries.
+
+#### Declare Selected Fields
+
+If you need more flexibility regarding the fields to be returned for an object type, you can specify a list of fields to include using the `fields` query parameter. For example, a request for `/api/dcim/sites/?fields=id,name,status,region` will return the following:
+
+```json
+{
+    "id": 2,
+    "name": "DM-Akron",
+    "status": {
+        "value": "active",
+        "label": "Active"
+    },
+    "region": {
+        "id": 51,
+        "url": "https://netbox/api/dcim/regions/51/",
+        "display": "Ohio",
+        "name": "Ohio",
+        "slug": "us-oh",
+        "description": "",
+        "site_count": 0,
+        "_depth": 2
+    }
+}
+```
+
+Like brief mode, this approach can significantly reduce the response time of an API request by omitting unneeded data.
+
+#### Employ Pagination
+
+Like the user interface, the REST API employs pagination to limit the number of objects returned in a single response. If a page size is not specified by the request (i.e. by passing `?limit=10`), NetBox will use the default size defined by [`PAGINATE_COUNT`](../configuration/default-values.md#paginate_count). The default page size is 50.
+
+For some requests, especially those using brief mode or a minimal selection of fields, it may be desirable to specify a higher page size, so that fewer requests are needed to retrieve all objects. Appending `?limit=0` to the request effectively seeks to disable pagination. (Note, however, that the requested page size cannot exceed the value of [`MAX_PAGE_SIZE`](../configuration/miscellaneous.md#max_page_size), which defaults to 1,000.)
+
+Complex API requests, which pull in many related objects, generate a relatively high load on the application, and generally benefit from reduced page size. If you find that your API requests are taking an inordinate amount of time, try reducing the page size from the default value so that fewer objects need to be returned for each request.
+
+### GraphQL API
+
+NetBox's read-only [GraphQL API](../integrations/graphql-api.md) offers an alternative to its REST API, and provides a very flexible means of retrieving data. GraphQL enables the client to request any object from a single endpoint, specifying only the desired attributes and relations. Many users prefer this to the more rigid structure of the REST API, but it's important to understand the trade-offs of crafting complex queries.
+
+#### Request Only the Necessary Fields
+
+For optimal performance, craft your GraphQL queries to return only the fields needed by the client. This will reduce the overall query time, especially when omitting related objects.
+
+#### Avoid Overly Complex Queries
+
+The primary benefit of the GraphQL API is that it allows the client to offload to the server the work of stitching together various related objects, which would require the client to make multiple requests to different endpoints if using the REST API. However, this advantage does not come for free: The more information that is requested in a single query, the more work the server needs to do to fetch the raw data from the database and render it into a GraphQL response. Very complex queries can yield dozens or hundreds of SQL queries on the backend, which increase the time it takes to render a response.
+
+While it can be tempting to pack as much data as possible into a single GraphQL query, realize that there is a balance to be struck between minimizing the number of queries needed and avoiding complexity in the interest of performance. For example, while it is possible to retrieve via a single GraphQL API request all the IP addresses and all attached cables for every device in a site, it is probably more efficient (often _much_ more efficient) to make two or three separate requests and correlate the data locally.
+
+#### Use Filters
+
+You can specify filters when making a GraphQL query to limit the set of objects returned. This works a bit differently from the REST API, as filters are declared inside the query statement rather than appended to the URL, but the concept is the same. For example, to return only active sites:
+
+```graphql
+query {
+  site_list(
+    filters: {
+      status: STATUS_ACTIVE
+    }
+  ) {
+    name
+  }
+}
+```
+
+This returns only sites with a status of "active" and avoid needing to parse through all the others. For further information about filters, see the [GraphQL API documentation](../integrations/graphql-api.md).
+
+#### Employ Pagination
+
+Like the REST API, the GraphQL API supports pagination. Queries which return a large number of objects should employ pagination to limit the size of each response.
+
+```graphql
+{
+  device_list(
+    pagination: {limit: 100}
+  ) {
+    id
+    name
+    serial
+    status
+  }
+}
+```

docs/configuration/data-validation.md

@@ -17,7 +17,7 @@ CUSTOM_VALIDATORS = {
         },
         "my_plugin.validators.Validator1"
     ],
-    "dim.device": [
+    "dcim.device": [
         "my_plugin.validators.Validator1"
     ]
 }

docs/configuration/default-values.md

@@ -4,7 +4,7 @@
 
 This parameter controls the content and layout of user's default dashboard. Once the dashboard has been created, the user is free to customize it as they please by adding, removing, and reconfiguring widgets.
 
-This parameter must specify an iterable of dictionaries, each representing a discrete dashboard widget and its configuration. The follow widget attributes are supported:
+This parameter must specify an iterable of dictionaries, each representing a discrete dashboard widget and its configuration. The following widget attributes are supported:
 
 * `widget`: Dotted path to the Python class (required)
 * `width`: Default widget width (between 1 and 12, inclusive)
@@ -63,13 +63,15 @@ DEFAULT_USER_PREFERENCES = {
 
 For a complete list of available preferences, log into NetBox and navigate to `/user/preferences/`. A period in a preference name indicates a level of nesting in the JSON data. The example above maps to `pagination.per_page`.
 
+See also: [Clearing table preferences](../features/user-preferences.md#clearing-table-preferences) for resolving errors caused by saved table columns or ordering.
+
 ---
 
 ## PAGINATE_COUNT
 
 !!! tip "Dynamic Configuration Parameter"
 
-Default: 50
+Default: `50`
 
 The default maximum number of objects to display per page within each list of objects.
 
@@ -79,7 +81,7 @@ The default maximum number of objects to display per page within each list of ob
 
 !!! tip "Dynamic Configuration Parameter"
 
-Default: 15
+Default: `15`
 
 The default value for the `amperage` field when creating new power feeds.
 
@@ -89,7 +91,7 @@ The default value for the `amperage` field when creating new power feeds.
 
 !!! tip "Dynamic Configuration Parameter"
 
-Default: 80
+Default: `80`
 
 The default value (percentage) for the `max_utilization` field when creating new power feeds.
 
@@ -99,7 +101,7 @@ The default value (percentage) for the `max_utilization` field when creating new
 
 !!! tip "Dynamic Configuration Parameter"
 
-Default: 120
+Default: `120`
 
 The default value for the `voltage` field when creating new power feeds.
 
@@ -109,7 +111,7 @@ The default value for the `voltage` field when creating new power feeds.
 
 !!! tip "Dynamic Configuration Parameter"
 
-Default: 22
+Default: `22`
 
 Default height (in pixels) of a unit within a rack elevation. For best results, this should be approximately one tenth of `RACK_ELEVATION_DEFAULT_UNIT_WIDTH`.
 
@@ -119,6 +121,6 @@ Default height (in pixels) of a unit within a rack elevation. For best results,
 
 !!! tip "Dynamic Configuration Parameter"
 
-Default: 220
+Default: `220`
 
 Default width (in pixels) of a unit within a rack elevation.

docs/configuration/development.md

@@ -2,7 +2,7 @@
 
 ## DEBUG
 
-Default: False
+Default: `False`
 
 This setting enables debugging. Debugging should be enabled only during development or troubleshooting. Note that only
 clients which access NetBox from a recognized [internal IP address](./system.md#internal_ips) will see debugging tools in the user
@@ -16,6 +16,6 @@ interface.
 
 ## DEVELOPER
 
-Default: False
+Default: `False`
 
 This parameter serves as a safeguard to prevent some potentially dangerous behavior, such as generating new database schema migrations. Additionally, enabling this setting disables the debug warning banner in the UI. Set this to `True` **only** if you are actively developing the NetBox code base.

docs/configuration/error-reporting.md

@@ -1,10 +1,35 @@
 # Error Reporting Settings
 
+## SENTRY_CONFIG
+
+A dictionary mapping keyword arguments to values, to be passed to `sentry_sdk.init()`. See the [Sentry Python SDK documentation](https://docs.sentry.io/platforms/python/) for more information on supported parameters.
+
+The default configuration is shown below:
+
+```python
+{
+    "sample_rate": 1.0,
+    "send_default_pii": False,
+    "traces_sample_rate": 0,
+}
+```
+
+Additionally, `http_proxy` and `https_proxy` are set to the HTTP and HTTPS proxies, respectively, configured for NetBox (if any).
+
 ## SENTRY_DSN
 
-Default: None
+!!! warning "This parameter will be removed in NetBox v4.5."
+    Set this using `SENTRY_CONFIG` instead:
 
-Defines a Sentry data source name (DSN) for automated error reporting. `SENTRY_ENABLED` must be True for this parameter to take effect. For example:
+    ```
+    SENTRY_CONFIG = {
+        "dsn": "https://examplePublicKey@o0.ingest.sentry.io/0",
+    }
+    ```
+
+Default: `None`
+
+Defines a Sentry data source name (DSN) for automated error reporting. `SENTRY_ENABLED` must be `True` for this parameter to take effect. For example:
 
 ```
 SENTRY_DSN = "https://examplePublicKey@o0.ingest.sentry.io/0"
@@ -14,9 +39,9 @@ SENTRY_DSN = "https://examplePublicKey@o0.ingest.sentry.io/0"
 
 ## SENTRY_ENABLED
 
-Default: False
+Default: `False`
 
-Set to True to enable automatic error reporting via [Sentry](https://sentry.io/).
+Set to `True` to enable automatic error reporting via [Sentry](https://sentry.io/).
 
 !!! note
     The `sentry-sdk` Python package is required to enable Sentry integration.
@@ -25,7 +50,16 @@ Set to True to enable automatic error reporting via [Sentry](https://sentry.io/)
 
 ## SENTRY_SAMPLE_RATE
 
-Default: 1.0 (all)
+!!! warning "This parameter will be removed in NetBox v4.5."
+    Set this using `SENTRY_CONFIG` instead:
+
+    ```
+    SENTRY_CONFIG = {
+        "sample_rate": 0.2,
+    }
+    ```
+
+Default: `1.0` (all)
 
 The sampling rate for errors. Must be a value between 0 (disabled) and 1.0 (report on all errors).
 
@@ -33,7 +67,16 @@ The sampling rate for errors. Must be a value between 0 (disabled) and 1.0 (repo
 
 ## SENTRY_SEND_DEFAULT_PII
 
-Default: False
+!!! warning "This parameter will be removed in NetBox v4.5."
+    Set this using `SENTRY_CONFIG` instead:
+
+    ```
+    SENTRY_CONFIG = {
+        "send_default_pii": True,
+    }
+    ```
+
+Default: `False`
 
 Maps to the Sentry SDK's [`send_default_pii`](https://docs.sentry.io/platforms/python/configuration/options/#send-default-pii) parameter. If enabled, certain personally identifiable information (PII) is added.
 
@@ -60,7 +103,16 @@ SENTRY_TAGS = {
 
 ## SENTRY_TRACES_SAMPLE_RATE
 
-Default: 0 (disabled)
+!!! warning "This parameter will be removed in NetBox v4.5."
+    Set this using `SENTRY_CONFIG` instead:
+
+    ```
+    SENTRY_CONFIG = {
+        "traces_sample_rate": 0.2,
+    }
+    ```
+
+Default: `0` (disabled)
 
 The sampling rate for transactions. Must be a value between 0 (disabled) and 1.0 (report on all transactions).
 

docs/configuration/graphql-api.md

@@ -0,0 +1,17 @@
+# GraphQL API Parameters
+
+## GRAPHQL_ENABLED
+
+!!! tip "Dynamic Configuration Parameter"
+
+Default: `True`
+
+Setting this to `False` will disable the GraphQL API.
+
+---
+
+## GRAPHQL_MAX_ALIASES
+
+Default: `10`
+
+The maximum number of queries that a GraphQL API request may contain.

docs/configuration/index.md

@@ -25,7 +25,7 @@ Some configuration parameters are primarily controlled via NetBox's admin interf
 * [`CUSTOM_VALIDATORS`](./data-validation.md#custom_validators)
 * [`DEFAULT_USER_PREFERENCES`](./default-values.md#default_user_preferences)
 * [`ENFORCE_GLOBAL_UNIQUE`](./miscellaneous.md#enforce_global_unique)
-* [`GRAPHQL_ENABLED`](./miscellaneous.md#graphql_enabled)
+* [`GRAPHQL_ENABLED`](./graphql-api.md#graphql_enabled)
 * [`JOB_RETENTION`](./miscellaneous.md#job_retention)
 * [`MAINTENANCE_MODE`](./miscellaneous.md#maintenance_mode)
 * [`MAPS_URL`](./miscellaneous.md#maps_url)

docs/configuration/miscellaneous.md

@@ -55,9 +55,9 @@ Sets content for the top banner in the user interface.
 
 ## CENSUS_REPORTING_ENABLED
 
-Default: True
+Default: `True`
 
-Enables anonymous census reporting. To opt out of census reporting, set this to False.
+Enables anonymous census reporting. To opt out of census reporting, set this to `False`.
 
 This data enables the project maintainers to estimate how many NetBox deployments exist and track the adoption of new versions over time. Census reporting effects a single HTTP request each time a worker starts. The only data reported by this function are the NetBox version, Python version, and a pseudorandom unique identifier.
 
@@ -67,7 +67,7 @@ This data enables the project maintainers to estimate how many NetBox deployment
 
 !!! tip "Dynamic Configuration Parameter"
 
-Default: 90
+Default: `90`
 
 The number of days to retain logged changes (object creations, updates, and deletions). Set this to `0` to retain
 changes in the database indefinitely.
@@ -79,7 +79,7 @@ changes in the database indefinitely.
 
 ## CHANGELOG_SKIP_EMPTY_CHANGES
 
-Default: True
+Default: `True`
 
 If enabled, a change log record will not be created when an object is updated without any changes to its existing field values.
 
@@ -96,21 +96,21 @@ The maximum size (in bytes) of an incoming HTTP request (i.e. `GET` or `POST` da
 
 ---
 
-## DJANGO_ADMIN_ENABLED
-
-Default: False
-
-Setting this to True installs the `django.contrib.admin` app and enables the [Django admin UI](https://docs.djangoproject.com/en/5.0/ref/contrib/admin/). This may be necessary to support older plugins which do not integrate with the native NetBox interface.
-
----
-
 ## ENFORCE_GLOBAL_UNIQUE
 
 !!! tip "Dynamic Configuration Parameter"
 
-Default: True
+Default: `True`
 
-By default, NetBox will prevent the creation of duplicate prefixes and IP addresses in the global table (that is, those which are not assigned to any VRF). This validation can be disabled by setting `ENFORCE_GLOBAL_UNIQUE` to False.
+By default, NetBox will prevent the creation of duplicate prefixes and IP addresses in the global table (that is, those which are not assigned to any VRF). This validation can be disabled by setting `ENFORCE_GLOBAL_UNIQUE` to `False`.
+
+---
+
+## EVENTS_PIPELINE
+
+Default: `['extras.events.process_event_queue',]`
+
+NetBox will call dotted paths to the functions listed here for events (create, update, delete) on models as well as when custom EventRules are fired.
 
 ---
 
@@ -122,21 +122,11 @@ The maximum amount (in bytes) of uploaded data that will be held in memory befor
 
 ---
 
-## GRAPHQL_ENABLED
-
-!!! tip "Dynamic Configuration Parameter"
-
-Default: True
-
-Setting this to False will disable the GraphQL API.
-
----
-
 ## JOB_RETENTION
 
 !!! tip "Dynamic Configuration Parameter"
 
-Default: 90
+Default: `90`
 
 The number of days to retain job results (scripts and reports). Set this to `0` to retain job results in the database indefinitely.
 
@@ -149,9 +139,9 @@ The number of days to retain job results (scripts and reports). Set this to `0`
 
 !!! tip "Dynamic Configuration Parameter"
 
-Default: False
+Default: `False`
 
-Setting this to True will display a "maintenance mode" banner at the top of every page. Additionally, NetBox will no longer update a user's "last active" time upon login. This is to allow new logins when the database is in a read-only state. Recording of login times will resume when maintenance mode is disabled.
+Setting this to `True` will display a "maintenance mode" banner at the top of every page. Additionally, NetBox will no longer update a user's "last active" time upon login. This is to allow new logins when the database is in a read-only state. Recording of login times will resume when maintenance mode is disabled.
 
 ---
 
@@ -169,7 +159,7 @@ This specifies the URL to use when presenting a map of a physical location by st
 
 !!! tip "Dynamic Configuration Parameter"
 
-Default: 1000
+Default: `1000`
 
 A web user or API consumer can request an arbitrary number of objects by appending the "limit" parameter to the URL (e.g. `?limit=1000`). This parameter defines the maximum acceptable limit. Setting this to `0` or `None` will allow a client to retrieve _all_ matching objects at once with no limit by specifying `?limit=0`.
 
@@ -177,7 +167,7 @@ A web user or API consumer can request an arbitrary number of objects by appendi
 
 ## METRICS_ENABLED
 
-Default: False
+Default: `False`
 
 Toggle the availability Prometheus-compatible metrics at `/metrics`. See the [Prometheus Metrics](../integrations/prometheus-metrics.md) documentation for more details.
 
@@ -187,9 +177,9 @@ Toggle the availability Prometheus-compatible metrics at `/metrics`. See the [Pr
 
 !!! tip "Dynamic Configuration Parameter"
 
-Default: False
+Default: `False`
 
-When determining the primary IP address for a device, IPv6 is preferred over IPv4 by default. Set this to True to prefer IPv4 instead.
+When determining the primary IP address for a device, IPv6 is preferred over IPv4 by default. Set this to `True` to prefer IPv4 instead.
 
 ---
 
@@ -211,7 +201,7 @@ If no queue is defined the queue named `default` will be used.
 
 ## RELEASE_CHECK_URL
 
-Default: None (disabled)
+Default: `None` (disabled)
 
 This parameter defines the URL of the repository that will be checked for new NetBox releases. When a new release is detected, a message will be displayed to administrative users on the home page. This can be set to the official repository (`'https://api.github.com/repos/netbox-community/netbox/releases'`) or a custom fork. Set this to `None` to disable automatic update checks.
 
@@ -241,3 +231,15 @@ This parameter controls how frequently a failed job is retried, up to the maximu
 Default: `0` (retries disabled)
 
 The maximum number of times a background task will be retried before being marked as failed.
+
+## DISK_BASE_UNIT
+
+Default: `1000`
+
+The base unit for disk sizes. Set this to `1024` to use binary prefixes (MiB, GiB, etc.) instead of decimal prefixes (MB, GB, etc.).
+
+## RAM_BASE_UNIT
+
+Default: `1000`
+
+The base unit for RAM sizes. Set this to `1024` to use binary prefixes (MiB, GiB, etc.) instead of decimal prefixes (MB, GB, etc.).

docs/configuration/plugins.md

@@ -2,7 +2,7 @@
 
 ## PLUGINS
 
-Default: Empty
+Default: `[]`
 
 A list of installed [NetBox plugins](../plugins/index.md) to enable. Plugins will not take effect unless they are listed here.
 
@@ -13,7 +13,7 @@ A list of installed [NetBox plugins](../plugins/index.md) to enable. Plugins wil
 
 ## PLUGINS_CONFIG
 
-Default: Empty
+Default: `[]`
 
 This parameter holds configuration settings for individual NetBox plugins. It is defined as a dictionary, with each key using the name of an installed plugin. The specific parameters supported are unique to each plugin: Reference the plugin's documentation to determine the supported parameters. An example configuration is shown below:
 
@@ -33,3 +33,21 @@ Note that a plugin must be listed in `PLUGINS` for its configuration to take eff
 
 ---
 
+## PLUGINS_CATALOG_CONFIG
+
+Default: `{}` (Empty)
+
+This parameter controls how individual plugins are displayed in the plugins catalog under Admin > System > Plugins. Adding a plugin to the `hidden` list will omit that plugin from the catalog. Adding a plugin to the `static` list will display the plugin, but not link to the plugin details or upgrade instructions.
+
+An example configuration is shown below:
+
+```python
+PLUGINS_CATALOG_CONFIG = {
+    'hidden': [
+        'plugin1',
+    ],
+    'static': [
+        'plugin2',
+    ],
+}
+```

docs/configuration/remote-authentication.md

@@ -1,6 +1,6 @@
 # Remote Authentication Settings
 
-The configuration parameters listed here control remote authentication for NetBox. Note that `REMOTE_AUTH_ENABLED` must be true in order for these settings to take effect.
+The configuration parameters listed here control remote authentication for NetBox. Note that `REMOTE_AUTH_ENABLED` must be `True` in order for these settings to take effect.
 
 ---
 
@@ -8,7 +8,7 @@ The configuration parameters listed here control remote authentication for NetBo
 
 Default: `False`
 
-If true, NetBox will automatically create groups specified in the `REMOTE_AUTH_GROUP_HEADER` header if they don't already exist. (Requires `REMOTE_AUTH_ENABLED`.)
+If `True`, NetBox will automatically create groups specified in the `REMOTE_AUTH_GROUP_HEADER` header if they don't already exist. (Requires `REMOTE_AUTH_ENABLED`.)
 
 ---
 
@@ -16,7 +16,7 @@ If true, NetBox will automatically create groups specified in the `REMOTE_AUTH_G
 
 Default: `False`
 
-If true, NetBox will automatically create local accounts for users authenticated via a remote service. (Requires `REMOTE_AUTH_ENABLED`.)
+If `True`, NetBox will automatically create local accounts for users authenticated via a remote service. (Requires `REMOTE_AUTH_ENABLED`.)
 
 ---
 
@@ -43,7 +43,7 @@ The list of groups to assign a new user account when created using remote authen
 
 Default: `{}` (Empty dictionary)
 
-A mapping of permissions to assign a new user account when created using remote authentication. Each key in the dictionary should be set to a dictionary of the attributes to be applied to the permission, or `None` to allow all objects. (Requires `REMOTE_AUTH_ENABLED` as True and `REMOTE_AUTH_GROUP_SYNC_ENABLED` as False.)
+A mapping of permissions to assign a new user account when created using remote authentication. Each key in the dictionary should be set to a dictionary of the attributes to be applied to the permission, or `None` to allow all objects. (Requires `REMOTE_AUTH_ENABLED` as `True` and `REMOTE_AUTH_GROUP_SYNC_ENABLED` as `False`.)
 
 ---
 
@@ -127,19 +127,3 @@ The list of groups that promote an remote User to Superuser on Login. If group i
 Default: `[]` (Empty list)
 
 The list of users that get promoted to Superuser on Login. If user isn't present in list on next Login, the Role gets revoked. (Requires `REMOTE_AUTH_ENABLED` and `REMOTE_AUTH_GROUP_SYNC_ENABLED` )
-
----
-
-## REMOTE_AUTH_STAFF_GROUPS
-
-Default: `[]` (Empty list)
-
-The list of groups that promote an remote User to Staff on Login. If group isn't present on next Login, the Role gets revoked. (Requires `REMOTE_AUTH_ENABLED` and `REMOTE_AUTH_GROUP_SYNC_ENABLED` )
-
----
-
-## REMOTE_AUTH_STAFF_USERS
-
-Default: `[]` (Empty list)
-
-The list of users that get promoted to Staff on Login. If user isn't present in list on next Login, the Role gets revoked. (Requires `REMOTE_AUTH_ENABLED` and `REMOTE_AUTH_GROUP_SYNC_ENABLED` )

docs/configuration/required-parameters.md

@@ -2,12 +2,12 @@
 
 ## ALLOWED_HOSTS
 
-This is a list of valid fully-qualified domain names (FQDNs) and/or IP addresses that can be used to reach the NetBox service. Usually this is the same as the hostname for the NetBox server, but can also be different; for example, when using a reverse proxy serving the NetBox website under a different FQDN than the hostname of the NetBox server. To help guard against [HTTP Host header attackes](https://docs.djangoproject.com/en/3.0/topics/security/#host-headers-virtual-hosting), NetBox will not permit access to the server via any other hostnames (or IPs).
+This is a list of valid fully-qualified domain names (FQDNs) and/or IP addresses that can be used to reach the NetBox service. Usually this is the same as the hostname for the NetBox server, but can also be different; for example, when using a reverse proxy serving the NetBox website under a different FQDN than the hostname of the NetBox server. To help guard against [HTTP Host header attacks](https://docs.djangoproject.com/en/stable/topics/security/#host-headers-virtual-hosting), NetBox will not permit access to the server via any other hostnames (or IPs).
 
 !!! note
     This parameter must always be defined as a list or tuple, even if only a single value is provided.
 
-The value of this option is also used to set `CSRF_TRUSTED_ORIGINS`, which restricts POST requests to the same set of hosts (more about this [here](https://docs.djangoproject.com/en/stable/ref/settings/#std:setting-CSRF_TRUSTED_ORIGINS)). Keep in mind that NetBox, by default, sets `USE_X_FORWARDED_HOST` to true, which means that if you're using a reverse proxy, it's the FQDN used to reach that reverse proxy which needs to be in this list (more about this [here](https://docs.djangoproject.com/en/stable/ref/settings/#allowed-hosts)).
+The value of this option is also used to set `CSRF_TRUSTED_ORIGINS`, which restricts POST requests to the same set of hosts (more about this [here](https://docs.djangoproject.com/en/stable/ref/settings/#std:setting-CSRF_TRUSTED_ORIGINS)). Keep in mind that NetBox, by default, sets `USE_X_FORWARDED_HOST` to `True`, which means that if you're using a reverse proxy, it's the FQDN used to reach that reverse proxy which needs to be in this list (more about this [here](https://docs.djangoproject.com/en/stable/ref/settings/#allowed-hosts)).
 
 Example:
 
@@ -23,9 +23,55 @@ ALLOWED_HOSTS = ['*']
 
 ---
 
+## API_TOKEN_PEPPERS
+
+!!! info "This parameter was introduced in NetBox v4.5."
+
+[Cryptographic peppers](https://en.wikipedia.org/wiki/Pepper_(cryptography)) are employed to generate hashes of sensitive values on the server. This parameter defines the peppers used to hash v2 API tokens in NetBox. You must define at least one pepper before creating a v2 API token. See the [API documentation](../integrations/rest-api.md#authentication) for further information about how peppers are used.
+
+```python
+API_TOKEN_PEPPERS = {
+    # DO NOT USE THIS EXAMPLE PEPPER IN PRODUCTION
+    1: 'kp7ht*76fiQAhUi5dHfASLlYUE_S^gI^(7J^K5M!LfoH@vl&b_',
+}
+```
+
+!!! warning "Peppers are sensitive"
+    Treat pepper values as extremely sensitive. Consider populating peppers from environment variables at initialization time rather than defining them in the configuration file, if feasible. 
+
+Peppers must be at least 50 characters in length and should comprise a random string with a diverse character set. Consider using the Python script at `$INSTALL_ROOT/netbox/generate_secret_key.py` to generate a pepper value.
+
+It is recommended to start with a pepper ID of `1`. Additional peppers can be introduced later as needed to begin rotating token hashes.
+
+!!! tip
+    Although NetBox will run without `API_TOKEN_PEPPERS` defined, the use of v2 API tokens will be unavailable.
+
+---
+
 ## DATABASE
 
-NetBox requires access to a PostgreSQL 12 or later database service to store data. This service can run locally on the NetBox server or on a remote system. The following parameters must be defined within the `DATABASE` dictionary:
+!!! warning "Legacy Configuration Parameter"
+    The `DATABASE` configuration parameter is deprecated and will be removed in a future release. Users are advised to adopt the new `DATABASES` (plural) parameter, which allows for the configuration of multiple databases.
+
+See the [`DATABASES`](#databases) configuration below for usage.
+
+---
+
+## DATABASES
+
+NetBox requires access to a PostgreSQL 14 or later database service to store data. This service can run locally on the NetBox server or on a remote system. Databases are defined as named dictionaries:
+
+```python
+DATABASES = {
+    'default': {...},
+    'external1': {...},
+    'external2': {...},
+}
+```
+
+NetBox itself requires only that a `default` database is defined. However, certain plugins may require the configuration of additional databases. (Consider also configuring the [`DATABASE_ROUTERS`](./system.md#database_routers) parameter when multiple databases are in use.)
+
+The following parameters must be defined for each database:
 
 * `NAME` - Database name
 * `USER` - PostgreSQL username
@@ -38,14 +84,16 @@ NetBox requires access to a PostgreSQL 12 or later database service to store dat
 Example:
 
 ```python
-DATABASE = {
-    'ENGINE': 'django.db.backends.postgresql',
-    'NAME': 'netbox',               # Database name
-    'USER': 'netbox',               # PostgreSQL username
-    'PASSWORD': 'J5brHrAXFLQSif0K', # PostgreSQL password
-    'HOST': 'localhost',            # Database server
-    'PORT': '',                     # Database port (leave blank for default)
-    'CONN_MAX_AGE': 300,            # Max database connection age
+DATABASES = {
+    'default': {
+        'ENGINE': 'django.db.backends.postgresql',
+        'NAME': 'netbox',               # Database name
+        'USER': 'netbox',               # PostgreSQL username
+        'PASSWORD': 'J5brHrAXFLQSif0K', # PostgreSQL password
+        'HOST': 'localhost',            # Database server
+        'PORT': '',                     # Database port (leave blank for default)
+        'CONN_MAX_AGE': 300,            # Max database connection age
+    }
 }
 ```
 
@@ -53,7 +101,7 @@ DATABASE = {
     NetBox supports all PostgreSQL database options supported by the underlying Django framework. For a complete list of available parameters, please see [the Django documentation](https://docs.djangoproject.com/en/stable/ref/settings/#databases).
 
 !!! warning
-    Make sure to use a PostgreSQL-compatible backend for the ENGINE setting. If you don't specify an ENGINE, the default will be django.db.backends.postgresql.
+    The `ENGINE` parameter must specify a PostgreSQL-compatible database backend. If not defined, the default engine `django.db.backends.postgresql` will be used.
 
 ---
 

docs/configuration/security.md

@@ -1,13 +1,5 @@
 # Security & Authentication Parameters
 
-## ALLOW_TOKEN_RETRIEVAL
-
-Default: True
-
-If disabled, the values of API tokens will not be displayed after each token's initial creation. A user **must** record the value of a token prior to its creation, or it will be lost. Note that this affects _all_ users, regardless of assigned permissions.
-
----
-
 ## ALLOWED_URL_SCHEMES
 
 !!! tip "Dynamic Configuration Parameter"
@@ -20,26 +12,36 @@ A list of permitted URL schemes referenced when rendering links within NetBox. N
 
 ## AUTH_PASSWORD_VALIDATORS
 
-This parameter acts as a pass-through for configuring Django's built-in password validators for local user accounts. If configured, these will be applied whenever a user's password is updated to ensure that it meets minimum criteria such as length or complexity. An example is provided below. For more detail on the available options, please see [the Django documentation](https://docs.djangoproject.com/en/stable/topics/auth/passwords/#password-validation).
+This parameter acts as a pass-through for configuring Django's built-in password validators for local user accounts. These rules are applied whenever a user's password is created or updated to ensure that it meets minimum criteria such as length or complexity. The default configuration is shown below.
 
 ```python
 AUTH_PASSWORD_VALIDATORS = [
     {
-        'NAME': 'django.contrib.auth.password_validation.MinimumLengthValidator',
-        'OPTIONS': {
-            'min_length': 10,
-        }
+        "NAME": "django.contrib.auth.password_validation.MinimumLengthValidator",
+        "OPTIONS": {
+            "min_length": 12,
+        },
+    },
+    {
+        "NAME": "utilities.password_validation.AlphanumericPasswordValidator",
     },
 ]
 ```
 
+The default configuration enforces the follow criteria:
+
+* A password must be at least 12 characters in length.
+* A password must have at least one uppercase letter, one lowercase letter, and one numeric digit.
+
+Although it is not recommended, the default validation rules can be disabled by setting `AUTH_PASSWORD_VALIDATORS = []` in the configuration file. For more detail on customizing password validation, please see [the Django documentation](https://docs.djangoproject.com/en/stable/topics/auth/passwords/#password-validation).
+
 ---
 
 ## CORS_ORIGIN_ALLOW_ALL
 
-Default: False
+Default: `False`
 
-If True, cross-origin resource sharing (CORS) requests will be accepted from all origins. If False, a whitelist will be used (see below).
+If `True`, cross-origin resource sharing (CORS) requests will be accepted from all origins. If False, a whitelist will be used (see below).
 
 ---
 
@@ -49,7 +51,7 @@ If True, cross-origin resource sharing (CORS) requests will be accepted from all
 
 These settings specify a list of origins that are authorized to make cross-site API requests. Use
 `CORS_ORIGIN_WHITELIST` to define a list of exact hostnames, or `CORS_ORIGIN_REGEX_WHITELIST` to define a set of regular 
-expressions. (These settings have no effect if `CORS_ORIGIN_ALLOW_ALL` is True.) For example:
+expressions. (These settings have no effect if `CORS_ORIGIN_ALLOW_ALL` is `True`.) For example:
 
 ```python
 CORS_ORIGIN_WHITELIST = [
@@ -69,9 +71,9 @@ The name of the cookie to use for the cross-site request forgery (CSRF) authenti
 
 ## CSRF_COOKIE_SECURE
 
-Default: False
+Default: `False`
 
-If true, the cookie employed for cross-site request forgery (CSRF) protection will be marked as secure, meaning that it can only be sent across an HTTPS connection.
+If `True`, the cookie employed for cross-site request forgery (CSRF) protection will be marked as secure, meaning that it can only be sent across an HTTPS connection.
 
 ---
 
@@ -79,7 +81,7 @@ If true, the cookie employed for cross-site request forgery (CSRF) protection wi
 
 Default: `[]`
 
-Defines a list of trusted origins for unsafe (e.g. `POST`) requests. This is a pass-through to Django's [`CSRF_TRUSTED_ORIGINS`](https://docs.djangoproject.com/en/4.0/ref/settings/#std:setting-CSRF_TRUSTED_ORIGINS) setting. Note that each host listed must specify a scheme (e.g. `http://` or `https://).
+Defines a list of trusted origins for unsafe (e.g. `POST`) requests. This is a pass-through to Django's [`CSRF_TRUSTED_ORIGINS`](https://docs.djangoproject.com/en/stable/ref/settings/#csrf-trusted-origins) setting. Note that each host listed must specify a scheme (e.g. `http://` or `https://).
 
 ```python
 CSRF_TRUSTED_ORIGINS = (
@@ -122,7 +124,7 @@ DEFAULT_PERMISSIONS = {
 
 ## EXEMPT_VIEW_PERMISSIONS
 
-Default: Empty list
+Default: `[]` (Empty list)
 
 A list of NetBox models to exempt from the enforcement of view permissions. Models listed here will be viewable by all users, both authenticated and anonymous.
 
@@ -149,9 +151,9 @@ EXEMPT_VIEW_PERMISSIONS = ['*']
 
 ## LOGIN_PERSISTENCE
 
-Default: False
+Default: `False`
 
-If true, the lifetime of a user's authentication session will be automatically reset upon each valid request. For example, if [`LOGIN_TIMEOUT`](#login_timeout) is configured to 14 days (the default), and a user whose session is due to expire in five days makes a NetBox request (with a valid session cookie), the session's lifetime will be reset to 14 days.
+If `True`, the lifetime of a user's authentication session will be automatically reset upon each valid request. For example, if [`LOGIN_TIMEOUT`](#login_timeout) is configured to 14 days (the default), and a user whose session is due to expire in five days makes a NetBox request (with a valid session cookie), the session's lifetime will be reset to 14 days.
 
 Note that enabling this setting causes NetBox to update a user's session in the database (or file, as configured per [`SESSION_FILE_PATH`](#session_file_path)) with each request, which may introduce significant overhead in very active environments. It also permits an active user to remain authenticated to NetBox indefinitely.
 
@@ -159,7 +161,7 @@ Note that enabling this setting causes NetBox to update a user's session in the
 
 ## LOGIN_REQUIRED
 
-Default: True
+Default: `True`
 
 When enabled, only authenticated users are permitted to access any part of NetBox. Disabling this will allow unauthenticated users to access most areas of NetBox (but not make any changes).
 
@@ -170,12 +172,23 @@ When enabled, only authenticated users are permitted to access any part of NetBo
 
 ## LOGIN_TIMEOUT
 
-Default: 1209600 seconds (14 days)
+Default: `1209600` seconds (14 days)
 
 The lifetime (in seconds) of the authentication cookie issued to a NetBox user upon login.
 
 ---
 
+## LOGIN_FORM_HIDDEN
+
+Default: `False`
+
+Option to hide the login form when only SSO authentication is in use. 
+
+!!! warning
+    If the SSO provider is unreachable, login to NetBox will be impossible if this option is enabled. The only recourse is to disable it in the local configuration and restart the NetBox service.
+
+---
+
 ## LOGOUT_REDIRECT_URL
 
 Default: `'home'`
@@ -186,23 +199,23 @@ The view name or URL to which a user is redirected after logging out.
 
 ## SECURE_HSTS_INCLUDE_SUBDOMAINS
 
-Default: False
+Default: `False`
 
-If true, the `includeSubDomains` directive will be included in the HTTP Strict Transport Security (HSTS) header. This directive instructs the browser to apply the HSTS policy to all subdomains of the current domain.
+If `True`, the `includeSubDomains` directive will be included in the HTTP Strict Transport Security (HSTS) header. This directive instructs the browser to apply the HSTS policy to all subdomains of the current domain.
 
 ---
 
 ## SECURE_HSTS_PRELOAD
 
-Default: False
+Default: `False`
 
-If true, the `preload` directive will be included in the HTTP Strict Transport Security (HSTS) header. This directive instructs the browser to preload the site in HTTPS. Browsers that use the HSTS preload list will force the site to be accessed via HTTPS even if the user types HTTP in the address bar.
+If `True`, the `preload` directive will be included in the HTTP Strict Transport Security (HSTS) header. This directive instructs the browser to preload the site in HTTPS. Browsers that use the HSTS preload list will force the site to be accessed via HTTPS even if the user types HTTP in the address bar.
 
 ---
 
 ## SECURE_HSTS_SECONDS
 
-Default: 0
+Default: `0`
 
 If set to a non-zero integer value, the SecurityMiddleware sets the HTTP Strict Transport Security (HSTS) header on all responses that do not already have it. This will instruct the browser that the website must be accessed via HTTPS, blocking any HTTP request.
 
@@ -210,9 +223,9 @@ If set to a non-zero integer value, the SecurityMiddleware sets the HTTP Strict
 
 ## SECURE_SSL_REDIRECT
 
-Default: False
+Default: `False`
 
-If true, all non-HTTPS requests will be automatically redirected to use HTTPS.
+If `True`, all non-HTTPS requests will be automatically redirected to use HTTPS.
 
 !!! warning
     Ensure that your frontend HTTP daemon has been configured to forward the HTTP scheme correctly before enabling this option. An incorrectly configured frontend may result in a looping redirect.
@@ -229,14 +242,14 @@ The name used for the session cookie. See the [Django documentation](https://doc
 
 ## SESSION_COOKIE_SECURE
 
-Default: False
+Default: `False`
 
-If true, the cookie employed for session authentication will be marked as secure, meaning that it can only be sent across an HTTPS connection.
+If `True`, the cookie employed for session authentication will be marked as secure, meaning that it can only be sent across an HTTPS connection.
 
 ---
 
 ## SESSION_FILE_PATH
 
-Default: None
+Default: `None`
 
 HTTP session data is used to track authenticated users when they access NetBox. By default, NetBox stores session data in its PostgreSQL database. However, this inhibits authentication to a standby instance of NetBox without write access to the database. Alternatively, a local file path may be specified here and NetBox will store session data as files instead of using the database. Note that the NetBox system user must have read and write permissions to this path.

docs/configuration/system.md

@@ -2,7 +2,7 @@
 
 ## BASE_PATH
 
-Default: None
+Default: `None`
 
 The base URL path to use when accessing NetBox. Do not include the scheme or domain name. For example, if installed at https://example.com/netbox/, set:
 
@@ -12,6 +12,14 @@ BASE_PATH = 'netbox/'
 
 ---
 
+## DATABASE_ROUTERS
+
+Default: `[]` (empty list)
+
+An iterable of [database routers](https://docs.djangoproject.com/en/stable/topics/db/multi-db/) to use for automatically selecting the appropriate database(s) for a query. This is useful only when [multiple databases](./required-parameters.md#databases) have been configured.
+
+---
+
 ## DEFAULT_LANGUAGE
 
 Default: `en-us` (US English)
@@ -62,9 +70,19 @@ Email is sent from NetBox only for critical events or if configured for [logging
 
 ---
 
+## HOSTNAME
+
+!!! info "This parameter was introduced in NetBox v4.4."
+
+Default: System hostname
+
+The hostname displayed in the user interface identifying the system on which NetBox is running. If not defined, this defaults to the system hostname as reported by Python's `platform.node()`.
+
+---
+
 ## HTTP_PROXIES
 
-Default: None
+Default: `None`
 
 A dictionary of HTTP proxies to use for outbound requests originating from NetBox (e.g. when sending webhook requests). Proxies should be specified by schema (HTTP and HTTPS) as per the [Python requests library documentation](https://requests.readthedocs.io/en/latest/user/advanced/#proxies). For example:
 
@@ -75,6 +93,8 @@ HTTP_PROXIES = {
 }
 ```
 
+If more flexibility is needed in determining which proxy to use for a given request, consider implementing one or more custom proxy routers via the [`PROXY_ROUTERS`](#proxy_routers) parameter.
+
 ---
 
 ## INTERNAL_IPS
@@ -83,7 +103,18 @@ Default: `('127.0.0.1', '::1')`
 
 A list of IP addresses recognized as internal to the system, used to control the display of debugging output. For
 example, the debugging toolbar will be viewable only when a client is accessing NetBox from one of the listed IP
-addresses (and [`DEBUG`](./development.md#debug) is true).
+addresses (and [`DEBUG`](./development.md#debug) is `True`).
+
+---
+
+## ISOLATED_DEPLOYMENT
+
+Default: `False`
+
+Set this configuration parameter to `True` for NetBox deployments which do not have Internet access. This will disable miscellaneous functionality which depends on access to the Internet.
+
+!!! note
+    If Internet access is available via a proxy, set [`HTTP_PROXIES`](#http_proxies) instead.
 
 ---
 
@@ -91,7 +122,7 @@ addresses (and [`DEBUG`](./development.md#debug) is true).
 
 Default: `{}`
 
-A dictionary of custom jinja2 filters with the key being the filter name and the value being a callable. For more information see the [Jinja2 documentation](https://jinja.palletsprojects.com/en/3.1.x/api/#custom-filters). For example:
+A dictionary of custom Jinja2 filters with the key being the filter name and the value being a callable. For more information see the [Jinja2 documentation](https://jinja.palletsprojects.com/en/3.1.x/api/#custom-filters). For example:
 
 ```python
 def uppercase(x):
@@ -135,6 +166,8 @@ LOGGING = {
 * `netbox.<app>.<model>` - Generic form for model-specific log messages
 * `netbox.auth.*` - Authentication events
 * `netbox.api.views.*` - Views which handle business logic for the REST API
+* `netbox.event_rules` - Event rules
+* `netbox.jobs.*` - Background jobs
 * `netbox.reports.*` - Report execution (`module.name`)
 * `netbox.scripts.*` - Custom script execution (`module.name`)
 * `netbox.views.*` - Views which handle business logic for the web UI
@@ -143,12 +176,22 @@ LOGGING = {
 
 ## MEDIA_ROOT
 
-Default: $INSTALL_ROOT/netbox/media/
+Default: `$INSTALL_ROOT/netbox/media/`
 
 The file path to the location where media files (such as image attachments) are stored. By default, this is the `netbox/media/` directory within the base NetBox installation path.
 
 ---
 
+## PROXY_ROUTERS
+
+Default: `["utilities.proxy.DefaultProxyRouter"]`
+
+A list of Python classes responsible for determining which proxy server(s) to use for outbound HTTP requests. Each item in the list can be the class itself or the dotted path to the class.
+
+The `route()` method on each class must return a dictionary of candidate proxies arranged by protocol (e.g. `http` and/or `https`), or None if no viable proxy can be determined. The default class, `DefaultProxyRouter`, simply returns the content of [`HTTP_PROXIES`](#http_proxies).
+
+---
+
 ## REPORTS_ROOT
 
 Default: `$INSTALL_ROOT/netbox/reports/`
@@ -173,29 +216,92 @@ The dotted path to the desired search backend class. `CachedValueSearchBackend`
 
 ---
 
-## STORAGE_BACKEND
+## STORAGES
 
-Default: None (local storage)
+The backend storage engine for handling uploaded files such as [image attachments](../models/extras/imageattachment.md) and [custom scripts](../customization/custom-scripts.md). NetBox integrates with the [`django-storages`](https://django-storages.readthedocs.io/en/stable/) and [`django-storage-swift`](https://github.com/dennisv/django-storage-swift) libraries, which provide backends for several popular file storage services. If not configured, local filesystem storage will be used.
 
-The backend storage engine for handling uploaded files (e.g. image attachments). NetBox supports integration with the [`django-storages`](https://django-storages.readthedocs.io/en/stable/) and [`django-storage-swift`](https://github.com/dennisv/django-storage-swift) packages, which provide backends for several popular file storage services. If not configured, local filesystem storage will be used.
+By default, the following configuration is used:
 
-The configuration parameters for the specified storage backend are defined under the `STORAGE_CONFIG` setting.
+```python
+STORAGES = {
+    "default": {
+        "BACKEND": "django.core.files.storage.FileSystemStorage",
+    },
+    "staticfiles": {
+        "BACKEND": "django.contrib.staticfiles.storage.StaticFilesStorage",
+    },
+    "scripts": {
+        "BACKEND": "extras.storage.ScriptFileSystemStorage",
+    },
+}
+```
 
----
+Within the `STORAGES` dictionary, `"default"` is used for image uploads, "staticfiles" is for static files and `"scripts"` is used for custom scripts.
 
-## STORAGE_CONFIG
+If using a remote storage like S3, define the config as `STORAGES[key]["OPTIONS"]` for each storage item as needed. For example:
 
-Default: Empty
+```python
+STORAGES = { 
+    "scripts": { 
+        "BACKEND": "storages.backends.s3boto3.S3Boto3Storage", 
+        "OPTIONS": { 
+            'access_key': 'access key', 
+            'secret_key': 'secret key',
+        }
+    }, 
+}
+```
 
-A dictionary of configuration parameters for the storage backend configured as `STORAGE_BACKEND`. The specific parameters to be used here are specific to each backend; see the documentation for your selected backend ([`django-storages`](https://django-storages.readthedocs.io/en/stable/) or [`django-storage-swift`](https://github.com/dennisv/django-storage-swift)) for more detail.
+The specific configuration settings for each storage backend can be found in the [django-storages documentation](https://django-storages.readthedocs.io/en/latest/index.html).
 
-If `STORAGE_BACKEND` is not defined, this setting will be ignored.
+!!! note
+    Any keys defined in the `STORAGES` configuration parameter replace those in the default configuration. It is only necessary to define keys within the `STORAGES` for the specific backend(s) you wish to configure.
+
+### Environment Variables and Third-Party Libraries
+
+NetBox uses an explicit Python configuration approach rather than automatic environment variable detection. While this provides clear configuration management and version control capabilities, it affects how some third-party libraries like `django-storages` function within NetBox's context.
+
+Many Django libraries (including `django-storages`) expect to automatically detect environment variables like `AWS_STORAGE_BUCKET_NAME` or `AWS_S3_ACCESS_KEY_ID`. However, NetBox's configuration processing prevents this automatic detection from working as documented in some of these libraries.
+
+When using third-party libraries that rely on environment variable detection, you may need to explicitly read environment variables in your NetBox `configuration.py`:
+
+```python
+import os
+
+STORAGES = {
+    'default': {
+        'BACKEND': 'storages.backends.s3.S3Storage',
+        'OPTIONS': {
+            'bucket_name': os.environ.get('AWS_STORAGE_BUCKET_NAME'),
+            'access_key': os.environ.get('AWS_S3_ACCESS_KEY_ID'),
+            'secret_key': os.environ.get('AWS_S3_SECRET_ACCESS_KEY'),
+            'endpoint_url': os.environ.get('AWS_S3_ENDPOINT_URL'),
+            'location': 'media/',
+        }
+    },
+    'staticfiles': {
+        'BACKEND': 'storages.backends.s3.S3Storage',
+        'OPTIONS': {
+            'bucket_name': os.environ.get('AWS_STORAGE_BUCKET_NAME'),
+            'access_key': os.environ.get('AWS_S3_ACCESS_KEY_ID'),
+            'secret_key': os.environ.get('AWS_S3_SECRET_ACCESS_KEY'),
+            'endpoint_url': os.environ.get('AWS_S3_ENDPOINT_URL'),
+            'location': 'static/',
+        }
+    },
+}
+```
+
+This approach works because the environment variables are resolved during NetBox's configuration processing, before the third-party library attempts its own environment variable detection.
+
+!!! warning "Configuration Behavior"
+    Simply setting environment variables like `AWS_STORAGE_BUCKET_NAME` without explicitly reading them in your configuration will not work. The variables must be read using `os.environ.get()` within your `configuration.py` file.
 
 ---
 
 ## TIME_ZONE
 
-Default: UTC
+Default: `"UTC"`
 
 The time zone NetBox will use when dealing with dates and times. It is recommended to use UTC time unless you have a specific need to use a local time zone. Please see the [list of available time zones](https://en.wikipedia.org/wiki/List_of_tz_database_time_zones).
 
@@ -203,6 +309,6 @@ The time zone NetBox will use when dealing with dates and times. It is recommend
 
 ## TRANSLATION_ENABLED
 
-Default: True
+Default: `True`
 
 Enables language translation for the user interface. (This parameter maps to Django's [USE_I18N](https://docs.djangoproject.com/en/stable/ref/settings/#std-setting-USE_I18N) setting.)

docs/customization/custom-fields.md

@@ -74,6 +74,8 @@ If a default value is specified for a selection field, it must exactly match one
 
 An object or multi-object custom field can be used to refer to a particular NetBox object or objects as the "value" for a custom field. These custom fields must define an `object_type`, which determines the type of object to which custom field instances point.
 
+By default, an object choice field will make all objects of that type available for selection in the drop-down. The list choices can be filtered to show only objects with certain values by providing a `query_params` dict in the Related Object Filter field, as a JSON value. More information about `query_params` can be found [here](./custom-scripts.md#objectvar).
+
 ## Custom Fields in Templates
 
 Several features within NetBox, such as export templates and webhooks, utilize Jinja2 templating. For convenience, objects which support custom field assignment expose custom field data through the `cf` property. This is a bit cleaner than accessing custom field data through the actual field (`custom_field_data`).

docs/customization/custom-links.md

@@ -2,7 +2,7 @@
 
 Custom links allow users to display arbitrary hyperlinks to external content within NetBox object views. These are helpful for cross-referencing related records in systems outside NetBox. For example, you might create a custom link on the device view which links to the current device in a Network Monitoring System (NMS).
 
-Custom links are created by navigating to Customization > Custom Links. Each link is associated with a particular NetBox object type (site, device, prefix, etc.) and will be displayed on relevant views. Each link has display text and a URL, and data from the NetBox item being viewed can be included in the link using [Jinja2 template code](https://jinja2docs.readthedocs.io/en/stable/) through the variable `object`, and custom fields through `object.cf`.
+Custom links are created by navigating to Customization > Custom Links. Each link is associated with a particular NetBox object type (site, device, prefix, etc.) and will be displayed on relevant views. Each link has display text and a URL, and data from the NetBox item being viewed can be included in the link using [Jinja template code](https://jinja.palletsprojects.com/en/stable/) through the variable `object`, and custom fields through `object.cf`.
 
 For example, you might define a link like this:
 

docs/customization/custom-scripts.md

@@ -17,6 +17,9 @@ They can also be used as a mechanism for validating the integrity of data within
 
 Custom scripts are Python code which exists outside the NetBox code base, so they can be updated and changed without interfering with the core NetBox installation. And because they're completely custom, there is no inherent limitation on what a script can accomplish.
 
+!!! danger "Only install trusted scripts"
+    Custom scripts have unrestricted access to change anything in the databse and are inherently unsafe and should only be installed and run from trusted sources.  You should also review and set permissions for who can run scripts if the script can modify any data.
+
 ## Writing Custom Scripts
 
 All custom scripts must inherit from the `extras.scripts.Script` base class. This class provides the functionality necessary to generate forms and log activity.
@@ -69,6 +72,9 @@ script_order = (MyCustomScript, AnotherCustomScript)
 
 Script attributes are defined under a class named `Meta` within the script. These are optional, but encouraged.
 
+!!! warning
+    These are also defined and used as properties on the base custom script class, so don't use the same names as variables or override them in your custom script.
+
 ### `name`
 
 This is the human-friendly names of your script. If omitted, the class name will be used.
@@ -125,15 +131,6 @@ self.log_info(f"Running as user {username} (IP: {ip_address})...")
 
 For a complete list of available request parameters, please see the [Django documentation](https://docs.djangoproject.com/en/stable/ref/request-response/).
 
-## Reading Data from Files
-
-The Script class provides two convenience methods for reading data from files:
-
-* `load_yaml`
-* `load_json`
-
-These two methods will load data in YAML or JSON format, respectively, from files within the local path (i.e. `SCRIPTS_ROOT`).
-
 ## Logging
 
 The Script object provides a set of convenient functions for recording messages at different severity levels:
@@ -267,6 +264,15 @@ Stores a numeric integer. Options include:
 * `min_value` - Minimum value
 * `max_value` - Maximum value
 
+### DecimalVar
+
+Stores a numeric decimal. Options include:
+
+* `min_value` - Minimum value
+* `max_value` - Maximum value
+* `max_digits` - Maximum number of digits, including decimal places
+* `decimal_places` - Number of decimal places
+
 ### BooleanVar
 
 A true/false flag. This field has no options beyond the defaults listed above.
@@ -302,6 +308,7 @@ A particular object within NetBox. Each ObjectVar must specify a particular mode
 * `query_params` - A dictionary of query parameters to use when retrieving available options (optional)
 * `context` - A custom dictionary mapping template context variables to fields, used when rendering `<option>` elements within the dropdown menu (optional; see below)
 * `null_option` - A label representing a "null" or empty choice (optional)
+* `selector` - A boolean that, when True, includes an advanced object selection widget to assist the user in identifying the desired object (optional; False by default)
 
 To limit the selections available within the list, additional query parameters can be passed as the `query_params` dictionary. For example, to show only devices with an "active" status:
 

docs/customization/custom-validation.md

@@ -86,8 +86,6 @@ CUSTOM_VALIDATORS = {
 
 #### Referencing Related Object Attributes
 
-!!! info "This feature was introduced in NetBox v4.0."
-
 The attributes of a related object can be referenced by specifying a dotted path. For example, to reference the name of a region to which a site is assigned, use `region.name`:
 
 ```python
@@ -104,8 +102,6 @@ CUSTOM_VALIDATORS = {
 
 #### Validating Request Parameters
 
-!!! info "This feature was introduced in NetBox v4.0."
-
 In addition to validating object attributes, custom validators can also match against parameters of the current request (where available). For example, the following rule will permit only the user named "admin" to modify an object:
 
 ```json

docs/customization/export-templates.md

@@ -25,6 +25,7 @@ Height: {{ rack.u_height }}U
 To access custom fields of an object within a template, use the `cf` attribute. For example, `{{ obj.cf.color }}` will return the value (if any) for a custom field named `color` on `obj`.
 
 If you need to use the config context data in an export template, you'll should use the function `get_config_context` to get all the config context data. For example:
+
 ```
 {% for server in queryset %}
 {% set data = server.get_config_context() %}

docs/development/adding-models.md

@@ -8,7 +8,7 @@ Each model should define, at a minimum:
 
 * A `Meta` class specifying a deterministic ordering (if ordered by fields other than the primary ID)
 * A `__str__()` method returning a user-friendly string representation of the instance
-* A `get_absolute_url()` method returning an instance's direct URL (using `reverse()`)
+* A `get_absolute_url()` method if necessary; a standard version of the method is defined in the `NetBoxFeatureSet` base class, but you will need to provide your own (returning an instance's direct URL using `reverse()`) if not subclassing that base class
 
 ## 2. Define field choices
 
@@ -71,15 +71,18 @@ Add the relevant navigation menu items in `netbox/netbox/navigation/menu.py`.
 Create the following for each model:
 
 * Detailed (full) model serializer in `api/serializers.py`
-* Nested serializer in `api/nested_serializers.py`
 * API view in `api/views.py`
 * Endpoint route in `api/urls.py`
 
 ## 13. GraphQL API components
 
-Create a GraphQL object type for the model in `graphql/types.py` by subclassing the appropriate class from `netbox.graphql.types`.
+Create the following for each model:
 
-Also extend the schema class defined in `graphql/schema.py` with the individual object and object list fields per the established convention.
+* GraphQL object type for the model in `graphql/types.py` (subclass the appropriate class from `netbox.graphql.types`)
+* Add a GraphQL filter for the model in `graphql/filters.py`
+* Extend the query class for the app in `graphql/schema.py` with the individual object and object list fields
+
+**Note:** GraphQL unit tests may fail citing null values on a non-nullable field if related objects are prefetched. You may need to fix this by setting the type annotation to be `= strawberry_django.field(select_related=["foo"])` or similar.
 
 ## 14. Add tests
 

docs/development/application-registry.md

@@ -22,24 +22,9 @@ Stores registration made using `netbox.denormalized.register()`. For each model,
 
 ### `model_features`
 
-A dictionary of particular features (e.g. custom fields) mapped to the NetBox models which support them, arranged by app. For example:
+A dictionary of model features (e.g. custom fields, tags, etc.) mapped to the functions used to qualify a model as supporting each feature. Model features are registered using the `register_model_feature()` function in `netbox.utils`.
 
-```python
-{
-    'custom_fields': {
-        'circuits': ['provider', 'circuit'],
-        'dcim': ['site', 'rack', 'devicetype', ...],
-        ...
-    },
-    'event_rules': {
-        'extras': ['configcontext', 'tag', ...],
-        'dcim': ['site', 'rack', 'devicetype', ...],
-    },
-    ...
-}
-```
-
-Supported model features are listed in the [features matrix](./models.md#features-matrix).
+Core model features are listed in the [features matrix](./models.md#features-matrix).
 
 ### `models`
 
@@ -49,6 +34,10 @@ This key lists all models which have been registered in NetBox which are not des
 
 This store maintains all registered items for plugins, such as navigation menus, template extensions, etc.
 
+### `request_processors`
+
+A list of context managers to invoke when processing a request e.g. in middleware or when executing a background job. Request processors can be registered with the `@register_request_processor` decorator.
+
 ### `search`
 
 A dictionary mapping each model (identified by its app and label) to its search index class, if one has been registered for it.

docs/development/extending-models.md

@@ -6,7 +6,7 @@ Below is a list of tasks to consider when adding a new field to a core model.
 
 Add the field to the model, taking care to address any of the following conditions.
 
-* When adding a GenericForeignKey field, also add an index under `Meta` for its two concrete fields. For example:
+* When adding a GenericForeignKey field, you may need add an index under `Meta` for its two concrete fields. (This is required only for non-unique GFK relationships, as the unique constraint introduces its own index.) For example:
 
     ```python
     class Meta:
@@ -50,7 +50,7 @@ If you're adding a relational field (e.g. `ForeignKey`) and intend to include th
 
 ## 5. Update API serializer
 
-Extend the model's API serializer in `<app>.api.serializers` to include the new field. In most cases, it will not be necessary to also extend the nested serializer, which produces a minimal representation of the model.
+Extend the model's API serializer in `<app>.api.serializers` to include the new field.
 
 ## 6. Add fields to forms
 

docs/development/getting-started.md

@@ -7,7 +7,7 @@ Getting started with NetBox development is pretty straightforward, and should fe
 * A Linux system or compatible environment
 * A PostgreSQL server, which can be installed locally [per the documentation](../installation/1-postgresql.md)
 * A Redis server, which can also be [installed locally](../installation/2-redis.md)
-* Python 3.10 or later
+* Python 3.12 or later
 
 ### 1. Fork the Repo
 
@@ -37,16 +37,12 @@ CHANGELOG.md           CONTRIBUTING.md  LICENSE.txt  netbox      README.md  scri
 
 ### 2. Create a New Branch
 
-The NetBox project utilizes three persistent git branches to track work:
+The NetBox project utilizes two persistent git branches to track work:
 
-* `master` - Serves as a snapshot of the current stable release
-* `develop` - All development on the upcoming stable (patch) release occurs here
-* `feature` - Tracks work on an upcoming minor release
+* `main` - All development on the upcoming stable (patch) release occurs here. Releases are published from this branch.
+* `feature` - All work planned for the upcoming minor release is done here.
 
-Typically, you'll base pull requests off of the `develop` branch, or off of `feature` if you're working on a new major release. For example, assume that the current NetBox release is v3.3.5. Work applied to the `develop` branch will appear in v3.3.6, and work done under the `feature` branch will be included in the next minor release (v3.4.0).
-
-!!! warning
-    **Never** merge pull requests into the `master` branch: This branch only ever merges pull requests from the `develop` branch, to effect a new release.
+Typically, you'll base pull requests off of the `main` branch, or off of `feature` if you're working on the upcoming minor or major release. For example, assume that the current NetBox release is v4.2.3. Work applied to the `main` branch will appear in v4.2.4, and work done under the `feature` branch will be included in the next minor release (v4.3.0).
 
 To create a new branch, first ensure that you've checked out the desired base branch, then run:
 
@@ -62,22 +58,7 @@ $issue-$description
 
 The description should be just two or three words to imply the focus of the work being performed. For example, bug #1234 to fix a TypeError exception when creating a device might be named `1234-device-typerror`. This ensures that branches are always follow some logical ordering (e.g. when running `git branch -a`) and helps other developers quickly identify the purpose of each.
 
-### 3. Enable Pre-Commit Hooks
-
-NetBox ships with a [git pre-commit hook](https://githooks.com/) script that automatically checks for style compliance and missing database migrations prior to committing changes. This helps avoid erroneous commits that result in CI test failures. You are encouraged to enable it by creating a link to `scripts/git-hooks/pre-commit`:
-
-```no-highlight
-cd .git/hooks/
-ln -s ../../scripts/git-hooks/pre-commit
-```
-For the pre-commit hooks to work, you will also need to install the pycodestyle package:
-
-```no-highlight
-python -m pip install pycodestyle
-```
-...and set up the yarn packages as shown in the [Web UI Development Guide](web-ui.md)
-
-### 4. Create a Python Virtual Environment
+### 3. Create a Python Virtual Environment
 
 A [virtual environment](https://docs.python.org/3/tutorial/venv.html) (or "venv" for short) is like a container for a set of Python packages. These allow you to build environments suited to specific projects without interfering with system packages or other projects. When installed per the documentation, NetBox uses a virtual environment in production.
 
@@ -101,7 +82,7 @@ source ~/.venv/netbox/bin/activate
 
 Notice that the console prompt changes to indicate the active environment. This updates the necessary system environment variables to ensure that any Python scripts are run within the virtual environment.
 
-### 5. Install Required Packages
+### 4. Install Required Packages
 
 With the virtual environment activated, install the project's required Python packages using the `pip` module. Required packages are defined in `requirements.txt`. Each line in this file specifies the name and specific version of a required package.
 
@@ -109,12 +90,32 @@ With the virtual environment activated, install the project's required Python pa
 python -m pip install -r requirements.txt
 ```
 
+### 5. Install Pre-Commit
+
+NetBox uses [`pre-commit`](https://pre-commit.com/) to automatically validate code when commiting new changes. This includes the following operations:
+
+* Run the `ruff` Python linter
+* Run Django's internal system check
+* Check for missing database migrations
+* Validate any changes to the documentation with `mkdocs`
+* Validate Typescript & Sass styling with `yarn`
+* Ensure that any modified static front end assets have been recompiled
+
+Enable `pre-commit` with the following commands _prior_ to commiting any changes:
+
+```no-highlight
+python -m pip install ruff pre-commit
+pre-commit install
+```
+
+You may also need to set up the yarn packages as shown in the [Web UI Development Guide](web-ui.md).
+
 ### 6. Configure NetBox
 
 Within the `netbox/netbox/` directory, copy `configuration_example.py` to `configuration.py` and update the following parameters:
 
 * `ALLOWED_HOSTS`: This can be set to `['*']` for development purposes
-* `DATABASE`: PostgreSQL database connection parameters
+* `DATABASES`: PostgreSQL database connection parameters
 * `REDIS`: Redis configuration (if different from the defaults)
 * `SECRET_KEY`: Set to a random string (use `generate_secret_key.py` in the parent directory to generate a suitable key)
 * `DEBUG`: Set to `True`
@@ -146,7 +147,7 @@ For UI development you will need to review the [Web UI Development Guide](web-ui
 
 ## Populating Demo Data
 
-Once you have your development environment up and running, it might be helpful to populate some "dummy" data to make interacting with the UI and APIs more convenient. Check out the [netbox-demo-data](https://github.com/netbox-community/netbox-demo-data) repo on GitHub, which houses a collection of sample data that can be easily imported to any new NetBox deployment. (This sample data is used to populate the public demo instance at <https://demo.netbox.dev>.)
+Once you have your development environment up and running, it might be helpful to populate some "dummy" data to make interacting with the UI and APIs more convenient. Check out the [netbox-demo-data](https://github.com/netbox-community/netbox-demo-data) repo on GitHub, which houses a collection of sample data that can be easily imported to any new NetBox deployment. This sample data is used to populate the [public demo instance](https://demo.netbox.dev).
 
 The demo data is provided in JSON format and loaded into an empty database using Django's `loaddata` management command. Consult the demo data repo's `README` file for complete instructions on populating the data.
 

docs/development/git-cheat-sheet.md

@@ -128,7 +128,7 @@ Fast-forward
 ```
 
 !!! warning "Avoid Merging Remote Branches"
-    You generally want to avoid merging branches that exist on the remote (upstream) repository, such as `develop` and `feature`: Merges into these branches should be done via a pull request on GitHub. Only merge branches when it is necessary to consolidate work you've done locally.
+    You generally want to avoid merging branches that exist on the remote (upstream) repository, namely `main` and `feature`: Merges into these branches should be done via a pull request on GitHub. Only merge branches when it is necessary to consolidate work you've done locally.
 
 ### Show Pending Changes
 
@@ -196,7 +196,7 @@ index 93e125079..4344fb514 100644
 +and here too
 +
  <div align="center">
-   <img src="https://raw.githubusercontent.com/netbox-community/netbox/develop/docs/netbox_logo.svg" width="400" alt="NetBox logo" />
+   <img src="https://raw.githubusercontent.com/netbox-community/netbox/main/docs/netbox_logo.svg" width="400" alt="NetBox logo" />
  </div>
 diff --git a/foo.py b/foo.py
 new file mode 100644

docs/development/index.md

@@ -8,11 +8,10 @@ NetBox and many of its related projects are maintained on [GitHub](https://githu
 
 ![GitHub](../media/development/github.png)
 
-There are three permanent branches in the repository:
+There are two permanent branches in the repository:
 
-* `master` - The current stable release. Individual changes should never be pushed directly to this branch, but rather merged from `develop`.
-* `develop` - Active development for the upcoming patch release. Pull requests will typically be based on this branch unless they introduce breaking changes that must be deferred until the next minor release.
-* `feature` - New feature work to be introduced in the next minor release (e.g. from v3.3 to v3.4).
+* `main` - Active development for the upcoming patch release. Pull requests will typically be based on this branch unless they introduce breaking changes that must be deferred until the next minor release.
+* `feature` - New feature work to be introduced in the next minor release (e.g. from v4.2 to v4.3).
 
 NetBox components are arranged into Django apps. Each app holds the models, views, and other resources relevant to a particular function:
 
@@ -57,4 +56,4 @@ NetBox follows the [benevolent dictator](http://oss-watch.ac.uk/resources/benevo
 
 ## Licensing
 
-The entire NetBox project is licensed as open source under the [Apache 2.0 license](https://github.com/netbox-community/netbox/blob/master/LICENSE.txt). This is a very permissive license which allows unlimited redistribution of all code within the project. Note that all submissions to the project are subject to the same license.
+The entire NetBox project is licensed as open source under the [Apache 2.0 license](https://github.com/netbox-community/netbox/blob/main/LICENSE.txt). This is a very permissive license which allows unlimited redistribution of all code within the project. Note that all submissions to the project are subject to the same license.

docs/development/models.md

@@ -10,19 +10,26 @@ The Django [content types](https://docs.djangoproject.com/en/stable/ref/contrib/
 
 Depending on its classification, each NetBox model may support various features which enhance its operation. Each feature is enabled by inheriting from its designated mixin class, and some features also make use of the [application registry](./application-registry.md#model_features).
 
-| Feature                                                    | Feature Mixin           | Registry Key       | Description                                                                             |
-|------------------------------------------------------------|-------------------------|--------------------|-----------------------------------------------------------------------------------------|
-| [Change logging](../features/change-logging.md)            | `ChangeLoggingMixin`    | -                  | Changes to these objects are automatically recorded in the change log                   |
-| Cloning                                                    | `CloningMixin`          | -                  | Provides the `clone()` method to prepare a copy                                         |
-| [Custom fields](../customization/custom-fields.md)         | `CustomFieldsMixin`     | `custom_fields`    | These models support the addition of user-defined fields                                |
-| [Custom links](../customization/custom-links.md)           | `CustomLinksMixin`      | `custom_links`     | These models support the assignment of custom links                                     |
-| [Custom validation](../customization/custom-validation.md) | `CustomValidationMixin` | -                  | Supports the enforcement of custom validation rules                                     |
-| [Export templates](../customization/export-templates.md)   | `ExportTemplatesMixin`  | `export_templates` | Users can create custom export templates for these models                               |
-| [Job results](../features/background-jobs.md)              | `JobsMixin`             | `jobs`             | Users can create custom export templates for these models                               |
-| [Journaling](../features/journaling.md)                    | `JournalingMixin`       | `journaling`       | These models support persistent historical commentary                                   |
-| [Synchronized data](../integrations/synchronized-data.md)  | `SyncedDataMixin`       | `synced_data`      | Certain model data can be automatically synchronized from a remote data source          |
-| [Tagging](../models/extras/tag.md)                         | `TagsMixin`             | `tags`             | The models can be tagged with user-defined tags                                         |
-| [Event rules](../features/event-rules.md)                  | `EventRulesMixin`       | `event_rules`      | Event rules can send webhooks or run custom scripts automatically in response to events |
+| Feature                                                    | Feature Mixin           | Registry Key        | Description                                                                             |
+|------------------------------------------------------------|-------------------------|---------------------|-----------------------------------------------------------------------------------------|
+| [Bookmarks](../features/customization.md#bookmarks)        | `BookmarksMixin`        | `bookmarks`         | These models can be bookmarked natively in the user interface                           |
+| [Change logging](../features/change-logging.md)            | `ChangeLoggingMixin`    | `change_logging`    | Changes to these objects are automatically recorded in the change log                   |
+| Cloning                                                    | `CloningMixin`          | `cloning`           | Provides the `clone()` method to prepare a copy                                         |
+| [Contacts](../features/contacts.md)                        | `ContactsMixin`         | `contacts`          | Contacts can be associated with these models                                            |
+| [Custom fields](../customization/custom-fields.md)         | `CustomFieldsMixin`     | `custom_fields`     | These models support the addition of user-defined fields                                |
+| [Custom links](../customization/custom-links.md)           | `CustomLinksMixin`      | `custom_links`      | These models support the assignment of custom links                                     |
+| [Custom validation](../customization/custom-validation.md) | `CustomValidationMixin` | -                   | Supports the enforcement of custom validation rules                                     |
+| [Event rules](../features/event-rules.md)                  | `EventRulesMixin`       | `event_rules`       | Event rules can send webhooks or run custom scripts automatically in response to events |
+| [Export templates](../customization/export-templates.md)   | `ExportTemplatesMixin`  | `export_templates`  | Users can create custom export templates for these models                               |
+| [Image attachments](../models/extras/imageattachment.md)   | `ImageAttachmentsMixin` | `image_attachments` | Image uploads can be attached to these models                                           |
+| [Jobs](../features/background-jobs.md)                     | `JobsMixin`             | `jobs`              | Background jobs can be scheduled for these models                                       |
+| [Journaling](../features/journaling.md)                    | `JournalingMixin`       | `journaling`        | These models support persistent historical commentary                                   |
+| [Notifications](../features/notifications.md)              | `NotificationsMixin`    | `notifications`     | These models support user notifications                                                 |
+| [Synchronized data](../integrations/synchronized-data.md)  | `SyncedDataMixin`       | `synced_data`       | Certain model data can be automatically synchronized from a remote data source          |
+| [Tagging](../models/extras/tag.md)                         | `TagsMixin`             | `tags`              | The models can be tagged with user-defined tags                                         |
+
+!!! note
+    The above listed features are supported natively by NetBox. Beginning with NetBox v4.4.0, plugins can register their own model features as well.
 
 ## Models Index
 
@@ -34,7 +41,9 @@ These are considered the "core" application models which are used to model netwo
 * [circuits.Provider](../models/circuits/provider.md)
 * [circuits.ProviderAccount](../models/circuits/provideraccount.md)
 * [circuits.ProviderNetwork](../models/circuits/providernetwork.md)
+* [core.DataFile](../models/core/datafile.md)
 * [core.DataSource](../models/core/datasource.md)
+* [core.Job](../models/core/job.md)
 * [dcim.Cable](../models/dcim/cable.md)
 * [dcim.Device](../models/dcim/device.md)
 * [dcim.DeviceType](../models/dcim/devicetype.md)
@@ -44,12 +53,14 @@ These are considered the "core" application models which are used to model netwo
 * [dcim.PowerPanel](../models/dcim/powerpanel.md)
 * [dcim.Rack](../models/dcim/rack.md)
 * [dcim.RackReservation](../models/dcim/rackreservation.md)
+* [dcim.RackType](../models/dcim/racktype.md)
 * [dcim.Site](../models/dcim/site.md)
 * [dcim.VirtualChassis](../models/dcim/virtualchassis.md)
 * [dcim.VirtualDeviceContext](../models/dcim/virtualdevicecontext.md)
 * [ipam.Aggregate](../models/ipam/aggregate.md)
 * [ipam.ASN](../models/ipam/asn.md)
 * [ipam.FHRPGroup](../models/ipam/fhrpgroup.md)
+* [ipam.FHRPGroupAssignment](../models/ipam/fhrpgroupassignment.md)
 * [ipam.IPAddress](../models/ipam/ipaddress.md)
 * [ipam.IPRange](../models/ipam/iprange.md)
 * [ipam.Prefix](../models/ipam/prefix.md)
@@ -76,6 +87,7 @@ These are considered the "core" application models which are used to model netwo
 
 Organization models are used to organize and classify primary models.
 
+* [circuits.CircuitGroup](../models/circuits/circuitgroup.md)
 * [circuits.CircuitType](../models/circuits/circuittype.md)
 * [dcim.DeviceRole](../models/dcim/devicerole.md)
 * [dcim.Manufacturer](../models/dcim/manufacturer.md)
@@ -88,6 +100,7 @@ Organization models are used to organize and classify primary models.
 * [tenancy.ContactRole](../models/tenancy/contactrole.md)
 * [virtualization.ClusterGroup](../models/virtualization/clustergroup.md)
 * [virtualization.ClusterType](../models/virtualization/clustertype.md)
+* [vpn.TunnelGroup](../models/vpn/tunnelgroup.md)
 
 ### Nested Group Models
 
@@ -131,3 +144,10 @@ These function as templates to effect the replication of device and virtual mach
 * [dcim.PowerOutletTemplate](../models/dcim/poweroutlettemplate.md)
 * [dcim.PowerPortTemplate](../models/dcim/powerporttemplate.md)
 * [dcim.RearPortTemplate](../models/dcim/rearporttemplate.md)
+
+### Connection Models
+
+Connection models are used to model the connections, or connection endpoints between models.
+
+* [circuits.CircuitTermination](../models/circuits/circuittermination.md)
+* [vpn.TunnelTermination](../models/vpn/tunneltermination.md)

docs/development/release-checklist.md

@@ -1,12 +1,14 @@
 # Release Checklist
 
-This documentation describes the process of packaging and publishing a new NetBox release. There are three types of release:
+This documentation describes the process of packaging and publishing a new NetBox release. There are three types of releases:
 
-* Major release (e.g. v2.11 to v3.0)
-* Minor release (e.g. v3.2 to v3.3)
-* Patch release (e.g. v3.3.0 to v3.3.1)
+* Major release (e.g. v3.7.8 to v4.0.0)
+* Minor release (e.g. v4.0.10 to v4.1.0)
+* Patch release (e.g. v4.1.0 to v4.1.1)
 
-While major releases generally introduce some very substantial change to the application, they are typically treated the same as minor version increments for the purpose of release packaging.
+While major releases generally introduce some very substantial changes to the application, they are typically treated the same as minor version increments for the purpose of release packaging.
+
+For patch releases (e.g. upgrading from v4.2.2 to v4.2.3), begin at the [patch releases](#patch-releases) heading below. For minor or major releases, complete the entire checklist.
 
 ## Minor Version Releases
 
@@ -29,6 +31,17 @@ Close the [release milestone](https://github.com/netbox-community/netbox/milesto
 
 Check that a link to the release notes for the new version is present in the navigation menu (defined in `mkdocs.yml`), and that a summary of all major new features has been added to `docs/index.md`.
 
+### Update System Requirements
+
+If a new Django release is adopted or other major dependencies (Python, PostgreSQL, Redis) change:
+
+* Update the installation guide (`docs/installation/index.md`) with the new minimum versions.
+* Update the upgrade guide (`docs/installation/upgrading.md`) for the current version.
+    * Update the minimum versions for each dependency.
+    * Add a new row to the release history table. Bold any version changes for clarity.
+* Update the minimum PostgreSQL version in the programming error template (`netbox/templates/exceptions/programming_error.html`).
+* Update the minimum and supported Python versions in the project metadata file (`pyproject.toml`)
+
 ### Manually Perform a New Install
 
 Start the documentation server and navigate to the current version of the installation docs:
@@ -37,11 +50,25 @@ Start the documentation server and navigate to the current version of the instal
 mkdocs serve
 ```
 
-Follow these instructions to perform a new installation of NetBox in a temporary environment. This process must not be automated: The goal of this step is to catch any errors or omissions in the documentation, and ensure that it is kept up-to-date for each release. Make any necessary changes to the documentation before proceeding with the release.
+Follow these instructions to perform a new installation of NetBox in a temporary environment. This process must not be automated: The goal of this step is to catch any errors or omissions in the documentation and ensure that it is kept up to date for each release. Make any necessary changes to the documentation before proceeding with the release.
 
-### Merge the Release Branch
+### Test Upgrade Paths
 
-Submit a pull request to merge the `feature` branch into the `develop` branch in preparation for its release. Once it has been merged, continue with the section for patch releases below.
+Upgrading from a previous version typically involves database migrations, which must work without errors.
+Test the following supported upgrade paths:
+
+- From one minor version to another within the same major version (e.g. 4.0 to 4.1).
+- From the latest patch version of the previous minor version (e.g. 3.7 to 4.0 or 4.1).
+
+Prior to release, test all these supported paths by loading demo data from the source version and performing:
+
+```no-highlight
+./manage.py migrate
+```
+
+### Merge the `feature` Branch
+
+Submit a pull request to merge the `feature` branch into the `main` branch in preparation for its release. Once it has been merged, continue with the section for the patch releases below.
 
 ### Rebuild Demo Data (After Release)
 
@@ -51,6 +78,15 @@ After the release of a new minor version, generate a new demo data snapshot comp
 
 ## Patch Releases
 
+### Create a Release Branch
+
+Begin by creating a new branch (based on `main`) to effect the release. This will comprise the changes listed below.
+
+```
+git checkout main
+git checkout -B release-vX.Y.Z
+```
+
 ### Notify netbox-docker Project of Any Relevant Changes
 
 Notify the [`netbox-docker`](https://github.com/netbox-community/netbox-docker) maintainers (in **#netbox-docker**) of any changes that may be relevant to their build process, including:
@@ -72,7 +108,47 @@ In cases where upgrading a dependency to its most recent release is breaking, it
 
 ### Update UI Dependencies
 
-Check whether any UI dependencies (JavaScript packages, fonts, etc.) need to be updated by running `yarn outdated` from within the `project-static/` directory. [Upgrade these dependencies](./web-ui.md#updating-dependencies) as necessary, then run `yarn bundle` to generate the necessary files for distribution.
+Check whether any UI dependencies (JavaScript packages, fonts, etc.) need to be updated by running `yarn outdated` from within the `project-static/` directory. [Upgrade these dependencies](./web-ui.md#updating-dependencies) as necessary, then run `yarn bundle` to generate the necessary files for distribution:
+
+```
+$ yarn bundle
+yarn run v1.22.19
+$ node bundle.js
+✅ Bundled source file 'styles/external.scss' to 'netbox-external.css'
+✅ Bundled source file 'styles/netbox.scss' to 'netbox.css'
+✅ Bundled source file 'styles/svg/rack_elevation.scss' to 'rack_elevation.css'
+✅ Bundled source file 'styles/svg/cable_trace.scss' to 'cable_trace.css'
+✅ Bundled source file 'index.ts' to 'netbox.js'
+✅ Copied graphiql files
+Done in 1.00s.
+```
+
+### Update & Compile Translations
+
+Updated language translations should be pulled from [Transifex](https://app.transifex.com/netbox-community/netbox/dashboard/) and re-compiled for each new release. First, retrieve any updated translation files using the Transifex CLI client:
+
+```no-highlight
+tx pull --force
+```
+
+Then, compile these portable (`.po`) files for use in the application:
+
+```no-highlight
+./manage.py compilemessages
+```
+
+!!! tip
+    Consult the translation documentation for more detail on [updating translated strings](./translations.md#updating-translated-strings) if you've not set up the Transifex client already.
+
+### Update Version and Changelog
+
+* Update the version number and published date in `netbox/release.yaml`. Add or remove the designation (e.g. `beta1`) if applicable.
+* Copy the version number from `release.yaml` to `pyproject.toml` in the project root.
+* Update the example version numbers in the feature request and bug report templates under `.github/ISSUE_TEMPLATES/`.
+* Add a section for this release at the top of the changelog page for the minor version (e.g. `docs/release-notes/version-4.2.md`) listing all relevant changes made in this release.
+
+!!! tip
+    Put yourself in the shoes of the user when recording change notes. Focus on the effect that each change has for the end user, rather than the specific bits of code that were modified in a PR. Ensure that each message conveys meaning absent context of the initial feature request or bug report. Remember to include keywords or phrases (such as exception names) that can be easily searched.
 
 ### Rebuild the Device Type Definition Schema
 
@@ -84,57 +160,30 @@ Run the following command to update the device type definition validation schema
 
 This will automatically update the schema file at `contrib/generated_schema.json`.
 
-### Update & Compile Translations
+### Update the OpenAPI Schema
 
-Updated language translations should be pulled from [Transifex](https://app.transifex.com/netbox-community/netbox/dashboard/) and re-compiled for each new release. Follow the documented process for [updating translated strings](./translations.md#updating-translated-strings) to do this.
+Update the static OpenAPI schema definition at `contrib/openapi.json` with the management command below. If the schema file is up-to-date, only the NetBox version will be changed.
 
-### Update Version and Changelog
-
-* Update the `VERSION` constant in `settings.py` to the new release version.
-* Update the example version numbers in the feature request and bug report templates under `.github/ISSUE_TEMPLATES/`.
-* Replace the "FUTURE" placeholder in the release notes with the current date.
-
-Commit these changes to the `develop` branch and push upstream.
-
-### Verify CI Build Status
-
-Ensure that continuous integration testing on the `develop` branch is completing successfully. If it fails, take action to correct the failure before proceeding with the release.
+```nohighlight
+./manage.py spectacular --format openapi-json > ../contrib/openapi.json
+```
 
 ### Submit a Pull Request
 
-Submit a pull request titled **"Release vX.Y.Z"** to merge the `develop` branch into `master`. Copy the documented release notes into the pull request's body.
+Commit the above changes and submit a pull request titled **"Release vX.Y.Z"** to merge the current release branch (e.g. `release-vX.Y.Z`) into `main`. Copy the documented release notes into the pull request's body.
 
-Once CI has completed on the PR, merge it. This effects a new release in the `master` branch.
+Once CI has completed and a colleague has reviewed the PR, merge it. This effects a new release in the `main` branch.
+
+!!! warning
+    To ensure a streamlined review process, the pull request for a release **must** be limited to the changes outlined in this document. A release PR must never include functional changes to the application: Any unrelated "cleanup" needs to be captured in a separate PR prior to the release being shipped.
 
 ### Create a New Release
 
 Create a [new release](https://github.com/netbox-community/netbox/releases/new) on GitHub with the following parameters.
 
-* **Tag:** Current version (e.g. `v3.3.1`)
-* **Target:** `master`
-* **Title:** Version and date (e.g. `v3.3.1 - 2022-08-25`)
+* **Tag:** Current version (e.g. `v4.2.1`)
+* **Target:** `main`
+* **Title:** Version and date (e.g. `v4.2.1 - 2025-01-17`)
 * **Description:** Copy from the pull request body, then promote the `###` headers to `##` ones
 
 Once created, the release will become available for users to install.
-
-### Update the Development Version
-
-On the `develop` branch, update `VERSION` in `settings.py` to point to the next release. For example, if you just released v3.3.1, set:
-
-```
-VERSION = 'v3.3.2-dev'
-```
-
-Commit this change with the comment "PRVB" (for _post-release version bump_) and push the commit upstream.
-
-### Update the Public Documentation
-
-After a release has been published, the public NetBox documentation needs to be updated. This is accomplished by running two actions on the [netboxlabs-docs](https://github.com/netboxlabs/netboxlabs-docs) repository.
-
-First, run the `build-site` action, by navigating to Actions > build-site > Run workflow. This process compiles the documentation along with an overlay for integration with the documentation portal at <https://netboxlabs.com/docs>. The job should take about two minutes.
-
-Once the documentation files have been compiled, they must be published by running the `deploy-kinsta` action. Select the desired deployment environment (staging or production) and specify `latest` as the deploy tag.
-
-Clear the CDN cache from the [Kinsta](https://my.kinsta.com/) portal. Navigate to _Sites_ / _NetBox Labs_ / _Live_, select _Cache_ in the left-nav, click the _Clear Cache_ button, and confirm the clear operation.
-
-Finally, verify that the documentation at <https://netboxlabs.com/docs/netbox/en/stable/> has been updated.

docs/development/style-guide.md

@@ -1,6 +1,6 @@
 # Style Guide
 
-NetBox generally follows the [Django style guide](https://docs.djangoproject.com/en/stable/internals/contributing/writing-code/coding-style/), which is itself based on [PEP 8](https://www.python.org/dev/peps/pep-0008/). [Pycodestyle](https://github.com/pycqa/pycodestyle) is used to validate code formatting, ignoring certain violations.
+NetBox generally follows the [Django style guide](https://docs.djangoproject.com/en/stable/internals/contributing/writing-code/coding-style/), which is itself based on [PEP 8](https://www.python.org/dev/peps/pep-0008/). [ruff](https://docs.astral.sh/ruff/) is used for linting (with certain [exceptions](#linter-exceptions)).
 
 ## Code
 
@@ -20,32 +20,32 @@ NetBox generally follows the [Django style guide](https://docs.djangoproject.com
 
 * Nested API serializers generate minimal representations of an object. These are stored separately from the primary serializers to avoid circular dependencies. Always import nested serializers from other apps directly. For example, from within the DCIM app you would write `from ipam.api.nested_serializers import NestedIPAddressSerializer`.
 
-### PEP 8 Exceptions
+### Linting
 
-NetBox ignores certain PEP8 assertions. These are listed below.
+The [ruff](https://docs.astral.sh/ruff/) linter is used to enforce code style, and is run automatically by [pre-commit](./getting-started.md#5-install-pre-commit). To invoke `ruff` manually, run:
 
-#### Wildcard Imports
+```
+ruff check netbox/
+```
+
+#### Linter Exceptions
+
+The following rules are ignored when linting.
+
+##### [E501](https://docs.astral.sh/ruff/rules/line-too-long/): Line too long
+
+NetBox does not enforce a hard restriction on line length, although a maximum length of 120 characters is strongly encouraged for Python code where possible. The maximum length does not apply to HTML templates or to automatically generated code (e.g. database migrations).
+
+##### [F403](https://docs.astral.sh/ruff/rules/undefined-local-with-import-star/): Undefined local with import star
 
 Wildcard imports (for example, `from .constants import *`) are acceptable under any of the following conditions:
 
 * The library being import contains only constant declarations (e.g. `constants.py`)
 * The library being imported explicitly defines `__all__`
 
-#### Maximum Line Length (E501)
+##### [F405](https://docs.astral.sh/ruff/rules/undefined-local-with-import-star-usage/): Undefined local with import star usage
 
-NetBox does not restrict lines to a maximum length of 79 characters. We use a maximum line length of 120 characters, however this is not enforced by CI. The maximum length does not apply to HTML templates or to automatically generated code (e.g. database migrations).
-
-#### Line Breaks Following Binary Operators (W504)
-
-Line breaks are permitted following binary operators.
-
-### Enforcing Code Style
-
-The [`pycodestyle`](https://pypi.org/project/pycodestyle/) utility (formerly `pep8`) is used by the CI process to enforce code style. A [pre-commit hook](./getting-started.md#3-enable-pre-commit-hooks) which runs this automatically is included with NetBox. To invoke `pycodestyle` manually, run:
-
-```
-pycodestyle --ignore=W504,E501 netbox/
-```
+The justification for ignoring this rule is the same as F403 above.
 
 ### Introducing New Dependencies
 
@@ -76,4 +76,4 @@ When adding a new dependency, a short description of the package and the URL of
 
 * When referring to NetBox in writing, use the proper form "NetBox," with the letters N and B capitalized. The lowercase form "netbox" should be used in code, filenames, etc. but never "Netbox" or any other deviation.
 
-* There is an SVG form of the NetBox logo at [docs/netbox_logo.svg](../netbox_logo.svg). It is preferred to use this logo for all purposes as it scales to arbitrary sizes without loss of resolution. If a raster image is required, the SVG logo should be converted to a PNG image of the prescribed size.
+* There are SVG forms of the NetBox logo for both [light mode](../netbox_logo_light.svg) and [dark mode](../netbox_logo_dark.svg) available. It is preferred to use the SVG logo for all purposes as it scales to arbitrary sizes without loss of resolution. If a raster image is required, the SVG logo should be converted to a PNG image of the desired size.

docs/development/translations.md

@@ -14,7 +14,10 @@ To update the English `.po` file from which all translations are derived, use th
 ./manage.py makemessages -l en -i "project-static/*"
 ```
 
-Then, commit the change and push to the `develop` branch on GitHub. Any new strings will appear for translation on Transifex automatically.
+Then, commit the change and push to the `main` branch on GitHub. Any new strings will appear for translation on Transifex automatically.
+
+!!! note
+    It is typically not necessary to update source strings manually, as this is done nightly by a [GitHub action](https://github.com/netbox-community/netbox/blob/main/.github/workflows/update-translation-strings.yml).
 
 ## Updating Translated Strings
 
@@ -22,25 +25,30 @@ Typically, translated strings need to be updated only as part of the NetBox [rel
 
 Check the Transifex dashboard for languages that are not marked _ready for use_, being sure to click _Show all languages_ if it appears at the bottom of the list. Use machine translation to round out any not-ready languages. It's not necessary to review the machine translation immediately as the translation teams will handle that aspect; the goal at this stage is to get translations included in the Transifex pull request.
 
-To update translated strings, start by initiating a sync from Transifex. From the Transifex dashboard, navigate to Settings > Integrations > GitHub > Manage, and click the **Manual Sync** button at top right.
+To download translated strings automatically, you'll need to:
 
-![Transifex manual sync](../media/development/transifex_sync.png)
+1. Install the [Transifex CLI client](https://github.com/transifex/cli)
+2. Generate a [Transifex API token](https://app.transifex.com/user/settings/api/)
 
-Enter a threshold percentage of 1 (to ensure all translations are captured) and select the `develop` branch, then click **Sync**. This will initiate a pull request to GitHub to update any newly modified translation (`.po`) files.
+Once you have the client set up, run the following command from the project root (e.g. `/opt/netbox/`):
 
-!!! tip
-    The new PR should appear within a few minutes. If it does not, check that there are in fact new translations to be added.
+```no-highlight
+TX_TOKEN=$TOKEN tx pull --force
+```
 
-![Transifex pull request](../media/development/transifex_pull_request.png)
+This will download all portable (`.po`) translation files from Transifex, updating them locally as needed. (The `--force` argument instructs the client to disregard the timestamps of local translation files.)
 
-Once the PR has been merged, the updated strings need to be compiled into new `.mo` files so they can be used by the application. Update the `develop` branch locally to pull in the changes from the Transifex PR, then run Django's [`compilemessages`](https://docs.djangoproject.com/en/stable/ref/django-admin/#django-admin-compilemessages) management command:
+Once retrieved, the updated strings need to be compiled into new `.mo` files so they can be used by the application. Run Django's [`compilemessages`](https://docs.djangoproject.com/en/stable/ref/django-admin/#django-admin-compilemessages) management command to compile them:
 
-```nohighlight
+```no-highlight
 ./manage.py compilemessages
 ```
 
 Once any new `.mo` files have been generated, they need to be committed and pushed back up to GitHub. (Again, this is typically done as part of publishing a new NetBox release.)
 
+!!! tip
+    Run `git status` to check that both `*.mo` & `*.po` files have been updated as expected.
+
 ## Proposing New Languages
 
 If you'd like to add support for a new language to NetBox, the first step is to [submit a GitHub issue](https://github.com/netbox-community/netbox/issues/new?assignees=&labels=type%3A+translation&projects=&template=translation.yaml) to capture the proposal. While we'd like to add as many languages as possible, we do need to limit the rate at which new languages are added. New languages will be selected according to community interest and the number of volunteers who sign up as translators.

docs/development/user-preferences.md

@@ -2,6 +2,8 @@
 
 The `users.UserConfig` model holds individual preferences for each user in the form of JSON data. This page serves as a manifest of all recognized user preferences in NetBox.
 
+For end‑user guidance on resetting saved table layouts, see [Features > User Preferences](../features/user-preferences.md#clearing-table-preferences).
+
 ## Available Preferences
 
 | Name                     | Description                                                   |

docs/extra.css

@@ -5,6 +5,10 @@ img {
     margin-right: auto;
 }
 
+.md-content img {
+    background-color: rgba(255, 255, 255, 0.64);
+}
+
 /* Tables */
 table {
     margin-bottom: 24px;

docs/features/api-integration.md

@@ -8,7 +8,7 @@ NetBox's REST API, powered by the [Django REST Framework](https://www.django-res
 
 ```no-highlight
 curl -s -X POST \
--H "Authorization: Token $TOKEN" \
+-H "Authorization: Bearer $TOKEN" \
 -H "Content-Type: application/json" \
 http://netbox/api/ipam/prefixes/ \
 --data '{"prefix": "192.0.2.0/24", "site": {"name": "Branch 12"}}'

docs/features/authentication-permissions.md

@@ -41,7 +41,7 @@ NetBox integrates with the open source [python-social-auth](https://github.com/p
 * Google
 * Hashicorp Vault
 * Keycloak
-* Microsoft Azure AD
+* Microsoft Entra ID
 * Microsoft Graph
 * Okta
 * OIDC

docs/features/background-jobs.md

@@ -2,9 +2,9 @@
 
 NetBox includes the ability to execute certain functions as background tasks. These include:
 
-* [Report](../customization/reports.md) execution
 * [Custom script](../customization/custom-scripts.md) execution
 * Synchronization of [remote data sources](../integrations/synchronized-data.md)
+* Housekeeping tasks
 
 Additionally, NetBox plugins can enqueue their own background tasks. This is accomplished using the [Job model](../models/core/job.md). Background tasks are executed by the `rqworker` process(es).
 

docs/features/change-logging.md

@@ -8,6 +8,12 @@ When a request is made, a UUID is generated and attached to any change records r
 
 Change records are exposed in the API via the read-only endpoint `/api/extras/object-changes/`. They may also be exported via the web UI in CSV format.
 
+## User Messages
+
+!!! info "This feature was introduced in NetBox v4.4."
+
+When creating, modifying, or deleting an object in NetBox, a user has the option of recording an arbitrary message that will appear in the change record. This can be helpful to capture additional context, such as the reason for the change.
+
 ## Correlating Changes by Request
 
 Every request made to NetBox is assigned a random unique ID that can be used to correlate change records. For example, if you change the status of three sites using the UI's bulk edit feature, you will see three new change records (one for each site) all referencing the same request ID. This shows that all three changes were made as part of the same request.

docs/features/customization.md

@@ -2,6 +2,8 @@
 
 While NetBox strives to meet the needs of every network, the needs of users to cater to their own unique environments cannot be ignored. NetBox was built with this in mind, and can be customized in many ways to better suit your particular needs.
 
+For end‑user personalization topics (bookmarks, table preferences, language, CSV delimiter, and more), see [Features > User Preferences](../features/user-preferences.md).
+
 ## Tags
 
 Most objects in NetBox can be assigned user-created tags to aid with organization and filtering. Tag values are completely arbitrary: They may be used to store data in key-value pairs, or they may be employed simply as labels against which objects can be filtered. Each tag can also be assigned a color for quicker differentiation in the user interface.
@@ -18,10 +20,6 @@ The `tag` filter can be specified multiple times to match only objects which hav
 GET /api/dcim/devices/?tag=monitored&tag=deprecated
 ```
 
-## Bookmarks
-
-Users can bookmark their most commonly visited objects for convenient access. Bookmarks are listed under a user's profile, and can be displayed with custom filtering and ordering on the user's personal dashboard.
-
 ## Custom Fields
 
 While NetBox provides a rather extensive data model out of the box, the need may arise to store certain additional data associated with NetBox objects. For example, you might need to record the invoice ID alongside an installed device, or record an approving authority when creating a new IP prefix. NetBox administrators can create custom fields on built-in objects to meet these needs.
@@ -38,7 +36,7 @@ Custom links allow you to conveniently reference external resources related to N
 http://server.local/vms/?name={{ object.name }}
 ```
 
-Now, when viewing a virtual machine in NetBox, a user will see a handy button with the chosen title and link (complete with the name of the VM being viewed). Both the text and URL of custom links can be templatized in this manner, and custom links can be grouped together into dropdowns for more efficient display.
+Now, when viewing a virtual machine in NetBox, a user will see a handy button with the chosen title and link (complete with the name of the VM being viewed). Both the text and URL of custom links can be templatized in this manner, and custom links can be grouped together into dropdowns for a more efficient display.
 
 To learn more about this feature, check out the [custom link documentation](../customization/custom-links.md).
 

docs/features/event-rules.md

@@ -1,9 +1,10 @@
 # Event Rules
 
-NetBox includes the ability to execute certain functions in response to internal object changes. These include:
+NetBox includes the ability to automatically perform certain functions in response to internal events. These include:
 
-* [Scripts](../customization/custom-scripts.md) execution
-* [Webhooks](../integrations/webhooks.md) execution
+* Executing a [custom script](../customization/custom-scripts.md)
+* Sending a [webhook](../integrations/webhooks.md)
+* Generating [user notifications](../features/notifications.md)
 
 For example, suppose you want to automatically configure a monitoring system to start monitoring a device when its operational status is changed to active, and remove it from monitoring for any other status. You can create a webhook in NetBox for the device model and craft its content and destination URL to effect the desired change on the receiving system. You can then associate an event rule with this webhook and the webhook will be sent automatically by NetBox whenever the configured constraints are met.
 

docs/features/facilities.md

@@ -46,7 +46,7 @@ Regions will always be listed alphabetically by name within each parent, and the
 
 Like regions, site groups can be arranged in a recursive hierarchy for grouping sites. However, whereas regions are intended for geographic organization, site groups may be used for functional grouping. For example, you might classify sites as corporate, branch, or customer sites in addition to where they are physically located.
 
-The use of both regions and site groups affords to independent but complementary dimensions across which sites can be organized.
+The use of both regions and site groups affords two independent but complementary dimensions across which sites can be organized.
 
 ## Sites
 
@@ -56,6 +56,10 @@ A site typically represents a building within a region and/or site group. Each s
 
 A location can be any logical subdivision within a building, such as a floor or room. Like regions and site groups, locations can be nested into a self-recursive hierarchy for maximum flexibility. And like sites, each location has an operational status assigned to it.
 
+## Rack Types
+
+A rack type represents a unique specification of a rack which exists in the real world. Each rack type can be setup with weight, height, and unit ordering. New racks of this type can then be created in NetBox, and any associated specifications will be automatically replicated from the device type.
+
 ## Racks
 
 Finally, NetBox models each equipment rack as a discrete object within a site and location. These are physical objects into which devices are installed. Each rack can be assigned an operational status, type, facility ID, and other attributes related to inventory tracking. Each rack also must define a height (in rack units) and width, and may optionally specify its physical dimensions.

docs/features/ipam.md

@@ -62,8 +62,8 @@ VRF modeling in NetBox very closely follows what you find in real-world network
 
 An often overlooked component of IPAM, NetBox also tracks autonomous system (AS) numbers and their assignment to sites. Both 16- and 32-bit AS numbers are supported, and like aggregates each ASN is assigned to an authoritative RIR.
 
-## Service Mapping
+## Application Service Mapping
 
 NetBox models network applications as discrete service objects associated with devices and/or virtual machines, and optionally with specific IP addresses attached to those parent objects. These can be used to catalog the applications running on your network for reference by other objects or integrated tools.
 
-To model services in NetBox, begin by creating a service template defining the name, protocol, and port number(s) on which the service listens. This template can then be easily instantiated to "attach" new services to a device or virtual machine. It's also possible to create new services by hand, without a template, however this approach can be tedious.
+To model application services in NetBox, begin by creating an application service template defining the name, protocol, and port number(s) on which the service listens. This template can then be easily instantiated to "attach" new services to a device or virtual machine. It's also possible to create new application services by hand, without a template, however this approach can be tedious.

docs/features/notifications.md

@@ -0,0 +1,8 @@
+# Notifications
+
+NetBox includes a system for generating user notifications, which can be marked as read or deleted by individual users. There are two built-in mechanisms for generating a notification:
+
+* A user can subscribe to an object. When that object is modified, a notification is created to inform the user of the change.
+* An [event rule](./event-rules.md) can be defined to automatically generate a notification for one or more users in response to specific system events.
+
+Additionally, NetBox plugins can generate notifications for their own purposes.

docs/features/synchronized-data.md

@@ -13,6 +13,9 @@ To enable remote data synchronization, the NetBox administrator first designates
 !!! info
     Data backends which connect to external sources typically require the installation of one or more supporting Python libraries. The Git backend requires the [`dulwich`](https://www.dulwich.io/) package, and the S3 backend requires the [`boto3`](https://boto3.amazonaws.com/v1/documentation/api/latest/index.html) package. These must be installed within NetBox's environment to enable these backends.
 
+!!! info
+    If you are configuring Git and have `HTTP_PROXIES` configured to use the SOCKS protocol, you will also need to install the [`python_socks`](https://pypi.org/project/python-socks/) Python library.
+
 Each type of remote source has its own configuration parameters. For instance, a git source will ask the user to specify a branch and authentication credentials. Once the source has been created, a synchronization job is run to automatically replicate remote files in the local database.
 
 The following NetBox models can be associated with replicated data files:

docs/features/user-preferences.md

@@ -0,0 +1,60 @@
+# User Preferences
+
+NetBox stores per‑user options that control aspects of the web interface and data display. Preferences persist across sessions and can be managed under **User → Preferences**.
+
+## Table configurations
+
+When a list view is configured using **Configure**, NetBox records the selected columns and ordering as per‑user table preferences for that table. These preferences are applied automatically on subsequent visits.
+
+### Clearing table preferences
+
+Saved table preferences may need to be reset, for example, if a table fails to render or after an upgrade that changes available columns.
+
+To clear saved preferences for one or more tables:
+
+1. Click the username in the top‑right corner.
+2. Select **Preferences** from the dropdown.
+3. Scroll to the **Table Configurations** section.
+4. Select the tables to reset.
+5. Click **Submit** to clear the selected preferences.
+
+After clearing preferences, reopen the list view and use **Configure** to set the desired columns and ordering.
+
+!!! note
+    Per‑user table preferences are distinct from **Table Configs**, which are named, reusable configurations managed under *Customization → Table Configs*. Clearing preferences does not delete any Table Configs. See [Table Configs](../models/extras/tableconfig.md) for details.
+
+## Other preferences
+
+### Language
+Selects the user interface language from installed translations (subject to system configuration).
+
+### Page length
+Sets the default number of rows displayed on paginated tables.
+
+### Paginator placement
+Controls where pagination controls are rendered relative to a table.
+
+### Striped table rows
+Toggles alternating row backgrounds on tables.
+
+### Data format (raw views)
+Sets the default format (JSON or YAML) when rendering raw data blocks.
+
+### CSV delimiter
+Overrides the delimiter used when exporting CSV data.
+
+## Bookmarks
+
+Users can bookmark frequently visited objects for convenient access. Bookmarks appear under the user menu and can be displayed on the personal dashboard using the bookmarks' widget. See [Bookmark](../models/extras/bookmark.md) for model details.
+
+## Notifications and subscriptions
+
+Users may subscribe to objects to receive notifications when changes occur. Notifications are listed under the user menu and can be marked as read or deleted. See [Features > Notifications](notifications.md) and the data‑model references for [Subscription](../models/extras/subscription.md) and [Notification](../models/extras/notification.md).
+
+## Admin defaults
+
+Administrators can define defaults for new users via [`DEFAULT_USER_PREFERENCES`](../configuration/default-values.md#default_user_preferences). Users may override these values under their own preferences.
+
+## See also
+
+- [Development > User Preferences](../development/user-preferences.md) (manifest of recognized preference keys)

docs/getting-started/planning.md

@@ -17,7 +17,7 @@ Dedicate some time to take stock of your own sources of truth for your infrastru
 
 * **Multiple conflicting sources** for a given domain. For example, there may be multiple versions of a spreadsheet circulating, each of which asserts a conflicting set of data.
 * **Sources with no domain defined.** You may encounter that different teams within your organization use different tools for the same purpose, with no normal definition of when either should be used.
-* **Inaccessible data formatting.** Some tools are better suited for programmatic usage than others. For example, spreadsheets are generally very easy to parse and export, however free-form notes on wiki or similar application are much more difficult to consume.
+* **Inaccessible data formatting.** Some tools are better suited for programmatic usage than others. For example, spreadsheets are generally very easy to parse and export; however, free-form notes on wiki or similar application are much more difficult to consume.
 * **There is no source of truth.** Sometimes you'll find that a source of truth simply doesn't exist for a domain. For example, when assigning IP addresses, operators may be just using any (presumed) available IP from a subnet without ever recording its usage.
 
 See if you can identify each domain of infrastructure data for your organization, and the source of truth for each. Once you have these compiled, you'll need to determine what belongs in NetBox.

docs/index.md

@@ -1,4 +1,5 @@
-![NetBox](netbox_logo.svg "NetBox logo"){style="height: 100px; margin-bottom: 3em"}
+![NetBox](netbox_logo_light.svg#only-light "NetBox logo"){style="height: 100px; margin-bottom: 3em; background: none;"}
+![NetBox](netbox_logo_dark.svg#only-dark "NetBox logo"){style="height: 100px; margin-bottom: 3em; background: none;"}
 
 # The Premier Network Source of Truth
 
@@ -8,7 +9,7 @@ NetBox is the leading solution for modeling and documenting modern networks. By
 
 ## :material-server-network: Built for Networks
 
-Unlike general-purpose CMDBs, NetBox has curated a data model which caters specifically to the needs of network engineers and operators. It delivers a wide assortment of object types carefully crafted to best serve the needs of infrastructure design and documentation. These cover all facets of network technology, from IP address managements to cabling to overlays and more:
+Unlike general-purpose configuration management databases (CMDBs), NetBox has curated a data model which caters specifically to the needs of network engineers and operators. It delivers a wide assortment of object types carefully crafted to best serve the needs of infrastructure design and documentation. These cover all facets of network technology, from IP address managements to cabling to overlays and more:
 
 * Hierarchical regions, sites, and locations
 * Racks, devices, and device components

docs/installation/1-postgresql.md

@@ -2,39 +2,17 @@
 
 This section entails the installation and configuration of a local PostgreSQL database. If you already have a PostgreSQL database service in place, skip to [the next section](2-redis.md).
 
-!!! warning "PostgreSQL 12 or later required"
-    NetBox requires PostgreSQL 12 or later. Please note that MySQL and other relational databases are **not** supported.
+!!! warning "PostgreSQL 14 or later required"
+    NetBox requires PostgreSQL 14 or later. Please note that MySQL and other relational databases are **not** supported.
 
 ## Installation
 
-=== "Ubuntu"
+```no-highlight
+sudo apt update
+sudo apt install -y postgresql
+```
 
-    ```no-highlight
-    sudo apt update
-    sudo apt install -y postgresql
-    ```
-
-=== "CentOS"
-
-    ```no-highlight
-    sudo yum install -y postgresql-server
-    sudo postgresql-setup --initdb
-    ```
-
-    CentOS configures ident host-based authentication for PostgreSQL by default. Because NetBox will need to authenticate using a username and password, modify `/var/lib/pgsql/data/pg_hba.conf` to support MD5 authentication by changing `ident` to `md5` for the lines below:
-
-    ```no-highlight
-    host    all             all             127.0.0.1/32            md5
-    host    all             all             ::1/128                 md5
-    ```
-
-    Once PostgreSQL has been installed, start the service and enable it to run at boot:
-
-    ```no-highlight
-    sudo systemctl enable --now postgresql
-    ```
-
-Before continuing, verify that you have installed PostgreSQL 12 or later:
+Before continuing, verify that you have installed PostgreSQL 14 or later:
 
 ```no-highlight
 psql -V
@@ -62,6 +40,9 @@ GRANT CREATE ON SCHEMA public TO netbox;
 !!! danger "Use a strong password"
     **Do not use the password from the example.** Choose a strong, random password to ensure secure database authentication for your NetBox installation.
 
+!!! danger "Use UTF8 encoding"
+    Make sure that your database uses `UTF8` encoding (the default for new installations). Especially do not use `SQL_ASCII` encoding, as it can lead to unpredictable and unrecoverable errors. Enter `\l` to check your encoding.
+
 Once complete, enter `\q` to exit the PostgreSQL shell.
 
 ## Verify Service Status

docs/installation/2-redis.md

@@ -4,18 +4,9 @@
 
 [Redis](https://redis.io/) is an in-memory key-value store which NetBox employs for caching and queuing. This section entails the installation and configuration of a local Redis instance. If you already have a Redis service in place, skip to [the next section](3-netbox.md).
 
-=== "Ubuntu"
-
-    ```no-highlight
-    sudo apt install -y redis-server
-    ```
-
-=== "CentOS"
-
-    ```no-highlight
-    sudo yum install -y redis
-    sudo systemctl enable --now redis
-    ```
+```no-highlight
+sudo apt install -y redis-server
+```
 
 Before continuing, verify that your installed version of Redis is at least v4.0:
 

docs/installation/3-netbox.md

@@ -6,22 +6,16 @@ This section of the documentation discusses installing and configuring the NetBo
 
 Begin by installing all system packages required by NetBox and its dependencies.
 
-!!! warning "Python 3.10 or later required"
-    NetBox supports Python 3.10, 3.11, and 3.12.
+!!! warning "Python 3.12 or later required"
+    NetBox supports only Python 3.12 or later.
 
-=== "Ubuntu"
+```no-highlight
+sudo apt install -y python3 python3-pip python3-venv python3-dev \
+build-essential libxml2-dev libxslt1-dev libffi-dev libpq-dev \
+libssl-dev zlib1g-dev
+```
 
-    ```no-highlight
-    sudo apt install -y python3 python3-pip python3-venv python3-dev build-essential libxml2-dev libxslt1-dev libffi-dev libpq-dev libssl-dev zlib1g-dev
-    ```
-
-=== "CentOS"
-
-    ```no-highlight
-    sudo yum install -y gcc libxml2-devel libxslt-devel libffi-devel libpq-devel openssl-devel redhat-rpm-config
-    ```
-
-Before continuing, check that your installed Python version is at least 3.10:
+Before continuing, check that your installed Python version is at least 3.12:
 
 ```no-highlight
 python3 -V
@@ -29,7 +23,7 @@ python3 -V
 
 ## Download NetBox
 
-This documentation provides two options for installing NetBox: from a downloadable archive, or from the git repository. Installing from a package (option A below) requires manually fetching and extracting the archive for every future update, whereas installation via git (option B) allows for seamless upgrades by re-pulling the `master` branch.
+This documentation provides two options for installing NetBox: from a downloadable archive, or from the git repository. Installing from a package (option A below) requires manually fetching and extracting the archive for every future update, whereas installation via git (option B) allows for seamless upgrades by checking out the latest release tag.
 
 ### Option A: Download a Release Archive
 
@@ -55,28 +49,17 @@ cd /opt/netbox/
 
 If `git` is not already installed, install it:
 
-=== "Ubuntu"
-
-    ```no-highlight
-    sudo apt install -y git
-    ```
-
-=== "CentOS"
-
-    ```no-highlight
-    sudo yum install -y git
-    ```
-
-Next, clone the **master** branch of the NetBox GitHub repository into the current directory. (This branch always holds the current stable release.)
-
 ```no-highlight
-sudo git clone -b master --depth 1 https://github.com/netbox-community/netbox.git .
+sudo apt install -y git
 ```
 
-!!! note
-    The `git clone` command above utilizes a "shallow clone" to retrieve only the most recent commit. If you need to download the entire history, omit the `--depth 1` argument.
+Next, clone the git repository:
 
-The `git clone` command should generate output similar to the following:
+```no-highlight
+sudo git clone https://github.com/netbox-community/netbox.git .
+```
+
+This command should generate output similar to the following:
 
 ```
 Cloning into '.'...
@@ -88,31 +71,24 @@ Receiving objects: 100% (996/996), 4.26 MiB | 9.81 MiB/s, done.
 Resolving deltas: 100% (148/148), done.
 ```
 
-!!! note
-    Installation via git also allows you to easily try out different versions of NetBox. To check out a [specific NetBox release](https://github.com/netbox-community/netbox/releases), use the `git checkout` command with the desired release tag. For example, `git checkout v3.0.8`.
+Finally, check out the tag for the desired release. You can find these on our [releases page](https://github.com/netbox-community/netbox/releases). Replace `vX.Y.Z` with your selected release tag below.
+
+```
+sudo git checkout vX.Y.Z
+```
+
+Using this installation method enables easy upgrades in the future by simply checking out the latest release tag.
 
 ## Create the NetBox System User
 
 Create a system user account named `netbox`. We'll configure the WSGI and HTTP services to run under this account. We'll also assign this user ownership of the media directory. This ensures that NetBox will be able to save uploaded files.
 
-=== "Ubuntu"
-
-    ```
-    sudo adduser --system --group netbox
-    sudo chown --recursive netbox /opt/netbox/netbox/media/
-    sudo chown --recursive netbox /opt/netbox/netbox/reports/
-    sudo chown --recursive netbox /opt/netbox/netbox/scripts/
-    ```
-
-=== "CentOS"
-
-    ```
-    sudo groupadd --system netbox
-    sudo adduser --system -g netbox netbox
-    sudo chown --recursive netbox /opt/netbox/netbox/media/
-    sudo chown --recursive netbox /opt/netbox/netbox/reports/
-    sudo chown --recursive netbox /opt/netbox/netbox/scripts/
-    ```
+```
+sudo adduser --system --group netbox
+sudo chown --recursive netbox /opt/netbox/netbox/media/
+sudo chown --recursive netbox /opt/netbox/netbox/reports/
+sudo chown --recursive netbox /opt/netbox/netbox/scripts/
+```
 
 ## Configuration
 
@@ -126,13 +102,13 @@ sudo cp configuration_example.py configuration.py
 Open `configuration.py` with your preferred editor to begin configuring NetBox. NetBox offers [many configuration parameters](../configuration/index.md), but only the following four are required for new installations:
 
 * `ALLOWED_HOSTS`
-* `DATABASE`
+* `DATABASES` (or `DATABASE`)
 * `REDIS`
 * `SECRET_KEY`
 
 ### ALLOWED_HOSTS
 
-This is a list of the valid hostnames and IP addresses by which this server can be reached. You must specify at least one name or IP address. (Note that this does not restrict the locations from which NetBox may be accessed: It is merely for [HTTP host header validation](https://docs.djangoproject.com/en/3.0/topics/security/#host-headers-virtual-hosting).)
+This is a list of the valid hostnames and IP addresses by which this server can be reached. You must specify at least one name or IP address. (Note that this does not restrict the locations from which NetBox may be accessed: It is merely for [HTTP host header validation](https://docs.djangoproject.com/en/stable/topics/security/#host-headers-virtual-hosting).)
 
 ```python
 ALLOWED_HOSTS = ['netbox.example.com', '192.0.2.123']
@@ -144,18 +120,39 @@ If you are not yet sure what the domain name and/or IP address of the NetBox ins
 ALLOWED_HOSTS = ['*']
 ```
 
-### DATABASE
+### API_TOKEN_PEPPERS
 
-This parameter holds the database configuration details. You must define the username and password used when you configured PostgreSQL. If the service is running on a remote host, update the `HOST` and `PORT` parameters accordingly. See the [configuration documentation](../configuration/required-parameters.md#database) for more detail on individual parameters.
+Define at least one random cryptographic pepper, identified by a numeric ID starting at 1. This will be used to generate SHA256 checksums for API tokens.
 
 ```python
-DATABASE = {
-    'NAME': 'netbox',               # Database name
-    'USER': 'netbox',               # PostgreSQL username
-    'PASSWORD': 'J5brHrAXFLQSif0K', # PostgreSQL password
-    'HOST': 'localhost',            # Database server
-    'PORT': '',                     # Database port (leave blank for default)
-    'CONN_MAX_AGE': 300,            # Max database connection age (seconds)
+API_TOKEN_PEPPERS = {
+    # DO NOT USE THIS EXAMPLE PEPPER IN PRODUCTION
+    1: 'kp7ht*76fiQAhUi5dHfASLlYUE_S^gI^(7J^K5M!LfoH@vl&b_',
+}
+```
+
+!!! tip
+    As with [`SECRET_KEY`](#secret_key) below, you can use the `generate_secret_key.py` script to generate a random pepper:
+    ```no-highlight
+    python3 ../generate_secret_key.py
+    ```
+
+### DATABASES
+
+This parameter holds the PostgreSQL database configuration details. The default database must be defined; additional databases may be defined as needed e.g. by plugins.
+
+A username and password must be defined for the default database. If the service is running on a remote host, update the `HOST` and `PORT` parameters accordingly. See the [configuration documentation](../configuration/required-parameters.md#databases) for more detail on individual parameters.
+
+```python
+DATABASES = {
+    'default': {
+        'NAME': 'netbox',               # Database name
+        'USER': 'netbox',               # PostgreSQL username
+        'PASSWORD': 'J5brHrAXFLQSif0K', # PostgreSQL password
+        'HOST': 'localhost',            # Database server
+        'PORT': '',                     # Database port (leave blank for default)
+        'CONN_MAX_AGE': 300,            # Max database connection age (seconds)
+    }
 }
 ```
 
@@ -205,7 +202,7 @@ All Python packages required by NetBox are listed in `requirements.txt` and will
 
 ### Remote File Storage
 
-By default, NetBox will use the local filesystem to store uploaded files. To use a remote filesystem, install the [`django-storages`](https://django-storages.readthedocs.io/en/stable/) library and configure your [desired storage backend](../configuration/system.md#storage_backend) in `configuration.py`.
+By default, NetBox will use the local filesystem to store uploaded files. To use a remote filesystem, install the [`django-storages`](https://django-storages.readthedocs.io/en/stable/) library and configure your [desired storage backend](../configuration/system.md#storages) in `configuration.py`.
 
 ```no-highlight
 sudo sh -c "echo 'django-storages' >> /opt/netbox/local_requirements.txt"
@@ -244,7 +241,7 @@ Once NetBox has been configured, we're ready to proceed with the actual installa
 
 * Create a Python virtual environment
 * Installs all required Python packages
-* Run database schema migrations
+* Run database schema migrations (skip with `--readonly`)
 * Builds the documentation locally (for offline use)
 * Aggregate static resource files on disk
 
@@ -255,15 +252,18 @@ Once NetBox has been configured, we're ready to proceed with the actual installa
 sudo /opt/netbox/upgrade.sh
 ```
 
-Note that **Python 3.10 or later is required** for NetBox v4.0 and later releases. If the default Python installation on your server is set to a lesser version,  pass the path to the supported installation as an environment variable named `PYTHON`. (Note that the environment variable must be passed _after_ the `sudo` command.)
+Note that **Python 3.12 or later is required** for NetBox v4.5 and later releases. If the default Python installation on your server is set to a lesser version,  pass the path to the supported installation as an environment variable named `PYTHON`. (Note that the environment variable must be passed _after_ the `sudo` command.)
 
 ```no-highlight
-sudo PYTHON=/usr/bin/python3.10 /opt/netbox/upgrade.sh
+sudo PYTHON=/usr/bin/python3.12 /opt/netbox/upgrade.sh
 ```
 
 !!! note
     Upon completion, the upgrade script may warn that no existing virtual environment was detected. As this is a new installation, this warning can be safely ignored.
 
+!!! note
+    To run the script on a node connected to a database in read-only mode, include the `--readonly` parameter. This will skip the application of any database migrations.
+
 ## Create a Super User
 
 NetBox does not come with any predefined user accounts. You'll need to create a super user (administrative account) to be able to log into NetBox. First, enter the Python virtual environment created by the upgrade script:
@@ -281,18 +281,6 @@ cd /opt/netbox/netbox
 python3 manage.py createsuperuser
 ```
 
-## Schedule the Housekeeping Task
-
-NetBox includes a `housekeeping` management command that handles some recurring cleanup tasks, such as clearing out old sessions and expired change records. Although this command may be run manually, it is recommended to configure a scheduled job using the system's `cron` daemon or a similar utility.
-
-A shell script which invokes this command is included at `contrib/netbox-housekeeping.sh`. It can be copied to or linked from your system's daily cron task directory, or included within the crontab directly. (If installing NetBox into a nonstandard path, be sure to update the system paths within this script first.)
-
-```shell
-sudo ln -s /opt/netbox/contrib/netbox-housekeeping.sh /etc/cron.daily/netbox-housekeeping
-```
-
-See the [housekeeping documentation](../administration/housekeeping.md) for further details.
-
 ## Test the Application
 
 At this point, we should be able to run NetBox's development server for testing. We can check by starting a development instance locally.
@@ -319,13 +307,6 @@ Quit the server with CONTROL-C.
 
 Next, connect to the name or IP of the server (as defined in `ALLOWED_HOSTS`) on port 8000; for example, <http://127.0.0.1:8000/>. You should be greeted with the NetBox home page. Try logging in using the username and password specified when creating a superuser.
 
-!!! note
-    By default RHEL based distros will likely block your testing attempts with firewalld. The development server port can be opened with `firewall-cmd` (add `--permanent` if you want the rule to survive server restarts):
-
-    ```no-highlight
-    firewall-cmd --zone=public --add-port=8000/tcp
-    ```
-
 !!! danger "Not for production use"
     The development server is for development and testing purposes only. It is neither performant nor secure enough for production use. **Do not use it in production.**
 

docs/installation/4a-gunicorn.md

@@ -60,6 +60,3 @@ You should see output similar to the following:
     If the NetBox service fails to start, issue the command `journalctl -eu netbox` to check for log messages that may indicate the problem.
 
 Once you've verified that the WSGI workers are up and running, move on to HTTP server setup.
-
-!!! note
-    There is a bug in the current stable release of gunicorn (v21.2.0) where automatic restarts of the worker processes can result in 502 errors under heavy load. (See [gunicorn bug #3038](https://github.com/benoitc/gunicorn/issues/3038) for more detail.) Users who encounter this issue may opt to downgrade to an earlier, unaffected release of gunicorn (`pip install gunicorn==20.1.0`). Note, however, that this earlier release does not officially support Python 3.11.

docs/installation/4b-uwsgi.md

@@ -28,7 +28,7 @@ NetBox ships with a default configuration file for uWSGI. To use it, copy `/opt/
 sudo cp /opt/netbox/contrib/uwsgi.ini /opt/netbox/uwsgi.ini
 ```
 
-While the provided configuration should suffice for most initial installations, you may wish to edit this file to change the bound IP address and/or port number, or to make performance-related adjustments. See [the uWSGI documentation](https://uwsgi-docs-additions.readthedocs.io/en/latest/Options.html) for the available configuration parameters and take a minute to review the [Things to know](https://uwsgi-docs.readthedocs.io/en/latest/ThingsToKnow.html) page. Django also provides [additional documentation](https://docs.djangoproject.com/en/5.0/howto/deployment/wsgi/uwsgi/) on configuring uWSGI with a Django app.
+While the provided configuration should suffice for most initial installations, you may wish to edit this file to change the bound IP address and/or port number, or to make performance-related adjustments. See [the uWSGI documentation](https://uwsgi-docs-additions.readthedocs.io/en/latest/Options.html) for the available configuration parameters and take a minute to review the [Things to know](https://uwsgi-docs.readthedocs.io/en/latest/ThingsToKnow.html) page. Django also provides [additional documentation](https://docs.djangoproject.com/en/stable/howto/deployment/wsgi/uwsgi/) on configuring uWSGI with a Django app.
 
 ## systemd Setup
 

docs/installation/6-ldap.md

@@ -6,18 +6,10 @@ This guide explains how to implement LDAP authentication using an external serve
 
 ### Install System Packages
 
-On Ubuntu:
-
 ```no-highlight
 sudo apt install -y libldap2-dev libsasl2-dev libssl-dev
 ```
 
-On CentOS:
-
-```no-highlight
-sudo yum install -y openldap-devel python3-devel
-```
-
 ### Install django-auth-ldap
 
 Activate the Python virtual environment and install the `django-auth-ldap` package using pip:
@@ -129,7 +121,6 @@ AUTH_LDAP_MIRROR_GROUPS = True
 # Define special user types using groups. Exercise great caution when assigning superuser status.
 AUTH_LDAP_USER_FLAGS_BY_GROUP = {
     "is_active": "cn=active,ou=groups,dc=example,dc=com",
-    "is_staff": "cn=staff,ou=groups,dc=example,dc=com",
     "is_superuser": "cn=superuser,ou=groups,dc=example,dc=com"
 }
 
@@ -142,7 +133,6 @@ AUTH_LDAP_CACHE_TIMEOUT = 3600
 ```
 
 * `is_active` - All users must be mapped to at least this group to enable authentication. Without this, users cannot log in.
-* `is_staff` - Users mapped to this group are enabled for access to the administration tools; this is the equivalent of checking the "staff status" box on a manually created user. This doesn't grant any specific permissions.
 * `is_superuser` - Users mapped to this group will be granted superuser status. Superusers are implicitly granted all permissions.
 
 !!! warning
@@ -256,7 +246,6 @@ AUTH_LDAP_MIRROR_GROUPS = True
 # Define special user types using groups. Exercise great caution when assigning superuser status.
 AUTH_LDAP_USER_FLAGS_BY_GROUP = {
     "is_active": "cn=active,ou=groups,dc=example,dc=com",
-    "is_staff": "cn=staff,ou=groups,dc=example,dc=com",
     "is_superuser": "cn=superuser,ou=groups,dc=example,dc=com"
 }
 

docs/installation/index.md

@@ -1,11 +1,18 @@
 # Installation
 
-!!! info "NetBox Cloud"
-    The instructions below are for installing NetBox as a standalone, self-hosted application. For a Cloud-delivered solution, check out [NetBox Cloud](https://netboxlabs.com/netbox-cloud/) by NetBox Labs.
+<div class="grid cards" markdown>
 
-The installation instructions provided here have been tested to work on Ubuntu 22.04 and CentOS 8.3. The particular commands needed to install dependencies on other distributions may vary significantly. Unfortunately, this is outside the control of the NetBox maintainers. Please consult your distribution's documentation for assistance with any errors.
+-   :material-clock-fast:{ .lg .middle } __Eager to Get Started?__
 
-<iframe width="560" height="315" src="https://www.youtube.com/embed/_y5JRiW_PLM" title="YouTube video player" frameborder="0" allow="accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture" allowfullscreen></iframe>
+    ---
+
+    Check out the [NetBox Cloud Free Plan](https://netboxlabs.com/free-netbox-cloud/)! Skip the installation process and grab your own NetBox Cloud instance, preconfigured and ready to go in minutes. Completely free!
+
+    [:octicons-arrow-right-24: Sign Up](https://signup.netboxlabs.com/)
+
+</div>
+
+The installation instructions provided here have been tested to work on Ubuntu 22.04. The particular commands needed to install dependencies on other distributions may vary significantly. Unfortunately, this is outside the control of the NetBox maintainers. Please consult your distribution's documentation for assistance with any errors.
 
 The following sections detail how to set up a new instance of NetBox:
 
@@ -20,8 +27,8 @@ The following sections detail how to set up a new instance of NetBox:
 
 | Dependency | Supported Versions |
 |------------|--------------------|
-| Python     | 3.10, 3.11, 3.12   |
-| PostgreSQL | 12+                |
+| Python     | 3.12, 3.13, 3.14   |
+| PostgreSQL | 14+                |
 | Redis      | 4.0+               |
 
 Below is a simplified overview of the NetBox application stack for reference:

docs/installation/upgrading.md

@@ -19,16 +19,35 @@ NetBox requires the following dependencies:
 
 | Dependency | Supported Versions |
 |------------|--------------------|
-| Python     | 3.10, 3.11, 3.12   |
-| PostgreSQL | 12+                |
+| Python     | 3.12, 3.13, 3.14   |
+| PostgreSQL | 14+                |
 | Redis      | 4.0+               |
 
+### Version History
+
+| NetBox Version | Python min | Python max | PostgreSQL min | Redis min |                                       Documentation                                       |
+|:--------------:|:----------:|:----------:|:--------------:|:---------:|:-----------------------------------------------------------------------------------------:|
+|      4.5       |    3.12    |    3.14    |       14       |    4.0    | [Link](https://github.com/netbox-community/netbox/blob/v4.5.0/docs/installation/index.md) |
+|      4.4       |    3.10    |    3.12    |       14       |    4.0    | [Link](https://github.com/netbox-community/netbox/blob/v4.4.0/docs/installation/index.md) |
+|      4.3       |    3.10    |    3.12    |       14       |    4.0    | [Link](https://github.com/netbox-community/netbox/blob/v4.3.0/docs/installation/index.md) |
+|      4.2       |    3.10    |    3.12    |       13       |    4.0    | [Link](https://github.com/netbox-community/netbox/blob/v4.2.0/docs/installation/index.md) |
+|      4.1       |    3.10    |    3.12    |       12       |    4.0    | [Link](https://github.com/netbox-community/netbox/blob/v4.1.0/docs/installation/index.md) |
+|      4.0       |    3.10    |    3.12    |       12       |    4.0    | [Link](https://github.com/netbox-community/netbox/blob/v4.0.0/docs/installation/index.md) |
+|      3.7       |    3.8     |    3.11    |       12       |    4.0    | [Link](https://github.com/netbox-community/netbox/blob/v3.7.0/docs/installation/index.md) |
+|      3.6       |    3.8     |    3.11    |       12       |    4.0    | [Link](https://github.com/netbox-community/netbox/blob/v3.6.0/docs/installation/index.md) |
+|      3.5       |    3.8     |    3.10    |       11       |    4.0    | [Link](https://github.com/netbox-community/netbox/blob/v3.5.0/docs/installation/index.md) |
+|      3.4       |    3.8     |    3.10    |       11       |    4.0    | [Link](https://github.com/netbox-community/netbox/blob/v3.4.0/docs/installation/index.md) |
+|      3.3       |    3.8     |    3.10    |       10       |    4.0    | [Link](https://github.com/netbox-community/netbox/blob/v3.3.0/docs/installation/index.md) |
+|      3.2       |    3.8     |    3.10    |       10       |    4.0    | [Link](https://github.com/netbox-community/netbox/blob/v3.2.0/docs/installation/index.md) |
+|      3.1       |    3.7     |    3.9     |       10       |    4.0    | [Link](https://github.com/netbox-community/netbox/blob/v3.1.0/docs/installation/index.md) |
+|      3.0       |    3.7     |    3.9     |      9.6       |    4.0    | [Link](https://github.com/netbox-community/netbox/blob/v3.0.0/docs/installation/index.md) |
+
 ## 3. Install the Latest Release
 
-As with the initial installation, you can upgrade NetBox by either downloading the latest release package or by cloning the `master` branch of the git repository. 
+As with the initial installation, you can upgrade NetBox by either downloading the latest release package or by checking out the latest production release from the git repository.
 
 !!! warning
-    Use the same method as you used to install NetBox originally
+    Use the same method as you used to install NetBox originally.
 
 If you are not sure how NetBox was installed originally, check with this command:
 
@@ -36,10 +55,7 @@ If you are not sure how NetBox was installed originally, check with this command
 ls -ld /opt/netbox /opt/netbox/.git
 ```
 
-If NetBox was installed from a release package, then `/opt/netbox` will be a
-symlink pointing to the current version, and `/opt/netbox/.git` will not
-exist.  If it was installed from git, then `/opt/netbox` and
-`/opt/netbox/.git` will both exist as normal directories.
+If NetBox was installed from a release package, then `/opt/netbox` will be a symlink pointing to the current version, and `/opt/netbox/.git` will not exist.  If it was installed from git, then `/opt/netbox` and `/opt/netbox/.git` will both exist as normal directories.
 
 ### Option A: Download a Release
 
@@ -84,20 +100,24 @@ If you followed the original installation guide to set up gunicorn, be sure to c
 sudo cp /opt/netbox-$OLDVER/gunicorn.py /opt/netbox/
 ```
 
-### Option B: Clone the Git Repository
+### Option B: Check Out a Git Release
 
-This guide assumes that NetBox is installed at `/opt/netbox`. Pull down the most recent iteration of the master branch:
+This guide assumes that NetBox is installed in `/opt/netbox`. First, determine the latest release either by visiting our [releases page](https://github.com/netbox-community/netbox/releases) or by running the following command:
 
-```no-highlight
-cd /opt/netbox
-sudo git checkout master
-sudo git pull origin master
+```
+git ls-remote --tags https://github.com/netbox-community/netbox.git \
+  | grep -o 'refs/tags/v[0-9]*\.[0-9]*\.[0-9]*$' \
+  | tail -n 1 \
+  | sed 's|refs/tags/||'
 ```
 
-!!! info "Checking out an older release"
-    If you need to upgrade to an older version rather than the current stable release, you can check out any valid [git tag](https://github.com/netbox-community/netbox/tags), each of which represents a release. For example, to checkout the code for NetBox v2.11.11, do:
+Check out the desired release by specifying its tag. For example:
 
-        sudo git checkout v2.11.11
+```
+cd /opt/netbox && \
+sudo git fetch --tags && \
+sudo git checkout v4.2.7
+```
 
 ## 4. Run the Upgrade Script
 
@@ -111,9 +131,12 @@ sudo ./upgrade.sh
     If the default version of Python is not at least 3.10, you'll need to pass the path to a supported Python version as an environment variable when calling the upgrade script. For example:
 
     ```no-highlight
-    sudo PYTHON=/usr/bin/python3.10 ./upgrade.sh
+    sudo PYTHON=/usr/bin/python3.12 ./upgrade.sh
     ```
 
+!!! note
+    To run the script on a node connected to a database in read-only mode, include the `--readonly` parameter. This will skip the application of any database migrations.
+
 This script performs the following actions:
 
 * Destroys and rebuilds the Python virtual environment
@@ -140,13 +163,3 @@ Finally, restart the gunicorn and RQ services:
 ```no-highlight
 sudo systemctl restart netbox netbox-rq
 ```
-
-## 6. Verify Housekeeping Scheduling
-
-If upgrading from a release prior to NetBox v3.0, check that a cron task (or similar scheduled process) has been configured to run NetBox's nightly housekeeping command. A shell script which invokes this command is included at `contrib/netbox-housekeeping.sh`. It can be linked from your system's daily cron task directory, or included within the crontab directly. (If NetBox has been installed in a nonstandard path, be sure to update the system paths within this script first.)
-
-```shell
-sudo ln -s /opt/netbox/contrib/netbox-housekeeping.sh /etc/cron.daily/netbox-housekeeping
-```
-
-See the [housekeeping documentation](../administration/housekeeping.md) for further details.

docs/integrations/graphql-api.md

@@ -1,6 +1,6 @@
 # GraphQL API Overview
 
-NetBox provides a read-only [GraphQL](https://graphql.org/) API to complement its REST API. This API is powered by [Strawberry Django](https://strawberry-graphql.github.io/strawberry-django/).
+NetBox provides a read-only [GraphQL](https://graphql.org/) API to complement its REST API. This API is powered by [Strawberry Django](https://strawberry.rocks/).
 
 ## Queries
 
@@ -11,7 +11,7 @@ curl -H "Authorization: Token $TOKEN" \
 -H "Content-Type: application/json" \
 -H "Accept: application/json" \
 http://netbox/graphql/ \
---data '{"query": "query {circuit_list(status:\"active\") {cid provider {name}}}"}'
+--data '{"query": "query {circuit_list(filters:{status: STATUS_ACTIVE}) {cid provider {name}}}"}'
 ```
 
 The response will include the requested data formatted as JSON:
@@ -47,23 +47,52 @@ NetBox provides both a singular and plural query field for each object type:
 
 For example, query `device(id:123)` to fetch a specific device (identified by its unique ID), and query `device_list` (with an optional set of filters) to fetch all devices.
 
-For more detail on constructing GraphQL queries, see the [GraphQL queries documentation](https://graphql.org/learn/queries/).  For filtering and lookup syntax, please refer to the [Strawberry Django documentation](https://strawberry-graphql.github.io/strawberry-django/guide/filters/).
+For more detail on constructing GraphQL queries, see the [GraphQL queries documentation](https://graphql.org/learn/queries/).  For filtering and lookup syntax, please refer to the [Strawberry Django documentation](https://strawberry.rocks/docs/django/guide/filters).
 
 ## Filtering
 
-The GraphQL API employs the same filtering logic as the UI and REST API. Filters can be specified as key-value pairs within parentheses immediately following the query name. For example, the following will return only sites within the North Carolina region with a status of active:
+!!! note "Changed in NetBox v4.3"
+    The filtering syntax fo the GraphQL API has changed substantially in NetBox v4.3.
+
+Filters can be specified as key-value pairs within parentheses immediately following the query name. For example, the following will return only active sites:
 
 ```
 query {
-  site_list(filters: {region: "us-nc", status: "active"}) {
+  site_list(
+    filters: {
+      status: STATUS_ACTIVE
+    }
+  ) {
     name
   }
 }
 ```
-In addition, filtering can be done on list of related objects as shown in the following query:
+
+Filters can be combined with logical operators, such as `OR` and `NOT`. For example, the following will return every site that is planned _or_ assigned to a tenant named Foo:
 
 ```
-{
+query {
+  site_list(
+    filters: {
+      status: STATUS_PLANNED,
+      OR: {
+        tenant: {
+          name: {
+            exact: "Foo"
+          }
+        }
+      }
+    }
+  ) {
+    name
+  }
+}
+```
+
+Filtering can also be applied to related objects. For example, the following query will return only enabled interfaces for each device:
+
+```
+query {
   device_list {
     id
     name
@@ -98,9 +127,21 @@ Certain queries can return multiple types of objects, for example cable terminat
       }
     }
 }
+```
+
+The field "class_type" is an easy way to distinguish what type of object it is when viewing the returned data, or when filtering.  It contains the class name, for example "CircuitTermination" or "ConsoleServerPort".
+
+## Pagination
+
+Queries can be paginated by specifying pagination in the query and supplying an offset and optionaly a limit in the query.  If no limit is given, a default of 100 is used.  Queries are not paginated unless requested in the query. An example paginated query is shown below:
 
 ```
-The field "class_type" is an easy way to distinguish what type of object it is when viewing the returned data, or when filtering.  It contains the class name, for example "CircuitTermination" or "ConsoleServerPort".
+query {
+  device_list(pagination: { offset: 0, limit: 20 }) {
+    id
+  }
+}
+```
 
 ## Authentication
 
@@ -112,4 +153,4 @@ Authorization: Token $TOKEN
 
 ## Disabling the GraphQL API
 
-If not needed, the GraphQL API can be disabled by setting the [`GRAPHQL_ENABLED`](../configuration/miscellaneous.md#graphql_enabled) configuration parameter to False and restarting NetBox.
+If not needed, the GraphQL API can be disabled by setting the [`GRAPHQL_ENABLED`](../configuration/graphql-api.md#graphql_enabled) configuration parameter to False and restarting NetBox.

docs/integrations/prometheus-metrics.md

@@ -11,6 +11,8 @@ NetBox makes use of the [django-prometheus](https://github.com/korfuri/django-pr
 - Per model insert, update, and delete counters
 - Per view request counters
 - Per view request latency histograms
+- REST API requests (by endpoint & method)
+- GraphQL API requests
 - Request body size histograms
 - Response body size histograms
 - Response code counters

docs/integrations/rest-api.md

@@ -2,7 +2,7 @@
 
 ## What is a REST API?
 
-REST stands for [representational state transfer](https://en.wikipedia.org/wiki/Representational_state_transfer). It's a particular type of API which employs HTTP requests and [JavaScript Object Notation (JSON)](https://www.json.org/) to facilitate create, retrieve, update, and delete (CRUD) operations on objects within an application. Each type of operation is associated with a particular HTTP verb:
+REST stands for [representational state transfer](https://en.wikipedia.org/wiki/REST). It's a particular type of API which employs HTTP requests and [JavaScript Object Notation (JSON)](https://www.json.org/) to facilitate create, retrieve, update, and delete (CRUD) operations on objects within an application. Each type of operation is associated with a particular HTTP verb:
 
 * `GET`: Retrieve an object or list of objects
 * `POST`: Create an object
@@ -80,7 +80,7 @@ Likewise, the site, rack, and device objects are located under the "DCIM" applic
 
 The full hierarchy of available endpoints can be viewed by navigating to the API root in a web browser.
 
-Each model generally has two views associated with it: a list view and a detail view. The list view is used to retrieve a list of multiple objects and to create new objects. The detail view is used to retrieve, update, or delete an single existing object. All objects are referenced by their numeric primary key (`id`).
+Each model generally has two views associated with it: a list view and a detail view. The list view is used to retrieve a list of multiple objects and to create new objects. The detail view is used to retrieve, update, or delete a single existing object. All objects are referenced by their numeric primary key (`id`).
 
 * `/api/dcim/devices/` - List existing devices or create a new device
 * `/api/dcim/devices/123/` - Retrieve, update, or delete the device with ID 123
@@ -101,7 +101,7 @@ See the [filtering documentation](../reference/filtering.md) for more details on
 
 ## Serialization
 
-The REST API employs two types of serializers to represent model data: base serializers and nested serializers. The base serializer is used to present the complete view of a model. This includes all database table fields which comprise the model, and may include additional metadata. A base serializer includes relationships to parent objects, but **does not** include child objects. For example, the `VLANSerializer` includes a nested representation its parent VLANGroup (if any), but does not include any assigned Prefixes.
+The REST API generally represents objects in one of two ways: complete or brief. The base serializer is used to present the complete view of an object. This includes all database table fields which comprise the model, and may include additional metadata. A base serializer includes relationships to parent objects, but **does not** include child objects. For example, the `VLANSerializer` includes a nested representation its parent VLANGroup (if any), but does not include any assigned Prefixes. Serializers employ a minimal "brief" representation of related objects, which includes only the attributes prudent for identifying the object.
 
 ```json
 {
@@ -139,7 +139,7 @@ The REST API employs two types of serializers to represent model data: base seri
 
 ### Related Objects
 
-Related objects (e.g. `ForeignKey` fields) are represented using nested serializers. A nested serializer provides a minimal representation of an object, including only its direct URL and enough information to display the object to a user. When performing write API actions (`POST`, `PUT`, and `PATCH`), related objects may be specified by either numeric ID (primary key), or by a set of attributes sufficiently unique to return the desired object.
+Related objects (e.g. `ForeignKey` fields) are included using nested brief representations. This is a minimal representation of an object, including only its direct URL and enough information to display the object to a user. When performing write API actions (`POST`, `PUT`, and `PATCH`), related objects may be specified by either numeric ID (primary key), or by a set of attributes sufficiently unique to return the desired object.
 
 For example, when creating a new device, its rack can be specified by NetBox ID (PK):
 
@@ -151,7 +151,7 @@ For example, when creating a new device, its rack can be specified by NetBox ID
 }
 ```
 
-Or by a set of nested attributes which uniquely identify the rack:
+Or by a set of attributes which uniquely identify the rack:
 
 ```json
 {
@@ -217,26 +217,34 @@ If we wanted to assign this IP address to a virtual machine interface instead, w
 
 ### Brief Format
 
-Most API endpoints support an optional "brief" format, which returns only a minimal representation of each object in the response. This is useful when you need only a list of available objects without any related data, such as when populating a drop-down list in a form. As an example, the default (complete) format of an IP address looks like this:
+Most API endpoints support an optional "brief" format, which returns only a minimal representation of each object in the response. This is useful when you need only a list of available objects without any related data, such as when populating a drop-down list in a form. As an example, the default (complete) format of a prefix looks like this:
 
-```
+```no-highlight
 GET /api/ipam/prefixes/13980/
+```
 
+```json
 {
     "id": 13980,
     "url": "http://netbox/api/ipam/prefixes/13980/",
+    "display_url": "http://netbox/api/ipam/prefixes/13980/",
+    "display": "192.0.2.0/24",
     "family": {
         "value": 4,
         "label": "IPv4"
     },
     "prefix": "192.0.2.0/24",
-    "site": {
-        "id": 3,
-        "url": "http://netbox/api/dcim/sites/17/",
-        "name": "Site 23A",
-        "slug": "site-23a"
-    },
     "vrf": null,
+    "scope_type": "dcim.site",
+    "scope_id": 3,
+    "scope": {
+        "id": 3,
+        "url": "http://netbox/api/dcim/sites/3/",
+        "display": "Site 23A",
+        "name": "Site 23A",
+        "slug": "site-23a",
+        "description": ""
+    },
     "tenant": null,
     "vlan": null,
     "status": {
@@ -250,24 +258,36 @@ GET /api/ipam/prefixes/13980/
         "slug": "staging"
     },
     "is_pool": false,
+    "mark_utilized": false,
     "description": "Example prefix",
+    "comments": "",
     "tags": [],
     "custom_fields": {},
-    "created": "2018-12-10",
-    "last_updated": "2019-03-01T20:02:46.173540Z"
+    "created": "2025-03-01T20:01:23.458302Z",
+    "last_updated": "2025-03-01T20:02:46.173540Z",
+    "children": 0,
+    "_depth": 0
 }
 ```
 
 The brief format is much more terse:
 
-```
+```no-highlight
 GET /api/ipam/prefixes/13980/?brief=1
+```
 
+```json
 {
     "id": 13980,
     "url": "http://netbox/api/ipam/prefixes/13980/",
-    "family": 4,
-    "prefix": "10.40.3.0/24"
+    "display": "192.0.2.0/24",
+    "family": {
+        "value": 4,
+        "label": "IPv4"
+    },
+    "prefix": "192.0.2.0/24",
+    "description": "Example prefix",
+    "_depth": 0
 }
 ```
 
@@ -400,25 +420,31 @@ curl -s -X POST \
 -H "Authorization: Token $TOKEN" \
 -H "Content-Type: application/json" \
 http://netbox/api/ipam/prefixes/ \
---data '{"prefix": "192.0.2.0/24", "site": 6}' | jq '.'
+--data '{"prefix": "192.0.2.0/24", "scope_type": "dcim.site", "scope_id": 6}' | jq '.'
 ```
 
 ```json
 {
   "id": 18691,
   "url": "http://netbox/api/ipam/prefixes/18691/",
+  "display_url": "http://netbox/api/ipam/prefixes/18691/",
+  "display": "192.0.2.0/24",
   "family": {
     "value": 4,
     "label": "IPv4"
   },
   "prefix": "192.0.2.0/24",
-  "site": {
+  "vrf": null,
+  "scope_type": "dcim.site",
+  "scope_id": 6,
+  "scope": {
     "id": 6,
     "url": "http://netbox/api/dcim/sites/6/",
+    "display": "US-East 4",
     "name": "US-East 4",
-    "slug": "us-east-4"
+    "slug": "us-east-4",
+    "description": ""
   },
-  "vrf": null,
   "tenant": null,
   "vlan": null,
   "status": {
@@ -427,11 +453,15 @@ http://netbox/api/ipam/prefixes/ \
   },
   "role": null,
   "is_pool": false,
+  "mark_utilized": false,
   "description": "",
+  "comments": "",
   "tags": [],
   "custom_fields": {},
-  "created": "2020-08-04",
-  "last_updated": "2020-08-04T20:08:39.007125Z"
+  "created": "2025-04-29T15:44:47.597092Z",
+  "last_updated": "2025-04-29T15:44:47.597092Z",
+  "children": 0,
+  "_depth": 0
 }
 ```
 
@@ -490,18 +520,24 @@ http://netbox/api/ipam/prefixes/18691/ \
 {
   "id": 18691,
   "url": "http://netbox/api/ipam/prefixes/18691/",
+  "display_url": "http://netbox/api/ipam/prefixes/18691/",
+  "display": "192.0.2.0/24",
   "family": {
     "value": 4,
     "label": "IPv4"
   },
   "prefix": "192.0.2.0/24",
-  "site": {
+  "vrf": null,
+  "scope_type": "dcim.site",
+  "scope_id": 6,
+  "scope": {
     "id": 6,
     "url": "http://netbox/api/dcim/sites/6/",
+    "display": "US-East 4",
     "name": "US-East 4",
-    "slug": "us-east-4"
+    "slug": "us-east-4",
+    "description": ""
   },
-  "vrf": null,
   "tenant": null,
   "vlan": null,
   "status": {
@@ -510,11 +546,15 @@ http://netbox/api/ipam/prefixes/18691/ \
   },
   "role": null,
   "is_pool": false,
+  "mark_utilized": false,
   "description": "",
+  "comments": "",
   "tags": [],
   "custom_fields": {},
-  "created": "2020-08-04",
-  "last_updated": "2020-08-04T20:14:55.709430Z"
+  "created": "2025-04-29T15:44:47.597092Z",
+  "last_updated": "2025-04-29T15:49:40.689109Z",
+  "children": 0,
+  "_depth": 0
 }
 ```
 
@@ -568,24 +608,67 @@ http://netbox/api/dcim/sites/ \
 !!! note
     The bulk deletion of objects is an all-or-none operation, meaning that if NetBox fails to delete any of the specified objects (e.g. due a dependency by a related object), the entire operation will be aborted and none of the objects will be deleted.
 
+## Changelog Messages
+
+!!! info "This feature was introduced in NetBox v4.4."
+
+Most objects in NetBox support [change logging](../features/change-logging.md), which generates a detailed record each time an object is created, modified, or deleted. Beginning in NetBox v4.4, users can attach a message to the change record as well. This is accomplished via the REST API by including a `changelog_message` field in the object representation.
+
+For example, the following API request will create a new site and record a message in the resulting changelog entry:
+
+```no-highlight
+curl -s -X POST \
+-H "Authorization: Token $TOKEN" \
+-H "Content-Type: application/json" \
+http://netbox/api/dcim/sites/ \
+--data '{
+    "name": "Site A",
+    "slug": "site-a",
+    "changelog_message": "Adding a site for ticket #4137"
+}'
+```
+
+This approach works when creating, modifying, or deleting objects, either individually or in bulk.
+
+## Uploading Files
+
+As JSON does not support the inclusion of binary data, files cannot be uploaded using JSON-formatted API requests. Instead, we can use form data encoding to attach a local file.
+
+For example, we can upload an image attachment using the `curl` command shown below. Note that the `@` signifies a local file on disk to be uploaded.
+
+```no-highlight
+curl -X POST \
+-H "Authorization: Token $TOKEN" \
+-H "Accept: application/json; indent=4" \
+-F "object_type=dcim.site" \
+-F "object_id=2" \
+-F "name=attachment1.png" \
+-F "image=@local_file.png" \
+http://netbox/api/extras/image-attachments/
+```
+
 ## Authentication
 
 The NetBox REST API primarily employs token-based authentication. For convenience, cookie-based authentication can also be used when navigating the browsable API.
 
 ### Tokens
 
-A token is a unique identifier mapped to a NetBox user account. Each user may have one or more tokens which he or she can use for authentication when making REST API requests. To create a token, navigate to the API tokens page under your user profile.
+A token is a secret, unique identifier mapped to a NetBox user account. Each user may have one or more tokens which he or she can use for authentication when making REST API requests. To create a token, navigate to the API tokens page under your user profile. When creating a token, NetBox will automatically populate a randomly-generated token value.
+
+!!! note "Tokens cannot be retrieved once created"
+    Once a token has been created, its plaintext value cannot be retrieved. For this reason, you must take care to securely record the token locally immediately upon its creation. If a token plaintext is lost, it cannot be recovered: A new token must be created.
 
 By default, all users can create and manage their own REST API tokens under the user control panel in the UI or via the REST API. This ability can be disabled by overriding the [`DEFAULT_PERMISSIONS`](../configuration/security.md#default_permissions) configuration parameter.
 
-Each token contains a 160-bit key represented as 40 hexadecimal characters. When creating a token, you'll typically leave the key field blank so that a random key will be automatically generated. However, NetBox allows you to specify a key in case you need to restore a previously deleted token to operation.
-
 Additionally, a token can be set to expire at a specific time. This can be useful if an external client needs to be granted temporary access to NetBox.
 
-!!! info "Restricting Token Retrieval"
-    The ability to retrieve the key value of a previously-created API token can be restricted by disabling the [`ALLOW_TOKEN_RETRIEVAL`](../configuration/security.md#allow_token_retrieval) configuration parameter.
+#### v1 and v2 Tokens
 
-### Restricting Write Operations
+Beginning with NetBox v4.5, two versions of API token are supported, denoted as v1 and v2. Users are strongly encouraged to create only v2 tokens and to discontinue the use of v1 tokens. Support for v1 tokens will be removed in a future NetBox release.
+
+v2 API tokens offer much stronger security. The token plaintext given at creation time is hashed together with a configured [cryptographic pepper](../configuration/required-parameters.md#api_token_peppers) to generate a unique checksum. This checksum is irreversible; the token plaintext is never stored on the server and thus cannot be retrieved even with database-level access.
+
+#### Restricting Write Operations
 
 By default, a token can be used to perform all actions via the API that a user would be permitted to do via the web UI. Deselecting the "write enabled" option will restrict API requests made with the token to read operations (e.g. GET) only.
 
@@ -602,10 +685,22 @@ It is possible to provision authentication tokens for other users via the REST A
 
 ### Authenticating to the API
 
-An authentication token is attached to a request by setting the `Authorization` header to the string `Token` followed by a space and the user's token:
+An authentication token is included with a request in its `Authorization` header. The format of the header value depends on the version of token in use. v2 tokens use the following form, concatenating the token's prefix (`nbt_`) and key with its plaintext value, separated by a period:
 
 ```
-$ curl -H "Authorization: Token $TOKEN" \
+Authorization: Bearer nbt_<key>.<token>
+```
+
+Legacy v1 tokens use the prefix `Token` rather than `Bearer`, and include only the token plaintext. (v1 tokens do not have a key.)
+
+```
+Authorization: Token <token>
+```
+
+Below is an example REST API request utilizing a v2 token.
+
+```
+$ curl -H "Authorization: Bearer nbt_4F9DAouzURLb.zjebxBPzICiPbWz0Wtx0fTL7bCKXKGTYhNzkgC2S" \
 -H "Accept: application/json; indent=4" \
 https://netbox/api/dcim/sites/
 {
@@ -653,6 +748,7 @@ Note that we are _not_ passing an existing REST API token with this request. If
 {
     "id": 6,
     "url": "https://netbox/api/users/tokens/6/",
+    "display_url": "https://netbox/api/users/tokens/6/",
     "display": "**********************************3c9cb9",
     "user": {
         "id": 2,

docs/introduction.md

@@ -79,5 +79,5 @@ NetBox is built on the [Django](https://djangoproject.com/) Python framework and
 | HTTP service       | nginx or Apache   |
 | WSGI service       | gunicorn or uWSGI |
 | Application        | Django/Python     |
-| Database           | PostgreSQL 12+    |
+| Database           | PostgreSQL 14+    |
 | Task queuing       | Redis/django-rq   |